Changes between Version 10 and Version 11 of venice/secure_boot

Timestamp:

11/21/2023 08:47:36 PM (12 months ago)

Author:

Tim Harvey

Comment:

fix various typos

venice/secure_boot

@@ -103 +103 @@
 export CROSS_COMPILE="aarch64-linux-"
 export ARCH=arm64
+# copy necessary artifacts from bsp
+cp $VENICE_BSP/uboot/lpddr4*.bin . # DDR firmware
+cp $VENICE_BSP/atf/build/imx8mm/release/bl31.bin . # ATF
 # configure for venice board
 make imx8mm_venice_defconfig
@@ -119 +122 @@
 # sign flash.bin
 /bin/sh doc/imx/habv4/csf_examples/mx8m/csf.sh
-# create a JTAG image (if needed) using one of the following
+# create a JTAG image (if needed) using one of the following (dependent on which SoC you are using)
 mkimage_jtag --emmc -s --partconf=boot0 \
   flash.bin@boot0:erase_none:66-8192 > signed_u-boot_spl-imx8mm.bin # imx8mm emmc boot0 partition
 mkimage_jtag --emmc -s --partconf=boot0 \
-  flash.bin@boot0:erase_none:0-8192 > signed_u-boot_spl-imx8mm.bin # imx8mp/imx8mn emmc boot0 partition
-}}}
-  4. Program signed firmware image:
+  flash.bin@boot0:erase_none:0-8192 > signed_u-boot_spl-imx8mp.bin # imx8mp/imx8mn emmc boot0 partition
+}}}
+ 4. Program signed firmware image:
 {{{#!bash
 jtag_usbv4 -p signed_u-boot_spl-imx8mm.bin
@@ -208 +211 @@
 The TEE exposes its features through a tandem operation between a Client Application and a Trusted Application. The client application runs in the Rich OS and always initiates the communication with the Trusted Application that runs in the Trusted OS. The Client application interacts with the TEE through the TEE client API interface. The Secure Application interacts with the TEE Core through the TEE Internal API.
 
-OP-TEE is a Trusted Execution Environment (TEE) designed as a companion to a non-secure Linux kernel running on Arm cores using the TrustZone technology. OP-TEE implements [https://optee.readthedocs.io/en/latest/architecture/globalplatform_api.html#tee-internal-core-api TEE Internal Core API v1.1.x] which is the API exposed to Trusted Applications and the [https://optee.readthedocs.io/en/latest/architecture/globalplatform_api.html#tee-client-api TEE Client API v1.0], which is the API describing how to communicate with a TEE. Those APIs are defined in the [https://optee.readthedocs.io/en/latest/architecture/globalplatform_api.html#globalplatform-api GlobalPlatform API] specifications.
+OP-TEE is a Trusted Execution Environment (TEE) designed as a companion to a non-secure Linux kernel running on Arm cores using the !TrustZone technology. OP-TEE implements [https://optee.readthedocs.io/en/latest/architecture/globalplatform_api.html#tee-internal-core-api TEE Internal Core API v1.1.x] which is the API exposed to Trusted Applications and the [https://optee.readthedocs.io/en/latest/architecture/globalplatform_api.html#tee-client-api TEE Client API v1.0], which is the API describing how to communicate with a TEE. Those APIs are defined in the [https://optee.readthedocs.io/en/latest/architecture/globalplatform_api.html#globalplatform-api GlobalPlatform API] specifications.
 
 The non-secure OS is referred to as the Rich Execution Environment (REE) in TEE specifications. It is typically a Linux OS flavor as a GNU/Linux distribution or the AOSP.
 
-OP-TEE is designed primarily to rely on the Arm TrustZone technology as the underlying hardware isolation mechanism. However, it has been structured to be compatible with any isolation technology suitable for the TEE concept and goals, such as running as a virtual machine or on a dedicated CPU.
+OP-TEE is designed primarily to rely on the Arm !TrustZone technology as the underlying hardware isolation mechanism. However, it has been structured to be compatible with any isolation technology suitable for the TEE concept and goals, such as running as a virtual machine or on a dedicated CPU.
 
 The main design goals for OP-TEE are:
@@ -333 +336 @@
 # sign flash.bin
 /bin/sh doc/imx/habv4/csf_examples/mx8m/csf.sh
-# create a JTAG image (if needed) using one of the following
+# create a JTAG image (if needed) using one of the following depending on your SoC
 mkimage_jtag --emmc -s --partconf=boot0 \
   flash.bin@boot0:erase_all:66-8192 > signed_u-boot_spl-imx8mm.bin # imx8mm emmc boot0 partition