Thanks, applied as 3982189e8fa609c0ff66356619edbc37e3bb1f53. Michael
[sent from post-receive hook] On Tue, 16 Sep 2025 21:44:40 +0200, Michael Tretter <[email protected]> wrote: > While user TAs are preferably disabled in a secure system to reduce the > attack surface, it may still be useful to be able to load the in-tree > TAs from the rootfs during development. > > Add an option to install the user TAs into the rootfs. > > Signed-off-by: Michael Tretter <[email protected]> > Message-Id: <[email protected]> > Signed-off-by: Michael Olbrich <[email protected]> > > diff --git a/platforms/optee.in b/platforms/optee.in > index 722bf933bc65..ca9973292ec8 100644 > --- a/platforms/optee.in > +++ b/platforms/optee.in > @@ -40,4 +40,14 @@ config OPTEE_CFG > Refer to the following file for the CFG_FLAGS: > https://github.com/OP-TEE/optee_os/blob/master/mk/config.mk > > +config OPTEE_INSTALL_USER_TAS > + bool "install in-tree user TAs" > + help > + Install the OP-TEE in-tree user TAs. > + > + Enable this option to install the user TAs, which are included in > + the OP-TEE OS, into the rootfs. This allows loading the TAs via the > + tee-supplicant at runtime and removes the requirement to include the > + TAs as early TAs in the OP-TEE binary. > + > endif > diff --git a/rules/optee.make b/rules/optee.make > index e0655565efc3..e9a4ac302494 100644 > --- a/rules/optee.make > +++ b/rules/optee.make > @@ -64,6 +64,10 @@ $(STATEDIR)/optee.install: > @install -vd -m755 $(OPTEE_PKGDIR)/usr/lib/optee-os > @cp -vr $(OPTEE_OUT_DIR)/$(OPTEE_LIB_DIR)/* > $(OPTEE_PKGDIR)/usr/lib/optee-os > > + @install -vd -m755 $(OPTEE_PKGDIR)/usr/lib/optee_armtz > + @install -v -D -m444 $(OPTEE_OUT_DIR)/$(OPTEE_LIB_DIR)/ta/*.ta \ > + $(OPTEE_PKGDIR)/usr/lib/optee_armtz > + > @$(call touch) > > # > ---------------------------------------------------------------------------- > @@ -77,9 +81,29 @@ OPTEE_BINARIES := \ > tee-pageable_v2.bin \ > tee.elf > > +OPTEE_USER_TAS := \ > + 023f8f1a-292a-432b-8fc4-de8471358067.ta \ > + 80a4c275-0a47-4905-8285-1486a9771a08.ta \ > + f04a0fe7-1f5d-4b9b-abf7-619b85b4ce8c.ta \ > + fd02c9da-306c-48c7-a49c-bbd827ae86ee.ta > + > $(STATEDIR)/optee.targetinstall: > @$(call targetinfo) > > +ifdef PTXCONF_OPTEE_INSTALL_USER_TAS > + @$(call install_init, optee) > + @$(call install_fixup, optee,PRIORITY,optional) > + @$(call install_fixup, optee,SECTION,base) > + @$(call install_fixup, optee,AUTHOR,"Rouven Czerwinski > <[email protected]>") > + @$(call install_fixup, optee,DESCRIPTION,missing) > + > + @$(foreach ta, $(OPTEE_USER_TAS), \ > + $(call install_copy, optee, 0, 0, 0444, -, \ > + /usr/lib/optee_armtz/$(ta))$(ptx/nl)) > + > + @$(call install_finish, optee) > +endif > + > @$(foreach binary, $(OPTEE_BINARIES), \ > $(call ptx/image-install, OPTEE, \ > $(OPTEE_OUT_DIR)/core/$(binary), \
