[PATCH v2 1/2] ARM: bootm: Add support for starting Linux through OpTee-OS on ARMv7a

Tom Rini trini at konsulko.com
Tue Sep 9 16:56:42 CEST 2025


On Tue, Sep 09, 2025 at 05:02:27AM +0200, Marek Vasut wrote:
> On 6/30/25 7:18 AM, Heinrich Schuchardt wrote:
> > Am 30. Juni 2025 02:08:05 MESZ schrieb Marek Vasut <marek.vasut at mailbox.org>:
> > > Add support for jumping to Linux kernel through OpTee-OS on ARMv7a.
> > > This is only supported if U-Boot runs in PL1 secure. This change adds
> > > two components, one is fitImage OpTee-OS loadable handler, which makes
> > > a note of OpTee-OS being loaded and stores the load address for later
> > > jump to it. The second part is the actual jump to Linux through OpTee-OS.
> > > The jump through OpTee-OS requires set up of multiple CPU registers, r1
> > > and r2 are passed through, r0 and r3 have to be set to 0, lr is set to
> > > Linux kernel entry point. This setup is done by new assembler function
> > > boot_jump_linux_via_optee().
> > > 
> > > The boot_jump_linux_via_optee() also includes STM32MP13xx late TZC
> > > configuration write, this cannot be moved easily, hence the ifdef.
> > 
> > Hello Marek,
> > 
> > Could you, please, add a documentation change to the series. This would allow reviewers to test your proposal.
> 
> The fitImage TEE bundling is already documented in the fit spec:
> 
> https://fitspec.osfw.foundation/
> 
> This here is an application:
> 
> "
> /dts-v1/;
> / {
> 	...
> 	images {
> 		...
> 		tee-1 {
> 			description = "OP-TEE";
> 			data = /incbin/ ("/optee_os/out/arm-plat-stm32mp1/core/tee-raw.bin") ;
> 			type = "tee";
> 			arch = "arm";
> 			compression = "none";
> 			os = "tee";
> 			load = <0xde000000>;
> 			entry = <0xde000000>;
> 			...
> 		};
> 	};
> 
> 	configurations {
> 		default = "conf-1";
> 		conf-1 {
> 			...
> 			loadables = "tee-1";
> 			...
> 		};
> 	};
> };
> "
> 
> "
> $ mkimage -E -f fit-image.its fitImage
> "
> 
> I can add that part to STM32 board docs ?
> 
> > Furthermore, please, provide tests on QEMU.
> The test would require booting Linux, how do you propose we test that in CI

For this part, it's something we've talked about off-and-on, and part of
the answer is caching in the container some set of very small but still
useful for boot testing stock images. That said, it's still a lot of
effort and a good question as to what is really being tested in each
case there (and in turn how worthwhile it is).

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20250909/669a2239/attachment.sig>


More information about the U-Boot mailing list