Dear All,
My name is Nguyen Duc Hoa, come from Vietnam.
I am working on Zynq Zybo-Z7 for porting optee to secure world. I just had a trouble when Op-TEE OS is loading the kernel image(zImage).
Below image is my flow.
I refered from below topic and build up my system.
https://github.com/OP-TEE/optee_os/issues/1887
"U-Boot will load TEE and zImage, so need to verify the two images in U-Boot. `kernel_entry` will run into the address passed to bootm. When optee returns back, it will directly runs into the load address of zImage and continue booting kernel. "
But on my side, in stage of booting kernel, I got an "kernel panic". (full log is attached)
Following is how I did it:
1. Build OP-TEE with:
make PLATFORM=zynq7k CROSS_COMPILE="ccache arm-linux-gnueabihf-" ARCH=arm CFG_TEE_CORE_LOG_LEVEL=4 CFG_DT_ADDR=0x02A00000 CFG_DT=y CFG_TEE_TA_MALLOC_DEBUG=y CFG_TEE_CORE_MALLOC_DEBUG=y CFG_TEE_CORE_USER_MEM_DEBUG=4 CFG_TEE_TA_LOG_LEVEL=4 CFG_NS_ENTRY_ADDR=0x03000000
arm-linux-gnueabihf-objcopy -O binary tee.elf tee.bin
2. Use mkimage to produce the uTee image. Make it looks like uImage so the bootm command can boot it.
./mkimage -A arm -O linux -C none -a 0x3E000000 -e 0x3E000000 -d tee.bin uTee
3. Make the linux kernel use xilinx_zynq_defconfig
Enable OpTee and EARLYCON
# OPTEE stuff CONFIG_TEE=y CONFIG_OPTEE=y CONFIG_ARM_PSCI_FW=y CONFIG_HAVE_ARM_SMCCC=y CONFIG_SERIAL_EARLYCON=y
+ DTS file is attached
+ Make kernel by below command make ARCH=arm xilinx_zynq_defconfig CROSS_COMPILE=arm-linux-gnueabihf- make ARCH=arm
4. In u-boot kernel, load everything in place and use bootm to enter OP-TEE
mmcinfo ; fatload mmc 0 0x03000000 zImage ; fatload mmc 0 0x02A00000 zImage-zynq-zybo-z7.dtb ; fatload mmc 0:1 0x3E000000 uTee; setenv bootargs earlyprintk console=ttyPS0,115200 root=/dev/mmcblk0p2 rw rootwait ; bootm 0x3E000000 - 0x02A00000 ;
*** QUESTIONS *** 1. Is this flow correct?
2. I refer to this thread mail https://lists.linaro.org/pipermail/tee-dev/2015-September/000176.html
and I saw that in my side, after back to non secure world, it seem to be u-boot's environment variables was changed.
For purpose of booting kernel, I must keep the u-boot's context and OpTEE OS switch to non-secure world this context will be restore, do I?
So anyone have better understanding about this flow, it will be helpful for my further development.
Thank you very much in advance.