Overview

This file holds the UEFI build and evaluate instructions for RiscV Virt machine including a S-Mode EDK2 firmware and a StandaloneMm firmware which can be taken as a payload of the OpenSBI or TEE.

Here we tested for the CoVE based TEE.

How to build (Linux Environment)

Obtaining source code

Create a directory $WORKDIR that would hold source code of the components.

EDK2: https://github.com/tianocore/edk2-staging/tree/RiscV64StandaloneMm

CoVE Project: https://github.com/rivosinc/salus.git

Manually build

Compile QEMU

```
export WORKDIR=`pwd`

git clone https://github.com/rivosinc/qemu.git -b rivos/main
cd qemu

./configure --target-list=riscv64-softmmu,riscv64-linux-user --enable-sdl --enable-sdl-image --enable-gtk --enable-slirp
make -j $(nproc)
cp build/riscv64-softmmu/qemu-system-riscv64 $WORKDIR

cp build/qemu-bundle/usr/local/share/qemu/opensbi-riscv64-generic-fw_dynamic.bin $WORKDIR
```

QEMU should be installed now in $WORKDIR

Compile UEFI and StandaloneMM for QEMU Virt

```
cd $WORKDIR
git clone https://github.com/tianocore/edk2-staging edk2 -b RiscV64StandaloneMm
cd edk2
git submodule update --init --recursive --depth=1
. edksetup.sh
make -C BaseTools
export GCC5_RISCV64_PREFIX=/usr/bin/riscv64-linux-gnu-
build -a RISCV64 -t GCC5 -p OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc -b DEBUG -D FW_BASE_ADDRESS=0x80200000 -D SECURE_BOOT_ENABLE=TRUE -D MM_WITH_COVE_ENABLE=TRUE
build -a RISCV64 -t GCC5 -p OvmfPkg/RiscVVirt/RiscVVirtQemuStandaloneMm.dsc -b DEBUG -D FW_BASE_ADDRESS=0x80200000 -D MM_WITH_COVE_ENABLE=TRUE
```

Three FD files will be generated
Build/RiscVVirtQemu/DEBUG_GCC5/FV/RISCV_VIRT_CODE.fd,
Build/RiscVVirtQemu/DEBUG_GCC5/FV/RISCV_VIRT_VARS.fd,
Build/RiscVVirtQemuStandaloneMm/DEBUG_GCC5/FV/STANDALONE_MM.fd.
Then copy `RISCV_VIRT_CODE.fd`, `RISCV_VIRT_VARS.fd` and `STANDALONE_MM.fd` to the $WORKDIR directory:'

```
cp Build/RiscVVirtQemu/DEBUG_GCC5/FV/RISCV_VIRT_CODE.fd $WORKDIR
cp Build/RiscVVirtQemu/DEBUG_GCC5/FV/RISCV_VIRT_VARS.fd $WORKDIR
cp Build/RiscVVirtQemuStandaloneMm/DEBUG_GCC5/FV/STANDALONE_MM.fd $WORKDIR
```

Compile Salus

```
cd $WORKDIR
git clone https://github.com/rivosinc/salus.git
cd salus
git checkout 9e261f945036a7b39c3aeae98e3edbcc121ab598
make salus
```

Run the UEFI and StandaloneMm firmware

Create a "run_edk2.sh" script as below content under salus/scripts folder

```
#!/bin/bash
# SPDX-FileCopyrightText: 2023 Rivos Inc.
#
# SPDX-License-Identifier: Apache-2.0

. scripts/common_variables
cp edk2 edk2_raw
cat edk2_mm >> edk2_raw

../${QEMU_BIN} \
${MACH_ARGS} \
-kernel ${SALUS_BINS}salus \
-device guest-loader,kernel=edk2_raw,addr=${KERNEL_ADDR} \
-bios ../opensbi-riscv64-generic-fw_dynamic.bin \
${EXTRA_QEMU_ARGS}
```

Then run the run_edk2.sh script

```

cd $WORKDIR/salus

chmod a+x scripts/run_edk2.sh

ln -s $WORKDIR/RISCV_VIRT_CODE.fd edk2

ln -s $WORKDIR/STANDALONE_MM.fd edk2_mm

./scripts/run_edk2.sh

```

Browser not supported