[5/6] optee-client: use the same tee group as libts

Message ID	20250402141652.380180-5-gyorgy.szing@arm.com
State	New
Headers	show Return-Path: <gyorgy.szing@arm.com> ip: 217.140.110.172, mailfrom: gyorgy.szing@arm.com) From: Gyorgy Szing <gyorgy.szing@arm.com> To: meta-arm@lists.yoctoproject.org Cc: Gyorgy Szing <gyorgy.szing@arm.com>, Ross Burton <ross.burton@arm.com> Subject: [PATCH 5/6] optee-client: use the same tee group as libts Date: Wed, 2 Apr 2025 16:16:51 +0200 Message-ID: <20250402141652.380180-5-gyorgy.szing@arm.com> In-Reply-To: <20250402141652.380180-1-gyorgy.szing@arm.com> References: <20250402141652.380180-1-gyorgy.szing@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable
Series	[1/6] optee-client: use udev rule and systemd service from upstream \| expand [1/6] optee-client: use udev rule and systemd service from upstream [2/6] optee-os: add v4.4 [3/6] optee-client: fix udev and systemd handling [4/6] optee-client: drop privileges of tee-supplicant [5/6] optee-client: use the same tee group as libts [6/6] arm/trusted-services: fix udev management in libts

Message ID

20250402141652.380180-5-gyorgy.szing@arm.com

State

New

Headers

From: Gyorgy Szing <gyorgy.szing@arm.com>
To: meta-arm@lists.yoctoproject.org
Cc: Gyorgy Szing <gyorgy.szing@arm.com>,
	Ross Burton <ross.burton@arm.com>
Subject: [PATCH 5/6] optee-client: use the same tee group as libts
Date: Wed,  2 Apr 2025 16:16:51 +0200
Message-ID: <20250402141652.380180-5-gyorgy.szing@arm.com>
In-Reply-To: <20250402141652.380180-1-gyorgy.szing@arm.com>
References: <20250402141652.380180-1-gyorgy.szing@arm.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Series

[1/6] optee-client: use udev rule and systemd service from upstream | expand

Commit Message

Gyorgy Szing April 2, 2025, 2:16 p.m. UTC

Change optee-client to use the same bitbake variable to configure the
group name used for controlling access to /dev/tee* devices on the
target. The aim is to simplify system configuration by aligning the
two recipes.

Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 meta-arm/recipes-security/optee/optee-client.inc | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/meta-arm/recipes-security/optee/optee-client.inc b/meta-arm/recipes-security/optee/optee-client.inc
index ac003a24..f9650249 100644
--- a/meta-arm/recipes-security/optee/optee-client.inc
+++ b/meta-arm/recipes-security/optee/optee-client.inc
@@ -21,9 +21,12 @@  EXTRA_OECMAKE = " \
     -DCFG_USE_PKGCONFIG=ON \
 "
 
+# libts uses /dev/tee devices too. Add a common variable to allow configuring the same group.
+TEE_GROUP_NAME ?= "tee"
+
 EXTRA_OECMAKE += " -DCFG_ENABLE_SYSTEMD=On -DSYSTEMD_UNIT_DIR=${systemd_system_unitdir}/"
 EXTRA_OECMAKE += " -DCFG_ENABLE_UDEV=On -DUDEV_UDEV_DIR=${nonarch_base_libdir}/udev/rules.d/"
-EXTRA_OECMAKE += " -DCFG_TEE_GROUP=tee -DCFG_TEEPRIV_GROUP=teepriv"
+EXTRA_OECMAKE += " -DCFG_TEE_GROUP=${TEE_GROUP_NAME} -DCFG_TEEPRIV_GROUP=teepriv"
 
 EXTRA_OECMAKE:append:toolchain-clang = " -DCFG_WERROR=0"
 
@@ -48,9 +51,9 @@  INITSCRIPT_PARAMS:${PN} = "start 10 1 2 3 4 5 . stop 90 0 6 ."
 FILES:${PN} += "${nonarch_base_libdir}/udev/rules.d/"
 
 # Users and groups:
-# tee group to access /dev/tee*
+# TEE_GROUP_NAME group to access /dev/tee*
 # teepriv group to acess /dev/teepriv*, only tee-supplicant
 # teesuppl user and group teesuppl to run tee-supplicant
 USERADD_PACKAGES = "${PN}"
-GROUPADD_PARAM:${PN} = "--system tee; --system teepriv; --system teesuppl"
+GROUPADD_PARAM:${PN} = "--system ${TEE_GROUP_NAME}; --system teepriv; --system teesuppl"
 USERADD_PARAM:${PN} = "--system -g teesuppl --groups teepriv --home-dir ${localstatedir}/lib/tee -M --shell /sbin/nologin teesuppl;"

[5/6] optee-client: use the same tee group as libts

Commit Message

Patch