Skip to content

Commit c68d414

Browse files
committed
feat(optee): Update RPMB sections to be shown for AM62L
So far, RPMB sections were excluded from AM62L docs since AM62L was not supporting RPMB. But now it does support. Therefore show those sections for AM62L as well. Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
1 parent 2ff5b4d commit c68d414

2 files changed

Lines changed: 25 additions & 41 deletions

File tree

.github/styles/config/vocabularies/PSDK/accept.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ TFLite
1818
TVM
1919
Trixie
2020
UniFlash
21+
userland
2122
Vulkan
2223
Weston
2324
Yocto

source/linux/Foundational_Components_OPTEE.rst

Lines changed: 24 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -117,49 +117,34 @@ TI SDK enables REE FS by-default, and configures OP-TEE to store
117117
encrypted binary blobs created by REE FS in
118118
:file:`/var/lib/tee/`.
119119

120-
.. ifconfig:: CONFIG_part_variant in ('AM62LX')
121-
122-
.. note::
123-
124-
Presently, AM62L does not support RPMB. This support will be added
125-
in subsequent releases. It does support REE FS.
126-
127-
The remaining devices support both: REE FS by-default and RPMB if
128-
OP-TEE binaries are re-compiled with required flags.
129-
130-
For learning more about secure storage in OP-TEE, refer:
131-
https://optee.readthedocs.io/en/latest/architecture/secure_storage.html
132-
133-
.. ifconfig:: CONFIG_part_variant not in ('AM62LX')
134-
135-
RPMB works in TI SoCs with HS configuration. These embed a KEK
136-
that programs across OP-TEE instances in a derived manner. Each HS
137-
device has its own HUK signing key (DKEK), which is different from
138-
other HS devices. TI SDK disables RPMB by-default. To enable it,
139-
re-compiling OP-TEE with ``CFG_RPMB_FS=y`` flag.
120+
RPMB works in TI SoCs with HS configuration. These embed a KEK
121+
that programs across OP-TEE instances in a derived manner. Each HS
122+
device has its own HUK signing key (DKEK), which is different from
123+
other HS devices. TI SDK disables RPMB by-default. To enable it,
124+
re-compiling OP-TEE with ``CFG_RPMB_FS=y`` flag.
140125

141-
For learning more about secure storage in OP-TEE, and instructions to
142-
enable RPMB, refer:
143-
https://optee.readthedocs.io/en/latest/architecture/secure_storage.html
126+
For learning more about secure storage in OP-TEE, and instructions to
127+
enable RPMB, refer:
128+
https://optee.readthedocs.io/en/latest/architecture/secure_storage.html
144129

145-
There is a hybrid mode in which both the flags i.e `CFG_REE_FS=y` and `CFG_RPMB_FS=y` are enabled.
146-
This mode stores the state of the Secure Storage directory in RPMB partition to check for the
147-
integrity of the data present in it. It is the recommended way.
130+
There is a hybrid mode, which enables both `CFG_REE_FS=y` and `CFG_RPMB_FS=y`.
131+
This mode stores the state of the Secure Storage directory in RPMB partition to check for the
132+
integrity of the data present in it. It is the recommended way.
148133

149-
E.g. For enabling hybrid mode of RPMB along with REE_FS
134+
E.g. For enabling hybrid mode of RPMB along with REE_FS
150135

151-
.. ifconfig:: CONFIG_part_variant in ('J721S2')
136+
.. ifconfig:: CONFIG_part_variant in ('J721S2')
152137

153-
.. code-block:: console
138+
.. code-block:: console
154139
155-
$ export CFG_CONSOLE_UART=0x8
140+
$ export CFG_CONSOLE_UART=0x8
156141
157-
.. parsed-literal::
142+
.. parsed-literal::
158143
159-
$ make CROSS_COMPILE64="$CROSS_COMPILE_64" PLATFORM=\ |__OPTEE_PLATFORM_FLAVOR__| CFG_ARM64_core=y CFG_REE_FS=y CFG_RPMB_FS=y
144+
$ make CROSS_COMPILE64="$CROSS_COMPILE_64" PLATFORM=\ |__OPTEE_PLATFORM_FLAVOR__| CFG_ARM64_core=y CFG_REE_FS=y CFG_RPMB_FS=y
160145
161-
OPTEE-client also needs to be updated to enable the use of real
162-
emmc instead of the virtual emmc that is enabled by default
146+
Also update optee-client to enable the use of real
147+
emmc instead of the virtual emmc, which is the default option.
163148

164149
As an example to show the usage of secure storage, the filesystem
165150
provides a binary :file:`/usr/bin/optee_examples_secure_storage`.
@@ -221,12 +206,10 @@ Integrate binary output into U-boot
221206

222207
|
223208
224-
.. ifconfig:: CONFIG_part_variant not in ('AM62LX')
225-
226-
.. rubric:: PKCS#11
209+
.. rubric:: PKCS#11
227210

228-
PKCS#11 is a cryptographic token interface standard that allows applications
229-
to access cryptographic services through a platform-independent API.
211+
PKCS#11 is a cryptographic token interface standard that allows applications
212+
to access cryptographic services through a platform-independent API.
230213

231-
For userland integration details, refer:
232-
https://optee.readthedocs.io/en/latest/building/userland_integration.html
214+
For userland integration details, refer:
215+
https://optee.readthedocs.io/en/latest/building/userland_integration.html

0 commit comments

Comments
 (0)