From patchwork Fri Mar 22 09:58:16 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Etienne Carriere X-Patchwork-Id: 1061032 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="y02JwcQo"; dkim-atps=neutral Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44QfJ22ZXvz9sRV for ; Fri, 22 Mar 2019 20:58:58 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 0E51E87EA0; Fri, 22 Mar 2019 09:58:54 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H86790lXeGCo; Fri, 22 Mar 2019 09:58:51 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id 6207E87E88; Fri, 22 Mar 2019 09:58:50 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 4170B1BF968 for ; Fri, 22 Mar 2019 09:58:47 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 28815234BB for ; Fri, 22 Mar 2019 09:58:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QrNgh+UieTjW for ; Fri, 22 Mar 2019 09:58:43 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wr1-f68.google.com (mail-wr1-f68.google.com [209.85.221.68]) by silver.osuosl.org (Postfix) with ESMTPS id 427642288E for ; Fri, 22 Mar 2019 09:58:43 +0000 (UTC) Received: by mail-wr1-f68.google.com with SMTP id t5so1620700wri.7 for ; Fri, 22 Mar 2019 02:58:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Nq3h+77krTeJ4V8wE5OKXdG1Zrgsc6ek39PEWr33d1U=; b=y02JwcQoNl4piZikUNGd+zWeYJuBRldp0z7LieLqVxb/JKXLtU1QbhB9so3MC5HgXa TpI3wPk366zwHBUUs6/Do0Wqmbqblwr9BvEbLSKnW4iGzcr+mZByO9jEHTuiYgAdqa8N Nyh2on/uZQ1TaQgIUeU5IGrlhyGWuKjHn7blgvYY0lMC3Bt2pgoAM/683lX5t4fJWxFp hWuIls7jGC0PLCtAvak1xYHjon+hQqGGsZ7TiFL7hrLGdgf7n+oX4cwpa09Y8UDvGfi6 cVrkOho6cnCSkdvkxNt3QTR0MiXNJhyJV5e+lqHmUAfsFsHZsVEMabKjrWsz6Lh0gM0O I7jg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Nq3h+77krTeJ4V8wE5OKXdG1Zrgsc6ek39PEWr33d1U=; b=bJq+7rmadzfd9h3RMorDQ8+mE+NWlJG4kZFgx3G8SADunEr+P+eA+KM4dBtkM2CU4n qTnKkawAyZjqFcOnSjchVFjiPH49ulnK8eVj/2DikzsKepPR+2z4ayk1LcSF33q3MlIw eM6qRDixPE5KyqbqF8gx/U7hXFe9PqBPZBxgkIKOpL5nXOFja6aIXIScDDYMKWrbVuII Uv3qqBNIvDACqJlfBZNmNecugFESG5n/v3SFddG4+UpszUvl1KvdlzMho6WMbaY8F+ka i4hEc6xTVOZVuUemanUPbSTqPYjURfxoWSciXjvDWetEkjUs5zvXoqKRRfZ1JLz+R8hW 2zRQ== X-Gm-Message-State: APjAAAVE7HWbNbb2H5p6vy8Jn5Pz/y4bm6m/7ZrPE56vbpr6R6ugp86u dkcNQAI6h+ZwHdGmeUNUswE67TxFqzA= X-Google-Smtp-Source: APXvYqwvy8lrmJdu8ZUV3wkl+v7MMJonkUXa+wQa+CPEG6jsiCu8va9OTSFyApSOnc6sWOTVbRrpcg== X-Received: by 2002:adf:fb0c:: with SMTP id c12mr5970946wrr.123.1553248721510; Fri, 22 Mar 2019 02:58:41 -0700 (PDT) Received: from lmecxl0524.st.com ([80.215.109.31]) by smtp.gmail.com with ESMTPSA id t69sm12165646wmt.16.2019.03.22.02.58.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Mar 2019 02:58:40 -0700 (PDT) From: Etienne Carriere To: buildroot@buildroot.org Date: Fri, 22 Mar 2019 10:58:16 +0100 Message-Id: <20190322095818.19914-2-etienne.carriere@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190322095818.19914-1-etienne.carriere@linaro.org> References: <20190322095818.19914-1-etienne.carriere@linaro.org> Subject: [Buildroot] [PATCH v3 2/4] configs/qemu_arm_vexpress_tz: Armv7-A emulation with TrustZone services X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Etienne Carriere , Ricardo Martincoski , Sergey Matyukevich MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" This change introduces a Qemu board for an Armv7-A target executing with OP-TEE secure world services. The target Linux based normal world embeds the standard minimal filesystem with OP-TEE non-secure components embedded files from OP-TEE test, examples and benchmark packages. qemu_arm_vexpress_tz_defconfig differs from qemu_arm_vexpress_defconfig. Supporting both secure and non-secure worlds on the Arm target mandates a secure world, here OP-TEE OS, and a bootloader to boot both worlds, here TF-A (boot/arm-trusted-firmware). Here non-secure Linux kernel is booted through U-boot TF-A bootloader (BL1/BL2) => OP-TEE (BL32) => U-boot (BL33). | Executes as secure | Secure | Execs as Non-secure | Loads BL32/BL33 in RAM | Jumps to BL33 | Always booted after | Jumps to BL32 once done | as Non-secure | secure world inits Vexpress and vexpress-tz defconfigs also differs in that Qemu emulates a Cortex-A9 in the former and a Cortex-A15 in the later. Cortex-A15 is the Armv7-A CPU used in upstream TF-A and OP-TEE OS packages hence selected here. Defconfig adds a fragment to the Linux kernel native configuration to enable OP-TEE driver support. Defconfig adds a fragment to the U-Boot native configuration set boot command, enable semihosting and remove U-Boot persistent environment storage support. The defconfig also enables build of the Qemu emulator in case the system installed Qemu does not yet support CPU TrustZone secure state. Signed-off-by: Etienne Carriere --- Changes v2 -> v3: - Rename board/config: qemu_armv7a_tz_virt => qemu_arm_vexpress_tz - Remove some useless configuration from the defconfig: Linux 9P; Qemu virtfs; TF-A log level; OP-TEE log level. - Add post_build.sh script to rename files in output/images/. - Detail diffs between vexpress and vexpress-tz defconfigs in commit. - Fix typo in defconfig about Linux version number. - Remove info about virtfs from board readme.txt file. - Update TF-A config from recent changes: image filenames; OP-TEE. Changes v1 -> v2: - Bump kernel to 4.19. - Use kernel defconfig and add optee and 9p as config fragments. - Remove ARM_ARCH_MAJOR from platform configuration directive BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES. --- board/qemu/arm-vexpress-tz/linux.fragment | 3 + board/qemu/arm-vexpress-tz/post-build.sh | 10 ++ board/qemu/arm-vexpress-tz/readme.txt | 135 ++++++++++++++++++++++ board/qemu/arm-vexpress-tz/u-boot.config | 7 ++ configs/qemu_arm_vexpress_tz_defconfig | 47 ++++++++ 5 files changed, 202 insertions(+) create mode 100644 board/qemu/arm-vexpress-tz/linux.fragment create mode 100755 board/qemu/arm-vexpress-tz/post-build.sh create mode 100644 board/qemu/arm-vexpress-tz/readme.txt create mode 100644 board/qemu/arm-vexpress-tz/u-boot.config create mode 100644 configs/qemu_arm_vexpress_tz_defconfig diff --git a/board/qemu/arm-vexpress-tz/linux.fragment b/board/qemu/arm-vexpress-tz/linux.fragment new file mode 100644 index 0000000000..1537d938f1 --- /dev/null +++ b/board/qemu/arm-vexpress-tz/linux.fragment @@ -0,0 +1,3 @@ +### Enable OP-TEE +CONFIG_TEE=y +CONFIG_OPTEE=y diff --git a/board/qemu/arm-vexpress-tz/post-build.sh b/board/qemu/arm-vexpress-tz/post-build.sh new file mode 100755 index 0000000000..7ead69a99a --- /dev/null +++ b/board/qemu/arm-vexpress-tz/post-build.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +set -u +set -e + +# Rename boot images for the dear TF-A +ln -sf u-boot.bin ${BINARIES_DIR}/bl33.bin +ln -sf tee-header_v2.bin ${BINARIES_DIR}/bl32.bin +ln -sf tee-pager_v2.bin ${BINARIES_DIR}/bl32_extra1.bin +ln -sf tee-pageable_v2.bin ${BINARIES_DIR}/bl32_extra2.bin diff --git a/board/qemu/arm-vexpress-tz/readme.txt b/board/qemu/arm-vexpress-tz/readme.txt new file mode 100644 index 0000000000..95cd6da8c3 --- /dev/null +++ b/board/qemu/arm-vexpress-tz/readme.txt @@ -0,0 +1,135 @@ +Board qemu_arm_vexpress_tz builds a Qemu Armv7-A target system with +OP-TEE running in the TrustZone secure world and a Linux based +OS running in the non-secure world. The board configuration enable +builds of the Qemu host Arm target emulator. + + make qemu_arm_vexpress_tz_defconfig + make + +BIOS used in the Qemu host is the Arm Trusted Firmware-A (TF-A). TF-A +uses Qemu semihosting file access to access boot image files. The +Qemu platform is quite specific for that in TF-A and one needs to +run the emulation from the image directory for TF-A to boot the +secure and non-secure worlds. + + cd output/images && ../host/bin/qemu-system-arm \ + -machine virt -machine secure=on -cpu cortex-a15 \ + -smp 1 -s -m 1024 -d unimp \ + -serial stdio \ + -netdev user,id=vmnic -device virtio-net-device,netdev=vmnic \ + -semihosting-config enable,target=native \ + -bios bl1.bin + +The boot stage traces (if any) followed by the login prompt will appear +in the terminal that started Qemu. + +If you want to emulate more cores use "-smp {1|2|3|4}" to select the +number of cores. + +Note "-netdev user,id=vmnic -device virtio-net-device,netdev=vmnic" +brings network support that is used i.e. in OP-TEE regression tests. + +Tested with QEMU 2.12.0, and 3.1.0. + +-- Boot Details -- + +TF-A is used as Qemu BIOS. Its BL1 image boots and load its BL2 image. In turn, this +image loads the OP-TEE secure world (Armv7-A BL32 stage) and the U-boot as non-secure +bootloader (BL33 stage). + +The Qemu natively host and loads in RAM the Qemu Arm target device tree. OP-TEE reads +and modifes its content according to OP-TEE configuration. + +Enable TF-A traces from LOG_LEVEL (I.e LOG_LEVEL=40) from +BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES. + +-- OP-TEE Traces -- + +Secure boot stages and/or secure runtime services may use a serial link for +their traces. + +The Arm Trusted Firmware outputs its traces on the Qemu standard (first) +serial interface. + +The OP-TEE OS uses the Qemu second serial interface. + +To get the OP-TEE OS traces one shall append a second -serial argument after +-serial stdio in the Qemu command line. I.e the following enables 2 serial +consoles over telnet connections: + + cd output/images && ../host/bin/qemu-system-arm \ + -machine virt -machine secure=on -cpu cortex-a15 \ + -smp 1 -s -m 1024 -d unimp \ + -serial telnet:127.0.0.1:1235,server \ + -serial telnet:127.0.0.1:1236,server \ + -netdev user,id=vmnic -device virtio-net-device,netdev=vmnic \ + -semihosting-config enable,target=native \ + -bios bl1.bin + +Qemu is now waiting for the telnet connection. From another shell, open a +telnet connection on the port for the U-boot and Linux consoles: + telnet 127.0.0.1 1235 + +and again for the secure console + telnet 127.0.0.1 1236 + +-- Using gdb -- + +One can debug the OP-TEE secure world using GDB through the Qemu host. +To do so, one can simply run the qemu-system-arm emulation then +run a GDB client and connect the Qemu internal GDB server. + +The example below assumes we run Qemu and the GDB client from the same +host computer. We use option -S of qemu-system-arm to make Qemu +waiting for the GDB continue instruction before booting the images. + +From a first shell: + cd output/images && ../host/bin/qemu-system-arm \ + -machine virt -machine secure=on -cpu cortex-a15 \ + -smp 1 -s -m 1024 -d unimp \ + -serial stdio \ + -netdev user,id=vmnic -device virtio-net-device,netdev=vmnic \ + -semihosting-config enable,target=native \ + -bios bl1.bin \ + -S + +From a second shell: + ./output/host/bin/arm-linux-gnueabihf-gd + GNU gdb (GNU Toolchain for the A-profile Architecture 8.2-2018-08 (arm-rel-8.23)) 8.1.1.20180704-git + Copyright (C) 2018 Free Software Foundation, Inc. + ... + For help, type "help". + Type "apropos word" to search for commands related to "word". + (gdb) + +From this GDB console, connect target, load OP-TEE core symbols, set a +breakpoint to its entry (__text_start) and start emulation: + + (gdb) target remote 127.0.0.1:1234 + (gdb) symbol-file ../build/optee_os-/out/arm/core/tee.elf + (gdb) hbreak __text_start + Hardware assisted breakpoint 1 at 0xe100000: file core/arch/arm/kernel/generic_entry_a32.S, line 246. + (gdb) cont + Continuing. + + Thread 1 hit Breakpoint 1, _start () at core/arch/arm/kernel/generic_entry_a32.S:246 + 246 bootargs_entry + (gdb) + + +Emulation has started, TF-A has loaded OP-TEE and U-boot images in memory and +has booted OP-TEE. Emulation stopped at OP-TEE core entry. + + +Note: Qemu hosts a GDB service listening to TCP port 1234, as set through +qemu-system-arm commandline option -s. + + +Note: GDB server used above (from image/host/bin) was built from Buildroot +using the following extra configuration directives: + + BR2_ENABLE_DEBUG=y + BR2_PACKAGE_GDB=y + BR2_PACKAGE_HOST_GDB=y + BR2_TOOLCHAIN_BUILDROOT_CXX=y + BR2_TOOLCHAIN_BUILDROOT_GLIBC=y diff --git a/board/qemu/arm-vexpress-tz/u-boot.config b/board/qemu/arm-vexpress-tz/u-boot.config new file mode 100644 index 0000000000..fd74bf1fe7 --- /dev/null +++ b/board/qemu/arm-vexpress-tz/u-boot.config @@ -0,0 +1,7 @@ +CONFIG_SYS_TEXT_BASE=0x60000000 +CONFIG_BOOTCOMMAND="fdt addr ${fdt_addr} && fdt resize 1000 && smhload zImage ${kernel_addr_r} && smhload rootfs.cpio.gz ${ramdisk_addr_r} ramdisk_addr_end && setenv bootargs console=ttyAMA0,115200 earlyprintk=serial,ttyAMA0,115200 && fdt chosen ${ramdisk_addr_r} ${ramdisk_addr_end} && bootz ${kernel_addr_r} - ${fdt_addr}" +CONFIG_SEMIHOSTING=y +# Drop flash accesses +CONFIG_ENV_IS_IN_FLASH=n +CONFIG_MTD=n +CONFIG_MTD_NOR_FLASH=n diff --git a/configs/qemu_arm_vexpress_tz_defconfig b/configs/qemu_arm_vexpress_tz_defconfig new file mode 100644 index 0000000000..3ea48768b0 --- /dev/null +++ b/configs/qemu_arm_vexpress_tz_defconfig @@ -0,0 +1,47 @@ +# Architecture +BR2_arm=y +BR2_cortex_a15=y +BR2_ARM_ENABLE_NEON=y +BR2_ARM_ENABLE_VFP=y +BR2_ARM_FPU_VFPV3D16=y +# System +BR2_TARGET_GENERIC_GETTY_PORT="ttyAMA0" +# Filesystems (support several boot config) +BR2_TARGET_ROOTFS_CPIO=y +BR2_TARGET_ROOTFS_CPIO_GZIP=y +BR2_TARGET_ROOTFS_EXT2=y +# Generic +BR2_ROOTFS_POST_BUILD_SCRIPT="board/qemu/arm-vexpress-tz/post-build.sh" +# Linux 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y +BR2_LINUX_KERNEL=y +BR2_LINUX_KERNEL_CUSTOM_VERSION=y +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" +BR2_LINUX_KERNEL_DEFCONFIG="vexpress" +BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="board/qemu/arm-vexpress-tz/linux.fragment" +BR2_LINUX_KERNEL_DTS_SUPPORT=y +BR2_LINUX_KERNEL_INTREE_DTS_NAME="vexpress-v2p-ca15_a7" +# TF-A for booting OP-TEE secure and uboot/linux non secure +BR2_TARGET_ARM_TRUSTED_FIRMWARE=y +BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_GIT=y +BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_URL="https://github.com/ARM-software/arm-trusted-firmware.git" +BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_VERSION="v2.0" +BR2_TARGET_ARM_TRUSTED_FIRMWARE_PLATFORM="qemu" +BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_OPTEE=y +BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33=y +BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES="BL32_RAM_LOCATION=tdram" +# OP-TEE components +BR2_TARGET_OPTEE_OS=y +BR2_TARGET_OPTEE_OS_PLATFORM="vexpress-qemu_virt" +BR2_PACKAGE_OPTEE_CLIENT=y +BR2_PACKAGE_OPTEE_TEST=y +BR2_PACKAGE_OPTEE_EXAMPLES=y +BR2_PACKAGE_OPTEE_BENCHMARK=y +# U-boot for booting the dear Linux kernel +BR2_TARGET_UBOOT=y +BR2_TARGET_UBOOT_BUILD_SYSTEM_KCONFIG=y +BR2_TARGET_UBOOT_BOARD_DEFCONFIG="qemu_arm" +BR2_TARGET_UBOOT_CONFIG_FRAGMENT_FILES="board/qemu/arm-vexpress-tz/u-boot.config" +# Build Qemu emulator for the Arm target +BR2_PACKAGE_HOST_QEMU=y +BR2_PACKAGE_HOST_QEMU_SYSTEM_MODE=y