| Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 1 | ARM Trusted Firmware for Socionext UniPhier SoCs |
| 2 | ================================================ |
| 3 | |
| 4 | Socionext UniPhier ARMv8-A SoCs use ARM Trusted Firmware as the secure world |
| 5 | firmware, supporting BL1, BL2, and BL31. |
| 6 | |
| 7 | UniPhier SoC family implements its internal boot ROM, so BL1 is used as pseudo |
| 8 | ROM (i.e. runs in RAM). The internal boot ROM loads 64KB `1`_ image from a |
| 9 | non-volatile storage to the on-chip SRAM. Unfortunately, BL1 does not fit in |
| 10 | the 64KB limit if `Trusted Board Boot`_ (TBB) is enabled. To solve this problem, |
| 11 | Socionext provides a first stage loader called `UniPhier BL`_. This loader runs |
| 12 | in the on-chip SRAM, initializes the DRAM, expands BL1 there, and hands the |
| 13 | control over to it. Therefore, all images of ARM Trusted Firmware run in DRAM. |
| 14 | |
| 15 | The UniPhier platform works with/without TBB. See below for the build process |
| 16 | of each case. The image authentication for the UniPhier platform fully |
| 17 | complies with the Trusted Board Boot Requirements (TBBR) specification. |
| 18 | |
| 19 | The UniPhier BL does not implement the authentication functionality, that is, |
| 20 | it can not verify the BL1 image by itself. Instead, the UniPhier BL assures |
| 21 | the BL1 validity in a different way; BL1 is GZIP-compressed and appended to |
| 22 | the UniPhier BL. The concatenation of the UniPhier BL and the compressed BL1 |
| 23 | fits in the 64KB limit. The concatenated image is loaded by the boot ROM |
| 24 | (and verified if the chip fuses are blown). |
| 25 | |
| 26 | :: |
| 27 | |
| 28 | to the lowest common denominator. |
| 29 | |
| 30 | Boot Flow |
| 31 | --------- |
| 32 | |
| 33 | #. The Boot ROM |
| 34 | |
| 35 | This is hard-wired ROM, so never corrupted. It loads the UniPhier BL (with |
| 36 | compressed-BL1 appended) into the on-chip SRAM. If the SoC fuses are blown, |
| 37 | the image is verified by the SoC's own method. |
| 38 | |
| 39 | #. UniPhier BL |
| 40 | |
| 41 | This runs in the on-chip SRAM. After the minimum SoC initialization and DRAM |
| 42 | setup, it decompresses the appended BL1 image into the DRAM, then jumps to |
| 43 | the BL1 entry. |
| 44 | |
| 45 | #. BL1 |
| 46 | |
| 47 | This runs in the DRAM. It extracts BL2 from FIP (Firmware Image Package). |
| 48 | If TBB is enabled, the BL2 is authenticated by the standard mechanism of ARM |
| 49 | Trusted Firmware. |
| 50 | |
| 51 | #. BL2, BL31, and more |
| 52 | |
| 53 | They all run in the DRAM, and are authenticated by the standard mechanism if |
| 54 | TBB is enabled. See `Firmware Design`_ for details. |
| 55 | |
| 56 | Basic Build |
| 57 | ----------- |
| 58 | |
| 59 | BL1 must be compressed for the reason above. The UniPhier's platform makefile |
| 60 | provides a build target ``bl1_gzip`` for this. |
| 61 | |
| 62 | For a non-secure boot loader (aka BL33), U-Boot is well supported for UniPhier |
| 63 | SoCs. The U-Boot image (``u-boot.bin``) must be built in advance. For the build |
| 64 | procedure of U-Boot, refer to the document in the `U-Boot`_ project. |
| 65 | |
| 66 | To build minimum functionality for UniPhier (without TBB): |
| 67 | |
| 68 | :: |
| 69 | |
| 70 | make CROSS_COMPILE=<gcc-prefix> PLAT=uniphier BL33=<path-to-BL33> bl1_gzip fip |
| 71 | |
| 72 | Output images: |
| 73 | |
| 74 | - ``bl1.bin.gzip`` |
| 75 | - ``fip.bin`` |
| 76 | |
| 77 | Optional features |
| 78 | ----------------- |
| 79 | |
| 80 | - Trusted Board Boot |
| 81 | |
| 82 | `mbed TLS`_ is needed as the cryptographic and image parser modules. |
| 83 | Refer to the `User Guide`_ for the appropriate version of mbed TLS. |
| 84 | |
| 85 | To enable TBB, add the following options to the build command: |
| 86 | |
| 87 | :: |
| 88 | |
| 89 | TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 MBEDTLS_DIR=<path-to-mbedtls> |
| 90 | |
| 91 | - System Control Processor (SCP) |
| 92 | |
| 93 | If desired, FIP can include an SCP BL2 image. If BL2 finds an SCP BL2 image |
| 94 | in FIP, BL2 loads it into DRAM and kicks the SCP. Most of UniPhier boards |
| 95 | still work without SCP, but SCP provides better power management support. |
| 96 | |
| 97 | To include SCP\_BL2, add the following option to the build command: |
| 98 | |
| 99 | :: |
| 100 | |
| 101 | SCP_BL2=<path-to-SCP> |
| 102 | |
| 103 | - BL32 (Secure Payload) |
| 104 | |
| 105 | To enable BL32, add the following option to the build command: |
| 106 | |
| 107 | :: |
| 108 | |
| 109 | SPD=<spd> BL32=<path-to-BL32> |
| 110 | |
| 111 | If you use TSP for BL32, ``BL32=<path-to-BL32>`` is not required. Just add the |
| 112 | following: |
| 113 | |
| 114 | :: |
| 115 | |
| 116 | SPD=tspd |
| 117 | |
| 118 | .. _1: Some%20SoCs%20can%20load%2080KB,%20but%20the%20software%20implementation%20must%20be%20aligned |
| 119 | .. _Trusted Board Boot: ../trusted-board-boot.rst |
| 120 | .. _UniPhier BL: https://github.com/uniphier/uniphier-bl |
| 121 | .. _Firmware Design: ../firmware-design.rst |
| 122 | .. _U-Boot: https://www.denx.de/wiki/U-Boot |
| 123 | .. _mbed TLS: https://tls.mbed.org/ |
| 124 | .. _User Guide: ../user-guide.rst |