On Tue, Sep 3, 2019 at 11:34 AM Igor Opaniuk igor.opaniuk@gmail.com wrote:
Hi Ricardo,
On Tue, Sep 3, 2019 at 4:53 PM Ricardo Salveti ricardo@foundries.io wrote:
On Tue, Sep 3, 2019 at 12:09 AM Peng Fan peng.fan@nxp.com wrote:
Subject: [PATCH] apalis_imx6: allocate specific region of memory to OP-TEE
OP-TEE uses the memory region defined by the maximum DRAM address minus CONFIG_OPTEE_TZDRAM_SIZE, so subtract CONFIG_OPTEE_TZDRAM_SIZE from the available DRAM size to avoid conflicts.
Signed-off-by: Ricardo Salveti ricardo@foundries.io
board/toradex/apalis_imx6/apalis_imx6.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/board/toradex/apalis_imx6/apalis_imx6.c b/board/toradex/apalis_imx6/apalis_imx6.c index 6421a22c25..fa7fcc8d46 100644 --- a/board/toradex/apalis_imx6/apalis_imx6.c +++ b/board/toradex/apalis_imx6/apalis_imx6.c @@ -75,6 +75,11 @@ int dram_init(void) gd->ram_size = get_ram_size((void *)CONFIG_SYS_SDRAM_BASE, (ulong)imx_ddr_size());
/* Subtract the defined OPTEE runtime firmware length */ #ifdef+CONFIG_OPTEE_TZDRAM_SIZE
gd->ram_size -= CONFIG_OPTEE_TZDRAM_SIZE; #endifHas OPTEE been enabled? I not see that in defconfig.
Not yet enable by default, this is just to make it compatible with OP-TEE.
Should we have it enabled by default at apalis_imx6_defconfig? I could also send another patch to add a new config that has secure boot and OP-TEE enabled by default, as done with a few other imx targets.
IMHO, idea with a new config makes sense, as besides CONFIG_BOOTM_OPTEE=y we should also add CONFIG_ARMV7_BOOT_SEC_DEFAULT=y and provide appropriate CONFIG_BOOTCOMMAND to boot TEE blob (although we're currently in the middle of transition to distroboot usage by default, where we can handle all this in a boot script instead).
The flow I'm currently using is a bit different, using SPL FIT and loading OP-TEE from SPL itself (in order to load secure world earlier in the boot chain), which then loads U-Boot in normal world. That way we don't actually need to change the default bootcommand logic, as most of the heavy work is done by SPL instead of u-boot.
Once some of the needed patches land (e.g. supporting larger SPL on iMX6DQ) I will propose a new config with this setup, so we can all review it.
Cheers,
-- Ricardo Salveti