View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007033 | UBoot | NBoot | public | 2025-12-17 14:27 | 2025-12-17 14:38 |
| Reporter | Keller | Assigned To | |||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | new | Resolution | open | ||
| Product Version | v2024.04-fus1.2 | ||||
| Target Version | u-boot-2024.04-next | ||||
| Summary | 0007033: fsimx8mm/mn/mp: Add option to group ATF/TEE with U-Boot image | ||||
| Description | In the past, ATF and opTEE were part of the NBoot image. However ATF and opTEE change from time to time and new functions in U-Boot and Linux rely on these new features, making it necessary to update NBoot just for the sake of ATF/opTEE. If customers wanted to have their own version of ATF or opTEE, they even had to maintain their own NBoot version. Add a way to update ATF/opTEE independently, for example as part of U-Boot, like on i.MX9. | ||||
| Forum Link | |||||
|
|
Git commit e332d4f4786e62abebf1511ffea2a6685d54175f fsimx8mm/mn/mp: Add extra region for ATF/TEE: In the future, it should be possible to update ATF and TEE separately from NBoot. This means the current NBoot layout, where ATF and TEE are part of the FIRMWARE sub-image, is not suited very well anymore. Move ATF and TEE to a separate ATF region in flash memory. This region is defined by two new entries atf-start and atf-size in nboot-info.dtsi. The new property "support-u-atf" indicates the presence of these values. As the FIRMWARE sub-image now only consists of DRAM-INFO, it can be dropped completely. From now on, DRAM-INFO, ATF and TEE are directly sub-images of NBOOT. See layout in fs_image_spl.c. For quite a while, only one DRAM-FW and one DRAM-TIMING are stored in flash memory. So even the DRAM-TYPE sub-image is no longer necessary in flash. This results in the following rather simple flash layout: SPL-Region: +------------------------------+--- spl-start | SPL | spl-size +------------------------------+--- NBOOT-Region +------------------------------+--- nboot-start | BOARD-CFG (board-id) | +------------------------------+ | DRAM-FW (type) | nboot-size +------------------------------+ | DRAM-TIMING (ram-chip) | +------------------------------+--- ATF-Region (neu) +------------------------------+--- atf-start | ATF/U-ATF (arch) | +------------------------------+ atf-size | TEE/U-TEE (arch) (optional) | +------------------------------+--- UBOOT-Region +------------------------------+--- uboot-start | U-BOOT (arch) | uboot-size +------------------------------+--- However, the missing group headers that held the total size of the images in the past make it impossible to still load the images from flash with the same state machine that is used for SDP-streaming via USB. This results in the following changes: - Change layout description and move from fs_image_common.c to fs_image_spl.c. - Change nboot Makefiles for fsimx8mm/mn/mp to create the new layout without the FIRMWARE sub-image. - Add support-u-atf, atf-start and atf-size to nboot-info for these architectures. - Enhance fs_image_get_nboot_info_nand/mmc() to also parse these new entries. - Change fsimage_imx8_save() to handle the new layout in the downloaded file as well as in flash memory. - Change fsimage_imx8_load() to handle the new layout in flash memory. - Change state machine for SDP streaming to handle the new layout without FIRMWARE sub-image. - Change fs_image_load_system() to load from flash without the state machine. Add functions fs_image_load_system_copy() to load a full copy from NBOOT and ATF regions and fs_image_load_system_sub() to load and validate one sub-image. Remove fs_image_loop() that is no longer needed. |
|
|
Git commit: 0df734826c9904055cfd288bf4d6957fe518b9ae fsimx8mm/mn/mp: Add support for U-ATF and U-TEE On fsimx8mm/mn/mp, ATF and TEE have been part of NBoot in the past. This had the disadvantage that ATF and TEE could not be updated without updating the rest of NBoot, too. Which meant that customers were forced to handle an own NBoot if they wanted to have an own ATF or TEE version. This commit adds the possibility to optionally group ATF/TEE with U-Boot. By setting CONFIG_FS_ADD_ATF_TO_UBOOT, a new target uboot-atf.fs is built that also holds ATF (and TEE if activated). Of course these files have to be present in board/F+S/NXP-Firmware in this case. This new image has a new F&S header U-BOOT-ATF and groups the U-ATF, the optional U-TEE and the unmodified U-BOOT sub-images. U-ATF and U-TEE stand for "User ATF" and "User TEE" in contrast to the regular now-called System ATF and System TEE images that are still part of every NBoot image. You can also think of U-ATF/U-TEE as images being part of U-Boot. +------------------------------+ | U-BOOT-ATF (arch) | | +--------------------------+ | | U-ATF (arch) | | +--------------------------+ | | U-TEE (arch) (optional) | | +--------------------------+ | | U-BOOT (arch) | +------------------------------+ As long as only regular U-BOOT images are installed, the system behaves as before. But at the moment where there is a U-BOOT-ATF image installed, the U-ATF and U-TEE images replace the previous system images. From then on, the regular ATF and TEE images are ignored when storing a new NBoot version, keeping the user versions. Which means U-ATF and U-TEE now logically belong to the user and can be updated together with U-Boot by saving U-BOOT-ATF images. However it is still possible to just update U-Boot with a regular U-BOOT image. By using option -s (for "System-ATF") in command fsimage save, this behaviour can be reverted. If -s is given when saving NBoot, then the ATF and TEE of NBoot are saved again, restoring the original behavior. If option -s is given when saving an U-BOOT-ATF image, the U-ATF and U-TEE given there are ignored, which means such an image can also be used to just update U-Boot, keeping the System ATF/TEE images. Remark: When downloading software with uuu, the board gets NBoot and U-Boot in one go, which means the behavior stays as before. It uses the System ATF/TEE from NBoot and cannot accept a U-BOOT-ATF image. The following changes are needed to achieve this: - Add option CONFIG_FS_ADD_ATF_TO_UBOOT to board/F+S/common/Kconfig. - Add rules to build U-BOOT-ATF to the global Makefile. - Add handling for U-ATF and U-TEE in fs_image_load_system_copy() in board/F+S/common/fs_image_spl.c. The following changes are in cmd/fsimage.c: - Add function fs_image_is_u_atf() to verify if the stored ATF is a System ATF or a User U-ATF. TEE is always handled exactly the same as ATF, so no extra check is needed there. - Add Option -s to do_fsimage_save(). Add explanation to fsimage command help text. - In fsimage_imx8_save(), add handling for U-ATF/U-TEE, once when saving NBoot, but also when loading U-Boot in case it has to be relocated. - In do_fsimage_save_uboot(), handle U-ATF/U-TEE if U-BOOT-ATF image is found to be stored. - In fsimage_imx8_load(), skip loading ATF/TEE if U-ATF/U-TEE is present in flash memory. - In fs_image_load_uboot(), build a U-BOOT-ATF instead of U-BOOT image in RAM if U-ATF/U-TEE are present in flash memory. |
