Lines Matching +full:created +full:- +full:for
5 ------------
9 …chitecture (CCA) <https://www.arm.com/architecture/security-features/arm-confidential-compute-arch…
10 It is designed to be integrated into A-profile compute subsystems that implement
14 jumping to BL1_2, which is provisioned and hash-locked in RSE OTP. The updatable
16 is authenticated. BL2 loads and authenticates the TF-M runtime into RSE SRAM
17 from host flash. BL2 is also responsible for loading initial boot code into
20 The RSE platform port supports the TF-M Crypto, TF-M Initial Attestation,
21 Measured Boot and TF-M Platform services along with the corresponding
22 regression tests. It supports the IPC model in multi-core topology with
25 Building TF-M
26 -------------
29 Build TF-M with platform name: `arm/rse/<rse platform name>`
31 For example for building RSE for Total Compute platforms:
32 ``-DTFM_PLATFORM=arm/rse/tc``
35 -------------------
43 key distributed with TF-M, use the following command::
46 -k <TF-M base directory>/bl2/ext/mcuboot/root-RSA-3072.pem \
47 --public-key-format full \
48 --max-align 8 \
49 --align 1 \
50 -v "0.0.1" \
51 -s 1 \
52 -H 0x2000 \
53 --pad-header \
54 -S 0x80000 \
55 --pad \
56 -L <load address> \
68 For more information on the ``imgtool`` parameters, see the MCUBoot
73 The TF-M development key must never be used in production. To generate a
77 ----------------
79 To run the built images, first the ROM image must be created from the bl1_1
83 bl1_1.bin -Binary -offset 0x0 \
84 rom_dma_ics.bin -Binary -offset 0x1F000 \
85 -o rom.bin -Binary
87 Then, the flash image must be created by concatenating the images that are
90 …https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/tools-build.html?highlight=fipt…
91 Note that an up-to-date fiptool that supports the RSE UUIDs must be used.::
94 --align 8192 --rss-bl2 bl2_signed.bin \
95 --align 8192 --rss-ns tfm_ns_signed.bin \
96 --align 8192 --rss-s tfm_s_signed.bin \
97 --align 8192 --rss-scp-bl1 <signed Host SCP BL1 image> \
98 --align 8192 --rss-ap-bl1 <signed Host AP BL1 image> \
104 fiptool update --align 8192 --rss-bl2 bl2_signed.bin fip.bin
105 fiptool update --align 8192 --rss-ns tfm_ns.bin fip.bin
106 fiptool update --align 8192 --rss-s tfm_s.bin fip.bin
112 --align 8192 --rss-bl2 bl2_signed.bin \
113 --align 8192 --rss-ns tfm_ns_encrypted.bin \
114 --align 8192 --rss-s tfm_s_encrypted.bin \
115 --align 8192 --rss-sic-tables-ns tfm_ns_sic_tables_signed.bin \
116 --align 8192 --rss-sic-tables-s tfm_s_sic_tables_signed.bin \
117 --align 8192 --rss-scp-bl1 <signed Host SCP BL1 image> \
118 --align 8192 --rss-ap-bl1 <signed Host AP BL1 image> \
121 Once the FIP is prepared, a host flash image can be created using ``srec_cat``::
124 fip.bin -Binary -offset 0x0 \
125 -o host_flash.bin -Binary
131 sector_size=$(gdisk -l fip_gpt.bin | grep -i "sector size (logical):" | \
132 sed 's/.*logical): \([0-9]*\) bytes/\1/')
135 fip_start_sector=$(gdisk -l fip_gpt.bin | grep "$fip_label" | awk '{print $2}')
136 fip_sector_am=$(gdisk -l fip_gpt.bin | grep "$fip_label" | awk '{print $3 - $2}')
142 fip_start_sector = $(gdisk -l fip_gpt.bin | grep "$fip_label" | awk '{print $2}')
143 fip_sector_am = $(gdisk -l fip_gpt.bin | grep "$fip_label" | awk '{print $3 - $2}')
152 sector_size=$(gdisk -l fip_gpt.bin | grep -i "sector size (logical):" | \
153 sed 's/.*logical): \([0-9]*\) bytes/\1/')
156 fip_start_sector=$(gdisk -l fip_gpt.bin | grep "$fip_label" | awk '{print $2}')
157 fip_sector_am=$(gdisk -l fip_gpt.bin | grep "$fip_label" | awk '{print $3 - $2}')
166 fip_gpt.bin -Binary -offset 0x0 \
167 -o host_flash.bin -Binary
170 flash binary should be placed at the base of the host flash. For the TC
179 BL1_1 will first wait for the TP mode to be set by a debugger (setting the
181 wait for provisioning bundles to be loaded to VM0 and VM1 in the same way as
183 automatically perform the reset once each provisioning state is complete. For
187 --------------
189 *Copyright (c) 2022-2023, Arm Limited. All rights reserved.*