Tool/software:
Hi
We would like to get rid of the following messages from OP-TEE during the boot:
I/TC: No non-secure external DT I/TC: OP-TEE version: 4.5.0-82-gcec9a29ef-dev (gcc version 12.2.0 (Debian 12.2.0-14)) #1 Thu Mar 13 10:51:44 UTC 2025 aarch64 I/TC: WARNING: This OP-TEE configuration might be insecure! I/TC: WARNING: Please check https://optee.readthedocs.io/en/latest/architecture/porting_guidelines.html
To get rid of "No non-secure external DT" we would just set "CFG_DT=n" to build OP-TEE.
Getting rid of "This OP-TEE configuration might be insecure!" is a bit more complex.
Adding "CFG_INSECURE=n" requires the following change in OP-TEE:
diff --git a/core/arch/arm/plat-k3/drivers/sa2ul_rng.c b/core/arch/arm/plat-k3/drivers/sa2ul_rng.c
index bbbaeacdf..b16359a67 100644
--- a/core/arch/arm/plat-k3/drivers/sa2ul_rng.c
+++ b/core/arch/arm/plat-k3/drivers/sa2ul_rng.c
@@ -16,6 +16,7 @@
#include <mm/core_mmu.h>
#include <platform_config.h>
#include <rng_support.h>
+#include <tee/tee_cryp_utl.h>
#include "sa2ul.h"
@@ -149,6 +150,10 @@ TEE_Result hw_get_random_bytes(void *buf, size_t len)
return TEE_SUCCESS;
}
+void plat_rng_init(void)
+{
+}
+
TEE_Result sa2ul_rng_init(void)
{
rng = (vaddr_t)phys_to_virt(RNG_BASE, MEM_AREA_IO_SEC, RNG_REG_SIZE);
Are both of them something you would recommend?
If yes, would you mind adding them to SDK 11.0 or any further release?
Regards
Daniel
