[isar-cip-core][PATCH 5/8] add recipe for trusted firmware a qemu arm64


Schultschik, Sven
 

From: Sven Schultschik <sven.schultschik@...>

provide a recipe to generate the needed binary to start a secure boot qemu with integrated optee and active RPMB replay protected memory emulation within u-boot

Signed-off-by: Sven Schultschik <sven.schultschik@...>
---
.../trusted-firmware-a-qemu-arm64_2.7.0.bb | 61 +++++++++++++++++++
1 file changed, 61 insertions(+)
create mode 100644 recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemu-arm64_2.7.0.bb

diff --git a/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemu-arm64_2.7.0.bb b/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemu-arm64_2.7.0.bb
new file mode 100644
index 000000000..791089a21
--- /dev/null
+++ b/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemu-arm64_2.7.0.bb
@@ -0,0 +1,61 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2022
+#
+# Authors:
+# Sven Schultschik <sven.schultschik@...>
+#
+# SPDX-License-Identifier: MIT
+#
+
+HOMEPAGE = "https://www.trustedfirmware.org/projects/tf-a/"
+MAINTAINER = "Sven Schultschik <sven.schultschik@...>"
+LICENSE = "BSD-3-Clause"
+
+require recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc
+
+SRC_URI += " \
+ git://review.trustedfirmware.org/TF-A/trusted-firmware-a;branch=master;protocol=https;destsuffix=git;rev=v${PV} "
+
+S = "${WORKDIR}/git"
+
+DEPENDS = "optee-os-${MACHINE} u-boot-qemu-arm64"
+DEBIAN_BUILD_DEPENDS += " \
+ debhelper(>= 11~), \
+ optee-os-${MACHINE}, \
+ u-boot-qemu-arm64, \
+ libssl-dev, "
+
+TEEHEADER = "/usr/lib/optee-os/${MACHINE}/tee-header_v2.bin"
+TEEPAGER = "/usr/lib/optee-os/${MACHINE}/tee-pager_v2.bin"
+TEEPAGEABLE = "/usr/lib/optee-os/${MACHINE}/tee-pageable_v2.bin"
+BL33 = "/usr/lib/u-boot/${MACHINE}/u-boot.bin"
+
+TF_A_EXTRA_BUILDARGS = "BL32=${TEEHEADER} \
+ BL32_EXTRA1=${TEEPAGER} \
+ BL32_EXTRA2=${TEEPAGEABLE} \
+ BL33=${BL33} \
+ BL32_RAM_LOCATION=tdram SPD=opteed ${DEBUG} all fip"
+
+TF_A_PLATFORM = "qemu"
+
+TF_A_BINARIES = "release/bl1.bin release/fip.bin"
+
+ISAR_CROSS_COMPILE = "0"
+
+do_deploy[dirs] = "${DEPLOY_DIR_IMAGE}"
+do_deploy() {
+ dpkg --fsys-tarfile "${WORKDIR}/trusted-firmware-a-${MACHINE}_${PV}_${DISTRO_ARCH}.deb" | \
+ tar xOf - "./usr/lib/trusted-firmware-a/${MACHINE}/bl1.bin" \
+ > "${DEPLOY_DIR_IMAGE}/bl1.bin"
+
+ dpkg --fsys-tarfile "${WORKDIR}/trusted-firmware-a-${MACHINE}_${PV}_${DISTRO_ARCH}.deb" | \
+ tar xOf - "./usr/lib/trusted-firmware-a/${MACHINE}/fip.bin" \
+ > "${DEPLOY_DIR_IMAGE}/fip.bin"
+
+ dd if="${DEPLOY_DIR_IMAGE}/bl1.bin" of="${DEPLOY_DIR_IMAGE}/flash.bin" bs=4096 conv=notrunc
+ dd if="${DEPLOY_DIR_IMAGE}/fip.bin" of="${DEPLOY_DIR_IMAGE}/flash.bin" seek=64 bs=4096 conv=notrunc
+}
+
+addtask deploy after do_dpkg_build before do_deploy_deb
\ No newline at end of file
--
2.30.2


Jan Kiszka
 

On 24.10.22 14:27, sven.schultschik@... wrote:
From: Sven Schultschik <sven.schultschik@...>

provide a recipe to generate the needed binary to start a secure boot qemu with integrated optee and active RPMB replay protected memory emulation within u-boot

Signed-off-by: Sven Schultschik <sven.schultschik@...>
---
.../trusted-firmware-a-qemu-arm64_2.7.0.bb | 61 +++++++++++++++++++
1 file changed, 61 insertions(+)
create mode 100644 recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemu-arm64_2.7.0.bb

diff --git a/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemu-arm64_2.7.0.bb b/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemu-arm64_2.7.0.bb
new file mode 100644
index 000000000..791089a21
--- /dev/null
+++ b/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemu-arm64_2.7.0.bb
@@ -0,0 +1,61 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2022
+#
+# Authors:
+# Sven Schultschik <sven.schultschik@...>
+#
+# SPDX-License-Identifier: MIT
+#
+
+HOMEPAGE = "https://www.trustedfirmware.org/projects/tf-a/"
+MAINTAINER = "Sven Schultschik <sven.schultschik@...>"
+LICENSE = "BSD-3-Clause"
+
+require recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc
+
+SRC_URI += " \
+ git://review.trustedfirmware.org/TF-A/trusted-firmware-a;branch=master;protocol=https;destsuffix=git;rev=v${PV} "
Better pull the release tarball, see e.g.
https://github.com/siemens/meta-iot2050/blob/master/recipes-bsp/optee-os/optee-os-iot2050_3.19.0.bb

BTW, why 2.7.0? Latest is 3.19.

+
+S = "${WORKDIR}/git"
+
+DEPENDS = "optee-os-${MACHINE} u-boot-qemu-arm64"
+DEBIAN_BUILD_DEPENDS += " \
+ debhelper(>= 11~), \
+ optee-os-${MACHINE}, \
+ u-boot-qemu-arm64, \
+ libssl-dev, "
+
+TEEHEADER = "/usr/lib/optee-os/${MACHINE}/tee-header_v2.bin"
+TEEPAGER = "/usr/lib/optee-os/${MACHINE}/tee-pager_v2.bin"
+TEEPAGEABLE = "/usr/lib/optee-os/${MACHINE}/tee-pageable_v2.bin"
+BL33 = "/usr/lib/u-boot/${MACHINE}/u-boot.bin"
+
+TF_A_EXTRA_BUILDARGS = "BL32=${TEEHEADER} \
+ BL32_EXTRA1=${TEEPAGER} \
+ BL32_EXTRA2=${TEEPAGEABLE} \
+ BL33=${BL33} \
+ BL32_RAM_LOCATION=tdram SPD=opteed ${DEBUG} all fip"
+
+TF_A_PLATFORM = "qemu"
+
+TF_A_BINARIES = "release/bl1.bin release/fip.bin"
+
+ISAR_CROSS_COMPILE = "0"
Huh? Wasn't this resolved?

+
+do_deploy[dirs] = "${DEPLOY_DIR_IMAGE}"
+do_deploy() {
+ dpkg --fsys-tarfile "${WORKDIR}/trusted-firmware-a-${MACHINE}_${PV}_${DISTRO_ARCH}.deb" | \
+ tar xOf - "./usr/lib/trusted-firmware-a/${MACHINE}/bl1.bin" \
+ > "${DEPLOY_DIR_IMAGE}/bl1.bin"
+
+ dpkg --fsys-tarfile "${WORKDIR}/trusted-firmware-a-${MACHINE}_${PV}_${DISTRO_ARCH}.deb" | \
+ tar xOf - "./usr/lib/trusted-firmware-a/${MACHINE}/fip.bin" \
+ > "${DEPLOY_DIR_IMAGE}/fip.bin"
+
+ dd if="${DEPLOY_DIR_IMAGE}/bl1.bin" of="${DEPLOY_DIR_IMAGE}/flash.bin" bs=4096 conv=notrunc
+ dd if="${DEPLOY_DIR_IMAGE}/fip.bin" of="${DEPLOY_DIR_IMAGE}/flash.bin" seek=64 bs=4096 conv=notrunc
Conceptually, it would be nicer to do this construction as part of the
build (rules), package the result and only extract it here for
deployment. Would mean an own rules files, though, therefore not really
simpler.

Jan

--
Siemens AG, Technology
Competence Center Embedded Linux


Schultschik, Sven
 

+SRC_URI += " \
+ git://review.trustedfirmware.org/TF-A/trusted-firmware-
a;branch=master;protocol=https;destsuffix=git;rev=v${PV} "

Better pull the release tarball, see e.g.
Pulling now from
https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/snapshot/trusted
-firmware-a-${PV}.tar.gz


BTW, why 2.7.0? Latest is 3.19.
Where do you see a 3.19? All I can find is a 2.7

+
+ISAR_CROSS_COMPILE = "0"
Huh? Wasn't this resolved?
fixed

+
+ dd if="${DEPLOY_DIR_IMAGE}/bl1.bin"
of="${DEPLOY_DIR_IMAGE}/flash.bin" bs=4096 conv=notrunc
+ dd if="${DEPLOY_DIR_IMAGE}/fip.bin"
+ of="${DEPLOY_DIR_IMAGE}/flash.bin" seek=64 bs=4096 conv=notrunc
Conceptually, it would be nicer to do this construction as part of the
build
(rules), package the result and only extract it here for deployment. Would
mean
an own rules files, though, therefore not really simpler.
Moved into rules file. Indeed makes it a little bit easier.

Sven


Jan Kiszka
 

On 28.10.22 17:46, Schultschik, Sven (DI PA DCP R&D 2) wrote:


+SRC_URI += " \
+ git://review.trustedfirmware.org/TF-A/trusted-firmware-
a;branch=master;protocol=https;destsuffix=git;rev=v${PV} "

Better pull the release tarball, see e.g.
Pulling now from
https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/snapshot/trusted
-firmware-a-${PV}.tar.gz


BTW, why 2.7.0? Latest is 3.19.
Where do you see a 3.19? All I can find is a 2.7
Oh, sorry, I confused optee and tf-a.

Jan

--
Siemens AG, Technology
Competence Center Embedded Linux