Git Product home page Git Product logo

buildroot-zondax's Introduction

RuzTEE images

Clone the repository:

git clone --recursive https://github.com/Zondax/buildroot-zondax.git 
cd buildroot-zondax

if you forgot to add --recursive then:

git submodule update --recursive
git submodule init

Generating Keys

Command Description
make genkeys-optee Generates OPTEE keys(stm/imx)
make genkeys-uboot Generates UBOOT keys(stm)
make genkeys-tfa Generates TFA keys(stm)
make genkeys Generates all keys

These keys will be generated and placed in the corresponding directories (relative to this file), only if there are not keys.

The keys for the iMX8MMevk are generated by the build process.
and placed in the corresponding directory.
Keys Description
OPTEE ./keys/optee_keys
UBOOT ./keys/uboot_keys
TFA ./keys/tfa_keys

you can also use make showkeys to list the existing keys and locations

Building

This repository contains three different configurations

Qemu

make zondaxtee_qemu_defconfig
make

to start Qemu, you should run

make start-qemu-host

To exit, you can use CTRL+A X

iMX8MMevk

make zondaxtee_imx8mmevk_defconfig
make

STM32MP157

BUILDROOT=st make zondaxtee_stm32mp157_dk2_defconfig
BUILDROOT=st make

Signing images

The images are signed by default, the last step is to burn the corresponding keys on each board(stm/imx) and close the device, so that it only boots images that were signed with the keys created above. This step is very sensitive so refer to our web documentation for more detail on how to do that.

buildroot-zondax's People

Contributors

carlosala avatar jleni avatar neithanmo avatar tprrt avatar

Stargazers

avatar

Watchers

avatar avatar avatar avatar

Forkers

w3f-grants-archive isabella232 pinkdiamond1 onetokens

buildroot-zondax's Issues

Enable offline signing of TAs

By passing TA_SIGN_KEY="path_to_our_pubkey_.pem" to optee-os, using buildroot, like:

BR2_TARGET_OPTEE_OS_ADDITIONAL_VARIABLES="TA_SIGN_KEY=my_key.pem"

we can tell optee-os the key it must use to verify signed TAs. This also requires some extra steps as described here that should be included into our build steps.

It seems that there could be other issues when the TA_SIGN_KEY envar is set, according to this issue.

We should evaluate this using qemu at least and integrate it in the other targets.

Enable qemu builds and emulation

In yocto we had an option to build qemu for armv7 and armv8 targets.
if this feature(qemu and emulation) is desirable, we should enable it in buildroot, at least for one target either v7 or v8.

the current available command to build a qemu image is:

make zondaxtee_qemu_defconfig
make

but it is broken somewhere, giving the following error:

USERID                : 1001
make[1]: Entering directory '/home/natanael/buildroot-zondax/buildroot'
/usr/bin/make -j1 O=/home/natanael/buildroot-zondax/buildroot/output HOSTCC="/usr/bin/gcc" HOSTCXX="/usr/bin/g++" syncconfig
>>> toolchain-external-arm-arm 2021.07 Installing to staging directory
/usr/bin/install -D -m 0755 /home/natanael/buildroot-zondax/buildroot/output/build/toolchain-external-arm-arm-2021.07/toolchain-wrapper /home/natanael/buildroot-zondax/buildroot/output/per-package/toolchain-external-arm-arm/host/bin/toolchain-wrapper
ln: failed to create symbolic link '/home/natanael/buildroot-zondax/buildroot/output/per-package/toolchain-external-arm-arm/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib': No such file or directory
make[2]: *** [package/pkg-generic.mk:334: /home/natanael/buildroot-zondax/buildroot/output/build/toolchain-external-arm-arm-2021.07/.stamp_staging_installed] Error 1
make[1]: *** [Makefile:84: _all] Error 2
make[1]: Leaving directory '/home/natanael/buildroot-zondax/buildroot'
make: *** [Makefile:46: all] Error 2

an option is to enable it to run in our docker container.

๐Ÿ”— zboto Link

Enable DHCP

  • Enable DHCP + networking inside Qemu
  • STM32MP157 (confirm)
  • imx8mmevk (confirm)

Setup CI

Is it worth to enable CI ??
We just need a simple machine with ubuntu and some packages required by buildroot

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.