• Home
  • Raw
  • Download

Lines Matching +full:- +full:- +full:bin

4 The Trusted Firmware-A port for the i.MX7Solo WaRP7 implements BL2 at EL3.
6 This functionality provides a mechanism for establishing a root-of-trust from
7 the reset vector to the command-line in user-space.
10 ---------
12 BootROM --> TF-A BL2 --> BL32(OP-TEE) --> BL33(U-Boot) --> Linux
14 In the WaRP7 port we encapsulate OP-TEE, DTB and U-Boot into a FIP. This FIP is
18 ------------------
20 We need to use a file generated by u-boot in order to generate a .imx image the
21 BootROM will boot. It is therefore _required_ to build u-boot before TF-A and
22 furthermore it is _recommended_ to use the mkimage in the u-boot/tools directory
23 to generate the TF-A .imx image.
25 U-Boot
28 https://git.linaro.org/landing-teams/working/mbl/u-boot.git
32     git checkout -b rms-atf-optee-uboot linaro-mbl/rms-atf-optee-uboot
34     make u-boot.imx arch=ARM CROSS_COMPILE=arm-linux-gnueabihf-
36 OP-TEE
39 https://github.com/OP-TEE/optee_os.git
43 …make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- PLATFORM=imx PLATFORM_FLAVOR=mx7swarp7 ARCH=arm C…
45 TF-A
48 https://github.com/ARM-software/arm-trusted-firmware.git
50 The following commands assume that a directory exits in the top-level TFA build
53 - u-boot.bin
54   The binary output from the u-boot instructions above
56 - tee-header_v2.bin
57 - tee-pager_v2.bin
58 - tee-pageable_v2.bin
68     cp /path/to/optee/out/arm-plat-imx/core/tee-header_v2.bin fiptool_images
69     cp /path/to/optee/out/arm-plat-imx/core/tee-pager_v2.bin fiptool_images
70     cp /path/to/optee/out/arm-plat-imx/core/tee-pageable_v2.bin fiptool_images
75          NEED_BL32=yes BL32=fiptool_images/tee-header_v2.bin \
76          BL32_EXTRA1=fiptool_images/tee-pager_v2.bin \
77          BL32_EXTRA2=fiptool_images/tee-pageable_v2.bin \
78          BL33=fiptool_images/u-boot.bin certificates all
80 …ath/to/u-boot/tools/mkimage -n /path/to/u-boot/u-boot.cfgout -T imximage -e 0x9df00000 -d ./build/…
87     cp /path/to/uboot/u-boot.bin fiptool_images
88     cp /path/to/linux/arch/boot/dts/imx7s-warp.dtb fiptool_images
90     tools/cert_create/cert_create -n --rot-key "build/warp7/debug/rot_key.pem" \
91                --tfw-nvctr 0 \
92                --ntfw-nvctr 0 \
93                --trusted-key-cert fiptool_images/trusted-key-cert.key-crt \
94                --tb-fw=build/warp7/debug/bl2.bin \
95                --tb-fw-cert fiptool_images/trusted-boot-fw.key-crt\
96                --tos-fw fiptool_images/tee-header_v2.bin \
97                --tos-fw-cert fiptool_images/tee-header_v2.bin.crt \
98                --tos-fw-key-cert fiptool_images/tee-header_v2.bin.key-crt \
99                --tos-fw-extra1 fiptool_images/tee-pager_v2.bin \
100                --tos-fw-extra2 fiptool_images/tee-pageable_v2.bin \
101                --nt-fw fiptool_images/u-boot.bin \
102                --nt-fw-cert fiptool_images/u-boot.bin.crt \
103                --nt-fw-key-cert fiptool_images/u-boot.bin.key-crt \
104                --hw-config fiptool_images/imx7s-warp.dtb
106     tools/fiptool/fiptool create --tos-fw fiptool_images/tee-header_v2.bin \
107               --tos-fw-extra1 fiptool_images/tee-pager_v2.bin \
108               --tos-fw-extra2 fiptool_images/tee-pageable_v2.bin \
109               --nt-fw fiptool_images/u-boot.bin \
110               --hw-config fiptool_images/imx7s-warp.dtb \
111               --tos-fw-cert fiptool_images/tee-header_v2.bin.crt \
112               --tos-fw-key-cert fiptool_images/tee-header_v2.bin.key-crt \
113               --nt-fw-cert fiptool_images/u-boot.bin.crt \
114               --nt-fw-key-cert fiptool_images/u-boot.bin.key-crt \
115               --trusted-key-cert fiptool_images/trusted-key-cert.key-crt \
116               --tb-fw-cert fiptool_images/trusted-boot-fw.key-crt warp7.fip
119 -------------
121 First place the WaRP7 into UMS mode in u-boot this should produce an entry in
122 /dev like /dev/disk/by-id/usb-Linux_UMS_disk_0_WaRP7-0xf42400d3000001d4-0\:0
135 …sudo dd if=bl2.bin.imx of=/dev/disk/by-id/usb-Linux_UMS_disk_0_WaRP7-0xf42400d3000001d4-0\:0 bs=51…
137 …sudo dd if=./warp7.fip of=/dev/disk/by-id/usb-Linux_UMS_disk_0_WaRP7-0xf42400d3000001d4-0\:0 bs=51…
143     sudo umount /dev/disk/by-id/usb-Linux_UMS_disk_0_WaRP7-0xf42400d3000001d4-0\:0*
147 -----------
153 https://github.com/bryanodonoghue/atf-code-signing
156 hard-coding data into your CSF files.
159 arm-trusted-firmware top-level directory.
163     #!/bin/bash
167     BL2_IMX=bl2.bin.imx
168     CST_PATH=/path/to/cst-2.3.2
172     rm -rf ${TEMP}
176 …/path/to/u-boot/tools/mkimage -n u-boot.cfgout.warp7 -T imximage -e 0x9df00000 -d ./build/warp7/de…
179     cp build/warp7/debug/bl2.bin.imx ${TEMP}
187     # Copy signed BL2 to top-level directory
188     cp ${TEMP}/${BL2_IMX}-signed .
192 The resulting bl2.bin.imx-signed can replace bl2.bin.imx in the Deploy
197 1. Followed all previous steps above and verify a non-secure ATF boot
201 5. Replace bl2.bin.imx with bl2.bin.imx-signed
202 6. Verify inside u-boot that "hab_status" shows no events
205 If you have HAB events @ step 6 - do not lock your board.
207 To get a good over-view of generating keys and programming the fuses on the
210 https://boundarydevices.com/high-assurance-boot-hab-dummies/