1. Patchew
  2. EDK2
  3. [edk2-devel] [PATCH edk2-platforms v2 0/4] add MM based UEFI secure boot on SbsaQemu
  4. View patch

[edk2-devel] [PATCH edk2-platforms v2 3/4] SbsaQemu: add standalone MM build instruction

Masahisa Kojima posted 4 patches 4 years, 11 months ago
There is a newer version of this series
[edk2-devel] [PATCH edk2-platforms v2 3/4] SbsaQemu: add standalone MM build instruction
Posted by Masahisa Kojima 4 years, 11 months ago 
This commit adds the standalone MM build instruction
to enable UEFI secure boot.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
---
 Platform/Qemu/SbsaQemu/Readme.md | 35 ++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/Platform/Qemu/SbsaQemu/Readme.md b/Platform/Qemu/SbsaQemu/Readme.md
index 63786d9d0fd3..cdee8b41507e 100644
--- a/Platform/Qemu/SbsaQemu/Readme.md
+++ b/Platform/Qemu/SbsaQemu/Readme.md
@@ -104,6 +104,41 @@ Create a directory $WORKSPACE that would hold source code of the components.
   truncate -s 256M SBSA_FLASH[01].fd
   ```
 
+## Build UEFI with standalone MM based UEFI secure boot
+
+1. Compile standalone MM image
+
+  ```
+  cd $WORKSPACE
+  build -b RELEASE -a AARCH64 -t GCC5 -p edk2-platforms/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMM.dsc
+  ```
+
+2. Compile TF-A with BL32(Secure Payload)
+
+  Detailed build instructions can be found on the following link:
+  https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/docs/plat/qemu-sbsa.rst
+
+  Then copy `bl1.bin` and `fip.bin` to the the edk2-non-osi directory:
+
+3. Compile UEFI with UEFI secure boot enabled
+
+  ```
+  cd $WORKSPACE
+  build -b RELEASE -a AARCH64 -t GCC5 -p edk2-platforms/Platform/Qemu/SbsaQemu/SbsaQemu.dsc -DSECURE_BOOT_ENABLE=TRUE
+  ```
+
+  Copy SBSA_FLASH0.fd and SBSA_FLASH1.fd to top $WORKSPACE directory.
+  Then extend the file size to match the machine flash size.
+  ```
+  cp Build/SbsaQemu/RELEASE_GCC5/FV/SBSA_FLASH[01].fd .
+  truncate -s 256M SBSA_FLASH[01].fd
+  ```
+
+  To keep the UEFI variable storage after the succeeding build, use `dd` instead of `cp`.
+  ```
+  dd if=./Build/SbsaQemu/RELEASE_GCC5/FV/SBSA_FLASH0.fd of=./SBSA_FLASH0.fd conv=notrunc bs=2M count=8
+  ```
+
 # Running
 
   The resulting SBSA_FLASH0.fd file will contain Secure flash0 image (TF-A code).
-- 
2.17.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#72260): https://edk2.groups.io/g/devel/message/72260
Mute This Topic: https://groups.io/mt/80990867/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH edk2-platforms v2 3/4] SbsaQemu: add standalone MM build instruction
Posted by Leif Lindholm 4 years, 11 months ago 
On Mon, Mar 01, 2021 at 14:19:51 +0900, Masahisa Kojima wrote:
> This commit adds the standalone MM build instruction
> to enable UEFI secure boot.
> 
> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> ---
>  Platform/Qemu/SbsaQemu/Readme.md | 35 ++++++++++++++++++++++++++++++++
>  1 file changed, 35 insertions(+)
> 
> diff --git a/Platform/Qemu/SbsaQemu/Readme.md b/Platform/Qemu/SbsaQemu/Readme.md
> index 63786d9d0fd3..cdee8b41507e 100644
> --- a/Platform/Qemu/SbsaQemu/Readme.md
> +++ b/Platform/Qemu/SbsaQemu/Readme.md
> @@ -104,6 +104,41 @@ Create a directory $WORKSPACE that would hold source code of the components.
>    truncate -s 256M SBSA_FLASH[01].fd
>    ```
>  
> +## Build UEFI with standalone MM based UEFI secure boot
> +
> +1. Compile standalone MM image
> +
> +  ```
> +  cd $WORKSPACE
> +  build -b RELEASE -a AARCH64 -t GCC5 -p edk2-platforms/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMM.dsc
> +  ```
> +
> +2. Compile TF-A with BL32(Secure Payload)
> +
> +  Detailed build instructions can be found on the following link:
> +  https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/docs/plat/qemu-sbsa.rst
> +
> +  Then copy `bl1.bin` and `fip.bin` to the the edk2-non-osi directory:
> +
> +3. Compile UEFI with UEFI secure boot enabled

Suggest replacing the first UEFI on line above with "EDK2".

/
    Leif

> +
> +  ```
> +  cd $WORKSPACE
> +  build -b RELEASE -a AARCH64 -t GCC5 -p edk2-platforms/Platform/Qemu/SbsaQemu/SbsaQemu.dsc -DSECURE_BOOT_ENABLE=TRUE
> +  ```
> +
> +  Copy SBSA_FLASH0.fd and SBSA_FLASH1.fd to top $WORKSPACE directory.
> +  Then extend the file size to match the machine flash size.
> +  ```
> +  cp Build/SbsaQemu/RELEASE_GCC5/FV/SBSA_FLASH[01].fd .
> +  truncate -s 256M SBSA_FLASH[01].fd
> +  ```
> +
> +  To keep the UEFI variable storage after the succeeding build, use `dd` instead of `cp`.
> +  ```
> +  dd if=./Build/SbsaQemu/RELEASE_GCC5/FV/SBSA_FLASH0.fd of=./SBSA_FLASH0.fd conv=notrunc bs=2M count=8
> +  ```
> +
>  # Running
>  
>    The resulting SBSA_FLASH0.fd file will contain Secure flash0 image (TF-A code).
> -- 
> 2.17.1
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#72295): https://edk2.groups.io/g/devel/message/72295
Mute This Topic: https://groups.io/mt/80990867/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.