I am trying to implement Secure Boot + Chain of Trust w/Confidentiality. I am following the steps outlined in Section 6.1.4: Procedure to enable Secure Boot in the LSDK User Guide Rev 19.09_311219.
I have built the CST and generated keys and built the LSDK composite secure boot firmware. I am now on Step 4: Generate Fuse Provisioning Firmware. This links me to Section 6.4.4 in the user guide. In Step 3: Generate BL31 image with fuse provisioning support, it says to run the following command:
flex-builder -c atf -m <machine> -b <boottype>so I run:
flex-builder -c atf -m ls1021atwr -b sdand I get the following output:
root@538bbf29aa5d:/flexbuild# flex-builder -c atf -m ls1021atwr -b sd COMPONENT: atf MACHINE: ls1021atwr BOOTTYPE: sd make: Entering directory '/flexbuild' make[1]: Entering directory '/flexbuild/packages/firmware' Building ATF ... Building dependent fuse_scr.bin ... #----------------------------------------------------# #------- -------- -------- -------# #------- CST (Code Signing Tool) Version 2.0 -------# #------- -------- -------- -------# #----------------------------------------------------# ========================================================== This tool includes software developed by OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/) This product includes cryptographic software written by Eric Young (eay@cryptsoft.com) ========================================================== Input File is input_files/gen_fusescr/ls2088_1088/input_fuse_file /flexbuild/packages/firmware building dependent /flexbuild/build/firmware/u-boot/ls1021atwr/uboot_ls1021atwr_tfa.bin ... Please add the dependent /flexbuild/packages/firmware/u-boot/configs/ls1021atwr_tfa_defconfig make[1]: Leaving directory '/flexbuild/packages/firmware' make: Leaving directory '/flexbuild'
Inside of the directory: /flexbuild/packages/firmware/u-boot/configs/, I see the following *_tfa_defconfig files:
please advise
