71 lines
2.2 KiB
Nix
71 lines
2.2 KiB
Nix
import ./make-test-python.nix (
|
|
{ pkgs, lib, ... }:
|
|
{
|
|
name = "optee";
|
|
|
|
meta = with pkgs.lib.maintainers; {
|
|
maintainers = [ jmbaur ];
|
|
};
|
|
|
|
nodes.machine =
|
|
{ config, pkgs, ... }:
|
|
let
|
|
inherit (pkgs) armTrustedFirmwareQemu opteeQemuAarch64 ubootQemuAarch64;
|
|
|
|
# Default environment for qemu-arm64 uboot does not work well with
|
|
# large nixos kernel/initrds.
|
|
uboot = ubootQemuAarch64.overrideAttrs (old: {
|
|
postPatch = (old.postPatch or "") + ''
|
|
substituteInPlace board/emulation/qemu-arm/qemu-arm.env \
|
|
--replace-fail "ramdisk_addr_r=0x44000000" "ramdisk_addr_r=0x46000000"
|
|
'';
|
|
});
|
|
|
|
bios = armTrustedFirmwareQemu.override {
|
|
extraMakeFlags = [
|
|
"SPD=opteed"
|
|
"BL32=${opteeQemuAarch64}/tee-header_v2.bin"
|
|
"BL32_EXTRA1=${opteeQemuAarch64}/tee-pager_v2.bin"
|
|
"BL32_EXTRA2=${opteeQemuAarch64}/tee-pageable_v2.bin"
|
|
"BL33=${uboot}/u-boot.bin"
|
|
"all"
|
|
"fip"
|
|
];
|
|
filesToInstall = [
|
|
"build/qemu/release/bl1.bin"
|
|
"build/qemu/release/fip.bin"
|
|
];
|
|
postInstall = ''
|
|
dd if=$out/bl1.bin of=$out/bios.bin bs=4096 conv=notrunc
|
|
dd if=$out/fip.bin of=$out/bios.bin seek=64 bs=4096 conv=notrunc
|
|
'';
|
|
};
|
|
in
|
|
{
|
|
virtualisation = {
|
|
inherit bios;
|
|
cores = 2;
|
|
qemu.options = [
|
|
"-machine virt,secure=on,accel=tcg,gic-version=2"
|
|
"-cpu cortex-a57"
|
|
];
|
|
};
|
|
|
|
# VM boots up via qfw
|
|
boot.loader.grub.enable = false;
|
|
|
|
services.tee-supplicant = {
|
|
enable = true;
|
|
# pkcs11 trusted application
|
|
trustedApplications = [ "${opteeQemuAarch64.devkit}/ta/fd02c9da-306c-48c7-a49c-bbd827ae86ee.ta" ];
|
|
};
|
|
};
|
|
testScript = ''
|
|
machine.wait_for_unit("tee-supplicant.service")
|
|
out = machine.succeed("${pkgs.opensc}/bin/pkcs11-tool --module ${lib.getLib pkgs.optee-client}/lib/libckteec.so --list-token-slots")
|
|
if out.find("OP-TEE PKCS11 TA") < 0:
|
|
raise Exception("optee pkcs11 token not found")
|
|
'';
|
|
}
|
|
)
|