From patchwork Mon Oct 24 12:27:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Schultschik, Sven" X-Patchwork-Id: 13017526 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9F0CAECAAA1 for ; Mon, 24 Oct 2022 12:27:57 +0000 (UTC) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (EUR04-HE1-obe.outbound.protection.outlook.com [40.107.7.57]) by mx.groups.io with SMTP id smtpd.web09.18483.1666614470799964762 for ; Mon, 24 Oct 2022 05:27:51 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@siemens.com header.s=selector2 header.b=Pqh44uvd; spf=pass (domain: siemens.com, ip: 40.107.7.57, mailfrom: sven.schultschik@siemens.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EZA3CFbUKJW5Ha0u/dohwhqxZwroedpk43QwyhaOFT13v8L4574NmAse/xEkoyQNbbgGwh9efc69tI9Ir5T+1hXR5Kpg5sNufsuxXLym2vNqoqQhI7fZEW3JA8flUs4GUVOiFAYgaWV2XMIPn0r46R2K//WGpPLMlwZn28IT0mFf9X8UxDWsxfEiXyGQ18zcj+d86ukpCRw3Mfbf/OJ5cBiAU0iFGkoQ71QNwEDhlwC13w7qv8/rlLa3s5wyiAbtir+I789pzYepk0TGCcd2iA2GdawiPIW+cx13ieIgOMMznuTzVmCM/yXeId9l3/JKAWsqlaVlvNiZYkSHMIDHWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LPozscQVLR3OJKIM27XvhkrVUAUKKTfU93qw4bWk5Wo=; b=CFAcrg3Ouggpmzc1RFH6dX4UtdPWbhn9g7iEY0gHcGaPTg4JC8Ir1TSoSv9jB1fzDHviUYe1XKOxeMC35uiENHI1gHYztnSLVIZ58fiEBJZb+550vXsbB96O8KCK+gNXk6/YYe5JTPkd7eW+inys0Cz6anBQpuPqRtw43hEKMJSXy+gyEGENbhWpxG29QfuSsFeqhyeuA+DtEdMhzMBznF3oEoY8IL7dzGZAXuZmboDeBPMHb6ax/CWymEBOt55W1oijI17x/poSaOnrrbtDXL0F9vwml1s6hjSxcIon5e6mFnOK43vJHjZI7aSFdv99MN5HIrdPCLfij1V+r7fuJw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LPozscQVLR3OJKIM27XvhkrVUAUKKTfU93qw4bWk5Wo=; b=Pqh44uvduVZDxQlvorLLiRFm9EeeEdIhp8wPQRQS9aP2A9L9NSB4L0IdLVlwIKWZezMc79p3ZuJM9cF8DCjaqT+JBt2UR+s8ljCa6x71+RLwoKqBXvLLkw4u9RCec3AgjmfOuoNxMRDEAGsQ3cv7TH0+I2U0VPlNQOhPaUnlB0sOQjUYG5wkSmJyzIeqOe4sqd8RaUUVkWymM/fRMKM9RRP67lw3wm/25N0Mv4q9nLVwyGEf+h0GOAFoSomd3NokOwyeLvT1QMcdR34V8Sr4I/R/ek1+XNoGykqSPXC7u54ohM7+Cvk9Zb3SPuoG2DRyqme0vpWeW2Uvq/otMe6+fg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:210::11) by AM9PR10MB4038.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:1fa::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.25; Mon, 24 Oct 2022 12:27:47 +0000 Received: from PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM ([fe80::8f3:9a82:c9ed:6a3f]) by PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM ([fe80::8f3:9a82:c9ed:6a3f%8]) with mapi id 15.20.5746.026; Mon, 24 Oct 2022 12:27:47 +0000 From: sven.schultschik@siemens.com To: cip-dev@lists.cip-project.org CC: jan.kiszka@siemens.com, Sven Schultschik Subject: [isar-cip-core][PATCH 1/8] add recipe for edk2 Date: Mon, 24 Oct 2022 14:27:18 +0200 Message-ID: <20221024122725.383791-2-sven.schultschik@siemens.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20221024122725.383791-1-sven.schultschik@siemens.com> References: <20221024122725.383791-1-sven.schultschik@siemens.com> X-ClientProxiedBy: AS9PR06CA0567.eurprd06.prod.outlook.com (2603:10a6:20b:485::35) To PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:210::11) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PAXPR10MB5037:EE_|AM9PR10MB4038:EE_ X-MS-Office365-Filtering-Correlation-Id: fe02d85f-5ce7-4039-1e32-08dab5bb28c6 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: FlJ/CMdtpROzktjIqWfX+MjfI3EImTsiAehHoJmjI/zFnUUqNQpategL8sN9qdf3mlNzKKFN1bWwAKQCfUDoHSbt+w/o6/gWov2WmSUG2vaKf6oqBM4r48uSEK9DgZ2hVAtE1IADqbCpNZbz7GF5Oplgae3LKIfuXaWB+VGGdsjHBlUKY27xCcUIBaZ2Or9Y/qvXqCTfWvpSWTyoqJuSY1baZkNZjUulixd8hZv0J7IyV0YNlCY8sZG2Gg8k8odQv0Mo7tZ3eKN2FKah84tquuLYqoIRk0s6rUQ8KjcBNIkT0tni22fiIgdbYeB87U9CRhIvco8qc2/yGIjHg8H1YYo0RVnkBeqneUcrAMFn6QkNaiLq8RxfxaDYJMGdbioF5g0JTyqdl8U5FVg45Xu+bSg60sBdTlbNN70aJlRrLoKMqmXWLKSVbxFNeSJ3zYc7hLTWgiwzyxMG7XByucuM9xSRHBaqVz2nPYxkTgle64gpwp2CZz9md3o+5BcUhYTtAy2gVzJpo+KUSAwr44puXoElClxpKi4UfWMrp8nY+iEY0IqejU4IaR+CrSA1cI2wtY8AY8x1t79nbuUGyli7UW6mg9N4oXIvBcza+Gl6A+zyJUBNO//GBvVuUCnM3DTY8fzCLMGuuPrPz1c6FSQU1Dkbxt8WDCnQpt4zafOJUgzr35C4EUPL/Z05HbmFsAi2KhOW31bAJyxmqijvSa1T/tz0otoxMpEcEycHyfU7pf1rsYa+6gut57ipHmBUMThNOhpDg/pOmk+77+7K23LzLg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230022)(4636009)(346002)(39860400002)(136003)(376002)(366004)(396003)(451199015)(82960400001)(966005)(86362001)(4326008)(6486002)(8676002)(5660300002)(186003)(9686003)(66946007)(83380400001)(6512007)(478600001)(26005)(38100700002)(2906002)(36756003)(2616005)(8936002)(6666004)(316002)(6506007)(41300700001)(66556008)(66476007)(107886003)(1076003)(6916009);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 8rg1YF53KD15tDqnUYJuNC1cloYTwa/IcPLSi0QXl8UcgY6mjcTLry/m62/tVI/0xmLqa2QZ1BhsEefjDjm/7sFBoR27BtQnwSYhmb7PjgRwZ4+XcYldyrgewBiwzau5xP1ML6R2hxdzajOmJQRPemGad/FKAQJsHPyNcZ1qPgXRgnY4vRM7NVRgTbgWIGT7v/ruLN1h4fSoNcxs+5EGSVtFFqzOpypyMxHNxLQkMB5X1rhPmhlthnnn8RBkN8aXZtlwDr/S+DXqRRovOhFL6EjULZMi5OT26tHInlXQheC7Swu9Box+KRQTcGbcRBRi3LWuUQTNH8RoBZkPplsKpZpds7XaEstlZi8VhSLO3B5ksgh805RknVFujg8FcmZRxJaFHvG6CeDI5XFT3UsOmaQRwGE0JM38mMCPYz+KrFzg7e01/VMKg1cpf827HRwCjht16BzNUfrJTh6DO6007u+N2r5LZkkDjWyDKKRbcrCgxlj5TT121E5EzdfIAg/t+uWT22nE9keroihUfIu9PnUJIwqX0LmDeTrtFZbX/0pFmfrqsFzHvv27KaiyDrcDjx12EqBUJtKxs/f11YEi9yt32MvJY5cdnxFfqoyWPgOYLVSbV2gTg/0bNelwk7MrLJ91Z7MCoGHUD/2tgxUfZ9jv6EXVxTSdANvIkvI3Ce9PU9QNCsXzm8AAJczCtxwkySJaB7kFV2dINRm3qZ00Fhpuz5RabouELKOVJsf29QR6iZ/L+GT3mQ4vWnV+5Iqce6XQtiIyIS6JOZOLFbwElhfQbCVy93WZ4rEYe37r6LXISO7bWccE5rEZawSU1l1pnE6Zc45epTukpeTH9zzjC3iyPT+McCmEKLnXiU+PEYdak4qKjk5zC98ch2qlCLefdOeyYHZ8gdUSU+foGX2ijooiNrenLwWRJXWHghCMJlSAYPgUIJYPBCRmOnWfD2agX/hWm0ctjZntRANLARx3DZbyZ1gn57Un1yG2d8H0DQSxkFaOHqxZrnamxqszGEVvzvJbWXGtjv8L/zS9Zwe/f9W7Oqdw3M3Slre4YB3sRoU4BZ+pY6jueA6x0t+2UYKjm0+6S/uSHaUb2T/msJiVB/ydzFGw8mSCSgSjMT6omeX1xSyORqghlz73sv6ZjOX0pDJBsZ/3oqjp9lTne/J7zdaoeNoIc858Kez4NUvIGLRCJBZlyKi0XDal12ph+9mcXjAiqbT1tLqcjCjAAC7edIG+lEJhnqE4hurbvA1eHIN0hX2PrQ793Ld6LDamwIYxI69koeiU8WSep/SAd6yHVlneP0SyuBHaXFTL1DK8kYRo+jll9WWQrGKySaJSSTS9JKp6u1y31K427jKkP5wn90gf0GNbj4Vapnbt2D9ZpsjGcSfr5+fG5Dsup0MdgtxSrgzl9NzCgQhFwWKFgkJUUG9JRPvOslxaZv6YPBY8o5g86aMUrBs3TjMTmdzWoM7yKOEfauu1BI1W2B3TjSCYNrUzlx0n2rwQavfGpk3DzLmMl8Cs6OSMqnGYBzmrSQCza8Ty4fnzWrnhQISg8wko7w7+4IDfTeh0JESWpnxRJQPfL+sLdi2KkOqBykebafwEQqC3UoKVTVgAHuTx036BmQ== X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: fe02d85f-5ce7-4039-1e32-08dab5bb28c6 X-MS-Exchange-CrossTenant-AuthSource: PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Oct 2022 12:27:47.5336 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Z0rvmaTUHDJwr34XTVEWIokddnXWs58G8kGaVLpCfiVXuO4sZahD81wBs/EOpqP47eZLbrKGWFo7jneMOzXE60nUfW7s6Fmc1WFguFm3D/Q= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR10MB4038 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 24 Oct 2022 12:27:57 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/9805 From: Sven Schultschik provide a recipe to create the BL32_AP_MM.fd binary by edk2 which is needed for the qemu optee generation as dependency. Signed-off-by: Sven Schultschik --- recipes-bsp/edk2/edk2_202205.bb | 43 ++++++++++++++++++++++ recipes-bsp/edk2/files/rules.tmpl | 61 +++++++++++++++++++++++++++++++ 2 files changed, 104 insertions(+) create mode 100644 recipes-bsp/edk2/edk2_202205.bb create mode 100755 recipes-bsp/edk2/files/rules.tmpl diff --git a/recipes-bsp/edk2/edk2_202205.bb b/recipes-bsp/edk2/edk2_202205.bb new file mode 100644 index 000000000..056b612ce --- /dev/null +++ b/recipes-bsp/edk2/edk2_202205.bb @@ -0,0 +1,43 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2022 +# +# Authors: +# Sven Schultschik +# +# SPDX-License-Identifier: MIT +# + +HOMEPAGE = "https://github.com/tianocore/edk2" +MAINTAINER = "Sven Schultschik " +LICENSE = "BSD-2-Clause-Patent" + +inherit dpkg + +SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https;destsuffix=git/edk2;name=edk2 \ + git://github.com/tianocore/edk2-platforms.git;protocol=https;destsuffix=git/edk2-platforms;name=edk2-platforms \ + file://rules.tmpl \ + " +SRCREV_edk2 = "edk2-stable${PV}" +SRCREV_edk2-platforms = "3b896d1a325686de3942723c42f286090453e37a" + +S = "${WORKDIR}/git" + +DEBIAN_BUILD_DEPENDS = "python3:native, dh-python, uuid-dev:native" + +EDK2_BINARIES ?= "Build/MmStandaloneRpmb/RELEASE_GCC5/FV/BL32_AP_MM.fd" + +BUILD_DEPENDS += "" + +TEMPLATE_FILES = "rules.tmpl" + +do_prepare_build() { + deb_debianize + + rm -f ${S}/debian/edk2.install + for binary in ${EDK2_BINARIES}; do + echo "$binary /usr/lib/edk2/" >> \ + ${S}/debian/edk2.install + done +} diff --git a/recipes-bsp/edk2/files/rules.tmpl b/recipes-bsp/edk2/files/rules.tmpl new file mode 100755 index 000000000..0a09c50e8 --- /dev/null +++ b/recipes-bsp/edk2/files/rules.tmpl @@ -0,0 +1,61 @@ +#!/usr/bin/make -f +# +# Copyright (c) Siemens AG, 2022 +# +# SPDX-License-Identifier: MIT + +ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) +export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)- +endif + +export WORKSPACE=$(shell pwd) +export PACKAGES_PATH=$(WORKSPACE)/edk2:$(WORKSPACE)/edk2-platforms +export ACTIVE_PLATFORM="Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc" + +# https://github.com/tianocore/edk2-platforms/blob/master/Readme.md#if-cross-compiling +ifeq (arm64,$(DEB_TARGET_ARCH)) +export TARGET_ARCH = 'AARCH64' +else ifeq ((armhf,$(DEB_TARGET_ARCH)) +export TARGET_ARCH = 'ARM' +else ifeq ((amd64,$(DEB_TARGET_ARCH)) +export TARGET_ARCH = 'X64' +else ifeq ((i386,$(DEB_TARGET_ARCH)) +export TARGET_ARCH = 'IA32' +else +$(error DEB_TARGET_ARCH $(DEB_TARGET_ARCH) unsupported) +endif +# When cross-compiling, or building with a different version of the compiler than +# the default `gcc`, we additionally need to inform the +# build command which toolchain to use. We do this by setting the environment +# variable `{TOOL_CHAIN_TAG}_{TARGET_ARCH}_PREFIX` - in the case above, +# **GCC5_AARCH64_PREFIX**. +# export GCC5_AARCH64_PREFIX=aarch64-linux-gnu- +# using export here at TOP Level does not work, because +# GCC5_$(TARGET_ARCH)_PREFIX gets deleted again for what reason ever +# Therefore it is set right before the build command +# export GCC5_$(TARGET_ARCH)_PREFIX=$(DEB_HOST_GNU_TYPE)- + + +export SHELL=/bin/bash + +# ENV Vars which should get set by edksetup.sh +export PYTHON_COMMAND=python3 +export PYTHONHASHSEED=1 +export CONF_PATH=$(WORKSPACE)/edk2/Conf +export EDK_TOOLS_PATH=$(WORKSPACE)/edk2/BaseTools +export PATH=$(WORKSPACE)/edk2/BaseTools/Bin/Linux-$(TARGET_ARCH):$(WORKSPACE)/edk2/BaseTools/BinWrappers/PosixLike::/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +override_dh_auto_build: + source edk2/edksetup.sh --reconfig + + CFLAGS= LDFLAGS= make -C edk2/BaseTools + + (export GCC5_$(TARGET_ARCH)_PREFIX=$(DEB_HOST_GNU_TYPE)- && \ + build -p $(ACTIVE_PLATFORM) -b RELEASE -a $(TARGET_ARCH) -t GCC5 -n $(shell nproc)) + +override_dh_auto_install: + +override_dh_auto_test: + +%: + dh $@ --with python3 --no-parallel From patchwork Mon Oct 24 12:27:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Schultschik, Sven" X-Patchwork-Id: 13017527 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A4198ECAAA1 for ; Mon, 24 Oct 2022 12:28:07 +0000 (UTC) Received: from EUR05-VI1-obe.outbound.protection.outlook.com (EUR05-VI1-obe.outbound.protection.outlook.com [40.107.21.49]) by mx.groups.io with SMTP id smtpd.web09.18488.1666614481000126223 for ; Mon, 24 Oct 2022 05:28:01 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@siemens.com header.s=selector2 header.b=cgfysVzY; spf=pass (domain: siemens.com, ip: 40.107.21.49, mailfrom: sven.schultschik@siemens.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mi0ApGhosMDHGHe5Q0QNqBNof8EHVKVYTp6w7HkDzjv39WtQGsTV5qVDPyUQ2A3ExQ2Fwja0FnYwzvdiBRKK0xFH+C0fvh2+Jve3x50Gyly+43g3pLKbKoWXoMqPSAmMGGrG+j/aZduasCXG/Fb1eKIiaorcMS7zLFjTXsrZdHkHe3cCEOExvzi688bBIMGy81jZT3SLyfwg5MK1Z/9WREskiULWim+vaNtI20tGpvJri3TOJOiEOm3Z4DSXb+lA9vD49xh5EsyOVRHFL9SOzKyZ+IZsGV+b3fcz1ipf1MPk8pm0UI7HOO5bIXPKoDc++DWUzqNJxKbV7ExT9Mlo5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iZICFyjodtBKQoKKIWAR+MadjYQzWKsXhFmBTM6yi78=; b=g2EciwV+5EXAdAxJhRoc7sFw0USud0QRbCaJMuDZiJuRDlOgvSSIPMZlGjM88am/pHnZG7OmC8Dt9a/LBLAp/amtnWCcAjRw/JRgy/2NoM9JGAiGgYwvwnZJsYexaNaEsxIZSiL6+ecl8JJOaf8jz0EvABM92FPUtVKgR1BmdhKiH8KgP7MUANMrWYkDERBwI7D9aXyYwO5FBJiqLSd5zsqcEsZ+6qdxXLXAmypJGvfOTlgjFT1NyEYk+KKFKLm89Xkv7+Q67nBljldLLUe3kk4L4H5QYqJeIgZXdFqrDl0usPbINOb0cbt288ebBOziAgeRP7J9aEkPLscgL2j0Bw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iZICFyjodtBKQoKKIWAR+MadjYQzWKsXhFmBTM6yi78=; b=cgfysVzY6WuCEfGVb4MEmxvYSkbflGDvWkraEoVYdGrlTVFn3lTgdwueP08Rctkayiwz4OlMol2utycDKyDG7lkYDT5VCeZ7ypC4Y7Hgd5k6YOc+fg6dcf+pcyBv4/5aOfWLJVM1C7CWLyJbEuPtg87DHf7qz/C7C26KT3uC+bdXdLjWawNdGo2uDsrz8xqRsLwYLpPlIXncfTEPHQ0GtiKFBZeSKlQa/lr1gohiNITxCBnr1AQNGli1KML+s4Fz4Xm8HGaKhsHTXFcTwDmOurfhFyypdt+kmaslNjMfzmr2GUHyRIvgIn2gXrYVFE7MxdTYCnECtdgEspWS93Pi7A== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:210::11) by VI1PR10MB3565.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:800:138::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.26; Mon, 24 Oct 2022 12:27:57 +0000 Received: from PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM ([fe80::8f3:9a82:c9ed:6a3f]) by PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM ([fe80::8f3:9a82:c9ed:6a3f%8]) with mapi id 15.20.5746.026; Mon, 24 Oct 2022 12:27:57 +0000 From: sven.schultschik@siemens.com To: cip-dev@lists.cip-project.org CC: jan.kiszka@siemens.com, Sven Schultschik Subject: [isar-cip-core][PATCH 2/8] add recipe for optee qemu arm64 Date: Mon, 24 Oct 2022 14:27:19 +0200 Message-ID: <20221024122725.383791-3-sven.schultschik@siemens.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20221024122725.383791-1-sven.schultschik@siemens.com> References: <20221024122725.383791-1-sven.schultschik@siemens.com> X-ClientProxiedBy: AS9PR04CA0106.eurprd04.prod.outlook.com (2603:10a6:20b:50e::15) To PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:210::11) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PAXPR10MB5037:EE_|VI1PR10MB3565:EE_ X-MS-Office365-Filtering-Correlation-Id: a97c09db-e43f-465c-8af4-08dab5bb2ecb X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: HtpdDy9hJB+4ZsEnjCMyqz2gt4vhkQCVhdcqzU7qBOh51Dc9kQz37U6K/rgoUDO3SerfQUT7xatgDVulAXYW9emDw4FXSYmLnDJr+iIRC7w2s93Geyys55D9zG6wnDz+Vt2YNmT+vs0oW5ugtxQAf/tneVMkvqmn2BYV6jCFZMUUB5bnfL1DFKg0gw9MyWnxAVqnoMQ6KOZUYCj6onwRq5kxQ2jLoADwFDcnj2odAzxiSjuJrZAcvdfqoafa/qVLBBpUkPy4QhT4tjvE2SK9iBgx5TM/sowsh8nLLwzUp3TkQ/sl/gXDDO6edWWTypp6gJHJZA1V7YD5BijII9gS41tx66JVP3FOow8koaS1CDk/NmcxhIkA8rUl1ELwzu8GXswCr5REH0JEi6GuqEsDPP3htiPL+Oq9zm8LFAd7qR4FXE6dcVzmQwtTDNDeWsAeKl8yIFSEdUPz3dWQi2E51bHxchEqoxZHV1LonODBQKhHmugeE6MUJyZDyIGzAQdiFzyeXFQTf75+2zqqZeQiUlstuIIhpz37DAwynBTHK/IQrp0i3rtstwi56b6WwwMjZOYpJC7sSZytxYczXyYFTjtkTPScm0WJOGCcDtIiWsGhR4oCIqvt2pyYbRAGJsoG32kyQl42bvcxFwVmZY/iv3foJlCLWdluQ2mJbojSziWS8gW2GNKe8hFUP853hlrAJuKXy8wiAPuy2S8cRy0dl48R4vdDVc5rAvk8KMIQtRE= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(39860400002)(346002)(136003)(366004)(396003)(451199015)(9686003)(6916009)(36756003)(4326008)(2906002)(5660300002)(8676002)(66556008)(66946007)(41300700001)(66476007)(86362001)(6512007)(316002)(8936002)(26005)(6506007)(186003)(2616005)(82960400001)(1076003)(38100700002)(107886003)(6486002)(478600001)(6666004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 041T7W2fyxySvOrjgdeO3mMbRcXudDcqsdnJrACkUTG6aQ5+M+t4MBNCdMZm05nNx8AFv2n3887n50eGVJb9Cc0yManRuT5CilTBeCghnm3bjUyY25gVVahTTeYuvVnvre60cjB2jIdWfwBj73gma6RR7djdHO1OozciT/EoFcdPa8PBUuUpCYYxhQJ/B/oNY89e1E9tKRl03ELFTOfFqYErf8x1ZE03SxlQxeCxcEcsnvtakzS8AAgVY9XRmeJg19XYFq5WcPRe0ipDF75zPX+TJMCJ2S1ix4Yjd6HM8SWTpWRrh3NR7C/gWEldrgtBQ8xQwA/7RDiNCGZk6z8oijvpHPQNOmNSYBPxwbwBWctpzkMPNkYVuu8edclMnWiVi6QlYDYXpV3n5HFipfDlT8Lip+x3qDqULaJ2HD1Sj+/v+JZGomKyRVeP09/Y2xmSsR3qvKNNwbNffbpeTl2hDcVOnALYRdba34WciI2E/iiLUE/4kxNxDmO1WbGxZ1p3R0qB0c/mKrmvUJmNs9vcvQH09Bdz6xOsyDDh5B3JLmSflPziloDeXcVWPQom878L3d9CedEOg4vrsaMfrFS7ujfuGQnuv1T/OYHMc2LWh3JC9PbH1pUbuDpNkHcD/7WSQzvy2mnwLgXJYTu1rJ6ADDinJVoaGvZxAuWoNNkRI76qlox6tJxySicgQEb0QF+fbZCCQFd4n7lm1j/I5GGc/X4FuAT4XyJH/JdJiuo8V3v/pfIdd7iSaBsw3zsjjdiGHVLoBVnxLl8aHoWakQ93fouA2ph8u7zMGBqgMtbMn9smYddL2FeFwP3z7CZ5i7tlBx+LAV2imy/MQRCkbaqlv4DTK79Hvb6JythTz/dewMqXah26AImEZfJ4PQE1bD6mpH4LOfC8LDknNM98SqA6MPqXC/6m/JYwDAOE47TDqD5LVmel3xbEzbESvoBCfcOmfX+8HmeYnr+sR5W5cC97S8keyNBK5d5tMiImDaIGsPs2NuSFQ6i7bARpw5U1WM4Krd1+6VQIV6af0EtX4IhOVPU1uOnOvnhIiM+ZD8WlwrA76rnybD0Ev180t7Hhyq5QaLkKJWrOhEPOzZsizbEovtaEKRImb4AptfLUkDVUUWVqEI2JOWThOoO4c371chBMWw4vGSDMGtadytSMr2WldasD8QjniRWb6mFNx+TB42DXZuYjp9uGUwIveOfqRtIn7fjYkHNbaDnKKuPanqFUtQ5rP5S8mR9rlsNomxiYA/ak9sHbglhbMy5sZSwKuzTKOpJB+8xSmca7XQ+s3vRIeM68Q951T+OY8gbz/3XBWrhA5q32zj3dAIb5CnJetVq7ppM3kIZeMndWya0fQCGZwWSRcSa5MkhkydblWNwHYIsnRgfYjsIXCQN3EIN46BWg5Uw655bsndduNlvVb2sBEMRm4SOPdAKb6bO4zsIO+gtcsh3qBZsaQGQFGjqShdLXvnIvpTGY0m6IbnTinkvgfCqPiJ9pwV0n7beVRUCSGTTexJgl/MpaaaaagbFQZpMr82CCk3iXWjQvhCeEZsebr9O0VnMyCixh6w9f4hMpcrylYNrvzoeQI40/DoLAbRTNfuVYia0RNQ7pjnVT5lvNqw== X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: a97c09db-e43f-465c-8af4-08dab5bb2ecb X-MS-Exchange-CrossTenant-AuthSource: PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Oct 2022 12:27:57.5886 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: NwZf6IVa3cJQebpq7RLsuukLnZsKlwDyiCtp+O0Ip31jfIlMd0nJyl8HoHo2Q2kk0kYpV7mTLOqBevugqUd1DeesS4GrAVdcXYa6EILV5H0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR10MB3565 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 24 Oct 2022 12:28:07 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/9806 From: Sven Schultschik The recipe provides the possibility to create optee-os binaries for use inside of an qemu secureboot setup with edk2, rpmb, u-boot and uefi Signed-off-by: Sven Schultschik --- .../op-tee/optee-os-qemu-arm64_3.17.0.bb | 54 +++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 recipes-bsp/op-tee/optee-os-qemu-arm64_3.17.0.bb diff --git a/recipes-bsp/op-tee/optee-os-qemu-arm64_3.17.0.bb b/recipes-bsp/op-tee/optee-os-qemu-arm64_3.17.0.bb new file mode 100644 index 000000000..3d1325432 --- /dev/null +++ b/recipes-bsp/op-tee/optee-os-qemu-arm64_3.17.0.bb @@ -0,0 +1,54 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2022 +# +# Authors: +# Sven Schultschik +# +# SPDX-License-Identifier: MIT +# + +HOMEPAGE = "https://github.com/OP-TEE/optee_os" +MAINTAINER = "Sven Schultschik " +LICENSE = "BSD-2-Clause" + +require recipes-bsp/optee-os/optee-os-custom.inc + +SRC_URI += " \ + git://github.com/OP-TEE/optee_os.git;branch=master;protocol=https" +SRCREV = "${PV}" + +S = "${WORKDIR}/git" + +OPTEE_PLATFORM = "vexpress-qemu_armv8a" + +OPTEE_BINARIES = "tee-header_v2.bin \ + tee-pager_v2.bin \ + tee-pageable_v2.bin" + +DEPENDS = "edk2" +DEBIAN_BUILD_DEPENDS += " ,\ + debhelper(>= 11~), \ + cpio, \ + python3-cryptography:native, \ + python3-serial:native, \ + device-tree-compiler, \ + edk2, \ + gcc-arm-linux-gnueabihf," + +OPTEE_EXTRA_BUILDARGS = "CFG_STMM_PATH=/usr/lib/edk2/BL32_AP_MM.fd CFG_RPMB_FS=y \ + CFG_RPMB_FS_DEV_ID=0 CFG_CORE_HEAP_SIZE=524288 CFG_RPMB_WRITE_KEY=1 \ + CFG_CORE_DYN_SHM=y CFG_RPMB_TESTKEY=y \ + CFG_REE_FS=n\ + CFG_TEE_CORE_LOG_LEVEL=1 CFG_TEE_TA_LOG_LEVEL=1 CFG_SCTLR_ALIGNMENT_CHECK=n \ + CFG_ARM64_core=y CFG_CORE_ARM64_PA_BITS=48" + +do_prepare_build_append() { + # $(ARCH) is the CPU architecture to be built. + # Currently, the only supported value is arm for 32-bit or 64-bit Armv7-A or Armv8-A. + # Please note that contrary to the Linux kernel, $(ARCH) should not be set to arm64 for 64-bit builds. + sed -i \ + "s/\$(MAKE)/ARCH=\"arm\" CROSS_COMPILE32=arm-linux-gnueabihf- CROSS_COMPILE64=aarch64-linux-gnu- \$(MAKE)/g" \ + ${S}/debian/rules +} From patchwork Mon Oct 24 12:27:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Schultschik, Sven" X-Patchwork-Id: 13017528 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9EF8EC38A2D for ; Mon, 24 Oct 2022 12:28:17 +0000 (UTC) Received: from EUR05-VI1-obe.outbound.protection.outlook.com (EUR05-VI1-obe.outbound.protection.outlook.com [40.107.21.66]) by mx.groups.io with SMTP id smtpd.web09.18493.1666614490913254581 for ; Mon, 24 Oct 2022 05:28:11 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@siemens.com header.s=selector2 header.b=cRLHH+2O; spf=pass (domain: siemens.com, ip: 40.107.21.66, mailfrom: sven.schultschik@siemens.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DO2sjHmSJOyJ/xFTF/BF1iX3jGvOGCdwR8ZEnW9LUWY9E0rlKMuLN5/KhOSTOTvKIsq8lx41GJ80TIzRZW8S6aUdsMWWCqo9zMyMjoE4jJTgM9Y+ne3Hn3NimWFN5vL7L5Le6YrXRgNXsz99E4sZgEPWjAYD+aD941eoXydbFfS9SHXyOCt7C4wBr+55wIA5qvFJETFch7Y43Yd3Y+2HtciWdmBqV5EF3tu7/cNpSo4S+WBgdVzuqHu5j8kKmtQuFG/uujpm2GDC5fhi8XSPuEw+rxZ2IL3CQTi7HcPkv3Cqi6pPtr7s14vwtUGD4GpXkLkpi8eVMt5mes5dGlpUoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8zk+4yOUuu9+tFXxoxaaNbSnCi/N6nQp+Mg5hdZhRMg=; b=YtubpWKygN7qt+jQrsF5b7o4AXuZnW7JIJv0yckFZecJIV64/cKh6w1jPp8ebiOwGawh8dT9NPYE3hm3ntmbFNNdCxFh06nLMx9JGejwX7m6XV3qm5PrcYzXaIX9Us4inLybbKDhvkwSWv+LhzvY75ZTFkt797rZGP4tinLdlsRCiCbRMJguDPcNf6whCt1paUP2faiqOvZJwjmjdhTUxZx5vuuBfRG4xVvDfONUUiXPv6FVGFrcKJaiiljUZO5rwAudLcwTZrCrQRE8hDYiFG5pLrwMK904bGsJfYUTouWhzLQwCC2wsOQddtTYQPOFV/LAOAz6/Pdq0rpxQWC7MQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8zk+4yOUuu9+tFXxoxaaNbSnCi/N6nQp+Mg5hdZhRMg=; b=cRLHH+2On2PhHnD2zhlIgEP+kX49J0dOKbdSfm0eB+wfnWkBZmB4UIVbA4sS/aqrw9oJgsbkVqKDYh+V4knEEOUevOWDqlqhf9qy1Oe6gB5/l0w1R6HQGHLqD6c7JQTCUi0T3r3yXJQ3J/c96wO3+eoXBXWZBI9Ybs4wFcB4lngYuViynKz8hqlZGZUllzKzb6OB0w6Haxp1mBevhMxWIPgJuNOelnzPbACTDwBRGabmkQoCoyBZ4ByqRURkAdcmXKOfa6Ic4jzC8y35ccdnyf4LDlAXSMRn+cj1Dm5WhqWOKvTKqWqME8bosF4ruF1lrZdfKlpP7qgaHflm1TYw7Q== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:210::11) by VI1PR10MB3565.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:800:138::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.26; Mon, 24 Oct 2022 12:28:08 +0000 Received: from PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM ([fe80::8f3:9a82:c9ed:6a3f]) by PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM ([fe80::8f3:9a82:c9ed:6a3f%8]) with mapi id 15.20.5746.026; Mon, 24 Oct 2022 12:28:07 +0000 From: sven.schultschik@siemens.com To: cip-dev@lists.cip-project.org CC: jan.kiszka@siemens.com, Sven Schultschik Subject: [isar-cip-core][PATCH 3/8] Include optee into u-boot Date: Mon, 24 Oct 2022 14:27:20 +0200 Message-ID: <20221024122725.383791-4-sven.schultschik@siemens.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20221024122725.383791-1-sven.schultschik@siemens.com> References: <20221024122725.383791-1-sven.schultschik@siemens.com> X-ClientProxiedBy: AS9PR0301CA0039.eurprd03.prod.outlook.com (2603:10a6:20b:469::8) To PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:210::11) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PAXPR10MB5037:EE_|VI1PR10MB3565:EE_ X-MS-Office365-Filtering-Correlation-Id: 1d22f9f6-7d03-4f20-e0a4-08dab5bb34f7 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: XP/6ChrIrVf8nwTekGn5is/+QSklNXziMcgmGxWqfia/XR+lpwqaMN466oKZBq/F1dlnNK/F+G8Gmhgt3rux6qVO1DjszEGFcyqqXkNZhaZOX3lyRk2ZVNpRtSRaAVHBTtEjkRVEKOiBNLe50ahOiP6uc4iwPIvchAWXNCcHUKcq49e763+P5vA6/e2FDvzXoJwuB9/RjmllGG0rYR42trA2bxIoLVLfJiRoiPJr6sASLFrPPN/sUfwA/4JWzhZbUjlMtKP+v5deLn9Er0YR50r2pxKV0I5wchhcHf/0qZlbHNGXwvk19JBxqehrSWfTlsUs+rEv0QXhxBlXzIbEWRlNWgCZfuEYsMMPOrSMlHY2RefKWOj3gvj8juLb5SNELHM7LrP6iZvfAr+6hTR9xmOHa/ymwaptZUYp840vsmaAdUzZn0Z7RDNyyTBzx04op2jOv/Pne5oO+ygeR7Aw6lJCkUEL9MaIUNKZWpniDmFuqkzqprHDiv6lP9ie1TpL/EKk8bYS+Ktuf1bFw8lWTrbCpK1C0/ka2daCHIGas5dAbt66Ps4K2cEPQ8FA08xybIjZ20r2Ln6g/1Ba1xSod1fEuonBJJv2uvRUV34TkW7KBgNg/mdbtt4TgX7o+nk1S/OoUjX7UZFY/1r4xsIMr6pde9Ss+QRYw4xw2DNW/KpuGk4ZXM+9lX4GD6bfzVfXAsROrlfZoREhE6UvFAJgBw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(39860400002)(346002)(136003)(366004)(396003)(451199015)(9686003)(6916009)(36756003)(4326008)(2906002)(5660300002)(8676002)(66556008)(66946007)(41300700001)(66476007)(86362001)(6512007)(316002)(8936002)(26005)(6506007)(186003)(2616005)(82960400001)(1076003)(38100700002)(107886003)(6486002)(478600001)(6666004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: caBoRHuW2kdflHs37UPlBJXvXSFT+wlvJ7sjik1amkXJWM0GrOpzGDPSc1u+h2tk6uuNtZtD9pESklOV6GAR7Mmb6FUW4AGMN+TYaKUztfQTrqSJSVMQ/u1E+QUdvXZdXM1EWrCBGCCDp+mge+FaxDXuym3wrmzUr3T7m+FMRGlAXQEb7rWZf8LV74Qy2bfnQTiM6WgO6Uu7su0cze0T1W1iJ4Yp/4r/lB3tZtev8aR/CQzdOESrFhIPbdgsMNJptJUwbn60HLd57QPFBDI/4Cv/g6vnLjwXdVavdeI5IF+ZUAbcaFLV1hMQaYDixG50MrsveHfTivJQ3YESQbLkS+ThpE6ZWbGrp+Dx+thM3SpwJBRVISrdydjjRKNLD9zlpyBLMpT0vyr9db32LcCAYLc0YKuxm2mFZ7A1yn1X5do8vIJt4WCF6ffqUPLSZ6wcVPEw367JNWsplaisDH/SRafG7NEbCmXPS89cIPQyKBmsmQQZZrIpj9ONM2LKjPUIxQNKrLW2CnE/UwOIXd35UIPKk2NOaguS9Xu6MVeRmQUvF2iQnRIT04TYvq45OYRgBc4A5fHnacllasDZmgXaUZA289zEysTDHcDDu7OQhySoGVkd1rMUxJ2ifmYGINenS3ycLFcnbQh1Q92QIaLAY7E5C3+9terJi3J64urlZz/ABONMR0UpGUevSbeq6D4iy3x5T3C6XDzV5uQL9jUS3+RR210UgYS1xgl3/6GcIWFVZ4C7AHonGuCH3RDSMeseBzVLx2gSmpmboZTIKdBbQF0MyPJNJ8RZcayxhwu7xIh5qGIqLz42E+Vd08ggLRv7n39BB64lj/wq4boduMs6l/9OfVAsR6SVzgkTdaUxSaCE70Ct3vMd7f8IQD7LK4Xj7vCjsCDg+0t5rGDHHgYWDSNvMgM2DAOgCz9Y8xioE+90j6wGaI7Fs9yiTCMSlJ7GJEiGxpaa9kBV3verGwL8wQx+ZfElwei7E9ChHv/eIFewKinDWkZ/vJKJAcjvjiXV5aj8wXEcDsxXsETB+2XVmyrbJb1fv5GNrjLmaM/Ww7jyl07sovYu4921LT4snR4ZD0pw446BVolYQ7kGj7ujhMDuh2YlEo2hTyj7pR50xqKw4ZRKihL2MYNIEFiNNbDYoswDDMPWhAvhDZJUeh9kInhDw+bwXy2PKUXsAIHs9V80gjlXurjQzkWaKRGVg0xpqHT5a9zNimc/xianl3nGvN36cLqhadkwkqTFGrpFiOoBS97SlvwSOlgQbbS0q0bkpG7qeUna7ybMROvCi2dNGUiplJtXXqfFjyzjmrUM7pcP14IukhaPHru/uXTD+Y7qjUHMsDR5B8SamsHy1nbANPczMrn57+CWcY+/PdWHAzqBOgHLfMWlr6axCpSbsrED3vRAXMnYdkMU74fftYGkDiCHoGrbtiLU/4F4RnhYeGBKXf4DUVw7/6u0mHpRVNaDxMD5fTVpCsJP2bAG38/Yn0Un8QD14Pjl8ELgEu8z8avvZdcJO9jfR8l0QHYpXHDXRri8qQln2ZOD8ZT2G3XQOSok6mi2v3xfC/WBul0Y9PxOMwvp3yLrR3FTFcLXcRZ+muEwE/GFEsdCH6+NhEXAjw== X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1d22f9f6-7d03-4f20-e0a4-08dab5bb34f7 X-MS-Exchange-CrossTenant-AuthSource: PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Oct 2022 12:28:07.9612 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: gYiBBbYoZvUY1o3hWnQexKALjFlLHFxbFdvcppOONxW6oTS26C1ceVL6MstsAtiwyvy3y99B/gLTCqM6ZFzdF3lUJGHo1U1yaXgujIiLt5c= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR10MB3565 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 24 Oct 2022 12:28:17 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/9807 From: Sven Schultschik Optee is part of u-boot In the secureboot scenario to use optee and RPMB as secure storage. Signed-off-by: Sven Schultschik --- recipes-bsp/u-boot/files/secure-boot.cfg.tmpl | 7 +++++++ recipes-bsp/u-boot/u-boot-qemu-common.inc | 2 ++ 2 files changed, 9 insertions(+) diff --git a/recipes-bsp/u-boot/files/secure-boot.cfg.tmpl b/recipes-bsp/u-boot/files/secure-boot.cfg.tmpl index 956dcbfed..8e6428238 100644 --- a/recipes-bsp/u-boot/files/secure-boot.cfg.tmpl +++ b/recipes-bsp/u-boot/files/secure-boot.cfg.tmpl @@ -4,3 +4,10 @@ CONFIG_USE_BOOTCOMMAND=y CONFIG_BOOTCOMMAND="setenv scan_dev_for_boot 'if test -e ${devtype} ${devnum}:${distro_bootpart} efi/boot/boot${EFI_ARCH}.efi; then load ${devtype} ${devnum}:${distro_bootpart} ${kernel_addr_r} efi/boot/boot${EFI_ARCH}.efi; bootefi ${kernel_addr_r} ${fdtcontroladdr}; fi'; run distro_bootcmd; echo 'EFI Boot failed!'; sleep 1000; reset" CONFIG_EFI_VARIABLES_PRESEED=y CONFIG_EFI_SECURE_BOOT=y +### OPTEE config +CONFIG_CMD_OPTEE_RPMB=y +CONFIG_MMC=y +CONFIG_SUPPORT_EMMC_RPMB=y +CONFIG_TEE=y +CONFIG_OPTEE=y +CONFIG_EFI_MM_COMM_TEE=y diff --git a/recipes-bsp/u-boot/u-boot-qemu-common.inc b/recipes-bsp/u-boot/u-boot-qemu-common.inc index 0a9a15a0f..802fc5056 100644 --- a/recipes-bsp/u-boot/u-boot-qemu-common.inc +++ b/recipes-bsp/u-boot/u-boot-qemu-common.inc @@ -13,6 +13,8 @@ require recipes-bsp/u-boot/u-boot-common.inc U_BOOT_BIN = "u-boot.bin" +DEPENDS_append_secureboot = " optee-os-${MACHINE}" + do_deploy[dirs] = "${DEPLOY_DIR_IMAGE}" do_deploy() { dpkg --fsys-tarfile "${WORKDIR}/u-boot-${MACHINE}_${PV}_${DISTRO_ARCH}.deb" | \ From patchwork Mon Oct 24 12:27:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Schultschik, Sven" X-Patchwork-Id: 13017529 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A67A9ECAAA1 for ; Mon, 24 Oct 2022 12:28:27 +0000 (UTC) Received: from EUR05-VI1-obe.outbound.protection.outlook.com (EUR05-VI1-obe.outbound.protection.outlook.com [40.107.21.53]) by mx.groups.io with SMTP id smtpd.web09.18499.1666614502578179391 for ; Mon, 24 Oct 2022 05:28:23 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@siemens.com header.s=selector2 header.b=eHteVKsa; spf=pass (domain: siemens.com, ip: 40.107.21.53, mailfrom: sven.schultschik@siemens.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RNdwWnCCtVkpVWahbfAf63lZpQzy8GkfL2LyMrZr7S9bfUmJKr5DC3ksaZHlmu8rxgPYzLY2uD4He19rGQEKcf3GSBMVPyp2U9pIk1zsXorFm3t5V846E5N0gk/exGe5eifkaDH3E/GPyIh582PK6/zl6FAGbZFuWZi2y4oN5BttGxJJY6vdMPq1ys/geWVJrzqs1QLD6D2tWvQwPGEm3GZe+lvmh61fXSxYm/HvkU4Lh+UPU+n3ZzlG/RcASWmkuWOuefNEI9hBR1j/webA0IiRRBYDzaBplT9LBxmidQFLAQJyLn9IcwBVpwtZq1p0ZofeTkdiV9qJkf8MMPsyzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RbdMjHbTeX8GEi5uR5eGaWHQsP9OdfHyy0u8Dl06S2I=; b=Q2/uVwGS7nmRFod34RKN6DJRAj1GJ7u3txqaCzRgl4gZ7KLk3e2XPuaxwlc2DwUpZeg/qh+HG1IO0G9V+vQDfvoFYKRY8cRkn45bQnb5WTZ9AhtZuwoPer3FSXl7NnLNv2XrQjCFjoylAtqk+mkIw5iEV60B1e140JfBANA6uScPb7P4oY1ke60ZugysmAr7QQy7pr3bVFBblbY5OL+DBgaTIEDYaW+AkSeWn23l+8AWRx4FBSbd5/uGGxQ0xi/aFrdAg5yI4aJn6ionp6LtogTQVWVAm/KKqTryw7Jbj7wrsv30Qa8ZJRL5viWSxK95PbspY+LQn9gBZV6CTcQ83Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RbdMjHbTeX8GEi5uR5eGaWHQsP9OdfHyy0u8Dl06S2I=; b=eHteVKsasS9GJGV7Hqd3Okcw9vq6mYYYJPU9PRDQSafnOhNU/msbdZX+fENme2Ae4pdKVy4ruwPki6SAt2nVuXw5V9czQ7nkndaQZnySBjhr4ASBcC2+w59rPIvsNcDSG4kbkSJF+6FreCfK43GzwIa+/ppfL9WXbJdaAWVZ/h+G6AKvN5H38zC8EzRE/D6/9ZsYnWxz2W0h/X2CJYLeR9/op4Mni8nPJJv0Df++y5G1wKI41Wq+gq0ne39S77wvDeeVKDwTS5XrMHodBTjUcY+r0rQGUa/lmaz8FzlxsWGTED93PIQGon4rMkTKBcQQnVnWiVdf347Saf4db6oFiw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:210::11) by VI1PR10MB3565.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:800:138::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.26; Mon, 24 Oct 2022 12:28:18 +0000 Received: from PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM ([fe80::8f3:9a82:c9ed:6a3f]) by PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM ([fe80::8f3:9a82:c9ed:6a3f%8]) with mapi id 15.20.5746.026; Mon, 24 Oct 2022 12:28:18 +0000 From: sven.schultschik@siemens.com To: cip-dev@lists.cip-project.org CC: jan.kiszka@siemens.com, Sven Schultschik Subject: [isar-cip-core][PATCH 4/8] add u-boot patch for qemu to support RPMB Date: Mon, 24 Oct 2022 14:27:21 +0200 Message-ID: <20221024122725.383791-5-sven.schultschik@siemens.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20221024122725.383791-1-sven.schultschik@siemens.com> References: <20221024122725.383791-1-sven.schultschik@siemens.com> X-ClientProxiedBy: AM5PR1001CA0001.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:206:2::14) To PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:210::11) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PAXPR10MB5037:EE_|VI1PR10MB3565:EE_ X-MS-Office365-Filtering-Correlation-Id: 2ab70963-0e43-47a1-20a3-08dab5bb3b17 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 26JRp4FCubxwL1mxvY0Vsnfyd06trNP/t39jcepH5KGKOKio6MUMPrNtnOY3fl8Ke4RtgAqfey4LoMeSPuJlyuHOCRQr2erjxVlUFHtLv191C3ETD+IxqdR7fun9RUIN4R+M1iM1EC42387yo0mLcClq3+6G9eZ/g+nMXJg12bwiqG130QARvGf7m1l/4QnujpzQcTdUgHjRai8jlHBc8fY8ZNcTRKmrUjE065guvJ/SHRVweg4uItInLW4B+lfFD7FbjfKbBaxsV/57UEOBwKLedDSv3xJprGiX5UV+toViuy0UZwGVy0EBngx8XhQPogdZIWwLPgnrPT9T0z7i5A64UDxI7OinG1ncUZlBidKi9qdGXQy9/kEpvjNsAk7/gGGpIfnoW0msgUeDy+x0RUx8t6jEcXJzWIL5ZXKwK8dZes6dG/grF/uvfpWFmEk3cNDggYeV8/mKRuM77DZWMdHjOky1uI/vuzeXZ3GXVP6+KgD61cpvGg+WnpkyWRryQBPY7wzpYnOcNYPPXvU1Nr1rpM8bSECT8KnJkT65P414R6jsc0aqPBpMY2+S6IdHYQnTd8xsBaTjld3kTSmGW1lv4UKD0Pg6DNwhjkk/jbQgBOGrVxowYce4SRHu8mAncM8mwV7dzG1exu+Hjyyeefeoe1VJFHyd+w0SlYrHax9+o9Nn20g8mbTLU7o9E0qakxLD1Mie/CIIIahG40TNOw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(39860400002)(346002)(136003)(366004)(396003)(451199015)(30864003)(9686003)(6916009)(36756003)(4326008)(2906002)(5660300002)(8676002)(66556008)(66946007)(41300700001)(66476007)(86362001)(6512007)(316002)(8936002)(26005)(6506007)(83380400001)(186003)(2616005)(82960400001)(1076003)(38100700002)(107886003)(6486002)(478600001)(6666004)(579004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: x/WHaizI6R8zExmWvOTMVadM7TQY8nzHj4ephAQgiJ6RLyuS1V5tapn7X2UjjcuvlyLv0lqFQ2D0k6m8tqpzOWZmh2PBKGwMXWEJCNRMVl6ALPAFIxAWubqsmWm7Kog8yNBesY1sHVdHVu+0w2s0sfHck2uTyPHBXzPJeacV2595NeJy92x0fyCufsaroaTGsdAh6WbQ+6DpkSwGXVUx4y+AQGw0kFgTPJFz+X6EGO13lf5qZmDi8wt4W5SvCkfzn1NCHe6RnwepmyAX6IQWvwvNK8XUiDQ+MkbdHo3BmlULW170tBZBYtvk410zPN/vYCqe+adAMl28k5fXwKbEuSlgCT+4Ay0mD0R5DdRYEqTkng3Qj8cxni/1P+BwhRqayDmDcxy9DgsEe+uqXWYs65uN63iPlHKi5HFTwS0LJ4xtT/Xy8VDStK/CBLS+ieDG/Ebd7OGWqQolDwSLNcODj8670+ZzG4Vy3rWuH0dMEfSU1SegR8rTVJiFANkZ5V4bsRa0nxgGju5kGkAjgAYenb19V5wOq/rbiESci1bI0iELL4/LnfD8dMptoKHfXuiik3fIBLqk5yZUYjIqaSFxqDC7N+x5n5LcY7Jse2GB3isGwOQx4G+7/h6rChuMgFvvQtNfuF1BJi5vRakDGLaJi3/ll4/R00h22sEQq46XHF/LahOT84T38mmi8yTzNn57DsN0YfCUucbXa/2ZhNMGfXjHTmgzRBlVCWdb842NtjHHgm/7NqfXbyDkWOCqzU+8MLQsq2Z78sVSkhPiXlZom+I/DNm25BOdiIUhgmIJid9ABgpgsJMsTkND6AhiBuwGGI6qKM9TyqKC4tzLQTD1cIHqW6K2LuMt0MopjeWB8ndqb2TnViXe9A0bvOY/qUXvLF+oov7dbU8h87LKS/6BL0pC80pnQ4S7rG95pm9KWA2E5Tf5uNSpscqYlCe6bOqMCr21dCaEoNITVmA43Tm7+D4A4lQYjyq80S3cSOYNhrKwM7n2eVChizSAvbyfnW57vk1Sn3QYmit06/rLb2HcQBRzx320lV1SYlUeqFGrcriPCgo4r40RVNLSsO/5hXHF43HqQeVlbSev5ZLZVY90o6aaZwpiv4X/VOyr+Iu8uft1VAUNedOJyGbe+PhbPoCRhuKdADLnlkVw4j/dASWd1cJMRqm4SHhT0A3IM6Bd89jlL12jSOwMzDgYH4xogRg/eHCvY8psSfk/wZmykkmHnPfQo8rd18TvpQOAUcXF0J5fo2H1qHlBSHHH9O9pcjkPeFGp7D/4ON8JBx0gGN8TX2EuvBfGophpxtwgYx/30LW7bSNC+8r8ygvFZdiqhpSzqhHkfB5e5xzg+8UacJDdIsABHZjuRq4Jz98KIUNsXhZOp8OIEo7ywglJPsZEwBfKElw/uZ8HcTQfOS9lHyab3mxyUksyPOd0ReqvJn+Im3FsbROa5m9xyucD0DlsR7nwIfvoKsnROA3yVFs8dOi/CWYa4i4ZZio+OyC50ufYMM7XVuFINT9BKgvr9lwPR8Gu29tFrZF5tIePzHQimFUxV8EuS4MPjbFCQ/me/WkL09xk3BJxD1pTjOwvahztiyZkLRn2okZAnzxVpVPt+OC+Iw== X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2ab70963-0e43-47a1-20a3-08dab5bb3b17 X-MS-Exchange-CrossTenant-AuthSource: PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Oct 2022 12:28:18.4055 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wCKlHIrktKlxEnXzUP53Jy6it2wIcu1kf4JFtUk5G5yM/Ig5MXWEf7mb3AjbAIuIpj5OWRcJq8Hx+GBaF3Cpq4F5H2E9/yj4TOZD0RNItdM= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR10MB3565 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 24 Oct 2022 12:28:27 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/9808 From: Sven Schultschik Qemu itself is missing a implemented emulation of an RPBM (replay protected memory) which is part of an emmc. Therefore currently a u-boot patch, which adds a RPMB emulation, is needed which breaks the u-boot hardware support. The patch is only included into the qemu u-boot recipes and can be removed if there is an official qemu rpmb emulation, which currently does not have any ETA. Signed-off-by: Sven Schultschik --- ...hack.-Breaks-proper-hardware-support.patch | 1375 +++++++++++++++++ recipes-bsp/u-boot/u-boot-qemu-common.inc | 3 + 2 files changed, 1378 insertions(+) create mode 100644 recipes-bsp/u-boot/files/0002-rpmb-emulation-hack.-Breaks-proper-hardware-support.patch diff --git a/recipes-bsp/u-boot/files/0002-rpmb-emulation-hack.-Breaks-proper-hardware-support.patch b/recipes-bsp/u-boot/files/0002-rpmb-emulation-hack.-Breaks-proper-hardware-support.patch new file mode 100644 index 000000000..26266b549 --- /dev/null +++ b/recipes-bsp/u-boot/files/0002-rpmb-emulation-hack.-Breaks-proper-hardware-support.patch @@ -0,0 +1,1375 @@ +From a4179f663673dbfa48f79761acc3ff781ee9b2b8 Mon Sep 17 00:00:00 2001 +From: Ilias Apalodimas +Date: Thu, 12 Nov 2020 09:44:54 +0200 +Subject: [PATCH] irpmb patch hack + +Signed-off-by: Ilias Apalodimas +--- + arch/arm/include/asm/gpio.h | 3 +- + arch/arm/include/asm/ioctl.h | 1 + + configs/qemu_tfa_mm_defconfig | 53 ++++ + drivers/tee/optee/Makefile | 1 + + drivers/tee/optee/hmac_sha2.c | 126 ++++++++ + drivers/tee/optee/hmac_sha2.h | 74 +++++ + drivers/tee/optee/rpmb.c | 27 +- + drivers/tee/optee/rpmb.h | 1 + + drivers/tee/optee/rpmb_emu.c | 563 ++++++++++++++++++++++++++++++++++ + drivers/tee/optee/rpmb_emu.h | 141 +++++++++ + drivers/tee/optee/sha2.c | 249 +++++++++++++++ + drivers/tee/optee/sha2.h | 75 +++++ + 12 files changed, 1292 insertions(+), 22 deletions(-) + create mode 100644 arch/arm/include/asm/ioctl.h + create mode 100644 configs/qemu_tfa_mm_defconfig + create mode 100644 drivers/tee/optee/hmac_sha2.c + create mode 100644 drivers/tee/optee/hmac_sha2.h + create mode 100644 drivers/tee/optee/rpmb.h + create mode 100644 drivers/tee/optee/rpmb_emu.c + create mode 100644 drivers/tee/optee/rpmb_emu.h + create mode 100644 drivers/tee/optee/sha2.c + create mode 100644 drivers/tee/optee/sha2.h + +diff --git a/arch/arm/include/asm/ioctl.h b/arch/arm/include/asm/ioctl.h +new file mode 100644 +index 000000000000..b279fe06dfe5 +--- /dev/null ++++ b/arch/arm/include/asm/ioctl.h +@@ -0,0 +1 @@ ++#include +diff --git a/drivers/tee/optee/Makefile b/drivers/tee/optee/Makefile +index 928d3f80027f..28108536d231 100644 +--- a/drivers/tee/optee/Makefile ++++ b/drivers/tee/optee/Makefile +@@ -3,3 +3,4 @@ + obj-y += core.o + obj-y += supplicant.o + obj-$(CONFIG_SUPPORT_EMMC_RPMB) += rpmb.o ++obj-y += sha2.o hmac_sha2.o rpmb_emu.o rpmb.o +diff --git a/drivers/tee/optee/hmac_sha2.c b/drivers/tee/optee/hmac_sha2.c +new file mode 100644 +index 000000000000..61b24b128f1d +--- /dev/null ++++ b/drivers/tee/optee/hmac_sha2.c +@@ -0,0 +1,126 @@ ++/* ++ * HMAC-SHA-224/256/384/512 implementation ++ * Last update: 06/15/2005 ++ * Issue date: 06/15/2005 ++ * ++ * Copyright (C) 2005 Olivier Gay ++ * All rights reserved. ++ * ++ * Copyright (c) 2016, Linaro Limited ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. Neither the name of the project nor the names of its contributors ++ * may be used to endorse or promote products derived from this software ++ * without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ */ ++ ++#include ++ ++#include "hmac_sha2.h" ++ ++/* HMAC-SHA-256 functions */ ++ ++void hmac_sha256_init(hmac_sha256_ctx *ctx, const unsigned char *key, ++ unsigned int key_size) ++{ ++ unsigned int fill = 0; ++ unsigned int num = 0; ++ const unsigned char *key_used = NULL; ++ unsigned char key_temp[SHA256_DIGEST_SIZE] = { 0 }; ++ int i = 0; ++ ++ if (key_size == SHA256_BLOCK_SIZE) { ++ key_used = key; ++ num = SHA256_BLOCK_SIZE; ++ } else { ++ if (key_size > SHA256_BLOCK_SIZE){ ++ num = SHA256_DIGEST_SIZE; ++ sha256(key, key_size, key_temp); ++ key_used = key_temp; ++ } else { /* key_size > SHA256_BLOCK_SIZE */ ++ key_used = key; ++ num = key_size; ++ } ++ fill = SHA256_BLOCK_SIZE - num; ++ ++ memset(ctx->block_ipad + num, 0x36, fill); ++ memset(ctx->block_opad + num, 0x5c, fill); ++ } ++ ++ for (i = 0; i < (int) num; i++) { ++ ctx->block_ipad[i] = key_used[i] ^ 0x36; ++ ctx->block_opad[i] = key_used[i] ^ 0x5c; ++ } ++ ++ sha256_init(&ctx->ctx_inside); ++ sha256_update_tee(&ctx->ctx_inside, ctx->block_ipad, SHA256_BLOCK_SIZE); ++ ++ sha256_init(&ctx->ctx_outside); ++ sha256_update_tee(&ctx->ctx_outside, ctx->block_opad, ++ SHA256_BLOCK_SIZE); ++ ++ /* for hmac_reinit */ ++ memcpy(&ctx->ctx_inside_reinit, &ctx->ctx_inside, ++ sizeof(sha256_ctx)); ++ memcpy(&ctx->ctx_outside_reinit, &ctx->ctx_outside, ++ sizeof(sha256_ctx)); ++} ++ ++void hmac_sha256_reinit(hmac_sha256_ctx *ctx) ++{ ++ memcpy(&ctx->ctx_inside, &ctx->ctx_inside_reinit, ++ sizeof(sha256_ctx)); ++ memcpy(&ctx->ctx_outside, &ctx->ctx_outside_reinit, ++ sizeof(sha256_ctx)); ++} ++ ++void hmac_sha256_update(hmac_sha256_ctx *ctx, const unsigned char *message, ++ unsigned int message_len) ++{ ++ sha256_update_tee(&ctx->ctx_inside, message, message_len); ++} ++ ++void hmac_sha256_final(hmac_sha256_ctx *ctx, unsigned char *mac, ++ unsigned int mac_size) ++{ ++ unsigned char digest_inside[SHA256_DIGEST_SIZE] = { 0 }; ++ unsigned char mac_temp[SHA256_DIGEST_SIZE] = { 0 }; ++ ++ sha256_final(&ctx->ctx_inside, digest_inside); ++ sha256_update_tee(&ctx->ctx_outside, digest_inside, SHA256_DIGEST_SIZE); ++ sha256_final(&ctx->ctx_outside, mac_temp); ++ memcpy(mac, mac_temp, mac_size); ++} ++ ++void hmac_sha256(const unsigned char *key, unsigned int key_size, ++ const unsigned char *message, unsigned int message_len, ++ unsigned char *mac, unsigned mac_size) ++{ ++ hmac_sha256_ctx ctx; ++ ++ memset(&ctx, 0, sizeof(ctx)); ++ ++ hmac_sha256_init(&ctx, key, key_size); ++ hmac_sha256_update(&ctx, message, message_len); ++ hmac_sha256_final(&ctx, mac, mac_size); ++} +diff --git a/drivers/tee/optee/hmac_sha2.h b/drivers/tee/optee/hmac_sha2.h +new file mode 100644 +index 000000000000..1044524d75c5 +--- /dev/null ++++ b/drivers/tee/optee/hmac_sha2.h +@@ -0,0 +1,74 @@ ++/* ++ * HMAC-SHA-224/256/384/512 implementation ++ * Last update: 06/15/2005 ++ * Issue date: 06/15/2005 ++ * ++ * Copyright (C) 2005 Olivier Gay ++ * All rights reserved. ++ * ++ * Copyright (c) 2016, Linaro Limited ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. Neither the name of the project nor the names of its contributors ++ * may be used to endorse or promote products derived from this software ++ * without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ */ ++ ++#ifndef HMAC_SHA2_H ++#define HMAC_SHA2_H ++ ++#include "sha2.h" ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++typedef struct { ++ sha256_ctx ctx_inside; ++ sha256_ctx ctx_outside; ++ ++ /* for hmac_reinit */ ++ sha256_ctx ctx_inside_reinit; ++ sha256_ctx ctx_outside_reinit; ++ ++ unsigned char block_ipad[SHA256_BLOCK_SIZE]; ++ unsigned char block_opad[SHA256_BLOCK_SIZE]; ++} hmac_sha256_ctx; ++ ++void hmac_sha256_init(hmac_sha256_ctx *ctx, const unsigned char *key, ++ unsigned int key_size); ++void hmac_sha256_reinit(hmac_sha256_ctx *ctx); ++void hmac_sha256_update(hmac_sha256_ctx *ctx, const unsigned char *message, ++ unsigned int message_len); ++void hmac_sha256_final(hmac_sha256_ctx *ctx, unsigned char *mac, ++ unsigned int mac_size); ++void hmac_sha256(const unsigned char *key, unsigned int key_size, ++ const unsigned char *message, unsigned int message_len, ++ unsigned char *mac, unsigned mac_size); ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* !HMAC_SHA2_H */ ++ +diff --git a/drivers/tee/optee/rpmb.c b/drivers/tee/optee/rpmb.c +index 0804fc963cf5..275f2112f102 100644 +--- a/drivers/tee/optee/rpmb.c ++++ b/drivers/tee/optee/rpmb.c +@@ -12,35 +12,15 @@ + + #include "optee_msg.h" + #include "optee_private.h" ++#include "rpmb_emu.h" + + /* + * Request and response definitions must be in sync with the secure side of + * OP-TEE. + */ + +-/* Request */ +-struct rpmb_req { +- u16 cmd; +-#define RPMB_CMD_DATA_REQ 0x00 +-#define RPMB_CMD_GET_DEV_INFO 0x01 +- u16 dev_id; +- u16 block_count; +- /* Optional data frames (rpmb_data_frame) follow */ +-}; +- + #define RPMB_REQ_DATA(req) ((void *)((struct rpmb_req *)(req) + 1)) + +-/* Response to device info request */ +-struct rpmb_dev_info { +- u8 cid[16]; +- u8 rpmb_size_mult; /* EXT CSD-slice 168: RPMB Size */ +- u8 rel_wr_sec_c; /* EXT CSD-slice 222: Reliable Write Sector */ +- /* Count */ +- u8 ret_code; +-#define RPMB_CMD_GET_DEV_INFO_RET_OK 0x00 +-#define RPMB_CMD_GET_DEV_INFO_RET_ERROR 0x01 +-}; +- + static void release_mmc(struct optee_private *priv) + { + int rc; +@@ -175,8 +155,13 @@ void optee_suppl_cmd_rpmb(struct udevice *dev, struct optee_msg_arg *arg) + rsp_buf = (u8 *)rsp_shm->addr + arg->params[1].u.rmem.offs; + rsp_size = arg->params[1].u.rmem.size; + ++#ifdef EMU + arg->ret = rpmb_process_request(dev_get_priv(dev), req_buf, req_size, + rsp_buf, rsp_size); ++#else ++ arg->ret = rpmb_process_request_emu(req_buf, req_size, rsp_buf, ++ rsp_size); ++#endif + } + + void optee_suppl_rpmb_release(struct udevice *dev) +diff --git a/drivers/tee/optee/rpmb.h b/drivers/tee/optee/rpmb.h +new file mode 100644 +index 000000000000..8b137891791f +--- /dev/null ++++ b/drivers/tee/optee/rpmb.h +@@ -0,0 +1 @@ ++ +diff --git a/drivers/tee/optee/rpmb_emu.c b/drivers/tee/optee/rpmb_emu.c +new file mode 100644 +index 000000000000..629f36ee6b29 +--- /dev/null ++++ b/drivers/tee/optee/rpmb_emu.c +@@ -0,0 +1,563 @@ ++// SPDX-License-Identifier: BSD-2-Clause ++/* ++ * Copyright (c) 2020 Linaro Limited ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include "optee_msg.h" ++#include "optee_private.h" ++#include "sha2.h" ++#include "hmac_sha2.h" ++#include "rpmb_emu.h" ++ ++static struct rpmb_emu rpmb_emu = { ++ .size = EMU_RPMB_SIZE_BYTES ++}; ++ ++static struct rpmb_emu *mem_for_fd(int fd) ++{ ++ static int sfd = -1; ++ ++ if (sfd == -1) ++ sfd = fd; ++ if (sfd != fd) { ++ printf("Emulating more than 1 RPMB partition is not supported\n"); ++ return NULL; ++ } ++ ++ return &rpmb_emu; ++} ++ ++#if (DEBUGLEVEL >= TRACE_FLOW) ++static void dump_blocks(size_t startblk, size_t numblk, uint8_t *ptr, ++ bool to_mmc) ++{ ++ char msg[100] = { 0 }; ++ size_t i = 0; ++ ++ for (i = 0; i < numblk; i++) { ++ snprintf(msg, sizeof(msg), "%s MMC block %zu", ++ to_mmc ? "Write" : "Read", startblk + i); ++ //print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, ptr, 256); ++ ptr += 256; ++ } ++} ++#else ++static void dump_blocks(size_t startblk, size_t numblk, uint8_t *ptr, ++ bool to_mmc) ++{ ++ (void)startblk; ++ (void)numblk; ++ (void)ptr; ++ (void)to_mmc; ++} ++#endif ++ ++#define CUC(x) ((const unsigned char *)(x)) ++static void hmac_update_frm(hmac_sha256_ctx *ctx, struct rpmb_data_frame *frm) ++{ ++ hmac_sha256_update(ctx, CUC(frm->data), 256); ++ hmac_sha256_update(ctx, CUC(frm->nonce), 16); ++ hmac_sha256_update(ctx, CUC(&frm->write_counter), 4); ++ hmac_sha256_update(ctx, CUC(&frm->address), 2); ++ hmac_sha256_update(ctx, CUC(&frm->block_count), 2); ++ hmac_sha256_update(ctx, CUC(&frm->op_result), 2); ++ hmac_sha256_update(ctx, CUC(&frm->msg_type), 2); ++} ++ ++static bool is_hmac_valid(struct rpmb_emu *mem, struct rpmb_data_frame *frm, ++ size_t nfrm) ++{ ++ uint8_t mac[32] = { 0 }; ++ size_t i = 0; ++ hmac_sha256_ctx ctx; ++ ++ memset(&ctx, 0, sizeof(ctx)); ++ ++ if (!mem->key_set) { ++ printf("Cannot check MAC (key not set)\n"); ++ return false; ++ } ++ ++ hmac_sha256_init(&ctx, mem->key, sizeof(mem->key)); ++ for (i = 0; i < nfrm; i++, frm++) ++ hmac_update_frm(&ctx, frm); ++ frm--; ++ hmac_sha256_final(&ctx, mac, 32); ++ ++ if (memcmp(mac, frm->key_mac, 32)) { ++ printf("Invalid MAC\n"); ++ return false; ++ } ++ return true; ++} ++ ++static uint16_t gen_msb1st_result(uint8_t byte) ++{ ++ return (uint16_t)byte << 8; ++} ++ ++static uint16_t compute_hmac(struct rpmb_emu *mem, struct rpmb_data_frame *frm, ++ size_t nfrm) ++{ ++ size_t i = 0; ++ hmac_sha256_ctx ctx; ++ ++ memset(&ctx, 0, sizeof(ctx)); ++ ++ if (!mem->key_set) { ++ printf("Cannot compute MAC (key not set)\n"); ++ return gen_msb1st_result(RPMB_RESULT_AUTH_KEY_NOT_PROGRAMMED); ++ } ++ ++ hmac_sha256_init(&ctx, mem->key, sizeof(mem->key)); ++ for (i = 0; i < nfrm; i++, frm++) ++ hmac_update_frm(&ctx, frm); ++ frm--; ++ hmac_sha256_final(&ctx, frm->key_mac, 32); ++ ++ return gen_msb1st_result(RPMB_RESULT_OK); ++} ++ ++static uint16_t ioctl_emu_mem_transfer(struct rpmb_emu *mem, ++ struct rpmb_data_frame *frm, ++ size_t nfrm, int to_mmc) ++{ ++ size_t start = mem->last_op.address * 256; ++ size_t size = nfrm * 256; ++ size_t i = 0; ++ uint8_t *memptr = NULL; ++ ++ if (start > mem->size || start + size > mem->size) { ++ printf("Transfer bounds exceeed emulated memory\n"); ++ return gen_msb1st_result(RPMB_RESULT_ADDRESS_FAILURE); ++ } ++ if (to_mmc && !is_hmac_valid(mem, frm, nfrm)) ++ return gen_msb1st_result(RPMB_RESULT_AUTH_FAILURE); ++ ++ //printf("Transferring %zu 256-byte data block%s %s MMC (block offset=%zu)", ++ //nfrm, (nfrm > 1) ? "s" : "", to_mmc ? "to" : "from", start / 256); ++ for (i = 0; i < nfrm; i++) { ++ memptr = mem->buf + start + i * 256; ++ if (to_mmc) { ++ memcpy(memptr, frm[i].data, 256); ++ mem->write_counter++; ++ frm[i].write_counter = htonl(mem->write_counter); ++ frm[i].msg_type = ++ htons(RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE); ++ } else { ++ memcpy(frm[i].data, memptr, 256); ++ frm[i].msg_type = ++ htons(RPMB_MSG_TYPE_RESP_AUTH_DATA_READ); ++ frm[i].address = htons(mem->last_op.address); ++ frm[i].block_count = nfrm; ++ memcpy(frm[i].nonce, mem->nonce, 16); ++ } ++ frm[i].op_result = gen_msb1st_result(RPMB_RESULT_OK); ++ } ++ dump_blocks(mem->last_op.address, nfrm, mem->buf + start, to_mmc); ++ ++ if (!to_mmc) ++ compute_hmac(mem, frm, nfrm); ++ ++ return gen_msb1st_result(RPMB_RESULT_OK); ++} ++ ++static void ioctl_emu_get_write_result(struct rpmb_emu *mem, ++ struct rpmb_data_frame *frm) ++{ ++ frm->msg_type = htons(RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE); ++ frm->op_result = mem->last_op.op_result; ++ frm->address = htons(mem->last_op.address); ++ frm->write_counter = htonl(mem->write_counter); ++ compute_hmac(mem, frm, 1); ++} ++ ++static uint16_t ioctl_emu_setkey(struct rpmb_emu *mem, ++ struct rpmb_data_frame *frm) ++{ ++ if (mem->key_set) { ++ printf("Key already set\n"); ++ return gen_msb1st_result(RPMB_RESULT_GENERAL_FAILURE); ++ } ++ print_hex_dump_bytes("Setting Key:", DUMP_PREFIX_OFFSET, frm->key_mac, ++ 32); ++ memcpy(mem->key, frm->key_mac, 32); ++ mem->key_set = true; ++ ++ return gen_msb1st_result(RPMB_RESULT_OK); ++} ++ ++static void ioctl_emu_get_keyprog_result(struct rpmb_emu *mem, ++ struct rpmb_data_frame *frm) ++{ ++ frm->msg_type = ++ htons(RPMB_MSG_TYPE_RESP_AUTH_KEY_PROGRAM); ++ frm->op_result = mem->last_op.op_result; ++} ++ ++static void ioctl_emu_read_ctr(struct rpmb_emu *mem, ++ struct rpmb_data_frame *frm) ++{ ++ printf("Reading counter\n"); ++ frm->msg_type = htons(RPMB_MSG_TYPE_RESP_WRITE_COUNTER_VAL_READ); ++ frm->write_counter = htonl(mem->write_counter); ++ memcpy(frm->nonce, mem->nonce, 16); ++ frm->op_result = compute_hmac(mem, frm, 1); ++} ++ ++static uint32_t read_cid(uint16_t dev_id, uint8_t *cid) ++{ ++ /* Taken from an actual eMMC chip */ ++ static const uint8_t test_cid[] = { ++ /* MID (Manufacturer ID): Micron */ ++ 0xfe, ++ /* CBX (Device/BGA): BGA */ ++ 0x01, ++ /* OID (OEM/Application ID) */ ++ 0x4e, ++ /* PNM (Product name) "MMC04G" */ ++ 0x4d, 0x4d, 0x43, 0x30, 0x34, 0x47, ++ /* PRV (Product revision): 4.2 */ ++ 0x42, ++ /* PSN (Product serial number) */ ++ 0xc8, 0xf6, 0x55, 0x2a, ++ /* ++ * MDT (Manufacturing date): ++ * June, 2014 ++ */ ++ 0x61, ++ /* (CRC7 (0xA) << 1) | 0x1 */ ++ 0x15 ++ }; ++ ++ (void)dev_id; ++ memcpy(cid, test_cid, sizeof(test_cid)); ++ ++ return TEE_SUCCESS; ++} ++ ++static void ioctl_emu_set_ext_csd(uint8_t *ext_csd) ++{ ++ ext_csd[168] = EMU_RPMB_SIZE_MULT; ++ ext_csd[222] = EMU_RPMB_REL_WR_SEC_C; ++} ++ ++/* A crude emulation of the MMC ioctls we need for RPMB */ ++static int ioctl_emu(int fd, unsigned long request, ...) ++{ ++ struct mmc_ioc_cmd *cmd = NULL; ++ struct rpmb_data_frame *frm = NULL; ++ uint16_t msg_type = 0; ++ struct rpmb_emu *mem = mem_for_fd(fd); ++ va_list ap; ++ ++ if (request != MMC_IOC_CMD) { ++ printf("Unsupported ioctl: 0x%lx\n", request); ++ return -1; ++ } ++ if (!mem) ++ return -1; ++ ++ va_start(ap, request); ++ cmd = va_arg(ap, struct mmc_ioc_cmd *); ++ va_end(ap); ++ ++ switch (cmd->opcode) { ++ case MMC_SEND_EXT_CSD: ++ ioctl_emu_set_ext_csd((uint8_t *)(uintptr_t)cmd->data_ptr); ++ break; ++ ++ case MMC_WRITE_MULTIPLE_BLOCK: ++ frm = (struct rpmb_data_frame *)(uintptr_t)cmd->data_ptr; ++ msg_type = ntohs(frm->msg_type); ++ ++ switch (msg_type) { ++ case RPMB_MSG_TYPE_REQ_AUTH_KEY_PROGRAM: ++ mem->last_op.msg_type = msg_type; ++ mem->last_op.op_result = ioctl_emu_setkey(mem, frm); ++ break; ++ ++ case RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE: ++ mem->last_op.msg_type = msg_type; ++ mem->last_op.address = ntohs(frm->address); ++ mem->last_op.op_result = ++ ioctl_emu_mem_transfer(mem, frm, ++ cmd->blocks, 1); ++ break; ++ ++ case RPMB_MSG_TYPE_REQ_WRITE_COUNTER_VAL_READ: ++ case RPMB_MSG_TYPE_REQ_AUTH_DATA_READ: ++ memcpy(mem->nonce, frm->nonce, 16); ++ mem->last_op.msg_type = msg_type; ++ mem->last_op.address = ntohs(frm->address); ++ break; ++ default: ++ break; ++ } ++ break; ++ ++ case MMC_READ_MULTIPLE_BLOCK: ++ frm = (struct rpmb_data_frame *)(uintptr_t)cmd->data_ptr; ++ msg_type = ntohs(frm->msg_type); ++ ++ switch (mem->last_op.msg_type) { ++ case RPMB_MSG_TYPE_REQ_AUTH_KEY_PROGRAM: ++ ioctl_emu_get_keyprog_result(mem, frm); ++ break; ++ ++ case RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE: ++ ioctl_emu_get_write_result(mem, frm); ++ break; ++ ++ case RPMB_MSG_TYPE_REQ_WRITE_COUNTER_VAL_READ: ++ ioctl_emu_read_ctr(mem, frm); ++ break; ++ ++ case RPMB_MSG_TYPE_REQ_AUTH_DATA_READ: ++ ioctl_emu_mem_transfer(mem, frm, cmd->blocks, 0); ++ break; ++ ++ default: ++ printf("Unexpected\n"); ++ break; ++ } ++ break; ++ ++ default: ++ printf("Unsupported ioctl opcode 0x%08x\n", cmd->opcode); ++ return -1; ++ } ++ ++ return 0; ++} ++ ++static int mmc_rpmb_fd(uint16_t dev_id) ++{ ++ (void)dev_id; ++ ++ /* Any value != -1 will do in test mode */ ++ return 0; ++} ++ ++static int mmc_fd(uint16_t dev_id) ++{ ++ (void)dev_id; ++ ++ return 0; ++} ++ ++static void close_mmc_fd(int fd) ++{ ++ (void)fd; ++} ++ ++/* ++ * Extended CSD Register is 512 bytes and defines device properties ++ * and selected modes. ++ */ ++static uint32_t read_ext_csd(int fd, uint8_t *ext_csd) ++{ ++ int st = 0; ++ struct mmc_ioc_cmd cmd = { ++ .blksz = 512, ++ .blocks = 1, ++ .flags = MMC_RSP_R1 | MMC_CMD_ADTC, ++ .opcode = MMC_SEND_EXT_CSD, ++ }; ++ ++ mmc_ioc_cmd_set_data(cmd, ext_csd); ++ ++ st = IOCTL(fd, MMC_IOC_CMD, &cmd); ++ if (st < 0) ++ return TEE_ERROR_GENERIC; ++ ++ return TEE_SUCCESS; ++} ++ ++static uint32_t rpmb_data_req(int fd, struct rpmb_data_frame *req_frm, ++ size_t req_nfrm, struct rpmb_data_frame *rsp_frm, ++ size_t rsp_nfrm) ++{ ++ int st = 0; ++ size_t i = 0; ++ uint16_t msg_type = ntohs(req_frm->msg_type); ++ struct mmc_ioc_cmd cmd = { ++ .blksz = 512, ++ .blocks = req_nfrm, ++ .data_ptr = (uintptr_t)req_frm, ++ .flags = MMC_RSP_R1 | MMC_CMD_ADTC, ++ .opcode = MMC_WRITE_MULTIPLE_BLOCK, ++ .write_flag = 1, ++ }; ++ ++ for (i = 1; i < req_nfrm; i++) { ++ if (req_frm[i].msg_type != msg_type) { ++ printf("All request frames shall be of the same type\n"); ++ return TEE_ERROR_BAD_PARAMETERS; ++ } ++ } ++ ++ //printf("Req: %zu frame(s) of type 0x%04x", req_nfrm, msg_type); ++ //printf("Rsp: %zu frame(s)", rsp_nfrm); ++ ++ switch(msg_type) { ++ case RPMB_MSG_TYPE_REQ_AUTH_KEY_PROGRAM: ++ case RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE: ++ if (rsp_nfrm != 1) { ++ printf("Expected only one response frame\n"); ++ return TEE_ERROR_BAD_PARAMETERS; ++ } ++ ++ /* Send write request frame(s) */ ++ cmd.write_flag |= MMC_CMD23_ARG_REL_WR; ++ /* ++ * Black magic: tested on a HiKey board with a HardKernel eMMC ++ * module. When postsleep values are zero, the kernel logs ++ * random errors: "mmc_blk_ioctl_cmd: Card Status=0x00000E00" ++ * and ioctl() fails. ++ */ ++ cmd.postsleep_min_us = 20000; ++ cmd.postsleep_max_us = 50000; ++ st = IOCTL(fd, MMC_IOC_CMD, &cmd); ++ if (st < 0) ++ return TEE_ERROR_GENERIC; ++ cmd.postsleep_min_us = 0; ++ cmd.postsleep_max_us = 0; ++ ++ /* Send result request frame */ ++ memset(rsp_frm, 0, 1); ++ rsp_frm->msg_type = htons(RPMB_MSG_TYPE_REQ_RESULT_READ); ++ cmd.data_ptr = (uintptr_t)rsp_frm; ++ cmd.write_flag &= ~MMC_CMD23_ARG_REL_WR; ++ st = IOCTL(fd, MMC_IOC_CMD, &cmd); ++ if (st < 0) ++ return TEE_ERROR_GENERIC; ++ ++ /* Read response frame */ ++ cmd.opcode = MMC_READ_MULTIPLE_BLOCK; ++ cmd.write_flag = 0; ++ cmd.blocks = rsp_nfrm; ++ st = IOCTL(fd, MMC_IOC_CMD, &cmd); ++ if (st < 0) ++ return TEE_ERROR_GENERIC; ++ break; ++ ++ case RPMB_MSG_TYPE_REQ_WRITE_COUNTER_VAL_READ: ++ if (rsp_nfrm != 1) { ++ printf("Expected only one response frame\n"); ++ return TEE_ERROR_BAD_PARAMETERS; ++ } ++//#if __GNUC__ > 6 ++ //__attribute__((fallthrough)); ++//#endif ++ ++ case RPMB_MSG_TYPE_REQ_AUTH_DATA_READ: ++ if (req_nfrm != 1) { ++ printf("Expected only one request frame\n"); ++ return TEE_ERROR_BAD_PARAMETERS; ++ } ++ ++ /* Send request frame */ ++ st = IOCTL(fd, MMC_IOC_CMD, &cmd); ++ if (st < 0) ++ return TEE_ERROR_GENERIC; ++ ++ /* Read response frames */ ++ cmd.data_ptr = (uintptr_t)rsp_frm; ++ cmd.opcode = MMC_READ_MULTIPLE_BLOCK; ++ cmd.write_flag = 0; ++ cmd.blocks = rsp_nfrm; ++ st = IOCTL(fd, MMC_IOC_CMD, &cmd); ++ if (st < 0) ++ return TEE_ERROR_GENERIC; ++ break; ++ ++ default: ++ printf("Unsupported message type: %d", msg_type); ++ return TEE_ERROR_GENERIC; ++ } ++ ++ return TEE_SUCCESS; ++} ++ ++static uint32_t rpmb_get_dev_info(uint16_t dev_id, struct rpmb_dev_info *info) ++{ ++ int fd = 0; ++ uint32_t res = 0; ++ uint8_t ext_csd[512] = { 0 }; ++ ++ res = read_cid(dev_id, info->cid); ++ if (res != TEE_SUCCESS) ++ return res; ++ ++ fd = mmc_fd(dev_id); ++ if (fd < 0) ++ return TEE_ERROR_BAD_PARAMETERS; ++ ++ res = read_ext_csd(fd, ext_csd); ++ if (res != TEE_SUCCESS) ++ goto err; ++ ++ info->rel_wr_sec_c = ext_csd[222]; ++ info->rpmb_size_mult = ext_csd[168]; ++ info->ret_code = RPMB_CMD_GET_DEV_INFO_RET_OK; ++ ++err: ++ close_mmc_fd(fd); ++ return res; ++} ++ ++ ++/* ++ * req is one struct rpmb_req followed by one or more struct rpmb_data_frame ++ * rsp is either one struct rpmb_dev_info or one or more struct rpmb_data_frame ++ */ ++uint32_t rpmb_process_request_emu(void *req, size_t req_size, ++ void *rsp, size_t rsp_size) ++{ ++ struct rpmb_req *sreq = req; ++ size_t req_nfrm = 0; ++ size_t rsp_nfrm = 0; ++ uint32_t res = 0; ++ int fd = 0; ++ ++ if (req_size < sizeof(*sreq)) ++ return TEE_ERROR_BAD_PARAMETERS; ++ ++ switch (sreq->cmd) { ++ case RPMB_CMD_DATA_REQ: ++ req_nfrm = (req_size - sizeof(struct rpmb_req)) / 512; ++ rsp_nfrm = rsp_size / 512; ++ fd = mmc_rpmb_fd(sreq->dev_id); ++ if (fd < 0) ++ return TEE_ERROR_BAD_PARAMETERS; ++ res = rpmb_data_req(fd, RPMB_REQ_DATA(req), req_nfrm, rsp, ++ rsp_nfrm); ++ break; ++ ++ case RPMB_CMD_GET_DEV_INFO: ++ if (req_size != sizeof(struct rpmb_req) || ++ rsp_size != sizeof(struct rpmb_dev_info)) { ++ printf("Invalid req/rsp size"); ++ return TEE_ERROR_BAD_PARAMETERS; ++ } ++ res = rpmb_get_dev_info(sreq->dev_id, ++ (struct rpmb_dev_info *)rsp); ++ break; ++ ++ default: ++ printf("Unsupported RPMB command: %d", sreq->cmd); ++ res = TEE_ERROR_BAD_PARAMETERS; ++ break; ++ } ++ ++ return res; ++} +diff --git a/drivers/tee/optee/rpmb_emu.h b/drivers/tee/optee/rpmb_emu.h +new file mode 100644 +index 000000000000..3471eecf63b5 +--- /dev/null ++++ b/drivers/tee/optee/rpmb_emu.h +@@ -0,0 +1,141 @@ ++#include ++ ++/* mmc_ioc_cmd.opcode */ ++#define MMC_SEND_EXT_CSD 8 ++#define MMC_READ_MULTIPLE_BLOCK 18 ++#define MMC_WRITE_MULTIPLE_BLOCK 25 ++ ++#define IOCTL(fd, request, ...) ioctl_emu((fd), (request), ##__VA_ARGS__) ++#define mmc_ioc_cmd_set_data(ic, ptr) ic.data_ptr = (__u64)(unsigned long) ptr ++#define MMC_CMD23_ARG_REL_WR (1 << 31) /* CMD23 reliable write */ ++ ++/* Emulated rel_wr_sec_c value (reliable write size, *256 bytes) */ ++#define EMU_RPMB_REL_WR_SEC_C 1 ++/* Emulated rpmb_size_mult value (RPMB size, *128 kB) */ ++#define EMU_RPMB_SIZE_MULT 2 ++ ++#define EMU_RPMB_SIZE_BYTES (EMU_RPMB_SIZE_MULT * 128 * 1024) ++ ++struct mmc_ioc_cmd { ++ /* Implies direction of data. true = write, false = read */ ++ int write_flag; ++ ++ /* Application-specific command. true = precede with CMD55 */ ++ int is_acmd; ++ ++ uint32_t opcode; ++ uint32_t arg; ++ uint32_t response[4]; /* CMD response */ ++ unsigned int flags; ++ unsigned int blksz; ++ unsigned int blocks; ++ ++ /* ++ * Sleep at least postsleep_min_us useconds, and at most ++ * postsleep_max_us useconds *after* issuing command. Needed for ++ * some read commands for which cards have no other way of indicating ++ * they're ready for the next command (i.e. there is no equivalent of ++ * a "busy" indicator for read operations). ++ */ ++ unsigned int postsleep_min_us; ++ unsigned int postsleep_max_us; ++ ++ /* ++ * Override driver-computed timeouts. Note the difference in units! ++ */ ++ unsigned int data_timeout_ns; ++ unsigned int cmd_timeout_ms; ++ ++ /* ++ * For 64-bit machines, the next member, ``__u64 data_ptr``, wants to ++ * be 8-byte aligned. Make sure this struct is the same size when ++ * built for 32-bit. ++ */ ++ uint32_t __pad; ++ ++ /* DAT buffer */ ++ uint32_t data_ptr; ++}; ++#define MMC_BLOCK_MAJOR 179 ++#define MMC_IOC_CMD _IOWR(MMC_BLOCK_MAJOR, 0, struct mmc_ioc_cmd) ++ ++/* Request */ ++struct rpmb_req { ++ uint16_t cmd; ++#define RPMB_CMD_DATA_REQ 0x00 ++#define RPMB_CMD_GET_DEV_INFO 0x01 ++ uint16_t dev_id; ++ uint16_t block_count; ++ /* Optional data frames (rpmb_data_frame) follow */ ++}; ++#define RPMB_REQ_DATA(req) ((void *)((struct rpmb_req *)(req) + 1)) ++ ++/* Response to device info request */ ++struct rpmb_dev_info { ++ uint8_t cid[16]; ++ uint8_t rpmb_size_mult; /* EXT CSD-slice 168: RPMB Size */ ++ uint8_t rel_wr_sec_c; /* EXT CSD-slice 222: Reliable Write Sector */ ++ /* Count */ ++ uint8_t ret_code; ++#define RPMB_CMD_GET_DEV_INFO_RET_OK 0x00 ++#define RPMB_CMD_GET_DEV_INFO_RET_ERROR 0x01 ++}; ++/* mmc_ioc_cmd.flags */ ++#define MMC_RSP_PRESENT (1 << 0) ++#define MMC_RSP_136 (1 << 1) /* 136 bit response */ ++#define MMC_RSP_CRC (1 << 2) /* Expect valid CRC */ ++#define MMC_RSP_OPCODE (1 << 4) /* Response contains opcode */ ++ ++#define MMC_RSP_R1 (MMC_RSP_PRESENT|MMC_RSP_CRC|MMC_RSP_OPCODE) ++ ++#define MMC_CMD_ADTC (1 << 5) /* Addressed data transfer command */ ++ ++ ++/* Emulated eMMC device state */ ++struct rpmb_emu { ++ uint8_t buf[EMU_RPMB_SIZE_BYTES]; ++ size_t size; ++ uint8_t key[32]; ++ bool key_set; ++ uint8_t nonce[16]; ++ uint32_t write_counter; ++ struct { ++ uint16_t msg_type; ++ uint16_t op_result; ++ uint16_t address; ++ } last_op; ++}; ++ ++/* ++ * This structure is shared with OP-TEE and the MMC ioctl layer. ++ * It is the "data frame for RPMB access" defined by JEDEC, minus the ++ * start and stop bits. ++ */ ++struct rpmb_data_frame { ++ uint8_t stuff_bytes[196]; ++ uint8_t key_mac[32]; ++ uint8_t data[256]; ++ uint8_t nonce[16]; ++ uint32_t write_counter; ++ uint16_t address; ++ uint16_t block_count; ++ uint16_t op_result; ++#define RPMB_RESULT_OK 0x00 ++#define RPMB_RESULT_GENERAL_FAILURE 0x01 ++#define RPMB_RESULT_AUTH_FAILURE 0x02 ++#define RPMB_RESULT_ADDRESS_FAILURE 0x04 ++#define RPMB_RESULT_AUTH_KEY_NOT_PROGRAMMED 0x07 ++ uint16_t msg_type; ++#define RPMB_MSG_TYPE_REQ_AUTH_KEY_PROGRAM 0x0001 ++#define RPMB_MSG_TYPE_REQ_WRITE_COUNTER_VAL_READ 0x0002 ++#define RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE 0x0003 ++#define RPMB_MSG_TYPE_REQ_AUTH_DATA_READ 0x0004 ++#define RPMB_MSG_TYPE_REQ_RESULT_READ 0x0005 ++#define RPMB_MSG_TYPE_RESP_AUTH_KEY_PROGRAM 0x0100 ++#define RPMB_MSG_TYPE_RESP_WRITE_COUNTER_VAL_READ 0x0200 ++#define RPMB_MSG_TYPE_RESP_AUTH_DATA_WRITE 0x0300 ++#define RPMB_MSG_TYPE_RESP_AUTH_DATA_READ 0x0400 ++}; ++ ++uint32_t rpmb_process_request_emu(void *req, size_t req_size, ++ void *rsp, size_t rsp_size); +diff --git a/drivers/tee/optee/sha2.c b/drivers/tee/optee/sha2.c +new file mode 100644 +index 000000000000..a9acd7244947 +--- /dev/null ++++ b/drivers/tee/optee/sha2.c +@@ -0,0 +1,249 @@ ++/* ++ * FIPS 180-2 SHA-224/256/384/512 implementation ++ * Last update: 02/02/2007 ++ * Issue date: 04/30/2005 ++ * ++ * Copyright (C) 2005, 2007 Olivier Gay ++ * All rights reserved. ++ * ++ * Copyright (c) 2016, Linaro Limited ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. Neither the name of the project nor the names of its contributors ++ * may be used to endorse or promote products derived from this software ++ * without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ */ ++ ++#include ++#include "sha2.h" ++ ++#define SHFR(x, n) (x >> n) ++#define ROTR(x, n) ((x >> n) | (x << ((sizeof(x) << 3) - n))) ++#define ROTL(x, n) ((x << n) | (x >> ((sizeof(x) << 3) - n))) ++#define CH(x, y, z) ((x & y) ^ (~x & z)) ++#define MAJ(x, y, z) ((x & y) ^ (x & z) ^ (y & z)) ++ ++#define SHA256_F1(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) ++#define SHA256_F2(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) ++#define SHA256_F3(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHFR(x, 3)) ++#define SHA256_F4(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHFR(x, 10)) ++ ++#define UNPACK32(x, str) \ ++{ \ ++ *((str) + 3) = (uint8) ((x) ); \ ++ *((str) + 2) = (uint8) ((x) >> 8); \ ++ *((str) + 1) = (uint8) ((x) >> 16); \ ++ *((str) + 0) = (uint8) ((x) >> 24); \ ++} ++ ++#define PACK32(str, x) \ ++{ \ ++ *(x) = ((uint32) *((str) + 3) ) \ ++ | ((uint32) *((str) + 2) << 8) \ ++ | ((uint32) *((str) + 1) << 16) \ ++ | ((uint32) *((str) + 0) << 24); \ ++} ++ ++#define UNPACK64(x, str) \ ++{ \ ++ *((str) + 7) = (uint8) ((x) ); \ ++ *((str) + 6) = (uint8) ((x) >> 8); \ ++ *((str) + 5) = (uint8) ((x) >> 16); \ ++ *((str) + 4) = (uint8) ((x) >> 24); \ ++ *((str) + 3) = (uint8) ((x) >> 32); \ ++ *((str) + 2) = (uint8) ((x) >> 40); \ ++ *((str) + 1) = (uint8) ((x) >> 48); \ ++ *((str) + 0) = (uint8) ((x) >> 56); \ ++} ++ ++#define PACK64(str, x) \ ++{ \ ++ *(x) = ((uint64) *((str) + 7) ) \ ++ | ((uint64) *((str) + 6) << 8) \ ++ | ((uint64) *((str) + 5) << 16) \ ++ | ((uint64) *((str) + 4) << 24) \ ++ | ((uint64) *((str) + 3) << 32) \ ++ | ((uint64) *((str) + 2) << 40) \ ++ | ((uint64) *((str) + 1) << 48) \ ++ | ((uint64) *((str) + 0) << 56); \ ++} ++ ++#define SHA256_SCR(i) \ ++{ \ ++ w[i] = SHA256_F4(w[i - 2]) + w[i - 7] \ ++ + SHA256_F3(w[i - 15]) + w[i - 16]; \ ++} ++ ++uint32 sha256_h0[8] = ++ {0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, ++ 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19}; ++ ++uint32 sha256_k[64] = ++ {0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, ++ 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, ++ 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, ++ 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, ++ 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, ++ 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, ++ 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, ++ 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, ++ 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, ++ 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, ++ 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, ++ 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, ++ 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, ++ 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, ++ 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, ++ 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2}; ++ ++/* SHA-256 functions */ ++ ++static void sha256_transf(sha256_ctx *ctx, const unsigned char *message, ++ unsigned int block_nb) ++{ ++ uint32 w[64] = { 0 }; ++ uint32 wv[8] = { 0 }; ++ uint32 t1 = 0; ++ uint32 t2 = 0; ++ const unsigned char *sub_block = NULL; ++ int i = 0; ++ int j = 0; ++ ++ for (i = 0; i < (int) block_nb; i++) { ++ sub_block = message + (i << 6); ++ ++ for (j = 0; j < 16; j++) { ++ PACK32(&sub_block[j << 2], &w[j]); ++ } ++ ++ for (j = 16; j < 64; j++) { ++ SHA256_SCR(j); ++ } ++ ++ for (j = 0; j < 8; j++) { ++ wv[j] = ctx->h[j]; ++ } ++ ++ for (j = 0; j < 64; j++) { ++ t1 = wv[7] + SHA256_F2(wv[4]) + CH(wv[4], wv[5], wv[6]) ++ + sha256_k[j] + w[j]; ++ t2 = SHA256_F1(wv[0]) + MAJ(wv[0], wv[1], wv[2]); ++ wv[7] = wv[6]; ++ wv[6] = wv[5]; ++ wv[5] = wv[4]; ++ wv[4] = wv[3] + t1; ++ wv[3] = wv[2]; ++ wv[2] = wv[1]; ++ wv[1] = wv[0]; ++ wv[0] = t1 + t2; ++ } ++ ++ for (j = 0; j < 8; j++) { ++ ctx->h[j] += wv[j]; ++ } ++ } ++} ++ ++void sha256(const unsigned char *message, unsigned int len, ++ unsigned char *digest) ++{ ++ sha256_ctx ctx; ++ ++ memset(&ctx, 0, sizeof(ctx)); ++ ++ sha256_init(&ctx); ++ sha256_update_tee(&ctx, message, len); ++ sha256_final(&ctx, digest); ++} ++ ++void sha256_init(sha256_ctx *ctx) ++{ ++ int i = 0; ++ ++ for (i = 0; i < 8; i++) { ++ ctx->h[i] = sha256_h0[i]; ++ } ++ ++ ctx->len = 0; ++ ctx->tot_len = 0; ++} ++ ++void sha256_update_tee(sha256_ctx *ctx, const unsigned char *message, ++ unsigned int len) ++{ ++ unsigned int block_nb = 0; ++ unsigned int new_len = 0; ++ unsigned int rem_len = 0; ++ unsigned int tmp_len = 0; ++ const unsigned char *shifted_message = NULL; ++ ++ tmp_len = SHA256_BLOCK_SIZE - ctx->len; ++ rem_len = len < tmp_len ? len : tmp_len; ++ ++ memcpy(&ctx->block[ctx->len], message, rem_len); ++ ++ if (ctx->len + len < SHA256_BLOCK_SIZE) { ++ ctx->len += len; ++ return; ++ } ++ ++ new_len = len - rem_len; ++ block_nb = new_len / SHA256_BLOCK_SIZE; ++ ++ shifted_message = message + rem_len; ++ ++ sha256_transf(ctx, ctx->block, 1); ++ sha256_transf(ctx, shifted_message, block_nb); ++ ++ rem_len = new_len % SHA256_BLOCK_SIZE; ++ ++ memcpy(ctx->block, &shifted_message[block_nb << 6], ++ rem_len); ++ ++ ctx->len = rem_len; ++ ctx->tot_len += (block_nb + 1) << 6; ++} ++ ++void sha256_final(sha256_ctx *ctx, unsigned char *digest) ++{ ++ unsigned int block_nb = 0; ++ unsigned int pm_len = 0; ++ unsigned int len_b = 0; ++ int i = 0; ++ ++ block_nb = (1 + ((SHA256_BLOCK_SIZE - 9) ++ < (ctx->len % SHA256_BLOCK_SIZE))); ++ ++ len_b = (ctx->tot_len + ctx->len) << 3; ++ pm_len = block_nb << 6; ++ ++ memset(ctx->block + ctx->len, 0, pm_len - ctx->len); ++ ctx->block[ctx->len] = 0x80; ++ UNPACK32(len_b, ctx->block + pm_len - 4); ++ ++ sha256_transf(ctx, ctx->block, block_nb); ++ ++ for (i = 0 ; i < 8; i++) { ++ UNPACK32(ctx->h[i], &digest[i << 2]); ++ } ++} +diff --git a/drivers/tee/optee/sha2.h b/drivers/tee/optee/sha2.h +new file mode 100644 +index 000000000000..4ce0f3cd5231 +--- /dev/null ++++ b/drivers/tee/optee/sha2.h +@@ -0,0 +1,75 @@ ++/* ++ * FIPS 180-2 SHA-224/256/384/512 implementation ++ * Last update: 02/02/2007 ++ * Issue date: 04/30/2005 ++ * ++ * Copyright (C) 2005, 2007 Olivier Gay ++ * All rights reserved. ++ * ++ * Copyright (c) 2016, Linaro Limited ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. Neither the name of the project nor the names of its contributors ++ * may be used to endorse or promote products derived from this software ++ * without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ */ ++ ++#ifndef SHA2_H ++#define SHA2_H ++ ++#define SHA256_DIGEST_SIZE ( 256 / 8) ++#define SHA256_BLOCK_SIZE ( 512 / 8) ++ ++#ifndef SHA2_TYPES ++#define SHA2_TYPES ++typedef unsigned char uint8; ++typedef unsigned int uint32; ++typedef unsigned long long uint64; ++#endif ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++typedef struct { ++ unsigned int tot_len; ++ unsigned int len; ++ unsigned char block[2 * SHA256_BLOCK_SIZE]; ++ uint32 h[8]; ++} sha256_ctx; ++ ++typedef sha256_ctx sha224_ctx; ++ ++void sha256_init(sha256_ctx * ctx); ++void sha256_update_tee(sha256_ctx *ctx, const unsigned char *message, ++ unsigned int len); ++void sha256_final(sha256_ctx *ctx, unsigned char *digest); ++void sha256(const unsigned char *message, unsigned int len, ++ unsigned char *digest); ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* !SHA2_H */ ++ +-- +2.29.2 + diff --git a/recipes-bsp/u-boot/u-boot-qemu-common.inc b/recipes-bsp/u-boot/u-boot-qemu-common.inc index 802fc5056..6e7158b33 100644 --- a/recipes-bsp/u-boot/u-boot-qemu-common.inc +++ b/recipes-bsp/u-boot/u-boot-qemu-common.inc @@ -13,6 +13,9 @@ require recipes-bsp/u-boot/u-boot-common.inc U_BOOT_BIN = "u-boot.bin" +SRC_URI_append_secureboot = " \ + file://0002-rpmb-emulation-hack.-Breaks-proper-hardware-support.patch;patch=1" + DEPENDS_append_secureboot = " optee-os-${MACHINE}" do_deploy[dirs] = "${DEPLOY_DIR_IMAGE}" From patchwork Mon Oct 24 12:27:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Schultschik, Sven" X-Patchwork-Id: 13017530 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A0A7CC38A2D for ; Mon, 24 Oct 2022 12:28:37 +0000 (UTC) Received: from EUR05-AM6-obe.outbound.protection.outlook.com (EUR05-AM6-obe.outbound.protection.outlook.com [40.107.22.66]) by mx.groups.io with SMTP id smtpd.web09.18502.1666614511977565809 for ; Mon, 24 Oct 2022 05:28:32 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@siemens.com header.s=selector2 header.b=JEAOzrfC; spf=pass (domain: siemens.com, ip: 40.107.22.66, mailfrom: sven.schultschik@siemens.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nyM35ZpqgbYhj1QJQYU64H1ILeRcjVU39cxJlKDV7WQfRShZVCVRb4R78OkC6bn9bIXenooV8iSp2W6QeORK4fFm6HW1+hgkQNueuS4ES7iKT+q+nB6CTksxg8RkykIaQWgDfbf7A6+8cGNqIIrS0yj9NNknMjA9CzYIFgJj/BATZoCl4qW78VwBov0cNApbJHnKbXDfaCnxUQJAiusYxd+TRWLNsWbPEFYSbAHrQce5IuoCx4Gl43S9G2TBWVU8J+KwqaPAMI+lR7nx+vMW3sP3xlJMtoxjrbRvQGMbbhy9mMwZj/oTq5izUkPJXlkv4xjirjH+M4DqCAK5+Msp5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=p6BLZa1QtdIvgZOrIj+zfhKXHIGsSSeE5LjDIGIpm3I=; b=KI/msnJ+hz9IpBWQRSLl//5XdyqppLaM9fdE7E9inWc7yaQByz4dBfg/HCvUdcRs67/Oy8g7UpkXlcFsvkzg+WKLOsegQOntZSk7MeeiIkvIYbQjtuRChgJ2dykzo2LoZ1CjVNfDiiqjPGA6rMdBaCBrCA0HkOqVEdo3IMQU5/LUZgRpMMHXc2NQPwXcMC+5P0+J86c/OaT28w1o/sD/KR/s1BaGIqu53xr9Iv49DT3lMUJAFHbTFT3jZcz0Vgd8krEfHKLXcpCPpEOAxhODsltC3sIR1iW90w6m7HUlJid/vQqjRmh5ZCqQwvvIlWdIMkNT8BnsHdEBBku4aodZCQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p6BLZa1QtdIvgZOrIj+zfhKXHIGsSSeE5LjDIGIpm3I=; b=JEAOzrfCa5DjDgru6Df6dmqgCP+s2DPTmqhLNf10ElJ6g7lkiqRacn5e97RoPqcZSgk0fz/ePPtZpYmH4kWApcc6IvVVbceIImSsI7CzBlfII5FmHCtIQJIA3amdfd6DPjOcPUoRkc+LYiW9Amncu7p/DAC3XV9ttXNjo5aUTZlZ5bx+cnDCoeKa+rAWNdGuSADyhFK66P+TCIAMnU2AqNK9T+zUA0Xk4i/LRJ+mjYHPwyV1fy3BQ0F2jfRisVK60VH02SB/UB4QTfi9mFcZT4bk943IkbXCyc1Y2te8qwQlGX0u3+7s+o23S+EBP3gphd4IizrOzOwBH9hemjZa5A== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:210::11) by PAXPR10MB5783.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:249::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5723.29; Mon, 24 Oct 2022 12:28:28 +0000 Received: from PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM ([fe80::8f3:9a82:c9ed:6a3f]) by PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM ([fe80::8f3:9a82:c9ed:6a3f%8]) with mapi id 15.20.5746.026; Mon, 24 Oct 2022 12:28:28 +0000 From: sven.schultschik@siemens.com To: cip-dev@lists.cip-project.org CC: jan.kiszka@siemens.com, Sven Schultschik Subject: [isar-cip-core][PATCH 5/8] add recipe for trusted firmware a qemu arm64 Date: Mon, 24 Oct 2022 14:27:22 +0200 Message-ID: <20221024122725.383791-6-sven.schultschik@siemens.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20221024122725.383791-1-sven.schultschik@siemens.com> References: <20221024122725.383791-1-sven.schultschik@siemens.com> X-ClientProxiedBy: AM6P192CA0105.EURP192.PROD.OUTLOOK.COM (2603:10a6:209:8d::46) To PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:210::11) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PAXPR10MB5037:EE_|PAXPR10MB5783:EE_ X-MS-Office365-Filtering-Correlation-Id: 278d2f2c-609d-4482-4565-08dab5bb413d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: +NHGxdtOmFcBCKcB/WeXT2jnY26nw7JoARwHg2DuF+lZg+5zbTGAmy9uPn0TAeQn+waEmYR2o4IzarkFzBxYzH0mWWYWkyV335jje9+3X4fzz/wxeN79OcfDBUepV/sgl6BBYArNsPHQhdyiN9cQa7V00p2TMpVGFVl/gCwkEoFOkKPMPuepqEhdXqObQ7hgXLmoszWrSBf1FYKjUzytat9atj+y7ZP8/AspTOT+rS3I17T/WsW+dTIO/d8Tfcua7DfciVLxO+D47f1SaJXwWTy7INnST3r+Di9bmoDzRg5s64A/J/V+Rc5p0NaqFZrrkxVKkO4YeyLFrGvm7oGjO3lpqxTpEYzReCi0GaGGV1y5pXAdtIWvs09BXB/0r7bAmtTl4iPdQrIqI2+F2qR6VTqbxanDleIfRlDTGmL2Smvqd6F1XvxvNpc03tQQ4GXV1Ijgq9dJGP2XaD6u/Fxhyfz64Lvdw1vFZxWCzkXUnQM1cdROFNaTIDFoJo3ERLfQJlYOcZ1xDRc8nPlSttv3AC0FWe5k76WAmOzYhVph0POfbhXqgN45WAf2qimIN1l9p79W9CBJPIab0zCIet/irwsbeFiwCoSTVMFkt7pfXm5RqSeGluA02TslGp3yTvwO921UOx/vaER9uVSqNMDmN50QhAhbGISmUcJtihepxiuLJ8QTXYfIEE1liv8T1XkbGakUPMOb76zz3YK6SPHvQYbArT+1g/4XzAPmHrtw8iM= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(396003)(346002)(39860400002)(136003)(366004)(451199015)(6486002)(5660300002)(186003)(2616005)(316002)(2906002)(1076003)(86362001)(38100700002)(6916009)(6512007)(4326008)(8936002)(66476007)(107886003)(8676002)(478600001)(9686003)(26005)(66946007)(6666004)(6506007)(36756003)(66556008)(82960400001)(41300700001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: eZnPGecsmlwutk4EeFGqCN10mWz2R4SBStHgX5rMWQ5TNII9rvJZZzTqt78emC27mg0MHF4Q6qOIF+4O3YNHxGZOfaw4Xr+jko2Zxqm3YcAc4NoN6CMg4ZSrAyFjF10eX3BenOS/6YuEOvC2gLuYA4jFb11PH7o/fTtGTpZhIQNaVr+w6mD7tnUlDKixUvH0ijwD0EkMJBuBKOB1D3Ob+c+OWQFi/+Ym8MTsE7iaDENO+K2NBOgmDICm9VCZbAABct3GM1GNUp0yaVecF5OuO9S7wopkRdFaoqDFH+0JNm26S6l5goLbAPNfzL7jOYNwzOOyQh73PBZ8MQFiMpDv5cu2yZ4dGG8qDcKm5oQ2mYodnBkR6nCbHtFt0W0oL7RuluPO6cwvTuUf+I37uXYo6bNJ5zInR1z4qbPQyegkbTl2LaQ2U8VN+WQ9ri2oaECaUapPasCe9EOsbeIlyYRePRJblzQl566zPFazRPPzL9oVGxCAnlDxaNyA7FysXb/5eGVTW+SauW9jXIOIZfh0DA8Y1mQ5229ulWbbdVwKGjcKJHo9tTv0bQgKiK/saq6MUmeiCL3hAQRLdUZUW1fwqtHvs5potNAoFYCB09LOv9YofjLrmmUHWuKp+JT35NiIxSsoXTRMk2hHdfkrrj6agIKiACmp+FM2M4v2QNHF+bu8i/m7+qfyN0+JdR/IucVt92XbV5zI1rg7aSQLF2BLGP8j2jh1/Bc0H2pItEXwhauEW/WoW+htROaSa+szBDfvB7Lkrk8mivT9Q8otU5iiN15rxFYo1fFoRkSF+GBhlQKqHbVEqh5RYjEvcTYtY4qGUcs27kgOO5hSB5lyD3fHzRK+lLFg7RM8yHAmcqGC6dMuCyT1/iU4drqCXLJ6ziyioQoEr83TxdC1JU9iXeqQgFIImdPZI++4qfXLs3wwd8muOsep2Lwtq4GJu478HzdB3ichwBrfm+ADiAnXwTGc7C/+FbJOxSYuL8L9w4KTAEKkPMJA8jBzBXBELIAWU+vPePUCzw1iZ3I02rIF/zDO/Wc1Jgkn2XakuQPAaU0wDE+FLdTZhqsiHQt7U3atZNcYCd2+AKJNMw4vuQj/OSoH1bQ2RxrmUk5lBvIWSbTxEJ9roOlWqzONkJb4sTUtfnmILdLNjMh8R8746RZZejusx3RDJWtpUjidFdqVTrZuPK4ncIo8zUaM2me+A0GXr6ClwH6CJV92MSNyY6UYsngeFXxlM3Qbib/jQSoYhJus9g7Pp78Csp/VM8AUIA5zRw/aZ4SUm6A5l1+AhFLjQ9xsmsqkN9/QxqavnISNQKTDT4UNZaixWc6XtH6C08Cvngdyi4wiuV9EtTqEFDx8JDlAv4fhn4LyFjTSh2tA83YWMo8xSTdxvrl/BXMACJoueqrdqeJ5tTIS1va0ou7HHrjJxDaQjcG94mH9ESPRNaosKEQcN/aUL+MkrxGWQVMfBMC9wGoxdqLgDMlySwNk0UwkrIMYbRfyHffrV6nSzQc08Tctu/G39EuKwAuVbFajKlpSBDZgcR7reFVoWsFiiJDKjSV9U8LX6OqkxhrxI6cd5hYkPqiuIHq9HsiIVy5xFCkaT4oQIUafKiR1Ohtcc3UWwg== X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 278d2f2c-609d-4482-4565-08dab5bb413d X-MS-Exchange-CrossTenant-AuthSource: PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Oct 2022 12:28:28.8298 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: rS/9Frnu1nb5Ldb0XCcc0T79RiCd1fnZ5McJJjeKcve15tEbLOvQnv6vsgk8zLxP/z2z6dC9GMrNh9VZX867Awn68qRL73jCj39m1biN1lY= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR10MB5783 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 24 Oct 2022 12:28:37 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/9809 From: Sven Schultschik provide a recipe to generate the needed binary to start a secure boot qemu with integrated optee and active RPMB replay protected memory emulation within u-boot Signed-off-by: Sven Schultschik --- .../trusted-firmware-a-qemu-arm64_2.7.0.bb | 61 +++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemu-arm64_2.7.0.bb diff --git a/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemu-arm64_2.7.0.bb b/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemu-arm64_2.7.0.bb new file mode 100644 index 000000000..791089a21 --- /dev/null +++ b/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemu-arm64_2.7.0.bb @@ -0,0 +1,61 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2022 +# +# Authors: +# Sven Schultschik +# +# SPDX-License-Identifier: MIT +# + +HOMEPAGE = "https://www.trustedfirmware.org/projects/tf-a/" +MAINTAINER = "Sven Schultschik " +LICENSE = "BSD-3-Clause" + +require recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc + +SRC_URI += " \ + git://review.trustedfirmware.org/TF-A/trusted-firmware-a;branch=master;protocol=https;destsuffix=git;rev=v${PV} " + +S = "${WORKDIR}/git" + +DEPENDS = "optee-os-${MACHINE} u-boot-qemu-arm64" +DEBIAN_BUILD_DEPENDS += " \ + debhelper(>= 11~), \ + optee-os-${MACHINE}, \ + u-boot-qemu-arm64, \ + libssl-dev, " + +TEEHEADER = "/usr/lib/optee-os/${MACHINE}/tee-header_v2.bin" +TEEPAGER = "/usr/lib/optee-os/${MACHINE}/tee-pager_v2.bin" +TEEPAGEABLE = "/usr/lib/optee-os/${MACHINE}/tee-pageable_v2.bin" +BL33 = "/usr/lib/u-boot/${MACHINE}/u-boot.bin" + +TF_A_EXTRA_BUILDARGS = "BL32=${TEEHEADER} \ + BL32_EXTRA1=${TEEPAGER} \ + BL32_EXTRA2=${TEEPAGEABLE} \ + BL33=${BL33} \ + BL32_RAM_LOCATION=tdram SPD=opteed ${DEBUG} all fip" + +TF_A_PLATFORM = "qemu" + +TF_A_BINARIES = "release/bl1.bin release/fip.bin" + +ISAR_CROSS_COMPILE = "0" + +do_deploy[dirs] = "${DEPLOY_DIR_IMAGE}" +do_deploy() { + dpkg --fsys-tarfile "${WORKDIR}/trusted-firmware-a-${MACHINE}_${PV}_${DISTRO_ARCH}.deb" | \ + tar xOf - "./usr/lib/trusted-firmware-a/${MACHINE}/bl1.bin" \ + > "${DEPLOY_DIR_IMAGE}/bl1.bin" + + dpkg --fsys-tarfile "${WORKDIR}/trusted-firmware-a-${MACHINE}_${PV}_${DISTRO_ARCH}.deb" | \ + tar xOf - "./usr/lib/trusted-firmware-a/${MACHINE}/fip.bin" \ + > "${DEPLOY_DIR_IMAGE}/fip.bin" + + dd if="${DEPLOY_DIR_IMAGE}/bl1.bin" of="${DEPLOY_DIR_IMAGE}/flash.bin" bs=4096 conv=notrunc + dd if="${DEPLOY_DIR_IMAGE}/fip.bin" of="${DEPLOY_DIR_IMAGE}/flash.bin" seek=64 bs=4096 conv=notrunc +} + +addtask deploy after do_dpkg_build before do_deploy_deb \ No newline at end of file From patchwork Mon Oct 24 12:27:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Schultschik, Sven" X-Patchwork-Id: 13017531 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C2C15C38A2D for ; Mon, 24 Oct 2022 12:28:47 +0000 (UTC) Received: from EUR05-AM6-obe.outbound.protection.outlook.com (EUR05-AM6-obe.outbound.protection.outlook.com [40.107.22.80]) by mx.groups.io with SMTP id smtpd.web11.18519.1666614521439018156 for ; Mon, 24 Oct 2022 05:28:42 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@siemens.com header.s=selector2 header.b=iZaozp4L; spf=pass (domain: siemens.com, ip: 40.107.22.80, mailfrom: sven.schultschik@siemens.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UcyZI6EZ31R90LvGqUyzOtW4Kjxz6nG9OcmsGLHCd/H0NbuFIBh6m/kUjrS6s6cEsuFbBMlKeJkUY/FMzes3h+VnFmDd5H3F6WsNjLIekGK3Q/+BAGWfNoFvWADvcUxQvWtthyja3X8ZejCvnXcTJINalDL3uxze3VTZDX5iPeR0hHmNFah16qT2bcVt/9GQeZoJGNl43ier8k0P5RZr3A0d6BnRMulYJqdxc5wGyRlUhY91eyNmkCQl3I4F9OMWK8Y8eqSbNd0caEDBi6Rg5uM5xufD3V4oPdX8zUXH1uKyo4Z9xAlnJ8cDXTeMFUElc30ozBlg+e74BKKFEnNECg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qKctsy99kQVyvvjfNtrVgONXkTgC7lmciMU6TbJdXpg=; b=GV5w5g6S/FuoOCWUyHBYEIrkHYVYW7EZ8g4BwkjKFGvB45ohj2H0svp4CN9D59WUDI2jtYTIYzV+utfYvgI2/tl3zsZagJ53yR3cjeheHqs/uoChnwzXBa+iqXRj/ag+Fe9CQfV/fDzj4f0HNIQg09bduXBWNJ+8rrKYxxOjbAyAuHq/CqrTXEVbdnQiJFUkyyIRHScJk7Rh1L8cLCFEyMg8k0JZ4I6dYjW1rx2NqQFIv1jv9ayNvgB0xWSMs6j4rpX1jafzJ1ZLYLJ8fi5zCzi4CcMsHK39o2t0U1z7Y6isAKYvrGpMierSOXtMPCWyQx0TqYmULl1DpABZEko0Hw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qKctsy99kQVyvvjfNtrVgONXkTgC7lmciMU6TbJdXpg=; b=iZaozp4Ld3NhMOzcFj06uSxyztjog/OoEcHO+BNt/OctNKS6xBkMTo16VnixpVV+Za0POBYr5aNa48j2/g6IGsjEVTH5N06Q0Ij9UDak+JoOwAGpneV7S3IPYoLt9OWcCi8uAn4bsKiLXiZ8uBMQDrZWvzikmNsRiLBA5/cJFNSjwARAF3JNSCFG3aJDgZQBCVnyYXMjCWcwX9FHMyoR/YNVeCeubbz/qqNyRfgTV8MAbuQVhPJ8n1eI44Ua+JIYiI2c0a9BToMLeSpwtWK3Bce6c/HUW7Tvtecvxh/q056VOrh93PjCWqUsUc3XfFGEPCgYKrT0lxQgh/dFX+1qQA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:210::11) by PAXPR10MB5783.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:249::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5723.29; Mon, 24 Oct 2022 12:28:39 +0000 Received: from PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM ([fe80::8f3:9a82:c9ed:6a3f]) by PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM ([fe80::8f3:9a82:c9ed:6a3f%8]) with mapi id 15.20.5746.026; Mon, 24 Oct 2022 12:28:39 +0000 From: sven.schultschik@siemens.com To: cip-dev@lists.cip-project.org CC: jan.kiszka@siemens.com, Sven Schultschik Subject: [isar-cip-core][PATCH 6/8] add kas files for building qemu secure boot images Date: Mon, 24 Oct 2022 14:27:23 +0200 Message-ID: <20221024122725.383791-7-sven.schultschik@siemens.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20221024122725.383791-1-sven.schultschik@siemens.com> References: <20221024122725.383791-1-sven.schultschik@siemens.com> X-ClientProxiedBy: AS9PR06CA0226.eurprd06.prod.outlook.com (2603:10a6:20b:45e::25) To PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:210::11) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PAXPR10MB5037:EE_|PAXPR10MB5783:EE_ X-MS-Office365-Filtering-Correlation-Id: c48a9520-e1b0-4597-58dd-08dab5bb4776 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: DSLvZagd7r30SiBYb0RBqQLvAV2nx9wTmniHirKbIim4+mMG6CJvwokX/OtIonf2MJD0mwbg3ApNBwKdIOb+XDEgsmq1+AeTXJ0avgEL9SQK5SgG3+PPFXpoIffe4qJPxdCdsaGbXF0f8z+vI9+xgDaS72hQVCiCUdOi6WW5edvLvxy42ZlGniwHH4yvW1Pv8IXfQX7XaRfgAjmOnhADISjcMVbYb81dSWxeM/ZwvOROgxQxKJAAYLowKb8oq/nKB39I/HftO9wVt0Zv3BxI9VZdLnnsSC5CO2M6XUwmZ/0bo/LIhaZfYm7C+6AK7n5NsXtOKWm5X2yOOcL+hkfcHTNlwyRJtUTEIWp02CpBZ3hhndPB5UXyqTcJM9YUGqJ2IrCjbOhEzYtraKuYWBhUcgLB17++2y2G9PJ1a/TxlUERG7xJcpn1qGcxnhiYLeLkfyD3nQVfMTd8xilIHGbg3QxAt4NVUZGJgygWB8hS8yMybl8PSL564v0eoXN71EWHCQXaqgCHEy2ixxdYguiARIsYjxsUL485xq3mMnT5Kf+HHUdsOB4koI+PxFQr3o3eYNsuXiK92MUgy4wrvSrw7Bsi/c0AKzTlCOk3ku71Yg1rcKMLdgM3Pkx5LVlbst0Eg8WL6DnNb+sb6DYVzysyksr5ZNpn5RlNF38quElqyzHKSDrG9pUzPd6qDdg1sLOyBUzg1pEZ/kH6dreBvhMWVg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(396003)(346002)(39860400002)(136003)(366004)(451199015)(6486002)(5660300002)(186003)(2616005)(316002)(2906002)(1076003)(86362001)(38100700002)(6916009)(6512007)(4326008)(8936002)(66476007)(107886003)(8676002)(478600001)(9686003)(26005)(66946007)(6666004)(6506007)(36756003)(4744005)(66556008)(82960400001)(41300700001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: hM9XyUZukM4raWJDZ33toegAAdsbi2fPbANJR0DoQOhaO/oUY4EPDM38zzPSA/NV+sBaQNbZepTSjq/qumKTE2hryrMSSrvR0vSs1i2ATlqPdxucMP62mWg9ZonRYg1RyLvb2aBLMVf9SMFh3PlfYLx8MtZWCR3HKsXVDapg/j0YiFZHleZ/fiw+SYeIGqDaBE0Ya+8hlAtgSP2ftxsOJjrKr2ylbmv3rlWB+n/Td9DxOgMXN42EyY/3fuRWeFK2BLsEtbzhsJNQJ6x097m8YTvqCQRrxQNMK73tG2ZFtbOOHH9VHbvBGrb2Xtw3KZskemwtTxiWYyLZLkBoalaE8taMXUtR2qdztETA7ANjWEPOcAQQ3EE1WADMp8Ld2z5X97q311c1mU4lp6hWJzct3OTi7T0r4EgcfRDWxN2AcaPS1MtrrQcLFJSZ71noWjJnVAUF9qqinq09YS37J793P8NWgyqrOG90z2S3NU93SQNWQ8uE/N1nFxkBV8pJwZs2bO8jKfxkrfa6LDMQlILgnaQAlz4X59m8002f+9p/wrEKNNNw4n8AUAAoiZz3NKpRBeq3A/1MjxcKCRR5MKgpOWmg9lLzUqNtLFZVC/6rk2ewUDUlxuXh9EFNkOUeakSB0CeUcX/RaHz45ub0Nv/8CnrO0kBkATmmcapSrFFzIJU8yS2Y9OvUZq9ft6FIrGnLgbeuNVbbu20WtAkI4f/DUQrpjpuobhAaURDlwPpDfWkmzFa9Ui8jbN6cvYgI3gdSt8lHcFNh9uiKRB0QwUnIUeweM+LGU9uUNBsxTaKUBCSF4wRB8JFnr7A5vyxZh4We1XOjVmhyxMhFqT/ymulXwUNR8D3hTa+e6aqXUrv9UycIgGI7BdQL8aWV8IQAYmMbby0o94CwmAK0DzkwRXr+OSQsRaKQVgVTdBzap86AkgwaKeZhcM7bakTPq7UFIjxAEgkeEeQ8MLQ0lfQFVEb5Vn+wUK6h4cm/zpVwU0lf7AgJsOfhhj1GcH/lG3NKgQxmhsOv93F4Q3WjMBeAIM9RTAGjOhrn5Z/ldC5AywcsWKd9U1d410m+FEgmP0Yx60Tk/J997awdnf4O/qipaCL8K1QfbIpL8/m9Mg1hiCrO17TA1bwIqq4x7JzUaqhfhk98BTGOFkpEo8UDpCPJlx8WdNw4UPbn7LNZALZhlQpRkLlBfPnhCA3USS9eO2ig7HAWK9WUkg/CgDuMc9oNiRFQHhE/2NSmxG6Zo4WjcXEc8Rb2dSpDoS401fv/O54AdxWMvxhIDnGfEywZ1Q9F0GPqro6GDE2sQ4RdCsbQDkXkdt3L9bUayiP1IU/llKUYYFUshl2YBQO5HTj0bXsVhho+l5NzjZbknC+DiR7RJpT30hkrkDT5bfSYy8rVFi8FGXxtWw1KSPmdWt5XAPwjr0BoQSkI1rLTB2ZyQ+c7DhAFweD6Tp6krktaUzJ+wEfCtI20VIk+ahy2p9SAul/anMbiVj9kfYfQgFXc638weA7nfbuipBRu92Wk8KgDteOvNqZKHd/o/n3HbzOHp87qZOHmlnw8CpIN6wwmssajIgeCHnRN/Ha1XLFllipLqQO90oHBLQ5dHoZyJIcPIfuK6mqcpw== X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: c48a9520-e1b0-4597-58dd-08dab5bb4776 X-MS-Exchange-CrossTenant-AuthSource: PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Oct 2022 12:28:38.9577 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ped7jUzMNKxRAqsnVGh3/xWaGOkTiK/Scui8fZc+Lcc/nx2iXYQmWPm7K2odpEoiX5yVdCZmHe7msSntdtDTuT1Yo41iIEwFFqWGfTOsAQU= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR10MB5783 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 24 Oct 2022 12:28:47 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/9810 From: Sven Schultschik The u-boot-efi-ebg-op-tee-qemu kas file combines the different recipes to create an image which can be booted with qemu and provides secure boot with EBG, TFA, u-boot, UEFI, EDK2, OPTEE and RPMB Signed-off-by: Sven Schultschik --- kas/opt/u-boot-efi-ebg-op-tee-qemu.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 kas/opt/u-boot-efi-ebg-op-tee-qemu.yml diff --git a/kas/opt/u-boot-efi-ebg-op-tee-qemu.yml b/kas/opt/u-boot-efi-ebg-op-tee-qemu.yml new file mode 100644 index 000000000..0558c8e79 --- /dev/null +++ b/kas/opt/u-boot-efi-ebg-op-tee-qemu.yml @@ -0,0 +1,11 @@ +header: + version: 10 + includes: + - kas/board/qemu-arm64.yml + - kas/opt/5.10.yml + - kas/opt/bullseye.yml + - kas/opt/ebg-secure-boot-snakeoil.yml + +local_conf_header: + trusted-firmware-a-qemu-arm64: | + IMAGE_INSTALL_append = " trusted-firmware-a-qemu-arm64" \ No newline at end of file From patchwork Mon Oct 24 12:27:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Schultschik, Sven" X-Patchwork-Id: 13017532 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C6B06C38A2D for ; Mon, 24 Oct 2022 12:28:57 +0000 (UTC) Received: from EUR05-AM6-obe.outbound.protection.outlook.com (EUR05-AM6-obe.outbound.protection.outlook.com [40.107.22.67]) by mx.groups.io with SMTP id smtpd.web10.18723.1666614531141238972 for ; Mon, 24 Oct 2022 05:28:51 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@siemens.com header.s=selector2 header.b=YpwmiY3x; spf=pass (domain: siemens.com, ip: 40.107.22.67, mailfrom: sven.schultschik@siemens.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=S42+EvgUc9gzAH63KAoXLLnhraxmYS+KHpKLzS6UBmbI5Vowh961bJuM8+aOX8S5MH2imIqkTvxkmFT/TWBBSEtxPBnpdiOn61Xsbb88bvgy4qzv/5YRLQeKUHTtDIAEW7H0vui8vofpcED/fCpLGp1PeEeIPrB5wfOVEL5NJEB3/XgDG7/HNieqQlxNmkTRI1tdokAok8ingnuv58pNu65oIdeodTBjRv2nk0pzWlNrLGVV9bTGKvJe5xlMLDjo8RZE9/qXVVEEq0RHcn7qCt+P7VzpOzIueBqzGMmkTXDfPWwx8ir+f28IJ1i5WtKs+YG+1y+j7CeknFbKaOtfrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=liFCM8giZCFQLY7w62P7vdTEGzRf8ZYwoE7rWQzZRI0=; b=bq6r698zJ2WH0fcZ2IrRAC94/BW1QQ7aErjdZIeFocXQ41Pv27Wl0dbO5n3C1b2cdCqjT7olbu/u4iqbm8/B25Zq4hKN5aEaHcnmPV7QPEkB+zD7pKyzoCx7uO75g5qYY4d8cAUHUG8eiALIis70lv2okPaJAXH6ATzAK5AEs8XjUt5rDEtpyRKlv2SOvsI0fu3CbRANoHcqqAo+9l2PYfDHWwtTGmpvymTb+WTcNME4NA0Q6jZlFhl7EPmioCpqJOFoc5IawTZAh2Qh/TM1MwKyjVX0lDTOBULsK7auJMMG+vUbQ9S7Kdh3DjeZfDJD45CuyV6kBPvWeb2X02Eezg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=liFCM8giZCFQLY7w62P7vdTEGzRf8ZYwoE7rWQzZRI0=; b=YpwmiY3xBdrY+7OS7Ut2WDkLaLLa0+PsQcdR9eedGWnUvGHMv5UyTtvOsx5VNu9l8GgMFEksaqh0hmKlQfbu1CJPb6BIVd/jTaiymh7lR0FxeEk9msML+YYK3qukEtrMEdisVqaR2Dgp89sG1eUQmjyJc1gVmF+ajUcHpdUOe2X0YEbBfZv9wug02FUX2DXYzkyCbTfeb6cRs8QWFFc9EpAropQHMM4LCiOLioeXOJxF2QC++h3hyIz9rBqqGRGKvYK9So4snvfFEc0zkcUnCmcojZ+WgyXGLkYoN5iMmA9BEnArznvsB1o2RR4OLKlqwA93GYwYxJS1SKaYYGMrjA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:210::11) by PAXPR10MB5783.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:249::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5723.29; Mon, 24 Oct 2022 12:28:49 +0000 Received: from PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM ([fe80::8f3:9a82:c9ed:6a3f]) by PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM ([fe80::8f3:9a82:c9ed:6a3f%8]) with mapi id 15.20.5746.026; Mon, 24 Oct 2022 12:28:49 +0000 From: sven.schultschik@siemens.com To: cip-dev@lists.cip-project.org CC: jan.kiszka@siemens.com, Sven Schultschik Subject: [isar-cip-core][PATCH 7/8] enhance start-qemu.sh for arm64 secure boot Date: Mon, 24 Oct 2022 14:27:24 +0200 Message-ID: <20221024122725.383791-8-sven.schultschik@siemens.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20221024122725.383791-1-sven.schultschik@siemens.com> References: <20221024122725.383791-1-sven.schultschik@siemens.com> X-ClientProxiedBy: AS8PR04CA0122.eurprd04.prod.outlook.com (2603:10a6:20b:127::7) To PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:210::11) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PAXPR10MB5037:EE_|PAXPR10MB5783:EE_ X-MS-Office365-Filtering-Correlation-Id: c2c8f238-d653-4f54-65c2-08dab5bb4d90 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: X1GtcJN60A1++kyEH6OHEPB2I/G11mvtCp86PYnpAEhzWyb29JkziegCsfiL/IKAYV+mspoPCd6VlWszDvQ5R8XY4zQ2rY65NpYt7MUNe1F/iaRQ940ku5pAGim7JkFDsE7HI07dPz3MeD7udRBPSl14V/kbg/p9139nICb86reHDKbzikWZlk1d3KuFhmJSNzyQ6kPZ8PAsMn/jmp6RMS69eDz1kVnRgZRADWnf9q7Ip+i2NcBOoq9m9KhedIabacZzpCAEHDfIqSGEnwfzhGoEVTHCH0ffu9rdbTInWzjic4k2mUUX0zFzMb5QeuxjDb58vgveCdwfeu+pGKi4MZHiM/dftF8/MvPB1xSkT/lRpOfhu9kx5yLyT8CpC+xn5qrA1XMGek8/pJbIYcf1DI0fHRaKYpPpFfBO+HBj7GyHDKqCXdYdIhBcLwD5Ac09FvZ4DtwCwzmL3/1jnW/GgIE+lSIXgShkVMan5c4h3ibR5+t0m5Xrs1wzDATVju/UUVjaGsfzkaDs3I2mJLBFRosnHrEMqBujhQIxYIue+dqVKSVLIH5DVCtMrWyFS2R9ruW3P12MTQD4RwH4pxog+nWNcZkKDeYEIs/nBYEaIP5oZ/UdPwenufYEvLJfSVkMH050SkOqshYeiWypac0/w/zLo03plNYKSl3jO4etdw3KEZob4aFy3k0SwBCerqGCAHzz+8ON1onfyDDAwEKbQw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(396003)(346002)(39860400002)(136003)(366004)(451199015)(6486002)(5660300002)(186003)(83380400001)(2616005)(316002)(2906002)(1076003)(86362001)(38100700002)(6916009)(6512007)(4326008)(8936002)(66476007)(107886003)(8676002)(478600001)(9686003)(26005)(66946007)(6666004)(6506007)(36756003)(66556008)(82960400001)(41300700001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: Ovpo3pWizSHnNq7SIeB8aW3BJZwu5f1fybt0DOimkcVJkNDLv4iPVfpeGZfpmqZWUxdGmIFmQJctih1rN8Ljc4kT+nQCoqwwjz33o+CY5+aCHvXZgLdOS0S9ctII0ZMd64oEbiARRZX43NMqercZpWynVmAQe9wSKtK12zhweC9Li7k/DzlySfgAh+Rgvf5ZX46aGnWlG4f3p8MBBlCTMg9SBBQQcid0NXSa8+o1wzH9d7e9L3bHS8UCAZmo42AX47JVRlk3mFjQlGJKwKAI27bt4chBIVWvIbyMOz3c1etuJnmDerI5+sjOQeRj77QMYgUIOSVU8zsAex5S9oijXa7Umy/uEd+26LEcYerNWbxmCNmE8xv5B6FPvP/nwQBJAEEFyofXcJ5hbKvJYkLiBHyX406S4XR2KqDVaJm0zhFT2p21IFEQX9f1xYQt0hqsSiHSgGyd3vtyUP4jDDmo66z7GNRweI0xFr0aqyXruUeasTSWdK4AeqSvcOXjcbTVzENfWl1L76dzdH4rXJWC5K7HNwmSW6Myv6Dwz6xob/C9CjeFOvtUop05BWSH0v6kQ2WWmCbJzmnoARXvU2HaTLQlTfA1L+B6Y4z6aSjjDt7+BURWY1LjYsHFzETsoJas7SKOBKw2rI/qKIc0q3O+8yvwDBsyuVsXPWO81rgO4RKxH9Nap9uUID5pkuYC19qpOxHLk5y8xAS10bEiqe9+v9sXkSuSwzVWjrJGJ/NglDH6Cmrng968L9SbYpkXaA2DKVFgAhRxrqUFs0YwEbvtFP7Jvp4HfA4xoce92mHG+HDg3K+NKCBjcGkl7FVskYpxecHLoefjsPgIWFmQaa4Lzu7VoDtUTtl9WY2YgnzBwa4K/5iIKlxtr7oDCjQS8Zjuq16jegM7+YjjDUNnwSbaOYbwJsn9kaaHoSl0+n2gtJFzAD4v2KYOXHbDAOefp87n4+EZw+NMOzuQeDPcr4+hE+N4SPzo4SNx+e+jgPIoTjhveFlZqLkne/4xyN0G1EYzJH+OEZ9LgXGm4PiGFUnvQmi1oSamAjmnQct3IXXxQdYDBeHvKgLrjavS6jhOiIoikpG1uVWexAlK8Svb0SFF35OrWga/pELAH5CPeWhizleCaZcz1zLXE1TFIhsP4QTVVrQ1UWa+gVqbzj5AKJTRh78yALs/rq9QagAcJJy4wEyI3ZogdJPu9RdmEQ1pgyWdvPn7OTND2+x2s7FLQTFt/Y3n3RQ0ZHPKEliooSOHSh6bWxgpod46FvNRrBGHzYnEIHaDsIfh26k3hNH1EMU127jaIcl67giu6r2n8n9d+PQKZk31EaCOTb3S0JxiotQRAhDNlOmeifZYGMsazuQwVj2l5bNSli1YB3DwdSz6wthWGr00fSfEpTUbxkK1oCXzE/P1XAM3/gSd3nAja9PS4ZZcQkPOK7ejM2+PV/xoa+62pU7OJ222TXCeAAuR7fWfaCnaxPFcJWJCbXvT9RsWl7nKCWaXsuZY699Obty8abQ7cC6+t6G7rGkm8lLDrV52B/1jrxNNtVsJEi03DfjP+IKkM7MO25r6SQomDnCyNYz7dTnD3OCwNJ3w3G7/V4F+djYaoZNbOvoi8aXBZFlnmA== X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: c2c8f238-d653-4f54-65c2-08dab5bb4d90 X-MS-Exchange-CrossTenant-AuthSource: PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Oct 2022 12:28:49.2885 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: rKz5aHr3J0Gjjx7tBHoC8LSwdHui0T8aLfccQULB8r1JlJXH8koNrWxGqUzURukOTc4OhFIraB6S+4LzpXav7VvIso+KY0COMjswnTTChVM= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR10MB5783 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 24 Oct 2022 12:28:57 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/9811 From: Sven Schultschik The start-qemu shell script need some adjustments to switch on secure in the machine statement and adds the virtual random number generator if secure boot is enabled. Signed-off-by: Sven Schultschik --- start-qemu.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/start-qemu.sh b/start-qemu.sh index dd16aed98..18946a6c9 100755 --- a/start-qemu.sh +++ b/start-qemu.sh @@ -80,13 +80,22 @@ case "${arch}" in QEMU_EXTRA_ARGS=" \ -cpu cortex-a57 \ -smp 4 \ - -machine virt \ -device virtio-serial-device \ -device virtconsole,chardev=con -chardev vc,id=con \ -device virtio-blk-device,drive=disk \ -device virtio-net-device,netdev=net" KERNEL_CMDLINE=" \ root=/dev/vda rw" + if [ -n "${SECURE_BOOT}" ]; then + QEMU_EXTRA_ARGS=" \ + ${QEMU_EXTRA_ARGS} \ + -machine virt,secure=on \ + -device virtio-rng-device" + else + QEMU_EXTRA_ARGS=" \ + ${QEMU_EXTRA_ARGS} \ + -machine virt" + fi ;; arm|armhf) QEMU_ARCH=arm From patchwork Mon Oct 24 12:27:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Schultschik, Sven" X-Patchwork-Id: 13017533 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A1DC3ECAAA1 for ; Mon, 24 Oct 2022 12:29:07 +0000 (UTC) Received: from EUR05-AM6-obe.outbound.protection.outlook.com (EUR05-AM6-obe.outbound.protection.outlook.com [40.107.22.50]) by mx.groups.io with SMTP id smtpd.web11.18528.1666614541837448079 for ; Mon, 24 Oct 2022 05:29:03 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@siemens.com header.s=selector2 header.b=Dp1IX6Vt; spf=pass (domain: siemens.com, ip: 40.107.22.50, mailfrom: sven.schultschik@siemens.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iljluCQqEOqugnndS2SqYK4f8sQOZuE87B6ybeDyxWlpKebHvR2Pl6v94997Eu8Qaqn3CCfCXqikRZqWin2Y7VOKuY4VP8Bo5u2OJYeCbVVWE8+F5G4k28oiMgRadYp/pDWnHXbaCw/njHqj65S+bDkM6f6K1nupDwiOxBNndoREtfXZIJejPi7hLwxy/w/fkgtBjN+mNdif3u1EMnXxxbeJO/22mrOXYr4LkYF8hznFrkF5UnnxEcjIIyYzrVz3/K0oaPquRkW/xCH0v1S7vs+thEDBs4L+n9FWISqm+yEB7cMR7zfN1XYf69cxaLATVNrMhzIQzMbQr9pdxb2dVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uswttgO+ANoZLnR3XGKcwIA1oHvjycnlkNaUJrI6cRM=; b=doC1i3KizxjuuqanpnG4ISrCVJdp1wkfuzrCgbWwnZGEnRJqsFYSxNwf2JvzxhNJm8bGeYp/b1TdA/GyaPFTAKSypvI1kXPTf6LStMN3ykrs6kwNAYMQozVhp8dIo1Hj6TqE3Xf8DO6Fx8jCZpHeUcTfkCuiTurP3h/uIz9chKpTVRQyra0Mq4E9AUND/z/Ma5qtgHoBsx0Rd4+Xvn3DmO8PWSLYfvnoFDCz4U17YJAQrrUsR0KIeNMCGoBeDahwWR6G5MbpQQSKtBYm2bSSatc9Pqfiu8vJDxK4YEgMufE9kC4Bzw80+GhcfR0gRHl0paOPiJx9syGit6/omZ88Nw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uswttgO+ANoZLnR3XGKcwIA1oHvjycnlkNaUJrI6cRM=; b=Dp1IX6VtL+jhlHeClhsczfFpA4CRs+lppAe9PZlqCQbclzjPQQLFY47x49FgP1zmw/FfIwuLYhmGOIe3yvGV79h9PvvbDV+OKKhSx7pvMCzGJpRuX/JTEFfLIQ0+R9rn8+OzY9a3IOfxTbebb1rmof9+s6CnEEPK75C7zM62n16X3a2jjtjOf5hTWy7dFd919QwHx0plS7+8/4zWMEaAx3JTs8bZpvCMyO+ruWpb8SN/BCGH2zPfcYgDvjScCFI7zK0TqI2PRqPiAExX0yFXOank56kfoQSsSgoUSTRfxH6G9nKYOIvCFw6T/G16cHZhfVr/Q4nE0wD5fWWIu0okfQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:210::11) by PAXPR10MB5783.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:249::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5723.29; Mon, 24 Oct 2022 12:28:59 +0000 Received: from PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM ([fe80::8f3:9a82:c9ed:6a3f]) by PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM ([fe80::8f3:9a82:c9ed:6a3f%8]) with mapi id 15.20.5746.026; Mon, 24 Oct 2022 12:28:59 +0000 From: sven.schultschik@siemens.com To: cip-dev@lists.cip-project.org CC: jan.kiszka@siemens.com, Sven Schultschik Subject: [isar-cip-core][PATCH 8/8] no merge - manually instructions test secure boot Date: Mon, 24 Oct 2022 14:27:25 +0200 Message-ID: <20221024122725.383791-9-sven.schultschik@siemens.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20221024122725.383791-1-sven.schultschik@siemens.com> References: <20221024122725.383791-1-sven.schultschik@siemens.com> X-ClientProxiedBy: AS9PR06CA0307.eurprd06.prod.outlook.com (2603:10a6:20b:45b::32) To PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:210::11) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PAXPR10MB5037:EE_|PAXPR10MB5783:EE_ X-MS-Office365-Filtering-Correlation-Id: 7394d642-3233-4596-f3bf-08dab5bb53cc X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: rHzLuuUqPh1IlqF5Du066JC4o+2/vEvpZr7gmNDmGq0my2vv+qSlKpQFTlzbOxzGK2+9IBfRZqaTCgZpi2i9GcGn1heAYt2muYDrxtGtpYWivnQxQSLiqpjNzCPPFyZQKs98ciHLV//93s6JUuVjfr0bMaE5Z4ckd5gQmP8Mn5yyKMnkLhwiA/sAoyA6KV6Fe70YSxecyGU3/2obr4V9lJD8i8v6SZfZm9CV4bO24WowLSUJxSdNz8Zll9ts4pNKJa0lrn4AZDAZ6JjcGT7lp39VSrFSkINEXQwqTPh0cML4naE9b7ZosKqEh8mBpwsQLgrD8XPZZ33Eb1KJc2CKNtNlP4tv8y2PaXH+3HxW18svlGv4c38+Gs7QPy5b78/6OoNSqkHm4bPlfbmig/ktgcBWsIbP4A64RCRNTcyp46ShcwOMZD8rVOgbGC4u+yXVFe/4L7IOGGGjN+V+t2YbF8zyogPnuT9ShRtliGvygZ2an93etTTndVETLvguF+GizQtHZ2/j+k9qbtoi4mCmKBW+77BVHG1gH+G0+TNtaJsKQb8uG5QxrMjPu9apT3CvVFmQJtfgDDQ0dl6W5Ivl3/kPDFEtQ158f0IpIZhaBEYRHKza5NumfNS7I2odtLyfJrgaKFnFb30nI36CymNrULxGNgov4kfR1G2P2BpgkiXPkykQP+L2aPPHat/VwgJVtZT2SrL/IWVoDHeZ0iFdNA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(396003)(346002)(39860400002)(136003)(366004)(451199015)(6486002)(5660300002)(186003)(83380400001)(2616005)(316002)(2906002)(1076003)(86362001)(38100700002)(6916009)(6512007)(4326008)(8936002)(66476007)(107886003)(8676002)(478600001)(9686003)(26005)(66946007)(6666004)(6506007)(36756003)(66556008)(82960400001)(41300700001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 3si3aW8cUqLXS7JtI0r912iXgE7rZMEQCTEWa9RMFgnWcSmuV72UTdkhRKLzsynUDu+woOCFcz5nXqRBw5jIugMM1sbCWuxM3Wv2d7a5GI6KTtSG4i1CrhgkPsn8knSrKIUti0l6NkeWg7H8unEJQdxLOiJeNU6qam/c0diiF9KsEJ5iEQmHvUrWPDAaoZPPfHGc8FkdBztg2jJA9rzLlUpYi5k8y/m5rL5tbSUufHK7QvehRglulDZ3RcbwYuK3UhuTbL5CzKrBVuREUVX1w4+3qyqRawy72Gl6XMxDa1timRh02s5WdtUZozlzh5T9sfZVDtUI8ZNZAfp0y4YKMaP1D3cJzlCuhyuK/VcxduygJjw7qUbtFnH5RbvUXsSMZ0dqSbohLzkuM7O43uMqFOcc1ig7sqMXPBGFb8EXjciub/61cxJGsyXKS7SpjBpKnE61HY6eC1d6+uoNWZNemAXRWtF5Xt9qQvTa2ZJ4dDu3U7eWMEOOwji+y4Ypd7EBjMj1o4PD7XUCXwXWW1iNYZG2OCEPk2SjW4gt0GGH4YYQ0jJx9BBFopAQ6rEKBl7n3891yC7UnZPLoVC+XkvPZNcTl3NNu1M1ncnTH6CzUwMk3z77qysTMptv5SlYkxpQgA2F6YcjSzcfNCtWCLyT7ylZugX/LFBV3GqqeGiZ4M6EZjYOUfo/VaqvXvzOdbImBbDh/5aDMTOZ7BCjIWOOEsW1sUH/gtTBKsPtC+hGnlilGm0ieqPvDXtTwH1nHQG8qVoplJZSeE5eehf0CycmeWyXcAdEFtPGfoPD17vgHVlpB2GLp2pi9I7kkJv1xqe1oWsIQ9CBMzS/iU5PiDhX6uYA4y787mJK0K/OoLJZtN9FdbttXRa0UZEzwJhtiiX2sjIBj3d9AHHiWhf4Lxgbd0SPrsR4kPeFypXdFdarmRovlDO1xF2fv3Xbi83iTqenBufnM4V7aZDaIrL6AeUhOVpegaiHvBdLhvEHRM6VTuhZUdz+BItHqsHS8QnXawhehNZJSaWMvjNZS09e4ufZjctRvKwq2tbpc3s1/EbJsZW+pJU+d4KSFIq08xGB90lJgB78eJtAO1vsI4MehsGXrNLt0ldei63sPA2rebMTXMcu9pZUcH2etooZDz2BT+V89hgyn1FF0tQnmS4GAbCCy0vHiUkBucIVOrGLTj55s7qpm7KGS5zz6MehRboTKndis1o02HLOCqOQa6ElD7cUV7VQxxru8H44w2REIA0A7KRpFZMcs09E2TnWKD1d+vMPNnnv4YLl9accWIIQlpobNhz1UUYI69tU6EmzGFzmn0hA+JxCl1GH9JtxuArej8lUTiErAK106VbgkaUCXfgINOyGtAE4XOqPy6t8C3/plX5M/9LvLz9VZPfeaIbeljpaoiUTUr6RdK6+YCRqj9YVhmeZYEx540uABgvR4u6jjKBJxyQ2ATrDQj8jOC3pORYIXg9OaA6P+IBlqzMUYWMWMNkzXA706FvkAgAfm4ffjuVNa4IoETXCghdD1HZ6cxmjyfTzZwQ6sum3JPvBQrzwUaQWJpZCroxFIq+wya87cLmvPAwp1TnV7LPf/SeQdhu2WRZ616OLJFPDpzbnAGdYpQ== X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7394d642-3233-4596-f3bf-08dab5bb53cc X-MS-Exchange-CrossTenant-AuthSource: PAXPR10MB5037.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Oct 2022 12:28:59.8298 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: /rztwup27HIi1cjJpcL6qupyxl/NVgJ/fjSpntG+UmvasUkwPDuP/7WeWnR2gEH3nUkoYCI5hLq7L+ELyBPUdpmzJbROZBxZsnycnVRZTD4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR10MB5783 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 24 Oct 2022 12:29:07 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/9812 From: Sven Schultschik This patch is not ment for merge but shows how to generally test the implementation of the optee and rpmb driven secure boot qemu setup. Signed-off-by: Sven Schultschik --- README.md | 65 ++++++++++++++++++ keys/helloworld.efi | Bin 0 -> 4576 bytes recipes-bsp/u-boot/files/secure-boot.cfg.tmpl | 2 +- start-qemu.sh | 3 +- 4 files changed, 68 insertions(+), 2 deletions(-) create mode 100644 keys/helloworld.efi diff --git a/README.md b/README.md index e30ff3a63..6aa3f7d19 100644 --- a/README.md +++ b/README.md @@ -55,6 +55,71 @@ or via bmap-tools bmaptool copy build/tmp/deploy/images/bbb/cip-core-image-cip-core-buster-bbb.wic.img /dev/ +## Running Secure Boot Target Images and test it +Create a folder named `keys` if not exist and within this folder create the signing keys and db + +```bash +#PK +openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=SIEMENS_TEST_PK/ -keyout PK.key -out PK.crt -nodes -days 365 +cert-to-efi-sig-list -g 11111111-2222-3333-4444-123456789abc PK.crt PK.esl +sign-efi-sig-list -c PK.crt -k PK.key PK PK.esl PK.auth + +# KEK +openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=SIEMENS_TEST_KEK/ -keyout KEK.key -out KEK.crt -nodes -days 365 +cert-to-efi-sig-list -g 11111111-2222-3333-4444-123456789abc KEK.crt KEK.esl +sign-efi-sig-list -c PK.crt -k PK.key KEK KEK.esl KEK.auth + +# db +openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=SIEMENS_TEST_db/ -keyout db.key -out db.crt -nodes -days 365 +cert-to-efi-sig-list -g 11111111-2222-3333-4444-123456789abc db.crt db.esl +sign-efi-sig-list -c KEK.crt -k KEK.key db db.esl db.auth +``` + +Put an bootable `.efi` file in it or use the `helloworld.efi` provided and sign it. + +``` +sbsign --key db.key --cert db.crt helloworld.efi +``` + +The `start-qemu.sh` has additional `-hdb fat:rw:keys` added with this patch to mount the `keys` folder. + +Start the qemu with following command + +``` +FIRMWARE_BIN=./build/tmp/deploy/images/qemu-arm64/flash.bin ./start-qemu.sh aarch64 +``` + +In this test patch there is as well the possibility added to stop in the u-boot. So if you see a 5 sec timer ticking press Enter to stop. + +Now add the keys to the environment my typing + +``` +fatload virtio 1:1 40000000 PK.auth +setenv -e -nv -bs -rt -at -i 40000000:$filesize PK +fatload virtio 1:1 40000000 KEK.auth +setenv -e -nv -bs -rt -at -i 40000000:$filesize KEK +fatload virtio 1:1 40000000 db.auth +setenv -e -nv -bs -rt -at -i 40000000:$filesize db +``` +> The address 40000000 depends on your DRAM setup. You can check with `bdinfo` + +> $filesize is set by fatload + +### Boot signed efi binary + +``` +fatload virtio 1:1 40000000 helloworld.efi.signed + +bootefi 40000000 ${fdtcontroladdr} +``` + +### Try same binary but unsigned +This should fail with `Image not authenticated. Loading image failed` +``` +fatload virtio 1:1 40000000 helloworld.efi + +bootefi 40000000 ${fdtcontroladdr} +``` ## Community Resources diff --git a/keys/helloworld.efi b/keys/helloworld.efi new file mode 100644 index 0000000000000000000000000000000000000000..c021d94ae576271f1f472bd2e5f380ed1830a2ff GIT binary patch literal 4576 zcmeHKYfKbZ6h1SvJSx^Kg7`w6;o+lE>w`Af8X2%q+e(Xoefa|rRv{uFPz#|cL$D1A ziD9CqO=~TtHE}mhYK@xOmxv~9Qr2V(h{ve?bDWy6pZoe~omt7WOnH$u^Tzj^^cyFwXVwQ(!0ZSa%QcpcQw=l#<{TmfDMgQDbG9F^o4s=A=4Wr zxr;}9PCz>}eVMsHqJzamr@c{`?q`V(jy824?^23-8E<1c5>1X9E|A=Di1||?Pq8Q4 zk{!CGQ%0|`MnBsnQCiDF-D;8OROlS{nPa#h)2$6GGMSs>t|_vIFCMWYaby`1oi+ql92q^D?#J``UM0@M{3CI?HQIE+)}9P5nT&i5S1~Zd z(5woMwUW`pn&Rl%A6i?G=Qpg)YxIHdP}T}tkDZ@bm-Pp7?u^teDMhz@VcGaAX`UmRLr_A#N zYBCldQm4bn(}+Q>(sauwOM@32RA@x$)?V=Tw@T*uZZeh4T*q0Sz&>?G(%W_{Y-H4h#hMH!(N1MK~&xE#=w)89X0M{oO z_4)++;`^N%yI~U)qo+@qw%w`JMrAxda(#{JMq^pO8t%njyhYnkt{anZWP zag476zDwY3{i-&m-$0DiN@jS>j_{bv!ImPl{NY4lM5RvAPbV*z+FDw=gI6F&X=CJ}bz_Sl-(M;I(r(o@yQe z-tG@9Hu((nwdT0vp^NV?8ukVGpZA{|#(1N0+~m})X#%$&9GZ$ca1OW}xKfRx8^@q8 zlN668(`kaQODXC-r_vDa+ro1x!Y0yC2~lAZ@%=5gYdV=j;7h@H6gC<57HkpGP}v;) zCVr0!@w;~NSNJkgW-82seL~J$BKCu+ja*Pq2-Mt+Fxoz?a(Cz2u@=FsWd5(Oxi?!m3~| zfwvsJdf@omMGg3#jA;iLTq3F(=t|&sW4s&vT51$Ao8YO$r<#^y{$+cv602%rKA&E) z)m7koClH*ON?R$La_9;4@YI7Q)*G(1Uaare7DQzt<2*Zd4XvbAh^q&~c4%;oX$mkF zP%dQw`wSIKf*W5suD#1v$Jy|Hxa>WtK*lA|?yp}h=D2oT=gLXz7UcPNwdY-#j5Qa# zR))|nTU@58n~ObmSNVf_tassUqecwYz4kS|>43-B}kw$K^amlHN#p;ck) F{tfI&1hD`B literal 0 HcmV?d00001 diff --git a/recipes-bsp/u-boot/files/secure-boot.cfg.tmpl b/recipes-bsp/u-boot/files/secure-boot.cfg.tmpl index 8e6428238..63d73f70a 100644 --- a/recipes-bsp/u-boot/files/secure-boot.cfg.tmpl +++ b/recipes-bsp/u-boot/files/secure-boot.cfg.tmpl @@ -1,5 +1,5 @@ ### Secure boot config -CONFIG_BOOTDELAY=-2 +CONFIG_BOOTDELAY=5 CONFIG_USE_BOOTCOMMAND=y CONFIG_BOOTCOMMAND="setenv scan_dev_for_boot 'if test -e ${devtype} ${devnum}:${distro_bootpart} efi/boot/boot${EFI_ARCH}.efi; then load ${devtype} ${devnum}:${distro_bootpart} ${kernel_addr_r} efi/boot/boot${EFI_ARCH}.efi; bootefi ${kernel_addr_r} ${fdtcontroladdr}; fi'; run distro_bootcmd; echo 'EFI Boot failed!'; sleep 1000; reset" CONFIG_EFI_VARIABLES_PRESEED=y diff --git a/start-qemu.sh b/start-qemu.sh index 18946a6c9..ac73d8d3b 100755 --- a/start-qemu.sh +++ b/start-qemu.sh @@ -179,7 +179,8 @@ if [ -n "${SECURE_BOOT}${SWUPDATE_BOOT}" ]; then ${QEMU_PATH}${QEMU} \ -drive file=${IMAGE_PREFIX}.wic,discard=unmap,if=none,id=disk,format=raw \ -bios ${u_boot_bin} \ - ${QEMU_COMMON_OPTIONS} "$@" + ${QEMU_COMMON_OPTIONS} "$@" \ + -hdb fat:rw:keys ;; *) echo "Unsupported architecture: ${arch}"