1# SPDX-License-Identifier: GPL-2.0-only 2# OP-TEE Trusted Execution Environment Configuration 3config OPTEE 4 tristate "OP-TEE" 5 depends on HAVE_ARM_SMCCC 6 depends on MMU 7 help 8 This implements the OP-TEE Trusted Execution Environment (TEE) 9 driver. 10 11config OPTEE_INSECURE_LOAD_IMAGE 12 bool "Load OP-TEE image as firmware" 13 default n 14 depends on OPTEE && ARM64 15 help 16 This loads the BL32 image for OP-TEE as firmware when the driver is 17 probed. This returns -EPROBE_DEFER until the firmware is loadable from 18 the filesystem which is determined by checking the system_state until 19 it is in SYSTEM_RUNNING. This also requires enabling the corresponding 20 option in Trusted Firmware for Arm. The documentation there explains 21 the security threat associated with enabling this as well as 22 mitigations at the firmware and platform level. 23 https://trustedfirmware-a.readthedocs.io/en/latest/threat_model/threat_model.html 24 25 Additional documentation on kernel security risks are at 26 Documentation/staging/tee.rst. 27