qcom_pas.c - OpenGrok history log for /optee_os/ta/qcom_pas/src/qcom

Revision		Date	Author	Comments
# abca35a6		31-Mar-2026	Jorge Ramirez-Ortiz <jorge.ramirez@oss.qualcomm.com>	ta: pas: Add Qualcomm PAS TA Certificate chain validation requires substantial parsing, which is not suitable for the constrained S-EL1 environment. While signature verification is supported by the ta: pas: Add Qualcomm PAS TA Certificate chain validation requires substantial parsing, which is not suitable for the constrained S-EL1 environment. While signature verification is supported by the crypto API, extending the TEE core/PTA to handle full chain parsing would increase complexity and TCB size. Move certificate validation to a user TA, keeping the PTA for platform operations (PAS control, firmware loading, resets). This allows reuse of existing parsing libraries and keeps the core minimal. Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez@oss.qualcomm.com> Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com> show more ...

Revision

Date

Author

Comments

# abca35a6

31-Mar-2026

Jorge Ramirez-Ortiz <jorge.ramirez@oss.qualcomm.com>

ta: pas: Add Qualcomm PAS TA

Certificate chain validation requires substantial parsing, which is not
suitable for the constrained S-EL1 environment. While signature
verification is supported by the

ta: pas: Add Qualcomm PAS TA

Certificate chain validation requires substantial parsing, which is not
suitable for the constrained S-EL1 environment. While signature
verification is supported by the crypto API, extending the TEE core/PTA
to handle full chain parsing would increase complexity and TCB size.

Move certificate validation to a user TA, keeping the PTA for platform
operations (PAS control, firmware loading, resets). This allows reuse of
existing parsing libraries and keeps the core minimal.

Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez@oss.qualcomm.com>
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>