mirrors/meta-arm
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-arm synced 2026-05-07 16:59:30 +00:00
Code Issues Projects Releases Wiki Activity

optee-client: start tee-supplicant.service when teeprivX dev is detected

Browse Source 
It's expected to exist multiple /dev/teepriv[0-9]* devices, and the
tee-supplicant service depends on them, which should be activated only
when the device is detected by the kernel using a udev rule.

Improve commit f02d065dce, where it's only considering a path creation
and not a device detection by the kernel.

Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit is contained in:
Javier Tia
2023-09-14 12:26:16 -06:00
committed by Jon Mason
parent df01b29f3f
commit 1bff41eee6
4 changed files with 11 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.service → meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant@.service
+1 -2
View File
@@ -1,6 +1,5 @@
[Unit]
Description=TEE Supplicant
ConditionPathExistsGlob=/dev/teepriv[0-9]*
Description=TEE Supplicant on %i
[Service]
User=root
meta-arm/recipes-security/optee/optee-client.inc
+4 -4
View File
@@ -9,7 +9,7 @@ inherit systemd update-rc.d cmake
SRC_URI = " \
git://github.com/OP-TEE/optee_client.git;branch=master;protocol=https \
file://tee-supplicant.service \
file://tee-supplicant@.service \
file://tee-supplicant.sh \
"
@@ -24,16 +24,16 @@ EXTRA_OECMAKE = " \
EXTRA_OECMAKE:append:toolchain-clang = " -DCFG_WERROR=0"
do_install:append() {
install -D -p -m0644 ${WORKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service
install -D -p -m0644 ${WORKDIR}/tee-supplicant@.service ${D}${systemd_system_unitdir}/tee-supplicant@.service
install -D -p -m0755 ${WORKDIR}/tee-supplicant.sh ${D}${sysconfdir}/init.d/tee-supplicant
sed -i -e s:@sysconfdir@:${sysconfdir}:g \
-e s:@sbindir@:${sbindir}:g \
${D}${systemd_system_unitdir}/tee-supplicant.service \
${D}${systemd_system_unitdir}/tee-supplicant@.service \
${D}${sysconfdir}/init.d/tee-supplicant
}
SYSTEMD_SERVICE:${PN} = "tee-supplicant.service"
SYSTEMD_SERVICE:${PN} = "tee-supplicant@.service"
INITSCRIPT_PACKAGES = "${PN}"
INITSCRIPT_NAME:${PN} = "tee-supplicant"
meta-arm/recipes-security/optee/optee-client/tee-supplicant.service → meta-arm/recipes-security/optee/optee-client/tee-supplicant@.service
+1 -2
View File
@@ -1,6 +1,5 @@
[Unit]
Description=TEE Supplicant
ConditionPathExistsGlob=/dev/teepriv[0-9]*
Description=TEE Supplicant on %i
[Service]
User=root
meta-arm/recipes-security/trusted-services/libts/tee-udev.rules
+5
View File
@@ -1,2 +1,7 @@
# tee devices can only be accessed by the teeclnt group members
KERNEL=="tee[0-9]*", TAG+="systemd", MODE="0660", GROUP="teeclnt"
# If a /dev/teepriv[0-9]* device is detected, start an instance of
# tee-supplicant.service with the device name as parameter
KERNEL=="teepriv[0-9]*", MODE="0660", OWNER="root", GROUP="teeclnt", \
TAG+="systemd", ENV{SYSTEMD_WANTS}+="tee-supplicant@%k.service"