Supporting Ubuntu + OP-TEE as a QEMU Target

[ThePerfectComputer]

I’ve managed to create an OP-TEE enabled Ubuntu build for the PineA64-LTS board. I’m now trying to get a similar build working in QEMU.

For the Pine board, I took the following step:

• deb-bootstrapped a Ubuntu aarch64 rootfs which I then chrooted into and built OPTEE—OS and xtest
• built the Linux kernel(with CONFIG_TEE=y) and installed it along with sun50i-a64-pine64-lts.dtb into /boot in the rootfs.
• exited the chroot and built TFA followed by a build of U-Boot with TEE= and BL31= flags set appropriately. TEE= has to point to the tee-pager_v2.bin contained within the rootfs.
• formed a .img file placing the resulting u-boot binary at the appropriate offset followed by an ext2 partition containing the rootfs.
• created a boot.scr for U-Boot to use to load the kernel and device tree at the appropriate addresses.

I was then able to successfully boot into Ubuntu on the PineA64 and run xtest.

I’ve been trying to get a similar process working for Ubuntu in QEMU - and am hoping for any insights into how one would do this?

Some questions I’ve been encountering:

1. What are the right options to pass QEMU? I know some options include secure=on,mte=off,gic-version=3 for example.
2. I assume of have ate apply an overlay to the FDT that gets passed to QEMU?

[jforissier]

Hi @ThePerfectComputer,

I don't think QEMU provides an emulation of the PineA64, but you could try running the binaries prepared for the real board with the virt machine (-machine virt). The u-boot binary should probably be supplied as the -bios parameter, and the root FS as -drive if=none,file=rootfs.img,id=hd0 -device virtio-blk-device,drive=hd0. For other parameters including secure=on etc. please see the command line that is launched by make run in the OP-TEE dev environment (https://optee.readthedocs.io/en/latest/building/devices/qemu.html#qemu-v8).

qemu-system-aarch64 -nographic -smp 2 -cpu max,sme=on,pauth-impdef=on \
    -d unimp -semihosting-config enable=on,target=native -m 1057 -bios bl1.bin
    -initrd rootfs.cpio.gz -kernel Image \
    -append 'console=ttyAMA0,38400 keep_bootcon root=/dev/vda2' \
    -object rng-random,filename=/dev/urandom,id=rng0 \
    -device virtio-rng-pci,rng=rng0,max-bytes=1024,period=1000 \
    -netdev user,id=vmnic -device virtio-net-device,netdev=vmnic \
    -machine virt,acpi=off,secure=on,mte=off,gic-version=3,virtualization=false
    -s -S -serial tcp:127.0.0.1:54320 -serial tcp:127.0.0.1:54321

As for the FDT, QEMU constructs its own internally and I don't know how you can pass overlays :-/

[ThePerfectComputer]

Ah. I'm not trying to emulate the Pine64 board in QEMU -more so, I'm trying to build an OPTEE enabled Ubuntu that runs in QEMU as opposed to just an OPTEE enabled Buildroot which is what the OPTEE scripts currently build.