meta-arm layer includes recipes for [Trusted Services] Secure Partitions and Normal World applications in
We define dedicated recipes for all supported Trusted Services (TS) Secure Partitions. These recipes produce ELF and DTB files for SPs. These files are automatically included into optee-os image accordingly to defined MACHINE_FEATURES.
To include TS SPs into optee-os image you need to add into MACHINE_FEATURES features for each [Secure Partition] you would like to include:
Other steps depend on your machine/platform definition:
For communications between Secure and Normal Words Linux kernel option
CONFIG_ARM_FFA_TRANSPORT=y is required. If your platform doesn't include it already you can add
arm-ffa into MACHINE_FEATURES.
optee-os might require platform specific OP-TEE build parameters (for example what SEL the SPM Core is implemented at). You can find examples in
meta-arm/recipes-security/optee/optee-os_%.bbappend for qemuarm64-secureboot machine and in
meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc for N1SDP and Corstone1000 platforms accordingly.
trusted-firmware-a might require platform specific TF-A build parameters (SPD and SPMC details on the platform). See
meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend for qemuarm64-secureboot machine and in
meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc for N1SDP and Corstone1000 platforms.
Optionally for testing purposes you can add
packagegroup-ts-tests-psa package groups into your image. They include [Trusted Services test and demo tools]
meta-arm also includes Trusted Service OEQA tests which can be used for automated testing. See
ci/trusted-services.yml for an example how to include them into an image.
 https://trusted-services.readthedocs.io/en/integration/overview/introduction.html  https://trusted-services.readthedocs.io/en/integration/developer/deployments/secure-partitions.html  https://trusted-services.readthedocs.io/en/integration/developer/deployments/test-executables.html