Rb3gen2: Add support for Open Boot firmware (TF-A, OP-TEE and U-Boot) build #1172
Conversation
b49020
requested review from
lumag,
mwasilew,
ndechesne,
ricardosalveti,
sbanerjee-quic and
vkraleti
as code owners
b49020
force-pushed
the
rb3gen2-open-boot-fw
branch
2 times, most recently
from
9104459 to
17e9dc2
Compare
|
Any ideas how can I fix the yocto run checks here? I have already added |
I'm not sure if ordering matters in KAS, but could you try changing the repo section to this? meta-arm:
url: https://git.yoctoproject.org/git/meta-arm
layers:
meta-arm-toolchain:
meta-arm:That's the only thing that stood out to me as a difference from a working config with meta-arm included. |
|
Check --dependency in ci/yocto-check-layer.sh |
b49020
force-pushed
the
rb3gen2-open-boot-fw
branch
from
17e9dc2 to
3474150
Compare
|
PR updated to incorporate review comments. |
b49020
force-pushed
the
rb3gen2-open-boot-fw
branch
5 times, most recently
from
972dc21 to
be39af5
Compare
|
Although I have fixed the CI issues which were related to this PR however the current CI failure: doesn't seem to be related to this PR, any ideas? |
|
This was maybe because of the OE-core updated last night, there are some kernel changes on that. I will take a look on the fail. |
|
Should be fixed with #1186 |
|
Please rebase. |
Open boot firmware recipes for TF-A and OP-TEE comes from meta-arm, so lets add an explicit dependency on meta-arm. Signed-off-by: Sumit Garg <[email protected]>
Add RB3Gen2 platform specific support leveraging base trusted-firmware-a recipes from meta-arm. It allows to generate unsigned bl2.elf and test signed fip.elf as per TF-A documentation here [1]. [1] https://github.com/qualcomm-linux/trusted-firmware-a/blob/qcom-next/docs/plat/qti/rb3gen2.rst Signed-off-by: Sumit Garg <[email protected]>
Add OP-TEE recipes override for RB3Gen2 leveraging the base recipes from meta-arm. Also, enable TF-A build to consume OP-TEE OS as the BL32 image. Signed-off-by: Sumit Garg <[email protected]>
U-Boot is an option for BL33 payload with TF-A, so let's add the corresponding RB3Gen2 U-Boot recipe support. Along with that let's limit RB1 changes to the corresponding machine. Signed-off-by: Sumit Garg <[email protected]>
Add support for open boot firmware based on TF-A, OP-TEE and U-Boot specific machine features for RB3Gen2. Signed-off-by: Sumit Garg <[email protected]>
Currently the open boot firmware stack has only been enabled on RB3Gen2 platform which can be built using following: $ kas build ci/qcs6490-rb3gen2-core-kit.yml:ci/open-boot-firmware.yml And currently the boot stack includes TF-A, OP-TEE and U-Boot. In future the plan is to enable upstream edk2 as well. Along with that the next target for open boot firmware is Lemans based IoT EVK platform. Right now the build generates 2 firmware payloads as bl2.elf (unsigned) and fip.elf (test signed using qtestsign). It is required to sign bl2.elf with QTI signature using sectools but in future the plan is to drop QTI signature requirement with an updated release of XBL/XBL-SEC. Once signing is done, one need to update following binaries in qcomflash tarball and then proceed with QDL flashing: - tz.mbn -> bl2.mbn - uefi.elf -> fip.elf Signed-off-by: Sumit Garg <[email protected]>
At this point due to QTI signature requirement, the LAVA boot test for RB3Gen2 can't be enabled. However, lets add the CI build test with open boot firmware. Signed-off-by: Sumit Garg <[email protected]>
b49020
force-pushed
the
rb3gen2-open-boot-fw
branch
from
be39af5 to
2376dc9
Compare
|
PR rebased, thanks @quaresmajose for the CI fix. |
|
The CI is all green now, a gentle ping for any further comments here. |
| MACHINE_ESSENTIAL_EXTRA_RRECOMMENDS += " \ | ||
| packagegroup-rb3gen2-firmware \ | ||
| packagegroup-rb3gen2-hexagon-dsp-binaries \ | ||
| packagegroup-optee \ |
There was a problem hiding this comment.
we probably don't want when optee is not enabled/available. no?
There was a problem hiding this comment.
I added checks for "optee" as a machine feature within the "packagegroup-optee" since yocto-check-layers complained about it. Adding a machine feature check here felt redundant but I can add it if you want.
There was a problem hiding this comment.
i see. I think it should be the other way around. packagegroup-optee should include them always, and we should include the packagegroup here only when optee is enabled.
There was a problem hiding this comment.
I did that initially, but yocto-check-layers complained about "packagegroup-optee" as an independent entity since a machine compatible is required to build optee-test and others.
There was a problem hiding this comment.
we need to figure out if this is the right thing to do..
There was a problem hiding this comment.
Okay, let me add machine check here as well for consistency.
| qcom/qcs6490-rb3gen2-vision-mezzanine.dtb \ | ||
| " | ||
|
|
||
| EXTRA_IMAGEDEPENDS += "${@bb.utils.contains('MACHINE_FEATURES', 'tfa', 'trusted-firmware-a', '', d)}" |
There was a problem hiding this comment.
is tfa a new MACHINE_FEATURE?
There was a problem hiding this comment.
Yeah, it is a new machine feature since you asked for it in previous review.
There was a problem hiding this comment.
we should document them, somehow, somewhere..
There was a problem hiding this comment.
Okay, I can document them here conf/machine/include/qcom-common.inc.
|
|
||
| local_conf_header: | ||
| firmware: | | ||
| MACHINE_FEATURES:qcm6490:append = " tfa optee u-boot" |
There was a problem hiding this comment.
I don't know if it's a functional difference or not.. but we usually put the :append or :prepend first in the list of overrides.
There was a problem hiding this comment.
I don't like changing the MACHINE config in the KAS config file. I would rather have a difference machine, what do you think?
There was a problem hiding this comment.
I don't think having a different machine makes sense here. Since here we are building a different boot firmware (open vs closed source) for the same machine like we do for supporting different kernel versions for the same machine.
but we usually put the :append or :prepend first in the list of overrides.
Sure, I will fix that.
There was a problem hiding this comment.
I don't know if it's a functional difference or not.. but we usually put the :append or :prepend first in the list of overrides.
It is: foo:soc:append appends to foo:soc, which then override full foo value. foo:append:soc: makes foo:append work only on soc, which then appends to the existing foo variable without redefining it completely.
I also don't like the idea of changing MACHINE_FEATURES here. I'd prefer if we have enabled MACHINE_FEATURES for all machines that support TF-A and then used COMBINED_FEATURES in order to determine whether to use a normal boot flow or a TF-A based one.
There was a problem hiding this comment.
I like the COMBINED_FEATURES.
We will then need to decide if we have an 'open boot' distro ;)
There was a problem hiding this comment.
It feels like we are moving in a direction to build open boot firmware and package closed boot firmware during a common build like for RB3Gen2 in this case. The build artifacts will contain both but what is present in the device flashing tarball is based on open-boot feature present in COMBINED_FEATURES. Does that sound reasonable?
| required: true | ||
| kernel_dirname: | ||
| required: true | ||
| firmware_dirname: |
There was a problem hiding this comment.
having a new machine would simplify the CI config here.
There was a problem hiding this comment.
Yeah, but we already have different kernel versions built. I think similarly we can support open vs closed firmware builds. However, adding new machine for just open boot firmware will just make all the supported CI artifacts 2x the current number. So, I think current approach in this PR is more scalable.
There was a problem hiding this comment.
I don't understand why it would double the artifacts.
I don't really like how we add 'variants' for kernel and now firmware in the CI config. Perhaps we can combine the kernel and firmware into a 'variant' attribute, so that we don't keep adding more and more in there?
There was a problem hiding this comment.
I don't understand why it would double the artifacts.
I mean if we add a new machine here then all the different distro and kernel versions will have to be built twice.
Perhaps we can combine the kernel and firmware into a 'variant' attribute, so that we don't keep adding more and more in there?
I am mostly interested to run open boot firmware builds using qcom-next kernel since for fully feature complete we will be contributing patches in kernel for OP-TEE support to enable all the peripherals. So, let me know how you would like to see the variants here.
| BBFILE_PRIORITY_qcom = "6" | ||
|
|
||
| LAYERDEPENDS_qcom = "core" | ||
| LAYERDEPENDS_qcom = "core meta-arm" |
There was a problem hiding this comment.
Well... If OP-TEE is not a required feature, this should be handled via dynamic layers rather than layer dependency
There was a problem hiding this comment.
No please, boot firmware is an essential component of any Yocto BSP layer. The fact that meta-qcom uses proprietary boot firmware blobs is unfortunate. Here, meta-arm is providing the common recipes for TF-A, OP-TEE as well as edk2 for Arm based platforms is an essential dependency as we are starting to support open boot stack on Qcom platforms.
Have a look at meta-ti for your reference here [1].
[1] https://git.yoctoproject.org/meta-ti/tree/meta-ti-bsp/conf/layer.conf
There was a problem hiding this comment.
I'd still ask it to be handled via a dynamic layer inside meta-qcom. We try to depend only on OE-Core, however we use other layers to provide extended functionality.
There was a problem hiding this comment.
Sorry but this isn't extended functionality but an essential function of the BSP layer to allow building boot firmware from source.
There was a problem hiding this comment.
At this point, the basic functionality is to use the blobs. I welcome the usage of OS components and OP-TEE, but I don't want to enforce that dependency on everybody.
There was a problem hiding this comment.
At this point, the basic functionality is to use the blobs.
Is that what
meta-qcomas an open source BSP layer would enforce its users to use by default even if the open boot stack becomes a viable option in future?but I don't want to enforce that dependency on everybody.
But you are ready to enforce a practice not at all followed by other open source BSP layers? What extra burden do you think meta-arm brings which isn't there for say meta-ti layer?
At this point OP-TEE & TF-A - based stack:
- is not enabled by default on any of the platforms
- doesn't work out of the box outside of QTI
- is provided for a single SoC
Having all of that in mind, as I wrote, I'd welcome the introduction of TF-A & OP-TEE based boot stack (and documenting that in the README), but I don't want to make everybody pull in that dependency. When it's decided that the open boot stack is a default option for any of the targets, we can flip it.
There was a problem hiding this comment.
is not enabled by default on any of the platforms
What do you mean by default here? One that is enforced by Qualcomm for every OEM? Or rather we give OEMs the choice to select among open vs closed boot firmware stacks. There are already various IoT and Auto OEMs asking for the open boot firmware stack.
doesn't work out of the box outside of QTI
As I said this is being worked upon to enable it outside QTI. Also, the next step for me is to add support for upstream edk2 whose recipes are also currently provided by meta-arm which will work out of the box as of now.
is provided for a single SoC
As I said in the PR itself, the plan is to support Kodiak and Lemans initially, but it will be scalable to other SoCs too with less effort.
but I don't want to make everybody pull in that dependency.
Sooner or later, we need to add that dependency as otherwise how can we enable OEMs to build open boot stack in the same build environment.
When it's decided that the open boot stack is a default option for any of the targets, we can flip it.
As I said above, we should really be offering a choice for OEMs to build open boot stacks. And I don't understand when you would feel it's the right time to flip. You need to really understand; the open boot firmware stack is an essential feature of any open source Yocto BSP layer which people expect to be available by default.
There was a problem hiding this comment.
is not enabled by default on any of the platforms
What do you mean by default here? One that is enforced by Qualcomm for every OEM? Or rather we give OEMs the choice to select among open vs closed boot firmware stacks. There are already various IoT and Auto OEMs asking for the open boot firmware stack.
OEM devices are not supported by this layer. Inside this layer we provide generic code and also support for Qualcomm-manufactured devices. I know that there are use-cases which require OP-TEE and TF-A. But I really don't understand what you are arguing here about.
doesn't work out of the box outside of QTI
As I said this is being worked upon to enable it outside QTI.
That doesn't change the current status of these changes.
Also, the next step for me is to add support for upstream edk2 whose recipes are also currently provided by meta-arm which will work out of the box as of now.
That's perfect and really interesting.
is provided for a single SoC
As I said in the PR itself, the plan is to support Kodiak and Lemans initially, but it will be scalable to other SoCs too with less effort.
Great.
but I don't want to make everybody pull in that dependency.
Sooner or later, we need to add that dependency as otherwise how can we enable OEMs to build open boot stack in the same build environment.
When it's decided that the open boot stack is a default option for any of the targets, we can flip it.
As I said above, we should really be offering a choice for OEMs to build open boot stacks. And I don't understand when you would feel it's the right time to flip. You need to really understand; the open boot firmware stack is an essential feature of any open source Yocto BSP layer which people expect to be available by default.
As I wrote, I don't understand, what we are arguing here. Please move your changes under dynamic-layers/meta-arm-bsp/ and add meta-arm-bsp to LAYERRECOMMENDS. I'm not asking you to drop the changes. I'm asking you to allow people to use meta-qcom without pulling in extra layers if they don't need them.
There was a problem hiding this comment.
As I wrote, I don't understand, what we are arguing here.
I think here the main point of argument is to keep meta-arm layer in the dependency list of meta-qcom since we need to reuse the BSP recipes for TF-A, OP-TEE and edk2. Let others also chime in about what they think here. I think I have made my arguments here.
Please move your changes under dynamic-layers/meta-arm-bsp/ and add meta-arm-bsp to LAYERRECOMMENDS.
The TF-A, OP-TEE and edk2 changes belong to the Qcom BSP layer and not to the Arm BSP layer. I will reiterate the example for meta-ti here.
There was a problem hiding this comment.
Please move your changes under dynamic-layers/meta-arm-bsp/ and add meta-arm-bsp to LAYERRECOMMENDS.
The TF-A, OP-TEE and edk2 changes belong to the Qcom BSP layer and not to the Arm BSP layer. I will reiterate the example for meta-ti here.
meta-qcom/dynamic-layers/meta-arm-bsp/. This is a standard way of making recipes / appends depend on another layer without making it a layer dependency. See https://github.com/openembedded/meta-openembedded/tree/master/meta-oe/dynamic-layers
| @@ -0,0 +1,9 @@ | |||
| SRC_URI += "https://github.com/coreboot/qc_blobs/raw/refs/heads/master/sc7280/qtiseclib/libqtisec.a;name=qtiseclib" | |||
There was a problem hiding this comment.
What is the licence for the blob? Does it change the licence of the generated binary?
There was a problem hiding this comment.
The license for this blob can be found here: https://github.com/coreboot/qc_blobs/blob/master/sc7280/qtiseclib/LICENSE.
Does it change the licence of the generated binary?
AFAIK, it doesn't change the overall TF-A project license but rather it is required for the binary components to be compliant with the TF-A license terms, see here: https://trustedfirmware-a.readthedocs.io/en/latest/process/contributing.html#binary-components
There was a problem hiding this comment.
Still the licence should be included in SBOM, etc., so it should be properly annotated.
Also we have to comply to the licensing terms. E.g.:
(iii) redistribution of the Redistributable Binary Code must include the .txt file setting forth the terms and condition of this Agreement;
| DEPENDS += "qtestsign-native" | ||
|
|
||
| MACHINE_TFA_QCOM_REQUIRE ?= "" | ||
| MACHINE_TFA_QCOM_REQUIRE:qcm6490 = "trusted-firmware-a-qcm6490.inc" |
There was a problem hiding this comment.
Will it work on other qcm6490-based machines (e.g. IDP, Tachyon or RubkPi)?
There was a problem hiding this comment.
Yeah, the TF-A/OP-TEE port is specific to the SoC. However, we need to make sure that the OEM hardware is running a QLI based boot firmware release where we can replace boot chain components with open-source ones.
BTW, I have been waiting to get my hands-on with one of these boards as well to run open boot stack.
| TFA_SPD = "opteed" | ||
| EXTRA_OEMAKE:append = " \ | ||
| QTISECLIB_PATH=${UNPACKDIR}/libqtisec.a \ | ||
| BL32=${RECIPE_SYSROOT}/${nonarch_base_libdir}/firmware/tee-raw.bin \ |
There was a problem hiding this comment.
If you change the order of the commits, you won't have to change the file that you have just added.
There was a problem hiding this comment.
This commit adds OP-TEE support to the TF-A recipe added by previous commit. So, I am not sure what do you meant by reordering commits here.
There was a problem hiding this comment.
- Add OP-TEE as a recipe
- Add TF-A, which uses OP-TEE among other dependencies
| @@ -0,0 +1,3 @@ | |||
| SRCBRANCH = "qcom-next" | |||
| MACHINE_ESSENTIAL_EXTRA_RRECOMMENDS += " \ | ||
| packagegroup-rb3gen2-firmware \ | ||
| packagegroup-rb3gen2-hexagon-dsp-binaries \ | ||
| packagegroup-optee \ |
|
|
||
| EXTRA_IMAGEDEPENDS += "${@bb.utils.contains('MACHINE_FEATURES', 'tfa', 'trusted-firmware-a', '', d)}" | ||
| PREFERRED_PROVIDER_virtual/bootloader = "${@bb.utils.contains('MACHINE_FEATURES','u-boot','u-boot','',d)}" | ||
| TFA_UBOOT:pn-trusted-firmware-a = "${@bb.utils.contains('MACHINE_FEATURES','u-boot','1','0',d)}" |
There was a problem hiding this comment.
It feels strange at a first glance that machine configuration (which should also define MACHINE_FEATURES) also depends on them. Please add a comment here, how is it expected to be enabled.
| url: https://git.yoctoproject.org/meta-arm | ||
| layers: | ||
| meta-arm: | ||
| meta-arm-toolchain: |
There was a problem hiding this comment.
So, building has beek broken for all previous commits. That's not nice
There was a problem hiding this comment.
That's a fair point, I will move this diff to first patch instead.
|
|
||
| local_conf_header: | ||
| firmware: | | ||
| MACHINE_FEATURES:qcm6490:append = " tfa optee u-boot" |
There was a problem hiding this comment.
I don't know if it's a functional difference or not.. but we usually put the :append or :prepend first in the list of overrides.
It is: foo:soc:append appends to foo:soc, which then override full foo value. foo:append:soc: makes foo:append work only on soc, which then appends to the existing foo variable without redefining it completely.
I also don't like the idea of changing MACHINE_FEATURES here. I'd prefer if we have enabled MACHINE_FEATURES for all machines that support TF-A and then used COMBINED_FEATURES in order to determine whether to use a normal boot flow or a TF-A based one.
| distro_name: | ||
| required: true | ||
| kernel_yaml: | ||
| required: true |
There was a problem hiding this comment.
At this point due to QTI signature requirement, the LAVA boot test for RB3Gen2
can't be enabled.
What does it mean? Can users build and deploy TF-A firmware? If not, this is just a dead code.
There was a problem hiding this comment.
Currently the developers within Qualcomm are able to generate QTI signed TF-A BL2 and deploy the TF-A firmware. So, it's definitely not a dead code.
For developers outside Qualcomm, we are expecting in the next QLI proprietary firmware blobs release (especially XBL_SEC), the QTI signature requirement for TF-A BL2 to be dropped. Then we should just be able to use qtestsign for that too.
There was a problem hiding this comment.
Currently the developers within Qualcomm are able to generate QTI signed TF-A BL2 and deploy the TF-A firmware. So, it's definitely not a dead code.
It is dead until one can use it to generate a fully working solution. If it requires extra signing step, it is of very limited use.
There was a problem hiding this comment.
If it requires extra signing step, it is of very limited use.
Sure, it's a temporary extra step until we enable the OEM only signed TZ image. But still, it's a good enough first step for people working within Qualcomm to collaborate while making the open boot firmware stack a reality on Qcom silicon.
| firmware: | ||
| type: additional | ||
| dirname: "+open-boot-firmware" | ||
| yamlfile: ":ci/open-boot-firmware.yml" |
There was a problem hiding this comment.
the yamlfile is unused. does not sound right.
| distro_name: ${{matrix.distro.name}} | ||
| kernel_yaml: ${{matrix.kernel.yamlfile}} | ||
| kernel_dirname: ${{matrix.kernel.dirname}} | ||
| firmware_dirname: ${{matrix.firmware.dirname}} |
There was a problem hiding this comment.
what I meant in my other comment is that instead of adding more and more config here (e.g. machine, distro, kernel, firmware, ...) I would prefer to have machine, distro and 'variants'
e.g.
- machine: qcs6490-rb3gen2-core-kit
distro:
name: qcom-distro
yamlfile: ':ci/qcom-distro.yml'
firmware:
type: additional
dirname: "+open-boot-firmware"
yamlfile: ":ci/open-boot-firmware.yml"
could be
- machine: qcs6490-rb3gen2-core-kit
distro:
name: qcom-distro
yamlfile: ':ci/qcom-distro.yml'
variants:
type: additional
dirname: "+open-boot-firmware"
yamlfile: ":ci/open-boot-firmware.yml"
so, combining a custom kernel and custom firmware:
- machine: qcs6490-rb3gen2-core-kit
distro:
name: qcom-distro
yamlfile: ':ci/qcom-distro.yml'
variants:
type: additional
dirname: "+linux-yocto-lts+open-boot-firmware"
yamlfile: ":ci/linux-yocto-lts.yml:ci/open-boot-firmware.yml"
There was a problem hiding this comment.
Sounds reasonable, I will use this format.
|
Just wanted to leave a comment here - I'm very glad to see this develop. GM and many of Qualcomm's other customers would strongly prefer a One extra item to note: if you don't have one already, you should consider setting up a uboot config that can be loaded with Sahara. That would allow customers to get away from Firehose, XBL, and flatbuilds in favor of more cross-platform solutions inside of uboot. |
7 participants
Currently the open boot firmware stack has only been enabled on RB3Gen2 platform which can be built using following:
And currently the boot stack includes TF-A, OP-TEE and U-Boot. In future the plan is to enable upstream edk2 as well. Along with that the next target for open boot firmware is Lemans based IoT EVK platform.
Right now the build generates 2 firmware payloads as bl2.elf (unsigned) and fip.elf (test signed using qtestsign). It is required to sign bl2.elf with QTI signature using sectools but in future the plan is to drop QTI signature requirement with an updated release of XBL/XBL-SEC.
Once signing is done, one need to update following binaries in qcomflash tarball and then proceed with QDL flashing: