[PATCH 11/14] ARM: i.MX: tqma6ulx: fix barebox chainloading with OP-TEE enabled
Marco Felsch
m.felsch at pengutronix.de
Fri Jun 27 09:10:29 PDT 2025
On 25-06-27, Sascha Hauer wrote:
> When barebox starts we have to guess if we have to start OP-TEE or not.
> The current detection works by checking if the first stage passed us a
> device tree pointer. This is not robust and might have security issues
> [1], so replace that with the check with imx6_can_access_tzasc(). If we
> can access the TZASC then we are the first stage and configure it and
> start OP-TEE, otherwise assume that we are chainloaded and continue
> without starting OP-TEE.
>
> Chainloading barebox with OP-TEE enabled contained several bugs, so it
> never actually worked. This patch fixes them.
>
> [1] https://lore.kernel.org/70b41f3b-4329-48f7-827f-1924e002ab04@pengutronix.de
>
> Signed-off-by: Sascha Hauer <s.hauer at pengutronix.de>
> ---
> arch/arm/boards/tqma6ulx/lowlevel.c | 22 +++++++++-------------
> arch/arm/mach-imx/Kconfig | 1 +
> 2 files changed, 10 insertions(+), 13 deletions(-)
>
> diff --git a/arch/arm/boards/tqma6ulx/lowlevel.c b/arch/arm/boards/tqma6ulx/lowlevel.c
> index 5fd997d2ec7e79c7319237a4ae52216e584ba5cd..da67e67537167096477de2b905ee5c42c653c3af 100644
> --- a/arch/arm/boards/tqma6ulx/lowlevel.c
> +++ b/arch/arm/boards/tqma6ulx/lowlevel.c
> @@ -16,6 +16,8 @@
> #include <pbl/i2c.h>
> #include <boards/tq/tq_eeprom.h>
> #include <tee/optee.h>
> +#include <mach/imx/tzasc.h>
> +#include <tee/optee.h>
>
> #include "tqma6ulx.h"
>
> @@ -66,7 +68,7 @@ static void *read_eeprom(void)
> return fdt;
> }
>
> -static void noinline start_mba6ulx(u32 r0)
> +static void noinline start_mba6ulx(void)
> {
> void *fdt;
> int tee_size;
> @@ -76,21 +78,15 @@ static void noinline start_mba6ulx(u32 r0)
>
> fdt = read_eeprom();
>
> - /* Enable normal/secure r/w for TZC380 region0 */
> - writel(0xf0000000, 0x021D0108);
> -
> /*
> - * Chainloading barebox will pass a device tree within the RAM in r0,
> - * skip OP-TEE early loading in this case
> + * Skip loading barebox when we are chainloaded. We can detect that by detecting
> + * if we can access the TZASC.
> */
> - if (IS_ENABLED(CONFIG_FIRMWARE_TQMA6UL_OPTEE) &&
> - !(r0 > MX6_MMDC_P0_BASE_ADDR &&
> - r0 < MX6_MMDC_P0_BASE_ADDR + SZ_256M)) {
> - get_builtin_firmware(mba6ul_optee_bin, &tee, &tee_size);
> + if (IS_ENABLED(CONFIG_FIRMWARE_TQMA6UL_OPTEE) && imx6_can_access_tzasc()) {
>
> - memset((void *)OPTEE_OVERLAY_LOCATION, 0, 0x1000);
> + get_builtin_firmware(mba6ul_optee_bin, &tee, &tee_size);
>
> - start_optee_early(NULL, tee);
> + imx6ul_start_optee_early(NULL, tee, (void *)OPTEE_OVERLAY_LOCATION, 0x1000);
> }
>
> imx6ul_barebox_entry(fdt);
> @@ -112,5 +108,5 @@ ENTRY_FUNCTION(start_imx6ul_mba6ulx, r0, r1, r2)
> setup_c();
> barrier();
>
> - start_mba6ulx(r0);
> + start_mba6ulx();
> }
> diff --git a/arch/arm/mach-imx/Kconfig b/arch/arm/mach-imx/Kconfig
> index 552e7227a0221fee8232dfba5dcdd60de923ff0c..1bf28b473af2b517a784c11d33f745ad74750583 100644
> --- a/arch/arm/mach-imx/Kconfig
> +++ b/arch/arm/mach-imx/Kconfig
> @@ -490,6 +490,7 @@ config MACH_TQMA6X
>
> config MACH_TQMA6UL
> bool "TQ tqma6ul on mba6ulx"
> + select CONFIG_ARM_EXCEPTIONS_PBL if FIRMWARE_TQMA6UL_OPTEE
^
Please drop the CONFIG_ as Ahmad already mentioned this for patch12.
> select ARCH_IMX6UL
> select BOARD_TQ
> select I2C_IMX_EARLY
>
> --
> 2.39.5
>
>
>
More information about the barebox
mailing list