-
Notifications
You must be signed in to change notification settings - Fork 1
/
bld.sh
executable file
·233 lines (193 loc) · 8.6 KB
/
bld.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
#!/usr/bin/env bash
set -e
tfa_usage () {
echo -n "cert_create or fiptool could not be found. If running on a "
echo -n "Debian-based distro (e.g. Ubuntu) you can get them by "
echo "installing the arm-trusted-firmware-tools package."
echo -n "Otherwise, you can build them and add them to the \$PATH by "
echo "running the following commands:"
echo
echo " git clone --depth 1 https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git"
echo " pushd trusted-firmware-a"
echo " ${MAKE_COMMAND} CC=cc fiptool"
echo " ${MAKE_COMMAND} CC=cc certtool"
echo " export PATH=\$PWD/tools/cert_create:\$PWD/tools/fiptool:\$PATH"
echo " popd"
exit 1
}
usage () {
echo "Usage:"
echo " $0 [options]"
echo
echo "Options:"
echo " -b <bldtype>, --build <bldtype> Specify the build type: DEBUG or RELEASE"
echo " -t <tc>, --toolchain <tc> Specify the toolchain to use: GCC or CLANG"
echo " -f, --flash Copy firmware to BMC and flash firmware (keeping EFI variables and NVPARAMs) after building"
echo " -F, --full-flash Copy firmware to BMC and flash full EEPROM (resetting EFI variables and NVPARAMs) after building"
exit 1
}
TFA_VERSION=2.10.20230517
SCP_VERSION=2.10.20230517
TFA_SLIM=$PWD/altra_atf_signed_${TFA_VERSION}.slim
SCP_SLIM=$PWD/altra_scp_signed_${SCP_VERSION}.slim
SPI_SIZE_MB=32
BOARD_NAME=ComHpcAlt
OUTPUT_BIN_DIR=$PWD/Build/${BOARD_NAME}
BOARD_SETTINGS_CFG=edk2-platforms/Platform/Ampere/${BOARD_NAME}Pkg/${BOARD_NAME}BoardSetting.cfg
SCRIPTS_DIR=$PWD/edk2-ampere-tools/
EDK_PLATFORMS_PKG_DIR=$PWD/edk2-platforms/Platform/Ampere/${BOARD_NAME}Pkg
OUTPUT_BOARD_SETTINGS_BIN=${OUTPUT_BIN_DIR}/$(basename ${BOARD_SETTINGS_CFG}).bin
FLASHFW=0
RESET_NV_STORAGE=0
TOOLCHAIN=GCC
BLDTYPE=RELEASE
BUILD_THREADS=$(getconf _NPROCESSORS_ONLN)
export PYTHON_COMMAND=python3
export WORKSPACE=$PWD
export PACKAGES_PATH=$PWD:$PWD/edk2:$PWD:$PWD/edk2-platforms:$PWD/edk2-platforms/Platform/Ampere/ComHpcAltPkg:$PWD/OpenPlatformPkg:$PWD/edk2-platforms/Features/Intel/Debugging:$PWD/edk2-platforms/Features:$PWD/edk2-platforms/Features/Intel
if [ `uname -o` = "FreeBSD" ]; then
MAKE_COMMAND=gmake
GETOPT_COMMAND=/usr/local/bin/getopt
if ! command -v ${GETOPT_COMMAND} >/dev/null 2>&1; then
echo "GNU getopt is required. Please install the getopt package."
exit 1
fi
if ! command -v ${MAKE_COMMAND} >/dev/null 2>&1; then
echo "GNU make is required. Please install the gmake package."
exit 1
fi
mkdir bin || true
ln -sfv /usr/local/bin/gmake bin/make
export PATH=$PWD/bin:$PATH
else
MAKE_COMMAND=make
GETOPT_COMMAND=getopt
fi
if [ ! -e ${ATF_SLIM} ]; then
echo "The TF-A (Trusted Firmware) binary ${ATF_SLIM} doesn't exist."
echo "Please download it from Ampere Customer Connect (https://amperecomputing.com/customer-connect)."
exit 1
fi
if [ ! -e ${SCP_SLIM} ]; then
echo "The SCP (System Control Processor) binary ${SCP_SLIM} doesn't exist."
echo "Please download it from Ampere Customer Connect (https://amperecomputing.com/customer-connect)."
exit 1
fi
if ! command -v cert_create >/dev/null 2>&1; then
tfa_usage
fi
if ! command -v fiptool >/dev/null 2>&1; then
tfa_usage
fi
if ! command -v python3 >/dev/null 2>&1; then
echo "Could not find python3. Please install the python3 package."
exit 1
fi
OPTIONS=$(${GETOPT_COMMAND} -o t:b:fFh --long toolchain:,build:,flash,full-flash,help -- "$@")
eval set -- "$OPTIONS"
while true; do
case "$1" in
-t|--toolchain)
TOOLCHAIN=$2; shift 2;;
-b|--build)
BLDTYPE=$2; shift 2;;
-f|--flash)
FLASHFW=1; shift;;
-F|--full-flash)
FLASHFW=1; RESET_NV_STORAGE=1; shift;;
-h|--help)
usage; shift;;
--) shift; break;;
*) echo "Internal error ($1)!"; exit 1;;
esac
done
eval set -- ""
case `uname -m` in
"x86_64")
if [ "$TOOLCHAIN" = "GCC" -a -z ${GCC_AARCH64_PREFIX} ]; then
echo "Error: need to define \$GCC_AARCH64_PREFIX since the native compiler won't work"
exit 1
fi
;;
esac
if [ ${TOOLCHAIN} = "CLANG" ]; then
TOOLCHAIN=CLANGDWARF
fi
mkdir -p ${OUTPUT_BIN_DIR}
cp -v ${BOARD_SETTINGS_CFG} ${OUTPUT_BIN_DIR}/$(basename ${BOARD_SETTINGS_CFG}).txt
python3 ${SCRIPTS_DIR}/nvparam.py -f ${BOARD_SETTINGS_CFG} -o ${OUTPUT_BOARD_SETTINGS_BIN}
rm -fv ${OUTPUT_BOARD_SETTINGS_BIN}.padded
make -C edk2/BaseTools -j ${BUILD_THREADS}
. ./fw_ver UPDATE
. edk2/edksetup.sh
build -a AARCH64 -t GCC -p MultiArchUefiPkg/Emulator.dsc -b RELEASE -D MAU_EMU_X64_RAZ_WI_PIO=YES
EDK2_AADP_SECURE_BOOT_ENABLE=${EDK2_AADP_SECURE_BOOT_ENABLE:-TRUE}
EDK2_AADP_NETWORK_ENABLE=${EDK2_AADP_NETWORK_ENABLE:-TRUE}
EDK2_AADP_INCLUDE_TFTP_COMMAND=${EDK2_AADP_INCLUDE_TFTP_COMMAND:-TRUE}
EDK2_AADP_NETWORK_IP6_ENABLE=${EDK2_AADP_NETWORK_IP6_ENABLE:-TRUE}
EDK2_AADP_NETWORK_ALLOW_HTTP_CONNECTIONS=${EDK2_AADP_NETWORK_ALLOW_HTTP_CONNECTIONS:-TRUE}
EDK2_AADP_NETWORK_TLS_ENABLE=${EDK2_AADP_NETWORK_TLS_ENABLE:-TRUE}
EDK2_AADP_REDFISH_ENABLE=${EDK2_AADP_REDFISH_ENABLE:-TRUE}
EDK2_AADP_PERFORMANCE_MEASUREMENT_ENABLE=${EDK2_AADP_PERFORMANCE_MEASUREMENT_ENABLE:-FALSE}
EDK2_AADP_TPM2_ENABLE=${EDK2_AADP_TPM2_ENABLE:-TRUE}
if [ "${BLDTYPE}" = "RELEASE" ]; then
EDK2_AADP_HEAP_GUARD_ENABLE=FALSE
else
EDK2_AADP_HEAP_GUARD_ENABLE=TRUE
fi
build -a AARCH64 -t ${TOOLCHAIN} -b ${BLDTYPE} -n ${BUILD_THREADS} \
-D FIRMWARE_VER="${VER}-${BUILD} TF-A ${TFA_VERSION}" \
-D MAJOR_VER=${MAJOR_VER} -D MINOR_VER=${MINOR_VER} \
-D SECURE_BOOT_ENABLE=${EDK2_AADP_SECURE_BOOT_ENABLE} \
-D NETWORK_ENABLE=${EDK2_AADP_NETWORK_ENABLE} \
-D INCLUDE_TFTP_COMMAND=${EDK2_AADP_INCLUDE_TFTP_COMMAND} \
-D NETWORK_IP6_ENABLE=${EDK2_AADP_NETWORK_IP6_ENABLE} \
-D NETWORK_ALLOW_HTTP_CONNECTIONS=${EDK2_AADP_NETWORK_ALLOW_HTTP_CONNECTIONS} \
-D NETWORK_TLS_ENABLE=${EDK2_AADP_NETWORK_TLS_ENABLE} \
-D REDFISH_ENABLE=${EDK2_AADP_REDFISH_ENABLE} \
-D PERFORMANCE_MEASUREMENT_ENABLE=${EDK2_AADP_PERFORMANCE_MEASUREMENT_ENABLE} \
-D TPM2_ENABLE=${EDK2_AADP_TPM2_ENABLE} \
-D HEAP_GUARD_ENABLE=${EDK2_AADP_HEAP_GUARD_ENABLE} \
-Y COMPILE_INFO -y BuildReport.log \
-p Platform/Ampere/${BOARD_NAME}Pkg/${BOARD_NAME}.dsc
OUTPUT_BASENAME=${OUTPUT_BIN_DIR}/${BOARD_NAME,,}_tianocore_tfa_${BLDTYPE,,}_${VER}-${BUILD}
OUTPUT_RAW_IMAGE=${OUTPUT_BASENAME}.raw
# Create a 2MB file with 0xff
dd bs=1024 count=2048 if=/dev/zero | tr "\000" "\377" > ${OUTPUT_RAW_IMAGE}
dd bs=1024 seek=0 conv=notrunc if=${TFA_SLIM} of=${OUTPUT_RAW_IMAGE}
dd bs=1 seek=2031616 conv=notrunc if=${OUTPUT_BOARD_SETTINGS_BIN} of=${OUTPUT_RAW_IMAGE}
OUTPUT_FD_IMAGE=${OUTPUT_BASENAME}.fd
cp -v Build/${BOARD_NAME}/${BLDTYPE}_${TOOLCHAIN}/FV/BL33_${BOARD_NAME^^}_UEFI.fd ${OUTPUT_FD_IMAGE}
# Sign FD
DBB_KEY=${EDK_PLATFORMS_PKG_DIR}/TestKeys/Dbb_AmpereTest.priv.pem
cert_create -n --ntfw-nvctr 0 --key-alg rsa --nt-fw-key ${DBB_KEY} --nt-fw-cert ${OUTPUT_FD_IMAGE}.crt --nt-fw ${OUTPUT_FD_IMAGE}
fiptool create --nt-fw-cert ${OUTPUT_FD_IMAGE}.crt --nt-fw ${OUTPUT_FD_IMAGE} ${OUTPUT_FD_IMAGE}.signed
rm -fv ${OUTPUT_FD_IMAGE}.crt
dd bs=1024 seek=2048 if=${OUTPUT_FD_IMAGE}.signed of=${OUTPUT_RAW_IMAGE}
rm -fv ${OUTPUT_FD_IMAGE}.signed
cp -fv ${OUTPUT_RAW_IMAGE} ${OUTPUT_BASENAME}.img
rm -fv ${OUTPUT_RAW_IMAGE} ${OUTPUT_FD_IMAGE} ${OUTPUT_BOARD_SETTINGS_BIN}
dd bs=1M count=${SPI_SIZE_MB} if=/dev/zero | tr "\000" "\377" > ${OUTPUT_BASENAME}.bin
dd conv=notrunc bs=1M seek=4 if=${OUTPUT_BASENAME}.img of=${OUTPUT_BASENAME}.bin
mkdir -p Build/${BOARD_NAME} || true
cp -vf ${OUTPUT_BASENAME}.img Build/${BOARD_NAME}/${BOARD_NAME}_tianocore_tfa.img
# Build the capsule (for upgrading from the UEFI Shell or Linux)
build -a AARCH64 -t ${TOOLCHAIN} -b ${BLDTYPE} -n ${BUILD_THREADS} \
-D FIRMWARE_VER="${VER}-${BUILD} TF-A ${TFA_VERSION}" \
-D MAJOR_VER=${MAJOR_VER} \
-D MINOR_VER=${MINOR_VER} \
-D SECURE_BOOT_ENABLE \
-p Platform/Ampere/${BOARD_NAME}Pkg/${BOARD_NAME}Capsule.dsc
cp -vf Build/${BOARD_NAME}/${BLDTYPE}_${TOOLCHAIN}/FV/${BOARD_NAME^^}UEFIATFFIRMWAREUPDATECAPSULEFMPPKCS7.Cap ${OUTPUT_BASENAME}.cap
cp -vf Build/${BOARD_NAME}/${BLDTYPE}_${TOOLCHAIN}/FV/ALTRASCPFIRMWAREUPDATECAPSULEFMPPKCS7.Cap ${OUTPUT_BIN_DIR}/${BOARD_NAME,,}_scp_${SCP_VERSION}.cap
echo "Done. Firmware is in ${OUTPUT_BASENAME}.{bin,img,cap}"
if [ "${FLASHFW}" = "1" ]; then
echo "Copying firmware to BMC and flashing host."
if [ "$RESET_NV_STORAGE" = "1" ]; then
./fwflash.sh ${OUTPUT_BASENAME}.bin
else
./fwflash.sh ${OUTPUT_BASENAME}.img
fi
fi
# .img - SPI NOR image starting at 4MB
# .bin - SPI NOR image starting at 0MB