mirror of
https://github.com/torvalds/linux.git
synced 2026-01-12 00:42:35 +08:00
0e32abef9f
Add support in the OP-TEE backend driver for protected memory allocation. The support is limited to only the SMC ABI and for secure video buffers. OP-TEE is probed for the range of protected physical memory and a memory pool allocator is initialized if OP-TEE have support for such memory. Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
33 lines
1.1 KiB
Plaintext
33 lines
1.1 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0-only
|
|
# OP-TEE Trusted Execution Environment Configuration
|
|
config OPTEE
|
|
tristate "OP-TEE"
|
|
depends on HAVE_ARM_SMCCC
|
|
depends on MMU
|
|
depends on RPMB || !RPMB
|
|
help
|
|
This implements the OP-TEE Trusted Execution Environment (TEE)
|
|
driver.
|
|
|
|
config OPTEE_INSECURE_LOAD_IMAGE
|
|
bool "Load OP-TEE image as firmware"
|
|
default n
|
|
depends on OPTEE && ARM64
|
|
help
|
|
This loads the BL32 image for OP-TEE as firmware when the driver is
|
|
probed. This returns -EPROBE_DEFER until the firmware is loadable from
|
|
the filesystem which is determined by checking the system_state until
|
|
it is in SYSTEM_RUNNING. This also requires enabling the corresponding
|
|
option in Trusted Firmware for Arm. The documentation there explains
|
|
the security threat associated with enabling this as well as
|
|
mitigations at the firmware and platform level.
|
|
https://trustedfirmware-a.readthedocs.io/en/latest/threat_model/threat_model.html
|
|
|
|
Additional documentation on kernel security risks are at
|
|
Documentation/tee/op-tee.rst.
|
|
|
|
config OPTEE_STATIC_PROTMEM_POOL
|
|
bool
|
|
depends on HAS_IOMEM && TEE_DMABUF_HEAPS
|
|
default y
|