Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Most platforms have a per-device uinque ID available, but it is not publicly documented how to access it. That leads to a situation on, eg, Hikey where OP-TEE has no way to tell two Hikey's apart. For many situations, including OP-TEE's own "Secure Storage", this destroys security and other functionality. It's possible that the caller of OP-TEE, arm-trusted-firmware in aarch64 case has access to identifying unique tokens. In that case, it'd be nice if a-t-f could pass it into OP-TEE and if no access to the real SoC "OTP" per-device identifier, use this shorter unique token that has a very good chance of being unique between devices. This patch allows the caller of OP-TEE pass in a DTB, which may be vegstigal, to define the pseudo device ID on the DT path "/firmware/optee/pseudo-device-id". If the platform sets CFG_OTP_SUPPORT and CFG_OTP_SUPPORT_PSEUDO_ID, this pseudo ID will be used as if it was the Device unqiue ID. $(call force,CFG_DT,y) is also required to get the DT parsing. You would only enable this if you were using arm-trusted-firmware with the necessary patches to deliver the eMMC CID serial to OP-TEE OS at startup time via full or stub DTB.
- Loading branch information