Add OP-TEE loading support to at91bootstrap v4.x

[clementleger]

This pull-request add the possibility to load optee binary from non volatile memory and boot it before booting the second level bootloader. Currently, U-Boot memory range needs to be modified to only use 0x20000000 -> 0x30000000 range where OP-TEE memory starts:

-#define CONFIG_SYS_SDRAM_SIZE          0x20000000
+#define CONFIG_SYS_SDRAM_SIZE          0x10000000

Once done, OP-TEE can start U-Boot:

AT91Bootstrap 4.0.0-rc3-00002-g5cefac2 (2021-06-08 14:29:12)

EEPROM: Loading AT24xx information ...
EEPROM: BoardName | [Revid] | VendorName
  #0  SAMA5D2-XULT [AB1]      ATMEL-RF0
EEPROM: BoardDate | Year | Week
EEPROM:             2016    27

EEPROM: Board sn: 0xd300000 revision: 0x400000

SD/MMC: Image: Read file u-boot.bin to 0x26f00000
MMC: ADMA supported
SD: Card Capacity: High or Extended
SD: Specification Version 3.0X
SD/MMC: Done to load image
SD/MMC: Image: Read file optee.bin to 0x2fffffe4
OP-TEE hdr info:
      magic=0x4554504f
      version=0x1
      arch=0x0
      flags=0x0
      load_addr=0x30000000
      init_size=0x768a8
Starting OP-TEE, Run at 0x30000000

...

I/TC: Non-secure external DT found
I/TC: Embedded DTB found
I/TC: atmel_uart: device parameters ignored (115200n8)
I/TC: Switching console to device: /ahb/apb/serial@f8020000
I/TC: OP-TEE version: 3.13.0-71-g716ecb6b-dev (gcc version 10.2.1 20210110 (Debian 10.2.1-6)) #15 Mon Jun  7 14:20:12 UTC 2021 arm
I/TC: Primary CPU initializing
I/TC: Primary CPU switching to normal world boot

<debug_uart>

U-Boot 2021.07-rc3-00060-g89be8e31cc-dirty (Jun 03 2021 - 14:38:13 +0200)

CPU: Unknown CPU type
Crystal frequency:       12 MHz
CPU clock        :      498 MHz
Master clock     :      166 MHz
DRAM:  256 MiB
MMC:   sdio-host@a0000000: 0, sdio-host@b0000000: 1
Loading Environment from SPIFlash... SF: Detected at25df321a with page size 256 Bytes, erase size 4 KiB, total 4 MiB
*** Warning - bad CRC, using default environment

...

Starting kernel ...

Booting Linux on physical CPU 0x0
Linux version 4.19.78-linux4sam-6.2 (oe-user@oe-host) (gcc version 8.3.0 (GCC)) #1 Thu Oct 24 23:16:08 UTC 2019

Supported header for OP-TEE binary is only version 1 (same as U-Boot). The current implementation let at91bootstrap load both OP-TEE and U-Boot and pass normal world boot informations to OP-TEE via registers.

[ehristev]

Hi,

your log shows bootstrap 3.10.2, your PR is for 4.x however... this is for 4.x correct ?

Thanks

[clementleger]

Oups Indeed, I prepared the pull req for 3.X but ended up doing only the 4.X for review to start. I will fix that.

[ehristev]

Hi,

Currently, U-Boot memory range needs to be modified to only use 0x20000000 -> 0x30000000 range where OP-TEE memory starts:

What happens if we do not do this ? U-boot will have access to the whole memory ? Isn't the OPTEE memory protected to NS accesses ?

[clementleger]

Hi,

Currently, U-Boot memory range needs to be modified to only use 0x20000000 -> 0x30000000 range where OP-TEE memory starts:

What happens if we do not do this ? U-boot will have access to the whole memory ? Isn't the OPTEE memory protected to NS accesses ?

U-Boot will simply stall since it will try to access all the memory (cf get_ram_size) and thus the secure memory zone. Since this part of DRAM is secure it will trigger an exception catched by OP-TEE.

[ehristev]

Hi,

Currently, U-Boot memory range needs to be modified to only use 0x20000000 -> 0x30000000 range where OP-TEE memory starts:

What happens if we do not do this ? U-boot will have access to the whole memory ? Isn't the OPTEE memory protected to NS accesses ?

U-Boot will simply stall since it will try to access all the memory (cf get_ram_size) and thus the secure memory zone. Since this part of DRAM is secure it will trigger an exception catched by OP-TEE.

Sounds expected. Where are you selecting the ram partition to be secure/non-secure ? Is this something that the OPTEE itself does ?

What is unexpected is that we use only half of DRAM for U-boot/Linux. How much memory does OPTEE require ?

[clementleger]

Hi Eugen,

Indeed this configuration is enforced by OP-TEE. This is the current configuration and 8Mb are actually secured in this memory zone. But the location is quite inconvenient as this is right in the middle of the DRAM. To be more clear, current mapping is | 256Mb non secure | 8Mb secure | 248Mb non secure | Linux however should be able to use the whole memory (except the TEE hole of course) by providing a correct device tree. Anyway, I will probably rework that to put OP-TEE at the end of the DRAM.

[clementleger]

Updated version:

• Move OP-TEE load address from 0x30000000 to 0x20000000
• Use Microchip licenses on added files

[clementleger]

Update version:

• added CONFIG_OPTEE_IMAGE_NAME

[clementleger]

Update version:

• Add attribute packed to be (absolutely) sure there will be no padding to optee_header
• Had to remove optee header dump since at91bootstrap won't fit anymore in 0x6000 bytes (u-boot env).
• Fix missing ifdef for get_image_load_offset prototype
• Use SPDX header
• Remove useless line from Config.in.optee

[ehristev]

@alexandrebelloni do you plan to review this PR ? Otherwise I will merge it as is. Thanks !

[alexandrebelloni]

I just approuved the changes, I believe you can merge it

[ehristev]

First commit was applied. You can rebase the PR.

[ehristev]

@nirvann maybe you have time to look over this commit , and give us your opinion ? Thanks !

[clementleger]

New version:

• Removes trampoline
• Allow loading Linux & OP-TEE from at91bootstrap

[clementleger]

New revision:

• Add THUMB mode support in optee_switch.S

[ehristev]

Applied some of the commits, thanks ! You can rebase the PR Waiting for Ack by @noglitch for the rest of the series.

[noglitch]

Applied some of the commits, thanks ! You can rebase the PR Waiting for Ack by @noglitch for the rest of the series.

I'm fine with the solution found: Acked-by: Nicolas Ferre nicolas.ferre@microchip.com

Cc: @ehristev, @clementleger Thanks, Regards,

[ehristev]

Applied ! Thanks for your efforts.