143f35ef5SPaul BeesleyBuilding FIP images with support for Trusted Board Boot 243f35ef5SPaul Beesley======================================================= 343f35ef5SPaul Beesley 443f35ef5SPaul BeesleyTrusted Board Boot primarily consists of the following two features: 543f35ef5SPaul Beesley 643f35ef5SPaul Beesley- Image Authentication, described in :ref:`Trusted Board Boot`, and 743f35ef5SPaul Beesley- Firmware Update, described in :ref:`Firmware Update (FWU)` 843f35ef5SPaul Beesley 943f35ef5SPaul BeesleyThe following steps should be followed to build FIP and (optionally) FWU_FIP 1043f35ef5SPaul Beesleyimages with support for these features: 1143f35ef5SPaul Beesley 1243f35ef5SPaul Beesley#. Fulfill the dependencies of the ``mbedtls`` cryptographic and image parser 1343f35ef5SPaul Beesley modules by checking out a recent version of the `mbed TLS Repository`_. It 1443f35ef5SPaul Beesley is important to use a version that is compatible with TF-A and fixes any 1543f35ef5SPaul Beesley known security vulnerabilities. See `mbed TLS Security Center`_ for more 1643f35ef5SPaul Beesley information. See the :ref:`Prerequisites` document for the appropriate 1743f35ef5SPaul Beesley version of mbed TLS to use. 1843f35ef5SPaul Beesley 1943f35ef5SPaul Beesley The ``drivers/auth/mbedtls/mbedtls_*.mk`` files contain the list of mbed TLS 2043f35ef5SPaul Beesley source files the modules depend upon. 2143f35ef5SPaul Beesley ``include/drivers/auth/mbedtls/mbedtls_config.h`` contains the configuration 2243f35ef5SPaul Beesley options required to build the mbed TLS sources. 2343f35ef5SPaul Beesley 2443f35ef5SPaul Beesley Note that the mbed TLS library is licensed under the Apache version 2.0 2543f35ef5SPaul Beesley license. Using mbed TLS source code will affect the licensing of TF-A 2643f35ef5SPaul Beesley binaries that are built using this library. 2743f35ef5SPaul Beesley 2843f35ef5SPaul Beesley#. To build the FIP image, ensure the following command line variables are set 2943f35ef5SPaul Beesley while invoking ``make`` to build TF-A: 3043f35ef5SPaul Beesley 3143f35ef5SPaul Beesley - ``MBEDTLS_DIR=<path of the directory containing mbed TLS sources>`` 3243f35ef5SPaul Beesley - ``TRUSTED_BOARD_BOOT=1`` 3343f35ef5SPaul Beesley - ``GENERATE_COT=1`` 3443f35ef5SPaul Beesley 35d935b951SSandrine Bailleux By default, this will use the Chain of Trust described in the TBBR-client 36d935b951SSandrine Bailleux document. To select a different one, use the ``COT`` build option. 37d935b951SSandrine Bailleux 388caf10acSJuan Pablo Conde If using a custom build of OpenSSL, set the ``OPENSSL_DIR`` variable 398caf10acSJuan Pablo Conde accordingly so it points at the OpenSSL installation path, as explained in 408caf10acSJuan Pablo Conde :ref:`Build Options`. In addition, set the ``LD_LIBRARY_PATH`` variable 418caf10acSJuan Pablo Conde when running to point at the custom OpenSSL path, so the OpenSSL libraries 428caf10acSJuan Pablo Conde are loaded from that path instead of the default OS path. Export this 438caf10acSJuan Pablo Conde variable if necessary. 448caf10acSJuan Pablo Conde 459b1dad8bSlaurenw-arm In the case of Arm platforms, the location of the ROTPK must also be 46a6ffddecSMax Shvetsov specified at build time. The following locations are currently supported (see 4743f35ef5SPaul Beesley ``ARM_ROTPK_LOCATION`` build option): 4843f35ef5SPaul Beesley 4943f35ef5SPaul Beesley - ``ARM_ROTPK_LOCATION=regs``: the ROTPK hash is obtained from the Trusted 50d935b951SSandrine Bailleux root-key storage registers present in the platform. On Juno, these 5143f35ef5SPaul Beesley registers are read-only. On FVP Base and Cortex models, the registers 52d935b951SSandrine Bailleux are also read-only, but the value can be specified using the command line 5343f35ef5SPaul Beesley option ``bp.trusted_key_storage.public_key`` when launching the model. 54a6ffddecSMax Shvetsov On Juno board, the default value corresponds to an ECDSA-SECP256R1 public 55a6ffddecSMax Shvetsov key hash, whose private part is not currently available. 5643f35ef5SPaul Beesley 57*4639f890SRyan Everett - ``ARM_ROTPK_LOCATION=devel_rsa``: the ROTPK is a hash of the 58*4639f890SRyan Everett RSA public key corresponding to the private key specified by 59*4639f890SRyan Everett ``ROT_KEY``. If ``ROT_KEY`` is not specified, the private key is 60*4639f890SRyan Everett the development key ``plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem``. 61*4639f890SRyan Everett There are also 3k and 4k RSA development keys in ``plat/arm/board/common/rotpk/``. 62*4639f890SRyan Everett The hashing algorithm is selected by ``HASH_ALG``; sha256 is used if 63*4639f890SRyan Everett ``HASH_ALG`` is not specified. 6443f35ef5SPaul Beesley 65*4639f890SRyan Everett - ``ARM_ROTPK_LOCATION=devel_ecdsa``: the ROTPK is a hash of the 66*4639f890SRyan Everett ECDSA public key corresponding to the private key specified by 67*4639f890SRyan Everett ``ROT_KEY``. If ``ROT_KEY`` is not specified, the private key is 68*4639f890SRyan Everett the development key ``plat/arm/board/common/rotpk/arm_rotprivk_ecdsa.pem`` by default, 69*4639f890SRyan Everett a 384 bit key ``plat/arm/board/common/rotpk/arm_rotprivk_ecdsa_secp384r1.pem`` also exists, 70*4639f890SRyan Everett and can be specified by ``ROT_KEY``. The hashing algorithm is selected by ``HASH_ALG``; 71*4639f890SRyan Everett sha256 is used if ``HASH_ALG`` is not specified. 7243f35ef5SPaul Beesley 73*4639f890SRyan Everett - ``ARM_ROTPK_LOCATION=devel_full_dev_rsa_key``: the ROTPK is an unhashed 74*4639f890SRyan Everett RSA public key corresponding to the private key specified by ``ROT_KEY``. 75*4639f890SRyan Everett If ``ROT_KEY`` is not specified, the private key is the development key 76*4639f890SRyan Everett ``plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem``. There are also 77*4639f890SRyan Everett 3k and 4k RSA development keys in ``plat/arm/board/common/rotpk/``. 78*4639f890SRyan Everett 79*4639f890SRyan Everett - ``ARM_ROTPK_LOCATION=devel_full_dev_ecdsa_key``: the ROTPK is an unhashed 80*4639f890SRyan Everett RSA public key corresponding to the private key specified by ``ROT_KEY``. 81*4639f890SRyan Everett If ``ROT_KEY`` is not specified, the private key is the development key 82*4639f890SRyan Everett ``plat/arm/board/common/rotpk/arm_rotprivk_ecdsa.pem``, a 384 bit key 83*4639f890SRyan Everett ``plat/arm/board/common/rotpk/arm_rotprivk_ecdsa_secp384r1.pem`` also exists, 84*4639f890SRyan Everett and can be specified by ``ROT_KEY``. 859b1dad8bSlaurenw-arm 8643f35ef5SPaul Beesley Example of command line using RSA development keys: 8743f35ef5SPaul Beesley 8843f35ef5SPaul Beesley .. code:: shell 8943f35ef5SPaul Beesley 9043f35ef5SPaul Beesley MBEDTLS_DIR=<path of the directory containing mbed TLS sources> \ 9143f35ef5SPaul Beesley make PLAT=<platform> TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 \ 9243f35ef5SPaul Beesley ARM_ROTPK_LOCATION=devel_rsa \ 9343f35ef5SPaul Beesley ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \ 948caf10acSJuan Pablo Conde BL33=<path-to>/<bl33_image> OPENSSL_DIR=<path-to>/<openssl> \ 9543f35ef5SPaul Beesley all fip 9643f35ef5SPaul Beesley 9743f35ef5SPaul Beesley The result of this build will be the bl1.bin and the fip.bin binaries. This 98d935b951SSandrine Bailleux FIP will include the certificates corresponding to the selected Chain of 99d935b951SSandrine Bailleux Trust. These certificates can also be found in the output build directory. 10043f35ef5SPaul Beesley 10143f35ef5SPaul Beesley#. The optional FWU_FIP contains any additional images to be loaded from 10243f35ef5SPaul Beesley Non-Volatile storage during the :ref:`Firmware Update (FWU)` process. To build the 10343f35ef5SPaul Beesley FWU_FIP, any FWU images required by the platform must be specified on the 10443f35ef5SPaul Beesley command line. On Arm development platforms like Juno, these are: 10543f35ef5SPaul Beesley 10643f35ef5SPaul Beesley - NS_BL2U. The AP non-secure Firmware Updater image. 10743f35ef5SPaul Beesley - SCP_BL2U. The SCP Firmware Update Configuration image. 10843f35ef5SPaul Beesley 10943f35ef5SPaul Beesley Example of Juno command line for generating both ``fwu`` and ``fwu_fip`` 11043f35ef5SPaul Beesley targets using RSA development: 11143f35ef5SPaul Beesley 11243f35ef5SPaul Beesley :: 11343f35ef5SPaul Beesley 11443f35ef5SPaul Beesley MBEDTLS_DIR=<path of the directory containing mbed TLS sources> \ 11543f35ef5SPaul Beesley make PLAT=juno TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 \ 11643f35ef5SPaul Beesley ARM_ROTPK_LOCATION=devel_rsa \ 11743f35ef5SPaul Beesley ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \ 1188caf10acSJuan Pablo Conde BL33=<path-to>/<bl33_image> OPENSSL_DIR=<path-to>/<openssl> \ 11943f35ef5SPaul Beesley SCP_BL2=<path-to>/<scp_bl2_image> \ 12043f35ef5SPaul Beesley SCP_BL2U=<path-to>/<scp_bl2u_image> \ 12143f35ef5SPaul Beesley NS_BL2U=<path-to>/<ns_bl2u_image> \ 12243f35ef5SPaul Beesley all fip fwu_fip 12343f35ef5SPaul Beesley 12443f35ef5SPaul Beesley .. note:: 12543f35ef5SPaul Beesley The BL2U image will be built by default and added to the FWU_FIP. 12643f35ef5SPaul Beesley The user may override this by adding ``BL2U=<path-to>/<bl2u_image>`` 12743f35ef5SPaul Beesley to the command line above. 12843f35ef5SPaul Beesley 12943f35ef5SPaul Beesley .. note:: 13043f35ef5SPaul Beesley Building and installing the non-secure and SCP FWU images (NS_BL1U, 13143f35ef5SPaul Beesley NS_BL2U and SCP_BL2U) is outside the scope of this document. 13243f35ef5SPaul Beesley 13343f35ef5SPaul Beesley The result of this build will be bl1.bin, fip.bin and fwu_fip.bin binaries. 13443f35ef5SPaul Beesley Both the FIP and FWU_FIP will include the certificates corresponding to the 135d935b951SSandrine Bailleux selected Chain of Trust. These certificates can also be found in the output 136d935b951SSandrine Bailleux build directory. 13743f35ef5SPaul Beesley 13843f35ef5SPaul Beesley-------------- 13943f35ef5SPaul Beesley 140*4639f890SRyan Everett*Copyright (c) 2019-2024, Arm Limited. All rights reserved.* 14143f35ef5SPaul Beesley 14243f35ef5SPaul Beesley.. _mbed TLS Repository: https://github.com/ARMmbed/mbedtls.git 14343f35ef5SPaul Beesley.. _mbed TLS Security Center: https://tls.mbed.org/security 144