[PATCH v4 1/6] docker: add OP-TEE and TF-A build for testing Firmware Handoff
Tom Rini
trini at konsulko.com
Mon Oct 20 17:46:08 CEST 2025
On Mon, Oct 20, 2025 at 05:19:45PM +0200, Jerome Forissier wrote:
> Hi Raymond,
>
> On 10/15/25 16:18, Raymond Mao wrote:
> > Fetch OP-TEE (4.7.0), TF-A (v2.13.0), MbedTLS (v3.6) and build
> > bl1 and fip with both Firmware Handoff and Measured Boot enabled.
> >
> > Signed-off-by: Raymond Mao <raymond.mao at linaro.org>
> > ---
> > Changes in V2:
> > - Move OP-TEE dependencies into the common group.
> > - Fetch MbedTLS/TF-A and build bl1/fip in dockerfile instead of
> > post-buildman script.
> > - Remove Trust Boot related build options.
> > Changes in V3:
> > - Clean-up of OP-TEE deps.
> > Changes in V4:
> > - Minimize OP-TEE build options.
> >
> > tools/docker/Dockerfile | 38 ++++++++++++++++++++++++++++++++++++--
> > 1 file changed, 36 insertions(+), 2 deletions(-)
> >
> > diff --git a/tools/docker/Dockerfile b/tools/docker/Dockerfile
> > index 5b4c75f8400..73c1589e260 100644
> > --- a/tools/docker/Dockerfile
> > +++ b/tools/docker/Dockerfile
> > @@ -122,8 +122,10 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
> > python-is-python3 \
> > python2.7 \
> > python3 \
> > + python3-cryptography \
> > python3-dev \
> > python3-pip \
> > + python3-pyelftools \
> > python3-sphinx \
> > python3-tomli \
> > python3-venv \
> > @@ -227,10 +229,24 @@ RUN git clone https://gitlab.com/qemu-project/qemu.git /tmp/qemu && \
> > make -j$(nproc) all install && \
> > rm -rf /tmp/qemu
> >
> > -# Build fiptool
> > +# Build OP-TEE for qemu_arm64
> > +RUN git clone https://github.com/OP-TEE/optee_os.git /tmp/optee_os && \
> > + cd /tmp/optee_os/ && \
>
> I would recommend:
>
> git clone -b 4.7.0 --depth=1 https://github.com/OP-TEE/optee_os.git /tmp/optee_os
>
> ...which will directly obtain the proper tag (-b 4.7.0), and minimize the amount
> of cloned data (--depth=1 i.e., no full history, just the last commit).
>
> With or without this change:
>
> Acked-by: Jerome Forissier <jerome.forissier at linaro.org>
Oh neat. Yes, please re-order things to be:
RUN git clone --depth=1 https://github.com/OP-TEE/optee_os.git /tmp/optee_os \
-b 4.7.0 && \
...
So that future updates can be just a one line change. An unrelated
follow-up to optimize the rest of our git clones to be like this would
be much appreciated.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20251020/96644227/attachment.sig>
More information about the U-Boot
mailing list