Add build steps for building U-Boot in secure state with TF-A and OP-TEE. It includes the full steps for building OP-TEE and TF-A to use with U-Boot. Also a short description how to invoke QEMU with enabled EL3 and EL2. EL3 (machine option secure=on) is required to run TF-A.
Signed-off-by: Johannes Krottmayer <[email protected]> Cc: Tuomas Tynkkynen <[email protected]> Cc: Tom Rini <[email protected]> --- doc/board/emulation/qemu-arm.rst | 86 ++++++++++++++++++++++++++++++-- 1 file changed, 82 insertions(+), 4 deletions(-) diff --git a/doc/board/emulation/qemu-arm.rst b/doc/board/emulation/qemu-arm.rst index 1c91c7f3ac6..017dbab3831 100644 --- a/doc/board/emulation/qemu-arm.rst +++ b/doc/board/emulation/qemu-arm.rst @@ -24,8 +24,76 @@ Additionally, a number of optional peripherals can be added to the PCI bus. See :doc:`../../develop/devicetree/dt_qemu` for information on how to see the devicetree actually generated by QEMU. -Building U-Boot ------- --------- +Building (secure) +----------------- + +U-Boot +^^^^^^ + +- For AArch64:: + + make qemu_arm64_defconfig + make + +On successful build 'u-boot.bin' should be created. It's necessary in the following steps +(building TF-A). + +OT-TEE +^^^^^^ + +- For AArch64:: + + git clone https://github.com/OP-TEE/optee_os.git + cd optee_os + export CROSS_COMPILE64=aarch64-none-elf- + export CROSS_COMPILE32=arm-none-eabi- + make PLATFORM=vexpress-qemu_armv8a CFG_TRANSFER_LIST=y CFG_MAP_EXT_DT_SECURE=y + +At least OP-TEE v4.9.0 for AArch64 needs both compiler (64-Bit and 32-Bit edition) for a +successful build. On a successful build following files should be created under the directory +'out/arm-plat-vexpress/core' from OP-TEE:: + + optee_os/out/arm-plat-vexpress/core/tee-header_v2.bin + optee_os/out/arm-plat-vexpress/core/tee-pageable_v2.bin + optee_os/out/arm-plat-vexpress/core/tee-pager_v2.bin + +TF-A +^^^^ + +- For AArch64 :: + + git clone https://github.com/ARM-software/arm-trusted-firmware.git + cd arm-trusted-firmware + git submodule update --init + export CROSS_COMPILE=aarch64-none-elf- + export BL32=path/to/tee-header_v2.bin + export BL32_EXTRA1=path/to/tee-pager_v2.bin + export BL32_EXTRA2=path/to/tee-pageable_v2.bin + export BL33=path/to/u-boot.bin + make PLAT=qemu BL32_RAM_LOCATION=tdram SPD=opteed TRANSFER_LIST=1 all fip + +On successful build the following files should be created under the directory +'build/qemu/release' from TF-A:: + + arm-trusted-firmware/build/qemu/release/bl1.bin + arm-trusted-firmware/build/qemu/release/fip.bin + +The following file is at least created with TF-A v2.14.0 and can directly passed +with the '-bios' option to QEMU:: + + arm-trusted-firmware/build/qemu/release/qemu_fw.bios + +If the single file doesn't exists 'bl1.bin' and 'fip.bin' can be concatenated with the +command 'dd' alternatively:: + + dd if=bl1.bin of=flash.bin bs=4096 conv=notrunc + dd if=fip.bin of=flash.bin seek=64 bs=4096 conv=notrunc + +Building (none-secure) +---------------------- + +U-Boot +^^^^^^ Set the CROSS_COMPILE environment variable as usual, and run: - For ARM:: @@ -38,8 +106,18 @@ Set the CROSS_COMPILE environment variable as usual, and run: make qemu_arm64_defconfig make -Running U-Boot --------------- +Running U-Boot (secure) +----------------------- + +- For AArch64:: + + qemu-system-aarch64 -machine virt,secure=on,virtualization=on \ + -nographic -cpu cortex-a57 -bios qemu_fw.bios + +For additional QEMU command description see running U-Boot in none-secure state. + +Running U-Boot (none-secure) +---------------------------- The minimal QEMU command line to get U-Boot up and running is: - For ARM:: -- 2.47.3
publickey - [email protected] - 0x1A5D6E0E.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
