commit 9d689088f8299ee5d0f6c1970b2e0e8d2a2e83f8
author David Vincze <david.vincze@arm.com> Mon Oct 21 16:23:19 2024 +0000
committer David Vincze <david.vincze@arm.com> Fri Oct 25 12:47:42 2024 +0000
tree b2c1aae8be4d8e1b7673b1644ae9d2b4db56ec4c
parent 378afbb5117a4c528f65ac62a215d2f5c2e3017f

tc: Update rse_revision to 2fe1f7e for TC3

Upgrade the rse_revision to use more recent pre-built RSE
firmware images. Use ECDSA signatures instead of RSA, these
images are verified in the BL2 stage of RSE (ECDSA became the
default signature algorithm for RSE in TF-M).

Change-Id: I6eb24bdb74ea66f537c7b87e932d1bc0e43e5ed8
Signed-off-by: David Vincze <david.vincze@arm.com>

run_config/fvp-fip.tc.tftf

diff --git a/run_config/fvp-fip.tc.tftf b/run_config/fvp-fip.tc.tftf
index 6bc2831..aecc23f 100644
--- a/run_config/fvp-fip.tc.tftf
+++ b/run_config/fvp-fip.tc.tftf
@@ -25,7 +25,7 @@
 	# sign AP bl1
 	sign_image bl1.bin $ap_bl1_flash_load_addr $ap_bl1_flash_size
 
-	# Update FIP with pre-built RSS binaries and signed AP BL1 to create host flash fip image
+	# Update FIP with pre-built RSE binaries and signed AP BL1 to create host flash fip image
 	update_fip
 
 	# Create GPT image

run_config/tc_rse_utils.sh

diff --git a/run_config/tc_rse_utils.sh b/run_config/tc_rse_utils.sh
index 4cf108c..f81eab0 100644
--- a/run_config/tc_rse_utils.sh
+++ b/run_config/tc_rse_utils.sh
@@ -16,12 +16,18 @@
 	host_binary_layout="`basename -s .bin ${1}`_ns"
 
 	# development PEM containing a key - use same key which is used for SCP BL1 in pre-built image
-	url="$tc_prebuilts/tc$plat_variant/root-RSA-3072.pem" saveas="root-RSA-3072.pem" fetch_file
-	archive_file "root-RSA-3072.pem"
+	if [ $plat_variant -eq 2 ]; then
+		url="$tc_prebuilts/tc$plat_variant/root-RSA-3072.pem" saveas="root-RSA-3072.pem" fetch_file
+		archive_file "root-RSA-3072.pem"
+		RSE_SIGN_PRIVATE_KEY=$archive/root-RSA-3072.pem
+	elif [ $plat_variant -eq 3 ]; then
+		url="$tc_prebuilts/tc$plat_variant/root-EC-P256.pem" saveas="root-EC-P256.pem" fetch_file
+		archive_file "root-EC-P256.pem"
+		RSE_SIGN_PRIVATE_KEY=$archive/root-EC-P256.pem
+	fi
 
-	RSE_SIGN_PRIVATE_KEY=$archive/root-RSA-3072.pem
 	RSE_SEC_CNTR_INIT_VAL=1
-	RSE_LAYOUT_WRAPPER_VERSION="1.5.0"
+	RSE_LAYOUT_WRAPPER_VERSION="2.1.0"
 
 	cat << EOF > $tmpdir/$host_binary_layout
 enum image_attributes {

tc_utils.sh

diff --git a/tc_utils.sh b/tc_utils.sh
index a310f80..b5441bc 100644
--- a/tc_utils.sh
+++ b/tc_utils.sh
@@ -28,7 +28,7 @@
 if [ $plat_variant -eq 2 ]; then
 	rse_revision="4ab7a20d"
 elif [ $plat_variant -eq 3 ]; then
-	rse_revision="cd8ece72a"
+	rse_revision="2fe1f7e"
 elif [ $plat_variant -eq 4 ]; then
 	rse_revision="213c553bf"
 fi