diff options
author | Joanna Farley <joanna.farley@arm.com> | 2023-02-03 00:42:17 +0100 |
---|---|---|
committer | TrustedFirmware Code Review <review@review.trustedfirmware.org> | 2023-02-03 00:42:17 +0100 |
commit | 8b47f87a5fa0f5de81a7a361f029fe4b10871f08 (patch) | |
tree | 33b97504e48990de2d600d445df076a3c2b9e8a1 /docs/components | |
parent | 1548e0e7b9146b5f68346a03c2dc5e88608e8044 (diff) | |
parent | 05c69cf75edf53478e23fce157fea72372b49597 (diff) | |
download | arm-trusted-firmware-8b47f87a5fa0f5de81a7a361f029fe4b10871f08.tar.gz |
Merge "feat(optee): add loading OP-TEE image via an SMC" into integration
Diffstat (limited to 'docs/components')
-rw-r--r-- | docs/components/spd/optee-dispatcher.rst | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/docs/components/spd/optee-dispatcher.rst b/docs/components/spd/optee-dispatcher.rst index 63baccc56..81476f157 100644 --- a/docs/components/spd/optee-dispatcher.rst +++ b/docs/components/spd/optee-dispatcher.rst @@ -6,9 +6,26 @@ OP-TEE Dispatcher To build and execute OP-TEE follow the instructions at `OP-TEE build.git`_ +There are two different modes for loading the OP-TEE OS. The default mode will +load it as the BL32 payload during boot, and is the recommended technique for +platforms to use. There is also another technique that will load OP-TEE OS after +boot via an SMC call by enabling the option for OPTEE_ALLOW_SMC_LOAD that was +specifically added for ChromeOS. Loading OP-TEE via an SMC call may be insecure +depending upon the platform configuration. If using that option, be sure to +understand the risks involved with allowing the Trusted OS to be loaded this +way. ChromeOS uses a boot flow where it verifies the signature of the firmware +before executing it, and then only if the signature is valid will the 'secrets' +used by the TEE become accessible. The firmware then verifies the signature of +the kernel using depthcharge, and the kernel verifies the rootfs using +dm-verity. The SMC call to load OP-TEE is then invoked immediately after the +kernel finishes loading and before any attack vectors can be opened up by +mounting writable filesystems or opening network/device connections. this +ensures the platform is 'closed' and running signed code through the point where +OP-TEE is loaded. + -------------- -*Copyright (c) 2014-2018, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2014-2023, Arm Limited and Contributors. All rights reserved.* .. _OP-TEE OS: https://github.com/OP-TEE/build .. _OP-TEE build.git: https://github.com/OP-TEE/build |