IMX8 OPTEE
OP-TEE Introduction
NXP Platforms are enabled with Open Portable TEE (OP-TEE), which is an open source project which contains a full implementation to make up a complete Trusted Execution Environment.
For more information, please see the following resources from NXP:
- https://www.nxp.com/docs/en/user-guide/IMX_PORTING_GUIDE.pdf
- https://www.nxp.com/design/training/trusted-execution-environment-getting-started-with-op-tee-on-i-mx-processors:TIP-TRUSTED-EXECUTION-ENVIRONMENT-GETTING-STARTED
Enable OP-TEE with Yocto
To enable OP-TEE, add the following to conf/local.conf:
MACHINE_FEATURES:append = " optee" DISTRO_FEATURES:append = " optee" IMAGE_INSTALL:append = " optee-os optee-test"
Then, rebuild the Yocto image and test OP-TEE using the xtest utility.
For more information about how to rebuild the Yocto, follow the steps here: Build Yocto from source code.
OP-TEE Memory Configuration
The DRAM memory size is hardcoded in optee-os and needs to be updated according to the memory configuration of your SoM.
The DRAM size is configured by the variable TEE_CFG_DDR_SIZE, which is initialized in https://github.com/varigit/meta-variscite-bsp/blob/kirkstone/conf/machine/imx8mp-var-dart.conf and may be updated directly or overidden in conf/local.conf.
For example, override TEE_CFG_DDR_SIZE to 4GB:
TEE_CFG_DDR_SIZE = "0x100000000"