From 158ce8e5663042b2d9e81f385630302f8132d37b Mon Sep 17 00:00:00 2001 From: Gyorgy Szing Date: Wed, 2 Apr 2025 16:16:51 +0200 Subject: [PATCH] optee-client: use the same tee group as libts Change optee-client to use the same bitbake variable to configure the group name used for controlling access to /dev/tee* devices on the target. The aim is to simplify system configuration by aligning the two recipes. Signed-off-by: Gyorgy Szing Signed-off-by: Ross Burton Signed-off-by: Jon Mason --- meta-arm/recipes-security/optee/optee-client.inc | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/meta-arm/recipes-security/optee/optee-client.inc b/meta-arm/recipes-security/optee/optee-client.inc index ac003a24..f9650249 100644 --- a/meta-arm/recipes-security/optee/optee-client.inc +++ b/meta-arm/recipes-security/optee/optee-client.inc @@ -21,9 +21,12 @@ EXTRA_OECMAKE = " \ -DCFG_USE_PKGCONFIG=ON \ " +# libts uses /dev/tee devices too. Add a common variable to allow configuring the same group. +TEE_GROUP_NAME ?= "tee" + EXTRA_OECMAKE += " -DCFG_ENABLE_SYSTEMD=On -DSYSTEMD_UNIT_DIR=${systemd_system_unitdir}/" EXTRA_OECMAKE += " -DCFG_ENABLE_UDEV=On -DUDEV_UDEV_DIR=${nonarch_base_libdir}/udev/rules.d/" -EXTRA_OECMAKE += " -DCFG_TEE_GROUP=tee -DCFG_TEEPRIV_GROUP=teepriv" +EXTRA_OECMAKE += " -DCFG_TEE_GROUP=${TEE_GROUP_NAME} -DCFG_TEEPRIV_GROUP=teepriv" EXTRA_OECMAKE:append:toolchain-clang = " -DCFG_WERROR=0" @@ -48,9 +51,9 @@ INITSCRIPT_PARAMS:${PN} = "start 10 1 2 3 4 5 . stop 90 0 6 ." FILES:${PN} += "${nonarch_base_libdir}/udev/rules.d/" # Users and groups: -# tee group to access /dev/tee* +# TEE_GROUP_NAME group to access /dev/tee* # teepriv group to acess /dev/teepriv*, only tee-supplicant # teesuppl user and group teesuppl to run tee-supplicant USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM:${PN} = "--system tee; --system teepriv; --system teesuppl" +GROUPADD_PARAM:${PN} = "--system ${TEE_GROUP_NAME}; --system teepriv; --system teesuppl" USERADD_PARAM:${PN} = "--system -g teesuppl --groups teepriv --home-dir ${localstatedir}/lib/tee -M --shell /sbin/nologin teesuppl;"