[U-Boot] [PATCH v2 1/2] rockchip: make_fit_atf.py: allow inclusion of a tee binary

[U-Boot] [PATCH v2 1/2] rockchip: make_fit_atf.py: allow inclusion of a tee binary

[Heiko Stuebner]

A trusted execution environment should also get loaded as loadable from
a fit image, so add the possibility to present a tee.elf to make_fit_atf.py
that then gets included as additional loadable into the generated its.

For ease of integration the additional loadable is created as atf_(x+1)
after all others to re-use core generation loops.

Tested against the combinations of 1-part-atf and multi-part-atf each
time with and without a tee binary present.

Signed-off-by: Heiko Stuebner <heiko@sntech.de>
---
changes in v2: none

 arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++---
 1 file changed, 46 insertions(+), 6 deletions(-)

diff --git a/arch/arm/mach-rockchip/make_fit_atf.py b/arch/arm/mach-rockchip/make_fit_atf.py
index 585edcf9d5..3c045a5e17 100755
--- a/arch/arm/mach-rockchip/make_fit_atf.py
+++ b/arch/arm/mach-rockchip/make_fit_atf.py
@@ -63,6 +63,21 @@ def append_bl31_node(file, atf_index, phy_addr, elf_entry):
     file.write('\t\t};\n')
     file.write('\n')
 
+def append_tee_node(file, atf_index, phy_addr, elf_entry):
+    # Append TEE DT node to input FIT dts file.
+    data = 'tee_0x%08x.bin' % phy_addr
+    file.write('\t\tatf_%d {\n' % atf_index)
+    file.write('\t\t\tdescription = \"TEE\";\n')
+    file.write('\t\t\tdata = /incbin/("%s");\n' % data)
+    file.write('\t\t\ttype = "tee";\n')
+    file.write('\t\t\tarch = "arm64";\n')
+    file.write('\t\t\tos = "tee";\n')
+    file.write('\t\t\tcompression = "none";\n')
+    file.write('\t\t\tload = <0x%08x>;\n' % phy_addr)
+    file.write('\t\t\tentry = <0x%08x>;\n' % elf_entry)
+    file.write('\t\t};\n')
+    file.write('\n')
+
 def append_fdt_node(file, dtbs):
     # Append FDT nodes.
     cnt = 1
@@ -115,15 +130,23 @@ def generate_atf_fit_dts_uboot(fit_file, uboot_file_name):
     index, entry, p_paddr, data = segments[0]
     fit_file.write(DT_UBOOT % p_paddr)
 
-def generate_atf_fit_dts_bl31(fit_file, bl31_file_name, dtbs_file_name):
+def generate_atf_fit_dts_bl31(fit_file, bl31_file_name, tee_file_name, dtbs_file_name):
     segments = unpack_elf(bl31_file_name)
     for index, entry, paddr, data in segments:
         append_bl31_node(fit_file, index + 1, paddr, entry)
+    num_segments = len(segments)
+
+    if tee_file_name:
+        tee_segments = unpack_elf(tee_file_name)
+        for index, entry, paddr, data in tee_segments:
+            append_tee_node(fit_file, num_segments + index + 1, paddr, entry)
+        num_segments = num_segments + len(tee_segments)
+
     append_fdt_node(fit_file, dtbs_file_name)
     fit_file.write(DT_IMAGES_NODE_END)
-    append_conf_node(fit_file, dtbs_file_name, len(segments))
+    append_conf_node(fit_file, dtbs_file_name, num_segments)
 
-def generate_atf_fit_dts(fit_file_name, bl31_file_name, uboot_file_name, dtbs_file_name):
+def generate_atf_fit_dts(fit_file_name, bl31_file_name, tee_file_name, uboot_file_name, dtbs_file_name):
     # Generate FIT script for ATF image.
     if fit_file_name != sys.stdout:
         fit_file = open(fit_file_name, "wb")
@@ -132,7 +155,7 @@ def generate_atf_fit_dts(fit_file_name, bl31_file_name, uboot_file_name, dtbs_fi
 
     fit_file.write(DT_HEADER)
     generate_atf_fit_dts_uboot(fit_file, uboot_file_name)
-    generate_atf_fit_dts_bl31(fit_file, bl31_file_name, dtbs_file_name)
+    generate_atf_fit_dts_bl31(fit_file, bl31_file_name, tee_file_name, dtbs_file_name)
     fit_file.write(DT_END)
 
     if fit_file_name != sys.stdout:
@@ -144,6 +167,13 @@ def generate_atf_binary(bl31_file_name):
         with open(file_name, "wb") as atf:
             atf.write(data)
 
+def generate_tee_binary(tee_file_name):
+    if tee_file_name:
+        for index, entry, paddr, data in unpack_elf(tee_file_name):
+            file_name = 'tee_0x%08x.bin' % paddr
+            with open(file_name, "wb") as atf:
+                atf.write(data)
+
 def unpack_elf(filename):
     with open(filename, 'rb') as file:
         elf = file.read()
@@ -178,7 +208,14 @@ def main():
         logging.warning(' BL31 file bl31.elf NOT found, resulting binary is non-functional')
         logging.warning(' Please read Building section in doc/README.rockchip')
 
-    opts, args = getopt.getopt(sys.argv[1:], "o:u:b:h")
+    if "TEE" in os.environ:
+        tee_elf = os.getenv("TEE")
+    elif os.path.isfile("./tee.elf"):
+        tee_elf = "./tee.elf"
+    else:
+        tee_elf = ""
+
+    opts, args = getopt.getopt(sys.argv[1:], "o:u:b:t:h")
     for opt, val in opts:
         if opt == "-o":
             fit_its = val
@@ -186,14 +223,17 @@ def main():
             uboot_elf = val
         elif opt == "-b":
             bl31_elf = val
+        elif opt == "-t":
+            tee_elf = val
         elif opt == "-h":
             print(__doc__)
             sys.exit(2)
 
     dtbs = args
 
-    generate_atf_fit_dts(fit_its, bl31_elf, uboot_elf, dtbs)
+    generate_atf_fit_dts(fit_its, bl31_elf, tee_elf, uboot_elf, dtbs)
     generate_atf_binary(bl31_elf)
+    generate_tee_binary(tee_elf)
 
 if __name__ == "__main__":
     main()
-- 
2.23.0

[U-Boot] [PATCH v2 2/2] common: spl: atf: support booting bl32 image

[Heiko Stuebner]

From: Joseph Chen <chenjh@rock-chips.com>

Trusted-Firmware can also initialize a secure payload to use as a trusted
execution environment. In general for the arm64 case this is provided as
separate image and uboot is supposed to also place it in a predetermined
location in memory and add the necessary parameters to the ATF boot params.

So add the possibility to get this tee payload from the provided FIT image
and setup things as necessary.

Tested on a Rockchip PX30 with mainline TF-A, mainline OP-Tee (with pending
PX30 support) and mainline 5.4-rc1 Linux kernel.

Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
---
changes in v2: set fdt address as param for tee

 common/spl/spl_atf.c | 49 +++++++++++++++++++++++++++++++-------------
 1 file changed, 35 insertions(+), 14 deletions(-)

diff --git a/common/spl/spl_atf.c b/common/spl/spl_atf.c
index 4715f9d371..7a46ed6e6d 100644
--- a/common/spl/spl_atf.c
+++ b/common/spl/spl_atf.c
@@ -30,8 +30,11 @@ static struct bl31_params *bl2_to_bl31_params;
  *
  * @return bl31 params structure pointer
  */
-static struct bl31_params *bl2_plat_get_bl31_params(uintptr_t bl33_entry)
+static struct bl31_params *bl2_plat_get_bl31_params(uintptr_t bl32_entry,
+						    uintptr_t bl33_entry,
+						    uintptr_t fdt_addr)
 {
+	struct entry_point_info *bl32_ep_info;
 	struct entry_point_info *bl33_ep_info;
 
 	/*
@@ -49,16 +52,22 @@ static struct bl31_params *bl2_plat_get_bl31_params(uintptr_t bl33_entry)
 	SET_PARAM_HEAD(bl2_to_bl31_params->bl31_image_info,
 		       ATF_PARAM_IMAGE_BINARY, ATF_VERSION_1, 0);
 
-	/* Fill BL32 related information if it exists */
+
+	/* Fill BL32 related information */
 	bl2_to_bl31_params->bl32_ep_info = &bl31_params_mem.bl32_ep_info;
-	SET_PARAM_HEAD(bl2_to_bl31_params->bl32_ep_info, ATF_PARAM_EP,
-		       ATF_VERSION_1, 0);
+	bl32_ep_info = &bl31_params_mem.bl32_ep_info;
+	SET_PARAM_HEAD(bl32_ep_info, ATF_PARAM_EP, ATF_VERSION_1,
+		       ATF_EP_SECURE);
+
+	/* secure payload is optional, so set pc to 0 if absent */
+	bl32_ep_info->args.arg3 = fdt_addr;
+	bl32_ep_info->pc = bl32_entry ? bl32_entry : 0;
+	bl32_ep_info->spsr = SPSR_64(MODE_EL1, MODE_SP_ELX,
+				     DISABLE_ALL_EXECPTIONS);
+
 	bl2_to_bl31_params->bl32_image_info = &bl31_params_mem.bl32_image_info;
 	SET_PARAM_HEAD(bl2_to_bl31_params->bl32_image_info,
 		       ATF_PARAM_IMAGE_BINARY, ATF_VERSION_1, 0);
-#ifndef BL32_BASE
-	bl2_to_bl31_params->bl32_ep_info->pc = 0;
-#endif /* BL32_BASE */
 
 	/* Fill BL33 related information */
 	bl2_to_bl31_params->bl33_ep_info = &bl31_params_mem.bl33_ep_info;
@@ -86,13 +95,14 @@ static inline void raw_write_daif(unsigned int daif)
 
 typedef void (*atf_entry_t)(struct bl31_params *params, void *plat_params);
 
-static void bl31_entry(uintptr_t bl31_entry, uintptr_t bl33_entry,
-		       uintptr_t fdt_addr)
+static void bl31_entry(uintptr_t bl31_entry, uintptr_t bl32_entry,
+		       uintptr_t bl33_entry, uintptr_t fdt_addr)
 {
 	struct bl31_params *bl31_params;
 	atf_entry_t  atf_entry = (atf_entry_t)bl31_entry;
 
-	bl31_params = bl2_plat_get_bl31_params(bl33_entry);
+	bl31_params = bl2_plat_get_bl31_params(bl32_entry, bl33_entry,
+					       fdt_addr);
 
 	raw_write_daif(SPSR_EXCEPTION_MASK);
 	dcache_disable();
@@ -100,7 +110,7 @@ static void bl31_entry(uintptr_t bl31_entry, uintptr_t bl33_entry,
 	atf_entry((void *)bl31_params, (void *)fdt_addr);
 }
 
-static int spl_fit_images_find_uboot(void *blob)
+static int spl_fit_images_find(void *blob, int os)
 {
 	int parent, node, ndepth;
 	const void *data;
@@ -122,7 +132,7 @@ static int spl_fit_images_find_uboot(void *blob)
 		if (!data)
 			continue;
 
-		if (genimg_get_os_id(data) == IH_OS_U_BOOT)
+		if (genimg_get_os_id(data) == os)
 			return node;
 	};
 
@@ -143,11 +153,21 @@ uintptr_t spl_fit_images_get_entry(void *blob, int node)
 
 void spl_invoke_atf(struct spl_image_info *spl_image)
 {
+	uintptr_t  bl32_entry = 0;
 	uintptr_t  bl33_entry = CONFIG_SYS_TEXT_BASE;
 	void *blob = spl_image->fdt_addr;
 	uintptr_t platform_param = (uintptr_t)blob;
 	int node;
 
+	/*
+	 * Find the OP-TEE binary (in /fit-images) load address or
+	 * entry point (if different) and pass it as the BL3-2 entry
+	 * point, this is optional.
+	 */
+	node = spl_fit_images_find(blob, IH_OS_TEE);
+	if (node >= 0)
+		bl32_entry = spl_fit_images_get_entry(blob, node);
+
 	/*
 	 * Find the U-Boot binary (in /fit-images) load addreess or
 	 * entry point (if different) and pass it as the BL3-3 entry
@@ -155,7 +175,7 @@ void spl_invoke_atf(struct spl_image_info *spl_image)
 	 * This will need to be extended to support Falcon mode.
 	 */
 
-	node = spl_fit_images_find_uboot(blob);
+	node = spl_fit_images_find(blob, IH_OS_U_BOOT);
 	if (node >= 0)
 		bl33_entry = spl_fit_images_get_entry(blob, node);
 
@@ -172,5 +192,6 @@ void spl_invoke_atf(struct spl_image_info *spl_image)
 	 * We don't provide a BL3-2 entry yet, but this will be possible
 	 * using similar logic.
 	 */
-	bl31_entry(spl_image->entry_point, bl33_entry, platform_param);
+	bl31_entry(spl_image->entry_point, bl32_entry,
+		   bl33_entry, platform_param);
 }
-- 
2.23.0

[U-Boot] [PATCH v2 1/2] rockchip: make_fit_atf.py: allow inclusion of a tee binary

[Kever Yang]

On 2019/10/7 上午2:10, Heiko Stuebner wrote:
> A trusted execution environment should also get loaded as loadable from
> a fit image, so add the possibility to present a tee.elf to make_fit_atf.py
> that then gets included as additional loadable into the generated its.
>
> For ease of integration the additional loadable is created as atf_(x+1)
> after all others to re-use core generation loops.
>
> Tested against the combinations of 1-part-atf and multi-part-atf each
> time with and without a tee binary present.
>
> Signed-off-by: Heiko Stuebner <heiko@sntech.de>

Reviewed-by: Kever Yang<kever.yang@rock-chips.com>


Thanks,
- Kever
> ---
> changes in v2: none
>
>   arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++---
>   1 file changed, 46 insertions(+), 6 deletions(-)
>
> diff --git a/arch/arm/mach-rockchip/make_fit_atf.py b/arch/arm/mach-rockchip/make_fit_atf.py
> index 585edcf9d5..3c045a5e17 100755
> --- a/arch/arm/mach-rockchip/make_fit_atf.py
> +++ b/arch/arm/mach-rockchip/make_fit_atf.py
> @@ -63,6 +63,21 @@ def append_bl31_node(file, atf_index, phy_addr, elf_entry):
>       file.write('\t\t};\n')
>       file.write('\n')
>   
> +def append_tee_node(file, atf_index, phy_addr, elf_entry):
> +    # Append TEE DT node to input FIT dts file.
> +    data = 'tee_0x%08x.bin' % phy_addr
> +    file.write('\t\tatf_%d {\n' % atf_index)
> +    file.write('\t\t\tdescription = \"TEE\";\n')
> +    file.write('\t\t\tdata = /incbin/("%s");\n' % data)
> +    file.write('\t\t\ttype = "tee";\n')
> +    file.write('\t\t\tarch = "arm64";\n')
> +    file.write('\t\t\tos = "tee";\n')
> +    file.write('\t\t\tcompression = "none";\n')
> +    file.write('\t\t\tload = <0x%08x>;\n' % phy_addr)
> +    file.write('\t\t\tentry = <0x%08x>;\n' % elf_entry)
> +    file.write('\t\t};\n')
> +    file.write('\n')
> +
>   def append_fdt_node(file, dtbs):
>       # Append FDT nodes.
>       cnt = 1
> @@ -115,15 +130,23 @@ def generate_atf_fit_dts_uboot(fit_file, uboot_file_name):
>       index, entry, p_paddr, data = segments[0]
>       fit_file.write(DT_UBOOT % p_paddr)
>   
> -def generate_atf_fit_dts_bl31(fit_file, bl31_file_name, dtbs_file_name):
> +def generate_atf_fit_dts_bl31(fit_file, bl31_file_name, tee_file_name, dtbs_file_name):
>       segments = unpack_elf(bl31_file_name)
>       for index, entry, paddr, data in segments:
>           append_bl31_node(fit_file, index + 1, paddr, entry)
> +    num_segments = len(segments)
> +
> +    if tee_file_name:
> +        tee_segments = unpack_elf(tee_file_name)
> +        for index, entry, paddr, data in tee_segments:
> +            append_tee_node(fit_file, num_segments + index + 1, paddr, entry)
> +        num_segments = num_segments + len(tee_segments)
> +
>       append_fdt_node(fit_file, dtbs_file_name)
>       fit_file.write(DT_IMAGES_NODE_END)
> -    append_conf_node(fit_file, dtbs_file_name, len(segments))
> +    append_conf_node(fit_file, dtbs_file_name, num_segments)
>   
> -def generate_atf_fit_dts(fit_file_name, bl31_file_name, uboot_file_name, dtbs_file_name):
> +def generate_atf_fit_dts(fit_file_name, bl31_file_name, tee_file_name, uboot_file_name, dtbs_file_name):
>       # Generate FIT script for ATF image.
>       if fit_file_name != sys.stdout:
>           fit_file = open(fit_file_name, "wb")
> @@ -132,7 +155,7 @@ def generate_atf_fit_dts(fit_file_name, bl31_file_name, uboot_file_name, dtbs_fi
>   
>       fit_file.write(DT_HEADER)
>       generate_atf_fit_dts_uboot(fit_file, uboot_file_name)
> -    generate_atf_fit_dts_bl31(fit_file, bl31_file_name, dtbs_file_name)
> +    generate_atf_fit_dts_bl31(fit_file, bl31_file_name, tee_file_name, dtbs_file_name)
>       fit_file.write(DT_END)
>   
>       if fit_file_name != sys.stdout:
> @@ -144,6 +167,13 @@ def generate_atf_binary(bl31_file_name):
>           with open(file_name, "wb") as atf:
>               atf.write(data)
>   
> +def generate_tee_binary(tee_file_name):
> +    if tee_file_name:
> +        for index, entry, paddr, data in unpack_elf(tee_file_name):
> +            file_name = 'tee_0x%08x.bin' % paddr
> +            with open(file_name, "wb") as atf:
> +                atf.write(data)
> +
>   def unpack_elf(filename):
>       with open(filename, 'rb') as file:
>           elf = file.read()
> @@ -178,7 +208,14 @@ def main():
>           logging.warning(' BL31 file bl31.elf NOT found, resulting binary is non-functional')
>           logging.warning(' Please read Building section in doc/README.rockchip')
>   
> -    opts, args = getopt.getopt(sys.argv[1:], "o:u:b:h")
> +    if "TEE" in os.environ:
> +        tee_elf = os.getenv("TEE")
> +    elif os.path.isfile("./tee.elf"):
> +        tee_elf = "./tee.elf"
> +    else:
> +        tee_elf = ""
> +
> +    opts, args = getopt.getopt(sys.argv[1:], "o:u:b:t:h")
>       for opt, val in opts:
>           if opt == "-o":
>               fit_its = val
> @@ -186,14 +223,17 @@ def main():
>               uboot_elf = val
>           elif opt == "-b":
>               bl31_elf = val
> +        elif opt == "-t":
> +            tee_elf = val
>           elif opt == "-h":
>               print(__doc__)
>               sys.exit(2)
>   
>       dtbs = args
>   
> -    generate_atf_fit_dts(fit_its, bl31_elf, uboot_elf, dtbs)
> +    generate_atf_fit_dts(fit_its, bl31_elf, tee_elf, uboot_elf, dtbs)
>       generate_atf_binary(bl31_elf)
> +    generate_tee_binary(tee_elf)
>   
>   if __name__ == "__main__":
>       main()

[U-Boot] [PATCH v2 2/2] common: spl: atf: support booting bl32 image

[Kever Yang]

On 2019/10/7 上午2:10, Heiko Stuebner wrote:
> From: Joseph Chen <chenjh@rock-chips.com>
>
> Trusted-Firmware can also initialize a secure payload to use as a trusted
> execution environment. In general for the arm64 case this is provided as
> separate image and uboot is supposed to also place it in a predetermined
> location in memory and add the necessary parameters to the ATF boot params.
>
> So add the possibility to get this tee payload from the provided FIT image
> and setup things as necessary.
>
> Tested on a Rockchip PX30 with mainline TF-A, mainline OP-Tee (with pending
> PX30 support) and mainline 5.4-rc1 Linux kernel.
>
> Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
> Signed-off-by: Heiko Stuebner <heiko@sntech.de>

Reviewed-by: Kever Yang<kever.yang@rock-chips.com>


Thanks,
- Kever
> ---
> changes in v2: set fdt address as param for tee
>
>   common/spl/spl_atf.c | 49 +++++++++++++++++++++++++++++++-------------
>   1 file changed, 35 insertions(+), 14 deletions(-)
>
> diff --git a/common/spl/spl_atf.c b/common/spl/spl_atf.c
> index 4715f9d371..7a46ed6e6d 100644
> --- a/common/spl/spl_atf.c
> +++ b/common/spl/spl_atf.c
> @@ -30,8 +30,11 @@ static struct bl31_params *bl2_to_bl31_params;
>    *
>    * @return bl31 params structure pointer
>    */
> -static struct bl31_params *bl2_plat_get_bl31_params(uintptr_t bl33_entry)
> +static struct bl31_params *bl2_plat_get_bl31_params(uintptr_t bl32_entry,
> +						    uintptr_t bl33_entry,
> +						    uintptr_t fdt_addr)
>   {
> +	struct entry_point_info *bl32_ep_info;
>   	struct entry_point_info *bl33_ep_info;
>   
>   	/*
> @@ -49,16 +52,22 @@ static struct bl31_params *bl2_plat_get_bl31_params(uintptr_t bl33_entry)
>   	SET_PARAM_HEAD(bl2_to_bl31_params->bl31_image_info,
>   		       ATF_PARAM_IMAGE_BINARY, ATF_VERSION_1, 0);
>   
> -	/* Fill BL32 related information if it exists */
> +
> +	/* Fill BL32 related information */
>   	bl2_to_bl31_params->bl32_ep_info = &bl31_params_mem.bl32_ep_info;
> -	SET_PARAM_HEAD(bl2_to_bl31_params->bl32_ep_info, ATF_PARAM_EP,
> -		       ATF_VERSION_1, 0);
> +	bl32_ep_info = &bl31_params_mem.bl32_ep_info;
> +	SET_PARAM_HEAD(bl32_ep_info, ATF_PARAM_EP, ATF_VERSION_1,
> +		       ATF_EP_SECURE);
> +
> +	/* secure payload is optional, so set pc to 0 if absent */
> +	bl32_ep_info->args.arg3 = fdt_addr;
> +	bl32_ep_info->pc = bl32_entry ? bl32_entry : 0;
> +	bl32_ep_info->spsr = SPSR_64(MODE_EL1, MODE_SP_ELX,
> +				     DISABLE_ALL_EXECPTIONS);
> +
>   	bl2_to_bl31_params->bl32_image_info = &bl31_params_mem.bl32_image_info;
>   	SET_PARAM_HEAD(bl2_to_bl31_params->bl32_image_info,
>   		       ATF_PARAM_IMAGE_BINARY, ATF_VERSION_1, 0);
> -#ifndef BL32_BASE
> -	bl2_to_bl31_params->bl32_ep_info->pc = 0;
> -#endif /* BL32_BASE */
>   
>   	/* Fill BL33 related information */
>   	bl2_to_bl31_params->bl33_ep_info = &bl31_params_mem.bl33_ep_info;
> @@ -86,13 +95,14 @@ static inline void raw_write_daif(unsigned int daif)
>   
>   typedef void (*atf_entry_t)(struct bl31_params *params, void *plat_params);
>   
> -static void bl31_entry(uintptr_t bl31_entry, uintptr_t bl33_entry,
> -		       uintptr_t fdt_addr)
> +static void bl31_entry(uintptr_t bl31_entry, uintptr_t bl32_entry,
> +		       uintptr_t bl33_entry, uintptr_t fdt_addr)
>   {
>   	struct bl31_params *bl31_params;
>   	atf_entry_t  atf_entry = (atf_entry_t)bl31_entry;
>   
> -	bl31_params = bl2_plat_get_bl31_params(bl33_entry);
> +	bl31_params = bl2_plat_get_bl31_params(bl32_entry, bl33_entry,
> +					       fdt_addr);
>   
>   	raw_write_daif(SPSR_EXCEPTION_MASK);
>   	dcache_disable();
> @@ -100,7 +110,7 @@ static void bl31_entry(uintptr_t bl31_entry, uintptr_t bl33_entry,
>   	atf_entry((void *)bl31_params, (void *)fdt_addr);
>   }
>   
> -static int spl_fit_images_find_uboot(void *blob)
> +static int spl_fit_images_find(void *blob, int os)
>   {
>   	int parent, node, ndepth;
>   	const void *data;
> @@ -122,7 +132,7 @@ static int spl_fit_images_find_uboot(void *blob)
>   		if (!data)
>   			continue;
>   
> -		if (genimg_get_os_id(data) == IH_OS_U_BOOT)
> +		if (genimg_get_os_id(data) == os)
>   			return node;
>   	};
>   
> @@ -143,11 +153,21 @@ uintptr_t spl_fit_images_get_entry(void *blob, int node)
>   
>   void spl_invoke_atf(struct spl_image_info *spl_image)
>   {
> +	uintptr_t  bl32_entry = 0;
>   	uintptr_t  bl33_entry = CONFIG_SYS_TEXT_BASE;
>   	void *blob = spl_image->fdt_addr;
>   	uintptr_t platform_param = (uintptr_t)blob;
>   	int node;
>   
> +	/*
> +	 * Find the OP-TEE binary (in /fit-images) load address or
> +	 * entry point (if different) and pass it as the BL3-2 entry
> +	 * point, this is optional.
> +	 */
> +	node = spl_fit_images_find(blob, IH_OS_TEE);
> +	if (node >= 0)
> +		bl32_entry = spl_fit_images_get_entry(blob, node);
> +
>   	/*
>   	 * Find the U-Boot binary (in /fit-images) load addreess or
>   	 * entry point (if different) and pass it as the BL3-3 entry
> @@ -155,7 +175,7 @@ void spl_invoke_atf(struct spl_image_info *spl_image)
>   	 * This will need to be extended to support Falcon mode.
>   	 */
>   
> -	node = spl_fit_images_find_uboot(blob);
> +	node = spl_fit_images_find(blob, IH_OS_U_BOOT);
>   	if (node >= 0)
>   		bl33_entry = spl_fit_images_get_entry(blob, node);
>   
> @@ -172,5 +192,6 @@ void spl_invoke_atf(struct spl_image_info *spl_image)
>   	 * We don't provide a BL3-2 entry yet, but this will be possible
>   	 * using similar logic.
>   	 */
> -	bl31_entry(spl_image->entry_point, bl33_entry, platform_param);
> +	bl31_entry(spl_image->entry_point, bl32_entry,
> +		   bl33_entry, platform_param);
>   }

[U-Boot] [PATCH v2 1/2] rockchip: make_fit_atf.py: allow inclusion of a tee binary【请注意，邮件由u-boot-bounces@lists.denx.de代发】

[Kever Yang]

On 2019/10/14 下午5:07, Kever Yang wrote:
>
> On 2019/10/7 上午2:10, Heiko Stuebner wrote:
>> A trusted execution environment should also get loaded as loadable from
>> a fit image, so add the possibility to present a tee.elf to 
>> make_fit_atf.py
>> that then gets included as additional loadable into the generated its.
>>
>> For ease of integration the additional loadable is created as atf_(x+1)
>> after all others to re-use core generation loops.
>>
>> Tested against the combinations of 1-part-atf and multi-part-atf each
>> time with and without a tee binary present.
>>
>> Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Applied to u-boot-rockchip master.
>
> Reviewed-by: Kever Yang<kever.yang@rock-chips.com>
>
>
> Thanks,
> - Kever
>> ---
>> changes in v2: none
>>
>>   arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++---
>>   1 file changed, 46 insertions(+), 6 deletions(-)
>>
>> diff --git a/arch/arm/mach-rockchip/make_fit_atf.py 
>> b/arch/arm/mach-rockchip/make_fit_atf.py
>> index 585edcf9d5..3c045a5e17 100755
>> --- a/arch/arm/mach-rockchip/make_fit_atf.py
>> +++ b/arch/arm/mach-rockchip/make_fit_atf.py
>> @@ -63,6 +63,21 @@ def append_bl31_node(file, atf_index, phy_addr, 
>> elf_entry):
>>       file.write('\t\t};\n')
>>       file.write('\n')
>>   +def append_tee_node(file, atf_index, phy_addr, elf_entry):
>> +    # Append TEE DT node to input FIT dts file.
>> +    data = 'tee_0x%08x.bin' % phy_addr
>> +    file.write('\t\tatf_%d {\n' % atf_index)
>> +    file.write('\t\t\tdescription = \"TEE\";\n')
>> +    file.write('\t\t\tdata = /incbin/("%s");\n' % data)
>> +    file.write('\t\t\ttype = "tee";\n')
>> +    file.write('\t\t\tarch = "arm64";\n')
>> +    file.write('\t\t\tos = "tee";\n')
>> +    file.write('\t\t\tcompression = "none";\n')
>> +    file.write('\t\t\tload = <0x%08x>;\n' % phy_addr)
>> +    file.write('\t\t\tentry = <0x%08x>;\n' % elf_entry)
>> +    file.write('\t\t};\n')
>> +    file.write('\n')
>> +
>>   def append_fdt_node(file, dtbs):
>>       # Append FDT nodes.
>>       cnt = 1
>> @@ -115,15 +130,23 @@ def generate_atf_fit_dts_uboot(fit_file, 
>> uboot_file_name):
>>       index, entry, p_paddr, data = segments[0]
>>       fit_file.write(DT_UBOOT % p_paddr)
>>   -def generate_atf_fit_dts_bl31(fit_file, bl31_file_name, 
>> dtbs_file_name):
>> +def generate_atf_fit_dts_bl31(fit_file, bl31_file_name, 
>> tee_file_name, dtbs_file_name):
>>       segments = unpack_elf(bl31_file_name)
>>       for index, entry, paddr, data in segments:
>>           append_bl31_node(fit_file, index + 1, paddr, entry)
>> +    num_segments = len(segments)
>> +
>> +    if tee_file_name:
>> +        tee_segments = unpack_elf(tee_file_name)
>> +        for index, entry, paddr, data in tee_segments:
>> +            append_tee_node(fit_file, num_segments + index + 1, 
>> paddr, entry)
>> +        num_segments = num_segments + len(tee_segments)
>> +
>>       append_fdt_node(fit_file, dtbs_file_name)
>>       fit_file.write(DT_IMAGES_NODE_END)
>> -    append_conf_node(fit_file, dtbs_file_name, len(segments))
>> +    append_conf_node(fit_file, dtbs_file_name, num_segments)
>>   -def generate_atf_fit_dts(fit_file_name, bl31_file_name, 
>> uboot_file_name, dtbs_file_name):
>> +def generate_atf_fit_dts(fit_file_name, bl31_file_name, 
>> tee_file_name, uboot_file_name, dtbs_file_name):
>>       # Generate FIT script for ATF image.
>>       if fit_file_name != sys.stdout:
>>           fit_file = open(fit_file_name, "wb")
>> @@ -132,7 +155,7 @@ def generate_atf_fit_dts(fit_file_name, 
>> bl31_file_name, uboot_file_name, dtbs_fi
>>         fit_file.write(DT_HEADER)
>>       generate_atf_fit_dts_uboot(fit_file, uboot_file_name)
>> -    generate_atf_fit_dts_bl31(fit_file, bl31_file_name, dtbs_file_name)
>> +    generate_atf_fit_dts_bl31(fit_file, bl31_file_name, 
>> tee_file_name, dtbs_file_name)
>>       fit_file.write(DT_END)
>>         if fit_file_name != sys.stdout:
>> @@ -144,6 +167,13 @@ def generate_atf_binary(bl31_file_name):
>>           with open(file_name, "wb") as atf:
>>               atf.write(data)
>>   +def generate_tee_binary(tee_file_name):
>> +    if tee_file_name:
>> +        for index, entry, paddr, data in unpack_elf(tee_file_name):
>> +            file_name = 'tee_0x%08x.bin' % paddr
>> +            with open(file_name, "wb") as atf:
>> +                atf.write(data)
>> +
>>   def unpack_elf(filename):
>>       with open(filename, 'rb') as file:
>>           elf = file.read()
>> @@ -178,7 +208,14 @@ def main():
>>           logging.warning(' BL31 file bl31.elf NOT found, resulting 
>> binary is non-functional')
>>           logging.warning(' Please read Building section in 
>> doc/README.rockchip')
>>   -    opts, args = getopt.getopt(sys.argv[1:], "o:u:b:h")
>> +    if "TEE" in os.environ:
>> +        tee_elf = os.getenv("TEE")
>> +    elif os.path.isfile("./tee.elf"):
>> +        tee_elf = "./tee.elf"
>> +    else:
>> +        tee_elf = ""
>> +
>> +    opts, args = getopt.getopt(sys.argv[1:], "o:u:b:t:h")
>>       for opt, val in opts:
>>           if opt == "-o":
>>               fit_its = val
>> @@ -186,14 +223,17 @@ def main():
>>               uboot_elf = val
>>           elif opt == "-b":
>>               bl31_elf = val
>> +        elif opt == "-t":
>> +            tee_elf = val
>>           elif opt == "-h":
>>               print(__doc__)
>>               sys.exit(2)
>>         dtbs = args
>>   -    generate_atf_fit_dts(fit_its, bl31_elf, uboot_elf, dtbs)
>> +    generate_atf_fit_dts(fit_its, bl31_elf, tee_elf, uboot_elf, dtbs)
>>       generate_atf_binary(bl31_elf)
>> +    generate_tee_binary(tee_elf)
>>     if __name__ == "__main__":
>>       main()
>
>
> _______________________________________________
> U-Boot mailing list
> U-Boot at lists.denx.de
> https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH v2 2/2] common: spl: atf: support booting bl32 image【请注意，邮件由u-boot-bounces@lists.denx.de代发】 image

[Kever Yang]

On 2019/10/14 下午5:07, Kever Yang wrote:
>
> On 2019/10/7 上午2:10, Heiko Stuebner wrote:
>> From: Joseph Chen <chenjh@rock-chips.com>
>>
>> Trusted-Firmware can also initialize a secure payload to use as a 
>> trusted
>> execution environment. In general for the arm64 case this is provided as
>> separate image and uboot is supposed to also place it in a predetermined
>> location in memory and add the necessary parameters to the ATF boot 
>> params.
>>
>> So add the possibility to get this tee payload from the provided FIT 
>> image
>> and setup things as necessary.
>>
>> Tested on a Rockchip PX30 with mainline TF-A, mainline OP-Tee (with 
>> pending
>> PX30 support) and mainline 5.4-rc1 Linux kernel.
>>
>> Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
>> Signed-off-by: Heiko Stuebner <heiko@sntech.de>
>
> Reviewed-by: Kever Yang<kever.yang@rock-chips.com>

Applied to u-boot-rockchip master.
>
>
> Thanks,
> - Kever
>> ---
>> changes in v2: set fdt address as param for tee
>>
>>   common/spl/spl_atf.c | 49 +++++++++++++++++++++++++++++++-------------
>>   1 file changed, 35 insertions(+), 14 deletions(-)
>>
>> diff --git a/common/spl/spl_atf.c b/common/spl/spl_atf.c
>> index 4715f9d371..7a46ed6e6d 100644
>> --- a/common/spl/spl_atf.c
>> +++ b/common/spl/spl_atf.c
>> @@ -30,8 +30,11 @@ static struct bl31_params *bl2_to_bl31_params;
>>    *
>>    * @return bl31 params structure pointer
>>    */
>> -static struct bl31_params *bl2_plat_get_bl31_params(uintptr_t 
>> bl33_entry)
>> +static struct bl31_params *bl2_plat_get_bl31_params(uintptr_t 
>> bl32_entry,
>> +                            uintptr_t bl33_entry,
>> +                            uintptr_t fdt_addr)
>>   {
>> +    struct entry_point_info *bl32_ep_info;
>>       struct entry_point_info *bl33_ep_info;
>>         /*
>> @@ -49,16 +52,22 @@ static struct bl31_params 
>> *bl2_plat_get_bl31_params(uintptr_t bl33_entry)
>>       SET_PARAM_HEAD(bl2_to_bl31_params->bl31_image_info,
>>                  ATF_PARAM_IMAGE_BINARY, ATF_VERSION_1, 0);
>>   -    /* Fill BL32 related information if it exists */
>> +
>> +    /* Fill BL32 related information */
>>       bl2_to_bl31_params->bl32_ep_info = &bl31_params_mem.bl32_ep_info;
>> -    SET_PARAM_HEAD(bl2_to_bl31_params->bl32_ep_info, ATF_PARAM_EP,
>> -               ATF_VERSION_1, 0);
>> +    bl32_ep_info = &bl31_params_mem.bl32_ep_info;
>> +    SET_PARAM_HEAD(bl32_ep_info, ATF_PARAM_EP, ATF_VERSION_1,
>> +               ATF_EP_SECURE);
>> +
>> +    /* secure payload is optional, so set pc to 0 if absent */
>> +    bl32_ep_info->args.arg3 = fdt_addr;
>> +    bl32_ep_info->pc = bl32_entry ? bl32_entry : 0;
>> +    bl32_ep_info->spsr = SPSR_64(MODE_EL1, MODE_SP_ELX,
>> +                     DISABLE_ALL_EXECPTIONS);
>> +
>>       bl2_to_bl31_params->bl32_image_info = 
>> &bl31_params_mem.bl32_image_info;
>>       SET_PARAM_HEAD(bl2_to_bl31_params->bl32_image_info,
>>                  ATF_PARAM_IMAGE_BINARY, ATF_VERSION_1, 0);
>> -#ifndef BL32_BASE
>> -    bl2_to_bl31_params->bl32_ep_info->pc = 0;
>> -#endif /* BL32_BASE */
>>         /* Fill BL33 related information */
>>       bl2_to_bl31_params->bl33_ep_info = &bl31_params_mem.bl33_ep_info;
>> @@ -86,13 +95,14 @@ static inline void raw_write_daif(unsigned int daif)
>>     typedef void (*atf_entry_t)(struct bl31_params *params, void 
>> *plat_params);
>>   -static void bl31_entry(uintptr_t bl31_entry, uintptr_t bl33_entry,
>> -               uintptr_t fdt_addr)
>> +static void bl31_entry(uintptr_t bl31_entry, uintptr_t bl32_entry,
>> +               uintptr_t bl33_entry, uintptr_t fdt_addr)
>>   {
>>       struct bl31_params *bl31_params;
>>       atf_entry_t  atf_entry = (atf_entry_t)bl31_entry;
>>   -    bl31_params = bl2_plat_get_bl31_params(bl33_entry);
>> +    bl31_params = bl2_plat_get_bl31_params(bl32_entry, bl33_entry,
>> +                           fdt_addr);
>>         raw_write_daif(SPSR_EXCEPTION_MASK);
>>       dcache_disable();
>> @@ -100,7 +110,7 @@ static void bl31_entry(uintptr_t bl31_entry, 
>> uintptr_t bl33_entry,
>>       atf_entry((void *)bl31_params, (void *)fdt_addr);
>>   }
>>   -static int spl_fit_images_find_uboot(void *blob)
>> +static int spl_fit_images_find(void *blob, int os)
>>   {
>>       int parent, node, ndepth;
>>       const void *data;
>> @@ -122,7 +132,7 @@ static int spl_fit_images_find_uboot(void *blob)
>>           if (!data)
>>               continue;
>>   -        if (genimg_get_os_id(data) == IH_OS_U_BOOT)
>> +        if (genimg_get_os_id(data) == os)
>>               return node;
>>       };
>>   @@ -143,11 +153,21 @@ uintptr_t spl_fit_images_get_entry(void 
>> *blob, int node)
>>     void spl_invoke_atf(struct spl_image_info *spl_image)
>>   {
>> +    uintptr_t  bl32_entry = 0;
>>       uintptr_t  bl33_entry = CONFIG_SYS_TEXT_BASE;
>>       void *blob = spl_image->fdt_addr;
>>       uintptr_t platform_param = (uintptr_t)blob;
>>       int node;
>>   +    /*
>> +     * Find the OP-TEE binary (in /fit-images) load address or
>> +     * entry point (if different) and pass it as the BL3-2 entry
>> +     * point, this is optional.
>> +     */
>> +    node = spl_fit_images_find(blob, IH_OS_TEE);
>> +    if (node >= 0)
>> +        bl32_entry = spl_fit_images_get_entry(blob, node);
>> +
>>       /*
>>        * Find the U-Boot binary (in /fit-images) load addreess or
>>        * entry point (if different) and pass it as the BL3-3 entry
>> @@ -155,7 +175,7 @@ void spl_invoke_atf(struct spl_image_info 
>> *spl_image)
>>        * This will need to be extended to support Falcon mode.
>>        */
>>   -    node = spl_fit_images_find_uboot(blob);
>> +    node = spl_fit_images_find(blob, IH_OS_U_BOOT);
>>       if (node >= 0)
>>           bl33_entry = spl_fit_images_get_entry(blob, node);
>>   @@ -172,5 +192,6 @@ void spl_invoke_atf(struct spl_image_info 
>> *spl_image)
>>        * We don't provide a BL3-2 entry yet, but this will be possible
>>        * using similar logic.
>>        */
>> -    bl31_entry(spl_image->entry_point, bl33_entry, platform_param);
>> +    bl31_entry(spl_image->entry_point, bl32_entry,
>> +           bl33_entry, platform_param);
>>   }
>
>
> _______________________________________________
> U-Boot mailing list
> U-Boot at lists.denx.de
> https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH v2 1/2] rockchip: make_fit_atf.py: allow inclusion of a tee binary

[Simon Glass]

Hi,

On Mon, 14 Oct 2019 at 03:07, Kever Yang <kever.yang@rock-chips.com> wrote:
>
>
> On 2019/10/7 上午2:10, Heiko Stuebner wrote:
> > A trusted execution environment should also get loaded as loadable from
> > a fit image, so add the possibility to present a tee.elf to make_fit_atf.py
> > that then gets included as additional loadable into the generated its.
> >
> > For ease of integration the additional loadable is created as atf_(x+1)
> > after all others to re-use core generation loops.
> >
> > Tested against the combinations of 1-part-atf and multi-part-atf each
> > time with and without a tee binary present.
> >
> > Signed-off-by: Heiko Stuebner <heiko@sntech.de>
>
> Reviewed-by: Kever Yang<kever.yang@rock-chips.com>
>
>
> Thanks,
> - Kever
> > ---
> > changes in v2: none
> >
> >   arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++---
> >   1 file changed, 46 insertions(+), 6 deletions(-)

I see there is an effort to move this to binman. To me that is a much
more productive approach!

Is there a feature or example missing in binman that you need to get
this over the hump?

Would like to avoid lots of random scripts in U-Boot for building images.

Regards,
Simon

[U-Boot] [PATCH v2 1/2] rockchip: make_fit_atf.py: allow inclusion of a tee binary

[Kever Yang]

Add Jagan.

Hi Simon,


On 2019/10/22 上午7:46, Simon Glass wrote:
> Hi,
>
> On Mon, 14 Oct 2019 at 03:07, Kever Yang <kever.yang@rock-chips.com> wrote:
>>
>> On 2019/10/7 上午2:10, Heiko Stuebner wrote:
>>> A trusted execution environment should also get loaded as loadable from
>>> a fit image, so add the possibility to present a tee.elf to make_fit_atf.py
>>> that then gets included as additional loadable into the generated its.
>>>
>>> For ease of integration the additional loadable is created as atf_(x+1)
>>> after all others to re-use core generation loops.
>>>
>>> Tested against the combinations of 1-part-atf and multi-part-atf each
>>> time with and without a tee binary present.
>>>
>>> Signed-off-by: Heiko Stuebner <heiko@sntech.de>
>> Reviewed-by: Kever Yang<kever.yang@rock-chips.com>
>>
>>
>> Thanks,
>> - Kever
>>> ---
>>> changes in v2: none
>>>
>>>    arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++---
>>>    1 file changed, 46 insertions(+), 6 deletions(-)
> I see there is an effort to move this to binman. To me that is a much
> more productive approach!


Do you mean the patch set from Jagan for rockchip platform to using binman?

That patch is actually using the output of the u-boot.itb which is based 
on this script.

>
> Is there a feature or example missing in binman that you need to get
> this over the hump?


I think Heiko and you has a discussion about this in previous version 
thread.
The U-Boot project build output is: tpl.bin, spl.bin, u-boot.bin
For rockchip platform, package needs:
- pack tpl.bin+spl.bin with mkimage -rksd/rkspi into idbloader.img
- get ATF binaries from bl31.bin/optee.bin with a script
- generate u-boot.its to describe the u-boot.itb
- pack u-boot.bin and ATF/OPTEE binaries into u-boot.itb with mkimage -f 
u-boot.its

Does the binman mainly target for pack the idbloader.img+u-boot.itb?


Thanks,

- Kever

>
> Would like to avoid lots of random scripts in U-Boot for building images.
>
> Regards,
> Simon
>

[U-Boot] [PATCH v2 1/2] rockchip: make_fit_atf.py: allow inclusion of a tee binary

[Simon Glass]

Hi Kever,

On Tue, 22 Oct 2019 at 03:45, Kever Yang <kever.yang@rock-chips.com> wrote:
>
> Add Jagan.
>
> Hi Simon,
>
>
> On 2019/10/22 上午7:46, Simon Glass wrote:
> > Hi,
> >
> > On Mon, 14 Oct 2019 at 03:07, Kever Yang <kever.yang@rock-chips.com> wrote:
> >>
> >> On 2019/10/7 上午2:10, Heiko Stuebner wrote:
> >>> A trusted execution environment should also get loaded as loadable from
> >>> a fit image, so add the possibility to present a tee.elf to make_fit_atf.py
> >>> that then gets included as additional loadable into the generated its.
> >>>
> >>> For ease of integration the additional loadable is created as atf_(x+1)
> >>> after all others to re-use core generation loops.
> >>>
> >>> Tested against the combinations of 1-part-atf and multi-part-atf each
> >>> time with and without a tee binary present.
> >>>
> >>> Signed-off-by: Heiko Stuebner <heiko@sntech.de>
> >> Reviewed-by: Kever Yang<kever.yang@rock-chips.com>
> >>
> >>
> >> Thanks,
> >> - Kever
> >>> ---
> >>> changes in v2: none
> >>>
> >>>    arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++---
> >>>    1 file changed, 46 insertions(+), 6 deletions(-)
> > I see there is an effort to move this to binman. To me that is a much
> > more productive approach!
>
>
> Do you mean the patch set from Jagan for rockchip platform to using binman?
>
> That patch is actually using the output of the u-boot.itb which is based
> on this script.
>
> >
> > Is there a feature or example missing in binman that you need to get
> > this over the hump?
>
>
> I think Heiko and you has a discussion about this in previous version
> thread.
> The U-Boot project build output is: tpl.bin, spl.bin, u-boot.bin
> For rockchip platform, package needs:
> - pack tpl.bin+spl.bin with mkimage -rksd/rkspi into idbloader.img
> - get ATF binaries from bl31.bin/optee.bin with a script
> - generate u-boot.its to describe the u-boot.itb
> - pack u-boot.bin and ATF/OPTEE binaries into u-boot.itb with mkimage -f
> u-boot.its
>
> Does the binman mainly target for pack the idbloader.img+u-boot.itb?

I actually think binman could handle all of that.

Is there something I could do that would help with that?

Regards,
Simon

[U-Boot] [PATCH v2 1/2] rockchip: make_fit_atf.py: allow inclusion of a tee binary

[Heiko Stübner]

Hi Simon,

Am Mittwoch, 30. Oktober 2019, 02:49:46 CET schrieb Simon Glass:
> On Tue, 22 Oct 2019 at 03:45, Kever Yang <kever.yang@rock-chips.com> wrote:
> > On 2019/10/22 上午7:46, Simon Glass wrote:
> > > On Mon, 14 Oct 2019 at 03:07, Kever Yang <kever.yang@rock-chips.com> wrote:
> > >>
> > >> On 2019/10/7 上午2:10, Heiko Stuebner wrote:
> > >>> A trusted execution environment should also get loaded as loadable from
> > >>> a fit image, so add the possibility to present a tee.elf to make_fit_atf.py
> > >>> that then gets included as additional loadable into the generated its.
> > >>>
> > >>> For ease of integration the additional loadable is created as atf_(x+1)
> > >>> after all others to re-use core generation loops.
> > >>>
> > >>> Tested against the combinations of 1-part-atf and multi-part-atf each
> > >>> time with and without a tee binary present.
> > >>>
> > >>> Signed-off-by: Heiko Stuebner <heiko@sntech.de>
> > >> Reviewed-by: Kever Yang<kever.yang@rock-chips.com>
> > >>
> > >>
> > >> Thanks,
> > >> - Kever
> > >>> ---
> > >>> changes in v2: none
> > >>>
> > >>>    arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++---
> > >>>    1 file changed, 46 insertions(+), 6 deletions(-)
> > > I see there is an effort to move this to binman. To me that is a much
> > > more productive approach!
> >
> >
> > Do you mean the patch set from Jagan for rockchip platform to using binman?
> >
> > That patch is actually using the output of the u-boot.itb which is based
> > on this script.
> >
> > >
> > > Is there a feature or example missing in binman that you need to get
> > > this over the hump?
> >
> >
> > I think Heiko and you has a discussion about this in previous version
> > thread.
> > The U-Boot project build output is: tpl.bin, spl.bin, u-boot.bin
> > For rockchip platform, package needs:
> > - pack tpl.bin+spl.bin with mkimage -rksd/rkspi into idbloader.img
> > - get ATF binaries from bl31.bin/optee.bin with a script
> > - generate u-boot.its to describe the u-boot.itb
> > - pack u-boot.bin and ATF/OPTEE binaries into u-boot.itb with mkimage -f
> > u-boot.its
> >
> > Does the binman mainly target for pack the idbloader.img+u-boot.itb?
> 
> I actually think binman could handle all of that.
> 
> Is there something I could do that would help with that?

I think the main sparse element is time here and maybe a voluteer with
enough of time available to lay the groundwork.

Like on my personal side, I really don't see me finding the time to
actually look at binman and finding out how everything should
translate from the current state to binman - soonish.

Hooking up new small things into an existing infrastructure is somehow
alway easier ;-) . 

Heiko

[U-Boot] [PATCH v2 1/2] rockchip: make_fit_atf.py: allow inclusion of a tee binary

[Simon Glass]

Hi Heiko,

On Mon, 4 Nov 2019 at 04:23, Heiko Stübner <heiko@sntech.de> wrote:
>
> Hi Simon,
>
> Am Mittwoch, 30. Oktober 2019, 02:49:46 CET schrieb Simon Glass:
> > On Tue, 22 Oct 2019 at 03:45, Kever Yang <kever.yang@rock-chips.com> wrote:
> > > On 2019/10/22 上午7:46, Simon Glass wrote:
> > > > On Mon, 14 Oct 2019 at 03:07, Kever Yang <kever.yang@rock-chips.com> wrote:
> > > >>
> > > >> On 2019/10/7 上午2:10, Heiko Stuebner wrote:
> > > >>> A trusted execution environment should also get loaded as loadable from
> > > >>> a fit image, so add the possibility to present a tee.elf to make_fit_atf.py
> > > >>> that then gets included as additional loadable into the generated its.
> > > >>>
> > > >>> For ease of integration the additional loadable is created as atf_(x+1)
> > > >>> after all others to re-use core generation loops.
> > > >>>
> > > >>> Tested against the combinations of 1-part-atf and multi-part-atf each
> > > >>> time with and without a tee binary present.
> > > >>>
> > > >>> Signed-off-by: Heiko Stuebner <heiko@sntech.de>
> > > >> Reviewed-by: Kever Yang<kever.yang@rock-chips.com>
> > > >>
> > > >>
> > > >> Thanks,
> > > >> - Kever
> > > >>> ---
> > > >>> changes in v2: none
> > > >>>
> > > >>>    arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++---
> > > >>>    1 file changed, 46 insertions(+), 6 deletions(-)
> > > > I see there is an effort to move this to binman. To me that is a much
> > > > more productive approach!
> > >
> > >
> > > Do you mean the patch set from Jagan for rockchip platform to using binman?
> > >
> > > That patch is actually using the output of the u-boot.itb which is based
> > > on this script.
> > >
> > > >
> > > > Is there a feature or example missing in binman that you need to get
> > > > this over the hump?
> > >
> > >
> > > I think Heiko and you has a discussion about this in previous version
> > > thread.
> > > The U-Boot project build output is: tpl.bin, spl.bin, u-boot.bin
> > > For rockchip platform, package needs:
> > > - pack tpl.bin+spl.bin with mkimage -rksd/rkspi into idbloader.img
> > > - get ATF binaries from bl31.bin/optee.bin with a script
> > > - generate u-boot.its to describe the u-boot.itb
> > > - pack u-boot.bin and ATF/OPTEE binaries into u-boot.itb with mkimage -f
> > > u-boot.its
> > >
> > > Does the binman mainly target for pack the idbloader.img+u-boot.itb?
> >
> > I actually think binman could handle all of that.
> >
> > Is there something I could do that would help with that?
>
> I think the main sparse element is time here and maybe a voluteer with
> enough of time available to lay the groundwork.
>
> Like on my personal side, I really don't see me finding the time to
> actually look at binman and finding out how everything should
> translate from the current state to binman - soonish.
>
> Hooking up new small things into an existing infrastructure is somehow
> alway easier ;-) .

Yes that's true - I suppose it is called 'getting over the hump'.

I have a few irons in the fire at the moment, but if no one gets to it
I might try. Jagan seems to be making good progress so far.

Regards,
Simon