commit 60de2746c78114503c095056acb0e4deb3e51f5f
author laurenw-arm <lauren.wehrmeister@arm.com> Wed Mar 08 10:50:15 2023 -0600
committer Manish V Badarkhe <manish.badarkhe@arm.com> Wed Mar 15 18:50:03 2023 +0100
tree da64e3016b76af9b8d6baf26a8c37ee54861a483
parent e4fd1ecfca671a5f2aa16db9edd766b35d58daeb

tc: update RSS binaries, flash layout, and signing

Use updated RSS binaries to build and run TC with new signing methods
for AP BL1 and fiptool update to build flash image with new layout.

Updating rss_flash to host_flash_fip for a better reflection
of new flash layout since this now includes AP fip.bin.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I0179d9799ef28f860b436dec5fccd04a71f102dc

run_config/fvp-linux.tc

diff --git a/run_config/fvp-linux.tc b/run_config/fvp-linux.tc
index ba469fb..4861b0c 100644
--- a/run_config/fvp-linux.tc
+++ b/run_config/fvp-linux.tc
@@ -39,7 +39,7 @@
 
 	        RSS_SIGN_PRIVATE_KEY=$archive/root-RSA-3072.pem
 	        RSS_SEC_CNTR_INIT_VAL=1
-	        RSS_LAYOUT_WRAPPER_VERSION="1.5.0"
+	        RSS_LAYOUT_WRAPPER_VERSION="1.7.0"
 
 		cat << EOF > $tmpdir/$host_binary_layout
 enum image_attributes {
@@ -71,7 +71,7 @@
 		        --align 1 \
 		        --pad \
 		        --pad-header \
-		        -H 0x1000 \
+		        -H 0x2000 \
 		        -s $RSS_SEC_CNTR_INIT_VAL \
 		        $archive/$host_bin  \
 		        $tmpdir/$signed_bin
@@ -82,30 +82,46 @@
 		popd
 	    }
 
-            inject_bl1() {
-                # Get pre-built rss rom
-                local prebuild_prefix=$tc_prebuilts/tc$plat_variant/$rss_revision
-                if [ ! -f "$archive/rss_rom.bin" ]; then
-                    url="$prebuild_prefix/rss_rom.bin" fetch_file
-		    archive_file "rss_rom.bin"
-		fi
+            update_fip() {
+		local prebuild_prefix=$tc_prebuilts/tc$plat_variant/$rss_revision
 
-		# Get pre-built rss flash
-		if [ ! -f "$archive/rss_flash.bin" ]; then
-		    url="$prebuild_prefix/rss_flash.bin" fetch_file
-		    archive_file "rss_flash.bin"
-		fi
+		# Get pre-built rss rom
+		url="$prebuild_prefix/rss_rom.bin" fetch_file
+		archive_file "rss_rom.bin"
 
-		# Inject signed AP bl1 into pre-built rss flash image bundle - both at primary and secondary locations.
-		dd if=$archive/$signed_bin of=$archive/rss_flash.bin  bs=1 seek=$((0x240000)) conv=notrunc status=progress
-		dd if=$archive/$signed_bin of=$archive/rss_flash.bin  bs=1 seek=$((0x340000)) conv=notrunc status=progress
+		# Get pre-built rss bl2 signed bin
+		url="$prebuild_prefix/bl2_signed.bin" fetch_file
+		archive_file "bl2_signed.bin"
+
+		# Get pre-built rss TF-M NS signed bin
+		url="$prebuild_prefix/tfm_ns_signed.bin" fetch_file
+		archive_file "tfm_ns_signed.bin"
+
+		# Get pre-built rss TF-M S signed bin
+		url="$prebuild_prefix/tfm_s_signed.bin" fetch_file
+		archive_file "tfm_s_signed.bin"
+
+		# Get pre-built SCP signed bin
+		url="$prebuild_prefix/scp_signed.bin" fetch_file
+		archive_file "scp_signed.bin"
+
+		# Create FIP layout
+		"$fiptool" update \
+			--align 8192 --rss-bl2 "$archive/bl2_signed.bin" \
+			--align 8192 --rss-ns "$archive/tfm_ns_signed.bin" \
+			--align 8192 --rss-s "$archive/tfm_s_signed.bin" \
+			--align 8192 --rss-scp-bl1 "$archive/scp_signed.bin" \
+			--align 8192 --rss-ap-bl1 "$archive/$signed_bin" \
+			--out "host_flash_fip.bin" \
+			"$archive/fip.bin"
+		archive_file "host_flash_fip.bin"
             }
 
             # sign AP bl1
 	    sign_image bl1.bin $ap_bl1_flash_load_addr $ap_bl1_flash_size
 
-	    # Inject signed bl1 to pre-built rss flash image
-	    inject_bl1
+	    # Update FIP with pre-built RSS binaries and signed AP BL1 to create host flash fip image
+	    update_fip
 	fi
 }