diff options
| author | Joakim Bech <joakim.bech@linaro.org> | 2021-11-22 16:34:44 +0100 |
|---|---|---|
| committer | Jérôme Forissier <jerome@forissier.org> | 2021-11-23 14:45:55 +0100 |
| commit | 9e42008d9512dda216db2235576b8956e95c408c (patch) | |
| tree | 879f5175f87dec4abcfe9f256c2717ff8f5e4982 | |
| parent | 5411b32264ec5788d35011459a8311bd322098cc (diff) | |
config: add flag CFG_WARN_INSECURE
OP-TEE is a reference implementation for developers and device
manufacturers, which implies that there always is a need to fill in
missing pieces that cannot be done generically. The chipmakers often
have additional security configurations those needs to be configured
according to the chipmakers security guidelines and security
specifications.
To reduce the likelihood of running a vanilla configured OP-TEE we
introduce the flag CFG_WARN_INSECURE that will give warning messages in
the boot saying that the OP-TEE runs a configuration that might be
insecure. The intention is that the device manufacturer making the end
products should change the flag to "n" after implementing stubbed
functionality in OP-TEE and configuring their device according to the
chipmakers security guidelines and security specifications.
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
| -rw-r--r-- | core/arch/arm/kernel/boot.c | 4 | ||||
| -rw-r--r-- | mk/config.mk | 10 |
2 files changed, 14 insertions, 0 deletions
diff --git a/core/arch/arm/kernel/boot.c b/core/arch/arm/kernel/boot.c index 86a1fb2d..b485503c 100644 --- a/core/arch/arm/kernel/boot.c +++ b/core/arch/arm/kernel/boot.c @@ -1253,6 +1253,10 @@ void __weak boot_init_primary_late(unsigned long fdt) configure_console_from_dt(); IMSG("OP-TEE version: %s", core_v_str); + if (IS_ENABLED(CFG_WARN_INSECURE)) { + IMSG("WARNING: This OP-TEE configuration might be insecure!"); + IMSG("WARNING: Please check https://optee.readthedocs.io/en/latest/architecture/porting_guidelines.html"); + } IMSG("Primary CPU initializing"); #ifdef CFG_CORE_ASLR DMSG("Executing at offset %#lx with virtual load address %#"PRIxVA, diff --git a/mk/config.mk b/mk/config.mk index 7831d790..6a2547ed 100644 --- a/mk/config.mk +++ b/mk/config.mk @@ -723,5 +723,15 @@ CFG_DRIVERS_CLK ?= n CFG_DRIVERS_CLK_DT ?= $(call cfg-all-enabled,CFG_DRIVERS_CLK CFG_DT) CFG_DRIVERS_CLK_FIXED ?= $(CFG_DRIVERS_CLK_DT) +# The purpose of this flag is to show a print when booting up the device that +# indicates whether the board runs a standard developer configuration or not. +# A developer configuration doesn't necessarily has to be secure. The intention +# is that the one making products based on OP-TEE should override this flag in +# plat-xxx/conf.mk for the platform they're basing their products on after +# they've finalized implementing stubbed functionality (see OP-TEE +# documentation/Porting guidelines) as well as vendor specific security +# configuration. +CFG_WARN_INSECURE ?= y + $(eval $(call cfg-depends-all,CFG_DRIVERS_CLK_DT,CFG_DRIVERS_CLK CFG_DT)) $(eval $(call cfg-depends-all,CFG_DRIVERS_CLK_FIXED,CFG_DRIVERS_CLK_DT)) |