From: Michael Olbrich <m.olbrich@pengutronix.de>
To: ptxdist@pengutronix.de
Cc: Michael Tretter <m.tretter@pengutronix.de>
Subject: Re: [ptxdist] [APPLIED] optee: version bump 4.8.0 -> 4.9.0
Date: Fri, 13 Feb 2026 11:02:52 +0100 [thread overview]
Message-ID: <20260213100252.2785771-1-m.olbrich@pengutronix.de> (raw)
In-Reply-To: <20260127152906.3381524-1-m.tretter@pengutronix.de>
Thanks, applied as cb12e6912d0519a2aace100525130f277e23db85.
Michael
[sent from post-receive hook]
On Fri, 13 Feb 2026 11:02:52 +0100, Michael Tretter <m.tretter@pengutronix.de> wrote:
> optee-client:
>
> - Drop the patches, since they are included in 4.9.0.
>
> - Add CFG_UDEV_RULESPREFIX with default setting.
>
> Signed-off-by: Michael Tretter <m.tretter@pengutronix.de>
> Message-Id: <20260127152906.3381524-1-m.tretter@pengutronix.de>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>
> diff --git a/patches/optee-client-4.8.0/0001-tee-supplicant-add-missing-rule-for-the-mmcblk-0-9-r.patch b/patches/optee-client-4.8.0/0001-tee-supplicant-add-missing-rule-for-the-mmcblk-0-9-r.patch
> deleted file mode 100644
> index c25abac9403d..000000000000
> --- a/patches/optee-client-4.8.0/0001-tee-supplicant-add-missing-rule-for-the-mmcblk-0-9-r.patch
> +++ /dev/null
> @@ -1,30 +0,0 @@
> -From: Marco Felsch <m.felsch@pengutronix.de>
> -Date: Sat, 8 Nov 2025 02:21:18 +0100
> -Subject: [PATCH] tee-supplicant: add missing rule for the mmcblk[0-9]rpmb
> - group
> -
> -Fix rootless tee-supplicant handling for RPMB use-case. The RPMB
> -communcation fails badly if the in-kernel RPMB handling was not enabled
> -and the rootless tee-supplicant is used because the default group for
> -the /dev/mmcblk[0-9]rpmb is 'root'.
> -
> -Set the group to same group used for /dev/teepriv[0-9] to fix this and
> -to allow rootless tee-supplicant usage with legacy user-space RPMB
> -handling.
> -
> -Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
> ----
> - tee-supplicant/optee-udev.rules.in | 3 +++
> - 1 file changed, 3 insertions(+)
> -
> -diff --git a/tee-supplicant/optee-udev.rules.in b/tee-supplicant/optee-udev.rules.in
> -index 275e83388efd..e28fb40c4040 100644
> ---- a/tee-supplicant/optee-udev.rules.in
> -+++ b/tee-supplicant/optee-udev.rules.in
> -@@ -5,3 +5,6 @@ KERNEL=="tee[0-9]*", MODE="0660", OWNER="root", GROUP="@CFG_TEE_GROUP@", TAG+="s
> - # tee-supplicant.service with the device name as parameter
> - KERNEL=="teepriv[0-9]*", MODE="0660", OWNER="root", GROUP="@CFG_TEEPRIV_GROUP@", \
> - TAG+="systemd", ENV{SYSTEMD_WANTS}+="tee-supplicant@%k.service"
> -+
> -+ACTION=="add", SUBSYSTEM=="mmc_rpmb", KERNEL=="mmcblk[0-9]rpmb", \
> -+ GROUP="@CFG_TEEPRIV_GROUP@"
> diff --git a/patches/optee-client-4.8.0/0002-tee-supplicant-add-device-instance-as-start-paramete.patch b/patches/optee-client-4.8.0/0002-tee-supplicant-add-device-instance-as-start-paramete.patch
> deleted file mode 100644
> index 6dfc293295a9..000000000000
> --- a/patches/optee-client-4.8.0/0002-tee-supplicant-add-device-instance-as-start-paramete.patch
> +++ /dev/null
> @@ -1,32 +0,0 @@
> -From: Holger Assmann <h.assmann@pengutronix.de>
> -Date: Mon, 1 Dec 2025 10:35:22 +0100
> -Subject: [PATCH] tee-supplicant: add device instance as start parameter for
> - service file
> -
> -tee-supplicant requires a device name as a positional argument. This can
> -not be provided via $OPTARGS from the EnvironmentFile, since that
> -variable does not account for the service file being a template where
> -instance-specific services (i.e. @teepriv0, @teepriv1, ...) are derived
> -from.
> -
> -Therefore, the device instance used for each templated systemd service
> -needs to be included directly in the ExecStart line.
> -
> -Signed-off-by: Holger Assmann <h.assmann@pengutronix.de>
> -Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
> ----
> - tee-supplicant/tee-supplicant@.service.in | 2 +-
> - 1 file changed, 1 insertion(+), 1 deletion(-)
> -
> -diff --git a/tee-supplicant/tee-supplicant@.service.in b/tee-supplicant/tee-supplicant@.service.in
> -index e53a9357f01f..7e10e1d753a4 100644
> ---- a/tee-supplicant/tee-supplicant@.service.in
> -+++ b/tee-supplicant/tee-supplicant@.service.in
> -@@ -12,6 +12,6 @@ Type=notify
> - User=@CFG_TEE_SUPPL_USER@
> - Group=@CFG_TEE_SUPPL_GROUP@
> - EnvironmentFile=-@CMAKE_INSTALL_SYSCONFDIR@/default/tee-supplicant
> --ExecStart=@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_SBINDIR@/tee-supplicant $OPTARGS
> -+ExecStart=@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_SBINDIR@/tee-supplicant $OPTARGS /dev/%I
> - # Workaround for fTPM TA: stop kernel module before tee-supplicant
> - ExecStop=-/bin/sh -c "/sbin/modprobe -v -r tpm_ftpm_tee ; /bin/kill $MAINPID"
> diff --git a/patches/optee-client-4.8.0/0003-tee-supplicant-add-priority-prefix-for-udev-rule.patch b/patches/optee-client-4.8.0/0003-tee-supplicant-add-priority-prefix-for-udev-rule.patch
> deleted file mode 100644
> index 3359d2db7467..000000000000
> --- a/patches/optee-client-4.8.0/0003-tee-supplicant-add-priority-prefix-for-udev-rule.patch
> +++ /dev/null
> @@ -1,45 +0,0 @@
> -From: Holger Assmann <h.assmann@pengutronix.de>
> -Date: Mon, 1 Dec 2025 09:31:12 +0100
> -Subject: [PATCH] tee-supplicant: add priority prefix for udev rule
> -
> -The manpage of udev states that "All rule files are read in lexical
> -order." This coincides with the established convention of assigning a
> -two-digit priority prefix in front of the respective rule file name.
> -
> -In case of "optee-udev.rules", we are currently missing that prefix.
> -When looking for context, it seems suitable to choose a priority in the
> -realm of the already existing "60-tpm-udev.rules", since that serves a
> -similar purpose like the rule for optee-client.
> -
> -This commit hence changes the installed rule file name to
> -"60-optee-udev.rules", with "60-" being a configurable default value.
> -
> -Signed-off-by: Holger Assmann <h.assmann@pengutronix.de>
> -Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
> ----
> - tee-supplicant/CMakeLists.txt | 7 ++++---
> - 1 file changed, 4 insertions(+), 3 deletions(-)
> -
> -diff --git a/tee-supplicant/CMakeLists.txt b/tee-supplicant/CMakeLists.txt
> -index b47d4e377e98..5a8b387f9a7d 100644
> ---- a/tee-supplicant/CMakeLists.txt
> -+++ b/tee-supplicant/CMakeLists.txt
> -@@ -18,6 +18,7 @@ set(CFG_TEE_FS_PARENT_PATH "${CMAKE_INSTALL_LOCALSTATEDIR}/lib/tee" CACHE STRING
> - # FIXME: Why do we have if defined(CFG_GP_SOCKETS) && CFG_GP_SOCKETS == 1 in the c-file?
> - set(CFG_GP_SOCKETS "1" CACHE STRING "Enable GlobalPlatform Socket API support")
> - set(CFG_TEE_PLUGIN_LOAD_PATH "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}/${PROJECT_NAME}/plugins/" CACHE STRING "tee-supplicant's plugins path")
> -+set(CFG_UDEV_RULESPREFIX "60-" CACHE STRING "Priority prefix for udev rule")
> -
> - set(CFG_TEE_GROUP "tee" CACHE STRING "Group which has access to /dev/tee* devices")
> - set(CFG_TEEPRIV_GROUP "teepriv" CACHE STRING "Group which has access to /dev/teepriv* devices")
> -@@ -150,6 +151,6 @@ if (CFG_ENABLE_SYSTEMD)
> - install(FILES ${CMAKE_BINARY_DIR}/${PROJECT_NAME}/tee-supplicant@.service DESTINATION ${SYSTEMD_UNIT_DIR})
> - endif()
> - if (CFG_ENABLE_UDEV)
> -- configure_file(optee-udev.rules.in optee-udev.rules @ONLY)
> -- install(FILES ${CMAKE_BINARY_DIR}/${PROJECT_NAME}/optee-udev.rules DESTINATION ${UDEV_UDEV_DIR})
> --endif()
> -\ No newline at end of file
> -+ configure_file(optee-udev.rules.in ${CFG_UDEV_RULESPREFIX}optee-udev.rules @ONLY)
> -+ install(FILES ${CMAKE_BINARY_DIR}/${PROJECT_NAME}/${CFG_UDEV_RULESPREFIX}optee-udev.rules DESTINATION ${UDEV_UDEV_DIR})
> -+endif()
> diff --git a/patches/optee-client-4.8.0/series b/patches/optee-client-4.8.0/series
> deleted file mode 100644
> index 8a0a2fbb5c9d..000000000000
> --- a/patches/optee-client-4.8.0/series
> +++ /dev/null
> @@ -1,6 +0,0 @@
> -# generated by git-ptx-patches
> -#tag:base --start-number 1
> -0001-tee-supplicant-add-missing-rule-for-the-mmcblk-0-9-r.patch
> -0002-tee-supplicant-add-device-instance-as-start-paramete.patch
> -0003-tee-supplicant-add-priority-prefix-for-udev-rule.patch
> -# eb1647eb8fde26a3ed3fb30aa6c42307 - git-ptx-patches magic
> diff --git a/rules/optee-client.make b/rules/optee-client.make
> index 32f1e425ccbc..1d0dea0340a1 100644
> --- a/rules/optee-client.make
> +++ b/rules/optee-client.make
> @@ -14,8 +14,8 @@ PACKAGES-$(PTXCONF_OPTEE_CLIENT) += optee-client
> #
> # Paths and names
> #
> -OPTEE_CLIENT_VERSION := 4.8.0
> -OPTEE_CLIENT_MD5 := bde72d8c86946a7db8d4ee430c6b360a
> +OPTEE_CLIENT_VERSION := 4.9.0
> +OPTEE_CLIENT_MD5 := 6af32763e18dd5efe0b5edc1f88c6060
> OPTEE_CLIENT := optee-client-$(OPTEE_CLIENT_VERSION)
> OPTEE_CLIENT_SUFFIX := tar.gz
> OPTEE_CLIENT_URL := https://github.com/OP-TEE/optee_client/archive/$(OPTEE_CLIENT_VERSION).$(OPTEE_CLIENT_SUFFIX)
> @@ -49,6 +49,7 @@ OPTEE_CLIENT_CONF_OPT := \
> -DCFG_TEE_SUPPL_USER=teesuppl \
> -DCFG_TEE_SUPP_LOG_LEVEL=1 \
> -DCFG_TEE_SUPP_PLUGINS=$(call ptx/onoff, PTXCONF_OPTEE_CLIENT_SUPPLICANT_PLUGINS) \
> + -DCFG_UDEV_RULESPREFIX=60- \
> -DCFG_USE_PKGCONFIG=OFF \
> -DCFG_WERROR=ON \
> -DRPMB_EMU=$(call ptx/onoff, PTXCONF_OPTEE_CLIENT_SUPPLICANT_RPMB_EMULATION) \
> diff --git a/rules/optee-examples.make b/rules/optee-examples.make
> index 7b930dd834ea..3b19af190672 100644
> --- a/rules/optee-examples.make
> +++ b/rules/optee-examples.make
> @@ -16,8 +16,8 @@ endif
> #
> # Paths and names
> #
> -OPTEE_EXAMPLES_VERSION := 4.8.0
> -OPTEE_EXAMPLES_MD5 := f7e5b0c1293481383f6afb3b317413be
> +OPTEE_EXAMPLES_VERSION := 4.9.0
> +OPTEE_EXAMPLES_MD5 := dcdca94cf42436c658275248449a38e9
> OPTEE_EXAMPLES := optee-examples-$(OPTEE_EXAMPLES_VERSION)
> OPTEE_EXAMPLES_SUFFIX := tar.gz
> OPTEE_EXAMPLES_URL := https://github.com/linaro-swg/optee_examples/archive/$(OPTEE_EXAMPLES_VERSION).$(OPTEE_EXAMPLES_SUFFIX)
> diff --git a/rules/optee-test.make b/rules/optee-test.make
> index 8dd8e8b598c9..31c56d1827a7 100644
> --- a/rules/optee-test.make
> +++ b/rules/optee-test.make
> @@ -16,8 +16,8 @@ endif
> #
> # Paths and names
> #
> -OPTEE_TEST_VERSION := 4.8.0
> -OPTEE_TEST_MD5 := 331d2a0019aae3bb31efecd9ad4e61f2
> +OPTEE_TEST_VERSION := 4.9.0
> +OPTEE_TEST_MD5 := 26d61e487d97abd71952c50075f84c32
> OPTEE_TEST := optee-test-$(OPTEE_TEST_VERSION)
> OPTEE_TEST_SUFFIX := tar.gz
> OPTEE_TEST_URL := https://github.com/OP-TEE/optee_test/archive/$(OPTEE_TEST_VERSION).$(OPTEE_TEST_SUFFIX)
> diff --git a/rules/optee.make b/rules/optee.make
> index f1ff83765d17..29b47e09fe8c 100644
> --- a/rules/optee.make
> +++ b/rules/optee.make
> @@ -16,8 +16,8 @@ endif
> #
> # Paths and names
> #
> -OPTEE_VERSION := 4.8.0
> -OPTEE_MD5 := ada772c4d9cb8ee977d1b6962f91e167
> +OPTEE_VERSION := 4.9.0
> +OPTEE_MD5 := 1ead0817586f996ed1ee15785af33b67
> OPTEE := optee-$(OPTEE_VERSION)
> OPTEE_SUFFIX := tar.gz
> OPTEE_URL := https://github.com/OP-TEE/optee_os/archive/$(OPTEE_VERSION).$(OPTEE_SUFFIX)
prev parent reply other threads:[~2026-02-13 10:03 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-27 15:29 [ptxdist] [PATCH] " Michael Tretter
2026-02-13 10:02 ` Michael Olbrich [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260213100252.2785771-1-m.olbrich@pengutronix.de \
--to=m.olbrich@pengutronix.de \
--cc=m.tretter@pengutronix.de \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox