Kconfig 1.1 KB

1234567891011121314151617181920212223242526272829303132
  1. # SPDX-License-Identifier: GPL-2.0-only
  2. # OP-TEE Trusted Execution Environment Configuration
  3. config OPTEE
  4. tristate "OP-TEE"
  5. depends on HAVE_ARM_SMCCC
  6. depends on MMU
  7. depends on RPMB || !RPMB
  8. help
  9. This implements the OP-TEE Trusted Execution Environment (TEE)
  10. driver.
  11. config OPTEE_INSECURE_LOAD_IMAGE
  12. bool "Load OP-TEE image as firmware"
  13. default n
  14. depends on OPTEE && ARM64
  15. help
  16. This loads the BL32 image for OP-TEE as firmware when the driver is
  17. probed. This returns -EPROBE_DEFER until the firmware is loadable from
  18. the filesystem which is determined by checking the system_state until
  19. it is in SYSTEM_RUNNING. This also requires enabling the corresponding
  20. option in Trusted Firmware for Arm. The documentation there explains
  21. the security threat associated with enabling this as well as
  22. mitigations at the firmware and platform level.
  23. https://trustedfirmware-a.readthedocs.io/en/latest/threat_model/threat_model.html
  24. Additional documentation on kernel security risks are at
  25. Documentation/tee/op-tee.rst.
  26. config OPTEE_STATIC_PROTMEM_POOL
  27. bool
  28. depends on HAS_IOMEM && TEE_DMABUF_HEAPS
  29. default y