From patchwork Wed May 24 03:13:33 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Su, Bao Cheng" <baocheng.su@siemens.com>
X-Patchwork-Id: 13253245
Return-Path: <baocheng.su@siemens.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 700A4C7EE29
	for <webhook@archiver.kernel.org>; Wed, 24 May 2023 03:14:12 +0000 (UTC)
Received: from EUR02-DB5-obe.outbound.protection.outlook.com
 (EUR02-DB5-obe.outbound.protection.outlook.com [40.107.249.63])
 by mx.groups.io with SMTP id smtpd.web11.819.1684898044588641464
 for <cip-dev@lists.cip-project.org>;
 Tue, 23 May 2023 20:14:05 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@siemens.com header.s=selector2 header.b=aOxSGNh/;
 spf=pass (domain: siemens.com, ip: 40.107.249.63,
 mailfrom: baocheng.su@siemens.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=VmtLt1TAAPwB3TN11hbqzacpsHa/oKK0K3JLAaRwNIeI+sIlqfYmTPgqvKwVMqWI4DN1Z1a69JSan0ukdR8/M9kOq1PjEKe7Ya7OKqxGJ97L7w0lTG5zmR4HMjTOFqTCjO0BtTldq6D3CIkbilwEmuLP4T4JzrErj6FUPZasWEU/gJsWUcyYVfJhYIf+iIfC3BzpSWybOVKY3osZIP5Wrjnw9GF5DzDLLpbYUaEbmASGCWQgtczrI8t73DtQ897uilWTA3HAjRLdue5nTc5WPTZIK7J91StvQkesv13Gv3SpKJi0BCRuyU/SwfNw55pOfrJ+Nwg7MFvuBP4sQfBh3w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=lNNbsCqdVw7r4UcpOSE02ZNiSAMN6NmnZTVVKfi/GlY=;
 b=OvQHm7OmzCUsPCTCgBFoqU24n2eXwTJKr5EHi6eDfzmquoWbc2m6cGIqA2+03jIYawAp4tGaO2HHWpdBOoAQMIXhxEY6+rGHHLnWbztBZpA6U6wM9ordDiZWsHcbWGd3oY5ew50UN9BXXi8xZ28A+rrxO9t0pO6vgOXRrqFfrU7+J2QQs+Vgn8vB+1vQQaPPqpruMBa6KHgxyZHawYj+rKWcMZF0A+2GMKLytSFD0u/qVnYAjVOyrz9EoRelGMrZbfuOzeYHJgF/vy7iz+P7tKYW20RQK7E00bq84OLUTIlTn0GmurbCa+77/vNc4yUSirxYiDelHMpoeJf+9O7dSA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 194.138.21.76) smtp.rcpttodomain=lists.cip-project.org
 smtp.mailfrom=siemens.com; dmarc=pass (p=reject sp=reject pct=100)
 action=none header.from=siemens.com; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=lNNbsCqdVw7r4UcpOSE02ZNiSAMN6NmnZTVVKfi/GlY=;
 b=aOxSGNh/q1a0PFlKCeGUtQuPhA7L/XMDM96k07tEcF/p5HWNG+tdRYNHQknCXIYs17fubhpbxKN7WW5R7HNQcul/ykgI/2+77lrehBsXBsiRbvh2RLyaPymREmc4AnijvutVZPm1NIuzgSjQHZSB8+pNyIvWSKEqUheelfu+zUWkcem5K9pfI5VRvh7Hm8UHXqXKjaWRs3p4HGa6cxGN5l54ZFMtau0CfI2I5DshC63EzaN+YhLlvbNeyjjMXbLU03uVYOAILpzBYd2cwKx4dXWz/NnCDlBuivM9YT422d2xkfWn4ryoR+C4xVhJTvgHGXD2wiNZCGS1tcimNpb+vQ==
Received: from FR3P281CA0075.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:1f::23)
 by AM7PR10MB3160.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:107::19) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.29; Wed, 24 May
 2023 03:14:01 +0000
Received: from VE1EUR01FT080.eop-EUR01.prod.protection.outlook.com
 (2603:10a6:d10:1f:cafe::4e) by FR3P281CA0075.outlook.office365.com
 (2603:10a6:d10:1f::23) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6433.15 via Frontend
 Transport; Wed, 24 May 2023 03:14:01 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 194.138.21.76)
 smtp.mailfrom=siemens.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=siemens.com;
Received-SPF: Pass (protection.outlook.com: domain of siemens.com designates
 194.138.21.76 as permitted sender) receiver=protection.outlook.com;
 client-ip=194.138.21.76; helo=hybrid.siemens.com; pr=C
Received: from hybrid.siemens.com (194.138.21.76) by
 VE1EUR01FT080.mail.protection.outlook.com (10.152.2.168) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6433.14 via Frontend Transport; Wed, 24 May 2023 03:14:01 +0000
Received: from CNPEK01M05MSX.ad011.siemens.net (139.24.237.222) by
 DEMCHDC8VSA.ad011.siemens.net (194.138.21.76) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.1118.25; Wed, 24 May 2023 05:13:55 +0200
Received: from CNPEK01M06MSX.ad011.siemens.net (139.24.237.223) by
 CNPEK01M05MSX.ad011.siemens.net (139.24.237.222) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2507.23; Wed, 24 May 2023 11:13:33 +0800
Received: from CNPEK01M06MSX.ad011.siemens.net ([139.24.237.223]) by
 CNPEK01M06MSX.ad011.siemens.net ([139.24.237.223]) with mapi id
 15.01.2507.023; Wed, 24 May 2023 11:13:33 +0800
From: "Su, Bao Cheng" <baocheng.su@siemens.com>
To: "cip-dev@lists.cip-project.org" <cip-dev@lists.cip-project.org>
CC: "Storm, Christian" <christian.storm@siemens.com>, "Gylstorff, Quirin"
	<quirin.gylstorff@siemens.com>, "Kiszka, Jan" <jan.kiszka@siemens.com>, "Su,
 Bao Cheng" <baocheng.su@siemens.com>
Subject: [isar-cip-core][PATCH 1/2] Add recipe for optee-client
Thread-Topic: [isar-cip-core][PATCH 1/2] Add recipe for optee-client
Thread-Index: AQHZje25MYZk2xXeTUimKKK1G86e3g==
Date: Wed, 24 May 2023 03:13:33 +0000
Message-ID: <a269dde9f2e7bf0412eccc8f453e264549cb5d0e.camel@siemens.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
user-agent: Evolution 3.38.3-1+deb11u2 
x-originating-ip: [140.231.151.229]
Content-ID: <186DAF3D4EE0AC43967648CC4C5523E4@siemens.com>
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: VE1EUR01FT080:EE_|AM7PR10MB3160:EE_
X-MS-Office365-Filtering-Correlation-Id: 2d7b6027-5b82-4f9c-8e40-08db5c04ec1a
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	xYpLYJOzfxvkFvU1qM+YIbA3LoAQrBVqRWeN+y1kcAelMIJYnAkB7MahcBbqoXBssTJ6VLwRsVAdIyDQ7M+HdBFBm9FRwOpUhEitBRStHp9eVbLWcKkU2ko/WHq+W/V1UWqrtWjlTCKOmFy3nWkzidt8mOnlS8EzazVG8nwQCr1BV2N3qtan3MgOAK9Vbt37cv/2dipLRHgOe8+qFh4crgPTYe1P2v+WdXL8Dm6DU5kN7enwW3WWRu0RcSIGDz37sKS0hfRk9qzNuozzpvTXrXzDIVT3wnMdDe1ZifKpfk/tMZhapGwYQND67tXL+UndUIlTOXKRWTDNy+FUsG/AuZ7jhPmcmjiYTpaONn8yuAQWnrlxMBIlT/L9MgPfnh672DkKdBJe+1ai8nWXq5s57RKxrGUGTvTTZ9Y8TN9TcviIwxb0wfJUTUhOhuUsSu1Pc4qIlJS0WyrvImPA+WEmexegsgGcZdqMRRXlkJ9i3boXfDlMQHbOWByUnnq1QSJtb1GwpOS2JJAKpQ2mLWvyes7lWzJltIbepsGivlygfKPGcS3m7SizZD2YBZrTP6WkZK+dYu1ONzJEoaHATw59cBGpZ8IyF9+aX2Z7vcq3IelTryzy1Gr8DoEe/a/X25J72mYMV4eeLLj9tTGGOsqKaI+OaFwxywnW5UVpy1HEarDwIn23WgaBTmtFtG1qQjQa9Rhf9Mfo909ahP2iaBO+WdNZT9RojRV1F8a6XUeb/8YsKOOqkoyaQlh0whjygtX2tOns/4IpEpvTPlNI0MoCUWkGE7EKiG1+KUdh24TG1VI=
X-Forefront-Antispam-Report: 
	CIP:194.138.21.76;CTRY:DE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:hybrid.siemens.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(396003)(376002)(136003)(346002)(39860400002)(451199021)(46966006)(36840700001)(40470700004)(316002)(478600001)(70206006)(6916009)(40460700003)(4326008)(70586007)(26005)(186003)(82310400005)(81166007)(966005)(86362001)(356005)(47076005)(107886003)(36860700001)(336012)(82740400003)(82960400001)(83380400001)(956004)(54906003)(36756003)(40480700001)(2616005)(2906002)(5660300002)(41300700001)(8936002)(8676002)(36900700001);DIR:OUT;SFP:1101;
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 May 2023 03:14:01.3376
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 2d7b6027-5b82-4f9c-8e40-08db5c04ec1a
X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;Ip=[194.138.21.76];Helo=[hybrid.siemens.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	VE1EUR01FT080.eop-EUR01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR10MB3160
List-Id: <cip-dev.lists.cip-project.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <cip-dev@lists.cip-project.org>; Wed, 24 May 2023 03:14:12 -0000
X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/11624

This brings the libteec1, optee-client-dev and most important,
tee-supplicant.

Signed-off-by: Baocheng Su <baocheng.su@siemens.com>
---
 recipes-bsp/optee-client/files/control.tmpl   | 51 +++++++++++++++++++
 recipes-bsp/optee-client/files/rules.tmpl     | 20 ++++++++
 .../optee-client/files/tee-supplicant.service |  9 ++++
 .../optee-client/optee-client_3.20.0.bb       | 47 +++++++++++++++++
 4 files changed, 127 insertions(+)
 create mode 100644 recipes-bsp/optee-client/files/control.tmpl
 create mode 100755 recipes-bsp/optee-client/files/rules.tmpl
 create mode 100644 recipes-bsp/optee-client/files/tee-supplicant.service
 create mode 100644 recipes-bsp/optee-client/optee-client_3.20.0.bb

diff --git a/recipes-bsp/optee-client/files/control.tmpl b/recipes-bsp/optee-client/files/control.tmpl
new file mode 100644
index 0000000..b0c3756
--- /dev/null
+++ b/recipes-bsp/optee-client/files/control.tmpl
@@ -0,0 +1,51 @@
+Source: optee-client
+Priority: optional
+Maintainer: Unknown maintainer <unknown@example.com>
+Build-Depends: pkg-config, uuid-dev
+Standards-Version: 4.1.3
+Section: libs
+Homepage: https://github.com/OP-TEE/optee_client
+Rules-Requires-Root: no
+
+Package: optee-client-dev
+Section: libdevel
+Architecture: arm64
+Multi-Arch: same
+Depends: libteec1 (= ${binary:Version}),
+         ${misc:Depends}
+Description: normal world user space client APIs for OP-TEE (development)
+ OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a
+ non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone
+ technology. OP-TEE implements TEE Internal Core API v1.1.x which is the API
+ exposed to Trusted Applications and the TEE Client API v1.0, which is the
+ API describing how to communicate with a TEE. This package provides the TEE
+ Client API library.
+ .
+ This package contains the development files OpTEE Client API
+
+Package: libteec1
+Architecture: arm64
+Multi-Arch: same
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Description: normal world user space client APIs for OP-TEE
+ OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a
+ non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone
+ technology. OP-TEE implements TEE Internal Core API v1.1.x which is the API
+ exposed to Trusted Applications and the TEE Client API v1.0, which is the
+ API describing how to communicate with a TEE. This package provides the TEE
+ Client API library.
+ .
+ This package contains libteec library.
+
+Package: tee-supplicant
+Architecture: arm64
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Description: normal world user space client APIs for OP-TEE
+ OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a
+ non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone
+ technology. OP-TEE implements TEE Internal Core API v1.1.x which is the API
+ exposed to Trusted Applications and the TEE Client API v1.0, which is the
+ API describing how to communicate with a TEE. This package provides the TEE
+ Client API library.
+ .
+ This package contains tee-supplicant executable.
diff --git a/recipes-bsp/optee-client/files/rules.tmpl b/recipes-bsp/optee-client/files/rules.tmpl
new file mode 100755
index 0000000..a8f2afd
--- /dev/null
+++ b/recipes-bsp/optee-client/files/rules.tmpl
@@ -0,0 +1,20 @@
+#!/usr/bin/make -f
+
+ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
+export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)-
+endif
+
+%:
+	dh $@ --exclude=.a
+
+override_dh_auto_build:
+	dh_auto_build -- LIBDIR=/usr/lib/$(DEB_HOST_MULTIARCH) \
+		CFG_TEE_FS_PARENT_PATH=${TEE_FS_PARENT_PATH} ${RPMB_EMU_BUILD_OPT}
+
+override_dh_auto_install:
+	dh_auto_install -- LIBDIR=/usr/lib/$(DEB_HOST_MULTIARCH) \
+		CFG_TEE_FS_PARENT_PATH=${TEE_FS_PARENT_PATH} ${RPMB_EMU_BUILD_OPT}
+
+override_dh_auto_clean:
+	dh_auto_clean
+	rm -rf $(CURDIR)/out
diff --git a/recipes-bsp/optee-client/files/tee-supplicant.service b/recipes-bsp/optee-client/files/tee-supplicant.service
new file mode 100644
index 0000000..7148515
--- /dev/null
+++ b/recipes-bsp/optee-client/files/tee-supplicant.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=TEE Supplicant
+
+[Service]
+Type=simple
+ExecStart=/usr/sbin/tee-supplicant
+
+[Install]
+WantedBy=multi-user.target
diff --git a/recipes-bsp/optee-client/optee-client_3.20.0.bb b/recipes-bsp/optee-client/optee-client_3.20.0.bb
new file mode 100644
index 0000000..b760a2c
--- /dev/null
+++ b/recipes-bsp/optee-client/optee-client_3.20.0.bb
@@ -0,0 +1,47 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2023
+#
+# Authors:
+#  Su Bao Cheng <baocheng.su@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+inherit dpkg
+
+DESCRIPTION = "OPTee Client"
+
+PROVIDES = "libteec1 optee-client-dev tee-supplicant"
+
+SRC_URI += "https://github.com/OP-TEE/optee_client/archive/${PV}.tar.gz;downloadfilename=optee_client-${PV}.tar.gz \
+    file://control.tmpl \
+    file://rules.tmpl \
+    file://tee-supplicant.service"
+SRC_URI[sha256sum] = "69414c424b8dbed11ce1ae0d812817eda2ef4f42a1bef762e5ca3b6fed80764c"
+
+S = "${WORKDIR}/optee_client-${PV}"
+
+TEE_FS_PARENT_PATH ?= "/var/lib/optee-client/data/tee"
+# To use the builtin RPMB emulation, empty this
+RPMB_EMU_BUILD_OPT ?= "RPMB_EMU=0"
+
+TEMPLATE_FILES = "rules.tmpl control.tmpl"
+TEMPLATE_VARS += "TEE_FS_PARENT_PATH RPMB_EMU_BUILD_OPT"
+
+do_prepare_build[cleandirs] += "${S}/debian"
+do_prepare_build() {
+    deb_debianize
+
+    cp -f ${WORKDIR}/tee-supplicant.service \
+        ${S}/debian/tee-supplicant.service
+    echo "/usr/sbin/*" > ${S}/debian/tee-supplicant.install
+    echo "lib/optee_armtz/" > ${S}/debian/tee-supplicant.dirs
+    echo "usr/lib/tee-supplicant/plugins/" >> ${S}/debian/tee-supplicant.dirs
+
+    echo "usr/lib/*/libteec*.so.*" > ${S}/debian/libteec1.install
+
+    echo "usr/include/*" > ${S}/debian/optee-client-dev.install
+    echo "usr/lib/*/lib*.so" >> ${S}/debian/optee-client-dev.install
+}

From patchwork Wed May 24 03:15:03 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Su, Bao Cheng" <baocheng.su@siemens.com>
X-Patchwork-Id: 13253246
Return-Path: <baocheng.su@siemens.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 88095C7EE29
	for <webhook@archiver.kernel.org>; Wed, 24 May 2023 03:15:22 +0000 (UTC)
Received: from EUR02-DB5-obe.outbound.protection.outlook.com
 (EUR02-DB5-obe.outbound.protection.outlook.com [40.107.249.72])
 by mx.groups.io with SMTP id smtpd.web10.878.1684898114781704966
 for <cip-dev@lists.cip-project.org>;
 Tue, 23 May 2023 20:15:15 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@siemens.com header.s=selector2 header.b=BHAiE0RE;
 spf=pass (domain: siemens.com, ip: 40.107.249.72,
 mailfrom: baocheng.su@siemens.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=X/1Zxp6Rz2xais/2LAd7utMZU0reV4C7AC+AkL6XWI3Kud18pog4LCoRTxGh3iV8VuPpbIqsDkKp9+LcCZu0u9u8kDaer5W548C68GvT4AHawHffcBhtrUkIVoj/B6HeBqxHYBQwJGoIjj6GN3feoPlYVdygbmxZWgRuLCJZFB5gdvQ5JpwmU6nHW7mRKrgWgH7sqlbjeASSiW2+0nRdNPx1yE9ztj+cZxKOYtTxz0gK6mnIDTvOGapBMO7hfrAedY4uO+bj0zRvnlsAwIsJDr+kwIcZOAjG15dGnCyFTupwgagqzKiP4msO2/YN/zICCm56PGaAsPdNtIocQ0PKYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=2hXGTeQleQ0jerme4o12VhnUtd3ncJ3hf8LA8jrzCDA=;
 b=U+jCQZ0tEUlJcpEWpQGaPwXPXRiOdvYGImdHacnxzIvtfzjQBn2Ym+hqS2Xtu54Iru4uMTnYmzloCGUx4BdsvyUdq+4v6tGE+3lEExgIQ6xPZ9dhRfAPnswVjypcFnCRHkpzgFt7g7GopnVKYF2xvHrxUHO0H+z+dS9L7DjxcGbrgQgbfaTYwUxl3vqPMOU9YchcjVCF2+nj0sKHN/1UJ96qOdpLOKiYOLYvf1HM21fX54hLSj+Wig//jRrmrtCXcL66sr3Qe/q+bX3xU+E1bSY8KwC6kN6s7OP5EE9BvJS8cPgAuBIJhMeXdAVkfexky+dDBN4Sso+DhLzQyLe6Vw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 194.138.21.76) smtp.rcpttodomain=lists.cip-project.org
 smtp.mailfrom=siemens.com; dmarc=pass (p=reject sp=reject pct=100)
 action=none header.from=siemens.com; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=2hXGTeQleQ0jerme4o12VhnUtd3ncJ3hf8LA8jrzCDA=;
 b=BHAiE0REjz7IliArMsJYBla6ykxFvNQvRhSKKShdhdYUm2vnVVWtYissjnCb1rEqxYn9XxyoiVt5qoXa2b6ImXS+hO/ya8bBZA5jdFp+s4599DqtsHN78SF3IWSocV7f5Bt/cSfwhnXQOkNvji4vHWz10nkeq9sQpJK1lYKr8RWOT9xsIX+OMaiLHD2pkMH9n0cjhFUq1ZthgCHRq91xFr9VgwxalbtqlQdikS4b8lNlO5Cmfo2PeWkSLH4165Ri0SvniwL/VMOUPute6YjDuG0jrB0dOU6EdaZfCmYl73KjJjL/jDgMd/C+xuJuJeuDhP/i+Aucmog6s6a8qACSMg==
Received: from GV3P280CA0098.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:8::30) by
 DU0PR10MB5850.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:3be::22) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6411.28; Wed, 24 May 2023 03:15:12 +0000
Received: from HE1EUR01FT052.eop-EUR01.prod.protection.outlook.com
 (2603:10a6:150:8:cafe::76) by GV3P280CA0098.outlook.office365.com
 (2603:10a6:150:8::30) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6433.15 via Frontend
 Transport; Wed, 24 May 2023 03:15:12 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 194.138.21.76)
 smtp.mailfrom=siemens.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=siemens.com;
Received-SPF: Pass (protection.outlook.com: domain of siemens.com designates
 194.138.21.76 as permitted sender) receiver=protection.outlook.com;
 client-ip=194.138.21.76; helo=hybrid.siemens.com; pr=C
Received: from hybrid.siemens.com (194.138.21.76) by
 HE1EUR01FT052.mail.protection.outlook.com (10.152.1.94) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6433.15 via Frontend Transport; Wed, 24 May 2023 03:15:11 +0000
Received: from CNPEK01M09MSX.ad011.siemens.net (139.24.237.227) by
 DEMCHDC8VSA.ad011.siemens.net (194.138.21.76) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.1118.25; Wed, 24 May 2023 05:15:09 +0200
Received: from CNPEK01M06MSX.ad011.siemens.net (139.24.237.223) by
 CNPEK01M09MSX.ad011.siemens.net (139.24.237.227) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2507.23; Wed, 24 May 2023 11:15:03 +0800
Received: from CNPEK01M06MSX.ad011.siemens.net ([139.24.237.223]) by
 CNPEK01M06MSX.ad011.siemens.net ([139.24.237.223]) with mapi id
 15.01.2507.023; Wed, 24 May 2023 11:15:03 +0800
From: "Su, Bao Cheng" <baocheng.su@siemens.com>
To: "cip-dev@lists.cip-project.org" <cip-dev@lists.cip-project.org>
CC: "Storm, Christian" <christian.storm@siemens.com>, "Gylstorff, Quirin"
	<quirin.gylstorff@siemens.com>, "Kiszka, Jan" <jan.kiszka@siemens.com>, "Su,
 Bao Cheng" <baocheng.su@siemens.com>
Subject: [isar-cip-core][PATCH 2/2] initramfs: Add recipe for optee based ftpm
 hook
Thread-Topic: [isar-cip-core][PATCH 2/2] initramfs: Add recipe for optee based
 ftpm hook
Thread-Index: AQHZje3u8Yf4/syLuk+pJerpd+u8nQ==
Date: Wed, 24 May 2023 03:15:03 +0000
Message-ID: <664ef5ea0fa832ff709718b249a93864f98714c6.camel@siemens.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
user-agent: Evolution 3.38.3-1+deb11u2 
x-originating-ip: [140.231.151.229]
Content-ID: <A4A03FBB86540F429B0BE27496A12438@siemens.com>
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: HE1EUR01FT052:EE_|DU0PR10MB5850:EE_
X-MS-Office365-Filtering-Correlation-Id: 52b5f103-ca0e-4241-3f2a-08db5c051636
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	86jJKqK74LzSdk72Y99b/oGepwJqYCT3XFB57jdmwpW/rj0FOmgU7KjlLICNUuq4nMfrwfAzSfzC11kr9MFNFLbp1asebguQB06pF1gdsBp8GKmyLlQCWvvQ3MVB6+w4MXGl6H0pQ84sNBttpOBh4ao23UQG43xIuTDeo3fkDC9PKUh1kN/R8AoBVKsD79GZ5kEBiKggD2udDloqjf9UjCbrX3wlB2NDs2X5K+K1I82Z0fo404LbYxzV3FV6S0Yuts0c5jjDOLSEDBCXLk/tXA51mYSFBKE+xGHmAHxSAhRxnfjY4zxh96z4lkrQxE0NHWIAkplgjfyfH83slZlVu3JARSAWgpqwAukxeSAYZA205gmPhWJKytyNY2WzwVbBh0QSGApuX6X909+k3SAfozfheigGEsqns3TTf9tgLugvHLVekvGqv3j0abtmy97QdMee/Wi+JQtTwbj6tf7b9gB+aXo9fuyl9XIvOgQyNfvtzIQteAbesiOXPL+w/1MsIx1xD4uAvvZhvJXL6WlHqsIbcuAXeVgJhnC6lCOAN2qDITCNfnDqw1KY85GwQQWv5kSggRC6ZPwqhXp2vSgQb64arXJ+HStcYU1SqNQ2Gph2JBdhcbwWotvZrOKNo5wTy1o05IMdRhq9cAnBuYOIKoQrVND4TY4N7aQR4Ya4vVVyoM8Fw2zjuZn2uEsLDz0iKnLRZ4dnb4QG8spTNEzQKZk0CTOYRT2R4CQpUqUhyDAsQAPejzK30tnXUP5DYX9Js5XDWcrvggz8VSqzyqRsSA==
X-Forefront-Antispam-Report: 
	CIP:194.138.21.76;CTRY:DE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:hybrid.siemens.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(396003)(136003)(376002)(346002)(39860400002)(451199021)(40470700004)(36840700001)(46966006)(54906003)(41300700001)(82310400005)(316002)(70586007)(4326008)(6916009)(70206006)(8676002)(8936002)(5660300002)(478600001)(86362001)(107886003)(356005)(81166007)(82960400001)(82740400003)(40460700003)(26005)(186003)(40480700001)(2906002)(956004)(2616005)(36756003)(36860700001)(336012)(47076005)(36900700001);DIR:OUT;SFP:1101;
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 May 2023 03:15:11.9309
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 52b5f103-ca0e-4241-3f2a-08db5c051636
X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;Ip=[194.138.21.76];Helo=[hybrid.siemens.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	HE1EUR01FT052.eop-EUR01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB5850
List-Id: <cip-dev.lists.cip-project.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <cip-dev@lists.cip-project.org>; Wed, 24 May 2023 03:15:22 -0000
X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/11625

Prepare for initramfs applications replying on TPM, such as clevis or
systemd-cryptsetup

Signed-off-by: Baocheng Su <baocheng.su@siemens.com>
---
 .../initramfs-ms-ftpm-hook/files/ms-ftpm.hook | 36 ++++++++++++++++
 .../files/ms-ftpm.script                      | 43 +++++++++++++++++++
 .../initramfs-ms-ftpm-hook_0.1.bb             | 30 +++++++++++++
 3 files changed, 109 insertions(+)
 create mode 100644 recipes-initramfs/initramfs-ms-ftpm-hook/files/ms-ftpm.hook
 create mode 100644 recipes-initramfs/initramfs-ms-ftpm-hook/files/ms-ftpm.script
 create mode 100644 recipes-initramfs/initramfs-ms-ftpm-hook/initramfs-ms-ftpm-hook_0.1.bb

diff --git a/recipes-initramfs/initramfs-ms-ftpm-hook/files/ms-ftpm.hook b/recipes-initramfs/initramfs-ms-ftpm-hook/files/ms-ftpm.hook
new file mode 100644
index 0000000..998ae62
--- /dev/null
+++ b/recipes-initramfs/initramfs-ms-ftpm-hook/files/ms-ftpm.hook
@@ -0,0 +1,36 @@
+#!/bin/sh
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2023
+#
+# Authors:
+#  Su Bao Cheng <baocheng.su@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+PREREQ=""
+prereqs()
+{
+    echo "$PREREQ"
+}
+case $1 in
+prereqs)
+    prereqs
+    exit 0
+    ;;
+esac
+
+. /usr/share/initramfs-tools/hook-functions
+
+hook_error() {
+    echo "(ERROR): $2" >&2
+    exit 1
+}
+
+# Just in case these modules are not built-in
+manual_add_modules tee
+manual_add_modules optee
+manual_add_modules tpm_ftpm_tee
+
+copy_exec /usr/sbin/tee-supplicant || hook_error "/usr/sbin/tee-supplicant not found"
diff --git a/recipes-initramfs/initramfs-ms-ftpm-hook/files/ms-ftpm.script b/recipes-initramfs/initramfs-ms-ftpm-hook/files/ms-ftpm.script
new file mode 100644
index 0000000..c6ee2dd
--- /dev/null
+++ b/recipes-initramfs/initramfs-ms-ftpm-hook/files/ms-ftpm.script
@@ -0,0 +1,43 @@
+#!/bin/sh
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2023
+#
+# Authors:
+#  Su Bao Cheng <baocheng.su@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+PREREQ=""
+
+prereqs()
+{
+	echo "$PREREQ"
+}
+
+case $1 in
+# get pre-requisites
+prereqs)
+	prereqs
+	exit 0
+	;;
+esac
+
+FTPM_DEV=/dev/tpmrm0
+
+. /scripts/functions
+
+/usr/sbin/tee-supplicant -d
+
+# The fTPM TA would take some time to be discovered as well as the tee-supplicant
+# 10 seconds should be enough
+wait_sec=10
+until test $wait_sec -eq 0 || test -c "${FTPM_DEV}" ; do
+	wait_sec=$((wait_sec-1))
+	sleep 1
+done
+
+if ! test -c "${FTPM_DEV}"; then
+    panic "Can't discover the fTPM device ${FTPM_DEV}!"
+fi
diff --git a/recipes-initramfs/initramfs-ms-ftpm-hook/initramfs-ms-ftpm-hook_0.1.bb b/recipes-initramfs/initramfs-ms-ftpm-hook/initramfs-ms-ftpm-hook_0.1.bb
new file mode 100644
index 0000000..fece6ff
--- /dev/null
+++ b/recipes-initramfs/initramfs-ms-ftpm-hook/initramfs-ms-ftpm-hook_0.1.bb
@@ -0,0 +1,30 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2023
+#
+# Authors:
+#  Su Bao Cheng <baocheng.su@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+inherit dpkg-raw
+
+SRC_URI += " \
+    file://ms-ftpm.hook \
+    file://ms-ftpm.script \
+    "
+
+DEBIAN_DEPENDS = "initramfs-tools, tee-supplicant"
+
+do_install[cleandirs] += " \
+    ${D}/usr/share/initramfs-tools/hooks \
+    ${D}/usr/share/initramfs-tools/scripts/local-bottom"
+
+do_install() {
+    install -m 0755 "${WORKDIR}/ms-ftpm.hook" \
+        "${D}/usr/share/initramfs-tools/hooks/ms-ftpm"
+    install -m 0755 "${WORKDIR}/ms-ftpm.script" \
+        "${D}/usr/share/initramfs-tools/scripts/local-bottom/ms-ftpm"
+}