Hi Supreeth,

Some comments inline. Only cosmetic changes!

On Thu, Jan 19, 2017 at 06:08:36PM +0000, Supreeth Venkatesh wrote:

Changes to support building secure and normal MM mode images on FVP- AEMv8-AEMv8.

Management Mode (MM) provides a secure execution environment on Server and Clamshell platforms. It is specified in the Volume 4. PI specification. An implementation exists in the EDK2-Staging code base. In order to support MM on ARM, changes are required to both EDK2 and ARM Trusted Firmware. MM provides a management service rather than a security service. Hence it has to be isolated from any software stack e.g. Trusted OS that provides security services. The MM Image executes in S-EL0 on ARM platforms in a sandboxed environment. In future, there might be other sandboxed environments that co-exist with it. Each sandbox implements a Secure Firmware Service. The corresponding image is called a SFS_PAYLOAD.

This change adds an optional parameter ATF_SFS_PAYLOAD. ATF_SFS_PAYLOAD will be the path to management service in fd format (EDK2 Firmware Device).

Signed-off-by: Supreeth Venkatesh supreeth.venkatesh@arm.com

Changes in v3:

• Add ARM_STANDALONE_MM_ENABLE=TRUE for normal MM Image in platforms.config.

Changes in v2:

• Updated Commit Message to indicate concept of Secure Firmware Services is still in flux.
• Changed internal variable in atf_build.sh file to SFS_OPTION from SFS_PAYLOAD.
• Drop FIRMWARE_VER parameter for fvp_normal_mm platform.

---

atf-build.sh | 14 ++++++++++++-- platforms.config | 22 ++++++++++++++++++++++ 2 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/atf-build.sh b/atf-build.sh index 0c4c09c..4d6afa0 100755 --- a/atf-build.sh +++ b/atf-build.sh @@ -60,12 +60,14 @@ function build_platform PLATFORM_ARCH="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o arch`" PLATFORM_IMAGE_DIR="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o uefi_image_dir`" PLATFORM_BUILDFLAGS="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o atf_buildflags`"

• PLATFORM_SFS_PAYLOAD="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o atf_sfs_payload`"

  if [ $VERBOSE -eq 1 ]; then echo "PLATFORM_NAME=$PLATFORM_NAME" echo "PLATFORM_ARCH=$PLATFORM_ARCH" echo "PLATFORM_IMAGE_DIR=$PLATFORM_IMAGE_DIR" echo "PLATFORM_BUILDFLAGS=$PLATFORM_BUILDFLAGS"

• echo "PLATFORM_SFS_PAYLOAD=$PLATFORM_SFS_PAYLOAD"
  

  fi

  unset BL30 BL31 BL32 BL33

@@ -118,6 +120,14 @@ function build_platform fi fi

• if [ X"$PLATFORM_SFS_PAYLOAD" != X"" ]; then

• #
  

• # Since SFS cannot be exported or undefined,
  

• # we parametrise it here
  

• #
  

• SFS_OPTION="SFS_PAYLOAD=$EDK2_DIR/$PLATFORM_SFS_PAYLOAD"
  

• fi
• # # Debug extraction handling #

@@ -157,9 +167,9 @@ function build_platform # if [ $VERBOSE -eq 1 ]; then echo "Calling ARM Trusted Firmware build:"

• echo "CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip"
  

• echo "CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION $SFS_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip"
  

  fi

• CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip

• CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION $SFS_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip if [ $? -eq 0 ]; then # # Copy resulting images to UEFI image dir

diff --git a/platforms.config b/platforms.config index ebf81df..22c981d 100644 --- a/platforms.config +++ b/platforms.config @@ -51,6 +51,8 @@ # - BUILDFLAGS Any special flags you want to pass to the build command. # - ATF_BUILDFLAGS Any special flags you want to pass to the ARM Trusted # Firmware build command. +# - ATF_SFS_PAYLOAD Any special secure firmware service payload you want +# to pass to the ARM trusted Firmware build command. # - TOS_BUILDFLAGS Any special flags you want to pass to the Trusted OS # build command. # - EXTRA_FILES Any additional files to be copied to output dir. @@ -90,6 +92,26 @@ BUILD_ATF=yes UEFI_BIN=FVP_AARCH64_EFI.fd UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64

+# ARM FVP BASE AEMv8-A model +[fvp_secure_mm]

Can we rename this target to "fvp_mm_standalone"?

+LONGNAME=aarch64 FVP RTSM for secure world mm mode image

Can we rename this to "FVP Base for MM Standalone image in secure world"?

+DSC=StandaloneSmmPkg/StandaloneSmmPkg.dsc +ARCH=AARCH64 +UEFI_BIN=FVP_AARCH64_EFI_SECURE_MM.fd

FVP_AARCH64_EFI_STANDALONE_MM.fd?

+UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64-Secure-MM

ArmVExpress-FVP-AArch64-MM-Standalone?

+[fvp_normal_mm]

fvp_mm_normal? Just to be consistent with the previous one.

+LONGNAME=aarch64 FVP RTSM for normal world mm mode image

In reality , there is no normal world mm mode image. So could be just say: "FVP Base for UEFI image with MM support in normal world"?

+DSC=OpenPlatformPkg/Platforms/ARM/VExpress/ArmVExpress-FVP-AArch64.dsc +BUILDFLAGS=-D EDK2_OUT_DIR=Build/ArmVExpress-FVP-AArch64-Normal-MM -D EDK2_ENABLE_SMSC_91X=1 -D ARM_STANDALONE_MM_ENABLE=TRUE

EDK2_OUT_DIR=Build/ArmVExpress-FVP-AArch64-MM-Normal?

+ARCH=AARCH64 +BUILD_ATF=debug +UEFI_BIN=FVP_AARCH64_EFI.fd +UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64-Normal-MM

ArmVExpress-FVP-AArch64-MM-Normal?

cheers, Achin

+ATF_PLATFORM=fvp +ATF_SFS_PAYLOAD=Build/StandaloneSmmPkg/DEBUG_GCC49/FV/STANDALONESMM.fd +ATF_BUILDFLAGS=ARM_TSP_RAM_LOCATION=dram SFSD=mmd

[tc2] LONGNAME=Versatile Express TC2 BUILDFLAGS=-D ARM_BIGLITTLE_TC2=1 -- 2.7.4