[PATCH 2/2] configs: Add generic qcom_tfa_optee_defconfig
Casey Connolly
casey.connolly at linaro.org
Thu Jan 8 17:41:42 CET 2026
On 29/12/2025 12:43, Sumit Garg wrote:
> From: Sumit Garg <sumit.garg at oss.qualcomm.com>
>
> Recently upstream TF-A/OP-TEE has started gaining support for Qcom
> platforms. RB3Gen2 being the first one and more to come. U-Boot in
> corresponding boot flow is packaged as a position independent executable.
>
> So, lets add a generic U-Boot defconfig for Qcom platforms to support
> TF-A/OP-TEE based TrustZone stack. Build command:
>
> $ make qcom_tfa_optee_defconfig
> $ make -j`nproc` DEVICE_TREE=qcom/qcs6490-rb3gen2
This would be better suited as a config fragment rather than a new
defconfig imo.
But more importantly, enabling OPTEE support in U-Boot doesn't imply
that it will be used, just that it's supported.
So I think the more appropriate patch here would be to just enable
OP-TEE in qcom_defconfig (assuming the binary size isn't significantly
affected).
Considering the other patch is based on this assumption that if OP-TEE
support is enabled then the board must be using it, a different approach
is definitely needed.
When I was looking into this last year I remember discussing this same
issue from the Linux side, there is a good argument to be made that
OP-TEE support in Linux shouldn't be based on the devicetree -
particularly in the Qualcomm case where whether or not OP-TEE is used is
a simple software change, nothing to do with hardware.
So in general I'm not particularly keen on this approach, I think it
/might/ be acceptable for U-Boot to have some fixup code to add the
OP-TEE node if OP-TEE is in use with the idea of phasing that out in
favour of runtime detection in the OS itself. I'd also expect that fixup
code to go in the generic U-Boot DT fixup code that runs before we jump
to the OS (like the EFI DT fixup function).
Kind regards,
>
> For more information refer here:
> https://trustedfirmware-a.readthedocs.io/en/latest/plat/qti/rb3gen2.html
>
> Signed-off-by: Sumit Garg <sumit.garg at oss.qualcomm.com>
> ---
> configs/qcom_tfa_optee_defconfig | 7 +++++++
> 1 file changed, 7 insertions(+)
> create mode 100644 configs/qcom_tfa_optee_defconfig
>
> diff --git a/configs/qcom_tfa_optee_defconfig b/configs/qcom_tfa_optee_defconfig
> new file mode 100644
> index 00000000000..c398521770f
> --- /dev/null
> +++ b/configs/qcom_tfa_optee_defconfig
> @@ -0,0 +1,7 @@
> +# Configuration for building a generic U-Boot image
> +# with support for TF-A/OP-TEE based Arm TrustZone stack.
> +
> +#include "qcom_defconfig"
> +
> +CONFIG_TEE=y
> +CONFIG_OPTEE=y
--
// Casey (she/her)
More information about the U-Boot
mailing list