| Message ID | 20221024122725.383791-7-sven.schultschik@siemens.com (mailing list archive) |
|---|---|
| State | Handled Elsewhere |
| Headers | show |
| Series | Secureboot on QEMU with EDK2, OP-TEE and RPBM | expand |
On 24.10.22 14:27, sven.schultschik@siemens.com wrote: > From: Sven Schultschik <sven.schultschik@siemens.com> > > The u-boot-efi-ebg-op-tee-qemu kas file combines the different recipes to create an image which can be booted with qemu and provides secure boot with EBG, TFA, u-boot, UEFI, EDK2, OPTEE and RPMB > > Signed-off-by: Sven Schultschik <sven.schultschik@siemens.com> > --- > kas/opt/u-boot-efi-ebg-op-tee-qemu.yml | 11 +++++++++++ > 1 file changed, 11 insertions(+) > create mode 100644 kas/opt/u-boot-efi-ebg-op-tee-qemu.yml > > diff --git a/kas/opt/u-boot-efi-ebg-op-tee-qemu.yml b/kas/opt/u-boot-efi-ebg-op-tee-qemu.yml > new file mode 100644 > index 000000000..0558c8e79 > --- /dev/null > +++ b/kas/opt/u-boot-efi-ebg-op-tee-qemu.yml > @@ -0,0 +1,11 @@ > +header: > + version: 10 > + includes: > + - kas/board/qemu-arm64.yml > + - kas/opt/5.10.yml > + - kas/opt/bullseye.yml > + - kas/opt/ebg-secure-boot-snakeoil.yml > + > +local_conf_header: > + trusted-firmware-a-qemu-arm64: | > + IMAGE_INSTALL_append = " trusted-firmware-a-qemu-arm64" > \ No newline at end of file Why is this still needed? As discussed, we want to have (QEMU) u-boot with TFA and OPTEE when secure boot is selected. Jan
> > +local_conf_header: > > + trusted-firmware-a-qemu-arm64: | > > + IMAGE_INSTALL_append = " trusted-firmware-a-qemu-arm64" > > \ No newline at end of file > > Why is this still needed? As discussed, we want to have (QEMU) u-boot with TFA > and OPTEE when secure boot is selected. > Looking for the right spot to place the dependencie on TFA. Kas/board should be kept clean with only machine option set Kas/opt/ebd-secure-boot-snakeoil.yml should work for x86 as well for arm So creating a ebd-secure-boot-snakeoil-arm64.yml ? Or is there a pssoibility to add a "if machine qemu-arm64" to the ebd-secure-boot-snakeoil.yml? Adding it to the secure-boot-secrets.inc is not a good spot as well. No idea where to put it currently ...
On 07.11.22 11:43, Schultschik, Sven (DI PA DCP R&D 2) wrote: >>> +local_conf_header: >>> + trusted-firmware-a-qemu-arm64: | >>> + IMAGE_INSTALL_append = " trusted-firmware-a-qemu-arm64" >>> \ No newline at end of file >> >> Why is this still needed? As discussed, we want to have (QEMU) u-boot with TFA >> and OPTEE when secure boot is selected. >> > Looking for the right spot to place the dependencie on TFA. > Kas/board should be kept clean with only machine option set > Kas/opt/ebd-secure-boot-snakeoil.yml should work for x86 as well for arm > > So creating a ebd-secure-boot-snakeoil-arm64.yml ? > Or is there a pssoibility to add a "if machine qemu-arm64" to the ebd-secure-boot-snakeoil.yml? > Adding it to the secure-boot-secrets.inc is not a good spot as well. > > No idea where to put it currently ... We already have the override "secureboot". You can make the qemuarm64 specialties depend on that. Jan
diff --git a/kas/opt/u-boot-efi-ebg-op-tee-qemu.yml b/kas/opt/u-boot-efi-ebg-op-tee-qemu.yml new file mode 100644 index 000000000..0558c8e79 --- /dev/null +++ b/kas/opt/u-boot-efi-ebg-op-tee-qemu.yml @@ -0,0 +1,11 @@ +header: + version: 10 + includes: + - kas/board/qemu-arm64.yml + - kas/opt/5.10.yml + - kas/opt/bullseye.yml + - kas/opt/ebg-secure-boot-snakeoil.yml + +local_conf_header: + trusted-firmware-a-qemu-arm64: | + IMAGE_INSTALL_append = " trusted-firmware-a-qemu-arm64" \ No newline at end of file