From 5bfc2d23bbb6bfd4543fb65ba5e747be03bce201 Mon Sep 17 00:00:00 2001 From: Subrata Banik Date: Wed, 12 Nov 2025 16:54:24 +0000 Subject: [PATCH] soc/qc/x1p42100:: Select Secure OS options in SoC Kconfig Refactor Kconfig dependency by moving the selection of Secure OS (TrustZone/TEE) features from the mainboard configuration to the specific SoC configuration layer. The selections for `ARM64_USE_SECURE_OS` and `ARM64_USE_SECURE_OS_PAYLOAD` are moved from `BOARD_GOOGLE_BLUEY_COMMON` to `SOC_QUALCOMM_HAMOA`. This ensures that the Secure OS requirements are correctly associated with the Hamoa chipset family itself, leading to better modularity and future compatibility for Hamoa-based platforms. Crucially, this change allows for precise control of the Secure OS (BL32 firmware) applicability. By selecting the feature only within `SOC_QUALCOMM_HAMOA`, we can ensure that platforms utilizing the "Purwa SoC" family (which currently does not have a ready/available SecureOS) automatically avoid the selection of these Kconfig options. The change is verified by ensuring the QTEE (SecureOS) feature is disabled for platforms using the Purwa SoC, specifically verified on the google/quenbi mainboard. BUG=b:459268465 TEST=Ensure disabling QTEE aka SecureOS feature for google/quenbi w/ Purwa SoC. AP firmware log shows the expected path taken when SecureOS is disabled: ``` WARNING: No QTEE entry point provided by BL2 boot loader, Booting device without QTEE initialization. ``` Change-Id: Ic82a29a4330cc6e5f99727fc40ec73b38cbbc72d Signed-off-by: Subrata Banik Reviewed-on: https://review.coreboot.org/c/coreboot/+/90011 Reviewed-by: Kapil Porwal Tested-by: build bot (Jenkins) --- src/mainboard/google/bluey/Kconfig | 2 -- src/soc/qualcomm/x1p42100/Kconfig | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/mainboard/google/bluey/Kconfig b/src/mainboard/google/bluey/Kconfig index a6ead70307..0f5e8c3950 100644 --- a/src/mainboard/google/bluey/Kconfig +++ b/src/mainboard/google/bluey/Kconfig @@ -2,8 +2,6 @@ config BOARD_GOOGLE_BLUEY_COMMON def_bool n - select ARM64_USE_SECURE_OS - select ARM64_USE_SECURE_OS_PAYLOAD select COMMON_CBFS_SPI_WRAPPER select MAINBOARD_HAS_CHROMEOS select SPI_FLASH diff --git a/src/soc/qualcomm/x1p42100/Kconfig b/src/soc/qualcomm/x1p42100/Kconfig index c02c2a649b..7107720391 100644 --- a/src/soc/qualcomm/x1p42100/Kconfig +++ b/src/soc/qualcomm/x1p42100/Kconfig @@ -39,6 +39,8 @@ config SOC_QUALCOMM_X1P42100 config SOC_QUALCOMM_HAMOA bool + select ARM64_USE_SECURE_OS + select ARM64_USE_SECURE_OS_PAYLOAD select SOC_QUALCOMM_BASE default n help