[isar-cip-core][PATCH 0/7] Secureboot on QEMU with EDK2, OP-TEE and RPMB

Schultschik, Sven

From: Sven Schultschik <sven.schultschik@...>

This series of patches will add recipes to build a QEMU setup
which uses OP-TEE to use RPMB (Replay protected memory) of
an EMMC for a secure storage. Which is used within Secureboot
on ARM64.
QEMU itself does not have an implementation of a
virtual RPMB. Therefore a patch for u-boot is needed which
adds this feature to u-boot, but breaks hardware
compatibility within u-boot. The virtiual RPMB workaround
is not persistent as well. Therfore a method to copy the keys
to the deploy folder, mount them into the qemu and provision
them on every boot is implemented.
As soon as QEMU has a native persistent RPMB support included,
the u-boot patch and the mounted keys can be removed.

Sven Schultschik (7):
add recipe for edk2
add recipe for optee qemu arm64
Include optee into u-boot
add u-boot patch for qemu to support RPMB
add recipe for trusted firmware a qemu arm64
enhance start-qemu.sh for arm64 secure boot
Use of snakeoil keys for qemu use case

