binman: Add support for TEE BL32
authorRoger Quadros <rogerq@kernel.org>
Sat, 19 Feb 2022 18:50:04 +0000 (20:50 +0200)
committerSimon Glass <sjg@chromium.org>
Tue, 22 Feb 2022 17:05:44 +0000 (10:05 -0700)
Add an entry for OP-TEE Trusted OS 'BL32' payload.
This is required by platforms using Cortex-A cores with TrustZone
technology.

Signed-off-by: Roger Quadros <rogerq@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add missing-blob-help, renumber the test file, update entry-docs:
Signed-off-by: Simon Glass <sjg@chromium.org>
Makefile
tools/binman/entries.rst
tools/binman/etype/tee_os.py [new file with mode: 0644]
tools/binman/ftest.py
tools/binman/missing-blob-help
tools/binman/test/222_tee_os.dts [new file with mode: 0644]

index 4b15224..697cc51 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -1327,6 +1327,7 @@ cmd_binman = $(srctree)/tools/binman/binman $(if $(BINMAN_DEBUG),-D) \
                -I arch/$(ARCH)/dts -a of-list=$(CONFIG_OF_LIST) \
                $(foreach f,$(BINMAN_INDIRS),-I $(f)) \
                -a atf-bl31-path=${BL31} \
+               -a tee-os-path=${TEE} \
                -a opensbi-path=${OPENSBI} \
                -a default-dt=$(default_dt) \
                -a scp-path=$(SCP) \
index c47f7df..88230a6 100644 (file)
@@ -1103,6 +1103,19 @@ available. This is set by the `SetAllowMissing()` method, if
 
 
 
+Entry: tee-os: Entry containing an OP-TEE Trusted OS (TEE) blob
+---------------------------------------------------------------
+
+Properties / Entry arguments:
+    - tee-os-path: Filename of file to read into entry. This is typically
+        called tee-pager.bin
+
+This entry holds the run-time firmware, typically started by U-Boot SPL.
+See the U-Boot README for your architecture or board for how to use it. See
+https://github.com/OP-TEE/optee_os for more information about OP-TEE.
+
+
+
 Entry: text: An entry which contains text
 -----------------------------------------
 
diff --git a/tools/binman/etype/tee_os.py b/tools/binman/etype/tee_os.py
new file mode 100644 (file)
index 0000000..6ce4b67
--- /dev/null
@@ -0,0 +1,22 @@
+# SPDX-License-Identifier: GPL-2.0+
+# Copyright (C) 2022 Texas Instruments Incorporated - https://www.ti.com/
+#
+# Entry-type module for OP-TEE Trusted OS firmware blob
+#
+
+from binman.etype.blob_named_by_arg import Entry_blob_named_by_arg
+
+class Entry_tee_os(Entry_blob_named_by_arg):
+    """Entry containing an OP-TEE Trusted OS (TEE) blob
+
+    Properties / Entry arguments:
+        - tee-os-path: Filename of file to read into entry. This is typically
+            called tee-pager.bin
+
+    This entry holds the run-time firmware, typically started by U-Boot SPL.
+    See the U-Boot README for your architecture or board for how to use it. See
+    https://github.com/OP-TEE/optee_os for more information about OP-TEE.
+    """
+    def __init__(self, section, etype, node):
+        super().__init__(section, etype, node, 'tee-os')
+        self.external = True
index 4616a29..6a77f1d 100644 (file)
@@ -84,6 +84,7 @@ FSP_M_DATA            = b'fsp_m'
 FSP_S_DATA            = b'fsp_s'
 FSP_T_DATA            = b'fsp_t'
 ATF_BL31_DATA         = b'bl31'
+TEE_OS_DATA           = b'this is some tee OS data'
 ATF_BL2U_DATA         = b'bl2u'
 OPENSBI_DATA          = b'opensbi'
 SCP_DATA              = b'scp'
@@ -188,6 +189,7 @@ class TestFunctional(unittest.TestCase):
         TestFunctional._MakeInputFile('compress', COMPRESS_DATA)
         TestFunctional._MakeInputFile('compress_big', COMPRESS_DATA_BIG)
         TestFunctional._MakeInputFile('bl31.bin', ATF_BL31_DATA)
+        TestFunctional._MakeInputFile('tee-pager.bin', TEE_OS_DATA)
         TestFunctional._MakeInputFile('bl2u.bin', ATF_BL2U_DATA)
         TestFunctional._MakeInputFile('fw_dynamic.bin', OPENSBI_DATA)
         TestFunctional._MakeInputFile('scp.bin', SCP_DATA)
@@ -5296,5 +5298,11 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
         fnode = mkimage_dtb.GetNode('/images/fdt-1/hash')
         self.assertIn('value', fnode.props)
 
+    def testPackTeeOs(self):
+        """Test that an image with an TEE binary can be created"""
+        data = self._DoReadFile('222_tee_os.dts')
+        self.assertEqual(TEE_OS_DATA, data[:len(TEE_OS_DATA)])
+
+
 if __name__ == "__main__":
     unittest.main()
index 551ca87..c61ca02 100644 (file)
@@ -33,3 +33,7 @@ k3-rti-wdt-firmware:
 If CONFIG_WDT_K3_RTI_LOAD_FW is enabled, a firmware image is needed for
 the R5F core(s) to trigger the system reset. One possible source is
 https://github.com/siemens/k3-rti-wdt.
+
+tee-os:
+See the documentation for your board. You may need to build Open Portable
+Trusted Execution Environment (OP-TEE) with TEE=/path/to/tee.bin
diff --git a/tools/binman/test/222_tee_os.dts b/tools/binman/test/222_tee_os.dts
new file mode 100644 (file)
index 0000000..6885497
--- /dev/null
@@ -0,0 +1,14 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+       #address-cells = <1>;
+       #size-cells = <1>;
+
+       binman {
+               tee-os {
+                       filename = "tee-pager.bin";
+               };
+       };
+};