optee-client: Upgrade 4.4.0.imx -> 4.6.0.imx

Update from LF6.12.20-2.0.0 Signed-off-by: Zelan Zou <zelan.zou@nxp.com>
author: Zelan Zou <zelan.zou@nxp.com> 2025-09-01 14:12:11 +0800
committer: Zelan Zou <zelan.zou@nxp.com> 2025-09-01 14:24:13 +0800
commit: a31dd5803b84db78663854eade050da5a0cdebec (patch)
tree: e64cfe0a367ca4911260b25a1fee6e1edc5e883b
parent: baf84923f894b5e6d355a08f0494d87aa0d29c3f (diff)
download: meta-freescale-a31dd5803b84db78663854eade050da5a0cdebec.tar.gz
6 files changed, 78 insertions, 37 deletions
diff --git a/recipes-security/optee-imx/optee-client-fslc-imx.inc b/recipes-security/optee-imx/optee-client-fslc-imx.inc
index 7aeff9fd5..1112a864d 100644
--- a/recipes-security/optee-imx/optee-client-fslc-imx.inc
+++ b/recipes-security/optee-imx/optee-client-fslc-imx.inc
@@ -1,5 +1,5 @@
 # Copied from meta-imx/meta-imx-bsp/recipes-security/optee/optee-client-imx.inc.
-# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-scarthgap/imx-6.6.52-2.2.0.xml#L37
+# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-walnascar/imx-6.12.20-2.0.0.xml#L37
 require optee-client-fslc.inc
@@ -10,27 +10,8 @@ SRC_URI:remove = "git://github.com/OP-TEE/optee_client.git;branch=master;protoco
 SRC_URI:prepend = "${OPTEE_CLIENT_SRC};branch=${SRCBRANCH} "
 OPTEE_CLIENT_SRC ?= "git://github.com/nxp-imx/imx-optee-client.git;protocol=https"
+SRC_URI += "file://0001-tee-supplicant-Fix-non-arch-service-unit-install-pat.patch"
 inherit pkgconfig
 EXTRA_OECMAKE += "-DCFG_TEE_CLIENT_LOAD_PATH=${nonarch_base_libdir}"
-# Copy the udev rule from the libts recipe for starting tee-supplicant@.service
-SRC_URI += "file://tee-udev.rules"
-# Unix group name for dev/tee* ownership.
-TEE_GROUP_NAME ?= "teeclnt"
-do_install:append () {
-    if ${@oe.utils.conditional('VIRTUAL-RUNTIME_dev_manager', 'busybox-mdev', 'false', 'true', d)}; then
-        install -d ${D}${nonarch_base_libdir}/udev/rules.d/
-        install -m 755 ${UNPACKDIR}/tee-udev.rules ${D}${nonarch_base_libdir}/udev/rules.d/
-        sed -i -e "s/teeclnt/${TEE_GROUP_NAME}/" ${D}${nonarch_base_libdir}/udev/rules.d/tee-udev.rules
-    fi
-    if [ "${libdir}" != "${nonarch_base_libdir}" ]; then
-        rm -rf ${D}${libdir}/systemd
-    fi
-}
-inherit ${@oe.utils.conditional('VIRTUAL-RUNTIME_dev_manager', 'busybox-mdev', '', 'useradd', d)}
-USERADD_PACKAGES = "${PN}"
-GROUPADD_PARAM:${PN} = "--system ${TEE_GROUP_NAME}"
-FILES:${PN} += "${libdir}/* ${includedir}/*"
diff --git a/recipes-security/optee-imx/optee-client-fslc.inc b/recipes-security/optee-imx/optee-client-fslc.inc
index 2c1a0f450..70a25fe6c 100644
--- a/recipes-security/optee-imx/optee-client-fslc.inc
+++ b/recipes-security/optee-imx/optee-client-fslc.inc
@@ -1,5 +1,5 @@
 # Copied from meta-arm/recipes-security/optee/optee-client.inc.
-# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-scarthgap/imx-6.6.52-2.2.0.xml#L30
+# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-walnascar/imx-6.12.20-2.0.0.xml#L30
 SUMMARY = "OP-TEE Client API"
 DESCRIPTION = "Open Portable Trusted Execution Environment - Normal World Client side of the TEE"
@@ -8,11 +8,10 @@ HOMEPAGE = "https://www.op-tee.org/"
 LICENSE = "BSD-2-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b"
-inherit systemd update-rc.d cmake
+inherit systemd update-rc.d cmake useradd
 SRC_URI = " \
    git://github.com/OP-TEE/optee_client.git;branch=master;protocol=https \
-    file://tee-supplicant@.service \
    file://tee-supplicant.sh \
 "
@@ -20,18 +19,28 @@ UPSTREAM_CHECK_GITTAGREGEX = "^(?P<pver>\d+(\.\d+)+)$"
 EXTRA_OECMAKE = " \
    -DBUILD_SHARED_LIBS=ON \
-    -DCFG_TEE_FS_PARENT_PATH='${localstatedir}/lib/tee' \
+    -DCFG_USE_PKGCONFIG=ON \
 "
+# libts uses /dev/tee devices too. Add a common variable to allow configuring the same group.
+TEE_GROUP_NAME ?= "tee"
+EXTRA_OECMAKE += " -DCFG_ENABLE_SYSTEMD=On -DSYSTEMD_UNIT_DIR=${systemd_system_unitdir}/"
+EXTRA_OECMAKE += " -DCFG_ENABLE_UDEV=On -DUDEV_UDEV_DIR=${nonarch_base_libdir}/udev/rules.d/"
+EXTRA_OECMAKE += " -DCFG_TEE_GROUP=${TEE_GROUP_NAME} -DCFG_TEEPRIV_GROUP=teepriv"
 EXTRA_OECMAKE:append:toolchain-clang = " -DCFG_WERROR=0"
 do_install:append() {
-    install -D -p -m0644 ${UNPACKDIR}/tee-supplicant@.service ${D}${systemd_system_unitdir}/tee-supplicant@.service
+    if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
-    install -D -p -m0755 ${UNPACKDIR}/tee-supplicant.sh ${D}${sysconfdir}/init.d/tee-supplicant
+        install -D -p -m0755 ${UNPACKDIR}/tee-supplicant.sh ${D}${sysconfdir}/init.d/tee-supplicant
+        sed -i -e s:@sysconfdir@:${sysconfdir}:g \
-    sed -i -e s:@sysconfdir@:${sysconfdir}:g \
+               -e s:@sbindir@:${sbindir}:g \
-           -e s:@sbindir@:${sbindir}:g \
+               -e s:@supluser@:teesuppl:g \
-              ${D}${systemd_system_unitdir}/tee-supplicant@.service \
+               -e s:@suplgroup@:teesuppl:g \
-              ${D}${sysconfdir}/init.d/tee-supplicant
+                  ${D}${sysconfdir}/init.d/tee-supplicant
+    fi
+    install -o teesuppl -g teesuppl -m 0700 -d ${D}${localstatedir}/lib/tee
 }
 SYSTEMD_SERVICE:${PN} = "tee-supplicant@.service"
@@ -39,3 +48,13 @@ SYSTEMD_SERVICE:${PN} = "tee-supplicant@.service"
 INITSCRIPT_PACKAGES = "${PN}"
 INITSCRIPT_NAME:${PN} = "tee-supplicant"
 INITSCRIPT_PARAMS:${PN} = "start 10 1 2 3 4 5 . stop 90 0 6 ."
+FILES:${PN} += "${nonarch_base_libdir}/udev/rules.d/"
+# Users and groups:
+# TEE_GROUP_NAME group to access /dev/tee*
+# teepriv group to acess /dev/teepriv*, only tee-supplicant
+# teesuppl user and group teesuppl to run tee-supplicant
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM:${PN} = "--system ${TEE_GROUP_NAME}; --system teepriv; --system teesuppl"
+USERADD_PARAM:${PN} = "--system -g teesuppl --groups teepriv --home-dir ${localstatedir}/lib/tee -M --shell /sbin/nologin teesuppl;"
diff --git a/recipes-security/optee-imx/optee-client/0001-tee-supplicant-Fix-non-arch-service-unit-install-pat.patch b/recipes-security/optee-imx/optee-client/0001-tee-supplicant-Fix-non-arch-service-unit-install-pat.patch
new file mode 100644
index 000000000..631e08019
--- /dev/null
+++ b/recipes-security/optee-imx/optee-client/0001-tee-supplicant-Fix-non-arch-service-unit-install-pat.patch
@@ -0,0 +1,35 @@
+From 5ffab66dda3e25f0b2ebc5115013c4234d048703 Mon Sep 17 00:00:00 2001
+From: Tom Hochstein <tom.hochstein@nxp.com>
+Date: Mon, 21 Apr 2025 08:47:29 -0500
+Subject: [PATCH] tee-supplicant: Fix non-arch service unit install path
+A 64-bit build with multilib enabled fails:
+```
+ERROR: optee-client-4.4.0-r0 do_package: Didn't find service unit 'tee-supplicant@.service', specified in SYSTEMD_SERVICE:optee-client. Also looked for service unit 'tee-supplicant@.service'.
+```
+The problem is the service unit is installed in the arch-specific folder
+/usr/lib64/systemd/system, but it is non-arch and should be in
+/usr/lib/systemd/system.
+Upstream-Status: Pending
+Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
+---
+ tee-supplicant/CMakeLists.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/tee-supplicant/CMakeLists.txt b/tee-supplicant/CMakeLists.txt
+index 8df9bef..3ea058c 100644
+--- a/tee-supplicant/CMakeLists.txt
+++ b/tee-supplicant/CMakeLists.txt
+@@ -119,6 +119,6 @@ endif()
+ ################################################################################
+ install(TARGETS ${PROJECT_NAME} RUNTIME DESTINATION ${CMAKE_INSTALL_SBINDIR})
+ configure_file(tee-supplicant@.service.in tee-supplicant@.service @ONLY)
+-install(FILES ${CMAKE_BINARY_DIR}/${PROJECT_NAME}/tee-supplicant@.service DESTINATION ${CMAKE_INSTALL_LIBDIR}/systemd/system)
+install(FILES ${CMAKE_BINARY_DIR}/${PROJECT_NAME}/tee-supplicant@.service DESTINATION lib/systemd/system)
+ configure_file(optee-udev.rules.in optee-udev.rules @ONLY)
+ install(FILES ${CMAKE_BINARY_DIR}/${PROJECT_NAME}/optee-udev.rules DESTINATION ${CMAKE_INSTALL_SYSCONFDIR}/udev/rules.d)
+-- 
+2.34.1
diff --git a/recipes-security/optee-imx/optee-client/optee-udev.rules b/recipes-security/optee-imx/optee-client/optee-udev.rules
new file mode 100644
index 000000000..075f469c0
--- /dev/null
+++ b/recipes-security/optee-imx/optee-client/optee-udev.rules
@@ -0,0 +1,6 @@
+KERNEL=="tee[0-9]*", MODE="0660", OWNER="root", GROUP="teeclnt", TAG+="systemd"
+# If a /dev/teepriv[0-9]* device is detected, start an instance of
+# tee-supplicant.service with the device name as parameter
+KERNEL=="teepriv[0-9]*", MODE="0660", OWNER="root", GROUP="teeclnt", \
+    TAG+="systemd", ENV{SYSTEMD_WANTS}+="tee-supplicant@%k.service"
diff --git a/recipes-security/optee-imx/optee-client_4.4.0.imx.bb b/recipes-security/optee-imx/optee-client_4.4.0.imx.bb
deleted file mode 100644
index 322f998fc..000000000
--- a/recipes-security/optee-imx/optee-client_4.4.0.imx.bb
+++ /dev/null
@@ -1,4 +0,0 @@
-require optee-client-fslc-imx.inc
-SRCBRANCH = "lf-6.6.52_2.2.0"
-SRCREV = "d221676a58b305bddbf97db00395205b3038de8e"
diff --git a/recipes-security/optee-imx/optee-client_4.6.0.imx.bb b/recipes-security/optee-imx/optee-client_4.6.0.imx.bb
new file mode 100644
index 000000000..b5a185da1
--- /dev/null
+++ b/recipes-security/optee-imx/optee-client_4.6.0.imx.bb
@@ -0,0 +1,4 @@
+require optee-client-fslc-imx.inc
+SRCBRANCH = "lf-6.12.20_2.0.0"
+SRCREV = "02e7f9213b0d7db9c35ebf1e41e733fc9c5a3f75"
author	Zelan Zou <zelan.zou@nxp.com>	2025-09-01 14:12:11 +0800
committer	Zelan Zou <zelan.zou@nxp.com>	2025-09-01 14:24:13 +0800
commit	a31dd5803b84db78663854eade050da5a0cdebec (patch)
tree	e64cfe0a367ca4911260b25a1fee6e1edc5e883b
parent	baf84923f894b5e6d355a08f0494d87aa0d29c3f (diff)
download	meta-freescale-a31dd5803b84db78663854eade050da5a0cdebec.tar.gz

diff --git a/recipes-security/optee-imx/optee-client-fslc-imx.inc b/recipes-security/optee-imx/optee-client-fslc-imx.inc index 7aeff9fd5..1112a864d 100644 --- a/recipes-security/optee-imx/optee-client-fslc-imx.inc +++ b/recipes-security/optee-imx/optee-client-fslc-imx.inc
@@ -1,5 +1,5 @@
1	# Copied from meta-imx/meta-imx-bsp/recipes-security/optee/optee-client-imx.inc.	1	# Copied from meta-imx/meta-imx-bsp/recipes-security/optee/optee-client-imx.inc.
2	# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-scarthgap/imx-6.6.52-2.2.0.xml#L37	2	# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-walnascar/imx-6.12.20-2.0.0.xml#L37
3		3
4	require optee-client-fslc.inc	4	require optee-client-fslc.inc
5		5
@@ -10,27 +10,8 @@ SRC_URI:remove = "git://github.com/OP-TEE/optee_client.git;branch=master;protoco
10	SRC_URI:prepend = "${OPTEE_CLIENT_SRC};branch=${SRCBRANCH} "	10	SRC_URI:prepend = "${OPTEE_CLIENT_SRC};branch=${SRCBRANCH} "
11	OPTEE_CLIENT_SRC ?= "git://github.com/nxp-imx/imx-optee-client.git;protocol=https"	11	OPTEE_CLIENT_SRC ?= "git://github.com/nxp-imx/imx-optee-client.git;protocol=https"
12		12
		13	SRC_URI += "file://0001-tee-supplicant-Fix-non-arch-service-unit-install-pat.patch"
		14
13	inherit pkgconfig	15	inherit pkgconfig
14		16
15	EXTRA_OECMAKE += "-DCFG_TEE_CLIENT_LOAD_PATH=${nonarch_base_libdir}"	17	EXTRA_OECMAKE += "-DCFG_TEE_CLIENT_LOAD_PATH=${nonarch_base_libdir}"
16
17	# Copy the udev rule from the libts recipe for starting tee-supplicant@.service
18	SRC_URI += "file://tee-udev.rules"
19	# Unix group name for dev/tee* ownership.
20	TEE_GROUP_NAME ?= "teeclnt"
21	do_install:append () {
22	if ${@oe.utils.conditional('VIRTUAL-RUNTIME_dev_manager', 'busybox-mdev', 'false', 'true', d)}; then
23	install -d ${D}${nonarch_base_libdir}/udev/rules.d/
24	install -m 755 ${UNPACKDIR}/tee-udev.rules ${D}${nonarch_base_libdir}/udev/rules.d/
25	sed -i -e "s/teeclnt/${TEE_GROUP_NAME}/" ${D}${nonarch_base_libdir}/udev/rules.d/tee-udev.rules
26	fi
27
28	if [ "${libdir}" != "${nonarch_base_libdir}" ]; then
29	rm -rf ${D}${libdir}/systemd
30	fi
31	}
32	inherit ${@oe.utils.conditional('VIRTUAL-RUNTIME_dev_manager', 'busybox-mdev', '', 'useradd', d)}
33	USERADD_PACKAGES = "${PN}"
34	GROUPADD_PARAM:${PN} = "--system ${TEE_GROUP_NAME}"
35
36	FILES:${PN} += "${libdir}/* ${includedir}/*"


diff --git a/recipes-security/optee-imx/optee-client-fslc.inc b/recipes-security/optee-imx/optee-client-fslc.inc index 2c1a0f450..70a25fe6c 100644 --- a/recipes-security/optee-imx/optee-client-fslc.inc +++ b/recipes-security/optee-imx/optee-client-fslc.inc
@@ -1,5 +1,5 @@
1	# Copied from meta-arm/recipes-security/optee/optee-client.inc.	1	# Copied from meta-arm/recipes-security/optee/optee-client.inc.
2	# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-scarthgap/imx-6.6.52-2.2.0.xml#L30	2	# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-walnascar/imx-6.12.20-2.0.0.xml#L30
3		3
4	SUMMARY = "OP-TEE Client API"	4	SUMMARY = "OP-TEE Client API"
5	DESCRIPTION = "Open Portable Trusted Execution Environment - Normal World Client side of the TEE"	5	DESCRIPTION = "Open Portable Trusted Execution Environment - Normal World Client side of the TEE"
@@ -8,11 +8,10 @@ HOMEPAGE = "https://www.op-tee.org/"
8	LICENSE = "BSD-2-Clause"	8	LICENSE = "BSD-2-Clause"
9	LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b"	9	LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b"
10		10
11	inherit systemd update-rc.d cmake	11	inherit systemd update-rc.d cmake useradd
12		12
13	SRC_URI = " \	13	SRC_URI = " \
14	git://github.com/OP-TEE/optee_client.git;branch=master;protocol=https \	14	git://github.com/OP-TEE/optee_client.git;branch=master;protocol=https \
15	file://tee-supplicant@.service \
16	file://tee-supplicant.sh \	15	file://tee-supplicant.sh \
17	"	16	"
18		17
@@ -20,18 +19,28 @@ UPSTREAM_CHECK_GITTAGREGEX = "^(?P<pver>\d+(\.\d+)+)$"
20		19
21	EXTRA_OECMAKE = " \	20	EXTRA_OECMAKE = " \
22	-DBUILD_SHARED_LIBS=ON \	21	-DBUILD_SHARED_LIBS=ON \
23	-DCFG_TEE_FS_PARENT_PATH='${localstatedir}/lib/tee' \	22	-DCFG_USE_PKGCONFIG=ON \
24	"	23	"
		24
		25	# libts uses /dev/tee devices too. Add a common variable to allow configuring the same group.
		26	TEE_GROUP_NAME ?= "tee"
		27
		28	EXTRA_OECMAKE += " -DCFG_ENABLE_SYSTEMD=On -DSYSTEMD_UNIT_DIR=${systemd_system_unitdir}/"
		29	EXTRA_OECMAKE += " -DCFG_ENABLE_UDEV=On -DUDEV_UDEV_DIR=${nonarch_base_libdir}/udev/rules.d/"
		30	EXTRA_OECMAKE += " -DCFG_TEE_GROUP=${TEE_GROUP_NAME} -DCFG_TEEPRIV_GROUP=teepriv"
		31
25	EXTRA_OECMAKE:append:toolchain-clang = " -DCFG_WERROR=0"	32	EXTRA_OECMAKE:append:toolchain-clang = " -DCFG_WERROR=0"
26		33
27	do_install:append() {	34	do_install:append() {
28	install -D -p -m0644 ${UNPACKDIR}/tee-supplicant@.service ${D}${systemd_system_unitdir}/tee-supplicant@.service	35	if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
29	install -D -p -m0755 ${UNPACKDIR}/tee-supplicant.sh ${D}${sysconfdir}/init.d/tee-supplicant	36	install -D -p -m0755 ${UNPACKDIR}/tee-supplicant.sh ${D}${sysconfdir}/init.d/tee-supplicant
30		37	sed -i -e s:@sysconfdir@:${sysconfdir}:g \
31	sed -i -e s:@sysconfdir@:${sysconfdir}:g \	38	-e s:@sbindir@:${sbindir}:g \
32	-e s:@sbindir@:${sbindir}:g \	39	-e s:@supluser@:teesuppl:g \
33	${D}${systemd_system_unitdir}/tee-supplicant@.service \	40	-e s:@suplgroup@:teesuppl:g \
34	${D}${sysconfdir}/init.d/tee-supplicant	41	${D}${sysconfdir}/init.d/tee-supplicant
		42	fi
		43	install -o teesuppl -g teesuppl -m 0700 -d ${D}${localstatedir}/lib/tee
35	}	44	}
36		45
37	SYSTEMD_SERVICE:${PN} = "tee-supplicant@.service"	46	SYSTEMD_SERVICE:${PN} = "tee-supplicant@.service"
@@ -39,3 +48,13 @@ SYSTEMD_SERVICE:${PN} = "tee-supplicant@.service"
39	INITSCRIPT_PACKAGES = "${PN}"	48	INITSCRIPT_PACKAGES = "${PN}"
40	INITSCRIPT_NAME:${PN} = "tee-supplicant"	49	INITSCRIPT_NAME:${PN} = "tee-supplicant"
41	INITSCRIPT_PARAMS:${PN} = "start 10 1 2 3 4 5 . stop 90 0 6 ."	50	INITSCRIPT_PARAMS:${PN} = "start 10 1 2 3 4 5 . stop 90 0 6 ."
		51
		52	FILES:${PN} += "${nonarch_base_libdir}/udev/rules.d/"
		53
		54	# Users and groups:
		55	# TEE_GROUP_NAME group to access /dev/tee*
		56	# teepriv group to acess /dev/teepriv*, only tee-supplicant
		57	# teesuppl user and group teesuppl to run tee-supplicant
		58	USERADD_PACKAGES = "${PN}"
		59	GROUPADD_PARAM:${PN} = "--system ${TEE_GROUP_NAME}; --system teepriv; --system teesuppl"
		60	USERADD_PARAM:${PN} = "--system -g teesuppl --groups teepriv --home-dir ${localstatedir}/lib/tee -M --shell /sbin/nologin teesuppl;"


diff --git a/recipes-security/optee-imx/optee-client/0001-tee-supplicant-Fix-non-arch-service-unit-install-pat.patch b/recipes-security/optee-imx/optee-client/0001-tee-supplicant-Fix-non-arch-service-unit-install-pat.patch new file mode 100644 index 000000000..631e08019 --- /dev/null +++ b/recipes-security/optee-imx/optee-client/0001-tee-supplicant-Fix-non-arch-service-unit-install-pat.patch
@@ -0,0 +1,35 @@
		1	From 5ffab66dda3e25f0b2ebc5115013c4234d048703 Mon Sep 17 00:00:00 2001
		2	From: Tom Hochstein <tom.hochstein@nxp.com>
		3	Date: Mon, 21 Apr 2025 08:47:29 -0500
		4	Subject: [PATCH] tee-supplicant: Fix non-arch service unit install path
		5
		6	A 64-bit build with multilib enabled fails:
		7	```
		8	ERROR: optee-client-4.4.0-r0 do_package: Didn't find service unit 'tee-supplicant@.service', specified in SYSTEMD_SERVICE:optee-client. Also looked for service unit 'tee-supplicant@.service'.
		9	```
		10
		11	The problem is the service unit is installed in the arch-specific folder
		12	/usr/lib64/systemd/system, but it is non-arch and should be in
		13	/usr/lib/systemd/system.
		14
		15	Upstream-Status: Pending
		16	Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
		17	---
		18	tee-supplicant/CMakeLists.txt \| 2 +-
		19	1 file changed, 1 insertion(+), 1 deletion(-)
		20
		21	diff --git a/tee-supplicant/CMakeLists.txt b/tee-supplicant/CMakeLists.txt
		22	index 8df9bef..3ea058c 100644
		23	--- a/tee-supplicant/CMakeLists.txt
		24	+++ b/tee-supplicant/CMakeLists.txt
		25	@@ -119,6 +119,6 @@ endif()
		26	################################################################################
		27	install(TARGETS ${PROJECT_NAME} RUNTIME DESTINATION ${CMAKE_INSTALL_SBINDIR})
		28	configure_file(tee-supplicant@.service.in tee-supplicant@.service @ONLY)
		29	-install(FILES ${CMAKE_BINARY_DIR}/${PROJECT_NAME}/tee-supplicant@.service DESTINATION ${CMAKE_INSTALL_LIBDIR}/systemd/system)
		30	+install(FILES ${CMAKE_BINARY_DIR}/${PROJECT_NAME}/tee-supplicant@.service DESTINATION lib/systemd/system)
		31	configure_file(optee-udev.rules.in optee-udev.rules @ONLY)
		32	install(FILES ${CMAKE_BINARY_DIR}/${PROJECT_NAME}/optee-udev.rules DESTINATION ${CMAKE_INSTALL_SYSCONFDIR}/udev/rules.d)
		33	--
		34	2.34.1
		35


diff --git a/recipes-security/optee-imx/optee-client/optee-udev.rules b/recipes-security/optee-imx/optee-client/optee-udev.rules new file mode 100644 index 000000000..075f469c0 --- /dev/null +++ b/recipes-security/optee-imx/optee-client/optee-udev.rules
@@ -0,0 +1,6 @@
		1	KERNEL=="tee[0-9]*", MODE="0660", OWNER="root", GROUP="teeclnt", TAG+="systemd"
		2
		3	# If a /dev/teepriv[0-9]* device is detected, start an instance of
		4	# tee-supplicant.service with the device name as parameter
		5	KERNEL=="teepriv[0-9]*", MODE="0660", OWNER="root", GROUP="teeclnt", \
		6	TAG+="systemd", ENV{SYSTEMD_WANTS}+="tee-supplicant@%k.service"


diff --git a/recipes-security/optee-imx/optee-client_4.4.0.imx.bb b/recipes-security/optee-imx/optee-client_4.4.0.imx.bb deleted file mode 100644 index 322f998fc..000000000 --- a/recipes-security/optee-imx/optee-client_4.4.0.imx.bb +++ /dev/null
@@ -1,4 +0,0 @@
1	require optee-client-fslc-imx.inc
2
3	SRCBRANCH = "lf-6.6.52_2.2.0"
4	SRCREV = "d221676a58b305bddbf97db00395205b3038de8e"


diff --git a/recipes-security/optee-imx/optee-client_4.6.0.imx.bb b/recipes-security/optee-imx/optee-client_4.6.0.imx.bb new file mode 100644 index 000000000..b5a185da1 --- /dev/null +++ b/recipes-security/optee-imx/optee-client_4.6.0.imx.bb
@@ -0,0 +1,4 @@
		1	require optee-client-fslc-imx.inc
		2
		3	SRCBRANCH = "lf-6.12.20_2.0.0"
		4	SRCREV = "02e7f9213b0d7db9c35ebf1e41e733fc9c5a3f75"