From: Sascha Hauer <s.hauer@pengutronix.de>
To: BAREBOX <barebox@lists.infradead.org>
Cc: Marco Felsch <m.felsch@pengutronix.de>
Subject: [PATCH 10/14] ARM: optee-early: add mx6_start_optee_early helper
Date: Fri, 27 Jun 2025 16:07:56 +0200 [thread overview]
Message-ID: <20250627-arm-optee-early-helper-v1-10-4b098e8ac7cd@pengutronix.de> (raw)
In-Reply-To: <20250627-arm-optee-early-helper-v1-0-4b098e8ac7cd@pengutronix.de>
From: Marco Felsch <m.felsch@pengutronix.de>
Add a i.MX6 specific helper function which covers most of the steps
usually done within the board lowlevel code. All new i.MX6 boards are
encouraged to use this helper to load OP-TEE since the helper validates
that the TZC380 is enabled and setup the TZC380 region properly.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
Documentation/user/optee.rst | 18 +++++++++++-------
arch/arm/lib32/optee-early.c | 42 ++++++++++++++++++++++++++++++++++++++++++
include/tee/optee.h | 4 ++++
3 files changed, 57 insertions(+), 7 deletions(-)
diff --git a/Documentation/user/optee.rst b/Documentation/user/optee.rst
index 2729d21d2e441c8c9ba8171544ace8f516ceefdf..70db754bc4c5ca892c57383ec33097c700806d88 100644
--- a/Documentation/user/optee.rst
+++ b/Documentation/user/optee.rst
@@ -19,14 +19,18 @@ During the PBL
^^^^^^^^^^^^^^
To start OP-TEE during the lowlevel initialization of your board in the ``PBL``,
-enable the ``CONFIG_PBL_OPTEE`` configuration variable. your board should then
+enable the ``CONFIG_PBL_OPTEE`` configuration variable. Your board should then
call the function ``start_optee_early(void* tee, void* fdt)`` with a valid tee
-and FDT. Ensure that your OP-TEE is compiled with ``CFG_NS_ENTRY_ADDR`` unset,
-otherwise OP-TEE will not correctly return to barebox after startup.
-Since OP-TEE in the default configuration also modifies the device tree, don't
-pass the barebox internal device tree, instead copy it into a different memory
-location and pass it to OP-TEE afterwards.
-The modified device tree can then be passed to the main barebox start function.
+and FDT. If you're running on an i.MX6 platform your board code should call
+``imx6q_start_optee_early()`` or ``imx6ul_start_optee_early()`` instead since it
+validates that the TZASC not bypassed and configured as expected by OP-TEE.
+
+Ensure that your OP-TEE is compiled with ``CFG_NS_ENTRY_ADDR`` unset, otherwise
+OP-TEE will not correctly return to barebox after startup. Since OP-TEE in the
+default configuration also modifies the device tree, don't pass the barebox
+internal device tree, instead copy it into a different memory location and pass
+it to OP-TEE afterwards. The modified device tree can then be passed to the
+main barebox start function.
Before Linux start
^^^^^^^^^^^^^^^^^^
diff --git a/arch/arm/lib32/optee-early.c b/arch/arm/lib32/optee-early.c
index 735d829c99fb533ccc9e865430ea167bfd2f0cc2..6f842bdd2010582c61a8e88c9f644e6ae93bcbf4 100644
--- a/arch/arm/lib32/optee-early.c
+++ b/arch/arm/lib32/optee-early.c
@@ -10,6 +10,8 @@
#include <tee/optee.h>
#include <debug_ll.h>
#include <string.h>
+#include <mach/imx/imx6.h>
+#include <mach/imx/tzasc.h>
static jmp_buf tee_buf;
@@ -37,3 +39,43 @@ int start_optee_early(void *fdt, void *tee)
return 0;
}
+
+int imx6q_start_optee_early(void *fdt, void *tee, void *data_location,
+ unsigned int data_location_size)
+{
+ if (imx6q_tzc380_is_bypassed())
+ panic("TZC380 is bypassed, abort OP-TEE loading\n");
+
+ /* Add early non-secure TZASC region1 to pass DTO */
+ imx6q_tzc380_early_ns_region1();
+
+ /*
+ * Set the OP-TEE <-> barebox exchange data location to zero.
+ * This is optional since recent OP-TEE versions perform the
+ * memset too.
+ */
+ if (data_location)
+ memset(data_location, 0, data_location_size);
+
+ return start_optee_early(fdt, tee);
+}
+
+int imx6ul_start_optee_early(void *fdt, void *tee, void *data_location,
+ unsigned int data_location_size)
+{
+ if (imx6ul_tzc380_is_bypassed())
+ panic("TZC380 is bypassed, abort OP-TEE loading\n");
+
+ /* Add early non-secure TZASC region1 to pass DTO */
+ imx6ul_tzc380_early_ns_region1();
+
+ /*
+ * Set the OP-TEE <-> barebox exchange data location to zero.
+ * This is optional since recent OP-TEE versions perform the
+ * memset too.
+ */
+ if (data_location)
+ memset(data_location, 0, data_location_size);
+
+ return start_optee_early(fdt, tee);
+}
diff --git a/include/tee/optee.h b/include/tee/optee.h
index f52775dab5b40f306075bc2d302938c584a6f5ec..943dbb8fdab6a11e25fb27e3487fe6fdec59a182 100644
--- a/include/tee/optee.h
+++ b/include/tee/optee.h
@@ -54,6 +54,10 @@ static inline int optee_get_membase(u64 *membase)
#ifdef __PBL__
int start_optee_early(void* fdt, void* tee);
+int imx6q_start_optee_early(void *fdt, void *tee, void *data_location,
+ unsigned int data_location_size);
+int imx6ul_start_optee_early(void *fdt, void *tee, void *data_location,
+ unsigned int data_location_size);
#endif /* __PBL__ */
--
2.39.5
next prev parent reply other threads:[~2025-06-27 15:10 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-27 14:07 [PATCH 00/14] i.MX6 TZASC and OP-TEE early helpers Sascha Hauer
2025-06-27 14:07 ` [PATCH 01/14] pbl: add panic_no_stacktrace() Sascha Hauer
2025-06-27 14:07 ` [PATCH 02/14] arch: Allow data_abort_mask() in PBL Sascha Hauer
2025-06-27 14:07 ` [PATCH 03/14] ARM: add exception handling support for PBL Sascha Hauer
2025-06-27 15:30 ` Ahmad Fatoum
2025-06-27 15:45 ` Marco Felsch
2025-06-27 17:22 ` Sascha Hauer
2025-06-27 17:46 ` Marco Felsch
2025-06-27 14:07 ` [PATCH 04/14] ARM: i.MX6QDL: add imxcfg helper to configure the TZASC1/2 Sascha Hauer
2025-06-27 14:07 ` [PATCH 05/14] ARM: i.MX6Q: add imx6_get_mmdc_sdram_size Sascha Hauer
2025-06-27 14:07 ` [PATCH 06/14] ARM: mach-imx: tzasc: add region configure helpers Sascha Hauer
2025-06-27 14:07 ` [PATCH 07/14] ARM: mach-imx: tzasc: add imx6[q|ul]_tzc380_early_ns_region1() Sascha Hauer
2025-06-27 14:07 ` [PATCH 08/14] ARM: mach-imx: tzasc: add imx6[q|ul]_tzc380_is_bypassed() Sascha Hauer
2025-06-27 15:57 ` Marco Felsch
2025-06-27 17:26 ` Sascha Hauer
2025-06-27 17:42 ` Marco Felsch
2025-06-27 14:07 ` [PATCH 09/14] ARM: i.MX: add imx6_can_access_tzasc() Sascha Hauer
2025-06-27 15:33 ` Ahmad Fatoum
2025-06-27 17:39 ` Sascha Hauer
2025-06-27 16:04 ` Marco Felsch
2025-06-27 17:48 ` Sascha Hauer
2025-06-27 17:54 ` Marco Felsch
2025-06-27 14:07 ` Sascha Hauer [this message]
2025-06-27 15:38 ` [PATCH 10/14] ARM: optee-early: add mx6_start_optee_early helper Ahmad Fatoum
2025-06-27 14:07 ` [PATCH 11/14] ARM: i.MX: tqma6ulx: fix barebox chainloading with OP-TEE enabled Sascha Hauer
2025-06-27 15:39 ` Ahmad Fatoum
2025-06-27 16:08 ` Marco Felsch
2025-06-27 16:10 ` Marco Felsch
2025-06-27 14:07 ` [PATCH 12/14] ARM: i.MX: Webasto ccbv2: " Sascha Hauer
2025-06-27 15:17 ` Ahmad Fatoum
2025-06-27 14:07 ` [PATCH 13/14] ARM: optee-early: drop start_optee_early() Sascha Hauer
2025-06-27 15:21 ` Ahmad Fatoum
2025-06-27 17:59 ` Sascha Hauer
2025-06-27 14:08 ` [PATCH 14/14] ARM: i.MX: tqma6ulx: use ENTRY_FUNCTION_WITHSTACK Sascha Hauer
2025-06-27 15:21 ` Ahmad Fatoum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250627-arm-optee-early-helper-v1-10-4b098e8ac7cd@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=m.felsch@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox