[v4,2/7] optee-client: new package

Message ID 1548845249-28201-2-git-send-email-etienne.carriere@linaro.org
State Accepted
Headers show
Series
  • Untitled series #89030
Related show

Commit Message

Etienne Carriere Jan. 30, 2019, 10:47 a.m.
OP-TEE client API library and supplicant daemon from the
OP-TEE project are packaged in package/optee-client. An init script
launches the tee-supplicant deamon. Package is added to the
Security menu of BR configuration.

This change references in Buildroot the today's latest OP-TEE
revision release tagged 3.4.0.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

---
Changes v3 -> v4:
  - Upgrade from OP-TEE release 3.3.0 to 3.4.0.

Changes v2 -> v3:
  - Add an entry in file DEVELOPERS.
  - Clean Config.in layout and description sections.
  - Drop BR2_PACKAGE_OPTEE_CLIENT_SYNCED_VERSION.
  - Clean optee-client.mk layout.
  - Remove OPTEE_CLIENT_INSTALL_STAGING indirection.
  - Replace optee-client.hash with per-version optee-client.hash files.
  - Support the released 3.x tags from OP-TEE project.
  - Correct license tag (client is BSD-2-Clause instead of BSD-3-Clause).
  - Rewrite the init script to use start-stop-daemon

Changes v1 -> v2:
  - Add option BR2_PACKAGE_OPTEE_CLIENT_SYNCED_VERSION to ensure
    OP-TEE client version is synced with OP-TEE OS version when
    the later if enabled.
  - Remove useless OPTEE_CLIENT_INSTALL_IMAGE=YES.

---
 DEVELOPERS                                   |  1 +
 package/Config.in                            |  1 +
 package/optee-client/3.4.0/optee-client.hash |  4 ++
 package/optee-client/Config.in               | 55 ++++++++++++++++++++++++++++
 package/optee-client/S30optee                | 49 +++++++++++++++++++++++++
 package/optee-client/optee-client.mk         | 25 +++++++++++++
 6 files changed, 135 insertions(+)
 create mode 100644 package/optee-client/3.4.0/optee-client.hash
 create mode 100644 package/optee-client/Config.in
 create mode 100644 package/optee-client/S30optee
 create mode 100644 package/optee-client/optee-client.mk

Comments

Thomas Petazzoni Feb. 17, 2019, 8:52 p.m. | #1
Hello Étienne,

I have applied to the next branch after a few changes (see below), but
there are some build failures with some configurations, which will have
to be fixed. I'm giving more details below as well.

On Wed, 30 Jan 2019 11:47:24 +0100
Etienne Carriere <etienne.carriere@linaro.org> wrote:

> diff --git a/package/optee-client/3.4.0/optee-client.hash b/package/optee-client/3.4.0/optee-client.hash
> new file mode 100644
> index 0000000..0da25ce
> --- /dev/null
> +++ b/package/optee-client/3.4.0/optee-client.hash
> @@ -0,0 +1,4 @@
> +# From https://github.com/OP-TEE/optee_client/archive/3.4.0.tar.gz
> +sha256 7c131a44f4d73acb8816fba88bcd7e6a18537f0a522ae426a20e2ca7dc46a6ec  optee-client-3.4.0.tar.gz
> +# Locally computed
> +sha256 fda8385993f112d7ca61b88b54ba5b4cbeec7e43a0f9b317d5186703c1985e8f  LICENSE
> diff --git a/package/optee-client/Config.in b/package/optee-client/Config.in
> new file mode 100644
> index 0000000..99cac63
> --- /dev/null
> +++ b/package/optee-client/Config.in
> @@ -0,0 +1,55 @@
> +config BR2_PACKAGE_OPTEE_CLIENT
> +	bool "optee-client"

The following dependency:

	depends on !BR2_STATIC_LIBS

is needed, because optee-client tries to unconditionally build a shared
library, instead of obeying to the standard
BUILD_SHARED_LIBS/BUILD_STATIC_LIBS CMake variables.

> +if BR2_PACKAGE_OPTEE_CLIENT
> +
> +choice
> +	prompt "version"
> +	default BR2_PACKAGE_OPTEE_CLIENT_LATEST
> +	help
> +	  Select the version of OP-TEE client you want to use
> +
> +config BR2_PACKAGE_OPTEE_CLIENT_LATEST
> +	bool "3.4.0"
> +	help
> +	  This fetches the registered release tag from the
> +	  OP-TEE official Git repository.
> +
> +config BR2_PACKAGE_OPTEE_CLIENT_CUSTOM_GIT
> +	bool "Custom Git repository"
> +	help
> +	  Sync with a specific OP-TEE Git repository.
> +
> +endchoice

I don't really see why a version selection was needed, so I've dropped
it entirely. Is there anything really HW/SoC specific in optee-client ?

There are two build failures that I noticed.

With the following defconfig:

BR2_arm=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_CUSTOM=y
BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y
BR2_TOOLCHAIN_EXTERNAL_URL="http://autobuild.buildroot.org/toolchains/tarballs/armv5-ctng-linux-gnueabi.tar.xz"
BR2_TOOLCHAIN_EXTERNAL_CUSTOM_PREFIX="armv5-ctng-linux-gnueabi"
BR2_TOOLCHAIN_EXTERNAL_GCC_4_8=y
BR2_TOOLCHAIN_EXTERNAL_HEADERS_3_12=y
BR2_TOOLCHAIN_EXTERNAL_CUSTOM_GLIBC=y
BR2_TOOLCHAIN_EXTERNAL_CXX=y
BR2_INIT_NONE=y
BR2_SYSTEM_BIN_SH_NONE=y
# BR2_PACKAGE_BUSYBOX is not set
BR2_PACKAGE_OPTEE_CLIENT=y
# BR2_TARGET_ROOTFS_TAR is not set

You will get:

/home/thomas/projets/outputs/armv5-ctng-linux-gnueabi/build/optee-client-3.4.0/libteec/src/tee_client_api.c: In function 'TEEC_InitializeContext':
/home/thomas/projets/outputs/armv5-ctng-linux-gnueabi/build/optee-client-3.4.0/libteec/src/tee_client_api.c:149:28: error: 'gen_caps' may be used uninitialized in this function [-Werror=maybe-uninitialized]
    ctx->reg_mem = gen_caps & TEE_GEN_CAP_REG_MEM;
                            ^
cc1: all warnings being treated as errors

With this other defconfig:

BR2_or1k=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y
BR2_TOOLCHAIN_EXTERNAL_URL="http://autobuild.buildroot.net/toolchains/tarballs/br-openrisc-full-2018.02-925-gd4158df.tar.bz2"
BR2_TOOLCHAIN_EXTERNAL_GCC_5=y
BR2_TOOLCHAIN_EXTERNAL_HEADERS_4_16=y
BR2_TOOLCHAIN_EXTERNAL_LOCALE=y
# BR2_TOOLCHAIN_EXTERNAL_HAS_THREADS_DEBUG is not set
BR2_TOOLCHAIN_EXTERNAL_CXX=y
BR2_INIT_NONE=y
BR2_SYSTEM_BIN_SH_NONE=y
# BR2_PACKAGE_BUSYBOX is not set
BR2_PACKAGE_OPTEE_CLIENT=y
# BR2_TARGET_ROOTFS_TAR is not set

You will get this failure:

/home/thomas/projets/buildroot/output/build/optee-client-3.4.0/libteec/src/tee_client_api.c: In function ‘TEEC_OpenSession’:
/home/thomas/projets/buildroot/output/build/optee-client-3.4.0/libteec/src/tee_client_api.c:507:8: error: cast increases required alignment of target type [-Werror=cast-align]
  arg = (struct tee_ioctl_open_session_arg *)buf;
        ^
/home/thomas/projets/buildroot/output/build/optee-client-3.4.0/libteec/src/tee_client_api.c: In function ‘TEEC_InvokeCommand’:
/home/thomas/projets/buildroot/output/build/optee-client-3.4.0/libteec/src/tee_client_api.c:581:8: error: cast increases required alignment of target type [-Werror=cast-align]
  arg = (struct tee_ioctl_invoke_arg *)buf;
        ^
cc1: all warnings being treated as errors

Since I wanted to move forward with merging the OP-TEE support, I
applied this patch despite these build failures (a number of other
configurations are building fine), but we will need those build issues
to be resolved.

Thanks!

Thomas

Patch

diff --git a/DEVELOPERS b/DEVELOPERS
index ac608e5..f028179 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -683,6 +683,7 @@  F:	package/szip/
 
 N:	Etienne Carriere <etienne.carriere@linaro.org>
 F:	boot/optee-os/
+F:	package/optee-client/
 
 N:	Eugene Tarassov <eugene@largest.net>
 F:	package/tcf-agent/
diff --git a/package/Config.in b/package/Config.in
index 5036421..ae9f557 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2077,6 +2077,7 @@  endmenu
 
 menu "Security"
 	source "package/checkpolicy/Config.in"
+	source "package/optee-client/Config.in"
 	source "package/paxtest/Config.in"
 	source "package/policycoreutils/Config.in"
 	source "package/refpolicy/Config.in"
diff --git a/package/optee-client/3.4.0/optee-client.hash b/package/optee-client/3.4.0/optee-client.hash
new file mode 100644
index 0000000..0da25ce
--- /dev/null
+++ b/package/optee-client/3.4.0/optee-client.hash
@@ -0,0 +1,4 @@ 
+# From https://github.com/OP-TEE/optee_client/archive/3.4.0.tar.gz
+sha256 7c131a44f4d73acb8816fba88bcd7e6a18537f0a522ae426a20e2ca7dc46a6ec  optee-client-3.4.0.tar.gz
+# Locally computed
+sha256 fda8385993f112d7ca61b88b54ba5b4cbeec7e43a0f9b317d5186703c1985e8f  LICENSE
diff --git a/package/optee-client/Config.in b/package/optee-client/Config.in
new file mode 100644
index 0000000..99cac63
--- /dev/null
+++ b/package/optee-client/Config.in
@@ -0,0 +1,55 @@ 
+config BR2_PACKAGE_OPTEE_CLIENT
+	bool "optee-client"
+	help
+	  Enable the OP-TEE client package that brings non-secure
+	  client application resources for OP-TEE support. OP-TEE
+	  client is a component delivered by the OP-TEE project.
+
+	  The client API library allows application to invoke
+	  trusted applications hosted in the OP-TEE OS secure world.
+	  The supplicant provides services hosted by the non-secure
+	  world and invoked by the secure world.
+
+	  https://github.com/OP-TEE/optee_client
+
+if BR2_PACKAGE_OPTEE_CLIENT
+
+choice
+	prompt "version"
+	default BR2_PACKAGE_OPTEE_CLIENT_LATEST
+	help
+	  Select the version of OP-TEE client you want to use
+
+config BR2_PACKAGE_OPTEE_CLIENT_LATEST
+	bool "3.4.0"
+	help
+	  This fetches the registered release tag from the
+	  OP-TEE official Git repository.
+
+config BR2_PACKAGE_OPTEE_CLIENT_CUSTOM_GIT
+	bool "Custom Git repository"
+	help
+	  Sync with a specific OP-TEE Git repository.
+
+endchoice
+
+if BR2_PACKAGE_OPTEE_CLIENT_CUSTOM_GIT
+
+config BR2_PACKAGE_OPTEE_CLIENT_CUSTOM_REPO_URL
+	string "URL of custom repository"
+
+config BR2_PACKAGE_OPTEE_CLIENT_CUSTOM_REPO_VERSION
+	string "Custom repository version"
+	help
+	  Revision to use in the typical format used by
+	  Git E.G. a sha id, a tag, branch, ..
+
+endif
+
+config BR2_PACKAGE_OPTEE_CLIENT_VERSION
+	string
+	default "3.4.0"	if BR2_PACKAGE_OPTEE_CLIENT_LATEST
+	default BR2_PACKAGE_OPTEE_CLIENT_CUSTOM_REPO_VERSION \
+			if BR2_PACKAGE_OPTEE_CLIENT_CUSTOM_GIT
+
+endif #BR2_PACKAGE_OPTEE_CLIENT
diff --git a/package/optee-client/S30optee b/package/optee-client/S30optee
new file mode 100644
index 0000000..17e6d6d
--- /dev/null
+++ b/package/optee-client/S30optee
@@ -0,0 +1,49 @@ 
+#!/bin/sh
+
+DAEMON="tee-supplicant"
+PIDFILE="/var/run/$DAEMON.pid"
+
+DAEMON_ARGS="-d /dev/teepriv0"
+
+start() {
+	printf 'Starting %s: ' "$DAEMON"
+	start-stop-daemon -S -q -p "$PIDFILE" -x "/usr/sbin/$DAEMON" \
+		-- $DAEMON_ARGS
+	status=$?
+	if [ "$status" -eq 0 ]; then
+		echo "OK"
+	else
+		echo "FAIL"
+	fi
+	return "$status"
+}
+
+stop() {
+	printf 'Stopping %s: ' "$DAEMON"
+	start-stop-daemon -K -q -p "$PIDFILE"
+	status=$?
+	if [ "$status" -eq 0 ]; then
+		echo "OK"
+	else
+		echo "FAIL"
+	fi
+	return "$status"
+}
+
+restart() {
+	stop
+	sleep 1
+	start
+}
+
+case "$1" in
+        start|stop|restart)
+		"$1";;
+	reload)
+		# Restart, since there is no true "reload" feature (does not
+		# reconfigure/restart on SIGHUP, just closes all open files).
+		restart;;
+        *)
+                echo "Usage: $0 {start|stop|restart|reload}"
+                exit 1
+esac
diff --git a/package/optee-client/optee-client.mk b/package/optee-client/optee-client.mk
new file mode 100644
index 0000000..5cd741b
--- /dev/null
+++ b/package/optee-client/optee-client.mk
@@ -0,0 +1,25 @@ 
+################################################################################
+#
+# optee-client
+#
+################################################################################
+
+OPTEE_CLIENT_VERSION = $(call qstrip,$(BR2_PACKAGE_OPTEE_CLIENT_VERSION))
+OPTEE_CLIENT_LICENSE = BSD-2-Clause
+OPTEE_CLIENT_LICENSE_FILES = LICENSE
+OPTEE_CLIENT_INSTALL_STAGING = YES
+
+ifeq ($(BR2_PACKAGE_OPTEE_CLIENT_CUSTOM_GIT),y)
+OPTEE_CLIENT_SITE = $(call qstrip,$(BR2_PACKAGE_OPTEE_CLIENT_CUSTOM_REPO_URL))
+OPTEE_CLIENT_SITE_METHOD = git
+BR_NO_CHECK_HASH_FOR += $(OPTEE_CLIENT_SOURCE)
+else
+OPTEE_CLIENT_SITE = $(call github,OP-TEE,optee_client,$(OPTEE_CLIENT_VERSION))
+endif
+
+define OPTEE_CLIENT_INSTALL_INIT_SYSV
+	$(INSTALL) -m 0755 -D $(OPTEE_CLIENT_PKGDIR)/S30optee \
+		$(TARGET_DIR)/etc/init.d/S30optee
+endef
+
+$(eval $(cmake-package))