[PATCH v2 1/5] docker: add OP-TEE and TF-A build for testing Firmware Handoff
Tom Rini
trini at konsulko.com
Fri Oct 3 22:17:18 CEST 2025
On Fri, Oct 03, 2025 at 12:22:15PM -0700, Raymond Mao wrote:
> Fetch OP-TEE (4.7.0), TF-A (v2.13.0), MbedTLS (v3.6) and build
> bl1 and fip with both Firmware Handoff and Measured Boot enabled.
>
> Signed-off-by: Raymond Mao <raymond.mao at linaro.org>
> ---
> Changes in V2:
> - Move OP-TEE dependencies into the common group.
> - Fetch MbedTLS/TF-A and build bl1/fip in dockerfile instead of
> post-buildman script.
> - Remove Trust Boot related build options.
>
> tools/docker/Dockerfile | 74 +++++++++++++++++++++++++++++++++++++++--
> 1 file changed, 71 insertions(+), 3 deletions(-)
>
> diff --git a/tools/docker/Dockerfile b/tools/docker/Dockerfile
> index 5b4c75f8400..0a213a7a61e 100644
> --- a/tools/docker/Dockerfile
> +++ b/tools/docker/Dockerfile
> @@ -58,6 +58,9 @@ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
> RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
> --mount=type=cache,target=/var/lib/apt,sharing=locked \
> apt-get update && apt-get install -y \
> + adb \
> + acpica-tools \
> + autoconf \
> automake \
> autopoint \
> bc \
> @@ -65,21 +68,26 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
> bison \
> build-essential \
> byacc \
> + ccache \
> cgpt \
> clang-18 \
> coreutils \
> cpio \
> + cscope \
> curl \
> device-tree-compiler \
> dosfstools \
> e2fsprogs \
> + e2tools \
> efitools \
> erofs-utils \
> exfatprogs \
> expect \
> fakeroot \
> + fastboot \
> fdisk \
> flex \
> + ftp-upload \
> gawk \
> gdisk \
> gettext \
> @@ -92,11 +100,20 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
> imagemagick \
> inetutils-telnet \
> iputils-ping \
> + libattr1-dev \
> + libcap-ng-dev \
> libconfuse-dev \
> + libfdt-dev \
> + libftdi-dev \
> libgit2-dev \
> libjson-glib-dev \
> + libglib2.0-dev \
> + libgmp3-dev \
> libgnutls28-dev \
> libgnutls30 \
> + libhidapi-dev \
> + libmpc-dev \
> + libncurses5-dev \
> libpixman-1-dev \
> libpython3-dev \
> libsdl1.2-dev \
> @@ -110,9 +127,11 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
> lz4 \
> lzma-alone \
> lzop \
> + make \
> mount \
> mtd-utils \
> mtools \
> + netcat \
> net-tools \
> ninja-build \
> openssl \
> @@ -122,12 +141,16 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
> python-is-python3 \
> python2.7 \
> python3 \
> + python3-cryptography \
> python3-dev \
> python3-pip \
> + python3-pyelftools \
> + python3-serial \
> python3-sphinx \
> python3-tomli \
> python3-venv \
> rpm2cpio \
> + rsync \
> sbsigntool \
> socat \
> softhsm2 \
> @@ -136,13 +159,20 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
> sudo \
> swig \
> texinfo \
> + unzip \
> util-linux \
> uuid-dev \
> vboot-kernel-utils \
> vboot-utils \
> + wget \
> + xdg-utils \
> xilinx-bootgen \
> + xsltproc \
> + xterm \
> xxd \
> - zip
> + xz-utils \
> + zip \
> + zlib1g-dev
Are some of these deps perhaps optional? I would hope we could build
without cscope and xterm, to pick randomly from the top and bottom of
the list. I ask since everything we add here makes the container larger,
and it's already very big. I'm almost wondering if we should (follow-up,
later) add a step where we remove things that tools we built needed, but
U-Boot doesn't need for build/tests.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20251003/0cda5be2/attachment.sig>
More information about the U-Boot
mailing list