mirrors/meta-arm
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-arm synced 2026-06-04 14:10:01 +00:00
Code Issues Projects Releases Wiki Activity

arm/trusted-services: fix udev management in libts

Browse Source 
- Change libts to stop making udev related configuration if optee-client
  is deployed to the target to avoid conflicts.
- Remove the executable permission from installed tee-udev.rules file.
- Remove teepriv device from udev file as this device is op-tee specific.

Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit is contained in:
Gyorgy Szing
2025-04-02 16:16:52 +02:00
committed by Jon Mason
parent 158ce8e566
commit 595cb0f1a0
3 changed files with 26 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-arm/recipes-security/trusted-services/libts-udev.inc
+21
View File
@@ -0,0 +1,21 @@
# Sour out /dev/tee* device creation and access control
SRC_URI += "file://tee-udev.rules \
"
# Unix group name for dev/tee* ownership.
TEE_GROUP_NAME ?= "tee"
do_install:append () {
if ${@oe.utils.conditional('VIRTUAL-RUNTIME_dev_manager', 'busybox-mdev', 'false', 'true', d)}; then
install -d ${D}${nonarch_base_libdir}/udev/rules.d/
install -m 755 ${UNPACKDIR}/tee-udev.rules ${D}${nonarch_base_libdir}/udev/rules.d/
sed -i -e "s/teeclnt/${TEE_GROUP_NAME}/" ${D}${nonarch_base_libdir}/udev/rules.d/tee-udev.rules
fi
}
inherit ${@oe.utils.conditional('VIRTUAL-RUNTIME_dev_manager', 'busybox-mdev', '', 'useradd', d)}
USERADD_PACKAGES = "${PN}"
GROUPADD_PARAM:${PN} = "--system ${TEE_GROUP_NAME}"
FILES:${PN} += " ${nonarch_base_libdir}/udev/rules.d/"
meta-arm/recipes-security/trusted-services/libts/tee-udev.rules
-5
View File
@@ -1,7 +1,2 @@
# tee devices can only be accessed by the teeclnt group members
KERNEL=="tee[0-9]*", TAG+="systemd", MODE="0660", GROUP="teeclnt"
# If a /dev/teepriv[0-9]* device is detected, start an instance of
# tee-supplicant.service with the device name as parameter
KERNEL=="teepriv[0-9]*", MODE="0660", OWNER="root", GROUP="tee", \
TAG+="systemd", ENV{SYSTEMD_WANTS}+="tee-supplicant@%k.service"
meta-arm/recipes-security/trusted-services/libts_git.bb
+5 -17
View File
@@ -5,24 +5,16 @@ TS_ENV = "arm-linux"
require trusted-services.inc
SRC_URI += "file://tee-udev.rules \
file://0001-Remove-TEE-driver-external-component.patch \
SRC_URI += "file://0001-Remove-TEE-driver-external-component.patch \
"
# If optee-client is not included, take care of udev and related configuration.
require ${@bb.utils.contains('IMAGE_INSTALL', 'optee-client', '', 'libts-udev.inc', d)}
OECMAKE_SOURCEPATH="${S}/deployments/libts/${TS_ENV}"
DEPENDS += "arm-ffa-user"
# Unix group name for dev/tee* ownership.
TEE_GROUP_NAME ?= "teeclnt"
do_install:append () {
if ${@oe.utils.conditional('VIRTUAL-RUNTIME_dev_manager', 'busybox-mdev', 'false', 'true', d)}; then
install -d ${D}${nonarch_base_libdir}/udev/rules.d/
install -m 755 ${UNPACKDIR}/tee-udev.rules ${D}${nonarch_base_libdir}/udev/rules.d/
sed -i -e "s/teeclnt/${TEE_GROUP_NAME}/" ${D}${nonarch_base_libdir}/udev/rules.d/tee-udev.rules
fi
# Move the dynamic libraries into the standard place.
install -d ${D}${libdir}
mv ${D}${TS_INSTALL}/lib/libts* ${D}${libdir}
@@ -34,9 +26,5 @@ do_install:append () {
fi
}
inherit ${@oe.utils.conditional('VIRTUAL-RUNTIME_dev_manager', 'busybox-mdev', '', 'useradd', d)}
USERADD_PACKAGES = "${PN}"
GROUPADD_PARAM:${PN} = "--system ${TEE_GROUP_NAME}"
FILES:${PN} = "${libdir}/libts.so.* ${nonarch_base_libdir}/udev/rules.d/"
FILES:${PN}-dev = "${TS_INSTALL}/lib/cmake ${TS_INSTALL}/include ${libdir}/libts.so"
FILES:${PN} += " ${libdir}/libts*.so.*"
FILES:${PN}-dev += " ${TS_INSTALL}/lib/cmake ${TS_INSTALL}/include ${libdir}/libts*.so"