Question about how optee_os is started

[hoihochan]

Hi,

I have a question on how is optee_os typically started.

I can see _start is the entry point for optee_os where it does all the initializations and sets up the secure monitor by writing to MVBAR. But ultimately who calls _start? Is it the bootloader, or somewhere in the Linux kernel?

Thanks
Donald

[jenswi-linaro]

It's the secure boot loader that calls _start. On ARMv8 platforms it's typically ARM Trusted Firmware. On the ARMv7 QEMU-virt platform it's the bios module https://github.com/linaro-swg/bios_qemu_tz_arm

[hoihochan]

Thanks! Just so I understand correctly....in https://github.com/linaro-swg/bios_qemu_tz_arm/blob/master/bios/entry.S

1. Prior to jumping to _start, we set up a stack since we are calling main_init_sec to find out the entry point
2. After we have the entry point and paged part (returned via r0 and r1), then a simple bl instruction would do
3. optee_os saves the address in lr during _start, and jumps back to lr inside secure monitor towards the end of execution as it executes smc #0.
4. If we call any C functions after jumping back to ns-world we need to set up the stack again.

Sounds right?

[jenswi-linaro]

Yes. This bios is actually a bad example of how to load OP-TEE in a secure way, it's mostly a hack (that has grown a bit) to get all required binaries into memory and provide an environment for OP-TEE to start in.

[hoihochan]

Thanks! Looking at figuring out how to run OP-TEE on NXP imx6...I guess I will need to investigate whether I will need to do #4 if u-boot executes optee_os.