jeans/operating-system
1
0
Fork 0
mirror of https://github.com/home-assistant/operating-system.git synced 2025-11-16 06:09:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
b9f65295b33fac79dd901b1a8f1ae91c49cbea41
operating-system/buildroot/package/optee-client/Config.in
Stefan Agner a0871be6c0 Bump buildroot to 2020.11-rc1 (#985) 
* Update buildroot-patches for 2020.11-rc1 buildroot

* Update buildroot to 2020.11-rc1

Signed-off-by: Stefan Agner <stefan@agner.ch>

* Don't rely on sfdisk --list-free output

The --list-free (-F) argument does not allow machine readable mode. And
it seems that the output format changes over time (different spacing,
using size postfixes instead of raw blocks).

Use sfdisk json output and calculate free partition space ourselfs. This
works for 2.35 and 2.36 and is more robust since we rely on output which
is meant for scripts to parse.

* Migrate defconfigs for Buildroot 2020.11-rc1

In particular, rename BR2_TARGET_UBOOT_BOOT_SCRIPT(_SOURCE) to
BR2_PACKAGE_HOST_UBOOT_TOOLS_BOOT_SCRIPT(_SOURCE).

* Rebase/remove systemd patches for systemd 246

* Drop apparmor/libapparmor from buildroot-external

* hassos-persists: use /run as directory for lockfiles

The U-Boot tools use /var/lock by default which is not created any more
by systemd by default (it is under tmpfiles legacy.conf, which we no
longer install).

* Disable systemd-update-done.service

The service is not suited for pure read-only systems. In particular the
service needs to be able to write a file in /etc and /var. Remove the
service. Note: This is a static service and cannot be removed using
systemd-preset.

* Disable apparmor.service for now

The service loads all default profiles. Some might actually cause
problems. E.g. the profile for ping seems not to match our setup for
/etc/resolv.conf:
[85503.634653] audit: type=1400 audit(1605286002.684:236): apparmor="DENIED" operation="open" profile="ping" name="/run/resolv.conf" pid=27585 comm="ping" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
2020-11-13 18:25:44 +01:00

30 lines
915 B
Plaintext
Raw Blame History

config BR2_PACKAGE_OPTEE_CLIENT
bool "optee-client"
depends on BR2_TOOLCHAIN_HAS_THREADS
help
Enable the OP-TEE client package that brings non-secure
client application resources for OP-TEE support. OP-TEE
client is a component delivered by the OP-TEE project.
The client API library allows application to invoke trusted
applications hosted in the OP-TEE OS secure world. The
supplicant provides services hosted by the non-secure world
and invoked by the secure world.
https://github.com/OP-TEE/optee_client
if BR2_PACKAGE_OPTEE_CLIENT
config BR2_PACKAGE_OPTEE_CLIENT_TEE_FS_PATH
string "Path for normal world OS secure storage"
default "/data/tee"
help
Path to storage area for secure storage based on the
normal world OS providing the actual storage via
tee-supplicant.
endif
comment "optee-client needs a toolchain w/ threads"
depends on !BR2_TOOLCHAIN_HAS_THREADS
Reference in New Issue View Git Blame Copy Permalink