| Paul Beesley | f3653a6 | 2019-05-22 11:22:44 +0100 | [diff] [blame] | 1 | QEMU virt Armv8-A |
| 2 | ================= |
| Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 3 | |
| Dan Handley | 610e7e1 | 2018-03-01 18:44:00 +0000 | [diff] [blame] | 4 | Trusted Firmware-A (TF-A) implements the EL3 firmware layer for QEMU virt |
| 5 | Armv8-A. BL1 is used as the BootROM, supplied with the -bios argument. |
| Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 6 | When QEMU starts all CPUs are released simultaneously, BL1 selects a |
| 7 | primary CPU to handle the boot and the secondaries are placed in a polling |
| 8 | loop to be released by normal world via PSCI. |
| 9 | |
| 10 | BL2 edits the Flattened Device Tree, FDT, generated by QEMU at run-time to |
| 11 | add a node describing PSCI and also enable methods for the CPUs. |
| 12 | |
| Andrew Walbran | 9c4d069 | 2020-01-15 14:11:31 +0000 | [diff] [blame] | 13 | If ``ARM_LINUX_KERNEL_AS_BL33`` is set to 1 then this FDT will be passed to BL33 |
| 14 | via register x0, as expected by a Linux kernel. This allows a Linux kernel image |
| 15 | to be booted directly as BL33 rather than using a bootloader. |
| 16 | |
| Masahiro Yamada | 894a38d | 2019-12-26 13:26:49 +0900 | [diff] [blame] | 17 | An ARM64 defconfig v5.5 Linux kernel is known to boot, FDT doesn't need to be |
| Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 18 | provided as it's generated by QEMU. |
| 19 | |
| 20 | Current limitations: |
| 21 | |
| 22 | - Only cold boot is supported |
| Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 23 | |
| Masahiro Yamada | c88f22a | 2020-07-04 16:12:55 +0900 | [diff] [blame] | 24 | Getting non-TF images |
| 25 | --------------------- |
| 26 | |
| 27 | ``QEMU_EFI.fd`` can be downloaded from |
| Masahiro Yamada | 894a38d | 2019-12-26 13:26:49 +0900 | [diff] [blame] | 28 | http://snapshots.linaro.org/components/kernel/leg-virt-tianocore-edk2-upstream/latest/QEMU-KERNEL-AARCH64/RELEASE_GCC5/QEMU_EFI.fd |
| Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 29 | |
| Masahiro Yamada | c88f22a | 2020-07-04 16:12:55 +0900 | [diff] [blame] | 30 | or, can be built as follows: |
| 31 | |
| 32 | .. code:: shell |
| 33 | |
| 34 | git clone https://github.com/tianocore/edk2.git |
| 35 | cd edk2 |
| 36 | git submodule update --init |
| 37 | make -C BaseTools |
| 38 | source edksetup.sh |
| 39 | export GCC5_AARCH64_PREFIX=aarch64-linux-gnu- |
| 40 | build -a AARCH64 -t GCC5 -p ArmVirtPkg/ArmVirtQemuKernel.dsc |
| 41 | |
| 42 | ```` |
| 43 | |
| 44 | Then, you will get ``Build/ArmVirtQemuKernel-AARCH64/DEBUG_GCC5/FV/QEMU_EFI.fd`` |
| 45 | |
| 46 | Please note you do not need to use GCC 5 in spite of the environment variable |
| 47 | ``GCC5_AARCH64_PREFIX`` |
| 48 | |
| 49 | The rootfs can be built by using Buildroot as follows: |
| 50 | |
| 51 | .. code:: shell |
| 52 | |
| 53 | git clone git://git.buildroot.net/buildroot.git |
| 54 | cd buildroot |
| 55 | make qemu_aarch64_virt_defconfig |
| 56 | utils/config -e BR2_TARGET_ROOTFS_CPIO |
| 57 | utils/config -e BR2_TARGET_ROOTFS_CPIO_GZIP |
| 58 | make olddefconfig |
| 59 | make |
| 60 | |
| 61 | Then, you will get ``output/images/rootfs.cpio.gz``. |
| 62 | |
| Sumit Garg | 8aeb879 | 2019-11-15 20:16:58 +0530 | [diff] [blame] | 63 | Booting via semi-hosting option |
| 64 | ------------------------------- |
| 65 | |
| Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 66 | Boot binaries, except BL1, are primarily loaded via semi-hosting so all |
| 67 | binaries has to reside in the same directory as QEMU is started from. This |
| 68 | is conveniently achieved with symlinks the local names as: |
| 69 | |
| 70 | - ``bl2.bin`` -> BL2 |
| 71 | - ``bl31.bin`` -> BL31 |
| 72 | - ``bl33.bin`` -> BL33 (``QEMU_EFI.fd``) |
| Masahiro Yamada | 894a38d | 2019-12-26 13:26:49 +0900 | [diff] [blame] | 73 | - ``Image`` -> linux/arch/arm64/boot/Image |
| Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 74 | |
| 75 | To build: |
| 76 | |
| Paul Beesley | 493e349 | 2019-03-13 15:11:04 +0000 | [diff] [blame] | 77 | .. code:: shell |
| Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 78 | |
| Paul Beesley | f3653a6 | 2019-05-22 11:22:44 +0100 | [diff] [blame] | 79 | make CROSS_COMPILE=aarch64-none-elf- PLAT=qemu |
| Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 80 | |
| Masahiro Yamada | 79ecdd2 | 2020-07-04 17:15:44 +0900 | [diff] [blame] | 81 | To start (QEMU v5.0.0): |
| Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 82 | |
| Paul Beesley | 493e349 | 2019-03-13 15:11:04 +0000 | [diff] [blame] | 83 | .. code:: shell |
| Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 84 | |
| 85 | qemu-system-aarch64 -nographic -machine virt,secure=on -cpu cortex-a57 \ |
| 86 | -kernel Image \ |
| Masahiro Yamada | 1eae724 | 2020-07-04 17:10:25 +0900 | [diff] [blame] | 87 | -append "console=ttyAMA0,38400 keep_bootcon" \ |
| Masahiro Yamada | c88f22a | 2020-07-04 16:12:55 +0900 | [diff] [blame] | 88 | -initrd rootfs.cpio.gz -smp 2 -m 1024 -bios bl1.bin \ |
| Douglas Raillard | d7c21b7 | 2017-06-28 15:23:03 +0100 | [diff] [blame] | 89 | -d unimp -semihosting-config enable,target=native |
| Sumit Garg | 8aeb879 | 2019-11-15 20:16:58 +0530 | [diff] [blame] | 90 | |
| 91 | Booting via flash based firmwares |
| 92 | --------------------------------- |
| 93 | |
| 94 | Boot firmwares are loaded via secure FLASH0 device so ``bl1.bin`` and |
| 95 | ``fip.bin`` should be concatenated to create a ``flash.bin`` that is flashed |
| 96 | onto secure FLASH0. |
| 97 | |
| 98 | - ``bl32.bin`` -> BL32 (``tee-header_v2.bin``) |
| 99 | - ``bl32_extra1.bin`` -> BL32 Extra1 (``tee-pager_v2.bin``) |
| 100 | - ``bl32_extra2.bin`` -> BL32 Extra2 (``tee-pageable_v2.bin``) |
| 101 | - ``bl33.bin`` -> BL33 (``QEMU_EFI.fd``) |
| 102 | - ``Image`` -> linux/arch/arm64/boot/Image |
| 103 | |
| 104 | To build: |
| 105 | |
| 106 | .. code:: shell |
| 107 | |
| 108 | make CROSS_COMPILE=aarch64-linux-gnu- PLAT=qemu BL32=bl32.bin \ |
| 109 | BL32_EXTRA1=bl32_extra1.bin BL32_EXTRA2=bl32_extra2.bin \ |
| 110 | BL33=bl33.bin BL32_RAM_LOCATION=tdram SPD=opteed all fip |
| 111 | |
| 112 | To build with TBBR enabled, BL31 and BL32 encrypted with test key: |
| 113 | |
| 114 | .. code:: shell |
| 115 | |
| 116 | make CROSS_COMPILE=aarch64-linux-gnu- PLAT=qemu BL32=bl32.bin \ |
| 117 | BL32_EXTRA1=bl32_extra1.bin BL32_EXTRA2=bl32_extra2.bin \ |
| 118 | BL33=bl33.bin BL32_RAM_LOCATION=tdram SPD=opteed all fip \ |
| 119 | MBEDTLS_DIR=<path-to-mbedtls-repo> TRUSTED_BOARD_BOOT=1 \ |
| 120 | GENERATE_COT=1 DECRYPTION_SUPPORT=aes_gcm FW_ENC_STATUS=0 \ |
| 121 | ENCRYPT_BL31=1 ENCRYPT_BL32=1 |
| 122 | |
| 123 | To build flash.bin: |
| 124 | |
| 125 | .. code:: shell |
| 126 | |
| 127 | dd if=build/qemu/release/bl1.bin of=flash.bin bs=4096 conv=notrunc |
| 128 | dd if=build/qemu/release/fip.bin of=flash.bin seek=64 bs=4096 conv=notrunc |
| 129 | |
| Masahiro Yamada | 79ecdd2 | 2020-07-04 17:15:44 +0900 | [diff] [blame] | 130 | To start (QEMU v5.0.0): |
| Sumit Garg | 8aeb879 | 2019-11-15 20:16:58 +0530 | [diff] [blame] | 131 | |
| 132 | .. code:: shell |
| 133 | |
| 134 | qemu-system-aarch64 -nographic -machine virt,secure=on -cpu cortex-a57 \ |
| 135 | -kernel Image -no-acpi \ |
| Masahiro Yamada | 1eae724 | 2020-07-04 17:10:25 +0900 | [diff] [blame] | 136 | -append 'console=ttyAMA0,38400 keep_bootcon' \ |
| Masahiro Yamada | c88f22a | 2020-07-04 16:12:55 +0900 | [diff] [blame] | 137 | -initrd rootfs.cpio.gz -smp 2 -m 1024 -bios flash.bin \ |
| Sumit Garg | 8aeb879 | 2019-11-15 20:16:58 +0530 | [diff] [blame] | 138 | -d unimp |