- NXP Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- Vigiles
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
-
- Home
- :
- i.MX Forums
- :
- i.MX Solutions
- :
- Issues running a Yocto SystemReady image on MCIMX8M-EVK
Issues running a Yocto SystemReady image on MCIMX8M-EVK
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tried booting a Yocto SystemReady image with the standard binary firmware images from NXP, like LF_v5.15.71_2.2.0_boot_IMX8MEVK(SystemReady-IR certified):imx-boot-imx8mqevk-sd.bin-flash_evk, LF_v5.15.71-2.2.0_images_IMX8MQEVK:imx-boot-imx8mqevk-sd.bin-flash_evk. Firmware is loaded on eMMC, the image is on an SD card. This image boots on other SystemReady systems.
I get the following:
mmc1 is current device
Scanning mmc 1:1...
52632 bytes read in 2 ms (25.1 MiB/s)
Scanning disk mmc@30b40000.blk...
Scanning disk mmc@30b50000.blk...
Found 5 disks
optee optee: OP-TEE api uid mismatch
Unable to open OP-TEE session (err=-19)
mm_communicate failed!
Error: Cannot initialize UEFI sub-system, r = 3
Found EFI removable media binary efi/boot/bootaa64.efi
114977 bytes read in 3 ms (36.5 MiB/s)
Error: Cannot initialize UEFI sub-system, r = 3
EFI LOAD FAILED: continuing...
So, after fighting for a while building my own firmware image (the documentation on this is a mess), I got the same error.
I traced it down to the fact that uboot in the standard images is build with OPTEE support, but OPTEE is not part of the standard images that are built. Specifically, the efiboot command calls efi_init_variables(), which if OPTEE is enabled tries to get the EFI variables from OPTEE, which obviously fails. So it's nothing to do with the image
Turning off OPTEE in u-boot allowed me to boot the SystemReady image. I didn't try to build OPTEE, I would have to fight some more because of vague and lacking instructions.
I assume I'm doing everything right, but if I'm not, well, I guess I'm asking someone to point out my error :-).
Can we get standard images that are SystemReady operational? And test releases for it? I can supply Yocto image builds or instructions if necessary. You can build them from https://github.com/MontaVista-OpenSourceTechnology/opencgx-armsr too.
Thanks,
-corey
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a working version of all this with optee enabled, including getting the optee examples working, at https://github.com/MontaVista-OpenSourceTechnology/imx-systemready-firmware
Trusted boot it not in it yet, I'm trying to figure out how to make that work.
Hopefully this will help people trying to do the same thing.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It was trying to fetch EFI variables from OPTEE, but there's no memory set up for this. Turning off CONFIG_EFI_MM_COMM_TEE allowed me to boot. But I probably need to figure out how to set up the secure memory. But there's no trusted application for this with the default. But I'm booting and OPTEE appears to be working.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was able to figure this out. I needed to add SPD=opteed to the imx-atf build to make it start up optee. Then it crashed at boot.
That was because, inexplicably, the tee binary to use with mkimage is tee-raw.bin, not tee.bin.
So now optee starts up ok, it appears. Now I'm getting:
u-boot=> run bootcmd_mmc1
switch to partitions #0, OK
mmc1 is current device
Scanning mmc 1:1...
E/LD: init_elf:486 sys_open_ta_bin(ed32d533-99e6-4209-9cc0-2d72cdd998a7)
E/TC:? 0 ldelf_init_with_ldelf:131 ldelf failed with res: 0xffff0009
Unable to open OP-TEE session (err=-5)
mm_communicate failed!
Error: Cannot initialize UEFI sub-system, r = 3
Found EFI removable media binary efi/boot/bootaa64.efi
114977 bytes read in 4 ms (27.4 MiB/s)
Error: Cannot initialize UEFI sub-system, r = 3
I'm trying to figure out the ldelf thing. FFFF0009 is TEE_ERROR_NOT_IMPLEMENTED.
In uboot I have RPMB enabled. There is something about a secure key on the eMMC controller. I tried enabling CFG_RPMB_WRITE_KEY=y when building imx-optee-op, but that didn't help.
I'm not sure what it's trying to load into optee. There's nothing on the SD card that looks loadable.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
One more thing. Ethernet wasn't working, at least on a 5.10 kernel. It acted like it was transmitting and receiving packets, but no packets when out. I traced it down to a change in uboot-imx:
a604b67b87 arm: dts: imx8mq-evk: add phy-reset-gpios for fec1
If I remove that, ethernet works fine.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Newer versions of the firmware have a fix for this in the dts file.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Update on this. I built and image with OPTEE and enabled OPTEE in u-boot, but it still didn't work. So the standard builds may have OPTEE built in them, but it doesn't appear to be working correctly with u-boot.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a working version of all this with optee enabled, including getting the optee examples working, at https://github.com/MontaVista-OpenSourceTechnology/imx-systemready-firmware
Trusted boot it not in it yet, I'm trying to figure out how to make that work.
Hopefully this will help people trying to do the same thing.
