config: default SO3 boot chain to bare U-Boot (no ATF/OP-TEE)#259
Merged
Conversation
The SO3 standalone default on virt64 was left at IB_BOOT_CHAIN = "full", which pulled ATF + OP-TEE + AVZ into the boot chain and assembled a secure- world flash0.img — appropriate for the e1c capsule model but not for the plain SO3-at-EL1 default. The inline documentation already describes the empty value as the SO3 default and prescribes a weak assignment so a capsule layer can override it. Set IB_BOOT_CHAIN ?= "" so the default build is bare U-Boot (no ATF, no OP-TEE, no AVZ) and a downstream capsule layer can still select "full". Verified: a clean bsp-so3 build now produces a 42-task graph with no atf/optee/avz tasks and no flash0.img; st.sh loads U-Boot via -kernel at EL1.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The SO3 standalone default on
virt64was set toIB_BOOT_CHAIN = "full", which pulled ATF + OP-TEE + AVZ into the boot chain and assembled a secure-worldflash0.img. That is appropriate for the e1c capsule model, but not for the plain SO3-at-EL1 default — and it contradicted the inline documentation inbuild/conf/local.conf, which already describes the empty value as the SO3 default and prescribes a weak assignment so a capsule layer can override it.This sets:
so the default build is bare U-Boot (no ATF, no OP-TEE, no AVZ), while a downstream capsule layer can still select
"full".Why
bsp.bbclassonly wiresatf/optee/avzdependencies intodo_build/do_deploy_boot_chainwhenIB_BOOT_CHAINisatf+uboot/full. With"", none are pulled.?=(weak) form matches the documented intent: the e1c capsule layer overrides it to"full".Verification
bsp-so3build: 42-task graph, all succeeded, zeroatf/optee/avztasks, noflash0.imgproduced.st.sh): bare U-Boot 2022.04 loaded via-kernelat EL1 → SO3 FIT image → kernel → userspace: