Jens Wiklander | 1429044 | 2018-09-25 16:40:09 +0200 | [diff] [blame] | 1 | # Generic Trusted Execution Environment Configuration |
| 2 | config TEE |
| 3 | bool "Trusted Execution Environment support" |
Jens Wiklander | c7b443a | 2018-09-25 16:40:18 +0200 | [diff] [blame] | 4 | depends on (ARM && (ARM64 || CPU_V7A)) || SANDBOX |
| 5 | select ARM_SMCCC if ARM |
Jens Wiklander | 1429044 | 2018-09-25 16:40:09 +0200 | [diff] [blame] | 6 | help |
| 7 | This implements a generic interface towards a Trusted Execution |
| 8 | Environment (TEE). A TEE is a trusted OS running in some secure |
| 9 | environment, for example, TrustZone on ARM cpus, or a separate |
| 10 | secure co-processor etc. See also: |
| 11 | https://en.wikipedia.org/wiki/Trusted_execution_environment |
Jens Wiklander | 2b7216b | 2018-09-25 16:40:11 +0200 | [diff] [blame] | 12 | |
| 13 | if TEE |
| 14 | |
| 15 | menu "TEE drivers" |
| 16 | |
Jens Wiklander | c7b443a | 2018-09-25 16:40:18 +0200 | [diff] [blame] | 17 | config SANDBOX_TEE |
| 18 | bool "Sandbox TEE emulator" |
| 19 | depends on SANDBOX |
| 20 | default y |
| 21 | help |
| 22 | This emulates a generic TEE needed for testing including the AVB |
| 23 | TA. The emulation provides all callbacks of a regular TEE and |
| 24 | supports session and shared memory management. The AVB TA is |
| 25 | emulated with rollback indexes and device lock-state, the state |
| 26 | of the TA is only kept in RAM and will be reset on each boot. |
| 27 | The emulation only supports one open session at a time. |
| 28 | Interaction from the U-Boot command line in possible via the |
| 29 | "avb" commands. |
| 30 | |
Jens Wiklander | 2b7216b | 2018-09-25 16:40:11 +0200 | [diff] [blame] | 31 | source "drivers/tee/optee/Kconfig" |
| 32 | |
| 33 | endmenu |
| 34 | |
| 35 | endif |