From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.web11.600.1614619418706574853 for ; Mon, 01 Mar 2021 09:23:39 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@nuviainc-com.20150623.gappssmtp.com header.s=20150623 header.b=JHOrGXt9; spf=pass (domain: nuviainc.com, ip: 209.85.128.45, mailfrom: leif@nuviainc.com) Received: by mail-wm1-f45.google.com with SMTP id l22so4596066wme.1 for ; Mon, 01 Mar 2021 09:23:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nuviainc-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=9r+aD+EIqC3EK6THyZgYFhNuWp1rVwAsGsiytQm/yrE=; b=JHOrGXt9KAcSZWtx+AY6iDDKWx+N/r+Ar5ySEnq+0EyyO1L/ptw4ZC3vFuNxKwfM4i 5qzSojhbujCphyGfqhMUzopqVp6o5fEUHDa1spznkSI97k5+bexOG7BP/DI5cDynLyKZ 7d3J0wtHaVeUVdaqgfdW9Rz+imh2ZQu+JeqrVXm3koJKJg14ZJlCAOeZvHxyexNjxVOO 8XnJ/D/zxBAvIXWXJwofxgd5O3WqH5DUajhSBYkkRLfB21z4Kzx2pY0HQzHZflAoI1YC spTaxMc3qBtzepxHBWxYqWxOoxkH7KmL+0kWIdwZcyyhwu19iwVZpOFQBgmZdIT5vQ2p bSmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=9r+aD+EIqC3EK6THyZgYFhNuWp1rVwAsGsiytQm/yrE=; b=BFAVYQjhYE3fDhcemrkdXQ9U5qkY9f5AVtPQ/ZGWoVWT8QmdgOXS4iJnRrND/qCcsh 0WvoJCyvjLLo4S5vxW/B76n1KIQnFdgaVQzupT/YfJxGpLsaHX2TwY9kKtob3HKILvMW j8rztHPD6w4bZxTunnHkKSH+YbENAoTgaz4yNRgsZYDvgU04zX21g+wdkHqmdcGDxaii Gn3SPBDU9cm2f0nS4Nafee6ZJV5hguZABliy26YaMgaGJ3ppYkg45j2Qak2jI841BpVU DQsQmMgwkNluYYJbdra0fl6rOoS8XeCX28QlnwsP8fmY8cpl1ic27oEBykSCuriBfny3 448g== X-Gm-Message-State: AOAM530Y6lOD7voP801FkTDJDNihRXphJz8J1Mzs24j7vcqECtFE5GcU V71RHLYFV5WK41zxDx9+dDUFCg== X-Google-Smtp-Source: ABdhPJxmVMPknnyhg+GzowJ/HLc6OSGXTTKHv7SyCcFXdpP209afVWmaHXgenrXlCLRKt/tDXHkBfw== X-Received: by 2002:a1c:771a:: with SMTP id t26mr3674752wmi.60.1614619417108; Mon, 01 Mar 2021 09:23:37 -0800 (PST) Return-Path: Received: from vanye (cpc1-cmbg19-2-0-cust915.5-4.cable.virginm.net. [82.27.183.148]) by smtp.gmail.com with ESMTPSA id z3sm26442955wrw.96.2021.03.01.09.23.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Mar 2021 09:23:36 -0800 (PST) Date: Mon, 1 Mar 2021 17:23:34 +0000 From: "Leif Lindholm" To: Masahisa Kojima Cc: devel@edk2.groups.io, Ard Biesheuvel , Graeme Gregory , Radoslaw Biernacki , Shashi Mallela Subject: Re: [PATCH edk2-platforms v2 3/4] SbsaQemu: add standalone MM build instruction Message-ID: <20210301172334.GV1664@vanye> References: <20210301051952.29091-1-masahisa.kojima@linaro.org> <20210301051952.29091-4-masahisa.kojima@linaro.org> MIME-Version: 1.0 In-Reply-To: <20210301051952.29091-4-masahisa.kojima@linaro.org> User-Agent: Mutt/1.10.1 (2018-07-13) Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Mar 01, 2021 at 14:19:51 +0900, Masahisa Kojima wrote: > This commit adds the standalone MM build instruction > to enable UEFI secure boot. > > Signed-off-by: Masahisa Kojima > --- > Platform/Qemu/SbsaQemu/Readme.md | 35 ++++++++++++++++++++++++++++++++ > 1 file changed, 35 insertions(+) > > diff --git a/Platform/Qemu/SbsaQemu/Readme.md b/Platform/Qemu/SbsaQemu/Readme.md > index 63786d9d0fd3..cdee8b41507e 100644 > --- a/Platform/Qemu/SbsaQemu/Readme.md > +++ b/Platform/Qemu/SbsaQemu/Readme.md > @@ -104,6 +104,41 @@ Create a directory $WORKSPACE that would hold source code of the components. > truncate -s 256M SBSA_FLASH[01].fd > ``` > > +## Build UEFI with standalone MM based UEFI secure boot > + > +1. Compile standalone MM image > + > + ``` > + cd $WORKSPACE > + build -b RELEASE -a AARCH64 -t GCC5 -p edk2-platforms/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMM.dsc > + ``` > + > +2. Compile TF-A with BL32(Secure Payload) > + > + Detailed build instructions can be found on the following link: > + https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/docs/plat/qemu-sbsa.rst > + > + Then copy `bl1.bin` and `fip.bin` to the the edk2-non-osi directory: > + > +3. Compile UEFI with UEFI secure boot enabled Suggest replacing the first UEFI on line above with "EDK2". / Leif > + > + ``` > + cd $WORKSPACE > + build -b RELEASE -a AARCH64 -t GCC5 -p edk2-platforms/Platform/Qemu/SbsaQemu/SbsaQemu.dsc -DSECURE_BOOT_ENABLE=TRUE > + ``` > + > + Copy SBSA_FLASH0.fd and SBSA_FLASH1.fd to top $WORKSPACE directory. > + Then extend the file size to match the machine flash size. > + ``` > + cp Build/SbsaQemu/RELEASE_GCC5/FV/SBSA_FLASH[01].fd . > + truncate -s 256M SBSA_FLASH[01].fd > + ``` > + > + To keep the UEFI variable storage after the succeeding build, use `dd` instead of `cp`. > + ``` > + dd if=./Build/SbsaQemu/RELEASE_GCC5/FV/SBSA_FLASH0.fd of=./SBSA_FLASH0.fd conv=notrunc bs=2M count=8 > + ``` > + > # Running > > The resulting SBSA_FLASH0.fd file will contain Secure flash0 image (TF-A code). > -- > 2.17.1 >