| Divin Raj | 1d88de1 | 2024-04-17 00:35:17 +0100 | [diff] [blame] | 1 | RD-1 AE (Kronos) Platform |
| 2 | ========================= |
| 3 | |
| 4 | Some of the features of the RD-1 AE platform referenced in TF-A include: |
| 5 | |
| 6 | - Neoverse-V3AE, Arm9.2-A application processor (64-bit mode) |
| 7 | - A GICv4-compatible GIC-720AE |
| 8 | |
| 9 | Further information on RD1-AE is available at `rd1ae`_ |
| 10 | |
| 11 | Boot Sequence |
| 12 | ------------- |
| 13 | |
| Ziad Elhanafy | e6fbccc | 2024-07-15 09:18:45 +0100 | [diff] [blame] | 14 | The boot process starts from RSE (Runtime Security Engine) that loads the |
| 15 | Application Processor (AP) BL2 image and signals the System Control Processor (SCP) |
| 16 | to power up the AP. The AP then runs AP BL2 |
| Divin Raj | 1d88de1 | 2024-04-17 00:35:17 +0100 | [diff] [blame] | 17 | |
| Ziad Elhanafy | e6fbccc | 2024-07-15 09:18:45 +0100 | [diff] [blame] | 18 | The primary compute boot flow follows the following steps: |
| Divin Raj | 1d88de1 | 2024-04-17 00:35:17 +0100 | [diff] [blame] | 19 | |
| Ziad Elhanafy | e6fbccc | 2024-07-15 09:18:45 +0100 | [diff] [blame] | 20 | 1. AP BL2: |
| 21 | |
| 22 | * Performs the actions described in the `Trusted Board Boot (TBB)`_ document. |
| 23 | * Copies the AP BL31 image from Secure Flash to Secure SRAM |
| 24 | * Copies the AP BL32 (OP-TEE) image from Secure Flash to Secure DRAM |
| 25 | * Copies the AP BL33 (U-Boot) image from Secure Flash to Normal DRAM |
| 26 | * Transfers the execution to AP BL31 |
| 27 | |
| 28 | 2. AP BL31: |
| 29 | |
| 30 | * Initializes Trusted Firmware-A Services |
| 31 | * Transfers the execution to AP BL32 and then transfers the execution to AP BL33 |
| 32 | * During runtime, acts as the Secure Monitor, handling SMC calls, |
| 33 | and context switching between secure and non-secure worlds. |
| 34 | |
| 35 | 3. AP BL32: |
| 36 | |
| 37 | * Initializes OP-TEE environment |
| 38 | * Initializes Secure Partitions |
| 39 | * Transfers the execution back to AP BL31 |
| 40 | * During runtime, it facilitates secure communication between the |
| 41 | normal world environment (e.g. Linux) and the Trusted Execution Environment. |
| Divin Raj | 1d88de1 | 2024-04-17 00:35:17 +0100 | [diff] [blame] | 42 | |
| 43 | Build Procedure (TF-A only) |
| 44 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 45 | |
| 46 | - Obtain `Arm toolchain`_ and set the CROSS_COMPILE environment variable to |
| 47 | point to the toolchain folder. |
| 48 | |
| 49 | - Build TF-A: |
| 50 | |
| 51 | .. code:: shell |
| 52 | |
| 53 | make \ |
| 54 | PLAT=rd1ae \ |
| 55 | MBEDTLS_DIR=<mbedtls_dir> \ |
| 56 | ARCH=aarch64 \ |
| 57 | CREATE_KEYS=1 \ |
| 58 | GENERATE_COT=1 \ |
| 59 | TRUSTED_BOARD_BOOT=1 \ |
| 60 | COT=tbbr \ |
| 61 | ARM_ROTPK_LOCATION=devel_rsa \ |
| 62 | ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \ |
| Ziad Elhanafy | e6fbccc | 2024-07-15 09:18:45 +0100 | [diff] [blame] | 63 | BL32=<path to optee binary> \ |
| 64 | SPD=spmd \ |
| 65 | SPMD_SPM_AT_SEL2=0 \ |
| Divin Raj | 1d88de1 | 2024-04-17 00:35:17 +0100 | [diff] [blame] | 66 | BL33=<path to u-boot binary> \ |
| 67 | |
| 68 | *Copyright (c) 2024, Arm Limited. All rights reserved.* |
| 69 | |
| 70 | .. _Arm Toolchain: https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/downloads |
| 71 | .. _rd1ae: https://developer.arm.com/Tools%20and%20Software/Arm%20Reference%20Design-1%20AE |
| 72 | .. _Trusted Board Boot (TBB): https://trustedfirmware-a.readthedocs.io/en/latest/design/trusted-board-boot.html |