一、概述
OP-TEE 是一个开源工程,完整的实现了一个可信执行环境。 主要包括 Secure world OS(optee_os)、normal world client(optee_client)、test suite(optee_test/xtest)以及 Linux 驱动部分。
OP-TEE 的全称是 Open-source Portable Trusted Execution Environment,其中 TEE(可信执行环境)是基于 trustzone 技术搭建的安全执行环境。该项目最初由意法半导体(ST)和爱立信发起,是一个专门的解决方案,后来由意法半导体拥有和维护。2014年,Linaro 开始与意法半导体合作,逐步将这个专有的 TEE 解决方案转换成一个开源的 TEE 解决方案。
ARM 公司提出的 trustzone 技术是用一根安全总线(称为 NS 位)来判断系统当前处于 secure world 还是 non-secure world 状态,状态的切换由 ATF(ARM Trusted Firmware)来完成。
二、编译官方代码
进入到optee的目录,里面有这几个文件
1.optee-os-stm32mp-3.19.0-stm32mp-r1-r0.tar.xz 源码压缩包
2.fonts.tar.gz 老实讲我不知道这是啥
3.Makefile.sdk
4.README.HOW_TO.txt 官方给的使用说明
5.series
6.0001-3.19.0-stm32mp-r1.patch 补丁
2.1 解压源码 、打补丁
/* 解压源码 */
tar xf optee-os-stm32mp-3.19.0-stm32mp-r1-r0.tar.xz /* 进入源码目录 */
cd cd optee-os-stm32mp-3.19.0-stm32mp-r1//* 解压不知名文件 */
tar xf ../fonts.tar.gz/* 打补丁 */
for p in `ls -1 ../*.patch`; do patch -p1 < $p; done2.2 修改Makefile.sdk
打开Makefile.sdk,把DEPLOYDIR目录改成这个:
DEPLOYDIR ?= $(SRC_PATH)/../../FIP_artifacts/optee
再把设备树改成这个:
CFG_EMBED_DTB_SOURCE_FILE ?= stm32mp135f-dk
2.3 配置编译环境
/* 加载环境 */
source /opt/st/stm32mp1/4.2.1-openstlinux-6.1-yocto-mickledore-mp1-v23.06.21/environment-setup-cortexa7t2hf-neon-vfpv4-ostl-linux-gnueabi/* 配置环境变量 */
export FIP_DEPLOYDIR_ROOT=$PWD/../../FIP_artifacts不要关了这个终端,它已经配置好了,关于这部分的配置,可以看上一篇关于TF-A的解释比较详细。
2.4 编译
make -f ../Makefile.sdk all最后提示我们:Missing u-boot-stm32mp135f-dk.dtb file in folder: '$FIP_DEPLOYDIR_UBOOT' or '$FIP_DEPLOYDIR_ROOT/u-boot'
没有关系,这是因为还没有编译u-boot,optee、TF-A、u-boot最后会一起打包的,忽视这个警告即可
三、移植
3.1 复制官方文件
/* 进入设备树目录 */
cd core/arch/arm/dts//* 复制文件 */
cp stm32mp13-pinctrl.dtsi stm32mp13-pinctrl-atk.dtsi
cp stm32mp135f-dk.dts stm32mp135-atk.dts打开stm32mp135-atk.dts文件,第一件事先把头文件修改了
// #include "stm32mp13-pinctrl.dtsi"
#include "stm32mp13-pinctrl-atk.dtsi"3.2 修改电源
这里和TF-A基本移植,删掉i2c4节点,然后增加我们自己的电源描述
首先找到i2c4这个节点,不要犹豫,把它全都删了,干干净净
&i2c4 {pinctrl-names = "default";pinctrl-0 = <&i2c4_pins_a>;i2c-scl-rising-time-ns = <185>;i2c-scl-falling-time-ns = <20>;clock-frequency = <400000>;status = "okay";pmic: stpmic@33 {compatible = "st,stpmic1";reg = <0x33>;status = "okay";st,wakeup-pin-number = <1>;st,notif-it-id = <0>;regulators {compatible = "st,stpmic1-regulators";buck1-supply = <&vin>;buck2-supply = <&vin>;buck3-supply = <&vin>;buck4-supply = <&vin>;ldo1-supply = <&vin>;ldo4-supply = <&vin>;ldo5-supply = <&vin>;ldo6-supply = <&vin>;vref_ddr-supply = <&vin>;pwr_sw1-supply = <&bst_out>;pwr_sw2-supply = <&v3v3_ao>;vddcpu: buck1 {regulator-name = "vddcpu";regulator-min-microvolt = <1250000>;regulator-max-microvolt = <1350000>;regulator-always-on;regulator-over-current-protection;lp-stop {regulator-suspend-microvolt = <1250000>;};lplv-stop {regulator-suspend-microvolt = <900000>;};lplv-stop2 {regulator-off-in-suspend;};standby-ddr-sr {regulator-off-in-suspend;};standby-ddr-off {regulator-off-in-suspend;};};vdd_ddr: buck2 {regulator-name = "vdd_ddr";regulator-min-microvolt = <1350000>;regulator-max-microvolt = <1350000>;regulator-always-on;regulator-over-current-protection;standby-ddr-off {regulator-off-in-suspend;};};vdd: buck3 {regulator-name = "vdd";regulator-min-microvolt = <3300000>;regulator-max-microvolt = <3300000>;regulator-always-on;st,mask-reset;regulator-over-current-protection;};vddcore: buck4 {regulator-name = "vddcore";regulator-min-microvolt = <1250000>;regulator-max-microvolt = <1250000>;regulator-always-on;regulator-over-current-protection;lplv-stop {regulator-suspend-microvolt = <900000>;};lplv-stop2 {regulator-suspend-microvolt = <900000>;};standby-ddr-sr {regulator-off-in-suspend;};standby-ddr-off {regulator-off-in-suspend;};};vdd_adc: ldo1 {regulator-name = "vdd_adc";regulator-min-microvolt = <3300000>;regulator-max-microvolt = <3300000>;standby-ddr-sr {regulator-off-in-suspend;};standby-ddr-off {regulator-off-in-suspend;};};unused1: ldo2 {regulator-name = "ldo2";};unused2: ldo3 {regulator-name = "ldo3";};vdd_usb: ldo4 {regulator-name = "vdd_usb";regulator-min-microvolt = <3300000>;regulator-max-microvolt = <3300000>;standby-ddr-sr {regulator-off-in-suspend;};standby-ddr-off {regulator-off-in-suspend;};};vdd_sd: ldo5 {regulator-name = "vdd_sd";regulator-min-microvolt = <3300000>;regulator-max-microvolt = <3300000>;regulator-boot-on;standby-ddr-sr {regulator-off-in-suspend;};standby-ddr-off {regulator-off-in-suspend;};};v1v8_periph: ldo6 {regulator-name = "v1v8_periph";regulator-min-microvolt = <1800000>;regulator-max-microvolt = <1800000>;standby-ddr-sr {regulator-off-in-suspend;};standby-ddr-off {regulator-off-in-suspend;};};vref_ddr: vref_ddr {regulator-name = "vref_ddr";regulator-always-on;standby-ddr-sr {regulator-off-in-suspend;};standby-ddr-off {regulator-off-in-suspend;};};bst_out: boost {regulator-name = "bst_out";};v3v3_sw: pwr_sw2 {regulator-name = "v3v3_sw";regulator-active-discharge = <1>;regulator-min-microvolt = <3300000>;regulator-max-microvolt = <3300000>;};};};
};再找到scmi_regu节点,不要犹豫,删他个干净
&scmi_regu {scmi_vddcpu: voltd-vddcpu {reg = <VOLTD_SCMI_STPMIC1_BUCK1>;voltd-supply = <&vddcpu>;};scmi_vdd: voltd-vdd {reg = <VOLTD_SCMI_STPMIC1_BUCK3>;voltd-supply = <&vdd>;};scmi_vddcore: voltd-vddcore {reg = <VOLTD_SCMI_STPMIC1_BUCK4>;voltd-supply = <&vddcore>;};scmi_vdd_adc: voltd-vdd_adc {reg = <VOLTD_SCMI_STPMIC1_LDO1>;voltd-supply = <&vdd_adc>;};scmi_vdd_usb: voltd-vdd_usb {reg = <VOLTD_SCMI_STPMIC1_LDO4>;voltd-supply = <&vdd_usb>;};scmi_vdd_sd: voltd-vdd_sd {reg = <VOLTD_SCMI_STPMIC1_LDO5>;voltd-supply = <&vdd_sd>;};scmi_v1v8_periph: voltd-v1v8_periph {reg = <VOLTD_SCMI_STPMIC1_LDO6>;voltd-supply = <&v1v8_periph>;};scmi_v3v3_sw: voltd-v3v3_sw {reg = <VOLTD_SCMI_STPMIC1_PWR_SW2>;voltd-supply = <&v3v3_sw>;};
};然后再根节点下面,vin:vin节点后面或者随便哪里,添加我们的电源,至于哪个vin和v3v3_ao要不要应该无所谓把,笔者已经把它删了
vddcore: vddcore {compatible = "regulator-fixed";regulator-name = "vddcore";regulator-min-microvolt = <1250000>;regulator-max-microvolt = <1250000>;regulator-off-in-suspend;regulator-always-on;};vddcpu: vddcpu {compatible = "regulator-fixed";regulator-name = "vddcpu";regulator-min-microvolt = <1350000>;regulator-max-microvolt = <1350000>;regulator-off-in-suspend;regulator-always-on;}; v3v3: v3v3 {compatible = "regulator-fixed";regulator-name = "v3v3";regulator-min-microvolt = <3300000>;regulator-max-microvolt = <3300000>;regulator-off-in-suspend;regulator-always-on;};vdd: vdd {compatible = "regulator-fixed";regulator-name = "vdd";regulator-min-microvolt = <3300000>;regulator-max-microvolt = <3300000>;regulator-off-in-suspend;regulator-always-on;};vdd_usb: vdd_usb {compatible = "regulator-fixed";regulator-name = "vdd_usb";regulator-min-microvolt = <3300000>;regulator-max-microvolt = <3300000>;regulator-off-in-suspend;regulator-always-on;};3.3 删除其它
usart1节点、wakeup_pin_5、tamp节点、ltdc节点、gpiob、gpiod、gpioe、gpioi,
以及aliases节点下的serial1=&usart1。这些都可以删掉,不删掉应该也不大关系。然后根节点下model和compatible可以改成我们自己的板子的信息。
3.4 追加hse
在末尾追加一个节点
&clk_hse {st,digbypass;
};3.5 stm32mp13-pinctrl-atk.dtsi
这个文件改不改都行,笔者直接不改也能跑,要改的话只剩一个usart4的就可以了
四、编译
先去Makefile.sdk里面,把设备树改成我们的板子
CFG_EMBED_DTB_SOURCE_FILE ?= stm32mp135-atk
还记得刚才打开没关闭的终端吗?如果关了,那就要重新设置环境变量了哦!回到2.3节的第二步,重新把环境变量设置好,然后编译
make -f ../Makefile.sdk all可以看到 FIP_artifacts/optee多了三个文件:
1.tee-header_v2-stm32mp135-atk.bin
2.tee-pageable_v2-stm32mp135-atk.bin
3.tee-pager_v2-stm32mp135-atk.bin
