mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2025-04-17 01:54:22 +00:00
05c69cf75e
This adds the ability to load the OP-TEE image via an SMC called from non-secure userspace rather than loading it during boot. This should only be utilized on platforms that can ensure security is maintained up until the point the SMC is invoked as it breaks the normal barrier between the secure and non-secure world. Signed-off-by: Jeffrey Kardatzke <jkardatzke@google.com> Change-Id: I21cfa9699617c493fa4190f01d1cbb714e7449cc
34 lines
1.2 KiB
Makefile
34 lines
1.2 KiB
Makefile
#
|
|
# Copyright (c) 2013-2023, ARM Limited and Contributors. All rights reserved.
|
|
#
|
|
# SPDX-License-Identifier: BSD-3-Clause
|
|
#
|
|
|
|
OPTEED_DIR := services/spd/opteed
|
|
SPD_INCLUDES :=
|
|
|
|
SPD_SOURCES := services/spd/opteed/opteed_common.c \
|
|
services/spd/opteed/opteed_helpers.S \
|
|
services/spd/opteed/opteed_main.c \
|
|
services/spd/opteed/opteed_pm.c
|
|
|
|
NEED_BL32 := yes
|
|
|
|
# required so that optee code can control access to the timer registers
|
|
NS_TIMER_SWITCH := 1
|
|
|
|
# WARNING: This enables loading of OP-TEE via an SMC, which can be potentially
|
|
# insecure. This removes the boundary between the startup of the secure and
|
|
# non-secure worlds until the point where this SMC is invoked. Only use this
|
|
# setting if you can ensure that the non-secure OS can remain trusted up until
|
|
# the point where this SMC is invoked.
|
|
OPTEE_ALLOW_SMC_LOAD := 0
|
|
ifeq ($(OPTEE_ALLOW_SMC_LOAD),1)
|
|
ifeq ($(PLAT_XLAT_TABLES_DYNAMIC),0)
|
|
$(error When OPTEE_ALLOW_SMC_LOAD=1, PLAT_XLAT_TABLES_DYNAMIC must also be 1)
|
|
endif
|
|
$(warning "OPTEE_ALLOW_SMC_LOAD is enabled which may result in an insecure \
|
|
platform")
|
|
$(eval $(call add_define,PLAT_XLAT_TABLES_DYNAMIC))
|
|
$(eval $(call add_define,OPTEE_ALLOW_SMC_LOAD))
|
|
endif
|