Hi Shirin,
On Thu, 8 May 2025 at 00:17, shirin.karimi@chemelex.com wrote:
Hello, I have tried to use the official optee repository and adapt it for raspberry pi5 , but no luck yet getting it to work. Does anyone have suggestions , tips on how to make Optee work on rpi5 ?
Well, we did this, but it is not easy one. You can check out this Yocto layer: https://github.com/xen-troops/meta-xt-rpi5 . It has all that you need.
Basically, the biggest problem is loading OP-TEE into memory, as there is no BL2 on RPI5 and the original RPI loader can't do this for us. So we concatenate OP-TEE image to ARM-TF and load them together. As you can see here:
https://github.com/xen-troops/meta-xt-rpi5/blob/main/recipes-bsp/trusted-fir...
(and of course you need this patch for ARM TF: https://github.com/xen-troops/meta-xt-rpi5/blob/main/recipes-bsp/trusted-fir... )
Then you need to configure the RPI5 loader to use the resulting armstub8-2712.bin as an ARM STUB (this is RPI term), by putting it on your boot partition.
As for OP-TEE itself, you can find patch adds RPI5 support here: https://github.com/xen-troops/meta-xt-rpi5/blob/main/recipes-security/optee/...
If you want to use our yocto recipes, be aware that we will build OP-TEE with virtualization enabled. You may want to change an option here:
https://github.com/xen-troops/meta-xt-rpi5/blob/main/recipes-security/optee/...
We didn't upstreamed RPI5 support, because it is quite hacky and totally not secure. But it is okay for experiments.