Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 5286552a6569068c9aa684e56835137f05d704da^! / . / docs / getting_started
commit5286552a6569068c9aa684e56835137f05d704da[log] [tgz]
authorJuan Pablo Conde <juanpablo.conde@arm.com>Tue Jun 28 16:56:32 2022 -0400
committerJuan Pablo Conde <juanpablo.conde@arm.com>Fri Jul 15 18:09:18 2022 -0400
tree5fcadd71f6157f12251a4ecea4c5f84badd84d82
parentd269f815596bafc3e0028167b41ae80b29cddb67 [diff]
docs(security): update info on use of OpenSSL 3.0

OpenSSL 3.0 is a pre-requisite since v2.7 and can be installed
on the operating system by updating the previous version.
However, this may not be convenient for everyone, as some may
want to keep their previous versions of OpenSSL.

This update on the docs shows that there is an alternative to
install OpenSSL on the system by using a local build of
OpenSSL 3.0 and pointing both the build and run commands to
that build.

Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: Ib9ad9ee5c333f7b04e2747ae02433aa66e6397f3

diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 26d5458..b291d62 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst

@@ -974,9 +974,10 @@
   bit, to trap access to the RAS ERR and RAS ERX registers from lower ELs.
   This flag is disabled by default.
 
-- ``OPENSSL_DIR``: This flag is used to provide the installed openssl directory
-  path on the host machine which is used to build certificate generation and
-  firmware encryption tool.
+- ``OPENSSL_DIR``: This option is used to provide the path to a directory on the
+  host machine where a custom installation of OpenSSL is located, which is used
+  to build the certificate generation, firmware encryption and FIP tools. If
+  this option is not set, the default OS installation will be used.
 
 - ``USE_SP804_TIMER``: Use the SP804 timer instead of the Generic Timer for
   functions that wait for an arbitrary time length (udelay and mdelay). The

diff --git a/docs/getting_started/prerequisites.rst b/docs/getting_started/prerequisites.rst
index 0b8a71c..5d575d8 100644
--- a/docs/getting_started/prerequisites.rst
+++ b/docs/getting_started/prerequisites.rst

@@ -57,6 +57,12 @@
 
    Required to build the cert_create tool.
 
+   .. note::
+
+    OpenSSL 3.0 has to be built from source code, as it's not available in
+    the default package repositories in recent Ubuntu versions. Please refer
+    to the OpenSSL project documentation for more information.
+
 The following libraries are required for Trusted Board Boot and Measured Boot
 support:
 
@@ -89,7 +95,7 @@
 
 .. code:: shell
 
-    sudo apt install build-essential git libssl-dev
+    sudo apt install build-essential git
 
 The optional packages can be installed using:
 

diff --git a/docs/getting_started/tools-build.rst b/docs/getting_started/tools-build.rst
index c050f58..daf7e06 100644
--- a/docs/getting_started/tools-build.rst
+++ b/docs/getting_started/tools-build.rst

@@ -1,6 +1,16 @@
 Building Supporting Tools
 =========================
 
+.. note::
+
+    OpenSSL 3.0 is needed in order to build the tools. A custom installation
+    can be used if not updating the OpenSSL version on the OS. In order to do
+    this, use the ``OPENSSL_DIR`` variable after the ``make`` command to
+    indicate the location of the custom OpenSSL build. Then, to run the tools,
+    use the ``LD_LIBRARY_PATH`` to indicate the location of the built
+    libraries. More info about ``OPENSSL_DIR`` can be found at
+    :ref:`Build Options`.
+
 Building and using the FIP tool
 -------------------------------
 
@@ -164,4 +174,4 @@
 
 --------------
 
-*Copyright (c) 2019, Arm Limited. All rights reserved.*
+*Copyright (c) 2019-2022, Arm Limited. All rights reserved.*