diff --git a/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.service b/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant@.service similarity index 69% rename from meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.service rename to meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant@.service index 6b00df74..72c0b9aa 100644 --- a/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.service +++ b/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant@.service @@ -1,6 +1,5 @@ [Unit] -Description=TEE Supplicant -ConditionPathExistsGlob=/dev/teepriv[0-9]* +Description=TEE Supplicant on %i [Service] User=root diff --git a/meta-arm/recipes-security/optee/optee-client.inc b/meta-arm/recipes-security/optee/optee-client.inc index 3b9943cc..77f6a642 100644 --- a/meta-arm/recipes-security/optee/optee-client.inc +++ b/meta-arm/recipes-security/optee/optee-client.inc @@ -9,7 +9,7 @@ inherit systemd update-rc.d cmake SRC_URI = " \ git://github.com/OP-TEE/optee_client.git;branch=master;protocol=https \ - file://tee-supplicant.service \ + file://tee-supplicant@.service \ file://tee-supplicant.sh \ " @@ -24,16 +24,16 @@ EXTRA_OECMAKE = " \ EXTRA_OECMAKE:append:toolchain-clang = " -DCFG_WERROR=0" do_install:append() { - install -D -p -m0644 ${WORKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service + install -D -p -m0644 ${WORKDIR}/tee-supplicant@.service ${D}${systemd_system_unitdir}/tee-supplicant@.service install -D -p -m0755 ${WORKDIR}/tee-supplicant.sh ${D}${sysconfdir}/init.d/tee-supplicant sed -i -e s:@sysconfdir@:${sysconfdir}:g \ -e s:@sbindir@:${sbindir}:g \ - ${D}${systemd_system_unitdir}/tee-supplicant.service \ + ${D}${systemd_system_unitdir}/tee-supplicant@.service \ ${D}${sysconfdir}/init.d/tee-supplicant } -SYSTEMD_SERVICE:${PN} = "tee-supplicant.service" +SYSTEMD_SERVICE:${PN} = "tee-supplicant@.service" INITSCRIPT_PACKAGES = "${PN}" INITSCRIPT_NAME:${PN} = "tee-supplicant" diff --git a/meta-arm/recipes-security/optee/optee-client/tee-supplicant.service b/meta-arm/recipes-security/optee/optee-client/tee-supplicant@.service similarity index 69% rename from meta-arm/recipes-security/optee/optee-client/tee-supplicant.service rename to meta-arm/recipes-security/optee/optee-client/tee-supplicant@.service index 6b00df74..72c0b9aa 100644 --- a/meta-arm/recipes-security/optee/optee-client/tee-supplicant.service +++ b/meta-arm/recipes-security/optee/optee-client/tee-supplicant@.service @@ -1,6 +1,5 @@ [Unit] -Description=TEE Supplicant -ConditionPathExistsGlob=/dev/teepriv[0-9]* +Description=TEE Supplicant on %i [Service] User=root diff --git a/meta-arm/recipes-security/trusted-services/libts/tee-udev.rules b/meta-arm/recipes-security/trusted-services/libts/tee-udev.rules index 216fe993..af428974 100644 --- a/meta-arm/recipes-security/trusted-services/libts/tee-udev.rules +++ b/meta-arm/recipes-security/trusted-services/libts/tee-udev.rules @@ -1,2 +1,7 @@ # tee devices can only be accessed by the teeclnt group members KERNEL=="tee[0-9]*", TAG+="systemd", MODE="0660", GROUP="teeclnt" + +# If a /dev/teepriv[0-9]* device is detected, start an instance of +# tee-supplicant.service with the device name as parameter +KERNEL=="teepriv[0-9]*", MODE="0660", OWNER="root", GROUP="teeclnt", \ + TAG+="systemd", ENV{SYSTEMD_WANTS}+="tee-supplicant@%k.service"