From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=IYsq=N4=lists.denx.de=u-boot-bounces@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.6 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,
	SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 97035C433EF
	for <u-boot@archiver.kernel.org>; Mon,  6 Sep 2021 22:40:11 +0000 (UTC)
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id B3D0960F43
	for <u-boot@archiver.kernel.org>; Mon,  6 Sep 2021 22:40:10 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org B3D0960F43
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 9B7D081FC6;
	Tue,  7 Sep 2021 00:40:08 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="coWUsT/H";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 2499181FC6; Tue,  7 Sep 2021 00:40:07 +0200 (CEST)
Received: from mail-oo1-xc2a.google.com (mail-oo1-xc2a.google.com
 [IPv6:2607:f8b0:4864:20::c2a])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 6EFD581D1F
 for <u-boot@lists.denx.de>; Tue,  7 Sep 2021 00:40:00 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=mr.nuke.me@gmail.com
Received: by mail-oo1-xc2a.google.com with SMTP id
 b5-20020a4ac285000000b0029038344c3dso2361864ooq.8
 for <u-boot@lists.denx.de>; Mon, 06 Sep 2021 15:40:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=subject:to:cc:references:from:message-id:date:user-agent
 :mime-version:in-reply-to:content-language:content-transfer-encoding;
 bh=W8s0Y6PXpVq5HJWe3jhqpN4nXeyn3ufVbxJOkvH51pQ=;
 b=coWUsT/HJw8Tj8CNW3ONKvwEnwncjBOYumh1boQkReb7hN5uYpeCP3mE2dKmOLoteW
 WDKLb0Tjczmk1RTIO1ZGsev89Kw3zn4DJ4GXMjVhbC5pO2m2wszZq/2sJkNfHdwbUFr3
 OXMPFlIDSDLW6CO8xUtBqLAL4hKhdVzRcvKgEwHP8DqsXrE+/WZ0vbGZD6FLoxXML0cj
 hy1rop35iAXTFtZ8K4WZB+oq1oF/IemUov4qYGuMr+guV9hZCa9PmSEURE+IyVOKfCmp
 2Qf1F2uI4bwGZvpv03mpoMkHFkP0K4Bp0dLsoXDC5Yz8KFQI7Mu3EPKFfgAJAlTwv5hF
 RU+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:subject:to:cc:references:from:message-id:date
 :user-agent:mime-version:in-reply-to:content-language
 :content-transfer-encoding;
 bh=W8s0Y6PXpVq5HJWe3jhqpN4nXeyn3ufVbxJOkvH51pQ=;
 b=Lc8vQfAain10+Cy5Tlrht4zPu6LSrWG7TQz56XPZ2K9Z3ZiT2DZavvImgEXzm7Z58x
 84lLvLcQX1tOGt9viBa8t91uJezyuVhpNj8mbZ/Kv+i0+LR2JVmhrTZJlVh6beP0kwbJ
 0ZaEeGdEG3B90napBPjYIA01u+yPOFeKWxKt5fYBukwAt/eEJ8Rn10PbqvWDn9Bqxazp
 LSCbplK9G6Xm0MwJMmP215ou54hxErsS2PtZwpWxiHJqDI+cllXMTXa5yWCAixdWBhy3
 wkuL6cPVyHF7Kp/WNEDK3n/VNnK/23aXa2dnmjkqTZyu9iDqb+sN5XOrQmEe1W/KG2w8
 LbAw==
X-Gm-Message-State: AOAM532lWaAfAGQkVqwxy9FlSnq/1mxVjy2rFpvq2Lo5FncvcoMEwHpk
 /v08M6clqAhPdpOcHRinGqg=
X-Google-Smtp-Source: ABdhPJx/YO4okNwnQoQwD31W65Av+JNEEpSlJdHrYMCpMUwp0SOzMN30yZEBP8yMN0c8OPlGHV9I7A==
X-Received: by 2002:a4a:d108:: with SMTP id k8mr15283519oor.90.1630967998871; 
 Mon, 06 Sep 2021 15:39:58 -0700 (PDT)
Received: from nuclearis3.gtech (c-98-195-139-126.hsd1.tx.comcast.net.
 [98.195.139.126])
 by smtp.gmail.com with ESMTPSA id k8sm1861378oom.20.2021.09.06.15.39.56
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Mon, 06 Sep 2021 15:39:57 -0700 (PDT)
Subject: Re: [PATCH 1/2] lib: optee: remove the duplicate CONFIG_OPTEE
To: Patrick DELAUNAY <patrick.delaunay@foss.st.com>,
 Etienne Carriere <etienne.carriere@linaro.org>
Cc: U-Boot Mailing List <u-boot@lists.denx.de>,
 Andre Przywara <andre.przywara@arm.com>, Bin Meng <bmeng.cn@gmail.com>,
 Bryan O'Donoghue <bryan.odonoghue@linaro.org>,
 Christian Gmeiner <christian.gmeiner@gmail.com>,
 Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Jens Wiklander <jens.wiklander@linaro.org>,
 Kever Yang <kever.yang@rock-chips.com>,
 Masahisa Kojima <masahisa.kojima@linaro.org>,
 Michael Walle <michael@walle.cc>, Michal Simek <michal.simek@xilinx.com>,
 Ovidiu Panait <ovidiu.panait@windriver.com>, =?UTF-8?Q?Pali_Roh=c3=a1r?=
 <pali@kernel.org>, Philipp Tomsich <philipp.tomsich@vrull.eu>,
 Philippe Reynes <philippe.reynes@softathome.com>,
 =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= <royger@freebsd.org>,
 Samuel Holland <samuel@sholland.org>, Sean Anderson <seanga2@gmail.com>,
 Simon Glass <sjg@chromium.org>, Stefan Roese <sr@denx.de>,
 Steffen Jaeckel <jaeckel-floss@eyet-services.de>,
 Tero Kristo <t-kristo@ti.com>,
 U-Boot STM32 <uboot-stm32@st-md-mailman.stormreply.com>
References: <20210902115512.1.I1c6536da7609f8240549cccae2708e075dc9fcf3@changeid>
 <569089c3-8936-2a47-930e-218805064413@gmail.com>
 <CAN5uoS_-rCBtWdXe+_neH3iwnUOzdExX7OayUq3P+ufeohioPg@mail.gmail.com>
 <ca6ac42b-3337-5d48-756b-eaafa1266d60@foss.st.com>
From: "Alex G." <mr.nuke.me@gmail.com>
Message-ID: <d730a496-60a9-150b-549a-e2c74d6e44d1@gmail.com>
Date: Mon, 6 Sep 2021 17:39:56 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.8.1
MIME-Version: 1.0
In-Reply-To: <ca6ac42b-3337-5d48-756b-eaafa1266d60@foss.st.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de
X-Virus-Status: Clean



On 9/6/21 11:53 AM, Patrick DELAUNAY wrote:
>>
>>> In fact, the SPL boot path for OP-TEE doesn't use this function. That's
>>> intentional.
>>>
>>> Here's what I suggest:
>>>     - Remove OPTEE_TZDRAM_BASE and _SIZE
>> There is some legacy here, board/warp7and board/technexion/pico-imx7d.
> 
> 
> it is not possible, it is used for U-Boot proper on other platforms
> 
> board/warp7/warp7.c:38:        gd->ram_size -= CONFIG_OPTEE_TZDRAM_SIZE;
> board/warp7/warp7.c:122:    optee_start = optee_end - CONFIG_OPTEE_TZDRAM_SIZE;
> board/technexion/pico-imx7d/pico-imx7d.c:56: gd->ram_size -= CONFIG_OPTEE_TZDRAM_SIZE;
> include/configs/mx7_common.h:52:#if (CONFIG_OPTEE_TZDRAM_SIZE != 0)

I have an idea how to work around that.


> And for me this configuration (size of memory used by OPTEE) is more a 
> system configuration
> depending of the OP-TEE firmware used than a Device Tree configuration 
> at SPL level
> 
> PS: for the TF-A case it is done in a secure FW configuration file => in 
> the FIP
>        this information is no hardcoded information in BL2
>      in SPL, the load address / entry point it is already provided by 
> FIT for OPTEE image
> 
>       (=> optee_image_get_load_addr / optee_image_get_entry_point)
>       no need to have this information in DT (optee base address)
> 
> tools/default_image.c:119
> 
>      if (params->os == IH_OS_TEE) {
>          addr = optee_image_get_load_addr(hdr);
>          ep = optee_image_get_entry_point(hdr);
> 
>      }

The OPTEE entry point is available:
1) in both FIT and uImage files.
2) As the optee reserved-memory node in DT
3) Via CONFIG_OPTEE_TZDRAM_BASE

On the one hand, (1) and (2) together could hint that the OPTEE image is 
incompatible with the board, so they are not completely redundant.
On the other hand, there is no point in (3) given that the information 
could be obtained in at least two other ways.


> 
>      for CONFIG_OPTEE_TZDRAM_SIZE, I think that can be also found by 
> parsing the OP-TEE header
> 
> => see : init_mem_usage
> 
>      the OPTEE should be access to this memory .....
>      and it can change the firewall configuration is it is necessary
>      for the shared memory for example
> 
> 
> => no need to update first stage boot loader = SPL (with the risk to 
> brick the device)
>       when only OP-TEE firmware change

I see your point. It's a packaging issue, which we could solve with FIT, 
but not with uImage. Though, how often does an OP-TEE update change the 
TZDRAM location?


>>>     - Remove optee_verify_bootm_image()
> 
> but it is used in
> 
> common/bootm_os.c:491:    ret = 
> optee_verify_boot_image(images->os.image_start,

Yes. It only checks if the OP-TEE image fits within some hardcoded, and 
potentially wrong, boundaries. Which is contrary to your arguments from 
a few paragraphs ago. Just don't call optee_verify_boot_image in bootm_os.c.

Alex