StandAloneMM
StandAloneMM is a PE/COFF binary produced by EDK2. For Arm platforms we can compile and use it, in combination with OP-TEE to store EFI variables in an RPMB partition of our eMMC.
EDK2 Build instructions
$ git clone https://github.com/tianocore/edk2.git
$ git clone https://github.com/tianocore/edk2-platforms.git
$ cd edk2
$ git submodule init && git submodule update --init --recursive
$ cd ..
$ export WORKSPACE=$(pwd)
$ export PACKAGES_PATH=$WORKSPACE/edk2:$WORKSPACE/edk2-platforms
$ export ACTIVE_PLATFORM="Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc"
$ export GCC5_AARCH64_PREFIX=aarch64-linux-gnu-
$ source edk2/edksetup.sh
$ make -C edk2/BaseTools
$ build -p $ACTIVE_PLATFORM -b RELEASE -a AARCH64 -t GCC5 -n `nproc`
OP-TEE Build instructions
$ git clone https://github.com/OP-TEE/optee_os.git
$ cd optee_os
$ ln -s ../Build/MmStandaloneRpmb/RELEASE_GCC5/FV/BL32_AP_MM.fd
$ export ARCH=arm
$ CROSS_COMPILE32=arm-linux-gnueabihf- make -j32 CFG_ARM64_core=y \
PLATFORM=<myboard> CFG_STMM_PATH=BL32_AP_MM.fd CFG_RPMB_FS=y \
CFG_RPMB_FS_DEV_ID=0 CFG_CORE_HEAP_SIZE=524288 CFG_RPMB_WRITE_KEY=y \
CFG_CORE_HEAP_SIZE=524288 CFG_CORE_DYN_SHM=y CFG_RPMB_TESTKEY=y \
CFG_REE_FS=n CFG_CORE_ARM64_PA_BITS=48 CFG_TEE_CORE_LOG_LEVEL=1 \
CFG_TEE_TA_LOG_LEVEL=1 CFG_SCTLR_ALIGNMENT_CHECK=n
Warning
Check caveats regarding CFG_RPMB_WRITE_KEY
before enabling it
U-Boot Build instructions
Although the StandAloneMM binary comes from EDK2, using and storing the variables is currently available in U-Boot only.
$ git clone https://github.com/u-boot/u-boot.git
$ cd u-boot
$ export CROSS_COMPILE=aarch64-linux-gnu-
$ export ARCH=<arch>
$ make <myboard>_defconfig
$ make menuconfig
Enable CONFIG_OPTEE
, CONFIG_CMD_OPTEE_RPMB
and CONFIG_EFI_MM_COMM_TEE
$ make -j `nproc`
Warning
Your OP-TEE platform port must support Dynamic shared memory, since that’s the only kind of memory U-Boot supports for now.