From nobody Tue Feb 10 07:22:19 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+72260+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+72260+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1614575856; cv=none; d=zohomail.com; s=zohoarc; b=abb9pyec+9yTagCq7K34e9G5pANjy5/MaSkQTrxB8fvkocya2iQR66rmSg1w9T7NfkXggO2Y2UiPK/nZQL5nNpDShVA2ZYqxDlp4wja7jiP4Ae3We3ZebKQwLTTkG/ap3+IMgX9c3O6IJ5fuKPV3U7NJan1rdHR1pIVlltV/BO0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1614575856; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=bdCmmr5gkII9BpyIPRAWfofEXQHiTVZy6MOzARwYsGE=; b=Kj6l+dffhbiLOz1h+zvZr9PGBAZxV8FgrmpWAoxXb346PpSCQ5xhcVwxqXBpTVV3NV0pwFHziJ9c/eDMF/tq/UzTcpuj/b88EAUmzbzDfduHxOXKkbKDinGrouX4HVHb3pc2hbhl+a9zThDygyhE7zhjTDRYauq7SQwvNCL1KN4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+72260+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1614575856106592.5776550185625; Sun, 28 Feb 2021 21:17:36 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id wHSfYY1788612xNdHUpFQx98; Sun, 28 Feb 2021 21:17:35 -0800 X-Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web12.8561.1614575855347170547 for ; Sun, 28 Feb 2021 21:17:35 -0800 X-Received: by mail-pf1-f175.google.com with SMTP id q204so9634043pfq.10 for ; Sun, 28 Feb 2021 21:17:35 -0800 (PST) X-Gm-Message-State: Qz6CpJMkkYVmQRUxBs3tKzp7x1787277AA= X-Google-Smtp-Source: ABdhPJwIeOUW14BHJdpVmkxJBhmSSk7NK+Xk+jP/WggpYHP8noUT5P+hdUzgCUmNtPOGQPRBR76lYw== X-Received: by 2002:aa7:93a6:0:b029:1ed:8b81:6a2e with SMTP id x6-20020aa793a60000b02901ed8b816a2emr13783024pff.29.1614575854920; Sun, 28 Feb 2021 21:17:34 -0800 (PST) X-Received: from localhost.localdomain ([2400:2411:502:a100:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id g17sm11877365pfb.214.2021.02.28.21.17.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 28 Feb 2021 21:17:34 -0800 (PST) From: "Masahisa Kojima" To: devel@edk2.groups.io Cc: Masahisa Kojima , Ard Biesheuvel , Leif Lindholm , Graeme Gregory , Radoslaw Biernacki , Shashi Mallela Subject: [edk2-devel] [PATCH edk2-platforms v2 3/4] SbsaQemu: add standalone MM build instruction Date: Mon, 1 Mar 2021 14:19:51 +0900 Message-Id: <20210301051952.29091-4-masahisa.kojima@linaro.org> In-Reply-To: <20210301051952.29091-1-masahisa.kojima@linaro.org> References: <20210301051952.29091-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,masahisa.kojima@linaro.org Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1614575855; bh=f0iUwaNZfgXNB4/ugPalKlJr9YXJFTwVi6eriYfOnTk=; h=Cc:Date:From:Reply-To:Subject:To; b=JhzXuPGdsUFLHuvHb1+LjaK8N9ycjn4uJ6vj9Ppk86hXFV2IpdsiL4yhSWvy5AFGyK9 MGbqRAgtl9imGV2CxUd3wM3b3pEkRcYSg/7hrIcxEKuFo1WpXpjHNUV/SYA6iwhzekBle lIBZESG+5PcEBiYicUZfLHg1wcXLqLMZvnY= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" This commit adds the standalone MM build instruction to enable UEFI secure boot. Signed-off-by: Masahisa Kojima --- Platform/Qemu/SbsaQemu/Readme.md | 35 ++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/Platform/Qemu/SbsaQemu/Readme.md b/Platform/Qemu/SbsaQemu/Read= me.md index 63786d9d0fd3..cdee8b41507e 100644 --- a/Platform/Qemu/SbsaQemu/Readme.md +++ b/Platform/Qemu/SbsaQemu/Readme.md @@ -104,6 +104,41 @@ Create a directory $WORKSPACE that would hold source c= ode of the components. truncate -s 256M SBSA_FLASH[01].fd ``` =20 +## Build UEFI with standalone MM based UEFI secure boot + +1. Compile standalone MM image + + ``` + cd $WORKSPACE + build -b RELEASE -a AARCH64 -t GCC5 -p edk2-platforms/Platform/Qemu/Sbsa= Qemu/SbsaQemuStandaloneMM.dsc + ``` + +2. Compile TF-A with BL32(Secure Payload) + + Detailed build instructions can be found on the following link: + https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/docs/pl= at/qemu-sbsa.rst + + Then copy `bl1.bin` and `fip.bin` to the the edk2-non-osi directory: + +3. Compile UEFI with UEFI secure boot enabled + + ``` + cd $WORKSPACE + build -b RELEASE -a AARCH64 -t GCC5 -p edk2-platforms/Platform/Qemu/Sbsa= Qemu/SbsaQemu.dsc -DSECURE_BOOT_ENABLE=3DTRUE + ``` + + Copy SBSA_FLASH0.fd and SBSA_FLASH1.fd to top $WORKSPACE directory. + Then extend the file size to match the machine flash size. + ``` + cp Build/SbsaQemu/RELEASE_GCC5/FV/SBSA_FLASH[01].fd . + truncate -s 256M SBSA_FLASH[01].fd + ``` + + To keep the UEFI variable storage after the succeeding build, use `dd` i= nstead of `cp`. + ``` + dd if=3D./Build/SbsaQemu/RELEASE_GCC5/FV/SBSA_FLASH0.fd of=3D./SBSA_FLAS= H0.fd conv=3Dnotrunc bs=3D2M count=3D8 + ``` + # Running =20 The resulting SBSA_FLASH0.fd file will contain Secure flash0 image (TF-A= code). --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#72260): https://edk2.groups.io/g/devel/message/72260 Mute This Topic: https://groups.io/mt/80990867/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-