From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Tue, 27 Jan 2026 16:29:25 +0100 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vkl0P-005wCv-2R for lore@lore.pengutronix.de; Tue, 27 Jan 2026 16:29:25 +0100 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1vkl0P-0007Yj-4a; Tue, 27 Jan 2026 16:29:25 +0100 Received: from dude05.red.stw.pengutronix.de ([2a0a:edc0:0:1101:1d::54]) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1vkl06-0007YV-Kh; Tue, 27 Jan 2026 16:29:06 +0100 From: Michael Tretter To: ptxdist@pengutronix.de Date: Tue, 27 Jan 2026 16:29:06 +0100 Message-ID: <20260127152906.3381524-1-m.tretter@pengutronix.de> X-Mailer: git-send-email 2.47.3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [ptxdist] [PATCH] optee: version bump 4.8.0 -> 4.9.0 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: Michael Tretter Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false optee-client: - Drop the patches, since they are included in 4.9.0. - Add CFG_UDEV_RULESPREFIX with default setting. Signed-off-by: Michael Tretter --- ...dd-missing-rule-for-the-mmcblk-0-9-r.patch | 30 ------------- ...dd-device-instance-as-start-paramete.patch | 32 ------------- ...nt-add-priority-prefix-for-udev-rule.patch | 45 ------------------- patches/optee-client-4.8.0/series | 6 --- rules/optee-client.make | 5 ++- rules/optee-examples.make | 4 +- rules/optee-test.make | 4 +- rules/optee.make | 4 +- 8 files changed, 9 insertions(+), 121 deletions(-) delete mode 100644 patches/optee-client-4.8.0/0001-tee-supplicant-add-missing-rule-for-the-mmcblk-0-9-r.patch delete mode 100644 patches/optee-client-4.8.0/0002-tee-supplicant-add-device-instance-as-start-paramete.patch delete mode 100644 patches/optee-client-4.8.0/0003-tee-supplicant-add-priority-prefix-for-udev-rule.patch delete mode 100644 patches/optee-client-4.8.0/series diff --git a/patches/optee-client-4.8.0/0001-tee-supplicant-add-missing-rule-for-the-mmcblk-0-9-r.patch b/patches/optee-client-4.8.0/0001-tee-supplicant-add-missing-rule-for-the-mmcblk-0-9-r.patch deleted file mode 100644 index c25abac9403d..000000000000 --- a/patches/optee-client-4.8.0/0001-tee-supplicant-add-missing-rule-for-the-mmcblk-0-9-r.patch +++ /dev/null @@ -1,30 +0,0 @@ -From: Marco Felsch -Date: Sat, 8 Nov 2025 02:21:18 +0100 -Subject: [PATCH] tee-supplicant: add missing rule for the mmcblk[0-9]rpmb - group - -Fix rootless tee-supplicant handling for RPMB use-case. The RPMB -communcation fails badly if the in-kernel RPMB handling was not enabled -and the rootless tee-supplicant is used because the default group for -the /dev/mmcblk[0-9]rpmb is 'root'. - -Set the group to same group used for /dev/teepriv[0-9] to fix this and -to allow rootless tee-supplicant usage with legacy user-space RPMB -handling. - -Signed-off-by: Marco Felsch ---- - tee-supplicant/optee-udev.rules.in | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/tee-supplicant/optee-udev.rules.in b/tee-supplicant/optee-udev.rules.in -index 275e83388efd..e28fb40c4040 100644 ---- a/tee-supplicant/optee-udev.rules.in -+++ b/tee-supplicant/optee-udev.rules.in -@@ -5,3 +5,6 @@ KERNEL=="tee[0-9]*", MODE="0660", OWNER="root", GROUP="@CFG_TEE_GROUP@", TAG+="s - # tee-supplicant.service with the device name as parameter - KERNEL=="teepriv[0-9]*", MODE="0660", OWNER="root", GROUP="@CFG_TEEPRIV_GROUP@", \ - TAG+="systemd", ENV{SYSTEMD_WANTS}+="tee-supplicant@%k.service" -+ -+ACTION=="add", SUBSYSTEM=="mmc_rpmb", KERNEL=="mmcblk[0-9]rpmb", \ -+ GROUP="@CFG_TEEPRIV_GROUP@" diff --git a/patches/optee-client-4.8.0/0002-tee-supplicant-add-device-instance-as-start-paramete.patch b/patches/optee-client-4.8.0/0002-tee-supplicant-add-device-instance-as-start-paramete.patch deleted file mode 100644 index 6dfc293295a9..000000000000 --- a/patches/optee-client-4.8.0/0002-tee-supplicant-add-device-instance-as-start-paramete.patch +++ /dev/null @@ -1,32 +0,0 @@ -From: Holger Assmann -Date: Mon, 1 Dec 2025 10:35:22 +0100 -Subject: [PATCH] tee-supplicant: add device instance as start parameter for - service file - -tee-supplicant requires a device name as a positional argument. This can -not be provided via $OPTARGS from the EnvironmentFile, since that -variable does not account for the service file being a template where -instance-specific services (i.e. @teepriv0, @teepriv1, ...) are derived -from. - -Therefore, the device instance used for each templated systemd service -needs to be included directly in the ExecStart line. - -Signed-off-by: Holger Assmann -Acked-by: Jerome Forissier ---- - tee-supplicant/tee-supplicant@.service.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tee-supplicant/tee-supplicant@.service.in b/tee-supplicant/tee-supplicant@.service.in -index e53a9357f01f..7e10e1d753a4 100644 ---- a/tee-supplicant/tee-supplicant@.service.in -+++ b/tee-supplicant/tee-supplicant@.service.in -@@ -12,6 +12,6 @@ Type=notify - User=@CFG_TEE_SUPPL_USER@ - Group=@CFG_TEE_SUPPL_GROUP@ - EnvironmentFile=-@CMAKE_INSTALL_SYSCONFDIR@/default/tee-supplicant --ExecStart=@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_SBINDIR@/tee-supplicant $OPTARGS -+ExecStart=@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_SBINDIR@/tee-supplicant $OPTARGS /dev/%I - # Workaround for fTPM TA: stop kernel module before tee-supplicant - ExecStop=-/bin/sh -c "/sbin/modprobe -v -r tpm_ftpm_tee ; /bin/kill $MAINPID" diff --git a/patches/optee-client-4.8.0/0003-tee-supplicant-add-priority-prefix-for-udev-rule.patch b/patches/optee-client-4.8.0/0003-tee-supplicant-add-priority-prefix-for-udev-rule.patch deleted file mode 100644 index 3359d2db7467..000000000000 --- a/patches/optee-client-4.8.0/0003-tee-supplicant-add-priority-prefix-for-udev-rule.patch +++ /dev/null @@ -1,45 +0,0 @@ -From: Holger Assmann -Date: Mon, 1 Dec 2025 09:31:12 +0100 -Subject: [PATCH] tee-supplicant: add priority prefix for udev rule - -The manpage of udev states that "All rule files are read in lexical -order." This coincides with the established convention of assigning a -two-digit priority prefix in front of the respective rule file name. - -In case of "optee-udev.rules", we are currently missing that prefix. -When looking for context, it seems suitable to choose a priority in the -realm of the already existing "60-tpm-udev.rules", since that serves a -similar purpose like the rule for optee-client. - -This commit hence changes the installed rule file name to -"60-optee-udev.rules", with "60-" being a configurable default value. - -Signed-off-by: Holger Assmann -Acked-by: Jerome Forissier ---- - tee-supplicant/CMakeLists.txt | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/tee-supplicant/CMakeLists.txt b/tee-supplicant/CMakeLists.txt -index b47d4e377e98..5a8b387f9a7d 100644 ---- a/tee-supplicant/CMakeLists.txt -+++ b/tee-supplicant/CMakeLists.txt -@@ -18,6 +18,7 @@ set(CFG_TEE_FS_PARENT_PATH "${CMAKE_INSTALL_LOCALSTATEDIR}/lib/tee" CACHE STRING - # FIXME: Why do we have if defined(CFG_GP_SOCKETS) && CFG_GP_SOCKETS == 1 in the c-file? - set(CFG_GP_SOCKETS "1" CACHE STRING "Enable GlobalPlatform Socket API support") - set(CFG_TEE_PLUGIN_LOAD_PATH "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}/${PROJECT_NAME}/plugins/" CACHE STRING "tee-supplicant's plugins path") -+set(CFG_UDEV_RULESPREFIX "60-" CACHE STRING "Priority prefix for udev rule") - - set(CFG_TEE_GROUP "tee" CACHE STRING "Group which has access to /dev/tee* devices") - set(CFG_TEEPRIV_GROUP "teepriv" CACHE STRING "Group which has access to /dev/teepriv* devices") -@@ -150,6 +151,6 @@ if (CFG_ENABLE_SYSTEMD) - install(FILES ${CMAKE_BINARY_DIR}/${PROJECT_NAME}/tee-supplicant@.service DESTINATION ${SYSTEMD_UNIT_DIR}) - endif() - if (CFG_ENABLE_UDEV) -- configure_file(optee-udev.rules.in optee-udev.rules @ONLY) -- install(FILES ${CMAKE_BINARY_DIR}/${PROJECT_NAME}/optee-udev.rules DESTINATION ${UDEV_UDEV_DIR}) --endif() -\ No newline at end of file -+ configure_file(optee-udev.rules.in ${CFG_UDEV_RULESPREFIX}optee-udev.rules @ONLY) -+ install(FILES ${CMAKE_BINARY_DIR}/${PROJECT_NAME}/${CFG_UDEV_RULESPREFIX}optee-udev.rules DESTINATION ${UDEV_UDEV_DIR}) -+endif() diff --git a/patches/optee-client-4.8.0/series b/patches/optee-client-4.8.0/series deleted file mode 100644 index 8a0a2fbb5c9d..000000000000 --- a/patches/optee-client-4.8.0/series +++ /dev/null @@ -1,6 +0,0 @@ -# generated by git-ptx-patches -#tag:base --start-number 1 -0001-tee-supplicant-add-missing-rule-for-the-mmcblk-0-9-r.patch -0002-tee-supplicant-add-device-instance-as-start-paramete.patch -0003-tee-supplicant-add-priority-prefix-for-udev-rule.patch -# eb1647eb8fde26a3ed3fb30aa6c42307 - git-ptx-patches magic diff --git a/rules/optee-client.make b/rules/optee-client.make index 32f1e425ccbc..1d0dea0340a1 100644 --- a/rules/optee-client.make +++ b/rules/optee-client.make @@ -14,8 +14,8 @@ PACKAGES-$(PTXCONF_OPTEE_CLIENT) += optee-client # # Paths and names # -OPTEE_CLIENT_VERSION := 4.8.0 -OPTEE_CLIENT_MD5 := bde72d8c86946a7db8d4ee430c6b360a +OPTEE_CLIENT_VERSION := 4.9.0 +OPTEE_CLIENT_MD5 := 6af32763e18dd5efe0b5edc1f88c6060 OPTEE_CLIENT := optee-client-$(OPTEE_CLIENT_VERSION) OPTEE_CLIENT_SUFFIX := tar.gz OPTEE_CLIENT_URL := https://github.com/OP-TEE/optee_client/archive/$(OPTEE_CLIENT_VERSION).$(OPTEE_CLIENT_SUFFIX) @@ -49,6 +49,7 @@ OPTEE_CLIENT_CONF_OPT := \ -DCFG_TEE_SUPPL_USER=teesuppl \ -DCFG_TEE_SUPP_LOG_LEVEL=1 \ -DCFG_TEE_SUPP_PLUGINS=$(call ptx/onoff, PTXCONF_OPTEE_CLIENT_SUPPLICANT_PLUGINS) \ + -DCFG_UDEV_RULESPREFIX=60- \ -DCFG_USE_PKGCONFIG=OFF \ -DCFG_WERROR=ON \ -DRPMB_EMU=$(call ptx/onoff, PTXCONF_OPTEE_CLIENT_SUPPLICANT_RPMB_EMULATION) \ diff --git a/rules/optee-examples.make b/rules/optee-examples.make index 7b930dd834ea..3b19af190672 100644 --- a/rules/optee-examples.make +++ b/rules/optee-examples.make @@ -16,8 +16,8 @@ endif # # Paths and names # -OPTEE_EXAMPLES_VERSION := 4.8.0 -OPTEE_EXAMPLES_MD5 := f7e5b0c1293481383f6afb3b317413be +OPTEE_EXAMPLES_VERSION := 4.9.0 +OPTEE_EXAMPLES_MD5 := dcdca94cf42436c658275248449a38e9 OPTEE_EXAMPLES := optee-examples-$(OPTEE_EXAMPLES_VERSION) OPTEE_EXAMPLES_SUFFIX := tar.gz OPTEE_EXAMPLES_URL := https://github.com/linaro-swg/optee_examples/archive/$(OPTEE_EXAMPLES_VERSION).$(OPTEE_EXAMPLES_SUFFIX) diff --git a/rules/optee-test.make b/rules/optee-test.make index 8dd8e8b598c9..31c56d1827a7 100644 --- a/rules/optee-test.make +++ b/rules/optee-test.make @@ -16,8 +16,8 @@ endif # # Paths and names # -OPTEE_TEST_VERSION := 4.8.0 -OPTEE_TEST_MD5 := 331d2a0019aae3bb31efecd9ad4e61f2 +OPTEE_TEST_VERSION := 4.9.0 +OPTEE_TEST_MD5 := 26d61e487d97abd71952c50075f84c32 OPTEE_TEST := optee-test-$(OPTEE_TEST_VERSION) OPTEE_TEST_SUFFIX := tar.gz OPTEE_TEST_URL := https://github.com/OP-TEE/optee_test/archive/$(OPTEE_TEST_VERSION).$(OPTEE_TEST_SUFFIX) diff --git a/rules/optee.make b/rules/optee.make index f1ff83765d17..29b47e09fe8c 100644 --- a/rules/optee.make +++ b/rules/optee.make @@ -16,8 +16,8 @@ endif # # Paths and names # -OPTEE_VERSION := 4.8.0 -OPTEE_MD5 := ada772c4d9cb8ee977d1b6962f91e167 +OPTEE_VERSION := 4.9.0 +OPTEE_MD5 := 1ead0817586f996ed1ee15785af33b67 OPTEE := optee-$(OPTEE_VERSION) OPTEE_SUFFIX := tar.gz OPTEE_URL := https://github.com/OP-TEE/optee_os/archive/$(OPTEE_VERSION).$(OPTEE_SUFFIX) -- 2.47.3