Upstream

OP-TEE is the secure-world OS that runs at S-EL1, between TF-A and Linux. Getting it up on a new SoC is mostly plumbing — memory map, console, crypto, entropy — except every piece of that plumbing has a way to go silently wrong, and “silently” is the operative word here, because the first problem was literally silence. Target: Radxa Rock 4D (RK3576), firmware on SPI, kernel + an xtest initramfs off SD. The base platform support went up as OP-TEE PR #7821 — and it’s now merged into mainline OP-TEE. The OTP key-derivation half got split into its own follow-up (#7841), still in review; there’s a good reason it’s separate, and it’s below. ...

This is the smallest patch I’ve ever upstreamed: it removes one line. Net diff is negative. But it’s also the first thing I sent to Trusted Firmware-A, and it got read by engineers from ST, Google, and Rockchip before it landed. So it’s a decent little story about what upstreaming actually feels like, even when the change is nearly nothing. The line I deleted In plat/rockchip/rk3576/platform.mk, one line: 1 2 3 4 5 ENABLE_PLAT_COMPAT := 0 MULTI_CONSOLE_API := 1 CTX_INCLUDE_EL2_REGS := 0 -GICV2_G0_FOR_EL3 := 1 CTX_INCLUDE_AARCH32_REGS := 0 That’s the whole patch. GICV2_G0_FOR_EL3 decides whether GICv2 Group 0 interrupts are routed to EL3. The RK3576 platform was hardcoding it to 1, and that override is both redundant and wrong: ...