Last edited one month ago

OP-TEE configuration switches

Applicable for STM32MP13x lines, STM32MP15x lines, STM32MP25x lines

1. Purpose[edit source]

This article describes the configuration switches used in OP-TEE OS component.

It is recommended to first read OP-TEE overview and STM32MPU OP-TEE Profiles articles for a presentation of OP-TEE.

2. Overview[edit source]

OP-TEE OS build sequence is based on GNU Makefile files. OP-TEE OS can be built from the Distribution Package environment (see Build with the Distribution Package) or from the Developer Package SDK environment (see Developer Package SDK) or from a simple Linux-like shell environment (see Bare environment). Whatever the build environment used, they all end in using a Makefile make command to build OP-TEE OS. This article presents the configuration switches used by OP-TEE OS for its configuration.

OP-TEE OS build troubleshoot article may also be useful in case of trouble with the make commands presented below.

OP-TEE configuration is set straight from the OP-TEE build process and in based on shell environment variables, also used as Makefile variables. The command lines below shown examples of how to build OP-TEE for a specific STM32MP13x lines More info.png platform.

 make PLATFORM=stm32mp1-135F_DK
 make PLATFORM=stm32mp1-135F_DK CFG_TEE_CORE_DEBUG=y
 make PLATFORM=stm32mp1 CFG_EMBED_DTB_SOURCE_FILE=stm32mp135f-dk.dts CFG_STM32MP_PROFILE=secure_and_system_services

The above make command lines should be enough to build your target OP-TEE firmware images, knowing that the configuration directives used in the examples above need to be adapted to the target platform.

This article presents many of the OP-TEE configuration switches that can be tuned for a given target. This article does not present all OP-TEE configuration switches. Almost all OP-TEE configuration switches are prefixed CFG_.

Usually the first OP-TEE configuration switches one tunes are debug mode (CFG_TEE_CORE_DEBUG=y|n), log trace level (CFG_TEE_CORE_LOG_LEVEL=[0|1|2|3|]) and the selection of the STM32MPU OP-TEE profile CFG_STM32MP_PROFILE={system_services|secure_and_system_services}. Each platform has a preset of default configuration switches values. CFG_EMBED_DTB_SOURCE_FILE allows to specify the board device tree file to compile.

It is also possible to provide a config makefile to the make sequence. The OP-TEE OS configuration file shall set PLATFORM and the other expected configuration variables:

 make CFG_OPTEE_CONFIG=/path/to/

3. Main configuration switches[edit source]

The minimal configuration directives required to build OP-TEE OS are the identification of the target (product line + embedded Device Tree) and the cross compilation toolchain.

3.1. Target platform definition[edit source]

OP-TEE OS configuration must define the target product line and the Device Tree source file to be embedded on OP-TEE firmware:

  • PLATFORM=<platform>
    • Ex: PLATFORM=stm32mp1 for STM32MP1 series
    • Ex: PLATFORM=stm32mp2 for STM32MP2 series
  • One of the following exclusive configuration switch must be enabled:
    • CFG_STM32MP13=y when targeting a STM32MP13x lines More info.png platform
    • CFG_STM32MP15=y when targeting a STM32MP15x lines More info.png platform
    • CFG_STM32MP25=y when targeting a STM32MP25x lines More info.png platform
  • CFG_EMBED_DTB_SOURCE_FILE=<device-tree-source-file>: in-tree (core/arch/arm/dts/ ) device tree filename with its .dts extension.
    • Ex: CFG_EMBED_DTB_SOURCE_FILE=stm32mp157f-dk2.dts

OP-TEE OS may guess the target product line (CFG_STM32MPxx=y) based on CFG_EMBED_DTB_SOURCE_FILE value.

Some couples of platform/device-tree source file are predefined in OP-TEE OS source tree. They can be used as an alternative to CFG_EMBED_DTB_SOURCE_FILE, using configuration switch PLATFORM with a platform flavor suffix. For example:

  • PLATFORM=stm32mp1-157F_EV1
    is an equivalent for PLATFORM=stm32mp1 CFG_STM32MP15=y CFG_EMBED_DTB_SOURCE_FILE=stm32mp157f-ev1.dts.
  • PLATFORM=stm32mp1-135F_DK
    is an equivalent for PLATFORM=stm32mp1 CFG_STM32MP13=y CFG_EMBED_DTB_SOURCE_FILE=stm32mp135f-dk.dts.
  • PLATFORM=stm32mp2-257F_DK
    is an equivalent for PLATFORM=stm32mp2 CFG_STM32MP25=y CFG_EMBED_DTB_SOURCE_FILE=stm32mp257f-dk.dts.

3.2. STM32MPU OP-TEE profile[edit source]

STM32MPU OP-TEE proposes configuration profiles to ease defining the services to embed in OP-TEE. The profiles are described in STM32MPU OP-TEE Profiles article. The configuration switch supported values are:

  • CFG_STM32MP_PROFILE=system_services
  • CFG_STM32MP_PROFILE=secure_and_system_services

On STM32MPU platforms, the default select profile depends on the target, refer to Platform default configuration article.

3.3. Cross-compilation directives[edit source]

We mention here also the cross compilation prefix, as alternative to generic CROSS_COMPILE:

    OP-TEE cross-compilation toolchain is set from CROSS_COMPILE however, for 64bit targets, OP-TEE can host both 32bit and 64bit Trusted Applications. To build the former, CROSS_COMPILE32 shall be set. CROSS_COMPILE64 is used for 64bit build or build makefiles fallback to CROSS_COMPILE.

4. OP-TEE core generic switches[edit source]

Below are some OP-TEE generic optional directives commonly used, described in OP-TEE OS mk/ file:

  • CFG_CORE_HEAP_SIZE=<VALUE>: Byte size of OP-TEE core memory allocation pool
    STM32MP13x lines More info.png STM32MP15x lines More info.png without pager and STM32MP25x lines More info.png use OP-TEE native default heap size of 64kBytes. STM32MP15x lines More info.png with pager enabled and security services uses default heap of 48kBytes. The value can be tuned if needed. See also xtest --stats --alloc for information on OP-TEE core heap allocation pool (see CFG_WITH_STATS).
  • CFG_NUM_THREADS=<VALUE>: Number of concurrent TEE thread contexts provisioned in OP-TEE.
    OP-TEE native default value is 2 but STM32MP platforms use other default values: 3 for STM32MP13x lines More info.png, 10 for STM32MP15x lines More info.png with pager and 5 for STM32MP25x lines More info.png. The value can be tuned if needed.
  • CFG_WITH_PAGER={n|y}: disable/enable OP-TEE core "pager" mode, allowing OP-TEE is execute in a size constrained internal RAM for few hundreds of kBytes.
    The feature is used only on STM32MP15x lines More info.png when secure services are enabled. Note that STM32MP15x lines More info.png for TF-A configuration depends on whether OP-TEE is to be booted in secure internal RAM (with pager enabled) or is booted in the external RAM. Refer to STM32MP15 pager impact on TF-A article.

On Armv8-A paltforms, OP-TEE can be built in 64bit (CFG_ARM64_core=y) or in 32bit mode (CFG_ARM32_core=y).

5. Resource management service configuration switches[edit source]

In both Resource Management profile and Secure Service profile, OP-TEE embeds resource management services that are default enabled in STM32MP software delivery. Each can be individually disabled using their related configuration switch:

  • CFG_DEVICE_ENUM_PTA={y|n}: Default enabled. Enumeration of registered embedded services to non-secure world.
    This is used by U-Boot and the Linux kernel to bind driver instances (SCMI, HWRNG, ...).
  • CFG_HWRNG_PTA={y|n}: Default enabled. Interface for Linux/U-Boot to request TRNG random numbers.
    The switch is default enabled and true random number generator device need to register to crypto API so that HWRNG PTA exposes it and enumerates (see CFG_DEVICE_ENUM_PTA).
  • CFG_RTC_PTA={y|n}: Default disabled. Interface for Linux/U-Boot to access RTC service.
    STM32MP configuration does not yet expose RTC service when STM32 RTC device is assigned to OP-TEE. This is expected in a future service.
  • CFG_SCMI_PTA={y|n}: Default enabled on STM32MPU OpenSTLinux platforms to manage clock, reset, power and voltage domains, and more.

6. Secure services related configuration switches[edit source]

The configuration switch listed in this section all require STM32MPU OP-TEE secure service to be enabled with CFG_STM32MP_PROFILE=secure_and_system_services.

6.1. Generic switches for secure services[edit source]

Secure storage:

  • CFG_REE_FS={n|y}: disable/enable OP-TEE secure storage area based on a non-secure filesystem
  • CFG_RPMB_FS={n|y}: disable/enable OP-TEE secure storage area based on eMMC/RPMB resource
  • CFG_RPMB_FS_DEV_ID=<VALUE>: define the mmcblk block device used by REE for eMMC/RPMB accesses
    (e.g. "'1'" on stm32mp157x-ev1 boards)

Hardware Unique Key (HUK) and HUK derivation: OT-TEE generates several key from derivation of the device hardware unique key. On STM32MP13x lines More info.png and STM32MP25x lines More info.png with crypto support, the HUK derivation service is provided by STM32 SAES driver, when SAES is assigned to OP-TEE. These platforms do not expose the HUK. STM32MP15x lines More info.png platforms require CFG_STM32MP15_HUK=y and its sub-configuration switch to implement HUK derivation requirements.

  • CFG_STM32MP15_HUK={y|n} embeds STM32MP15x lines More info.png HUK support using a key read from OTP fuses or not in various ways.
    • CFG_STM32_HUK_FROM_DT={y|n} Default enabled. When enabled, HUK location in BSEC words is found from OP-TEE device tree, from NVMEM node named "huk-otp"'.
    • CFG_STM32MP15_HUK_BSEC_KEY={y|n} Default enabled. When enabled, read HUK constitute read from BSEC OTPs.
    • CFG_STM32MP15_HUK_BSEC_DERIVE_UID={y|n} is default disabled. When enabled and CFG_STM32MP15_HUK_BSEC_KEY=n, the key read from BSEC OTPs are derived with the die ID read also from BSEC interface.
    • CFG_STM32_HUK_TESTKEY={y|n} Default disabled. When enabled, embeds a test key as HUK, refer to source file implementation.
    • CFG_STM32MP15_HUK_OTP_BASE=VALUE is an alternative when CFG_STM32_HUK_FROM_DT=n, to set the BSEC word base index from where HUK bytes shall be read over 4 words.
      • CFG_STM32MP15_HUK_BSEC_KEY_<0|1|2|3>=VALUE is another alternative when CFG_STM32_HUK_FROM_DT=n, to set each index of the 4 BSEC words that constitute the HUK.

6.2. Trusted applications[edit source]

  • CFG_WITH_USER_TA={n|y}: disable/enable support for Trusted Applications in OP-TEE secure memory
  • CFG_PAGED_USER_TA={n|y}: disable/enable support for paged Trusted Applications when CFG_WITH_PAGER is enabled.
  • CFG_USER_TA_TARGETS=ta_arm64\ ta_arm32
    Defines whether a 64bit core support 32bit and/or 64 Trusted Applications.

6.3. BSEC secure OTP fuses[edit source]

  • CFG_STM32_BSEC=y|n: (Default enabled) STM32 BSEC2 OTP access interface driver, for STM32MP1 series platforms.
  • CFG_STM32_BSEC3=y|n: (Default enabled) STM32 BSEC3 OTP access interface driver, for STM32MP2 series platforms.

In order to leverage the BSEC driver, its configuration switch (shown above) must be enabled and OP-TEE OS device tree needs to provide a node enabling the device driver. See BSEC device tree configuration article for more information.

The below config switches require that one of CFG_STM32_BSEC and CFG_STM32_BSEC3 is enabled.

  • CFG_STM32_BSEC_WRITE=y|n: (Default enabled) Allow burning OTP fuses.
  • CFG_STM32MP_PROVISIONING=y|n: (Default enabled) Load BSEC shadow memory from values read from OP-TEE core secure Device Tree.
  • CFG_BSEC_PTA=y|n: (Default enabled) STM32 BSEC secure words access services. Access rights are assigned from OP-TEE core Device Tree.

Refer to OP-TEE OTP overview for more information on BSEC OTP fuses on STM32MPU product lines.

6.4. Other secure services[edit source]

  • CFG_STM32MP_REMOTEPROC=y: Secure service for attesting secure loading and boot of the Cortex-M remote processor, if available.
    When enabled, it enforces CFG_REMOTEPROC_PTA=y.
  • CFG_ATTESTATION_PTA={y|n} Default disabled. Can be used to ask OP-TEE to certify the Trusted Application state.
    • CFG_ATTESTATION_PTA_KEY_SIZE=<VALUE>: RSA key size used for the attestation, default value is 3072.
  • CFG_SECSTOR_TA_MGMT_PTA={y|n}: Default enabled to allow Installation of TA images in the OP-TEE secure persistent storage.
  • CFG_SYSTEM_PTA={y|n}. Default enabled for TAs to interact with OP-TEE core.
  • CFG_PKCS11_TA=y|n This switch does not change OP-TEE OS but is exported to OP-TEE Test for regression test support.

7. STM32 drivers configuration switches[edit source]

STM32MPU variants: inherited from the Device Tree File name, or set by build environment.
The following switches are exclusive: only one can be enabled:

  • CFG_STM32MP13=y|n
  • CFG_STM32MP15=y|n
  • CFG_STM32MP25=y|n

Clocks, reset controllers, voltage regulators, pin muxing and GPIOs based on STM32 interfaces:

  • CFG_STM32MP{15|13|25}_CLK=y|n: Clock drivers. Required enabled for related STM32MPU variant.
    RCC device shall have a node in OP-TEE device tree, see clock device tree configuration article.
  • CFG_STM32MP{15|13|25}_RSTCTRL=y|n: Reset controller drivers. Required enabled for related STM32MPU variant.
    RCC device shall have a node in OP-TEE device tree, see reset device tree configuration article.
  • CFG_STM32_UART=y: Enabled for OP-TEE output console trace messages.
    See alsoUSART and serial TTY device device tree configuration articles. STM32MP OP-TEE proposes an early trace message configuration switch, defining which UART instance of the STM32MPU device is to be used, see CFG_STM32_EARLY_CONSOLE_UART.
  • CFG_STM32_LPTIMER=y|n: Required by STM32MP1 series for clock calibration service (CFG_STM32_CLKCALIB). See also LPTIM and LPTIM device tree configuration articles.
  • CFG_STM32_I2C=y|n: STM32 I2C bus interface driver. Required when using an STPMIC control chip.
    STM32 I2C driver is initialized upon a compatible node in OP-TEE device tree. Refer also to I2C device tree configuration article.
  • CFG_STM32_RNG=y|n: High quality hardware Random Number Generator STM32 RNG.
    When enabled and CFG_WITH_SOFTWARE_PRNG=n (aka CFG_WITH_TRNG=y), STM32 RNG is used a RNG source by OP-TEE core.
    When enabled and CFG_WITH_SOFTWARE_PRNG=y, OP-TEE PRNG is seeded by STM32 RNG before non-secure world boots. This can be used for platforms willing to drive STM32 RNG from the non-secure world (U-Boot, Linux). STM32 RNG driver is initialized upon a compatible node in OP-TEE device tree. Refer also to RNG device tree configuration article.

STM32MP resource access firewalls support:

  • CFG_STM32_FIREWALL=y : STM32MP firewall drivers framework
  • CFG_STM32_ETZPC=y: Firewall enforced enabled in MP13 and MP15 for the Secure Services profile. See also ETZPC interface and ETZPC device tree configuration articles.
  • CFG_STM32_{RIF|RIFSC|RISAB|RISAF}=y: Firewall drivers enforced enabled in MP25 for the Secure Services profile. See also relevant articles on RIFSC, RIFSAF, RISAB and their device tree artciles ( RIFSC configuration, RISAF configuration and RISAB configuration).
  • CFG_STM32_IAC=y, CFG_STM32_SERC=y|n: Invalid resource access monitoring on STM32MP25x lines More info.png.
    • CFG_STM32_PANIC_ON_IAC_EVENT=y|n: Panic possibly with a debug trace message on IAC violation.
      Default y when CFG_TEE_CORE_DEBUG=y.
    • CFG_STM32_PANIC_ON_SERC_EVENT=y|n: Panic spossibly with a debug trace message on SERC events.
      Default y when CFG_TEE_CORE_DEBUG=y.

OTP fuses service:

STM32MP cryptographic hardware assistance:

Power and low power modes resources:

  • Voltage regulators:
    • CFG_STM32_VREFBUF=y: STM32MPU internal VREFBUF voltage regulator driver.
    • CFG_STM32_PWR=y: PWR internal peripheral driver.
    • CFG_STPMIC1=y|n, CFG_STPMIC2=y|n: PMIC companion chip, refer to PMIC article.
    • CFG_STM32MP13_REGULATOR_IOD=y: IO drive level driver for STM32MP13x lines More info.png.
  • Generic voltage regulator drivers:
    • CFG_REGULATOR_FIXED=y: Use device tree to define fixed level regulators that may be gated through an output GPIO signal.
    • CFG_REGULATOR_GPIO=y: Use device tree to define 2-level voltage regulators, gated and leveled through output GPIO signals.
  • Low power resources:
    • CFG_STM32_EXTI=y|n: Driver for wake up pin management.
    • CFG_STM32_CPU_OPP=y|n: Driver for CPU dynamic voltage and frequency scaling.
    • CFG_SYSCFG=y|n,: Driver for STM32MP1 series IO compensation, High speed/Low voltage mode interfaces.
    • CFG_STM32_PWR_IRQ=y|n: Driver PWR internal peripheral interrupts, likely used for PMIC interrupt signals.

Other STM32MPU drivers:

    These configurations apply to STM32MP25x lines More info.png. OMM, FMC and HPDMA drivers needs to be embedded in OP-TEE to configure of their security firewalls and to handle low power states.
  • Remote processor management:
    CFG_STM32_HSEM=y|n, CFG_STM32_IPCC=y|n.
  • Tampering and monitoring
  • Real Time measurement with CFG_STM32_RTC=y|n: Default enabled. Persistent real time.
    See also STM32 RTC and RTC device tree configuration articles.

Debugging the traces:

  • CFG_STM32_EARLY_CONSOLE_UART={0|1|..} : OP-TEE core early trace UART instance. When 0, early traces (e.g. before MMU is enabled) are disabled. When 1, or more, this is the UART/USART instance used, likely already setup by some previous boot stage.
  • CFG_STM32_CLK_DEBUG=y|n: Print clocks state at run time from STM32 clock drivers.

8. Cryptographic operation configuration[edit source]

Main switches:

  • CFG_CRYPTO=y|n
  • CFG_CRYPTOLIB_NAME=tomcrypt, alternatively CFG_CRYPTOLIB_NAME=mbedtls
    CFG_CRYPTOLIB_DIR=core/lib/libtomcrypt (resp. CFG_CRYPTOLIB_DIR=lib/mbedtls)
    Target software cryptographic library embedded in OP-TEE core. Default is libtomcrypt and its internal path.

For all the cryptographic algorithms listed below, all those that are enabled by do not have hardware assistance are processed by the software cryptography library of OP-TEE, either the TomCrypt library [1] or the MbedTLS library [2].

Digest and hashing functions:
Note: CFG_STM32_HASH selects MD5, SHA*, SHA3_*, and SHAKE*.

  • CFG_CRYPTO_[MD5|SHA1|SHA224|SHA256|SHA384]=y|n
  • CFG_CRYPTO_SHA3_[224|384|512]=y|n
  • CFG_CRYPTO_SHA512|SHA512_256]=y|n
  • CFG_CRYPTO_SHAKE[128|256]=y|n
  • CFG_CRYPTO_SM3=y|n

Symmetric cryptographic algorithms:
Note: CFG_STM32_CRYP enforces support for AES ECB/CBC/CTR/GCM/CCM and DES/TDES EBC/CBC.
CFG_STM32_SAES enforces support for AES ECB/CBC/CTR/GCM/CCM.

  • CFG_CRYPTO_SM4=y|n

and their related modes (when applicable):


Key derivation support:


Asymmetric cryptographic algorithms:
CFG_STM32_PKA=y enables ECC operations.

  • CFG_CRYPTO_[ECC|ED25519|X25519]=y|n

Generic cryptographic processing framework configuration switches:

    Exclusive enabled switches
    When CFG_WITH_SOFTWARE_PRNG=y: Random bytes are generated by a software implementation (Fortuna algorithm [3]).
    When CFG_WITH_SOFTWARE_PRNG=n: Random bytes can be generated with a hardware source with CFG_WITH_TRNG=y. TRNG device are registered at boot time in OP-TEE core.
  • CFG_CRYPTO_SIZE_OPTIMIZATION=y|n: Defines memory size footprint optimization of the cryptographic software libraries.

9. Debug related configuration switches[edit source]

OP-TEE generic optional debugging and test directives commonly used, described in OP-TEE OS mk/ file:

  • CFG_TEE_CORE_DEBUG=n|y: disable/enable debug support (including support for assert() through NDEBUG)
  • CFG_TEE_CORE_LOG_LEVEL={0|1|2|3|4}: define OP-TEE core trace level (0: no trace, 4: overflow of traces) (default is 2: info)
  • CFG_TEE_CORE_TA_LEVEL={0|1|2|3|4}: define OP-TEE Trusted Applications (TAs) trace level (default is 1: error)
  • CFG_TEE_CORE_TA_TRACE=n|y: disable/enable TAs trace message at define OP-TEE core level (default is y)
  • CFG_TEE_CORE_MALLOC_DEBUG=n|y: disable/enable debug support for heap allocations in OP-TEE core
  • CFG_TEE_TA_MALLOC_DEBUG=n|y: disable/enable debug support for heap allocations in Trusted Applications (TAs)
  • CFG_CC_OPT_LEVEL=[s|0|1|2] sets GCC/Clang optimization level "-O0", "-O1", "-O2" or "-Os". Default is s for size.
  • CFG_UNWIND=n|y: disable/enable stack unwind debug trace messages
  • CFG_ENABLE_EMBEDDED_TESTS=n|y; disable/enable embedded test, used by xtest tool (default is y)
  • CFG_WITH_STATS=n|y: disable/enable OP-TEE statistics retrieval through OP-TEE Statistics PTA service interface.
  • CFG_WERROR=n|y: disable/enable build error trigger on OP-TEE build warning occurrences.
  • CFG_TA_GPROF_SUPPORT=n|y: disable/enable profiling of Trusted Application implementation based on gprof standard tool
  • CFG_FTRACE_SUPPORT=n|y: disable/enable function trace support in Trusted Applications based on ftrace standard tool
  • CFG_SYSCALL_FTRACE=n|y: disable/enable support for ftrace syscall graph generation
  • CFG_CORE_DEBUG_CHECK_STACKS=n|y: disable/enable compiler instrumentation for stack overflow protection
  • CFG_WITH_STACK_CANARIES=n|y: (default enabled) disable/enable canaries value at stack limits
  • CFG_DEBUG_INFO=n|y: (default enabled) disable/enable embedding implementation debug information in OP-TEE core image

Information on configuration switches CFG_TEE_CORE_DEBUG, CFG_TEE_CORE_LOG_LEVEL and CFG_UNWIND can be found in the How_to_debug_OP-TEE article.

STM32MP has a few platform specific configuration switch related to development and debug support:

  • CFG_STM32_EARLY_CONSOLE_UART={0|1|2|...}: define the USART instance used for early console trace messages (default is 4)
  • CFG_STM32MP_PROVISIONING=n|y is a development and debugging feature this is not intended for product release.
    When enabled, OP-TEE initialization sequence look up into its device tree for node with compatible = st,provisioning which load in BSEC shadow registers value read from the device tree. This can help testing fuses with burning them, as for watchdog freeze during suspend or for product below 2.5V support.
  • CFG_TEE_CORE_DEBUG generic switch is presented above but has also impact on some STM32MP platform support:
    • On STM32MP1 series devices that are in open state (refer to device life cycle article), all JTAG debug controls are enabled when CFG_TEE_CORE_DEBUG=y, and only internal software debug accesses are enabled when CFG_TEE_CORE_DEBUG=n. For devices in closed state, refer to the device reference manual.
    • On STM32MP2 series devices, hardware debug support is not related to CFG_TEE_CORE_DEBUG. All JTAG debug controls are enabled on devices in open state. For devices in closed state, refer to the device reference manual. Refer to device life cycle article for information on device open and closed states.

10. Constraints with OP-TEE Pager[edit source]

This section details the constraints related to when enabling OP-TEE pager, as specifically needed with STM32MP15x lines More info.png when enabling the secure services profile. These constraints are all related to the size of the internal secure memory assigned to OP-TEE OS. Details on the secure internal memory that can be assigned to OP-TEE can be found in [[STM32MPU_OP-TEE_profiles#Platform_default_configuration_and_constraints|STM32MP15x lines More info.png platform constraints]] article.

When STM32MP15x lines More info.png enables secure services profile, it also enables OP-TEE pager mode. This mode allows to execute OP-TEE core in a relatively small secure memory, using a dynamic memory pages swapping mechanism between the small internal secure memory assigned top OP-TEE (SYSRAM and possibly some SRAMs) and the external main memory that is not encrypted in STM32MP15x lines More info.png. OP-TEE pager mode splits the memory in 2 main areas: one for the so-called pager resident memory (containing CPU instruction, read-only and read/write data segments) and the remaining for the pager page pool area. The pager page pool area is used to load pageable segments memory (containing also instructions, read-only and read/write data) that can be swapped from/to the external main memory, with necessary encryption and authentication means. If the pager page pool is small (below 100kBytes), OP-TEE pager will often need to swap pages between the secure internal memory and the external memory. This results in downgraded OP-TEE services performances. If the pager page pool memory is large (more than 192kByte), less pages will likely need to be swap, resulting is good or very good performances. OP-TEE core performances depend of course on product use cases.

CFG_NUM_THREADS defines the numbers of TEE thread contexts provisioned in OP-TEE OS. On 32bit STM32MP15x lines More info.png platforms, each thread consumes around 1kBytes of resident internal memory. Therefore, when pager is enabled (CFG_WITH_PAGER=y) and the internal secure memory assigned to OP-TEE OS is small, it is recommended to optimize CFG_NUM_THREADS the product needs. The default value is 3 thread contexts for STM32MP15x lines More info.png with OP-TEE pager enabled.

CFG_CORE_HEAP_SIZE defines the byte size of OP-TEE core heap. When pager is enabled, the bigger CFG_CORE_HEAP_SIZE is the smaller OP-TEE pager page pool size will be. It is therefore highly recommended to use a reasonable value for CFG_CORE_HEAP_SIZE when OP-TEE pager is enabled. The default heap size value is of 49kByte for STM32MP15x lines More info.png with OP-TEE pager enabled. 64kByte remains a reasonable value. If more is needed, it is likely one or more SRAMx internal RAM(s) should be assigned to OP-TEE in addition to the 256kByte SYSRAM.

CFG_TEE_CORE_DEBUG, when enabled, builds OP-TEE in debug mode which embeds extra assertions and tests instructions. These likely increase OP-TEE pager resident memory footprint by 30kByte. When OP-TEE pager is enabled on STM32MP15x lines More info.png, enabling debug mode in conjunction with a debug log level (CFG_TEE_CORE_LOG_LEVEL=3) may lower OP-TEE pager page pool size.

CFG_UNWIND, when enabled, builds OP-TEE core with stack backtrace facilities. These a allows to print function calls back traces leading to an OP-TEE core panic. These feature consumes around 20kByte of pager resident memory.

11. References[edit source]