[PATCH 1/1] doc: emulation: qemu-arm: add secure state steps

Johannes Krottmayer krotti83 at proton.me
Mon Apr 20 10:03:41 CEST 2026 

Hi Simon!

Thanks for the answer.

On 4/20/26 1:23 AM, Simon Glass wrote:
> Hi Johannes,
> 
> On 2026-02-25T02:01:39, Johannes Krottmayer <krotti83 at proton.me> wrote:
>> doc: emulation: qemu-arm: add secure state steps
>>
>> Add build steps for building U-Boot in secure state with
>> TF-A and OP-TEE. It includes the full steps for building
>> OP-TEE and TF-A to use with U-Boot. Also a short
>> description how to invoke QEMU with enabled EL3 and EL2.
>> EL3 (machine option secure=on) is required to run TF-A.
>>
>> Signed-off-by: Johannes Krottmayer <krotti83 at proton.me>
>> Cc: Tuomas Tynkkynen <tuomas.tynkkynen at iki.fi>
>> Cc: Tom Rini <trini at konsulko.com>
>>
>> doc/board/emulation/qemu-arm.rst | 86 ++++++++++++++++++++++++++++++++++++++--
>>   1 file changed, 82 insertions(+), 4 deletions(-)
> 
>> +OT-TEE
>> +^^^^^^
> 
> Typo: OP-TEE.
> 
>> +Building (none-secure)
>> +----------------------
> 
> I suspect this should be non-secure is the conventional spellin
g -
> same for 'Running U-Boot (none-secure)' below.
> 
>> +The following file is at least created with TF-A v2.14.0 and can directly passed
>> +with the '-bios' option to QEMU::
> 
> can be directly passed
> 
>> +If the single file doesn't exists 'bl1.bin' and 'fip.bin' can be concatenated with the
> 
> doesn't exist

Thanks for the fixes. Corrected.

>> +    dd if=bl1.bin of=flash.bin bs=4096 conv=notrunc
>> +    dd if=fip.bin of=flash.bin seek=64 bs=4096 conv=notrunc
> 
> Where does flash.bin come from?

With 'flash.bin' I have meant the file 'qemu_fw.bios'. Yes, I agree it's
not really clear. Have changed the part of the text and the file name:

---
If the single file ('qemu_fw.bios') doesn't exist 'bl1.bin' and 
'fip.bin' can be concatenated with the command 'dd' alternatively::

     dd if=bl1.bin of=qemu_fw.bios bs=4096 conv=notrunc
     dd if=fip.bin of=qemu_fw.bios seek=64 bs=4096 conv=notrunc
---

I will create and send a new patch, but before I 
need to know how these
mail patches are applied. As Heinrich mentioned there was an error at
a specific line, although I checked the patch before with the U-Boot
script 'scripts/checkpatch.pl' and unfortunately there were no error
and no warnings shown. Also sent the patch with 'git email'.

Is there a specific script how I can apply these mail patches on a
local branch to test the patches before I can send them?

Thanks in advance!

> Regards,
> Simon

Kind regards,

Johannes K.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - krotti83 at proton.me - 0x1A5D6E0E.asc
Type: application/pgp-keys
Size: 888 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20260420/184d9afe/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 322 bytes
Desc: OpenPGP digital signature
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20260420/184d9afe/attachment.sig>

More information about the U-Boot mailing list