tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1# SPDX-License-Identifier: GPL-2.0-only
2# OP-TEE Trusted Execution Environment Configuration
3config OPTEE
4 tristate "OP-TEE"
5 depends on HAVE_ARM_SMCCC
6 depends on MMU
7 depends on RPMB || !RPMB
8 help
9 This implements the OP-TEE Trusted Execution Environment (TEE)
10 driver.
11
12config OPTEE_INSECURE_LOAD_IMAGE
13 bool "Load OP-TEE image as firmware"
14 default n
15 depends on OPTEE && ARM64
16 help
17 This loads the BL32 image for OP-TEE as firmware when the driver is
18 probed. This returns -EPROBE_DEFER until the firmware is loadable from
19 the filesystem which is determined by checking the system_state until
20 it is in SYSTEM_RUNNING. This also requires enabling the corresponding
21 option in Trusted Firmware for Arm. The documentation there explains
22 the security threat associated with enabling this as well as
23 mitigations at the firmware and platform level.
24 https://trustedfirmware-a.readthedocs.io/en/latest/threat_model/threat_model.html
25
26 Additional documentation on kernel security risks are at
27 Documentation/tee/op-tee.rst.