From patchwork Wed Mar  6 10:11:36 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Etienne Carriere <etienne.carriere@linaro.org>
X-Patchwork-Id: 1052228
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming-buildroot@patchwork.ozlabs.org
Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=busybox.net
	(client-ip=140.211.166.133; helo=hemlock.osuosl.org;
	envelope-from=buildroot-bounces@busybox.net;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=linaro.org
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=linaro.org header.i=@linaro.org
	header.b="wIA0q9eZ"; dkim-atps=neutral
Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 44DqLQ3jHCz9s70
	for <incoming-buildroot@patchwork.ozlabs.org>;
	Wed,  6 Mar 2019 21:11:57 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by hemlock.osuosl.org (Postfix) with ESMTP id 73A8086221;
	Wed,  6 Mar 2019 10:11:55 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "References"
Received: from hemlock.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id hcEvze--zUdY; Wed,  6 Mar 2019 10:11:54 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by hemlock.osuosl.org (Postfix) with ESMTP id D0EE9862B7;
	Wed,  6 Mar 2019 10:11:54 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])
	by ash.osuosl.org (Postfix) with ESMTP id 385E81BF2CD
	for <buildroot@lists.busybox.net>;
	Wed,  6 Mar 2019 10:11:53 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by hemlock.osuosl.org (Postfix) with ESMTP id 357CC862B7
	for <buildroot@lists.busybox.net>;
	Wed,  6 Mar 2019 10:11:53 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "References"
Received: from hemlock.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id yZXyPbpgmP+d for <buildroot@lists.busybox.net>;
	Wed,  6 Mar 2019 10:11:51 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com
	[209.85.128.66])
	by hemlock.osuosl.org (Postfix) with ESMTPS id 8770E86221
	for <buildroot@buildroot.org>; Wed,  6 Mar 2019 10:11:51 +0000 (UTC)
Received: by mail-wm1-f66.google.com with SMTP id z84so5289239wmg.4
	for <buildroot@buildroot.org>; Wed, 06 Mar 2019 02:11:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:in-reply-to:references;
	bh=8OREEmVG1mn2Bu86oNZKXRfMQ8b//eXa/oSGsZmear8=;
	b=wIA0q9eZQGY9LFESmgPm9EC5dEG8XhAomBPLYCQ5RLJu6z8GjMB2ukn2cnzBAxZKEi
	RtieYeyqB4g4BUZIZa0qzs32DTCTsEElmsjcAMpEu6mPhVGoegTT8K3ca99wVgtZHo4K
	jg3quvNS3u6euz+l8WLMCP1VSZ8QxAtbyWZpHsMJybJ8jEGFmswLM1odu1UWa5EoSDmd
	+uk64xqCljwut7ggwtydf1mRk53aDy1pnYQBlUESNUrQFDHoP5ACyLi6p+oJs/ZDlLgs
	2/+xDxYq9cKWjQbT6GpXVKBcMDkCZZASigLNnuiGk7sMCesfLWkyiXGw08wegiWRpDdq
	6Hyw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:in-reply-to:references;
	bh=8OREEmVG1mn2Bu86oNZKXRfMQ8b//eXa/oSGsZmear8=;
	b=PxILlkUlew6BaGzw2OWKDSnqOexj69kDZ17agBAsyaPTZS9Wbg0Z19uxK9tcdbJnic
	+MJk4yChQBbpZk92ttqRAvvBpFs1aWukfR26TGGHxA6YrvhZw1paJZd6axdnciJuBwGw
	qj7Iv/MoaohPy2RRX1wIFpnejshiTHi5eMPKcEj3vmzM+5mJhZbah7szg5mBO5iezTti
	fXEvG6fz0XFifkrgdx3Amzx7FKNrDGBKTbtFd1naPZaH9bdgfPYk51rPqbAl1b+5H9F1
	ybq+bRlIoU9viy0xvkmKW0/S5V6qEsTNeYV2DnpWJ83iDnkLIB6y2ioqVU2dIKC+Vkhh
	Kulg==
X-Gm-Message-State: APjAAAXJYTpjxBNlWpPWprSMRxaZGMqf2n+2+KQ2riKRNxorvHGIP31w
	85cp1jGAFWkkfRPB5+qdo5pdgseQ7ATQ7Q==
X-Google-Smtp-Source: 
 APXvYqysRDnAacUnSMnN7F/nMVLZmstZEWaTYGvEoRkLpY+5H11ao6bNhsLzCuMEvqY0IIG8uEWI6w==
X-Received: by 2002:a1c:7e82:: with SMTP id
	z124mr1810653wmc.43.1551867109885;
	Wed, 06 Mar 2019 02:11:49 -0800 (PST)
Received: from lmenx29q.lme.st.com.
	(koe67-h04-176-179-143-225.dsl.sta.abo.bbox.fr. [176.179.143.225])
	by smtp.gmail.com with ESMTPSA id
	f4sm1648464wrx.68.2019.03.06.02.11.48
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Wed, 06 Mar 2019 02:11:49 -0800 (PST)
From: Etienne Carriere <etienne.carriere@linaro.org>
To: buildroot@buildroot.org
Date: Wed,  6 Mar 2019 11:11:36 +0100
Message-Id: 
 <6cd65139f8512433cfa0133b7d2cc8990fad6ee9.1551866509.git.etienne.carriere@linaro.org>
X-Mailer: git-send-email 1.9.1
In-Reply-To: 
 <7f15bfd5388e2171b13b44722b84149d9f361551.1551866509.git.etienne.carriere@linaro.org>
References: 
 <7f15bfd5388e2171b13b44722b84149d9f361551.1551866509.git.etienne.carriere@linaro.org>
In-Reply-To: 
 <7f15bfd5388e2171b13b44722b84149d9f361551.1551866509.git.etienne.carriere@linaro.org>
References: 
 <7f15bfd5388e2171b13b44722b84149d9f361551.1551866509.git.etienne.carriere@linaro.org>
Subject: [Buildroot] [PATCH 2/6] boot/arm-trusted-firmware: in-tree and
	OP-TEE BL32
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
Cc: etienne.carriere@linaro.org,
	Ricardo Martincoski <ricardo.martincoski@gmail.com>,
	Sergey Matyukevich <geomatsi@gmail.com>
MIME-Version: 1.0
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

This change allows one to build trusted firmware (TF-A) with OP-TEE
as BL32 secure payload.

When BR2_TARGET_ARM_TRUSTED_FIRMWARE_INTREE_BL32 is enabled TF-A
builds a BL32 stage according the TF-A configuration directive.
If these specify no BL3 stage then TF-A will build without BL32
support. This is the default configuration and reflects TF-A legacy
integration in BR.

When BR2_TARGET_ARM_TRUSTED_FIRMWARE_OPTEE_AS_BL32 is enabled
TF-A builds with support for the OP-TEE OS as BL32.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
---
 boot/arm-trusted-firmware/Config.in               | 30 +++++++++++++++++++++++
 boot/arm-trusted-firmware/arm-trusted-firmware.mk | 13 ++++++++++
 2 files changed, 43 insertions(+)

diff --git a/boot/arm-trusted-firmware/Config.in b/boot/arm-trusted-firmware/Config.in
index 428a4ce..a1a0c54 100644
--- a/boot/arm-trusted-firmware/Config.in
+++ b/boot/arm-trusted-firmware/Config.in
@@ -91,6 +91,36 @@ config BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL31_UBOOT
 	  bl31.bin.  This is used for example by the Xilinx version of
 	  U-Boot SPL to load ATF on the ZynqMP SoC.
 
+choice
+	prompt "Select BL32 stage"
+	default BR2_TARGET_ARM_TRUSTED_FIRMWARE_INTREE_BL32
+	help
+	  Select BL32 stage for the trusted firmware
+
+config BR2_TARGET_ARM_TRUSTED_FIRMWARE_INTREE_BL32
+	bool "Intree or no BL32 stage"
+	help
+	  This option shall be set if the BL32 image is built from
+	  trusted firmware sources (i.e sp_min, tsp) or when no BL32
+	  is expected.
+
+	  When the BL32 stage shall be built from ATF source tree,
+	  the target BL32 payload shall be defined from configuration
+	  BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES, either
+	  using directive SPD=<bl32_id> (Aarch64 platforms,
+	  i.e SPD=tspd) or AARCH32_SP=<bl32_id> (Aarch32 and Armv7
+	  platforms, i.e "AARCH32_SP=sp_min"). If no SPD or AARCH32_SP
+	  directive is specified, ATF will build without BL32 support.
+
+config BR2_TARGET_ARM_TRUSTED_FIRMWARE_OPTEE_AS_BL32
+	bool "OP-TEE OS as BL32"
+	depends on BR2_TARGET_OPTEE_OS
+	help
+	  This option allows to embed OP-TEE OS as the BL32 part of
+	  the ARM Trusted Firmware boot sequence.
+
+endchoice
+
 config BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33
 	bool "Use U-Boot as BL33"
 	depends on BR2_TARGET_UBOOT
diff --git a/boot/arm-trusted-firmware/arm-trusted-firmware.mk b/boot/arm-trusted-firmware/arm-trusted-firmware.mk
index 3e8df1d..0f67d10 100644
--- a/boot/arm-trusted-firmware/arm-trusted-firmware.mk
+++ b/boot/arm-trusted-firmware/arm-trusted-firmware.mk
@@ -39,6 +39,19 @@ ifeq ($(BR2_arm),y)
 ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ARCH=aarch32
 endif
 
+ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_OPTEE_AS_BL32),y)
+ARM_TRUSTED_FIRMWARE_DEPENDENCIES += optee-os
+ARM_TRUSTED_FIRMWARE_MAKE_OPTS += BL32=$(BINARIES_DIR)/tee-header_v2.bin
+ARM_TRUSTED_FIRMWARE_MAKE_OPTS += BL32_EXTRA1=$(BINARIES_DIR)/tee-pager_v2.bin
+ARM_TRUSTED_FIRMWARE_MAKE_OPTS += BL32_EXTRA2=$(BINARIES_DIR)/tee-pageable_v2.bin
+ifeq ($(BR2_aarch64),y)
+ARM_TRUSTED_FIRMWARE_MAKE_OPTS += SPD=opteed
+endif
+ifeq ($(BR2_arm),y)
+ARM_TRUSTED_FIRMWARE_MAKE_OPTS += AARCH32_SP=optee
+endif
+endif # BR2_TARGET_ARM_TRUSTED_FIRMWARE_OPTEE_AS_BL32
+
 ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33),y)
 ARM_TRUSTED_FIRMWARE_MAKE_OPTS += BL33=$(BINARIES_DIR)/u-boot.bin
 ARM_TRUSTED_FIRMWARE_DEPENDENCIES += uboot