[Buildroot] [PATCH 1/5] boot/optee-os: OP-TEE secure world

Baruch Siach baruch at tkos.co.il
Thu Nov 22 20:18:35 UTC 2018 

Hi Etienne,

Thanks for your contribution. I have a few comments below.

Etienne Carriere writes:
> OP-TEE OS is maintained by the OP-TEE project. It provides an
> open source solution for development and integration of secure
> services for Armv7-A and Armv8-A CPU based platforms supporting
> the TrustZone technology. This technology enables CPUs to
> concurrently host a secure world as the OP-TEE OS and a non-secure
> world as a Linux based OS.
>
> The OP-TEE project maintains other packages to leverage OP-TEE on
> Linux kernel based OSes. An OP-TEE interface driver is available
> in the Linux kernel since 4.12 upon CONFIG_OPTEE.
>
> https://www.op-tee.org/
> https://github.com/OP-TEE/optee_os
>
> Signed-off-by: Etienne Carriere <etienne.carriere at linaro.org>

...

> diff --git a/boot/optee-os/Config.in b/boot/optee-os/Config.in
> new file mode 100644
> index 0000000..5968531
> --- /dev/null
> +++ b/boot/optee-os/Config.in
> @@ -0,0 +1,102 @@
> +config BR2_TARGET_OPTEE_OS
> +	bool "optee_os"
> +	depends on BR2_aarch64 || BR2_arm
> +	select BR2_PACKAGE_OPENSSL # host tool

Which host? Is that the host below which OPTEE OS runs? This is usually
called target in the Buildroot lingo. Please clarify in a comment.

Is that a build time dependency? If so you need to add openssl to
_DEPENDENCIES.

> +	help
> +	  OP-TEE OS provides the secure world boot image and the trust
> +	  application development kit of the OP-TEE project. OP-TEE OS
> +	  also provides generic trusted application one can embedded
> +	  into its system.
> +
> +	  http://github.org/OP-TEE/optee_os
> +
> +if BR2_TARGET_OPTEE_OS
> +
> +choice
> +	prompt "OP-TEE OS version"
> +	default BR2_TARGET_OPTEE_OS_LATEST
> +	help
> +	  Select the version of OP-TEE OS you want to use

Is there a practical need to support selection separate version
selection for each OPTEE component? If not then I think this version
selection should apply to all other components.

baruch

--
     http://baruch.siach.name/blog/                  ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch at tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -

More information about the buildroot mailing list