1.26. OP-TEE

Barebox is able to start the Open Portable Trusted Execution Environment (OP-TEE) either before starting the linux kernel or during lowlevel board initialization in the Pre Bootloader PBL.

1.26.1. Before Linux start

Enable the CONFIG_BOOTM_OPTEE configuration variable and configure the CONFIG_OPTEE_SIZE variable. This will reserve a memory area at the end of memory for OP-TEE to run, usually Barebox would relocate itself there. To load OP-TEE before the kernel is started, configure the global bootm.tee variable to point to a valid OPTEE v1 binary.

1.26.2. During the PBL

To start OP-TEE during the lowlevel initialization of your board in the PBL, enable the CONFIG_PBL_OPTEE configuration variable. your board should then call the function start_optee_early(void* tee, void* fdt) with a valid tee and FDT. Ensure that your OP-TEE is compiled with CFG_NS_ENTRY_ADDR unset, otherwise OP-TEE will not correctly return to barebox after startup. Since OP-TEE in the default configuration also modifies the device tree, don’t pass the barebox internal device tree, instead copy it into a different memory location and pass it to OP-TEE afterwards. The modified device tree can then be passed to the main barebox start function.