[v4] sd: Add RPMB emulation to eMMC model

[PATCH v4 0/6] sd: Add RPMB emulation to eMMC model

Jan Kiszka posted 6 patches 2 weeks ago

Diff against v1 v2 v3
Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/cover.1757854006.git.jan.kiszka@siemens.com

Maintainers: "Philippe Mathieu-Daudé" <philmd@linaro.org>, Bin Meng <bmeng.cn@gmail.com>

docs/system/device-emulation.rst |   1 +
docs/system/devices/emmc.rst     |  52 +++++
hw/sd/sd.c                       | 349 ++++++++++++++++++++++++++++---
hw/sd/sdmmc-internal.h           |  21 ++
hw/sd/trace-events               |   2 +
scripts/mkemmc.sh                | 218 +++++++++++++++++++
6 files changed, 615 insertions(+), 28 deletions(-)
create mode 100644 docs/system/devices/emmc.rst
create mode 100755 scripts/mkemmc.sh

Expand all Fold all

[PATCH v4 0/6] sd: Add RPMB emulation to eMMC model

Posted by Jan Kiszka 2 weeks ago

Changes in v4 [1]:
 - add truncation warning to mkemmc.sh
 - fix typos in doc and mkemmc.sh

Changes in v3:
 - rebased, dropping merged patches
 - rework image alignment rules to match hardware
 - improve/fix mkemmc script
 - add emmc documentation

Changes in v2:
 - handle write counter expiry
 - assert() availability of QCRYPTO_HASH_ALGO_SHA256
 - add missing SPDX-License-Identifier

This closes an old gap in system integration testing for the very
complex ARM firmware stacks by adding fairly advanced Replay Protected
Memory Block (RPMB) emulation to the eMMC device model. Key programming
and message authentication are working, so is the write counter. Known
users are happy with the result. What is missing, but not only for RPMB-
related registers, is state persistence across QEMU restarts. This is OK
at this stage for most test scenarios, though, and could still be added
later on.

What can already be done with it is demonstrated in the WIP branch of
isar-cip-core at [2]: TF-A + OP-TEE + StandaloneMM TA + fTPM TA, used by
U-Boot and Linux for UEFI variable storage and TPM scenarios. If you
want to try: build qemu-arm64 target for trixie with 6.12-cip *head*
kernel, enable secure boot and disk encryption, then run

$ QEMU_PATH=/path/to/qemu-build/ ./start-qemu.sh

Deploy snakeoil keys into PK, KEK and db after first boot to enable
secure booting:

root@demo:~# cert-to-efi-sig-list PkKek-1-snakeoil.pem PK.esl
root@demo:~# sign-efi-sig-list -k PkKek-1-snakeoil.key -c PkKek-1-snakeoil.pem PK PK.esl PK.auth
root@demo:~# efi-updatevar -f PK.auth db
root@demo:~# efi-updatevar -f PK.auth KEK
root@demo:~# efi-updatevar -f PK.auth PK

Note that emulation is a bit slow in general, and specifically the
partition encryption on first boot is taking 20 min. - we should
probably reduce its size or understand if there is still something to
optimize.

Jan

[1] https://github.com/siemens/qemu/commits/queues/emmc/
[2] https://gitlab.com/cip-project/cip-core/isar-cip-core/-/commits/wip/qemu-rpmb

CC: Alexander Bulekov <alxndr@bu.edu>
CC: Alistair Francis <alistair@alistair23.me>
CC: Cédric Le Goater <clg@kaod.org>
CC: Joel Stanley <joel@jms.id.au>
CC: Warner Losh <imp@bsdimp.com>

Jan Kiszka (6):
  hw/sd/sdcard: Fix size check for backing block image
  hw/sd/sdcard: Allow user-instantiated eMMC
  hw/sd/sdcard: Add basic support for RPMB partition
  hw/sd/sdcard: Handle RPMB MAC field
  scripts: Add helper script to generate eMMC block device images
  docs: Add eMMC device model description

 docs/system/device-emulation.rst |   1 +
 docs/system/devices/emmc.rst     |  52 +++++
 hw/sd/sd.c                       | 349 ++++++++++++++++++++++++++++---
 hw/sd/sdmmc-internal.h           |  21 ++
 hw/sd/trace-events               |   2 +
 scripts/mkemmc.sh                | 218 +++++++++++++++++++
 6 files changed, 615 insertions(+), 28 deletions(-)
 create mode 100644 docs/system/devices/emmc.rst
 create mode 100755 scripts/mkemmc.sh

-- 
2.51.0