docs/system/device-emulation.rst | 1 + docs/system/devices/emmc.rst | 53 +++++ hw/sd/sd.c | 352 ++++++++++++++++++++++++++++--- hw/sd/sdmmc-internal.h | 21 ++ hw/sd/trace-events | 2 + scripts/mkemmc.sh | 218 +++++++++++++++++++ 6 files changed, 618 insertions(+), 29 deletions(-) create mode 100644 docs/system/devices/emmc.rst create mode 100755 scripts/mkemmc.sh
Changes in v5 [1]: - fix regression of patch 1 with unplugged SD cards - address review comments on documentation Changes in v4: - add truncation warning to mkemmc.sh - fix typos in doc and mkemmc.sh Changes in v3: - rebased, dropping merged patches - rework image alignment rules to match hardware - improve/fix mkemmc script - add emmc documentation Changes in v2: - handle write counter expiry - assert() availability of QCRYPTO_HASH_ALGO_SHA256 - add missing SPDX-License-Identifier This closes an old gap in system integration testing for the very complex ARM firmware stacks by adding fairly advanced Replay Protected Memory Block (RPMB) emulation to the eMMC device model. Key programming and message authentication are working, so is the write counter. Known users are happy with the result. What is missing, but not only for RPMB- related registers, is state persistence across QEMU restarts. This is OK at this stage for most test scenarios, though, and could still be added later on. What can already be done with it is demonstrated in the WIP branch of isar-cip-core at [2]: TF-A + OP-TEE + StandaloneMM TA + fTPM TA, used by U-Boot and Linux for UEFI variable storage and TPM scenarios. If you want to try: build qemu-arm64 target for trixie with 6.12-cip *head* kernel, enable secure boot and disk encryption, then run $ QEMU_PATH=/path/to/qemu-build/ ./start-qemu.sh Deploy snakeoil keys into PK, KEK and db after first boot to enable secure booting: root@demo:~# cert-to-efi-sig-list PkKek-1-snakeoil.pem PK.esl root@demo:~# sign-efi-sig-list -k PkKek-1-snakeoil.key -c PkKek-1-snakeoil.pem PK PK.esl PK.auth root@demo:~# efi-updatevar -f PK.auth db root@demo:~# efi-updatevar -f PK.auth KEK root@demo:~# efi-updatevar -f PK.auth PK Note that emulation is a bit slow in general, and specifically the partition encryption on first boot is taking 20 min. - we should probably reduce its size or understand if there is still something to optimize. Jan [1] https://github.com/siemens/qemu/commits/queues/emmc/ [2] https://gitlab.com/cip-project/cip-core/isar-cip-core/-/commits/wip/qemu-rpmb CC: Alexander Bulekov <alxndr@bu.edu> CC: Alistair Francis <alistair@alistair23.me> CC: Cédric Le Goater <clg@kaod.org> CC: Joel Stanley <joel@jms.id.au> CC: Warner Losh <imp@bsdimp.com> Jan Kiszka (6): hw/sd/sdcard: Fix size check for backing block image hw/sd/sdcard: Allow user-instantiated eMMC hw/sd/sdcard: Add basic support for RPMB partition hw/sd/sdcard: Handle RPMB MAC field scripts: Add helper script to generate eMMC block device images docs: Add eMMC device model description docs/system/device-emulation.rst | 1 + docs/system/devices/emmc.rst | 53 +++++ hw/sd/sd.c | 352 ++++++++++++++++++++++++++++--- hw/sd/sdmmc-internal.h | 21 ++ hw/sd/trace-events | 2 + scripts/mkemmc.sh | 218 +++++++++++++++++++ 6 files changed, 618 insertions(+), 29 deletions(-) create mode 100644 docs/system/devices/emmc.rst create mode 100755 scripts/mkemmc.sh -- 2.51.0
On 17.10.25 14:03, Jan Kiszka wrote: > Changes in v5 [1]: > - fix regression of patch 1 with unplugged SD cards > - address review comments on documentation > > Changes in v4: > - add truncation warning to mkemmc.sh > - fix typos in doc and mkemmc.sh > > Changes in v3: > - rebased, dropping merged patches > - rework image alignment rules to match hardware > - improve/fix mkemmc script > - add emmc documentation > > Changes in v2: > - handle write counter expiry > - assert() availability of QCRYPTO_HASH_ALGO_SHA256 > - add missing SPDX-License-Identifier > > This closes an old gap in system integration testing for the very > complex ARM firmware stacks by adding fairly advanced Replay Protected > Memory Block (RPMB) emulation to the eMMC device model. Key programming > and message authentication are working, so is the write counter. Known > users are happy with the result. What is missing, but not only for RPMB- > related registers, is state persistence across QEMU restarts. This is OK > at this stage for most test scenarios, though, and could still be added > later on. > > What can already be done with it is demonstrated in the WIP branch of > isar-cip-core at [2]: TF-A + OP-TEE + StandaloneMM TA + fTPM TA, used by > U-Boot and Linux for UEFI variable storage and TPM scenarios. If you > want to try: build qemu-arm64 target for trixie with 6.12-cip *head* > kernel, enable secure boot and disk encryption, then run > > $ QEMU_PATH=/path/to/qemu-build/ ./start-qemu.sh > > Deploy snakeoil keys into PK, KEK and db after first boot to enable > secure booting: > > root@demo:~# cert-to-efi-sig-list PkKek-1-snakeoil.pem PK.esl > root@demo:~# sign-efi-sig-list -k PkKek-1-snakeoil.key -c PkKek-1-snakeoil.pem PK PK.esl PK.auth > root@demo:~# efi-updatevar -f PK.auth db > root@demo:~# efi-updatevar -f PK.auth KEK > root@demo:~# efi-updatevar -f PK.auth PK > > Note that emulation is a bit slow in general, and specifically the > partition encryption on first boot is taking 20 min. - we should > probably reduce its size or understand if there is still something to > optimize. > > Jan > > [1] https://github.com/siemens/qemu/commits/queues/emmc/ > [2] https://gitlab.com/cip-project/cip-core/isar-cip-core/-/commits/wip/qemu-rpmb > > CC: Alexander Bulekov <alxndr@bu.edu> > CC: Alistair Francis <alistair@alistair23.me> > CC: Cédric Le Goater <clg@kaod.org> > CC: Joel Stanley <joel@jms.id.au> > CC: Warner Losh <imp@bsdimp.com> > > Jan Kiszka (6): > hw/sd/sdcard: Fix size check for backing block image > hw/sd/sdcard: Allow user-instantiated eMMC > hw/sd/sdcard: Add basic support for RPMB partition > hw/sd/sdcard: Handle RPMB MAC field > scripts: Add helper script to generate eMMC block device images > docs: Add eMMC device model description > > docs/system/device-emulation.rst | 1 + > docs/system/devices/emmc.rst | 53 +++++ > hw/sd/sd.c | 352 ++++++++++++++++++++++++++++--- > hw/sd/sdmmc-internal.h | 21 ++ > hw/sd/trace-events | 2 + > scripts/mkemmc.sh | 218 +++++++++++++++++++ > 6 files changed, 618 insertions(+), 29 deletions(-) > create mode 100644 docs/system/devices/emmc.rst > create mode 100755 scripts/mkemmc.sh > Gentle ping: Would be great to get it into the next QEMU release. Please let me know if something is still missing for that. Thanks, Jan -- Siemens AG, Foundational Technologies Linux Expert Center
On 10/17/25 14:03, Jan Kiszka wrote: > Changes in v5 [1]: > - fix regression of patch 1 with unplugged SD cards > - address review comments on documentation > > Changes in v4: > - add truncation warning to mkemmc.sh > - fix typos in doc and mkemmc.sh > > Changes in v3: > - rebased, dropping merged patches > - rework image alignment rules to match hardware > - improve/fix mkemmc script > - add emmc documentation > > Changes in v2: > - handle write counter expiry > - assert() availability of QCRYPTO_HASH_ALGO_SHA256 > - add missing SPDX-License-Identifier > > This closes an old gap in system integration testing for the very > complex ARM firmware stacks by adding fairly advanced Replay Protected > Memory Block (RPMB) emulation to the eMMC device model. Key programming > and message authentication are working, so is the write counter. Known > users are happy with the result. What is missing, but not only for RPMB- > related registers, is state persistence across QEMU restarts. This is OK > at this stage for most test scenarios, though, and could still be added > later on. > > What can already be done with it is demonstrated in the WIP branch of > isar-cip-core at [2]: TF-A + OP-TEE + StandaloneMM TA + fTPM TA, used by > U-Boot and Linux for UEFI variable storage and TPM scenarios. If you > want to try: build qemu-arm64 target for trixie with 6.12-cip *head* > kernel, enable secure boot and disk encryption, then run > > $ QEMU_PATH=/path/to/qemu-build/ ./start-qemu.sh > > Deploy snakeoil keys into PK, KEK and db after first boot to enable > secure booting: > > root@demo:~# cert-to-efi-sig-list PkKek-1-snakeoil.pem PK.esl > root@demo:~# sign-efi-sig-list -k PkKek-1-snakeoil.key -c PkKek-1-snakeoil.pem PK PK.esl PK.auth > root@demo:~# efi-updatevar -f PK.auth db > root@demo:~# efi-updatevar -f PK.auth KEK > root@demo:~# efi-updatevar -f PK.auth PK > > Note that emulation is a bit slow in general, and specifically the > partition encryption on first boot is taking 20 min. - we should > probably reduce its size or understand if there is still something to > optimize. > > Jan > > [1] https://github.com/siemens/qemu/commits/queues/emmc/ > [2] https://gitlab.com/cip-project/cip-core/isar-cip-core/-/commits/wip/qemu-rpmb > > CC: Alexander Bulekov <alxndr@bu.edu> > CC: Alistair Francis <alistair@alistair23.me> > CC: Cédric Le Goater <clg@kaod.org> > CC: Joel Stanley <joel@jms.id.au> > CC: Warner Losh <imp@bsdimp.com> > > Jan Kiszka (6): > hw/sd/sdcard: Fix size check for backing block image > hw/sd/sdcard: Allow user-instantiated eMMC > hw/sd/sdcard: Add basic support for RPMB partition > hw/sd/sdcard: Handle RPMB MAC field > scripts: Add helper script to generate eMMC block device images > docs: Add eMMC device model description > > docs/system/device-emulation.rst | 1 + > docs/system/devices/emmc.rst | 53 +++++ > hw/sd/sd.c | 352 ++++++++++++++++++++++++++++--- > hw/sd/sdmmc-internal.h | 21 ++ > hw/sd/trace-events | 2 + > scripts/mkemmc.sh | 218 +++++++++++++++++++ > 6 files changed, 618 insertions(+), 29 deletions(-) > create mode 100644 docs/system/devices/emmc.rst > create mode 100755 scripts/mkemmc.sh > I checked the series on the aspeed tree : Tested-by: Cédric Le Goater <clg@redhat.com> Thanks, C.
© 2016 - 2025 Red Hat, Inc.