optee: FIT image sub-image rejected
Robert Delien
r.delien at payter.nl
Fri Oct 9 12:07:04 CEST 2020
Hi guys,
I'm trying to boot a FIT image, containing a Linux Kernel, an FDT and
optee. I am using U-boot 2018.03, as it came in the NXP i.MX6UL Yocto
distribution, patched it with Bryan O'Donoghue's optee patches of
March 2018, and out-configured NXP's CONFIG_IMX_OPTEE.
Below the DTS for my for the FIT image:
/dts-v1/;
/ {
description = "XXX i.MX6UL Linux";
#address-cells = <1>;
images {
kernel at 1 {
description = "Linux kernel";
data = /incbin/("/home/XXX/zImage.bin");
type = "kernel";
arch = "arm";
os = "linux";
compression = "none";
load = <0x80800000>;
entry = <0x80800000>;
};
fdt at 1 {
description = "Flattened Device Tree";
data = /incbin/("/home/XXX/XXX.dtb");
type = "flat_dt";
arch = "arm";
load = <0x83000000>;
compression = "none";
};
optee at 1 {
description = "OP/TEE";
data = /incbin/("/home/XXX/tee.bin");
type = "kernel";
arch = "arm";
os = "tee";
compression = "none";
load = <0x8dffffe4>;
entry = <0x8e000000>;
};
};
configurations {
default = "tee at 1";
tee at 1 {
description = "Boot Linux kernel through OP/TEE";
kernel = "optee at 1";
fdt = "fdt at 1";
loadables = "kernel at 1";
};
bare at 1 {
description = "Boot bare Linux kernel";
kernel = "kernel at 1";
fdt = "fdt at 1";
};
};
};
Booting this image using bootm 0x85000000#bare works, so both Kernel
sub-image and FDT sub-image are OK.
Booting the default configuration (tee at 1) however, produces an error:
=> bootm 0x85000000
## Loading kernel from FIT Image at 85000000 ...
Using 'tee at 1' configuration
Trying 'optee at 1' kernel subimage
Description: OP/TEE
Type: Kernel Image
Compression: uncompressed
Data Start: 0x85887e5c
Data Size: 315732 Bytes = 308.3 KiB
Architecture: ARM
OS: Trusted Execution Environment
Load Address: 0x8dffffe4
Entry Point: 0x8e000000
Verifying Hash Integrity ... OK
No Trusted Execution Environment ARM Kernel Image Image
This error is triggered in .../common/image-fit.c:
if ((!type_ok || !os_ok) && image_type != IH_TYPE_LOADABLE) {
fit_image_get_os(fit, noffset, &os);
printf("No %s %s %s Image\n",
genimg_get_os_name(os),
genimg_get_arch_name(arch),
genimg_get_type_name(image_type));
bootstage_error(bootstage_id + BOOTSTAGE_SUB_CHECK_ALL);
return -EIO;
type_ok = 1
os_ok = 0
image_type = 2
The failing argument here is os_ok, which is set shortly before:
os_ok = image_type == IH_TYPE_FLATDT ||
image_type == IH_TYPE_FPGA ||
fit_image_check_os(fit, noffset, IH_OS_LINUX) ||
fit_image_check_os(fit, noffset, IH_OS_U_BOOT) ||
fit_image_check_os(fit, noffset, IH_OS_OPENRTOS);
The optee sub-image in my FIT image is of type IH_OS_TEE, clearly not
in this list, but neither are the vast majority of the other OSes.
I could set 'os' in my DTS file to 'linux', but everybody else seems
to use 'tee', most even set 'type' to 'tee'. But even the current
master branch is not including IH_OS_TEE in setting os_ok.
Should it be included, or am I doing something else wrong? (BTW,
including IH_OS_TEE still fails to launch optee, but I'd like to start
at the most obvious error first.)
With kind regards,
Robert.
--
DISCLAIMER
De informatie, verzonden in of met dit e-mailbericht, is
vertrouwelijk en uitsluitend voor de geadresseerde(n) bestemd. Het gebruik
van de informatie in dit bericht, de openbaarmaking, vermenigvuldiging,
verspreiding en|of verstrekking daarvan aan derden is niet toegestaan.
Gebruik van deze informatie door anderen dan geadresseerde(n) is strikt
verboden. Aan deze informatie kunnen geen rechten worden ontleend. U wordt
verzocht bij onjuiste adressering de afzender direct te informeren door het
bericht te retourneren en het bericht uit uw computersysteem te verwijderen.
More information about the U-Boot
mailing list