@@ -15,6 +15,8 @@ local_conf_header:
MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its"
MACHINE_FEATURES:append = " ts-attestation ts-smm-gateway optee-spmc-test"
MACHINE_FEATURES:append = " ts-block-storage ts-fwu"
+ MACHINE_FEATURES:append = " arm-branch-protection"
+ SMMGW_AUTH_VAR = "1"
# Include TS demo/test tools into image
IMAGE_INSTALL:append = " packagegroup-ts-tests"
# Include TS PSA Arch tests into image
@@ -57,6 +57,18 @@ Optionally for testing purposes you can add `packagegroup-ts-tests` into your im
meta-arm also includes Trusted Service OEQA tests which can be used for automated testing.
See `ci/trusted-services.yml` for an example how to include them into an image.
+## Configuration options
+
+Some TS recipes support yocto variables to set build configuration. These variables can be set in .conf files (machine
+specific or local.conf), or .bbappend files.
+
+SmmGW SP recipe supports the following configuration variables
+
+| Variable name | Type | Description |
+|-----------------------|------|--------------------------------------------------------------------------------------------------------|
+| SMMGW_AUTH_VAR | Bool | Enable Authenticated variable support |
+| SMMGW_INTERNAL_CRYPTO | Bool | Use MbedTLS build into SmmGW for authentication related crypto operations. Depends on SMMGW_AUTH_VAR=1 |
+
------
[^1]: https://trusted-services.readthedocs.io/en/integration/overview/index.html
@@ -67,3 +67,8 @@ ARM_SYSTEMREADY_ACS_CONSOLE ?= "default"
# Workaround IMAGE_ROOTFS_EXTRA_SPACE being ignored when images are repacked
IMAGE_ROOTFS_EXTRA_ARGS += "--extra-space ${@${IMAGE_ROOTFS_EXTRA_SPACE}}K"
+
+# Enable Authenticated variable support in SmmGW
+SMMGW_AUTH_VAR="1"
+# Use MbedTLS build into SmmGW for authentication related crypto operations.
+SMMGW_INTERNAL_CRYPTO="1"
@@ -2,8 +2,6 @@ require ts-arm-platforms.inc
EXTRA_OECMAKE:append:corstone1000 = " -DMM_COMM_BUFFER_ADDRESS="0x00000000 0x81FFF000" \
-DMM_COMM_BUFFER_PAGE_COUNT="1" \
- -DUEFI_AUTH_VAR=ON \
- -DUEFI_INTERNAL_CRYPTO=ON \
-DSMM_GATEWAY_MAX_UEFI_VARIABLES=60 \
"
@@ -6,3 +6,6 @@ SP_UUID = "${SMM_GATEWAY_UUID}"
TS_SP_SMM_GATEWAY_CONFIG ?= "default"
OECMAKE_SOURCEPATH = "${S}/deployments/smm-gateway/config/${TS_SP_SMM_GATEWAY_CONFIG}-${TS_ENV}"
+
+EXTRA_OECMAKE:append = "${@oe.utils.vartrue("SMMGW_AUTH_VAR", " -DUEFI_AUTH_VAR=ON ", "", d)}"
+EXTRA_OECMAKE:append = "${@oe.utils.ifelse(oe.types.boolean(d.getVar("SMMGW_AUTH_VAR")) and oe.types.boolean(d.getVar("SMMGW_INTERNAL_CRYPTO")), " -DUEFI_INTERNAL_CRYPTO=On ", "")}"
Bound Authenticated Variable configuration related settings to yocto variables. The aim is easier configuration by hiding SmmGW build system internals at the yocto recipe level. For details please see documentation/trusted-services.md Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com> --- ci/fvp-base-ts.yml | 2 ++ documentation/trusted-services.md | 12 ++++++++++++ meta-arm-bsp/conf/machine/include/corstone1000.inc | 5 +++++ .../trusted-services/ts-sp-smm-gateway_%.bbappend | 2 -- .../trusted-services/ts-sp-smm-gateway_git.bb | 3 +++ 5 files changed, 22 insertions(+), 2 deletions(-)