/
Manual build instructions for TF-RMM, TF-A and host EDK2 for QEMU-sbsa

Manual build instructions for TF-RMM, TF-A and host EDK2 for QEMU-sbsa

Owned by Mathieu Poirier
Last updated: Dec 11, 2024
2 min read

Base repository and Virtual Disk Structure

All the instructions below are executed from the $(BASE) directory.

mkdir $BASE cd $BASE mkdir -p images/disks/virtual/

TF-RMM

The Realm Management Monitor (RMM) connects KVM and the Realm guest.

RMM gets loaded into NS DRAM (because there isn't enough space in Secure RAM). TF-A carves out 1GB of memory for the RMM, and tells other software about it using a device-tree reserved memory node. The RMM is located at the base of the system RAM, i.e 0x10000000000, and the device tree move upward by 1GB. Modifications to the device tree are made dynamically by TF-A’s BL31.

Status: QEMU support has been merged. Additional patches are needed until PMUv3p7 is supported by QEMU.

Repo: extra patches are at https://git.codelinaro.org/linaro/dcap/rmm branch cca/v4
official repo is https://git.trustedfirmware.org/TF-RMM/tf-rmm.git/

Build:

git clone -b cca/v4 https://git.codelinaro.org/linaro/dcap/rmm.git cd rmm git submodule update --init --recursive export CROSS_COMPILE=aarch64-linux-gnu- cmake -DCMAKE_BUILD_TYPE=Debug -DRMM_CONFIG=qemu_sbsa_defcfg -B build-sbsa cmake --build build-sbsa cp build-sbsa/Debug/rmm.img ../images/

EDK2-NON-OSI

git clone https://github.com/tianocore/edk2-non-osi.git

TF-A

TF-A loads the RMM and bridges RMM and KVM. It also owns the Granule Protection Table (GPT).

Status: QEMU support is currently under review.

Repo: currently at https://git.codelinaro.org/linaro/dcap/tf-a/trusted-firmware-a branch cca/v4
official is https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/

Build:

git clone -b cca/v4 https://git.codelinaro.org/linaro/dcap/tf-a/trusted-firmware-a.git cd trusted-firmware-a make -j CROSS_COMPILE=aarch64-linux-gnu- PLAT=qemu_sbsa ENABLE_RME=1 RME_GPT_BITLOCK_BLOCK=1 \ DEBUG=1 LOG_LEVEL=40 \ RMM=../rmm/build-sbsa/Debug/rmm.img all fip # Copy firmware images to EDK2 staging directory cp build/qemu_sbsa/debug/bl1.bin ../edk2-non-osi/Platform/Qemu/Sbsa/ cp build/qemu_sbsa/debug/fip.bin ../edk2-non-osi/Platform/Qemu/Sbsa/

EDK2-PLATFORMS

git clone https://github.com/tianocore/edk2-platforms.git cd edk2-platforms git submodule update --init

Host EDK2

Repo: https://github.com/tianocore/edk2.git

Build:

git clone https://github.com/tianocore/edk2.git cd edk2 git submodule update --init cd $BASE export PACKAGES_PATH=$PWD/edk2:$PWD/edk2-platforms:$PWD/edk2-non-osi export GCC5_AARCH64_PREFIX=aarch64-linux-gnu- . edk2/edksetup.sh make -C edk2/BaseTools build -b RELEASE -a AARCH64 -t GCC5 -D ENABLE_RME --pcd PcdUefiShellDefaultBootEnable=1 \ --pcd PcdShellDefaultDelay=0 -p edk2-platforms/Platform/Qemu/SbsaQemu/SbsaQemu.dsc truncate -s 256M Build/SbsaQemuRme/RELEASE_GCC5/FV/SBSA_FLASH0.fd truncate -s 256M Build/SbsaQemuRme/RELEASE_GCC5/FV/SBSA_FLASH1.fd cp Build/SbsaQemuRme/RELEASE_GCC5/FV/SBSA_FLASH0.fd images/ cp Build/SbsaQemuRme/RELEASE_GCC5/FV/SBSA_FLASH1.fd images/

UEFI Vitual Disk boot structure

UEFI uses a virtual disk to store the Linux kernel image and the startup arguments. The Linux image is compiled as part of the steps depicted in the common instructions.

cp $(DIRECTORY_TO_CCA/V3_LINUX_IMAGE)/Image images/disks/virtual/ cp startup.nsh images/disks/virtual/startup.nsh # The content of startup.nsh is: mode 100 31 pci fs0:\Image root=/dev/vda console=hvc0 reset -c # After the above, the UEFI boot structure should look like: disks/ └── virtual ├── Image └── startup.nsh

Follow the rest of the manual build steps in the common section to complete the process.

Related content