u-boot-toradex.git/lib/optee, branch master U-Boot bootloader for Apalis and Colibri modules optee: Correct dependencies for BOOTM_OPTEE 2026-04-03T18:06:07+00:00 Tom Rini trini@konsulko.com 2026-03-20T17:24:58+00:00 0b1a79350212d0d166135bcfa4dd3a2cfbdc59ce As exposed by "make randconfig", we have an issue with the dependencies for BOOTM_OPTEE. This symbol needs to select BOOTM_LINUX and in turn depend on the library symbols that have to be enabled for BOOTM_LINUX to be valid (LIB_BOOTI, LIB_BOOTM and LIB_BOOTZ). Reviewed-by: Marek Vasut <marek.vasut+renesas@mailbox.org> Signed-off-by: Tom Rini <trini@konsulko.com> 
As exposed by "make randconfig", we have an issue with the dependencies
for BOOTM_OPTEE. This symbol needs to select BOOTM_LINUX and in turn
depend on the library symbols that have to be enabled for BOOTM_LINUX to
be valid (LIB_BOOTI, LIB_BOOTM and LIB_BOOTZ).

Reviewed-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
lib: optee: forbid OP-TEE OS loading without adding OP-TEE OS reserved-memory nodes 2025-11-18T21:54:03+00:00 Quentin Schulz quentin.schulz@cherry.de 2025-11-11T11:52:34+00:00 1c13c9bbb54d979737d56544c5dcaec3ef0481d7 I've spent time trying to figure out why my board (Rockchip PX30-based) suddenly boot loops when running a specific program in Linux userspace after working on a U-Boot upgrade. I actually inadvertently had the TEE environment variable set for a device which doesn't actually need to run any TEE OS (so had OPTEE_LIB disabled). It is currently possible to build an image with an OP-TEE OS (via the TEE environment variable) without OPTEE_LIB. U-Boot will happily load the TEE OS and the next OS (e.g. the Linux kernel). This is an issue because on FDT-enabled devices, OP-TEE OS adds nodes to the reserved-memory FDT node for the memory regions it just reserved for itself. This updated FDT is then passed to U-Boot proper which should know better not to use memory from there. The actual issue is that without OPTEE_LIB and OF_LIBFDT enabled, U-Boot proper will not copy those nodes over to the next OS's FDT before starting it. This results in the next OS's (e.g. Linux kernel) to not be aware of reserved memory, incurring random crashes or device reboots when it tries to access secure reserved memory area. On Rockchip, the U-Boot FIT image which contains both the TEE OS and U-Boot proper is generated by binman. Unfortunately, binman doesn't seem to have access to Kconfig symbols (grep CONFIG_ doesn't return anything meaningful and binman is either configured through FDT nodes or via CLI arguments, c.f. cmd_binman in the root Makefile) so we cannot try to be smart and guide the user to the correct Kconfig option to select if TEE is set. We could add a property based on the presence of OPTEE_LIB in rockchip-u-boot.dtsi for example and have a custom message based on that, the issue is that I assume all FDT-based platforms do actually need to do this dance, and not only Rockchip. Another option could be to add a CLI argument to binman through which we would pass the state of OPTEE_LIB and error out the build in that case, but that feels like opening the door to other various dirty hacks. Another option is to propagate the TEE environment variable to the preprocessor of the FDT (via dtc_cpp_flags) and then we can do #if defined(TEE) && !IS_ENABLED(CONFIG_OPTEE_LIB) #error "CONFIG_OPTEE_LIB must be enabled!" #endif but we have the same issue as above, it is then Rockchip-specific and doesn't feel right to me. Yet another option is to remove the @tee-SEQ node from the binman FIT description when OPTEE_LIB isn't set but then we would lose the following nice message when no TEE is provided: Image 'simple-bin' is missing optional external blobs but is still functional: tee-os and even worse, build without any TEE OS even though we could provide one via the TEE environment variable. Finally, another option could be to move this hack under arch/arm/mach-rockchip/Kconfig to make it Rockchip-specific or add a depends on ARCH_ROCKCHIP. However OP-TEE OS on Aarch32 Rockchip boards doesn't actually need any of that if SPL_OPTEE_IMAGE is set because arch/arm/mach-rockchip/sdram.c then marks some hardcoded memory regions in RAM as holes in DRAM, which has the same effect as reserved memory regions I guess. I assume other platforms may use something different, so it may be casting too wide of a net. This commit is what I could come up with as a stopgap measure to avoid building images that simply cannot reliably work and fail randomly. Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> 
I've spent time trying to figure out why my board (Rockchip PX30-based)
suddenly boot loops when running a specific program in Linux userspace
after working on a U-Boot upgrade. I actually inadvertently had the TEE
environment variable set for a device which doesn't actually need to run
any TEE OS (so had OPTEE_LIB disabled).

It is currently possible to build an image with an OP-TEE OS (via the
TEE environment variable) without OPTEE_LIB. U-Boot will happily load
the TEE OS and the next OS (e.g. the Linux kernel).

This is an issue because on FDT-enabled devices, OP-TEE OS adds nodes to
the reserved-memory FDT node for the memory regions it just reserved for
itself. This updated FDT is then passed to U-Boot proper which should
know better not to use memory from there. The actual issue is that
without OPTEE_LIB and OF_LIBFDT enabled, U-Boot proper will not copy
those nodes over to the next OS's FDT before starting it. This results
in the next OS's (e.g. Linux kernel) to not be aware of reserved memory,
incurring random crashes or device reboots when it tries to access
secure reserved memory area.

On Rockchip, the U-Boot FIT image which contains both the TEE OS and
U-Boot proper is generated by binman. Unfortunately, binman doesn't seem
to have access to Kconfig symbols (grep CONFIG_ doesn't return anything
meaningful and binman is either configured through FDT nodes or via CLI
arguments, c.f. cmd_binman in the root Makefile) so we cannot try to be
smart and guide the user to the correct Kconfig option to select if TEE
is set. We could add a property based on the presence of OPTEE_LIB in
rockchip-u-boot.dtsi for example and have a custom message based on
that, the issue is that I assume all FDT-based platforms do actually
need to do this dance, and not only Rockchip.

Another option could be to add a CLI argument to binman through which
we would pass the state of OPTEE_LIB and error out the build in that
case, but that feels like opening the door to other various dirty hacks.

Another option is to propagate the TEE environment variable to the
preprocessor of the FDT (via dtc_cpp_flags) and then we can do

  #if defined(TEE) && !IS_ENABLED(CONFIG_OPTEE_LIB)
  #error "CONFIG_OPTEE_LIB must be enabled!"
  #endif

but we have the same issue as above, it is then Rockchip-specific and
doesn't feel right to me.

Yet another option is to remove the @tee-SEQ node from the binman FIT
description when OPTEE_LIB isn't set but then we would lose the
following nice message when no TEE is provided:

Image 'simple-bin' is missing optional external blobs but is still functional: tee-os

and even worse, build without any TEE OS even though we could provide
one via the TEE environment variable.

Finally, another option could be to move this hack under
arch/arm/mach-rockchip/Kconfig to make it Rockchip-specific or add a
depends on ARCH_ROCKCHIP. However OP-TEE OS on Aarch32 Rockchip boards
doesn't actually need any of that if SPL_OPTEE_IMAGE is set because
arch/arm/mach-rockchip/sdram.c then marks some hardcoded memory regions
in RAM as holes in DRAM, which has the same effect as reserved memory
regions I guess. I assume other platforms may use something different,
so it may be casting too wide of a net.

This commit is what I could come up with as a stopgap measure to avoid
building images that simply cannot reliably work and fail randomly.

Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
lib: optee: Add line ending to debug() outputs 2025-09-24T17:04:04+00:00 Jan Kiszka jan.kiszka@siemens.com 2025-09-15T13:41:46+00:00 7cae89bac47cd8e79c91034865e5a671334f73fd Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> 
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
lib: Remove <common.h> inclusion from these files 2023-12-21T13:54:37+00:00 Tom Rini trini@konsulko.com 2023-12-14T18:16:58+00:00 467382ca03758e4f3f13107e3a83669e93a7461e After some header file cleanups to add missing include files, remove common.h from all files in the lib directory. This primarily means just dropping the line but in a few cases we need to add in other header files now. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com> 
After some header file cleanups to add missing include files, remove
common.h from all files in the lib directory. This primarily means just
dropping the line but in a few cases we need to add in other header
files now.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Revert "arm: imx: mx7: Move CONFIG_OPTEE_TZDRAM_SIZE from lib/optee" 2023-08-28T19:59:22+00:00 Ricardo Salveti ricardo@foundries.io 2023-08-25T13:47:11+00:00 c91feda87ce33c81acc51cc4bf69d613c4fe89de This reverts commit c5b68ef8af3c2f515c1f5b8d63a69359a85d753b. CONFIG_OPTEE_TZDRAM_SIZE is used by imx6-based SoCs as well. Move the option back. Signed-off-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> 
This reverts commit c5b68ef8af3c2f515c1f5b8d63a69359a85d753b.

CONFIG_OPTEE_TZDRAM_SIZE is used by imx6-based SoCs as well. Move the
option back.

Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
fdtdec: Support reserved-memory flags 2021-10-13T21:18:30+00:00 Thierry Reding treding@nvidia.com 2021-09-03T13:16:21+00:00 b9aad375917d4ae0dec5aedcdfa79929e1dbb730 Reserved memory nodes can have additional flags. Support reading and writing these flags to ensure that reserved memory nodes can be properly parsed and emitted. This converts support for the existing "no-map" flag to avoid extending the argument list for fdtdec_add_reserved_memory() to excessive length. Signed-off-by: Thierry Reding <treding@nvidia.com> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Warren <twarren@nvidia.com> 
Reserved memory nodes can have additional flags. Support reading and
writing these flags to ensure that reserved memory nodes can be properly
parsed and emitted.

This converts support for the existing "no-map" flag to avoid extending
the argument list for fdtdec_add_reserved_memory() to excessive length.

Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Warren <twarren@nvidia.com>
fdtdec: Support compatible string list for reserved memory 2021-10-13T21:18:30+00:00 Thierry Reding treding@nvidia.com 2021-09-03T13:16:19+00:00 46cb067803bef50cb8a1334a56897d05b5f85e02 Reserved memory nodes can have a compatible string list to identify the type of reserved memory that they represent. Support specifying an optional compatible string list when creating these nodes. Signed-off-by: Thierry Reding <treding@nvidia.com> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Warren <twarren@nvidia.com> 
Reserved memory nodes can have a compatible string list to identify the
type of reserved memory that they represent. Support specifying an
optional compatible string list when creating these nodes.

Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Warren <twarren@nvidia.com>
arm: imx: mx7: Move CONFIG_OPTEE_TZDRAM_SIZE from lib/optee 2021-10-05T12:50:14+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-09-07T17:07:09+00:00 c5b68ef8af3c2f515c1f5b8d63a69359a85d753b This config is only used by three boards with this SOC. Most other platforms derive this information from devicetree, and are unlikely to ever need this config. Moreover, it is confusing when Kconfig asks for this value under "Support OPTEE images", but does not do anything with the value. Move it to imx7 for those boards who still make use of it. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> 
This config is only used by three boards with this SOC. Most other
platforms derive this information from devicetree, and are unlikely
to ever need this config.

Moreover, it is confusing when Kconfig asks for this value under
"Support OPTEE images", but does not do anything with the value.
Move it to imx7 for those boards who still make use of it.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
lib: optee: Remove CONFIG_OPTEE_LOAD_ADDR 2021-10-05T12:47:13+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-09-07T17:07:08+00:00 f6953047cb99d50cca0dc73740337b08fbdc1bf8 This value is not used by u-boot, and it should not. The load address of an OPTEE image is defined by said image. Either a uImage or a FIT will have a defined load address and entry point. Those values are the correct ones, not CONFIG_OPTEE_LOAD_ADDR. Commit f25006b96e9f ("optee: Add CONFIG_OPTEE_LOAD_ADDR") justifies this config by requiring its presence in u-boot's .config for other images as part of a larger build, claiming it is "the best way". This argument is not persuasive. U-boot's configuration is driven by platform requirements, not the other way around. It seems more likely that the argument is conflating tooling issues with Kconfig. Yocto and buildroot have excellent mechanisms for defining values across the board (pun intended). u-boot's Kconfig is the wrong place to do it. Furthermore, it is not "best" for u-boot because it hardcodes a value which is then not used. In fact the load address that u-boot uses is the one derived from the OPTEE image. Confused yet? I sure was. To prevent future confusion, remove CONFIG_OPTEE_LOAD_ADDR. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> 
This value is not used by u-boot, and it should not. The load address
of an OPTEE image is defined by said image. Either a uImage or a FIT
will have a defined load address and entry point. Those values are the
correct ones, not CONFIG_OPTEE_LOAD_ADDR.

Commit f25006b96e9f ("optee: Add CONFIG_OPTEE_LOAD_ADDR") justifies
this config by requiring its presence in u-boot's .config for other
images as part of a larger build, claiming it is "the best way".

This argument is not persuasive. U-boot's configuration is driven by
platform requirements, not the other way around. It seems more likely
that the argument is conflating tooling issues with Kconfig. Yocto and
buildroot have excellent mechanisms for defining values across the
board (pun intended). u-boot's Kconfig is the wrong place to do it.

Furthermore, it is not "best" for u-boot because it hardcodes a value
which is then not used. In fact the load address that u-boot uses is
the one derived from the OPTEE image.

Confused yet? I sure was. To prevent future confusion, remove
CONFIG_OPTEE_LOAD_ADDR.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
lib: optee: Remove CONFIG_OPTEE_TZDRAM_BASE 2021-10-05T12:46:56+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-09-07T17:07:07+00:00 1ab968b2fb1d63c49943450bfff14d18c0f54705 It is no longer used in u-boot. Information about the TZDRAM location is usually available in the devicetree as "/reserved-memory/" nodes. Because this isn't used, remove it. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> 
It is no longer used in u-boot. Information about the TZDRAM location
is usually available in the devicetree as "/reserved-memory/" nodes.
Because this isn't used, remove it.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>