From 5e7b3a8be0a2794e1d3e6661564e71778e4d8192 Mon Sep 17 00:00:00 2001 From: Sergio Prado Date: Thu, 7 Nov 2024 11:22:28 -0300 Subject: [PATCH 1/7] optee: organize machine specific configuration For better organization, move machine specific configuration to a separated directory. Signed-off-by: Sergio Prado --- recipes-security/optee/{ => include}/optee-tdx-verdin-am62.inc | 0 .../optee/{ => include}/optee-tdx-verdin-imx8mm.inc | 0 .../optee/{ => include}/optee-tdx-verdin-imx8mp.inc | 0 recipes-security/optee/optee-tdx.inc | 2 +- 4 files changed, 1 insertion(+), 1 deletion(-) rename recipes-security/optee/{ => include}/optee-tdx-verdin-am62.inc (100%) rename recipes-security/optee/{ => include}/optee-tdx-verdin-imx8mm.inc (100%) rename recipes-security/optee/{ => include}/optee-tdx-verdin-imx8mp.inc (100%) diff --git a/recipes-security/optee/optee-tdx-verdin-am62.inc b/recipes-security/optee/include/optee-tdx-verdin-am62.inc similarity index 100% rename from recipes-security/optee/optee-tdx-verdin-am62.inc rename to recipes-security/optee/include/optee-tdx-verdin-am62.inc diff --git a/recipes-security/optee/optee-tdx-verdin-imx8mm.inc b/recipes-security/optee/include/optee-tdx-verdin-imx8mm.inc similarity index 100% rename from recipes-security/optee/optee-tdx-verdin-imx8mm.inc rename to recipes-security/optee/include/optee-tdx-verdin-imx8mm.inc diff --git a/recipes-security/optee/optee-tdx-verdin-imx8mp.inc b/recipes-security/optee/include/optee-tdx-verdin-imx8mp.inc similarity index 100% rename from recipes-security/optee/optee-tdx-verdin-imx8mp.inc rename to recipes-security/optee/include/optee-tdx-verdin-imx8mp.inc diff --git a/recipes-security/optee/optee-tdx.inc b/recipes-security/optee/optee-tdx.inc index 543cab7..f15462a 100644 --- a/recipes-security/optee/optee-tdx.inc +++ b/recipes-security/optee/optee-tdx.inc @@ -1,7 +1,7 @@ COMPATIBLE_MACHINE = "${MACHINE}" # include machine specific configuration -require optee-tdx-${MACHINE}.inc +require include/optee-tdx-${MACHINE}.inc # make options to enable debug messages OPTEE_OS_DEBUG_OPTS = "\ From 300d811295fec15c422357078725895cdae92212 Mon Sep 17 00:00:00 2001 From: Sergio Prado Date: Thu, 7 Nov 2024 11:25:08 -0300 Subject: [PATCH 2/7] optee-client: set compatible machine Make sure the recipe is compatible with the selected machine (required to build NXP downstream version of optee-client for ARM32 platforms). No effect on ARM64 platforms. Signed-off-by: Sergio Prado --- recipes-security/optee/optee-client_%.bbappend | 3 +++ 1 file changed, 3 insertions(+) diff --git a/recipes-security/optee/optee-client_%.bbappend b/recipes-security/optee/optee-client_%.bbappend index d4d2789..4f90861 100644 --- a/recipes-security/optee/optee-client_%.bbappend +++ b/recipes-security/optee/optee-client_%.bbappend @@ -12,3 +12,6 @@ do_install:append() { install -m 755 ${WORKDIR}/tee-supplicant.rules ${D}${nonarch_base_libdir}/udev/rules.d/ fi } + +# make sure the recipe is selected by the current machine +COMPATIBLE_MACHINE = "${MACHINE}" From 6ceba24a50cf0bd37982294bc129ba57ec78e310 Mon Sep 17 00:00:00 2001 From: Sergio Prado Date: Thu, 7 Nov 2024 11:32:25 -0300 Subject: [PATCH 3/7] optee-os: increase verbosity when TDX_OPTEE_DEBUG is enabled This might help when debugging OP-TEE issues. Signed-off-by: Sergio Prado --- recipes-security/optee/optee-tdx.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/recipes-security/optee/optee-tdx.inc b/recipes-security/optee/optee-tdx.inc index f15462a..efd8e86 100644 --- a/recipes-security/optee/optee-tdx.inc +++ b/recipes-security/optee/optee-tdx.inc @@ -7,6 +7,8 @@ require include/optee-tdx-${MACHINE}.inc OPTEE_OS_DEBUG_OPTS = "\ CFG_TEE_CORE_LOG_LEVEL=3 \ CFG_TEE_TA_LOG_LEVEL=3 \ + CFG_TEE_CORE_TA_TRACE=y \ + CFG_TEE_CORE_DEBUG=y \ " # additional build flags for optee-os From a599d80c1cdb5d8bc977142d208521eef9e0b6de Mon Sep 17 00:00:00 2001 From: Sergio Prado Date: Thu, 7 Nov 2024 11:40:14 -0300 Subject: [PATCH 4/7] optee-os: support building with machine dependent arguments Make it possible to pass additional machine-dependent arguments when building OP-TEE OS via OPTEE_OS_EXTRA_MACHINE_ARGS variable. Signed-off-by: Sergio Prado --- recipes-security/optee/optee-tdx.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/recipes-security/optee/optee-tdx.inc b/recipes-security/optee/optee-tdx.inc index efd8e86..1cf0802 100644 --- a/recipes-security/optee/optee-tdx.inc +++ b/recipes-security/optee/optee-tdx.inc @@ -15,4 +15,5 @@ OPTEE_OS_DEBUG_OPTS = "\ EXTRA_OEMAKE:append:pn-optee-os = "\ ${@oe.utils.conditional('TDX_OPTEE_DEBUG', '1', '${OPTEE_OS_DEBUG_OPTS}', '', d)} \ CFG_UART_BASE=${UART_BASE_ADDR} \ + ${OPTEE_OS_EXTRA_MACHINE_ARGS} \ " From a155f9623e4a54fae96a683d753911dad1746380 Mon Sep 17 00:00:00 2001 From: Sergio Prado Date: Tue, 17 Dec 2024 13:41:44 -0300 Subject: [PATCH 5/7] optee: add support for Colibri iMX6 Signed-off-by: Sergio Prado --- classes/tdx-optee-colibri-imx6.inc | 3 + classes/tdx-optee.bbclass | 7 ++ ...-add-support-to-boot-OP-TEE-from-SPL.patch | 108 ++++++++++++++++++ .../u-boot/files/optee-colibri-imx6.cfg | 10 ++ recipes-bsp/u-boot/u-boot-optee.inc | 30 +++++ ...qdl-colibri-add-OP-TEE-related-nodes.patch | 49 ++++++++ recipes-kernel/linux/linux-optee.inc | 4 + .../optee/include/optee-tdx-colibri-imx6.inc | 17 +++ 8 files changed, 228 insertions(+) create mode 100644 classes/tdx-optee-colibri-imx6.inc create mode 100644 recipes-bsp/u-boot/files/0001-toradex-imx6dl-add-support-to-boot-OP-TEE-from-SPL.patch create mode 100644 recipes-bsp/u-boot/files/optee-colibri-imx6.cfg create mode 100644 recipes-kernel/linux/files/0001-ARM-dts-imx6qdl-colibri-add-OP-TEE-related-nodes.patch create mode 100644 recipes-security/optee/include/optee-tdx-colibri-imx6.inc diff --git a/classes/tdx-optee-colibri-imx6.inc b/classes/tdx-optee-colibri-imx6.inc new file mode 100644 index 0000000..e21b444 --- /dev/null +++ b/classes/tdx-optee-colibri-imx6.inc @@ -0,0 +1,3 @@ +UBOOT_CONFIG[optee] = "colibri_imx6_defconfig,,u-boot.itb" +UBOOT_CONFIG = "optee" +UBOOT_SUFFIX = "itb" diff --git a/classes/tdx-optee.bbclass b/classes/tdx-optee.bbclass index edb717e..a655699 100644 --- a/classes/tdx-optee.bbclass +++ b/classes/tdx-optee.bbclass @@ -4,6 +4,12 @@ TDX_OPTEE_ENABLE = "1" # disable OP-TEE on R5 firmware for K3 based platforms TDX_OPTEE_ENABLE:verdin-am62-k3r5 = "0" +# extension to append to optee binary when using the NXP recipes for ARM32 platforms +OPTEE_BIN_EXT = "bin" + +# include machine-dependent OP-TEE configuration (if available) +include tdx-optee-${MACHINE}.inc + # required by some vendor BSPs MACHINE_FEATURES:append = " optee" @@ -40,6 +46,7 @@ addhandler validate_optee_support validate_optee_support[eventmask] = "bb.event.SanityCheck" python validate_optee_support() { supported_machines = [ + 'colibri-imx6', 'verdin-imx8mp', 'verdin-imx8mm', 'verdin-am62', diff --git a/recipes-bsp/u-boot/files/0001-toradex-imx6dl-add-support-to-boot-OP-TEE-from-SPL.patch b/recipes-bsp/u-boot/files/0001-toradex-imx6dl-add-support-to-boot-OP-TEE-from-SPL.patch new file mode 100644 index 0000000..f111084 --- /dev/null +++ b/recipes-bsp/u-boot/files/0001-toradex-imx6dl-add-support-to-boot-OP-TEE-from-SPL.patch @@ -0,0 +1,108 @@ +From 2ffd211121bff2b873e2d0f4dc076a7c63b7afe3 Mon Sep 17 00:00:00 2001 +From: Sergio Prado +Date: Thu, 28 Nov 2024 16:47:49 -0300 +Subject: [PATCH] toradex: imx6dl: add support to boot OP-TEE from SPL + +Upstream-Status: Pending + +Signed-off-by: Sergio Prado +--- + .../dts/imx6dl-colibri-eval-v3-u-boot.dtsi | 62 +++++++++++++++++++ + arch/arm/mach-imx/mx6/Kconfig | 1 + + 2 files changed, 63 insertions(+) + +diff --git a/arch/arm/dts/imx6dl-colibri-eval-v3-u-boot.dtsi b/arch/arm/dts/imx6dl-colibri-eval-v3-u-boot.dtsi +index 44baaa803243..7535e3012384 100644 +--- a/arch/arm/dts/imx6dl-colibri-eval-v3-u-boot.dtsi ++++ b/arch/arm/dts/imx6dl-colibri-eval-v3-u-boot.dtsi +@@ -4,6 +4,7 @@ + */ + + #include "imx6qdl-u-boot.dtsi" ++#include + + / { + aliases { +@@ -26,6 +27,67 @@ + wdt = <&wdog1>; + bootph-pre-ram; + }; ++ ++#if defined(CONFIG_SPL_OPTEE_IMAGE) ++ reserved-memory { ++ #address-cells = <1>; ++ #size-cells = <1>; ++ ranges; ++ ++ optee@1c000000 { ++ reg = <0x1c000000 0x01000000>; ++ no-map; ++ }; ++ }; ++ ++ binman { ++ fit { ++ description = "FIT image with OP-TEE"; ++ fit,fdt-list = "of-list"; ++ #address-cells = <1>; ++ filename = "u-boot.itb"; ++ images { ++ u-boot { ++ description = "U-Boot"; ++ type = "standalone"; ++ os = "U-Boot"; ++ arch = "arm"; ++ compression = "none"; ++ load = ; ++ entry = ; ++ u-boot-nodtb { ++ }; ++ }; ++ op-tee { ++ description = "OP-TEE"; ++ type = "tee"; ++ arch = "arm"; ++ os = "tee"; ++ compression = "none"; ++ load = <0x1c000000>; ++ entry = <0x1c000000>; ++ tee-os { ++ }; ++ }; ++ @fdt-SEQ { ++ description = "fdt-NAME"; ++ compression = "none"; ++ type = "flat_dt"; ++ arch = "arm"; ++ }; ++ }; ++ configurations { ++ default = "@config-DEFAULT-SEQ"; ++ @config-SEQ { ++ description = "NAME.dtb"; ++ fdt = "fdt-SEQ"; ++ fit,firmware = "op-tee", "u-boot"; ++ fit,loadables; ++ }; ++ }; ++ }; ++ }; ++#endif + }; + + &wdog1 { +diff --git a/arch/arm/mach-imx/mx6/Kconfig b/arch/arm/mach-imx/mx6/Kconfig +index 15ee2b933f69..bd8b23f642cc 100644 +--- a/arch/arm/mach-imx/mx6/Kconfig ++++ b/arch/arm/mach-imx/mx6/Kconfig +@@ -160,6 +160,7 @@ config TARGET_COLIBRI_IMX6 + select DM_SERIAL + select DM_THERMAL + select SUPPORT_SPL ++ select BINMAN if SPL_OPTEE_IMAGE + imply CMD_DM + + config TARGET_COLIBRI_IMX6ULL +-- +2.34.1 + diff --git a/recipes-bsp/u-boot/files/optee-colibri-imx6.cfg b/recipes-bsp/u-boot/files/optee-colibri-imx6.cfg new file mode 100644 index 0000000..06ab045 --- /dev/null +++ b/recipes-bsp/u-boot/files/optee-colibri-imx6.cfg @@ -0,0 +1,10 @@ +CONFIG_SPL_SYS_MALLOC_SIZE=0x200000 +CONFIG_SPL_LOAD_FIT=y +CONFIG_SPL_OPTEE_IMAGE=y +CONFIG_SKIP_LOWLEVEL_INIT=y +SYS_ICACHE_OFF=y +SYS_DCACHE_OFF=y +CONFIG_SYS_L2CACHE_OFF=y +CONFIG_SYS_L2_PL310=n +CONFIG_HAS_CUSTOM_SYS_INIT_SP_ADDR=y +CONFIG_CUSTOM_SYS_INIT_SP_ADDR=0x11200000 diff --git a/recipes-bsp/u-boot/u-boot-optee.inc b/recipes-bsp/u-boot/u-boot-optee.inc index 9c424e8..4a5e44a 100644 --- a/recipes-bsp/u-boot/u-boot-optee.inc +++ b/recipes-bsp/u-boot/u-boot-optee.inc @@ -9,4 +9,34 @@ SRC_URI:append:verdin-imx8mm = "\ file://0001-imx8mm-binman-add-tee-node.patch \ " +SRC_URI:append:colibri-imx6 = "\ + file://0001-toradex-imx6dl-add-support-to-boot-OP-TEE-from-SPL.patch \ + file://optee-colibri-imx6.cfg \ +" + +EXTRA_OEMAKE:append:colibri-imx6 = " TEE=tee.bin" + +copy_optee_binary_to_uboot() { + for config in ${UBOOT_MACHINE}; do + i=$(expr $i + 1); + for type in ${UBOOT_CONFIG}; do + j=$(expr $j + 1); + if [ $j -eq $i ]; then + bbnote "Copying tee.bin from ${DEPLOY_DIR_IMAGE} to ${B}/${config}/". + cp ${DEPLOY_DIR_IMAGE}/tee.bin ${B}/${config}/ + fi + done + unset j + done + unset i +} +do_prepare_uboot_for_optee() { + bbnote "Nothing to be done for machine ${MACHINE}" +} +do_prepare_uboot_for_optee:colibri-imx6() { + copy_optee_binary_to_uboot +} +do_prepare_uboot_for_optee[depends] += "optee-os:do_deploy" +addtask do_prepare_uboot_for_optee before do_compile after do_configure + IMX_BOOT_CONTAINER_FIRMWARE:append = "tee.bin" diff --git a/recipes-kernel/linux/files/0001-ARM-dts-imx6qdl-colibri-add-OP-TEE-related-nodes.patch b/recipes-kernel/linux/files/0001-ARM-dts-imx6qdl-colibri-add-OP-TEE-related-nodes.patch new file mode 100644 index 0000000..fb4c5d3 --- /dev/null +++ b/recipes-kernel/linux/files/0001-ARM-dts-imx6qdl-colibri-add-OP-TEE-related-nodes.patch @@ -0,0 +1,49 @@ +From 7bf1b77e67368dc28e246321e14446edd7f27961 Mon Sep 17 00:00:00 2001 +From: Sergio Prado +Date: Thu, 28 Nov 2024 17:04:26 -0300 +Subject: [PATCH] ARM: dts: imx6qdl-colibri: add OP-TEE related nodes + +Upstream-Status: Pending + +Signed-off-by: Sergio Prado +--- + .../arm/boot/dts/nxp/imx/imx6qdl-colibri.dtsi | 23 +++++++++++++++++++ + 1 file changed, 23 insertions(+) + +diff --git a/arch/arm/boot/dts/nxp/imx/imx6qdl-colibri.dtsi b/arch/arm/boot/dts/nxp/imx/imx6qdl-colibri.dtsi +index 2ad39392fd2f..cd58b9c17148 100644 +--- a/arch/arm/boot/dts/nxp/imx/imx6qdl-colibri.dtsi ++++ b/arch/arm/boot/dts/nxp/imx/imx6qdl-colibri.dtsi +@@ -12,6 +12,29 @@ / { + model = "Toradex Colibri iMX6DL/S Module"; + compatible = "toradex,colibri_imx6dl", "fsl,imx6dl"; + ++ reserved-memory { ++ #address-cells = <1>; ++ #size-cells = <1>; ++ ranges; ++ ++ optee@1c000000 { ++ reg = <0x1c000000 0x01000000>; ++ no-map; ++ }; ++ }; ++ ++ firmware { ++ optee { ++ compatible = "linaro,optee-tz"; ++ method = "smc"; ++ }; ++ }; ++ ++ psci { ++ compatible = "arm,psci-1.0"; ++ method = "smc"; ++ }; ++ + aliases { + mmc0 = &usdhc3; /* eMMC */ + mmc1 = &usdhc1; /* MMC/SD Slot */ +-- +2.34.1 + diff --git a/recipes-kernel/linux/linux-optee.inc b/recipes-kernel/linux/linux-optee.inc index 8aff8a0..5f59b9d 100644 --- a/recipes-kernel/linux/linux-optee.inc +++ b/recipes-kernel/linux/linux-optee.inc @@ -2,3 +2,7 @@ SRC_URI:append = "\ file://optee.cfg \ ${@oe.utils.conditional('TDX_OPTEE_FTPM', '1', 'file://optee-ftpm.cfg', '', d)} \ " + +SRC_URI:append:colibri-imx6 = "\ + file://0001-ARM-dts-imx6qdl-colibri-add-OP-TEE-related-nodes.patch \ +" diff --git a/recipes-security/optee/include/optee-tdx-colibri-imx6.inc b/recipes-security/optee/include/optee-tdx-colibri-imx6.inc new file mode 100644 index 0000000..5768a25 --- /dev/null +++ b/recipes-security/optee/include/optee-tdx-colibri-imx6.inc @@ -0,0 +1,17 @@ +# compatible machine in OP-TEE source code +OPTEEMACHINE = "imx-mx6dlsabresd" + +# required by NXP OP-TEE recipe +PLATFORM_FLAVOR = "mx6dlsabresd" + +# uart base address (to print debug messages) +UART_BASE_ADDR = "0x02020000" + +# extra arguments to build OP-TEE OS +OPTEE_OS_EXTRA_MACHINE_ARGS = "\ + CFG_DDR_SIZE=0x20000000 \ + CFG_NS_ENTRY_ADDR=0x17800000 \ + CFG_TZDRAM_START=0x1c000000 \ + CFG_TZDRAM_SIZE=0x01000000 \ + CFG_DT=n \ +" From 4a195e846f0500629a3662f26252903a8a3984c3 Mon Sep 17 00:00:00 2001 From: Sergio Prado Date: Wed, 18 Dec 2024 21:52:32 -0300 Subject: [PATCH 6/7] optee: add support for Colibri iMX7 (eMMC) Signed-off-by: Sergio Prado --- classes/tdx-optee-colibri-imx7-emmc.inc | 9 + classes/tdx-optee.bbclass | 1 + ...1-board-colibri_imx7-add-SPL-support.patch | 511 ++++++++++++++++++ ...-add-support-to-boot-OP-TEE-from-SPL.patch | 108 ++++ .../u-boot/files/optee-colibri-imx7-emmc.cfg | 13 + recipes-bsp/u-boot/u-boot-optee.inc | 37 +- ...olibri-emmc-add-OP-TEE-related-nodes.patch | 49 ++ recipes-kernel/linux/linux-optee.inc | 4 + .../include/optee-tdx-colibri-imx7-emmc.inc | 16 + 9 files changed, 737 insertions(+), 11 deletions(-) create mode 100644 classes/tdx-optee-colibri-imx7-emmc.inc create mode 100644 recipes-bsp/u-boot/files/0001-board-colibri_imx7-add-SPL-support.patch create mode 100644 recipes-bsp/u-boot/files/0001-toradex-imx7d-add-support-to-boot-OP-TEE-from-SPL.patch create mode 100644 recipes-bsp/u-boot/files/optee-colibri-imx7-emmc.cfg create mode 100644 recipes-kernel/linux/files/0001-ARM-dts-imx7d-colibri-emmc-add-OP-TEE-related-nodes.patch create mode 100644 recipes-security/optee/include/optee-tdx-colibri-imx7-emmc.inc diff --git a/classes/tdx-optee-colibri-imx7-emmc.inc b/classes/tdx-optee-colibri-imx7-emmc.inc new file mode 100644 index 0000000..b6b70db --- /dev/null +++ b/classes/tdx-optee-colibri-imx7-emmc.inc @@ -0,0 +1,9 @@ +# U-Boot configuration +UBOOT_SUFFIX:forcevariable = "itb" +UBOOT_BINARY:forcevariable = "u-boot.${UBOOT_SUFFIX}" +UBOOT_MAKE_TARGET:forcevariable = "" +SPL_BINARY="SPL" + +# Easy Installer configuration +OFFSET_BOOTROM_PAYLOAD="2" +OFFSET_SPL_PAYLOAD="138" diff --git a/classes/tdx-optee.bbclass b/classes/tdx-optee.bbclass index a655699..f889267 100644 --- a/classes/tdx-optee.bbclass +++ b/classes/tdx-optee.bbclass @@ -47,6 +47,7 @@ validate_optee_support[eventmask] = "bb.event.SanityCheck" python validate_optee_support() { supported_machines = [ 'colibri-imx6', + 'colibri-imx7-emmc', 'verdin-imx8mp', 'verdin-imx8mm', 'verdin-am62', diff --git a/recipes-bsp/u-boot/files/0001-board-colibri_imx7-add-SPL-support.patch b/recipes-bsp/u-boot/files/0001-board-colibri_imx7-add-SPL-support.patch new file mode 100644 index 0000000..1b999fa --- /dev/null +++ b/recipes-bsp/u-boot/files/0001-board-colibri_imx7-add-SPL-support.patch @@ -0,0 +1,511 @@ +From a759f13f4eddef64d9ccbe9544f6f762903a6a1b Mon Sep 17 00:00:00 2001 +From: Sergio Prado +Date: Tue, 10 Dec 2024 06:00:40 -0300 +Subject: [PATCH] board: colibri_imx7: add SPL support + +Upstream-Status: Pending + +Signed-off-by: Sergio Prado +--- + arch/arm/mach-imx/mx7/Kconfig | 1 + + board/toradex/colibri_imx7/Kconfig | 3 - + board/toradex/colibri_imx7/Makefile | 2 +- + board/toradex/colibri_imx7/colibri_imx7.c | 4 +- + board/toradex/colibri_imx7/imximage.cfg | 148 ---------------------- + board/toradex/colibri_imx7/spl.c | 148 ++++++++++++++++++++++ + configs/colibri_imx7_defconfig | 11 +- + configs/colibri_imx7_emmc_defconfig | 7 +- + drivers/serial/serial_mxc.c | 8 +- + include/configs/colibri_imx7.h | 3 + + 10 files changed, 177 insertions(+), 158 deletions(-) + delete mode 100644 board/toradex/colibri_imx7/imximage.cfg + create mode 100644 board/toradex/colibri_imx7/spl.c + +diff --git a/arch/arm/mach-imx/mx7/Kconfig b/arch/arm/mach-imx/mx7/Kconfig +index 3c0208e13dda..9220335022b9 100644 +--- a/arch/arm/mach-imx/mx7/Kconfig ++++ b/arch/arm/mach-imx/mx7/Kconfig +@@ -94,6 +94,7 @@ config TARGET_COLIBRI_IMX7 + select DM_SERIAL + select DM_THERMAL + select MX7D ++ select SUPPORT_SPL + imply CMD_DM + + endchoice +diff --git a/board/toradex/colibri_imx7/Kconfig b/board/toradex/colibri_imx7/Kconfig +index 87c416ac2fac..d33ec635238e 100644 +--- a/board/toradex/colibri_imx7/Kconfig ++++ b/board/toradex/colibri_imx7/Kconfig +@@ -71,9 +71,6 @@ config TDX_CFG_BLOCK_OFFSET + + endif + +-config IMX_CONFIG +- default "board/toradex/colibri_imx7/imximage.cfg" +- + source "board/toradex/common/Kconfig" + + endif +diff --git a/board/toradex/colibri_imx7/Makefile b/board/toradex/colibri_imx7/Makefile +index b212ff0f26fb..b987316cc96d 100644 +--- a/board/toradex/colibri_imx7/Makefile ++++ b/board/toradex/colibri_imx7/Makefile +@@ -1,4 +1,4 @@ + # SPDX-License-Identifier: GPL-2.0+ + # Copyright (C) 2016 Toradex AG + +-obj-y := colibri_imx7.o ++obj-y := colibri_imx7.o spl.o +diff --git a/board/toradex/colibri_imx7/colibri_imx7.c b/board/toradex/colibri_imx7/colibri_imx7.c +index c37c5e0af6d9..fd5bfba152c1 100644 +--- a/board/toradex/colibri_imx7/colibri_imx7.c ++++ b/board/toradex/colibri_imx7/colibri_imx7.c +@@ -100,7 +100,7 @@ static iomux_v3_cfg_t const gpmi_pads[] = { + MX7D_PAD_SAI1_TX_DATA__NAND_READY_B | MUX_PAD_CTRL(NAND_PAD_READY0_CTRL), + }; + +-static void setup_gpmi_nand(void) ++void setup_gpmi_nand(void) + { + imx_iomux_v3_setup_multiple_pads(gpmi_pads, ARRAY_SIZE(gpmi_pads)); + +@@ -217,7 +217,7 @@ int board_init(void) + return 0; + } + +-#ifdef CONFIG_DM_PMIC ++#if (defined(CONFIG_DM_PMIC) && !defined(CONFIG_SPL_BUILD)) + int power_init_board(void) + { + struct udevice *dev; +diff --git a/board/toradex/colibri_imx7/imximage.cfg b/board/toradex/colibri_imx7/imximage.cfg +deleted file mode 100644 +index 41b3577b10dc..000000000000 +--- a/board/toradex/colibri_imx7/imximage.cfg ++++ /dev/null +@@ -1,148 +0,0 @@ +-/* SPDX-License-Identifier: GPL-2.0+ */ +-/* +- * Copyright (C) 2015 Freescale Semiconductor, Inc. +- * 2015 Toradex AG +- * +- * Refer doc/imx/mkimage/imximage.txt for more details about how-to configure +- * and create imximage boot image +- * +- * The syntax is taken as close as possible with the kwbimage +- */ +- +-#include +- +-/* image version */ +- +-IMAGE_VERSION 2 +- +-/* +- * Boot Device : sd +- */ +- +-BOOT_FROM sd +- +-/* +- * Secure boot support +- */ +-#ifdef CONFIG_IMX_HAB +-CSF CONFIG_CSF_SIZE +-#endif +- +-/* +- * Device Configuration Data (DCD) +- * +- * Each entry must have the format: +- * Addr-type Address Value +- * +- * where: +- * Addr-type register length (1,2 or 4 bytes) +- * Address absolute address of the register +- * value value to be stored in the register +- */ +- +-/* IOMUXC_GPR_GPR1 */ +-DATA 4 0x30340004 0x4F400005 +- +-/* DDR3L */ +-/* assuming MEMC_FREQ_RATIO = 2 */ +-/* SRC_DDRC_RCR */ +-DATA 4 0x30391000 0x00000002 +-/* DDRC_MSTR */ +-DATA 4 0x307a0000 0x01040001 +-/* DDRC_DFIUPD0 */ +-DATA 4 0x307a01a0 0x80400003 +-/* DDRC_DFIUPD1 */ +-DATA 4 0x307a01a4 0x00100020 +-/* DDRC_DFIUPD2 */ +-DATA 4 0x307a01a8 0x80100004 +-/* DDRC_RFSHTMG */ +-DATA 4 0x307a0064 0x00400046 +-/* DDRC_MP_PCTRL_0 */ +-DATA 4 0x307a0490 0x00000001 +-/* DDRC_INIT0 */ +-DATA 4 0x307a00d0 0x00020083 +-/* DDRC_INIT1 */ +-DATA 4 0x307a00d4 0x00690000 +-/* DDRC_INIT3 MR0/MR1 */ +-DATA 4 0x307a00dc 0x09300004 +-/* DDRC_INIT4 MR2/MR3 */ +-DATA 4 0x307a00e0 0x04480000 +-/* DDRC_INIT5 */ +-DATA 4 0x307a00e4 0x00100004 +-/* DDRC_RANKCTL */ +-DATA 4 0x307a00f4 0x0000033f +-/* DDRC_DRAMTMG0 */ +-DATA 4 0x307a0100 0x0910090a +-/* DDRC_DRAMTMG1 */ +-DATA 4 0x307a0104 0x000d020e +-/* DDRC_DRAMTMG2 */ +-DATA 4 0x307a0108 0x03040307 +-/* DDRC_DRAMTMG3 */ +-DATA 4 0x307a010c 0x00002006 +-/* DDRC_DRAMTMG4 */ +-DATA 4 0x307a0110 0x04020204 +-/* DDRC_DRAMTMG5 */ +-DATA 4 0x307a0114 0x03030202 +-/* DDRC_DRAMTMG8 */ +-DATA 4 0x307a0120 0x00000803 +-/* DDRC_ZQCTL0 */ +-DATA 4 0x307a0180 0x00800020 +-/* DDRC_ZQCTL1 */ +-DATA 4 0x307a0184 0x02001000 +-/* DDRC_DFITMG0 */ +-DATA 4 0x307a0190 0x02098204 +-/* DDRC_DFITMG1 */ +-DATA 4 0x307a0194 0x00030303 +-/* DDRC_ADDRMAP0 */ +-DATA 4 0x307a0200 0x0000001f +-/* DDRC_ADDRMAP1 */ +-DATA 4 0x307a0204 0x00080808 +-/* DDRC_ADDRMAP5 */ +-DATA 4 0x307a0214 0x07070707 +-/* DDRC_ADDRMAP6 */ +-DATA 4 0x307a0218 0x07070707 +-/* DDRC_ODTCFG */ +-DATA 4 0x307a0240 0x06000601 +-/* DDRC_ODTMAP */ +-DATA 4 0x307a0244 0x00000001 +-/* SRC_DDRC_RCR */ +-DATA 4 0x30391000 0x00000000 +-/* DDR_PHY_PHY_CON0 */ +-DATA 4 0x30790000 0x17420f40 +-/* DDR_PHY_PHY_CON1 */ +-DATA 4 0x30790004 0x10210100 +-/* DDR_PHY_PHY_CON4 */ +-DATA 4 0x30790010 0x00060807 +-/* DDR_PHY_MDLL_CON0 */ +-DATA 4 0x307900b0 0x1010007e +-/* DDR_PHY_DRVDS_CON0 */ +-DATA 4 0x3079009c 0x00000d6e +-/* DDR_PHY_OFFSET_RD_CON0 */ +-DATA 4 0x30790020 0x08080808 +-/* DDR_PHY_OFFSET_WR_CON0 */ +-DATA 4 0x30790030 0x08080808 +-/* DDR_PHY_CMD_SDLL_CON0 */ +-DATA 4 0x30790050 0x01000010 +-DATA 4 0x30790050 0x00000010 +- +-/* DDR_PHY_ZQ_CON0 */ +-DATA 4 0x307900c0 0x0e407304 +-DATA 4 0x307900c0 0x0e447304 +-DATA 4 0x307900c0 0x0e447306 +-/* DDR_PHY_ZQ_CON1 */ +-CHECK_BITS_SET 4 0x307900c4 0x1 +-/* DDR_PHY_ZQ_CON0 */ +-DATA 4 0x307900c0 0x0e447304 +-DATA 4 0x307900c0 0x0e407304 +- +-/* CCM_CCGRn */ +-DATA 4 0x30384130 0x00000000 +-/* IOMUXC_GPR_GPR8 */ +-DATA 4 0x30340020 0x00000178 +-/* CCM_CCGRn */ +-DATA 4 0x30384130 0x00000002 +-/* DDR_PHY_LP_CON0 */ +-DATA 4 0x30790018 0x0000000f +- +-/* DDRC_STAT */ +-CHECK_BITS_SET 4 0x307a0004 0x1 +diff --git a/board/toradex/colibri_imx7/spl.c b/board/toradex/colibri_imx7/spl.c +new file mode 100644 +index 000000000000..19eb4a7a9740 +--- /dev/null ++++ b/board/toradex/colibri_imx7/spl.c +@@ -0,0 +1,148 @@ ++// SPDX-License-Identifier: GPL-2.0+ ++/* ++ * Copyright (C) 2024 Embedded Labworks ++ * ++ * Author: Sergio Prado ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#if defined(CONFIG_SPL_BUILD) ++ ++static struct ddrc ddrc_regs_val = { ++ .mstr = 0x01040001, ++ .init1 = 0x00690000, ++ .init0 = 0x00020083, ++ .init3 = 0x09300004, ++ .init4 = 0x04480000, ++ .init5 = 0x00100004, ++ .rankctl = 0x0000033f, ++ .dramtmg0 = 0x0910090a, ++ .dramtmg1 = 0x000d020e, ++ .dramtmg2 = 0x03040307, ++ .dramtmg3 = 0x00002006, ++ .dramtmg4 = 0x04020204, ++ .dramtmg5 = 0x03030202, ++ .dramtmg8 = 0x00000803, ++ .zqctl0 = 0x00800020, ++ .zqctl1 = 0x02001000, ++ .dfitmg0 = 0x02098204, ++ .dfitmg1 = 0x00030303, ++ .dfiupd0 = 0x80400003, ++ .dfiupd1 = 0x00100020, ++ .dfiupd2 = 0x80100004, ++ .odtcfg = 0x06000601, ++ .odtmap = 0x00000001, ++ .rfshtmg = 0x00400046, ++ .addrmap0 = 0x0000001f, ++ .addrmap1 = 0x00080808, ++ .addrmap5 = 0x07070707, ++ .addrmap6 = 0x07070707, ++}; ++ ++static struct ddrc_mp ddrc_mp_val = { ++ .pctrl_0 = 0x00000001, ++}; ++ ++static struct ddr_phy ddr_phy_regs_val = { ++ .phy_con0 = 0x17420f40, ++ .phy_con1 = 0x10210100, ++ .phy_con4 = 0x00060807, ++ .mdll_con0 = 0x1010007e, ++ .drvds_con0 = 0x00000d6e, ++ .cmd_sdll_con0 = 0x00000010, ++ .offset_lp_con0 = 0x0000000f, ++ .offset_rd_con0 = 0x08080808, ++ .offset_wr_con0 = 0x08080808, ++}; ++ ++static struct mx7_calibration calib_param = { ++ .num_val = 5, ++ .values = { ++ 0x0e407304, ++ 0x0e447304, ++ 0x0e447306, ++ 0x0e447304, ++ 0x0e407304, ++ }, ++}; ++ ++static void ddr_init(void) ++{ ++ mx7_dram_cfg(&ddrc_regs_val, &ddrc_mp_val, &ddr_phy_regs_val, ++ &calib_param); ++} ++ ++static void gpr_init(void) ++{ ++ struct iomuxc_gpr_base_regs *gpr_regs = ++ (struct iomuxc_gpr_base_regs *)IOMUXC_GPR_BASE_ADDR; ++ ++ writel(0x4F400005, &gpr_regs->gpr[1]); ++ writel(0x00000178, &gpr_regs->gpr[8]); ++} ++ ++void board_init_f(ulong dummy) ++{ ++ arch_cpu_init(); ++ gpr_init(); ++ board_early_init_f(); ++ timer_init(); ++ preloader_console_init(); ++ ddr_init(); ++ memset(__bss_start, 0, __bss_end - __bss_start); ++#ifdef CONFIG_TARGET_COLIBRI_IMX7_NAND ++ setup_gpmi_nand(); ++#endif ++ board_init_r(NULL, 0); ++} ++ ++#define USDHC_PAD_CTRL (PAD_CTL_DSE_3P3V_32OHM | PAD_CTL_SRE_SLOW | \ ++ PAD_CTL_HYS | PAD_CTL_PUE | PAD_CTL_PUS_PU47KOHM) ++ ++static iomux_v3_cfg_t const usdhc3_emmc_pads[] = { ++ MX7D_PAD_SD3_CLK__SD3_CLK | MUX_PAD_CTRL(USDHC_PAD_CTRL), ++ MX7D_PAD_SD3_CMD__SD3_CMD | MUX_PAD_CTRL(USDHC_PAD_CTRL), ++ MX7D_PAD_SD3_DATA0__SD3_DATA0 | MUX_PAD_CTRL(USDHC_PAD_CTRL), ++ MX7D_PAD_SD3_DATA1__SD3_DATA1 | MUX_PAD_CTRL(USDHC_PAD_CTRL), ++ MX7D_PAD_SD3_DATA2__SD3_DATA2 | MUX_PAD_CTRL(USDHC_PAD_CTRL), ++ MX7D_PAD_SD3_DATA3__SD3_DATA3 | MUX_PAD_CTRL(USDHC_PAD_CTRL), ++ MX7D_PAD_SD3_DATA4__SD3_DATA4 | MUX_PAD_CTRL(USDHC_PAD_CTRL), ++ MX7D_PAD_SD3_DATA5__SD3_DATA5 | MUX_PAD_CTRL(USDHC_PAD_CTRL), ++ MX7D_PAD_SD3_DATA6__SD3_DATA6 | MUX_PAD_CTRL(USDHC_PAD_CTRL), ++ MX7D_PAD_SD3_DATA7__SD3_DATA7 | MUX_PAD_CTRL(USDHC_PAD_CTRL), ++ MX7D_PAD_SD3_STROBE__SD3_STROBE | MUX_PAD_CTRL(USDHC_PAD_CTRL), ++}; ++ ++int board_mmc_init(struct bd_info *bis) ++{ ++ static struct fsl_esdhc_cfg usdhc_cfg; ++ int ret = 0; ++ ++ imx_iomux_v3_setup_multiple_pads(usdhc3_emmc_pads, ++ ARRAY_SIZE(usdhc3_emmc_pads)); ++ ++ usdhc_cfg.esdhc_base = USDHC3_BASE_ADDR; ++ usdhc_cfg.sdhc_clk = mxc_get_clock(MXC_ESDHC3_CLK); ++ usdhc_cfg.max_bus_width = 8; ++ ++ ret = fsl_esdhc_initialize(bis, &usdhc_cfg); ++ if (ret) ++ log_err("Error: could not initialize MMC. (%d)\n", ret); ++ ++ return ret; ++} ++ ++int board_mmc_getcd(struct mmc *mmc) ++{ ++ return 1; /* assume uSDHC3 emmc is always present */ ++} ++ ++#endif /* CONFIG_SPL_BUILD */ +diff --git a/configs/colibri_imx7_defconfig b/configs/colibri_imx7_defconfig +index 47c2ffcc84e5..24a8131d05fe 100644 +--- a/configs/colibri_imx7_defconfig ++++ b/configs/colibri_imx7_defconfig +@@ -1,6 +1,8 @@ + CONFIG_ARM=y + CONFIG_ARCH_MX7=y + CONFIG_SYS_MALLOC_LEN=0x2000000 ++CONFIG_SPL_LIBCOMMON_SUPPORT=y ++CONFIG_SPL_LIBGENERIC_SUPPORT=y + CONFIG_NR_DRAM_BANKS=1 + CONFIG_ENV_SIZE=0x20000 + CONFIG_ENV_OFFSET=0x380000 +@@ -8,9 +10,11 @@ CONFIG_DM_GPIO=y + CONFIG_DEFAULT_DEVICE_TREE="imx7d-colibri-eval-v3" + CONFIG_TARGET_COLIBRI_IMX7=y + CONFIG_OF_LIBFDT_OVERLAY=y ++CONFIG_SPL_SERIAL=y ++CONFIG_SPL_BSS_MAX_SIZE=0x100000 ++CONFIG_SPL=y + CONFIG_IMX_RDC=y + CONFIG_IMX_BOOTAUX=y +-CONFIG_IMX_HAB=y + CONFIG_SYS_LOAD_ADDR=0x84200000 + CONFIG_OF_BOARD_FIXUP=y + CONFIG_SYS_MEMTEST_START=0x80000000 +@@ -28,6 +32,9 @@ CONFIG_SYS_CONSOLE_IS_IN_ENV=y + # CONFIG_DISPLAY_BOARDINFO is not set + CONFIG_DISPLAY_BOARDINFO_LATE=y + CONFIG_BOARD_LATE_INIT=y ++CONFIG_SPL_SYS_MALLOC=y ++CONFIG_SPL_DMA=y ++CONFIG_SPL_NAND_SUPPORT=y + CONFIG_SYS_PROMPT="Colibri iMX7 # " + CONFIG_SYS_MAXARGS=32 + # CONFIG_BOOTM_PLAN9 is not set +@@ -87,6 +94,8 @@ CONFIG_MTD_RAW_NAND=y + CONFIG_SYS_NAND_USE_FLASH_BBT=y + CONFIG_NAND_MXS_DT=y + CONFIG_SYS_NAND_ONFI_DETECTION=y ++CONFIG_SYS_NAND_U_BOOT_LOCATIONS=y ++CONFIG_SYS_NAND_U_BOOT_OFFS=0xC0000 + CONFIG_MTD_UBI_FASTMAP=y + CONFIG_PHYLIB=y + CONFIG_PHY_MICREL=y +diff --git a/configs/colibri_imx7_emmc_defconfig b/configs/colibri_imx7_emmc_defconfig +index 001f2f92229f..b0b2d97ccf34 100644 +--- a/configs/colibri_imx7_emmc_defconfig ++++ b/configs/colibri_imx7_emmc_defconfig +@@ -1,6 +1,8 @@ + CONFIG_ARM=y + CONFIG_ARCH_MX7=y + CONFIG_SYS_MALLOC_LEN=0x2000000 ++CONFIG_SPL_LIBCOMMON_SUPPORT=y ++CONFIG_SPL_LIBGENERIC_SUPPORT=y + CONFIG_ENV_SIZE=0x2000 + CONFIG_ENV_OFFSET=0xFFFFDE00 + CONFIG_DM_GPIO=y +@@ -8,9 +10,12 @@ CONFIG_DEFAULT_DEVICE_TREE="imx7d-colibri-emmc-eval-v3" + CONFIG_TARGET_COLIBRI_IMX7=y + CONFIG_TARGET_COLIBRI_IMX7_EMMC=y + CONFIG_OF_LIBFDT_OVERLAY=y ++CONFIG_SPL_MMC=y ++CONFIG_SPL_SERIAL=y ++CONFIG_SPL_BSS_MAX_SIZE=0x100000 ++CONFIG_SPL=y + CONFIG_IMX_RDC=y + CONFIG_IMX_BOOTAUX=y +-CONFIG_IMX_HAB=y + CONFIG_SYS_LOAD_ADDR=0x84200000 + CONFIG_SYS_MEMTEST_START=0x80000000 + CONFIG_SYS_MEMTEST_END=0x8c000000 +diff --git a/drivers/serial/serial_mxc.c b/drivers/serial/serial_mxc.c +index cc85a502726e..6ab876a9ab4f 100644 +--- a/drivers/serial/serial_mxc.c ++++ b/drivers/serial/serial_mxc.c +@@ -215,6 +215,10 @@ static void _mxc_serial_setbrg(struct mxc_uart *base, unsigned long clk, + #error "define CFG_MXC_UART_BASE to use the MXC UART driver" + #endif + ++#ifndef CFG_MXC_UART_USE_DTE ++#define CFG_MXC_UART_USE_DTE false ++#endif ++ + #define mxc_base ((struct mxc_uart *)CFG_MXC_UART_BASE) + + static void mxc_serial_setbrg(void) +@@ -224,7 +228,7 @@ static void mxc_serial_setbrg(void) + if (!gd->baudrate) + gd->baudrate = CONFIG_BAUDRATE; + +- _mxc_serial_setbrg(mxc_base, clk, gd->baudrate, false); ++ _mxc_serial_setbrg(mxc_base, clk, gd->baudrate, CFG_MXC_UART_USE_DTE); + } + + static int mxc_serial_getc(void) +@@ -262,7 +266,7 @@ static int mxc_serial_tstc(void) + */ + static int mxc_serial_init(void) + { +- _mxc_serial_init(mxc_base, false); ++ _mxc_serial_init(mxc_base, CFG_MXC_UART_USE_DTE); + + serial_setbrg(); + +diff --git a/include/configs/colibri_imx7.h b/include/configs/colibri_imx7.h +index 33133a0b96e1..995e769212c5 100644 +--- a/include/configs/colibri_imx7.h ++++ b/include/configs/colibri_imx7.h +@@ -13,6 +13,9 @@ + + #include "mx7_common.h" + ++#define CFG_MXC_UART_BASE UART1_IPS_BASE_ADDR ++#define CFG_MXC_UART_USE_DTE true ++ + /* MMC Config*/ + #define CFG_SYS_FSL_ESDHC_ADDR 0 + #ifdef CONFIG_TARGET_COLIBRI_IMX7_NAND +-- +2.34.1 + diff --git a/recipes-bsp/u-boot/files/0001-toradex-imx7d-add-support-to-boot-OP-TEE-from-SPL.patch b/recipes-bsp/u-boot/files/0001-toradex-imx7d-add-support-to-boot-OP-TEE-from-SPL.patch new file mode 100644 index 0000000..4e72d50 --- /dev/null +++ b/recipes-bsp/u-boot/files/0001-toradex-imx7d-add-support-to-boot-OP-TEE-from-SPL.patch @@ -0,0 +1,108 @@ +From 1fdb34d8657601c609658a6910fce1eb46d7d24f Mon Sep 17 00:00:00 2001 +From: Sergio Prado +Date: Tue, 17 Dec 2024 21:39:32 -0300 +Subject: [PATCH] toradex: imx7d: add support to boot OP-TEE from SPL + +Upstream-Status: Pending + +Signed-off-by: Sergio Prado +--- + arch/arm/dts/imx7d-colibri-emmc.dtsi | 62 ++++++++++++++++++++++++++++ + arch/arm/mach-imx/mx7/Kconfig | 1 + + 2 files changed, 63 insertions(+) + +diff --git a/arch/arm/dts/imx7d-colibri-emmc.dtsi b/arch/arm/dts/imx7d-colibri-emmc.dtsi +index 2fb4d2133a1b..a31d64ef7571 100644 +--- a/arch/arm/dts/imx7d-colibri-emmc.dtsi ++++ b/arch/arm/dts/imx7d-colibri-emmc.dtsi +@@ -5,6 +5,7 @@ + + #include "imx7d.dtsi" + #include "imx7-colibri.dtsi" ++#include + + / { + aliases { +@@ -17,6 +18,67 @@ + device_type = "memory"; + reg = <0x80000000 0x40000000>; + }; ++ ++#if defined(CONFIG_SPL_OPTEE_IMAGE) ++ reserved-memory { ++ #address-cells = <1>; ++ #size-cells = <1>; ++ ranges; ++ ++ optee@8c000000 { ++ reg = <0x8c000000 0x01000000>; ++ no-map; ++ }; ++ }; ++ ++ binman { ++ fit { ++ description = "FIT image with OP-TEE"; ++ fit,fdt-list = "of-list"; ++ #address-cells = <1>; ++ filename = "u-boot.itb"; ++ images { ++ u-boot { ++ description = "U-Boot"; ++ type = "standalone"; ++ os = "U-Boot"; ++ arch = "arm"; ++ compression = "none"; ++ load = ; ++ entry = ; ++ u-boot-nodtb { ++ }; ++ }; ++ op-tee { ++ description = "OP-TEE"; ++ type = "tee"; ++ arch = "arm"; ++ os = "tee"; ++ compression = "none"; ++ load = <0x8c000000>; ++ entry = <0x8c000000>; ++ tee-os { ++ }; ++ }; ++ @fdt-SEQ { ++ description = "fdt-NAME"; ++ compression = "none"; ++ type = "flat_dt"; ++ arch = "arm"; ++ }; ++ }; ++ configurations { ++ default = "@config-DEFAULT-SEQ"; ++ @config-SEQ { ++ description = "NAME.dtb"; ++ fdt = "fdt-SEQ"; ++ fit,firmware = "op-tee", "u-boot"; ++ fit,loadables; ++ }; ++ }; ++ }; ++ }; ++#endif + }; + + &cpu1 { +diff --git a/arch/arm/mach-imx/mx7/Kconfig b/arch/arm/mach-imx/mx7/Kconfig +index 9220335022b9..23018074d632 100644 +--- a/arch/arm/mach-imx/mx7/Kconfig ++++ b/arch/arm/mach-imx/mx7/Kconfig +@@ -95,6 +95,7 @@ config TARGET_COLIBRI_IMX7 + select DM_THERMAL + select MX7D + select SUPPORT_SPL ++ select BINMAN if SPL_OPTEE_IMAGE + imply CMD_DM + + endchoice +-- +2.34.1 + diff --git a/recipes-bsp/u-boot/files/optee-colibri-imx7-emmc.cfg b/recipes-bsp/u-boot/files/optee-colibri-imx7-emmc.cfg new file mode 100644 index 0000000..2218a9f --- /dev/null +++ b/recipes-bsp/u-boot/files/optee-colibri-imx7-emmc.cfg @@ -0,0 +1,13 @@ +CONFIG_ARMV7_BOOT_SEC_DEFAULT=y +CONFIG_HAS_CUSTOM_SYS_INIT_SP_ADDR=y +CONFIG_CUSTOM_SYS_INIT_SP_ADDR=0x81200000 +CONFIG_SKIP_LOWLEVEL_INIT=y +CONFIG_SPL_HAS_BSS_LINKER_SECTION=y +CONFIG_SPL_SYS_MALLOC=y +CONFIG_SPL_SYS_MALLOC_SIZE=0x200000 +CONFIG_SPL_LOAD_FIT=y +CONFIG_SPL_OPTEE_IMAGE=y +CONFIG_SYS_ICACHE_OFF=y +CONFIG_SYS_DCACHE_OFF=y +CONFIG_SYS_L2CACHE_OFF=y +CONFIG_SYS_L2_PL310=n diff --git a/recipes-bsp/u-boot/u-boot-optee.inc b/recipes-bsp/u-boot/u-boot-optee.inc index 4a5e44a..4cca5bd 100644 --- a/recipes-bsp/u-boot/u-boot-optee.inc +++ b/recipes-bsp/u-boot/u-boot-optee.inc @@ -14,21 +14,33 @@ SRC_URI:append:colibri-imx6 = "\ file://optee-colibri-imx6.cfg \ " +SRC_URI:append:colibri-imx7-emmc = "\ + file://0001-board-colibri_imx7-add-SPL-support.patch \ + file://0001-toradex-imx7d-add-support-to-boot-OP-TEE-from-SPL.patch \ + file://optee-colibri-imx7-emmc.cfg \ +" + EXTRA_OEMAKE:append:colibri-imx6 = " TEE=tee.bin" +EXTRA_OEMAKE:append:colibri-imx7-emmc = " TEE=tee.bin" copy_optee_binary_to_uboot() { - for config in ${UBOOT_MACHINE}; do - i=$(expr $i + 1); - for type in ${UBOOT_CONFIG}; do - j=$(expr $j + 1); - if [ $j -eq $i ]; then - bbnote "Copying tee.bin from ${DEPLOY_DIR_IMAGE} to ${B}/${config}/". - cp ${DEPLOY_DIR_IMAGE}/tee.bin ${B}/${config}/ - fi + if [ -n "${UBOOT_CONFIG}" ]; then + for config in ${UBOOT_MACHINE}; do + i=$(expr $i + 1); + for type in ${UBOOT_CONFIG}; do + j=$(expr $j + 1); + if [ $j -eq $i ]; then + bbnote "Copying tee.bin from ${DEPLOY_DIR_IMAGE} to ${B}/${config}/". + cp ${DEPLOY_DIR_IMAGE}/tee.bin ${B}/${config}/ + fi + done + unset j done - unset j - done - unset i + unset i + else + bbnote "Copying tee.bin from ${DEPLOY_DIR_IMAGE} to ${B}/". + cp ${DEPLOY_DIR_IMAGE}/tee.bin ${B} + fi } do_prepare_uboot_for_optee() { bbnote "Nothing to be done for machine ${MACHINE}" @@ -36,6 +48,9 @@ do_prepare_uboot_for_optee() { do_prepare_uboot_for_optee:colibri-imx6() { copy_optee_binary_to_uboot } +do_prepare_uboot_for_optee:colibri-imx7-emmc() { + copy_optee_binary_to_uboot +} do_prepare_uboot_for_optee[depends] += "optee-os:do_deploy" addtask do_prepare_uboot_for_optee before do_compile after do_configure diff --git a/recipes-kernel/linux/files/0001-ARM-dts-imx7d-colibri-emmc-add-OP-TEE-related-nodes.patch b/recipes-kernel/linux/files/0001-ARM-dts-imx7d-colibri-emmc-add-OP-TEE-related-nodes.patch new file mode 100644 index 0000000..5e7160e --- /dev/null +++ b/recipes-kernel/linux/files/0001-ARM-dts-imx7d-colibri-emmc-add-OP-TEE-related-nodes.patch @@ -0,0 +1,49 @@ +From 8f99b95433165bd5ad6ce0a3a1ea172daf62eed4 Mon Sep 17 00:00:00 2001 +From: Sergio Prado +Date: Wed, 18 Dec 2024 20:47:28 -0300 +Subject: [PATCH] ARM: dts: imx7d-colibri-emmc: add OP-TEE related nodes + +Upstream-Status: Pending + +Signed-off-by: Sergio Prado +--- + .../boot/dts/nxp/imx/imx7d-colibri-emmc.dtsi | 23 +++++++++++++++++++ + 1 file changed, 23 insertions(+) + +diff --git a/arch/arm/boot/dts/nxp/imx/imx7d-colibri-emmc.dtsi b/arch/arm/boot/dts/nxp/imx/imx7d-colibri-emmc.dtsi +index 9670f45eab3b..53d4090fa8d3 100644 +--- a/arch/arm/boot/dts/nxp/imx/imx7d-colibri-emmc.dtsi ++++ b/arch/arm/boot/dts/nxp/imx/imx7d-colibri-emmc.dtsi +@@ -21,6 +21,29 @@ memory@80000000 { + device_type = "memory"; + reg = <0x80000000 0x40000000>; + }; ++ ++ reserved-memory { ++ #address-cells = <1>; ++ #size-cells = <1>; ++ ranges; ++ ++ optee@8c000000 { ++ reg = <0x8c000000 0x01000000>; ++ no-map; ++ }; ++ }; ++ ++ firmware { ++ optee { ++ compatible = "linaro,optee-tz"; ++ method = "smc"; ++ }; ++ }; ++ ++ psci { ++ compatible = "arm,psci-1.0"; ++ method = "smc"; ++ }; + }; + + &cpu1 { +-- +2.34.1 + diff --git a/recipes-kernel/linux/linux-optee.inc b/recipes-kernel/linux/linux-optee.inc index 5f59b9d..f1e85e5 100644 --- a/recipes-kernel/linux/linux-optee.inc +++ b/recipes-kernel/linux/linux-optee.inc @@ -6,3 +6,7 @@ SRC_URI:append = "\ SRC_URI:append:colibri-imx6 = "\ file://0001-ARM-dts-imx6qdl-colibri-add-OP-TEE-related-nodes.patch \ " + +SRC_URI:append:colibri-imx7-emmc = "\ + file://0001-ARM-dts-imx7d-colibri-emmc-add-OP-TEE-related-nodes.patch \ +" diff --git a/recipes-security/optee/include/optee-tdx-colibri-imx7-emmc.inc b/recipes-security/optee/include/optee-tdx-colibri-imx7-emmc.inc new file mode 100644 index 0000000..330a4f0 --- /dev/null +++ b/recipes-security/optee/include/optee-tdx-colibri-imx7-emmc.inc @@ -0,0 +1,16 @@ +# compatible machine in OP-TEE source code +OPTEEMACHINE = "imx-mx7dsabresd" + +# required by NXP OP-TEE recipe +PLATFORM_FLAVOR = "mx7dsabresd" + +# uart base address (to print debug messages) +UART_BASE_ADDR = "0x30860000" + +# extra arguments to build OP-TEE OS +OPTEE_OS_EXTRA_MACHINE_ARGS = "\ + CFG_NS_ENTRY_ADDR=0x87800000 \ + CFG_TZDRAM_START=0x8c000000 \ + CFG_TZDRAM_SIZE=0x01000000 \ + CFG_DT=n \ +" From 7c300523287d037d810df12097d6d3cd9e3f327d Mon Sep 17 00:00:00 2001 From: Sergio Prado Date: Fri, 20 Dec 2024 08:34:44 -0300 Subject: [PATCH 7/7] optee: add support for Apalis iMX6 Signed-off-by: Sergio Prado --- classes/tdx-optee-apalis-imx6.inc | 3 + classes/tdx-optee.bbclass | 1 + ...-add-support-to-boot-OP-TEE-from-SPL.patch | 108 ++++++++++++++++++ .../u-boot/files/optee-apalis-imx6.cfg | 10 ++ recipes-bsp/u-boot/u-boot-optee.inc | 9 ++ ...6qdl-apalis-add-OP-TEE-related-nodes.patch | 48 ++++++++ recipes-kernel/linux/linux-optee.inc | 4 + .../optee/include/optee-tdx-apalis-imx6.inc | 16 +++ 8 files changed, 199 insertions(+) create mode 100644 classes/tdx-optee-apalis-imx6.inc create mode 100644 recipes-bsp/u-boot/files/0001-toradex-imx6q-add-support-to-boot-OP-TEE-from-SPL.patch create mode 100644 recipes-bsp/u-boot/files/optee-apalis-imx6.cfg create mode 100644 recipes-kernel/linux/files/0001-ARM-dts-imx6qdl-apalis-add-OP-TEE-related-nodes.patch create mode 100644 recipes-security/optee/include/optee-tdx-apalis-imx6.inc diff --git a/classes/tdx-optee-apalis-imx6.inc b/classes/tdx-optee-apalis-imx6.inc new file mode 100644 index 0000000..449e79d --- /dev/null +++ b/classes/tdx-optee-apalis-imx6.inc @@ -0,0 +1,3 @@ +UBOOT_CONFIG[optee] = "apalis_imx6_defconfig,,u-boot.itb" +UBOOT_CONFIG = "optee" +UBOOT_SUFFIX = "itb" diff --git a/classes/tdx-optee.bbclass b/classes/tdx-optee.bbclass index f889267..72236e8 100644 --- a/classes/tdx-optee.bbclass +++ b/classes/tdx-optee.bbclass @@ -46,6 +46,7 @@ addhandler validate_optee_support validate_optee_support[eventmask] = "bb.event.SanityCheck" python validate_optee_support() { supported_machines = [ + 'apalis-imx6', 'colibri-imx6', 'colibri-imx7-emmc', 'verdin-imx8mp', diff --git a/recipes-bsp/u-boot/files/0001-toradex-imx6q-add-support-to-boot-OP-TEE-from-SPL.patch b/recipes-bsp/u-boot/files/0001-toradex-imx6q-add-support-to-boot-OP-TEE-from-SPL.patch new file mode 100644 index 0000000..9e7293e --- /dev/null +++ b/recipes-bsp/u-boot/files/0001-toradex-imx6q-add-support-to-boot-OP-TEE-from-SPL.patch @@ -0,0 +1,108 @@ +From ace7fb60a3067b29bfef17e9cf662ca38a02dcd2 Mon Sep 17 00:00:00 2001 +From: Sergio Prado +Date: Thu, 5 Dec 2024 09:56:10 -0300 +Subject: [PATCH] toradex: imx6q: add support to boot OP-TEE from SPL + +Upstream-Status: Pending + +Signed-off-by: Sergio Prado +--- + arch/arm/dts/imx6q-apalis-eval-u-boot.dtsi | 63 ++++++++++++++++++++++ + arch/arm/mach-imx/mx6/Kconfig | 1 + + 2 files changed, 64 insertions(+) + +diff --git a/arch/arm/dts/imx6q-apalis-eval-u-boot.dtsi b/arch/arm/dts/imx6q-apalis-eval-u-boot.dtsi +index 103605ac930d..fcb0eeedb76b 100644 +--- a/arch/arm/dts/imx6q-apalis-eval-u-boot.dtsi ++++ b/arch/arm/dts/imx6q-apalis-eval-u-boot.dtsi +@@ -4,6 +4,7 @@ + */ + + #include "imx6qdl-u-boot.dtsi" ++#include + + / { + aliases { +@@ -29,6 +30,68 @@ + wdt = <&wdog1>; + bootph-pre-ram; + }; ++ ++#if defined(CONFIG_SPL_OPTEE_IMAGE) ++ reserved-memory { ++ #address-cells = <1>; ++ #size-cells = <1>; ++ ranges; ++ ++ optee@1c000000 { ++ reg = <0x1c000000 0x01000000>; ++ no-map; ++ }; ++ }; ++ ++ binman { ++ fit { ++ description = "FIT image with OP-TEE"; ++ fit,fdt-list = "of-list"; ++ #address-cells = <1>; ++ filename = "u-boot.itb"; ++ ++ images { ++ u-boot { ++ description = "U-Boot"; ++ type = "standalone"; ++ os = "U-Boot"; ++ arch = "arm"; ++ compression = "none"; ++ load = ; ++ entry = ; ++ u-boot-nodtb { ++ }; ++ }; ++ op-tee { ++ description = "OP-TEE"; ++ type = "tee"; ++ arch = "arm"; ++ os = "tee"; ++ compression = "none"; ++ load = <0x1c000000>; ++ entry = <0x1c000000>; ++ tee-os { ++ }; ++ }; ++ @fdt-SEQ { ++ description = "fdt-NAME"; ++ compression = "none"; ++ type = "flat_dt"; ++ arch = "arm"; ++ }; ++ }; ++ configurations { ++ default = "@config-DEFAULT-SEQ"; ++ @config-SEQ { ++ description = "NAME.dtb"; ++ fdt = "fdt-SEQ"; ++ fit,firmware = "op-tee", "u-boot"; ++ fit,loadables; ++ }; ++ }; ++ }; ++ }; ++#endif + }; + + &wdog1 { +diff --git a/arch/arm/mach-imx/mx6/Kconfig b/arch/arm/mach-imx/mx6/Kconfig +index 15ee2b933f69..97ee80b3149f 100644 +--- a/arch/arm/mach-imx/mx6/Kconfig ++++ b/arch/arm/mach-imx/mx6/Kconfig +@@ -118,6 +118,7 @@ config TARGET_APALIS_IMX6 + select DM_SERIAL + select DM_THERMAL + select SUPPORT_SPL ++ select BINMAN if SPL_OPTEE_IMAGE + imply CMD_DM + imply CMD_SATA + +-- +2.34.1 diff --git a/recipes-bsp/u-boot/files/optee-apalis-imx6.cfg b/recipes-bsp/u-boot/files/optee-apalis-imx6.cfg new file mode 100644 index 0000000..06ab045 --- /dev/null +++ b/recipes-bsp/u-boot/files/optee-apalis-imx6.cfg @@ -0,0 +1,10 @@ +CONFIG_SPL_SYS_MALLOC_SIZE=0x200000 +CONFIG_SPL_LOAD_FIT=y +CONFIG_SPL_OPTEE_IMAGE=y +CONFIG_SKIP_LOWLEVEL_INIT=y +SYS_ICACHE_OFF=y +SYS_DCACHE_OFF=y +CONFIG_SYS_L2CACHE_OFF=y +CONFIG_SYS_L2_PL310=n +CONFIG_HAS_CUSTOM_SYS_INIT_SP_ADDR=y +CONFIG_CUSTOM_SYS_INIT_SP_ADDR=0x11200000 diff --git a/recipes-bsp/u-boot/u-boot-optee.inc b/recipes-bsp/u-boot/u-boot-optee.inc index 4cca5bd..8f7a35f 100644 --- a/recipes-bsp/u-boot/u-boot-optee.inc +++ b/recipes-bsp/u-boot/u-boot-optee.inc @@ -14,6 +14,11 @@ SRC_URI:append:colibri-imx6 = "\ file://optee-colibri-imx6.cfg \ " +SRC_URI:append:apalis-imx6 = "\ + file://0001-toradex-imx6q-add-support-to-boot-OP-TEE-from-SPL.patch \ + file://optee-apalis-imx6.cfg \ +" + SRC_URI:append:colibri-imx7-emmc = "\ file://0001-board-colibri_imx7-add-SPL-support.patch \ file://0001-toradex-imx7d-add-support-to-boot-OP-TEE-from-SPL.patch \ @@ -22,6 +27,7 @@ SRC_URI:append:colibri-imx7-emmc = "\ EXTRA_OEMAKE:append:colibri-imx6 = " TEE=tee.bin" EXTRA_OEMAKE:append:colibri-imx7-emmc = " TEE=tee.bin" +EXTRA_OEMAKE:append:apalis-imx6 = " TEE=tee.bin" copy_optee_binary_to_uboot() { if [ -n "${UBOOT_CONFIG}" ]; then @@ -48,6 +54,9 @@ do_prepare_uboot_for_optee() { do_prepare_uboot_for_optee:colibri-imx6() { copy_optee_binary_to_uboot } +do_prepare_uboot_for_optee:apalis-imx6() { + copy_optee_binary_to_uboot +} do_prepare_uboot_for_optee:colibri-imx7-emmc() { copy_optee_binary_to_uboot } diff --git a/recipes-kernel/linux/files/0001-ARM-dts-imx6qdl-apalis-add-OP-TEE-related-nodes.patch b/recipes-kernel/linux/files/0001-ARM-dts-imx6qdl-apalis-add-OP-TEE-related-nodes.patch new file mode 100644 index 0000000..b1b01e3 --- /dev/null +++ b/recipes-kernel/linux/files/0001-ARM-dts-imx6qdl-apalis-add-OP-TEE-related-nodes.patch @@ -0,0 +1,48 @@ +From 98c54c1aaf7e351b229151ae09a0fbefbd4d2f9c Mon Sep 17 00:00:00 2001 +From: Sergio Prado +Date: Thu, 5 Dec 2024 10:10:58 -0300 +Subject: [PATCH] ARM: dts: imx6qdl-apalis: add OP-TEE related nodes + +Upstream-Status: Inappropriate [Application specific] + +Signed-off-by: Sergio Prado +--- + arch/arm/boot/dts/nxp/imx/imx6qdl-apalis.dtsi | 23 +++++++++++++++++++ + 1 file changed, 23 insertions(+) + +diff --git a/arch/arm/boot/dts/nxp/imx/imx6qdl-apalis.dtsi b/arch/arm/boot/dts/nxp/imx/imx6qdl-apalis.dtsi +index dba45ccdf28d..7c0711dc754c 100644 +--- a/arch/arm/boot/dts/nxp/imx/imx6qdl-apalis.dtsi ++++ b/arch/arm/boot/dts/nxp/imx/imx6qdl-apalis.dtsi +@@ -12,6 +12,29 @@ / { + model = "Toradex Apalis iMX6Q/D Module"; + compatible = "toradex,apalis_imx6q", "fsl,imx6q"; + ++ reserved-memory { ++ #address-cells = <1>; ++ #size-cells = <1>; ++ ranges; ++ ++ optee@1c000000 { ++ reg = <0x1c000000 0x01000000>; ++ no-map; ++ }; ++ }; ++ ++ firmware { ++ optee { ++ compatible = "linaro,optee-tz"; ++ method = "smc"; ++ }; ++ }; ++ ++ psci { ++ compatible = "arm,psci-1.0"; ++ method = "smc"; ++ }; ++ + aliases { + mmc0 = &usdhc3; /* eMMC */ + mmc1 = &usdhc1; /* MMC1 slot */ +-- +2.34.1 diff --git a/recipes-kernel/linux/linux-optee.inc b/recipes-kernel/linux/linux-optee.inc index f1e85e5..9b5e273 100644 --- a/recipes-kernel/linux/linux-optee.inc +++ b/recipes-kernel/linux/linux-optee.inc @@ -7,6 +7,10 @@ SRC_URI:append:colibri-imx6 = "\ file://0001-ARM-dts-imx6qdl-colibri-add-OP-TEE-related-nodes.patch \ " +SRC_URI:append:apalis-imx6 = "\ + file://0001-ARM-dts-imx6qdl-apalis-add-OP-TEE-related-nodes.patch \ +" + SRC_URI:append:colibri-imx7-emmc = "\ file://0001-ARM-dts-imx7d-colibri-emmc-add-OP-TEE-related-nodes.patch \ " diff --git a/recipes-security/optee/include/optee-tdx-apalis-imx6.inc b/recipes-security/optee/include/optee-tdx-apalis-imx6.inc new file mode 100644 index 0000000..7c2e16b --- /dev/null +++ b/recipes-security/optee/include/optee-tdx-apalis-imx6.inc @@ -0,0 +1,16 @@ +# compatible machine in OP-TEE source code +OPTEEMACHINE = "imx-mx6qsabresd" + +# required by NXP OP-TEE recipe +PLATFORM_FLAVOR = "mx6qsabresd" + +# uart base address (to print debug messages) +UART_BASE_ADDR = "0x02020000" + +# extra arguments to build OP-TEE OS +OPTEE_OS_EXTRA_MACHINE_ARGS = "\ + CFG_TZDRAM_START=0x1c000000 \ + CFG_TZDRAM_SIZE=0x01000000 \ + CFG_NS_ENTRY_ADDR=0x17800000 \ + CFG_DT=n \ +"