From patchwork Wed Jan 30 10:47:29 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Etienne Carriere <etienne.carriere@linaro.org>
X-Patchwork-Id: 1033420
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming-buildroot@patchwork.ozlabs.org
Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=busybox.net
	(client-ip=140.211.166.138; helo=whitealder.osuosl.org;
	envelope-from=buildroot-bounces@busybox.net;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=linaro.org
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=linaro.org header.i=@linaro.org
	header.b="ZgCR6NEw"; dkim-atps=neutral
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 43qKpL5K2Zz9s3q
	for <incoming-buildroot@patchwork.ozlabs.org>;
	Wed, 30 Jan 2019 21:48:10 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by whitealder.osuosl.org (Postfix) with ESMTP id 15F0687142;
	Wed, 30 Jan 2019 10:48:09 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id ms6Vgx4eTF06; Wed, 30 Jan 2019 10:48:05 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by whitealder.osuosl.org (Postfix) with ESMTP id 62E3887123;
	Wed, 30 Jan 2019 10:48:05 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])
	by ash.osuosl.org (Postfix) with ESMTP id 6FFDE1BF398
	for <buildroot@lists.busybox.net>;
	Wed, 30 Jan 2019 10:47:58 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by hemlock.osuosl.org (Postfix) with ESMTP id 31D5D87D36
	for <buildroot@lists.busybox.net>;
	Wed, 30 Jan 2019 10:47:57 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from hemlock.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id ioPiOJ8OsnlD for <buildroot@lists.busybox.net>;
	Wed, 30 Jan 2019 10:47:48 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com
	[209.85.128.65])
	by hemlock.osuosl.org (Postfix) with ESMTPS id 3145587D3D
	for <buildroot@buildroot.org>; Wed, 30 Jan 2019 10:47:48 +0000 (UTC)
Received: by mail-wm1-f65.google.com with SMTP id d15so21112440wmb.3
	for <buildroot@buildroot.org>; Wed, 30 Jan 2019 02:47:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=DJepx+KYON43j0UUX5KSI9Naf2OByzYukkA2Aa5t+Pg=;
	b=ZgCR6NEw8nvdWOuCZlbYQASF1cZb9QPlW6J2RONnh4FRUIrc3XDKz/pnkyRiOOfaeJ
	mfH/4q7Sqs5SM+2zb/kjYFxI3Cvo/dIRE3NxBIf0D4BFihdXLAhxyaDNoLP2NbnZXnST
	9wZYITk427Kdf1JpLt2kqNndK96eNkqjnU3rI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=DJepx+KYON43j0UUX5KSI9Naf2OByzYukkA2Aa5t+Pg=;
	b=i/YWKZU7iaGeycdms7U7xtPtcRe1XoDpEHNQUIk93huwboqbaUrKH6ITw2v+6mYEYQ
	n1Akbhg27K3QYk4HkvtGmzqHLl/qr1VDVQci0xvZxJmYW7fDGs8GPxcuumneQUVlMa0V
	qJP4ekxAYROuHUjBpfoHhOxmIBLPHW/RZmma7awknh70yplFX4eZR9+5d6ipf7cD/BSW
	PgzlqVb5YYtU6P8uOcsqFEo42LFGkmjvBpXVHA3zQ9Eud8qZ3cDxNaY4A+hwQaTa2U5/
	YevAzz8jCe3yrNtON3LsC5lbUUz2+H5KV8u+uxsJTSaiIqxhfWxmJerpYCXs1MDhqY84
	0WQA==
X-Gm-Message-State: AJcUukdFFVKXdiYdzXpv1kjkc3J27pG3bNk/pVhnBMkSziK/9CGVU/K+
	Bukvqhp6+yQ5KQaCqHpqdvSOx97pY9xa9g==
X-Google-Smtp-Source: 
 ALg8bN4YUbxg9tzNdqro8Qoaapjcyb70j6f0acgUkNX6FoFTdnxKd/ny2BZYGexfNxl4XT2ptwiyYw==
X-Received: by 2002:a1c:2547:: with SMTP id
	l68mr24952427wml.11.1548845266332;
	Wed, 30 Jan 2019 02:47:46 -0800 (PST)
Received: from lmenx29q.lme.st.com. ([80.214.16.251])
	by smtp.gmail.com with ESMTPSA id
	a62sm1145340wmf.47.2019.01.30.02.47.45
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Wed, 30 Jan 2019 02:47:45 -0800 (PST)
From: Etienne Carriere <etienne.carriere@linaro.org>
To: buildroot@buildroot.org
Date: Wed, 30 Jan 2019 11:47:29 +0100
Message-Id: <1548845249-28201-7-git-send-email-etienne.carriere@linaro.org>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1548845249-28201-1-git-send-email-etienne.carriere@linaro.org>
References: <1548845249-28201-1-git-send-email-etienne.carriere@linaro.org>
Subject: [Buildroot] [PATCH v4 7/7] configs/qemu_aarch64_tz_virt: AArch64
	emulation with TrustZone services
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
Cc: Etienne Carriere <etienne.carriere@linaro.org>
MIME-Version: 1.0
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

This change introduces a Qemu board for an AArch64 target executing
with OP-TEE secure world services.

The target Linux based normal world embeds the standard minimal
filesystem with OP-TEE non-secure components embedded files from
OP-TEE client, test, examples and benchmark packages.

The Linux custom configuration is dumped from the qemu/aarch64-virt board
with few added fragments: OP-TEE driver and 9p for virtual filesystem to
ease file manipulation and exchanges through Qemu virtfs support.

The standard way for booting OP-TEE with a non-secure world companion
use the Arm Trusted Firmware-A as bootloader. OP-TEE OS provides the
BL32 image and U-boot the BL33 image. The proposed board enables OP-TEE
and U-boot build for this. However package boot/arm-trusted-firmware
needs few changes to build OP-TEE compliant TF-A images.

Therefore the proposed board allows one to build the images but not
yet to run the target with the built Qemu host tool.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
---
Changes v3 -> v4
  - No change.

Changes v2 -> v3
  - New change to introduce a board that at least builds Aarch64 OP-TEE.

---
 board/qemu/aarch64-tz-virt/linux.config  | 63 ++++++++++++++++++++++++++++++++
 board/qemu/aarch64-tz-virt/readme.txt    | 11 ++++++
 board/qemu/aarch64-tz-virt/u-boot.config |  3 ++
 configs/qemu_aarch64_tz_virt_defconfig   | 47 ++++++++++++++++++++++++
 4 files changed, 124 insertions(+)
 create mode 100644 board/qemu/aarch64-tz-virt/linux.config
 create mode 100644 board/qemu/aarch64-tz-virt/readme.txt
 create mode 100644 board/qemu/aarch64-tz-virt/u-boot.config
 create mode 100644 configs/qemu_aarch64_tz_virt_defconfig

diff --git a/board/qemu/aarch64-tz-virt/linux.config b/board/qemu/aarch64-tz-virt/linux.config
new file mode 100644
index 0000000..49b7ac6
--- /dev/null
+++ b/board/qemu/aarch64-tz-virt/linux.config
@@ -0,0 +1,63 @@
+CONFIG_SYSVIPC=y
+CONFIG_POSIX_MQUEUE=y
+CONFIG_NO_HZ_IDLE=y
+CONFIG_HIGH_RES_TIMERS=y
+CONFIG_TASKSTATS=y
+CONFIG_SCHED_AUTOGROUP=y
+CONFIG_PROFILING=y
+CONFIG_MODULES=y
+CONFIG_MODULE_UNLOAD=y
+CONFIG_BLK_DEV_BSGLIB=y
+CONFIG_ARCH_VEXPRESS=y
+CONFIG_TRANSPARENT_HUGEPAGE=y
+CONFIG_BINFMT_MISC=y
+CONFIG_COMPAT=y
+CONFIG_NET=y
+CONFIG_PACKET=y
+CONFIG_PACKET_DIAG=y
+CONFIG_UNIX=y
+CONFIG_NET_KEY=y
+CONFIG_INET=y
+CONFIG_IP_MULTICAST=y
+CONFIG_IP_ADVANCED_ROUTER=y
+CONFIG_BRIDGE=m
+CONFIG_NET_SCHED=y
+CONFIG_VSOCKETS=y
+CONFIG_DEVTMPFS=y
+CONFIG_DEVTMPFS_MOUNT=y
+CONFIG_VIRTIO_BLK=y
+CONFIG_BLK_DEV_SD=y
+CONFIG_CHR_DEV_SG=y
+CONFIG_SCSI_CONSTANTS=y
+CONFIG_SCSI_LOGGING=y
+CONFIG_SCSI_SCAN_ASYNC=y
+CONFIG_SCSI_VIRTIO=y
+CONFIG_ATA=y
+CONFIG_NETDEVICES=y
+CONFIG_DUMMY=y
+CONFIG_MACVLAN=y
+CONFIG_VIRTIO_NET=y
+CONFIG_NLMON=y
+CONFIG_VT_HW_CONSOLE_BINDING=y
+CONFIG_SERIAL_AMBA_PL011=y
+CONFIG_SERIAL_AMBA_PL011_CONSOLE=y
+CONFIG_VIRTIO_CONSOLE=y
+CONFIG_HW_RANDOM=y
+CONFIG_HW_RANDOM_VIRTIO=y
+CONFIG_RTC_CLASS=y
+CONFIG_VIRTIO_MMIO=y
+CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y
+CONFIG_MAILBOX=y
+CONFIG_PL320_MBOX=y
+CONFIG_EXT4_FS=y
+CONFIG_TMPFS=y
+CONFIG_TMPFS_POSIX_ACL=y
+### Enable OP-TEE
+CONFIG_TEE=y
+CONFIG_OPTEE=y
+### Enable 9P VFS
+CONFIG_NET_9P=y
+CONFIG_NET_9P_VIRTIO=y
+CONFIG_9P_FS=y
+CONFIG_9P_FS_POSIX_ACL=y
+
diff --git a/board/qemu/aarch64-tz-virt/readme.txt b/board/qemu/aarch64-tz-virt/readme.txt
new file mode 100644
index 0000000..ec91d2e
--- /dev/null
+++ b/board/qemu/aarch64-tz-virt/readme.txt
@@ -0,0 +1,11 @@
+Board qemu_aarch64_tz_virt builds a Qemu Armv8-A target with
+OP-TEE running in the TrustZone secure wolrd setup and a Linux based
+OS running in the non-secure wolrd.
+
+This setup is usually booted with the Arm Trsuted Firmware-A (TF-A from
+package boot/arm-trusted-firmware). However the current Buildroot package
+needs few changes to build TF-A for OP-TEE support.
+
+Until BR arm-trusted-firmware is updated this board allows one to only
+build the secure and non-secure boot images if not the BIOS for the Qemu
+host.
diff --git a/board/qemu/aarch64-tz-virt/u-boot.config b/board/qemu/aarch64-tz-virt/u-boot.config
new file mode 100644
index 0000000..5588008
--- /dev/null
+++ b/board/qemu/aarch64-tz-virt/u-boot.config
@@ -0,0 +1,3 @@
+CONFIG_SYS_TEXT_BASE=0x60000000
+CONFIG_BOOTCOMMAND="fdt addr ${fdt_addr} && fdt resize 1000 && smhload zImage ${kernel_addr_r} && smhload rootfs.cpio.gz ${ramdisk_addr_r} ramdisk_addr_end &&  setenv bootargs console=ttyAMA0,115200 earlyprintk=serial,ttyAMA0,115200 && fdt chosen ${ramdisk_addr_r} ${ramdisk_addr_end} && bootz ${kernel_addr_r} - ${fdt_addr}"
+CONFIG_SEMIHOSTING=y
diff --git a/configs/qemu_aarch64_tz_virt_defconfig b/configs/qemu_aarch64_tz_virt_defconfig
new file mode 100644
index 0000000..9286d15
--- /dev/null
+++ b/configs/qemu_aarch64_tz_virt_defconfig
@@ -0,0 +1,47 @@
+# Architecture
+BR2_aarch64=y
+
+# System
+BR2_SYSTEM_DHCP="eth0"
+BR2_TARGET_GENERIC_GETTY_PORT="ttyAMA0"
+
+# Filesystem
+BR2_TARGET_ROOTFS_CPIO=y
+BR2_TARGET_ROOTFS_CPIO_GZIP=y
+BR2_TARGET_ROOTFS_EXT2=y
+BR2_TARGET_ROOTFS_EXT2_4=y
+# BR2_TARGET_ROOTFS_TAR is not set
+
+# Linux headers same as kernel, a 4.16 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
+
+# Kernel
+BR2_LINUX_KERNEL=y
+BR2_LINUX_KERNEL_CUSTOM_VERSION=y
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
+BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
+BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/aarch64-tz-virt/linux.config"
+BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
+
+# TF-A for booting OP-TEE secure and uboot/linux non secure
+# POSTPONED: depends on boot/arm-trusted-firmware support for Armv7-A
+
+# OP-TEE components
+BR2_TARGET_OPTEE_OS=y
+BR2_TARGET_OPTEE_OS_PLATFORM="vexpress-qemu_armv8a"
+BR2_TARGET_OPTEE_OS_ADDITIONAL_VARIABLES="CFG_TEE_CORE_DEBUG=n CFG_UNWIND=n CFG_TEE_CORE_LOG_LEVEL=2"
+BR2_PACKAGE_OPTEE_CLIENT=y
+BR2_PACKAGE_OPTEE_TEST=y
+BR2_PACKAGE_OPTEE_EXAMPLES=y
+BR2_PACKAGE_OPTEE_BENCHMARK=y
+
+# Need a non-secure bootloader for the dear Linux kernel: U-boot? UEFI?
+BR2_TARGET_UBOOT=y
+BR2_TARGET_UBOOT_BUILD_SYSTEM_KCONFIG=y
+BR2_TARGET_UBOOT_BOARD_DEFCONFIG="qemu_arm64"
+BR2_TARGET_UBOOT_CONFIG_FRAGMENT_FILES="board/qemu/aarch64-tz-virt/u-boot.config"
+
+# Qemu emulator for the Arm target
+BR2_PACKAGE_HOST_QEMU=y
+BR2_PACKAGE_HOST_QEMU_SYSTEM_MODE=y
+BR2_PACKAGE_HOST_QEMU_VIRTFS=y