new file mode 100644
@@ -0,0 +1,22 @@
+MACHINEOVERRIDES =. "qemuarm:"
+
+require ${COREBASE}/meta/conf/machine/qemuarm.conf
+
+# secure=on can't ever use KVM, so force it off
+QEMU_USE_KVM = ""
+
+QB_MACHINE = "-machine virt,highmem=off,secure=on"
+QB_MEM = "-m 1024"
+QB_DEFAULT_FSTYPE = "wic.qcow2"
+QB_DEFAULT_BIOS = "flash.bin"
+QB_FSINFO = "wic:no-kernel-in-fs"
+QB_ROOTFS_OPT = ""
+QB_KERNEL_ROOT = "/dev/vda2"
+
+IMAGE_FSTYPES += "wic wic.qcow2"
+
+WKS_FILE ?= "qemuarm.wks"
+WKS_FILE_DEPENDS = "trusted-firmware-a"
+IMAGE_BOOT_FILES = "${KERNEL_IMAGETYPE}"
+
+MACHINE_FEATURES += "optee-ftpm"
@@ -1,18 +1,24 @@
COMPATIBLE_MACHINE:qemuarm64-secureboot = "qemuarm64-secureboot"
COMPATIBLE_MACHINE:qemu-generic-arm64 = "qemu-generic-arm64"
+COMPATIBLE_MACHINE:qemuarm-secureboot = "qemuarm-secureboot"
TFA_PLATFORM:qemuarm64-secureboot = "qemu"
TFA_PLATFORM:qemu-generic-arm64 = "qemu_sbsa"
+TFA_PLATFORM:qemuarm-secureboot = "qemu"
TFA_SPD:qemuarm64-secureboot = "opteed"
TFA_UBOOT:qemuarm64-secureboot = "1"
+TFA_UBOOT:qemuarm-secureboot = "1"
TFA_BUILD_TARGET:aarch64:qemuall = "all fip"
+TFA_BUILD_TARGET:arm:qemuall = "all fip"
TFA_INSTALL_TARGET:qemuarm64-secureboot = "flash.bin"
TFA_INSTALL_TARGET:qemu-generic-arm64 = "bl1 fip"
+TFA_INSTALL_TARGET:qemuarm-secureboot = "flash.bin"
DEPENDS:append:aarch64:qemuall = " optee-os"
+DEPENDS:append:arm:qemuall = " optee-os"
EXTRA_OEMAKE:append:aarch64:qemuall = " \
BL32=${STAGING_DIR_TARGET}${nonarch_base_libdir}/firmware/tee-header_v2.bin \
@@ -21,9 +27,26 @@ EXTRA_OEMAKE:append:aarch64:qemuall = " \
BL32_RAM_LOCATION=tdram \
"
+EXTRA_OEMAKE:append:arm:qemuall = " \
+ BL32=${STAGING_DIR_TARGET}${nonarch_base_libdir}/firmware/tee-header_v2.bin \
+ BL32_EXTRA1=${STAGING_DIR_TARGET}${nonarch_base_libdir}/firmware/tee-pager_v2.bin \
+ BL32_EXTRA2=${STAGING_DIR_TARGET}${nonarch_base_libdir}/firmware/tee-pageable_v2.bin \
+ ARM_ARCH_MAJOR=7 \
+ ARCH=aarch32 \
+ BL32_RAM_LOCATION=tdram \
+ AARCH32_SP=optee \
+ "
+
do_compile:append:qemuarm64-secureboot() {
# Create a secure flash image for booting AArch64 Qemu. See:
# https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/docs/plat/qemu.rst
dd if=${BUILD_DIR}/bl1.bin of=${BUILD_DIR}/flash.bin bs=4096 conv=notrunc
dd if=${BUILD_DIR}/fip.bin of=${BUILD_DIR}/flash.bin seek=64 bs=4096 conv=notrunc
}
+
+do_compile:append:qemuarm-secureboot() {
+ # Create a secure flash image for booting AArch64 Qemu. See:
+ # https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/docs/plat/qemu.rst
+ dd if=${BUILD_DIR}/bl1.bin of=${BUILD_DIR}/flash.bin bs=4096 conv=notrunc
+ dd if=${BUILD_DIR}/fip.bin of=${BUILD_DIR}/flash.bin seek=64 bs=4096 conv=notrunc
+}
new file mode 100644
@@ -0,0 +1,6 @@
+# This must match the address that TF-A jumps to for BL33
+CONFIG_SYS_TEXT_BASE=0x60000000
+CONFIG_ENV_IS_NOWHERE=y
+# CONFIG_ENV_IS_IN_FLASH is not set
+# CONFIG_MTD is not set
+# CONFIG_MTD_NOR_FLASH is not set
@@ -1,3 +1,4 @@
FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
SRC_URI:append:qemuarm64-secureboot = " file://qemuarm64.cfg"
+SRC_URI:append:qemuarm-secureboot = " file://qemuarm.cfg"
@@ -11,3 +11,8 @@ SRC_URI:append:qemuarm64-secureboot = " \
file://zone_dma_revert.patch \
file://tee.cfg \
"
+
+FILESEXTRAPATHS:prepend:qemuarm-secureboot = "${ARMFILESPATHS}"
+SRC_URI:append:qemuarm-secureboot = " \
+ file://tee.cfg \
+ "
@@ -6,6 +6,7 @@ COMPATIBLE_MACHINE ?= "invalid"
COMPATIBLE_MACHINE:qemuarm64 = "qemuarm64"
COMPATIBLE_MACHINE:qemuarm64-secureboot = "qemuarm64"
COMPATIBLE_MACHINE:qemu-generic-arm64 = "qemu-generic-arm64"
+COMPATIBLE_MACHINE:qemuarm-secureboot = "qemuarm"
#FIXME - doesn't currently work with clang
TOOLCHAIN = "gcc"
@@ -3,13 +3,15 @@ UPSTREAM_CHECK_GITTAGREGEX = "^(?P<pver>\d+(\.\d+)+)$"
COMPATIBLE_MACHINE ?= "invalid"
COMPATIBLE_MACHINE:qemuarm64 ?= "qemuarm64"
COMPATIBLE_MACHINE:qemu-generic-arm64 ?= "qemu-generic-arm64"
+COMPATIBLE_MACHINE:qemuarm ?= "qemuarm"
# Please add supported machines below or set it in .bbappend or .conf
OPTEEMACHINE ?= "${MACHINE}"
OPTEEMACHINE:aarch64:qemuall ?= "vexpress-qemu_armv8a"
+OPTEEMACHINE:arm:qemuall ?= "vexpress-qemu_virt"
OPTEE_ARCH = "null"
-OPTEE_ARCH:armv7a = "arm32"
+OPTEE_ARCH:arm = "arm32"
OPTEE_ARCH:aarch64 = "arm64"
OPTEE_CORE = "${@d.getVar('OPTEE_ARCH').upper()}"
new file mode 100644
@@ -0,0 +1,3 @@
+default Yocto
+label Yocto
+ kernel /zImage
new file mode 100644
@@ -0,0 +1,4 @@
+bootloader --ptable gpt --configfile="qemuarm.cfg"
+
+part /boot --ondisk=vda --align 64 --size=100M --active --source bootimg-partition --fstype=ext4 --label boot --sourceparams="loader=u-boot"
+part / --ondisk=vda --source rootfs --fstype=ext4 --label root
Add a new 32 bit target as "qemuarm-secureboot" on similar lines as "qemuarm64-secureboot". The boot flow looks like: BL1 (TF-A) -> BL2 (TF-A) -> OP-TEE -> u-boot -> Linux Along with this enable support for OP-TEE based firmware TPM. Signed-off-by: Sumit Garg <sumit.garg@linaro.org> --- meta-arm/conf/machine/qemuarm-secureboot.conf | 22 ++++++++++++++++++ .../trusted-firmware-a_%.bbappend | 23 +++++++++++++++++++ .../recipes-bsp/u-boot/u-boot/qemuarm.cfg | 6 +++++ meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend | 1 + .../linux/linux-yocto_%.bbappend | 5 ++++ .../optee-ftpm/optee-ftpm_git.bb | 1 + meta-arm/recipes-security/optee/optee.inc | 4 +++- meta-arm/wic/qemuarm.cfg | 3 +++ meta-arm/wic/qemuarm.wks | 4 ++++ 9 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 meta-arm/conf/machine/qemuarm-secureboot.conf create mode 100644 meta-arm/recipes-bsp/u-boot/u-boot/qemuarm.cfg create mode 100644 meta-arm/wic/qemuarm.cfg create mode 100644 meta-arm/wic/qemuarm.wks