Message ID | 20191001212347.15009-1-heiko@sntech.de |
---|---|
State | Superseded |
Delegated to: | Philipp Tomsich |
Headers | show |
Series | [U-Boot,1/2] rockchip: make_fit_atf.py: allow inclusion of a tee binary | expand |
Hi Heiko, On Tue, 1 Oct 2019 at 14:23, Heiko Stuebner <heiko@sntech.de> wrote: > > A trusted execution environment should also get loaded as loadable from > a fit image, so add the possibility to present a tee.elf to make_fit_atf.py > that then gets included as additional loadable into the generated its. > > For ease of integration the additional loadable is created as atf_(x+1) > after all others to re-use core generation loops. > > Tested against the combinations of 1-part-atf and multi-part-atf each > time with and without a tee binary present. > > Signed-off-by: Heiko Stuebner <heiko@sntech.de> > --- > arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++--- > 1 file changed, 46 insertions(+), 6 deletions(-) > Instead of building up another tool, could we use binman for this? If not, what is missing? Regards, Simon
Hi Simon, Am Donnerstag, 10. Oktober 2019, 19:06:12 CEST schrieb Simon Glass: > On Tue, 1 Oct 2019 at 14:23, Heiko Stuebner <heiko@sntech.de> wrote: > > A trusted execution environment should also get loaded as loadable from > > a fit image, so add the possibility to present a tee.elf to make_fit_atf.py > > that then gets included as additional loadable into the generated its. > > > > For ease of integration the additional loadable is created as atf_(x+1) > > after all others to re-use core generation loops. > > > > Tested against the combinations of 1-part-atf and multi-part-atf each > > time with and without a tee binary present. > > > > Signed-off-by: Heiko Stuebner <heiko@sntech.de> > > --- > > arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++--- > > 1 file changed, 46 insertions(+), 6 deletions(-) > > > > Instead of building up another tool, could we use binman for this? If > not, what is missing? make_fit_atf.py is the existing tool and I've no real experience with binman so far, so I don't really know. make_fit_atf.py is the script used to create the u-boot.its used as base for the uboot fit image loaded from SPL, so it's the script set in the SPL_FIT_GENERATOR Kconfig similar to sunxi and riscv. For this it parses the ATF.elf and (now) TEE.elf to get the actual load addresses for the loadables (the ATF.elf contains separate sections for main DDR and often additional SRAM locations for loadables of variable number) and creates the .its based on this data. Looking at the binman README: "Binman considers FIT to be one of the binaries it can place in the image. Where possible it is best to put as much as possible in the FIT, with binman used to deal with cases not covered by FIT." So it looks like that should stay as it is? Or is that documentation outdated? Heiko
Hi Heiko, On Thu, 10 Oct 2019 at 12:28, Heiko Stübner <heiko@sntech.de> wrote: > > Hi Simon, > > Am Donnerstag, 10. Oktober 2019, 19:06:12 CEST schrieb Simon Glass: > > On Tue, 1 Oct 2019 at 14:23, Heiko Stuebner <heiko@sntech.de> wrote: > > > A trusted execution environment should also get loaded as loadable from > > > a fit image, so add the possibility to present a tee.elf to make_fit_atf.py > > > that then gets included as additional loadable into the generated its. > > > > > > For ease of integration the additional loadable is created as atf_(x+1) > > > after all others to re-use core generation loops. > > > > > > Tested against the combinations of 1-part-atf and multi-part-atf each > > > time with and without a tee binary present. > > > > > > Signed-off-by: Heiko Stuebner <heiko@sntech.de> > > > --- > > > arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++--- > > > 1 file changed, 46 insertions(+), 6 deletions(-) > > > > > > > Instead of building up another tool, could we use binman for this? If > > not, what is missing? > > make_fit_atf.py is the existing tool and I've no real experience with > binman so far, so I don't really know. > > make_fit_atf.py is the script used to create the u-boot.its used as base > for the uboot fit image loaded from SPL, so it's the script set in the > SPL_FIT_GENERATOR Kconfig similar to sunxi and riscv. > > For this it parses the ATF.elf and (now) TEE.elf to get the actual load > addresses for the loadables (the ATF.elf contains separate sections for > main DDR and often additional SRAM locations for loadables of variable > number) and creates the .its based on this data. binman has functionality to obtain symbol addresses (see for example > > > Looking at the binman README: > "Binman considers FIT to be one of the binaries it can place in the image. > Where possible it is best to put as much as possible in the FIT, with binman > used to deal with cases not covered by FIT." Also see the slides from a recent talk [1]. > > So it looks like that should stay as it is? Or is that documentation outdated? It seems like we should create a FIT generator in binman. FIT support is in the TODO but not yet done. Do you want to have a try? It basically involves creating a new entry type, e.g. 'rockchip-fit.py' that generates the FIT (from a template) and then runs mkimage. Regards, Simon [1] https://osfc.io/uploads/talk/paper/45/Binman_-_A_data-controlled_firmware_packer_for_U-Boot.pdf
On 2019/10/2 上午5:23, Heiko Stuebner wrote: > A trusted execution environment should also get loaded as loadable from > a fit image, so add the possibility to present a tee.elf to make_fit_atf.py > that then gets included as additional loadable into the generated its. > > For ease of integration the additional loadable is created as atf_(x+1) > after all others to re-use core generation loops. > > Tested against the combinations of 1-part-atf and multi-part-atf each > time with and without a tee binary present. > > Signed-off-by: Heiko Stuebner <heiko@sntech.de> Reviewed-by: Kever Yang<kever.yang@rock-chips.com> Thanks, - Kever > --- > arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++--- > 1 file changed, 46 insertions(+), 6 deletions(-) > > diff --git a/arch/arm/mach-rockchip/make_fit_atf.py b/arch/arm/mach-rockchip/make_fit_atf.py > index 585edcf9d5..3c045a5e17 100755 > --- a/arch/arm/mach-rockchip/make_fit_atf.py > +++ b/arch/arm/mach-rockchip/make_fit_atf.py > @@ -63,6 +63,21 @@ def append_bl31_node(file, atf_index, phy_addr, elf_entry): > file.write('\t\t};\n') > file.write('\n') > > +def append_tee_node(file, atf_index, phy_addr, elf_entry): > + # Append TEE DT node to input FIT dts file. > + data = 'tee_0x%08x.bin' % phy_addr > + file.write('\t\tatf_%d {\n' % atf_index) > + file.write('\t\t\tdescription = \"TEE\";\n') > + file.write('\t\t\tdata = /incbin/("%s");\n' % data) > + file.write('\t\t\ttype = "tee";\n') > + file.write('\t\t\tarch = "arm64";\n') > + file.write('\t\t\tos = "tee";\n') > + file.write('\t\t\tcompression = "none";\n') > + file.write('\t\t\tload = <0x%08x>;\n' % phy_addr) > + file.write('\t\t\tentry = <0x%08x>;\n' % elf_entry) > + file.write('\t\t};\n') > + file.write('\n') > + > def append_fdt_node(file, dtbs): > # Append FDT nodes. > cnt = 1 > @@ -115,15 +130,23 @@ def generate_atf_fit_dts_uboot(fit_file, uboot_file_name): > index, entry, p_paddr, data = segments[0] > fit_file.write(DT_UBOOT % p_paddr) > > -def generate_atf_fit_dts_bl31(fit_file, bl31_file_name, dtbs_file_name): > +def generate_atf_fit_dts_bl31(fit_file, bl31_file_name, tee_file_name, dtbs_file_name): > segments = unpack_elf(bl31_file_name) > for index, entry, paddr, data in segments: > append_bl31_node(fit_file, index + 1, paddr, entry) > + num_segments = len(segments) > + > + if tee_file_name: > + tee_segments = unpack_elf(tee_file_name) > + for index, entry, paddr, data in tee_segments: > + append_tee_node(fit_file, num_segments + index + 1, paddr, entry) > + num_segments = num_segments + len(tee_segments) > + > append_fdt_node(fit_file, dtbs_file_name) > fit_file.write(DT_IMAGES_NODE_END) > - append_conf_node(fit_file, dtbs_file_name, len(segments)) > + append_conf_node(fit_file, dtbs_file_name, num_segments) > > -def generate_atf_fit_dts(fit_file_name, bl31_file_name, uboot_file_name, dtbs_file_name): > +def generate_atf_fit_dts(fit_file_name, bl31_file_name, tee_file_name, uboot_file_name, dtbs_file_name): > # Generate FIT script for ATF image. > if fit_file_name != sys.stdout: > fit_file = open(fit_file_name, "wb") > @@ -132,7 +155,7 @@ def generate_atf_fit_dts(fit_file_name, bl31_file_name, uboot_file_name, dtbs_fi > > fit_file.write(DT_HEADER) > generate_atf_fit_dts_uboot(fit_file, uboot_file_name) > - generate_atf_fit_dts_bl31(fit_file, bl31_file_name, dtbs_file_name) > + generate_atf_fit_dts_bl31(fit_file, bl31_file_name, tee_file_name, dtbs_file_name) > fit_file.write(DT_END) > > if fit_file_name != sys.stdout: > @@ -144,6 +167,13 @@ def generate_atf_binary(bl31_file_name): > with open(file_name, "wb") as atf: > atf.write(data) > > +def generate_tee_binary(tee_file_name): > + if tee_file_name: > + for index, entry, paddr, data in unpack_elf(tee_file_name): > + file_name = 'tee_0x%08x.bin' % paddr > + with open(file_name, "wb") as atf: > + atf.write(data) > + > def unpack_elf(filename): > with open(filename, 'rb') as file: > elf = file.read() > @@ -178,7 +208,14 @@ def main(): > logging.warning(' BL31 file bl31.elf NOT found, resulting binary is non-functional') > logging.warning(' Please read Building section in doc/README.rockchip') > > - opts, args = getopt.getopt(sys.argv[1:], "o:u:b:h") > + if "TEE" in os.environ: > + tee_elf = os.getenv("TEE") > + elif os.path.isfile("./tee.elf"): > + tee_elf = "./tee.elf" > + else: > + tee_elf = "" > + > + opts, args = getopt.getopt(sys.argv[1:], "o:u:b:t:h") > for opt, val in opts: > if opt == "-o": > fit_its = val > @@ -186,14 +223,17 @@ def main(): > uboot_elf = val > elif opt == "-b": > bl31_elf = val > + elif opt == "-t": > + tee_elf = val > elif opt == "-h": > print(__doc__) > sys.exit(2) > > dtbs = args > > - generate_atf_fit_dts(fit_its, bl31_elf, uboot_elf, dtbs) > + generate_atf_fit_dts(fit_its, bl31_elf, tee_elf, uboot_elf, dtbs) > generate_atf_binary(bl31_elf) > + generate_tee_binary(tee_elf) > > if __name__ == "__main__": > main()
diff --git a/arch/arm/mach-rockchip/make_fit_atf.py b/arch/arm/mach-rockchip/make_fit_atf.py index 585edcf9d5..3c045a5e17 100755 --- a/arch/arm/mach-rockchip/make_fit_atf.py +++ b/arch/arm/mach-rockchip/make_fit_atf.py @@ -63,6 +63,21 @@ def append_bl31_node(file, atf_index, phy_addr, elf_entry): file.write('\t\t};\n') file.write('\n') +def append_tee_node(file, atf_index, phy_addr, elf_entry): + # Append TEE DT node to input FIT dts file. + data = 'tee_0x%08x.bin' % phy_addr + file.write('\t\tatf_%d {\n' % atf_index) + file.write('\t\t\tdescription = \"TEE\";\n') + file.write('\t\t\tdata = /incbin/("%s");\n' % data) + file.write('\t\t\ttype = "tee";\n') + file.write('\t\t\tarch = "arm64";\n') + file.write('\t\t\tos = "tee";\n') + file.write('\t\t\tcompression = "none";\n') + file.write('\t\t\tload = <0x%08x>;\n' % phy_addr) + file.write('\t\t\tentry = <0x%08x>;\n' % elf_entry) + file.write('\t\t};\n') + file.write('\n') + def append_fdt_node(file, dtbs): # Append FDT nodes. cnt = 1 @@ -115,15 +130,23 @@ def generate_atf_fit_dts_uboot(fit_file, uboot_file_name): index, entry, p_paddr, data = segments[0] fit_file.write(DT_UBOOT % p_paddr) -def generate_atf_fit_dts_bl31(fit_file, bl31_file_name, dtbs_file_name): +def generate_atf_fit_dts_bl31(fit_file, bl31_file_name, tee_file_name, dtbs_file_name): segments = unpack_elf(bl31_file_name) for index, entry, paddr, data in segments: append_bl31_node(fit_file, index + 1, paddr, entry) + num_segments = len(segments) + + if tee_file_name: + tee_segments = unpack_elf(tee_file_name) + for index, entry, paddr, data in tee_segments: + append_tee_node(fit_file, num_segments + index + 1, paddr, entry) + num_segments = num_segments + len(tee_segments) + append_fdt_node(fit_file, dtbs_file_name) fit_file.write(DT_IMAGES_NODE_END) - append_conf_node(fit_file, dtbs_file_name, len(segments)) + append_conf_node(fit_file, dtbs_file_name, num_segments) -def generate_atf_fit_dts(fit_file_name, bl31_file_name, uboot_file_name, dtbs_file_name): +def generate_atf_fit_dts(fit_file_name, bl31_file_name, tee_file_name, uboot_file_name, dtbs_file_name): # Generate FIT script for ATF image. if fit_file_name != sys.stdout: fit_file = open(fit_file_name, "wb") @@ -132,7 +155,7 @@ def generate_atf_fit_dts(fit_file_name, bl31_file_name, uboot_file_name, dtbs_fi fit_file.write(DT_HEADER) generate_atf_fit_dts_uboot(fit_file, uboot_file_name) - generate_atf_fit_dts_bl31(fit_file, bl31_file_name, dtbs_file_name) + generate_atf_fit_dts_bl31(fit_file, bl31_file_name, tee_file_name, dtbs_file_name) fit_file.write(DT_END) if fit_file_name != sys.stdout: @@ -144,6 +167,13 @@ def generate_atf_binary(bl31_file_name): with open(file_name, "wb") as atf: atf.write(data) +def generate_tee_binary(tee_file_name): + if tee_file_name: + for index, entry, paddr, data in unpack_elf(tee_file_name): + file_name = 'tee_0x%08x.bin' % paddr + with open(file_name, "wb") as atf: + atf.write(data) + def unpack_elf(filename): with open(filename, 'rb') as file: elf = file.read() @@ -178,7 +208,14 @@ def main(): logging.warning(' BL31 file bl31.elf NOT found, resulting binary is non-functional') logging.warning(' Please read Building section in doc/README.rockchip') - opts, args = getopt.getopt(sys.argv[1:], "o:u:b:h") + if "TEE" in os.environ: + tee_elf = os.getenv("TEE") + elif os.path.isfile("./tee.elf"): + tee_elf = "./tee.elf" + else: + tee_elf = "" + + opts, args = getopt.getopt(sys.argv[1:], "o:u:b:t:h") for opt, val in opts: if opt == "-o": fit_its = val @@ -186,14 +223,17 @@ def main(): uboot_elf = val elif opt == "-b": bl31_elf = val + elif opt == "-t": + tee_elf = val elif opt == "-h": print(__doc__) sys.exit(2) dtbs = args - generate_atf_fit_dts(fit_its, bl31_elf, uboot_elf, dtbs) + generate_atf_fit_dts(fit_its, bl31_elf, tee_elf, uboot_elf, dtbs) generate_atf_binary(bl31_elf) + generate_tee_binary(tee_elf) if __name__ == "__main__": main()
A trusted execution environment should also get loaded as loadable from a fit image, so add the possibility to present a tee.elf to make_fit_atf.py that then gets included as additional loadable into the generated its. For ease of integration the additional loadable is created as atf_(x+1) after all others to re-use core generation loops. Tested against the combinations of 1-part-atf and multi-part-atf each time with and without a tee binary present. Signed-off-by: Heiko Stuebner <heiko@sntech.de> --- arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++--- 1 file changed, 46 insertions(+), 6 deletions(-)