From patchwork Mon Jan 7 10:24:53 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Etienne Carriere X-Patchwork-Id: 1021253 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="U5kLwCQL"; dkim-atps=neutral Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 43YBNg2Vtkz9sDn for ; Mon, 7 Jan 2019 21:25:23 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 18F748633B; Mon, 7 Jan 2019 10:25:20 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S3fqMNjunIFB; Mon, 7 Jan 2019 10:25:17 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id 0687E8628B; Mon, 7 Jan 2019 10:25:17 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id A1B151C2E2B for ; Mon, 7 Jan 2019 10:25:15 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 9F64B85F0E for ; Mon, 7 Jan 2019 10:25:15 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tc1nHVBlZl9x for ; Mon, 7 Jan 2019 10:25:14 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mail-ed1-f67.google.com (mail-ed1-f67.google.com [209.85.208.67]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 97A5F85EAF for ; Mon, 7 Jan 2019 10:25:14 +0000 (UTC) Received: by mail-ed1-f67.google.com with SMTP id x30so370612edx.2 for ; Mon, 07 Jan 2019 02:25:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=8ruA60Ewm7rhpDohq8gHxPrCvTAHkb25eaaoJe2TKgg=; b=U5kLwCQLwppZPyIGI017Q+mnhOT4IcpQDzqregr5v5C5FSkHOxEve/3TM9tL1U5BRP cwZZrxkK7RU/F9z8IKdiIiyeAfaLhylw7QISTLau2TlJJRL2sP7qaQB60mPd5ydoHmS+ eeMcPehJbkoNXoqzDldW2l/zocRpFQkIHEZTU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=8ruA60Ewm7rhpDohq8gHxPrCvTAHkb25eaaoJe2TKgg=; b=fsmPSQbcjoWZFrOcMOjPCcZVgi686OsHZUD9oUVyFFrWRXjlw27uCnL1LCQXBJvcT6 dRSvlmsChiguWsTbjK3A7oB21ps+4H79qY3URWv/ByJQ397WGrnAubba4rsOFOSNvhG+ RUHujPzQfYinxMHrqILwSAHYXYc5bwwyDWv9fqe7LnNkdgmzwz9dolyLgJXSrbasFVxa kw8UVRf4r7Rq3YNGJznfGwYqmL2kRXB7FIdh25V1NwBKUC+LCZTWfRm0cvIkavUYcQlP R8llFFmoUfgC6jrKZXHRxJDW5mygAnEjDr+jnekOAYs43JRZkNTS6jpaerMQZv6O+0Pb DyVA== X-Gm-Message-State: AA+aEWbqPE+Uo3M+gtmwrzXDRTjbXlvxrHCcGhWfQZ/7HPLnB2xiwWML JMYDrEMSchvyHM53bS/ERKIdnfLbOh5R76Rj X-Google-Smtp-Source: AFSGD/VCwLnDmJOxCKyqLB+6IXM2cXP5So1y+a1xyszOaUm/WnEanI3U/DMnCZXGqF/FzGz2zjazlg== X-Received: by 2002:a17:906:b243:: with SMTP id ce3-v6mr46158226ejb.87.1546856712727; Mon, 07 Jan 2019 02:25:12 -0800 (PST) Received: from lmenx29q.lme.st.com. (gam64-h01-176-179-138-108.dsl.sta.abo.bbox.fr. [176.179.138.108]) by smtp.gmail.com with ESMTPSA id r51sm29418582eda.64.2019.01.07.02.25.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 07 Jan 2019 02:25:12 -0800 (PST) From: Etienne Carriere To: buildroot@buildroot.org Date: Mon, 7 Jan 2019 11:24:53 +0100 Message-Id: <1546856698-20032-2-git-send-email-etienne.carriere@linaro.org> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1546856698-20032-1-git-send-email-etienne.carriere@linaro.org> References: <1542996547-5003-1-git-send-email-etienne.carriere@linaro.org> <1546856698-20032-1-git-send-email-etienne.carriere@linaro.org> Subject: [Buildroot] [PATCH v3 2/7] optee-client: new package X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Etienne Carriere MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" OP-TEE client API library and supplicant daemon from the OP-TEE project are packaged in package/optee-client. An init script launches the tee-supplicant deamon. Package is added to the Security menu of BR configuration. This change references in Buildroot the today's latest OP-TEE revision release tagged 3.3.0. Signed-off-by: Etienne Carriere --- Changes v2 -> v3: - Add an entry in file DEVELOPERS. - Clean Config.in layout and description sections. - Drop BR2_PACKAGE_OPTEE_CLIENT_SYNCED_VERSION. - Clean optee-client.mk layout. - Remove OPTEE_CLIENT_INSTALL_STAGING indirection. - Replace optee-client.hash with per-version optee-client.hash files. - Support the released 3.x tags from OP-TEE project. - Correct license tag (client is BSD-2-Clause instead of BSD-3-Clause). - Rewrite the init script to use start-stop-daemon Changes v1 -> v2: - Add option BR2_PACKAGE_OPTEE_CLIENT_SYNCED_VERSION to ensure OP-TEE client version is synced with OP-TEE OS version when the later if enabled. - Remove useless OPTEE_CLIENT_INSTALL_IMAGE=YES. --- DEVELOPERS | 1 + package/Config.in | 1 + package/optee-client/3.3.0/optee-client.hash | 4 ++ package/optee-client/Config.in | 55 ++++++++++++++++++++++++++++ package/optee-client/S30optee | 49 +++++++++++++++++++++++++ package/optee-client/optee-client.mk | 25 +++++++++++++ 6 files changed, 135 insertions(+) create mode 100644 package/optee-client/3.3.0/optee-client.hash create mode 100644 package/optee-client/Config.in create mode 100644 package/optee-client/S30optee create mode 100644 package/optee-client/optee-client.mk diff --git a/DEVELOPERS b/DEVELOPERS index 83c0ec8..0810e63 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -683,6 +683,7 @@ F: package/szip/ N: Etienne Carriere F: boot/optee-os/ +F: package/optee-client/ N: Eugene Tarassov F: package/tcf-agent/ diff --git a/package/Config.in b/package/Config.in index 0df9b73..277a855 100644 --- a/package/Config.in +++ b/package/Config.in @@ -2076,6 +2076,7 @@ endmenu menu "Security" source "package/checkpolicy/Config.in" + source "package/optee-client/Config.in" source "package/paxtest/Config.in" source "package/policycoreutils/Config.in" source "package/refpolicy/Config.in" diff --git a/package/optee-client/3.3.0/optee-client.hash b/package/optee-client/3.3.0/optee-client.hash new file mode 100644 index 0000000..ed7bf4e --- /dev/null +++ b/package/optee-client/3.3.0/optee-client.hash @@ -0,0 +1,4 @@ +# From https://github.com/OP-TEE/optee_client/archive/3.3.0.tar.gz +sha256 63af1567fdcdbe28b45be274266a89aa81bef3d0fd8ec5a6eb680046a92e1177 optee-client-3.3.0.tar.gz +# Locally computed +sha256 fda8385993f112d7ca61b88b54ba5b4cbeec7e43a0f9b317d5186703c1985e8f LICENSE diff --git a/package/optee-client/Config.in b/package/optee-client/Config.in new file mode 100644 index 0000000..b893a39 --- /dev/null +++ b/package/optee-client/Config.in @@ -0,0 +1,55 @@ +config BR2_PACKAGE_OPTEE_CLIENT + bool "optee-client" + help + Enable the OP-TEE client package that brings non-secure + client application resources for OP-TEE support. OP-TEE + client is a component delivered by the OP-TEE project. + + The client API library allows application to invoke + trusted applications hosted in the OP-TEE OS secure world. + The supplicant provides services hosted by the non-secure + world and invoked by the secure world. + + https://github.com/OP-TEE/optee_client + +if BR2_PACKAGE_OPTEE_CLIENT + +choice + prompt "version" + default BR2_PACKAGE_OPTEE_CLIENT_LATEST + help + Select the version of OP-TEE client you want to use + +config BR2_PACKAGE_OPTEE_CLIENT_LATEST + bool "3.3.0" + help + This fetches the registered release tag from the + OP-TEE official Git repository. + +config BR2_PACKAGE_OPTEE_CLIENT_CUSTOM_GIT + bool "Custom Git repository" + help + Sync with a specific OP-TEE Git repository. + +endchoice + +if BR2_PACKAGE_OPTEE_CLIENT_CUSTOM_GIT + +config BR2_PACKAGE_OPTEE_CLIENT_CUSTOM_REPO_URL + string "URL of custom repository" + +config BR2_PACKAGE_OPTEE_CLIENT_CUSTOM_REPO_VERSION + string "Custom repository version" + help + Revision to use in the typical format used by + Git E.G. a sha id, a tag, branch, .. + +endif + +config BR2_PACKAGE_OPTEE_CLIENT_VERSION + string + default "3.3.0" if BR2_PACKAGE_OPTEE_CLIENT_LATEST + default BR2_PACKAGE_OPTEE_CLIENT_CUSTOM_REPO_VERSION \ + if BR2_PACKAGE_OPTEE_CLIENT_CUSTOM_GIT + +endif #BR2_PACKAGE_OPTEE_CLIENT diff --git a/package/optee-client/S30optee b/package/optee-client/S30optee new file mode 100644 index 0000000..17e6d6d --- /dev/null +++ b/package/optee-client/S30optee @@ -0,0 +1,49 @@ +#!/bin/sh + +DAEMON="tee-supplicant" +PIDFILE="/var/run/$DAEMON.pid" + +DAEMON_ARGS="-d /dev/teepriv0" + +start() { + printf 'Starting %s: ' "$DAEMON" + start-stop-daemon -S -q -p "$PIDFILE" -x "/usr/sbin/$DAEMON" \ + -- $DAEMON_ARGS + status=$? + if [ "$status" -eq 0 ]; then + echo "OK" + else + echo "FAIL" + fi + return "$status" +} + +stop() { + printf 'Stopping %s: ' "$DAEMON" + start-stop-daemon -K -q -p "$PIDFILE" + status=$? + if [ "$status" -eq 0 ]; then + echo "OK" + else + echo "FAIL" + fi + return "$status" +} + +restart() { + stop + sleep 1 + start +} + +case "$1" in + start|stop|restart) + "$1";; + reload) + # Restart, since there is no true "reload" feature (does not + # reconfigure/restart on SIGHUP, just closes all open files). + restart;; + *) + echo "Usage: $0 {start|stop|restart|reload}" + exit 1 +esac diff --git a/package/optee-client/optee-client.mk b/package/optee-client/optee-client.mk new file mode 100644 index 0000000..5cd741b --- /dev/null +++ b/package/optee-client/optee-client.mk @@ -0,0 +1,25 @@ +################################################################################ +# +# optee-client +# +################################################################################ + +OPTEE_CLIENT_VERSION = $(call qstrip,$(BR2_PACKAGE_OPTEE_CLIENT_VERSION)) +OPTEE_CLIENT_LICENSE = BSD-2-Clause +OPTEE_CLIENT_LICENSE_FILES = LICENSE +OPTEE_CLIENT_INSTALL_STAGING = YES + +ifeq ($(BR2_PACKAGE_OPTEE_CLIENT_CUSTOM_GIT),y) +OPTEE_CLIENT_SITE = $(call qstrip,$(BR2_PACKAGE_OPTEE_CLIENT_CUSTOM_REPO_URL)) +OPTEE_CLIENT_SITE_METHOD = git +BR_NO_CHECK_HASH_FOR += $(OPTEE_CLIENT_SOURCE) +else +OPTEE_CLIENT_SITE = $(call github,OP-TEE,optee_client,$(OPTEE_CLIENT_VERSION)) +endif + +define OPTEE_CLIENT_INSTALL_INIT_SYSV + $(INSTALL) -m 0755 -D $(OPTEE_CLIENT_PKGDIR)/S30optee \ + $(TARGET_DIR)/etc/init.d/S30optee +endef + +$(eval $(cmake-package))