OP-TEE: Add option for PKCS11 TA (CFG_PKCS11_TA_AUTH_TEE_IDENTITY)

Signed-off-by: Tanel Dettenborn <[email protected]>
dmitry-erin · Sep 10, 2024 · c54e0f4 · c54e0f4
1 parent d66c087
commit c54e0f4
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/modules/reference/hardware/jetpack/nvidia-jetson-orin/optee.nix b/modules/reference/hardware/jetpack/nvidia-jetson-orin/optee.nix
@@ -35,6 +35,14 @@
         '';
       };
 
+      authTeeIdentity = lib.mkOption {
+        type = lib.types.bool;
+        default = true;
+        description = lib.mdDoc ''
+          Enable PKCS#11 TA's TEE Identity based authentication support
+        '';
+      };
+
       heapSize = lib.mkOption {
         type = lib.types.int;
         default = 32768;

diff --git a/targets/nvidia-jetson-orin/optee.nix b/targets/nvidia-jetson-orin/optee.nix
@@ -56,7 +56,9 @@ _:
         "TA_DEV_KIT_DIR=${taDevKit}/export-ta_arm64"
         "CFG_PKCS11_TA_TOKEN_COUNT=${builtins.toString config.ghaf.hardware.nvidia.orin.optee.pkcs11.tokenCount}"
         "CFG_PKCS11_TA_HEAP_SIZE=${builtins.toString config.ghaf.hardware.nvidia.orin.optee.pkcs11.heapSize}"
-        "CFG_PKCS11_TA_AUTH_TEE_IDENTITY=y"
+        "CFG_PKCS11_TA_AUTH_TEE_IDENTITY=${
+          if config.ghaf.hardware.nvidia.orin.optee.pkcs11.authTeeIdentity then "y" else "n"
+        }"
         "CFG_PKCS11_TA_ALLOW_DIGEST_KEY=y"
         "OPTEE_CLIENT_EXPORT=${opteeClient}"
         "O=$(PWD)/out"