| .. SPDX-License-Identifier: GPL-2.0+ OR BSD-3-Clause |
| .. sectionauthor:: Bryan Brattlof <bb@ti.com> |
| |
| K3 Generation |
| ============= |
| |
| Summary |
| ------- |
| |
| Texas Instrument's K3 family of SoCs utilize a heterogeneous multicore |
| and highly integrated device architecture targeted to maximize |
| performance and power efficiency for a wide range of industrial, |
| automotive and other broad market segments. |
| |
| Typically the processing cores and the peripherals for these devices are |
| partitioned into three functional domains to provide ultra-low power |
| modes as well as accommodating application and industrial safety systems |
| on the same SoC. These functional domains are typically called the: |
| |
| * Wakeup (WKUP) domain |
| * Micro-controller (MCU) domain |
| * Main domain |
| |
| For a more detailed view of what peripherals are attached to each |
| domain, consult the device specific documentation. |
| |
| K3 Based SoCs |
| ------------- |
| |
| .. toctree:: |
| :maxdepth: 1 |
| |
| am62ax_sk |
| am62x_sk |
| ../beagle/am62x_beagleplay |
| ../phytec/phycore-am62x |
| ../toradex/verdin-am62 |
| am62px_sk |
| am64x_evm |
| am65x_evm |
| j7200_evm |
| ../beagle/j721e_beagleboneai64 |
| j721e_evm |
| j721s2_evm |
| j722s_evm |
| j784s4_evm |
| |
| Boot Flow Overview |
| ------------------ |
| |
| For all K3 SoCs the first core started will be inside the Security |
| Management Subsystem (SMS) which will secure the device and start a core |
| in the wakeup domain to run the ROM code. ROM will then initialize the |
| boot media needed to load the binaries packaged inside `tiboot3.bin`, |
| including a 32bit U-Boot SPL, (called the wakeup SPL) that ROM will jump |
| to after it has finished loading everything into internal SRAM. |
| |
| .. image:: img/boot_flow_01.svg |
| :alt: Boot flow up to wakeup domain SPL |
| |
| The wakeup SPL, running on a wakeup domain core, will initialize DDR and |
| any peripherals needed to load the larger binaries inside the `tispl.bin` |
| into DDR. Once loaded the wakeup SPL will start one of the 'big' |
| application cores inside the main domain to initialize the main domain, |
| starting with Trusted Firmware-A (TF-A), before moving on to start |
| OP-TEE and the main domain's U-Boot SPL. |
| |
| .. image:: img/boot_flow_02.svg |
| :alt: Boot flow up to main domain SPL |
| |
| The main domain's SPL, running on a 64bit application core, has |
| virtually unlimited space (billions of bytes now that DDR is working) to |
| initialize even more peripherals needed to load in the `u-boot.img` |
| which loads more firmware into the micro-controller & wakeup domains and |
| finally prepare the main domain to run Linux. |
| |
| .. image:: img/boot_flow_03.svg |
| :alt: Complete boot flow up to Linux |
| |
| This is the typical boot flow for all K3 based SoCs, however this flow |
| offers quite a lot in the terms of flexibility, especially on High |
| Security (HS) SoCs. |
| |
| Boot Flow Variations |
| ^^^^^^^^^^^^^^^^^^^^ |
| |
| All K3 SoCs will generally use the above boot flow with two main |
| differences depending on the capabilities of the boot ROM and the number |
| of cores inside the device. These differences split the bootflow into |
| essentially 4 unique but very similar flows: |
| |
| * Split binary with a combined firmware: (eg: AM65) |
| * Combined binary with a combined firmware: (eg: AM64) |
| * Split binary with a split firmware: (eg: J721E) |
| * Combined binary with a split firmware: (eg: AM62) |
| |
| For devices that utilize the split binary approach, ROM is not capable |
| of loading the firmware into the SoC, requiring the wakeup domain's |
| U-Boot SPL to load the firmware. |
| |
| Devices with a split firmware will have two firmwares loaded into the |
| device at different times during the bootup process. TI's Foundational |
| Security (TIFS), needed to operate the Security Management Subsystem, |
| will either be loaded by ROM or the WKUP U-Boot SPL, then once the |
| wakeup U-Boot SPL has completed, the second Device Management (DM) |
| firmware can be loaded on the now free core in the wakeup domain. |
| |
| For more information on the bootup process of your SoC, consult the |
| device specific boot flow documentation. |
| |
| Secure Boot |
| ----------- |
| |
| K3 HS-SE (High Security - Security Enforced) devices enforce an |
| authenticated boot flow for secure boot. HS-FS (High Security - Field |
| Securable) is the state of a K3 device before it has been eFused with |
| customer security keys. In the HS-FS state the authentication still can |
| function as in HS-SE, but as there are no customer keys to verify the |
| signatures against, the authentication will pass for certificates signed |
| with any key. |
| |
| Chain of trust |
| ^^^^^^^^^^^^^^ |
| |
| 1) Public ROM loads the tiboot3.bin (R5 SPL, TIFS) |
| 2) R5 SPL loads tispl.bin (ATF, OP-TEE, DM, SPL) |
| 3) SPL loads u-boot.img (U-Boot) |
| 4) U-Boot loads fitImage (Linux and DTBs) |
| |
| Steps 1-3 are all authenticated by either the Secure ROM or TIFS as the |
| authenticating entity and step 4 uses U-boot standard mechanism for |
| authenticating. |
| |
| All the authentication that are done for ROM/TIFS are done through x509 |
| certificates that are signed. |
| |
| Firewalls |
| ^^^^^^^^^ |
| |
| 1) Secure ROM comes up and sets up firewalls that are needed by itself |
| 2) TIFS will setup it's own firewalls to protect core system resources |
| 3) R5 SPL will remove any firewalls that are leftover from the Secure ROM stage |
| that are no longer required. |
| 4) Each stage beyond this: such as tispl.bin containing TFA/OPTEE uses OIDs to |
| set up firewalls to protect themselves (enforced by TIFS) |
| 5) TFA/OP-TEE can configure other firewalls at runtime if required as they |
| are already authenticated and firewalled off from illegal access. |
| 6) All later stages can setup or remove firewalls that have not been already |
| configured by previous stages, such as those created by TIFS, TFA, and OP-TEE. |
| |
| Futhur, firewalls have a lockdown bit in hardware that enforces the setting |
| (and cannot be over-ridden) until the full system is reset. |
| |
| Software Sources |
| ---------------- |
| |
| All scripts and code needed to build the `tiboot3.bin`, `tispl.bin` and |
| `u-boot.img` for all K3 SoCs can be located at the following places |
| online |
| |
| .. k3_rst_include_start_boot_sources |
| |
| * **Das U-Boot** |
| |
| | **source:** https://source.denx.de/u-boot/u-boot.git |
| | **branch:** master |
| |
| * **Trusted Firmware-A (TF-A)** |
| |
| | **source:** https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/ |
| | **branch:** master |
| |
| * **Open Portable Trusted Execution Environment (OP-TEE)** |
| |
| | **source:** https://github.com/OP-TEE/optee_os.git |
| | **branch:** master |
| |
| * **TI Firmware (TIFS, DM, SYSFW)** |
| |
| | **source:** https://git.ti.com/git/processor-firmware/ti-linux-firmware.git |
| | **branch:** ti-linux-firmware |
| |
| .. note:: |
| |
| The TI Firmwares required for functionality of the system are (see |
| platform specific boot diagram for further information as to which |
| component runs on which processor): |
| |
| .. k3_rst_include_end_boot_sources |
| |
| .. k3_rst_include_start_boot_firmwares |
| |
| * **TIFS** - TI Foundational Security Firmware - Consists of purely firmware |
| meant to run on the security enclave. |
| * **DM** - Device Management firmware also called TI System Control Interface |
| server (TISCI Server) - This component purely plays the role of managing |
| device resources such as power, clock, interrupts, dma etc. This firmware |
| runs on a dedicated or multi-use microcontroller outside the security |
| enclave. |
| |
| .. k3_rst_include_end_boot_firmwares |
| .. k3_rst_include_start_tifsstub |
| |
| * **TIFS Stub** - The TIFS stub is a small piece of binary designed to help |
| restore the required security context and resume the TIFS firmware when |
| the system resumes from low-power modes such as suspend-to-RAM/Deep |
| Sleep. This stub uses the same encryption and customer key signing model |
| as TIFS and is loaded into the ATCM (Tightly Coupled Memory 'A' of the |
| DM R5) during DM startup. Due to the independent certificate signing |
| process, the stub is maintained separately from DM. |
| |
| .. k3_rst_include_end_tifsstub |
| |
| OR |
| |
| .. k3_rst_include_start_boot_firmwares_sysfw |
| |
| * **SYSFW** - System firmware - consists of both TIFS and DM both running on |
| the security enclave. |
| |
| .. k3_rst_include_end_boot_firmwares_sysfw |
| |
| Build Procedure |
| --------------- |
| |
| .. note :: |
| |
| Make sure you have installed all necessary host package dependencies |
| before proceeding. See :ref:`build/gcc:Building with GCC`. |
| |
| Depending on the specifics of your device, you will need three or more |
| binaries to boot your SoC. |
| |
| * `tiboot3.bin` (bootloader for the wakeup domain) |
| * `tispl.bin` (bootloader for the main domain) |
| * `u-boot.img` |
| |
| During the bootup process, both the 32bit wakeup domain and the 64bit |
| main domains will be involved. This means everything inside the |
| `tiboot3.bin` running in the wakeup domain will need to be compiled for |
| 32bit cores and most binaries in the `tispl.bin` will need to be |
| compiled for 64bit main domain CPU cores. |
| |
| All of that to say you will need both a 32bit and 64bit cross compiler |
| (assuming you're using an x86 desktop) |
| |
| .. k3_rst_include_start_common_env_vars_desc |
| .. list-table:: Generic environment variables |
| :widths: 25 25 50 |
| :header-rows: 1 |
| |
| * - S/w Component |
| - Env Variable |
| - Description |
| * - All Software |
| - CC32 |
| - Cross compiler for ARMv7 (ARM 32bit), typically arm-linux-gnueabihf- |
| * - All Software |
| - CC64 |
| - Cross compiler for ARMv8 (ARM 64bit), typically aarch64-linux-gnu- |
| * - All Software |
| - LNX_FW_PATH |
| - Path to TI Linux firmware repository |
| * - All Software |
| - TFA_PATH |
| - Path to source of Trusted Firmware-A |
| * - All Software |
| - OPTEE_PATH |
| - Path to source of OP-TEE |
| .. k3_rst_include_end_common_env_vars_desc |
| |
| .. k3_rst_include_start_common_env_vars_defn |
| .. prompt:: bash $ |
| |
| export CC32=arm-linux-gnueabihf- |
| export CC64=aarch64-linux-gnu- |
| export LNX_FW_PATH=path/to/ti-linux-firmware |
| export TFA_PATH=path/to/trusted-firmware-a |
| export OPTEE_PATH=path/to/optee_os |
| .. k3_rst_include_end_common_env_vars_defn |
| |
| We will also need some common environment variables set up for the various |
| other build sources. we shall use the following, in the build descriptions below: |
| |
| .. k3_rst_include_start_board_env_vars_desc |
| .. list-table:: Board specific environment variables |
| :widths: 25 25 50 |
| :header-rows: 1 |
| |
| * - S/w Component |
| - Env Variable |
| - Description |
| * - U-Boot |
| - UBOOT_CFG_CORTEXR |
| - Defconfig for Cortex-R (Boot processor). |
| * - U-Boot |
| - UBOOT_CFG_CORTEXA |
| - Defconfig for Cortex-A (MPU processor). |
| * - Trusted Firmware-A |
| - TFA_BOARD |
| - Platform name used for building TF-A for Cortex-A Processor. |
| * - Trusted Firmware-A |
| - TFA_EXTRA_ARGS |
| - Any extra arguments used for building TF-A. |
| * - OP-TEE |
| - OPTEE_PLATFORM |
| - Platform name used for building OP-TEE for Cortex-A Processor. |
| * - OP-TEE |
| - OPTEE_EXTRA_ARGS |
| - Any extra arguments used for building OP-TEE. |
| .. k3_rst_include_end_board_env_vars_desc |
| |
| Building tiboot3.bin |
| ^^^^^^^^^^^^^^^^^^^^ |
| |
| 1. To generate the U-Boot SPL for the wakeup domain, use the following |
| commands, substituting :code:`{SOC}` for the name of your device (eg: |
| am62x) to package the various firmware and the wakeup UBoot SPL into |
| the final `tiboot3.bin` binary. (or the `sysfw.itb` if your device |
| uses the split binary flow) |
| |
| .. _k3_rst_include_start_build_steps_spl_r5: |
| |
| .. k3_rst_include_start_build_steps_spl_r5 |
| .. prompt:: bash $ |
| |
| # inside u-boot source |
| make $UBOOT_CFG_CORTEXR |
| make CROSS_COMPILE=$CC32 BINMAN_INDIRS=$LNX_FW_PATH |
| .. k3_rst_include_end_build_steps_spl_r5 |
| |
| At this point you should have all the needed binaries to boot the wakeup |
| domain of your K3 SoC. |
| |
| **Combined Binary Boot Flow** (eg: am62x, am64x, ... ) |
| |
| `tiboot3-{SOC}-{gp/hs-fs/hs}.bin` |
| |
| **Split Binary Boot Flow** (eg: j721e, am65x) |
| |
| | `tiboot3-{SOC}-{gp/hs-fs/hs}.bin` |
| | `sysfw-{SOC}-{gp/hs-fs/hs}-evm.itb` |
| |
| .. note :: |
| |
| It's important to rename the generated `tiboot3.bin` and `sysfw.itb` |
| to match exactly `tiboot3.bin` and `sysfw.itb` as ROM and the wakeup |
| UBoot SPL will only look for and load the files with these names. |
| |
| Building tispl.bin |
| ^^^^^^^^^^^^^^^^^^ |
| |
| The `tispl.bin` is a standard fitImage combining the firmware need for |
| the main domain to function properly as well as Device Management (DM) |
| firmware if your device using a split firmware. |
| |
| 2. We will first need TF-A, as it's the first thing to run on the 'big' |
| application cores on the main domain. |
| |
| .. k3_rst_include_start_build_steps_tfa |
| .. prompt:: bash $ |
| |
| # inside trusted-firmware-a source |
| make CROSS_COMPILE=$CC64 ARCH=aarch64 PLAT=k3 SPD=opteed $TFA_EXTRA_ARGS \ |
| TARGET_BOARD=$TFA_BOARD |
| .. k3_rst_include_end_build_steps_tfa |
| |
| Typically all `j7*` devices will use `TARGET_BOARD=generic` or `TARGET_BOARD |
| =j784s4` (if it is a J784S4 device), while typical Sitara (`am6*`) devices |
| use the `lite` option. |
| |
| 3. The Open Portable Trusted Execution Environment (OP-TEE) is designed |
| to run as a companion to a non-secure Linux kernel for Cortex-A cores |
| using the TrustZone technology built into the core. |
| |
| .. k3_rst_include_start_build_steps_optee |
| .. prompt:: bash $ |
| |
| # inside optee_os source |
| make CROSS_COMPILE=$CC32 CROSS_COMPILE64=$CC64 CFG_ARM64_core=y $OPTEE_EXTRA_ARGS \ |
| PLATFORM=$OPTEE_PLATFORM |
| .. k3_rst_include_end_build_steps_optee |
| |
| 4. Finally, after TF-A has initialized the main domain and OP-TEE has |
| finished, we can jump back into U-Boot again, this time running on a |
| 64bit core in the main domain. |
| |
| .. _k3_rst_include_start_build_steps_uboot: |
| |
| .. k3_rst_include_start_build_steps_uboot |
| .. prompt:: bash $ |
| |
| # inside u-boot source |
| make $UBOOT_CFG_CORTEXA |
| make CROSS_COMPILE=$CC64 BINMAN_INDIRS=$LNX_FW_PATH \ |
| BL31=$TFA_PATH/build/k3/$TFA_BOARD/release/bl31.bin \ |
| TEE=$OPTEE_PATH/out/arm-plat-k3/core/tee-raw.bin |
| |
| .. note:: |
| It is also possible to pick up a custom DM binary by adding TI_DM argument |
| pointing to the file. If not provided, it defaults to picking up the DM |
| binary from BINMAN_INDIRS. This is only applicable to devices that utilize |
| split firmware. |
| |
| .. k3_rst_include_end_build_steps_uboot |
| |
| At this point you should have every binary needed initialize both the |
| wakeup and main domain and to boot to the U-Boot prompt |
| |
| **Main Domain Bootloader** |
| |
| | `tispl.bin` for HS devices or `tispl.bin_unsigned` for GP devices |
| | `u-boot.img` for HS devices or `u-boot.img_unsigned` for GP devices |
| |
| Capsules |
| -------- |
| |
| Most K3 boards have support for UEFI capsule update via capsule-on-disk |
| functionality. Check the ``CONFIG_EFI_CAPSULE_ON_DISK`` config option for |
| the board under question to verify. If configured, capsules for each of the |
| binaries above are automatically generated as part of the binary's build. |
| They are named `<binary>-capsule.bin`. For example, the capsule for |
| `u-boot.img` would be called `uboot-capsule.bin`. |
| |
| See :ref:`uefi_capsule_update_ref` for more information on U-Boot's support |
| for capsule update and how they are applied. |
| |
| Each board defines the capsules generated, including where those capsules |
| are applied. See the ``update_info`` definition for a board, typically |
| found at `board/ti/<board>/evm.c`. For example, `board/ti/am62x/evm.c`. |
| Usually, if the board has OSPI flash, the capsules will be applied there, |
| else the boot partition of the eMMC device. |
| |
| Once applied, the board will have U-Boot binaries in on-board non-volatile |
| storage. To start booting from that storage, set the bootmode pins |
| accordingly. Future updates can be performed by using the capsules |
| generated from the corresponding U-Boot builds. |
| |
| FIT signature signing |
| --------------------- |
| |
| K3 platforms have FIT signature signing enabled by default on their primary |
| platforms. Here we'll take an example for creating FIT Image for J721E platform |
| and the same can be extended to other platforms |
| |
| Pre-requisites: |
| |
| * U-boot build (:ref:`U-boot build <k3_rst_include_start_build_steps_spl_r5>`) |
| * Linux Image and Linux DTB prebuilt |
| |
| Describing FIT source |
| ^^^^^^^^^^^^^^^^^^^^^ |
| |
| FIT Image is a packed structure containing binary blobs and configurations. |
| The Kernel FIT Image that we have has Kernel Image, DTB and the DTBOs. It |
| supports packing multiple images and configurations that allow you to |
| choose any configuration at runtime to boot from. |
| |
| .. code-block:: |
| |
| /dts-v1/; |
| |
| / { |
| description = "FIT Image description"; |
| #address-cells = <1>; |
| |
| images { |
| [image-1] |
| [image-2] |
| [fdt-1] |
| [fdt-2] |
| } |
| |
| configurations { |
| default = <conf-1> |
| [conf-1: image-1,fdt-1] |
| [conf-2: image-2,fdt-1] |
| } |
| } |
| |
| * Sample Images |
| |
| .. code-block:: |
| |
| kernel-1 { |
| description = "Linux kernel"; |
| data = /incbin/("linux.bin"); |
| type = "kernel"; |
| arch = "arm64"; |
| os = "linux"; |
| compression = "gzip"; |
| load = <0x81000000>; |
| entry = <0x81000000>; |
| hash-1 { |
| algo = "sha512"; |
| }; |
| }; |
| fdt-ti_k3-j721e-common-proc-board.dtb { |
| description = "Flattened Device Tree blob"; |
| data = /incbin/("arch/arm64/boot/dts/ti/k3-j721e-common-proc-board.dtb"); |
| type = "flat_dt"; |
| arch = "arm64"; |
| compression = "none"; |
| load = <0x83000000>; |
| hash-1 { |
| algo = "sha512"; |
| }; |
| }; |
| # Optional images |
| fdt-ti_k3-j721e-evm-virt-mac-client.dtbo { |
| description = "Flattened Device Tree blob"; |
| data = /incbin/("arch/arm64/boot/dts/ti/k3-j721e-evm-virt-mac-client.dtbo"); |
| type = "flat_dt"; |
| arch = "arm64"; |
| compression = "none"; |
| load = <0x83080000>; |
| hash-1 { |
| algo = "sha512"; |
| }; |
| }; |
| |
| .. note:: |
| |
| Change the path in data variables to point to the respective files in your |
| local machine. For e.g change "linux.bin" to "<path-to-kernel-image>". |
| |
| For enabling usage of FIT signature, add the signature node to the |
| corresponding configuration node as follows. |
| |
| * Sample Configurations |
| |
| .. code-block:: |
| |
| conf-ti_k3-j721e-common-proc-board.dtb { |
| description = "Linux kernel, FDT blob"; |
| fdt = "fdt-ti_k3-j721e-common-proc-board.dtb"; |
| kernel = "kernel-1"; |
| signature-1 { |
| algo = "sha512,rsa4096"; |
| key-name-hint = "custMpk"; |
| sign-images = "kernel", "fdt"; |
| }; |
| }; |
| # Optional configurations |
| conf-ti_k3-j721e-evm-virt-mac-client.dtbo { |
| description = "FDTO blob"; |
| fdt = "fdt-ti_k3-j721e-evm-virt-mac-client.dtbo"; |
| |
| signature-1 { |
| algo = "sha512,rsa4096"; |
| key-name-hint = "custMpk"; |
| sign-images = "fdt"; |
| }; |
| }; |
| |
| Specify all images you need the signature to authenticate as a part of |
| sign-images. The key-name-hint needs to be changed if you are using some |
| other key other than the TI dummy key that we are using for this example. |
| It should be the name of the file containing the keys. |
| |
| .. note:: |
| |
| Generating new set of keys: |
| |
| .. prompt:: bash $ |
| |
| mkdir keys |
| openssl genpkey -algorithm RSA -out keys/dev.key \ |
| -pkeyopt rsa_keygen_bits:4096 -pkeyopt rsa_keygen_pubexp:65537 |
| openssl req -batch -new -x509 -key keys/dev.key -out keys/dev.crt |
| |
| Generating the fitImage |
| ^^^^^^^^^^^^^^^^^^^^^^^ |
| |
| .. note:: |
| |
| For signing a secondary platform like SK boards, you'll require |
| additional steps |
| |
| - Change the CONFIG_DEFAULT_DEVICE_TREE |
| |
| For e.g |
| |
| .. code-block:: |
| |
| diff --git a/configs/j721e_evm_a72_defconfig b/configs/j721e_evm_a72_defconfig |
| index a5c1df7e0054..6d0126d955ef 100644 |
| --- a/configs/j721e_evm_a72_defconfig |
| +++ b/configs/j721e_evm_a72_defconfig |
| @@ -13,7 +13,7 @@ CONFIG_CUSTOM_SYS_INIT_SP_ADDR=0x80480000 |
| CONFIG_ENV_SIZE=0x20000 |
| CONFIG_DM_GPIO=y |
| CONFIG_SPL_DM_SPI=y |
| -CONFIG_DEFAULT_DEVICE_TREE="k3-j721e-common-proc-board" |
| +CONFIG_DEFAULT_DEVICE_TREE="k3-j721e-sk" |
| CONFIG_SPL_TEXT_BASE=0x80080000 |
| CONFIG_DM_RESET=y |
| CONFIG_SPL_MMC=y |
| |
| - Change the binman nodes to package u-boot.dtb for the correct set of platform |
| |
| For e.g |
| |
| .. code-block:: |
| |
| diff --git a/arch/arm/dts/k3-j721e-binman.dtsi b/arch/arm/dts/k3-j721e-binman.dtsi |
| index 673be646b1e3..752fa805fe8d 100644 |
| --- a/arch/arm/dts/k3-j721e-binman.dtsi |
| +++ b/arch/arm/dts/k3-j721e-binman.dtsi |
| @@ -299,8 +299,8 @@ |
| #define SPL_J721E_SK_DTB "spl/dts/k3-j721e-sk.dtb" |
| |
| #define UBOOT_NODTB "u-boot-nodtb.bin" |
| -#define J721E_EVM_DTB "u-boot.dtb" |
| -#define J721E_SK_DTB "arch/arm/dts/k3-j721e-sk.dtb" |
| +#define J721E_EVM_DTB "arch/arm/dts/k3-j721e-common-proc-board.dtb" |
| +#define J721E_SK_DTB "u-boot.dtb" |
| |
| This step will embed the public key in the u-boot.dtb file that was already |
| built during the initial u-boot build. |
| |
| .. prompt:: bash $ |
| |
| mkimage -r -f fitImage.its -k $UBOOT_PATH/board/ti/keys -K $UBOOT_PATH/build/$ARMV8/dts/dt.dtb fitImage |
| |
| .. note:: |
| |
| If you have another set of keys then change the -k argument to point to |
| the folder where your keys are present, the build requires the presence |
| of both .key and .crt file. |
| |
| Build u-boot again |
| ^^^^^^^^^^^^^^^^^^ |
| |
| The updated u-boot.dtb needs to be packed in u-boot.img for authentication |
| so rebuild U-boot ARMV8 without changing any parameters. |
| Refer (:ref:`U-boot ARMV8 build <k3_rst_include_start_build_steps_uboot>`) |
| |
| .. note:: |
| |
| The devices now also have distroboot enabled so if the FIT image doesn't |
| work then the fallback to normal distroboot will be there on HS devices. |
| This will need to be explicitly disabled by changing the boot_targets to |
| disallow fallback during testing. |
| |
| Saving environment |
| ------------------ |
| |
| SAVEENV is disabled by default and for the new flow uses Uenv.txt as the default |
| way for saving the environments. This has been done as Uenv.txt is more granular |
| then the saveenv command and can be used across various bootmodes too. |
| |
| **Writing to MMC/EMMC** |
| |
| .. prompt:: bash => |
| |
| env export -t $loadaddr <list of variables> |
| fatwrite mmc ${mmcdev} ${loadaddr} ${bootenvfile} ${filesize} |
| |
| **Reading from MMC/EMMC** |
| |
| By default run envboot will read it from the MMC/EMMC partition ( based on |
| mmcdev) and set the environments. |
| |
| If manually needs to be done then the environment can be read from the |
| filesystem and then imported |
| |
| .. prompt:: bash => |
| |
| fatload mmc ${mmcdev} ${loadaddr} ${bootenvfile} |
| env import -t ${loadaddr} ${filesize} |
| |
| .. _k3_rst_refer_openocd: |
| |
| Common Debugging environment - OpenOCD |
| -------------------------------------- |
| |
| This section will show you how to connect a board to `OpenOCD |
| <https://openocd.org/>`_ and load the SPL symbols for debugging with |
| a K3 generation device. To follow this guide, you must build custom |
| u-boot binaries, start your board from a boot media such as an SD |
| card, and use an OpenOCD environment. This section uses generic |
| examples, though you can apply these instructions to any supported K3 |
| generation device. |
| |
| The overall structure of this setup is in the following figure. |
| |
| .. image:: img/openocd-overview.svg |
| :alt: Overview of OpenOCD setup. |
| |
| .. note:: |
| |
| If you find these instructions useful, please consider `donating |
| <https://openocd.org/pages/donations.html>`_ to OpenOCD. |
| |
| Step 1: Download and install OpenOCD |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| |
| To get started, it is more convenient if the distribution you |
| use supports OpenOCD by default. Follow the instructions in the |
| `getting OpenOCD <https://openocd.org/pages/getting-openocd.html>`_ |
| documentation to pick the installation steps appropriate to your |
| environment. Some references to OpenOCD documentation: |
| |
| * `OpenOCD User Guide <https://openocd.org/doc/html/index.html>`_ |
| * `OpenOCD Developer's Guide <https://openocd.org/doc/doxygen/html/index.html>`_ |
| |
| Refer to the release notes corresponding to the `OpenOCD version |
| <https://github.com/openocd-org/openocd/releases>`_ to ensure |
| |
| * Processor support: In general, processor support shouldn't present |
| any difficulties since OpenOCD provides solid support for both ARMv8 |
| and ARMv7. |
| * SoC support: When working with System-on-a-Chip (SoC), the support |
| usually comes as a TCL config file. It is vital to ensure the correct |
| version of OpenOCD or to use the TCL files from the latest release or |
| the one mentioned. |
| * Board or the JTAG adapter support: In most cases, board support is |
| a relatively easy problem if the board has a JTAG pin header. All |
| you need to do is ensure that the adapter you select is compatible |
| with OpenOCD. Some boards come with an onboard JTAG adapter that |
| requires a USB cable to be plugged into the board, in which case, it |
| is vital to ensure that the JTAG adapter is supported. Fortunately, |
| almost all TI K3 SK/EVMs come with TI's XDS110, which has out of the |
| box support by OpenOCD. The board-specific documentation will |
| cover the details and any adapter/dongle recommendations. |
| |
| .. prompt:: bash $ |
| |
| openocd -v |
| |
| .. note:: |
| |
| OpenOCD version 0.12.0 is usually required to connect to most K3 |
| devices. If your device is only supported by a newer version than the |
| one provided by your distribution, you may need to build it from the source. |
| |
| Building OpenOCD from source |
| """""""""""""""""""""""""""" |
| |
| The dependency package installation instructions below are for Debian |
| systems, but equivalent instructions should exist for systems with |
| other package managers. Please refer to the `OpenOCD Documentation |
| <https://openocd.org/>`_ for more recent installation steps. |
| |
| .. prompt:: bash $ |
| |
| # Check the packages to be installed: needs deb-src in sources.list |
| sudo apt build-dep openocd |
| # The following list is NOT complete - please check the latest |
| sudo apt-get install libtool pkg-config texinfo libusb-dev \ |
| libusb-1.0.0-dev libftdi-dev libhidapi-dev autoconf automake |
| git clone https://github.com/openocd-org/openocd.git openocd |
| cd openocd |
| git submodule init |
| git submodule update |
| ./bootstrap |
| ./configure --prefix=/usr/local/ |
| make -j`nproc` |
| sudo make install |
| |
| .. note:: |
| |
| The example above uses the GitHub mirror site. See |
| `git repo information <https://openocd.org/doc/html/Developers.html#OpenOCD-Git-Repository>`_ |
| information to pick the official git repo. |
| If a specific version is desired, select the version using `git checkout tag`. |
| |
| Installing OpenOCD udev rules |
| """"""""""""""""""""""""""""" |
| |
| The step is not necessary if the distribution supports the OpenOCD, but |
| if building from a source, ensure that the udev rules are installed |
| correctly to ensure a sane system. |
| |
| .. prompt:: bash $ |
| |
| # Go to the OpenOCD source directory |
| cd openocd |
| Copy the udev rules to the correct system location |
| sudo cp ./contrib/60-openocd.rules \ |
| ./src/jtag/drivers/libjaylink/contrib/99-libjaylink.rules \ |
| /etc/udev/rules.d/ |
| # Get Udev to load the new rules up |
| sudo udevadm control --reload-rules |
| # Use the new rules on existing connected devices |
| sudo udevadm trigger |
| |
| Step 2: Setup GDB |
| ^^^^^^^^^^^^^^^^^ |
| |
| Most systems come with gdb-multiarch package. |
| |
| .. prompt:: bash $ |
| |
| # Install gdb-multiarch package |
| sudo apt-get install gdb-multiarch |
| |
| Though using GDB natively is normal, developers with interest in using IDE |
| may find a few of these interesting: |
| |
| * `gdb-dashboard <https://github.com/cyrus-and/gdb-dashboard>`_ |
| * `gef <https://github.com/hugsy/gef>`_ |
| * `peda <https://github.com/longld/peda>`_ |
| * `pwndbg <https://github.com/pwndbg/pwndbg>`_ |
| * `voltron <https://github.com/snare/voltron>`_ |
| * `ddd <https://www.gnu.org/software/ddd/>`_ |
| * `vscode <https://www.justinmklam.com/posts/2017/10/vscode-debugger-setup/>`_ |
| * `vim conque-gdb <https://github.com/vim-scripts/Conque-GDB>`_ |
| * `emacs realgud <https://github.com/realgud/realgud/wiki/gdb-notes>`_ |
| * `Lauterbach IDE <https://www2.lauterbach.com/pdf/backend_gdb.pdf>`_ |
| |
| .. warning:: |
| LLDB support for OpenOCD is still a work in progress as of this writing. |
| Using GDB is probably the safest option at this point in time. |
| |
| Step 3: Connect board to PC |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| There are few patterns of boards in the ecosystem |
| |
| .. k3_rst_include_start_openocd_connect_XDS110 |
| |
| **Integrated JTAG adapter/dongle**: The board has a micro-USB connector labelled |
| XDS110 USB or JTAG. Connect a USB cable to the board to the mentioned port. |
| |
| .. note:: |
| |
| There are multiple USB ports on a typical board, So, ensure you have read |
| the user guide for the board and confirmed the silk screen label to ensure |
| connecting to the correct port. |
| |
| .. k3_rst_include_end_openocd_connect_XDS110 |
| |
| .. k3_rst_include_start_openocd_connect_cti20 |
| |
| **cTI20 connector**: The TI's `cTI20 |
| <https://software-dl.ti.com/ccs/esd/documents/xdsdebugprobes/emu_JTAG_connectors.html#cti-20-pin-header-information>`_ connector |
| is probably the most prevelant on TI platforms. Though many |
| TI boards have an onboard XDS110, cTI20 connector is usually |
| provided as an alternate scheme to connect alternatives such |
| as `Lauterbach <https://www.lauterbach.com/>`_ or `XDS560 |
| <https://www.ti.com/tool/TMDSEMU560V2STM-U>`_. |
| |
| To debug on these boards, the following combinations is suggested: |
| |
| * `TUMPA <https://www.diygadget.com/JTAG-cables-and-microcontroller-programmers/tiao-usb-multi-protocol-adapter-JTAG-spi-i2c-serial>`_ |
| or `equivalent dongles supported by OpenOCD. <https://openocd.org/doc/html/Debug-Adapter-Hardware.html#Debug-Adapter-Hardware>`_ |
| * Cable such as `Tag-connect ribbon cable <https://www.tag-connect.com/product/20-pin-cortex-ribbon-cable-4-length-with-50-mil-connectors>`_ |
| * Adapter to convert cTI20 to ARM20 such as those from |
| `Segger <https://www.segger.com/products/debug-probes/j-link/accessories/adapters/ti-cti-20-adapter/>`_ |
| or `Lauterbach LA-3780 <https://www.lauterbach.com/ad3780.html>`_ |
| Or optionally, if you have manufacturing capability then you could try |
| `BeagleBone JTAG Adapter <https://github.com/mmorawiec/BeagleBone-Black-JTAG-Adapters>`_ |
| |
| .. warning:: |
| XDS560 and Lauterbach are proprietary solutions and is not supported by |
| OpenOCD. |
| When purchasing an off the shelf adapter/dongle, you do want to be careful |
| about the signalling though. Please |
| `read for additional info <https://software-dl.ti.com/ccs/esd/xdsdebugprobes/emu_JTAG_connectors.html>`_. |
| |
| .. k3_rst_include_end_openocd_connect_cti20 |
| |
| .. k3_rst_include_start_openocd_connect_tag_connect |
| |
| **Tag-Connect**: `Tag-Connect <https://www.tag-connect.com/>`_ |
| pads on the boards which require special cable. Please check the documentation |
| to `identify <https://www.tag-connect.com/info/legs-or-no-legs>`_ if "legged" |
| or "no-leg" version of the cable is appropriate for the board. |
| |
| To debug on these boards, you will need: |
| |
| * `TUMPA <https://www.diygadget.com/JTAG-cables-and-microcontroller-programmers/tiao-usb-multi-protocol-adapter-JTAG-spi-i2c-serial>`_ |
| or `equivalent dongles supported by OpenOCD <https://openocd.org/doc/html/Debug-Adapter-Hardware.html#Debug-Adapter-Hardware>`_. |
| * Tag-Connect cable appropriate to the board such as |
| `TC2050-IDC-NL <https://www.tag-connect.com/product/TC2050-IDC-NL-10-pin-no-legs-cable-with-ribbon-connector>`_ |
| * In case of no-leg, version, a |
| `retaining clip <https://www.tag-connect.com/product/tc2050-clip-3pack-retaining-clip>`_ |
| * Tag-Connect to ARM20 |
| `adapter <https://www.tag-connect.com/product/tc2050-arm2010-arm-20-pin-to-tc2050-adapter>`_ |
| |
| .. note:: |
| You can optionally use a 3d printed solution such as |
| `Protective cap <https://www.thingiverse.com/thing:3025584>`_ or |
| `clip <https://www.thingiverse.com/thing:3035278>`_ to replace |
| the retaining clip. |
| |
| .. warning:: |
| With the Tag-Connect to ARM20 adapter, Please solder the "Trst" signal for |
| connection to work. |
| |
| .. k3_rst_include_end_openocd_connect_tag_connect |
| |
| Debugging with OpenOCD |
| ^^^^^^^^^^^^^^^^^^^^^^ |
| |
| Debugging U-Boot is different from debugging regular user space |
| applications. The bootloader initialization process involves many boot |
| media and hardware configuration operations. For K3 devices, there |
| are also interactions with security firmware. While reloading the |
| "elf" file works through GDB, developers must be mindful of cascading |
| initialization's potential consequences. |
| |
| Consider the following code change: |
| |
| .. code-block:: diff |
| |
| --- a/file.c 2023-07-29 10:55:29.647928811 -0500 |
| +++ b/file.c 2023-07-29 10:55:46.091856816 -0500 |
| @@ -1,3 +1,3 @@ |
| val = readl(reg); |
| -val |= 0x2; |
| +val |= 0x1; |
| writel(val, reg); |
| |
| Re-running the elf file with the above change will result in the |
| register setting 0x3 instead of the intended 0x1. There are other |
| hardware blocks which may not behave very well with a re-initialization |
| without proper shutdown. |
| |
| To help narrow the debug down, it is usually simpler to use the |
| standard boot media to get to the bootloader and debug only in the area |
| of interest. |
| |
| In general, to debug u-boot spl/u-boot with OpenOCD there are three steps: |
| |
| * Modify the code adding a loop to allow the debugger to attach |
| near the point of interest. Boot up normally to stop at the loop. |
| * Connect with OpenOCD and step out of the loop. |
| * Step through the code to find the root of issue. |
| |
| Typical debugging involves a few iterations of the above sequence. |
| Though most bootloader developers like to use printf to debug, |
| debug with JTAG tends to be most efficient since it is possible to |
| investigate the code flow and inspect hardware registers without |
| repeated iterations. |
| |
| Code modification |
| """"""""""""""""" |
| |
| * **start.S**: Adding an infinite while loop at the very entry of |
| U-Boot. For this, look for the corresponding start.S entry file. |
| This is usually only required when debugging some core SoC or |
| processor related function. For example: arch/arm/cpu/armv8/start.S or |
| arch/arm/cpu/armv7/start.S |
| |
| .. code-block:: diff |
| |
| diff --git a/arch/arm/cpu/armv7/start.S b/arch/arm/cpu/armv7/start.S |
| index 69e281b086..744929e825 100644 |
| --- a/arch/arm/cpu/armv7/start.S |
| +++ b/arch/arm/cpu/armv7/start.S |
| @@ -37,6 +37,8 @@ |
| #endif |
| |
| reset: |
| +dead_loop: |
| + b dead_loop |
| /* Allow the board to save important registers */ |
| b save_boot_params |
| save_boot_params_ret: |
| |
| * **board_init_f**: Adding an infinite while loop at the board entry |
| function. In many cases, it is important to debug the boot process if |
| any changes are made for board-specific applications. Below is a step |
| by step process for debugging the boot SPL or Armv8 SPL: |
| |
| To debug the boot process in either domain, we will first |
| add a modification to the code we would like to debug. |
| In this example, we will debug ``board_init_f`` inside |
| ``arch/arm/mach-k3/{soc}_init.c``. Since some sections of U-Boot |
| will be executed multiple times during the bootup process of K3 |
| devices, we will need to include either ``CONFIG_ARM64`` or |
| ``CONFIG_CPU_V7R`` to catch the CPU at the desired place during the |
| bootup process (Main or Wakeup domains). For example, modify the |
| file as follows (depending on need): |
| |
| .. code-block:: c |
| |
| void board_init_f(ulong dummy) |
| { |
| . |
| . |
| /* Code to run on the R5F (Wakeup/Boot Domain) */ |
| if (IS_ENABLED(CONFIG_CPU_V7R)) { |
| volatile int x = 1; |
| while(x) {}; |
| } |
| ... |
| /* Code to run on the ARMV8 (Main Domain) */ |
| if (IS_ENABLED(CONFIG_ARM64)) { |
| volatile int x = 1; |
| while(x) {}; |
| } |
| . |
| . |
| } |
| |
| Connecting with OpenOCD for a debug session |
| """"""""""""""""""""""""""""""""""""""""""" |
| |
| Startup OpenOCD to debug the platform as follows: |
| |
| * **Integrated JTAG interface**: If the evm has a debugger such as |
| XDS110 inbuilt, there is typically an evm board support added and a |
| cfg file will be available. |
| |
| .. k3_rst_include_start_openocd_cfg_XDS110 |
| |
| .. prompt:: bash $ |
| |
| openocd -f board/{board_of_choice}.cfg |
| |
| .. k3_rst_include_end_openocd_cfg_XDS110 |
| |
| .. k3_rst_include_start_openocd_cfg_external_intro |
| |
| * **External JTAG adapter/interface**: In other cases, where an |
| adapter/dongle is used, a simple cfg file can be created to integrate the |
| SoC and adapter information. See `supported TI K3 SoCs |
| <https://github.com/openocd-org/openocd/blob/master/tcl/target/ti_k3.cfg#L59>`_ |
| to decide if the SoC is supported or not. |
| |
| .. prompt:: bash $ |
| |
| openocd -f openocd_connect.cfg |
| |
| .. k3_rst_include_end_openocd_cfg_external_intro |
| |
| For example, with BeaglePlay (AM62X platform), the openocd_connect.cfg: |
| |
| .. code-block:: tcl |
| |
| # TUMPA example: |
| # http://www.tiaowiki.com/w/TIAO_USB_Multi_Protocol_Adapter_User's_Manual |
| source [find interface/ftdi/tumpa.cfg] |
| |
| transport select jtag |
| |
| # default JTAG configuration has only SRST and no TRST |
| reset_config srst_only srst_push_pull |
| |
| # delay after SRST goes inactive |
| adapter srst delay 20 |
| |
| if { ![info exists SOC] } { |
| # Set the SoC of interest |
| set SOC am625 |
| } |
| |
| source [find target/ti_k3.cfg] |
| |
| ftdi tdo_sample_edge falling |
| |
| # Speeds for FT2232H are in multiples of 2, and 32MHz is tops |
| # max speed we seem to achieve is ~20MHz.. so we pick 16MHz |
| adapter speed 16000 |
| |
| Below is an example of the output of this command: |
| |
| .. code-block:: console |
| |
| Info : Listening on port 6666 for tcl connections |
| Info : Listening on port 4444 for telnet connections |
| Info : XDS110: connected |
| Info : XDS110: vid/pid = 0451/bef3 |
| Info : XDS110: firmware version = 3.0.0.20 |
| Info : XDS110: hardware version = 0x002f |
| Info : XDS110: connected to target via JTAG |
| Info : XDS110: TCK set to 2500 kHz |
| Info : clock speed 2500 kHz |
| Info : JTAG tap: am625.cpu tap/device found: 0x0bb7e02f (mfg: 0x017 (Texas Instruments), part: 0xbb7e, ver: 0x0) |
| Info : starting gdb server for am625.cpu.sysctrl on 3333 |
| Info : Listening on port 3333 for gdb connections |
| Info : starting gdb server for am625.cpu.a53.0 on 3334 |
| Info : Listening on port 3334 for gdb connections |
| Info : starting gdb server for am625.cpu.a53.1 on 3335 |
| Info : Listening on port 3335 for gdb connections |
| Info : starting gdb server for am625.cpu.a53.2 on 3336 |
| Info : Listening on port 3336 for gdb connections |
| Info : starting gdb server for am625.cpu.a53.3 on 3337 |
| Info : Listening on port 3337 for gdb connections |
| Info : starting gdb server for am625.cpu.main0_r5.0 on 3338 |
| Info : Listening on port 3338 for gdb connections |
| Info : starting gdb server for am625.cpu.gp_mcu on 3339 |
| Info : Listening on port 3339 for gdb connections |
| |
| .. note:: |
| Notice the default configuration is non-SMP configuration allowing |
| for each of the core to be attached and debugged simultaneously. |
| ARMv8 SPL/U-Boot starts up on cpu0 of a53/a72. |
| |
| .. k3_rst_include_start_openocd_cfg_external_gdb |
| |
| To debug using this server, use GDB directly or your preferred |
| GDB-based IDE. To start up GDB in the terminal, run the following |
| command. |
| |
| .. prompt:: bash $ |
| |
| gdb-multiarch |
| |
| To connect to your desired core, run the following command within GDB: |
| |
| .. prompt:: bash (gdb) |
| |
| target extended-remote localhost:{port for desired core} |
| |
| To load symbols: |
| |
| .. warning:: |
| |
| SPL and U-Boot does a re-location of address compared to where it |
| is loaded originally. This step takes place after the DDR size is |
| determined from dt parsing. So, debugging can be split into either |
| "before re-location" or "after re-location". Please refer to the |
| file ''doc/README.arm-relocation'' to see how to grab the relocation |
| address. |
| |
| * Prior to relocation: |
| |
| .. prompt:: bash (gdb) |
| |
| symbol-file {path to elf file} |
| |
| * After relocation: |
| |
| .. prompt:: bash (gdb) |
| |
| # Drop old symbol file |
| symbol-file |
| # Pick up new relocaddr |
| add-symbol-file {path to elf file} {relocaddr} |
| |
| .. k3_rst_include_end_openocd_cfg_external_gdb |
| |
| In the above example of AM625, |
| |
| .. prompt:: bash (gdb) |
| |
| target extended-remote localhost:3338 <- R5F (Wakeup Domain) |
| target extended-remote localhost:3334 <- A53 (Main Domain) |
| |
| The core can now be debugged directly within GDB using GDB commands or |
| if using IDE, as appropriate to the IDE. |
| |
| Stepping through the code |
| """"""""""""""""""""""""" |
| |
| `GDB TUI Commands |
| <https://sourceware.org/gdb/onlinedocs/gdb/TUI-Commands.html>`_ can |
| help set up the display more sensible for debug. Provide the name |
| of the layout that can be used to debug. For example, use the GDB |
| command ``layout src`` after loading the symbols to see the code and |
| breakpoints. To exit the debug loop added above, add any breakpoints |
| needed and run the following GDB commands to step out of the debug |
| loop set in the ``board_init_f`` function. |
| |
| .. prompt:: bash (gdb) |
| |
| set x = 0 |
| continue |
| |
| The platform has now been successfully setup to debug with OpenOCD |
| using GDB commands or a GDB-based IDE. See `OpenOCD documentation for |
| GDB <https://openocd.org/doc/html/GDB-and-OpenOCD.html>`_ for further |
| information. |
| |
| .. warning:: |
| |
| On the K3 family of devices, a watchdog timer within the DMSC is |
| enabled by default by the ROM bootcode with a timeout of 3 minutes. |
| The watchdog timer is serviced by System Firmware (SYSFW) or TI |
| Foundational Security (TIFS) during normal operation. If debugging |
| the SPL before the SYSFW is loaded, the watchdog timer will not get |
| serviced automatically and the debug session will reset after 3 |
| minutes. It is recommended to start debugging SPL code only after |
| the startup of SYSFW to avoid running into the watchdog timer reset. |
| |
| Miscellaneous notes with OpenOCD |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| |
| Currently, OpenOCD does not support tracing for K3 platforms. Tracing |
| function could be beneficial if the bug in code occurs deep within |
| nested function and can optionally save developers major trouble of |
| stepping through a large quantity of code. |