meta-qcom: security: Add minkipc library for security feature support

Add minkipc library for security feature support.
Minkipc is designed to facilitate secure communication between
different domains.

Signed-off-by: Jiaxing Li <[email protected]>

Author: jiaxli-QC

recipes-devtools/minkidlc/minkidlc-native_git.bb

@@ -0,0 +1,25 @@
+SUMMARY = "Mink IDL compiler (prebuilt binary)"
+DESCRIPTION = " \
+Mink IDL is used to describe programming interfaces that can be used to communicate across security domain boundaries. \
+Once an interface is described in an IDL source file, the Mink IDL compiler can generate target language header files. \
+"
+HOMEPAGE = "https://github.com/quic/mink-idl-compiler"
+SECTION = "devel"
+
+LICENSE = "CLOSED"
+LIC_FILES_CHKSUM = ""
+
+SRC_URI = "https://github.com/quic/mink-idl-compiler/releases/download/v0.2.0/idlc;downloadfilename=minkidlc;unpack=0"
+SRC_URI[sha256sum] = "2a6dd5b2fdad5e307489849b3a4ce56daf241ff517e89e1eb207813008e558d7"
+
+inherit native
+
+COMPATIBLE_HOST = "x86_64.*-linux"
+
+do_install() {
+    install -d ${D}${bindir}
+    install -m 0755 ${UNPACKDIR}/minkidlc ${D}${bindir}/minkidlc
+}
+
+FILES:${PN} += "${bindir}/minkidlc"
+

recipes-security/minkipc/minkipc/0001-minkipc-compilation-Fix-compilation-issue.patch

@@ -0,0 +1,50 @@
+From 9f4e0d9d611ee8580eedb61fce4af8686f926a9c Mon Sep 17 00:00:00 2001
+From: Jiaxing Li <[email protected]>
+Date: Thu, 9 Oct 2025 16:47:54 +0800
+Subject: [PATCH] minkipc:compilation: Fix compilation issue
+
+- To fix compilation error: #warning "<cstdbool> is deprecated in C++17, remove the #include" [-Werror=cpp].
+- Disable downloading minkidlc in CMakeLists.txt.
+
+Signed-off-by: Jiaxing Li <[email protected]>
+Upstream-Status: Inappropriate [meta-qcom specific]
+---
+ CMakeLists.txt | 15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 346e1bc..7f12f3f 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -17,19 +17,22 @@ option(BUILD_GPFS_LISTENER "Build GP File system Listener" TRUE)
+
+ include(GNUInstallDirs)
+
+-set(MINKIDLC_BIN_DIR ${CMAKE_CURRENT_SOURCE_DIR}/minkidlc)
++set(MINKIDLC_BIN_DIR "${CMAKE_CURRENT_SOURCE_DIR}/minkidlc" CACHE PATH "Directory containing the minkidlc executable")
+
+-file(DOWNLOAD
+-  https://github.com/quic/mink-idl-compiler/releases/download/v0.2.0/idlc
+-  ${MINKIDLC_BIN_DIR}/minkidlc
+-)
++if ("${MINKIDLC_BIN_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}/minkidlc")
++	file(DOWNLOAD
++	https://github.com/quic/mink-idl-compiler/releases/download/v0.2.0/idlc
++	${MINKIDLC_BIN_DIR}/minkidlc
++	)
+
+-file(CHMOD ${MINKIDLC_BIN_DIR}/minkidlc PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ)
++	file(CHMOD ${MINKIDLC_BIN_DIR}/minkidlc PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ)
++endif()
+
+ add_compile_options(
+ 	-Wall -Wextra -Werror -Wshadow -Wcast-align
+ 	-Wmissing-declarations -Wformat-security -Wmissing-noreturn
+ 	-Wdeprecated -fPIC
++	-Wno-error=cpp
+ )
+
+ add_subdirectory(libminkadaptor)
+--
+2.34.1
+

recipes-security/minkipc/minkipc/qteesupplicant.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=QTEE Supplicant Service
+
+[Service]
+Type=exec
+ExecStart=/usr/bin/qtee_supplicant
+
+[Install]
+WantedBy=multi-user.target
+

recipes-security/minkipc/minkipc_git.bb

@@ -0,0 +1,50 @@
+SUMMARY = "Qualcomm MinkIPC applications and library"
+DESCRIPTION = " \
+MINK ('Mink is Not a Kernel') is a capability-based security framework, \
+which is a synchronous message passing facility based on the Object-Capability model, \
+designed to facilitate secure communication between different domains. \
+qteesupplicant service is designed for invocation dispatch and handling callbacks. \
+"
+HOMEPAGE = "https://github.com/qualcomm/minkipc.git"
+SECTION = "libs"
+
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=2b1366ebba1ebd9ae25ad19626bbca93"
+
+inherit cmake systemd lib_package
+
+SRC_URI += "\
+    git://github.com/qualcomm/minkipc.git;branch=main;protocol=https \
+    file://0001-minkipc-compilation-Fix-compilation-issue.patch \
+    file://qteesupplicant.service \
+"
+SRCREV = "cd0355987595a0619e7689aec50dc4c91153b169"
+PV = "0.0+git"
+DEPENDS = " qcbor qcomtee minkidlc-native"
+
+PACKAGES += "${PN}-systemd"
+RRECOMMENDS:${PN} += "${PN}-systemd"
+SYSTEMD_PACKAGES = "${PN} ${PN}-systemd"
+SYSTEMD_SERVICE:${PN}-systemd = "qteesupplicant.service"
+SYSTEMD_AUTO_ENABLE:${PN}-systemd = "disable"
+
+EXTRA_OECMAKE = " -DBUILD_UNITTEST=ON -DMINKIDLC_BIN_DIR=${STAGING_BINDIR_NATIVE}"
+do_install:append() {
+    install -d ${D}${bindir}
+    install -m 0755 ${WORKDIR}/build/qtee_supplicant/qtee_supplicant ${D}${bindir}/
+    install -m 0755 ${WORKDIR}/build/libminkteec/tests/gp_test_client/gp_test_client ${D}${bindir}/
+    install -m 0755 ${WORKDIR}/build/libminkadaptor/tests/smcinvoke_client/smcinvoke_client ${D}${bindir}/
+
+    install -d ${D}${systemd_unitdir}/system
+    install -m 0644 ${UNPACKDIR}/qteesupplicant.service ${D}${systemd_unitdir}/system/
+}
+
+lib_package = "${PN}-lib"
+FILES:${lib_package} = "${libdir}/*.so.*"
+FILES:${PN} += " ${bindir}/qtee_supplicant"
+FILES:${PN}-dev += "${libdir}/*.so"
+FILES:${PN}-bin += " \
+    ${bindir}/gp_test_client \
+    ${bindir}/smcinvoke_client \
+"
+

recipes-security/packagegroups/packagegroup-qcom-secure.bb

@@ -4,9 +4,14 @@ DESCRIPTION = "QCOM security components provide smcinvoke functionalty"
 inherit packagegroup
 
 PACKAGES = " \
+    ${PN} \
     ${PN}-tests \
 "
 
+RDEPENDS:${PN} += " \
+    minkipc \
+"
+
 RDEPENDS:${PN}-test += " \
     qcomtee-bin \
     qcbor-bin \