From 8644348fed0faaf30ec532b2b3093e6db96b847b Mon Sep 17 00:00:00 2001
From: Arturo Buzarra <arturo.buzarra@digi.com>
Date: Fri, 23 May 2025 09:20:42 +0200
Subject: [PATCH] stm-st-stm32mp: optee-os: remove CFG_OTP_HUK for Trustfence

Starting with OP-TEE v4.0.0, the use of a test key is no longer supported.
The Hardware Unique Key (HUK) is now always derived from the programmed OTP bits.
As a result, the Digi custom `CFG_OTP_HUK` flag is obsolete and has been removed.

https://onedigi.atlassian.net/browse/DEL-9634

Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
---
 .../recipes-security/optee/optee-os-stm32mp_4.0.0.bbappend     | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_4.0.0.bbappend b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_4.0.0.bbappend
index c57ce1a4a..1d508f1df 100644
--- a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_4.0.0.bbappend
+++ b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_4.0.0.bbappend
@@ -17,6 +17,3 @@ SRC_URI = " \
     ${OPTEE_GIT_URI};branch=${SRCBRANCH};name=os \
     file://fonts.tar.gz;subdir=git;name=fonts \
 "
-
-# If TF enabled, force use of HUK in OTP bits
-EXTRA_OEMAKE += "${@oe.utils.conditional('TRUSTFENCE_ENABLED', '1', 'CFG_OTP_HUK=1', '', d)}"