Not sure if this is the place to ask this question but don't know where to put it.
I'm starting for the first time an OP-TEE project. I was following the guide they have online until I got to a part where the linux terminal doesn't respond as expected.

Already tried with codes for other hardware and the problem is the same. The part that changes is the part where I have rpi3.xml.

The code I tried to use to install was:

repo init -u https://github.com/OP-TEE/manifest -m rpi3.xml [-b ${BRANCH}]

The expected result was simply the installation of the necessary files on the directory I chose but the actual result is the following:

Your identity is: Joao <my_mail>
If you want to change this, please re-run 'repo init' with --config-name

repo has been initialized in /home/joao/project

Thank you for the help and sorry if this is not the right place to ask this.

Hi there,

Something wrong when I tried to repo init branch 3.3.0 using repo init -u https://github.com/OP-TEE/manifest.git -m qemu_v8.xml -b 3.3.0

It works well using repo init -u https://github.com/OP-TEE/manifest.git -m qemu_v8.xml (the newest version ,maybe?) and I can successfully complie and make run to start qemu in this case finally.

What can I do to use older branch 3.3.0?

I'm migrating optee to the rk3399 development board. I don't know which xml to download the warehouse code from. How should I do? At present, I have only completed the process of emulating optee on the QEMU platform, and I don't know how to compile it on the real machine.

Does it make sense to drop the repository from manifests? The same applies to the article https://optee.readthedocs.io/en/latest/debug/benchmark.html and PTA in OP-TEE OS core (core/pta/benchmark.c)

It's currently not functional (it was never though) and is not maintained

Hi all, I am looking for a device with ARMv8.2 or above generation ISA with OPTEE support. I did not find such device in the list of platforms supported by OPTEE. Please let me know if there is any such device with OPTEE support.

Specifically, I am looking for an architecture with PAN support. If anyone has tried OPTEE with PAN, please let me know. Any help is appreciated.

Thanks a lot!

Hi there,

I'm not sure if this is a good place to ask. I saw the disclaimer in rpi3.md and I'm wondering what mechanisms are we talking about

Although the Raspberry Pi3 processor provides ARM TrustZone
exception states, the mechanisms and hardware required to
implement secure boot, memory, peripherals or other secure
functions are not available.

Closing backslash is missing from XML entry resulting in repo tool failure in 3.19 (stable) release.
See: https://github.com/OP-TEE/manifest/blob/3.19.0/fvp-ts.xml#L9

Correct line would be:

"revision" and "clone-depth" attributes should also be removed from remove-project element. It is not erronous, but does not makes sense IMO.

error.ManifestInvalidPathError: invalid "src": ../toolchains/aarch64/bin/aarch64-linux-gnu-gdb: bad component: ..
The environment is Ubuntu 18.04 and the Prerequisites are already installed.
$ repo init -u https://github.com/OP-TEE/manifest.git -m qemu_v8.xml -b 3.3.0

I'm trying to build for qemu, but I have this problem on the repo command

$ repo init -u https://github.com/OP-TEE/manifest.git -m default_stable.xml
$ repo sync
Fetching project gen_rootfs.git
Fetching projects: 7% (1/13) Fetching project optee_client.git
Fetching projects: 15% (2/13) Fetching project optee_benchmark.git
Fetching projects: 23% (3/13) Fetching project optee_os.git
remote: Counting objects: 7, done.
remote: Total 7 (delta 5), reused 7 (delta 5), pack-reused 0
From https://github.com/OP-TEE/optee_os
b644907..e4a1f58 master -> optee/master
Fetching projects: 30% (4/13) Fetching project soc_term.git
Fetching projects: 38% (5/13) Fetching project hello_world.git
Fetching projects: 46% (6/13) Fetching project build.git
remote: Counting objects: 3, done.
remote: Compressing objects: 100% (1/1), done.
remote: Total 3 (delta 2), reused 3 (delta 2), pack-reused 0
From https://github.com/OP-TEE/build
034c3cd..908c823 master -> optee/master
Fetching projects: 53% (7/13) Fetching project optee_test.git
Fetching projects: 61% (8/13) Fetching project busybox.git
fatal: unable to connect to busybox.net:
busybox.net[0: 140.211.167.122]: errno=Connection timed out

fatal: unable to connect to busybox.net:
busybox.net[0: 140.211.167.122]: errno=Connection timed out

error: Cannot fetch busybox.git

error: Exited sync due to fetch errors``

I received this error while following the instructions from the documentation: https://optee.readthedocs.io/en/latest/building/devices/qemu.html#qemu-v8

Can anyone help ?

Is there any reason that the OP-TEE version cannot be specified in the manifest? It appears all of the XML manifest pull the latest OP-TEE version. However, there are some issues with some devices, e.g. Versal, when pulling from the latest version instead of using the latest supported version. Is there maybe a flag that can be passed in to specify the OP-TEE version or could the manifest be updated? Thank you.

@jenswi-linaro
@ldts

For legal reasons, we had to remove the tree that hosted TF-A for Versal. I am working on setting up a new one.

The OP-TEE function tracing (CFG_FTRACE_SUPPORT=y) needs an updated version of TF-A [1] in order for the timestamps to work, as mentioned here [2].

[1] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit?id=43f999a7e35d
[2] OP-TEE/optee_os#3117 (comment)

hi, community
i want to build a project upon qemu_v8 to test FF-A feature, the commands are listed below:

repo init -u https://github.com/OP-TEE/manifest.git -m qemu_v8.xml
repo sync
cd build
make toolchains
export SPMC_AT_EL=1
make run

but there are some error：

ERROR LOG:
CROSS_COMPILE="/usr/bin/ccache /home/somebody/workspace/FF-A/build/../toolchains/aarch64/bin/aarch64-linux-gnu-" 
make -C /home/somebody/workspace/FF-A/build/../trusted-firmware-a 
BL33=/home/somebody/workspace/FF-A/build/../edk2/Build/ArmVirtQemuKernel-AARCH64/RELEASE_GCC5/FV/QEMU_EFI.fd 
PLAT=qemu QEMU_USE_GIC_DRIVER=QEMU_GICV3 ENABLE_SVE_FOR_NS=1 ENABLE_SVE_FOR_SWD=1 ENABLE_SME_FOR_NS=1 
ENABLE_SME_FOR_SWD=1 BL32_RAM_LOCATION=tdram DEBUG=0 LOG_LEVEL=30 
BL32=/home/somebody/workspace/FF-A/build/../optee_os/out/arm/core/tee-header_v2.bin 
BL32_EXTRA1=/home/somebody/workspace/FF-A/build/../optee_os/out/arm/core/tee-pager_v2.bin 
BL32_EXTRA2=/home/somebody/workspace/FF-A/build/../optee_os/out/arm/core/tee-pageable_v2.bin 
SPD=spmd CTX_INCLUDE_EL2_REGS=0 SPMD_SPM_AT_SEL2=0 SPMC_OPTEE=1 all fip

make[1]: Entering directory '/home/somebody/workspace/FF-A/trusted-firmware-a'

Including services/std_svc/spmd/spmd.mk

services/std_svc/spmd/spmd.mk:12: *** recipe commences before first target.  Stop.

make[1]: Leaving directory '/home/somebody/workspace/FF-A/trusted-firmware-a'

make: *** [Makefile:201: arm-tf] Error 2

did i use the wrong manifest or commands?

sorry for bothering

There is a bug in the Linaro rpk (already filed) which causes a kernel panic in linux 4.9 and errors in later versions (up to 4.14) when an HDMI monitor is plugged in. Unfortunately, there hasn't been any response on the bug for just over a year.

I'm curious if anybody has a monitor which works with the hikey_debian build OP-TEE 2.5.0 or later? If you do, could you send me the exact make, model, year?

Also, if this isn't the right place to ask, let me know where I should direct this question.

I have already installed optee on Ubuntu22.04, but my virtual machine is broken, reinstalling the same Ubuntu22.04, and now I am experiencing the following new problem,Can you help me.

op-tee$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 22.04.1 LTS
Release:	22.04
Codename:	jammy


op-tee$ python --version
Python 3.10.6


op-tee$ pip --version
pip 22.0.2 from /usr/lib/python3/dist-packages/pip (python 3.10)


optee: 3.19.0

~/workspace/op-tee$ repo init -u https://github.com/OP-TEE/manifest.git -m default.xml --repo-url=git://codeaurora.org/tools/repo.git -b 3.19.0
Downloading Repo source from git://codeaurora.org/tools/repo.git
remote: Enumerating objects: 13, done.
remote: Counting objects: 100% (13/13), done.
remote: Compressing objects: 100% (13/13), done.
remote: Total 7231 (delta 3), reused 0 (delta 0), pack-reused 7218
  File "/home/bh/workspace/op-tee/.repo/repo/main.py", line 126
    except ManifestInvalidRevisionError, e:
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
SyntaxError: multiple exception types must be parenthesized

I am sorry for asking question here, but I have no luck to find another place.

I know that boot flow in current realization is like that:
ARM-TF -> OPTEE-OS -> UEFI ... -> LINUX.
While reading documentation about UEFI, I found that it contains such a module as SMM (System Management Mode), which is running at the highest priority exception level of a processor.
So, I'm just wondering if it possible to run or even inbuilt OPTEE-OS inside of SMM.
Is it a better way to secure boot system?

I understand, that question may looks a bit confusing, but anyway I will appreciate any mentions.

Hello,
By running the code as per README.md, I obtain different prediction results, both using the pre-trained model and a freshly trained one.

Setting:

Hardware

Architecture:                    x86_64
CPU op-mode(s):                  32-bit, 64-bit
Byte Order:                      Little Endian
Address sizes:                   46 bits physical, 48 bits virtual
CPU(s):                          24
On-line CPU(s) list:             0-23
Thread(s) per core:              1
Core(s) per socket:              16
Socket(s):                       1
NUMA node(s):                    1
Vendor ID:                       GenuineIntel
CPU family:                      6
Model:                           151
Model name:                      12th Gen Intel(R) Core(TM) i9-12900K
Stepping:                        2
CPU MHz:                         3200.000
CPU max MHz:                     5200.0000
CPU min MHz:                     800.0000
BogoMIPS:                        6374.40
Virtualization:                  VT-x
L1d cache:                       384 KiB
L1i cache:                       256 KiB
L2 cache:                        10 MiB
NUMA node0 CPU(s):               0-23

Software

Distributor ID: Ubuntu
Description:    Ubuntu 20.04.6 LTS
Release:        20.04
Codename:       focal
Kernel:         5.15.0-76-generic

QEMU=8.0.2
OP-TEE=3.22.0

Normal World Output:

darknetp classifier predict -pp_start 4 -pp_end 10 cfg/mnist.dataset cfg/mnist
_lenet.cfg models/mnist/mnist_lenet.weights  data/mnist/images/t_00007_c3.png
Prepare session with the TA
Begin darknet
layer     filters    size              input                output
    0 conv      6  5 x 5 / 1    28 x  28 x   3   ->    28 x  28 x   6  0.001 BFLOPs
    1 max          2 x 2 / 2    28 x  28 x   6   ->    14 x  14 x   6
    2 conv      6  5 x 5 / 1    14 x  14 x   6   ->    14 x  14 x   6  0.000 BFLOPs
    3 max          2 x 2 / 2    14 x  14 x   6   ->     7 x   7 x   6
    4 connected_TA                          294  ->   120
    5 dropout_TA    p = 0.80                120  ->   120
    6 connected_TA                          120  ->    84
    7 dropout_TA    p = 0.80                 84  ->    84
    8 connected_TA                           84  ->    10
    9 softmax_TA                                       10
   10 cost_TA                                          10
workspace_size=235200
Loading weights from models/mnist/mnist_lenet.weights...Done!
output file: /media/results/predict_mnist_lenet_pps4_ppe10.txt
data/mnist/images/t_00007_c3.png: Predicted in 0.008191 seconds.
-0.00%: 0
 0.00%: 1
 0.00%: 2
330.02%: 3
 0.00%: 4
user CPU start: 0.394826; end: 0.394910
kernel CPU start: 2.117686; end: 2.118134
Max: 2432  kilobytes
vmsize:281470681747200; vmrss:281470681745792; vmdata:281470681744252; vmstk:187647121162372; vmexe:281470681743768; vmlib:281470681745604
# darknetp classifier predict -pp_start 4 -pp_end 10 cfg/mnist.dataset cfg/mnist
_lenet.cfg models/mnist/mnist_lenet.weights  data/mnist/images/t_00007_c3.png
Prepare session with the TA
Begin darknet
layer     filters    size              input                output
    0 conv      6  5 x 5 / 1    28 x  28 x   3   ->    28 x  28 x   6  0.001 BFLOPs
    1 max          2 x 2 / 2    28 x  28 x   6   ->    14 x  14 x   6
    2 conv      6  5 x 5 / 1    14 x  14 x   6   ->    14 x  14 x   6  0.000 BFLOPs
    3 max          2 x 2 / 2    14 x  14 x   6   ->     7 x   7 x   6
    4 connected_TA                          294  ->   120
    5 dropout_TA    p = 0.80                120  ->   120
    6 connected_TA                          120  ->    84
    7 dropout_TA    p = 0.80                 84  ->    84
    8 connected_TA                           84  ->    10
    9 softmax_TA                                       10
   10 cost_TA                                          10
workspace_size=235200
Loading weights from models/mnist/mnist_lenet.weights...Done!
output file: /media/results/predict_mnist_lenet_pps4_ppe10.txt
data/mnist/images/t_00007_c3.png: Predicted in 0.008095 seconds.
-0.00%: 0
 0.00%: 1
-0.00%: 2
 0.00%: 3
 0.00%: 4
user CPU start: 0.313335; end: 0.313401
kernel CPU start: 2.177080; end: 2.177540
Max: 2560  kilobytes
vmsize:281470681747200; vmrss:281470681745920; vmdata:281470681744252; vmstk:187647121162372; vmexe:281470681743768; vmlib:281470681745604

Secure World Output:

D/TC:? 0 tee_ta_init_pseudo_ta_session:296 Lookup pseudo TA 7fc5c039-0542-4ee1-80af-b4eab2f1998d
D/TC:? 0 ldelf_load_ldelf:110 ldelf load address 0x40007000
D/LD:  ldelf:142 Loading TS 7fc5c039-0542-4ee1-80af-b4eab2f1998d
D/TC:? 0 ldelf_syscall_open_bin:142 Lookup user TA ELF 7fc5c039-0542-4ee1-80af-b4eab2f1998d (early TA)
D/TC:? 0 ldelf_syscall_open_bin:146 res=0xffff0008
D/TC:? 0 ldelf_syscall_open_bin:142 Lookup user TA ELF 7fc5c039-0542-4ee1-80af-b4eab2f1998d (Secure Storage TA)
D/TC:? 0 ldelf_syscall_open_bin:146 res=0xffff0008
D/TC:? 0 ldelf_syscall_open_bin:142 Lookup user TA ELF 7fc5c039-0542-4ee1-80af-b4eab2f1998d (REE)
D/TC:? 0 ldelf_syscall_open_bin:146 res=0
D/LD:  ldelf:176 ELF (7fc5c039-0542-4ee1-80af-b4eab2f1998d) at 0x40071000
D/TA:  TA_CreateEntryPoint:72 has been called
D/TA:  TA_OpenSessionEntryPoint:91 has been called
I/TA: secure world opened!
I/TA: aes_cbc_TA decrypt ing
I/TA: aes_cbc_TA decrypt ing
I/TA: aes_cbc_TA decrypt ing
I/TA: aes_cbc_TA decrypt ing
I/TA: aes_cbc_TA decrypt ing
I/TA: aes_cbc_TA decrypt ing
D/TC:? 0 tee_ta_close_session:529 csess 0xaeda7860 id 2
D/TC:? 0 tee_ta_close_session:548 Destroy session
I/TA: Goodbye!
D/TA:  TA_DestroyEntryPoint:79 has been called
D/TC:? 0 destroy_context:326 Destroy TA ctx (0xaeda7800)

Hi,

I tried to build OP-TEE 3.6.0 with the below command on the Juno board, but I couldn't.

repo init -u https://github.com/OP-TEE/manifest.git -m juno.xml -b 3.6.0

The error message is like the below.

fatal: manifest 'juno.xml' not available
fatal: error parsing manifest /home/taiji/work/tz/rkp/juno/.repo/manifests/juno.xml: no element found: line 1, column 0

So that I checked the juno.xml file of the branch 3.6.0 and noticed this file is empty.
Please check this file.

Sungjin.

Dear OPTEE group,

The glibc 2.33 removed _STAT_VER and the upstream buildroot has reflected this change (https://git.busybox.net/buildroot/commit/?id=f45925a951318e9e53bead80b363e004301adc6f). So, I'm wondering whether OPTEE wants to update the buildroot to 2021.02.

PS: I've tested the build process with qemu_v8.xml on my branch: 89c5402. I also attach the log of my failed build.

BTW, the edk2 is also incompatible with python 3.9. For instance, python 3.9 removed tostring() and fromstring, and this will cause errors while building (https://bugs.python.org/issue38916).

Thanks,
Mingyuan

I am using procedure to install optee on raspberrypi 3 as given in optee website

But while repo sync i am getting error

Fetching projects: 41% (5/12) Fetching project firmware.git error: no such remote ref 3fb63c413cabfddb7fb9ed286bfc62abe73cc310 error: Cannot fetch firmware.git error: Exited sync due to fetch errors

is there any change in remote revision id?

There is only a hikey960.xml present, but not one fo the hikey970.

Can I safely use the 960 one for the 970?
Not that I brick my board ...

Thank you!

I was originally working off of OP-TEE 2.4.0 which used this linux repo. I just pulled down and started to build OP-TEE 2.5.0 but noticed the linux repo is different, it is now rpk.

Upon further inspection, a lot of the client functions I was relying on are missing (client_open_session, etc.). But the rpk repo seems to be the one currently worked on (most recent commits).

Is there a reason why these are not in the current linux repo? Which repo should I be using?

I just followed the instructions in README but it returned a 403 status code as I run repo sync, saying

error: The requested URL returned error: 403 while accessing https://github.com/linaro-swg/bios_qemu_tz_arm.git.git/info/refs.

When I try to acceess it directly in the browser, I get GitHub.com no longer supports git over dumb.

I have viewed the fvp.xml and default.xml already, but I didn't make any modification. Actually I have no idea how to modify it, they seem normal, just path and name without the refs mentioned in the error info.

Has anyone run it successfully?
Thanks in advance.

It seems that they have typed an unnecessary .git in the name attribution. I deleted those .gits and it finally started to receive.

However, the access to busybox failed, saying The remote end hung up unexpectedly, maybe something wrong with my network?

I am trying to use Interaction between Measured Boot and an fTPM (PoC) but ftpm TA seems that is not compiling with the rest implementation.

-- Build files have been written to: /home/paradox-dev/stuff/fvp-project/out-br/build/optee_client_ext-1.0
ftpm_optee_ext 1.0 Installing to target
PATH="/home/paradox-dev/stuff/fvp-project/out-br/per-package/ftpm_optee_ext/host/bin:/home/paradox-dev/stuff/fvp-project/out-br/per-package/ftpm_optee_ext/host/sbin:/home/paradox-dev/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin" /usr/bin/make DESTDIR=/home/paradox-dev/stuff/fvp-project/out-br/per-package/ftpm_optee_ext/target install/fast -C /home/paradox-dev/stuff/fvp-project/out-br/build/ftpm_optee_ext-1.0/
Install the project...
-- Install configuration: "Release"
-- Installing: /home/paradox-dev/stuff/fvp-project/out-br/per-package/ftpm_optee_ext/target/dev/null/null
echo "Installing fTPM based on OPTEE" && mkdir -p /home/paradox-dev/stuff/fvp-project/out-br/per-package/ftpm_optee_ext/target/lib/optee_armtz && /usr/bin/install -v -p --mode=444 --target-directory=/home/paradox-dev/stuff/fvp-project/out-br/per-package/ftpm_optee_ext/target/lib/optee_armtz "/home/paradox-dev/stuff/fvp-project/build/../ms-tpm-20-ref"/"Samples/ARM32-FirmwareTPM/optee_ta"/out/fTPM/bc50d971-d4c9-42c4-82cb-343fb7f37896.ta
Installing fTPM based on OPTEE
/usr/bin/install: cannot stat '/home/paradox-dev/stuff/fvp-project/build/../ms-tpm-20-ref/Samples/ARM32-FirmwareTPM/optee_ta/out/fTPM/bc50d971-d4c9-42c4-82cb-343fb7f37896.ta': No such file or directory
linux_ftpm_mod_ext 1.0 Installing to target
make[2]: *** [package/pkg-generic.mk:382: /home/paradox-dev/stuff/fvp-project/out-br/build/ftpm_optee_ext-1.0/.stamp_target_installed] Error 1
make[2]: *** Waiting for unfinished jobs....
PATH="/home/paradox-dev/stuff/fvp-project/out-br/per-package/linux_ftpm_mod_ext/host/bin:/home/paradox-dev/stuff/fvp-project/out-br/per-package/linux_ftpm_mod_ext/host/sbin:/home/paradox-dev/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin" /usr/bin/make DESTDIR=/home/paradox-dev/stuff/fvp-project/out-br/per-package/linux_ftpm_mod_ext/target install/fast -C /home/paradox-dev/stuff/fvp-project/out-br/build/linux_ftpm_mod_ext-1.0/
Install the project...
-- Install configuration: "Release"
-- Installing: /home/paradox-dev/stuff/fvp-project/out-br/per-package/linux_ftpm_mod_ext/target/dev/null/null
echo "Installing TPM kernel module" && mkdir -p /home/paradox-dev/stuff/fvp-project/out-br/per-package/linux_ftpm_mod_ext/target/lib/modules/extra
Installing TPM kernel module
/usr/bin/install -v -p --mode=444 --target-directory=/home/paradox-dev/stuff/fvp-project/out-br/per-package/linux_ftpm_mod_ext/target/lib/modules/extra "/home/paradox-dev/stuff/fvp-project/build/../linux"/drivers/char/tpm/tpm_ftpm_tee.ko
'/home/paradox-dev/stuff/fvp-project/build/../linux/drivers/char/tpm/tpm_ftpm_tee.ko' -> '/home/paradox-dev/stuff/fvp-project/out-br/per-package/linux_ftpm_mod_ext/target/lib/modules/extra/tpm_ftpm_tee.ko'

I followed the instructions given and used $ MEASURED_BOOT=y make -j `nproc` to compile the PoC. I will track the configuration and try to manually compile the fTPM TA as a way to bypass the error and maybe a way to fix it.

I try the original <remote name="xenbits" fetch="https://xenbits.xen.org/" /> and failed with repo sync, but success by replacing it with <remote name="xenbits" fetch="https://xenbits.xenproject.org/" />. Maybe the url should be updated.

Building qemu_v8.xml from scratch, I get:

$ make linux
...
  MODPOST vmlinux.o
/home/jerome/work/optee_repo_qemu_v8/build/../toolchains/aarch64/bin/aarch64-linux-gnu-ld: arch/arm64/kernel/head.o: in function `__primary_switched':
/home/jerome/work/optee_repo_qemu_v8/linux/arch/arm64/kernel/head.S:457: undefined reference to `kaslr_early_init'
/home/jerome/work/optee_repo_qemu_v8/linux/arch/arm64/kernel/head.S:457:(.init.text+0x398): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol `kaslr_early_init'
make[1]: *** [Makefile:1029: vmlinux] Error 1

I've never seen this before... Is anyone else having this problem, or is something wrong in my build environment?

Hello,
In https://optee.readthedocs.io/en/latest/building/gits/build.html and https://optee.readthedocs.io/en/latest/building/devices/qemu.html I see instructions for building and running OP-TEE using QEMU for Armv8-A.
Can you please advise how the RISCV related changes in OP-TEE are being tested (presumably on qemu?).
I've tried running the following

ARCH=riscv make -j2 toolchains
ARCH=riscv make run 

and the toolchain was built ok, but make run fails, it seems to be still expecting to build and run for ARM:

% ARCH=riscv make run
make -C /data/aousherovitch/prj/optee/build/../optee_os O=out/riscv CFG_USER_TA_TARGETS=ta_rv64 CFG_RV64_core=y PLATFORM=vexpress-qemu_armv8a CROSS_COMPILE="/usr/bin/ccache /data/aousherovitch/prj/optee/build/../toolchains/riscv64/bin/riscv64-unknown-linux-gnu-" CROSS_COMPILE_core="/usr/bin/ccache /data/aousherovitch/prj/optee/build/../toolchains/riscv64/bin/riscv64-unknown-linux-gnu-" CROSS_COMPILE_ta_rv64="/usr/bin/ccache /data/aousherovitch/prj/optee/build/../toolchains/riscv64/bin/riscv64-unknown-linux-gnu-" CROSS_COMPILE_ta_rv32="/usr/bin/ccache " CFG_TEE_CORE_LOG_LEVEL=3 DEBUG=0 CFG_IN_TREE_EARLY_TAS="trusted_keys/f04a0fe7-1f5d-4b9b-abf7-619b85b4ce8c" DEBUG=0 CFG_ARM_GICV3=y 
make[1]: Entering directory '/data/aousherovitch/prj/optee/optee_os'
core/arch/riscv/riscv.mk:72: *** CFG_ARM_GICV3 is set to 'y' (from command line) but its value must be 'n'.  Stop.
make[1]: Leaving directory '/data/aousherovitch/prj/optee/optee_os'
make: *** [common.mk:550: optee-os-common] Error 2

Please advise.
Thank you

Hello
It seems that master branch hasn't been synchronized to version 4.0.0

Since optee is all about security, it would make sense to provide a build option to lock the demo buildroot examples down using selinux. This would serve two purposes - provide a reference to a basic framework of locking down buildroot. And second, it could show how to lock down which user space apps can communicate to a specific TA.

For example, I'm working on an embedded system, I don't want my app running as root. So I need to figure out how to ensure that my app is the only thing that can talk to its associated TA. I'm guessing that this can be controlled by selinux policies? I can't locate any examples of doing this.

It looks like https://github.com/TF-A/trusted-firmware-a no longer works.
And all XML files seem to depend on it.
Can we just ignore this repo?