GitLab

This patch adds experimental support for TRUSTED_BOARD_BOOT to the
Hikey. This is adapted from the RPi3 and QEMU implementations.

Since the Hikey starts from BL2 the TRUSTED_BOARD_BOOT ROT begins there
too. When TRUSTED_BOARD_BOOT is defined, the BL1 build is skipped.

See the following example:

make \
 PLAT=hikey \
 BL33=u-boot.bin \
 SCP_BL2=mcuimage.bin \
 TRUSTED_BOARD_BOOT=1 \
 MBEDTLS_DIR=../../mbedtls \
 GENERATE_COT=1 \
 all fip
Signed-off-by: Teddy Reed <teddy.reed@gmail.com>

This patch adds support for TBB to qemu. An RSA ROT keypair is generated at
build time and is included into BL1/BL2. The key and content certificates
are read over semihosting.

Fixes ARM-software/tf-issues#526
Signed-off-by: Michalis Pappas <mpappas@fastmail.fm>

Currently, ROTPK_NOT_DEPLOYED flag is set in plat_get_rotpk_info().
It is up to users how to retrieve ROTPK if the ROT verification is
desired.  This is not nice.

This commit improves plat_get_rotpk_info() implementation and automates
the ROTPK deployment.  UniPhier platform has no ROTPK storage, so it
should be embedded in BL1/BL2, like ARM_ROTPK_LOCATION=devel_rsa case.
This makes sense because UniPhier platform implements its internal ROM
i.e. BL1 is used as updatable pseudo ROM.

Things work like this:

- ROT_KEY (default: $(BUILD_PLAT)/rot_key.pem) is created if missing.
  Users can override ROT_KEY from the command line if they want to
  use a specific ROT key.

- ROTPK_HASH is generated based on ROT_KEY.

- ROTPK_HASH is included by uniphier_rotpk.S and compiled into BL1/BL2.

- ROT_KEY is input to cert_create tool.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

Initial commit for Socionext UniPhier SoC support.  BL1, Bl2, and
BL31 are supported.  Refer to docs/plat/socionext-uniphier.md for
more detais.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>