QCLINUX: defconfig: Enable Trusted Execution Environment (TEE) driver ... #130
Conversation
| CONFIG_TEE=y | ||
| CONFIG_OPTEE=y | ||
| # CONFIG_OPTEE is not set | ||
| CONFIG_QCOMTEE=y |
There was a problem hiding this comment.
OPTEE and QCOMTEE cannot exist together ? How do we plan to support pristine upstream builds on our targets in that case ?
There was a problem hiding this comment.
Yes, you are @shashim-quic OPTEE and QCOMTEE both cannot exit together in system.
Here : OPTEE ---> OPTEEOS where is QCOMTEE <---->QTEE OS . In a given target either OPTEE will be enabled or QTEE will be enabled.
There was a problem hiding this comment.
Yes, you are @shashim-quic OPTEE and QCOMTEE both cannot exit together in system. Here : OPTEE ---> OPTEEOS where is QCOMTEE <---->QTEE OS . In a given target either OPTEE will be enabled or QTEE will be enabled.
then how do we support pristine upstream builds ? (assuming QCOMTEE won't be enabled there)
There was a problem hiding this comment.
According to the information on QLI Kernel Mainline Definition, adding CONFIG_QCOMTEE to qcom_addons.config helps keep the build process clean and prevents unnecessary driver conflicts. Since the QCOMTEE driver only needs to be enabled on the QCOM Platform, this approach is more suitable for us.
However, I searched the entire kernel tree in the /teck/all/configure branch but couldn't find a configuration for the custom build variant. Could you share the strategies for working with the /teck/all/configure branch? Many thanks
There was a problem hiding this comment.
According to the information on QLI Kernel Mainline Definition, adding CONFIG_QCOMTEE to qcom_addons.config helps keep the build process clean and prevents unnecessary driver conflicts. Since the QCOMTEE driver only needs to be enabled on the QCOM Platform, this approach is more suitable for us.
However, I searched the entire kernel tree in the /teck/all/configure branch but couldn't find a configuration for the custom build variant. Could you share the strategies for working with the /teck/all/configure branch? Many thanks
There is no separate custom configuration, please refer http://go/qlikernelmainline which captures major policy requirements from kernel
- single kernel image for all targets and variants
- support for clean overlay (via DLKMs and distro configurations like blacklisting)
QCOMTEE in my opinion is not a downstream addition but an upstream one. My question is how are you planning to support QCOMTEE in upstream builds for QC platforms ?
There was a problem hiding this comment.
The QCOMTEE driver has been merged into the kernel topic branch. #121 Currently, both QCOMTEE and OPTEE are present in the kernel topic branch, and we control which TEE driver is compiled through the defconfig. We plan to enable QCOMTEE instead of OPTEE for the upstream build by applying this patch.
May be I am not clear. What I mean is - how would upstream builds with upstream arch/arm64/configs/defconfig work on qcom targets.
Please note that all KLM targets are being tested in community kernel CI as well. Without QCOM TEE enabled in upstream defconfig, what would be the impact ?
There was a problem hiding this comment.
Hi @shashim-quic ,
so in that case we can have optee as it enabled and make qcomtee also 1.
CONFIG_OPTEE=y
CONFIG_QCOMTEE=y
we can have both driver in place simultaneously.
There was a problem hiding this comment.
@jiaxli-QC , Please update the enablement as
CONFIG_OPTEE=y
CONFIG_QCOMTEE=y
There was a problem hiding this comment.
Both OPTEE and QCOMTEE drivers can be used at the same time. Since they use different CMD IDs, they will not affect each other.
All the test cases have passed.
… for Qualcomm TEE (QTEE) We are planning to replace QPTEE with QCOMTEE on all QCOM-released kernel versions. QTEE allows Trusted Applications (TAs) and services to run securely and offers the same functionality as OPTEE. Signed-off-by: Jiaxing Li <[email protected]> Link: qualcomm-linux#121
jiaxli-QC
force-pushed
the
tech/all/config
branch
from
ff3fc66 to
68bd9d2
Compare
3 participants
… for Qualcomm TEE (QTEE)
We are planning to replace QPTEE with QCOMTEE on all QCOM-released kernel versions. QTEE allows Trusted Applications (TAs) and services to run securely and offers the same functionality as OPTEE.
Link: #121