[PATCH 00/23] Improve OP-TEE handling
Marco Felsch
m.felsch at pengutronix.de
Mon Nov 10 12:34:40 PST 2025
Hi,
by this patchset I want to improve the current barebox OP-TEE handling.
Currently there are many paths which do all have their own pitfalls.
- ARM (i.MX6, i.MX6UL(L)):
- bootm OP-TEE loading (deprecated)
- early boot loading:
Barebox and OP-TEE make use of a 'magic' FDT memory location, which
was used by OP-TEE to pass information like 'reserved-memory' nodes
and the used firmware interface and the psci node.
Barebox doesn't pass the builtin FDT which could be used by OP-TEE
to determine the memory setup.
- ARM64 (i.MX8M, i.MX93, Rockchip):
- early boot loading via BL2
Barebox doesn't make use of the 'magic' FDT memroy location and
instead uses Kconfig options which need to be in sync with the
OP-TEE config switches during compile time to configure the
'reserved-memory' nodes and firmware interface.
Barebox doesn't pass the builtin FDT which could be used by OP-TEE
to determine the memory setup.
- RISC-V
- no OP-TEE support yet
By this patchset I want to implement a common flow, while keeping the
backward compatibility. The common bootflow shall be:
- BL2:
- opt. extracts the builtin DTB into a buffer
- passes the DTB to OP-TEE via arch dependend boot arguments.
- OP-TEE
- uses the DTB to gather information like memory setup
- can dyn. configure the TZC accordingly
- provides information back to barebox via DTB overlay fragments
(added to the provided DTB (details..)). This can be
'reserved-memory' nodes, OP-TEE call-interface (smc), or secure HW
configurations (like CAAM secure-jobrings)
- BL33 (pbl)
- extracts the information from OP-TEE and registers it via a well
known handoff data ID for barebox proper.
- BL33 (proper)
- the common barebox proper boot path checks for a specific
handoff-id and registers the OF overlay as early as possible during
boot.
BL2, OP-TEE and BL33 (pbl) are architecture dependend steps for which
common helpers are added by this patchset.
BL33 (proper) is common to all and addressed by this patchset as well.
The patchset targets the i.MX8M platforms, other platforms need to be
converted later on.
Regards,
Marco
Signed-off-by: Marco Felsch <m.felsch at pengutronix.de>
---
Marco Felsch (23):
pbl: compressed-dtb: add missing includes
pbl: fdt: fix fdt_fixup_mem error handling
ARM: atf: add missing includes in atf_common.h
ARM: i.MX8M: add support to pass DT via imx8m{m,n,q,p}_load_and_start_image_via_tfa()
ARM: i.MX8M: cosmetic cleanup
ARM: i.MX8M: move BL32 setup into imx8m_tfa_start_bl31()
ARM: i.MX8M: imx8m_tfa_start_bl31() add support for bl33 and fdt
pbl: decomp: add pbl_dtbz_uncompress helper
pbl: fdt: add pbl_load_fdt helper
ARM: i.MX: scratch: add FDT support
ARM: i.MX8M: esdctl: drop ddrc base from imx8m_ddrc_sdram_size
ARM: i.MX8M: esdctl: export imx8m_ddrc_sdram_size()
ARM: i.MX8M: add support to pass BL3x bl_params
ARM: i.MX: scratch: add OP-TEE FDTO support
pbl: string: add strncmp
pbl: fdt: add fdt_copy_node helper
handoff-data: Add BL32_DT_OVL entry
security: optee: add optee_extract_fdto helper
security: optee: add helpers to apply OP-TEE FDTO
ARM: i.MX8M: Add support to extract OP-TEE provided informations
of: base: register optional OP-TEE overlay
pbl: add support to disable/remove the /secure-chosen/stdout-path
ARM: i.MX8M: remove /secure-chosen/stdout-path if requested
arch/Kconfig | 3 +
arch/arm/boards/congatec-qmx8p/lowlevel.c | 6 +-
arch/arm/boards/innocomm-imx8mm-wb15/lowlevel.c | 2 +-
arch/arm/boards/karo-qsxp-ml81/lowlevel.c | 2 +-
arch/arm/boards/mnt-reform/lowlevel.c | 2 +-
arch/arm/boards/nxp-imx8mm-evk/lowlevel.c | 15 +-
arch/arm/boards/nxp-imx8mn-evk/lowlevel.c | 11 +-
arch/arm/boards/nxp-imx8mp-evk/lowlevel.c | 2 +-
arch/arm/boards/nxp-imx8mq-evk/lowlevel.c | 2 +-
arch/arm/boards/phytec-som-imx8mm/lowlevel.c | 2 +-
arch/arm/boards/phytec-som-imx8mq/lowlevel.c | 2 +-
arch/arm/boards/polyhex-debix/lowlevel.c | 6 +-
arch/arm/boards/protonic-imx8m/lowlevel-prt8mm.c | 2 +-
arch/arm/boards/skov-imx8mp/lowlevel.c | 6 +-
arch/arm/boards/tqma8mpxl/lowlevel.c | 2 +-
.../variscite-dt8mcustomboard-imx8mp/lowlevel.c | 2 +-
arch/arm/boards/zii-imx8mq-dev/lowlevel.c | 21 +-
arch/arm/include/asm/atf_common.h | 3 +
arch/arm/mach-imx/Kconfig | 13 +
arch/arm/mach-imx/atf.c | 262 +++++++++++++--------
arch/arm/mach-imx/esdctl.c | 53 ++++-
arch/arm/mach-imx/imx9.c | 2 +-
arch/arm/mach-imx/scratch.c | 30 +++
arch/arm/mach-rockchip/rockchip.c | 3 +-
common/Kconfig | 24 ++
drivers/of/base.c | 3 +
drivers/soc/imx/soc-imx8m.c | 3 +-
drivers/tee/optee/Kconfig | 1 +
drivers/tee/optee/of_fixup.c | 46 ++++
include/compressed-dtb.h | 2 +
include/mach/imx/esdctl.h | 1 +
include/mach/imx/scratch.h | 3 +
include/mach/imx/xload.h | 16 +-
include/pbl.h | 9 +
include/pbl/handoff-data.h | 1 +
include/tee/optee.h | 17 ++
pbl/Kconfig | 11 +
pbl/console.c | 18 ++
pbl/decomp.c | 12 +
pbl/fdt.c | 187 ++++++++++++++-
pbl/handoff-data.c | 2 +
pbl/string.c | 15 ++
security/optee.c | 44 ++++
43 files changed, 708 insertions(+), 161 deletions(-)
---
base-commit: 6b59c24110434d7922e127dac22a598e0a6a23db
change-id: 20251110-v2025-09-0-topic-optee-of-handling-e9f51531c464
Best regards,
--
Marco Felsch <m.felsch at pengutronix.de>
More information about the barebox
mailing list