Closed gagachang closed 4 years ago
Emantor
commented
4 years ago Most people use a build system for this, i.e. either ptxdist, buildroot or Yocto. These need to be adjusted to your taste, i.e. do you want the NXP downstream kernel or upstream linux, which userspace utilities and so on. Ptxdist is still stuck on an old OP-TEE version (3.6.0), but would welcome patches to update OP-TEE, same for buildroot and Yocto. Yocto has recipes in the meta-linaro layer.
gagachang
commented
4 years ago Hi, @Emantor
Thanks for your suggestion, it's very helpful.
I built my system with Linux and OP-TEE v3.7.0, and I can log in buildroot successfully.
However, when I test the applications such as xtest and optee_example_*, the system stucked.
Can you help me solve it? Here is the system logs before it stucked:
D/TC:? 0 tee_ta_init_pseudo_ta_session:280 Lookup pseudo TA cb3e5ba0-adf1-11e0-998b-0002a5d5c51b
D/TC:? 0 load_ldelf:707 ldelf load address 0x104000
D/LD: ldelf:134 Loading TA cb3e5ba0-adf1-11e0-998b-0002a5d5c51b
D/TC:? 0 tee_ta_init_pseudo_ta_session:280 Lookup pseudo TA 3a2f8978-5dc0-11e8-9c2d-fa7ae01bbebc
D/TC:? 0 tee_ta_init_pseudo_ta_session:293 Open system.pta
D/TC:? 0 tee_ta_init_pseudo_ta_session:307 system.pta : 3a2f8978-5dc0-11e8-9c2d-fa7ae01bbebc
D/TC:? 0 system_open_ta_binary:239 Lookup user TA ELF cb3e5ba0-adf1-11e0-998b-0002a5d5c51b (Secure Storage TA)I think the problem is tee-supplicant? It can't find Secure storage TAs in Linux.
The tutorials I referenced are 1 and 2.
Here is my environment:
u-boot: boundarydevices/u-boot-imx6 branch boundary v2018.07 with nitrogen6q_defconfig
Linux: linaro-swg/linux branch optee with imx_v6_v7_defconfig
OP-TEE version 3.7.0 and buildroot from OP-TEE/manifest
When I compiled buildroot, I deleted the configure file optee_aarch32 in build/br-ext/configs.
And I added these configures:
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_NEON=y
BR2_ARM_ENABLE_VFP=y
BR2_ARM_FPU_VFPV3=yAny suggestions would be appreciated. Thank you!!
gagachang
commented
4 years ago I found #3405 #3734 , it seems the CAAM caused the hanging of system.
The problem is solved when I built OP-TEE 3.6.0 and upstream linaro-swg/linux/optee.
I will try the upstream OP-TEE and old Linux kernel version later.
And expect for the fixes of upstream linux kernel.
Thank you, @Emantor 👍
Emantor
commented
4 years ago 3.8.0 has the CAAM disabled by default, so should be good to go with upstream kernels.
gagachang
commented
4 years ago @Emantor , with 3.8.0 I encountered the #3567 . I wonder that if there were any fixes merged into the upstream OP-TEE ?
Emantor
commented
4 years ago Are you experiencing this with U-Boot? In this case that may no longer be barebox specific as I thought. This would mean that OP-TEE needs to be fixed. I tried to fix this in https://github.com/OP-TEE/optee_os/pull/3569, but couldn't come up with a working version. If the problem also exists on U-Boot I'll gladly try again to fix this within OP-TEE.
gagachang
commented
4 years ago Hi, @Emantor Yes, I just experienced again and encountered the same problem. But my u-boot is from boundarydevices/u-boot-imx6 branch boundary-v2018.07 , because I use BD-SL-i.MX6 Sabre Lite board from Boundary Devices. Maybe the problem would not exist on original u-boot, I'll test it later.
Here is environment :
Linux : linaro-swg/linux branch optee with imx_v6_v7_defconfig
DTB : imx6q-sabrelite.dtb from linaro-swg/linux
u-boot : boundarydevices/u-boot-imx6 branch boundary-v2018.07 with nitrogen6q_defconfig
OP-TEE 3.8.0 and buildroot : from OP-TEE/manifest branch 3.8.0 with some different buildroot configures
The system logs :
I/TC: Non-secure external DT found
E/TC:0 0 check_phys_mem_is_outside:333 Non-sec mem (0x10000000:0x40000000) overlaps map (type 2 0x4e000000:0x52000)
E/TC:0 0 Panic at core/arch/arm/mm/core_mmu.c:334 <check_phys_mem_is_outside>
E/TC:0 0 TEE load address @ 0x4e000000
E/TC:0 0 Call stack:
E/TC:0 0 0x4e0060fdThe same problem exists when built OP-TEE with original u-boot from OP-TEE/manifest branch 3.8.0 .
The u-boot configure file is nitrogen6q_defconfig .
The device tree source file is imx6q-sabrelite.dts .
Emantor
commented
4 years ago Thanks for looking into it. Whats happening here is the following:
core_mmu_set_discovered_nsec_ddr() causes some platforms to fail since they haven't been converted to the generic memory layout.
niusenc
commented
3 years ago Hi, I also meet a problem when I was trying to build OPTEE on i.MX6Q Sabre Lite. I follow this link: https://yilingxu.github.io/OP-TEE-on-i.MX-6Quad-SABRE-SD But I met a problem, in step 7, it says "Copy all file in out/export to the rootfs of the target board". However, I did not find and rootfs in my SD card or compiled files. Do I need to download rootfs from somewhere?
Thanks in advance
gagachang
commented
3 years ago Hi, @niusenc
I built OP-TEE on i.MX6Q Sabre Lite with my modified makefile The build steps are same as official OP-TEE document. The rootfs is build by buildroot.
But the makefile have not been updated for a year, so I am not sure if it works well on upstream OP-TEE. Maybe you can refer it or have a try on it :)
For standalone rootfs. Linaro kindly releases prebuild rootfs. https://releases.linaro.org/debian/images/ You could download it and copy rootfs to SD card
niusenc
commented
3 years ago @gagachang Thanks! I will try it.
niusenc
commented
3 years ago Hi @gagachang , Thanks for your help. I also have a question. Did you successfully test the optee only in uboot or in regular OS on i.MX6Q Sabre Lite?
Thanks
gagachang
commented
3 years ago @niusenc
Yes, I tested the OP-TEE with linux kernel aside on i.MX6Q Sabre Lite successfully. This is the environment I tested an year ago. I did not try the latest OP-TEE
Actually, I finally changed to stm32mp1 platform for more convenient development.
Hello,
I bought an i.MX6Q Sabre Lite, and I want to build latest OP-TEE + Linux on it. The documentation shows that i.MX platforms are supported. But I didn't see the xml file and makefiles related to i.MX platform in the
OP-TEE/manifestandOP-TEE/buildrepositories. Can someone guide me how to do this?Thanks for your help.