[RFC PATCH 0/2] Integrate OP-TEE into the RISC-V boot flow
This patch series adds support for integrating OP-TEE OS into the RISC-V boot flow. It allows specifying the load address of the OP-TEE binary and updates binman to include the OP-TEE OS image.
Yu-Chien Peter Lin (2): riscv: Add CONFIG_SPL_OPTEE_LOAD_ADDR riscv: dts: binman.dtsi: Include OP-TEE OS image
arch/riscv/Kconfig | 6 ++++++ arch/riscv/dts/binman.dtsi | 26 ++++++++++++++++++++++++-- 2 files changed, 30 insertions(+), 2 deletions(-)
Allow specifying load address of OP-TEE binary. It is recommended that the specified address aligns with the base address of an PMP-protected NAPOT region and matches the CFG_TDDRAM_START configuration in OP-TEE.
Signed-off-by: Yu-Chien Peter Lin peter.lin@sifive.com --- arch/riscv/Kconfig | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index a160d24fb03..9a9458026d3 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -582,4 +582,10 @@ config SPL_LOAD_FIT_OPENSBI_OS_BOOT This is a shortcut boot flow, from u-boot SPL -> OpenSBI -> u-boot proper -> linux to u-boot SPL -> OpenSBI -> linux.
+config SPL_OPTEE_LOAD_ADDR + hex "OP-TEE Trusted OS image load address" + depends on OPTEE + help + Load address of the OP-TEE binary. + endmenu
The following diagram illustrates the boot flow for OP-TEE OS initialization on RISC-V.
(1)-----------+ | U-Boot SPL | +------------+ | v (2)-------------------------------------------------------------+ | OpenSBI (fw_dynamic.bin) | | (4)------------------------+ | | | optee dispatcher driver | | +-----------------+-------^---------|-------+------------------+ M-mode | | | ---------+--[trusted domain]---+----.----+--[untrusted domain]------- S-mode | (coldboot domain) | | | v | | v (3)---------------------------+ |(5)----------------------------+ | OP-TEE OS (tee.bin) | | | U-Boot (u-boot-nodtb.bin) | +----------------------------+ | +-----------------------------+ | | | v |(6)----------------------------+ | | Linux | | +-----------------------------+
This patch enables the inclusion of the OP-TEE binary within the U-Boot ITB, allowing it to be loaded to a platform defined address by U-Boot SPL.
Signed-off-by: Yu-Chien Peter Lin peter.lin@sifive.com --- arch/riscv/dts/binman.dtsi | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-)
diff --git a/arch/riscv/dts/binman.dtsi b/arch/riscv/dts/binman.dtsi index 9271de0ddfc..0405faca574 100644 --- a/arch/riscv/dts/binman.dtsi +++ b/arch/riscv/dts/binman.dtsi @@ -53,6 +53,19 @@ }; }; #endif +#ifdef CONFIG_OPTEE + tee { + description = "OP-TEE"; + type = "tee"; + arch = "riscv"; + compression = "none"; + os = "tee"; + load = /bits/ 64 <CONFIG_SPL_OPTEE_LOAD_ADDR>; + tee_blob: tee-os { + filename = "tee.bin"; + }; + }; +#endif
opensbi { description = "OpenSBI fw_dynamic Firmware"; @@ -88,11 +101,20 @@ #endif description = "NAME"; firmware = "opensbi"; -#ifndef CONFIG_SPL_LOAD_FIT_OPENSBI_OS_BOOT - loadables = "uboot"; +#ifdef CONFIG_OPTEE +#ifdef CONFIG_SPL_LOAD_FIT_OPENSBI_OS_BOOT + loadables = "linux", "tee"; #else + loadables = "uboot", "tee"; +#endif +#else /* !CONFIG_OPTEEE */ +#ifdef CONFIG_SPL_LOAD_FIT_OPENSBI_OS_BOOT loadables = "linux"; +#else + loadables = "uboot"; #endif +#endif /* CONFIG_OPTEE */ + #ifndef CONFIG_OF_BOARD fdt = "fdt-SEQ"; #endif
participants (1)
-
Yu-Chien Peter Lin