[Linaro-open-discussions] [PATCH V2 1/1] qemu_v8: add support to build and run secondary OP-TEE

22 Feb 2023

From: Shiju Jose shiju.jose@huawei.com
Add changes to build secondary OP-TEE and run at S-EL1 for SPMC_AT_EL=2,
where Hafnium is loaded at S-EL2.
This is an experimental version to test loading and booting of more than
one SP.
Signed-off-by: Shiju Jose shiju.jose@huawei.com
Changes:
V1 -> V2
1. Changed patch subject and patch description.
2. Fix for the comments from Jens Wiklander by adding separate
   build flags and build path for the secondary OP-TEE.   
---
 common.mk                               | 40 +++++++++++++++++++++
 qemu_v8.mk                              | 41 ++++++++++++++++++++--
 qemu_v8/secondary_optee_sp_manifest.dts | 46 +++++++++++++++++++++++++
 qemu_v8/sp_layout.json                  |  4 +++
 qemu_v8/spmc_el2_manifest.dts           | 10 +++++-
 qemu_v8/tb_fw_config.dts                |  4 +++
 6 files changed, 142 insertions(+), 3 deletions(-)
 create mode 100644 qemu_v8/secondary_optee_sp_manifest.dts

diff --git a/common.mk b/common.mk
index e5f2333..394688a 100644
--- a/common.mk
+++ b/common.mk
@@ -37,6 +37,9 @@ OPTEE_TEST_PATH			?= $(ROOT)/optee_test
 OPTEE_EXAMPLES_PATH		?= $(ROOT)/optee_examples
 OPTEE_RUST_PATH			?= $(ROOT)/optee_rust
 BUILDROOT_TARGET_ROOT		?= $(ROOT)/out-br/target
+# The path for the secondary OP-TEE need update if the source
+# is different from the primary OP-TEE OS. 
+SEC_OPTEE_OS_PATH		?= $(ROOT)/optee_os
# default high verbosity. slow uarts shall specify lower if prefered
 CFG_TEE_CORE_LOG_LEVEL		?= 3
@@ -173,6 +176,9 @@ endif
 ifeq (,$(filter $(COMPILE_S_KERNEL),32 64))
 $(error COMPILE_S_KERNEL=$(COMPILE_S_KERNEL) - Should be 32 or 64)
 endif
+# Build path for the secondary OP-TEE could be out/arm/
+# if the source is different from the primary OP-TEE OS.
+SEC_OPTEE_OS_COMMON_EXTRA_FLAGS ?= O=out/arm/secondary
 endif
ifeq ($(COMPILE_S_KERNEL),32)
@@ -208,8 +214,10 @@ endif
ifeq ($(COMPILE_S_KERNEL),64)
 OPTEE_OS_COMMON_EXTRA_FLAGS	+= CFG_ARM64_core=y
+SEC_OPTEE_OS_COMMON_EXTRA_FLAGS	+= CFG_ARM64_core=y
 else
 OPTEE_OS_COMMON_EXTRA_FLAGS	+= CFG_ARM64_core=n
+SEC_OPTEE_OS_COMMON_EXTRA_FLAGS	+= CFG_ARM64_core=n
 endif
@@ -543,6 +551,38 @@ optee-os-clean-common:
    $(MAKE) -C $(OPTEE_OS_PATH) $(OPTEE_OS_COMMON_FLAGS) clean
################################################################################
+# Secondary OP-TEE
+################################################################################
+SEC_OPTEE_OS_COMMON_FLAGS ?= \
+        $(SEC_OPTEE_OS_COMMON_EXTRA_FLAGS) \
+        PLATFORM=$(OPTEE_OS_PLATFORM) \
+        CROSS_COMPILE=$(CROSS_COMPILE_S_USER) \
+        CROSS_COMPILE_core=$(CROSS_COMPILE_S_KERNEL) \
+        CROSS_COMPILE_ta_arm64="$(CCACHE)$(AARCH64_CROSS_COMPILE)" \
+        CROSS_COMPILE_ta_arm32="$(CCACHE)$(AARCH32_CROSS_COMPILE)" \
+        CFG_TEE_CORE_LOG_LEVEL=$(CFG_TEE_CORE_LOG_LEVEL) \
+        DEBUG=$(DEBUG) \
+        CFG_TEE_BENCHMARK=$(CFG_TEE_BENCHMARK) \
+        CFG_IN_TREE_EARLY_TAS=trusted_keys/f04a0fe7-1f5d-4b9b-abf7-619b85b4ce8c
+
+SEC_OPTEE_OS_COMMON_FLAGS += CFG_CC_OPT_LEVEL=0
+SEC_OPTEE_OS_COMMON_FLAGS += CFG_WERROR=y
+SEC_OPTEE_OS_COMMON_FLAGS += CFG_CORE_ASLR=n
+SEC_OPTEE_OS_COMMON_FLAGS += CFG_DEBUG_INFO=y
+SEC_OPTEE_OS_COMMON_FLAGS += CFG_UNWIND=y
+SEC_OPTEE_OS_COMMON_FLAGS += CFG_TEE_CORE_DEBUG=y
+SEC_OPTEE_OS_COMMON_FLAGS += CFG_NUM_THREADS=4
+
+SEC_OPTEE_OS_PATH       ?= $(BUILD_PATH)/sec_optee_os
+
+.PHONY: secondary-optee-os-common
+secondary-optee-os-common:
+	$(MAKE) -C $(SEC_OPTEE_OS_PATH) $(SEC_OPTEE_OS_COMMON_FLAGS)
+
+.PHONY: secondary-optee-os-clean-common
+secondary-optee-os-clean-common:
+	$(MAKE) -C $(SEC_OPTEE_OS_PATH) $(SEC_OPTEE_OS_COMMON_FLAGS) clean
+################################################################################
 # OP-TEE Rust
 ################################################################################
 .PHONY: optee-rust
diff --git a/qemu_v8.mk b/qemu_v8.mk
index d6bf9a7..b57750a 100644
--- a/qemu_v8.mk
+++ b/qemu_v8.mk
@@ -100,7 +100,7 @@ ROOTFS_ENTRY		?= 0x44000000
 ROOTFS_LOADADDR		?= 0x44000000
ifeq ($(SPMC_AT_EL),2)
-BL32_DEPS		?= hafnium optee-os
+BL32_DEPS		?= hafnium optee-os secondary-optee-os
 else
 BL32_DEPS		?= optee-os
 endif
@@ -130,8 +130,14 @@ endif
 # Targets
 ################################################################################
 TARGET_DEPS := arm-tf buildroot linux optee-os qemu
+ifeq ($(SPMC_AT_EL),2)
+TARGET_CLEAN := arm-tf-clean buildroot-clean linux-clean optee-os-clean \
+	secondary-optee-os-clean qemu-clean check-clean
+else
 TARGET_CLEAN := arm-tf-clean buildroot-clean linux-clean optee-os-clean \
    qemu-clean check-clean
+endif
+
TARGET_DEPS 		+= $(BL33_DEPS)
@@ -246,6 +252,7 @@ endif
    rm -f $(BINARIES_PATH)/bl32_extra2.bin
    rm -f $(BINARIES_PATH)/tos_fw_config.dtb
    rm -f $(BINARIES_PATH)/op-tee.pkg
+	rm -f $(BINARIES_PATH)/sec-op-tee.pkg
 ifeq ($(SPMC_AT_EL),1)
    ln -sf $(TF_A_OUT)/fdts/spmc_el1_manifest.dtb \
    	$(BINARIES_PATH)/tos_fw_config.dtb
@@ -259,6 +266,7 @@ else ifeq ($(SPMC_AT_EL),2)
    	$(BINARIES_PATH)/tb_fw_config.dtb
    ln -sf $(HAFNIUM_BIN) $(BINARIES_PATH)/bl32.bin
    ln -sf $(TF_A_OUT)/op-tee.pkg $(BINARIES_PATH)/op-tee.pkg
+	ln -sf $(TF_A_OUT)/sec-op-tee.pkg $(BINARIES_PATH)/sec-op-tee.pkg
 else ifeq ($(SPMC_AT_EL),3)
    ln -sf $(TF_A_OUT)/fdts/spmc_el3_manifest.dtb \
    	$(BINARIES_PATH)/tos_fw_config.dtb
@@ -374,7 +382,7 @@ OPTEE_OS_COMMON_FLAGS_SPMC_AT_EL_2 += CFG_ARM_GICV3=n CFG_CORE_HAFNIUM_INTC=y
 # [0e00.0000 0e2f.ffff] is reserved to early boot and SPMC
 # [0e30.0000 0e33.ffff] is reserved manifest etc (op-tee.pkg)
 OPTEE_OS_COMMON_FLAGS_SPMC_AT_EL_2 += CFG_TZDRAM_START=0x0e304000
-OPTEE_OS_COMMON_FLAGS_SPMC_AT_EL_2 += CFG_TZDRAM_SIZE=0x00cfc000
+OPTEE_OS_COMMON_FLAGS_SPMC_AT_EL_2 += CFG_TZDRAM_SIZE=0x006fc000
 OPTEE_OS_COMMON_FLAGS_SPMC_AT_EL_2 += CFG_CORE_WORKAROUND_NSITR_CACHE_PRIME=n
 OPTEE_OS_COMMON_FLAGS_SPMC_AT_EL_3 = CFG_CORE_EL3_SPMC=y
 OPTEE_OS_COMMON_FLAGS_SPMC_AT_EL_3 += CFG_DT_ADDR=0x40000000
@@ -398,6 +406,35 @@ optee-os: optee-os-common
optee-os-clean: optee-os-clean-common
+ifeq ($(SPMC_AT_EL),2)
+################################################################################
+# Secondary OP-TEE
+################################################################################
+SEC_OPTEE_OS_COMMON_FLAGS += DEBUG=$(DEBUG) CFG_ARM_GICV3=$(GICV3)
+SEC_OPTEE_OS_COMMON_FLAGS += CFG_CORE_SEL2_SPMC=y
+SEC_OPTEE_OS_COMMON_FLAGS += CFG_ARM_GICV3=n CFG_CORE_HAFNIUM_INTC=y
+SEC_OPTEE_OS_COMMON_FLAGS += CFG_TZDRAM_START=0x0ea04000
+SEC_OPTEE_OS_COMMON_FLAGS += CFG_TZDRAM_SIZE=0x005fc000
+SEC_OPTEE_OS_COMMON_FLAGS += CFG_CORE_WORKAROUND_NSITR_CACHE_PRIME=n
+
+ifeq ($(XEN_BOOT),y)
+SEC_OPTEE_OS_COMMON_FLAGS += CFG_VIRTUALIZATION=y
+endif
+
+ifeq ($(PAUTH),y)
+SEC_OPTEE_OS_COMMON_FLAGS += CFG_TA_PAUTH=y
+SEC_OPTEE_OS_COMMON_FLAGS += CFG_CORE_PAUTH=y
+endif
+ifeq ($(MEMTAG),y)
+SEC_OPTEE_OS_COMMON_FLAGS += CFG_MEMTAG=y
+endif
+
+secondary-optee-os: secondary-optee-os-common
+
+secondary-optee-os-clean: secondary-optee-os-clean-common
+
+endif
+
 ################################################################################
 # Hafnium
 ################################################################################
diff --git a/qemu_v8/secondary_optee_sp_manifest.dts b/qemu_v8/secondary_optee_sp_manifest.dts
new file mode 100644
index 0000000..0002351
--- /dev/null
+++ b/qemu_v8/secondary_optee_sp_manifest.dts
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2022, Linaro Limited
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ * This file is a Partition Manifest (PM) for a minimal Secure Partition (SP)
+ * that has additional optional properties defined.
+ *
+ */
+
+/dts-v1/;
+
+/ {
+	compatible = "arm,ffa-manifest-1.0";
+
+	/* Properties */
+	description = "sec-op-tee";
+	ffa-version = <0x00010001>; /* 31:16 - Major, 15:0 - Minor */
+	uuid = <0xe4b5f42f 0xed112faf 0x3351d7b9 0xe9cc99fc>;
+	id = <1>;
+	execution-ctx-count = <8>;
+	exception-level = <2>; /* S-EL1 */
+	execution-state = <0>; /* AARCH64 */
+	load-address = <0xea00000>;
+	entrypoint-offset = <0x4000>;
+	xlat-granule = <0>; /* 4KiB */
+	boot-order = <0>;
+	messaging-method = <0x3>; /* Direct messaging only */
+	ns-interrupts-action = <1>; /* NS_ACTION_ME */
+
+	/* Boot protocol */
+	gp-register-num = <0x0>;
+
+	device-regions {
+		compatible = "arm,ffa-manifest-device-regions";
+
+		uart1 {
+			base-address = <0x00000000 0x09040000>;
+			pages-count = <1>;
+			attributes = <0x3>; /* read-write */
+			/* SPI, level-triggered, secure, priority=1 */
+			interrupts = <0x28 0xb01>;
+		};
+	};
+};
diff --git a/qemu_v8/sp_layout.json b/qemu_v8/sp_layout.json
index c6a02a9..50d7695 100644
--- a/qemu_v8/sp_layout.json
+++ b/qemu_v8/sp_layout.json
@@ -2,5 +2,9 @@
    "op-tee" : {
    	"image": "../../optee_os/out/arm/core/tee-pager_v2.bin",
    	"pm": "optee_sp_manifest.dts"
+	},
+	"sec-op-tee" : {
+		"image": "../../optee_os/out/arm/secondary/core/tee-pager_v2.bin",
+		"pm": "secondary_optee_sp_manifest.dts"
    }
 }
diff --git a/qemu_v8/spmc_el2_manifest.dts b/qemu_v8/spmc_el2_manifest.dts
index 7acaa38..4e73df1 100644
--- a/qemu_v8/spmc_el2_manifest.dts
+++ b/qemu_v8/spmc_el2_manifest.dts
@@ -30,7 +30,15 @@
    		load_address = <0xe300000>;
    		debug_name = "op-tee";
    		vcpu_count = <4>;
-			mem_size = <0xd00000>;
+			mem_size = <0x700000>;
+		};
+		
+		vm2 {
+			is_ffa_partition;
+			load_address = <0xea00000>;
+			debug_name = "sec-op-tee";
+			vcpu_count = <4>;
+			mem_size = <0x600000>;
    	};
    };
diff --git a/qemu_v8/tb_fw_config.dts b/qemu_v8/tb_fw_config.dts
index 68f7b3b..ce3c26a 100644
--- a/qemu_v8/tb_fw_config.dts
+++ b/qemu_v8/tb_fw_config.dts
@@ -14,5 +14,9 @@
    	       uuid = "486178e0-e7f8-11e3-bc5e-0002a5d5c51b";
    	       load-address = <0xe300000>;
    	};
+		sec-op-tee {
+		       uuid = "2ff4b5e4-af2f-11ed-b9d7-5133fc99cce9";
+		       load-address = <0xea00000>;
+		};
    };
 };
-- 
2.25.1


    

2024

2023

2022

2021

2020

[Linaro-open-discussions] [PATCH V2 1/1] qemu_v8: add support to build and run secondary OP-TEE