# SPDX-License-Identifier: GPL-2.0-only # OP-TEE Trusted Execution Environment Configuration config OPTEE tristate "OP-TEE" depends on HAVE_ARM_SMCCC depends on MMU depends on RPMB || !RPMB help This implements the OP-TEE Trusted Execution Environment (TEE) driver. config OPTEE_INSECURE_LOAD_IMAGE bool "Load OP-TEE image as firmware" default n depends on OPTEE && ARM64 help This loads the BL32 image for OP-TEE as firmware when the driver is probed. This returns -EPROBE_DEFER until the firmware is loadable from the filesystem which is determined by checking the system_state until it is in SYSTEM_RUNNING. This also requires enabling the corresponding option in Trusted Firmware for Arm. The documentation there explains the security threat associated with enabling this as well as mitigations at the firmware and platform level. https://trustedfirmware-a.readthedocs.io/en/latest/threat_model/threat_model.html Additional documentation on kernel security risks are at Documentation/tee/op-tee.rst.