From patchwork Wed Sep 25 09:01:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 49588 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1691EC369AD for ; Wed, 25 Sep 2024 09:02:36 +0000 (UTC) Received: from mail-lj1-f177.google.com (mail-lj1-f177.google.com [209.85.208.177]) by mx.groups.io with SMTP id smtpd.web11.10935.1727254950482159133 for ; Wed, 25 Sep 2024 02:02:30 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=HFlAUKG9; spf=pass (domain: linaro.org, ip: 209.85.208.177, mailfrom: mikko.rapeli@linaro.org) Received: by mail-lj1-f177.google.com with SMTP id 38308e7fff4ca-2f761cfa5e6so70729201fa.0 for ; Wed, 25 Sep 2024 02:02:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1727254949; x=1727859749; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QgE9b1GOYWEx/nLuh8HIIswyS1tqOnOtR25YN/EKsvQ=; b=HFlAUKG9D59niEoTsn2GM9U+AtWIRH6XLIlig+IuMC+0Eso8gDOuJN/deCMZruSRCm i+V8jjzY7ZehZlPrYYWep/DGEegpf52upVgUlBOGrZOAXYGDJ3NKsXhSyYH3V0lKj0Ld 3slPOTdKHNS8bxkU8X4NQoBo49qwIEMYmBwcKfU/df+OnYbI4NMeyZ9Enf0pa0aiETaT +MFzKKSxbxFQ0UASBnE4BqyKd0hX22VSiN+llOYiA4MdtawlvrUusG7HaTWIgS5+CE9D U3RhL5W7T2OHMmx9j0IGG61dB+Sx1kfInDfsjnfLNpqhSqK+A/rJSQ4Ozn+6Lu7AxEx3 zYkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727254949; x=1727859749; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QgE9b1GOYWEx/nLuh8HIIswyS1tqOnOtR25YN/EKsvQ=; b=Logh8QnTonTDLAldOAG0jSRgI2/uV8ztRmLPhSWQr4gqEHv6H4nl9r8jrA+cJmhliK iElIGEV7epj6PS8H10KfS6pVVV2Db1G4+MC2CRhFzLmCzCFbLjpAWQhtrBe7SraGT2c5 Rg1IWm/AVEmsm8oOxQ4s666H/ca2q80TwkwZbQtqL86a08yJJ6YSSV5t+wyguwQDGk1v OT+dO0181PhSNVGU89EG6fb5002U4icXwX8vJDNxeLQ52WAgHp1SBYLz7lypz5Hq5BvA oOIXtqvcV+FvAqoXQ6m95u156OaWMmhb87XvyGPl5ZGg+ZomiYdeBuWJnupmtWFyjtDy Dx5Q== X-Gm-Message-State: AOJu0YyrrDhTwLCOzb7SlLdYlLYpB9irAUdPfLq6W1sYa1B0N2WZ9Hn4 TkKXYk9YaLNY3Co9G93ixdPUibyPX5+q1bX6VYkp4ZtUp521rDEIjNJc03sZH82zcChX6SCQj1S KhWI= X-Google-Smtp-Source: AGHT+IH65aOBy+pWSQgmmygYQdZf2FSqKQq1IwbDajinSWcCC5qZMlZe2maqSiJUuI+lInz5WnYXEg== X-Received: by 2002:a2e:a594:0:b0:2f6:6198:1d01 with SMTP id 38308e7fff4ca-2f91ca5929cmr14563511fa.37.1727254948417; Wed, 25 Sep 2024 02:02:28 -0700 (PDT) Received: from localhost.localdomain (78-27-76-97.bb.dnainternet.fi. [78.27.76.97]) by smtp.gmail.com with ESMTPSA id 38308e7fff4ca-2f8d289ef7fsm4686501fa.119.2024.09.25.02.02.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Sep 2024 02:02:25 -0700 (PDT) From: Mikko Rapeli To: meta-arm@lists.yoctoproject.org Cc: Jon Mason Subject: [PATCH 1/4] arm/optee: update to 4.3.0 Date: Wed, 25 Sep 2024 12:01:44 +0300 Message-ID: <20240925090147.66618-2-mikko.rapeli@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240925090147.66618-1-mikko.rapeli@linaro.org> References: <20240925090147.66618-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Sep 2024 09:02:36 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6103 From: Jon Mason Update OP-TEE to version 4.3.0 NOTE: the license file in optee-test changed, but the license is the same (commit a748f5fcd9ec8a574dc86a5aa56d05bc6ac174e7). They chose to change the URL of the licenses in question to be "LICENSE-GPL" and "LICENSE-BSD". Signed-off-by: Jon Mason --- ...-client_4.2.0.bb => optee-client_4.3.0.bb} | 2 +- ...mples_4.2.0.bb => optee-examples_4.3.0.bb} | 0 ...it_4.2.0.bb => optee-os-tadevkit_4.3.0.bb} | 0 ...not-use-full-path-to-generate-guard-.patch | 45 ------------------- .../{optee-os_4.2.0.bb => optee-os_4.3.0.bb} | 3 +- ...stats-remove-unneeded-stat.h-include.patch | 34 -------------- ...ptee-test_4.2.0.bb => optee-test_4.3.0.bb} | 4 +- 7 files changed, 4 insertions(+), 84 deletions(-) rename meta-arm/recipes-security/optee/{optee-client_4.2.0.bb => optee-client_4.3.0.bb} (71%) rename meta-arm/recipes-security/optee/{optee-examples_4.2.0.bb => optee-examples_4.3.0.bb} (100%) rename meta-arm/recipes-security/optee/{optee-os-tadevkit_4.2.0.bb => optee-os-tadevkit_4.3.0.bb} (100%) delete mode 100644 meta-arm/recipes-security/optee/optee-os/0001-checkconf.mk-do-not-use-full-path-to-generate-guard-.patch rename meta-arm/recipes-security/optee/{optee-os_4.2.0.bb => optee-os_4.3.0.bb} (77%) delete mode 100644 meta-arm/recipes-security/optee/optee-test/0001-xtest-stats-remove-unneeded-stat.h-include.patch rename meta-arm/recipes-security/optee/{optee-test_4.2.0.bb => optee-test_4.3.0.bb} (78%) diff --git a/meta-arm/recipes-security/optee/optee-client_4.2.0.bb b/meta-arm/recipes-security/optee/optee-client_4.3.0.bb similarity index 71% rename from meta-arm/recipes-security/optee/optee-client_4.2.0.bb rename to meta-arm/recipes-security/optee/optee-client_4.3.0.bb index 56494e4c..4a088004 100644 --- a/meta-arm/recipes-security/optee/optee-client_4.2.0.bb +++ b/meta-arm/recipes-security/optee/optee-client_4.3.0.bb @@ -1,6 +1,6 @@ require recipes-security/optee/optee-client.inc -SRCREV = "3eac340a781c00ccd61b151b0e9c22a8c6e9f9f0" +SRCREV = "a5b1ffcd26e328af0bbf18ab448a38ecd558e05c" inherit pkgconfig DEPENDS += "util-linux" diff --git a/meta-arm/recipes-security/optee/optee-examples_4.2.0.bb b/meta-arm/recipes-security/optee/optee-examples_4.3.0.bb similarity index 100% rename from meta-arm/recipes-security/optee/optee-examples_4.2.0.bb rename to meta-arm/recipes-security/optee/optee-examples_4.3.0.bb diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_4.2.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_4.3.0.bb similarity index 100% rename from meta-arm/recipes-security/optee/optee-os-tadevkit_4.2.0.bb rename to meta-arm/recipes-security/optee/optee-os-tadevkit_4.3.0.bb diff --git a/meta-arm/recipes-security/optee/optee-os/0001-checkconf.mk-do-not-use-full-path-to-generate-guard-.patch b/meta-arm/recipes-security/optee/optee-os/0001-checkconf.mk-do-not-use-full-path-to-generate-guard-.patch deleted file mode 100644 index 29719b45..00000000 --- a/meta-arm/recipes-security/optee/optee-os/0001-checkconf.mk-do-not-use-full-path-to-generate-guard-.patch +++ /dev/null @@ -1,45 +0,0 @@ -From c8a2a6529dc3ff609281ef4fe5c5bc949c805b5c Mon Sep 17 00:00:00 2001 -From: Rasmus Villemoes -Date: Thu, 6 Jun 2024 11:42:46 +0200 -Subject: [PATCH] checkconf.mk: do not use full path to generate guard symbol - in conf.h - -The combination of building with -g3 (which emits definitions of all -defined preprocessor macros to the debug info) and using a full path -to define the name of this preprocessor guard means that the output is -not binary reproducible across different build hosts. For example, in -my Yocto build, the string - - __home_ravi_yocto_tmp_glibc_work_stm32mp135fdk_oe_linux_gnueabi_optee_os_stm32mp_3_19_0_stm32mp_r1_1_build_stm32mp135f_dk_include_generated_conf_h_ - -appears in several build artifacts. Another developer or buildbot -would not build in some /home/ravi/... directory. - -In order to increase binary reproducibility, only use the path sans -the $(out-dir)/ prefix of the conf.h file. - -Reviewed-by: Jens Wiklander -Signed-off-by: Rasmus Villemoes ---- - mk/checkconf.mk | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -Upstream-Status: Backport [c8a2a6529dc3ff609281ef4fe5c5bc949c805b5c] - -diff --git a/mk/checkconf.mk b/mk/checkconf.mk -index 449b1c2b8..bb08d6b15 100644 ---- a/mk/checkconf.mk -+++ b/mk/checkconf.mk -@@ -17,7 +17,8 @@ define check-conf-h - cnf='$(strip $(foreach var, \ - $(call cfg-vars-by-prefix,$1), \ - $(call cfg-make-define,$(var))))'; \ -- guard="_`echo $@ | tr -- -/.+ _`_"; \ -+ guardpath="$(patsubst $(out-dir)/%,%,$@)" \ -+ guard="_`echo "$${guardpath}" | tr -- -/.+ _`_"; \ - mkdir -p $(dir $@); \ - echo "#ifndef $${guard}" >$@.tmp; \ - echo "#define $${guard}" >>$@.tmp; \ --- -2.34.1 - diff --git a/meta-arm/recipes-security/optee/optee-os_4.2.0.bb b/meta-arm/recipes-security/optee/optee-os_4.3.0.bb similarity index 77% rename from meta-arm/recipes-security/optee/optee-os_4.2.0.bb rename to meta-arm/recipes-security/optee/optee-os_4.3.0.bb index 33c19f2f..cfd926b0 100644 --- a/meta-arm/recipes-security/optee/optee-os_4.2.0.bb +++ b/meta-arm/recipes-security/optee/optee-os_4.3.0.bb @@ -4,10 +4,9 @@ DEPENDS += "dtc-native" FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" -SRCREV = "12d7c4ee4642d2d761e39fbcf21a06fb77141dea" +SRCREV = "1c0d52ace3c237ca6276cafb5c73f699a75c1d40" SRC_URI += " \ file://0003-optee-enable-clang-support.patch \ - file://0001-checkconf.mk-do-not-use-full-path-to-generate-guard-.patch \ file://0001-mk-compile.mk-remove-absolute-build-time-paths.patch \ file://0001-compile.mk-use-CFLAGS-from-environment.patch \ file://0002-link.mk-use-CFLAGS-with-version.o.patch \ diff --git a/meta-arm/recipes-security/optee/optee-test/0001-xtest-stats-remove-unneeded-stat.h-include.patch b/meta-arm/recipes-security/optee/optee-test/0001-xtest-stats-remove-unneeded-stat.h-include.patch deleted file mode 100644 index 581c6db3..00000000 --- a/meta-arm/recipes-security/optee/optee-test/0001-xtest-stats-remove-unneeded-stat.h-include.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 236ebb968a298fa5d461e734559ad8a13b667eb6 Mon Sep 17 00:00:00 2001 -From: Jon Mason -Date: Wed, 24 Jan 2024 11:35:50 -0500 -Subject: [PATCH] xtest: stats: remove unneeded stat.h include - -Hack to work around musl compile error: - -| In file included from optee-test/4.1.0/recipe-sysroot/usr/include/sys/stat.h:23, -| from optee-test/4.1.0/git/host/xtest/stats.c:17: -| optee-test/4.1.0/recipe-sysroot/usr/include/bits/stat.h:17:26: error: expected identifier or '(' before '[' token -| 17 | unsigned __unused[2]; -| | ^ - -stat.h is not needed, since it is not being used in this file. So -removing it. - -Upstream-Status: Inappropriate [https://github.com/OP-TEE/optee_test/issues/722] -Signed-off-by: Jon Mason ---- - host/xtest/stats.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/host/xtest/stats.c b/host/xtest/stats.c -index fb16d55586da..05aa3adac611 100644 ---- a/host/xtest/stats.c -+++ b/host/xtest/stats.c -@@ -14,7 +14,6 @@ - #include - #include - #include --#include - #include - #include - #include diff --git a/meta-arm/recipes-security/optee/optee-test_4.2.0.bb b/meta-arm/recipes-security/optee/optee-test_4.3.0.bb similarity index 78% rename from meta-arm/recipes-security/optee/optee-test_4.2.0.bb rename to meta-arm/recipes-security/optee/optee-test_4.3.0.bb index 6317a72f..44846fef 100644 --- a/meta-arm/recipes-security/optee/optee-test_4.2.0.bb +++ b/meta-arm/recipes-security/optee/optee-test_4.3.0.bb @@ -1,7 +1,7 @@ require recipes-security/optee/optee-test.inc -SRCREV = "526d5bac1b65f907f67c05cd07beca72fbab88dd" -SRC_URI += "file://0001-xtest-stats-remove-unneeded-stat.h-include.patch" +SRCREV = "9d4c4fb9638fb533211037016b6da12fbbcc4bb6" +LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a8fa504109e4cd7ea575bc49ea4be560" # Include ffa_spmc test group if the SPMC test is enabled. # Supported after op-tee v3.20 From patchwork Wed Sep 25 09:01:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 49589 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 12819C369AE for ; Wed, 25 Sep 2024 09:02:46 +0000 (UTC) Received: from mail-lj1-f178.google.com (mail-lj1-f178.google.com [209.85.208.178]) by mx.groups.io with SMTP id smtpd.web11.10936.1727254959784438464 for ; Wed, 25 Sep 2024 02:02:40 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=OAoSmZAn; spf=pass (domain: linaro.org, ip: 209.85.208.178, mailfrom: mikko.rapeli@linaro.org) Received: by mail-lj1-f178.google.com with SMTP id 38308e7fff4ca-2f761cfa5e6so70731061fa.0 for ; Wed, 25 Sep 2024 02:02:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1727254958; x=1727859758; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QQGnmmRi1nU16WY3QHiqFBdRs8QwatKcCYueFacwUnU=; b=OAoSmZAnqjRi5G65eG/0+Z1Ho53tu3WGMtRF1KqTKAJUG6mZnlVRJSz4/Fy3rHYaFJ FmLlN6dp3/z/CN7/Tn/vpNZtWmm2DYyZLF9fQaNlt2BHTHeoMabEcDUNTQGYHT30uOL/ mdpNnuDmymw0wXfC/G/VZ5g/xYoG1RC9rCCHRbNUfjORoCFnua2vzN9R5wAWnNzL9dV1 GnxTHYr/sj//ySG4VWRC/NzuHvHeKyQfrioUU1BRZ6Y7RiVTQcjvPHAOChUtuI7BLTE1 +g/la/mYI7FwuaEm7RhEIK/LuJOiJzgd5SJTGc5Fl3XplCPhT4tRwmBhMWx5jSU5s2P2 Ov9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727254958; x=1727859758; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QQGnmmRi1nU16WY3QHiqFBdRs8QwatKcCYueFacwUnU=; b=JOkm3aqN3m/x6rKeLYTOhodINTu7spIagcoU8DAtc17WpKyR56iP5/qJMrh8LuYu28 L3NAj7+4HQWgFvVHzyBdO3PT1y4luOnOu+siRY06+GUKKdOEYgav0E7UL4fIj1EDmpYf h2/bdLcJztNWr6DCMheHwaPW6yLEuKCoWgPqA9kxcQo0wp8ebJNiZ1nOQi63Z/Z+ev1h E5rM1bd7RblLj52x7RyziMBLmthAgId2P8Qol9Zu24T00nRIhhYvu4wGEALNl0VGeZ7R zn1/OF45r6Hl1IRJGrxNsoAygsv4E5OzZTSVdql2EoesOVruJ+dqn7iqBec+vO19j7mK saPQ== X-Gm-Message-State: AOJu0YysD/YaQnVxzbejMyh3xaEvp+Gi3RcjeD7JcCl39j9iuPPDzGmk 7eKippu2GzFwbFbhJsy75f2REqcMmn1OaA0bomZf7Ig2TQDw31AoalSY26GhfU7mWVl7G2IIMki 4kyw= X-Google-Smtp-Source: AGHT+IGZgEcnVrKuRMQu2Z0ZW8byvwfZfear6I/t3bDwmI4QBpHNk1KOeuXHGw/qD9DKQBuCK6kJhA== X-Received: by 2002:a2e:851:0:b0:2f6:4cc0:5438 with SMTP id 38308e7fff4ca-2f91ca407c8mr9481321fa.29.1727254957674; Wed, 25 Sep 2024 02:02:37 -0700 (PDT) Received: from localhost.localdomain (78-27-76-97.bb.dnainternet.fi. [78.27.76.97]) by smtp.gmail.com with ESMTPSA id 38308e7fff4ca-2f8d289ef7fsm4686501fa.119.2024.09.25.02.02.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Sep 2024 02:02:35 -0700 (PDT) From: Mikko Rapeli To: meta-arm@lists.yoctoproject.org Cc: Javier Tia Subject: [PATCH 2/4] arm/optee: Add optee udev rules Date: Wed, 25 Sep 2024 12:01:45 +0300 Message-ID: <20240925090147.66618-3-mikko.rapeli@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240925090147.66618-1-mikko.rapeli@linaro.org> References: <20240925090147.66618-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Sep 2024 09:02:46 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6104 From: Javier Tia If a /dev/teepriv[0-9]* device is detected, start an instance of tee-supplicant.service with the device name as parameter. Signed-off-by: Javier Tia --- meta-arm/recipes-security/optee/optee-client.inc | 8 +++++++- .../recipes-security/optee/optee-client/optee-udev.rules | 6 ++++++ 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 meta-arm/recipes-security/optee/optee-client/optee-udev.rules diff --git a/meta-arm/recipes-security/optee/optee-client.inc b/meta-arm/recipes-security/optee/optee-client.inc index ddda2d1a..f387c805 100644 --- a/meta-arm/recipes-security/optee/optee-client.inc +++ b/meta-arm/recipes-security/optee/optee-client.inc @@ -5,12 +5,13 @@ HOMEPAGE = "https://www.op-tee.org/" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b" -inherit systemd update-rc.d cmake +inherit systemd update-rc.d cmake useradd SRC_URI = " \ git://github.com/OP-TEE/optee_client.git;branch=master;protocol=https \ file://tee-supplicant@.service \ file://tee-supplicant.sh \ + file://optee-udev.rules \ " UPSTREAM_CHECK_GITTAGREGEX = "^(?P\d+(\.\d+)+)$" @@ -26,6 +27,8 @@ EXTRA_OECMAKE:append:toolchain-clang = " -DCFG_WERROR=0" do_install:append() { install -D -p -m0644 ${UNPACKDIR}/tee-supplicant@.service ${D}${systemd_system_unitdir}/tee-supplicant@.service install -D -p -m0755 ${UNPACKDIR}/tee-supplicant.sh ${D}${sysconfdir}/init.d/tee-supplicant + install -d ${D}${sysconfdir}/udev/rules.d + install -m 0644 ${UNPACKDIR}/optee-udev.rules ${D}${sysconfdir}/udev/rules.d/optee.rules sed -i -e s:@sysconfdir@:${sysconfdir}:g \ -e s:@sbindir@:${sbindir}:g \ @@ -38,3 +41,6 @@ SYSTEMD_SERVICE:${PN} = "tee-supplicant@.service" INITSCRIPT_PACKAGES = "${PN}" INITSCRIPT_NAME:${PN} = "tee-supplicant" INITSCRIPT_PARAMS:${PN} = "start 10 1 2 3 4 5 . stop 90 0 6 ." + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM:${PN} = "--system teeclnt" diff --git a/meta-arm/recipes-security/optee/optee-client/optee-udev.rules b/meta-arm/recipes-security/optee/optee-client/optee-udev.rules new file mode 100644 index 00000000..075f469c --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-client/optee-udev.rules @@ -0,0 +1,6 @@ +KERNEL=="tee[0-9]*", MODE="0660", OWNER="root", GROUP="teeclnt", TAG+="systemd" + +# If a /dev/teepriv[0-9]* device is detected, start an instance of +# tee-supplicant.service with the device name as parameter +KERNEL=="teepriv[0-9]*", MODE="0660", OWNER="root", GROUP="teeclnt", \ + TAG+="systemd", ENV{SYSTEMD_WANTS}+="tee-supplicant@%k.service" From patchwork Wed Sep 25 09:01:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 49590 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0A295C369AF for ; Wed, 25 Sep 2024 09:02:56 +0000 (UTC) Received: from mail-lj1-f175.google.com (mail-lj1-f175.google.com [209.85.208.175]) by mx.groups.io with SMTP id smtpd.web10.10992.1727254969975311040 for ; Wed, 25 Sep 2024 02:02:50 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=EHsuOeUB; spf=pass (domain: linaro.org, ip: 209.85.208.175, mailfrom: mikko.rapeli@linaro.org) Received: by mail-lj1-f175.google.com with SMTP id 38308e7fff4ca-2f7502f09fdso6470011fa.1 for ; Wed, 25 Sep 2024 02:02:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1727254968; x=1727859768; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=jwuoVlJXBCBaiOZc2xST+DF7Qpw/Hqk37Qz6P7FQQus=; b=EHsuOeUB/TIQ7PhhNuXunTXJdFewzamCdqKIZ3eP0eYDs4FA7EUqiQH0RSzgEDCa/L SlQxlPtLDJMLWt9rhEo7jmlgCvMQUfL2WsyS7eFcOsAcdwLHwAW5AjE3+gZx9ibNrOW2 ZNeuIC5dkW5AxTVf5eI+cbtYRcM2F5tIMgxmbm17DVzED5L2tLVLAiUMJhtCMqHB55CJ youBe/w4fNpFdFCq9Engwvd9w1geE10YvwtXs6OA7UyCyMR47txo48fRa1I/vSvCBfQy 59OzhjnU0vXHcL95v8ZW2eyleF81BFIH3daxes//nJBaomHAPcR+L3/DZe5DjVmRyexa 6f7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727254968; x=1727859768; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jwuoVlJXBCBaiOZc2xST+DF7Qpw/Hqk37Qz6P7FQQus=; b=Ad+kSKGNQKJ60fmaA0YtDrJ6c9yhxNA91Wu3L32dBmAhKSB9z25q7KIncCIVzulHfu XHnOm6KvPG9tVckBx/zafQMLRmOxGe882XZ+joMIaRlVgCMFF6wdE+0rLIcba9X+2krQ AwGqsJ2vyqfybt3B/JjKcx0proR1ZeV2PhMo/qxHjIwD+o4Ju0vH3fYwyrzUHhZE3BrW LOCoXNF4c62gitxjHZ4lPoFzrxxZxRF6ObAZRCx4iuIUyntG2r+V3B61u2AXlxhnLEsd eemyhu6quMbzB6ocmHR6ZZylWqKY7vIee5d0vHJtDPqLxY71sm7Y+e6qxylviEpsmQ0P 2naQ== X-Gm-Message-State: AOJu0YxGWw/6vB+qcvgsuq5Q+FyQCgT8cQdYFEKtAj5nqLg7urX4rGGv t1TjQjqY0zrqWIn73jEDCa0jhYUfszvSv23vU8OHvNIH4MYyE28HF5GHwg9zO7w/1LqrLabcilN +Kwk= X-Google-Smtp-Source: AGHT+IFIk+ZvaIGp8gJXksuTCU84EJPb03FuPjlYZlELLRZZXd2EZ9cpz2B0T8lhV8X4Fhn8sF6l9Q== X-Received: by 2002:a2e:bc84:0:b0:2f7:6664:f272 with SMTP id 38308e7fff4ca-2f8d0b67935mr24073321fa.6.1727254968040; Wed, 25 Sep 2024 02:02:48 -0700 (PDT) Received: from localhost.localdomain (78-27-76-97.bb.dnainternet.fi. [78.27.76.97]) by smtp.gmail.com with ESMTPSA id 38308e7fff4ca-2f8d289ef7fsm4686501fa.119.2024.09.25.02.02.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Sep 2024 02:02:46 -0700 (PDT) From: Mikko Rapeli To: meta-arm@lists.yoctoproject.org Cc: Mikko Rapeli Subject: [PATCH 3/4] optee-client: fix systemd service dependencies Date: Wed, 25 Sep 2024 12:01:46 +0300 Message-ID: <20240925090147.66618-4-mikko.rapeli@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240925090147.66618-1-mikko.rapeli@linaro.org> References: <20240925090147.66618-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Sep 2024 09:02:56 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6105 udev starts tee-supplicant once optee has been found. Fix dependencies in systemd service so that starting it in initrd is possible. Stopping requires that ftpm kernel module is disabled or any TPM related actions will fail until the next reboot so working around these in the service file. These are limitations of current kernel optee and ftpm drivers. tpm2.target requires systemd 256 or newer. With older system version there is no simple way to queue in service before TPM device is available. https://www.freedesktop.org/software/systemd/man/devel/systemd.special.html#tpm2.target Note that https://www.freedesktop.org/software/systemd/man/devel/systemd-tpm2-generator.html detects TPM support from either existing kernel driver (built in or loaded really early in initrd and rootfs boot) or ACPI table entry for TPM device. If firmware used a TPM device but doesn't provide ACPI table entry for it, then a kernel patch has been proposed to expose this to userspace: https://lore.kernel.org/lkml/20240422112711.362779-1-mikko.rapeli@linaro.org/ and matching change proposal for systemd: https://github.com/systemd/systemd/pull/32400 Signed-off-by: Mikko Rapeli --- .../optee/optee-client/tee-supplicant@.service | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/meta-arm/recipes-security/optee/optee-client/tee-supplicant@.service b/meta-arm/recipes-security/optee/optee-client/tee-supplicant@.service index 72c0b9aa..8325b6be 100644 --- a/meta-arm/recipes-security/optee/optee-client/tee-supplicant@.service +++ b/meta-arm/recipes-security/optee/optee-client/tee-supplicant@.service @@ -1,10 +1,12 @@ [Unit] Description=TEE Supplicant on %i +DefaultDependencies=no +After=dev-%i.device +Wants=dev-%i.device +Conflicts=shutdown.target +Before=tpm2.target sysinit.target shutdown.target [Service] -User=root EnvironmentFile=-@sysconfdir@/default/tee-supplicant ExecStart=@sbindir@/tee-supplicant $OPTARGS - -[Install] -WantedBy=basic.target +ExecStop=-/bin/sh -c "/sbin/modprobe -v -r tpm_ftpm_tee ; /bin/kill $MAINPID" From patchwork Wed Sep 25 09:01:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 49591 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 02EADC369B0 for ; Wed, 25 Sep 2024 09:03:06 +0000 (UTC) Received: from mail-lj1-f169.google.com (mail-lj1-f169.google.com [209.85.208.169]) by mx.groups.io with SMTP id smtpd.web11.10942.1727254979659297809 for ; Wed, 25 Sep 2024 02:03:00 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=Fbw3FuVt; spf=pass (domain: linaro.org, ip: 209.85.208.169, mailfrom: mikko.rapeli@linaro.org) Received: by mail-lj1-f169.google.com with SMTP id 38308e7fff4ca-2f74e468aa8so68519441fa.1 for ; Wed, 25 Sep 2024 02:02:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1727254978; x=1727859778; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=T2zHguCEzAihugwTltFkmNp9juwL6HF5C0kX9q/nBJc=; b=Fbw3FuVtxNlgO8ehrzyr+iwXnMgapejKh7dBwt26LcofBCr1ZPaJXRcw9QTGICOYD2 s+Yf4cHWEKV99uGst7S1d1zYk4lFKI9oPJJHFlMJehwz6S/hgLPh6C3PerItVRAddjQz ew2NPm8ch1ItQxwyRbeReXquR975BCvJh4viT7Wc8ux0zKF1r/XC12g8ise7/F42w92A 3BMslUD1YuSn8jkO3+a+Y5MEzvbWFgW2bBXJxDv1h5gLizFBxdBseMgWBdrYAwLsSWYl 8P3Zf1fuBYruCe7AFnYa1SPFweTiElmASB1Hfv/k20B1CJY5tNFYVxF9kA8ZMYslNIpz QysQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727254978; x=1727859778; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=T2zHguCEzAihugwTltFkmNp9juwL6HF5C0kX9q/nBJc=; b=X4V3RCTwmLImLL3wxW82asUkzf1CLpfElnLSu9U+OY5SSwY2U4dVvjM/85O2s7t0Cd HukMQN2cSx6ZcjeA41FaIZryeaXrv2u4cQHFpYPHFNeIByKq3bTgoVfDnmRMF8W1CB8U myOko8AwBXZ3wAnpIQ7VDa/bF2njGedPT01XkRk9/bukTNIJDYuDeMd9s5MJn3hzdUj6 GLLyF1WHTW/lSwGYklgnRQvvZIXw+INrlrj4vwkmZ2C+i7aEFftXVB7wD7Pm6+6tp1eH WRIvHyLGB+HewC51f7/gA7zRd/bjPpVXAFHJ5hAu3VwhcNANwK872GYR2i4vzPiw5ZpW jUgQ== X-Gm-Message-State: AOJu0YyoRD/4qSJIzkKH2VpwsQm2rSJOPqCXriV5YTLfQ9m8hfG5MpD3 PbwuSl0OFk8+xMGrBlwtK4MK+VD29eKbZO9yyKIGdNm5BGUuIJTpgqlUrt6LxRyXiOIJCUxKbxZ 76gg= X-Google-Smtp-Source: AGHT+IHRetnR8uvdVXBNjeWJSWbrYpx3+W7zwxlJFizreHJU/bQv/xkCpUpXIiXcBIMM3bQevmMY0Q== X-Received: by 2002:a2e:b385:0:b0:2f6:5fa7:2640 with SMTP id 38308e7fff4ca-2f91ca6fba1mr9564231fa.34.1727254977635; Wed, 25 Sep 2024 02:02:57 -0700 (PDT) Received: from localhost.localdomain (78-27-76-97.bb.dnainternet.fi. [78.27.76.97]) by smtp.gmail.com with ESMTPSA id 38308e7fff4ca-2f8d289ef7fsm4686501fa.119.2024.09.25.02.02.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Sep 2024 02:02:55 -0700 (PDT) From: Mikko Rapeli To: meta-arm@lists.yoctoproject.org Cc: Mikko Rapeli , =?utf-8?b?SsOpcsO0bWUgRm9yaXNz?= =?utf-8?b?aWVy?= Subject: [PATCH 4/4] oeqa optee.py: increase timeout value from 22 to 45 minutes Date: Wed, 25 Sep 2024 12:01:47 +0300 Message-ID: <20240925090147.66618-5-mikko.rapeli@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240925090147.66618-1-mikko.rapeli@linaro.org> References: <20240925090147.66618-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Sep 2024 09:03:06 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6106 Tests are taking more time now and several devices are timing out: https://gitlab.com/jonmason00/meta-arm/-/pipelines/1467809227 qemuarm64-secureboot runs the test in 10 and qemuarm-secureboot in 13 minutes. Upstream optee CI shows xtest runs taking around 30 minutes on slowest qemu machines: https://github.com/OP-TEE/optee_os/actions/runs/10997530234?pr=7052 Guestimate limit to 45 minutes so that slowest and most loaded machines could fit there too. optee xtest has internal test specific timeouts so if something hangs it should be detected earlier. If these limits still cause issues, then we could disable some of the longer running tests with "xtest -l" option. Default for testing level is 1 but maybe 2 or 3 could be enough. Signed-off-by: Mikko Rapeli Cc: Jérôme Forissier --- meta-arm/lib/oeqa/runtime/cases/optee.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-arm/lib/oeqa/runtime/cases/optee.py b/meta-arm/lib/oeqa/runtime/cases/optee.py index 4f46225b..077eb6a4 100644 --- a/meta-arm/lib/oeqa/runtime/cases/optee.py +++ b/meta-arm/lib/oeqa/runtime/cases/optee.py @@ -12,7 +12,7 @@ class OpteeTestSuite(OERuntimeTestCase): """ Run OP-TEE tests (xtest). """ - @OETimeout(1300) + @OETimeout(2700) @OEHasPackage(['optee-test']) def test_opteetest_xtest(self): # clear storage before executing tests