imx53 trustzone boot problem

Martin Stein martin.stein at ...1...
Wed Mar 11 15:10:09 CET 2015

Hi Ofer,

On 10.03.2015 11:19, Ofer Hasson wrote:
> Hello,
> I'm trying to boot genode on the secure world and linux on normal
> world of the iMX53-QSB board (freescale).
> The problem I'm encountering is:
> [init -> tz_vmm] Start virtual machine ...
> and then various errors, either it hangs, or
> undefined instruction, or
> Pagefault in core thread (pager_activation): ip=70055228 fault=20ef8904
> failed to communicate thread event
> My steps leading to this:
> Downloaded
> and cloned
> git checkout imx53-tz
> Kernel compile:
> using
> make CROSS_COMPILE=/opt/codesourcery/bin/arm-none-linux-gnueabi-
> ARCH=arm imx5_android_tz_defconfig
> make CROSS_COMPILE=/opt/codesourcery/bin/arm-none-linux-gnueabi-
> ARCH=arm uImage
> copied the initrd and uImage into the micro sd card, changed the name
> of uImage into linux

This looks like a misconception to me. Regarding the uImage: You don't
have to copy it to the SD card. It must be merged into Genodes single
boot-image. This is done by the 'tz_vmm' run-script automatically. But
the vanilla run script is configured to download and use our mainline
image. So, you have to provide your image to the run script and prevent
the run script from assuming that our mainline image is in use.
Hence, do the following:

cp $LINUX_BUILD_DIR/*/uImage $GENODE_BUILD_DIR/bin/linux
# open $GENODE_DIR/repos/os/run/ for editing
# comment out "exec >& /dev/null wget -O bin/linux.md5 $linux_uri.md5"
# comment out "exec md5sum -c linux.md5"
# open etc/build.conf make sure that RUN_OPT is
# set to "--include boot_dir/hw --include image/uboot"
make run/tz_vmm
cp var/run/tz_vmm/uImage $SD_CARD_MNT

Now you're using your own Linux with our mainline Initrd. The "comment
out" stuff ensures that the tz_vmm script doesn't check your Linux
against our Linux MD5-checksum. If you want to use your own Initrd,
before doing 'make', additionally do:

cp initrd.gz $GENODE_BUILD_DIR/bin/initrd.gz
# open $GENODE_DIR/repos/os/run/ for editing
# comment out "exec >& /dev/null wget -O bin/initrd.gz.md5 $init_uri.md5"
# comment out "exec md5sum -c initrd.gz.md5"

> I cloned
> working on the master branch, current commit hash: 54ef87c
> Created build directory:
> tool/create_builddir hw_imx53_qsb_tz BUILD_DIR=hw_imx53_qsb_tz
> I added "SPECS += trustzone" to etc/specs.conf in the build directory

You don't have to add this to the specs.conf as it is added
automatically by '$GENODE_DIR/repos/base-hw/mk/'
which gets included because 'hw_imx53_qsb_tz' spec is set.

> Compiled:
> make run/tz_vmm
> Created u-boot image:
> /opt/gcc-linaro-arm-none-eabi-4.9-2014.09_linux/bin/arm-none-eabi-objcopy
> -O binary var/run/tz_vmm/image.elf var/run/tz_vmm/image.bin
> mkimage -A arm -O linux -T kernel -C none -a 0x70010000 -e 0x70010000
> -d var/run/tz_vmm/image.bin var/run/tz_vmm/uImage

Creating a uImage is done automatically on 'make run/tz_vmm' if you have
the '--include image/uboot' in your 'RUN_OPT' in 'etc/build.conf' as I
mentioned above. The uImage can then be found in

Please have a try on that and let me know the results. If you have
further questions, don't hesitate to ask.


More information about the users mailing list