Paul Beesley | d2fcc4e | 2019-05-29 13:59:40 +0100 | [diff] [blame] | 1 | Building Supporting Tools |
| 2 | ========================= |
| 3 | |
| 4 | Building and using the FIP tool |
| 5 | ------------------------------- |
| 6 | |
| 7 | Firmware Image Package (FIP) is a packaging format used by TF-A to package |
| 8 | firmware images in a single binary. The number and type of images that should |
| 9 | be packed in a FIP is platform specific and may include TF-A images and other |
| 10 | firmware images required by the platform. For example, most platforms require |
| 11 | a BL33 image which corresponds to the normal world bootloader (e.g. UEFI or |
| 12 | U-Boot). |
| 13 | |
| 14 | The TF-A build system provides the make target ``fip`` to create a FIP file |
| 15 | for the specified platform using the FIP creation tool included in the TF-A |
| 16 | project. Examples below show how to build a FIP file for FVP, packaging TF-A |
| 17 | and BL33 images. |
| 18 | |
| 19 | For AArch64: |
| 20 | |
| 21 | .. code:: shell |
| 22 | |
| 23 | make PLAT=fvp BL33=<path-to>/bl33.bin fip |
| 24 | |
| 25 | For AArch32: |
| 26 | |
| 27 | .. code:: shell |
| 28 | |
| 29 | make PLAT=fvp ARCH=aarch32 AARCH32_SP=sp_min BL33=<path-to>/bl33.bin fip |
| 30 | |
| 31 | The resulting FIP may be found in: |
| 32 | |
| 33 | :: |
| 34 | |
| 35 | build/fvp/<build-type>/fip.bin |
| 36 | |
| 37 | For advanced operations on FIP files, it is also possible to independently build |
| 38 | the tool and create or modify FIPs using this tool. To do this, follow these |
| 39 | steps: |
| 40 | |
| 41 | It is recommended to remove old artifacts before building the tool: |
| 42 | |
| 43 | .. code:: shell |
| 44 | |
| 45 | make -C tools/fiptool clean |
| 46 | |
| 47 | Build the tool: |
| 48 | |
| 49 | .. code:: shell |
| 50 | |
| 51 | make [DEBUG=1] [V=1] fiptool |
| 52 | |
| 53 | The tool binary can be located in: |
| 54 | |
| 55 | :: |
| 56 | |
| 57 | ./tools/fiptool/fiptool |
| 58 | |
| 59 | Invoking the tool with ``help`` will print a help message with all available |
| 60 | options. |
| 61 | |
| 62 | Example 1: create a new Firmware package ``fip.bin`` that contains BL2 and BL31: |
| 63 | |
| 64 | .. code:: shell |
| 65 | |
| 66 | ./tools/fiptool/fiptool create \ |
| 67 | --tb-fw build/<platform>/<build-type>/bl2.bin \ |
| 68 | --soc-fw build/<platform>/<build-type>/bl31.bin \ |
| 69 | fip.bin |
| 70 | |
| 71 | Example 2: view the contents of an existing Firmware package: |
| 72 | |
| 73 | .. code:: shell |
| 74 | |
| 75 | ./tools/fiptool/fiptool info <path-to>/fip.bin |
| 76 | |
| 77 | Example 3: update the entries of an existing Firmware package: |
| 78 | |
| 79 | .. code:: shell |
| 80 | |
| 81 | # Change the BL2 from Debug to Release version |
| 82 | ./tools/fiptool/fiptool update \ |
| 83 | --tb-fw build/<platform>/release/bl2.bin \ |
| 84 | build/<platform>/debug/fip.bin |
| 85 | |
| 86 | Example 4: unpack all entries from an existing Firmware package: |
| 87 | |
| 88 | .. code:: shell |
| 89 | |
| 90 | # Images will be unpacked to the working directory |
| 91 | ./tools/fiptool/fiptool unpack <path-to>/fip.bin |
| 92 | |
| 93 | Example 5: remove an entry from an existing Firmware package: |
| 94 | |
| 95 | .. code:: shell |
| 96 | |
| 97 | ./tools/fiptool/fiptool remove \ |
| 98 | --tb-fw build/<platform>/debug/fip.bin |
| 99 | |
| 100 | Note that if the destination FIP file exists, the create, update and |
| 101 | remove operations will automatically overwrite it. |
| 102 | |
| 103 | The unpack operation will fail if the images already exist at the |
| 104 | destination. In that case, use -f or --force to continue. |
| 105 | |
| 106 | More information about FIP can be found in the :ref:`Firmware Design` document. |
| 107 | |
| 108 | .. _tools_build_cert_create: |
| 109 | |
| 110 | Building the Certificate Generation Tool |
| 111 | ---------------------------------------- |
| 112 | |
| 113 | The ``cert_create`` tool is built as part of the TF-A build process when the |
| 114 | ``fip`` make target is specified and TBB is enabled (as described in the |
| 115 | previous section), but it can also be built separately with the following |
| 116 | command: |
| 117 | |
| 118 | .. code:: shell |
| 119 | |
| 120 | make PLAT=<platform> [DEBUG=1] [V=1] certtool |
| 121 | |
| 122 | For platforms that require their own IDs in certificate files, the generic |
| 123 | 'cert_create' tool can be built with the following command. Note that the target |
| 124 | platform must define its IDs within a ``platform_oid.h`` header file for the |
| 125 | build to succeed. |
| 126 | |
| 127 | .. code:: shell |
| 128 | |
| 129 | make PLAT=<platform> USE_TBBR_DEFS=0 [DEBUG=1] [V=1] certtool |
| 130 | |
| 131 | ``DEBUG=1`` builds the tool in debug mode. ``V=1`` makes the build process more |
| 132 | verbose. The following command should be used to obtain help about the tool: |
| 133 | |
| 134 | .. code:: shell |
| 135 | |
| 136 | ./tools/cert_create/cert_create -h |
| 137 | |
| 138 | -------------- |
| 139 | |
| 140 | *Copyright (c) 2019, Arm Limited. All rights reserved.* |