sravan/system76-coreboot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

arch/arm64: Add Kconfig option ARM64_BL31_OPTEE_WITH_SMC

Browse Source 
Add a new Kconfig option ARM64_BL31_OPTEE_WITH_SMC to control whether to
build the OP-TEE dispatcher for BL31. This config also enables the BL31
build option OPTEE_ALLOW_SMC_LOAD, which allows loading the OP-TEE image
after boot via a Secure Monitor Call (SMC). For ChromeOS devices,
CROS_WIDEVINE_SMC is also enabled to allow passing secrets from firmware
to OP-TEE.

BUG=b:347851571
TEST=emerge-geralt coreboot
BRANCH=geralt

Change-Id: I4dcf82d47b537146d71ce3cd2050ec597ed0734f
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/83111
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
This commit is contained in:
Yu-Ping Wu 2024-06-18 15:55:43 +08:00 committed by Yu-Ping Wu
parent 063c594e9f
commit 3ac5fb3091
2 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/arch/arm64/Kconfig
View File

@ -46,6 +46,15 @@ config ARM64_USE_ARM_TRUSTED_FIRMWARE
default n default n
depends on ARCH_RAMSTAGE_ARM64 && ARM64_CURRENT_EL = 3 depends on ARCH_RAMSTAGE_ARM64 && ARM64_CURRENT_EL = 3
config ARM64_BL31_OPTEE_WITH_SMC
bool "Build OP-TEE dispatcher for BL31 and allow loading via an SMC"
default n
depends on ARM64_USE_ARM_TRUSTED_FIRMWARE
help
This option adds support for building the OP-TEE Secure Payload Dispatcher
(SPD) for BL31, and allows loading the OP-TEE image via a Secure Monitor Call
(SMC).
config ARM64_BL31_EXTERNAL_FILE config ARM64_BL31_EXTERNAL_FILE
string "Path to external BL31.ELF (leave empty to build from source)" string "Path to external BL31.ELF (leave empty to build from source)"
depends on ARM64_USE_ARM_TRUSTED_FIRMWARE depends on ARM64_USE_ARM_TRUSTED_FIRMWARE

9
src/arch/arm64/Makefile.mk
View File

@ -185,6 +185,15 @@ BL31_MAKEARGS += IS_ANYTHING_TO_BUILD=1
# Set a consistent build timestamp: the same coreboot has # Set a consistent build timestamp: the same coreboot has
BL31_MAKEARGS += BUILD_MESSAGE_TIMESTAMP='"$(shell sed -n 's/^.define COREBOOT_BUILD\>.*"\(.*\)".*/\1/p' $(obj)/build.h)"' BL31_MAKEARGS += BUILD_MESSAGE_TIMESTAMP='"$(shell sed -n 's/^.define COREBOOT_BUILD\>.*"\(.*\)".*/\1/p' $(obj)/build.h)"'
ifeq ($(CONFIG_ARM64_BL31_OPTEE_WITH_SMC),y)
BL31_MAKEARGS += SPD=opteed
BL31_MAKEARGS += OPTEE_ALLOW_SMC_LOAD=1
BL31_MAKEARGS += PLAT_XLAT_TABLES_DYNAMIC=1
ifeq ($(CONFIG_CHROMEOS),y)
BL31_MAKEARGS += CROS_WIDEVINE_SMC=1
endif
endif # CONFIG_ARM64_BL31_OPTEE_WITH_SMC
BL31_CFLAGS := -fno-pic -fno-stack-protector -Wno-deprecated-declarations -Wno-unused-function BL31_CFLAGS := -fno-pic -fno-stack-protector -Wno-deprecated-declarations -Wno-unused-function
BL31_LDFLAGS := -Wl,--emit-relocs BL31_LDFLAGS := -Wl,--emit-relocs