From: Sven Schultschik <sven.schultschik@...>

The u-boot-efi-ebg-op-tee-qemu kas file combines the different recipes to create an image which can be booted with qemu and provides secure boot with EBG, TFA, u-boot, UEFI, EDK2, OPTEE and RPMB

Signed-off-by: Sven Schultschik <sven.schultschik@...>
---
kas/opt/u-boot-efi-ebg-op-tee-qemu.yml | 11 +++++++++++
1 file changed, 11 insertions(+)
create mode 100644 kas/opt/u-boot-efi-ebg-op-tee-qemu.yml

diff --git a/kas/opt/u-boot-efi-ebg-op-tee-qemu.yml b/kas/opt/u-boot-efi-ebg-op-tee-qemu.yml
new file mode 100644
index 000000000..0558c8e79
--- /dev/null
+++ b/kas/opt/u-boot-efi-ebg-op-tee-qemu.yml
@@ -0,0 +1,11 @@
+header:
+ version: 10
+ includes:
+ - kas/board/qemu-arm64.yml
+ - kas/opt/5.10.yml
+ - kas/opt/bullseye.yml
+ - kas/opt/ebg-secure-boot-snakeoil.yml
+
+local_conf_header:
+ trusted-firmware-a-qemu-arm64: |
+ IMAGE_INSTALL_append = " trusted-firmware-a-qemu-arm64"
\ No newline at end of file
--
2.30.2

On 24.10.22 14:27, sven.schultschik@... wrote:

From: Sven Schultschik <sven.schultschik@...>

The u-boot-efi-ebg-op-tee-qemu kas file combines the different recipes to create an image which can be booted with qemu and provides secure boot with EBG, TFA, u-boot, UEFI, EDK2, OPTEE and RPMB

Signed-off-by: Sven Schultschik <sven.schultschik@...>
---
kas/opt/u-boot-efi-ebg-op-tee-qemu.yml | 11 +++++++++++
1 file changed, 11 insertions(+)
create mode 100644 kas/opt/u-boot-efi-ebg-op-tee-qemu.yml

diff --git a/kas/opt/u-boot-efi-ebg-op-tee-qemu.yml b/kas/opt/u-boot-efi-ebg-op-tee-qemu.yml
new file mode 100644
index 000000000..0558c8e79
--- /dev/null
+++ b/kas/opt/u-boot-efi-ebg-op-tee-qemu.yml
@@ -0,0 +1,11 @@
+header:
+ version: 10
+ includes:
+ - kas/board/qemu-arm64.yml
+ - kas/opt/5.10.yml
+ - kas/opt/bullseye.yml
+ - kas/opt/ebg-secure-boot-snakeoil.yml
+
+local_conf_header:
+ trusted-firmware-a-qemu-arm64: |
+ IMAGE_INSTALL_append = " trusted-firmware-a-qemu-arm64"
\ No newline at end of file

Why is this still needed? As discussed, we want to have (QEMU) u-boot
with TFA and OPTEE when secure boot is selected.

Jan

--
Siemens AG, Technology
Competence Center Embedded Linux

+local_conf_header:
+ trusted-firmware-a-qemu-arm64: |
+ IMAGE_INSTALL_append = " trusted-firmware-a-qemu-arm64"
\ No newline at end of file

Why is this still needed? As discussed, we want to have (QEMU) u-boot with TFA
and OPTEE when secure boot is selected.

Looking for the right spot to place the dependencie on TFA.
Kas/board should be kept clean with only machine option set
Kas/opt/ebd-secure-boot-snakeoil.yml should work for x86 as well for arm

So creating a ebd-secure-boot-snakeoil-arm64.yml ?
Or is there a pssoibility to add a "if machine qemu-arm64" to the ebd-secure-boot-snakeoil.yml?
Adding it to the secure-boot-secrets.inc is not a good spot as well.

No idea where to put it currently ...

On 07.11.22 11:43, Schultschik, Sven (DI PA DCP R&D 2) wrote:

+local_conf_header:
+ trusted-firmware-a-qemu-arm64: |
+ IMAGE_INSTALL_append = " trusted-firmware-a-qemu-arm64"
\ No newline at end of file

Why is this still needed? As discussed, we want to have (QEMU) u-boot with TFA
and OPTEE when secure boot is selected.

Looking for the right spot to place the dependencie on TFA.
Kas/board should be kept clean with only machine option set
Kas/opt/ebd-secure-boot-snakeoil.yml should work for x86 as well for arm

So creating a ebd-secure-boot-snakeoil-arm64.yml ?
Or is there a pssoibility to add a "if machine qemu-arm64" to the ebd-secure-boot-snakeoil.yml?
Adding it to the secure-boot-secrets.inc is not a good spot as well.

No idea where to put it currently ...

We already have the override "secureboot". You can make the qemuarm64
specialties depend on that.

Jan

--
Siemens AG, Technology
Competence Center Embedded Linux