--- /dev/null
+Board qemu_arm_vexpress_tz builds a QEMU ARMv7-A target system with
+OP-TEE running in the TrustZone secure world and a Linux based
+OS running in the non-secure world. The board configuration enables
+builds of the QEMU host ARM target emulator.
+
+ make qemu_arm_vexpress_tz_defconfig
+ make
+
+The BIOS used in the QEMU host is the ARM Trusted Firmware-A (TF-A). TF-A
+uses QEMU semihosting file access to access boot image files. The
+QEMU platform is quite specific for that in TF-A and one needs to
+run the emulation from the image directory for TF-A to boot the
+secure and non-secure worlds.
+
+ cd output/images && ../host/bin/qemu-system-arm \
+ -machine virt -machine secure=on -cpu cortex-a15 \
+ -smp 1 -s -m 1024 -d unimp \
+ -serial stdio \
+ -netdev user,id=vmnic -device virtio-net-device,netdev=vmnic \
+ -semihosting-config enable,target=native \
+ -bios bl1.bin
+
+The boot stage traces (if any) followed by the login prompt will appear
+in the terminal that started QEMU.
+
+If you want to emulate more cores, use "-smp {1|2|3|4}" to select the
+number of cores.
+
+Note: "-netdev user,id=vmnic -device virtio-net-device,netdev=vmnic"
+brings network support that is used i.e. in OP-TEE regression tests.
+
+Tested with QEMU 2.12.0, and 3.1.0.
+
+
+-- Boot Details --
+
+TF-A is used as QEMU BIOS. Its BL1 image boots and load its BL2 image. In turn,
+this image loads the OP-TEE secure world (ARMv7-A BL32 stage) and the U-boot as
+non-secure bootloader (BL33 stage).
+
+QEMU natively hosts and loads in RAM the QEMU ARM target device tree. OP-TEE
+reads and modifies its content according to OP-TEE configuration.
+
+Enable TF-A traces from LOG_LEVEL (I.e LOG_LEVEL=40) from
+BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES.
+
+
+-- OP-TEE Traces --
+
+Secure boot stages and/or secure runtime services may use a serial link for
+their traces.
+
+The ARM Trusted Firmware outputs its traces on the QEMU standard (first)
+serial interface.
+
+The OP-TEE OS uses the QEMU second serial interface.
+
+To get the OP-TEE OS traces, append a second -serial argument after
+-serial stdio in the QEMU command line. I.e, the following enables 2 serial
+consoles over telnet connections:
+
+ cd output/images && ../host/bin/qemu-system-arm \
+ -machine virt -machine secure=on -cpu cortex-a15 \
+ -smp 1 -s -m 1024 -d unimp \
+ -serial telnet:127.0.0.1:1235,server \
+ -serial telnet:127.0.0.1:1236,server \
+ -netdev user,id=vmnic -device virtio-net-device,netdev=vmnic \
+ -semihosting-config enable,target=native \
+ -bios bl1.bin
+
+QEMU is now waiting for the telnet connection. From another shell, open a
+telnet connection on the port for the U-boot and Linux consoles:
+
+ telnet 127.0.0.1 1235
+
+and again for the secure console
+
+ telnet 127.0.0.1 1236
+
+
+-- Using gdb --
+
+One can debug the OP-TEE secure world using GDB through the QEMU host.
+To do so, simply run the qemu-system-arm emulation, then run a GDB client
+and connect the QEMU internal GDB server.
+
+The example below assumes we run QEMU and the GDB client from the same
+host computer. We use option -S of qemu-system-arm to make QEMU
+waiting for the GDB continue instruction before booting the images.
+
+From a first shell:
+ cd output/images && ../host/bin/qemu-system-arm \
+ -machine virt -machine secure=on -cpu cortex-a15 \
+ -smp 1 -s -m 1024 -d unimp \
+ -serial stdio \
+ -netdev user,id=vmnic -device virtio-net-device,netdev=vmnic \
+ -semihosting-config enable,target=native \
+ -bios bl1.bin \
+ -S
+
+From a second shell:
+ ./output/host/bin/arm-linux-gnueabihf-gdb
+ GNU gdb (GNU Toolchain for the A-profile Architecture 8.2-2018-08 (arm-rel-8.23)) 8.1.1.20180704-git
+ Copyright (C) 2018 Free Software Foundation, Inc.
+ ...
+ For help, type "help".
+ Type "apropos word" to search for commands related to "word".
+ (gdb)
+
+From this GDB console, connect to the target, load the OP-TEE core symbols,
+set a breakpoint to its entry point (__text_start) and start emulation:
+
+ (gdb) target remote 127.0.0.1:1234
+ (gdb) symbol-file ../build/optee_os-<reference>/out/arm/core/tee.elf
+ (gdb) hbreak __text_start
+ Hardware assisted breakpoint 1 at 0xe100000: file core/arch/arm/kernel/generic_entry_a32.S, line 246.
+ (gdb) cont
+ Continuing.
+
+ Thread 1 hit Breakpoint 1, _start () at core/arch/arm/kernel/generic_entry_a32.S:246
+ 246 bootargs_entry
+ (gdb)
+
+
+Emulation has started, TF-A has loaded OP-TEE and U-boot images in memory and
+has booted OP-TEE. Emulation stopped at OP-TEE core entry.
+
+Note: QEMU hosts a GDB service listening to TCP port 1234, as set through
+qemu-system-arm command line option -s.
+
+Note: To build the GDB server, the following extra options have to be added to
+the Buildroot configuration:
+
+ BR2_ENABLE_DEBUG=y
+ BR2_PACKAGE_GDB=y
+ BR2_PACKAGE_HOST_GDB=y
+ BR2_TOOLCHAIN_BUILDROOT_CXX=y
+ BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
--- /dev/null
+# Architecture
+BR2_arm=y
+BR2_cortex_a15=y
+BR2_ARM_FPU_VFPV3D16=y
+
+# System
+BR2_TARGET_GENERIC_GETTY_PORT="ttyAMA0"
+BR2_ROOTFS_POST_BUILD_SCRIPT="board/qemu/arm-vexpress-tz/post-build.sh"
+
+# Filesystem
+BR2_TARGET_ROOTFS_CPIO=y
+BR2_TARGET_ROOTFS_CPIO_GZIP=y
+# BR2_TARGET_ROOTFS_TAR is not set
+
+# Linux 4.19 series
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
+BR2_LINUX_KERNEL=y
+BR2_LINUX_KERNEL_CUSTOM_VERSION=y
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
+BR2_LINUX_KERNEL_DEFCONFIG="vexpress"
+BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="board/qemu/arm-vexpress-tz/linux.fragment"
+BR2_LINUX_KERNEL_DTS_SUPPORT=y
+BR2_LINUX_KERNEL_INTREE_DTS_NAME="vexpress-v2p-ca15_a7"
+
+# TF-A for booting OP-TEE secure and uboot/linux non secure
+BR2_TARGET_ARM_TRUSTED_FIRMWARE=y
+BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION=y
+BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION_VALUE="v2.0"
+BR2_TARGET_ARM_TRUSTED_FIRMWARE_PLATFORM="qemu"
+BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_OPTEE=y
+BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33=y
+BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES="BL32_RAM_LOCATION=tdram"
+
+# OP-TEE components
+BR2_TARGET_OPTEE_OS=y
+BR2_TARGET_OPTEE_OS_PLATFORM="vexpress-qemu_virt"
+BR2_PACKAGE_OPTEE_BENCHMARK=y
+BR2_PACKAGE_OPTEE_EXAMPLES=y
+BR2_PACKAGE_OPTEE_TEST=y
+
+# U-boot for booting the dear Linux kernel
+BR2_TARGET_UBOOT=y
+BR2_TARGET_UBOOT_BUILD_SYSTEM_KCONFIG=y
+BR2_TARGET_UBOOT_CUSTOM_VERSION=y
+BR2_TARGET_UBOOT_CUSTOM_VERSION_VALUE="2019.01"
+BR2_TARGET_UBOOT_BOARD_DEFCONFIG="qemu_arm"
+BR2_TARGET_UBOOT_CONFIG_FRAGMENT_FILES="board/qemu/arm-vexpress-tz/u-boot.config"
+
+# host-qemu for gitlab testing
+BR2_PACKAGE_HOST_QEMU=y
+BR2_PACKAGE_HOST_QEMU_SYSTEM_MODE=y
projects / buildroot.git / commitdiff