Thank you for the quick response. I only want to make Optee work on rpi5, So I followed this https://github.com/xen-troops/meta-xt-rpi5/blob/main/recipes-security/optee/... and added the plat-rpi5 directory and the required files to optee_os. Is there anything else that I should do ? I was not able to quite understand what those other files are for ? like optee-machine.inc , or optee-machine.inc ? Could you elaborate more on those .
Thanks
-----Original Message----- From: Volodymyr Babchuk vlad.babchuk@gmail.com Sent: Wednesday, May 7, 2025 4:30 PM To: Karimi, Shirin Shirin.Karimi@chemelex.com Cc: tee-dev@lists.linaro.org Subject: Re: [Tee-dev] optee support for rpi5
[You don't often get email from vlad.babchuk@gmail.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
Hi Shirin,
On Thu, 8 May 2025 at 00:17, shirin.karimi@chemelex.com wrote:
Hello, I have tried to use the official optee repository and adapt it for raspberry pi5 , but no luck yet getting it to work. Does anyone have suggestions , tips on how to make Optee work on rpi5 ?
Well, we did this, but it is not easy one. You can check out this Yocto layer: https://github.com/xen-troops/meta-xt-rpi5 . It has all that you need.
Basically, the biggest problem is loading OP-TEE into memory, as there is no BL2 on RPI5 and the original RPI loader can't do this for us. So we concatenate OP-TEE image to ARM-TF and load them together. As you can see here:
https://github.com/xen-troops/meta-xt-rpi5/blob/main/recipes-bsp/trusted-fir...
(and of course you need this patch for ARM TF: https://github.com/xen-troops/meta-xt-rpi5/blob/main/recipes-bsp/trusted-fir... )
Then you need to configure the RPI5 loader to use the resulting armstub8-2712.bin as an ARM STUB (this is RPI term), by putting it on your boot partition.
As for OP-TEE itself, you can find patch adds RPI5 support here: https://github.com/xen-troops/meta-xt-rpi5/blob/main/recipes-security/optee/...
If you want to use our yocto recipes, be aware that we will build OP-TEE with virtualization enabled. You may want to change an option here:
https://github.com/xen-troops/meta-xt-rpi5/blob/main/recipes-security/optee/...
We didn't upstreamed RPI5 support, because it is quite hacky and totally not secure. But it is okay for experiments.
-- WBR Volodymyr Babchuk aka lorc [+380976646013] mailto: vlad.babchuk@gmail.com