docker: add OP-TEE and TF-A build for testing Firmware Handoff

Fetch OP-TEE (4.7.0), TF-A (v2.13.0), MbedTLS (v3.6) and build
bl1 and fip with both Firmware Handoff and Measured Boot enabled.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

diff --git a/tools/docker/Dockerfile b/tools/docker/Dockerfile
index 5b4c75f840055ea2da27eea0df8104af44d71df1..a952df863729b67a61bb9398c2200d623f69f730 100644 (file)
--- a/tools/docker/Dockerfile
+++ b/tools/docker/Dockerfile
@@ -122,8 +122,10 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
        python-is-python3 \
        python2.7 \
        python3 \
+       python3-cryptography \
        python3-dev \
        python3-pip \
+       python3-pyelftools \
        python3-sphinx \
        python3-tomli \
        python3-venv \
@@ -227,10 +229,24 @@ RUN git clone https://gitlab.com/qemu-project/qemu.git /tmp/qemu && \
        make -j$(nproc) all install && \
        rm -rf /tmp/qemu
 
-# Build fiptool
-RUN git clone https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git /tmp/tf-a && \
+# Build OP-TEE for qemu_arm64
+RUN git clone --depth=1 https://github.com/OP-TEE/optee_os.git /tmp/optee_os \
+       -b 4.7.0 && \
+       cd /tmp/optee_os/ && \
+       make CROSS_COMPILE32=/opt/gcc-${TCVER}-nolibc/arm-linux-gnueabi/bin/arm-linux-gnueabi- \
+               CROSS_COMPILE64=/opt/gcc-${TCVER}-nolibc/aarch64-linux/bin/aarch64-linux- \
+               CFG_TRANSFER_LIST=y CFG_MAP_EXT_DT_SECURE=y \
+               PLATFORM=vexpress-qemu_armv8a CFG_RPMB_FS=y \
+               CFG_RPMB_WRITE_KEY=y CFG_RPMB_TESTKEY=y \
+               CFG_CORE_HEAP_SIZE=524288 \
+               CFG_REE_FS=n CFG_CORE_ARM64_PA_BITS=48  \
+               CFG_TEE_CORE_LOG_LEVEL=2
+
+# Build fiptool, bl1 and fip for fvp and qemu_arm64
+RUN git clone --depth=1 -b mbedtls-3.6 https://github.com/ARMmbed/mbedtls.git /tmp/mbedtls
+RUN git clone --depth=1 https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git /tmp/tf-a \
+       -b v2.13.0 && \
        cd /tmp/tf-a/ && \
-       git checkout v2.12.0 && \
        make CROSS_COMPILE=/opt/gcc-${TCVER}-nolibc/aarch64-linux/bin/aarch64-linux- \
                PLAT=fvp BL33=/dev/null -j$(nproc) all fip && \
        mkdir -p /usr/local/bin /opt/tf-a/vexpress_fvp && \
@@ -243,6 +259,24 @@ RUN git clone https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git /tmp/t
        mkdir -p /opt/tf-a/vexpress_fvp_bloblist && \
        cp build/fvp/release/fip.bin build/fvp/release/bl1.bin \
                /opt/tf-a/vexpress_fvp_bloblist/ && \
+       make CROSS_COMPILE=/opt/gcc-${TCVER}-nolibc/aarch64-linux/bin/aarch64-linux- \
+               PLAT=qemu \
+               BL33=/dev/null \
+               BL32=/tmp/optee_os/out/arm-plat-vexpress/core/tee-header_v2.bin \
+               BL32_EXTRA1=/tmp/optee_os/out/arm-plat-vexpress/core/tee-pager_v2.bin \
+               BL32_EXTRA2=/tmp/optee_os/out/arm-plat-vexpress/core/tee-pageable_v2.bin \
+               BL32_RAM_LOCATION=tdram SPD=opteed \
+               TRANSFER_LIST=1 E=0 \
+               MEASURED_BOOT=1 \
+               EVENT_LOG_LEVEL=10 \
+               MBOOT_EL_HASH_ALG=sha256 \
+               MBEDTLS_DIR=/tmp/mbedtls \
+               -j$(nproc) all fip && \
+       mkdir -p /opt/tf-a/qemu_arm64_fw_handoff_tfa_optee && \
+       cp build/qemu/release/fip.bin build/qemu/release/bl1.bin \
+               /opt/tf-a/qemu_arm64_fw_handoff_tfa_optee/ && \
+       rm -rf /tmp/optee_os && \
+       rm -rf /tmp/mbedtls && \
        rm -rf /tmp/tf-a
 
 # Download the Arm Architecture FVP platform. This file is double compressed.