| Message ID | 20221024122725.383791-6-sven.schultschik@siemens.com (mailing list archive) |
|---|---|
| State | Handled Elsewhere |
| Headers | show |
| Series | Secureboot on QEMU with EDK2, OP-TEE and RPBM | expand |
On 24.10.22 14:27, sven.schultschik@siemens.com wrote: > From: Sven Schultschik <sven.schultschik@siemens.com> > > provide a recipe to generate the needed binary to start a secure boot qemu with integrated optee and active RPMB replay protected memory emulation within u-boot > > Signed-off-by: Sven Schultschik <sven.schultschik@siemens.com> > --- > .../trusted-firmware-a-qemu-arm64_2.7.0.bb | 61 +++++++++++++++++++ > 1 file changed, 61 insertions(+) > create mode 100644 recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemu-arm64_2.7.0.bb > > diff --git a/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemu-arm64_2.7.0.bb b/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemu-arm64_2.7.0.bb > new file mode 100644 > index 000000000..791089a21 > --- /dev/null > +++ b/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemu-arm64_2.7.0.bb > @@ -0,0 +1,61 @@ > +# > +# CIP Core, generic profile > +# > +# Copyright (c) Siemens AG, 2022 > +# > +# Authors: > +# Sven Schultschik <sven.schultschik@siemens.com> > +# > +# SPDX-License-Identifier: MIT > +# > + > +HOMEPAGE = "https://www.trustedfirmware.org/projects/tf-a/" > +MAINTAINER = "Sven Schultschik <sven.schultschik@siemens.com>" > +LICENSE = "BSD-3-Clause" > + > +require recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc > + > +SRC_URI += " \ > + git://review.trustedfirmware.org/TF-A/trusted-firmware-a;branch=master;protocol=https;destsuffix=git;rev=v${PV} " Better pull the release tarball, see e.g. https://github.com/siemens/meta-iot2050/blob/master/recipes-bsp/optee-os/optee-os-iot2050_3.19.0.bb BTW, why 2.7.0? Latest is 3.19. > + > +S = "${WORKDIR}/git" > + > +DEPENDS = "optee-os-${MACHINE} u-boot-qemu-arm64" > +DEBIAN_BUILD_DEPENDS += " \ > + debhelper(>= 11~), \ > + optee-os-${MACHINE}, \ > + u-boot-qemu-arm64, \ > + libssl-dev, " > + > +TEEHEADER = "/usr/lib/optee-os/${MACHINE}/tee-header_v2.bin" > +TEEPAGER = "/usr/lib/optee-os/${MACHINE}/tee-pager_v2.bin" > +TEEPAGEABLE = "/usr/lib/optee-os/${MACHINE}/tee-pageable_v2.bin" > +BL33 = "/usr/lib/u-boot/${MACHINE}/u-boot.bin" > + > +TF_A_EXTRA_BUILDARGS = "BL32=${TEEHEADER} \ > + BL32_EXTRA1=${TEEPAGER} \ > + BL32_EXTRA2=${TEEPAGEABLE} \ > + BL33=${BL33} \ > + BL32_RAM_LOCATION=tdram SPD=opteed ${DEBUG} all fip" > + > +TF_A_PLATFORM = "qemu" > + > +TF_A_BINARIES = "release/bl1.bin release/fip.bin" > + > +ISAR_CROSS_COMPILE = "0" Huh? Wasn't this resolved? > + > +do_deploy[dirs] = "${DEPLOY_DIR_IMAGE}" > +do_deploy() { > + dpkg --fsys-tarfile "${WORKDIR}/trusted-firmware-a-${MACHINE}_${PV}_${DISTRO_ARCH}.deb" | \ > + tar xOf - "./usr/lib/trusted-firmware-a/${MACHINE}/bl1.bin" \ > + > "${DEPLOY_DIR_IMAGE}/bl1.bin" > + > + dpkg --fsys-tarfile "${WORKDIR}/trusted-firmware-a-${MACHINE}_${PV}_${DISTRO_ARCH}.deb" | \ > + tar xOf - "./usr/lib/trusted-firmware-a/${MACHINE}/fip.bin" \ > + > "${DEPLOY_DIR_IMAGE}/fip.bin" > + > + dd if="${DEPLOY_DIR_IMAGE}/bl1.bin" of="${DEPLOY_DIR_IMAGE}/flash.bin" bs=4096 conv=notrunc > + dd if="${DEPLOY_DIR_IMAGE}/fip.bin" of="${DEPLOY_DIR_IMAGE}/flash.bin" seek=64 bs=4096 conv=notrunc Conceptually, it would be nicer to do this construction as part of the build (rules), package the result and only extract it here for deployment. Would mean an own rules files, though, therefore not really simpler. Jan
> > +SRC_URI += " \ > > + git://review.trustedfirmware.org/TF-A/trusted-firmware- > a;branch=master;protocol=https;destsuffix=git;rev=v${PV} " > > Better pull the release tarball, see e.g. > Pulling now from https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/snapshot/trusted -firmware-a-${PV}.tar.gz > > BTW, why 2.7.0? Latest is 3.19. Where do you see a 3.19? All I can find is a 2.7 > > + > > +ISAR_CROSS_COMPILE = "0" > > Huh? Wasn't this resolved? fixed > > > + > > + dd if="${DEPLOY_DIR_IMAGE}/bl1.bin" > of="${DEPLOY_DIR_IMAGE}/flash.bin" bs=4096 conv=notrunc > > + dd if="${DEPLOY_DIR_IMAGE}/fip.bin" > > + of="${DEPLOY_DIR_IMAGE}/flash.bin" seek=64 bs=4096 conv=notrunc > > Conceptually, it would be nicer to do this construction as part of the build > (rules), package the result and only extract it here for deployment. Would mean > an own rules files, though, therefore not really simpler. > Moved into rules file. Indeed makes it a little bit easier. Sven
On 28.10.22 17:46, Schultschik, Sven (DI PA DCP R&D 2) wrote: > > >>> +SRC_URI += " \ >>> + git://review.trustedfirmware.org/TF-A/trusted-firmware- >> a;branch=master;protocol=https;destsuffix=git;rev=v${PV} " >> >> Better pull the release tarball, see e.g. >> > > Pulling now from > https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/snapshot/trusted > -firmware-a-${PV}.tar.gz > >> >> BTW, why 2.7.0? Latest is 3.19. > > Where do you see a 3.19? All I can find is a 2.7 > Oh, sorry, I confused optee and tf-a. Jan
diff --git a/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemu-arm64_2.7.0.bb b/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemu-arm64_2.7.0.bb new file mode 100644 index 000000000..791089a21 --- /dev/null +++ b/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemu-arm64_2.7.0.bb @@ -0,0 +1,61 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2022 +# +# Authors: +# Sven Schultschik <sven.schultschik@siemens.com> +# +# SPDX-License-Identifier: MIT +# + +HOMEPAGE = "https://www.trustedfirmware.org/projects/tf-a/" +MAINTAINER = "Sven Schultschik <sven.schultschik@siemens.com>" +LICENSE = "BSD-3-Clause" + +require recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc + +SRC_URI += " \ + git://review.trustedfirmware.org/TF-A/trusted-firmware-a;branch=master;protocol=https;destsuffix=git;rev=v${PV} " + +S = "${WORKDIR}/git" + +DEPENDS = "optee-os-${MACHINE} u-boot-qemu-arm64" +DEBIAN_BUILD_DEPENDS += " \ + debhelper(>= 11~), \ + optee-os-${MACHINE}, \ + u-boot-qemu-arm64, \ + libssl-dev, " + +TEEHEADER = "/usr/lib/optee-os/${MACHINE}/tee-header_v2.bin" +TEEPAGER = "/usr/lib/optee-os/${MACHINE}/tee-pager_v2.bin" +TEEPAGEABLE = "/usr/lib/optee-os/${MACHINE}/tee-pageable_v2.bin" +BL33 = "/usr/lib/u-boot/${MACHINE}/u-boot.bin" + +TF_A_EXTRA_BUILDARGS = "BL32=${TEEHEADER} \ + BL32_EXTRA1=${TEEPAGER} \ + BL32_EXTRA2=${TEEPAGEABLE} \ + BL33=${BL33} \ + BL32_RAM_LOCATION=tdram SPD=opteed ${DEBUG} all fip" + +TF_A_PLATFORM = "qemu" + +TF_A_BINARIES = "release/bl1.bin release/fip.bin" + +ISAR_CROSS_COMPILE = "0" + +do_deploy[dirs] = "${DEPLOY_DIR_IMAGE}" +do_deploy() { + dpkg --fsys-tarfile "${WORKDIR}/trusted-firmware-a-${MACHINE}_${PV}_${DISTRO_ARCH}.deb" | \ + tar xOf - "./usr/lib/trusted-firmware-a/${MACHINE}/bl1.bin" \ + > "${DEPLOY_DIR_IMAGE}/bl1.bin" + + dpkg --fsys-tarfile "${WORKDIR}/trusted-firmware-a-${MACHINE}_${PV}_${DISTRO_ARCH}.deb" | \ + tar xOf - "./usr/lib/trusted-firmware-a/${MACHINE}/fip.bin" \ + > "${DEPLOY_DIR_IMAGE}/fip.bin" + + dd if="${DEPLOY_DIR_IMAGE}/bl1.bin" of="${DEPLOY_DIR_IMAGE}/flash.bin" bs=4096 conv=notrunc + dd if="${DEPLOY_DIR_IMAGE}/fip.bin" of="${DEPLOY_DIR_IMAGE}/flash.bin" seek=64 bs=4096 conv=notrunc +} + +addtask deploy after do_dpkg_build before do_deploy_deb \ No newline at end of file