From patchwork Thu Aug 29 11:05:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: bence.balogh@arm.com X-Patchwork-Id: 48451 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0A740C83F01 for ; Thu, 29 Aug 2024 11:05:24 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.10178.1724929517957540119 for ; Thu, 29 Aug 2024 04:05:18 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: bence.balogh@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id D96BB11FB; Thu, 29 Aug 2024 04:05:43 -0700 (PDT) Received: from e126523.budapest.arm.com (e126523.budapest.arm.com [10.45.26.188]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 0C7B93F66E; Thu, 29 Aug 2024 04:05:16 -0700 (PDT) From: bence.balogh@arm.com To: meta-arm@lists.yoctoproject.org Cc: Bence Balogh Subject: [PATCH 2/3] arm-bsp/documentation: corstone1000: add Secure Debug test Date: Thu, 29 Aug 2024 13:05:04 +0200 Message-Id: <20240829110505.55826-3-bence.balogh@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240829110505.55826-1-bence.balogh@arm.com> References: <20240829110505.55826-1-bence.balogh@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 29 Aug 2024 11:05:24 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6008 From: Bence Balogh The new section writes down the steps that are needed for reproducing the Secure Debug authentication. Signed-off-by: Bence Balogh --- .../documentation/corstone1000/user-guide.rst | 66 +++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/meta-arm-bsp/documentation/corstone1000/user-guide.rst b/meta-arm-bsp/documentation/corstone1000/user-guide.rst index 2bdd490f..f4c7f5bf 100644 --- a/meta-arm-bsp/documentation/corstone1000/user-guide.rst +++ b/meta-arm-bsp/documentation/corstone1000/user-guide.rst @@ -1484,6 +1484,72 @@ Symmetric multiprocessing (SMP) mode is only supported on FVP. It can be enabled nproc #output: 4 +Testing Secure Debug feature +---------------------------- + +The Corstone-1000 MPS3 based build supports Authenticated Debug Access Control (ADAC), using the CoreSight SDC-600 IP. For more information about this, see the following resources: +`CoreSight SDC-600 `__ +`Authenticated Debug Access Control Specification `__ +`Arm Corstone-1000 for MPS3 Application Note AN550, Chapter 7 `__ + +The Secure Debug Manager API is implemented in the `secure-debug-manager `__ repository. This repository also contains the necessary files for the Arm Development Studio support. +The build and integration instructions can be found in `its README `__. The `secure-debug-manager` also contains the private key and chain certificate to be used during the tests. The private key's public pair is provisioned into the OTP in TF-M. These are dummy keys that should not be used in production. + +A debug probe (DSTREAM family) and an Arm Development Studio 2022.2 and 2022.c (or later) are needed to test the Secure Debug feature with the Corstone-1000 MPS3. + +**************** +Running the test +**************** + +The debugger host side preparations are not described here, follow `secure-debug-manager` README for that. The Secure Debug feature for Corstone-1000 can be enabled by using the `secure-debug.yml` kas configuration file. + +1. Build the software stack with Secure Debug enabled. For more information see the previous `Building the software stack`_ section: + +:: + + kas build meta-arm/kas/corstone1000-mps3.yml:meta-arm/ci/debug.yml:meta-arm/ci/secure-debug.yml + + +2. Flash the firmware binaries on the FPGA, see `Flash the firmware image on FPGA`_ section for this. + +3. Run the software on the FPGA, see `Running the software on FPGA`_. + +4. Wait until the Secure Enclave terminal (ttyUSB1) prints the following prompts: + +:: + + IComPortInit : 382 : warn : init : IComPortInit: Blocked reading of LPH2RA is active. + IComPortInit : 383 : warn : init : IComPortInit: Blocked reading LPH2RA + + +5. Connect the debug probe to the MPS3 board. Use the 20-pin 1.27mm connector with the CS_20W_1.27MM silkscreen label. + +6. Create a debug configuration in Arm Development Studio as it is described in `secure-debug-manager README `__. + +7. Connect to the target, using the debug configuration which was created in the previous step. + +8. The Arm Development Studio Console will ask for the private key and trust chain certificate. Provide the paths that are located in the `secure-debug-manager` repository. + +:: + + ... + + Please provide private key file path: + Enter file path > \example\data\keys\EcdsaP256Key-3.pem + + Please provide trust chain file path: + Enter file path > \example\data\chains\chain.EcdsaP256-3 + + ... + +9. In case of a successful authentication, the Arm Development Studio will connect to the running target and the debug features can be used. The following prompt should appear in the Secure Enclave terminal (ttyUSB1): + +:: + + ... + boot_platform_init: Corstone-1000 Secure Debug is a success. + ... + Tests results -------------