Message ID | 20191006181022.2513-1-heiko@sntech.de |
---|---|
State | Accepted |
Commit | f848d2b2c8edb87eae5e518947b48aba528a2c56 |
Delegated to: | Kever Yang |
Headers | show |
Series | [U-Boot,v2,1/2] rockchip: make_fit_atf.py: allow inclusion of a tee binary | expand |
On 2019/10/7 上午2:10, Heiko Stuebner wrote: > A trusted execution environment should also get loaded as loadable from > a fit image, so add the possibility to present a tee.elf to make_fit_atf.py > that then gets included as additional loadable into the generated its. > > For ease of integration the additional loadable is created as atf_(x+1) > after all others to re-use core generation loops. > > Tested against the combinations of 1-part-atf and multi-part-atf each > time with and without a tee binary present. > > Signed-off-by: Heiko Stuebner <heiko@sntech.de> Reviewed-by: Kever Yang<kever.yang@rock-chips.com> Thanks, - Kever > --- > changes in v2: none > > arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++--- > 1 file changed, 46 insertions(+), 6 deletions(-) > > diff --git a/arch/arm/mach-rockchip/make_fit_atf.py b/arch/arm/mach-rockchip/make_fit_atf.py > index 585edcf9d5..3c045a5e17 100755 > --- a/arch/arm/mach-rockchip/make_fit_atf.py > +++ b/arch/arm/mach-rockchip/make_fit_atf.py > @@ -63,6 +63,21 @@ def append_bl31_node(file, atf_index, phy_addr, elf_entry): > file.write('\t\t};\n') > file.write('\n') > > +def append_tee_node(file, atf_index, phy_addr, elf_entry): > + # Append TEE DT node to input FIT dts file. > + data = 'tee_0x%08x.bin' % phy_addr > + file.write('\t\tatf_%d {\n' % atf_index) > + file.write('\t\t\tdescription = \"TEE\";\n') > + file.write('\t\t\tdata = /incbin/("%s");\n' % data) > + file.write('\t\t\ttype = "tee";\n') > + file.write('\t\t\tarch = "arm64";\n') > + file.write('\t\t\tos = "tee";\n') > + file.write('\t\t\tcompression = "none";\n') > + file.write('\t\t\tload = <0x%08x>;\n' % phy_addr) > + file.write('\t\t\tentry = <0x%08x>;\n' % elf_entry) > + file.write('\t\t};\n') > + file.write('\n') > + > def append_fdt_node(file, dtbs): > # Append FDT nodes. > cnt = 1 > @@ -115,15 +130,23 @@ def generate_atf_fit_dts_uboot(fit_file, uboot_file_name): > index, entry, p_paddr, data = segments[0] > fit_file.write(DT_UBOOT % p_paddr) > > -def generate_atf_fit_dts_bl31(fit_file, bl31_file_name, dtbs_file_name): > +def generate_atf_fit_dts_bl31(fit_file, bl31_file_name, tee_file_name, dtbs_file_name): > segments = unpack_elf(bl31_file_name) > for index, entry, paddr, data in segments: > append_bl31_node(fit_file, index + 1, paddr, entry) > + num_segments = len(segments) > + > + if tee_file_name: > + tee_segments = unpack_elf(tee_file_name) > + for index, entry, paddr, data in tee_segments: > + append_tee_node(fit_file, num_segments + index + 1, paddr, entry) > + num_segments = num_segments + len(tee_segments) > + > append_fdt_node(fit_file, dtbs_file_name) > fit_file.write(DT_IMAGES_NODE_END) > - append_conf_node(fit_file, dtbs_file_name, len(segments)) > + append_conf_node(fit_file, dtbs_file_name, num_segments) > > -def generate_atf_fit_dts(fit_file_name, bl31_file_name, uboot_file_name, dtbs_file_name): > +def generate_atf_fit_dts(fit_file_name, bl31_file_name, tee_file_name, uboot_file_name, dtbs_file_name): > # Generate FIT script for ATF image. > if fit_file_name != sys.stdout: > fit_file = open(fit_file_name, "wb") > @@ -132,7 +155,7 @@ def generate_atf_fit_dts(fit_file_name, bl31_file_name, uboot_file_name, dtbs_fi > > fit_file.write(DT_HEADER) > generate_atf_fit_dts_uboot(fit_file, uboot_file_name) > - generate_atf_fit_dts_bl31(fit_file, bl31_file_name, dtbs_file_name) > + generate_atf_fit_dts_bl31(fit_file, bl31_file_name, tee_file_name, dtbs_file_name) > fit_file.write(DT_END) > > if fit_file_name != sys.stdout: > @@ -144,6 +167,13 @@ def generate_atf_binary(bl31_file_name): > with open(file_name, "wb") as atf: > atf.write(data) > > +def generate_tee_binary(tee_file_name): > + if tee_file_name: > + for index, entry, paddr, data in unpack_elf(tee_file_name): > + file_name = 'tee_0x%08x.bin' % paddr > + with open(file_name, "wb") as atf: > + atf.write(data) > + > def unpack_elf(filename): > with open(filename, 'rb') as file: > elf = file.read() > @@ -178,7 +208,14 @@ def main(): > logging.warning(' BL31 file bl31.elf NOT found, resulting binary is non-functional') > logging.warning(' Please read Building section in doc/README.rockchip') > > - opts, args = getopt.getopt(sys.argv[1:], "o:u:b:h") > + if "TEE" in os.environ: > + tee_elf = os.getenv("TEE") > + elif os.path.isfile("./tee.elf"): > + tee_elf = "./tee.elf" > + else: > + tee_elf = "" > + > + opts, args = getopt.getopt(sys.argv[1:], "o:u:b:t:h") > for opt, val in opts: > if opt == "-o": > fit_its = val > @@ -186,14 +223,17 @@ def main(): > uboot_elf = val > elif opt == "-b": > bl31_elf = val > + elif opt == "-t": > + tee_elf = val > elif opt == "-h": > print(__doc__) > sys.exit(2) > > dtbs = args > > - generate_atf_fit_dts(fit_its, bl31_elf, uboot_elf, dtbs) > + generate_atf_fit_dts(fit_its, bl31_elf, tee_elf, uboot_elf, dtbs) > generate_atf_binary(bl31_elf) > + generate_tee_binary(tee_elf) > > if __name__ == "__main__": > main()
On 2019/10/14 下午5:07, Kever Yang wrote: > > On 2019/10/7 上午2:10, Heiko Stuebner wrote: >> A trusted execution environment should also get loaded as loadable from >> a fit image, so add the possibility to present a tee.elf to >> make_fit_atf.py >> that then gets included as additional loadable into the generated its. >> >> For ease of integration the additional loadable is created as atf_(x+1) >> after all others to re-use core generation loops. >> >> Tested against the combinations of 1-part-atf and multi-part-atf each >> time with and without a tee binary present. >> >> Signed-off-by: Heiko Stuebner <heiko@sntech.de> Applied to u-boot-rockchip master. > > Reviewed-by: Kever Yang<kever.yang@rock-chips.com> > > > Thanks, > - Kever >> --- >> changes in v2: none >> >> arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++--- >> 1 file changed, 46 insertions(+), 6 deletions(-) >> >> diff --git a/arch/arm/mach-rockchip/make_fit_atf.py >> b/arch/arm/mach-rockchip/make_fit_atf.py >> index 585edcf9d5..3c045a5e17 100755 >> --- a/arch/arm/mach-rockchip/make_fit_atf.py >> +++ b/arch/arm/mach-rockchip/make_fit_atf.py >> @@ -63,6 +63,21 @@ def append_bl31_node(file, atf_index, phy_addr, >> elf_entry): >> file.write('\t\t};\n') >> file.write('\n') >> +def append_tee_node(file, atf_index, phy_addr, elf_entry): >> + # Append TEE DT node to input FIT dts file. >> + data = 'tee_0x%08x.bin' % phy_addr >> + file.write('\t\tatf_%d {\n' % atf_index) >> + file.write('\t\t\tdescription = \"TEE\";\n') >> + file.write('\t\t\tdata = /incbin/("%s");\n' % data) >> + file.write('\t\t\ttype = "tee";\n') >> + file.write('\t\t\tarch = "arm64";\n') >> + file.write('\t\t\tos = "tee";\n') >> + file.write('\t\t\tcompression = "none";\n') >> + file.write('\t\t\tload = <0x%08x>;\n' % phy_addr) >> + file.write('\t\t\tentry = <0x%08x>;\n' % elf_entry) >> + file.write('\t\t};\n') >> + file.write('\n') >> + >> def append_fdt_node(file, dtbs): >> # Append FDT nodes. >> cnt = 1 >> @@ -115,15 +130,23 @@ def generate_atf_fit_dts_uboot(fit_file, >> uboot_file_name): >> index, entry, p_paddr, data = segments[0] >> fit_file.write(DT_UBOOT % p_paddr) >> -def generate_atf_fit_dts_bl31(fit_file, bl31_file_name, >> dtbs_file_name): >> +def generate_atf_fit_dts_bl31(fit_file, bl31_file_name, >> tee_file_name, dtbs_file_name): >> segments = unpack_elf(bl31_file_name) >> for index, entry, paddr, data in segments: >> append_bl31_node(fit_file, index + 1, paddr, entry) >> + num_segments = len(segments) >> + >> + if tee_file_name: >> + tee_segments = unpack_elf(tee_file_name) >> + for index, entry, paddr, data in tee_segments: >> + append_tee_node(fit_file, num_segments + index + 1, >> paddr, entry) >> + num_segments = num_segments + len(tee_segments) >> + >> append_fdt_node(fit_file, dtbs_file_name) >> fit_file.write(DT_IMAGES_NODE_END) >> - append_conf_node(fit_file, dtbs_file_name, len(segments)) >> + append_conf_node(fit_file, dtbs_file_name, num_segments) >> -def generate_atf_fit_dts(fit_file_name, bl31_file_name, >> uboot_file_name, dtbs_file_name): >> +def generate_atf_fit_dts(fit_file_name, bl31_file_name, >> tee_file_name, uboot_file_name, dtbs_file_name): >> # Generate FIT script for ATF image. >> if fit_file_name != sys.stdout: >> fit_file = open(fit_file_name, "wb") >> @@ -132,7 +155,7 @@ def generate_atf_fit_dts(fit_file_name, >> bl31_file_name, uboot_file_name, dtbs_fi >> fit_file.write(DT_HEADER) >> generate_atf_fit_dts_uboot(fit_file, uboot_file_name) >> - generate_atf_fit_dts_bl31(fit_file, bl31_file_name, dtbs_file_name) >> + generate_atf_fit_dts_bl31(fit_file, bl31_file_name, >> tee_file_name, dtbs_file_name) >> fit_file.write(DT_END) >> if fit_file_name != sys.stdout: >> @@ -144,6 +167,13 @@ def generate_atf_binary(bl31_file_name): >> with open(file_name, "wb") as atf: >> atf.write(data) >> +def generate_tee_binary(tee_file_name): >> + if tee_file_name: >> + for index, entry, paddr, data in unpack_elf(tee_file_name): >> + file_name = 'tee_0x%08x.bin' % paddr >> + with open(file_name, "wb") as atf: >> + atf.write(data) >> + >> def unpack_elf(filename): >> with open(filename, 'rb') as file: >> elf = file.read() >> @@ -178,7 +208,14 @@ def main(): >> logging.warning(' BL31 file bl31.elf NOT found, resulting >> binary is non-functional') >> logging.warning(' Please read Building section in >> doc/README.rockchip') >> - opts, args = getopt.getopt(sys.argv[1:], "o:u:b:h") >> + if "TEE" in os.environ: >> + tee_elf = os.getenv("TEE") >> + elif os.path.isfile("./tee.elf"): >> + tee_elf = "./tee.elf" >> + else: >> + tee_elf = "" >> + >> + opts, args = getopt.getopt(sys.argv[1:], "o:u:b:t:h") >> for opt, val in opts: >> if opt == "-o": >> fit_its = val >> @@ -186,14 +223,17 @@ def main(): >> uboot_elf = val >> elif opt == "-b": >> bl31_elf = val >> + elif opt == "-t": >> + tee_elf = val >> elif opt == "-h": >> print(__doc__) >> sys.exit(2) >> dtbs = args >> - generate_atf_fit_dts(fit_its, bl31_elf, uboot_elf, dtbs) >> + generate_atf_fit_dts(fit_its, bl31_elf, tee_elf, uboot_elf, dtbs) >> generate_atf_binary(bl31_elf) >> + generate_tee_binary(tee_elf) >> if __name__ == "__main__": >> main() > > > _______________________________________________ > U-Boot mailing list > U-Boot@lists.denx.de > https://lists.denx.de/listinfo/u-boot
Hi, On Mon, 14 Oct 2019 at 03:07, Kever Yang <kever.yang@rock-chips.com> wrote: > > > On 2019/10/7 上午2:10, Heiko Stuebner wrote: > > A trusted execution environment should also get loaded as loadable from > > a fit image, so add the possibility to present a tee.elf to make_fit_atf.py > > that then gets included as additional loadable into the generated its. > > > > For ease of integration the additional loadable is created as atf_(x+1) > > after all others to re-use core generation loops. > > > > Tested against the combinations of 1-part-atf and multi-part-atf each > > time with and without a tee binary present. > > > > Signed-off-by: Heiko Stuebner <heiko@sntech.de> > > Reviewed-by: Kever Yang<kever.yang@rock-chips.com> > > > Thanks, > - Kever > > --- > > changes in v2: none > > > > arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++--- > > 1 file changed, 46 insertions(+), 6 deletions(-) I see there is an effort to move this to binman. To me that is a much more productive approach! Is there a feature or example missing in binman that you need to get this over the hump? Would like to avoid lots of random scripts in U-Boot for building images. Regards, Simon
Add Jagan. Hi Simon, On 2019/10/22 上午7:46, Simon Glass wrote: > Hi, > > On Mon, 14 Oct 2019 at 03:07, Kever Yang <kever.yang@rock-chips.com> wrote: >> >> On 2019/10/7 上午2:10, Heiko Stuebner wrote: >>> A trusted execution environment should also get loaded as loadable from >>> a fit image, so add the possibility to present a tee.elf to make_fit_atf.py >>> that then gets included as additional loadable into the generated its. >>> >>> For ease of integration the additional loadable is created as atf_(x+1) >>> after all others to re-use core generation loops. >>> >>> Tested against the combinations of 1-part-atf and multi-part-atf each >>> time with and without a tee binary present. >>> >>> Signed-off-by: Heiko Stuebner <heiko@sntech.de> >> Reviewed-by: Kever Yang<kever.yang@rock-chips.com> >> >> >> Thanks, >> - Kever >>> --- >>> changes in v2: none >>> >>> arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++--- >>> 1 file changed, 46 insertions(+), 6 deletions(-) > I see there is an effort to move this to binman. To me that is a much > more productive approach! Do you mean the patch set from Jagan for rockchip platform to using binman? That patch is actually using the output of the u-boot.itb which is based on this script. > > Is there a feature or example missing in binman that you need to get > this over the hump? I think Heiko and you has a discussion about this in previous version thread. The U-Boot project build output is: tpl.bin, spl.bin, u-boot.bin For rockchip platform, package needs: - pack tpl.bin+spl.bin with mkimage -rksd/rkspi into idbloader.img - get ATF binaries from bl31.bin/optee.bin with a script - generate u-boot.its to describe the u-boot.itb - pack u-boot.bin and ATF/OPTEE binaries into u-boot.itb with mkimage -f u-boot.its Does the binman mainly target for pack the idbloader.img+u-boot.itb? Thanks, - Kever > > Would like to avoid lots of random scripts in U-Boot for building images. > > Regards, > Simon >
Hi Kever, On Tue, 22 Oct 2019 at 03:45, Kever Yang <kever.yang@rock-chips.com> wrote: > > Add Jagan. > > Hi Simon, > > > On 2019/10/22 上午7:46, Simon Glass wrote: > > Hi, > > > > On Mon, 14 Oct 2019 at 03:07, Kever Yang <kever.yang@rock-chips.com> wrote: > >> > >> On 2019/10/7 上午2:10, Heiko Stuebner wrote: > >>> A trusted execution environment should also get loaded as loadable from > >>> a fit image, so add the possibility to present a tee.elf to make_fit_atf.py > >>> that then gets included as additional loadable into the generated its. > >>> > >>> For ease of integration the additional loadable is created as atf_(x+1) > >>> after all others to re-use core generation loops. > >>> > >>> Tested against the combinations of 1-part-atf and multi-part-atf each > >>> time with and without a tee binary present. > >>> > >>> Signed-off-by: Heiko Stuebner <heiko@sntech.de> > >> Reviewed-by: Kever Yang<kever.yang@rock-chips.com> > >> > >> > >> Thanks, > >> - Kever > >>> --- > >>> changes in v2: none > >>> > >>> arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++--- > >>> 1 file changed, 46 insertions(+), 6 deletions(-) > > I see there is an effort to move this to binman. To me that is a much > > more productive approach! > > > Do you mean the patch set from Jagan for rockchip platform to using binman? > > That patch is actually using the output of the u-boot.itb which is based > on this script. > > > > > Is there a feature or example missing in binman that you need to get > > this over the hump? > > > I think Heiko and you has a discussion about this in previous version > thread. > The U-Boot project build output is: tpl.bin, spl.bin, u-boot.bin > For rockchip platform, package needs: > - pack tpl.bin+spl.bin with mkimage -rksd/rkspi into idbloader.img > - get ATF binaries from bl31.bin/optee.bin with a script > - generate u-boot.its to describe the u-boot.itb > - pack u-boot.bin and ATF/OPTEE binaries into u-boot.itb with mkimage -f > u-boot.its > > Does the binman mainly target for pack the idbloader.img+u-boot.itb? I actually think binman could handle all of that. Is there something I could do that would help with that? Regards, Simon
Hi Simon, Am Mittwoch, 30. Oktober 2019, 02:49:46 CET schrieb Simon Glass: > On Tue, 22 Oct 2019 at 03:45, Kever Yang <kever.yang@rock-chips.com> wrote: > > On 2019/10/22 上午7:46, Simon Glass wrote: > > > On Mon, 14 Oct 2019 at 03:07, Kever Yang <kever.yang@rock-chips.com> wrote: > > >> > > >> On 2019/10/7 上午2:10, Heiko Stuebner wrote: > > >>> A trusted execution environment should also get loaded as loadable from > > >>> a fit image, so add the possibility to present a tee.elf to make_fit_atf.py > > >>> that then gets included as additional loadable into the generated its. > > >>> > > >>> For ease of integration the additional loadable is created as atf_(x+1) > > >>> after all others to re-use core generation loops. > > >>> > > >>> Tested against the combinations of 1-part-atf and multi-part-atf each > > >>> time with and without a tee binary present. > > >>> > > >>> Signed-off-by: Heiko Stuebner <heiko@sntech.de> > > >> Reviewed-by: Kever Yang<kever.yang@rock-chips.com> > > >> > > >> > > >> Thanks, > > >> - Kever > > >>> --- > > >>> changes in v2: none > > >>> > > >>> arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++--- > > >>> 1 file changed, 46 insertions(+), 6 deletions(-) > > > I see there is an effort to move this to binman. To me that is a much > > > more productive approach! > > > > > > Do you mean the patch set from Jagan for rockchip platform to using binman? > > > > That patch is actually using the output of the u-boot.itb which is based > > on this script. > > > > > > > > Is there a feature or example missing in binman that you need to get > > > this over the hump? > > > > > > I think Heiko and you has a discussion about this in previous version > > thread. > > The U-Boot project build output is: tpl.bin, spl.bin, u-boot.bin > > For rockchip platform, package needs: > > - pack tpl.bin+spl.bin with mkimage -rksd/rkspi into idbloader.img > > - get ATF binaries from bl31.bin/optee.bin with a script > > - generate u-boot.its to describe the u-boot.itb > > - pack u-boot.bin and ATF/OPTEE binaries into u-boot.itb with mkimage -f > > u-boot.its > > > > Does the binman mainly target for pack the idbloader.img+u-boot.itb? > > I actually think binman could handle all of that. > > Is there something I could do that would help with that? I think the main sparse element is time here and maybe a voluteer with enough of time available to lay the groundwork. Like on my personal side, I really don't see me finding the time to actually look at binman and finding out how everything should translate from the current state to binman - soonish. Hooking up new small things into an existing infrastructure is somehow alway easier ;-) . Heiko
Hi Heiko, On Mon, 4 Nov 2019 at 04:23, Heiko Stübner <heiko@sntech.de> wrote: > > Hi Simon, > > Am Mittwoch, 30. Oktober 2019, 02:49:46 CET schrieb Simon Glass: > > On Tue, 22 Oct 2019 at 03:45, Kever Yang <kever.yang@rock-chips.com> wrote: > > > On 2019/10/22 上午7:46, Simon Glass wrote: > > > > On Mon, 14 Oct 2019 at 03:07, Kever Yang <kever.yang@rock-chips.com> wrote: > > > >> > > > >> On 2019/10/7 上午2:10, Heiko Stuebner wrote: > > > >>> A trusted execution environment should also get loaded as loadable from > > > >>> a fit image, so add the possibility to present a tee.elf to make_fit_atf.py > > > >>> that then gets included as additional loadable into the generated its. > > > >>> > > > >>> For ease of integration the additional loadable is created as atf_(x+1) > > > >>> after all others to re-use core generation loops. > > > >>> > > > >>> Tested against the combinations of 1-part-atf and multi-part-atf each > > > >>> time with and without a tee binary present. > > > >>> > > > >>> Signed-off-by: Heiko Stuebner <heiko@sntech.de> > > > >> Reviewed-by: Kever Yang<kever.yang@rock-chips.com> > > > >> > > > >> > > > >> Thanks, > > > >> - Kever > > > >>> --- > > > >>> changes in v2: none > > > >>> > > > >>> arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++--- > > > >>> 1 file changed, 46 insertions(+), 6 deletions(-) > > > > I see there is an effort to move this to binman. To me that is a much > > > > more productive approach! > > > > > > > > > Do you mean the patch set from Jagan for rockchip platform to using binman? > > > > > > That patch is actually using the output of the u-boot.itb which is based > > > on this script. > > > > > > > > > > > Is there a feature or example missing in binman that you need to get > > > > this over the hump? > > > > > > > > > I think Heiko and you has a discussion about this in previous version > > > thread. > > > The U-Boot project build output is: tpl.bin, spl.bin, u-boot.bin > > > For rockchip platform, package needs: > > > - pack tpl.bin+spl.bin with mkimage -rksd/rkspi into idbloader.img > > > - get ATF binaries from bl31.bin/optee.bin with a script > > > - generate u-boot.its to describe the u-boot.itb > > > - pack u-boot.bin and ATF/OPTEE binaries into u-boot.itb with mkimage -f > > > u-boot.its > > > > > > Does the binman mainly target for pack the idbloader.img+u-boot.itb? > > > > I actually think binman could handle all of that. > > > > Is there something I could do that would help with that? > > I think the main sparse element is time here and maybe a voluteer with > enough of time available to lay the groundwork. > > Like on my personal side, I really don't see me finding the time to > actually look at binman and finding out how everything should > translate from the current state to binman - soonish. > > Hooking up new small things into an existing infrastructure is somehow > alway easier ;-) . Yes that's true - I suppose it is called 'getting over the hump'. I have a few irons in the fire at the moment, but if no one gets to it I might try. Jagan seems to be making good progress so far. Regards, Simon
diff --git a/arch/arm/mach-rockchip/make_fit_atf.py b/arch/arm/mach-rockchip/make_fit_atf.py index 585edcf9d5..3c045a5e17 100755 --- a/arch/arm/mach-rockchip/make_fit_atf.py +++ b/arch/arm/mach-rockchip/make_fit_atf.py @@ -63,6 +63,21 @@ def append_bl31_node(file, atf_index, phy_addr, elf_entry): file.write('\t\t};\n') file.write('\n') +def append_tee_node(file, atf_index, phy_addr, elf_entry): + # Append TEE DT node to input FIT dts file. + data = 'tee_0x%08x.bin' % phy_addr + file.write('\t\tatf_%d {\n' % atf_index) + file.write('\t\t\tdescription = \"TEE\";\n') + file.write('\t\t\tdata = /incbin/("%s");\n' % data) + file.write('\t\t\ttype = "tee";\n') + file.write('\t\t\tarch = "arm64";\n') + file.write('\t\t\tos = "tee";\n') + file.write('\t\t\tcompression = "none";\n') + file.write('\t\t\tload = <0x%08x>;\n' % phy_addr) + file.write('\t\t\tentry = <0x%08x>;\n' % elf_entry) + file.write('\t\t};\n') + file.write('\n') + def append_fdt_node(file, dtbs): # Append FDT nodes. cnt = 1 @@ -115,15 +130,23 @@ def generate_atf_fit_dts_uboot(fit_file, uboot_file_name): index, entry, p_paddr, data = segments[0] fit_file.write(DT_UBOOT % p_paddr) -def generate_atf_fit_dts_bl31(fit_file, bl31_file_name, dtbs_file_name): +def generate_atf_fit_dts_bl31(fit_file, bl31_file_name, tee_file_name, dtbs_file_name): segments = unpack_elf(bl31_file_name) for index, entry, paddr, data in segments: append_bl31_node(fit_file, index + 1, paddr, entry) + num_segments = len(segments) + + if tee_file_name: + tee_segments = unpack_elf(tee_file_name) + for index, entry, paddr, data in tee_segments: + append_tee_node(fit_file, num_segments + index + 1, paddr, entry) + num_segments = num_segments + len(tee_segments) + append_fdt_node(fit_file, dtbs_file_name) fit_file.write(DT_IMAGES_NODE_END) - append_conf_node(fit_file, dtbs_file_name, len(segments)) + append_conf_node(fit_file, dtbs_file_name, num_segments) -def generate_atf_fit_dts(fit_file_name, bl31_file_name, uboot_file_name, dtbs_file_name): +def generate_atf_fit_dts(fit_file_name, bl31_file_name, tee_file_name, uboot_file_name, dtbs_file_name): # Generate FIT script for ATF image. if fit_file_name != sys.stdout: fit_file = open(fit_file_name, "wb") @@ -132,7 +155,7 @@ def generate_atf_fit_dts(fit_file_name, bl31_file_name, uboot_file_name, dtbs_fi fit_file.write(DT_HEADER) generate_atf_fit_dts_uboot(fit_file, uboot_file_name) - generate_atf_fit_dts_bl31(fit_file, bl31_file_name, dtbs_file_name) + generate_atf_fit_dts_bl31(fit_file, bl31_file_name, tee_file_name, dtbs_file_name) fit_file.write(DT_END) if fit_file_name != sys.stdout: @@ -144,6 +167,13 @@ def generate_atf_binary(bl31_file_name): with open(file_name, "wb") as atf: atf.write(data) +def generate_tee_binary(tee_file_name): + if tee_file_name: + for index, entry, paddr, data in unpack_elf(tee_file_name): + file_name = 'tee_0x%08x.bin' % paddr + with open(file_name, "wb") as atf: + atf.write(data) + def unpack_elf(filename): with open(filename, 'rb') as file: elf = file.read() @@ -178,7 +208,14 @@ def main(): logging.warning(' BL31 file bl31.elf NOT found, resulting binary is non-functional') logging.warning(' Please read Building section in doc/README.rockchip') - opts, args = getopt.getopt(sys.argv[1:], "o:u:b:h") + if "TEE" in os.environ: + tee_elf = os.getenv("TEE") + elif os.path.isfile("./tee.elf"): + tee_elf = "./tee.elf" + else: + tee_elf = "" + + opts, args = getopt.getopt(sys.argv[1:], "o:u:b:t:h") for opt, val in opts: if opt == "-o": fit_its = val @@ -186,14 +223,17 @@ def main(): uboot_elf = val elif opt == "-b": bl31_elf = val + elif opt == "-t": + tee_elf = val elif opt == "-h": print(__doc__) sys.exit(2) dtbs = args - generate_atf_fit_dts(fit_its, bl31_elf, uboot_elf, dtbs) + generate_atf_fit_dts(fit_its, bl31_elf, tee_elf, uboot_elf, dtbs) generate_atf_binary(bl31_elf) + generate_tee_binary(tee_elf) if __name__ == "__main__": main()
A trusted execution environment should also get loaded as loadable from a fit image, so add the possibility to present a tee.elf to make_fit_atf.py that then gets included as additional loadable into the generated its. For ease of integration the additional loadable is created as atf_(x+1) after all others to re-use core generation loops. Tested against the combinations of 1-part-atf and multi-part-atf each time with and without a tee binary present. Signed-off-by: Heiko Stuebner <heiko@sntech.de> --- changes in v2: none arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++--- 1 file changed, 46 insertions(+), 6 deletions(-)