[PATCH v2 1/5] docker: add OP-TEE and TF-A build for testing Firmware Handoff

Raymond Mao raymond.mao at linaro.org
Sat Oct 4 04:06:13 CEST 2025


Hi Tom,

On Fri, 3 Oct 2025 at 16:17, Tom Rini <trini at konsulko.com> wrote:
>
> On Fri, Oct 03, 2025 at 12:22:15PM -0700, Raymond Mao wrote:
>
> > Fetch OP-TEE (4.7.0), TF-A (v2.13.0), MbedTLS (v3.6) and build
> > bl1 and fip with both Firmware Handoff and Measured Boot enabled.
> >
> > Signed-off-by: Raymond Mao <raymond.mao at linaro.org>
> > ---
> > Changes in V2:
> > - Move OP-TEE dependencies into the common group.
> > - Fetch MbedTLS/TF-A and build bl1/fip in dockerfile instead of
> >   post-buildman script.
> > - Remove Trust Boot related build options.
> >
> >  tools/docker/Dockerfile | 74 +++++++++++++++++++++++++++++++++++++++--
> >  1 file changed, 71 insertions(+), 3 deletions(-)
> >
> > diff --git a/tools/docker/Dockerfile b/tools/docker/Dockerfile
> > index 5b4c75f8400..0a213a7a61e 100644
> > --- a/tools/docker/Dockerfile
> > +++ b/tools/docker/Dockerfile
> > @@ -58,6 +58,9 @@ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
> >  RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
> >      --mount=type=cache,target=/var/lib/apt,sharing=locked \
> >      apt-get update && apt-get install -y \
> > +     adb \
> > +     acpica-tools \
> > +     autoconf \
> >       automake \
> >       autopoint \
> >       bc \
> > @@ -65,21 +68,26 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
> >       bison \
> >       build-essential \
> >       byacc \
> > +     ccache \
> >       cgpt \
> >       clang-18 \
> >       coreutils \
> >       cpio \
> > +     cscope \
> >       curl \
> >       device-tree-compiler \
> >       dosfstools \
> >       e2fsprogs \
> > +     e2tools \
> >       efitools \
> >       erofs-utils \
> >       exfatprogs \
> >       expect \
> >       fakeroot \
> > +     fastboot \
> >       fdisk \
> >       flex \
> > +     ftp-upload \
> >       gawk \
> >       gdisk \
> >       gettext \
> > @@ -92,11 +100,20 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
> >       imagemagick \
> >       inetutils-telnet \
> >       iputils-ping \
> > +     libattr1-dev \
> > +     libcap-ng-dev \
> >       libconfuse-dev \
> > +     libfdt-dev \
> > +     libftdi-dev \
> >       libgit2-dev \
> >       libjson-glib-dev \
> > +     libglib2.0-dev \
> > +     libgmp3-dev \
> >       libgnutls28-dev \
> >       libgnutls30 \
> > +     libhidapi-dev \
> > +     libmpc-dev \
> > +     libncurses5-dev \
> >       libpixman-1-dev \
> >       libpython3-dev \
> >       libsdl1.2-dev \
> > @@ -110,9 +127,11 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
> >       lz4 \
> >       lzma-alone \
> >       lzop \
> > +     make \
> >       mount \
> >       mtd-utils \
> >       mtools \
> > +     netcat \
> >       net-tools \
> >       ninja-build \
> >       openssl \
> > @@ -122,12 +141,16 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
> >       python-is-python3 \
> >       python2.7 \
> >       python3 \
> > +     python3-cryptography \
> >       python3-dev \
> >       python3-pip \
> > +     python3-pyelftools \
> > +     python3-serial \
> >       python3-sphinx \
> >       python3-tomli \
> >       python3-venv \
> >       rpm2cpio \
> > +     rsync \
> >       sbsigntool \
> >       socat \
> >       softhsm2 \
> > @@ -136,13 +159,20 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
> >       sudo \
> >       swig \
> >       texinfo \
> > +     unzip \
> >       util-linux \
> >       uuid-dev \
> >       vboot-kernel-utils \
> >       vboot-utils \
> > +     wget \
> > +     xdg-utils \
> >       xilinx-bootgen \
> > +     xsltproc \
> > +     xterm \
> >       xxd \
> > -     zip
> > +     xz-utils \
> > +     zip \
> > +     zlib1g-dev
>
> Are some of these deps perhaps optional? I would hope we could build
> without cscope and xterm, to pick randomly from the top and bottom of
> the list. I ask since everything we add here makes the container larger,
> and it's already very big. I'm almost wondering if we should (follow-up,
> later) add a step where we remove things that tools we built needed, but
> U-Boot doesn't need for build/tests.
>

Actually those deps are grep from OP-TEE official docs, but yes, I can
find out the ones which are not really necessary and then remove them.

Raymond

> --
> Tom


More information about the U-Boot mailing list