# SPDX-License-Identifier: GPL-2.0-only
# OP-TEE Trusted Execution Environment Configuration

if TEE

config OPTEE
	tristate "OP-TEE communication"
	select HAVE_OPTEE
	select ARM_SMCCC
	depends on MMU
	help
	  This driver implements bidirectional communication with the OP-TEE
	  Trusted Execution Environment (TEE). OP-TEE is a Trusted OS designed
	  primarily to rely on the ARM TrustZone(R) technology as the
	  underlying hardware isolation mechanism.
	  This driver can request services from OP-TEE, but doesn't
	  yet provide a supplicant to handle Remote Procedure Calls (RPC).
	  For more information see: https://www.op-tee.org

	  This driver doesn't actually load OP-TEE. For that see
	  CONFIG_BOOTM_OPTEE and PBL_OPTEE.

	  If unsure, say n here.

config OPTEE_DEVFS
	bool "Provide /dev/tee0 interface"
	depends on OPTEE && FS_DEVFS && EXPERIMENTAL
	help
	  Userspace accesses OP-TEE via ioctls and mmaps of the /dev/tee0
	  device. This are no current in-tree users of this interface,
	  but it's useful for compiling libteeclient + optee_tests for
	  use inside barebox to verify proper operation of CONFIG_OPTEE.

config OPTEE_AVB_PERSISTENT_VALUES
	bool "Android Verified Boot (AVB) persistent values support"
	depends on OPTEE
	help
	  AVB 2.0 spec. revision 1.1 introduces support for named persistent values
	  that must be tamper evident and allows AVB to store arbitrary key-value
	  pairs. AVB itself is not implemented in barebox, but enabling this option
	  allows barebox to use the AVB persistent value store.

endif

config OF_FIXUP_OPTEE
	def_bool y
	depends on HAVE_OPTEE && ARM
