Hi,
by this patchset I want to improve the current barebox OP-TEE handling.
Currently there are many paths which do all have their own pitfalls.
- ARM (i.MX6, i.MX6UL(L)):
- bootm OP-TEE loading (deprecated)
- early boot loading:
Barebox and OP-TEE make use of a 'magic' FDT memory location, which
was used by OP-TEE to pass information like 'reserved-memory' nodes
and the used firmware interface and the psci node.
Barebox doesn't pass the builtin FDT which could be used by OP-TEE
to determine the memory setup or the CAAM jobring setup.
- ARM64 (i.MX8M, i.MX93, Rockchip):
- early boot loading via BL2
Barebox doesn't make use of the 'magic' FDT memroy location and
instead uses Kconfig options which need to be in sync with the
OP-TEE config switches during compile time to configure the
'reserved-memory' nodes and firmware interface.
Barebox doesn't pass the builtin FDT which could be used by OP-TEE
to determine the memory setup or the CAAM jobring setup.
- RISC-V
- no OP-TEE support yet
This patchset implements a common OP-TEE boot flow, while keeping the
backward compatibility. The common flow looks like this:
- BL2 (barebox-pbl):
- opt. extracts the builtin DTB into a buffer
- passes the DTB to OP-TEE via arch dependend boot arguments.
- OP-TEE
- uses the DTB to gather information like memory setup
- can dyn. configure the TZC accordingly
- provides information back to barebox via DTB overlay fragments
(added to the provided DTB). This can be 'reserved-memory' nodes,
OP-TEE call-interface (smc), or secure HW configurations (like CAAM
secure-jobrings)
- BL33 (barebox-pbl)
- Uses the DTB passed to and received from OP-TEE which contains DTB
overlay fragments now and registers this as TEE_DT_OVL handoff
data for barebox-proper.
- BL33 (barebox-proper)
- the common barebox proper boot path checks for the existence of
TEE_DT_OVL handoff-data and registers an OF overlay as early as
possible if found.
BL2, OP-TEE and BL33 (pbl) are architecture dependend steps for which
common helpers are added by this patchset.
BL33 (proper) is common to all and addressed by this patchset as well.
The patchset targets the i.MX8M platforms, other platforms need to be
converted later on.
Regards,
Marco
---
Changes in v2:
- Link to v1:
https://lore.barebox.org/barebox/20251110-v2025-09-0-topic-optee-of-handling-v1-0-8f0625ac5...@pengutronix.de/
- Drop extracting the FDT overlay __fragment__ in PBL and register the
whole DTB received from OP-TEE as overlay. The common code will
extract the __fragment__ nodes. (Ahmad)
- Drop patches which are already in master
- Drop FDTO scratch area (Ahmad)
- Drop breaking common board lowlevel API (Ahmad)
- Drop /secure-chosen/stdout-path adaptions, no longer required
To: Sascha Hauer <[email protected]>
To: open list:BAREBOX <[email protected]>
Signed-off-by: Marco Felsch <[email protected]>
---
Marco Felsch (15):
ARM: i.MX8M: add support to pass DT via lowlevel
__imx8m*_load_and_start_image_via_tfa()
ARM: i.MX8M: move BL32 setup into imx8m_tfa_start_bl31()
ARM: i.MX8M: imx8m_tfa_start_bl31() add support for bl33 and fdt
pbl: decomp: add pbl_dtbz_uncompress helper
pbl: fdt: add pbl_load_fdt helper
ARM: i.MX: scratch: add FDT support
ARM: i.MX8M: esdctl: drop ddrc base from imx8m_ddrc_sdram_size
ARM: i.MX8M: esdctl: export imx8m_ddrc_sdram_size()
ARM: i.MX8M: add support to pass BL3x bl_params
handoff-data: Add TEE_DT_OVL entry
security: optee: add optee_handoff_overlay helper
security: optee: add helpers to register OF overlays
ARM: i.MX8M: Pass optional OP-TEE overlay to barebox
of: base: register optional OP-TEE overlay
handoff-data: add missing include
arch/arm/mach-imx/Kconfig | 16 +++
arch/arm/mach-imx/atf.c | 252 ++++++++++++++++++++++++--------------
arch/arm/mach-imx/esdctl.c | 53 +++++++-
arch/arm/mach-imx/imx9.c | 2 +-
arch/arm/mach-imx/scratch.c | 24 ++++
arch/arm/mach-rockchip/rockchip.c | 3 +-
common/Kconfig | 14 +++
drivers/of/base.c | 3 +
drivers/soc/imx/soc-imx8m.c | 3 +-
drivers/tee/optee/of_fixup.c | 41 +++++++
include/mach/imx/esdctl.h | 1 +
include/mach/imx/scratch.h | 2 +
include/mach/imx/xload.h | 8 +-
include/pbl.h | 3 +
include/pbl/handoff-data.h | 2 +
include/tee/optee.h | 16 +++
pbl/decomp.c | 6 +
pbl/fdt.c | 79 ++++++++++++
pbl/handoff-data.c | 2 +
security/Kconfig | 9 ++
security/optee.c | 15 ++-
21 files changed, 448 insertions(+), 106 deletions(-)
---
base-commit: 8781fc641fc147df639c9e767a89aa3277d2c9be
change-id: 20251110-v2025-09-0-topic-optee-of-handling-e9f51531c464
Best regards,
--
Marco Felsch <[email protected]>
