Home Explore Help
Sign In
OWEALs
/
arm-trusted-firmware
mirror of https://github.com/ARM-software/arm-trusted-firmware
2
0
Fork 0
Files Issues 1 Wiki
Branch: master
Branches Tags
arm-trusted-fir...
/
docs
/
plat
/
socionext-uniphier.rst

socionext-uniphier.rst 4.0 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116 
  1. Socionext UniPhier
    2. 

  2. ==================
    3. 

  3. 

  4. Socionext UniPhier Armv8-A SoCs use Trusted Firmware-A (TF-A) as the secure
    5. 

  5. world firmware, supporting BL2 and BL31.
    6. 

  6. 

  7. UniPhier SoC family implements its internal boot ROM, which loads 64KB [1]_
    8. 

  8. image from a non-volatile storage to the on-chip SRAM, and jumps over to it.
    9. 

  9. TF-A provides a special mode, BL2-AT-EL3, which enables BL2 to execute at EL3.
    10. 

  10. It is useful for platforms with non-TF-A boot ROM, like UniPhier. Here, a
    11. 

  11. problem is BL2 does not fit in the 64KB limit if
    12. 

  12. :ref:`Trusted Board Boot (TBB) <Trusted Board Boot>` is enabled.
    13. 

  13. To solve this issue, Socionext provides a first stage loader called
    14. 

  14. `UniPhier BL`_. This loader runs in the on-chip SRAM, initializes the DRAM,
    15. 

  15. expands BL2 there, and hands the control over to it. Therefore, all images
    16. 

  16. of TF-A run in DRAM.
    17. 

  17. 

  18. The UniPhier platform works with/without TBB. See below for the build process
    19. 

  19. of each case. The image authentication for the UniPhier platform fully
    20. 

  20. complies with the Trusted Board Boot Requirements (TBBR) specification.
    21. 

  21. 

  22. The UniPhier BL does not implement the authentication functionality, that is,
    23. 

  23. it can not verify the BL2 image by itself. Instead, the UniPhier BL assures
    24. 

  24. the BL2 validity in a different way; BL2 is GZIP-compressed and appended to
    25. 

  25. the UniPhier BL. The concatenation of the UniPhier BL and the compressed BL2
    26. 

  26. fits in the 64KB limit. The concatenated image is loaded by the internal boot
    27. 

  27. ROM (and verified if the chip fuses are blown).
    28. 

  28. 

  29. 

  30. Boot Flow
    31. 

  31. ---------
    32. 

  32. 

  33. 1. The Boot ROM
    34. 

  34. 

  35.    This is hard-wired ROM, so never corrupted. It loads the UniPhier BL (with
    36. 

  36.    compressed-BL2 appended) into the on-chip SRAM. If the SoC fuses are blown,
    37. 

  37.    the image is verified by the SoC's own method.
    38. 

  38. 

  39. 2. UniPhier BL
    40. 

  40. 

  41.    This runs in the on-chip SRAM. After the minimum SoC initialization and DRAM
    42. 

  42.    setup, it decompresses the appended BL2 image into the DRAM, then jumps to
    43. 

  43.    the BL2 entry.
    44. 

  44. 

  45. 3. BL2 (at EL3)
    46. 

  46. 

  47.    This runs in the DRAM. It extracts more images such as BL31, BL33 (optionally
    48. 

  48.    SCP_BL2, BL32 as well) from Firmware Image Package (FIP). If TBB is enabled,
    49. 

  49.    they are all authenticated by the standard mechanism of TF-A.
    50. 

  50.    After loading all the images, it jumps to the BL31 entry.
    51. 

  51. 

  52. 4. BL31, BL32, and BL33
    53. 

  53. 

  54.    They all run in the DRAM. See :ref:`Firmware Design` for details.
    55. 

  55. 

  56. 

  57. Basic Build
    58. 

  58. -----------
    59. 

  59. 

  60. BL2 must be compressed for the reason above. The UniPhier's platform makefile
    61. 

  61. provides a build target ``bl2_gzip`` for this.
    62. 

  62. 

  63. For a non-secure boot loader (aka BL33), U-Boot is well supported for UniPhier
    64. 

  64. SoCs. The U-Boot image (``u-boot.bin``) must be built in advance. For the build
    65. 

  65. procedure of U-Boot, refer to the document in the `U-Boot`_ project.
    66. 

  66. 

  67. To build minimum functionality for UniPhier (without TBB)::
    68. 

  68. 

  69.     make CROSS_COMPILE=<gcc-prefix> PLAT=uniphier BL33=<path-to-BL33> bl2_gzip fip
    70. 

  70. 

  71. Output images:
    72. 

  72. 

  73. - ``bl2.bin.gz``
    74. 

  74. - ``fip.bin``
    75. 

  75. 

  76. 

  77. Optional features
    78. 

  78. -----------------
    79. 

  79. 

  80. - Trusted Board Boot
    81. 

  81. 

  82.   `mbed TLS`_ is needed as the cryptographic and image parser modules.
    83. 

  83.   Refer to the :ref:`Prerequisites` document for the appropriate version of
    84. 

  84.   mbed TLS.
    85. 

  85. 

  86.   To enable TBB, add the following options to the build command::
    87. 

  87. 

  88.       TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 MBEDTLS_DIR=<path-to-mbedtls>
    89. 

  89. 

  90. - System Control Processor (SCP)
    91. 

  91. 

  92.   If desired, FIP can include an SCP BL2 image. If BL2 finds an SCP BL2 image
    93. 

  93.   in FIP, BL2 loads it into DRAM and kicks the SCP. Most of UniPhier boards
    94. 

  94.   still work without SCP, but SCP provides better power management support.
    95. 

  95. 

  96.   To include SCP BL2, add the following option to the build command::
    97. 

  97. 

  98.       SCP_BL2=<path-to-SCP>
    99. 

  99. 

  100. - BL32 (Secure Payload)
    101. 

  101. 

  102.   To enable BL32, add the following options to the build command::
    103. 

  103. 

  104.       SPD=<spd> BL32=<path-to-BL32>
    105. 

  105. 

  106.   If you use TSP for BL32, ``BL32=<path-to-BL32>`` is not required. Just add the
    107. 

  107.   following::
    108. 

  108. 

  109.       SPD=tspd
    110. 

  110. 

  111. 

  112. .. [1] Some SoCs can load 80KB, but the software implementation must be aligned
    113. 

  113.    to the lowest common denominator.
    114. 

  114. .. _UniPhier BL: https://github.com/uniphier/uniphier-bl
    115. 

  115. .. _U-Boot: https://www.denx.de/wiki/U-Boot
    116. 

  116. .. _mbed TLS: https://tls.mbed.org/
    117.