# Generic Trusted Execution Environment Configuration
config TEE
	bool "Trusted Execution Environment support"
	depends on (ARM && (ARM64 || CPU_V7A)) || SANDBOX
	select ARM_SMCCC if ARM
	help
	  This implements a generic interface towards a Trusted Execution
	  Environment (TEE). A TEE is a trusted OS running in some secure
	  environment, for example, TrustZone on ARM cpus, or a separate
	  secure co-processor etc. See also:
	  https://en.wikipedia.org/wiki/Trusted_execution_environment

if TEE

menu "TEE drivers"

config SANDBOX_TEE
	bool "Sandbox TEE emulator"
	depends on SANDBOX
	default y
	help
	  This emulates a generic TEE needed for testing including the AVB
	  TA. The emulation provides all callbacks of a regular TEE and
	  supports session and shared memory management. The AVB TA is
	  emulated with rollback indexes and device lock-state, the state
	  of the TA is only kept in RAM and will be reset on each boot.
	  The emulation only supports one open session at a time.
	  Interaction from the U-Boot command line in possible via the
	  "avb" commands.

source "drivers/tee/optee/Kconfig"
source "drivers/tee/broadcom/Kconfig"

endmenu

endif