cip-dev@lists.cip-project.org | [isar-cip-core][PATCH 5/8] add recipe for trusted firmware a qemu arm64

Home Messages Hashtags Subgroups

Date Date 1 - 1 of 1

[isar-cip-core][PATCH 5/8] add recipe for trusted firmware a qemu arm64

Schultschik, Sven #10058 From: Sven Schultschik <sven.schultschik@...> provide a recipe to generate the needed binary to start a secure boot qemu with integrated optee and active RPMB replay protected memory emulation within u-boot Signed-off-by: Sven Schultschik <sven.schultschik@...> --- kas/opt/ebg-secure-boot-snakeoil.yml \| 1 + .../trusted-firmware-a/files/rules.tmpl \| 22 +++++++ .../trusted-firmware-a-qemu-arm64_2.7.0.bb \| 62 +++++++++++++++++++ 3 files changed, 85 insertions(+) create mode 100755 recipes-bsp/trusted-firmware-a/files/rules.tmpl create mode 100644 recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemu-arm64_2.7.0.bb diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml index e92ea5e..6732095 100644 --- a/kas/opt/ebg-secure-boot-snakeoil.yml +++ b/kas/opt/ebg-secure-boot-snakeoil.yml @@ -26,6 +26,7 @@ local_conf_header: secure-boot: \| IMAGER_BUILD_DEPS += "ebg-secure-boot-signer" + IMAGER_BUILD_DEPS_append_qemu-arm64 = " trusted-firmware-a-qemu-arm64" IMAGER_INSTALL += "ebg-secure-boot-signer" # Use snakeoil keys PREFERRED_PROVIDER_secure-boot-secrets = "secure-boot-snakeoil" diff --git a/recipes-bsp/trusted-firmware-a/files/rules.tmpl b/recipes-bsp/trusted-firmware-a/files/rules.tmpl new file mode 100755 index 0000000..45eb00b --- /dev/null +++ b/recipes-bsp/trusted-firmware-a/files/rules.tmpl @@ -0,0 +1,22 @@ +#!/usr/bin/make -f + +# Debian rules for custom Trusted Firmware A build +# +# This software is a part of ISAR. +# Copyright (c) Siemens AG, 2020 +# +# SPDX-License-Identifier: MIT + +ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) +export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)- +endif + +override_dh_auto_build: + CFLAGS= LDFLAGS= $(MAKE) $(PARALLEL_MAKE) PLAT=${TF_A_PLATFORM} \ + ${TF_A_EXTRA_BUILDARGS} + + dd if="build/${TF_A_PLATFORM}/release/bl1.bin" of="build/${TF_A_PLATFORM}/release/flash.bin" bs=4096 conv=notrunc + dd if="build/${TF_A_PLATFORM}/release/fip.bin" of="build/${TF_A_PLATFORM}/release/flash.bin" seek=64 bs=4096 conv=notrunc + +%: + dh $@ diff --git a/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemu-arm64_2.7.0.bb b/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemu-arm64_2.7.0.bb new file mode 100644 index 0000000..fcb2729 --- /dev/null +++ b/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemu-arm64_2.7.0.bb @@ -0,0 +1,62 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2022 +# +# Authors: +# Sven Schultschik <sven.schultschik@...> +# +# SPDX-License-Identifier: MIT +# + +HOMEPAGE = "https://www.trustedfirmware.org/projects/tf-a/" +MAINTAINER = "Sven Schultschik <sven.schultschik@...>" +LICENSE = "BSD-3-Clause" + +require recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc + +SRC_URI += " \ + https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/snapshot/trusted-firmware-a-${PV}.tar.gz \ + file://rules.tmpl" + +SRC_URI[sha256sum] = "553eeca87d4296cdf37361079d1a6446d4b36da16bc25feadd7e465537e7bd4d" + +S = "${WORKDIR}/trusted-firmware-a-${PV}" + +DEPENDS = "optee-os-${MACHINE} u-boot-qemu-arm64" +DEBIAN_BUILD_DEPENDS += " \ + debhelper(>= 11~), \ + optee-os-${MACHINE}, \ + u-boot-qemu-arm64, \ + libssl-dev:native, " + +TEMPLATE_FILES += "rules.tmpl" + +TEEHEADER = "/usr/lib/optee-os/${MACHINE}/tee-header_v2.bin" +TEEPAGER = "/usr/lib/optee-os/${MACHINE}/tee-pager_v2.bin" +TEEPAGEABLE = "/usr/lib/optee-os/${MACHINE}/tee-pageable_v2.bin" +BL33 = "/usr/lib/u-boot/${MACHINE}/u-boot.bin" + +TF_A_EXTRA_BUILDARGS = "BL32=${TEEHEADER} \ + BL32_EXTRA1=${TEEPAGER} \ + BL32_EXTRA2=${TEEPAGEABLE} \ + BL33=${BL33} \ + BL32_RAM_LOCATION=tdram SPD=opteed ${DEBUG} all fip" + +TF_A_PLATFORM = "qemu" + +TF_A_BINARIES = "release/flash.bin" + +do_prepare_build_append() { + rm -f ${S}/rules + cp ${WORKDIR}/rules ${S}/debian/ +} + +do_deploy[dirs] = "${DEPLOY_DIR_IMAGE}" +do_deploy() { + dpkg --fsys-tarfile "${WORKDIR}/trusted-firmware-a-${MACHINE}_${PV}_${DISTRO_ARCH}.deb" \| \ + tar xOf - "./usr/lib/trusted-firmware-a/${MACHINE}/flash.bin" \ + > "${DEPLOY_DIR_IMAGE}/flash.bin" +} + +addtask deploy after do_dpkg_build before do_deploy_deb \ No newline at end of file -- 2.30.2
More All Messages By This Member

1 - 1 of 1

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms