| 1234567891011121314151617181920212223242526272829303132 |
- # SPDX-License-Identifier: GPL-2.0-only
- # OP-TEE Trusted Execution Environment Configuration
- config OPTEE
- tristate "OP-TEE"
- depends on HAVE_ARM_SMCCC
- depends on MMU
- depends on RPMB || !RPMB
- help
- This implements the OP-TEE Trusted Execution Environment (TEE)
- driver.
- config OPTEE_INSECURE_LOAD_IMAGE
- bool "Load OP-TEE image as firmware"
- default n
- depends on OPTEE && ARM64
- help
- This loads the BL32 image for OP-TEE as firmware when the driver is
- probed. This returns -EPROBE_DEFER until the firmware is loadable from
- the filesystem which is determined by checking the system_state until
- it is in SYSTEM_RUNNING. This also requires enabling the corresponding
- option in Trusted Firmware for Arm. The documentation there explains
- the security threat associated with enabling this as well as
- mitigations at the firmware and platform level.
- https://trustedfirmware-a.readthedocs.io/en/latest/threat_model/threat_model.html
- Additional documentation on kernel security risks are at
- Documentation/tee/op-tee.rst.
- config OPTEE_STATIC_PROTMEM_POOL
- bool
- depends on HAS_IOMEM && TEE_DMABUF_HEAPS
- default y
|