fvp: add support for Secure Partitions in the FIP
This commit introduces a new packaging option for Secure Partitions.
Instead of embedding the images into the OP-TEE binary, TF-A offers a
mechanism to encapsulate an SP image and its manifest into an SP package
and add that to the FIP [1].
TF-A needs two config options to enable this:
- SP_LAYOUT_FILE: This json file contains the path of the SP images and
their corresponding manifests. It's generated by Trusted Services.
- ARM_BL2_SP_LIST_DTS: This dts snippet describes where each SP package
should be loaded by BL2.
Link: [1] https://trustedfirmware-a.readthedocs.io/en/v2.6/components/secure-partition-manager.html#secure-partition-packages
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
diff --git a/fvp-psa-sp.mk b/fvp-psa-sp.mk
index 66eb76d..5e10ba8 100644
--- a/fvp-psa-sp.mk
+++ b/fvp-psa-sp.mk
@@ -5,6 +5,7 @@
MEASURED_BOOT_FTPM ?= n
TS_SMM_GATEWAY ?= y
TS_UEFI_TESTS ?= y
+SP_PACKAGING_METHOD ?= embedded # Supported values: embedded, fip
TF_A_FLAGS ?= \
BL32=$(OPTEE_OS_PAGER_V2_BIN) \
@@ -12,7 +13,8 @@
PLAT=fvp \
SPD=spmd \
SPMD_SPM_AT_SEL2=0 \
- ARM_SPMC_MANIFEST_DTS=$(ROOT)/build/fvp/spmc_manifest.dts
+ ARM_SPMC_MANIFEST_DTS=$(ROOT)/build/fvp/spmc_manifest.dts \
+ $(TF_A_FIP_SP_FLAGS)
include fvp.mk
include trusted-services.mk