cip-dev@lists.cip-project.org | [isar-cip-core][PATCH 0/7] Secureboot on QEMU with EDK2, OP-TEE and RPMB

Home Messages Hashtags Subgroups

Date Date 1 - 1 of 1

[isar-cip-core][PATCH 0/7] Secureboot on QEMU with EDK2, OP-TEE and RPMB

Schultschik, Sven #10090 From: Sven Schultschik <sven.schultschik@...> This series of patches will add recipes to build a QEMU setup which uses OP-TEE to use RPMB (Replay protected memory) of an EMMC for a secure storage. Which is used within Secureboot on ARM64. QEMU itself does not have an implementation of a virtual RPMB. Therefore a patch for u-boot is needed which adds this feature to u-boot, but breaks hardware compatibility within u-boot. The virtiual RPMB workaround is not persistent as well. Therfore a method to copy the keys to the deploy folder, mount them into the qemu and provision them on every boot is implemented. As soon as QEMU has a native persistent RPMB support included, the u-boot patch and the mounted keys can be removed. Sven Schultschik (7): add recipe for edk2 add recipe for optee qemu arm64 Include optee into u-boot add u-boot patch for qemu to support RPMB add recipe for trusted firmware a qemu arm64 enhance start-qemu.sh for arm64 secure boot Use of snakeoil keys for qemu use case kas/opt/ebg-secure-boot-snakeoil.yml \| 1 + .../edk2/edk2-platformstandalonemmrpmb.inc \| 56 + .../edk2-platformstandalonemmrpmb_202205.bb \| 12 + recipes-bsp/edk2/files/rules.tmpl \| 61 + .../op-tee/optee-os-qemu-arm64_3.17.0.bb \| 54 + .../trusted-firmware-a/files/rules.tmpl \| 22 + .../trusted-firmware-a-qemu-arm64_2.7.0.bb \| 62 + ...hack.-Breaks-proper-hardware-support.patch \| 1375 +++++++++++++++++ recipes-bsp/u-boot/files/secure-boot.cfg.tmpl \| 9 +- recipes-bsp/u-boot/u-boot-qemu-common.inc \| 9 + .../secure-boot-secrets.inc \| 19 + start-qemu.sh \| 20 +- 12 files changed, 1696 insertions(+), 4 deletions(-) create mode 100644 recipes-bsp/edk2/edk2-platformstandalonemmrpmb.inc create mode 100644 recipes-bsp/edk2/edk2-platformstandalonemmrpmb_202205.bb create mode 100755 recipes-bsp/edk2/files/rules.tmpl create mode 100644 recipes-bsp/op-tee/optee-os-qemu-arm64_3.17.0.bb create mode 100755 recipes-bsp/trusted-firmware-a/files/rules.tmpl create mode 100644 recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemu-arm64_2.7.0.bb create mode 100644 recipes-bsp/u-boot/files/0002-rpmb-emulation-hack.-Breaks-proper-hardware-support.patch -- 2.30.2
More All Messages By This Member

1 - 1 of 1

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms