From 7fb2707adaa3ef25b48bd58e63b32161f9ba0faf Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@arm.com>
Date: Mon, 13 Nov 2023 13:30:59 +0000
Subject: [PATCH] arm/optee: handle CVE-2021-36133 as disputed

This CVE is specific to NXP i.MX boards which are documented as being
shipped unsecure, as they're meant for development.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
---
 meta-arm/recipes-security/optee/optee.inc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta-arm/recipes-security/optee/optee.inc b/meta-arm/recipes-security/optee/optee.inc
index 06c67cfb..650f8d0b 100644
--- a/meta-arm/recipes-security/optee/optee.inc
+++ b/meta-arm/recipes-security/optee/optee.inc
@@ -31,3 +31,6 @@ EXTRA_OEMAKE += "V=1 \
 # python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
 # right path until this is relocated automatically.
 export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
+
+# See the rationale in https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt.
+CVE_STATUS[CVE-2021-36133] = "disputed: devices shipped open for development purposes"