4 files changed, 63 insertions, 11 deletions
diff --git a/recipes-security/optee-imx/optee-client/tee-supplicant.service b/recipes-security/optee-imx/optee-client/tee-supplicant.service
deleted file mode 100644
index 0e2b4f6ba..000000000
--- a/recipes-security/optee-imx/optee-client/tee-supplicant.service
+++ /dev/null
@@ -1,11 +0,0 @@
-[Unit]
-Description=TEE Supplicant
-[Service]
-User=root
-EnvironmentFile=-/etc/default/tee-supplicant
-ExecStart=/usr/bin/tee-supplicant $OPTARGS
-[Install]
-WantedBy=basic.target
diff --git a/recipes-security/optee-imx/optee-client/tee-supplicant.sh b/recipes-security/optee-imx/optee-client/tee-supplicant.sh
new file mode 100644
index 000000000..b4d219502
--- /dev/null
+++ b/recipes-security/optee-imx/optee-client/tee-supplicant.sh
@@ -0,0 +1,46 @@
+#!/bin/sh
+# Source function library
+. /etc/init.d/functions
+NAME=tee-supplicant
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DESC="OP-TEE Supplicant"
+DAEMON=@sbindir@/$NAME
+test -f $DAEMON || exit 0
+test -f @sysconfdir@/default/$NAME && . @sysconfdir@/default/$NAME
+test -f @sysconfdir@/default/rcS && . @sysconfdir@/default/rcS
+SSD_OPTIONS="--oknodo --quiet --exec $DAEMON -- -d $OPTARGS"
+set -e
+case $1 in
+    start)
+            echo -n "Starting $DESC: "
+            start-stop-daemon --start $SSD_OPTIONS
+        echo "${DAEMON##*/}."
+        ;;
+    stop)
+            echo -n "Stopping $DESC: "
+            start-stop-daemon --stop $SSD_OPTIONS
+        echo "${DAEMON##*/}."
+        ;;
+    restart|force-reload)
+            $0 stop
+            sleep 1
+            $0 start
+        ;;
+    status)
+        status ${DAEMON} || exit $?
+        ;;
+    *)
+        echo "Usage: $0 {start|stop|restart|force-reload|status}" >&2
+        exit 1
+        ;;
+esac
+exit 0
diff --git a/recipes-security/optee-imx/optee-client/tee-supplicant@.service b/recipes-security/optee-imx/optee-client/tee-supplicant@.service
new file mode 100644
index 000000000..72c0b9aa5
--- /dev/null
+++ b/recipes-security/optee-imx/optee-client/tee-supplicant@.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=TEE Supplicant on %i
+[Service]
+User=root
+EnvironmentFile=-@sysconfdir@/default/tee-supplicant
+ExecStart=@sbindir@/tee-supplicant $OPTARGS
+[Install]
+WantedBy=basic.target
diff --git a/recipes-security/optee-imx/optee-client/tee-udev.rules b/recipes-security/optee-imx/optee-client/tee-udev.rules
new file mode 100644
index 000000000..43fafd8c9
--- /dev/null
+++ b/recipes-security/optee-imx/optee-client/tee-udev.rules
@@ -0,0 +1,7 @@
+# tee devices can only be accessed by the teeclnt group members
+KERNEL=="tee[0-9]*", TAG+="systemd", MODE="0660", GROUP="teeclnt"
+# If a /dev/teepriv[0-9]* device is detected, start an instance of
+# tee-supplicant.service with the device name as parameter
+KERNEL=="teepriv[0-9]*", MODE="0660", OWNER="root", GROUP="tee", \
+    TAG+="systemd", ENV{SYSTEMD_WANTS}+="tee-supplicant@%k.service"

diff --git a/recipes-security/optee-imx/optee-client/tee-supplicant.service b/recipes-security/optee-imx/optee-client/tee-supplicant.service deleted file mode 100644 index 0e2b4f6ba..000000000 --- a/recipes-security/optee-imx/optee-client/tee-supplicant.service +++ /dev/null
@@ -1,11 +0,0 @@
1	[Unit]
2	Description=TEE Supplicant
3
4	[Service]
5	User=root
6	EnvironmentFile=-/etc/default/tee-supplicant
7	ExecStart=/usr/bin/tee-supplicant $OPTARGS
8
9	[Install]
10	WantedBy=basic.target
11


diff --git a/recipes-security/optee-imx/optee-client/tee-supplicant.sh b/recipes-security/optee-imx/optee-client/tee-supplicant.sh new file mode 100644 index 000000000..b4d219502 --- /dev/null +++ b/recipes-security/optee-imx/optee-client/tee-supplicant.sh
@@ -0,0 +1,46 @@
		1	#!/bin/sh
		2
		3	# Source function library
		4	. /etc/init.d/functions
		5
		6	NAME=tee-supplicant
		7	PATH=/sbin:/bin:/usr/sbin:/usr/bin
		8	DESC="OP-TEE Supplicant"
		9
		10	DAEMON=@sbindir@/$NAME
		11
		12	test -f $DAEMON \|\| exit 0
		13
		14	test -f @sysconfdir@/default/$NAME && . @sysconfdir@/default/$NAME
		15	test -f @sysconfdir@/default/rcS && . @sysconfdir@/default/rcS
		16
		17	SSD_OPTIONS="--oknodo --quiet --exec $DAEMON -- -d $OPTARGS"
		18
		19	set -e
		20
		21	case $1 in
		22	start)
		23	echo -n "Starting $DESC: "
		24	start-stop-daemon --start $SSD_OPTIONS
		25	echo "${DAEMON##*/}."
		26	;;
		27	stop)
		28	echo -n "Stopping $DESC: "
		29	start-stop-daemon --stop $SSD_OPTIONS
		30	echo "${DAEMON##*/}."
		31	;;
		32	restart\|force-reload)
		33	$0 stop
		34	sleep 1
		35	$0 start
		36	;;
		37	status)
		38	status ${DAEMON} \|\| exit $?
		39	;;
		40	*)
		41	echo "Usage: $0 {start\|stop\|restart\|force-reload\|status}" >&2
		42	exit 1
		43	;;
		44	esac
		45
		46	exit 0


diff --git a/recipes-security/optee-imx/optee-client/tee-supplicant@.service b/recipes-security/optee-imx/optee-client/tee-supplicant@.service new file mode 100644 index 000000000..72c0b9aa5 --- /dev/null +++ b/recipes-security/optee-imx/optee-client/tee-supplicant@.service
@@ -0,0 +1,10 @@
		1	[Unit]
		2	Description=TEE Supplicant on %i
		3
		4	[Service]
		5	User=root
		6	EnvironmentFile=-@sysconfdir@/default/tee-supplicant
		7	ExecStart=@sbindir@/tee-supplicant $OPTARGS
		8
		9	[Install]
		10	WantedBy=basic.target


diff --git a/recipes-security/optee-imx/optee-client/tee-udev.rules b/recipes-security/optee-imx/optee-client/tee-udev.rules new file mode 100644 index 000000000..43fafd8c9 --- /dev/null +++ b/recipes-security/optee-imx/optee-client/tee-udev.rules
@@ -0,0 +1,7 @@
		1	# tee devices can only be accessed by the teeclnt group members
		2	KERNEL=="tee[0-9]*", TAG+="systemd", MODE="0660", GROUP="teeclnt"
		3
		4	# If a /dev/teepriv[0-9]* device is detected, start an instance of
		5	# tee-supplicant.service with the device name as parameter
		6	KERNEL=="teepriv[0-9]*", MODE="0660", OWNER="root", GROUP="tee", \
		7	TAG+="systemd", ENV{SYSTEMD_WANTS}+="tee-supplicant@%k.service"