On 17.10.25 14:03, Jan Kiszka wrote: > Changes in v5 [1]: > - fix regression of patch 1 with unplugged SD cards > - address review comments on documentation > > Changes in v4: > - add truncation warning to mkemmc.sh > - fix typos in doc and mkemmc.sh > > Changes in v3: > - rebased, dropping merged patches > - rework image alignment rules to match hardware > - improve/fix mkemmc script > - add emmc documentation > > Changes in v2: > - handle write counter expiry > - assert() availability of QCRYPTO_HASH_ALGO_SHA256 > - add missing SPDX-License-Identifier > > This closes an old gap in system integration testing for the very > complex ARM firmware stacks by adding fairly advanced Replay Protected > Memory Block (RPMB) emulation to the eMMC device model. Key programming > and message authentication are working, so is the write counter. Known > users are happy with the result. What is missing, but not only for RPMB- > related registers, is state persistence across QEMU restarts. This is OK > at this stage for most test scenarios, though, and could still be added > later on. > > What can already be done with it is demonstrated in the WIP branch of > isar-cip-core at [2]: TF-A + OP-TEE + StandaloneMM TA + fTPM TA, used by > U-Boot and Linux for UEFI variable storage and TPM scenarios. If you > want to try: build qemu-arm64 target for trixie with 6.12-cip *head* > kernel, enable secure boot and disk encryption, then run > > $ QEMU_PATH=/path/to/qemu-build/ ./start-qemu.sh > > Deploy snakeoil keys into PK, KEK and db after first boot to enable > secure booting: > > root@demo:~# cert-to-efi-sig-list PkKek-1-snakeoil.pem PK.esl > root@demo:~# sign-efi-sig-list -k PkKek-1-snakeoil.key -c > PkKek-1-snakeoil.pem PK PK.esl PK.auth > root@demo:~# efi-updatevar -f PK.auth db > root@demo:~# efi-updatevar -f PK.auth KEK > root@demo:~# efi-updatevar -f PK.auth PK > > Note that emulation is a bit slow in general, and specifically the > partition encryption on first boot is taking 20 min. - we should > probably reduce its size or understand if there is still something to > optimize. > > Jan > > [1] https://github.com/siemens/qemu/commits/queues/emmc/ > [2] > https://gitlab.com/cip-project/cip-core/isar-cip-core/-/commits/wip/qemu-rpmb > > CC: Alexander Bulekov <[email protected]> > CC: Alistair Francis <[email protected]> > CC: Cédric Le Goater <[email protected]> > CC: Joel Stanley <[email protected]> > CC: Warner Losh <[email protected]> > > Jan Kiszka (6): > hw/sd/sdcard: Fix size check for backing block image > hw/sd/sdcard: Allow user-instantiated eMMC > hw/sd/sdcard: Add basic support for RPMB partition > hw/sd/sdcard: Handle RPMB MAC field > scripts: Add helper script to generate eMMC block device images > docs: Add eMMC device model description > > docs/system/device-emulation.rst | 1 + > docs/system/devices/emmc.rst | 53 +++++ > hw/sd/sd.c | 352 ++++++++++++++++++++++++++++--- > hw/sd/sdmmc-internal.h | 21 ++ > hw/sd/trace-events | 2 + > scripts/mkemmc.sh | 218 +++++++++++++++++++ > 6 files changed, 618 insertions(+), 29 deletions(-) > create mode 100644 docs/system/devices/emmc.rst > create mode 100755 scripts/mkemmc.sh >
Gentle ping: Would be great to get it into the next QEMU release. Please let me know if something is still missing for that. Thanks, Jan -- Siemens AG, Foundational Technologies Linux Expert Center
