From 9e42008d9512dda216db2235576b8956e95c408c Mon Sep 17 00:00:00 2001 From: Joakim Bech Date: Mon, 22 Nov 2021 16:34:44 +0100 Subject: config: add flag CFG_WARN_INSECURE OP-TEE is a reference implementation for developers and device manufacturers, which implies that there always is a need to fill in missing pieces that cannot be done generically. The chipmakers often have additional security configurations those needs to be configured according to the chipmakers security guidelines and security specifications. To reduce the likelihood of running a vanilla configured OP-TEE we introduce the flag CFG_WARN_INSECURE that will give warning messages in the boot saying that the OP-TEE runs a configuration that might be insecure. The intention is that the device manufacturer making the end products should change the flag to "n" after implementing stubbed functionality in OP-TEE and configuring their device according to the chipmakers security guidelines and security specifications. Signed-off-by: Joakim Bech Reviewed-by: Ruchika Gupta Acked-by: Sumit Garg Acked-by: Rouven Czerwinski Acked-by: Clement Faure Acked-by: Jerome Forissier Acked-by: Jens Wiklander --- core/arch/arm/kernel/boot.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'core/arch') diff --git a/core/arch/arm/kernel/boot.c b/core/arch/arm/kernel/boot.c index 86a1fb2d..b485503c 100644 --- a/core/arch/arm/kernel/boot.c +++ b/core/arch/arm/kernel/boot.c @@ -1253,6 +1253,10 @@ void __weak boot_init_primary_late(unsigned long fdt) configure_console_from_dt(); IMSG("OP-TEE version: %s", core_v_str); + if (IS_ENABLED(CFG_WARN_INSECURE)) { + IMSG("WARNING: This OP-TEE configuration might be insecure!"); + IMSG("WARNING: Please check https://optee.readthedocs.io/en/latest/architecture/porting_guidelines.html"); + } IMSG("Primary CPU initializing"); #ifdef CFG_CORE_ASLR DMSG("Executing at offset %#lx with virtual load address %#"PRIxVA, -- cgit v1.2.3