Rb3gen2: Add support for Open Boot firmware (TF-A, OP-TEE and U-Boot) build#1172
Conversation
b49020
requested review from
lumag,
mwasilew,
ndechesne,
ricardosalveti,
sbanerjee-quic and
vkraleti
as code owners
b49020
force-pushed
the
rb3gen2-open-boot-fw
branch
2 times, most recently
from
9104459 to
17e9dc2
Compare
|
Any ideas how can I fix the yocto run checks here? I have already added |
I'm not sure if ordering matters in KAS, but could you try changing the repo section to this? meta-arm:
url: https://git.yoctoproject.org/git/meta-arm
layers:
meta-arm-toolchain:
meta-arm:That's the only thing that stood out to me as a difference from a working config with meta-arm included. |
|
Check --dependency in ci/yocto-check-layer.sh |
b49020
force-pushed
the
rb3gen2-open-boot-fw
branch
from
17e9dc2 to
3474150
Compare
|
PR updated to incorporate review comments. |
b49020
force-pushed
the
rb3gen2-open-boot-fw
branch
5 times, most recently
from
972dc21 to
be39af5
Compare
|
Although I have fixed the CI issues which were related to this PR however the current CI failure: doesn't seem to be related to this PR, any ideas? |
|
This was maybe because of the OE-core updated last night, there are some kernel changes on that. I will take a look on the fail. |
|
Should be fixed with #1186 |
|
Please rebase. |
b49020
force-pushed
the
rb3gen2-open-boot-fw
branch
from
be39af5 to
2376dc9
Compare
b49020
force-pushed
the
rb3gen2-open-boot-fw
branch
from
c2968f7 to
e391c1c
Compare
Test run workflowTest jobs for commit e391c1c14cdbad83545875a7ea5e460b703431fc
All jobs summary
|
Sure, sounds good. |
Built fine here without your latest commit: |
b49020
force-pushed
the
rb3gen2-open-boot-fw
branch
3 times, most recently
from
a448223 to
48dd6ec
Compare
Not sure what was the issue earlier but the build failed for me as well in the CI too. Now I am also not able to reproduce the issue. So I have dropped that last initramfs fix patch. |
|
PLease rebase to resolve the conflict. |
Test run workflowTest jobs for commit 48dd6ecbbf48dac98d9f0d3cd4356ae2c66fc36c
All jobs summary
|
meta-arm provides the base recipes for open boot firmware on Arm based platforms. So lets add meta-arm as an optional dependency via dynamic layers such that Qcom targets can start using open boot firmware stack. Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Add OP-TEE recipes override for RB3Gen2 leveraging the base recipes from meta-arm. Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Add OP-TEE packagegroup to add all the OP-TEE components if machine supports OP-TEE feature. Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Add RB3Gen2 platform specific support leveraging base trusted-firmware-a recipes from meta-arm. It allows to generate unsigned bl2.elf and test signed fip.elf as per TF-A documentation here [1]. [1] https://github.com/qualcomm-linux/trusted-firmware-a/blob/qcom-next/docs/plat/qti/rb3gen2.rst Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Add support for new RB3Gen2 machine type with support for open boot firmware based on TF-A, OP-TEE and U-Boot. Right now the build generates 2 firmware payloads as bl2.elf (unsigned) and fip.elf (test signed using qtestsign). It is required to sign bl2.elf with QTI signature using sectools but in future the plan is to drop QTI signature requirement with an updated release of XBL/XBL-SEC. Once signing is done, one need to update following binaries in qcomflash tarball and then proceed with QDL flashing: - tz.mbn -> bl2.mbn - uefi.elf -> fip.elf Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Add KAS configuration file for RB3Gen2 with open boot firmware machine type. With open boot firmware stack, UEFI boots up Linux in EL2 mode by default and that is the only supported option as of now compliant with Arm SystemReady standards. Hence, Linux with KVM enabled is the only supported configuration. Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
b49020
force-pushed
the
rb3gen2-open-boot-fw
branch
from
48dd6ec to
4b07167
Compare
PR rebased, thanks |
Maybe it got fixed in oe-core, now that the kernel is not depending on the initrd anymore. |
|
Thanks, took a while but we can merge this now :-) |
|
Hello everyone, I am an operating systems engineer from Radxa. We are currently looking to begin using Open Boot firmware on our Qualcomm products such as SBCs, so our users and customers can customize their own boot firmware and, together with more people, make them better. |
|
Thanks @CodeChenL for your report, can you rather create an issue under Qcom TF-A staging tree (https://github.com/qualcomm-linux/trusted-firmware-a/issues) here such that the status can be tracked? |
Thank you for your reply. After our testing and discussion, we have decided to shift our development focus to upstream EDK2. I have already ported an MMC driver and successfully booted the system using it. Thank you all for your work; it's truly great and has set a good precedent for us |
|
@CodeChenL I assume you would have used following command to sign TF-A BL2: actually I am able to reproduce the issue you are seeing here on RB3Gen2. Looks like OEM only signing feature in XBL_SEC is leading to this issue. The QTI signed BL2 works fine though. We will keep digging into this issue, I have filed one here: qualcomm-linux/trusted-firmware-a#19 so you can keep track of status there.
PRs are always welcome to upstream edk2 project extending Qcom platforms support. I hope the open boot stack effort is valuable to your customers/developers. |
When i complete the basic functionality and pass our internal team's code quality review, I will submit them to the upstream EDK2 |
9 participants
Currently the open boot firmware stack has only been enabled on RB3Gen2 platform which can be built using following:
And currently the boot stack includes TF-A, OP-TEE and U-Boot. In future the plan is to enable upstream edk2 as well. Along with that the next target for open boot firmware is Lemans based IoT EVK platform.
Right now the build generates 2 firmware payloads as bl2.elf (unsigned) and fip.elf (test signed using qtestsign). It is required to sign bl2.elf with QTI signature using sectools but in future the plan is to drop QTI signature requirement with an updated release of XBL/XBL-SEC.
Once signing is done, one need to update following binaries in qcomflash tarball and then proceed with QDL flashing: