From 287a42403fdf19c4d489b3739f30517be9820fb0 Mon Sep 17 00:00:00 2001 From: Arturo Buzarra Date: Fri, 20 Mar 2026 13:50:46 +0100 Subject: [PATCH] stm-st-stm32mp: optee-os: remove CFG_REMOTEPROC_PUB_KEY_VERIFY for ccmp15 Commit 52a1111da6d72446530da26e135b65a34b48e279 ("OPTEE: MANAGE signature, M33TD") in the ST layer incorrectly enables CFG_REMOTEPROC_PUB_KEY_VERIFY=y for all platforms when SIGN_ENABLE is set. However, co-processor public key verification against OTP fuses is not supported on stm32mp1x platforms and causes the build to fail. Remove CFG_REMOTEPROC_PUB_KEY_VERIFY for ccmp15. https://onedigi.atlassian.net/browse/DEL-10022 Signed-off-by: Arturo Buzarra --- .../recipes-security/optee/optee-os-stm32mp_4.0.0.bbappend | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_4.0.0.bbappend b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_4.0.0.bbappend index 57c0d5132..467cb8e76 100644 --- a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_4.0.0.bbappend +++ b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_4.0.0.bbappend @@ -32,3 +32,4 @@ SRC_URI:append:ccmp25 = " \ EXTRA_OEMAKE:append:ccmp25 = " ${@oe.utils.conditional('TRUSTFENCE_COPRO_ENABLED', '1', 'CFG_REMOTEPROC_PUB_KEY_VERIFY=y', '', d)}" # Enable remoteproc custom public key verification for signed firmware support EXTRA_OEMAKE:append:ccmp15 = " ${@oe.utils.conditional('TRUSTFENCE_COPRO_ENABLED', '1' , 'CFG_STM32MP_REMOTEPROC=y RPROC_SIGN_KEY=%s' % (d.getVar('TRUSTFENCE_COPRO_SIGN_KEY') or ''), '', d)}" +EXTRA_OEMAKE:remove:ccmp15 = " ${@oe.utils.conditional('TRUSTFENCE_COPRO_ENABLED', '1' , 'CFG_REMOTEPROC_PUB_KEY_VERIFY=y', '', d)}"