The following log outputs show the initialization on the Raspberry Pi 4. You can see how control passes from the ARM Trusted Firmware to the OP-TEE OS and back again.

VERBOSE: rpi4: copy optee-os image (512000 bytes) from 0x20000 to 0x10100000
VERBOSE: rpi4: optee-os entry: 0x10100000
VERBOSE: rpi4: dtb: 0x2eff2f00
VERBOSE: rpi4: kernel entry: 0
VERBOSE: rpi4: Preparing to boot 64-bit Linux kernel
VERBOSE: Trusted SRAM seen by this BL image: 0x1000 - 0x1a000
VERBOSE: Code region: 0x1000 - 0xd000
VERBOSE: Read-only data region: 0xd000 - 0xf000
VERBOSE: Coherent region: 0x19000 - 0x1a000
mmap:
 VA:0x0  PA:0x0  size:0x1000  attr:0x9  granularity:0x40000000
 VA:0x1000  PA:0x1000  size:0xc000  attr:0x2  granularity:0x40000000
 VA:0xd000  PA:0xd000  size:0x2000  attr:0x42  granularity:0x40000000
 VA:0x19000  PA:0x19000  size:0x1000  attr:0x8  granularity:0x40000000
 VA:0x1000  PA:0x1000  size:0x19000  attr:0xa  granularity:0x40000000
 VA:0x2ee00000  PA:0x2ee00000  size:0x400000  attr:0x1a  granularity:0x40000000
 VA:0xfc000000  PA:0xfc000000  size:0x4000000  attr:0x8  granularity:0x40000000

VERBOSE: Translation tables state:
VERBOSE:   Xlat regime:     EL3
VERBOSE:   Max allowed PA:  0xffffffff
VERBOSE:   Max allowed VA:  0xffffffff
VERBOSE:   Max mapped PA:   0xffffffff
VERBOSE:   Max mapped VA:   0xffffffff
VERBOSE:   Initial lookup level: 1
VERBOSE:   Entries @initial lookup level: 4
VERBOSE:   Used 3 sub-tables out of 4 (spare: 1)
  [LV1] VA:0x0 size:0x40000000
    [LV2] VA:0x0 size:0x200000
      [LV3] VA:0x0 PA:0x0 size:0x1000 NC-RW-XN-S
      [LV3] VA:0x1000 PA:0x1000 size:0x1000 MEM-RO-EXEC-S
      [LV3] VA:0x2000 PA:0x2000 size:0x1000 MEM-RO-EXEC-S
      [LV3] VA:0x3000 PA:0x3000 size:0x1000 MEM-RO-EXEC-S
      [LV3] VA:0x4000 PA:0x4000 size:0x1000 MEM-RO-EXEC-S
      [LV3] VA:0x5000 PA:0x5000 size:0x1000 MEM-RO-EXEC-S
      [LV3] VA:0x6000 PA:0x6000 size:0x1000 MEM-RO-EXEC-S
      [LV3] VA:0x7000 PA:0x7000 size:0x1000 MEM-RO-EXEC-S
      [LV3] VA:0x8000 PA:0x8000 size:0x1000 MEM-RO-EXEC-S
      [LV3] VA:0x9000 PA:0x9000 size:0x1000 MEM-RO-EXEC-S
      [LV3] VA:0xa000 PA:0xa000 size:0x1000 MEM-RO-EXEC-S
      [LV3] VA:0xb000 PA:0xb000 size:0x1000 MEM-RO-EXEC-S
      [LV3] VA:0xc000 PA:0xc000 size:0x1000 MEM-RO-EXEC-S
      [LV3] VA:0xd000 PA:0xd000 size:0x1000 MEM-RO-XN-S
      [LV3] VA:0xe000 PA:0xe000 size:0x1000 MEM-RO-XN-S
      [LV3] VA:0xf000 PA:0xf000 size:0x1000 MEM-RW-XN-S
      [LV3] VA:0x10000 PA:0x10000 size:0x1000 MEM-RW-XN-S
      [LV3] VA:0x11000 PA:0x11000 size:0x1000 MEM-RW-XN-S
      [LV3] VA:0x12000 PA:0x12000 size:0x1000 MEM-RW-XN-S
      [LV3] VA:0x13000 PA:0x13000 size:0x1000 MEM-RW-XN-S
      [LV3] VA:0x14000 PA:0x14000 size:0x1000 MEM-RW-XN-S
      [LV3] VA:0x15000 PA:0x15000 size:0x1000 MEM-RW-XN-S
      [LV3] VA:0x16000 PA:0x16000 size:0x1000 MEM-RW-XN-S
      [LV3] VA:0x17000 PA:0x17000 size:0x1000 MEM-RW-XN-S
      [LV3] VA:0x18000 PA:0x18000 size:0x1000 MEM-RW-XN-S
      [LV3] VA:0x19000 PA:0x19000 size:0x1000 DEV-RW-XN-S
      [LV3] VA:0x1a000 size:0x1000
      [LV3] (485 invalid descriptors omitted)
    [LV2] VA:0x200000 size:0x200000
    [LV2] (373 invalid descriptors omitted)
    [LV2] VA:0x2ee00000 PA:0x2ee00000 size:0x200000 MEM-RW-XN-NS
    [LV2] VA:0x2f000000 PA:0x2f000000 size:0x200000 MEM-RW-XN-NS
    [LV2] VA:0x2f200000 size:0x200000
    [LV2] (134 invalid descriptors omitted)
  [LV1] VA:0x40000000 size:0x40000000
  [LV1] (1 invalid descriptors omitted)
  [LV1] VA:0xc0000000 size:0x40000000
    [LV2] VA:0xc0000000 size:0x200000
    [LV2] (479 invalid descriptors omitted)
    [LV2] VA:0xfc000000 PA:0xfc000000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xfc200000 PA:0xfc200000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xfc400000 PA:0xfc400000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xfc600000 PA:0xfc600000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xfc800000 PA:0xfc800000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xfca00000 PA:0xfca00000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xfcc00000 PA:0xfcc00000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xfce00000 PA:0xfce00000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xfd000000 PA:0xfd000000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xfd200000 PA:0xfd200000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xfd400000 PA:0xfd400000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xfd600000 PA:0xfd600000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xfd800000 PA:0xfd800000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xfda00000 PA:0xfda00000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xfdc00000 PA:0xfdc00000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xfde00000 PA:0xfde00000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xfe000000 PA:0xfe000000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xfe200000 PA:0xfe200000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xfe400000 PA:0xfe400000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xfe600000 PA:0xfe600000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xfe800000 PA:0xfe800000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xfea00000 PA:0xfea00000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xfec00000 PA:0xfec00000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xfee00000 PA:0xfee00000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xff000000 PA:0xff000000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xff200000 PA:0xff200000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xff400000 PA:0xff400000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xff600000 PA:0xff600000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xff800000 PA:0xff800000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xffa00000 PA:0xffa00000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xffc00000 PA:0xffc00000 size:0x200000 DEV-RW-XN-S
    [LV2] VA:0xffe00000 PA:0xffe00000 size:0x200000 DEV-RW-XN-S
NOTICE:  BL31: v2.8(debug):3d2da6f5d-dirty
NOTICE:  BL31: Built : 18:00:25, Mar  6 2023
INFO:    Changed device tree to advertise PSCI.
INFO:    ARM GICv2 driver initialized
INFO:    BL31: Initializing runtime services
INFO:    BL31: cortex_a72: CPU workaround for 859971 was applied
WARNING: BL31: cortex_a72: CPU workaround for 1319367 was missing!
INFO:    BL31: cortex_a72: CPU workaround for cve_2017_5715 was applied
INFO:    BL31: cortex_a72: CPU workaround for cve_2018_3639 was applied
INFO:    BL31: cortex_a72: CPU workaround for cve_2022_23960 was applied
INFO:    BL31: Initializing BL32
D/TC:0   console_init:48 done
D/TC:0   get_aslr_seed:1566 Cannot find /secure-chosen
D/TC:0   plat_get_aslr_seed:114 Warning: no ASLR seed
D/TC:0   add_phys_mem:635 ROUNDDOWN(0xfe215040, CORE_MMU_PGDIR_SIZE) type IO_NSEC 0xfe200000 size 0x00200000
D/TC:0   add_phys_mem:635 TEE_SHMEM_START type NSEC_SHM 0x08000000 size 0x00400000
D/TC:0   add_phys_mem:635 TA_RAM_START type TA_RAM 0x10800000 size 0x00800000
D/TC:0   add_phys_mem:635 VCORE_UNPG_RW_PA type TEE_RAM_RW 0x10166000 size 0x0069a000
D/TC:0   add_phys_mem:635 VCORE_UNPG_RX_PA type TEE_RAM_RX 0x10100000 size 0x00066000
D/TC:0   add_va_space:675 type RES_VASPACE size 0x00a00000
D/TC:0   add_va_space:675 type SHM_VASPACE size 0x02000000
D/TC:0   dump_mmap_table:800 type SHM_VASPACE  va 0x00000000..0x01ffffff pa 0x00000000..0x01ffffff size 0x02000000 (pgdir)
D/TC:0   dump_mmap_table:800 type RES_VASPACE  va 0x00000000..0x009fffff pa 0x00000000..0x009fffff size 0x00a00000 (pgdir)
D/TC:0   dump_mmap_table:800 type NSEC_SHM     va 0x08000000..0x083fffff pa 0x08000000..0x083fffff size 0x00400000 (pgdir)
D/TC:0   dump_mmap_table:800 type TEE_RAM_RX   va 0x10100000..0x10165fff pa 0x10100000..0x10165fff size 0x00066000 (smallpg)
D/TC:0   dump_mmap_table:800 type TEE_RAM_RW   va 0x10166000..0x107fffff pa 0x10166000..0x107fffff size 0x0069a000 (smallpg)
D/TC:0   dump_mmap_table:800 type TA_RAM       va 0x10800000..0x10ffffff pa 0x10800000..0x10ffffff size 0x00800000 (pgdir)
D/TC:0   dump_mmap_table:800 type IO_NSEC      va 0xfe200000..0xfe3fffff pa 0xfe200000..0xfe3fffff size 0x00200000 (pgdir)
D/TC:0   core_mmu_xlat_table_alloc:526 xlat tables used 1 / 8
D/TC:0   core_mmu_xlat_table_alloc:526 xlat tables used 2 / 8
D/TC:0   core_mmu_xlat_table_alloc:526 xlat tables used 3 / 8
F/TC:0   checkpoint:54 .
D/TC:0   console_init:48 done
F/TC:0   checkpoint1:58 checkpoint 1
F/TC:0 0 init_primary:1369 .
F/TC:0 0 init_runtime:613 .
F/TC:0 0 gen_malloc_add_pool:876 .
F/TC:0 0 gen_malloc_add_pool:878 .
F/TC:0 0 gen_malloc_add_pool:881 .
F/TC:0 0 gen_malloc_add_pool:883 .
F/TC:0 0 init_runtime:615 .
I/TC: 
F/TC:0 0 init_primary:1371 .
D/TC:0 0 select_vector_wa_spectre_v2:624 SMCCC_ARCH_WORKAROUND_1 (0x80008000) available
D/TC:0 0 select_vector_wa_spectre_v2:626 SMC Workaround for CVE-2017-5715 used
F/TC:0 0 checkpoint2:62 checkpoint 2
I/TC: Non-secure external DT found
I/TC: OP-TEE version: 706768be-dev (gcc version 10.3.1 20210621 (GNU Toolchain for the A-profile Architecture 10.3-2021.07 (arm-10.29))) #386 Mon Mar  6 16:36:55 UTC 2023 aarch64
I/TC: WARNING: This OP-TEE configuration might be insecure!
I/TC: WARNING: Please check https://optee.readthedocs.io/en/latest/architecture/porting_guidelines.html
I/TC: Primary CPU initializing
D/TC:0 0 boot_init_primary_late:1422 Executing at offset 0 with virtual load address 0x10100000
D/TC:0 0 call_initcalls:40 level 1 register_time_source()
D/TC:0 0 call_initcalls:40 level 1 teecore_init_pub_ram()
D/TC:0 0 call_initcalls:40 level 2 probe_dt_drivers_early()
D/TC:0 0 call_initcalls:40 level 3 check_ta_store()
D/TC:0 0 check_ta_store:417 TA store: "Secure Storage TA"
D/TC:0 0 check_ta_store:417 TA store: "REE"
D/TC:0 0 call_initcalls:40 level 3 verify_pseudo_tas_conformance()
D/TC:0 0 call_initcalls:40 level 3 tee_cryp_init()
D/TC:0 0 call_initcalls:40 level 4 tee_fs_init_key_manager()
D/TC:0 0 call_initcalls:40 level 5 probe_dt_drivers()
D/TC:0 0 call_initcalls:40 level 6 mobj_init()
D/TC:0 0 call_initcalls:40 level 6 default_mobj_init()
D/TC:0 0 call_initcalls:40 level 6 ftmn_boot_tests()
D/TC:0 0 ftmn_boot_tests:198 Calling simple_call()
D/TC:0 0 ftmn_boot_tests:198 Return from simple_call()
D/TC:0 0 ftmn_boot_tests:199 Calling two_level_call()
D/TC:0 0 ftmn_boot_tests:199 Return from two_level_call()
D/TC:0 0 ftmn_boot_tests:200 Calling chained_calls()
D/TC:0 0 ftmn_boot_tests:200 Return from chained_calls()
D/TC:0 0 ftmn_boot_tests:202 *************************************************
D/TC:0 0 ftmn_boot_tests:203 **************  Tests complete  *****************
D/TC:0 0 ftmn_boot_tests:204 *************************************************
D/TC:0 0 call_initcalls:40 level 7 release_probe_lists()
D/TC:0 0 call_finalcalls:59 level 1 release_external_dt()
I/TC: Primary CPU switching to normal world boot
F/TC:0 0 checkpoint:54 .
F/TC:0   checkpoint3:66 checkpoint 3
ASSERT: bl31/bl31_main.c:246
BACKTRACE: START: assert
0: EL3: 0x2a08
1: EL3: 0x1210
2: EL3: 0x316c
3: EL3: 0x2e04
4: EL3: 0x1128
BACKTRACE: END: assert

A Linux kernel has not yet been loaded on purpose. Therefore, the assertion at the end fails.

The solution in this branch is temporary and has the following limitations:

• It only works on the Raspberry Pi 4.
• The OP-TEE OS image is mandatory and must not be larger than 500 KiB.

This solution is published without any guarantee. Use it at your own risk.

More information at https://github.com/peter-nebe/optee_os