28 lines
		
	
	
		
			1.0 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			28 lines
		
	
	
		
			1.0 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| # SPDX-License-Identifier: GPL-2.0-only
 | |
| # OP-TEE Trusted Execution Environment Configuration
 | |
| config OPTEE
 | |
| 	tristate "OP-TEE"
 | |
| 	depends on HAVE_ARM_SMCCC
 | |
| 	depends on MMU
 | |
| 	depends on RPMB || !RPMB
 | |
| 	help
 | |
| 	  This implements the OP-TEE Trusted Execution Environment (TEE)
 | |
| 	  driver.
 | |
| 
 | |
| config OPTEE_INSECURE_LOAD_IMAGE
 | |
| 	bool "Load OP-TEE image as firmware"
 | |
| 	default n
 | |
| 	depends on OPTEE && ARM64
 | |
| 	help
 | |
| 	  This loads the BL32 image for OP-TEE as firmware when the driver is
 | |
| 	  probed. This returns -EPROBE_DEFER until the firmware is loadable from
 | |
| 	  the filesystem which is determined by checking the system_state until
 | |
| 	  it is in SYSTEM_RUNNING. This also requires enabling the corresponding
 | |
| 	  option in Trusted Firmware for Arm. The documentation there explains
 | |
| 	  the security threat associated with enabling this as well as
 | |
| 	  mitigations at the firmware and platform level.
 | |
| 	  https://trustedfirmware-a.readthedocs.io/en/latest/threat_model/threat_model.html
 | |
| 
 | |
| 	  Additional documentation on kernel security risks are at
 | |
| 	  Documentation/tee/op-tee.rst.
 |