* [Buildroot] [PATCH] boot/uboot: add support for bundling TEE in BIN format into U-Boot
@ 2022-02-01 9:13 Michael Trimarchi
2022-02-01 17:14 ` Yann E. MORIN
2022-02-12 20:35 ` Arnout Vandecappelle
0 siblings, 2 replies; 7+ messages in thread
From: Michael Trimarchi @ 2022-02-01 9:13 UTC (permalink / raw)
To: Yann E. MORIN, buildroot; +Cc: Ariel D'Alessandro, Jagan Teki
Some U-Boot platforms (e.g. nxp) can bundle OPTEE's tee.bin
into the U-Boot image using binman. This patch brings the necessary changes to
enable this feature.
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
---
boot/uboot/Config.in | 12 ++++++++++++
boot/uboot/uboot.mk | 12 ++++++++++++
2 files changed, 24 insertions(+)
diff --git a/boot/uboot/Config.in b/boot/uboot/Config.in
index c630fc6552..117bbd3faf 100644
--- a/boot/uboot/Config.in
+++ b/boot/uboot/Config.in
@@ -237,6 +237,18 @@ config BR2_TARGET_UBOOT_NEEDS_OPTEE_TEE
U-Boot. This option makes sure optee-os gets built prior to
U-Boot, and that the TEE variable pointing to OPTEE's
tee.elf, is passed during the Buildroot build.
+choice
+ prompt "U-Boot OPTEE BL32 format"
+ default BR2_TARGET_UBOOT_NEEDS_OPTEE_BIN
+ depends on BR2_TARGET_UBOOT_NEEDS_OPTEE_TEE
+
+config BR2_TARGET_UBOOT_NEEDS_OPTEE_BIN
+ bool "tee.bin"
+
+config BR2_TARGET_UBOOT_NEEDS_OPTEE_ELF
+ bool "tee.elf"
+
+endchoice
config BR2_TARGET_UBOOT_NEEDS_OPENSBI
bool "U-Boot needs OpenSBI"
diff --git a/boot/uboot/uboot.mk b/boot/uboot/uboot.mk
index 574fc7089a..210fa219ed 100644
--- a/boot/uboot/uboot.mk
+++ b/boot/uboot/uboot.mk
@@ -177,7 +177,19 @@ endif
ifeq ($(BR2_TARGET_UBOOT_NEEDS_OPTEE_TEE),y)
UBOOT_DEPENDENCIES += optee-os
+ifeq ($(BR2_TARGET_UBOOT_NEEDS_OPTEE_ELF),y)
UBOOT_MAKE_OPTS += TEE=$(BINARIES_DIR)/tee.elf
+define UBOOT_COPY_TEE_FIRMWARE
+ cp $(BINARIES_DIR)/tee.elf $(@D)/
+endef
+UBOOT_PRE_BUILD_HOOKS += UBOOT_COPY_TEE_FIRMWARE
+else
+UBOOT_MAKE_OPTS += BL32=$(BINARIES_DIR)/tee.bin
+define UBOOT_COPY_TEE_FIRMWARE
+ cp $(BINARIES_DIR)/tee-raw.bin $(@D)/tee.bin
+endef
+UBOOT_PRE_BUILD_HOOKS += UBOOT_COPY_TEE_FIRMWARE
+endif
endif
ifeq ($(BR2_TARGET_UBOOT_NEEDS_OPENSBI),y)
--
2.25.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [Buildroot] [PATCH] boot/uboot: add support for bundling TEE in BIN format into U-Boot
2022-02-01 9:13 [Buildroot] [PATCH] boot/uboot: add support for bundling TEE in BIN format into U-Boot Michael Trimarchi
@ 2022-02-01 17:14 ` Yann E. MORIN
2022-02-01 17:57 ` Michael Nazzareno Trimarchi
2022-02-12 20:35 ` Arnout Vandecappelle
1 sibling, 1 reply; 7+ messages in thread
From: Yann E. MORIN @ 2022-02-01 17:14 UTC (permalink / raw)
To: Michael Trimarchi; +Cc: Ariel D'Alessandro, Jagan Teki, buildroot
Michael, All,
On 2022-02-01 10:13 +0100, Michael Trimarchi spake thusly:
> Some U-Boot platforms (e.g. nxp) can bundle OPTEE's tee.bin
> into the U-Boot image using binman. This patch brings the necessary changes to
> enable this feature.
>
> Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
> ---
> boot/uboot/Config.in | 12 ++++++++++++
> boot/uboot/uboot.mk | 12 ++++++++++++
> 2 files changed, 24 insertions(+)
>
> diff --git a/boot/uboot/Config.in b/boot/uboot/Config.in
> index c630fc6552..117bbd3faf 100644
> --- a/boot/uboot/Config.in
> +++ b/boot/uboot/Config.in
> @@ -237,6 +237,18 @@ config BR2_TARGET_UBOOT_NEEDS_OPTEE_TEE
> U-Boot. This option makes sure optee-os gets built prior to
> U-Boot, and that the TEE variable pointing to OPTEE's
> tee.elf, is passed during the Buildroot build.
Missing empty line here.
> +choice
> + prompt "U-Boot OPTEE BL32 format"
> + default BR2_TARGET_UBOOT_NEEDS_OPTEE_BIN
> + depends on BR2_TARGET_UBOOT_NEEDS_OPTEE_TEE
> +
> +config BR2_TARGET_UBOOT_NEEDS_OPTEE_BIN
> + bool "tee.bin"
> +
> +config BR2_TARGET_UBOOT_NEEDS_OPTEE_ELF
> + bool "tee.elf"
> +
> +endchoice
>
> config BR2_TARGET_UBOOT_NEEDS_OPENSBI
> bool "U-Boot needs OpenSBI"
> diff --git a/boot/uboot/uboot.mk b/boot/uboot/uboot.mk
> index 574fc7089a..210fa219ed 100644
> --- a/boot/uboot/uboot.mk
> +++ b/boot/uboot/uboot.mk
> @@ -177,7 +177,19 @@ endif
>
> ifeq ($(BR2_TARGET_UBOOT_NEEDS_OPTEE_TEE),y)
> UBOOT_DEPENDENCIES += optee-os
> +ifeq ($(BR2_TARGET_UBOOT_NEEDS_OPTEE_ELF),y)
> UBOOT_MAKE_OPTS += TEE=$(BINARIES_DIR)/tee.elf
> +define UBOOT_COPY_TEE_FIRMWARE
> + cp $(BINARIES_DIR)/tee.elf $(@D)/
Why do you need to copy it, when TEE is pointing to the original in
$(BINARIESD_DIR), just above, and that has worked well so far?
> +endef
> +UBOOT_PRE_BUILD_HOOKS += UBOOT_COPY_TEE_FIRMWARE
> +else
> +UBOOT_MAKE_OPTS += BL32=$(BINARIES_DIR)/tee.bin
> +define UBOOT_COPY_TEE_FIRMWARE
> + cp $(BINARIES_DIR)/tee-raw.bin $(@D)/tee.bin
Ditto: why do you need to copy it, when TEE, just above, also points to
the original in $(BINARIES_DIR) ?
Regards,
Yann E. MORIN.
> +endef
> +UBOOT_PRE_BUILD_HOOKS += UBOOT_COPY_TEE_FIRMWARE
> +endif
> endif
>
> ifeq ($(BR2_TARGET_UBOOT_NEEDS_OPENSBI),y)
> --
> 2.25.1
>
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Buildroot] [PATCH] boot/uboot: add support for bundling TEE in BIN format into U-Boot
2022-02-01 17:14 ` Yann E. MORIN
@ 2022-02-01 17:57 ` Michael Nazzareno Trimarchi
2022-02-01 19:01 ` Yann E. MORIN
0 siblings, 1 reply; 7+ messages in thread
From: Michael Nazzareno Trimarchi @ 2022-02-01 17:57 UTC (permalink / raw)
To: Yann E. MORIN; +Cc: Ariel D'Alessandro, Jagan Teki, buildroot
Hi
On Tue, Feb 1, 2022 at 6:14 PM Yann E. MORIN <yann.morin.1998@free.fr> wrote:
>
> Michael, All,
>
> On 2022-02-01 10:13 +0100, Michael Trimarchi spake thusly:
> > Some U-Boot platforms (e.g. nxp) can bundle OPTEE's tee.bin
> > into the U-Boot image using binman. This patch brings the necessary changes to
> > enable this feature.
> >
> > Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
> > ---
> > boot/uboot/Config.in | 12 ++++++++++++
> > boot/uboot/uboot.mk | 12 ++++++++++++
> > 2 files changed, 24 insertions(+)
> >
> > diff --git a/boot/uboot/Config.in b/boot/uboot/Config.in
> > index c630fc6552..117bbd3faf 100644
> > --- a/boot/uboot/Config.in
> > +++ b/boot/uboot/Config.in
> > @@ -237,6 +237,18 @@ config BR2_TARGET_UBOOT_NEEDS_OPTEE_TEE
> > U-Boot. This option makes sure optee-os gets built prior to
> > U-Boot, and that the TEE variable pointing to OPTEE's
> > tee.elf, is passed during the Buildroot build.
>
> Missing empty line here.
>
ok
> > +choice
> > + prompt "U-Boot OPTEE BL32 format"
> > + default BR2_TARGET_UBOOT_NEEDS_OPTEE_BIN
> > + depends on BR2_TARGET_UBOOT_NEEDS_OPTEE_TEE
> > +
> > +config BR2_TARGET_UBOOT_NEEDS_OPTEE_BIN
> > + bool "tee.bin"
> > +
> > +config BR2_TARGET_UBOOT_NEEDS_OPTEE_ELF
> > + bool "tee.elf"
> > +
> > +endchoice
> >
> > config BR2_TARGET_UBOOT_NEEDS_OPENSBI
> > bool "U-Boot needs OpenSBI"
> > diff --git a/boot/uboot/uboot.mk b/boot/uboot/uboot.mk
> > index 574fc7089a..210fa219ed 100644
> > --- a/boot/uboot/uboot.mk
> > +++ b/boot/uboot/uboot.mk
> > @@ -177,7 +177,19 @@ endif
> >
> > ifeq ($(BR2_TARGET_UBOOT_NEEDS_OPTEE_TEE),y)
> > UBOOT_DEPENDENCIES += optee-os
> > +ifeq ($(BR2_TARGET_UBOOT_NEEDS_OPTEE_ELF),y)
> > UBOOT_MAKE_OPTS += TEE=$(BINARIES_DIR)/tee.elf
> > +define UBOOT_COPY_TEE_FIRMWARE
> > + cp $(BINARIES_DIR)/tee.elf $(@D)/
>
> Why do you need to copy it, when TEE is pointing to the original in
> $(BINARIESD_DIR), just above, and that has worked well so far?
>
The copy are needed to binman to include it
> > +endef
> > +UBOOT_PRE_BUILD_HOOKS += UBOOT_COPY_TEE_FIRMWARE
> > +else
> > +UBOOT_MAKE_OPTS += BL32=$(BINARIES_DIR)/tee.bin
> > +define UBOOT_COPY_TEE_FIRMWARE
> > + cp $(BINARIES_DIR)/tee-raw.bin $(@D)/tee.bin
>
> Ditto: why do you need to copy it, when TEE, just above, also points to
> the original in $(BINARIES_DIR) ?
Same as above
Michael
>
> Regards,
> Yann E. MORIN.
>
> > +endef
> > +UBOOT_PRE_BUILD_HOOKS += UBOOT_COPY_TEE_FIRMWARE
> > +endif
> > endif
> >
> > ifeq ($(BR2_TARGET_UBOOT_NEEDS_OPENSBI),y)
> > --
> > 2.25.1
> >
>
> --
> .-----------------.--------------------.------------------.--------------------.
> | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
> | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
> | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
> | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
> '------------------------------^-------^------------------^--------------------'
--
Michael Nazzareno Trimarchi
Co-Founder & Chief Executive Officer
M. +39 347 913 2170
michael@amarulasolutions.com
__________________________________
Amarula Solutions BV
Joop Geesinkweg 125, 1114 AB, Amsterdam, NL
T. +31 (0)85 111 9172
info@amarulasolutions.com
www.amarulasolutions.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Buildroot] [PATCH] boot/uboot: add support for bundling TEE in BIN format into U-Boot
2022-02-01 17:57 ` Michael Nazzareno Trimarchi
@ 2022-02-01 19:01 ` Yann E. MORIN
2022-02-01 19:12 ` Michael Nazzareno Trimarchi
0 siblings, 1 reply; 7+ messages in thread
From: Yann E. MORIN @ 2022-02-01 19:01 UTC (permalink / raw)
To: Michael Nazzareno Trimarchi; +Cc: Ariel D'Alessandro, Jagan Teki, buildroot
Michael, All,
On 2022-02-01 18:57 +0100, Michael Nazzareno Trimarchi spake thusly:
> On Tue, Feb 1, 2022 at 6:14 PM Yann E. MORIN <yann.morin.1998@free.fr> wrote:
> > On 2022-02-01 10:13 +0100, Michael Trimarchi spake thusly:
> > > Some U-Boot platforms (e.g. nxp) can bundle OPTEE's tee.bin
> > > into the U-Boot image using binman. This patch brings the necessary changes to
> > > enable this feature.
Also, comit log not nicely formatted: it should be wrapped at ~72 chars
on every lines.
> > > Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
> > > ---
[--SNIP--]
> > > ifeq ($(BR2_TARGET_UBOOT_NEEDS_OPTEE_TEE),y)
> > > UBOOT_DEPENDENCIES += optee-os
> > > +ifeq ($(BR2_TARGET_UBOOT_NEEDS_OPTEE_ELF),y)
> > > UBOOT_MAKE_OPTS += TEE=$(BINARIES_DIR)/tee.elf
,^^^^^^^^^^^^^^^^^^^^^^^^^^^
Note this for later ----/
> > > +define UBOOT_COPY_TEE_FIRMWARE
> > > + cp $(BINARIES_DIR)/tee.elf $(@D)/
> > Why do you need to copy it, when TEE is pointing to the original in
> > $(BINARIESD_DIR), just above, and that has worked well so far?
> The copy are needed to binman to include it
As far as I understand it, BR2_TARGET_UBOOT_NEEDS_OPTEE_ELF is supposed
to behave like the code we had so far, and so far we did not have the
copy, and that seems that it worked OK without the copy.
Now you are adding the copy: why was it not needed before, and why is it
needed now?
And if binman needs it in the source tree, then why do we point the TEE
variable to the original location in BINARIES_DIR, as I highlighted
above?
> > > +endef
> > > +UBOOT_PRE_BUILD_HOOKS += UBOOT_COPY_TEE_FIRMWARE
> > > +else
> > > +UBOOT_MAKE_OPTS += BL32=$(BINARIES_DIR)/tee.bin
> > > +define UBOOT_COPY_TEE_FIRMWARE
> > > + cp $(BINARIES_DIR)/tee-raw.bin $(@D)/tee.bin
> > Ditto: why do you need to copy it, when TEE, just above, also points to
> > the original in $(BINARIES_DIR) ?
> Same as above
Ditto.
Regards,
Yann E. MORIN.
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Buildroot] [PATCH] boot/uboot: add support for bundling TEE in BIN format into U-Boot
2022-02-01 19:01 ` Yann E. MORIN
@ 2022-02-01 19:12 ` Michael Nazzareno Trimarchi
2022-02-01 19:47 ` Michael Nazzareno Trimarchi
0 siblings, 1 reply; 7+ messages in thread
From: Michael Nazzareno Trimarchi @ 2022-02-01 19:12 UTC (permalink / raw)
To: Yann E. MORIN; +Cc: Ariel D'Alessandro, Jagan Teki, buildroot
Hi Yann
On Tue, Feb 1, 2022 at 8:01 PM Yann E. MORIN <yann.morin.1998@free.fr> wrote:
>
> Michael, All,
>
> On 2022-02-01 18:57 +0100, Michael Nazzareno Trimarchi spake thusly:
> > On Tue, Feb 1, 2022 at 6:14 PM Yann E. MORIN <yann.morin.1998@free.fr> wrote:
> > > On 2022-02-01 10:13 +0100, Michael Trimarchi spake thusly:
> > > > Some U-Boot platforms (e.g. nxp) can bundle OPTEE's tee.bin
> > > > into the U-Boot image using binman. This patch brings the necessary changes to
> > > > enable this feature.
>
> Also, comit log not nicely formatted: it should be wrapped at ~72 chars
> on every lines.
>
> > > > Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
> > > > ---
> [--SNIP--]
> > > > ifeq ($(BR2_TARGET_UBOOT_NEEDS_OPTEE_TEE),y)
> > > > UBOOT_DEPENDENCIES += optee-os
> > > > +ifeq ($(BR2_TARGET_UBOOT_NEEDS_OPTEE_ELF),y)
> > > > UBOOT_MAKE_OPTS += TEE=$(BINARIES_DIR)/tee.elf
> ,^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Note this for later ----/
>
> > > > +define UBOOT_COPY_TEE_FIRMWARE
> > > > + cp $(BINARIES_DIR)/tee.elf $(@D)/
> > > Why do you need to copy it, when TEE is pointing to the original in
> > > $(BINARIESD_DIR), just above, and that has worked well so far?
> > The copy are needed to binman to include it
>
> As far as I understand it, BR2_TARGET_UBOOT_NEEDS_OPTEE_ELF is supposed
> to behave like the code we had so far, and so far we did not have the
> copy, and that seems that it worked OK without the copy.
>
> Now you are adding the copy: why was it not needed before, and why is it
> needed now?
>
> And if binman needs it in the source tree, then why do we point the TEE
> variable to the original location in BINARIES_DIR, as I highlighted
> above?
binman takes this and put an image on each part. We already copy atf.
Now nxp I need to copy tee-raw.bin in tee.bin
fit {
description = "Configuration to load ATF before U-Boot";
fit,external-offset = <CONFIG_FIT_EXTERNAL_OFFSET>;
fit,fdt-list = "of-list";
#address-cells = <1>;
images {
uboot {
arch = "arm64";
compression = "none";
description = "U-Boot (64-bit)";
load = <CONFIG_SYS_TEXT_BASE>;
type = "standalone";
uboot_blob {
filename = "u-boot-nodtb.bin";
type = "blob-ext";
};
};
atf {
arch = "arm64";
compression = "none";
description = "ARM Trusted Firmware";
entry = <0x960000>;
load = <0x960000>;
type = "firmware";
atf_blob {
filename = "bl31.bin";
type = "blob-ext";
};
};
tee {
arch = "arm64";
compression = "none";
description = "OP-TEE Trusted
OS (bl32)";
load = <0x5f800000>;
entry = <0x5f800000>;
type = "firmware";
tee_blob {
filename = "tee.bin";
type = "blob-ext";
};
};
binman_fip: fip {
arch = "arm64";
compression = "none";
description = "Trusted Firmware FIP";
load = <0x40310000>;
type = "firmware";
};
@fdt-SEQ {
compression = "none";
description = "NAME";
type = "flat_dt";
uboot_fdt_blob {
filename = "u-boot.dtb";
type = "blob-ext";
};
};
};
The above work working for rockchip so as we copy atf, I need to copy tee
Michael
>
> > > > +endef
> > > > +UBOOT_PRE_BUILD_HOOKS += UBOOT_COPY_TEE_FIRMWARE
> > > > +else
> > > > +UBOOT_MAKE_OPTS += BL32=$(BINARIES_DIR)/tee.bin
> > > > +define UBOOT_COPY_TEE_FIRMWARE
> > > > + cp $(BINARIES_DIR)/tee-raw.bin $(@D)/tee.bin
> > > Ditto: why do you need to copy it, when TEE, just above, also points to
> > > the original in $(BINARIES_DIR) ?
> > Same as above
>
> Ditto.
>
> Regards,
> Yann E. MORIN.
>
> --
> .-----------------.--------------------.------------------.--------------------.
> | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
> | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
> | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
> | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
> '------------------------------^-------^------------------^--------------------'
--
Michael Nazzareno Trimarchi
Co-Founder & Chief Executive Officer
M. +39 347 913 2170
michael@amarulasolutions.com
__________________________________
Amarula Solutions BV
Joop Geesinkweg 125, 1114 AB, Amsterdam, NL
T. +31 (0)85 111 9172
info@amarulasolutions.com
www.amarulasolutions.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Buildroot] [PATCH] boot/uboot: add support for bundling TEE in BIN format into U-Boot
2022-02-01 19:12 ` Michael Nazzareno Trimarchi
@ 2022-02-01 19:47 ` Michael Nazzareno Trimarchi
0 siblings, 0 replies; 7+ messages in thread
From: Michael Nazzareno Trimarchi @ 2022-02-01 19:47 UTC (permalink / raw)
To: Yann E. MORIN; +Cc: Ariel D'Alessandro, Jagan Teki, buildroot
Hi Yann
On Tue, Feb 1, 2022 at 8:12 PM Michael Nazzareno Trimarchi
<michael@amarulasolutions.com> wrote:
>
> Hi Yann
>
>
> On Tue, Feb 1, 2022 at 8:01 PM Yann E. MORIN <yann.morin.1998@free.fr> wrote:
> >
> > Michael, All,
> >
> > On 2022-02-01 18:57 +0100, Michael Nazzareno Trimarchi spake thusly:
> > > On Tue, Feb 1, 2022 at 6:14 PM Yann E. MORIN <yann.morin.1998@free.fr> wrote:
> > > > On 2022-02-01 10:13 +0100, Michael Trimarchi spake thusly:
> > > > > Some U-Boot platforms (e.g. nxp) can bundle OPTEE's tee.bin
> > > > > into the U-Boot image using binman. This patch brings the necessary changes to
> > > > > enable this feature.
> >
> > Also, comit log not nicely formatted: it should be wrapped at ~72 chars
> > on every lines.
> >
> > > > > Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
> > > > > ---
> > [--SNIP--]
> > > > > ifeq ($(BR2_TARGET_UBOOT_NEEDS_OPTEE_TEE),y)
> > > > > UBOOT_DEPENDENCIES += optee-os
> > > > > +ifeq ($(BR2_TARGET_UBOOT_NEEDS_OPTEE_ELF),y)
> > > > > UBOOT_MAKE_OPTS += TEE=$(BINARIES_DIR)/tee.elf
> > ,^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > Note this for later ----/
> >
> > > > > +define UBOOT_COPY_TEE_FIRMWARE
> > > > > + cp $(BINARIES_DIR)/tee.elf $(@D)/
> > > > Why do you need to copy it, when TEE is pointing to the original in
> > > > $(BINARIESD_DIR), just above, and that has worked well so far?
> > > The copy are needed to binman to include it
> >
> > As far as I understand it, BR2_TARGET_UBOOT_NEEDS_OPTEE_ELF is supposed
> > to behave like the code we had so far, and so far we did not have the
> > copy, and that seems that it worked OK without the copy.
> >
> > Now you are adding the copy: why was it not needed before, and why is it
> > needed now?
> >
> > And if binman needs it in the source tree, then why do we point the TEE
> > variable to the original location in BINARIES_DIR, as I highlighted
> > above?
>
> binman takes this and put an image on each part. We already copy atf.
> Now nxp I need to copy tee-raw.bin in tee.bin
>
> fit {
> description = "Configuration to load ATF before U-Boot";
> fit,external-offset = <CONFIG_FIT_EXTERNAL_OFFSET>;
> fit,fdt-list = "of-list";
> #address-cells = <1>;
>
> images {
> uboot {
> arch = "arm64";
> compression = "none";
> description = "U-Boot (64-bit)";
> load = <CONFIG_SYS_TEXT_BASE>;
> type = "standalone";
>
> uboot_blob {
> filename = "u-boot-nodtb.bin";
> type = "blob-ext";
> };
> };
>
> atf {
> arch = "arm64";
> compression = "none";
> description = "ARM Trusted Firmware";
> entry = <0x960000>;
> load = <0x960000>;
> type = "firmware";
>
> atf_blob {
> filename = "bl31.bin";
> type = "blob-ext";
> };
> };
>
> tee {
> arch = "arm64";
> compression = "none";
> description = "OP-TEE Trusted
> OS (bl32)";
> load = <0x5f800000>;
> entry = <0x5f800000>;
> type = "firmware";
>
> tee_blob {
> filename = "tee.bin";
> type = "blob-ext";
> };
> };
>
> binman_fip: fip {
> arch = "arm64";
> compression = "none";
> description = "Trusted Firmware FIP";
> load = <0x40310000>;
> type = "firmware";
> };
>
> @fdt-SEQ {
> compression = "none";
> description = "NAME";
> type = "flat_dt";
>
> uboot_fdt_blob {
> filename = "u-boot.dtb";
> type = "blob-ext";
> };
> };
> };
>
> The above work working for rockchip so as we copy atf, I need to copy tee
>
For your better understand this is my config change for the board I
sent yesterday
BR2_TARGET_ARM_TRUSTED_FIRMWARE=y
BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION=y
BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION_VALUE="v2.5"
BR2_TARGET_ARM_TRUSTED_FIRMWARE_PLATFORM="imx8mn"
+BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_OPTEE=y
+BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_TARGETS="BL32_BASE=0x5f800000
BL32_SIZE=0x800000"
BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES="IMX_BOOT_UART_BASE=0x30a60000"
+BR2_TARGET_ARM_TRUSTED_FIRMWARE_DEBUG=y
+BR2_TARGET_OPTEE_OS=y
+BR2_TARGET_OPTEE_OS_PLATFORM="imx-mx8mnevk"
+BR2_TARGET_OPTEE_OS_ADDITIONAL_VARIABLES="CFG_UART_BASE=UART4_BASE
CFG_DDR_SIZE=0x20000000 CFG_TZDRAM_SIZE=0x600000
CFG_SHMEM_SIZE=0x200000 CFG_TEE_CORE_NB_CORE=1"
+BR2_TARGET_OPTEE_OS_CORE_IMAGES="tee.bin tee-*_v2.bin tee-raw.bin"
BR2_TARGET_UBOOT=y
BR2_TARGET_UBOOT_BUILD_SYSTEM_KCONFIG=y
BR2_TARGET_UBOOT_CUSTOM_GIT=y
@@ -36,6 +47,7 @@ BR2_TARGET_UBOOT_NEEDS_PYTHON3=y
BR2_TARGET_UBOOT_NEEDS_PYLIBFDT=y
BR2_TARGET_UBOOT_NEEDS_OPENSSL=y
BR2_TARGET_UBOOT_NEEDS_ATF_BL31=y
+BR2_TARGET_UBOOT_NEEDS_OPTEE_TEE=y
BR2_TARGET_UBOOT_NEEDS_IMX_FIRMWARE=y
BR2_TARGET_UBOOT_FORMAT_CUSTOM=y
BR2_TARGET_UBOOT_FORMAT_CUSTOM_NAME="flash.bin"
I have sent a patch upstream for atf in order to calculate better reserved area.
Michael
> Michael
>
> >
> > > > > +endef
> > > > > +UBOOT_PRE_BUILD_HOOKS += UBOOT_COPY_TEE_FIRMWARE
> > > > > +else
> > > > > +UBOOT_MAKE_OPTS += BL32=$(BINARIES_DIR)/tee.bin
> > > > > +define UBOOT_COPY_TEE_FIRMWARE
> > > > > + cp $(BINARIES_DIR)/tee-raw.bin $(@D)/tee.bin
> > > > Ditto: why do you need to copy it, when TEE, just above, also points to
> > > > the original in $(BINARIES_DIR) ?
> > > Same as above
> >
> > Ditto.
> >
> > Regards,
> > Yann E. MORIN.
> >
> > --
> > .-----------------.--------------------.------------------.--------------------.
> > | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
> > | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
> > | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
> > | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
> > '------------------------------^-------^------------------^--------------------'
>
>
>
> --
> Michael Nazzareno Trimarchi
> Co-Founder & Chief Executive Officer
> M. +39 347 913 2170
> michael@amarulasolutions.com
> __________________________________
>
> Amarula Solutions BV
> Joop Geesinkweg 125, 1114 AB, Amsterdam, NL
> T. +31 (0)85 111 9172
> info@amarulasolutions.com
> www.amarulasolutions.com
--
Michael Nazzareno Trimarchi
Co-Founder & Chief Executive Officer
M. +39 347 913 2170
michael@amarulasolutions.com
__________________________________
Amarula Solutions BV
Joop Geesinkweg 125, 1114 AB, Amsterdam, NL
T. +31 (0)85 111 9172
info@amarulasolutions.com
www.amarulasolutions.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Buildroot] [PATCH] boot/uboot: add support for bundling TEE in BIN format into U-Boot
2022-02-01 9:13 [Buildroot] [PATCH] boot/uboot: add support for bundling TEE in BIN format into U-Boot Michael Trimarchi
2022-02-01 17:14 ` Yann E. MORIN
@ 2022-02-12 20:35 ` Arnout Vandecappelle
1 sibling, 0 replies; 7+ messages in thread
From: Arnout Vandecappelle @ 2022-02-12 20:35 UTC (permalink / raw)
To: Michael Trimarchi, Yann E. MORIN, buildroot
Cc: Ariel D'Alessandro, Jagan Teki
On 01/02/2022 10:13, Michael Trimarchi wrote:
> Some U-Boot platforms (e.g. nxp) can bundle OPTEE's tee.bin
> into the U-Boot image using binman. This patch brings the necessary changes to
> enable this feature.
>
> Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
> ---
> boot/uboot/Config.in | 12 ++++++++++++
> boot/uboot/uboot.mk | 12 ++++++++++++
> 2 files changed, 24 insertions(+)
>
> diff --git a/boot/uboot/Config.in b/boot/uboot/Config.in
> index c630fc6552..117bbd3faf 100644
> --- a/boot/uboot/Config.in
> +++ b/boot/uboot/Config.in
> @@ -237,6 +237,18 @@ config BR2_TARGET_UBOOT_NEEDS_OPTEE_TEE
> U-Boot. This option makes sure optee-os gets built prior to
> U-Boot, and that the TEE variable pointing to OPTEE's
> tee.elf, is passed during the Buildroot build.
^^^^^^^ This is inconsistent with the choice below. Perhaps
reformulate like this:
U-Boot, and that the TEE variable pointing to OPTEE's binary
is passed during the Buildroot build.
> +choice
> + prompt "U-Boot OPTEE BL32 format"
> + default BR2_TARGET_UBOOT_NEEDS_OPTEE_BIN
> + depends on BR2_TARGET_UBOOT_NEEDS_OPTEE_TEE
(nitpick) IMHO it's nicer to write this with if...endif around the choice.
More importantly: there should be a help text.
> +
> +config BR2_TARGET_UBOOT_NEEDS_OPTEE_BIN
> + bool "tee.bin"
> +
> +config BR2_TARGET_UBOOT_NEEDS_OPTEE_ELF
> + bool "tee.elf"
> +
> +endchoice
>
> config BR2_TARGET_UBOOT_NEEDS_OPENSBI
> bool "U-Boot needs OpenSBI"
> diff --git a/boot/uboot/uboot.mk b/boot/uboot/uboot.mk
> index 574fc7089a..210fa219ed 100644
> --- a/boot/uboot/uboot.mk
> +++ b/boot/uboot/uboot.mk
> @@ -177,7 +177,19 @@ endif
>
> ifeq ($(BR2_TARGET_UBOOT_NEEDS_OPTEE_TEE),y)
> UBOOT_DEPENDENCIES += optee-os
> +ifeq ($(BR2_TARGET_UBOOT_NEEDS_OPTEE_ELF),y)
> UBOOT_MAKE_OPTS += TEE=$(BINARIES_DIR)/tee.elf
> +define UBOOT_COPY_TEE_FIRMWARE
> + cp $(BINARIES_DIR)/tee.elf $(@D)/
As Yann explained but it didn't appear to get through: before, it supposedly
wasn't necessary to make this copy, so why is it necessary now?
Perhaps it is necessary to copy it in more recent versions of U-Boot (i.e.
when using binman). In that case, I think it would be good to also update the
make option to TEE=tee.elf, to make it more consistent.
> +endef
> +UBOOT_PRE_BUILD_HOOKS += UBOOT_COPY_TEE_FIRMWARE
> +else
> +UBOOT_MAKE_OPTS += BL32=$(BINARIES_DIR)/tee.bin
> +define UBOOT_COPY_TEE_FIRMWARE
> + cp $(BINARIES_DIR)/tee-raw.bin $(@D)/tee.bin
Again, it's very weird that you pass in a BL32= that refers to a different
file (really different this time, because it's not the tee-raw.bin but the full
tee.bin).
There may be good reasons to do it this way, but that should be explained in
detail in the commit message, and also briefly in a comment because it's simply
too weird to understand like this.
I've marked the patch as Changes Requested.
Regards,
Arnout
> +endef
> +UBOOT_PRE_BUILD_HOOKS += UBOOT_COPY_TEE_FIRMWARE
> +endif
> endif
>
> ifeq ($(BR2_TARGET_UBOOT_NEEDS_OPENSBI),y)
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-02-12 20:35 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-01 9:13 [Buildroot] [PATCH] boot/uboot: add support for bundling TEE in BIN format into U-Boot Michael Trimarchi
2022-02-01 17:14 ` Yann E. MORIN
2022-02-01 17:57 ` Michael Nazzareno Trimarchi
2022-02-01 19:01 ` Yann E. MORIN
2022-02-01 19:12 ` Michael Nazzareno Trimarchi
2022-02-01 19:47 ` Michael Nazzareno Trimarchi
2022-02-12 20:35 ` Arnout Vandecappelle
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.