From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com [209.85.216.49])
 by mx.groups.io with SMTP id smtpd.web11.3476.1614753903839154446
 for <devel@edk2.groups.io>;
 Tue, 02 Mar 2021 22:45:03 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@linaro.org header.s=google header.b=I3jhhHEx;
 spf=pass (domain: linaro.org, ip: 209.85.216.49, mailfrom: masahisa.kojima@linaro.org)
Received: by mail-pj1-f49.google.com with SMTP id i4-20020a17090a7184b02900bfb60fbc6bso2419332pjk.0
        for <devel@edk2.groups.io>; Tue, 02 Mar 2021 22:45:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=/mWAy3EIebKl1wly3REmHDqRy8yJ35u0dBB1Vktpot0=;
        b=I3jhhHExXE6+Or0JaKgv9RzudWbFMadyJdgSVDfnKZSAiwz64wx9SKTHYXbpns41eR
         cnlQbvYZPwAf8oUdtFuRalEkDt273fT2d/aZ8vKZ+TbAMYFkfyQqpUK7Wo/PIOGK/XMh
         ONZc5fM7Iyk5Hh0iPEedEZq8sxYeG9bWH0CQ6sJqFC6Zz5I+wWZ7/saXNTcB+470ryqK
         TUvKx3PvwuKEecjjcJak0Lm/w0pzO4mZ0PARkr3m0PfsNUhzpP/AQHFvuLL2CcUgQKaJ
         tywZGgJZIjmgPBO7g0pRNSoWLxO32qGXaYRvkdlnHIPrOGB5+mqcLfNWAZHP/SOlo1a1
         AfhA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=/mWAy3EIebKl1wly3REmHDqRy8yJ35u0dBB1Vktpot0=;
        b=V1FXlEmKZFutnSlC20wbHkB1EnFBktfeOvh3MQidYJBD4X3prhYgbBRYTuezOw4ZXH
         SUsk63EGRwZoJkNTwaf520GbAJyiLWbfwq4GIZAN4PnW8+75fJOpEGTY8fetYujQzrtv
         PqHGEmJ5n1Ctr+0kb1Bq5YIZqFrJbK3/WIa8AVLx1lfGmF4LHDHF4sCFSzU+J6qM+XQB
         H9nqH7y2MzjAGCKlHqCMhmlYsOndCAV7e+qY2M4ThFwzZp7vcMB7UiEDugTbxspG/KaR
         eJU8Q/GBKnkJsKZcr0zooxnOfsatA0rUVp1wBBncULh2hKuvGF2uWiYGSdmHVvVzDC8X
         C70w==
X-Gm-Message-State: AOAM533ZLYmb+nL7mInfbf4JrPb2wjY0cLD860jmAHOaWyU+bhDqwTVG
	ELoD+x9wQiHxP+q+QmGRR3ouDYXcr4LksA==
X-Google-Smtp-Source: ABdhPJywZq/L/U1ON8Ip//IRFvQY4RQ8LF2ouENZO34RUyb+c/7t+TYUkr3JZVKiThKGl0jdwpub6g==
X-Received: by 2002:a17:90a:c257:: with SMTP id d23mr8266429pjx.102.1614753903359;
        Tue, 02 Mar 2021 22:45:03 -0800 (PST)
Return-Path: <masahisa.kojima@linaro.org>
Received: from localhost.localdomain ([2400:2411:502:a100:82fa:5bff:fe4b:26b1])
        by smtp.gmail.com with ESMTPSA id ms21sm5809240pjb.5.2021.03.02.22.45.01
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 02 Mar 2021 22:45:02 -0800 (PST)
From: "Masahisa Kojima" <masahisa.kojima@linaro.org>
To: devel@edk2.groups.io
Cc: Masahisa Kojima <masahisa.kojima@linaro.org>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Leif Lindholm <leif@nuviainc.com>,
	Graeme Gregory <graeme@nuviainc.com>,
	Radoslaw Biernacki <rad@semihalf.com>,
	Shashi Mallela <shashi.mallela@linaro.org>
Subject: [PATCH edk2-platforms v3 3/4] SbsaQemu: add standalone MM build instruction
Date: Wed,  3 Mar 2021 15:47:46 +0900
Message-Id: <20210303064747.27312-4-masahisa.kojima@linaro.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20210303064747.27312-1-masahisa.kojima@linaro.org>
References: <20210303064747.27312-1-masahisa.kojima@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

This commit adds the standalone MM build instruction
to enable UEFI secure boot.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
---
 Platform/Qemu/SbsaQemu/Readme.md | 35 ++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/Platform/Qemu/SbsaQemu/Readme.md b/Platform/Qemu/SbsaQemu/Readme.md
index 63786d9d0fd3..50f61b6e3bf4 100644
--- a/Platform/Qemu/SbsaQemu/Readme.md
+++ b/Platform/Qemu/SbsaQemu/Readme.md
@@ -104,6 +104,41 @@ Create a directory $WORKSPACE that would hold source code of the components.
   truncate -s 256M SBSA_FLASH[01].fd
   ```
 
+## Build UEFI with standalone MM based UEFI secure boot
+
+1. Compile standalone MM image
+
+  ```
+  cd $WORKSPACE
+  build -b RELEASE -a AARCH64 -t GCC5 -p edk2-platforms/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMM.dsc
+  ```
+
+2. Compile TF-A with BL32(Secure Payload)
+
+  Detailed build instructions can be found on the following link:
+  https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/docs/plat/qemu-sbsa.rst
+
+  Then copy `bl1.bin` and `fip.bin` to the the edk2-non-osi directory:
+
+3. Compile EDK2 with UEFI secure boot enabled
+
+  ```
+  cd $WORKSPACE
+  build -b RELEASE -a AARCH64 -t GCC5 -p edk2-platforms/Platform/Qemu/SbsaQemu/SbsaQemu.dsc -DSECURE_BOOT_ENABLE=TRUE
+  ```
+
+  Copy SBSA_FLASH0.fd and SBSA_FLASH1.fd to top $WORKSPACE directory.
+  Then extend the file size to match the machine flash size.
+  ```
+  cp Build/SbsaQemu/RELEASE_GCC5/FV/SBSA_FLASH[01].fd .
+  truncate -s 256M SBSA_FLASH[01].fd
+  ```
+
+  To keep the UEFI variable storage after the succeeding build, use `dd` instead of `cp`.
+  ```
+  dd if=./Build/SbsaQemu/RELEASE_GCC5/FV/SBSA_FLASH0.fd of=./SBSA_FLASH0.fd conv=notrunc bs=2M count=8
+  ```
+
 # Running
 
   The resulting SBSA_FLASH0.fd file will contain Secure flash0 image (TF-A code).
-- 
2.17.1