tc: update RSS binaries, flash layout, and signing
Use updated RSS binaries to build and run TC with new signing methods
for AP BL1 and fiptool update to build flash image with new layout.
Updating rss_flash to host_flash_fip for a better reflection
of new flash layout since this now includes AP fip.bin.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I0179d9799ef28f860b436dec5fccd04a71f102dc
diff --git a/fvp_utils.sh b/fvp_utils.sh
index ffc119c..6e0d802 100644
--- a/fvp_utils.sh
+++ b/fvp_utils.sh
@@ -400,7 +400,7 @@
[ramdisk]="initrd.bin|initrd.img"
[romlib]="romlib.bin"
[rootfs]="rootfs.bin"
- [rss_flash]="rss_flash.bin"
+ [host_flash_fip]="host_flash_fip.bin"
[rss_rom]="rss_rom.bin"
[scp_fw]="scp_fw.bin"
[scp_ram_hyphen]="scp-ram.bin"
@@ -447,7 +447,7 @@
[ramdisk]="$(fvp_gen_bin_url initrd.bin)"
[romlib]="$(fvp_gen_bin_url romlib.bin)"
[rootfs]="$(fvp_gen_bin_url rootfs.bin.gz)"
- [rss_flash]="$(fvp_gen_bin_url rss_flash.bin)"
+ [host_flash_fip]="$(fvp_gen_bin_url host_flash_fip.bin)"
[rss_rom]="$(fvp_gen_bin_url rss_rom.bin)"
[secure_hafnium]="$(fvp_gen_bin_url secure_hafnium.bin)"
[scp_fw]="$(fvp_gen_bin_url scp_fw.bin)"
@@ -499,7 +499,7 @@
["[= ]initrd.img"]="={RAMDISK}"
["[= ]romlib.bin"]="={ROMLIB}"
["[= ]rootfs.bin"]="={ROOTFS}"
- ["[= ]rss_flash.bin"]="={RSS_FLASH}"
+ ["[= ]host_flash_fip.bin"]="={HOST_FLASH_FIP}"
["[= ]rss_rom.bin"]="={RSS_ROM}"
["[= ].*/secure_hafnium.bin"]="={SECURE_HAFNIUM}"
["[= ]scp_fw.bin"]="={SCP_FW}"
diff --git a/model/tc2.sh b/model/tc2.sh
index 97ce774..248a3fb 100644
--- a/model/tc2.sh
+++ b/model/tc2.sh
@@ -15,7 +15,7 @@
-C board.terminal_0.start_port=5004
-C board.terminal_1.start_port=5005
-${fip_bin+-C board.flashloader0.fname=$fip_bin}
+${fip_bin+-C board.flashloader0.fname=$host_flash_fip_bin}
${initrd_bin+--data board.dram=$initrd_bin@${initrd_addr:?}}
${kernel_bin+--data board.dram=$kernel_bin@${kernel_addr:?}}
${uart0_out+-C soc.pl011_uart0.out_file=$uart0_out}
@@ -24,7 +24,6 @@
${uart1_out+-C soc.pl011_uart1.unbuffered_output=1}
-C displayController=2
${rss_rom_bin+--data css.rss.cpu=$rss_rom_bin@${rss_rom_addr:?}}
-${rss_flash_bin+--data css.rss.cpu=$rss_flash_bin@${rss_flash_addr:?}}
${vmmaddrwidth+-C css.rss.VMADDRWIDTH=$vmmaddrwidth}
${rvbaddr_lw+-C css.scp.c0_pik.rvbaraddr_lw=$rvbaddr_lw}
${rvbaddr_up+-C css.scp.c0_pik.rvbaraddr_up=$rvbaddr_up}
diff --git a/run_config/fvp-linux.tc b/run_config/fvp-linux.tc
index ba469fb..4861b0c 100644
--- a/run_config/fvp-linux.tc
+++ b/run_config/fvp-linux.tc
@@ -39,7 +39,7 @@
RSS_SIGN_PRIVATE_KEY=$archive/root-RSA-3072.pem
RSS_SEC_CNTR_INIT_VAL=1
- RSS_LAYOUT_WRAPPER_VERSION="1.5.0"
+ RSS_LAYOUT_WRAPPER_VERSION="1.7.0"
cat << EOF > $tmpdir/$host_binary_layout
enum image_attributes {
@@ -71,7 +71,7 @@
--align 1 \
--pad \
--pad-header \
- -H 0x1000 \
+ -H 0x2000 \
-s $RSS_SEC_CNTR_INIT_VAL \
$archive/$host_bin \
$tmpdir/$signed_bin
@@ -82,30 +82,46 @@
popd
}
- inject_bl1() {
- # Get pre-built rss rom
- local prebuild_prefix=$tc_prebuilts/tc$plat_variant/$rss_revision
- if [ ! -f "$archive/rss_rom.bin" ]; then
- url="$prebuild_prefix/rss_rom.bin" fetch_file
- archive_file "rss_rom.bin"
- fi
+ update_fip() {
+ local prebuild_prefix=$tc_prebuilts/tc$plat_variant/$rss_revision
- # Get pre-built rss flash
- if [ ! -f "$archive/rss_flash.bin" ]; then
- url="$prebuild_prefix/rss_flash.bin" fetch_file
- archive_file "rss_flash.bin"
- fi
+ # Get pre-built rss rom
+ url="$prebuild_prefix/rss_rom.bin" fetch_file
+ archive_file "rss_rom.bin"
- # Inject signed AP bl1 into pre-built rss flash image bundle - both at primary and secondary locations.
- dd if=$archive/$signed_bin of=$archive/rss_flash.bin bs=1 seek=$((0x240000)) conv=notrunc status=progress
- dd if=$archive/$signed_bin of=$archive/rss_flash.bin bs=1 seek=$((0x340000)) conv=notrunc status=progress
+ # Get pre-built rss bl2 signed bin
+ url="$prebuild_prefix/bl2_signed.bin" fetch_file
+ archive_file "bl2_signed.bin"
+
+ # Get pre-built rss TF-M NS signed bin
+ url="$prebuild_prefix/tfm_ns_signed.bin" fetch_file
+ archive_file "tfm_ns_signed.bin"
+
+ # Get pre-built rss TF-M S signed bin
+ url="$prebuild_prefix/tfm_s_signed.bin" fetch_file
+ archive_file "tfm_s_signed.bin"
+
+ # Get pre-built SCP signed bin
+ url="$prebuild_prefix/scp_signed.bin" fetch_file
+ archive_file "scp_signed.bin"
+
+ # Create FIP layout
+ "$fiptool" update \
+ --align 8192 --rss-bl2 "$archive/bl2_signed.bin" \
+ --align 8192 --rss-ns "$archive/tfm_ns_signed.bin" \
+ --align 8192 --rss-s "$archive/tfm_s_signed.bin" \
+ --align 8192 --rss-scp-bl1 "$archive/scp_signed.bin" \
+ --align 8192 --rss-ap-bl1 "$archive/$signed_bin" \
+ --out "host_flash_fip.bin" \
+ "$archive/fip.bin"
+ archive_file "host_flash_fip.bin"
}
# sign AP bl1
sign_image bl1.bin $ap_bl1_flash_load_addr $ap_bl1_flash_size
- # Inject signed bl1 to pre-built rss flash image
- inject_bl1
+ # Update FIP with pre-built RSS binaries and signed AP BL1 to create host flash fip image
+ update_fip
fi
}
diff --git a/tc_utils.sh b/tc_utils.sh
index 36194a6..20814da 100644
--- a/tc_utils.sh
+++ b/tc_utils.sh
@@ -20,14 +20,13 @@
scp_ram_addr=0x0bd80000
rss_rom_addr=0x11000000
-rss_flash_addr=0x31000000
vmmaddrwidth=23
-rvbaddr_lw=0x1000
+rvbaddr_lw=0x0000
rvbaddr_up=0x0000
# AP bl1 0x00 is mapped to 0x70000000 in RSS memory map
ap_bl1_flash_load_addr=0x70000000
-ap_bl1_flash_size=0x20000
+ap_bl1_flash_size=0x80000
rss_revision="199e090f8"
# Hafnium build repo containing Secure hafnium binaries