[U-Boot] [PATCH] apalis_imx6: allocate specific region of memory to OP-TEE

Ricardo Salveti ricardo at foundries.io
Tue Sep 3 14:48:37 UTC 2019 

On Tue, Sep 3, 2019 at 11:34 AM Igor Opaniuk <igor.opaniuk at gmail.com> wrote:
> Hi Ricardo,
>
> On Tue, Sep 3, 2019 at 4:53 PM Ricardo Salveti <ricardo at foundries.io> wrote:
> >
> > On Tue, Sep 3, 2019 at 12:09 AM Peng Fan <peng.fan at nxp.com> wrote:
> > >
> > > > Subject: [PATCH] apalis_imx6: allocate specific region of memory to OP-TEE
> > > >
> > > > OP-TEE uses the memory region defined by the maximum DRAM address
> > > > minus CONFIG_OPTEE_TZDRAM_SIZE, so subtract
> > > > CONFIG_OPTEE_TZDRAM_SIZE from the available DRAM size to avoid
> > > > conflicts.
> > > >
> > > > Signed-off-by: Ricardo Salveti <ricardo at foundries.io>
> > > > ---
> > > >  board/toradex/apalis_imx6/apalis_imx6.c | 5 +++++
> > > >  1 file changed, 5 insertions(+)
> > > >
> > > > diff --git a/board/toradex/apalis_imx6/apalis_imx6.c
> > > > b/board/toradex/apalis_imx6/apalis_imx6.c
> > > > index 6421a22c25..fa7fcc8d46 100644
> > > > --- a/board/toradex/apalis_imx6/apalis_imx6.c
> > > > +++ b/board/toradex/apalis_imx6/apalis_imx6.c
> > > > @@ -75,6 +75,11 @@ int dram_init(void)
> > > >       gd->ram_size = get_ram_size((void *)CONFIG_SYS_SDRAM_BASE,
> > > >                                   (ulong)imx_ddr_size());
> > > >
> > > > +     /* Subtract the defined OPTEE runtime firmware length */ #ifdef
> > > > +CONFIG_OPTEE_TZDRAM_SIZE
> > > > +     gd->ram_size -= CONFIG_OPTEE_TZDRAM_SIZE; #endif
> > > > +
> > >
> > > Has OPTEE been enabled? I not see that in defconfig.
> >
> > Not yet enable by default, this is just to make it compatible with OP-TEE.
> >
> > Should we have it enabled by default at apalis_imx6_defconfig? I could
> > also send another patch to add a new config that has secure boot and
> > OP-TEE enabled by default, as done with a few other imx targets.
>
> IMHO, idea with a new config makes sense, as besides CONFIG_BOOTM_OPTEE=y
> we should also add CONFIG_ARMV7_BOOT_SEC_DEFAULT=y  and provide
> appropriate CONFIG_BOOTCOMMAND to boot TEE blob (although we're currently
> in the middle of transition to distroboot usage by default, where we
> can handle all this
> in a boot script instead).

The flow I'm currently using is a bit different, using SPL FIT and
loading OP-TEE from SPL itself (in order to load secure world earlier
in the boot chain), which then loads U-Boot in normal world. That way
we don't actually need to change the default bootcommand logic, as
most of the heavy work is done by SPL instead of u-boot.

Once some of the needed patches land (e.g. supporting larger SPL on
iMX6DQ) I will propose a new config with this setup, so we can all
review it.

Cheers,

--
Ricardo Salveti

More information about the U-Boot mailing list