From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Thu, 15 Aug 2024 16:06:27 +0200 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1seb7T-009tAU-2y for lore@lore.pengutronix.de; Thu, 15 Aug 2024 16:06:27 +0200 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1seb7T-0004dW-1R; Thu, 15 Aug 2024 16:06:27 +0200 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1seb7L-0004d9-I1; Thu, 15 Aug 2024 16:06:19 +0200 Received: from [2a0a:edc0:0:1101:1d::54] (helo=dude05.red.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1seb7L-000cBI-43; Thu, 15 Aug 2024 16:06:19 +0200 Received: from localhost ([::1] helo=dude05.red.stw.pengutronix.de) by dude05.red.stw.pengutronix.de with esmtp (Exim 4.96) (envelope-from ) id 1seb7L-003Fc4-07; Thu, 15 Aug 2024 16:06:19 +0200 From: Ahmad Fatoum To: distrokit@pengutronix.de Date: Thu, 15 Aug 2024 16:06:18 +0200 Message-Id: <20240815140618.774941-1-a.fatoum@pengutronix.de> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Subject: [DistroKit] [PATCH] reason: make OP-TEE override truly v7a-specific X-BeenThere: distrokit@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: DistroKit Mailinglist List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?UTF-8?q?Jan=20L=C3=BCbbe?= , Ahmad Fatoum Sender: "DistroKit" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: distrokit-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false QA tool complains that optee_disable_features doesn't apply when running the check against non-v7a platforms. To fix this, move the override into a v7a-specific file and include that conditionally. Suggested-by: Jan Lübbe Signed-off-by: Ahmad Fatoum --- configs/bsp.ref | 14 ++------------ configs/platform-v7a/bsp.ref | 12 ++++++++++++ 2 files changed, 14 insertions(+), 12 deletions(-) create mode 100644 configs/platform-v7a/bsp.ref diff --git a/configs/bsp.ref b/configs/bsp.ref index 2f64107ef52a..680148dbe129 100644 --- a/configs/bsp.ref +++ b/configs/bsp.ref @@ -1,5 +1,7 @@ includes: - file: ptxdist.ref + - file: platform-v7a/bsp.ref + condition: kconfig.have_optee_config() and kconfig.OPTEEConfig()['CFG_STM32MP13'] ptxdist_debug_pci: description: | @@ -33,18 +35,6 @@ kernel_initrd: value: True - value: False -optee_disabled_features: - description: | - OP-TEE is used as secure monitor on STM32MP13x providing power - management and clock/reset control support. We don't use it as - part of a trusted boot setup, so we prefer debuggability over - reduction of the attack surface. - condition: kconfig.have_optee_config() and kconfig.OPTEEConfig()['CFG_STM32MP13'] - present: - - CFG_DEBUG_INFO - - CFG_ENABLE_EMBEDDED_TESTS - - CFG_TEE_CORE_TA_TRACE - barebox_arm_optimized_string_functions: description: | The use of assembler optimized memcpy / memset functions improves diff --git a/configs/platform-v7a/bsp.ref b/configs/platform-v7a/bsp.ref new file mode 100644 index 000000000000..169e555df53a --- /dev/null +++ b/configs/platform-v7a/bsp.ref @@ -0,0 +1,12 @@ +optee_disabled_features: + description: | + OP-TEE is used as secure monitor on STM32MP13x providing power + management and clock/reset control support. We don't use it as + part of a trusted boot setup, so we prefer debuggability over + reduction of the attack surface. + present: + - CFG_DEBUG_INFO + - CFG_ENABLE_EMBEDDED_TESTS + - CFG_TEE_CORE_TA_TRACE + +# vim: filetype=yaml shiftwidth=2 expandtab -- 2.39.2