binman: Add support for TEE BL32

Add an entry for OP-TEE Trusted OS 'BL32' payload. This is required by platforms using Cortex-A cores with TrustZone technology. Signed-off-by: Roger Quadros <rogerq@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org> Add missing-blob-help, renumber the test file, update entry-docs: Signed-off-by: Simon Glass <sjg@chromium.org>
2024-11-10 15:14:43 +00:00 · 2022-02-19 20:50:04 +02:00 · 2022-02-19 20:50:04 +02:00 · 47f420ae08
commit 47f420ae08
parent 4d38dd77f9
6 changed files with 62 additions and 0 deletions
--- a/1
+++ b/1
@ -1327,6 +1327,7 @@ cmd_binman = $(srctree)/tools/binman/binman $(if $(BINMAN_DEBUG),-D) \
 		-I arch/$(ARCH)/dts -a of-list=$(CONFIG_OF_LIST) \
 		$(foreach f,$(BINMAN_INDIRS),-I $(f)) \
 		-a atf-bl31-path=${BL31} \
+		-a tee-os-path=${TEE} \
 		-a opensbi-path=${OPENSBI} \
 		-a default-dt=$(default_dt) \
 		-a scp-path=$(SCP) \
--- a/tools/binman/entries.rst
+++ b/tools/binman/entries.rst
@ -1103,6 +1103,19 @@ available. This is set by the `SetAllowMissing()` method, if



+Entry: tee-os: Entry containing an OP-TEE Trusted OS (TEE) blob
+---------------------------------------------------------------
+
+Properties / Entry arguments:
+    - tee-os-path: Filename of file to read into entry. This is typically
+        called tee-pager.bin
+
+This entry holds the run-time firmware, typically started by U-Boot SPL.
+See the U-Boot README for your architecture or board for how to use it. See
+https://github.com/OP-TEE/optee_os for more information about OP-TEE.
+
+
+
 Entry: text: An entry which contains text
 -----------------------------------------

--- a/tools/binman/etype/tee_os.py
+++ b/tools/binman/etype/tee_os.py
@ -0,0 +1,22 @@
+# SPDX-License-Identifier: GPL-2.0+
+# Copyright (C) 2022 Texas Instruments Incorporated - https://www.ti.com/
+#
+# Entry-type module for OP-TEE Trusted OS firmware blob
+#
+
+from binman.etype.blob_named_by_arg import Entry_blob_named_by_arg
+
+class Entry_tee_os(Entry_blob_named_by_arg):
+    """Entry containing an OP-TEE Trusted OS (TEE) blob
+
+    Properties / Entry arguments:
+        - tee-os-path: Filename of file to read into entry. This is typically
+            called tee-pager.bin
+
+    This entry holds the run-time firmware, typically started by U-Boot SPL.
+    See the U-Boot README for your architecture or board for how to use it. See
+    https://github.com/OP-TEE/optee_os for more information about OP-TEE.
+    """
+    def __init__(self, section, etype, node):
+        super().__init__(section, etype, node, 'tee-os')
+        self.external = True
--- a/tools/binman/ftest.py
+++ b/tools/binman/ftest.py
@ -84,6 +84,7 @@ FSP_M_DATA            = b'fsp_m'
 FSP_S_DATA            = b'fsp_s'
 FSP_T_DATA            = b'fsp_t'
 ATF_BL31_DATA         = b'bl31'
+TEE_OS_DATA           = b'this is some tee OS data'
 ATF_BL2U_DATA         = b'bl2u'
 OPENSBI_DATA          = b'opensbi'
 SCP_DATA              = b'scp'
@ -188,6 +189,7 @@ class TestFunctional(unittest.TestCase):
        TestFunctional._MakeInputFile('compress', COMPRESS_DATA)
        TestFunctional._MakeInputFile('compress_big', COMPRESS_DATA_BIG)
        TestFunctional._MakeInputFile('bl31.bin', ATF_BL31_DATA)
+        TestFunctional._MakeInputFile('tee-pager.bin', TEE_OS_DATA)
        TestFunctional._MakeInputFile('bl2u.bin', ATF_BL2U_DATA)
        TestFunctional._MakeInputFile('fw_dynamic.bin', OPENSBI_DATA)
        TestFunctional._MakeInputFile('scp.bin', SCP_DATA)
@ -5296,5 +5298,11 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
        fnode = mkimage_dtb.GetNode('/images/fdt-1/hash')
        self.assertIn('value', fnode.props)

+    def testPackTeeOs(self):
+        """Test that an image with an TEE binary can be created"""
+        data = self._DoReadFile('222_tee_os.dts')
+        self.assertEqual(TEE_OS_DATA, data[:len(TEE_OS_DATA)])
+
+
 if __name__ == "__main__":
    unittest.main()
--- a/tools/binman/missing-blob-help
+++ b/tools/binman/missing-blob-help
@ -33,3 +33,7 @@ k3-rti-wdt-firmware:
 If CONFIG_WDT_K3_RTI_LOAD_FW is enabled, a firmware image is needed for
 the R5F core(s) to trigger the system reset. One possible source is
 https://github.com/siemens/k3-rti-wdt.
+
+tee-os:
+See the documentation for your board. You may need to build Open Portable
+Trusted Execution Environment (OP-TEE) with TEE=/path/to/tee.bin
--- a/tools/binman/test/222_tee_os.dts
+++ b/tools/binman/test/222_tee_os.dts
@ -0,0 +1,14 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+	#address-cells = <1>;
+	#size-cells = <1>;
+
+	binman {
+		tee-os {
+			filename = "tee-pager.bin";
+		};
+	};
+};