[PATCH v2 2/2] mkimage: Add support for bundling TEE in mkimage -f auto

Quentin Schulz quentin.schulz at cherry.de
Tue Nov 25 12:37:06 CET 2025 

Hi Marek,

On 11/24/25 8:40 PM, Marek Vasut wrote:
> Introduce two new parameters to be used with mkimage -f auto to bundle
> TEE image into fitImage, using auto-generated fitImage. Add -z to specify
> TEE file name and -Z to specify TEE load and entry point address. This is
> meant to be used with systems which boot all of TEE, Linux and its DT from
> a single fitImage, all booted by U-Boot.
> 
> Example invocation:
> "
> $ mkimage -E -A arm -C none -e 0xc0008000 -a 0xc0008000 -f auto \
>            -d arch/arm/boot/zImage \
>            -b arch/arm/boot/dts/st/stm32mp135f-dhcor-dhsbc.dtb \
>            -z ../optee_os/out/arm-plat-stm32mp1/core/tee-raw.bin \
> 	  -Z 0xde000000 \
>            /path/to/output/fitImage
> "
> 
> Documentation update and test are also included, the test validates
> both positive and negative test cases, where fitImage does not include
> TEE and does include TEE blobs.
> 
> Signed-off-by: Marek Vasut <marek.vasut at mailbox.org>
> ---
> Cc: "Carlos López" <carlos.lopezr4096 at gmail.com>
> Cc: Aristo Chen <jj251510319013 at gmail.com>
> Cc: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> Cc: Julien Masson <jmasson at baylibre.com>
> Cc: Mattijs Korpershoek <mkorpershoek at kernel.org>
> Cc: Mayuresh Chitale <mchitale at ventanamicro.com>
> Cc: Paul HENRYS <paul.henrys_ext at softathome.com>
> Cc: Quentin Schulz <quentin.schulz at cherry.de>
> Cc: Rasmus Villemoes <ravi at prevas.dk>
> Cc: Simon Glass <sjg at chromium.org>
> Cc: Tom Rini <trini at konsulko.com>
> Cc: Wolfgang Wallner <wolfgang.wallner at br-automation.com>
> Cc: u-boot at lists.denx.de
> Cc: u-boot at dh-electronics.com
> ---
> V2: - Update manpage to list --tee-* options instead of --optee-*
>      - Update comments in pytest test to reflect the TEE support
> ---
>   doc/mkimage.1                         | 12 +++++
>   include/image.h                       |  1 +
>   test/py/tests/test_fit_auto_signed.py | 65 ++++++++++++++++++++++++---
>   tools/fit_image.c                     | 55 ++++++++++++++++++++++-
>   tools/imagetool.h                     |  2 +
>   tools/mkimage.c                       | 17 ++++++-
>   6 files changed, 142 insertions(+), 10 deletions(-)
> 
> diff --git a/doc/mkimage.1 b/doc/mkimage.1
> index c705218d345..29df21440e7 100644
> --- a/doc/mkimage.1
> +++ b/doc/mkimage.1
> @@ -251,6 +251,18 @@ Append TFA BL31 file to the image.
>   .B \-\-tfa-bl31-addr
>   Set TFA BL31 file load and entry point address.
>   .
> +.TP
> +.B \-z
> +.TQ
> +.B \-\-tee-file
> +Append TEE file to the image.

Please specify which format is supported here if only select ones are.

> +.
> +.TP
> +.B \-Z
> +.TQ
> +.B \-\-tee-addr
> +Set TEE file load and entry point address, in hexadecimal.

s/address/addresses/ ?

[...]
> @@ -239,3 +251,42 @@ def test_fit_auto_signed(ubman):
>       generate_and_check_fit_image(' -fauto-conf' + b_args + s_args + " " + fit_file,
>                                    scfgs=True, bl31present=True,
>                                    key_name=key_name, sign_algo=sign_algo)
> +
> +    # Run the same tests as 1/2/3 above, but this time with TEE
> +    # options -z tee.bin -Z 0x56780000 to cover both mkimage with
> +    # and without TEE use cases.
> +    b_args = " -d" + kernel_file + " -b" + dt1_file + " -b" + dt2_file + " -z" + tee_file + " -Z 0x56780000"
> +

General remark but using f-string may improve readability:

b_args = f'-d {kernel_file} -b {dt1_file} -b {dt2_file} -z {tee_file} -Z 
0x56780000'

[...]

> @@ -473,10 +504,20 @@ static void fit_write_configs(struct image_tool_params *params, char *fdt)
>   		len = strlen(str);
>   		fdt_property_string(fdt, typename, str);
>   
> -		if (params->fit_tfa_bl31) {
> +		if (params->fit_tfa_bl31 && params->fit_tee) {
> +			snprintf(str, sizeof(str), "%s-1." FIT_TFA_BL31_PROP "-1." FIT_TEE_PROP "-1", typename);
> +			str[len] = 0;
> +			len += strlen(FIT_TFA_BL31_PROP "-1") + 1;
> +			str[len] = 0;
> +			len += strlen(FIT_TEE_PROP "-1") + 1;
> +		} else if (params->fit_tfa_bl31) {
>   			snprintf(str, sizeof(str), "%s-1." FIT_TFA_BL31_PROP "-1", typename);
>   			str[len] = 0;
>   			len += strlen(FIT_TFA_BL31_PROP "-1") + 1;
> +		} else if (params->fit_tee) {
> +			snprintf(str, sizeof(str), "%s-1." FIT_TEE_PROP "-1", typename);
> +			str[len] = 0;
> +			len += strlen(FIT_TEE_PROP "-1") + 1;

It actually took me a while to figure out that we are reusing len from 
outside of the if block because the loadables property starts with kernel-1.

I'm wondering if it would make it more readable to do the following

if (params->fit_tfa_bl31) {
     snprintf(&str[len + 1], sizeof(str) - (len + 1), FIT_TFA_BL31_PROP 
"-1");
     len += strlen(&str[len + 1]) + 1;
}

if (params->fit_tee) {
     snprintf(&str[len + 1], sizeof(str) - (len + 1), FIT_TEE_PROP "-1");
     len += strlen(&str[len + 1]) + 1;
}

(NOT TESTED!)

(snprintf apparently adds the trailing NUL character so no need to 
str[len] = 0 as far as I could tell, c.f. 
https://cplusplus.com/reference/cstdio/snprintf/ though that is c++ and 
the manpage of snprintf(3) isn't clear enough).

The issue is that we're now making access to an array and have to deal 
with possible out-of-bounds, as opposed to snprintf on str which handles 
this by itself by simply truncating safely. Not sure it's worth it.

>   		}
>   
>   		fdt_property(fdt, FIT_LOADABLE_PROP, str, len + 1);
> @@ -498,10 +539,20 @@ static void fit_write_configs(struct image_tool_params *params, char *fdt)
>   		len = strlen(str);
>   		fdt_property_string(fdt, typename, str);
>   
> -		if (params->fit_tfa_bl31) {
> +		if (params->fit_tfa_bl31 && params->fit_tee) {
> +			snprintf(str, sizeof(str), "%s-1." FIT_TFA_BL31_PROP "-1." FIT_TEE_PROP "-1", typename);
> +			str[len] = 0;
> +			len += strlen(FIT_TFA_BL31_PROP "-1") + 1;
> +			str[len] = 0;
> +			len += strlen(FIT_TEE_PROP "-1") + 1;
> +		} else if (params->fit_tfa_bl31) {
>   			snprintf(str, sizeof(str), "%s-1." FIT_TFA_BL31_PROP "-1", typename);
>   			str[len] = 0;
>   			len += strlen(FIT_TFA_BL31_PROP "-1") + 1;
> +		} else if (params->fit_tee) {
> +			snprintf(str, sizeof(str), "%s-1." FIT_TEE_PROP "-1", typename);
> +			str[len] = 0;
> +			len += strlen(FIT_TEE_PROP "-1") + 1;
>   		}
>   
>   		fdt_property(fdt, FIT_LOADABLE_PROP, str, len + 1);
> diff --git a/tools/imagetool.h b/tools/imagetool.h
> index 866b8834fd7..d0e7d6d56e3 100644
> --- a/tools/imagetool.h
> +++ b/tools/imagetool.h
> @@ -101,6 +101,8 @@ struct image_tool_params {
>   	struct image_summary summary;	/* results of signing process */
>   	char *fit_tfa_bl31;	/* TFA BL31 file to include */
>   	unsigned int fit_tfa_bl31_addr;	/* TFA BL31 load and entry point address */
> +	char *fit_tee;		/* TEE file to include */
> +	unsigned int fit_tee_addr;	/* TEE load and entry point address */
>   };
>   
>   /*
> diff --git a/tools/mkimage.c b/tools/mkimage.c
> index a800f9507bf..139d1bece2c 100644
> --- a/tools/mkimage.c
> +++ b/tools/mkimage.c
> @@ -103,6 +103,8 @@ static void usage(const char *msg)
>   		"          -s ==> create an image with no data\n"
>   		"          -y ==> append TFA BL31 file to the image\n"
>   		"          -Y ==> set TFA BL31 file load and entry point address\n"
> +		"          -z ==> append TEE file to the image\n"
> +		"          -Z ==> set TEE file load and entry point address\n"

s/address/addresses/ ?

Looks ok to me, so

Acked-by: Quentin Schulz <quentin.schulz at cherry.de>

Thanks!
Quentin

More information about the U-Boot mailing list