building/efi_vars/stmm.rst - OP-TEE/optee_docs - TrustedFirmware Git Browser

 .. _stmm:

 ############
 StandAloneMM
 ############

 StandAloneMM is a PE/COFF binary produced by EDK2. For Arm platforms we
 can compile and use it, in combination with OP-TEE to store EFI variables
 in an RPMB partition of our eMMC.

 EDK2 Build instructions
 ***********************

 .. code-block:: bash

     $ git clone https://github.com/tianocore/edk2.git
     $ git clone https://github.com/tianocore/edk2-platforms.git
     $ cd edk2
     $ git submodule init && git submodule update --init --recursive
     $ cd ..
     $ export WORKSPACE=$(pwd)
     $ export PACKAGES_PATH=$WORKSPACE/edk2:$WORKSPACE/edk2-platforms
     $ export ACTIVE_PLATFORM="Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc"
     $ export GCC5_AARCH64_PREFIX=aarch64-linux-gnu-
     $ source edk2/edksetup.sh
     $ make -C edk2/BaseTools
     $ build -p $ACTIVE_PLATFORM -b RELEASE -a AARCH64 -t GCC5 -n `nproc`

 OP-TEE Build instructions
 *************************

 .. code-block:: bash

     $ git clone https://github.com/OP-TEE/optee_os.git
     $ cd optee_os
     $ ln -s ../Build/MmStandaloneRpmb/RELEASE_GCC5/FV/BL32_AP_MM.fd
     $ export ARCH=arm
     $ CROSS_COMPILE32=arm-linux-gnueabihf- make -j32 CFG_ARM64_core=y \
         PLATFORM=<myboard> CFG_STMM_PATH=BL32_AP_MM.fd CFG_RPMB_FS=y \
         CFG_RPMB_FS_DEV_ID=0 CFG_CORE_HEAP_SIZE=524288 CFG_RPMB_WRITE_KEY=y \
         CFG_CORE_HEAP_SIZE=524288 CFG_CORE_DYN_SHM=y CFG_RPMB_TESTKEY=y \
         CFG_REE_FS=n CFG_CORE_ARM64_PA_BITS=48  CFG_TEE_CORE_LOG_LEVEL=1 \
         CFG_TEE_TA_LOG_LEVEL=1 CFG_SCTLR_ALIGNMENT_CHECK=n

 .. warning::

     Check `caveats`_ regarding ``CFG_RPMB_WRITE_KEY`` before enabling it

 U-Boot Build instructions
 *************************

 Although the StandAloneMM binary comes from EDK2, using and storing the
 variables is currently available in U-Boot only.

 .. code-block:: bash

     $ git clone https://github.com/u-boot/u-boot.git
     $ cd u-boot
     $ export CROSS_COMPILE=aarch64-linux-gnu-
     $ export ARCH=<arch>
     $ make <myboard>_defconfig
     $ make menuconfig

 Enable ``CONFIG_OPTEE``, ``CONFIG_CMD_OPTEE_RPMB`` and ``CONFIG_EFI_MM_COMM_TEE``

 .. code-block:: bash

     $ make -j `nproc`


 .. warning::

     - Your OP-TEE platform port must support Dynamic shared memory, since that's
       the only kind of memory U-Boot supports for now.

 .. _caveats: https://optee.readthedocs.io/en/latest/architecture/secure_storage.html#important-caveats
	.. _stmm:

	############
	StandAloneMM
	############

	StandAloneMM is a PE/COFF binary produced by EDK2. For Arm platforms we
	can compile and use it, in combination with OP-TEE to store EFI variables
	in an RPMB partition of our eMMC.

	EDK2 Build instructions
	***********************

	.. code-block:: bash

	$ git clone https://github.com/tianocore/edk2.git
	$ git clone https://github.com/tianocore/edk2-platforms.git
	$ cd edk2
	$ git submodule init && git submodule update --init --recursive
	$ cd ..
	$ export WORKSPACE=$(pwd)
	$ export PACKAGES_PATH=$WORKSPACE/edk2:$WORKSPACE/edk2-platforms
	$ export ACTIVE_PLATFORM="Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc"
	$ export GCC5_AARCH64_PREFIX=aarch64-linux-gnu-
	$ source edk2/edksetup.sh
	$ make -C edk2/BaseTools
	$ build -p $ACTIVE_PLATFORM -b RELEASE -a AARCH64 -t GCC5 -n `nproc`

	OP-TEE Build instructions
	*************************

	.. code-block:: bash

	$ git clone https://github.com/OP-TEE/optee_os.git
	$ cd optee_os
	$ ln -s ../Build/MmStandaloneRpmb/RELEASE_GCC5/FV/BL32_AP_MM.fd
	$ export ARCH=arm
	$ CROSS_COMPILE32=arm-linux-gnueabihf- make -j32 CFG_ARM64_core=y \
	PLATFORM=<myboard> CFG_STMM_PATH=BL32_AP_MM.fd CFG_RPMB_FS=y \
	CFG_RPMB_FS_DEV_ID=0 CFG_CORE_HEAP_SIZE=524288 CFG_RPMB_WRITE_KEY=y \
	CFG_CORE_HEAP_SIZE=524288 CFG_CORE_DYN_SHM=y CFG_RPMB_TESTKEY=y \
	CFG_REE_FS=n CFG_CORE_ARM64_PA_BITS=48 CFG_TEE_CORE_LOG_LEVEL=1 \
	CFG_TEE_TA_LOG_LEVEL=1 CFG_SCTLR_ALIGNMENT_CHECK=n

	.. warning::

	Check `caveats`_ regarding ``CFG_RPMB_WRITE_KEY`` before enabling it

	U-Boot Build instructions
	*************************

	Although the StandAloneMM binary comes from EDK2, using and storing the
	variables is currently available in U-Boot only.

	.. code-block:: bash

	$ git clone https://github.com/u-boot/u-boot.git
	$ cd u-boot
	$ export CROSS_COMPILE=aarch64-linux-gnu-
	$ export ARCH=<arch>
	$ make <myboard>_defconfig
	$ make menuconfig

	Enable ``CONFIG_OPTEE``, ``CONFIG_CMD_OPTEE_RPMB`` and ``CONFIG_EFI_MM_COMM_TEE``

	.. code-block:: bash

	$ make -j `nproc`


	.. warning::

	- Your OP-TEE platform port must support Dynamic shared memory, since that's
	the only kind of memory U-Boot supports for now.

	.. _caveats: https://optee.readthedocs.io/en/latest/architecture/secure_storage.html#important-caveats