workspace structure: -------------------- base directory |__ edk2 |__ edk2-platforms |__ uefi-tools Prerequisites: -------------- Before building EDK-II UEFI, prepare base tools $ cd edk2 $ make -C BaseTools $ cd .. Application can be tested: ------------------------- 1) Secure boot 2) Disaster Recovery Image (DRI) download 3) DRI Secure boot above applications source code path- edk2-platforms/Platform/Comcast/Application QEMU setup: ----------- $ qemu-system-aarch64 -cpu cortex-a57 -M virt -m 512M -bios RDK_EFI.fd -nographic -no-acpi -hda bootpartition.img -hdb fat:keys -drive if=none,file=rootfs.img,format=raw,id=hd0 -device virtio-blk-device,drive=hd0 hdb: a directory which contains KEK.cer and PK.cer (public key) files hda: bootpartition.img $ dd if=/dev/zero bs=1M count=64 of=bootpartition.img $ mkfs.vfat -F 32 bootpartition.img $ sudo mount bootpartition.img /mnt #copy kernel image file (for secure boot), Rdk.conf configuration file, server.url file $ sudo cp /mnt $ sudo umount /mnt Configuration file: RDK Secure boot application accepts 6 configuration ROOTCERT - key file to validate rootfs KEKCERT - KEK public Key PKCERT - PK public key URL - a text file that contains server URL where DRI image is stored IMAGE - kernel image file DTB - Device tree blob file # rdk conf file for getting PK, KEK and kernel file path in flash partitions Typical Rdk.conf file: ################################################################ KEKCERT="PciRoot(0x0)/Pci(0x3,0x0)/HD(1,MBR,0xBE1AFDFA,0x3F,0xFBFC1)/KEK.cer" PKCERT="PciRoot(0x0)/Pci(0x3,0x0)/HD(1,MBR,0xBE1AFDFA,0x3F,0xFBFC1)/PK.cer" URL="PciRoot(0x0)/Pci(0x2,0x0)/server.url" IMAGE="PciRoot(0x0)/Pci(0x2,0x0)/Image" ################################################################ server.url: contains the url path to HTTP image (rootfs + kernel + dtb) Eg. http://xx.xx.xx.xx/path/http.img http.img formation: $ touch tmp $ printf "%016d" `stat -c "%s" rootfs.img` >> tmp $ cat rootfs.img >> tmp $ printf "%016d" `stat -c "%s" kernelSignedImage` >> tmp $ cat kernelSignedImage >> tmp $ printf "%016d" `stat -c "%s" dtb` >> tmp $ cat dtb >> tmp $ mv tmp http.img