From: Tim Harvey <tharvey@gateworks.com>
To: u-boot <u-boot@lists.denx.de>,
Marcel Ziswiler <marcel@ziswiler.com>,
Simon Glass <sjg@chromium.org>,
Fabio Estevam <festevam@gmail.com>
Subject: IMX8M OP-TEE
Date: Mon, 11 Oct 2021 15:15:39 -0700 [thread overview]
Message-ID: <CAJ+vNU1+oxD9HxbtVsoG+JCxPZZps7d-5ugvyzbMZycWxC3i0Q@mail.gmail.com> (raw)
Greetings,
Is anyone successfully booting U-Boot with OP-TEE support on the IMX8M?
My understanding is that you need to add tee.bin to the images in the
FIT image and include it in loadables following the ATF.
While this was done with arch/arm/mach-imx/mkimage_fit_atf.sh before
the switch to binman by simply having tee.bin in the U-Boot directory
and passing in TEE_LOAD_ADDR (or accepting the default of 0xfe000000)
once you switch to binman it needs to be added for your board.
Additionally in order to use OP-TEE from U-Boot (ie for dek_blob
command) you need to add a node with compatible=linaro,optee-tz as
well.
I've done the following to add OP-TEE for imx8mm_venice:
diff --git a/configs/imx8mm_venice_defconfig b/configs/imx8mm_venice_defconfig
index d85827b588..85d2b20810 100644
-u-boot.dtsi
index e0fa9ff4bf..7a71b974e1 100644
--- a/arch/arm/dts/imx8mm-venice-u-boot.dtsi
+++ b/arch/arm/dts/imx8mm-venice-u-boot.dtsi
@@ -10,6 +10,13 @@
multiple-images;
};
+ firmware {
+ optee {
+ compatible = "linaro,optee-tz";
+ method = "smc";
+ };
+ };
+
wdt-reboot {
compatible = "wdt-reboot";
wdt = <&wdog1>;
@@ -152,6 +159,16 @@
};
};
+ tee {
+ description = "TEE firmware";
+ type = "firmware";
+ arch = "arm64";
+ compression = "none";
+ data = "tee.bin";
+ load = <0xbe000000>;
+ entry = <0xbe000000>;
+ };
+
@fdt-SEQ {
description = "NAME";
type = "flat_dt";
@@ -165,7 +182,7 @@
@config-SEQ {
description = "NAME";
firmware = "uboot";
- loadables = "atf";
+ loadables = "atf", "tee";
fdt = "fdt-SEQ";
};
};
However, when I attempt to boot I hang when the ATF is run.
Where does the TEE_LOAD_ADDR come from specifically? I would think
this needs to be defined when building tee and needs to match the load
address used in the FIT image. It appears that perhaps this is supped
to be DDR_BASE + DDR_SIZE - 32MIB but I'm not entirely sure.
I'm currently using NXP's ATF (imx_5.4.3_2.0.0) and NXP's TEE
(imx_5.4.70_2.3.0) and would also like to understand if NXP's branches
are strictly required here and if so what the pros and cons of using
them are.
Anyone using IMX8MM OP-TEE that could point me in the right direction?
Best regards,
Tim
next reply other threads:[~2021-10-11 22:16 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-11 22:15 Tim Harvey [this message]
2021-10-11 22:29 ` IMX8M OP-TEE Marcel Ziswiler
2021-10-11 23:32 ` Tim Harvey
2021-10-12 16:57 ` Marcel Ziswiler
2021-10-14 19:03 ` Tim Harvey
2021-10-20 16:46 ` Igor Opaniuk
2021-10-20 23:47 ` Tim Harvey
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAJ+vNU1+oxD9HxbtVsoG+JCxPZZps7d-5ugvyzbMZycWxC3i0Q@mail.gmail.com \
--to=tharvey@gateworks.com \
--cc=festevam@gmail.com \
--cc=marcel@ziswiler.com \
--cc=sjg@chromium.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.