From 85bdc68bda6f227dee490b88f7493d146fd82263 Mon Sep 17 00:00:00 2001 From: Sudeep Holla Date: Thu, 20 Jun 2024 15:52:30 +0100 Subject: [PATCH 1/6] config: Update buildroot config to add OPTEE firmware and userspace tests Enable buildroot to include OPTEE firmware build and the userspace tests and examples. This will help to test OPTEE with and without FF-A. Signed-off-by: Sudeep Holla --- config/buildroot.config | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/config/buildroot.config b/config/buildroot.config index daab559..63e838c 100644 --- a/config/buildroot.config +++ b/config/buildroot.config @@ -6,8 +6,12 @@ BR2_GCC_ENABLE_OPENMP=y BR2_SYSTEM_BIN_SH_BASH=y BR2_PACKAGE_BUSYBOX_SHOW_OTHERS=y BR2_PACKAGE_ZLIB=y +BR2_PACKAGE_OPTEE_EXAMPLES=y +BR2_PACKAGE_OPTEE_TEST=y # BR2_PACKAGE_URANDOM_SCRIPTS is not set BR2_TARGET_ROOTFS_CPIO=y BR2_TARGET_ROOTFS_EXT2=y BR2_TARGET_ROOTFS_EXT2_4=y # BR2_TARGET_ROOTFS_TAR is not set +BR2_TARGET_OPTEE_OS=y +BR2_TARGET_OPTEE_OS_PLATFORM="vexpress-fvp" -- GitLab From c35557874923ce7d2a9a3429b37ab43e107be7d4 Mon Sep 17 00:00:00 2001 From: Sudeep Holla Date: Wed, 24 Jul 2024 11:36:53 +0100 Subject: [PATCH 2/6] config: optee: Bump to the latest version 4.3.0 Since most of the FF-A related changes are being tested with latest OPTEE version, let us bump it to v4.3.0 Signed-off-by: Sudeep Holla --- config/optee-base.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/optee-base.yaml b/config/optee-base.yaml index e01d97c..364cfb2 100644 --- a/config/optee-base.yaml +++ b/config/optee-base.yaml @@ -10,7 +10,7 @@ build: optee: repo: remote: https://github.com/OP-TEE/optee_os.git - revision: 4.2.0 + revision: 4.3.0 toolchain: aarch64-linux-gnu- -- GitLab From 05994d6f6ce55bad7dd3d8a433b85becb3151a82 Mon Sep 17 00:00:00 2001 From: Sudeep Holla Date: Tue, 4 Jun 2024 19:30:54 +0100 Subject: [PATCH 3/6] config: Add support to run OPTEE in S-EL1 with FF-A support This configuration includes TF-A in secure EL3 running SPMD(Secure Partition Manager Dispatcher) and with secure EL2 disabled. FF-A SPMC(Secure Partition Manager Core) runs inside OPTEE itself at secure EL1. Signed-off-by: Sudeep Holla --- config/ffa-optee.yaml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 config/ffa-optee.yaml diff --git a/config/ffa-optee.yaml b/config/ffa-optee.yaml new file mode 100644 index 0000000..9f89e60 --- /dev/null +++ b/config/ffa-optee.yaml @@ -0,0 +1,33 @@ +# Copyright (c) 2023, Arm Limited. +# SPDX-License-Identifier: MIT + +%YAML 1.2 +--- +description: >- + Brings together a software stack to demonstrate Arm FF-A running on FVP. + Includes TF-A in secure EL3 running SPMD(Secure Partition Manager + Dispatcher), with secure EL2 disabled and SPMC(Secure Partition Manager + Core) inside OPTEE at secure EL1 and Linux in Normal world. + +concrete: true + +layers: + - ns-edk2.yaml + - optee-base.yaml + +build: + optee: + params: + CFG_CORE_SEL1_SPMC: y + CFG_CORE_ASYNC_NOTIF: y + + tfa: + repo: + # Temporary until we move tfa-base.yaml to release version with this + revision: a169b8fbc2b184f2a38e7c6ee29371407b15c634 + params: + ARM_SPMC_MANIFEST_DTS: ${param:sourcedir}/plat/arm/board/fvp/fdts/fvp_spmc_el1_optee_manifest.dts + BL32: ${artifact:OPTEE_PAGER_BIN} + SPMD_SPM_AT_SEL2: 0 + SPMC_OPTEE: 1 + SPD: spmd -- GitLab From 40448c7a31ff87fbfcfa4c04cee3339d7751af94 Mon Sep 17 00:00:00 2001 From: Sudeep Holla Date: Tue, 28 Mar 2023 14:13:26 +0100 Subject: [PATCH 4/6] config: Add support to run OPTEE as S-EL1 VM with Hafnium This configuration includes TF-A in secure EL3 running SPMD(Secure Partition Manager Dispatcher) and Hafnium as secure Hypervisor at secure EL2 running SPMC(Secure Partition Manager Core). OPTEE just runs as a secure partition/VM at S-EL1. Signed-off-by: Sudeep Holla --- config/ffa-hafnium-optee.yaml | 52 +++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 config/ffa-hafnium-optee.yaml diff --git a/config/ffa-hafnium-optee.yaml b/config/ffa-hafnium-optee.yaml new file mode 100644 index 0000000..30627b1 --- /dev/null +++ b/config/ffa-hafnium-optee.yaml @@ -0,0 +1,52 @@ +# Copyright (c) 2023, Arm Limited. +# SPDX-License-Identifier: MIT + +%YAML 1.2 +--- +description: >- + Brings together a software stack to demonstrate Arm FF-A running on FVP. + Includes TF-A in secure EL3 running SPMD(Secure Partition Manager + Dispatcher), Hafnium as secure Hypervisor at secure EL2 running SPMC + (Secure Partition Manager Core) and OPTEE as a secure partition/VM + in secure EL1 and Linux in Normal world. + +concrete: true + +layers: + - ns-edk2.yaml + - hafnium-base.yaml + - optee-base.yaml + - arch/v8.5.yaml + +build: + optee: + params: + CFG_CORE_SEL2_SPMC: y + CFG_CORE_ASYNC_NOTIF: y + CFG_CORE_HAFNIUM_INTC: y + CFG_ARM_GICV3: n + CFG_CORE_WORKAROUND_NSITR_CACHE_PRIME: n + + tfa: + repo: + # Temporary until we move tfa-base.yaml to release version with this + revision: a169b8fbc2b184f2a38e7c6ee29371407b15c634 + prebuild: + - cat < ${param:builddir}/sp_layout.json + - "{" + - "\"op-tee\" : {" + - "\"image\" : \"${artifact:OPTEE_PAGER_BIN}\"," + - "\"pm\" : \"${param:sourcedir}/plat/arm/board/fvp/fdts/optee_sp_manifest.dts\"" + - "}" + - "}" + - EOF + params: + # This DEPENDS_ON_PARAM is not used by TF-A but just to ensure OPTEE is + # built before TF-A though it is not used by TF-A directly but + # indirectly via SP_LAYOUT_FILE + DEPENDS_ON_PARAM: ${artifact:OPTEE_PAGER_BIN} + ARM_SPMC_MANIFEST_DTS: ${param:sourcedir}/plat/arm/board/fvp/fdts/fvp_spmc_optee_sp_manifest.dts + SP_LAYOUT_FILE: ${param:builddir}/sp_layout.json + BL32: ${artifact:HAFNIUM} + SPMD_SPM_AT_SEL2: 1 + SPD: spmd -- GitLab From d8dca6f64bf82c489e1e96211cd65f66c1fa7785 Mon Sep 17 00:00:00 2001 From: Sudeep Holla Date: Wed, 31 Jul 2024 15:12:36 +0100 Subject: [PATCH 5/6] test: Include OPTEE/FF-A with and without Hafnium/S-EL2 into test vector Two new configurations with FF-A and OPTEE is being added: 1. OPTEE as S-EL1 VM with TF-A in secure EL3 running SPMD and Hafnium as secure Hypervisor at secure EL2 running SPMC. 2. OPTEE in S-EL1 with TF-A in secure EL3 running SPMD and with secure EL2 disabled. FF-A SPMC runs inside OPTEE itself at secure EL1. Let us add both into the test vector for build and boot test coverage. Both DT and ACPI coverage is added though DT/ACPI nodes/tables don't carry anything FF-A specific in them as it is all discovered runtime. Signed-off-by: Sudeep Holla --- test/test.py | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/test/test.py b/test/test.py index 6bf64c9..6b906fb 100755 --- a/test/test.py +++ b/test/test.py @@ -57,6 +57,32 @@ CONFIGS = [ }, 'arch': {'start': 'v8.0', 'end': ARCH_LATEST}, }, + { + 'config': 'ffa-optee.yaml', + 'btvars': {}, + 'rtvars': { + 'dt': {'KERNEL': KERNEL, 'ROOTFS': ROOTFS}, + 'acpi': { + 'KERNEL': KERNEL, + 'ROOTFS': ROOTFS, + 'CMDLINE': '\"console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=dhcp acpi=force\"' + }, + }, + 'arch': {'start': 'v8.0', 'end': ARCH_LATEST}, + }, + { + 'config': 'ffa-hafnium-optee.yaml', + 'btvars': {}, + 'rtvars': { + 'dt': {'KERNEL': KERNEL, 'ROOTFS': ROOTFS}, + 'acpi': { + 'KERNEL': KERNEL, + 'ROOTFS': ROOTFS, + 'CMDLINE': '\"console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=dhcp acpi=force\"' + }, + }, + 'arch': {'start': 'v8.5', 'end': ARCH_LATEST}, + }, { 'config': 'ffa-tftf.yaml', 'btvars': {}, -- GitLab From d4cf9e217f81e2786affbcf4649df6c0fc85cfa1 Mon Sep 17 00:00:00 2001 From: Sudeep Holla Date: Wed, 31 Jul 2024 15:19:47 +0100 Subject: [PATCH 6/6] test: Expand the TFTF with FF-A config to all arch versions With v2.11, looks like the BL2 freeze doesn't exist anymore. Drop the restriction so that it can be tested on all versions above v8.5 Commit 0c86a846d914 ("fix(fconf): boot fails using ARM_ARCH_MINOR=8") in TF-A fixes the boot freeze via https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/25886 Signed-off-by: Sudeep Holla --- test/test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/test.py b/test/test.py index 6b906fb..e0b945b 100755 --- a/test/test.py +++ b/test/test.py @@ -94,7 +94,7 @@ CONFIGS = [ 'CMDLINE': '\"console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=dhcp acpi=force\"' }, }, - 'arch': {'start': 'v8.5', 'end': 'v8.7'}, # BL2 freezes from v8.8. Haven't traced root cause yet. + 'arch': {'start': 'v8.5', 'end': ARCH_LATEST}, }, { 'config': 'bootwrapper.yaml', -- GitLab