[PATCH v2] imx8m: Guard binman nodes with CONFIG_OPTEE
From: Fabio Estevam festevam@denx.de
Guard binman nodes with CONFIG_OPTEE to fix the following error when building without optee support:
BINMAN .binman_stamp Image 'image' has faked external blobs and is non-functional: tee.bin
Image 'image' is missing optional external blobs but is still functional: tee-os
/binman/section/fit/images/tee/tee-os (tee.bin): See the documentation for your board. You may need to build Open Portable Trusted Execution Environment (OP-TEE) and build with TEE=/path/to/tee.bin
Some images are invalid make: *** [Makefile:1135: .binman_stamp] Error 103
While at it, only pass tee to the loadables lines when CONFIG_OPTEE is defined.
Reported-by: Tim Harvey tharvey@gateworks.com Signed-off-by: Fabio Estevam festevam@denx.de Reviewed-by: Tom Rini trini@konsulko.com --- Changes since v1: - Also guard the loadables line. (Tim)
arch/arm/dts/imx8mm-u-boot.dtsi | 6 ++++++ arch/arm/dts/imx8mn-u-boot.dtsi | 6 ++++++ arch/arm/dts/imx8mp-u-boot.dtsi | 6 ++++++ arch/arm/dts/imx8mq-u-boot.dtsi | 6 ++++++ 4 files changed, 24 insertions(+)
diff --git a/arch/arm/dts/imx8mm-u-boot.dtsi b/arch/arm/dts/imx8mm-u-boot.dtsi index ecc2319279ea..8608fa004fdc 100644 --- a/arch/arm/dts/imx8mm-u-boot.dtsi +++ b/arch/arm/dts/imx8mm-u-boot.dtsi @@ -164,6 +164,7 @@ }; #endif
+#ifdef CONFIG_OPTEE tee: tee { description = "OP-TEE"; type = "tee"; @@ -178,6 +179,7 @@ optional; }; }; +#endif
binman_fip: fip { arch = "arm64"; @@ -207,7 +209,11 @@ fdt = "fdt-SEQ"; firmware = "uboot"; #ifndef CONFIG_ARMV8_PSCI +#ifdef CONFIG_OPTEE loadables = "atf", "tee"; +#else + loadables = "atf"; +#endif #endif }; }; diff --git a/arch/arm/dts/imx8mn-u-boot.dtsi b/arch/arm/dts/imx8mn-u-boot.dtsi index 4a4498b36b01..bf2bb0f17c77 100644 --- a/arch/arm/dts/imx8mn-u-boot.dtsi +++ b/arch/arm/dts/imx8mn-u-boot.dtsi @@ -240,6 +240,7 @@ }; #endif
+#ifdef CONFIG_OPTEE tee: tee { description = "OP-TEE"; type = "tee"; @@ -254,6 +255,7 @@ optional; }; }; +#endif
binman_fip: fip { arch = "arm64"; @@ -283,7 +285,11 @@ fdt = "fdt-SEQ"; firmware = "uboot"; #ifndef CONFIG_ARMV8_PSCI +#ifdef CONFIG_OPTEE loadables = "atf", "tee"; +#else + loadables = "atf"; +#endif #endif }; }; diff --git a/arch/arm/dts/imx8mp-u-boot.dtsi b/arch/arm/dts/imx8mp-u-boot.dtsi index 9ede98a11e42..9e590c3bba07 100644 --- a/arch/arm/dts/imx8mp-u-boot.dtsi +++ b/arch/arm/dts/imx8mp-u-boot.dtsi @@ -185,6 +185,7 @@ }; #endif
+#ifdef CONFIG_OPTEE tee: tee { description = "OP-TEE"; type = "tee"; @@ -199,6 +200,7 @@ optional; }; }; +#endif
@fdt-SEQ { description = "NAME"; @@ -219,7 +221,11 @@ fdt = "fdt-SEQ"; firmware = "uboot"; #ifndef CONFIG_ARMV8_PSCI +#ifdef CONFIG_OPTEE loadables = "atf", "tee"; +#else + loadables = "atf"; +#endif #endif }; }; diff --git a/arch/arm/dts/imx8mq-u-boot.dtsi b/arch/arm/dts/imx8mq-u-boot.dtsi index 93e2ef27f7ce..458657fc4749 100644 --- a/arch/arm/dts/imx8mq-u-boot.dtsi +++ b/arch/arm/dts/imx8mq-u-boot.dtsi @@ -144,6 +144,7 @@ }; #endif
+#ifdef CONFIG_OPTEE tee: tee { description = "OP-TEE"; type = "tee"; @@ -158,6 +159,7 @@ optional; }; }; +#endif
fdt { compression = "none"; @@ -179,7 +181,11 @@ fdt = "fdt"; firmware = "uboot"; #ifndef CONFIG_ARMV8_PSCI +#ifdef CONFIG_OPTEE loadables = "atf", "tee"; +#else + loadables = "atf"; +#endif #endif }; };
Subject: [PATCH v2] imx8m: Guard binman nodes with CONFIG_OPTEE
From: Fabio Estevam festevam@denx.de
Guard binman nodes with CONFIG_OPTEE to fix the following error when building without optee support:
BINMAN .binman_stamp Image 'image' has faked external blobs and is non-functional: tee.bin
Image 'image' is missing optional external blobs but is still functional: tee-os
/binman/section/fit/images/tee/tee-os (tee.bin): See the documentation for your board. You may need to build Open Portable Trusted Execution Environment (OP-TEE) and build with TEE=/path/to/tee.bin
Some images are invalid make: *** [Makefile:1135: .binman_stamp] Error 103
While at it, only pass tee to the loadables lines when CONFIG_OPTEE is defined.
Reported-by: Tim Harvey tharvey@gateworks.com Signed-off-by: Fabio Estevam festevam@denx.de Reviewed-by: Tom Rini trini@konsulko.com
Reviewed-by: Peng Fan peng.fan@nxp.com
Hi Fabio,
On Thu, 2025-01-16 at 22:56 -0300, Fabio Estevam wrote:
From: Fabio Estevam festevam@denx.de
Guard binman nodes with CONFIG_OPTEE to fix the following error when building without optee support:
BINMAN .binman_stamp Image 'image' has faked external blobs and is non-functional: tee.bin
Image 'image' is missing optional external blobs but is still functional: tee-os
/binman/section/fit/images/tee/tee-os (tee.bin): See the documentation for your board. You may need to build Open Portable Trusted Execution Environment (OP-TEE) and build with TEE=/path/to/tee.bin
Some images are invalid make: *** [Makefile:1135: .binman_stamp] Error 103
While at it, only pass tee to the loadables lines when CONFIG_OPTEE is defined.
Reported-by: Tim Harvey tharvey@gateworks.com Signed-off-by: Fabio Estevam festevam@denx.de Reviewed-by: Tom Rini trini@konsulko.com
Tested-by: Yannic Moog y.moog@phytec.de
Tested on phycore-imx8mp.
This patch does solve the problem as reported by Tim.
I have a question: Since tee.bin is marked as optional, we still get the same behaviour when OPTEE is set but no tee.bin is supplied. What do you suggest to do to remedy this?
We could remove the optional. Given that we guard it with CONFIG_OPTEE it makes sense that the tee binary must then be supplied and should no longer be considered optional.
On the other hand we could fix the build error when it is marked as optional and not present. This could allow us to remove the guard introduced here.
Further, we could combine these two ideas and add a guard that requires tee.bin when CONFIG_OPTEE is set and marks it as optional when CONFIG_OPTEE is not set like so
tee: tee { description = "OP-TEE"; type = "tee"; arch = "arm64"; compression = "none"; os = "tee"; load = <CONFIG_IMX8M_OPTEE_LOAD_ADDR>; entry = <CONFIG_IMX8M_OPTEE_LOAD_ADDR>;
tee-os { filename = "tee.bin"; #ifndef CONFIG_OPTEE optional; #endif }; };
Yannic
Changes since v1:
- Also guard the loadables line. (Tim)
arch/arm/dts/imx8mm-u-boot.dtsi | 6 ++++++ arch/arm/dts/imx8mn-u-boot.dtsi | 6 ++++++ arch/arm/dts/imx8mp-u-boot.dtsi | 6 ++++++ arch/arm/dts/imx8mq-u-boot.dtsi | 6 ++++++ 4 files changed, 24 insertions(+)
diff --git a/arch/arm/dts/imx8mm-u-boot.dtsi b/arch/arm/dts/imx8mm-u-boot.dtsi index ecc2319279ea..8608fa004fdc 100644 --- a/arch/arm/dts/imx8mm-u-boot.dtsi +++ b/arch/arm/dts/imx8mm-u-boot.dtsi @@ -164,6 +164,7 @@ }; #endif +#ifdef CONFIG_OPTEE tee: tee { description = "OP-TEE"; type = "tee"; @@ -178,6 +179,7 @@ optional; }; }; +#endif binman_fip: fip { arch = "arm64"; @@ -207,7 +209,11 @@ fdt = "fdt-SEQ"; firmware = "uboot"; #ifndef CONFIG_ARMV8_PSCI +#ifdef CONFIG_OPTEE loadables = "atf", "tee"; +#else
loadables = "atf";+#endif #endif }; };
[...]
Hi Yannic,
On Fri, Jan 17, 2025 at 5:24 AM Yannic Moog Y.Moog@phytec.de wrote:
I have a question: Since tee.bin is marked as optional, we still get the same behaviour when OPTEE is set but no tee.bin is supplied. What do you suggest to do to remedy this?
We could remove the optional. Given that we guard it with CONFIG_OPTEE it makes sense that the tee binary must then be supplied and should no longer be considered optional.
Yes, this makes sense.
Would you mind sending a patch?
Thanks
On Tue, 2025-01-21 at 11:09 -0300, Fabio Estevam wrote:
Hi Yannic,
On Fri, Jan 17, 2025 at 5:24 AM Yannic Moog Y.Moog@phytec.de wrote:
I have a question: Since tee.bin is marked as optional, we still get the same behaviour when OPTEE is set but no tee.bin is supplied. What do you suggest to do to remedy this?
We could remove the optional. Given that we guard it with CONFIG_OPTEE it makes sense that the tee binary must then be supplied and should no longer be considered optional.
Yes, this makes sense.
Would you mind sending a patch?
Will do
Yannic
Thanks
On Thu, Jan 16, 2025 at 10:57 PM Fabio Estevam festevam@gmail.com wrote:
From: Fabio Estevam festevam@denx.de
Guard binman nodes with CONFIG_OPTEE to fix the following error
when building without optee support:
BINMAN .binman_stamp Image 'image' has faked external blobs and is non-functional: tee.bin
Image 'image' is missing optional external blobs but is still functional: tee-os
/binman/section/fit/images/tee/tee-os (tee.bin): See the documentation for your board. You may need to build Open Portable Trusted Execution Environment (OP-TEE) and build with TEE=/path/to/tee.bin
Some images are invalid make: *** [Makefile:1135: .binman_stamp] Error 103
While at it, only pass tee to the loadables lines when CONFIG_OPTEE is defined.
Reported-by: Tim Harvey tharvey@gateworks.com Signed-off-by: Fabio Estevam festevam@denx.de Reviewed-by: Tom Rini trini@konsulko.com
Applied, thanks.
participants (3)
-
Fabio Estevam -
Peng Fan -
Yannic Moog