1# Generic Trusted Execution Environment Configuration 2config TEE 3 bool "Trusted Execution Environment support" 4 depends on (ARM && (ARM64 || CPU_V7A)) || SANDBOX 5 select ARM_SMCCC if ARM 6 help 7 This implements a generic interface towards a Trusted Execution 8 Environment (TEE). A TEE is a trusted OS running in some secure 9 environment, for example, TrustZone on ARM cpus, or a separate 10 secure co-processor etc. See also: 11 https://en.wikipedia.org/wiki/Trusted_execution_environment 12 13if TEE 14 15menu "TEE drivers" 16 17config SANDBOX_TEE 18 bool "Sandbox TEE emulator" 19 depends on SANDBOX 20 default y 21 help 22 This emulates a generic TEE needed for testing including the AVB 23 TA. The emulation provides all callbacks of a regular TEE and 24 supports session and shared memory management. The AVB TA is 25 emulated with rollback indexes and device lock-state, the state 26 of the TA is only kept in RAM and will be reset on each boot. 27 The emulation only supports one open session at a time. 28 Interaction from the U-Boot command line in possible via the 29 "avb" commands. 30 31source "drivers/tee/optee/Kconfig" 32source "drivers/tee/broadcom/Kconfig" 33 34endmenu 35 36endif 37