This repository contains instructions and tools to assist in the
compilation and final build of Tianocore for Ampere's platforms. It is
an extension of what is already provided in the README located at
edk2-platforms/Platform/Ampere/README.md
It is assumed that your build environment has been set up appropriately
based on edk2-platforms/Platform/Ampere/README.md
.
Throughout this document, Ampere's Mt. Jade platform is used to illustrate various steps to arrive at a final Tianocore UEFI image that can be flashed to the platform.
The process of creating a flashable image involves the following steps:
- Building the UEFI image
- Signing the UEFI image
- Integrating Ampere's Arm Trusted Firmware binary and platform's board settings
- Building the capsule update image that can be used to update Tianocore firmware via
fwupdate
orfwupd
methods.
Building EDK2 FD with the following command:
$ cd edk2-platforms && build -a AARCH64 -t GCC5 -b RELEASE -D SECURE_BOOT_ENABLE -p Platform/Ampere/JadePkg/Jade.dsc
Notes: Please refer to LinuxBoot.md for building EDK2+LinuxBoot FD.
The resulting image will be at
edk2-platforms/Build/Jade/RELEASE_GCC5/FV/BL33_JADE_UEFI.fd
We will be using edk2-platforms/BUILDS/jade_tianocore_atf for the final artifacts.
$ cd edk2-platforms
$ mkdir -p BUILDS/jade_tianocore_atf
You need to download and install cert_create
and fiptool
from
Arm Trusted Firmware.
$ git clone --depth 1 https://github.com/ARM-software/arm-trusted-firmware.git
$ cd arm-trusted-firmware
$ make -C tools/cert_create
$ make -C tools/fiptool
Set up your $PATH to include cert_create and fiptool from above.
Perform the following to sign the image:
$ cd edk2-platforms
$ cert_create -n --ntfw-nvctr 0 --key-alg rsa --nt-fw-key edk2-platforms/Platform/Ampere/JadePkg/TestKeys/Dbb_AmpereTest.priv.pem --nt-fw-cert BUILDS/jade_tianocore_atf/jade_tianocore.fd.crt --nt-fw Build/Jade/RELEASE_GCC5/FV/BL33_JADE_UEFI.fd
$ fiptool create --nt-fw-cert BUILDS/jade_tianocore_atf/jade_tianocore.fd.crt --nt-fw Build/Jade/RELEASE_GCC5/FV/BL33_JADE_UEFI.fd BUILDS/jade_tianocore_atf/jade_tianocore.fip.signed
You need to obtain Ampere ATF image and Board Setting file compatible with this vesion of Ampere EDK2 in order to build a final firmware image.
Contact [email protected] for information.
Download nvparam.py from this repository to your build machine.
A sample working board setting file is located under Platform/Ampere/{Platform Name}Pkg/.
$ cd edk2-platforms
$ python nvparam.py -f Platform/Ampere/JadePkg/jade_board_setting.txt -o BUILDS/jade_tianocore_atf/jade_board_setting.bin
Generating the final image with the following commands:
$ dd bs=1024 count=2048 if=/dev/zero | tr "\000" "\377" > BUILDS/jade_tianocore_atf/jade_tianocore_atf.img
$ dd bs=1024 conv=notrunc if=<ampere_atf_image_filepath> of=BUILDS/jade_tianocore_atf/jade_tianocore_atf.img
$ dd bs=1024 seek=1984 conv=notrunc if=BUILDS/jade_tianocore_atf/jade_board_setting.bin of=BUILDS/jade_tianocore_atf/jade_tianocore_atf.img
$ dd bs=1024 seek=2048 if=BUILDS/jade_tianocore_atf/jade_tianocore.fip.signed of=BUILDS/jade_tianocore_atf/jade_tianocore_atf.img
Result: BUILDS/jade_tianocore_atf/jade_tianocore_atf.img
Note that the jade_tianocore_atf.img
image is flashed at the beginning of the ATF SLIM region according to the SPI-NOR Flash Layout.
For current Ampere ATF
$ build -a AARCH64 -t GCC5 -b RELEASE \
-p Platform/Ampere/JadePkg/JadeCapsule.dsc \
-D UEFI_ATF_IMAGE=<ampere_atf_image_filepath> \
-D SCP_IMAGE=<ampere_scp_slim_image_filepath>
$ cp Build/Jade/RELEASE_GCC5/FV/JADEUEFIATFFIRMWAREUPDATECAPSULEFMPPKCS7.Cap BUILDS/jade_tianocore_atf/jade_tianocore_atf.cap
$ cp Build/Jade/RELEASE_GCC5/FV/JADESCPFIRMWAREUPDATECAPSULEFMPPKCS7.Cap BUILDS/jade_tianocore_atf/jade_scp.cap
Result:
BUILDS/jade_tianocore_atf/jade_tianocore_atf.cap
BUILDS/jade_tianocore_atf/jade_scp.cap
For Ampere ATF version 1.05 and earlier
$ dd bs=1024 count=2048 if=/dev/zero | tr "\000" "\377" > BUILDS/jade_tianocore_atf/jade_tianocore_atf.cap.img
$ dd bs=1024 conv=notrunc if=<ampere_atf_image_filepath> of=BUILDS/jade_tianocore_atf/jade_tianocore_atf.cap.img
$ dd bs=1024 seek=1984 conv=notrunc if=BUILDS/jade_tianocore_atf/jade_board_setting.bin of=BUILDS/jade_tianocore_atf/jade_tianocore_atf.cap.img
$ dd bs=1024 seek=2048 if=BUILDS/jade_tianocore_atf/jade_tianocore.fip.signed of=BUILDS/jade_tianocore_atf/jade_tianocore_atf.cap.img
$ openssl dgst -sha256 -sign Platform/Ampere/JadePkg/TestKeys/Dbu_AmpereTest.priv.pem -out BUILDS/jade_tianocore_atf/jade_tianocore_atf.img.sig BUILDS/jade_tianocore_atf/jade_tianocore_atf.cap.img
$ cat BUILDS/jade_tianocore_atf/jade_tianocore_atf.img.sig BUILDS/jade_tianocore_atf/jade_tianocore_atf.cap.img > Build/Jade/RELEASE_GCC5/jade_tianocore_atf.img.signed
$ build -a AARCH64 -t GCC5 -b RELEASE -p Platform/Ampere/JadePkg/JadeCapsule.dsc -D UEFI_ATF_IMAGE=Build/Jade/RELEASE_GCC5/jade_tianocore_atf.img.signed
$ cp Build/Jade/RELEASE_GCC5/FV/JADEFIRMWAREUPDATECAPSULEFMPPKCS7.Cap BUILDS/jade_tianocore_atf/jade_tianocore_atf.cap
Result: BUILDS/jade_tianocore_atf/jade_tianocore_atf.cap
Provided in this repository are the helper script edk2-build.sh modified from Linaro's uefi-tools at https://git.linaro.org/uefi/uefi-tools.git with added support for building Ampere's platform and final integrated Tianocore image.
$ cd edk2-ampere-tools/
$ ./edk2-build.sh -b RELEASE Jade --atf-image <full-path-to-ATF-image.slim>
...
BUILD/jade_tianocore_atf_1.01.100
├── [1.4K] jade_board_setting.bin
├── [9.8K] jade_board_setting.txt
├── [7.8M] jade_tianocore_1.01.100.fd
├── [ 13M] jade_tianocore_atf_1.01.100.cap
└── [9.8M] jade_tianocore_atf_1.01.100.img
0 directories, 5 files
------------------------------------------------------------
Ampere Jade (AARCH64) RELEASE pass
------------------------------------------------------------
pass 1
fail 0
An equivalent Makefile is also provided for those who wish to use it instead. Run make -f edk2-ampere-tools/Makefile
for options.
Note
- For cross-compilation, use CROSS_COMPILE environment variable to specify the cross-compiler.
- For native compilation, make sure that the location of the compiler invocations has been added to the PATH environment variable.