rk3399 install tee-pager_v2.bin with trust_merger from rockchip

[Dvergatal]

Hi All, i know that trust_merger is not your component, but rockchip, altougth maybe somebody knows or have had similar problems. I have build tee-pager_v2.bin for rk3399 and wanted to merge it with this trust_merger to make a trust.img but it threw me an error: E: [mergetrust] file bin/rk33/rk3399_bl32_v1.18.bin too large which is due to BL3X_FILESIZE_MAX = 512 * 1024 in trust_merger.c

The size of mine tee-pager_v2.bin is 638,16 KB, so as u can see it exceeds this BL3X_FILESIZE_MAX and rockchips' blobs has only ~370,27 KB. Maybe i am compiling it wrong?

[jenswi-linaro]

Yes, it seems a bit large. Sometimes this happens because some of the pager of init code pulls in some unexpected dependency. Building the mem_usage target gives tee.mem_usage which can give some clues.

[Dvergatal]

Ok i have compiled mem_usage and this is the output:

RAM Usage        30000000 - 300DDD80 size 000DDD80 888 KiB 222 pages
.text            30000000 - 3007A950 size 0007A950 490 KiB
*hole*           3007A950 - 3007B000 size 000006B0   1 KiB
.rodata          3007B000 - 3009B118 size 00020118 128 KiB
.gnu.hash        3009B118 - 3009B134 size 0000001C   0 KiB
*hole*           3009B134 - 3009B138 size 00000004   0 KiB
.got             3009B138 - 3009B3D8 size 000002A0   0 KiB
*hole*           3009B3D8 - 3009C000 size 00000C28   3 KiB
.data            3009C000 - 3009E918 size 00002918  10 KiB
*hole*           3009E918 - 3009E920 size 00000008   0 KiB
.bss             3009E920 - 300ABB78 size 0000D258  52 KiB
.heap1           300ABB78 - 300BC000 size 00010488  65 KiB
.nozi            300BC000 - 300DDD80 size 00021D80 135 KiB

And one more thing to build optee_os i used a command:

make CFG_ARM64_core=y CFG_TEE_BENCHMARK=n CFG_TEE_CORE_LOG_LEVEL=3 CROSS_COMPILE=aarch64-linux-gnu- CROSS_COMPILE_core=aarch64-linux-gnu- CROSS_COMPILE_ta_arm32=arm-linux-gnueabihf- CROSS_COMPILE_ta_arm64=aarch64-linux-gnu- DEBUG=1 O=out/arm PLATFORM=rockchip-rk3399

[jenswi-linaro]

Try to compile without DEBUG=1

[Dvergatal]

Ok now it has 432280 bytes. Thanks Jens.

[Dvergatal]

Unfortunately it says it is still too large... I have also modified trust_merger.c BL3X_FILESIZE_MAX = 512 1024 into BL3X_FILESIZE_MAX = 1024 1024 and with this it works, but the system isn't starting up and i dunno what can be the cause.

[liuyunli]

can you share the serial port log?

[Dvergatal]

Yes but first i need to connect the uart to see the log. I will do that tomorrow because of the covid a friend from company has it at home.

BTW. with newest firefly-sdk-20200629.7z and the manual for buildroot compile now the trust_merger works correctly, without BL3X_FILESIZE_MAX correction, but still the system does not bootup.

When i will have the log i will post it at once.

P.S. I thougth about one more thing i can give you the source code from which i've been compiling from optee_os and the command is in previous post.

[liuyunli]

can you share that if you just rename tee-pager_v2.bin to bin/rk33/rk3399_bl32_v1.18.bin ?

[Dvergatal]

I don't understand. What can i share? This tee-pager_v2.bin or the log for booting the rk3399 with mine tee-pager_v2.bin ?

[liuyunli]

for your purpose of building OPTEE used for rk3399, what's the difference between file tee-pager_v2.bin and bin/rk33/rk3399_bl32_v1.18.bin ?

[liuyunli]

I mean if I want to build OPTEE used for rk3399, can I rename tee-pager_v2.bin which build from OPTEE and rename to bin/rk33/rk3399_bl32_v1.18.bin to boot up the board?

[Dvergatal]

Yes that is correct.

[Dvergatal]

But you also need to merge it into trust.img. The simplest way is as you said rename and just ./build.sh uboot.

[Dvergatal]

Ok, this is my log from uart:

DDR Version 1.24 20191016
In
Channel 0: DDR3, 800MHz
Bus Width=32 Col=10 Bank=8 Row=15/15 CS=2 Die Bus-Width=16 Size=2048MB
Channel 1: DDR3, 800MHz
Bus Width=32 Col=10 Bank=8 Row=15/15 CS=2 Die Bus-Width=16 Size=2048MB
256B stride
ch 0 ddrconfig = 0x101, ddrsize = 0x2020
ch 1 ddrconfig = 0x101, ddrsize = 0x2020
pmugrf_os_reg[2] = 0x3AA17AA1, stride = 0xD
OUT
Boot1 Release Time: May 29 2020 17:36:36, version: 1.26
CPUId = 0x0
ChipType = 0x10, 337
SdmmcInit=2 0
BootCapSize=100000
UserCapSize=14910MB
FwPartOffset=2000 , 100000
mmc0:cmd8,20
mmc0:cmd5,20
mmc0:cmd55,20
mmc0:cmd1,20
mmc0:cmd8,20
mmc0:cmd5,20
mmc0:cmd55,20
mmc0:cmd1,20
mmc0:cmd8,20
mmc0:cmd5,20
mmc0:cmd55,20
mmc0:cmd1,20
SdmmcInit=0 1
StorageInit ok = 68548
SecureMode = 0
SecureInit read PBA: 0x4
SecureInit read PBA: 0x404
SecureInit read PBA: 0x804
SecureInit read PBA: 0xc04
SecureInit read PBA: 0x1004
SecureInit read PBA: 0x1404
SecureInit read PBA: 0x1804
SecureInit read PBA: 0x1c04
SecureInit ret = 0, SecureMode = 0
atags_set_bootdev: ret:(0)
GPT part:  0, name:            uboot, start:0x4000, size:0x2000
GPT part:  1, name:            trust, start:0x6000, size:0x2000
GPT part:  2, name:             misc, start:0x8000, size:0x2000
GPT part:  3, name:             boot, start:0xa000, size:0x10000
GPT part:  4, name:         recovery, start:0x1a000, size:0x10000
GPT part:  5, name:           backup, start:0x2a000, size:0x10000
GPT part:  6, name:              oem, start:0x3a000, size:0x20000
GPT part:  7, name:           rootfs, start:0x5a000, size:0x185c00
GPT part:  8, name:         userdata, start:0x1dfc00, size:0x1b3f3df
find part:uboot OK. first_lba:0x4000.
find part:trust OK. first_lba:0x6000.
Trust Addr:0x6000, 0x58334c42
No find bl30.bin
Load uboot, ReadLba = 4000
Load OK, addr=0x200000, size=0xda214
RunBL31 0x40000 @ 109383 us
NOTICE:  BL31: v1.3(release):845ee93
NOTICE:  BL31: Built : 15:51:11, Jul 22 2020
NOTICE:  BL31: Rockchip release version: v1.1
INFO:    GICv3 with legacy support detected. ARM GICV3 driver initialized in EL3
INFO:    Using opteed sec cpu_context!
INFO:    boot cpu mask: 0
INFO:    plat_rockchip_pmu_init(1196): pd status 3e
INFO:    BL31: Initializing runtime services
INFO:    BL31: Initializing BL32

and it just hangs nothing happens....

[liuyunli]

# Log levels for the TEE core. Defines which core messages are displayed
# on the secure console. Disabling core log (level set to 0) also disables
# logs from the TAs.
# 0: none
# 1: error
# 2: error + warning
# 3: error + warning + debug
# 4: error + warning + debug + flow
CFG_TEE_CORE_LOG_LEVEL ?= 1

[Dvergatal]

As you can see in my previous post with the command for op-tee compilation, i have it set on CFG_TEE_CORE_LOG_LEVEL=3. I can try with setting to 4 if that something help with.

[Dvergatal]

Unfortunately no. I have tried with 1,3 and 4. With 0 it does not build. I think there is no point to build it with 2. Nothing happens, no output.

[Dvergatal]

Hmm i have one more thing which may lead us to something. Do i need to compile also arm_trusted_firmware which will point to my optee? Because according to #2994 issue i do not. Maybe this is the cause, that i have to also build bl31.bin? BTW. i have checked bl31 with compilation method:

make CROSS_COMPILE=aarch64-linux-gnu- PLAT=rk3399 bl31

and everything works, bl31 is being loaded:

...
find part:uboot OK. first_lba:0x4000.
find part:trust OK. first_lba:0x6000.
Trust Addr:0x6000, 0x58334c42
No find bl30.bin
Load uboot, ReadLba = 4000
Load OK, addr=0x200000, size=0xda214
RunBL31 0x40000 @ 106529 us

U-Boot 2017.09 (Nov 11 2020 - 10:27:07 +0100)
...

but as you can see no BL32 running section. Probably i need to set some compilations' flags. I have tried adding SPD=opteed but than it hangs on BL31.

[Dvergatal]

Ok i have compiled the older version for arm trusted firmware which was 1.3 tag. The command was:

make CROSS_COMPILE=aarch64-linux-gnu- PLAT=rk3399 LOG_LEVEL=40 CRASH_REPORTING=1 SPD=opteed bl31

Now with this arm trusted firmware the bl31 is being loaded properly and it tries to load BL32, but still it hangs on loading BL32. So the conclusion is that newest version of arm-trusted-firmware does not work with my firefly-rk3399. It also didn't want to produce any logs as it does with older:

Trust Addr:0x6000, 0x58334c42
No find bl30.bin
Load uboot, ReadLba = 4000
Load OK, addr=0x200000, size=0xda214
RunBL31 0x10000 @ 105365 us
NOTICE:  BL31: v1.3(release):d43a527de
NOTICE:  BL31: Built : 13:54:15, Nov 14 2020
INFO:    GICv3 with legacy support detected. ARM GICV3 driver initialized in EL3
INFO:    plat_rockchip_pmu_init(1331): pd status 3e
INFO:    BL31: Initializing runtime services
INFO:    BL31: Initializing BL32

but as you can see it still hangs on initializing BL32...

[liuyunli]

can you share the log using default bin file without any modify

[Dvergatal]

Yes for the default one i can share not a problem. One sec.

Ok got it uploaded: firefly-rk3399-default-logfile.txt

[liuyunli]

Are you using the master branch to build ?
Maybe you can try to build with code of git tag 3.8.0 or 3.9.0

[Dvergatal]

Yes i'm using master branch. Tags 3.8.0 and 3.9.0 were also checked. And still nothing. Right now i have added some debugs to opteed dispatcher in arm_trusted_firmware_a 1.3 which is working for me, so i could check on what function it hangs...

[Dvergatal]

Ok, the dispatcher hangs on calling opteed_synchronous_sp_entry in services/spd/opteed/opteed_main.c

[liuyunli]

Congratulations. Hope you can solve ASAP.

[Dvergatal]

We will see i hope i will find the cause... i will give a post if i will find something more.

[Dvergatal]

Found that calling of function opteed_enter_sp in opteed_synchronous_sp function in file services/spd/opteed/opteed_common.c causes the hang. And now it gets tough, because from what i can see this function is in assembler ./services/spd/opteed/opteed_helpers.S and i dunno how to debug it... INFO macro is no longer accessible.

[liuyunli]

Back to the begining. Where do you get the info of rename tee-pager_v2.bin which build from OPTEE and rename to bin/rk33/rk3399_bl32_v1.18.bin ?

[liuyunli]

I guess the crash point is switching to the TEE, there is no correct code is prepared for running.

[Dvergatal]

I have read bug #2994 and that is what JosephChen2017 has written. I am also discussing with him via mail.

P.S. I guess you are right because yesterday i was grepping the code of optee and discovered that there aren't these functions:

INF [0x0] TEE-CORE:init_primary_helper:337: Initializing (1.1.0-221-gda2bcfdc #139 Mon Jun 17 03:14:33 UTC 2019 aarch64)

INF [0x0] TEE-CORE:init_primary_helper:338: Release version: 1.2

INF [0x0] TEE-CORE:init_teecore:83: teecore inits done

which are for older versions of op-tee.

[liuyunli]

How is it going?

[Dvergatal]

Hi liuyunli, still not good.

[liuyunli]

can you try this: 32bit CROSS_COMPILE OPTEE-OS TAG 3.8.0 or 3.9.0 without ATF bl31 modify

[Dvergatal]

Using the old atf 1.3 ?

[liuyunli]

yes

[Dvergatal]

ok will do

[Dvergatal]

arm-linux-gnueabihf-gcc: error: unrecognized command line option '-mstrict-align'; did you mean '-Wstrict-aliasing'? arm-linux-gnueabihf-gcc: error: unrecognized command line option '-mgeneral-regs-only'

[Dvergatal]

Ok finaly i got it ATF working. The problem was that the baudrate in arm-trusted-firmware/plat/rockchip/rk3399/rk3399_def.h was 115200 and for firefly it should be 1500000. So ATF 2.3 log print is now working yuppi:D Thanks to Kever Yang from u-boot. Now i have to check also optee.

Ok optee still not working. It still hangs. I need to check than 32 bit version. Hmmm i suppose 32 bit version is not possible to compile on armv8. Correct me if i'm wrong.

[liuyunli]

which board are you using for developing rk3399 chip?

[Dvergatal]

firefly-rk3399

[Dvergatal]

Hi all, i have finally managed to boot atf 2.4 with op-tee 3.6.0 using u-boot tpl/spl boot flow. The rockchip boot flow does not work for me. Thanks to Heiko Stübner for his great effort in solving this issue together with me. Also with 3.8.0 optee changed the build process and nobody has adapted the u-boot side yet. I can close now this issue. Many thanks to all for your help.

[pranavsingh1708]

Hi @Dvergatal I am also trying same configuration on rockpro64 which comes with rk3399. Could you please share steps to boot optee_os.

[Dvergatal]

Hi @pranavsingh1708, you need to use newest u-boot from github, before you build it you need to build atf with support for optee dispatcher and rockchip platform and optee also for rockchip platform - atf and optee are on my github, just clone it and build with commands provided in readme file, than copy the resulting files tee.elf and bl31.elf to u-boot directry. Now you can build u-boot for your board - just simply type:

make CROSS_COMPILE=aarch64-linux-gnu- name_of_your_board

Than you have two files:

• idbloader.img
• u-boot.itb

Now you have two options you can write it on sdcard or into board memory. For faster testing i would suggest you to write it on sdcard using this two commands:

dd if=idbloader.img of=/dev/mmcblk0 seek=64
dd if=u-boot.itb of=/dev/mmcblk0 seek=16384

Don't forget to do that with sudo or as super user. Moreover mmcblk0 is the device name on mine computer on your's it may differ. And that's all. After that it all should work.

BTW. If you don't have sdcard reader on your board, than you have to use rockchip app rkdeveloptool.

[pranavsingh1708]

Hi @Dvergatal, Thanks for the elaboration. OPTEE from your repo does boot. I even booted ver 3.7.0 with the platform files from your repo. As you have mentioned that the optee build process have changed from 3.8.0 onwards, What further changes would be required to boot current versions on the same platform. PS: I tried newer versions but it does not boot. Any lead would be appreciated as I could try booting current versions.

[Dvergatal]

Hi @pranavsingh1708, N/P. I haven't checked it yet. You could talk with mmind. He is well informed with rockchip platform and he has a good knowledge in it.

BTW. Why do you need the newest version?

[pranavsingh1708]

Hi @Dvergatal thanks for the info. I will contact him once I finish other porting effort. Its just for experimentation, I wanted to try newest version. Moreover, I initially tried the current version and it didn't boot so I got curious about it. I think you may close this thread otherwise it will be marked stalled and if I want some other information I will ping you again. regards pranav

[github-actions[bot]]

This issue has been marked as a stale issue because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this issue will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time.

[muvarov]

Hi @pranavsingh1708, you need to use newest u-boot from github, before you build it you need to build atf with support for optee dispatcher and rockchip platform and optee also for rockchip platform - atf and optee are on my github, just clone it and build with commands provided in readme file, than copy the resulting files tee.elf and bl31.elf to u-boot directry. Now you can build u-boot for your board - just simply type:

make CROSS_COMPILE=aarch64-linux-gnu- name_of_your_board

Than you have two files:

* idbloader.img

* u-boot.itb

Now you have two options you can write it on sdcard or into board memory. For faster testing i would suggest you to write it on sdcard using this two commands:

dd if=idbloader.img of=/dev/mmcblk0 seek=64
dd if=u-boot.itb of=/dev/mmcblk0 seek=16384

Don't forget to do that with sudo or as super user. Moreover mmcblk0 is the device name on mine computer on your's it may differ. And that's all. After that it all should work.

BTW. If you don't have sdcard reader on your board, than you have to use rockchip app rkdeveloptool.

@Dvergatal did you boot optee with u-boot.itb without trust.img?

[Dvergatal]

Yes that is the second boot flow which is described on rockchip site.

Pobierz aplikację Outlook dla systemu iOShttps://aka.ms/o0ukef

---

Od: muvarov @.> Wysłane: Thursday, January 13, 2022 11:49:13 AM Do: OP-TEE/optee_os @.> DW: Piotr Lobacz @.>; Mention @.> Temat: Re: [OP-TEE/optee_os] rk3399 install tee-pager_v2.bin with trust_merger from rockchip (#4197)

Hi @pranavsingh1708https://github.com/pranavsingh1708, you need to use newest u-boot from github, before you build it you need to build atf with support for optee dispatcher and rockchip platform and optee also for rockchip platform - atf and optee are on my github, just clone it and build with commands provided in readme file, than copy the resulting files tee.elf and bl31.elf to u-boot directry. Now you can build u-boot for your board - just simply type:

make CROSS_COMPILE=aarch64-linux-gnu- name_of_your_board

Than you have two files:

• idbloader.img

• u-boot.itb

Now you have two options you can write it on sdcard or into board memory. For faster testing i would suggest you to write it on sdcard using this two commands:

dd if=idbloader.img of=/dev/mmcblk0 seek=64 dd if=u-boot.itb of=/dev/mmcblk0 seek=16384

Don't forget to do that with sudo or as super user. Moreover mmcblk0 is the device name on mine computer on your's it may differ. And that's all. After that it all should work.

BTW. If you don't have sdcard reader on your board, than you have to use rockchip app rkdeveloptoolhttp://opensource.rock-chips.com/wiki_Boot_option#Boot_from_eMMC.

@Dvergatalhttps://github.com/Dvergatal did you boot optee with u-boot.itb without trust.img?

— Reply to this email directly, view it on GitHubhttps://github.com/OP-TEE/optee_os/issues/4197#issuecomment-1012018043, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ARIYQXWHOIL3SNFCJNXQE33UV2U2TANCNFSM4TNTMH4Q. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you were mentioned.Message ID: @.***>

[Softgent logo]https://www.softgent.com

Softgent Sp. z o.o., Budowlanych 31d, 80-298 Gdansk, POLAND

KRS: 0000674406, NIP: 9581679801, REGON: 367090912

www.softgent.comhttps://www.softgent.com

Sąd Rejonowy Gdańsk-Północ w Gdańsku, VII Wydział Gospodarczy Krajowego Rejestru Sądowego

KRS 0000674406, Kapitał zakładowy: 25 000,00 zł wpłacony w całości.

Jesteśmy uczestnikiem Programu RZETELNA Firma Sprawdź naszą rzetelność na https://www.rzetelnafirma.pl/F5IA32UW

[008kai]

Hi @pranavsingh1708, you need to use newest u-boot from github, before you build it you need to build atf with support for optee dispatcher and rockchip platform and optee also for rockchip platform - atf and optee are on my github, just clone it and build with commands provided in readme file, than copy the resulting files tee.elf and bl31.elf to u-boot directry. Now you can build u-boot for your board - just simply type:

make CROSS_COMPILE=aarch64-linux-gnu- name_of_your_board

Than you have two files:

• idbloader.img
• u-boot.itb

Now you have two options you can write it on sdcard or into board memory. For faster testing i would suggest you to write it on sdcard using this two commands:

dd if=idbloader.img of=/dev/mmcblk0 seek=64
dd if=u-boot.itb of=/dev/mmcblk0 seek=16384

Don't forget to do that with sudo or as super user. Moreover mmcblk0 is the device name on mine computer on your's it may differ. And that's all. After that it all should work.

BTW. If you don't have sdcard reader on your board, than you have to use rockchip app rkdeveloptool.

Hi @pranavsingh1708, you need to use newest u-boot from github, before you build it you need to build atf with support for optee dispatcher and rockchip platform and optee also for rockchip platform - atf and optee are on my github, just clone it and build with commands provided in readme file, than copy the resulting files tee.elf and bl31.elf to u-boot directry. Now you can build u-boot for your board - just simply type:

make CROSS_COMPILE=aarch64-linux-gnu- name_of_your_board

Than you have two files:

• idbloader.img
• u-boot.itb

Now you have two options you can write it on sdcard or into board memory. For faster testing i would suggest you to write it on sdcard using this two commands:

dd if=idbloader.img of=/dev/mmcblk0 seek=64
dd if=u-boot.itb of=/dev/mmcblk0 seek=16384

Don't forget to do that with sudo or as super user. Moreover mmcblk0 is the device name on mine computer on your's it may differ. And that's all. After that it all should work.

BTW. If you don't have sdcard reader on your board, than you have to use rockchip app rkdeveloptool.

I would like to ask, after successfully enabling optee, are there /dev/tee0 and /dev/teepriv0 driver nodes in the /dev directory?