diff mbox series

[U-Boot,1/2] rockchip: make_fit_atf.py: allow inclusion of a tee binary

Message ID 20191001212347.15009-1-heiko@sntech.de
State Superseded
Delegated to: Philipp Tomsich
Headers show
Series [U-Boot,1/2] rockchip: make_fit_atf.py: allow inclusion of a tee binary | expand

Commit Message

Heiko Stuebner Oct. 1, 2019, 9:23 p.m. UTC 
A trusted execution environment should also get loaded as loadable from
a fit image, so add the possibility to present a tee.elf to make_fit_atf.py
that then gets included as additional loadable into the generated its.

For ease of integration the additional loadable is created as atf_(x+1)
after all others to re-use core generation loops.

Tested against the combinations of 1-part-atf and multi-part-atf each
time with and without a tee binary present.

Signed-off-by: Heiko Stuebner <heiko@sntech.de>
---
 arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++---
 1 file changed, 46 insertions(+), 6 deletions(-)

Comments

Simon Glass Oct. 10, 2019, 5:06 p.m. UTC | #1 
Hi Heiko,

On Tue, 1 Oct 2019 at 14:23, Heiko Stuebner <heiko@sntech.de> wrote:
>
> A trusted execution environment should also get loaded as loadable from
> a fit image, so add the possibility to present a tee.elf to make_fit_atf.py
> that then gets included as additional loadable into the generated its.
>
> For ease of integration the additional loadable is created as atf_(x+1)
> after all others to re-use core generation loops.
>
> Tested against the combinations of 1-part-atf and multi-part-atf each
> time with and without a tee binary present.
>
> Signed-off-by: Heiko Stuebner <heiko@sntech.de>
> ---
>  arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++---
>  1 file changed, 46 insertions(+), 6 deletions(-)
>

Instead of building up another tool, could we use binman for this? If
not, what is missing?

Regards,
Simon
Heiko Stuebner Oct. 10, 2019, 5:27 p.m. UTC | #2 
Hi Simon,

Am Donnerstag, 10. Oktober 2019, 19:06:12 CEST schrieb Simon Glass:
> On Tue, 1 Oct 2019 at 14:23, Heiko Stuebner <heiko@sntech.de> wrote:
> > A trusted execution environment should also get loaded as loadable from
> > a fit image, so add the possibility to present a tee.elf to make_fit_atf.py
> > that then gets included as additional loadable into the generated its.
> >
> > For ease of integration the additional loadable is created as atf_(x+1)
> > after all others to re-use core generation loops.
> >
> > Tested against the combinations of 1-part-atf and multi-part-atf each
> > time with and without a tee binary present.
> >
> > Signed-off-by: Heiko Stuebner <heiko@sntech.de>
> > ---
> >  arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++---
> >  1 file changed, 46 insertions(+), 6 deletions(-)
> >
> 
> Instead of building up another tool, could we use binman for this? If
> not, what is missing?

make_fit_atf.py is the existing tool and I've no real experience with
binman so far, so I don't really know.

make_fit_atf.py is the script used to create the u-boot.its used as base
for the uboot fit image loaded from SPL, so it's the script set in the
SPL_FIT_GENERATOR Kconfig similar to sunxi and riscv.

For this it parses the ATF.elf and (now) TEE.elf to get the actual load
addresses for the loadables (the ATF.elf contains separate sections for
main DDR and often additional SRAM locations for loadables of variable
number) and creates the .its based on this data.


Looking at the binman README:
"Binman considers FIT to be one of the binaries it can place in the image.
Where possible it is best to put as much as possible in the FIT, with binman
used to deal with cases not covered by FIT."

So it looks like that should stay as it is? Or is that documentation outdated?


Heiko
Simon Glass Oct. 11, 2019, 3:53 p.m. UTC | #3 
Hi Heiko,

On Thu, 10 Oct 2019 at 12:28, Heiko Stübner <heiko@sntech.de> wrote:
>
> Hi Simon,
>
> Am Donnerstag, 10. Oktober 2019, 19:06:12 CEST schrieb Simon Glass:
> > On Tue, 1 Oct 2019 at 14:23, Heiko Stuebner <heiko@sntech.de> wrote:
> > > A trusted execution environment should also get loaded as loadable from
> > > a fit image, so add the possibility to present a tee.elf to make_fit_atf.py
> > > that then gets included as additional loadable into the generated its.
> > >
> > > For ease of integration the additional loadable is created as atf_(x+1)
> > > after all others to re-use core generation loops.
> > >
> > > Tested against the combinations of 1-part-atf and multi-part-atf each
> > > time with and without a tee binary present.
> > >
> > > Signed-off-by: Heiko Stuebner <heiko@sntech.de>
> > > ---
> > >  arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++---
> > >  1 file changed, 46 insertions(+), 6 deletions(-)
> > >
> >
> > Instead of building up another tool, could we use binman for this? If
> > not, what is missing?
>
> make_fit_atf.py is the existing tool and I've no real experience with
> binman so far, so I don't really know.
>
> make_fit_atf.py is the script used to create the u-boot.its used as base
> for the uboot fit image loaded from SPL, so it's the script set in the
> SPL_FIT_GENERATOR Kconfig similar to sunxi and riscv.
>
> For this it parses the ATF.elf and (now) TEE.elf to get the actual load
> addresses for the loadables (the ATF.elf contains separate sections for
> main DDR and often additional SRAM locations for loadables of variable
> number) and creates the .its based on this data.

binman has functionality to obtain symbol addresses (see for example

>
>
> Looking at the binman README:
> "Binman considers FIT to be one of the binaries it can place in the image.
> Where possible it is best to put as much as possible in the FIT, with binman
> used to deal with cases not covered by FIT."

Also see the slides from a recent talk [1].

>
> So it looks like that should stay as it is? Or is that documentation outdated?

It seems like we should create a FIT generator in binman. FIT support
is in the TODO but not yet done.

Do you want to have a try? It basically involves creating a new entry
type, e.g. 'rockchip-fit.py' that generates the FIT (from a template)
and then runs mkimage.

Regards,
Simon

[1] https://osfc.io/uploads/talk/paper/45/Binman_-_A_data-controlled_firmware_packer_for_U-Boot.pdf
Kever Yang Oct. 14, 2019, 9:03 a.m. UTC | #4 
On 2019/10/2 上午5:23, Heiko Stuebner wrote:
> A trusted execution environment should also get loaded as loadable from
> a fit image, so add the possibility to present a tee.elf to make_fit_atf.py
> that then gets included as additional loadable into the generated its.
>
> For ease of integration the additional loadable is created as atf_(x+1)
> after all others to re-use core generation loops.
>
> Tested against the combinations of 1-part-atf and multi-part-atf each
> time with and without a tee binary present.
>
> Signed-off-by: Heiko Stuebner <heiko@sntech.de>

Reviewed-by: Kever Yang<kever.yang@rock-chips.com>


Thanks,
- Kever
> ---
>   arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++---
>   1 file changed, 46 insertions(+), 6 deletions(-)
>
> diff --git a/arch/arm/mach-rockchip/make_fit_atf.py b/arch/arm/mach-rockchip/make_fit_atf.py
> index 585edcf9d5..3c045a5e17 100755
> --- a/arch/arm/mach-rockchip/make_fit_atf.py
> +++ b/arch/arm/mach-rockchip/make_fit_atf.py
> @@ -63,6 +63,21 @@ def append_bl31_node(file, atf_index, phy_addr, elf_entry):
>       file.write('\t\t};\n')
>       file.write('\n')
>   
> +def append_tee_node(file, atf_index, phy_addr, elf_entry):
> +    # Append TEE DT node to input FIT dts file.
> +    data = 'tee_0x%08x.bin' % phy_addr
> +    file.write('\t\tatf_%d {\n' % atf_index)
> +    file.write('\t\t\tdescription = \"TEE\";\n')
> +    file.write('\t\t\tdata = /incbin/("%s");\n' % data)
> +    file.write('\t\t\ttype = "tee";\n')
> +    file.write('\t\t\tarch = "arm64";\n')
> +    file.write('\t\t\tos = "tee";\n')
> +    file.write('\t\t\tcompression = "none";\n')
> +    file.write('\t\t\tload = <0x%08x>;\n' % phy_addr)
> +    file.write('\t\t\tentry = <0x%08x>;\n' % elf_entry)
> +    file.write('\t\t};\n')
> +    file.write('\n')
> +
>   def append_fdt_node(file, dtbs):
>       # Append FDT nodes.
>       cnt = 1
> @@ -115,15 +130,23 @@ def generate_atf_fit_dts_uboot(fit_file, uboot_file_name):
>       index, entry, p_paddr, data = segments[0]
>       fit_file.write(DT_UBOOT % p_paddr)
>   
> -def generate_atf_fit_dts_bl31(fit_file, bl31_file_name, dtbs_file_name):
> +def generate_atf_fit_dts_bl31(fit_file, bl31_file_name, tee_file_name, dtbs_file_name):
>       segments = unpack_elf(bl31_file_name)
>       for index, entry, paddr, data in segments:
>           append_bl31_node(fit_file, index + 1, paddr, entry)
> +    num_segments = len(segments)
> +
> +    if tee_file_name:
> +        tee_segments = unpack_elf(tee_file_name)
> +        for index, entry, paddr, data in tee_segments:
> +            append_tee_node(fit_file, num_segments + index + 1, paddr, entry)
> +        num_segments = num_segments + len(tee_segments)
> +
>       append_fdt_node(fit_file, dtbs_file_name)
>       fit_file.write(DT_IMAGES_NODE_END)
> -    append_conf_node(fit_file, dtbs_file_name, len(segments))
> +    append_conf_node(fit_file, dtbs_file_name, num_segments)
>   
> -def generate_atf_fit_dts(fit_file_name, bl31_file_name, uboot_file_name, dtbs_file_name):
> +def generate_atf_fit_dts(fit_file_name, bl31_file_name, tee_file_name, uboot_file_name, dtbs_file_name):
>       # Generate FIT script for ATF image.
>       if fit_file_name != sys.stdout:
>           fit_file = open(fit_file_name, "wb")
> @@ -132,7 +155,7 @@ def generate_atf_fit_dts(fit_file_name, bl31_file_name, uboot_file_name, dtbs_fi
>   
>       fit_file.write(DT_HEADER)
>       generate_atf_fit_dts_uboot(fit_file, uboot_file_name)
> -    generate_atf_fit_dts_bl31(fit_file, bl31_file_name, dtbs_file_name)
> +    generate_atf_fit_dts_bl31(fit_file, bl31_file_name, tee_file_name, dtbs_file_name)
>       fit_file.write(DT_END)
>   
>       if fit_file_name != sys.stdout:
> @@ -144,6 +167,13 @@ def generate_atf_binary(bl31_file_name):
>           with open(file_name, "wb") as atf:
>               atf.write(data)
>   
> +def generate_tee_binary(tee_file_name):
> +    if tee_file_name:
> +        for index, entry, paddr, data in unpack_elf(tee_file_name):
> +            file_name = 'tee_0x%08x.bin' % paddr
> +            with open(file_name, "wb") as atf:
> +                atf.write(data)
> +
>   def unpack_elf(filename):
>       with open(filename, 'rb') as file:
>           elf = file.read()
> @@ -178,7 +208,14 @@ def main():
>           logging.warning(' BL31 file bl31.elf NOT found, resulting binary is non-functional')
>           logging.warning(' Please read Building section in doc/README.rockchip')
>   
> -    opts, args = getopt.getopt(sys.argv[1:], "o:u:b:h")
> +    if "TEE" in os.environ:
> +        tee_elf = os.getenv("TEE")
> +    elif os.path.isfile("./tee.elf"):
> +        tee_elf = "./tee.elf"
> +    else:
> +        tee_elf = ""
> +
> +    opts, args = getopt.getopt(sys.argv[1:], "o:u:b:t:h")
>       for opt, val in opts:
>           if opt == "-o":
>               fit_its = val
> @@ -186,14 +223,17 @@ def main():
>               uboot_elf = val
>           elif opt == "-b":
>               bl31_elf = val
> +        elif opt == "-t":
> +            tee_elf = val
>           elif opt == "-h":
>               print(__doc__)
>               sys.exit(2)
>   
>       dtbs = args
>   
> -    generate_atf_fit_dts(fit_its, bl31_elf, uboot_elf, dtbs)
> +    generate_atf_fit_dts(fit_its, bl31_elf, tee_elf, uboot_elf, dtbs)
>       generate_atf_binary(bl31_elf)
> +    generate_tee_binary(tee_elf)
>   
>   if __name__ == "__main__":
>       main()
diff mbox series

Patch

diff --git a/arch/arm/mach-rockchip/make_fit_atf.py b/arch/arm/mach-rockchip/make_fit_atf.py
index 585edcf9d5..3c045a5e17 100755
--- a/arch/arm/mach-rockchip/make_fit_atf.py
+++ b/arch/arm/mach-rockchip/make_fit_atf.py
@@ -63,6 +63,21 @@  def append_bl31_node(file, atf_index, phy_addr, elf_entry):
     file.write('\t\t};\n')
     file.write('\n')
 
+def append_tee_node(file, atf_index, phy_addr, elf_entry):
+    # Append TEE DT node to input FIT dts file.
+    data = 'tee_0x%08x.bin' % phy_addr
+    file.write('\t\tatf_%d {\n' % atf_index)
+    file.write('\t\t\tdescription = \"TEE\";\n')
+    file.write('\t\t\tdata = /incbin/("%s");\n' % data)
+    file.write('\t\t\ttype = "tee";\n')
+    file.write('\t\t\tarch = "arm64";\n')
+    file.write('\t\t\tos = "tee";\n')
+    file.write('\t\t\tcompression = "none";\n')
+    file.write('\t\t\tload = <0x%08x>;\n' % phy_addr)
+    file.write('\t\t\tentry = <0x%08x>;\n' % elf_entry)
+    file.write('\t\t};\n')
+    file.write('\n')
+
 def append_fdt_node(file, dtbs):
     # Append FDT nodes.
     cnt = 1
@@ -115,15 +130,23 @@  def generate_atf_fit_dts_uboot(fit_file, uboot_file_name):
     index, entry, p_paddr, data = segments[0]
     fit_file.write(DT_UBOOT % p_paddr)
 
-def generate_atf_fit_dts_bl31(fit_file, bl31_file_name, dtbs_file_name):
+def generate_atf_fit_dts_bl31(fit_file, bl31_file_name, tee_file_name, dtbs_file_name):
     segments = unpack_elf(bl31_file_name)
     for index, entry, paddr, data in segments:
         append_bl31_node(fit_file, index + 1, paddr, entry)
+    num_segments = len(segments)
+
+    if tee_file_name:
+        tee_segments = unpack_elf(tee_file_name)
+        for index, entry, paddr, data in tee_segments:
+            append_tee_node(fit_file, num_segments + index + 1, paddr, entry)
+        num_segments = num_segments + len(tee_segments)
+
     append_fdt_node(fit_file, dtbs_file_name)
     fit_file.write(DT_IMAGES_NODE_END)
-    append_conf_node(fit_file, dtbs_file_name, len(segments))
+    append_conf_node(fit_file, dtbs_file_name, num_segments)
 
-def generate_atf_fit_dts(fit_file_name, bl31_file_name, uboot_file_name, dtbs_file_name):
+def generate_atf_fit_dts(fit_file_name, bl31_file_name, tee_file_name, uboot_file_name, dtbs_file_name):
     # Generate FIT script for ATF image.
     if fit_file_name != sys.stdout:
         fit_file = open(fit_file_name, "wb")
@@ -132,7 +155,7 @@  def generate_atf_fit_dts(fit_file_name, bl31_file_name, uboot_file_name, dtbs_fi
 
     fit_file.write(DT_HEADER)
     generate_atf_fit_dts_uboot(fit_file, uboot_file_name)
-    generate_atf_fit_dts_bl31(fit_file, bl31_file_name, dtbs_file_name)
+    generate_atf_fit_dts_bl31(fit_file, bl31_file_name, tee_file_name, dtbs_file_name)
     fit_file.write(DT_END)
 
     if fit_file_name != sys.stdout:
@@ -144,6 +167,13 @@  def generate_atf_binary(bl31_file_name):
         with open(file_name, "wb") as atf:
             atf.write(data)
 
+def generate_tee_binary(tee_file_name):
+    if tee_file_name:
+        for index, entry, paddr, data in unpack_elf(tee_file_name):
+            file_name = 'tee_0x%08x.bin' % paddr
+            with open(file_name, "wb") as atf:
+                atf.write(data)
+
 def unpack_elf(filename):
     with open(filename, 'rb') as file:
         elf = file.read()
@@ -178,7 +208,14 @@  def main():
         logging.warning(' BL31 file bl31.elf NOT found, resulting binary is non-functional')
         logging.warning(' Please read Building section in doc/README.rockchip')
 
-    opts, args = getopt.getopt(sys.argv[1:], "o:u:b:h")
+    if "TEE" in os.environ:
+        tee_elf = os.getenv("TEE")
+    elif os.path.isfile("./tee.elf"):
+        tee_elf = "./tee.elf"
+    else:
+        tee_elf = ""
+
+    opts, args = getopt.getopt(sys.argv[1:], "o:u:b:t:h")
     for opt, val in opts:
         if opt == "-o":
             fit_its = val
@@ -186,14 +223,17 @@  def main():
             uboot_elf = val
         elif opt == "-b":
             bl31_elf = val
+        elif opt == "-t":
+            tee_elf = val
         elif opt == "-h":
             print(__doc__)
             sys.exit(2)
 
     dtbs = args
 
-    generate_atf_fit_dts(fit_its, bl31_elf, uboot_elf, dtbs)
+    generate_atf_fit_dts(fit_its, bl31_elf, tee_elf, uboot_elf, dtbs)
     generate_atf_binary(bl31_elf)
+    generate_tee_binary(tee_elf)
 
 if __name__ == "__main__":
     main()