Changes to support building secure and normal MM mode images on FVP- AEMv8-AEMv8.
Management Mode (MM) provides a secure execution environment on Server and Clamshell platforms. It is specified in the Volume 4. PI specification. An implementation exists in the EDK2-Staging code base. In order to support MM on ARM, changes are required to both EDK2 and ARM Trusted Firmware. MM provides a management service rather than a security service. Hence it has to be isolated from any software stack e.g. Trusted OS that provides security services. Secure Firmware Services (SFS) is being proposed to provide a generic framework for running management services in S-EL0.
This change adds an optional parameter ATF_SFS_PAYLOAD. ATF_SFS_PAYLOAD will be the path to management service in fd format (EDK2 Firmware Device).
Signed-off-by: Supreeth Venkatesh supreeth.venkatesh@arm.com --- atf-build.sh | 14 ++++++++++++-- platforms.config | 22 ++++++++++++++++++++++ 2 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/atf-build.sh b/atf-build.sh index 0c4c09c..bc6d8ca 100755 --- a/atf-build.sh +++ b/atf-build.sh @@ -60,12 +60,14 @@ function build_platform PLATFORM_ARCH="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o arch`" PLATFORM_IMAGE_DIR="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o uefi_image_dir`" PLATFORM_BUILDFLAGS="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o atf_buildflags`" + PLATFORM_SFS_PAYLOAD="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o atf_sfs_payload`"
if [ $VERBOSE -eq 1 ]; then echo "PLATFORM_NAME=$PLATFORM_NAME" echo "PLATFORM_ARCH=$PLATFORM_ARCH" echo "PLATFORM_IMAGE_DIR=$PLATFORM_IMAGE_DIR" echo "PLATFORM_BUILDFLAGS=$PLATFORM_BUILDFLAGS" + echo "PLATFORM_SFS_PAYLOAD=$PLATFORM_SFS_PAYLOAD" fi
unset BL30 BL31 BL32 BL33 @@ -118,6 +120,14 @@ function build_platform fi fi
+ if [ X"$PLATFORM_SFS_PAYLOAD" != X"" ]; then + # + # Since SFS cannot be exported or undefined, + # we parametrise it here + # + SFS_PAYLOAD="SFS_PAYLOAD=$EDK2_DIR/$PLATFORM_SFS_PAYLOAD" + fi + # # Debug extraction handling # @@ -157,9 +167,9 @@ function build_platform # if [ $VERBOSE -eq 1 ]; then echo "Calling ARM Trusted Firmware build:" - echo "CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip" + echo "CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} $SFS_PAYLOAD all fip" fi - CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip + CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} $SFS_PAYLOAD all fip if [ $? -eq 0 ]; then # # Copy resulting images to UEFI image dir diff --git a/platforms.config b/platforms.config index ebf81df..726fd4f 100644 --- a/platforms.config +++ b/platforms.config @@ -51,6 +51,8 @@ # - BUILDFLAGS Any special flags you want to pass to the build command. # - ATF_BUILDFLAGS Any special flags you want to pass to the ARM Trusted # Firmware build command. +# - ATF_SFS_PAYLOAD Any special secure firmware service payload you want +# to pass to the ARM trusted Firmware build command. # - TOS_BUILDFLAGS Any special flags you want to pass to the Trusted OS # build command. # - EXTRA_FILES Any additional files to be copied to output dir. @@ -90,6 +92,26 @@ BUILD_ATF=yes UEFI_BIN=FVP_AARCH64_EFI.fd UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64
+# ARM FVP BASE AEMv8-A model +[fvp_secure_mm] +LONGNAME=aarch64 FVP RTSM for secure world mm mode image +DSC=StandaloneSmmPkg/StandaloneSmmPkg.dsc +ARCH=AARCH64 +UEFI_BIN=FVP_AARCH64_EFI_SECURE_MM.fd +UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64-Secure-MM + +[fvp_normal_mm] +LONGNAME=aarch64 FVP RTSM for normal world mm mode image +DSC=OpenPlatformPkg/Platforms/ARM/VExpress/ArmVExpress-FVP-AArch64.dsc +BUILDFLAGS=-D EDK2_OUT_DIR=Build/ArmVExpress-FVP-AArch64-Normal-MM -D EDK2_ENABLE_SMSC_91X=1 -D FIRMWARE_VER=02bd6a3 +ARCH=AARCH64 +BUILD_ATF=debug +UEFI_BIN=FVP_AARCH64_EFI.fd +UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64-Normal-MM +ATF_PLATFORM=fvp +ATF_SFS_PAYLOAD=Build/StandaloneSmmPkg/DEBUG_GCC49/FV/STANDALONESMM.fd +ATF_BUILDFLAGS=ARM_TSP_RAM_LOCATION=dram SFSD=mmd + [tc2] LONGNAME=Versatile Express TC2 BUILDFLAGS=-D ARM_BIGLITTLE_TC2=1