[PATCH v2 1/5] docker: add OP-TEE and TF-A build for testing Firmware Handoff
Raymond Mao
raymond.mao at linaro.org
Sat Oct 4 04:06:13 CEST 2025
Hi Tom,
On Fri, 3 Oct 2025 at 16:17, Tom Rini <trini at konsulko.com> wrote:
>
> On Fri, Oct 03, 2025 at 12:22:15PM -0700, Raymond Mao wrote:
>
> > Fetch OP-TEE (4.7.0), TF-A (v2.13.0), MbedTLS (v3.6) and build
> > bl1 and fip with both Firmware Handoff and Measured Boot enabled.
> >
> > Signed-off-by: Raymond Mao <raymond.mao at linaro.org>
> > ---
> > Changes in V2:
> > - Move OP-TEE dependencies into the common group.
> > - Fetch MbedTLS/TF-A and build bl1/fip in dockerfile instead of
> > post-buildman script.
> > - Remove Trust Boot related build options.
> >
> > tools/docker/Dockerfile | 74 +++++++++++++++++++++++++++++++++++++++--
> > 1 file changed, 71 insertions(+), 3 deletions(-)
> >
> > diff --git a/tools/docker/Dockerfile b/tools/docker/Dockerfile
> > index 5b4c75f8400..0a213a7a61e 100644
> > --- a/tools/docker/Dockerfile
> > +++ b/tools/docker/Dockerfile
> > @@ -58,6 +58,9 @@ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
> > RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
> > --mount=type=cache,target=/var/lib/apt,sharing=locked \
> > apt-get update && apt-get install -y \
> > + adb \
> > + acpica-tools \
> > + autoconf \
> > automake \
> > autopoint \
> > bc \
> > @@ -65,21 +68,26 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
> > bison \
> > build-essential \
> > byacc \
> > + ccache \
> > cgpt \
> > clang-18 \
> > coreutils \
> > cpio \
> > + cscope \
> > curl \
> > device-tree-compiler \
> > dosfstools \
> > e2fsprogs \
> > + e2tools \
> > efitools \
> > erofs-utils \
> > exfatprogs \
> > expect \
> > fakeroot \
> > + fastboot \
> > fdisk \
> > flex \
> > + ftp-upload \
> > gawk \
> > gdisk \
> > gettext \
> > @@ -92,11 +100,20 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
> > imagemagick \
> > inetutils-telnet \
> > iputils-ping \
> > + libattr1-dev \
> > + libcap-ng-dev \
> > libconfuse-dev \
> > + libfdt-dev \
> > + libftdi-dev \
> > libgit2-dev \
> > libjson-glib-dev \
> > + libglib2.0-dev \
> > + libgmp3-dev \
> > libgnutls28-dev \
> > libgnutls30 \
> > + libhidapi-dev \
> > + libmpc-dev \
> > + libncurses5-dev \
> > libpixman-1-dev \
> > libpython3-dev \
> > libsdl1.2-dev \
> > @@ -110,9 +127,11 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
> > lz4 \
> > lzma-alone \
> > lzop \
> > + make \
> > mount \
> > mtd-utils \
> > mtools \
> > + netcat \
> > net-tools \
> > ninja-build \
> > openssl \
> > @@ -122,12 +141,16 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
> > python-is-python3 \
> > python2.7 \
> > python3 \
> > + python3-cryptography \
> > python3-dev \
> > python3-pip \
> > + python3-pyelftools \
> > + python3-serial \
> > python3-sphinx \
> > python3-tomli \
> > python3-venv \
> > rpm2cpio \
> > + rsync \
> > sbsigntool \
> > socat \
> > softhsm2 \
> > @@ -136,13 +159,20 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
> > sudo \
> > swig \
> > texinfo \
> > + unzip \
> > util-linux \
> > uuid-dev \
> > vboot-kernel-utils \
> > vboot-utils \
> > + wget \
> > + xdg-utils \
> > xilinx-bootgen \
> > + xsltproc \
> > + xterm \
> > xxd \
> > - zip
> > + xz-utils \
> > + zip \
> > + zlib1g-dev
>
> Are some of these deps perhaps optional? I would hope we could build
> without cscope and xterm, to pick randomly from the top and bottom of
> the list. I ask since everything we add here makes the container larger,
> and it's already very big. I'm almost wondering if we should (follow-up,
> later) add a step where we remove things that tools we built needed, but
> U-Boot doesn't need for build/tests.
>
Actually those deps are grep from OP-TEE official docs, but yes, I can
find out the ones which are not really necessary and then remove them.
Raymond
> --
> Tom
More information about the U-Boot
mailing list