While user TAs are preferably disabled in a secure system to reduce the attack surface, it may still be useful to be able to load the in-tree TAs from the rootfs during development.
The option to install the user TAs into the rootfs. Signed-off-by: Michael Tretter <[email protected]> --- rules/optee.in | 17 ++++++++++++++++- rules/optee.make | 24 ++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 1 deletion(-) diff --git a/rules/optee.in b/rules/optee.in index 0e0f3230d8c6..a6a03a151eb3 100644 --- a/rules/optee.in +++ b/rules/optee.in @@ -1,4 +1,19 @@ ## SECTION=security -config OPTEE +menuconfig OPTEE tristate + prompt "optee" + +if OPTEE + +config PTXCONF_OPTEE_INSTALL_USER_TAS + bool "install in-tree user TAs" + help + Install the OP-TEE in-tree user TAs. + + Enable this option to install the user TAs, which are included in + the OP-TEE OS, into the rootfs. This allows loading the TAs via the + tee-supplicant at runtime and removes the requirement to include the + TAs as early TAs in the OP-TEE binary. + +endif diff --git a/rules/optee.make b/rules/optee.make index e0655565efc3..e9a4ac302494 100644 --- a/rules/optee.make +++ b/rules/optee.make @@ -64,6 +64,10 @@ $(STATEDIR)/optee.install: @install -vd -m755 $(OPTEE_PKGDIR)/usr/lib/optee-os @cp -vr $(OPTEE_OUT_DIR)/$(OPTEE_LIB_DIR)/* $(OPTEE_PKGDIR)/usr/lib/optee-os + @install -vd -m755 $(OPTEE_PKGDIR)/usr/lib/optee_armtz + @install -v -D -m444 $(OPTEE_OUT_DIR)/$(OPTEE_LIB_DIR)/ta/*.ta \ + $(OPTEE_PKGDIR)/usr/lib/optee_armtz + @$(call touch) # ---------------------------------------------------------------------------- @@ -77,9 +81,29 @@ OPTEE_BINARIES := \ tee-pageable_v2.bin \ tee.elf +OPTEE_USER_TAS := \ + 023f8f1a-292a-432b-8fc4-de8471358067.ta \ + 80a4c275-0a47-4905-8285-1486a9771a08.ta \ + f04a0fe7-1f5d-4b9b-abf7-619b85b4ce8c.ta \ + fd02c9da-306c-48c7-a49c-bbd827ae86ee.ta + $(STATEDIR)/optee.targetinstall: @$(call targetinfo) +ifdef PTXCONF_OPTEE_INSTALL_USER_TAS + @$(call install_init, optee) + @$(call install_fixup, optee,PRIORITY,optional) + @$(call install_fixup, optee,SECTION,base) + @$(call install_fixup, optee,AUTHOR,"Rouven Czerwinski <[email protected]>") + @$(call install_fixup, optee,DESCRIPTION,missing) + + @$(foreach ta, $(OPTEE_USER_TAS), \ + $(call install_copy, optee, 0, 0, 0444, -, \ + /usr/lib/optee_armtz/$(ta))$(ptx/nl)) + + @$(call install_finish, optee) +endif + @$(foreach binary, $(OPTEE_BINARIES), \ $(call ptx/image-install, OPTEE, \ $(OPTEE_OUT_DIR)/core/$(binary), \ -- 2.47.2
