Hi Marek,
On 11/19/25 12:20 AM, Marek Vasut wrote:
Introduce two new parameters to be used with mkimage -f auto to bundle
TEE image into fitImage, using auto-generated fitImage. Add -z to specify
TEE file name and -Z to specify TEE load and entry point address. This is
meant to be used with systems which boot all of TEE, Linux and its DT from
a single fitImage, all booted by U-Boot.
Example invocation:
"
$ mkimage -E -A arm -C none -e 0xc0008000 -a 0xc0008000 -f auto \
-d arch/arm/boot/zImage \
-b arch/arm/boot/dts/st/stm32mp135f-dhcor-dhsbc.dtb \
-z ../optee_os/out/arm-plat-stm32mp1/core/tee-raw.bin \
-Z 0xde000000 \
/path/to/output/fitImage
"
Documentation update and test are also included, the test validates
both positive and negative test cases, where fitImage does not include
TEE and does include TEE blobs.
Signed-off-by: Marek Vasut <[email protected]>
---
Cc: "Carlos López" <[email protected]>
Cc: Aristo Chen <[email protected]>
Cc: Ilias Apalodimas <[email protected]>
Cc: Julien Masson <[email protected]>
Cc: Mattijs Korpershoek <[email protected]>
Cc: Mayuresh Chitale <[email protected]>
Cc: Paul HENRYS <[email protected]>
Cc: Quentin Schulz <[email protected]>
Cc: Rasmus Villemoes <[email protected]>
Cc: Simon Glass <[email protected]>
Cc: Tom Rini <[email protected]>
Cc: Wolfgang Wallner <[email protected]>
Cc: [email protected]
Cc: [email protected]
---
doc/mkimage.1 | 12 +++
include/image.h | 1 +
test/py/tests/test_fit_auto_signed.py | 110 +++++++++++++++++++++++---
tools/fit_image.c | 55 ++++++++++++-
tools/imagetool.h | 2 +
tools/mkimage.c | 17 +++-
6 files changed, 185 insertions(+), 12 deletions(-)
diff --git a/doc/mkimage.1 b/doc/mkimage.1
index c705218d345..c87003a6c0a 100644
--- a/doc/mkimage.1
+++ b/doc/mkimage.1
@@ -251,6 +251,18 @@ Append TFA BL31 file to the image.
.B \-\-tfa-bl31-addr
Set TFA BL31 file load and entry point address.
.
+.TP
+.B \-z
+.TQ
+.B \-\-optee-file
+Append OPTEE file to the image.
+.
+.TP
+.B \-Z
+.TQ
+.B \-\-optee-addr
+Set OPTEE file load and entry point address.
+.
I believe we use tee-file and tee-addr according to the last diff in
this patch?
Please specify this is parsed as hex.
Which formats are supported for the --tee-file parameter? OP-TEE OS
itself has multiple versions for the binary header (v1 and v2?) and we
can pass either a binary (tee.bin) or an ELF (tee.elf) in binman, c.f.
tools/binman/etype/tee_os.py
.SS Options for creating FIT images
.
.TP
diff --git a/include/image.h b/include/image.h
index 9a1c828416d..d543c6cf254 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1105,6 +1105,7 @@ int booti_setup(ulong image, ulong *relocated_addr, ulong
*size,
#define FIT_SCRIPT_PROP "script"
#define FIT_PHASE_PROP "phase"
#define FIT_TFA_BL31_PROP "tfa-bl31"
+#define FIT_TEE_PROP "tee"
#define FIT_MAX_HASH_LEN HASH_MAX_DIGEST_SIZE
diff --git a/test/py/tests/test_fit_auto_signed.py b/test/py/tests/test_fit_auto_signed.py
index 0b5dbd5401c..cb8bd519fd9 100644
--- a/test/py/tests/test_fit_auto_signed.py
+++ b/test/py/tests/test_fit_auto_signed.py
@@ -117,23 +117,31 @@ class SignedFitHelper(object):
algo = self.__fdt_get_string(f'{node}/signature', 'algo')
assert algo == sign_algo + "\n", "Missing expected signature
algo!"
- def check_fit_loadables(self, present):
+ def check_fit_loadables(self, bl31present, teepresent):
"""Test that loadables contains both kernel and TFA BL31 entries.
Each configuration must have a loadables property which lists both
kernel-1 and tfa-bl31-1 strings in the string list.
Missing update to the method docstring.
"""
- if present:
+ if bl31present:
assert "/images/tfa-bl31-1" in self.images_nodes
else:
assert "/images/tfa-bl31-1" not in self.images_nodes
+ if teepresent:
+ assert "/images/tee-1" in self.images_nodes
+ else:
+ assert "/images/tee-1" not in self.images_nodes
for node in self.confgs_nodes:
loadables = self.__fdt_get_string(f'{node}', 'loadables')
assert "kernel-1" in loadables
- if present:
+ if bl31present:
assert "tfa-bl31-1" in loadables
else:
assert "tfa-bl31-1" not in loadables
+ if teepresent:
+ assert "tee-1" in loadables
+ else:
+ assert "tee-1" not in loadables
[...]
+ # Run the same tests as 1/2/3 above, but this time with TEE
+ # options -z tee.bin -Z 0x56780000 to cover both mkimage with
+ # and without TEE use cases.
+ b_args = " -d" + kernel_file + " -b" + dt1_file + " -b" + dt2_file + " -z" +
tee_file + " -Z 0x56780000"
+
+ # 4 - Create auto FIT with images crc32 checksum, and verify it
+ utils.run_and_log(ubman, mkimage + ' -fauto' + b_args + " " + fit_file)
+
+ fit = SignedFitHelper(ubman, fit_file)
+ if fit.build_nodes_sets() == 0:
+ raise ValueError('FIT-7 has no "/image" nor "/configuration" nodes')
+
+ fit.check_fit_crc32_images()
+
+ fit.check_fit_loadables(bl31present=False, teepresent=True)
+
+ # 5 - Create auto FIT with signed images, and verify it
+ utils.run_and_log(ubman, mkimage + ' -fauto' + b_args + s_args + " " +
+ fit_file)
+
+ fit = SignedFitHelper(ubman, fit_file)
+ if fit.build_nodes_sets() == 0:
+ raise ValueError('FIT-8 has no "/image" nor "/configuration" nodes')
+
+ fit.check_fit_signed_images(key_name, sign_algo, verifier)
+
+ fit.check_fit_loadables(bl31present=False, teepresent=True)
+
+ # 6 - Create auto FIT with signed configs and hashed images, and verify it
+ utils.run_and_log(ubman, mkimage + ' -fauto-conf' + b_args + s_args + " " +
+ fit_file)
+
+ fit = SignedFitHelper(ubman, fit_file)
+ if fit.build_nodes_sets() == 0:
+ raise ValueError('FIT-9 has no "/image" nor "/configuration" nodes')
+
+ fit.check_fit_signed_confgs(key_name, sign_algo)
+
+ fit.check_fit_loadables(bl31present=False, teepresent=True)
+
+ # Run the same tests as 1/2/3 above, but this time with TEE
+ # options -z tee.bin -Z 0x56780000 to cover both mkimage with
+ # and without TEE use cases.
And with TFA BL31...
[...]
diff --git a/tools/fit_image.c b/tools/fit_image.c
index 0306333141e..6388b04e340 100644
--- a/tools/fit_image.c
+++ b/tools/fit_image.c
@@ -180,6 +180,13 @@ static int fit_calc_size(struct image_tool_params *params)
total_size += size;
}
+ if (params->fit_tee) {
+ size = imagetool_get_filesize(params, params->fit_tee);
+ if (size < 0)
+ return -1;
+ total_size += size;
+ }
+
for (cont = params->content_head; cont; cont = cont->next) {
size = imagetool_get_filesize(params, cont->fname);
if (size < 0)
@@ -433,6 +440,30 @@ static int fit_write_images(struct image_tool_params
*params, char *fdt)
fdt_end_node(fdt);
}
+ /* And a TEE file if available */
+ if (params->fit_tee) {
+ fdt_begin_node(fdt, FIT_TEE_PROP "-1");
+
+ fdt_property_string(fdt, FIT_TYPE_PROP, FIT_TEE_PROP);
+ fdt_property_string(fdt, FIT_OS_PROP,
+ genimg_get_os_short_name(params->os));
+ fdt_property_string(fdt, FIT_ARCH_PROP,
+ genimg_get_arch_short_name(params->arch));
+ get_basename(str, sizeof(str), params->fit_tee);
+ fdt_property_string(fdt, FIT_DESC_PROP, str);
+
+ ret = fdt_property_file(params, fdt, FIT_DATA_PROP,
+ params->fit_tee);
+ if (ret)
+ return ret;
+ fdt_property_u32(fdt, FIT_LOAD_PROP, params->fit_tee_addr);
+ fdt_property_u32(fdt, FIT_ENTRY_PROP, params->fit_tee_addr);
+ fit_add_hash_or_sign(params, fdt, true);
+ if (ret)
+ return ret;
+ fdt_end_node(fdt);
+ }
+
OK so... On Rockchip we have TF-A and OP-TEE OS split in multiple
entries with different load addresses (see @atf-seq and @tee-seq in
arch/arm/dts/rockchip-u-boot.dtsi). I guess this means we wouldn't be
able to use this auto FIT?
fdt_end_node(fdt);
return 0;
@@ -473,10 +504,20 @@ static void fit_write_configs(struct image_tool_params
*params, char *fdt)
len = strlen(str);
fdt_property_string(fdt, typename, str);
- if (params->fit_tfa_bl31) {
+ if (params->fit_tfa_bl31 && params->fit_tee) {
+ snprintf(str, sizeof(str), "%s-1." FIT_TFA_BL31_PROP "-1."
FIT_TEE_PROP "-1", typename);
+ str[len] = 0;
+ len += strlen(FIT_TFA_BL31_PROP "-1") + 1;
+ str[len] = 0;
+ len += strlen(FIT_TEE_PROP "-1") + 1;
+ } else if (params->fit_tfa_bl31) {
snprintf(str, sizeof(str), "%s-1." FIT_TFA_BL31_PROP
"-1", typename);
str[len] = 0;
len += strlen(FIT_TFA_BL31_PROP "-1") + 1;
+ } else if (params->fit_tee) {
+ snprintf(str, sizeof(str), "%s-1." FIT_TEE_PROP "-1",
typename);
+ str[len] = 0;
+ len += strlen(FIT_TEE_PROP "-1") + 1;
}
fdt_property(fdt, FIT_LOADABLE_PROP, str, len + 1);
@@ -498,10 +539,20 @@ static void fit_write_configs(struct image_tool_params
*params, char *fdt)
len = strlen(str);
fdt_property_string(fdt, typename, str);
- if (params->fit_tfa_bl31) {
+ if (params->fit_tfa_bl31 && params->fit_tee) {
+ snprintf(str, sizeof(str), "%s-1." FIT_TFA_BL31_PROP "-1."
FIT_TEE_PROP "-1", typename);
+ str[len] = 0;
+ len += strlen(FIT_TFA_BL31_PROP "-1") + 1;
+ str[len] = 0;
+ len += strlen(FIT_TEE_PROP "-1") + 1;
+ } else if (params->fit_tfa_bl31) {
snprintf(str, sizeof(str), "%s-1." FIT_TFA_BL31_PROP
"-1", typename);
str[len] = 0;
len += strlen(FIT_TFA_BL31_PROP "-1") + 1;
+ } else if (params->fit_tee) {
+ snprintf(str, sizeof(str), "%s-1." FIT_TEE_PROP "-1",
typename);
+ str[len] = 0;
+ len += strlen(FIT_TEE_PROP "-1") + 1;
}
The coded here seems to be shared with one diff above, maybe it'd make
sense to make this into a reusable function? What do you think?
Cheers,
Quentin
