From patchwork Wed Sep 25 10:04:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 49598 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7A9EEC369C2 for ; Wed, 25 Sep 2024 10:04:36 +0000 (UTC) Received: from mail-lf1-f54.google.com (mail-lf1-f54.google.com [209.85.167.54]) by mx.groups.io with SMTP id smtpd.web11.12233.1727258671824516183 for ; Wed, 25 Sep 2024 03:04:32 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=BVDFlFnf; spf=pass (domain: linaro.org, ip: 209.85.167.54, mailfrom: mikko.rapeli@linaro.org) Received: by mail-lf1-f54.google.com with SMTP id 2adb3069b0e04-53568ffc525so7701635e87.0 for ; Wed, 25 Sep 2024 03:04:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1727258670; x=1727863470; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QgE9b1GOYWEx/nLuh8HIIswyS1tqOnOtR25YN/EKsvQ=; b=BVDFlFnf/S4QOCaQsNPKerr7Z4TdymdWxF/CmBRhmDLO/aRZmZtxSENouwPkxAsAAV deyIVy3AP4r6BoTch1230ZHRN9ckXyDUd4p0piLa+u2/fptbVFXD37NfjYOcZ23HSo3e agcEc2LD8YFVF+BS/iMcKF7x0ZhroHDmFIm2nvadNEIDC68M4YRHWZXP9fv1pVcKfzNt SgQFS0+xgNKFGd/PmeclWR+3f6MYCjkZA+TT01f2qTiN93pCFtoAW32AHBinQy9hzNQJ rZFf0gC2mixKgoafzt0ofUHAjn5gqeqzkXxIZfGz2pg5gFYHt2CJ3IA73TuQBygzpAGX 8Y9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727258670; x=1727863470; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QgE9b1GOYWEx/nLuh8HIIswyS1tqOnOtR25YN/EKsvQ=; b=qiFcr6oj5f/sfDuDvkhf31uF605ic24FKAZXqKgpMypxhDOF2PSlOauh3DpEuCiTsE wW3u7ZPjwvMWOIvWCUvE7IAEHSRMU7XcPY/vS/fZx6O4fqVURO0p7QZVTqkzWVteMcvm rew72gzRipcuvZ/aHdn9+KP7P39SgpgyZf+Es79UwF8sHnKZOGC/yr7A6FK7IMxLrnr7 qnsbQ3sKBqe0a6YruT5GKgP5U+ncWg+RJOTJV4mgumkOjbcIl/QDZtM0yFd9NXsioyKT xr2Gc3eRPhOd+yjC4vqikIZA1BJOp9BjbNy3KE7HvuDuqH7CiozEmmK9kU1JILmMAJl9 N0hA== X-Gm-Message-State: AOJu0YysQwTVXzGQrDvNxZwykFZRlWGj230afzO8VPuPJ9m+V+R1whsR GgUXXr3Oh5TdCRK0ivesjyEfJk8ml6uAcf1XYj6lnKYs/KqRBrS5SmEU5HEYfHGp8vfh88tK5NB NGWk= X-Google-Smtp-Source: AGHT+IEYEVYlH3kWTHUj+3y+j3af2U07+PwwIYakQ/RUaY7pEUuNzg0u2zfA3TZpB4xs47f7TNoUJA== X-Received: by 2002:a05:6512:304c:b0:535:3d15:e709 with SMTP id 2adb3069b0e04-5387048ba52mr1042201e87.12.1727258669571; Wed, 25 Sep 2024 03:04:29 -0700 (PDT) Received: from localhost.localdomain (78-27-76-97.bb.dnainternet.fi. [78.27.76.97]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-537a864d9d9sm478631e87.253.2024.09.25.03.04.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Sep 2024 03:04:27 -0700 (PDT) From: Mikko Rapeli To: meta-arm@lists.yoctoproject.org Cc: Jon Mason Subject: [PATCH v2 1/4] arm/optee: update to 4.3.0 Date: Wed, 25 Sep 2024 13:04:11 +0300 Message-ID: <20240925100414.73073-2-mikko.rapeli@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240925100414.73073-1-mikko.rapeli@linaro.org> References: <20240925100414.73073-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Sep 2024 10:04:36 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6109 From: Jon Mason Update OP-TEE to version 4.3.0 NOTE: the license file in optee-test changed, but the license is the same (commit a748f5fcd9ec8a574dc86a5aa56d05bc6ac174e7). They chose to change the URL of the licenses in question to be "LICENSE-GPL" and "LICENSE-BSD". Signed-off-by: Jon Mason --- ...-client_4.2.0.bb => optee-client_4.3.0.bb} | 2 +- ...mples_4.2.0.bb => optee-examples_4.3.0.bb} | 0 ...it_4.2.0.bb => optee-os-tadevkit_4.3.0.bb} | 0 ...not-use-full-path-to-generate-guard-.patch | 45 ------------------- .../{optee-os_4.2.0.bb => optee-os_4.3.0.bb} | 3 +- ...stats-remove-unneeded-stat.h-include.patch | 34 -------------- ...ptee-test_4.2.0.bb => optee-test_4.3.0.bb} | 4 +- 7 files changed, 4 insertions(+), 84 deletions(-) rename meta-arm/recipes-security/optee/{optee-client_4.2.0.bb => optee-client_4.3.0.bb} (71%) rename meta-arm/recipes-security/optee/{optee-examples_4.2.0.bb => optee-examples_4.3.0.bb} (100%) rename meta-arm/recipes-security/optee/{optee-os-tadevkit_4.2.0.bb => optee-os-tadevkit_4.3.0.bb} (100%) delete mode 100644 meta-arm/recipes-security/optee/optee-os/0001-checkconf.mk-do-not-use-full-path-to-generate-guard-.patch rename meta-arm/recipes-security/optee/{optee-os_4.2.0.bb => optee-os_4.3.0.bb} (77%) delete mode 100644 meta-arm/recipes-security/optee/optee-test/0001-xtest-stats-remove-unneeded-stat.h-include.patch rename meta-arm/recipes-security/optee/{optee-test_4.2.0.bb => optee-test_4.3.0.bb} (78%) diff --git a/meta-arm/recipes-security/optee/optee-client_4.2.0.bb b/meta-arm/recipes-security/optee/optee-client_4.3.0.bb similarity index 71% rename from meta-arm/recipes-security/optee/optee-client_4.2.0.bb rename to meta-arm/recipes-security/optee/optee-client_4.3.0.bb index 56494e4c..4a088004 100644 --- a/meta-arm/recipes-security/optee/optee-client_4.2.0.bb +++ b/meta-arm/recipes-security/optee/optee-client_4.3.0.bb @@ -1,6 +1,6 @@ require recipes-security/optee/optee-client.inc -SRCREV = "3eac340a781c00ccd61b151b0e9c22a8c6e9f9f0" +SRCREV = "a5b1ffcd26e328af0bbf18ab448a38ecd558e05c" inherit pkgconfig DEPENDS += "util-linux" diff --git a/meta-arm/recipes-security/optee/optee-examples_4.2.0.bb b/meta-arm/recipes-security/optee/optee-examples_4.3.0.bb similarity index 100% rename from meta-arm/recipes-security/optee/optee-examples_4.2.0.bb rename to meta-arm/recipes-security/optee/optee-examples_4.3.0.bb diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_4.2.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_4.3.0.bb similarity index 100% rename from meta-arm/recipes-security/optee/optee-os-tadevkit_4.2.0.bb rename to meta-arm/recipes-security/optee/optee-os-tadevkit_4.3.0.bb diff --git a/meta-arm/recipes-security/optee/optee-os/0001-checkconf.mk-do-not-use-full-path-to-generate-guard-.patch b/meta-arm/recipes-security/optee/optee-os/0001-checkconf.mk-do-not-use-full-path-to-generate-guard-.patch deleted file mode 100644 index 29719b45..00000000 --- a/meta-arm/recipes-security/optee/optee-os/0001-checkconf.mk-do-not-use-full-path-to-generate-guard-.patch +++ /dev/null @@ -1,45 +0,0 @@ -From c8a2a6529dc3ff609281ef4fe5c5bc949c805b5c Mon Sep 17 00:00:00 2001 -From: Rasmus Villemoes -Date: Thu, 6 Jun 2024 11:42:46 +0200 -Subject: [PATCH] checkconf.mk: do not use full path to generate guard symbol - in conf.h - -The combination of building with -g3 (which emits definitions of all -defined preprocessor macros to the debug info) and using a full path -to define the name of this preprocessor guard means that the output is -not binary reproducible across different build hosts. For example, in -my Yocto build, the string - - __home_ravi_yocto_tmp_glibc_work_stm32mp135fdk_oe_linux_gnueabi_optee_os_stm32mp_3_19_0_stm32mp_r1_1_build_stm32mp135f_dk_include_generated_conf_h_ - -appears in several build artifacts. Another developer or buildbot -would not build in some /home/ravi/... directory. - -In order to increase binary reproducibility, only use the path sans -the $(out-dir)/ prefix of the conf.h file. - -Reviewed-by: Jens Wiklander -Signed-off-by: Rasmus Villemoes ---- - mk/checkconf.mk | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -Upstream-Status: Backport [c8a2a6529dc3ff609281ef4fe5c5bc949c805b5c] - -diff --git a/mk/checkconf.mk b/mk/checkconf.mk -index 449b1c2b8..bb08d6b15 100644 ---- a/mk/checkconf.mk -+++ b/mk/checkconf.mk -@@ -17,7 +17,8 @@ define check-conf-h - cnf='$(strip $(foreach var, \ - $(call cfg-vars-by-prefix,$1), \ - $(call cfg-make-define,$(var))))'; \ -- guard="_`echo $@ | tr -- -/.+ _`_"; \ -+ guardpath="$(patsubst $(out-dir)/%,%,$@)" \ -+ guard="_`echo "$${guardpath}" | tr -- -/.+ _`_"; \ - mkdir -p $(dir $@); \ - echo "#ifndef $${guard}" >$@.tmp; \ - echo "#define $${guard}" >>$@.tmp; \ --- -2.34.1 - diff --git a/meta-arm/recipes-security/optee/optee-os_4.2.0.bb b/meta-arm/recipes-security/optee/optee-os_4.3.0.bb similarity index 77% rename from meta-arm/recipes-security/optee/optee-os_4.2.0.bb rename to meta-arm/recipes-security/optee/optee-os_4.3.0.bb index 33c19f2f..cfd926b0 100644 --- a/meta-arm/recipes-security/optee/optee-os_4.2.0.bb +++ b/meta-arm/recipes-security/optee/optee-os_4.3.0.bb @@ -4,10 +4,9 @@ DEPENDS += "dtc-native" FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" -SRCREV = "12d7c4ee4642d2d761e39fbcf21a06fb77141dea" +SRCREV = "1c0d52ace3c237ca6276cafb5c73f699a75c1d40" SRC_URI += " \ file://0003-optee-enable-clang-support.patch \ - file://0001-checkconf.mk-do-not-use-full-path-to-generate-guard-.patch \ file://0001-mk-compile.mk-remove-absolute-build-time-paths.patch \ file://0001-compile.mk-use-CFLAGS-from-environment.patch \ file://0002-link.mk-use-CFLAGS-with-version.o.patch \ diff --git a/meta-arm/recipes-security/optee/optee-test/0001-xtest-stats-remove-unneeded-stat.h-include.patch b/meta-arm/recipes-security/optee/optee-test/0001-xtest-stats-remove-unneeded-stat.h-include.patch deleted file mode 100644 index 581c6db3..00000000 --- a/meta-arm/recipes-security/optee/optee-test/0001-xtest-stats-remove-unneeded-stat.h-include.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 236ebb968a298fa5d461e734559ad8a13b667eb6 Mon Sep 17 00:00:00 2001 -From: Jon Mason -Date: Wed, 24 Jan 2024 11:35:50 -0500 -Subject: [PATCH] xtest: stats: remove unneeded stat.h include - -Hack to work around musl compile error: - -| In file included from optee-test/4.1.0/recipe-sysroot/usr/include/sys/stat.h:23, -| from optee-test/4.1.0/git/host/xtest/stats.c:17: -| optee-test/4.1.0/recipe-sysroot/usr/include/bits/stat.h:17:26: error: expected identifier or '(' before '[' token -| 17 | unsigned __unused[2]; -| | ^ - -stat.h is not needed, since it is not being used in this file. So -removing it. - -Upstream-Status: Inappropriate [https://github.com/OP-TEE/optee_test/issues/722] -Signed-off-by: Jon Mason ---- - host/xtest/stats.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/host/xtest/stats.c b/host/xtest/stats.c -index fb16d55586da..05aa3adac611 100644 ---- a/host/xtest/stats.c -+++ b/host/xtest/stats.c -@@ -14,7 +14,6 @@ - #include - #include - #include --#include - #include - #include - #include diff --git a/meta-arm/recipes-security/optee/optee-test_4.2.0.bb b/meta-arm/recipes-security/optee/optee-test_4.3.0.bb similarity index 78% rename from meta-arm/recipes-security/optee/optee-test_4.2.0.bb rename to meta-arm/recipes-security/optee/optee-test_4.3.0.bb index 6317a72f..44846fef 100644 --- a/meta-arm/recipes-security/optee/optee-test_4.2.0.bb +++ b/meta-arm/recipes-security/optee/optee-test_4.3.0.bb @@ -1,7 +1,7 @@ require recipes-security/optee/optee-test.inc -SRCREV = "526d5bac1b65f907f67c05cd07beca72fbab88dd" -SRC_URI += "file://0001-xtest-stats-remove-unneeded-stat.h-include.patch" +SRCREV = "9d4c4fb9638fb533211037016b6da12fbbcc4bb6" +LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a8fa504109e4cd7ea575bc49ea4be560" # Include ffa_spmc test group if the SPMC test is enabled. # Supported after op-tee v3.20 From patchwork Wed Sep 25 10:04:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 49600 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 94D69C369C5 for ; Wed, 25 Sep 2024 10:04:36 +0000 (UTC) Received: from mail-lj1-f175.google.com (mail-lj1-f175.google.com [209.85.208.175]) by mx.groups.io with SMTP id smtpd.web11.12235.1727258673300033803 for ; Wed, 25 Sep 2024 03:04:33 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=yka1sNZ5; spf=pass (domain: linaro.org, ip: 209.85.208.175, mailfrom: mikko.rapeli@linaro.org) Received: by mail-lj1-f175.google.com with SMTP id 38308e7fff4ca-2f74e613a10so99507461fa.1 for ; Wed, 25 Sep 2024 03:04:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1727258671; x=1727863471; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QQGnmmRi1nU16WY3QHiqFBdRs8QwatKcCYueFacwUnU=; b=yka1sNZ5ZzHKq2Bh32MS0mmQ7JYhEZna4FU3olaYCPs2uWQoL+hhgtdiinP9RY5fnH 1M978sn5GoKJz0k8qQItiSCrAZzh88okuNc1x3DVnh9S9Fhf8iS3pJVr3g6YYf178r/x CMeVWdWo9n36m8KddTUwTPPC5o6UJvsxUYK9SZ2ioG0l1bzcD3ixh+GCpekjVpZxGSpa VwY92c6NKZNu92yE7X1R9IbMA3AOJ3Dl29Jr+KtrGwaamfEEFBP01AGjEgYIeiJZI5yM GraqqUs4MZgcapP78JKr1RczR+VFfaItD51p3PyHzWkD01EigsEd6Yo4Btuzpok/MHWT 4p8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727258671; x=1727863471; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QQGnmmRi1nU16WY3QHiqFBdRs8QwatKcCYueFacwUnU=; b=lrFuw29V5dmmujLAAAS47SEeyTWNBaqqN7o4+ejmWi3YkNGhE932NUMCJNwH3VpihQ TYRTx2PXWQoHSf15fTHt8RNnlfl4SVGoYbVqes4VQiQBuz7nw4bF5joOOo9KTiRuUxxj yc/tJESAQ/fjspGI5rUyGJx30buKCxxBsKmqriyX0FbTl7URilPJ1vdNanDw4KrnF22q gNr25XmQfDuX02GlpXp7gmsaAkzY/VEshYXaNga+e4z3TG9qc2tz8p9VaKsIHhtPEmUZ cYevtuoL+nBPhIXbjuaC/E4yYL5YvTrw6BF5FpAaHR35KAcIeEw7cJfeyc7mMNLjSUd1 2FOw== X-Gm-Message-State: AOJu0Ywkz+mmoYbAmNuLMktFtifE1U1Z0MYy6LSV71kSpBgjM1j1+nQk u7LCxsOmX99ei0nxk4qsgrGNfpOnTsjnI7Ca6pb11CO1piXH+9LQSl5acaGgjaMaqvNskYguN/I ZJQw= X-Google-Smtp-Source: AGHT+IHy3XP+wXvz1dTizC1l6Wsf7q+hbICRiErWruQvezwQXBLO5e7HygsD2g4GgGU1UOrWz05lLQ== X-Received: by 2002:a05:6512:687:b0:536:a695:9414 with SMTP id 2adb3069b0e04-5387048aa60mr2034225e87.6.1727258671283; Wed, 25 Sep 2024 03:04:31 -0700 (PDT) Received: from localhost.localdomain (78-27-76-97.bb.dnainternet.fi. [78.27.76.97]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-537a864d9d9sm478631e87.253.2024.09.25.03.04.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Sep 2024 03:04:30 -0700 (PDT) From: Mikko Rapeli To: meta-arm@lists.yoctoproject.org Cc: Javier Tia Subject: [PATCH v2 2/4] arm/optee: Add optee udev rules Date: Wed, 25 Sep 2024 13:04:12 +0300 Message-ID: <20240925100414.73073-3-mikko.rapeli@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240925100414.73073-1-mikko.rapeli@linaro.org> References: <20240925100414.73073-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Sep 2024 10:04:36 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6110 From: Javier Tia If a /dev/teepriv[0-9]* device is detected, start an instance of tee-supplicant.service with the device name as parameter. Signed-off-by: Javier Tia --- meta-arm/recipes-security/optee/optee-client.inc | 8 +++++++- .../recipes-security/optee/optee-client/optee-udev.rules | 6 ++++++ 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 meta-arm/recipes-security/optee/optee-client/optee-udev.rules diff --git a/meta-arm/recipes-security/optee/optee-client.inc b/meta-arm/recipes-security/optee/optee-client.inc index ddda2d1a..f387c805 100644 --- a/meta-arm/recipes-security/optee/optee-client.inc +++ b/meta-arm/recipes-security/optee/optee-client.inc @@ -5,12 +5,13 @@ HOMEPAGE = "https://www.op-tee.org/" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b" -inherit systemd update-rc.d cmake +inherit systemd update-rc.d cmake useradd SRC_URI = " \ git://github.com/OP-TEE/optee_client.git;branch=master;protocol=https \ file://tee-supplicant@.service \ file://tee-supplicant.sh \ + file://optee-udev.rules \ " UPSTREAM_CHECK_GITTAGREGEX = "^(?P\d+(\.\d+)+)$" @@ -26,6 +27,8 @@ EXTRA_OECMAKE:append:toolchain-clang = " -DCFG_WERROR=0" do_install:append() { install -D -p -m0644 ${UNPACKDIR}/tee-supplicant@.service ${D}${systemd_system_unitdir}/tee-supplicant@.service install -D -p -m0755 ${UNPACKDIR}/tee-supplicant.sh ${D}${sysconfdir}/init.d/tee-supplicant + install -d ${D}${sysconfdir}/udev/rules.d + install -m 0644 ${UNPACKDIR}/optee-udev.rules ${D}${sysconfdir}/udev/rules.d/optee.rules sed -i -e s:@sysconfdir@:${sysconfdir}:g \ -e s:@sbindir@:${sbindir}:g \ @@ -38,3 +41,6 @@ SYSTEMD_SERVICE:${PN} = "tee-supplicant@.service" INITSCRIPT_PACKAGES = "${PN}" INITSCRIPT_NAME:${PN} = "tee-supplicant" INITSCRIPT_PARAMS:${PN} = "start 10 1 2 3 4 5 . stop 90 0 6 ." + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM:${PN} = "--system teeclnt" diff --git a/meta-arm/recipes-security/optee/optee-client/optee-udev.rules b/meta-arm/recipes-security/optee/optee-client/optee-udev.rules new file mode 100644 index 00000000..075f469c --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-client/optee-udev.rules @@ -0,0 +1,6 @@ +KERNEL=="tee[0-9]*", MODE="0660", OWNER="root", GROUP="teeclnt", TAG+="systemd" + +# If a /dev/teepriv[0-9]* device is detected, start an instance of +# tee-supplicant.service with the device name as parameter +KERNEL=="teepriv[0-9]*", MODE="0660", OWNER="root", GROUP="teeclnt", \ + TAG+="systemd", ENV{SYSTEMD_WANTS}+="tee-supplicant@%k.service" From patchwork Wed Sep 25 10:04:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 49599 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7DA46C369C4 for ; Wed, 25 Sep 2024 10:04:36 +0000 (UTC) Received: from mail-lf1-f49.google.com (mail-lf1-f49.google.com [209.85.167.49]) by mx.groups.io with SMTP id smtpd.web10.12209.1727258674856741104 for ; Wed, 25 Sep 2024 03:04:35 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=Ha9XPGWj; spf=pass (domain: linaro.org, ip: 209.85.167.49, mailfrom: mikko.rapeli@linaro.org) Received: by mail-lf1-f49.google.com with SMTP id 2adb3069b0e04-53568ffc525so7701709e87.0 for ; Wed, 25 Sep 2024 03:04:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1727258673; x=1727863473; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=G2Tgk0JEhZRg//lLIz4/TGocfEx6DjU5t57PgwJMeQA=; b=Ha9XPGWjrgTPgs58PsWajgFE+KU0+eBSTI3Moyf5qWEUusHK4k0xgtgKXeFAwn/eJ9 CZTVuGDEj3s/YwfAPDlJF3mPw60LwkHudUoe4dqMNNZGPRD9U3iKw3JqbTTJUokqNYv5 3kIr7J598961feIfIYYVK0gWBnV6S+/bbVAM8b9SiQqKw4dgaIUuJ3YlR6yELGkHCPZq 7/TUlAZjKgfbPofGogbrbND2XklbqMUgrzTb7phKLDFNxBuBCet+/qbkSVX82uTFuAwP HQjUhQbiky6Kq3OijSFToRfTkFIjsciB74JmRVJsysHnJ6kCGJNZ1kHtgu7PDQctcGmU EVoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727258673; x=1727863473; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=G2Tgk0JEhZRg//lLIz4/TGocfEx6DjU5t57PgwJMeQA=; b=Syz1YqGOveaJk7STk+CQUNRwQ6Vrs5eqA5EM6iGw6/kYdo9PkxogLU5KHv9UZfJnpz hPT0TGqDcXvrZcWr2PV+W5x2EYAf+iZZ9Lr9OlC8CMAxUm1aBj4KKT8uSTd4Q2F0szxa IuuzHVZiqfQbs6NHq//8W1p4kV6hceLqUZmyWNUj7AbYF+/UYiWePsR/E7kyPZMdTuqP OaD+R0jQ+5d25e2W38wAPwz9IKEI2rDtOT8UhJa72aaDfaXJkf+TyhTmMLX7PBMz1qD6 qMsT38U2mzCWSRhnXEq5gy8iUf4SyZxuQFP5haI/9sI66SUtu3hTHPvKB670g/3abrxm Z4GA== X-Gm-Message-State: AOJu0YysSH82xk/4pu+WqtCqgNOE/gqvKBOGj8hhwT97w9ZnZ3dmMpTd Kptn0HRUzYZwNAPNt26lNslRRPponQmyi5AGVF39y0LuzYD1x4vsc7AYEmnaxGvxyWlugPubpYA 0A50= X-Google-Smtp-Source: AGHT+IGNMSP5RybybEuft6fFwLYiGb/G+Ja2ZIYsbGNxFxIC2HOiF5VsBNM9BuNOS0QcVyKNcF1C0w== X-Received: by 2002:ac2:4e14:0:b0:536:53e3:fe9d with SMTP id 2adb3069b0e04-5387049840amr1242311e87.18.1727258672888; Wed, 25 Sep 2024 03:04:32 -0700 (PDT) Received: from localhost.localdomain (78-27-76-97.bb.dnainternet.fi. [78.27.76.97]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-537a864d9d9sm478631e87.253.2024.09.25.03.04.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Sep 2024 03:04:32 -0700 (PDT) From: Mikko Rapeli To: meta-arm@lists.yoctoproject.org Cc: Mikko Rapeli Subject: [PATCH v2 3/4] optee-client: fix systemd service dependencies Date: Wed, 25 Sep 2024 13:04:13 +0300 Message-ID: <20240925100414.73073-4-mikko.rapeli@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240925100414.73073-1-mikko.rapeli@linaro.org> References: <20240925100414.73073-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Sep 2024 10:04:36 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6111 udev starts tee-supplicant once optee has been found. Fix dependencies in systemd service so that starting it in initrd is possible. Stopping requires that ftpm kernel module is disabled or any TPM related actions will fail until the next reboot so working around these in the service file. These are limitations of current kernel optee and ftpm drivers. tpm2.target requires systemd 256 or newer. With older system version there is no simple way to queue in service before TPM device is available. https://www.freedesktop.org/software/systemd/man/devel/systemd.special.html#tpm2.target Note that https://www.freedesktop.org/software/systemd/man/devel/systemd-tpm2-generator.html detects TPM support from either existing kernel driver (built in or loaded really early in initrd and rootfs boot) or ACPI table entry for TPM device. If firmware used a TPM device but doesn't provide ACPI table entry for it, then a kernel patch has been proposed to expose this to userspace: https://lore.kernel.org/lkml/20240422112711.362779-1-mikko.rapeli@linaro.org/ and matching change proposal for systemd: https://github.com/systemd/systemd/pull/32400 Signed-off-by: Mikko Rapeli --- .../optee/optee-client/tee-supplicant@.service | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/meta-arm/recipes-security/optee/optee-client/tee-supplicant@.service b/meta-arm/recipes-security/optee/optee-client/tee-supplicant@.service index 72c0b9aa..e3039fde 100644 --- a/meta-arm/recipes-security/optee/optee-client/tee-supplicant@.service +++ b/meta-arm/recipes-security/optee/optee-client/tee-supplicant@.service @@ -1,10 +1,13 @@ [Unit] Description=TEE Supplicant on %i +DefaultDependencies=no +After=dev-%i.device +Wants=dev-%i.device +Conflicts=shutdown.target +Before=tpm2.target sysinit.target shutdown.target [Service] -User=root +Type=notify EnvironmentFile=-@sysconfdir@/default/tee-supplicant ExecStart=@sbindir@/tee-supplicant $OPTARGS - -[Install] -WantedBy=basic.target +ExecStop=-/bin/sh -c "/sbin/modprobe -v -r tpm_ftpm_tee ; /bin/kill $MAINPID" From patchwork Wed Sep 25 10:04:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 49601 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 895DDC369C5 for ; Wed, 25 Sep 2024 10:04:46 +0000 (UTC) Received: from mail-lf1-f49.google.com (mail-lf1-f49.google.com [209.85.167.49]) by mx.groups.io with SMTP id smtpd.web10.12210.1727258679298118498 for ; Wed, 25 Sep 2024 03:04:39 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=y/V1qod8; spf=pass (domain: linaro.org, ip: 209.85.167.49, mailfrom: mikko.rapeli@linaro.org) Received: by mail-lf1-f49.google.com with SMTP id 2adb3069b0e04-53568ffc525so7701851e87.0 for ; Wed, 25 Sep 2024 03:04:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1727258677; x=1727863477; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=T2zHguCEzAihugwTltFkmNp9juwL6HF5C0kX9q/nBJc=; b=y/V1qod8++7HB/8wpSq1kR2Q45G04NUyglyIhb3dkGgK39uNax5jaxejZjvoBN6lzX mGNL9ZYys9+TiXJxAM6ELaxa5jPiuFOwbsIIsCWnFVncOrZBf4oeCUgM6/XxOWKD+kJY RzxfhsyLfgaMHh+u7oC6N5tv6mI6bR223jgsGftTsf6ONkbKHTP/pXegMMwaoVg4blYj JiAipnTKZGAJCnGpBFgPHT2D+lGagz9kvSfylDoUZKnd/2cfZNKabjKsWysMygHOdFXb YLfjCPkTZERY2Fg5cEPD1rTd6GNJuEJAuHB9+0TlybeV2ZKpSWSeXF+l280rlYn/L1Wa Is8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727258677; x=1727863477; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=T2zHguCEzAihugwTltFkmNp9juwL6HF5C0kX9q/nBJc=; b=NcSgtlRm0Ywad5eC4ragxaYLdkZ9X70K9C9D12m9ucjYETOW43qUnwRcMKikqXbTS3 aYELKSlHPmhThauFsVKCGLyDK98F6t428ewkUcSHAXm3UVd6K5NtDdHM47pX9uz6YQOJ a3umsC51C64LsOsjNP9y9EFRROT6qv9l89+4yBjlwshB3FIOpbgJcjNNvUNEMx7Qp4Qv vOVOqNnnEJ4jKoi6cx6IQl3dyjv3AEfPhJLA+plzHteAIVCGiUdbdSIvZ4PNZEwNXFFG fFdFH2kHvkWUDotjXFeXPdYbTQwPivRbIOboKy86kYL5KtZ76vlGuZoBpenF4RoEigF1 0+rQ== X-Gm-Message-State: AOJu0Yx721CBfTIYFkORBPg8nbx1Os/S+MiP2maMQA8q9FIbzicnC0Rq fHw1yaILrh8bK7jFlatoZC8/W0eaFdM+A38SAKV5+Kgy0ytQ/YbE4aXz9rtdcpmaUQeWEwcMp5G BAQY= X-Google-Smtp-Source: AGHT+IH34w/T3238vgcDSqKVRfWmJyvI9xsmwwdBDK50GF0az4osmJc1tv4eCUsywxp7EzgNYoXrlw== X-Received: by 2002:a05:6512:2209:b0:536:54c2:fb7c with SMTP id 2adb3069b0e04-53877530edfmr1289475e87.25.1727258677358; Wed, 25 Sep 2024 03:04:37 -0700 (PDT) Received: from localhost.localdomain (78-27-76-97.bb.dnainternet.fi. [78.27.76.97]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-537a864d9d9sm478631e87.253.2024.09.25.03.04.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Sep 2024 03:04:35 -0700 (PDT) From: Mikko Rapeli To: meta-arm@lists.yoctoproject.org Cc: Mikko Rapeli , =?utf-8?b?SsOpcsO0bWUgRm9yaXNz?= =?utf-8?b?aWVy?= Subject: [PATCH v2 4/4] oeqa optee.py: increase timeout value from 22 to 45 minutes Date: Wed, 25 Sep 2024 13:04:14 +0300 Message-ID: <20240925100414.73073-5-mikko.rapeli@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240925100414.73073-1-mikko.rapeli@linaro.org> References: <20240925100414.73073-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Sep 2024 10:04:46 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6112 Tests are taking more time now and several devices are timing out: https://gitlab.com/jonmason00/meta-arm/-/pipelines/1467809227 qemuarm64-secureboot runs the test in 10 and qemuarm-secureboot in 13 minutes. Upstream optee CI shows xtest runs taking around 30 minutes on slowest qemu machines: https://github.com/OP-TEE/optee_os/actions/runs/10997530234?pr=7052 Guestimate limit to 45 minutes so that slowest and most loaded machines could fit there too. optee xtest has internal test specific timeouts so if something hangs it should be detected earlier. If these limits still cause issues, then we could disable some of the longer running tests with "xtest -l" option. Default for testing level is 1 but maybe 2 or 3 could be enough. Signed-off-by: Mikko Rapeli Cc: Jérôme Forissier --- meta-arm/lib/oeqa/runtime/cases/optee.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-arm/lib/oeqa/runtime/cases/optee.py b/meta-arm/lib/oeqa/runtime/cases/optee.py index 4f46225b..077eb6a4 100644 --- a/meta-arm/lib/oeqa/runtime/cases/optee.py +++ b/meta-arm/lib/oeqa/runtime/cases/optee.py @@ -12,7 +12,7 @@ class OpteeTestSuite(OERuntimeTestCase): """ Run OP-TEE tests (xtest). """ - @OETimeout(1300) + @OETimeout(2700) @OEHasPackage(['optee-test']) def test_opteetest_xtest(self): # clear storage before executing tests