[Buildroot] [PATCH RESEND 1/1] package/optee-client: add option to configure REE-based storage location

[Buildroot] [PATCH RESEND 1/1] package/optee-client: add option to configure REE-based storage location

[Heiko Stuebner]

From: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>

OP-TEE provides the possibility of secure storage done by the
normal world OS via tee-supplicant.

The location is a compile-time value and by default it is /data/tee .
As this might not be suitable for all use-cases add an option to
set the CFG_TEE_FS_PARENT_PATH compile option.

Default value is still /data/tee as it was before adding this option.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
---
resend due to buildroot ml rejecting the first try.

 package/optee-client/Config.in       | 8 ++++++++
 package/optee-client/optee-client.mk | 2 ++
 2 files changed, 10 insertions(+)

diff --git a/package/optee-client/Config.in b/package/optee-client/Config.in
index e519a13456..f187c0f2f1 100644
--- a/package/optee-client/Config.in
+++ b/package/optee-client/Config.in
@@ -13,5 +13,13 @@ config BR2_PACKAGE_OPTEE_CLIENT
 
 	  https://github.com/OP-TEE/optee_client
 
+config BR2_PACKAGE_OPTEE_CLIENT_REE_FS_PATH
+	string "Path for normal world OS secure storage"
+	default "/data/tee"
+	help
+	  Path to storage area for secure storage based on the
+	  normal world OS providing the actual storage via
+	  tee-supplicant.
+
 comment "optee-client needs a toolchain w/ threads"
 	depends on !BR2_TOOLCHAIN_HAS_THREADS
diff --git a/package/optee-client/optee-client.mk b/package/optee-client/optee-client.mk
index 15bebdc615..0121fab7dd 100644
--- a/package/optee-client/optee-client.mk
+++ b/package/optee-client/optee-client.mk
@@ -10,6 +10,8 @@ OPTEE_CLIENT_LICENSE = BSD-2-Clause
 OPTEE_CLIENT_LICENSE_FILES = LICENSE
 OPTEE_CLIENT_INSTALL_STAGING = YES
 
+OPTEE_CLIENT_CONF_OPTS = -DCFG_TEE_FS_PARENT_PATH=$(BR2_PACKAGE_OPTEE_CLIENT_REE_FS_PATH)
+
 define OPTEE_CLIENT_INSTALL_INIT_SYSV
 	$(INSTALL) -m 0755 -D $(OPTEE_CLIENT_PKGDIR)/S30optee \
 		$(TARGET_DIR)/etc/init.d/S30optee
-- 
2.24.1

[Buildroot] [PATCH RESEND 1/1] package/optee-client: add option to configure REE-based storage location

[Thomas Petazzoni]

Hello Heiko,

Thanks for your patch.

On Tue, 24 Mar 2020 16:42:55 +0100
Heiko Stuebner <heiko@sntech.de> wrote:

> +config BR2_PACKAGE_OPTEE_CLIENT_REE_FS_PATH

Why REE_FS_PATH ? The CMake option is named TEE_FS_PARENT_PATH, so I
assume this was a typo, and should have been TEE_FS_PATH, so I fixed
that.

Also, the option should have been within a if BR2_PACKAGE_OPTEE_CLIENT
... endif block, so I fixed that up as well, and applied.

If the REE wording was really correct, let me know.

Thanks!

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

[Buildroot] [PATCH RESEND 1/1] package/optee-client: add option to configure REE-based storage location

[Heiko Stübner]

Hi Thomas,

Am Sonntag, 29. M?rz 2020, 22:22:13 CEST schrieb Thomas Petazzoni:
> Hello Heiko,
> 
> Thanks for your patch.
> 
> On Tue, 24 Mar 2020 16:42:55 +0100
> Heiko Stuebner <heiko@sntech.de> wrote:
> 
> > +config BR2_PACKAGE_OPTEE_CLIENT_REE_FS_PATH
> 
> Why REE_FS_PATH ? The CMake option is named TEE_FS_PARENT_PATH, so I
> assume this was a typo, and should have been TEE_FS_PATH, so I fixed
> that.
> 
> Also, the option should have been within a if BR2_PACKAGE_OPTEE_CLIENT
> ... endif block, so I fixed that up as well, and applied.
> 
> If the REE wording was really correct, let me know.

My reasoning was that the new option sets the path in the "rich execution
environment" (ree - aka Gnu/Linux) where encrypted data from the "trusted
execution environment" (tee) should be stored.

But that new name also is fine and maybe even better, because REE actually
does not seem to be used too often except in the depths of OP-TEE
documentation  ... and thanks for fixing the missing "if BR2..." block


Thanks
Heiko