From patchwork Tue Sep 3 09:56:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: harsimransingh.tungal@arm.com X-Patchwork-Id: 48619 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8D5A4CD13CF for ; Tue, 3 Sep 2024 09:56:19 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.19631.1725357373234843356 for ; Tue, 03 Sep 2024 02:56:13 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: harsimransingh.tungal@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id EE8C51063; Tue, 3 Sep 2024 02:56:38 -0700 (PDT) Received: from e132995.cambridge.arm.com (e132995.arm.com [10.1.38.12]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id E43523F73F; Tue, 3 Sep 2024 02:56:11 -0700 (PDT) From: harsimransingh.tungal@arm.com To: meta-arm@lists.yoctoproject.org Cc: Harsimran Singh Tungal Subject: [PATCH 1/1] arm-bsp,documentation: corstone1000: update user documentation Date: Tue, 3 Sep 2024 10:56:02 +0100 Message-Id: <20240903095602.167973-2-harsimransingh.tungal@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240903095602.167973-1-harsimransingh.tungal@arm.com> References: <20240903095602.167973-1-harsimransingh.tungal@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Sep 2024 09:56:19 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6051 From: Harsimran Singh Tungal Add new usage details for running the secure boot testing script located in the `systemready-patch` repository. This script is used to create UEFI authenticated variables and sign the Linux kernel image for the MPS3-FPGA and FVP secure boot tests. Reflect the latest modifications to the script usage in the Corstone-1000 user guide. Signed-off-by: Harsimran Singh Tungal --- .../documentation/corstone1000/user-guide.rst | 28 +++++++++++++------ 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/meta-arm-bsp/documentation/corstone1000/user-guide.rst b/meta-arm-bsp/documentation/corstone1000/user-guide.rst index 2bdd490f..7595678c 100644 --- a/meta-arm-bsp/documentation/corstone1000/user-guide.rst +++ b/meta-arm-bsp/documentation/corstone1000/user-guide.rst @@ -1278,24 +1278,36 @@ For FPGA, kas shell meta-arm/kas/corstone1000-mps3.yml:meta-arm/ci/debug.yml -c bitbake -c build corstone1000-flash-firmware-image" -In order to test SB for FVP and FPGA, a bash script is available in the systemready-patch repo which is responsible in creating the relevant keys, sign the respective kernel images, and copy the same in their corresponding ESP images. +In order to test SB for FVP and FPGA, a bash script is available in the systemready-patch repo which is responsible for creating the relevant keys, sign the respective kernel images, and copy the same in their corresponding ESP images. -Clone the systemready-patch repo under <_workspace. Then, change directory to where the script `create_keys_and_sign.sh` is and execute the script as follows: +The script does the following: + +* Create the required UEFI SB keys. + +* Sign the kernel images. + +* Copy the public keys and the kernel images (both signed and unsigned) to the ESP image for both the FVP and FPGA. + +Before executing the script, clone the systemready-patch repository under <_workspace> and set the current working directory to the subdirectory where images are built. + +**NOTE:** The `efitools `__ package is required to execute the script. Install the efitools package on your system, if it is missing. :: + cd <_workspace> git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2024.06 - cd systemready-patch/embedded-a/corstone1000/secureboot/ + cd meta-arm/build/tmp/deploy/images/corstone1000-/ + ../../../../../../systemready-patch/embedded-a/corstone1000/secureboot/create_keys_and_sign.sh -d -v -m -**NOTE:** The efitools package is required to execute the script. Install the efitools package on your system, if it doesn't exist. +For example: +:: -The script is responsible to create the required UEFI secureboot keys, sign the kernel images and copy the public keys and the kernel images (both signed and unsigned) to the ESP image for both the FVP and FPGA. + ../../../../../../systemready-patch/embedded-a/corstone1000/secureboot/create_keys_and_sign.sh -d fvp -v 365 -m /mnt/secureboot_test +For help: :: - ./create_keys_and_sign.sh -w directory under which sources have been compiled> -v - For ex: ./create_keys_and_sign.sh -w "/home/xyz/workspace/meta-arm" -v 365 - For help: ./create_keys_and_sign.sh -h + ../../../../../../systemready-patch/embedded-a/corstone1000/secureboot/create_keys_and_sign.sh -h **NOTE:** The above script is interactive and contains some commands that would require sudo password/permissions.