Add support to build (and run) an image with Measured Boot and fTPM support.
This patch enables Measured Boot on TF-A and builds the TSS tools
and the TPM Kernel Module for the FVP toolkit.
The functionality is disabled by default. To enable it, build with
MEASURED_BOOT=y.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
diff --git a/common.mk b/common.mk
index f027208..fdda328 100644
--- a/common.mk
+++ b/common.mk
@@ -320,6 +320,9 @@
--br-defconfig build/br-ext/configs/$(BUILDROOT_TOOLCHAIN) \
$(DEFCONFIG_GDBSERVER) \
$(DEFCONFIG_XEN_TOOLS) \
+ $(DEFCONFIG_TSS) \
+ $(DEFCONFIG_TPM_MODULE) \
+ $(DEFCONFIG_FTPM) \
--br-defconfig out-br/extra.conf \
--make-cmd $(MAKE))
@$(MAKE) -C ../out-br all
@@ -498,3 +501,31 @@
.PHONY: optee-os-clean-common
optee-os-clean-common:
$(MAKE) -C $(OPTEE_OS_PATH) $(OPTEE_OS_COMMON_FLAGS) clean
+
+################################################################################
+# fTPM Rules
+################################################################################
+
+# The fTPM implementation is based on ARM32 architecture whereas the rest of the
+# system is built to run on 64-bit mode (COMPILE_S_USER = 64). Therefore set
+# TA_DEV_KIT_DIR manually to the arm32 OPTEE toolkit rather than relying on
+# OPTEE_OS_TA_DEV_KIT_DIR variable.
+FTPM_FLAGS ?= \
+ TA_CPU=cortex-a9 \
+ TA_CROSS_COMPILE=$(AARCH32_CROSS_COMPILE) \
+ TA_DEV_KIT_DIR=$(OPTEE_OS_PATH)/out/arm/export-ta_arm32 \
+ CFG_TA_DEBUG=y CFG_TEE_TA_LOG_LEVEL=4 CFG_TA_MEASURED_BOOT=y
+
+.PHONY: ftpm
+ftpm:
+ifeq ($(MEASURED_BOOT),y)
+ftpm: optee-os
+ $(FTPM_FLAGS) $(MAKE) -C $(FTPM_PATH)
+endif
+
+.PHONY: ftpm-clean
+ftpm-clean:
+ifeq ($(MEASURED_BOOT),y)
+ftpm-clean:
+ -$(FTPM_FLAGS) $(MAKE) -C $(FTPM_PATH) clean
+endif