* [PATCH v3 0/6] Arm 32bit support in PlatformStandaloneMmRpmb
@ 2021-08-10 16:40 Etienne Carriere
2021-08-10 16:40 ` [PATCH v3 1/6] Platform/ARM/SgiPkg: sync with edk2 StandaloneMmCpu path change Etienne Carriere
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: Etienne Carriere @ 2021-08-10 16:40 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Ilias Apalodimas, Leif Lindholm, Sami Mujawar,
Sughosh Ganu, Thomas Abraham, Etienne Carriere
This series brings support for building PlatformStandaloneMmRpmb for
32bit Arm architectures. This series is based on series tracked through
[1] in edk2 that allows to build StandaloneMm package for 32bit Arm.
This series starts by syncing with paths changes from [1] series,
then comes changes for Arm 32bit support in OpTee drivers and last
updates PlatformStandaloneMmRpmb.dsc for 32bit the ARM architure.
This series is tracked through ticket [2].
One can test the generated StMM image with OP-TEE release for
stm32mp157c-ev1 board which integrates an eMMC device with a
RPMB partition. Se below are the fetch/build directives.
Note that enabling EFI secure boot on stm32mp1 needs more than the
build instruction below. At least these show how U-Boot and OP-TEE
can leverage StMM with an RPMB device.
Step 1: fetch edk2, edk2-platforms, apply patches and Build StMM.
I build edk2 with the following command (one shall replace ${path_to_xxx}
with the appropriate paths.
# export WORKSPACE=${path_to_edk2_build_dir}
# export PYTHON3_ENABLE=TRUE
# export PACKAGES_PATH=${path_to_edk2}:${path_to_edk2_platforms}
# source ${path_to_edk2}/edksetup.sh
# make -j$(nproc) -C ${path_to_edk2}/BaseTools
# GCC5_ARM_PREFIX=${path_to_arm_tooclain}/bin/arm-linux-gnueabihf- \
build -n $(nproc) -a ARM -t GCC5 -b RELEASE -D DO_X86EMU=TRUE \
-p Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc \
all
Step 2: clone and build OP-TEE release for stm32mp1 (see also [3]):
# mkdir /tmp/optee-stm32mp1-stmm
# cd /tmp/optee-stm32mp1-stmm
# repo init -u https://github.com/OP-TEE/manifest.git -t 3.14.0 -m stm32mp1.xml
# repo sync
# cd build
# make toolchains
# make all
Step 3: sync with U-Boot master branch, at least commit [4] which merges
a fix in MMC/RPMB driver OP-TEE [5]. Platform defconfig must be changed
to enable StMM and RPMB support.
The command below builds u-boot using OP-TEE build env (from build/ dir)
# git -C ../u-boot checkout 99bb5f248ade371ee4713e0ef51401708ecbb13c
# echo CONFIG_EFI_MM_COMM_TEE=y >> ../u-boot/configs/stm32mp15_trusted_defconfig
# echo CONFIG_SUPPORT_EMMC_RPMB=y >> ../u-boot/configs/stm32mp15_trusted_defconfig
# make u-boot
Step 4: rebuild optee_os (and SDcard image) with StMM image embedded in
OP-TEE core wand RPMB support for stm32mp15c-ev1 (the board has an eMMC
device with an RPMB partition).
The command below builds u-boot using OP-TEE build env.
# make optee-os all \
CFG_STMM_PATH=${path_to_edk2_build_dir}/Build/MmStandaloneRpmb/RELEASE_GCC5/FV/BL32_AP_MM.fd \
PLATFORM=stm32mp1-157C_ED1 \
CFG_RPMB_FS=y CFG_CORE_HUK_SUBKEY_COMPAT=n CFG_RPMB_FS_DEV_ID=1
Once done, program SDcard (/dev/sdX relates to SDcard slot device file)
# dd conf=fdatasync if=../out/bin/sdcard of=/dev/sdX # where /dev/sdX is
The target (stm32mp157c-ev1 board) can boot with the programmed
SDcard. One can interrupt the U-Boot console, possibly program
RPMB key (see note below) and read the EFI variable (read from the
RPMB though StMM executing in OP-TEE.
$ printenv -e # read EFI variables
$ setenv -e <some args> # write an EFI variable
Note about the RPMB key:
With the build instructions above, OP-TEE assumes the RPMB device key
is generated from a known derivation of an all-zero root key. If the
RPMB device key was not yet programmed, one can program it from the
U-Boot console with command 'mmc rpmc key <key-data-address>. The
commands below can be used to program the platform default RPMB
development key that is (hexadecimal notation, first byte first):
15 46 75 8c 61 8e d8 b8 a2 27 89 02 df 54 ef 63
11 de e2 96 49 99 5b d7 d9 12 f1 53 6d 8a 67 c7
$ mw.l 0xc0000000 0x8c754615
$ mw.l 0xc0000004 0xb8d88e61
$ mw.l 0xc0000008 0x028927a2
$ mw.l 0xc000000c 0x63ef54df
$ mw.l 0xc0000010 0x96e2de11
$ mw.l 0xc0000014 0xd75b9949
$ mw.l 0xc0000018 0x53f112d9
$ mw.l 0xc000001c 0xc7678a6d
$ mmc rpmb key 0xc0000000
[1] https://bugzilla.tianocore.org/show_bug.cgi?id=3381
[2] https://bugzilla.tianocore.org/show_bug.cgi?id=3383
[3] https://optee.readthedocs.io/en/latest/building/devices/stm32mp1.html#build-instructions
[4] https://source.denx.de/u-boot/u-boot/-/commit/99bb5f248ade371ee4713e0ef51401708ecbb13c
[5] https://source.denx.de/u-boot/u-boot/-/commit/a9f7be509af90fa5f2c308867ad3b0bd48532c6e
Etienne Carriere (6):
Platform/ARM/SgiPkg: sync with edk2 StandaloneMmCpu path change
Platform/Socionext/DeveloperBox: sync with edk2 StandaloneMmCpu path
change
Platform/StandaloneMm: sync with edk2 StandaloneMmCpu path change
Drivers/OpTee: Add Aarch32 SVC IDs for 32bit Arm targets
Drivers/OpTee: address cast build warning issue in 32b mode
Platform/StandaloneMm: build StandaloneMmRpmb for 32bit architectures
Drivers/OpTee/OpteeRpmbPkg/OpTeeRpmbFvb.c | 23 ++++++++++++-------
Drivers/OpTee/OpteeRpmbPkg/OpTeeRpmbFvb.h | 16 +++++++++++--
Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf | 2 +-
Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc | 2 +-
.../Socionext/DeveloperBox/DeveloperBoxMm.dsc | 2 +-
.../Socionext/DeveloperBox/DeveloperBoxMm.fdf | 2 +-
.../PlatformStandaloneMmRpmb.dsc | 14 +++++++++--
.../PlatformStandaloneMmRpmb.fdf | 3 ++-
8 files changed, 47 insertions(+), 17 deletions(-)
--
2.17.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v3 1/6] Platform/ARM/SgiPkg: sync with edk2 StandaloneMmCpu path change
2021-08-10 16:40 [PATCH v3 0/6] Arm 32bit support in PlatformStandaloneMmRpmb Etienne Carriere
@ 2021-08-10 16:40 ` Etienne Carriere
2021-08-10 16:40 ` [PATCH v3 2/6] Platform/Socionext/DeveloperBox: " Etienne Carriere
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Etienne Carriere @ 2021-08-10 16:40 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Ilias Apalodimas, Leif Lindholm, Sami Mujawar,
Sughosh Ganu, Thomas Abraham, Etienne Carriere
Synchronize with edk2 package where StandaloneMmCpu component has moved
from StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
to StandaloneMmPkg/Drivers/StandaloneMmCpu/StandaloneMmCpu.inf
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Sughosh Ganu <sughosh.ganu@linaro.org>
Cc: Thomas Abraham <thomas.abraham@arm.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
---
Changes since v2:
- Fix StandaloneMmCpu.inf
path required when rebasing the patch.
Changes since v1:
- split change in 3: this change relates to Platform/ARM/SgiPkg only.
---
Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf | 2 +-
Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf b/Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf
index 474c9c0ce7..c1c24b747f 100644
--- a/Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf
+++ b/Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf
@@ -54,7 +54,7 @@ READ_LOCK_STATUS = TRUE
INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
!endif
- INF StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
+ INF StandaloneMmPkg/Drivers/StandaloneMmCpu/StandaloneMmCpu.inf
################################################################################
#
diff --git a/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc b/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
index 2b461d5afb..5287e1f8e5 100644
--- a/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
+++ b/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
@@ -119,7 +119,7 @@
StandaloneMmPkg/Core/StandaloneMmCore.inf
[Components.AARCH64]
- StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
+ StandaloneMmPkg/Drivers/StandaloneMmCpu/StandaloneMmCpu.inf
!if $(SECURE_STORAGE_ENABLE) == TRUE
ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
--
2.17.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v3 2/6] Platform/Socionext/DeveloperBox: sync with edk2 StandaloneMmCpu path change
2021-08-10 16:40 [PATCH v3 0/6] Arm 32bit support in PlatformStandaloneMmRpmb Etienne Carriere
2021-08-10 16:40 ` [PATCH v3 1/6] Platform/ARM/SgiPkg: sync with edk2 StandaloneMmCpu path change Etienne Carriere
@ 2021-08-10 16:40 ` Etienne Carriere
2021-08-10 16:40 ` [PATCH v3 3/6] Platform/StandaloneMm: " Etienne Carriere
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Etienne Carriere @ 2021-08-10 16:40 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Ilias Apalodimas, Leif Lindholm, Sami Mujawar,
Sughosh Ganu, Thomas Abraham, Etienne Carriere
Synchronize with edk2 package where StandaloneMmCpu component has moved
from StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
to StandaloneMmPkg/Drivers/StandaloneMmCpu/StandaloneMmCpu.inf
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Sughosh Ganu <sughosh.ganu@linaro.org>
Cc: Thomas Abraham <thomas.abraham@arm.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
---
No change since v2
Changes since v1:
- split change in 3: this change relates to DeveloperBox only.
---
Platform/Socionext/DeveloperBox/DeveloperBoxMm.dsc | 2 +-
Platform/Socionext/DeveloperBox/DeveloperBoxMm.fdf | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/Platform/Socionext/DeveloperBox/DeveloperBoxMm.dsc b/Platform/Socionext/DeveloperBox/DeveloperBoxMm.dsc
index e078de4bbb..b5524f87a6 100644
--- a/Platform/Socionext/DeveloperBox/DeveloperBoxMm.dsc
+++ b/Platform/Socionext/DeveloperBox/DeveloperBoxMm.dsc
@@ -80,7 +80,7 @@
gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x2
}
- StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
+ StandaloneMmPkg/Drivers/StandaloneMmCpu/StandaloneMmCpu.inf
Silicon/Socionext/SynQuacer/Drivers/Fip006Dxe/Fip006StandaloneMm.inf
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf {
diff --git a/Platform/Socionext/DeveloperBox/DeveloperBoxMm.fdf b/Platform/Socionext/DeveloperBox/DeveloperBoxMm.fdf
index 33de03c8e7..89453477c9 100644
--- a/Platform/Socionext/DeveloperBox/DeveloperBoxMm.fdf
+++ b/Platform/Socionext/DeveloperBox/DeveloperBoxMm.fdf
@@ -111,7 +111,7 @@ READ_LOCK_STATUS = TRUE
INF Silicon/Socionext/SynQuacer/Drivers/Fip006Dxe/Fip006StandaloneMm.inf
INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
- INF StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
+ INF StandaloneMmPkg/Drivers/StandaloneMmCpu/StandaloneMmCpu.inf
################################################################################
#
--
2.17.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v3 3/6] Platform/StandaloneMm: sync with edk2 StandaloneMmCpu path change
2021-08-10 16:40 [PATCH v3 0/6] Arm 32bit support in PlatformStandaloneMmRpmb Etienne Carriere
2021-08-10 16:40 ` [PATCH v3 1/6] Platform/ARM/SgiPkg: sync with edk2 StandaloneMmCpu path change Etienne Carriere
2021-08-10 16:40 ` [PATCH v3 2/6] Platform/Socionext/DeveloperBox: " Etienne Carriere
@ 2021-08-10 16:40 ` Etienne Carriere
2021-08-10 16:40 ` [PATCH v3 4/6] Drivers/OpTee: Add Aarch32 SVC IDs for 32bit Arm targets Etienne Carriere
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Etienne Carriere @ 2021-08-10 16:40 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Ilias Apalodimas, Leif Lindholm, Sami Mujawar,
Sughosh Ganu, Thomas Abraham, Etienne Carriere
Synchronize with edk2 package where StandaloneMmCpu component has moved
from StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
to StandaloneMmPkg/Drivers/StandaloneMmCpu/StandaloneMmCpu.inf
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Sughosh Ganu <sughosh.ganu@linaro.org>
Cc: Thomas Abraham <thomas.abraham@arm.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
---
No change since v2
Changes since v1:
- split change in 3: this change relates to StandaloneMm package only.
---
Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc | 2 +-
Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.fdf | 3 ++-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc b/Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc
index f99a47ebf6..cb3f1ddf52 100644
--- a/Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc
+++ b/Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc
@@ -133,7 +133,7 @@
#
Drivers/OpTee/OpteeRpmbPkg/OpTeeRpmbFv.inf
StandaloneMmPkg/Core/StandaloneMmCore.inf
- StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
+ StandaloneMmPkg/Drivers/StandaloneMmCpu/StandaloneMmCpu.inf
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf {
<LibraryClasses>
NULL|Drivers/OpTee/OpteeRpmbPkg/FixupPcd.inf
diff --git a/Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.fdf b/Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.fdf
index e175dc7b2d..c4295a3e63 100644
--- a/Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.fdf
+++ b/Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.fdf
@@ -68,7 +68,8 @@ READ_LOCK_STATUS = TRUE
INF Drivers/OpTee/OpteeRpmbPkg/OpTeeRpmbFv.inf
INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
- INF StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
+ INF StandaloneMmPkg/Drivers/StandaloneMmCpu/StandaloneMmCpu.inf
+
################################################################################
#
# Rules are use with the [FV] section's module INF type to define
--
2.17.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v3 4/6] Drivers/OpTee: Add Aarch32 SVC IDs for 32bit Arm targets
2021-08-10 16:40 [PATCH v3 0/6] Arm 32bit support in PlatformStandaloneMmRpmb Etienne Carriere
` (2 preceding siblings ...)
2021-08-10 16:40 ` [PATCH v3 3/6] Platform/StandaloneMm: " Etienne Carriere
@ 2021-08-10 16:40 ` Etienne Carriere
2021-08-10 16:40 ` [PATCH v3 5/6] Drivers/OpTee: address cast build warning issue in 32b mode Etienne Carriere
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Etienne Carriere @ 2021-08-10 16:40 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Ilias Apalodimas, Leif Lindholm, Sami Mujawar,
Sughosh Ganu, Thomas Abraham, Etienne Carriere
Add SMCCC function IDs for RPMB read/write service on 32bit architectures.
Define generic SP_SVC_RPMB_READ/SP_SVC_RPMB_WRITE IDs for native target
architecture (32b or 64b).
Changes OpTeeRpmbFvb.c to use architecture agnostic macro
ARM_SVC_ID_FFA_MSG_SEND_DIRECT_REQ for 32b and 64b support.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
---
No change since v2
Changes since v1:
- Use _AARCH64 (resp. _AARCH32) suffix instead of _64 (resp. _32) in
the added macros.
---
Drivers/OpTee/OpteeRpmbPkg/OpTeeRpmbFvb.c | 2 +-
Drivers/OpTee/OpteeRpmbPkg/OpTeeRpmbFvb.h | 16 ++++++++++++++--
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/Drivers/OpTee/OpteeRpmbPkg/OpTeeRpmbFvb.c b/Drivers/OpTee/OpteeRpmbPkg/OpTeeRpmbFvb.c
index 5197c95abd..6eb19bed0e 100644
--- a/Drivers/OpTee/OpteeRpmbPkg/OpTeeRpmbFvb.c
+++ b/Drivers/OpTee/OpteeRpmbPkg/OpTeeRpmbFvb.c
@@ -68,7 +68,7 @@ ReadWriteRpmb (
ZeroMem (&SvcArgs, sizeof (SvcArgs));
- SvcArgs.Arg0 = ARM_SVC_ID_FFA_MSG_SEND_DIRECT_REQ_AARCH64;
+ SvcArgs.Arg0 = ARM_SVC_ID_FFA_MSG_SEND_DIRECT_REQ;
SvcArgs.Arg1 = mStorageId;
SvcArgs.Arg2 = 0;
SvcArgs.Arg3 = SvcAct;
diff --git a/Drivers/OpTee/OpteeRpmbPkg/OpTeeRpmbFvb.h b/Drivers/OpTee/OpteeRpmbPkg/OpTeeRpmbFvb.h
index c17fc287ef..9c2a4ea6a5 100644
--- a/Drivers/OpTee/OpteeRpmbPkg/OpTeeRpmbFvb.h
+++ b/Drivers/OpTee/OpteeRpmbPkg/OpTeeRpmbFvb.h
@@ -13,8 +13,20 @@
contract between OP-TEE and EDK2.
For more details check core/arch/arm/include/kernel/stmm_sp.h in OP-TEE
**/
-#define SP_SVC_RPMB_READ 0xC4000066
-#define SP_SVC_RPMB_WRITE 0xC4000067
+#define SP_SVC_RPMB_READ_AARCH64 0xC4000066
+#define SP_SVC_RPMB_WRITE_AARCH64 0xC4000067
+
+#define SP_SVC_RPMB_READ_AARCH32 0x84000066
+#define SP_SVC_RPMB_WRITE_AARCH32 0x84000067
+
+#ifdef MDE_CPU_AARCH64
+#define SP_SVC_RPMB_READ SP_SVC_RPMB_READ_AARCH64
+#define SP_SVC_RPMB_WRITE SP_SVC_RPMB_WRITE_AARCH64
+#endif
+#ifdef MDE_CPU_ARM
+#define SP_SVC_RPMB_READ SP_SVC_RPMB_READ_AARCH32
+#define SP_SVC_RPMB_WRITE SP_SVC_RPMB_WRITE_AARCH32
+#endif
#define FLASH_SIGNATURE SIGNATURE_32 ('r', 'p', 'm', 'b')
#define INSTANCE_FROM_FVB_THIS(a) CR (a, MEM_INSTANCE, FvbProtocol, \
--
2.17.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v3 5/6] Drivers/OpTee: address cast build warning issue in 32b mode
2021-08-10 16:40 [PATCH v3 0/6] Arm 32bit support in PlatformStandaloneMmRpmb Etienne Carriere
` (3 preceding siblings ...)
2021-08-10 16:40 ` [PATCH v3 4/6] Drivers/OpTee: Add Aarch32 SVC IDs for 32bit Arm targets Etienne Carriere
@ 2021-08-10 16:40 ` Etienne Carriere
2021-08-10 16:40 ` [PATCH v3 6/6] Platform/StandaloneMm: build StandaloneMmRpmb for 32bit architectures Etienne Carriere
2021-08-11 11:47 ` [PATCH v3 0/6] Arm 32bit support in PlatformStandaloneMmRpmb Ard Biesheuvel
6 siblings, 0 replies; 8+ messages in thread
From: Etienne Carriere @ 2021-08-10 16:40 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Ilias Apalodimas, Leif Lindholm, Sami Mujawar,
Sughosh Ganu, Thomas Abraham, Etienne Carriere
Use (UINTN) cast to cast physical or virtual address values to the
pointer size before casting from/to a pointer value.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
---
No change since v2
No change since v1
---
Drivers/OpTee/OpteeRpmbPkg/OpTeeRpmbFvb.c | 21 +++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/Drivers/OpTee/OpteeRpmbPkg/OpTeeRpmbFvb.c b/Drivers/OpTee/OpteeRpmbPkg/OpTeeRpmbFvb.c
index 6eb19bed0e..83c2750368 100644
--- a/Drivers/OpTee/OpteeRpmbPkg/OpTeeRpmbFvb.c
+++ b/Drivers/OpTee/OpteeRpmbPkg/OpTeeRpmbFvb.c
@@ -305,7 +305,8 @@ OpTeeRpmbFvbRead (
}
}
- Base = (VOID *)Instance->MemBaseAddress + (Lba * Instance->BlockSize) + Offset;
+ Base = (VOID *)(UINTN)Instance->MemBaseAddress + (Lba * Instance->BlockSize) +
+ Offset;
// We could read the data from the RPMB instead of memory
// The 2 copies should already be identical
// Copy from memory image
@@ -387,7 +388,8 @@ OpTeeRpmbFvbWrite (
return Status;
}
}
- Base = (VOID *)Instance->MemBaseAddress + Lba * Instance->BlockSize + Offset;
+ Base = (VOID *)(UINTN)Instance->MemBaseAddress + (Lba * Instance->BlockSize) +
+ Offset;
Status = ReadWriteRpmb (
SP_SVC_RPMB_WRITE,
(UINTN)Buffer,
@@ -477,7 +479,8 @@ OpTeeRpmbFvbErase (
return EFI_INVALID_PARAMETER;
}
NumBytes = NumLba * Instance->BlockSize;
- Base = (VOID *)Instance->MemBaseAddress + Start * Instance->BlockSize;
+ Base = (VOID *)(UINTN)Instance->MemBaseAddress +
+ (Start * Instance->BlockSize);
Buf = AllocatePool (NumLba * Instance->BlockSize);
if (Buf == NULL) {
return EFI_DEVICE_ERROR;
@@ -689,7 +692,7 @@ InitializeFvAndVariableStoreHeaders (
goto Exit;
}
// Install the combined header in memory
- CopyMem ((VOID*)Instance->MemBaseAddress, Headers, HeadersLength);
+ CopyMem ((VOID*)(UINTN)Instance->MemBaseAddress, Headers, HeadersLength);
Exit:
FreePool (Headers);
@@ -747,14 +750,18 @@ FvbInitialize (
// Read the file from disk and copy it to memory
ReadEntireFlash (Instance);
- FwVolHeader = (EFI_FIRMWARE_VOLUME_HEADER *)Instance->MemBaseAddress;
+ FwVolHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)Instance->MemBaseAddress;
Status = ValidateFvHeader (FwVolHeader);
if (EFI_ERROR (Status)) {
// There is no valid header, so time to install one.
DEBUG ((DEBUG_INFO, "%a: The FVB Header is not valid.\n", __FUNCTION__));
// Reset memory
- SetMem64 ((VOID *)Instance->MemBaseAddress, Instance->NBlocks * Instance->BlockSize, ~0UL);
+ SetMem64 (
+ (VOID *)(UINTN)Instance->MemBaseAddress,
+ Instance->NBlocks * Instance->BlockSize,
+ ~0UL
+ );
DEBUG ((DEBUG_INFO, "%a: Erasing Flash.\n", __FUNCTION__));
Status = ReadWriteRpmb (
SP_SVC_RPMB_WRITE,
@@ -827,7 +834,7 @@ OpTeeRpmbFvbInit (
mInstance.FvbProtocol.Write = OpTeeRpmbFvbWrite;
mInstance.FvbProtocol.Read = OpTeeRpmbFvbRead;
- mInstance.MemBaseAddress = (EFI_PHYSICAL_ADDRESS)Addr;
+ mInstance.MemBaseAddress = (EFI_PHYSICAL_ADDRESS)(UINTN)Addr;
mInstance.Signature = FLASH_SIGNATURE;
mInstance.Initialize = FvbInitialize;
mInstance.BlockSize = EFI_PAGE_SIZE;
--
2.17.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v3 6/6] Platform/StandaloneMm: build StandaloneMmRpmb for 32bit architectures
2021-08-10 16:40 [PATCH v3 0/6] Arm 32bit support in PlatformStandaloneMmRpmb Etienne Carriere
` (4 preceding siblings ...)
2021-08-10 16:40 ` [PATCH v3 5/6] Drivers/OpTee: address cast build warning issue in 32b mode Etienne Carriere
@ 2021-08-10 16:40 ` Etienne Carriere
2021-08-11 11:47 ` [PATCH v3 0/6] Arm 32bit support in PlatformStandaloneMmRpmb Ard Biesheuvel
6 siblings, 0 replies; 8+ messages in thread
From: Etienne Carriere @ 2021-08-10 16:40 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Ilias Apalodimas, Leif Lindholm, Sami Mujawar,
Sughosh Ganu, Thomas Abraham, Etienne Carriere
Build PlatformStandaloneMmRpmb for ARM architecture (32bit arm machine).
The generated image targets an execution environment similar to AArch64
StMM secure partition in OP-TEE but in 32bit mode.
GCC flag -fno-stack-protector
added. The stack protection code bring
GOT dependencies we prefer avoid when StMM runs in OP-TEE.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
---
No change since v2
Changes since v1:
- Remove useless duplication of ArmSvcLib loading.
- Move BaseStackCheckLib to generic library classes instead of ARM only.
- include MdePkg/MdeLibs.dsc.inc
instead of loading
RegisterFilterLibNull.inf for ARM architecture.
---
Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc b/Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc
index cb3f1ddf52..33364deb1e 100644
--- a/Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc
+++ b/Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc
@@ -16,12 +16,14 @@
PLATFORM_VERSION = 1.0
DSC_SPECIFICATION = 0x0001001C
OUTPUT_DIRECTORY = Build/$(PLATFORM_NAME)
- SUPPORTED_ARCHITECTURES = AARCH64
+ SUPPORTED_ARCHITECTURES = ARM|AARCH64
BUILD_TARGETS = DEBUG|RELEASE|NOOPT
SKUID_IDENTIFIER = DEFAULT
FLASH_DEFINITION = Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.fdf
DEFINE DEBUG_MESSAGE = TRUE
+!include MdePkg/MdeLibs.dsc.inc
+
################################################################################
#
# Library Class section - list of all Library Classes needed by this Platform.
@@ -39,6 +41,7 @@
FvLib|StandaloneMmPkg/Library/FvLib/FvLib.inf
HobLib|StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf
IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf
+ NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
MemLib|StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.inf
MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmCoreMemoryAllocationLib/StandaloneMmCoreMemoryAllocationLib.inf
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
@@ -68,6 +71,9 @@
#
NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
+[LibraryClasses.ARM]
+ ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf
+
[LibraryClasses.common.MM_STANDALONE]
HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf
MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf
@@ -160,3 +166,7 @@
[BuildOptions.AARCH64]
GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000 -march=armv8-a+nofp
GCC:*_*_*_CC_FLAGS = -mstrict-align
+
+[BuildOptions.ARM]
+GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000 -march=armv7-a
+GCC:*_*_*_CC_FLAGS = -fno-stack-protector
--
2.17.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH v3 0/6] Arm 32bit support in PlatformStandaloneMmRpmb
2021-08-10 16:40 [PATCH v3 0/6] Arm 32bit support in PlatformStandaloneMmRpmb Etienne Carriere
` (5 preceding siblings ...)
2021-08-10 16:40 ` [PATCH v3 6/6] Platform/StandaloneMm: build StandaloneMmRpmb for 32bit architectures Etienne Carriere
@ 2021-08-11 11:47 ` Ard Biesheuvel
6 siblings, 0 replies; 8+ messages in thread
From: Ard Biesheuvel @ 2021-08-11 11:47 UTC (permalink / raw)
To: Etienne Carriere
Cc: edk2-devel-groups-io, Ard Biesheuvel, Ilias Apalodimas,
Leif Lindholm, Sami Mujawar, Sughosh Ganu, Thomas Abraham
On Tue, 10 Aug 2021 at 18:40, Etienne Carriere
<etienne.carriere@linaro.org> wrote:
>
> This series brings support for building PlatformStandaloneMmRpmb for
> 32bit Arm architectures. This series is based on series tracked through
> [1] in edk2 that allows to build StandaloneMm package for 32bit Arm.
> This series starts by syncing with paths changes from [1] series,
> then comes changes for Arm 32bit support in OpTee drivers and last
> updates PlatformStandaloneMmRpmb.dsc for 32bit the ARM architure.
> This series is tracked through ticket [2].
>
> One can test the generated StMM image with OP-TEE release for
> stm32mp157c-ev1 board which integrates an eMMC device with a
> RPMB partition. Se below are the fetch/build directives.
> Note that enabling EFI secure boot on stm32mp1 needs more than the
> build instruction below. At least these show how U-Boot and OP-TEE
> can leverage StMM with an RPMB device.
>
> Step 1: fetch edk2, edk2-platforms, apply patches and Build StMM.
> I build edk2 with the following command (one shall replace ${path_to_xxx}
> with the appropriate paths.
>
> # export WORKSPACE=${path_to_edk2_build_dir}
> # export PYTHON3_ENABLE=TRUE
> # export PACKAGES_PATH=${path_to_edk2}:${path_to_edk2_platforms}
> # source ${path_to_edk2}/edksetup.sh
> # make -j$(nproc) -C ${path_to_edk2}/BaseTools
> # GCC5_ARM_PREFIX=${path_to_arm_tooclain}/bin/arm-linux-gnueabihf- \
> build -n $(nproc) -a ARM -t GCC5 -b RELEASE -D DO_X86EMU=TRUE \
> -p Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc \
> all
>
> Step 2: clone and build OP-TEE release for stm32mp1 (see also [3]):
>
> # mkdir /tmp/optee-stm32mp1-stmm
> # cd /tmp/optee-stm32mp1-stmm
> # repo init -u https://github.com/OP-TEE/manifest.git -t 3.14.0 -m stm32mp1.xml
> # repo sync
> # cd build
> # make toolchains
> # make all
>
> Step 3: sync with U-Boot master branch, at least commit [4] which merges
> a fix in MMC/RPMB driver OP-TEE [5]. Platform defconfig must be changed
> to enable StMM and RPMB support.
> The command below builds u-boot using OP-TEE build env (from build/ dir)
>
> # git -C ../u-boot checkout 99bb5f248ade371ee4713e0ef51401708ecbb13c
> # echo CONFIG_EFI_MM_COMM_TEE=y >> ../u-boot/configs/stm32mp15_trusted_defconfig
> # echo CONFIG_SUPPORT_EMMC_RPMB=y >> ../u-boot/configs/stm32mp15_trusted_defconfig
> # make u-boot
>
> Step 4: rebuild optee_os (and SDcard image) with StMM image embedded in
> OP-TEE core wand RPMB support for stm32mp15c-ev1 (the board has an eMMC
> device with an RPMB partition).
> The command below builds u-boot using OP-TEE build env.
>
> # make optee-os all \
> CFG_STMM_PATH=${path_to_edk2_build_dir}/Build/MmStandaloneRpmb/RELEASE_GCC5/FV/BL32_AP_MM.fd \
> PLATFORM=stm32mp1-157C_ED1 \
> CFG_RPMB_FS=y CFG_CORE_HUK_SUBKEY_COMPAT=n CFG_RPMB_FS_DEV_ID=1
>
> Once done, program SDcard (/dev/sdX relates to SDcard slot device file)
> # dd conf=fdatasync if=../out/bin/sdcard of=/dev/sdX # where /dev/sdX is
>
> The target (stm32mp157c-ev1 board) can boot with the programmed
> SDcard. One can interrupt the U-Boot console, possibly program
> RPMB key (see note below) and read the EFI variable (read from the
> RPMB though StMM executing in OP-TEE.
>
> $ printenv -e # read EFI variables
> $ setenv -e <some args> # write an EFI variable
>
> Note about the RPMB key:
> With the build instructions above, OP-TEE assumes the RPMB device key
> is generated from a known derivation of an all-zero root key. If the
> RPMB device key was not yet programmed, one can program it from the
> U-Boot console with command 'mmc rpmc key <key-data-address>. The
> commands below can be used to program the platform default RPMB
> development key that is (hexadecimal notation, first byte first):
> 15 46 75 8c 61 8e d8 b8 a2 27 89 02 df 54 ef 63
> 11 de e2 96 49 99 5b d7 d9 12 f1 53 6d 8a 67 c7
>
> $ mw.l 0xc0000000 0x8c754615
> $ mw.l 0xc0000004 0xb8d88e61
> $ mw.l 0xc0000008 0x028927a2
> $ mw.l 0xc000000c 0x63ef54df
> $ mw.l 0xc0000010 0x96e2de11
> $ mw.l 0xc0000014 0xd75b9949
> $ mw.l 0xc0000018 0x53f112d9
> $ mw.l 0xc000001c 0xc7678a6d
> $ mmc rpmb key 0xc0000000
>
> [1] https://bugzilla.tianocore.org/show_bug.cgi?id=3381
> [2] https://bugzilla.tianocore.org/show_bug.cgi?id=3383
> [3] https://optee.readthedocs.io/en/latest/building/devices/stm32mp1.html#build-instructions
> [4] https://source.denx.de/u-boot/u-boot/-/commit/99bb5f248ade371ee4713e0ef51401708ecbb13c
> [5] https://source.denx.de/u-boot/u-boot/-/commit/a9f7be509af90fa5f2c308867ad3b0bd48532c6e
>
> Etienne Carriere (6):
> Platform/ARM/SgiPkg: sync with edk2 StandaloneMmCpu path change
> Platform/Socionext/DeveloperBox: sync with edk2 StandaloneMmCpu path
> change
> Platform/StandaloneMm: sync with edk2 StandaloneMmCpu path change
> Drivers/OpTee: Add Aarch32 SVC IDs for 32bit Arm targets
> Drivers/OpTee: address cast build warning issue in 32b mode
> Platform/StandaloneMm: build StandaloneMmRpmb for 32bit architectures
>
Pushed as 7b723de06c8e..70b67dc9ab89
Thanks,
> Drivers/OpTee/OpteeRpmbPkg/OpTeeRpmbFvb.c | 23 ++++++++++++-------
> Drivers/OpTee/OpteeRpmbPkg/OpTeeRpmbFvb.h | 16 +++++++++++--
> Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf | 2 +-
> Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc | 2 +-
> .../Socionext/DeveloperBox/DeveloperBoxMm.dsc | 2 +-
> .../Socionext/DeveloperBox/DeveloperBoxMm.fdf | 2 +-
> .../PlatformStandaloneMmRpmb.dsc | 14 +++++++++--
> .../PlatformStandaloneMmRpmb.fdf | 3 ++-
> 8 files changed, 47 insertions(+), 17 deletions(-)
>
> --
> 2.17.1
>
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-08-11 11:47 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-08-10 16:40 [PATCH v3 0/6] Arm 32bit support in PlatformStandaloneMmRpmb Etienne Carriere
2021-08-10 16:40 ` [PATCH v3 1/6] Platform/ARM/SgiPkg: sync with edk2 StandaloneMmCpu path change Etienne Carriere
2021-08-10 16:40 ` [PATCH v3 2/6] Platform/Socionext/DeveloperBox: " Etienne Carriere
2021-08-10 16:40 ` [PATCH v3 3/6] Platform/StandaloneMm: " Etienne Carriere
2021-08-10 16:40 ` [PATCH v3 4/6] Drivers/OpTee: Add Aarch32 SVC IDs for 32bit Arm targets Etienne Carriere
2021-08-10 16:40 ` [PATCH v3 5/6] Drivers/OpTee: address cast build warning issue in 32b mode Etienne Carriere
2021-08-10 16:40 ` [PATCH v3 6/6] Platform/StandaloneMm: build StandaloneMmRpmb for 32bit architectures Etienne Carriere
2021-08-11 11:47 ` [PATCH v3 0/6] Arm 32bit support in PlatformStandaloneMmRpmb Ard Biesheuvel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox