| Ilias Apalodimas | 4aa6a9f | 2021-03-29 17:36:51 +0300 | [diff] [blame] | 1 | .. _stmm: |
| 2 | |
| 3 | ############ |
| 4 | StandAloneMM |
| 5 | ############ |
| 6 | |
| 7 | StandAlomeMM is a PE/COFF binary produced by EDK2. For Arm platforms we |
| 8 | can compile and use it, in combination with OP-TEE to store EFI variables |
| 9 | in and RPMB partition of our eMMC. |
| 10 | |
| 11 | EDK2 Build instructions |
| 12 | *********************** |
| 13 | |
| 14 | .. code-block:: bash |
| 15 | |
| 16 | $ git clone https://github.com/tianocore/edk2.git |
| 17 | $ git clone https://github.com/tianocore/edk2-platforms.git |
| 18 | $ cd edk2 |
| 19 | $ git submodule init && git submodule update --init --recursive |
| 20 | $ cd .. |
| 21 | $ export WORKSPACE=$(pwd) |
| 22 | $ export PACKAGES_PATH=$WORKSPACE/edk2:$WORKSPACE/edk2-platforms |
| 23 | $ export ACTIVE_PLATFORM="Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc" |
| 24 | $ export GCC5_AARCH64_PREFIX=aarch64-linux-gnu- |
| 25 | $ source edk2/edksetup.sh |
| 26 | $ make -C edk2/BaseTools |
| 27 | $ build -p $ACTIVE_PLATFORM -b RELEASE -a AARCH64 -t GCC5 -n `nproc` |
| 28 | |
| 29 | OP-TEE Build instructions |
| 30 | ************************* |
| 31 | |
| 32 | .. code-block:: bash |
| 33 | |
| 34 | $ git clone https://github.com/OP-TEE/optee_os.git |
| 35 | $ cd optee_os |
| 36 | $ ln -s ../Build/MmStandaloneRpmb/RELEASE_GCC5/FV/BL32_AP_MM.fd |
| 37 | $ export ARCH=arm |
| 38 | $ CROSS_COMPILE32=arm-linux-gnueabihf- make -j32 CFG_ARM64_core=y \ |
| 39 | PLATFORM=<myboard> CFG_STMM_PATH=BL32_AP_MM.fd CFG_RPMB_FS=y \ |
| Ilias Apalodimas | ef5f59e | 2021-12-27 10:01:38 +0200 | [diff] [blame^] | 40 | CFG_RPMB_FS_DEV_ID=0 CFG_CORE_HEAP_SIZE=524288 CFG_RPMB_WRITE_KEY=y \ |
| Ilias Apalodimas | 4aa6a9f | 2021-03-29 17:36:51 +0300 | [diff] [blame] | 41 | CFG_CORE_HEAP_SIZE=524288 CFG_CORE_DYN_SHM=y CFG_RPMB_TESTKEY=y \ |
| 42 | CFG_REE_FS=n CFG_CORE_ARM64_PA_BITS=48 CFG_TEE_CORE_LOG_LEVEL=1 \ |
| 43 | CFG_TEE_TA_LOG_LEVEL=1 CFG_SCTLR_ALIGNMENT_CHECK=n |
| 44 | |
| Ilias Apalodimas | 34bea56 | 2021-04-01 16:23:27 +0300 | [diff] [blame] | 45 | .. warning:: |
| 46 | |
| 47 | Check `caveats`_ regarding ``CFG_RPMB_WRITE_KEY`` before enabling it |
| 48 | |
| Ilias Apalodimas | 4aa6a9f | 2021-03-29 17:36:51 +0300 | [diff] [blame] | 49 | U-Boot Build instructions |
| 50 | ************************* |
| 51 | |
| 52 | Although the StandAloneMM binary comes from EDK2, using and storing the |
| 53 | variables is currently available in U-Boot only. |
| 54 | |
| 55 | .. code-block:: bash |
| 56 | |
| 57 | $ git clone https://github.com/u-boot/u-boot.git |
| 58 | $ cd u-boot |
| 59 | $ export CROSS_COMPILE=aarch64-linux-gnu- |
| 60 | $ export ARCH=<arch> |
| 61 | $ make <myboard>_defconfig |
| 62 | $ make menuconfig |
| 63 | |
| 64 | Enable ``CONFIG_OPTEE``, ``CONFIG_CMD_OPTEE_RPMB`` and ``CONFIG_EFI_MM_COMM_TEE`` |
| 65 | |
| 66 | .. code-block:: bash |
| 67 | |
| 68 | $ make -j `nproc` |
| 69 | |
| 70 | |
| 71 | .. warning:: |
| 72 | |
| 73 | - Your OP-TEE platform port must support Dynamic shared memory, since that's |
| 74 | the only kind of memory U-Boot supports for now. |
| Ilias Apalodimas | 34bea56 | 2021-04-01 16:23:27 +0300 | [diff] [blame] | 75 | |
| 76 | .. _caveats: https://optee.readthedocs.io/en/latest/architecture/secure_storage.html#important-caveats |