You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add the following in optee/u-boot/include/configs/rpi.h file to support the larger FIT image:
#define CONFIG_SYS_BOOTM_LEN (16 << 20)
5.3) Build the U-Boot with FIT Image
$ cd optee/build/
$ make u-boot-clean arm-tf-clean u-boot-env-clean
$ make EXT_DTB=../../fit/bcm2710-rpi-3-b-plus-pubkey.dtb arm-tf u-boot-env u-boot
Install the image:
6.1) Prepare the SD card using following:
$ cd optee/build
$ make img-help
fdisk /dev/sdx # where sdx is the name of your sd-card
p # prints partition table
d # repeat until all partitions are deleted
n # create a new partition
p # create primary
1 # make it the first partition
# use the default sector
+70M # create a boot partition with 32MB of space
n # create rootfs partition
p
2
# fill the remaining disk, adjust size to fit your needs
t # change partition type
1 # select first partition
e # use type 'e' (FAT16)
a # make partition bootable
1 # select first partition
p # double check everything looks right
w # write partition table to disk
run the following as root
$ mkfs.vfat -F16 -n BOOT /dev/sdx1
$ mkdir -p /media/boot
$ mount /dev/sdx1 /media/boot
$ cd /media
$ gunzip -cd /home/ramya/optee_latest/optee/build/../out-br/images/rootfs.cpio.gz | sudo cpio -idmv "boot/*"
$ umount boot
run the following as root
$ mkfs.ext4 -L rootfs /dev/sdx2
$ mkdir -p /media/rootfs
$ mount /dev/sdx2 /media/rootfs
$ cd rootfs
$ gunzip -cd /home/ramya/optee_latest/optee/build/../out-br/images/rootfs.cpio.gz | sudo cpio -idmv
$ rm -rf /media/rootfs/boot/*
$ cd .. && umount rootfs
mount /dev/sdX1 /media/boot
cd /media/boot/
cp /home/ramya/optee_latest/optee/out/uboot.env .
cp /home/ramya/optee_latest/fit/image.fit .
cd .. && umount /dev/sdX1
Test Verified boot in Raspberry Pi 3b+:
Insert SD card into rpi3b+ board and verified boot configured correctly from U-Boot output:
Power up the board
You can see like below:
NOTICE: Booting Trusted Firmware
NOTICE: BL1: v2.0(debug):v2.0-580-g023bc01
NOTICE: BL1: Built : 18:13:54, Apr 9 2019
INFO: BL1: RAM 0x100ee000 - 0x100f7000
INFO: BL1: cortex_a53: CPU workaround for 843419 was applied
INFO: BL1: cortex_a53: CPU workaround for 855873 was applied
NOTICE: rpi3: Detected: Raspberry Pi 3 Model B+ (1GB, Sony, UK) [0x00a020d3]
INFO: BL1: Loading BL2
INFO: Loading image id=1 at address 0x100b4000
INFO: Image id=1 loaded: 0x100b4000 - 0x100b9410
NOTICE: BL1: Booting BL2
INFO: Image id=5 loaded: 0x11000000 - 0x1107fff8
NOTICE: BL1: Booting BL31
INFO: Entry point address = 0x100e0000
INFO: SPSR = 0x3cd
NOTICE: BL31: v2.0(debug):v2.0-580-g023bc01
NOTICE: BL31: Built : 18:14:00, Apr 9 2019
INFO: rpi3: Checking DTB...
INFO: BL31: Initializing runtime services
INFO: BL31: cortex_a53: CPU workaround for 843419 was applied
INFO: BL31: cortex_a53: CPU workaround for 855873 was applied
INFO: BL31: Initializing BL32
DRAM: 128 MiB
RPI 3 Model B+ (0xa020d3)
MMC: mmc@7e202000: 0, sdhci@7e300000: 1
Loading Environment from FAT... OK
In: serial
Out: serial
Err: serial
Net: No ethernet found.
starting USB...
USB0: scanning bus 0 for devices... 4 USB Device(s) found
scanning usb for storage devices... 0 Storage Device(s) found
Hit any key to stop autoboot: 0
16105600 bytes read in 671 ms (22.9 MiB/s)
Loading kernel from FIT Image at 02000000 ...
Using 'config-1' configuration
Verifying Hash Integrity ... OK
Trying 'kernel-1' kernel subimage
Description: default kernel
Type: Kernel Image
Compression: uncompressed
Data Start: 0x020000c0
Data Size: 15071744 Bytes = 14.4 MiB
Architecture: AArch64
OS: Linux
Load Address: 0x00080000
Entry Point: 0x00080000
Hash algo: sha1
Hash value: 60c0bd58ae20a73eabf8d89b647bd3c19a137bc5
Verifying Hash Integrity ... sha1+ OK
Loading fdt from FIT Image at 02000000 ...
Using 'config-1' configuration
Verifying Hash Integrity ... OK
Trying 'fdt-1' fdt subimage
Description: device tree
Type: Flat Device Tree
Compression: uncompressed
Data Start: 0x02f5569c
Data Size: 25621 Bytes = 25 KiB
Architecture: AArch64
Load Address: 0x01000000
Hash algo: sha1
Hash value: d37f8aed170466dbf71dbf671f7487859c0dfcf0
Verifying Hash Integrity ... sha1+ OK
Loading fdt from 0x02f5569c to 0x01000000
Booting using the fdt blob at 0x1000000
Loading loadables from FIT Image at 02000000 ...
Trying 'tee-1' loadables subimage
Description: atf
Type: Standalone Program
Compression: uncompressed
Data Start: 0x02e5fba0
Data Size: 1006116 Bytes = 982.5 KiB
Architecture: AArch64
Load Address: 0x08400000
Entry Point: 0x08400000
Hash algo: sha1
Hash value: 4dc5a9130a711ae9414cdb6378ad6294f31d97d1
Verifying Hash Integrity ... sha1+ OK
Loading loadables from 0x02e5fba0 to 0x08400000
Loading Kernel Image ... OK
reserving fdt memory region: addr=0 size=1000
Loading Device Tree to 0000000007b36000, end 0000000007b3f414 ... OK
Starting kernel ...
...........
.........
Starting logging: OK
Initializing random number generator... done.
Set permissions on /dev/tee*: OK
Create/set permissions on /data/tee: OK
Starting tee-supplicant: OK
Starting network: OK
Welcome to Buildroot, type root or test to login
buildroot login:
The text was updated successfully, but these errors were encountered:
We should also proceed with OP-TEE/manifest#134 and OP-TEE/build#358 that you and @johnphilby created. I.e., getting things into the official trees. We don't want to rely on external instructions / trees etc, since we cannot vouch for things outside of our control.
@jbech-linaro We would like to closely work with you in improving OPTEE. The management has allocated two resources for the same - Ramya and Varsha. Would like to discuss this in a separate mail on the tasks they can work on. They have been tinkering with optee to get a hang of it and it seems they are comfortable taking additional tasks. If there is a ToDo list of the tasks and if you can point them in the right direction, it would help.
I couldn’t find the time for pushing those changes OP-TEE/build#358 since I do not work full time on OPTEE. Will definitely try to push it this weekend.
This issue has been marked as a stale issue because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this issue will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time.
Introduction:
These are the instructions we followed to build U-Boot and OP-TEE OS for Raspberry Pi 3 B+ using the FIT image format.
Building OPTEE-OS:
sudo apt-get install android-tools-adb android-tools-fastboot autoconf
automake bc bison build-essential cscope curl device-tree-compiler
expect flex ftp-upload gdisk iasl libattr1-dev libcap-dev
libfdt-dev libftdi-dev libglib2.0-dev libhidapi-dev libncurses5-dev
libpixman-1-dev libssl-dev libtool make
mtools netcat python-crypto python-serial python-wand unzip uuid-dev
xdg-utils xterm xz-utils zlib1g-dev git
$ mkdir
/bin/bin:$PATH$ PATH=
$ curl https://storage.googleapis.com/git-repo-downloads/repo > ~/bin/repo
$ chmod a+x ~/bin/repo
$ git config --global user.name "Your Name"
$ git config --global user.email "Your email"
(we’re using the latest version of OPTEE)
$ mkdir optee
$ cd optee
$ repo init -u https://github.com/johnphilby/manifest/tree/add-support-rpi3-bplus -m rpi3-bplus.xml
$ repo sync
$ cd build
once repo mainfest is done, Then we can build using the following command
$ make -j2 toolchains
$ make -j
nproc
4.1) Create a Signed image:
4.1.3) Copy image and DTB files to fit folder:
$ ln -s ../optee/linux/arch/arm64/boot/dts/broadcom/bcm2710-rpi-3-b-plus.dtb
$ ln -s ../optee/linux/arch/arm64/boot/Image
$ ln -s ../optee/arm-trusted-firmware/build/rpi3/debug/armstub8.bin
$ cp ../optee/linux/arch/arm64/boot/dts/broadcom/bcm2710-rpi-3-b-plus.dtb bcm2710-rpi-3-b-plus-pubkey.dtb
4.1.4) Generate a new RSA key pair:
$ mkdir keys
$ openssl genrsa -F4 -out keys/dev.key 2048
$ openssl req -batch -new -x509 -key keys/dev.key -out keys/dev.crt
4.1.5) Generate a signed FIT image:
../optee/u-boot/tools/mkimage -f image.its -K bcm2710-rpi-3-b-plus-pubkey.dtb -k keys -r image.fit
Build U-Boot with FIT image:
5.1)Replace the following lines in optee/build/rpi3/firmware/uboot.env.txt file:
boot_fit=bootm ${fit_addr}
fdt_addr_r=0x01000000
fit_addr=0x02000000
fdtfile=bcm2710-rpi-3-b-plus.dtb
load_fit=fatload mmc 0:1 ${fit_addr} image.fit
mmcboot=run load_fit; run set_bootargs_tty set_bootargs_mmc set_common_args; run boot_fit
Build U-Boot env file:
$ cd ../optee/build
$ make EXT_DTB=../../fit/bcm2710-rpi-3-b-plus-pubkey.dtb arm-tf u-boot-env
5.2) Configure FIT image support:
Add the following in optee/u-boot/configs/rpi_3_defconfig file
CONFIG_DEFAULT_DEVICE_TREE="bcm2837-rpi-3-b-plus"
CONFIG_OF_CONTROL=y
CONFIG_FIT=y
CONFIG_FIT_SIGNATURE=y
CONFIG_RSA=y
Add the following in optee/u-boot/include/configs/rpi.h file to support the larger FIT image:
#define CONFIG_SYS_BOOTM_LEN (16 << 20)
5.3) Build the U-Boot with FIT Image
$ cd optee/build/
$ make u-boot-clean arm-tf-clean u-boot-env-clean
$ make EXT_DTB=../../fit/bcm2710-rpi-3-b-plus-pubkey.dtb arm-tf u-boot-env u-boot
6.1) Prepare the SD card using following:
$ cd optee/build
$ make img-help
fdisk /dev/sdx # where sdx is the name of your sd-card
run the following as root
$ mkfs.vfat -F16 -n BOOT /dev/sdx1
$ mkdir -p /media/boot
$ mount /dev/sdx1 /media/boot
$ cd /media
$ gunzip -cd /home/ramya/optee_latest/optee/build/../out-br/images/rootfs.cpio.gz | sudo cpio -idmv "boot/*"
$ umount boot
run the following as root
$ mkfs.ext4 -L rootfs /dev/sdx2
$ mkdir -p /media/rootfs
$ mount /dev/sdx2 /media/rootfs
$ cd rootfs
$ gunzip -cd /home/ramya/optee_latest/optee/build/../out-br/images/rootfs.cpio.gz | sudo cpio -idmv
$ rm -rf /media/rootfs/boot/*
$ cd .. && umount rootfs
mount /dev/sdX1 /media/boot
cd /media/boot/
cp /home/ramya/optee_latest/optee/out/uboot.env .
cp /home/ramya/optee_latest/fit/image.fit .
cd .. && umount /dev/sdX1
Insert SD card into rpi3b+ board and verified boot configured correctly from U-Boot output:
Power up the board
You can see like below:
NOTICE: Booting Trusted Firmware
NOTICE: BL1: v2.0(debug):v2.0-580-g023bc01
NOTICE: BL1: Built : 18:13:54, Apr 9 2019
INFO: BL1: RAM 0x100ee000 - 0x100f7000
INFO: BL1: cortex_a53: CPU workaround for 843419 was applied
INFO: BL1: cortex_a53: CPU workaround for 855873 was applied
NOTICE: rpi3: Detected: Raspberry Pi 3 Model B+ (1GB, Sony, UK) [0x00a020d3]
INFO: BL1: Loading BL2
INFO: Loading image id=1 at address 0x100b4000
INFO: Image id=1 loaded: 0x100b4000 - 0x100b9410
NOTICE: BL1: Booting BL2
INFO: Image id=5 loaded: 0x11000000 - 0x1107fff8
NOTICE: BL1: Booting BL31
INFO: Entry point address = 0x100e0000
INFO: SPSR = 0x3cd
NOTICE: BL31: v2.0(debug):v2.0-580-g023bc01
NOTICE: BL31: Built : 18:14:00, Apr 9 2019
INFO: rpi3: Checking DTB...
INFO: BL31: Initializing runtime services
INFO: BL31: cortex_a53: CPU workaround for 843419 was applied
INFO: BL31: cortex_a53: CPU workaround for 855873 was applied
INFO: BL31: Initializing BL32
U-Boot 2019.01-00093-gaac0c29-dirty (Apr 10 2019 - 11:05:51 +0530)
DRAM: 128 MiB
RPI 3 Model B+ (0xa020d3)
MMC: mmc@7e202000: 0, sdhci@7e300000: 1
Loading Environment from FAT... OK
In: serial
Out: serial
Err: serial
Net: No ethernet found.
starting USB...
USB0: scanning bus 0 for devices... 4 USB Device(s) found
scanning usb for storage devices... 0 Storage Device(s) found
Hit any key to stop autoboot: 0
16105600 bytes read in 671 ms (22.9 MiB/s)
Loading kernel from FIT Image at 02000000 ...
Using 'config-1' configuration
Verifying Hash Integrity ... OK
Trying 'kernel-1' kernel subimage
Description: default kernel
Type: Kernel Image
Compression: uncompressed
Data Start: 0x020000c0
Data Size: 15071744 Bytes = 14.4 MiB
Architecture: AArch64
OS: Linux
Load Address: 0x00080000
Entry Point: 0x00080000
Hash algo: sha1
Hash value: 60c0bd58ae20a73eabf8d89b647bd3c19a137bc5
Verifying Hash Integrity ... sha1+ OK
Loading fdt from FIT Image at 02000000 ...
Using 'config-1' configuration
Verifying Hash Integrity ... OK
Trying 'fdt-1' fdt subimage
Description: device tree
Type: Flat Device Tree
Compression: uncompressed
Data Start: 0x02f5569c
Data Size: 25621 Bytes = 25 KiB
Architecture: AArch64
Load Address: 0x01000000
Hash algo: sha1
Hash value: d37f8aed170466dbf71dbf671f7487859c0dfcf0
Verifying Hash Integrity ... sha1+ OK
Loading fdt from 0x02f5569c to 0x01000000
Booting using the fdt blob at 0x1000000
Loading loadables from FIT Image at 02000000 ...
Trying 'tee-1' loadables subimage
Description: atf
Type: Standalone Program
Compression: uncompressed
Data Start: 0x02e5fba0
Data Size: 1006116 Bytes = 982.5 KiB
Architecture: AArch64
Load Address: 0x08400000
Entry Point: 0x08400000
Hash algo: sha1
Hash value: 4dc5a9130a711ae9414cdb6378ad6294f31d97d1
Verifying Hash Integrity ... sha1+ OK
Loading loadables from 0x02e5fba0 to 0x08400000
Loading Kernel Image ... OK
reserving fdt memory region: addr=0 size=1000
Loading Device Tree to 0000000007b36000, end 0000000007b3f414 ... OK
Starting kernel ...
...........
.........
Starting logging: OK
Initializing random number generator... done.
Set permissions on /dev/tee*: OK
Create/set permissions on /data/tee: OK
Starting tee-supplicant: OK
Starting network: OK
Welcome to Buildroot, type root or test to login
buildroot login:
The text was updated successfully, but these errors were encountered: