fvp: add support for Secure Partitions in the FIP
This commit introduces a new packaging option for Secure Partitions.
Instead of embedding the images into the OP-TEE binary, TF-A offers a
mechanism to encapsulate an SP image and its manifest into an SP package
and add that to the FIP [1].
TF-A needs two config options to enable this:
- SP_LAYOUT_FILE: This json file contains the path of the SP images and
their corresponding manifests. It's generated by Trusted Services.
- ARM_BL2_SP_LIST_DTS: This dts snippet describes where each SP package
should be loaded by BL2.
Link: [1] https://trustedfirmware-a.readthedocs.io/en/v2.6/components/secure-partition-manager.html#secure-partition-packages
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
diff --git a/trusted-services.mk b/trusted-services.mk
index bade203..540faa7 100644
--- a/trusted-services.mk
+++ b/trusted-services.mk
@@ -59,8 +59,17 @@
optee_os_sp_paths += $(TS_INSTALL_PREFIX)/opteesp/bin/$2.stripped.elf
endef
+ifeq ($(SP_PACKAGING_METHOD),embedded)
# Add the list of SP paths to the optee_os config
OPTEE_OS_COMMON_EXTRA_FLAGS += SP_PATHS="$(optee_os_sp_paths)"
+else ifeq ($(SP_PACKAGING_METHOD),fip)
+# Configure TF-A to load the SPs from FIP by BL2
+TF_A_FIP_SP_FLAGS += ARM_BL2_SP_LIST_DTS=$(ROOT)/build/fvp/bl2_sp_list.dtsi \
+ SP_LAYOUT_FILE=$(TS_INSTALL_PREFIX)/opteesp/json/sp_layout.json
+
+# This should be removed when TF-A is updated to v2.7 or later
+$(call force,MEASURED_BOOT,n,Need TF-A v2.7 for FIP SPs with Measured Boot)
+endif
################################################################################
# Linux FF-A user space drivers