d-two/operating-system
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
8aabf65bb7da5c347f9e4f8a2ce30baa0f3451d3
operating-system/buildroot/board/qemu/arm-vexpress-tz
History
Stefan Agner a0871be6c0 Bump buildroot to 2020.11-rc1 (#985) 
* Update buildroot-patches for 2020.11-rc1 buildroot

* Update buildroot to 2020.11-rc1

Signed-off-by: Stefan Agner <stefan@agner.ch>

* Don't rely on sfdisk --list-free output

The --list-free (-F) argument does not allow machine readable mode. And
it seems that the output format changes over time (different spacing,
using size postfixes instead of raw blocks).

Use sfdisk json output and calculate free partition space ourselfs. This
works for 2.35 and 2.36 and is more robust since we rely on output which
is meant for scripts to parse.

* Migrate defconfigs for Buildroot 2020.11-rc1

In particular, rename BR2_TARGET_UBOOT_BOOT_SCRIPT(_SOURCE) to
BR2_PACKAGE_HOST_UBOOT_TOOLS_BOOT_SCRIPT(_SOURCE).

* Rebase/remove systemd patches for systemd 246

* Drop apparmor/libapparmor from buildroot-external

* hassos-persists: use /run as directory for lockfiles

The U-Boot tools use /var/lock by default which is not created any more
by systemd by default (it is under tmpfiles legacy.conf, which we no
longer install).

* Disable systemd-update-done.service

The service is not suited for pure read-only systems. In particular the
service needs to be able to write a file in /etc and /var. Remove the
service. Note: This is a static service and cannot be removed using
systemd-preset.

* Disable apparmor.service for now

The service loads all default profiles. Some might actually cause
problems. E.g. the profile for ping seems not to match our setup for
/etc/resolv.conf:
[85503.634653] audit: type=1400 audit(1605286002.684:236): apparmor="DENIED" operation="open" profile="ping" name="/run/resolv.conf" pid=27585 comm="ping" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
2020-11-13 18:25:44 +01:00
..
linux.fragment
Update buildroot 2020.02.01 (#622)
2020-04-16 20:03:01 +02:00
post-build.sh
Update buildroot 2020.02.01 (#622)
2020-04-16 20:03:01 +02:00
readme.txt
Bump buildroot to 2020.11-rc1 (#985)
2020-11-13 18:25:44 +01:00
u-boot.config
Update buildroot 2020.02.01 (#622)
2020-04-16 20:03:01 +02:00

readme.txt 

Board qemu_arm_vexpress_tz builds a QEMU ARMv7-A target system with
OP-TEE running in the TrustZone secure world and a Linux based
OS running in the non-secure world. The board configuration enables
builds of the QEMU host ARM target emulator.

  make qemu_arm_vexpress_tz_defconfig
  make

The BIOS used in the QEMU host is the ARM Trusted Firmware-A (TF-A). TF-A
uses QEMU semihosting file access to access boot image files. The
QEMU platform is quite specific for that in TF-A and one needs to
run the emulation from the image directory for TF-A to boot the
secure and non-secure worlds.

  cd output/images && ../host/bin/qemu-system-arm \
	-machine virt -machine secure=on -cpu cortex-a15 \
	-smp 1 -s -m 1024 -d unimp \
	-serial stdio \
	-netdev user,id=vmnic -device virtio-net-device,netdev=vmnic \
	-semihosting-config enable,target=native \
	-bios bl1.bin

The boot stage traces (if any) followed by the login prompt will appear
in the terminal that started QEMU.

If you want to emulate more cores, use "-smp {1|2|3|4}" to select the
number of cores.

Note: "-netdev user,id=vmnic -device virtio-net-device,netdev=vmnic"
brings network support that is used i.e. in OP-TEE regression tests.


-- Boot Details --

TF-A is used as QEMU BIOS. Its BL1 image boots and load its BL2 image. In turn,
this image loads the OP-TEE secure world (ARMv7-A BL32 stage) and the U-boot as
non-secure bootloader (BL33 stage).

QEMU natively hosts and loads in RAM the QEMU ARM target device tree. OP-TEE
reads and modifies its content according to OP-TEE configuration.

Enable TF-A traces from LOG_LEVEL (I.e LOG_LEVEL=40) from
BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES.


-- OP-TEE Traces --

Secure boot stages and/or secure runtime services may use a serial link for
their traces.

The ARM Trusted Firmware outputs its traces on the QEMU standard (first)
serial interface.

The OP-TEE OS uses the QEMU second serial interface.

To get the OP-TEE OS traces, append a second -serial argument after
-serial stdio in the QEMU command line. I.e, the following enables 2 serial
consoles over telnet connections:

  cd output/images && ../host/bin/qemu-system-arm \
	-machine virt -machine secure=on -cpu cortex-a15 \
	-smp 1 -s -m 1024 -d unimp \
	-serial telnet:127.0.0.1:1235,server \
	-serial telnet:127.0.0.1:1236,server \
	-netdev user,id=vmnic -device virtio-net-device,netdev=vmnic \
	-semihosting-config enable,target=native \
	-bios bl1.bin

QEMU is now waiting for the telnet connection. From another shell, open a
telnet connection on the port for the U-boot and Linux consoles:

  telnet 127.0.0.1 1235

and again for the secure console

  telnet 127.0.0.1 1236


-- Using gdb --

One can debug the OP-TEE secure world using GDB through the QEMU host.
To do so, simply run the qemu-system-arm emulation, then run a GDB client
and connect the QEMU internal GDB server.

The example below assumes we run QEMU and the GDB client from the same
host computer. We use option -S of qemu-system-arm to make QEMU
waiting for the GDB continue instruction before booting the images.

From a first shell:
  cd output/images && ../host/bin/qemu-system-arm \
	-machine virt -machine secure=on -cpu cortex-a15 \
	-smp 1 -s -m 1024 -d unimp \
	-serial stdio \
	-netdev user,id=vmnic -device virtio-net-device,netdev=vmnic \
	-semihosting-config enable,target=native \
	-bios bl1.bin \
	-S

From a second shell:
  ./output/host/bin/arm-linux-gdb
  GNU gdb (GNU Toolchain for the A-profile Architecture 8.2-2018-08 (arm-rel-8.23)) 8.1.1.20180704-git
  Copyright (C) 2018 Free Software Foundation, Inc.
  ...
  For help, type "help".
  Type "apropos word" to search for commands related to "word".
  (gdb)

From this GDB console, connect to the target, load the OP-TEE core symbols,
set a breakpoint to its entry point (__text_start) and start emulation:

  (gdb) target remote 127.0.0.1:1234
  (gdb) symbol-file ./output/build/optee-os-<reference>/out/arm/core/tee.elf
  (gdb) hbreak __text_start
  Hardware assisted breakpoint 1 at 0xe100000: file core/arch/arm/kernel/generic_entry_a32.S, line 246.
  (gdb) cont
  Continuing.

  Thread 1 hit Breakpoint 1, _start () at core/arch/arm/kernel/generic_entry_a32.S:246
  246		bootargs_entry
  (gdb)


Emulation has started, TF-A has loaded OP-TEE and U-boot images in memory and
has booted OP-TEE. Emulation stopped at OP-TEE core entry.

Note: QEMU hosts a GDB service listening to TCP port 1234, as set through
qemu-system-arm command line option -s.

Note: To build the GDB server, the following extra options have to be added to
the Buildroot configuration:

    BR2_ENABLE_DEBUG=y
    BR2_PACKAGE_GDB=y
    BR2_PACKAGE_HOST_GDB=y
    BR2_TOOLCHAIN_BUILDROOT_CXX=y
    BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
Reference in New Issue View Git Blame Copy Permalink