From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.web10.61.1628613648713161493 for ; Tue, 10 Aug 2021 09:40:49 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=y5S/NY7r; spf=pass (domain: linaro.org, ip: 209.85.128.43, mailfrom: etienne.carriere@linaro.org) Received: by mail-wm1-f43.google.com with SMTP id o1-20020a05600c5101b02902e676fe1f04so2159319wms.1 for ; Tue, 10 Aug 2021 09:40:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=VWLV9470NV7cK33NfoRTm/aoNt6qcL+CUhm14CI/q7A=; b=y5S/NY7raiyJ9jq8F2OnFcRJN6GxptRhANRQl5SehKVkfP/zXETB1QwDPEhvnV6tYE l+XWWLOmVvK3czF3EThaMMe1pCtYFssBYiq5UFcZJwH6Ireklk5puXnJwDVcaHfrcJND SprbP+YC4WnQySNDYgi2KVYAlOw0+1xb2ssJppfWIpbVZXCGjN3ut3MJbDjjHMCZhzgT 5Fa/nIB0kShvgpKyezDviDnGtbs1NlX0xzCY5JAqNgIkiRSbsNI4aZCR+5+RkMNc+2mI AnqpmYN/kcCfouu0eGrgCD2a6oAex0QDrVb1vsImFwu2CwpWpamLByGBa+xZhfZDZvhb FLEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=VWLV9470NV7cK33NfoRTm/aoNt6qcL+CUhm14CI/q7A=; b=oNf3YspuvCUeVMhKsDdjPB9j/7I14DLYWG0vizn7IbO+2aVv5RPOpGHqHHfYIfNrQ7 3qkP1hqIBkkMFu0lR9sYUkh+rSWAgBfL8VQTqLZ79UYpdlCyyzVf3Iqk0JrlbboDStJY tcTlQNd7MkVq+64nrg9ipJSpWol6/IX0qXUKHoo6qawpB+ueGiXjpvQsb6XeWwwiFwJy lLENJ6BJKdZew6pn4OjO+YaDJVm/PwI1s6+4LZX9XVmZ6wt0VrWEVEb3uq0eWNHMuq8I pPjqH9sg8+8xrfessQgNrDdaFvHxEIaBfRrSsiJJktIYHaY3H6Ss7a/fxbyV2owfzlNp Af/w== X-Gm-Message-State: AOAM531X70Vv7pmcSAtT9mAo+mAaXsQfKYPTxahO1XxbxvjEMGBqeBi2 B+dFxdkEARAO6+ldfFN/2XcXeoc2pJUWXw== X-Google-Smtp-Source: ABdhPJy2sgLMzs0GH1iXJqpjjQLMK/F9k1tZOTvg5qUMmFdNBGfIi/TMo2+zolNb058w7QbeuJo+uQ== X-Received: by 2002:a1c:730a:: with SMTP id d10mr5660941wmb.59.1628613647158; Tue, 10 Aug 2021 09:40:47 -0700 (PDT) Return-Path: Received: from lmecxl0524.lme.st.com ([2a04:cec0:10c1:ef71:f5e6:d24:9eea:1973]) by smtp.gmail.com with ESMTPSA id i3sm3196261wmb.17.2021.08.10.09.40.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Aug 2021 09:40:46 -0700 (PDT) From: "Etienne Carriere" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Ilias Apalodimas , Leif Lindholm , Sami Mujawar , Sughosh Ganu , Thomas Abraham , Etienne Carriere Subject: [PATCH v3 0/6] Arm 32bit support in PlatformStandaloneMmRpmb Date: Tue, 10 Aug 2021 18:40:30 +0200 Message-Id: <20210810164036.15199-1-etienne.carriere@linaro.org> X-Mailer: git-send-email 2.17.1 This series brings support for building PlatformStandaloneMmRpmb for 32bit Arm architectures. This series is based on series tracked through [1] in edk2 that allows to build StandaloneMm package for 32bit Arm. This series starts by syncing with paths changes from [1] series, then comes changes for Arm 32bit support in OpTee drivers and last updates PlatformStandaloneMmRpmb.dsc for 32bit the ARM architure. This series is tracked through ticket [2]. One can test the generated StMM image with OP-TEE release for stm32mp157c-ev1 board which integrates an eMMC device with a RPMB partition. Se below are the fetch/build directives. Note that enabling EFI secure boot on stm32mp1 needs more than the build instruction below. At least these show how U-Boot and OP-TEE can leverage StMM with an RPMB device. Step 1: fetch edk2, edk2-platforms, apply patches and Build StMM. I build edk2 with the following command (one shall replace ${path_to_xxx} with the appropriate paths. # export WORKSPACE=${path_to_edk2_build_dir} # export PYTHON3_ENABLE=TRUE # export PACKAGES_PATH=${path_to_edk2}:${path_to_edk2_platforms} # source ${path_to_edk2}/edksetup.sh # make -j$(nproc) -C ${path_to_edk2}/BaseTools # GCC5_ARM_PREFIX=${path_to_arm_tooclain}/bin/arm-linux-gnueabihf- \ build -n $(nproc) -a ARM -t GCC5 -b RELEASE -D DO_X86EMU=TRUE \ -p Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc \ all Step 2: clone and build OP-TEE release for stm32mp1 (see also [3]): # mkdir /tmp/optee-stm32mp1-stmm # cd /tmp/optee-stm32mp1-stmm # repo init -u https://github.com/OP-TEE/manifest.git -t 3.14.0 -m stm32mp1.xml # repo sync # cd build # make toolchains # make all Step 3: sync with U-Boot master branch, at least commit [4] which merges a fix in MMC/RPMB driver OP-TEE [5]. Platform defconfig must be changed to enable StMM and RPMB support. The command below builds u-boot using OP-TEE build env (from build/ dir) # git -C ../u-boot checkout 99bb5f248ade371ee4713e0ef51401708ecbb13c # echo CONFIG_EFI_MM_COMM_TEE=y >> ../u-boot/configs/stm32mp15_trusted_defconfig # echo CONFIG_SUPPORT_EMMC_RPMB=y >> ../u-boot/configs/stm32mp15_trusted_defconfig # make u-boot Step 4: rebuild optee_os (and SDcard image) with StMM image embedded in OP-TEE core wand RPMB support for stm32mp15c-ev1 (the board has an eMMC device with an RPMB partition). The command below builds u-boot using OP-TEE build env. # make optee-os all \ CFG_STMM_PATH=${path_to_edk2_build_dir}/Build/MmStandaloneRpmb/RELEASE_GCC5/FV/BL32_AP_MM.fd \ PLATFORM=stm32mp1-157C_ED1 \ CFG_RPMB_FS=y CFG_CORE_HUK_SUBKEY_COMPAT=n CFG_RPMB_FS_DEV_ID=1 Once done, program SDcard (/dev/sdX relates to SDcard slot device file) # dd conf=fdatasync if=../out/bin/sdcard of=/dev/sdX # where /dev/sdX is The target (stm32mp157c-ev1 board) can boot with the programmed SDcard. One can interrupt the U-Boot console, possibly program RPMB key (see note below) and read the EFI variable (read from the RPMB though StMM executing in OP-TEE. $ printenv -e # read EFI variables $ setenv -e # write an EFI variable Note about the RPMB key: With the build instructions above, OP-TEE assumes the RPMB device key is generated from a known derivation of an all-zero root key. If the RPMB device key was not yet programmed, one can program it from the U-Boot console with command 'mmc rpmc key . The commands below can be used to program the platform default RPMB development key that is (hexadecimal notation, first byte first): 15 46 75 8c 61 8e d8 b8 a2 27 89 02 df 54 ef 63 11 de e2 96 49 99 5b d7 d9 12 f1 53 6d 8a 67 c7 $ mw.l 0xc0000000 0x8c754615 $ mw.l 0xc0000004 0xb8d88e61 $ mw.l 0xc0000008 0x028927a2 $ mw.l 0xc000000c 0x63ef54df $ mw.l 0xc0000010 0x96e2de11 $ mw.l 0xc0000014 0xd75b9949 $ mw.l 0xc0000018 0x53f112d9 $ mw.l 0xc000001c 0xc7678a6d $ mmc rpmb key 0xc0000000 [1] https://bugzilla.tianocore.org/show_bug.cgi?id=3381 [2] https://bugzilla.tianocore.org/show_bug.cgi?id=3383 [3] https://optee.readthedocs.io/en/latest/building/devices/stm32mp1.html#build-instructions [4] https://source.denx.de/u-boot/u-boot/-/commit/99bb5f248ade371ee4713e0ef51401708ecbb13c [5] https://source.denx.de/u-boot/u-boot/-/commit/a9f7be509af90fa5f2c308867ad3b0bd48532c6e Etienne Carriere (6): Platform/ARM/SgiPkg: sync with edk2 StandaloneMmCpu path change Platform/Socionext/DeveloperBox: sync with edk2 StandaloneMmCpu path change Platform/StandaloneMm: sync with edk2 StandaloneMmCpu path change Drivers/OpTee: Add Aarch32 SVC IDs for 32bit Arm targets Drivers/OpTee: address cast build warning issue in 32b mode Platform/StandaloneMm: build StandaloneMmRpmb for 32bit architectures Drivers/OpTee/OpteeRpmbPkg/OpTeeRpmbFvb.c | 23 ++++++++++++------- Drivers/OpTee/OpteeRpmbPkg/OpTeeRpmbFvb.h | 16 +++++++++++-- Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf | 2 +- Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc | 2 +- .../Socionext/DeveloperBox/DeveloperBoxMm.dsc | 2 +- .../Socionext/DeveloperBox/DeveloperBoxMm.fdf | 2 +- .../PlatformStandaloneMmRpmb.dsc | 14 +++++++++-- .../PlatformStandaloneMmRpmb.fdf | 3 ++- 8 files changed, 47 insertions(+), 17 deletions(-) -- 2.17.1