Hi Raymond, On 10/15/25 16:18, Raymond Mao wrote: > Fetch OP-TEE (4.7.0), TF-A (v2.13.0), MbedTLS (v3.6) and build > bl1 and fip with both Firmware Handoff and Measured Boot enabled. > > Signed-off-by: Raymond Mao <[email protected]> > --- > Changes in V2: > - Move OP-TEE dependencies into the common group. > - Fetch MbedTLS/TF-A and build bl1/fip in dockerfile instead of > post-buildman script. > - Remove Trust Boot related build options. > Changes in V3: > - Clean-up of OP-TEE deps. > Changes in V4: > - Minimize OP-TEE build options. > > tools/docker/Dockerfile | 38 ++++++++++++++++++++++++++++++++++++-- > 1 file changed, 36 insertions(+), 2 deletions(-) > > diff --git a/tools/docker/Dockerfile b/tools/docker/Dockerfile > index 5b4c75f8400..73c1589e260 100644 > --- a/tools/docker/Dockerfile > +++ b/tools/docker/Dockerfile > @@ -122,8 +122,10 @@ RUN > --mount=type=cache,target=/var/cache/apt,sharing=locked \ > python-is-python3 \ > python2.7 \ > python3 \ > + python3-cryptography \ > python3-dev \ > python3-pip \ > + python3-pyelftools \ > python3-sphinx \ > python3-tomli \ > python3-venv \ > @@ -227,10 +229,24 @@ RUN git clone https://gitlab.com/qemu-project/qemu.git > /tmp/qemu && \ > make -j$(nproc) all install && \ > rm -rf /tmp/qemu > > -# Build fiptool > +# Build OP-TEE for qemu_arm64 > +RUN git clone https://github.com/OP-TEE/optee_os.git /tmp/optee_os && \ > + cd /tmp/optee_os/ && \
I would recommend: git clone -b 4.7.0 --depth=1 https://github.com/OP-TEE/optee_os.git /tmp/optee_os ...which will directly obtain the proper tag (-b 4.7.0), and minimize the amount of cloned data (--depth=1 i.e., no full history, just the last commit). With or without this change: Acked-by: Jerome Forissier <[email protected]> Thanks, -- Jerome > + git checkout 4.7.0 && \ > + make > CROSS_COMPILE32=/opt/gcc-${TCVER}-nolibc/arm-linux-gnueabi/bin/arm-linux-gnueabi- > \ > + > CROSS_COMPILE64=/opt/gcc-${TCVER}-nolibc/aarch64-linux/bin/aarch64-linux- \ > + CFG_TRANSFER_LIST=y CFG_MAP_EXT_DT_SECURE=y \ > + PLATFORM=vexpress-qemu_armv8a CFG_RPMB_FS=y \ > + CFG_RPMB_WRITE_KEY=y CFG_RPMB_TESTKEY=y \ > + CFG_CORE_HEAP_SIZE=524288 \ > + CFG_REE_FS=n CFG_CORE_ARM64_PA_BITS=48 \ > + CFG_TEE_CORE_LOG_LEVEL=2 > + > +# Build fiptool, bl1 and fip for fvp and qemu_arm64 > +RUN git clone --branch mbedtls-3.6 https://github.com/ARMmbed/mbedtls.git > /tmp/mbedtls > RUN git clone https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git > /tmp/tf-a && \ > cd /tmp/tf-a/ && \ > - git checkout v2.12.0 && \ > + git checkout v2.13.0 && \ > make > CROSS_COMPILE=/opt/gcc-${TCVER}-nolibc/aarch64-linux/bin/aarch64-linux- \ > PLAT=fvp BL33=/dev/null -j$(nproc) all fip && \ > mkdir -p /usr/local/bin /opt/tf-a/vexpress_fvp && \ > @@ -243,6 +259,24 @@ RUN git clone > https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git /tmp/t > mkdir -p /opt/tf-a/vexpress_fvp_bloblist && \ > cp build/fvp/release/fip.bin build/fvp/release/bl1.bin \ > /opt/tf-a/vexpress_fvp_bloblist/ && \ > + make > CROSS_COMPILE=/opt/gcc-${TCVER}-nolibc/aarch64-linux/bin/aarch64-linux- \ > + PLAT=qemu \ > + BL33=/dev/null \ > + BL32=/tmp/optee_os/out/arm-plat-vexpress/core/tee-header_v2.bin > \ > + > BL32_EXTRA1=/tmp/optee_os/out/arm-plat-vexpress/core/tee-pager_v2.bin \ > + > BL32_EXTRA2=/tmp/optee_os/out/arm-plat-vexpress/core/tee-pageable_v2.bin \ > + BL32_RAM_LOCATION=tdram SPD=opteed \ > + TRANSFER_LIST=1 E=0 \ > + MEASURED_BOOT=1 \ > + EVENT_LOG_LEVEL=10 \ > + MBOOT_EL_HASH_ALG=sha256 \ > + MBEDTLS_DIR=/tmp/mbedtls \ > + -j$(nproc) all fip && \ > + mkdir -p /opt/tf-a/qemu_arm64_fw_handoff_tfa_optee && \ > + cp build/qemu/release/fip.bin build/qemu/release/bl1.bin \ > + /opt/tf-a/qemu_arm64_fw_handoff_tfa_optee/ && \ > + rm -rf /tmp/optee_os && \ > + rm -rf /tmp/mbedtls && \ > rm -rf /tmp/tf-a > > # Download the Arm Architecture FVP platform. This file is double compressed.
