Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Overview

This file holds the UEFI build and evaluate instructions for RiscV Virt machine including a S-Mode EDK2 firmware and a StandaloneMm firmware which can be taken as a payload of the OpenSBI or TEE.

Here we tested for the CoVE based TEE.

How to build (Linux Environment)

Obtaining source code

Create a directory $WORKDIR that would hold source code of the components.

EDK2: https://github.com/tianocore/edk2-staging/tree/RiscV64StandaloneMm

CoVE Project: https://github.com/rivosinc/salus.git 

Manually build

Compile QEMU

```
export WORKDIR=`pwd`

git clone https://github.com/rivosinc/qemu.git -b rivos/main
cd qemu

./configure --target-list=riscv64-softmmu,riscv64-linux-user --enable-sdl --enable-sdl-image --enable-gtk --enable-slirp
make -j $(nproc)
cp build/riscv64-softmmu/qemu-system-riscv64 $WORKDIR

cp build/qemu-bundle/usr/local/share/qemu/opensbi-riscv64-generic-fw_dynamic.bin $WORKDIR
```

QEMU should be installed now in $WORKDIR

Compile UEFI and StandaloneMM for QEMU Virt

```
cd $WORKDIR
git clone https://github.com/tianocore/edk2-staging edk2 -b RiscV64StandaloneMm
cd edk2
git submodule update --init --recursive --depth=1
. edksetup.sh
make -C BaseTools
export GCC5_RISCV64_PREFIX=/usr/bin/riscv64-linux-gnu-
build -a RISCV64 -t GCC5 -p OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc -b DEBUG -D FW_BASE_ADDRESS=0x80200000 -D SECURE_BOOT_ENABLE=TRUE -D MM_WITH_COVE_ENABLE=TRUE
build -a RISCV64 -t GCC5 -p OvmfPkg/RiscVVirt/RiscVVirtQemuStandaloneMm.dsc -b DEBUG -D FW_BASE_ADDRESS=0x80200000 -D MM_WITH_COVE_ENABLE=TRUE
```

Three FD files will be generated
Build/RiscVVirtQemu/DEBUG_GCC5/FV/RISCV_VIRT_CODE.fd,
Build/RiscVVirtQemu/DEBUG_GCC5/FV/RISCV_VIRT_VARS.fd,
Build/RiscVVirtQemuStandaloneMm/DEBUG_GCC5/FV/STANDALONE_MM.fd.
Then copy `RISCV_VIRT_CODE.fd`, `RISCV_VIRT_VARS.fd` and `STANDALONE_MM.fd` to the $WORKDIR directory:'

```
cp Build/RiscVVirtQemu/DEBUG_GCC5/FV/RISCV_VIRT_CODE.fd $WORKDIR
cp Build/RiscVVirtQemu/DEBUG_GCC5/FV/RISCV_VIRT_VARS.fd $WORKDIR
cp Build/RiscVVirtQemuStandaloneMm/DEBUG_GCC5/FV/STANDALONE_MM.fd $WORKDIR
```

Compile Salus

```
cd $WORKDIR
git clone https://github.com/rivosinc/salus.git

git checkout 9e261f945036a7b39c3aeae98e3edbcc121ab598

cd salus
make salus
```

Run the UEFI and StandaloneMm firmware

          Here the secure variable storage will be put at 0x20000000, the flash0 block in Qemu virt machine. The EDK2 EFI firmware will be put at 0x22000000, the flash1 block in Qemu virt machine.

Create a "run_edk2.sh" script as below content under salus/scripts folder

```
#!/bin/bash
# SPDX-FileCopyrightText: 2023 Rivos Inc.
#
# SPDX-License-Identifier: Apache-2.0

. scripts/common_variables
cp edk2 edk2_raw
cat edk2_mm >> edk2_raw

../${QEMU_BIN} \
    ${MACH_ARGS} \
    -kernel ${SALUS_BINS}salus \
    -device guest-loader,kernel=edk2_raw,addr=${KERNEL_ADDR} \
    -bios ../opensbi-riscv64-generic-fw_dynamic.bin \
    ${EXTRA_QEMU_ARGS}
```

Then run the run_edk2.sh script

```

cd $WORKDIR/salus

chmod a+x scripts/run_edk2.sh

ln -s $WORKDIR/RISCV_VIRT_CODE.fd edk2

ln -s $WORKDIR/STANDALONE_MM.fd edk2_mm

make salus

./scripts/run_edk2.sh

```


  • No labels