similarity index 69%
rename from meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.service
rename to meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant@.service
@@ -1,6 +1,5 @@
[Unit]
-Description=TEE Supplicant
-ConditionPathExistsGlob=/dev/teepriv[0-9]*
+Description=TEE Supplicant on %i
[Service]
User=root
@@ -9,7 +9,7 @@ inherit systemd update-rc.d cmake
SRC_URI = " \
git://github.com/OP-TEE/optee_client.git;branch=master;protocol=https \
- file://tee-supplicant.service \
+ file://tee-supplicant@.service \
file://tee-supplicant.sh \
"
@@ -24,16 +24,16 @@ EXTRA_OECMAKE = " \
EXTRA_OECMAKE:append:toolchain-clang = " -DCFG_WERROR=0"
do_install:append() {
- install -D -p -m0644 ${WORKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service
+ install -D -p -m0644 ${WORKDIR}/tee-supplicant@.service ${D}${systemd_system_unitdir}/tee-supplicant@.service
install -D -p -m0755 ${WORKDIR}/tee-supplicant.sh ${D}${sysconfdir}/init.d/tee-supplicant
sed -i -e s:@sysconfdir@:${sysconfdir}:g \
-e s:@sbindir@:${sbindir}:g \
- ${D}${systemd_system_unitdir}/tee-supplicant.service \
+ ${D}${systemd_system_unitdir}/tee-supplicant@.service \
${D}${sysconfdir}/init.d/tee-supplicant
}
-SYSTEMD_SERVICE:${PN} = "tee-supplicant.service"
+SYSTEMD_SERVICE:${PN} = "tee-supplicant@.service"
INITSCRIPT_PACKAGES = "${PN}"
INITSCRIPT_NAME:${PN} = "tee-supplicant"
similarity index 69%
rename from meta-arm/recipes-security/optee/optee-client/tee-supplicant.service
rename to meta-arm/recipes-security/optee/optee-client/tee-supplicant@.service
@@ -1,6 +1,5 @@
[Unit]
-Description=TEE Supplicant
-ConditionPathExistsGlob=/dev/teepriv[0-9]*
+Description=TEE Supplicant on %i
[Service]
User=root
@@ -1,2 +1,7 @@
# tee devices can only be accessed by the teeclnt group members
KERNEL=="tee[0-9]*", TAG+="systemd", MODE="0660", GROUP="teeclnt"
+
+# If a /dev/teepriv[0-9]* device is detected, start an instance of
+# tee-supplicant.service with the device name as parameter
+KERNEL=="teepriv[0-9]*", MODE="0660", OWNER="root", GROUP="teeclnt", \
+ TAG+="systemd", ENV{SYSTEMD_WANTS}+="tee-supplicant@%k.service"
It's expected to exist multiple /dev/teepriv[0-9]* devices, and the tee-supplicant service depends on them, which should be activated only when the device is detected by the kernel using a udev rule. Improve commit f02d065dce, where it's only considering a path creation and not a device detection by the kernel. Signed-off-by: Javier Tia <javier.tia@linaro.org> --- .../{tee-supplicant.service => tee-supplicant@.service} | 3 +-- meta-arm/recipes-security/optee/optee-client.inc | 8 ++++---- .../{tee-supplicant.service => tee-supplicant@.service} | 3 +-- .../trusted-services/libts/tee-udev.rules | 5 +++++ 4 files changed, 11 insertions(+), 8 deletions(-) rename meta-arm-bsp/recipes-security/optee/optee-client/{tee-supplicant.service => tee-supplicant@.service} (69%) rename meta-arm/recipes-security/optee/optee-client/{tee-supplicant.service => tee-supplicant@.service} (69%)