summaryrefslogtreecommitdiff
path: root/meta-arm/documentation/trusted-services.md
diff options
context:
space:
mode:
Diffstat (limited to 'meta-arm/documentation/trusted-services.md')
-rw-r--r--meta-arm/documentation/trusted-services.md40
1 files changed, 26 insertions, 14 deletions
diff --git a/meta-arm/documentation/trusted-services.md b/meta-arm/documentation/trusted-services.md
index e3cee6b3c0..70826f681e 100644
--- a/meta-arm/documentation/trusted-services.md
+++ b/meta-arm/documentation/trusted-services.md
@@ -1,6 +1,6 @@
# The Trusted Services: framework for developing root-of-trust services
- meta-arm layer includes recipes for [Trusted Services][1] Secure Partitions and Normal World applications
+meta-arm layer includes recipes for [Trusted Services][^1] Secure Partitions and Normal World applications
in `meta-arm/recipes-security/trusted-services`
## Secure Partitions recipes
@@ -12,7 +12,7 @@ These files are automatically included into optee-os image accordingly to define
### How to include TS SPs
To include TS SPs into optee-os image you need to add into MACHINE_FEATURES
-features for each [Secure Partition][2] you would like to include:
+features for each [Secure Partition][^2] you would like to include:
| Secure Partition | MACHINE_FEATURE |
| ----------------- | --------------- |
@@ -22,32 +22,44 @@ features for each [Secure Partition][2] you would like to include:
| Protected Storage | ts-storage |
| se-proxy | ts-se-proxy |
| smm-gateway | ts-smm-gateway |
+| spm-test[1-3] | optee-spmc-test |
Other steps depend on your machine/platform definition:
1. For communications between Secure and Normal Words Linux kernel option `CONFIG_ARM_FFA_TRANSPORT=y`
-is required. If your platform doesn't include it already you can add `arm-ffa` into MACHINE_FEATURES.
+ is required. If your platform doesn't include it already you can add `arm-ffa` into MACHINE_FEATURES.
+ (Please see ` meta-arm/recipes-kernel/arm-ffa-tee`.)
+
+ For running the `uefi-test` or the `xtest -t ffa_spmc` tests under Linux the `arm-ffa-user` drivel is required. This is
+ enabled if the `ts-smm-gateway` and/or the `optee-spmc-test` machine features are enabled.
+ (Please see ` meta-arm/recipes-kernel/arm-ffa-user`.)
2. optee-os might require platform specific OP-TEE build parameters (for example what SEL the SPM Core is implemented at).
-You can find examples in `meta-arm/recipes-security/optee/optee-os_%.bbappend` for qemuarm64-secureboot machine
-and in `meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc` and `meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc`
-for N1SDP and Corstone1000 platforms accordingly.
+ You can find examples in `meta-arm/recipes-security/optee/optee-os_%.bbappend` for qemuarm64-secureboot machine
+ and in `meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc` and `meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc`
+ for N1SDP and Corstone1000 platforms accordingly.
3. trusted-firmware-a might require platform specific TF-A build parameters (SPD and SPMC details on the platform).
-See `meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend` for qemuarm64-secureboot machine
-and in `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc` and
-`meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc` for N1SDP and Corstone1000 platforms.
+ See `meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend` for qemuarm64-secureboot machine
+ and in `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc` and
+ `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc` for N1SDP and Corstone1000 platforms.
## Normal World applications
- Optionally for testing purposes you can add `packagegroup-ts-tests` and `packagegroup-ts-tests-psa` package groups into your image.
-They include [Trusted Services test and demo tools][3]
+Optionally for testing purposes you can add `packagegroup-ts-tests` into your image. It includes
+[Trusted Services test and demo tools][^3] and [xtest][^4] configured to include the `ffa_spmc` tests.
## OEQA Trusted Services tests
meta-arm also includes Trusted Service OEQA tests which can be used for automated testing.
See `ci/trusted-services.yml` for an example how to include them into an image.
-[1] https://trusted-services.readthedocs.io/en/integration/overview/introduction.html
-[2] https://trusted-services.readthedocs.io/en/integration/developer/deployments/secure-partitions.html
-[3] https://trusted-services.readthedocs.io/en/integration/developer/deployments/test-executables.html
+
+------
+[^1]: https://trusted-services.readthedocs.io/en/integration/overview/index.html
+
+[^2]: https://trusted-services.readthedocs.io/en/integration/deployments/secure-partitions.html
+
+[^3]: https://trusted-services.readthedocs.io/en/integration/deployments/test-executables.html
+
+[^4]: https://optee.readthedocs.io/en/latest/building/gits/optee_test.html \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.0) at 2024-05-19 21:16:50 +0300