qemu_v8: add Trusted Services support

Add support for building the SPMC test Secure Partitions (SPs) implemented by the Trusted Services project. The build system is configured to build SPs with SEL0_SPS=y: - the SPs are embedded into the OP-TEE binary - the ffa_spmc testsuite is enabled in in xtest - the out-of-tree linux-arm-ffa-user kernel module is build - a S30test-arm-ffa-user init-script loads the kernel module during boot Signed-off-by: Jens Wiklander <[email protected]> Acked-by: Jerome Forissier <[email protected]> Tested-by: Jerome Forissier <[email protected]> (vexpress-qemu_armv8a)
OP-TEE · Jan 23, 2025 · 4790a21 · 4790a21
1 parent 3295735
commit 4790a21
Show file tree

Hide file tree

Showing 3 changed files with 85 additions and 3 deletions.
diff --git a/br-ext/package/optee_test_ext/S30test-arm-ffa-user b/br-ext/package/optee_test_ext/S30test-arm-ffa-user
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+ARM_FFA_USER_DIR=/mnt/host/out/linux-arm-ffa-user
+
+start() {
+	if [ -x $ARM_FFA_USER_DIR/load_module.sh ]; then
+		if ! grep -qs arm_ffa_user /proc/modules; then
+			echo "Loading arm-ffa-user kernel module"
+			$ARM_FFA_USER_DIR/load_module.sh
+			# Needed to test as non-root
+			chmod 755 /sys/kernel/debug
+			chmod 666 /sys/kernel/debug/arm_ffa_user
+		fi
+	fi
+
+	return $?
+}
+
+stop() {
+	if [ -x $ARM_FFA_USER_DIR/load_module.sh ]; then
+		if grep -qs arm_ffa_user /proc/modules; then
+			echo "Unloading arm-ffa-user kernel module"
+			rmmod arm-ffa-user
+		fi
+	fi
+
+	return $?
+}
+
+restart() {
+	stop
+	sleep 1
+	start
+}
+
+case "$1" in
+        start|stop|restart)
+		"$1";;
+	reload)
+		# Restart, since there is no "reload" feature
+		restart;;
+        *)
+                echo "Usage: $0 {start|stop|restart|reload}"
+                exit 1
+esac
diff --git a/br-ext/package/optee_test_ext/optee_test_ext.mk b/br-ext/package/optee_test_ext/optee_test_ext.mk
@@ -23,6 +23,11 @@ ifneq ($(BR2_PACKAGE_OPTEE_TEST_EXT_WITH_CXX_TESTS),)
 TARGET_CONFIGURE_OPTS += WITH_CXX_TESTS=$(BR2_PACKAGE_OPTEE_TEST_EXT_WITH_CXX_TESTS)
 endif
 
+define OPTEE_TEST_EXT_INSTALL_INIT_SYSV
+	$(INSTALL) -m 0755 -D $(OPTEE_TEST_EXT_PKGDIR)/S30test-arm-ffa-user \
+		$(TARGET_DIR)/etc/init.d/S30test-arm-ffa-user
+endef
+
 define OPTEE_TEST_EXT_PREPARE_GP_SUITE
 	sh $(@D)/host/xtest/gp/prepare_suite.sh $(@D) \
 		$(BR2_PACKAGE_OPTEE_TEST_EXT_GP_PACKAGE)

diff --git a/qemu_v8.mk b/qemu_v8.mk
@@ -38,13 +38,23 @@ endif
 # Enable fTPM
 MEASURED_BOOT_FTPM ?= y
 
-include common.mk
-
 DEBUG ?= 1
 
 # Option to build with GICV3 enabled
 GICV3 ?= y
 
+
+SEL0_SPS ?= n
+ifeq ($(SEL0_SPS),y)
+SPMC_AT_EL = 1
+ifneq ($(SPMC_AT_EL),1)
+$(error Unsupported SPMC_AT_EL value $(SPMC_AT_EL) for SEL0_SPS=y)
+endif
+# Needed for arm-ffa-user.ko
+QEMU_VIRTFS_AUTOMOUNT = y
+LINUX_COMMON_TARGETS += modules
+endif
+
 # Option to configure FF-A and SPM:
 # n:	disabled
 # 3:	SPMC and SPMD at EL3 (in TF-A)
@@ -61,11 +71,14 @@ PAUTH ?= n
 # Option to configure Memory Tagging Extension
 MEMTAG ?= n
 
+include common.mk
+
 ################################################################################
 # Paths to git projects and various binaries
 ################################################################################
 TF_A_PATH		?= $(ROOT)/trusted-firmware-a
-BINARIES_PATH		?= $(ROOT)/out/bin
+OUT_PATH		?= $(ROOT)/out
+BINARIES_PATH		?= $(OUT_PATH)/bin
 QEMU_PATH		?= $(ROOT)/qemu
 QEMU_BUILD		?= $(QEMU_PATH)/build
 MODULE_OUTPUT		?= $(ROOT)/out/kernel_modules
@@ -348,6 +361,25 @@ LINUX_CLEANER_COMMON_FLAGS += ARCH=arm64
 
 linux-cleaner: linux-cleaner-common
 
+################################################################################
+# Trusted Services
+################################################################################
+ifeq ($(SEL0_SPS),y)
+SP_PACKAGING_METHOD = embedded
+SPMC_TESTS=y
+include trusted-services.mk
+
+# SPMC test SPs
+OPTEE_OS_COMMON_EXTRA_FLAGS     += CFG_SPMC_TESTS=y CFG_SECURE_PARTITION=y
+OPTEE_OS_COMMON_EXTRA_FLAGS     += CFG_SP_SKIP_FAILED=y
+OPTEE_OS_COMMON_EXTRA_FLAGS     += CFG_DT=y CFG_MAP_EXT_DT_SECURE=y
+SP_SPMC_TEST_EXTRA_FLAGS	+= -DCFG_TEST_MEM_REGION_ADDRESS=0x0efff000
+$(eval $(call build-sp,spm-test1,opteesp,5c9edbc3-7b3a-4367-9f83-7c191ae86a37,$(SP_SPMC_TEST_EXTRA_FLAGS)))
+$(eval $(call build-sp,spm-test2,opteesp,7817164c-c40c-4d1a-867a-9bb2278cf41a,$(SP_SPMC_TEST_EXTRA_FLAGS)))
+$(eval $(call build-sp,spm-test3,opteesp,23eb0100-e32a-4497-9052-2f11e584afa6,$(SP_SPMC_TEST_EXTRA_FLAGS)))
+$(eval $(call build-sp,spm-test4,opteesp,423762ed-7772-406f-99d8-0c27da0abbf8,$(SP_SPMC_TEST_EXTRA_FLAGS)))
+endif
+
 ################################################################################
 # OP-TEE
 ################################################################################