From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Mon, 16 Dec 2024 15:10:11 +0100 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1tNBnW-008qlO-2e for lore@lore.pengutronix.de; Mon, 16 Dec 2024 15:10:11 +0100 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1tNBnW-0002aI-Q9; Mon, 16 Dec 2024 15:10:10 +0100 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1tNBnT-0002Zw-GH; Mon, 16 Dec 2024 15:10:07 +0100 Received: from pty.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::c5]) by drehscheibe.grey.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1tNBnS-003htU-1m; Mon, 16 Dec 2024 15:10:07 +0100 Received: from rsc by pty.whiteo.stw.pengutronix.de with local (Exim 4.96) (envelope-from ) id 1tNBnT-002cLz-0m; Mon, 16 Dec 2024 15:10:07 +0100 Date: Mon, 16 Dec 2024 15:10:07 +0100 From: Robert Schwebel To: Ahmad Fatoum Message-ID: References: <20241213095955.3308105-1-a.fatoum@pengutronix.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20241213095955.3308105-1-a.fatoum@pengutronix.de> X-Sent-From: Pengutronix Hildesheim X-URL: http://www.pengutronix.de/ X-Accept-Language: de,en X-Accept-Content-Type: text/plain Subject: Re: [DistroKit] [PATCH] reason: silence reason warning about CFG_INSECURE being set X-BeenThere: distrokit@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: DistroKit Mailinglist List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Olbrich , distrokit@pengutronix.de Sender: "DistroKit" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: distrokit-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false On Fri, Dec 13, 2024 at 10:59:55AM +0100, Ahmad Fatoum wrote: > In actual products, CFG_INSECURE should be disabled after we verify > the configuration to be secure. DistroKit uses OP-TEE only on STM32MP13 > and not for security, but for power management, so we'll just override > the option and live with the boot-time warning. > > Reported-by: Michael Olbrich > Signed-off-by: Ahmad Fatoum Applied to next > --- > configs/platform-v7a/bsp.ref | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/configs/platform-v7a/bsp.ref b/configs/platform-v7a/bsp.ref > index 169e555df53a..bda4db20af2c 100644 > --- a/configs/platform-v7a/bsp.ref > +++ b/configs/platform-v7a/bsp.ref > @@ -9,4 +9,12 @@ optee_disabled_features: > - CFG_ENABLE_EMBEDDED_TESTS > - CFG_TEE_CORE_TA_TRACE > > +optee_security_warning_disabled: > + description: | > + OP-TEE is used as secure monitor on STM32MP13x providing power > + management and clock/reset control support. We don't use it as > + part of a trusted boot setup, so it's apt for OP-TEE to warn > + about this at startup and thus we'll keep CFG_INSECURE enabled. > + value: True > + > # vim: filetype=yaml shiftwidth=2 expandtab > -- > 2.39.5 -- Pengutronix e.K. | Dipl.-Ing. Robert Schwebel | Steuerwalder Str. 21 | https://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-9 |