Differences
This shows you the differences between two versions of the page.
|
ass:labs-2025:05:tasks:01 [2025/08/08 08:36] florin.stancu |
ass:labs-2025:05:tasks:01 [2025/08/08 10:12] (current) florin.stancu |
||
|---|---|---|---|
| Line 23: | Line 23: | ||
| <code bash> | <code bash> | ||
| - | TEE_TZDRAM_START = 0xedc00000 | + | TEE_TZDRAM_START = 0xfdc00000 |
| TEE_TZDRAM_SIZE = <32MB as number of bytes, hex is accepted!> | TEE_TZDRAM_SIZE = <32MB as number of bytes, hex is accepted!> | ||
| TEE_SHMEM_START = <calc TEE_TZDRAM_START + 32MB, resulting value as hex please> | TEE_SHMEM_START = <calc TEE_TZDRAM_START + 32MB, resulting value as hex please> | ||
| Line 46: | Line 46: | ||
| * set the ''CROSS_COMPILE'' as in the labs before! | * set the ''CROSS_COMPILE'' as in the labs before! | ||
| * use the ''DEBUG'', ''CFG_TEE_BENCHMARK'' and ''CFG_TEE_CORE_LOG_LEVEL'' values from the official example; set the ''O=...'' (output directory) to wherever you like; | * use the ''DEBUG'', ''CFG_TEE_BENCHMARK'' and ''CFG_TEE_CORE_LOG_LEVEL'' values from the official example; set the ''O=...'' (output directory) to wherever you like; | ||
| - | * the ''PLATFORM'' can be found exclusively inside [[https://github.com/nxp-imx/imx-optee-os/blob/lf-6.12.20_2.0.0/core/arch/arm/plat-imx/conf.mk#L515|the fork's source code]]! | + | * the ''PLATFORM'' can be found exclusively inside [[https://github.com/nxp-imx/imx-optee-os/blob/lf-6.12.20_2.0.0/core/arch/arm/plat-imx/conf.mk#L515|the fork's source code]]! but there's a catch: the platform prefix must be ''imx-'', continued by model name without the leading ''i'' (check [[https://optee.readthedocs.io/en/latest/general/platforms.html|some examples here]]). |
| * set the ''CFG_TZDRAM_START'', ''CFG_TZDRAM_SIZE'', ''CFG_TEE_SHMEM_START'', ''CFG_TEE_SHMEM_SIZE'' configuration flags to the values calculated above (reminder: you can reference another Makefile variable using ''$(VARIABLE_NAME)'' syntax); | * set the ''CFG_TZDRAM_START'', ''CFG_TZDRAM_SIZE'', ''CFG_TEE_SHMEM_START'', ''CFG_TEE_SHMEM_SIZE'' configuration flags to the values calculated above (reminder: you can reference another Makefile variable using ''$(VARIABLE_NAME)'' syntax); | ||
| * finally, you will also need to pass ''CFG_DDR_SIZE=0x80000000'' (yep, that's 2GB, our board's actual installed memory). | * finally, you will also need to pass ''CFG_DDR_SIZE=0x80000000'' (yep, that's 2GB, our board's actual installed memory). | ||
| + | |||
| + | <note warning> | ||
| + | There is currently a bug inside OP-TEE that makes it unable to boot: it uses the NXP EdgeLock Enclave for TRNG generation, whose firmware does not start (and we weren't able to figure it out since its documentation is "secret" / available using NDA-only). | ||
| + | |||
| + | As workaround, we can disable the ELE RNG driver and enable a software one using the following additional make configuration options: ''CFG_WITH_SOFTWARE_PRNG=y CFG_IMX_ELE=n''. So make sure to also set them! | ||
| + | </note> | ||
| After a successful build, check the output (''O'') directory's ''core'' subdirectory for the ''tee.bin'', ''tee-raw.bin'' and many other files! | After a successful build, check the output (''O'') directory's ''core'' subdirectory for the ''tee.bin'', ''tee-raw.bin'' and many other files! | ||
| Line 67: | Line 73: | ||
| * ''SPD=opteed'' -- this is the [[https://trustedfirmware-a.readthedocs.io/en/latest/components/spd/index.html|Secure Payload Dispatcher]] module, aka: who does ATF's Secure Monitor need to talk with? Our OP-TEE, of course! | * ''SPD=opteed'' -- this is the [[https://trustedfirmware-a.readthedocs.io/en/latest/components/spd/index.html|Secure Payload Dispatcher]] module, aka: who does ATF's Secure Monitor need to talk with? Our OP-TEE, of course! | ||
| * ATF also has to know the memory region where we've put OP-TEE (set the ''BL32_BASE'' variable to lower limit, in hexadecimal); we also need to specify its total size: ''BL32_SIZE'' (remember: we allocated ''36MB'', but give it in bytes, either in base 10 or 16 using C integer notation); | * ATF also has to know the memory region where we've put OP-TEE (set the ''BL32_BASE'' variable to lower limit, in hexadecimal); we also need to specify its total size: ''BL32_SIZE'' (remember: we allocated ''36MB'', but give it in bytes, either in base 10 or 16 using C integer notation); | ||
| - | * We want ATF to print some debug messages over the first serial peripheral so, finally, set the ''LOG_LEVEL=40'' and ''%%IMX_BOOT_UART_BASE=0x44380000%%'' (if you look in iMX8MQ's Memory Map (the Reference Manual), this is the physical address of our Universal Asynchronous Transmitter/Receiver - i.e. our serial communication module!). | + | * We want ATF to print some debug messages over the first serial peripheral so, finally, set the ''LOG_LEVEL=40'' and ''%%IMX_BOOT_UART_BASE=0x44380000%%'' (if you look in iMX93's Memory Map (the Reference Manual), this is the physical address of our LPUART1 - i.e. our serial communication module!). |
| == Step 4. Rebuild the firmware image package == | == Step 4. Rebuild the firmware image package == | ||
| Line 74: | Line 80: | ||
| This is easy if you saved your mkimage script (in your Makefile). You will need JUST one additional file copied: ''tee-raw.bin'' from ''optee'' build output directory, ''core'' subdirectory (as mentioned in the subtask above!) inside ''mkimage'''s build directory, but rename it as ''tee.bin''. | This is easy if you saved your mkimage script (in your Makefile). You will need JUST one additional file copied: ''tee-raw.bin'' from ''optee'' build output directory, ''core'' subdirectory (as mentioned in the subtask above!) inside ''mkimage'''s build directory, but rename it as ''tee.bin''. | ||
| - | The bundled scripts will [[https://github.com/nxp-imx/imx-mkimage/blob/lf-5.15.32_2.0.0/iMX8M/mkimage_fit_atf.sh#L32|see that this file exists]] and add it to the image automatically! | + | The bundled scripts will [[https://github.com/nxp-imx/imx-mkimage/blob/lf-6.12.20_2.0.0/iMX93/soc.mak#L43|see that this file exists]] and add it to the image automatically! |
| <note warning> | <note warning> | ||
| Line 85: | Line 91: | ||
| Proceed to load this image over the serial boot protocol using the IMX ''uuu'' utility. | Proceed to load this image over the serial boot protocol using the IMX ''uuu'' utility. | ||
| - | Check the serial console (the one provided by the board's Micro USB port) for confirmation! | + | Check the serial console (the one provided by the board's DEBUG USB port) for confirmation! |
| <spoiler Example UART output> | <spoiler Example UART output> | ||
| Line 107: | Line 113: | ||
| ... | ... | ||
| # BL33 (Normal U-Boot loads afterwards, as expected) | # BL33 (Normal U-Boot loads afterwards, as expected) | ||
| - | U-Boot 2022.04-g1f940d6213 (Jul 14 2023 - 22:22:25 +0300) | + | U-Boot SPL 2024.04-dirty (Aug 06 2025 - 16:19:37 +0300) |
| - | + | SOC: 0xa1009300 | |
| - | CPU: i.MX8MQ rev2.1 1300 MHz (running at 800 MHz) | + | LC: 0x2040010 |
| - | CPU: Industrial temperature grade (-40C to 105C) at 52C | + | |
| ... | ... | ||
| </code> | </code> | ||
