> > Hello, > > This doesn't apply on top of your previous patches. Can you send a proper > series with what you want to be tested/applied? > > Thanks! > Hi Alexandre
I created a series patch here, https://patchwork.yoctoproject.org/project/oe-core/list/?series=21444 Thanks-Jamin > On 17/01/2024 10:10:51+0800, Jamin Lin via lists.openembedded.org wrote: > > Currently, u-boot FIT image only support to load u-boot image. > > To support optee-os and trusted-firmware-a, update ITS file generation > > scripts, so users are able to use u-boot FIT image to load u-boot, > > optee-os and treustred-firmware-a images > > > > Add a variable "UBOOT_FIT_ARM_TRUSTED_FIRMWARE_A" to enable > > trusted-firmware-a image and it is disable by default. > > > > Add a variable "UBOOT_FIT_OPTEE_OS" to enable optee-os image and it is > > disable by default. > > > > The ITS file creation looks like as following. > > 1. Both optee-os and trusted-firmware-a are disabled. > > ''' > > /dts-v1/; > > > > / { > > images { > > uboot { > > > > }; > > fdt { > > }; > > }; > > > > configurations { > > default = "conf"; > > conf { > > loadables = "uboot"; > > fdt = "fdt"; > > }; > > }; > > }; > > ''' > > > > 2. Only enable optee-os > > ''' > > /dts-v1/; > > > > / { > > images { > > uboot { > > }; > > fdt { > > }; > > optee { > > }; > > }; > > > > configurations { > > default = "conf"; > > conf { > > firmware = "optee"; > > loadables = "uboot"; > > fdt = "fdt"; > > }; > > }; > > }; > > ''' > > > > 3: Both optee-os and trusted-firmware-a are enabled ''' > > /dts-v1/; > > > > / { > > images { > > uboot { > > }; > > fdt { > > }; > > atf { > > }; > > optee { > > }; > > }; > > > > configurations { > > default = "conf"; > > conf { > > firmware = "atf"; > > loadables = "uboot", "optee"; > > fdt = "fdt"; > > }; > > }; > > }; > > ''' > > > > Signed-off-by: Jamin Lin <jamin_...@aspeedtech.com> > > --- > > meta/classes-recipe/uboot-sign.bbclass | 91 > > +++++++++++++++++++++++++- > > 1 file changed, 90 insertions(+), 1 deletion(-) > > > > diff --git a/meta/classes-recipe/uboot-sign.bbclass > > b/meta/classes-recipe/uboot-sign.bbclass > > index ad04c82378..b874eb84db 100644 > > --- a/meta/classes-recipe/uboot-sign.bbclass > > +++ b/meta/classes-recipe/uboot-sign.bbclass > > @@ -88,6 +88,18 @@ UBOOT_FIT_ADDRESS_CELLS ?= "1" > > # This is only necessary for determining the signing configuration > > KERNEL_PN = "${PREFERRED_PROVIDER_virtual/kernel}" > > > > +# Trusted Firmware-A (TF-A) provides a reference implementation of # > > +secure world software for Armv7-A and Armv8-A, # including a Secure > > +Monitor executing at Exception Level 3 (EL3) # ATF is used as the > > +initial start code on ARMv8-A cores for all K3 platforms > > +UBOOT_FIT_ARM_TRUSTED_FIRMWARE_A ?= "0" > > +UBOOT_FIT_ARM_TRUSTED_FIRMWARE_A_IMAGE ?= "bl31.bin" > > + > > +# OP-TEE is a Trusted Execution Environment (TEE) designed as # > > +companion to a non-secure Linux kernel running on Arm > > +UBOOT_FIT_OPTEE_OS ?= "0" > > +UBOOT_FIT_OPTEE_OS_IMAGE ?= "tee-raw.bin" > > + > > python() { > > # We need u-boot-tools-native if we're creating a U-Boot fitImage > > sign = d.getVar('UBOOT_SIGN_ENABLE') == '1' > > @@ -230,6 +242,20 @@ addtask uboot_generate_rsa_keys before > > do_uboot_assemble_fitimage after do_compi # Create a ITS file for the > > U-boot FIT, for use when # we want to sign it so that the SPL can > > verify it > > uboot_fitimage_assemble() { > > + conf_loadables="\"uboot\"" > > + conf_firmware="" > > + > > + if [ "${UBOOT_FIT_ARM_TRUSTED_FIRMWARE_A}" = "1" ]; then > > + conf_firmware="\"atf\"" > > + if [ "${UBOOT_FIT_OPTEE_OS}" = "1" ]; then > > + conf_loadables="\"uboot\", \"optee\"" > > + fi > > + else > > + if [ "${UBOOT_FIT_OPTEE_OS}" = "1" ]; then > > + conf_firmware="\"optee\"" > > + fi > > + fi > > + > > rm -f ${UBOOT_ITS} ${UBOOT_FITIMAGE_BINARY} > > > > # First we create the ITS script > > @@ -282,13 +308,76 @@ EOF > > > > cat << EOF >> ${UBOOT_ITS} > > }; > > +EOF > > + if [ "${UBOOT_FIT_ARM_TRUSTED_FIRMWARE_A}" = "1" ] ; then > > + cat << EOF >> ${UBOOT_ITS} > > + atf { > > + description = "ARM Trusted Firmware-A"; > > + data = > /incbin/("${UBOOT_FIT_ARM_TRUSTED_FIRMWARE_A_IMAGE}"); > > + type = "firmware"; > > + arch = "${UBOOT_ARCH}"; > > + os = "arm-trusted-firmware"; > > + load = > <${UBOOT_FIT_ARM_TRUSTED_FIRMWARE_A_LOADADDRESS}>; > > + entry = > <${UBOOT_FIT_ARM_TRUSTED_FIRMWARE_A_ENTRYPOINT}>; > > + compression = "none"; > > +EOF > > + > > + if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then > > + cat << EOF >> ${UBOOT_ITS} > > + signature { > > + algo = > "${UBOOT_FIT_HASH_ALG},${UBOOT_FIT_SIGN_ALG}"; > > + key-name-hint = "${SPL_SIGN_KEYNAME}"; > > + }; > > +EOF > > + fi > > + > > + cat << EOF >> ${UBOOT_ITS} > > + }; > > +EOF > > + fi > > + > > + if [ "${UBOOT_FIT_OPTEE_OS}" = "1" ] ; then > > + cat << EOF >> ${UBOOT_ITS} > > + optee { > > + description = "OPTEE OS Image"; > > + data = /incbin/("${UBOOT_FIT_OPTEE_OS_IMAGE}"); > > + type = "tee"; > > + arch = "${UBOOT_ARCH}"; > > + os = "tee"; > > + load = <${UBOOT_FIT_OPTEE_OS_LOADADDRESS}>; > > + entry = <${UBOOT_FIT_OPTEE_OS_ENTRYPOINT}>; > > + compression = "none"; > > +EOF > > + > > + if [ "${SPL_SIGN_ENABLE}" = "1" ] ; then > > + cat << EOF >> ${UBOOT_ITS} > > + signature { > > + algo = > "${UBOOT_FIT_HASH_ALG},${UBOOT_FIT_SIGN_ALG}"; > > + key-name-hint = "${SPL_SIGN_KEYNAME}"; > > + }; > > +EOF > > + fi > > + > > + cat << EOF >> ${UBOOT_ITS} > > + }; > > +EOF > > + fi > > + > > + cat << EOF >> ${UBOOT_ITS} > > }; > > > > configurations { > > default = "conf"; > > conf { > > description = "Boot with signed U-Boot FIT"; > > - loadables = "uboot"; > > +EOF > > + if [ -n "${conf_firmware}" ]; then > > + cat << EOF >> ${UBOOT_ITS} > > + firmware = ${conf_firmware}; EOF > > + fi > > + cat << EOF >> ${UBOOT_ITS} > > + loadables = ${conf_loadables}; > > fdt = "fdt"; > > }; > > }; > > -- > > 2.25.1 > > > > > > > > > > > > -- > Alexandre Belloni, co-owner and COO, Bootlin > Embedded Linux and Kernel engineering > https://bootlin.com
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#194014): https://lists.openembedded.org/g/openembedded-core/message/194014 Mute This Topic: https://lists.openembedded.org/mt/103778291/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-