On 15/01/18 04:48, Peng Fan wrote:
On Mon, Jan 15, 2018 at 11:25:00AM +0800, Kever Yang wrote:
Bryan,
On 01/12/2018 11:10 PM, Bryan O'Donoghue wrote:
On 12/01/18 11:27, Philipp Tomsich wrote:
OP-TEE is an open source trusted OS, in armv7, its loading and running are like this: loading:
- SPL load both OP-TEE and U-Boot
running:
- SPL run into OP-TEE in secure mode;
- OP-TEE run into U-Boot in non-secure mode;
More detail: https://github.com/OP-TEE/optee_os and search for 'boot arguments' for detail entry parameter in: core/arch/arm/kernel/generic_entry_a32.S
Signed-off-by: Kever Yang kever.yang@rock-chips.com
Changes in v4:
- use NULL instead of '0'
- add fdt_addr as arg2 of entry
Changes in v3: None Changes in v2:
Using new image type for op-tee
common/spl/Kconfig | 7 +++++++ common/spl/Makefile | 1 + common/spl/spl.c | 9 +++++++++ common/spl/spl_optee.S | 13 +++++++++++++ include/spl.h | 13 +++++++++++++ 5 files changed, 43 insertions(+) create mode 100644 common/spl/spl_optee.S
Acked-by: Philipp Tomsich philipp.tomsich@theobroma-systems.com _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Kever, Philipp
I have patches that define a IH_TYPE_OPTEE as a bootable OPTEE image (one that never returns to u-boot).
I don't understand how you use OP-TEE in your project. You are using U-Boot 'bootm' cmd to run into OP-TEE and 'PC' never get out of the OP-TEE os? The upstream OP-TEE will always be back to the pointer in 'lr'.
We are using boot flow like ARMv8 for OP-TEE in armv7, could you introduce your flow?
The flow is ROM->U-Boot->OP-TEE->Linux.
Hi Kever, this got buried in my mailbox...
Which I believe is the preferred flow for armv7
That said - if you look at the TI commits for IH_TYPE_TEE I believe *that* is the appropriate type for what you are doing with SPL.
As I read the TI code the TEE is installed into memory - jumped into and returned out of, which is the model you are using with SPL here.
Basically that's what arch/arm/mach-omap2/sec-common.c::secure_tee_install() does.
So, I think the SPL solution you have can co-exist quite easily with the model we have described above for imx7.
My only suggestion here is that you probably don't need to define a new image type for SPL - you can reuse IH_TYPE_TEE for SPL as below.
Other than that I think the SPL/bootm or indeed the TI method of installing a TEE are entirely able to (and should) live side-by-side.
+#if CONFIG_IS_ENABLED(OPTEE)
- case IH_TYPE_TEE:
debug("Jumping to U-Boot via OP-TEE\n");spl_optee_entry(NULL, NULL, spl_image->fdt_addr,(void *)spl_image.entry_point);break;+#endif