refactor: change all occurrences of RSS to RSE
The Runtime Security Subsytem (RSS) was renamed to Runtime Security
Engine (RSE). Change all occurrences of "RSS"/"rss" in the code and file
names to "RSE"/"rse".
The related changes in TF-A can be found under the "rss_rse_rename"
topic: https://review.trustedfirmware.org/q/topic:%22rss_rse_rename%22
Change-Id: Icd72ff3ed2d63e87d84baadfab02ccf75a545d08
Signed-off-by: David Vincze <david.vincze@arm.com>
diff --git a/expect-lava/crash_passed_test.exp b/expect-lava/crash_passed_test.exp
index 1668c31..be4f8bd 100644
--- a/expect-lava/crash_passed_test.exp
+++ b/expect-lava/crash_passed_test.exp
@@ -1,9 +1,9 @@
#
-# Copyright (c) 2023, Arm Limited. All rights reserved.
+# Copyright (c) 2023-2024, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
-# Expect script for AP/RSS non-volatile counter platform test
+# Expect script for AP/RSE non-volatile counter platform test
#
expect_string+=('i;Platform tests succeeded.;;Platform tests failed.')
diff --git a/expect/crash_passed_test.exp b/expect/crash_passed_test.exp
index d9907e3..efcddf7 100644
--- a/expect/crash_passed_test.exp
+++ b/expect/crash_passed_test.exp
@@ -1,9 +1,9 @@
#
-# Copyright (c) 2023, Arm Limited. All rights reserved.
+# Copyright (c) 2023-2024, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
-# Expect script for AP/RSS non-volatile counter platform test
+# Expect script for AP/RSE non-volatile counter platform test
#
source [file join [file dirname [info script]] handle-arguments.inc]
diff --git a/fvp_utils.sh b/fvp_utils.sh
index 0b3f0a8..266b11e 100644
--- a/fvp_utils.sh
+++ b/fvp_utils.sh
@@ -326,9 +326,9 @@
[romlib]="romlib.bin"
[rootfs]="rootfs.bin"
[host_flash_fip]="host_flash_fip.bin"
- [rss_rom]="rss_rom.bin"
- [rss_encrypted_cm_provisioning_bundle_0]="rss_encrypted_cm_provisioning_bundle_0.bin"
- [rss_encrypted_dm_provisioning_bundle]="rss_encrypted_dm_provisioning_bundle.bin"
+ [rse_rom]="rse_rom.bin"
+ [rse_encrypted_cm_provisioning_bundle_0]="rse_encrypted_cm_provisioning_bundle_0.bin"
+ [rse_encrypted_dm_provisioning_bundle]="rse_encrypted_dm_provisioning_bundle.bin"
[scp_fw]="scp_fw.bin"
[scp_ram_hyphen]="scp-ram.bin"
[scp_ram]="scp_ram.bin"
@@ -376,9 +376,9 @@
[romlib]="$(gen_bin_url romlib.bin)"
[rootfs]="$(gen_bin_url rootfs.bin.gz)"
[host_flash_fip]="$(gen_bin_url host_flash_fip.bin)"
- [rss_rom]="$(gen_bin_url rss_rom.bin)"
- [rss_encrypted_cm_provisioning_bundle_0]="$(gen_bin_url rss_encrypted_cm_provisioning_bundle_0.bin)"
- [rss_encrypted_dm_provisioning_bundle]="$(gen_bin_url rss_encrypted_dm_provisioning_bundle.bin)"
+ [rse_rom]="$(gen_bin_url rse_rom.bin)"
+ [rse_encrypted_cm_provisioning_bundle_0]="$(gen_bin_url rse_encrypted_cm_provisioning_bundle_0.bin)"
+ [rse_encrypted_dm_provisioning_bundle]="$(gen_bin_url rse_encrypted_dm_provisioning_bundle.bin)"
[secure_hafnium]="$(gen_bin_url secure_hafnium.bin)"
[scp_fw]="$(gen_bin_url scp_fw.bin)"
[scp_ram]="$(gen_bin_url scp_ram.bin)"
@@ -431,9 +431,9 @@
["[= ]romlib.bin"]="={ROMLIB}"
["[= ]rootfs.bin"]="={ROOTFS}"
["[= ]host_flash_fip.bin"]="={HOST_FLASH_FIP}"
- ["[= ]rss_rom.bin"]="={RSS_ROM}"
- ["[= ]rss_encrypted_cm_provisioning_bundle_0.bin"]="={RSS_ENCRYPTED_CM_PROVISIONING_BUNDLE_0}"
- ["[= ]rss_encrypted_dm_provisioning_bundle.bin"]="={RSS_ENCRYPTED_DM_PROVISIONING_BUNDLE}"
+ ["[= ]rse_rom.bin"]="={RSE_ROM}"
+ ["[= ]rse_encrypted_cm_provisioning_bundle_0.bin"]="={RSE_ENCRYPTED_CM_PROVISIONING_BUNDLE_0}"
+ ["[= ]rse_encrypted_dm_provisioning_bundle.bin"]="={RSE_ENCRYPTED_DM_PROVISIONING_BUNDLE}"
["[= ].*/secure_hafnium.bin"]="={SECURE_HAFNIUM}"
["[= ]scp_fw.bin"]="={SCP_FW}"
["[= ]scp_ram.bin"]="={SCP_RAM}"
diff --git a/group/tf-l2-boot-tests-arm-plats/fvp-tbb-tc2-mb:fvp-tc.crash-linux.tc-fip.tc-tc2-debug b/group/tf-l2-boot-tests-arm-plats/fvp-tbb-tc2-mb:fvp-tc.crash-linux.tc-fip.tc-tc2-debug
index 7d8ea4a..2ea94c3 100644
--- a/group/tf-l2-boot-tests-arm-plats/fvp-tbb-tc2-mb:fvp-tc.crash-linux.tc-fip.tc-tc2-debug
+++ b/group/tf-l2-boot-tests-arm-plats/fvp-tbb-tc2-mb:fvp-tc.crash-linux.tc-fip.tc-tc2-debug
@@ -1,9 +1,9 @@
#
-# Copyright (c) 2023 Arm Limited. All rights reserved.
+# Copyright (c) 2023-2024 Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
# Note that this uses the fvp-linux.tc run fragment, which does not actually boot to linux,
-# as it is the only way to get an image signed and assembled correctly for rss to boot it.
+# as it is the only way to get an image signed and assembled correctly for RSE to boot it.
# If this is resolved at some point, that frament should be removed.
diff --git a/model/tc2.sh b/model/tc2.sh
index 735fd26..812044a 100644
--- a/model/tc2.sh
+++ b/model/tc2.sh
@@ -15,10 +15,10 @@
${fip_gpt_bin+-C board.flashloader0.fname=$fip_gpt_bin}
${tc_fitimage_bin+--data board.dram=$tc_fitimage_bin@0x20000000}
${vmmaddrwidth+-C css.rss.VMADDRWIDTH=$vmmaddrwidth}
-${rss_rom_bin+-C css.rss.rom.raw_image=$rss_rom_bin}
+${rse_rom_bin+-C css.rss.rom.raw_image=$rse_rom_bin}
-C displayController=2
-C css.rss.CMU0_NUM_DB_CH=16
-C css.rss.CMU1_NUM_DB_CH=16
-${rss_encrypted_cm_provisioning_bundle_0_bin+--data css.rss.sram0=${rss_encrypted_cm_provisioning_bundle_0_bin}@0x400}
-${rss_encrypted_dm_provisioning_bundle_bin+--data css.rss.sram1=${rss_encrypted_dm_provisioning_bundle_bin}@0x80000}
+${rse_encrypted_cm_provisioning_bundle_0_bin+--data css.rss.sram0=${rse_encrypted_cm_provisioning_bundle_0_bin}@0x400}
+${rse_encrypted_dm_provisioning_bundle_bin+--data css.rss.sram1=${rse_encrypted_dm_provisioning_bundle_bin}@0x80000}
EOF
diff --git a/run_config/fvp-linux.tc b/run_config/fvp-linux.tc
index 048a9fe..188110e 100644
--- a/run_config/fvp-linux.tc
+++ b/run_config/fvp-linux.tc
@@ -4,7 +4,7 @@
#
# SPDX-License-Identifier: BSD-3-Clause
#
-source "$ci_root/run_config/tc_rss_utils.sh"
+source "$ci_root/run_config/tc_rse_utils.sh"
fetch_tf_resource() {
image="kernel" type="tc-kernel" get_boot_image
@@ -20,18 +20,18 @@
archive_file "scp_rom.bin"
fi
- # RSS is applicable to TC2
+ # RSE is applicable to TC2
if [ $plat_variant -eq 2 ]; then
- # Hold RSS terminal_uart_ap
+ # Hold RSE terminal_uart_ap
uart="1" port="5003" file="hold_uart.exp" track_expect
- get_rss_prov_bins
+ get_rse_prov_bins
# sign AP bl1
sign_image bl1.bin $ap_bl1_flash_load_addr $ap_bl1_flash_size
- # Update FIP with pre-built RSS binaries and signed AP BL1 to create host flash fip image
+ # Update FIP with pre-built RSE binaries and signed AP BL1 to create host flash fip image
update_fip
# Create GPT image
diff --git a/run_config/fvp-tc.spm.tftf b/run_config/fvp-tc.spm.tftf
index 09bdb30..552a52e 100644
--- a/run_config/fvp-tc.spm.tftf
+++ b/run_config/fvp-tc.spm.tftf
@@ -5,7 +5,7 @@
# SPDX-License-Identifier: BSD-3-Clause
#
-source "$ci_root/run_config/tc_rss_utils.sh"
+source "$ci_root/run_config/tc_rse_utils.sh"
post_tf_build() {
if [ ! -f "$archive/scp_ram.bin" ]; then
@@ -17,10 +17,10 @@
}
fetch_tf_resource() {
- # RSS output is printed to UART 2 so track it.
+ # RSE output is printed to UART 2 so track it.
uart="1" port="5003" file="hold_uart.exp" track_expect
- get_rss_prov_bins
+ get_rse_prov_bins
sign_image bl1.bin $ap_bl1_flash_load_addr $ap_bl1_flash_size
diff --git a/run_config/tc_rse_utils.sh b/run_config/tc_rse_utils.sh
new file mode 100644
index 0000000..7606e7b
--- /dev/null
+++ b/run_config/tc_rse_utils.sh
@@ -0,0 +1,107 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2023-2024, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+sign_image() {
+ # $1 ... host binary name to sign
+ # $2 ... image load address
+ # $3 ... signed bin size
+
+ local tmpdir="$(mktempdir)"
+ host_bin="`basename ${1}`"
+ signed_bin="signed_`basename ${1}`"
+ host_binary_layout="`basename -s .bin ${1}`_ns"
+
+ # development PEM containing a key - use same key which is used for SCP BL1 in pre-built image
+ url="$tc_prebuilts/tc$plat_variant/root-RSA-3072.pem" saveas="root-RSA-3072.pem" fetch_file
+ archive_file "root-RSA-3072.pem"
+
+ RSE_SIGN_PRIVATE_KEY=$archive/root-RSA-3072.pem
+ RSE_SEC_CNTR_INIT_VAL=1
+ RSE_LAYOUT_WRAPPER_VERSION="1.5.0"
+
+ cat << EOF > $tmpdir/$host_binary_layout
+enum image_attributes {
+ RE_IMAGE_LOAD_ADDRESS = $2,
+ RE_SIGN_BIN_SIZE = $3,
+};
+EOF
+
+ if [ ! -f $archive/$host_bin ]; then
+ echo "$archive/$host_bin does not exist. Aborting...!"
+ exit 1
+ fi
+
+ echo "Signing `basename ${1}`"
+ # Get mcuboot
+ git clone "https://github.com/mcu-tools/mcuboot.git" $tmpdir/mcuboot
+ # Fetch wrapper script
+ saveas="$tmpdir" url="$tc_prebuilts/tc$plat_variant/wrapper_scripts" fetch_directory
+
+ echo "Installing dependencies..."
+ pip3 install cryptography cbor2 intelhex pyyaml
+
+ pushd $tmpdir/mcuboot/scripts
+ python3 $tmpdir/wrapper_scripts/wrapper/wrapper.py \
+ -v $RSE_LAYOUT_WRAPPER_VERSION \
+ --layout $tmpdir/$host_binary_layout \
+ -k $RSE_SIGN_PRIVATE_KEY \
+ --public-key-format full \
+ --align 1 \
+ --pad \
+ --pad-header \
+ -H 0x2000 \
+ -s $RSE_SEC_CNTR_INIT_VAL \
+ $archive/$host_bin \
+ $tmpdir/$signed_bin
+
+ echo "created signed_`basename ${1}`"
+ url="$tmpdir/$signed_bin" saveas="$signed_bin" fetch_file
+ archive_file "$signed_bin"
+ popd
+}
+
+update_fip() {
+ local prebuild_prefix=$tc_prebuilts/tc$plat_variant/$rse_revision
+
+ # Get pre-built rse rom
+ url="$prebuild_prefix/rse_rom.bin" fetch_file
+ archive_file "rse_rom.bin"
+
+ # Get pre-built rse bl2 signed bin
+ url="$prebuild_prefix/rse_bl2_signed.bin" fetch_file
+ archive_file "rse_bl2_signed.bin"
+
+ # Get pre-built rse TF-M S signed bin
+ url="$prebuild_prefix/rse_s_signed.bin" fetch_file
+ archive_file "rse_s_signed.bin"
+
+ # Get pre-built SCP signed bin
+ url="$prebuild_prefix/signed_scp_romfw.bin" fetch_file
+ archive_file "signed_scp_romfw.bin"
+
+ # Create FIP layout
+ "$fiptool" update \
+ --align 8192 --rse-bl2 "$archive/rse_bl2_signed.bin" \
+ --align 8192 --rse-s "$archive/rse_s_signed.bin" \
+ --align 8192 --rse-scp-bl1 "$archive/signed_scp_romfw.bin" \
+ --align 8192 --rse-ap-bl1 "$archive/$signed_bin" \
+ --out "host_flash_fip.bin" \
+ "$archive/fip.bin"
+ archive_file "host_flash_fip.bin"
+}
+
+get_rse_prov_bins() {
+ local prebuild_prefix=$tc_prebuilts/tc$plat_variant/$rse_revision
+
+ # Get pre-built rse rse_encrypted_cm_provisioning_bundle_0 bin
+ url="$prebuild_prefix/rse_encrypted_cm_provisioning_bundle_0.bin" fetch_file
+ archive_file "rse_encrypted_cm_provisioning_bundle_0.bin"
+
+ # Get pre-built rse rse_encrypted_dm_provisioning_bundle bin
+ url="$prebuild_prefix/rse_encrypted_dm_provisioning_bundle.bin" fetch_file
+ archive_file "rse_encrypted_dm_provisioning_bundle.bin"
+}
diff --git a/run_config/tc_rss_utils.sh b/run_config/tc_rss_utils.sh
deleted file mode 100644
index 1cafe08..0000000
--- a/run_config/tc_rss_utils.sh
+++ /dev/null
@@ -1,107 +0,0 @@
-#!/usr/bin/env bash
-#
-# Copyright (c) 2023-2024, Arm Limited. All rights reserved.
-#
-# SPDX-License-Identifier: BSD-3-Clause
-#
-
-sign_image() {
- # $1 ... host binary name to sign
- # $2 ... image load address
- # $3 ... signed bin size
-
- local tmpdir="$(mktempdir)"
- host_bin="`basename ${1}`"
- signed_bin="signed_`basename ${1}`"
- host_binary_layout="`basename -s .bin ${1}`_ns"
-
- # development PEM containing a key - use same key which is used for SCP BL1 in pre-built image
- url="$tc_prebuilts/tc$plat_variant/root-RSA-3072.pem" saveas="root-RSA-3072.pem" fetch_file
- archive_file "root-RSA-3072.pem"
-
- RSS_SIGN_PRIVATE_KEY=$archive/root-RSA-3072.pem
- RSS_SEC_CNTR_INIT_VAL=1
- RSS_LAYOUT_WRAPPER_VERSION="1.5.0"
-
- cat << EOF > $tmpdir/$host_binary_layout
-enum image_attributes {
- RE_IMAGE_LOAD_ADDRESS = $2,
- RE_SIGN_BIN_SIZE = $3,
-};
-EOF
-
- if [ ! -f $archive/$host_bin ]; then
- echo "$archive/$host_bin does not exist. Aborting...!"
- exit 1
- fi
-
- echo "Signing `basename ${1}`"
- # Get mcuboot
- git clone "https://github.com/mcu-tools/mcuboot.git" $tmpdir/mcuboot
- # Fetch wrapper script
- saveas="$tmpdir" url="$tc_prebuilts/tc$plat_variant/wrapper_scripts" fetch_directory
-
- echo "Installing dependencies..."
- pip3 install cryptography cbor2 intelhex pyyaml
-
- pushd $tmpdir/mcuboot/scripts
- python3 $tmpdir/wrapper_scripts/wrapper/wrapper.py \
- -v $RSS_LAYOUT_WRAPPER_VERSION \
- --layout $tmpdir/$host_binary_layout \
- -k $RSS_SIGN_PRIVATE_KEY \
- --public-key-format full \
- --align 1 \
- --pad \
- --pad-header \
- -H 0x2000 \
- -s $RSS_SEC_CNTR_INIT_VAL \
- $archive/$host_bin \
- $tmpdir/$signed_bin
-
- echo "created signed_`basename ${1}`"
- url="$tmpdir/$signed_bin" saveas="$signed_bin" fetch_file
- archive_file "$signed_bin"
- popd
-}
-
-update_fip() {
- local prebuild_prefix=$tc_prebuilts/tc$plat_variant/$rss_revision
-
- # Get pre-built rss rom
- url="$prebuild_prefix/rss_rom.bin" fetch_file
- archive_file "rss_rom.bin"
-
- # Get pre-built rss bl2 signed bin
- url="$prebuild_prefix/rss_bl2_signed.bin" fetch_file
- archive_file "rss_bl2_signed.bin"
-
- # Get pre-built rss TF-M S signed bin
- url="$prebuild_prefix/rss_s_signed.bin" fetch_file
- archive_file "rss_s_signed.bin"
-
- # Get pre-built SCP signed bin
- url="$prebuild_prefix/signed_scp_romfw.bin" fetch_file
- archive_file "signed_scp_romfw.bin"
-
- # Create FIP layout
- "$fiptool" update \
- --align 8192 --rss-bl2 "$archive/rss_bl2_signed.bin" \
- --align 8192 --rss-s "$archive/rss_s_signed.bin" \
- --align 8192 --rss-scp-bl1 "$archive/signed_scp_romfw.bin" \
- --align 8192 --rss-ap-bl1 "$archive/$signed_bin" \
- --out "host_flash_fip.bin" \
- "$archive/fip.bin"
- archive_file "host_flash_fip.bin"
-}
-
-get_rss_prov_bins() {
- local prebuild_prefix=$tc_prebuilts/tc$plat_variant/$rss_revision
-
- # Get pre-built rss rss_encrypted_cm_provisioning_bundle_0 bin
- url="$prebuild_prefix/rss_encrypted_cm_provisioning_bundle_0.bin" fetch_file
- archive_file "rss_encrypted_cm_provisioning_bundle_0.bin"
-
- # Get pre-built rss rss_encrypted_dm_provisioning_bundle bin
- url="$prebuild_prefix/rss_encrypted_dm_provisioning_bundle.bin" fetch_file
- archive_file "rss_encrypted_dm_provisioning_bundle.bin"
-}
diff --git a/script/tf-coverity/coverity_tf_conf.py b/script/tf-coverity/coverity_tf_conf.py
index 9badd35..17a0e64 100644
--- a/script/tf-coverity/coverity_tf_conf.py
+++ b/script/tf-coverity/coverity_tf_conf.py
@@ -108,9 +108,9 @@
("plat/st/stm32mp1/stm32mp1_tbb_cert.c", "Used to build STM32MP cert_create"),
# Exclude The following files used to wrap external test code
- ("plat/arm/board/tc/rss_ap_test_stubs.c", "Only used for testing on arm/tc platform"),
- ("plat/arm/board/tc/rss_ap_tests.c", "Only used for testing on arm/tc platform"),
- ("plat/arm/board/tc/rss_ap_testsuites.c", "Only used for testing on arm/tc platform"),
+ ("plat/arm/board/tc/rse_ap_test_stubs.c", "Only used for testing on arm/tc platform"),
+ ("plat/arm/board/tc/rse_ap_tests.c", "Only used for testing on arm/tc platform"),
+ ("plat/arm/board/tc/rse_ap_testsuites.c", "Only used for testing on arm/tc platform"),
# Exclude the following files used for Juno host tools (fiptool and cert_create)
("plat/arm/board/juno/certificate/src/juno_tbb_cert.c", "Used to build Juno cert_create"),
diff --git a/script/tf-coverity/tf-cov-make b/script/tf-coverity/tf-cov-make
index 85cc47a..4a421db 100755
--- a/script/tf-coverity/tf-cov-make
+++ b/script/tf-coverity/tf-cov-make
@@ -322,8 +322,8 @@
PLAT_MHU_VERSION=3
clean_build $(common_flags) PLAT=tc TARGET_PLATFORM=2 ${ARM_TBB_OPTIONS} MEASURED_BOOT=1 \
DICE_PROTECTION_ENVIRONMENT=1 QCBOR_DIR=$(pwd)/qcbor
-clean_build $(common_flags) PLAT=tc TARGET_PLATFORM=2 ${ARM_TBB_OPTIONS} PLATFORM_TEST=rss-rotpk
-clean_build $(common_flags) PLAT=tc TARGET_PLATFORM=2 ${ARM_TBB_OPTIONS} PLATFORM_TEST=rss-nv-counters
+clean_build $(common_flags) PLAT=tc TARGET_PLATFORM=2 ${ARM_TBB_OPTIONS} PLATFORM_TEST=rse-rotpk
+clean_build $(common_flags) PLAT=tc TARGET_PLATFORM=2 ${ARM_TBB_OPTIONS} PLATFORM_TEST=rse-nv-counters
clean_build $(common_flags) PLAT=tc TARGET_PLATFORM=2 ${ARM_TBB_OPTIONS} PLATFORM_TEST=tfm-testsuite \
MEASURED_BOOT=1 TF_M_TESTS_PATH=$(pwd)/../tf-m-tests TF_M_EXTRAS_PATH=$(pwd)/../tf-m-extras
diff --git a/tc_utils.sh b/tc_utils.sh
index c4ce4a1..8992f48 100644
--- a/tc_utils.sh
+++ b/tc_utils.sh
@@ -16,15 +16,15 @@
kernel_addr=0x80000
scp_ram_addr=0x0bd80000
-rss_rom_addr=0x11000000
+rse_rom_addr=0x11000000
vmmaddrwidth=19
rvbaddr_lw=0x0000
rvbaddr_up=0x0000
-# AP bl1 0x00 is mapped to 0x70000000 in RSS memory map
+# AP bl1 0x00 is mapped to 0x70000000 in RSE memory map
ap_bl1_flash_load_addr=0x70000000
ap_bl1_flash_size=0x20000
-rss_revision="4ab7a20d"
+rse_revision="4ab7a20d"
# Hafnium build repo containing Secure hafnium binaries
spm_secure_out_dir=secure_tc_clang
diff --git a/tf_config/fvp-tc2-nv-ctrs b/tf_config/fvp-tc2-nv-ctrs
index 5789a41..ee9103e 100644
--- a/tf_config/fvp-tc2-nv-ctrs
+++ b/tf_config/fvp-tc2-nv-ctrs
@@ -3,7 +3,7 @@
CROSS_COMPILE=aarch64-none-elf-
GENERATE_COT=1
PLAT=tc
-PLATFORM_TEST=rss-nv-counters
+PLATFORM_TEST=rse-nv-counters
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem
SCP_BL2=/dev/null
TARGET_PLATFORM=2
diff --git a/tf_config/fvp-tc2-rotpk b/tf_config/fvp-tc2-rotpk
index c151c69..1cee7f5 100644
--- a/tf_config/fvp-tc2-rotpk
+++ b/tf_config/fvp-tc2-rotpk
@@ -3,7 +3,7 @@
CROSS_COMPILE=aarch64-none-elf-
GENERATE_COT=1
PLAT=tc
-PLATFORM_TEST=rss-rotpk
+PLATFORM_TEST=rse-rotpk
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem
SCP_BL2=/dev/null
TARGET_PLATFORM=2