- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- MCUXpresso Training Hub
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- Home
- :
- QorIQ Processing Platforms
- :
- Layerscape Knowledge Base
- :
- LS1088ARDB-PB - How to deploy TF-A binaries on SD card
LS1088ARDB-PB - How to deploy TF-A binaries on SD card
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
LS1088ARDB-PB - How to deploy TF-A binaries on SD card
LS1088ARDB-PB - How to deploy TF-A binaries on SD card
Trusted Firmware for Cortex-A (TF-A) is an implementation of EL3 secure firmware. TF-A replaces PPA in secure firmware role.
Please note the steps listed in this topic can only be performed with LSDK 18.12 and newer releases.
Also the TF-A boot flow is applicable only for LS1088ARDB-PB. LS1088ARDB is not supported LSDK 18.12 release onwards.
To migrate to the TF-A boot flow from the previous boot flow (with PPA), you need to compile the TF-A binaries, bl2_<boot_mode>.pbl and fip.bin, and flash these binaries on the specific boot medium on the board.
For SD boot, you need to compile the following TF-A binaries.
| TF-A binary name | Components |
|---|---|
bl2_sd.pbl |
|
fip.bin |
|
Follow these steps to compile and deploy TF-A binaries (bl2_sd.pbl and fip.bin) on the SD card.
- Compile PBL binary from RCW source file
- Compile U-Boot binary
- [Optional] Compile OPTEE binary
- Compile TF-A binaries (bl2_sd.pbl and fip.bin) for SD boot
- Program TF-A binaries to the SD card
Step 1: Compile PBL binary from RCW source file
You need to compile the rcw_1600_sd.bin binary to build the bl2_sd.pbl binary.
Clone the rcw repository and compile the PBL binary.
- $ git clone https://source.codeaurora.org/external/qoriq/qoriq-components/rcw
- $ cd rcw
- $ git checkout -b <new branch name> <LSDK tag>. For example, $ git checkout -b LSDK-18.12 LSDK-18.12
- $ cd ls1088ardb
- If required, make changes to the rcw files.
- $ make
The compiled PBL binary for SD boot on LS1088ARDB-PB, rcw_1600_sd.bin, is available at rcw/ls1088ardb/FCQQQQQQQQ_PPP_H_0x1d_0x0d/.
See the rcw/ls1088ardb/README file for an explanation of the naming convention for the directories that contain the RCW source and binary files.Step 2: Compile U-Boot binary
You need to compile the u-boot.bin binary to build the fip.bin binary.
Clone the u-boot repository and compile the U-Boot binary for TF-A.
- $ git clone https://source.codeaurora.org/external/qoriq/qoriq-components/u-boot.git
- $ cd u-boot
- $ git checkout -b <new branch name> LSDK-<LSDK version>. For example, $ git checkout -b LSDK-18.12 LSDK-18.12
- $ export ARCH=arm
- $ export CROSS_COMPILE=aarch64-linux-gnu-
- $ make distclean
- $ make ls1088ardb_tfa_defconfig
- $ make
If the make command shows the error "*** Your GCC is older than 6.0 and is not supported", ensure that you are using Ubuntu 18.04 64-bit version for building the LSDK 18.12 U-Boot binary.
The compiled U-Boot binary, u-boot.bin, is available at u-boot/.
Step 3: [Optional] Compile OPTEE binary
You need to compile the tee.bin binary to build fip.bin with OPTEE. However, OPTEE is optional, you can skip the procedure to compile OPTEE if you want to build the FIP binary without OPTEE.
Clone the optee_os repository and build the OPTEE binary.
- $ git clone https://source.codeaurora.org/external/qoriq/qoriq-components/optee_os
- $ cd optee_os
- $ git checkout -b <new branch name> LSDK-<LSDK version>. For example, $ git checkout -b LSDK-18.12 LSDK-18.12
- $ export ARCH=arm
- $ export CROSS_COMPILE=aarch64-linux-gnu-
- $ make CFG_ARM64_core=y PLATFORM=ls-ls1088ardb
- $ aarch64-linux-gnu-objcopy -v -O binary out/arm-plat-ls/core/tee.elf out/arm-plat-ls/core/tee.bin
The compiled OPTEE image, tee.bin, is available at optee_os/out/arm-plat-ls/core/.
Step 4: Compile TF-A binaries for SD boot
Clone the atf repository and compile the TF-A binaries, bl2_sd.pbl and fip.bin.
- $ git clone https://source.codeaurora.org/external/qoriq/qoriq-components/atf
- $ cd atf
- $ git checkout -b <new branch name> LSDK-<LSDK version>. For example, $ git checkout -b LSDK-18.12 LSDK-18.12
- $ export ARCH=arm
- $ export CROSS_COMPILE=aarch64-linux-gnu-
- Build BL2 binary with OPTEE.
- $ make PLAT=ls1088ardb bl2 SPD=opteed BOOT_MODE=sd pbl RCW=<path_to_rcw_binary>/rcw_1600_sd.bin
The compiled BL2 images, bl2.bin and bl2_sd.pbl are available at atf/build/ls1088ardb/release/.
For any update in the BL2 source code or RCW binary, the bl2_sd.pbl binary needs to be recompiled.To compile the BL2 binary without OPTEE:
$ make PLAT=ls1088ardb bl2 BOOT_MODE=sd pbl RCW=<path_to_rcw_binary>/rcw_1600_sd.bin
- $ make PLAT=ls1088ardb bl2 SPD=opteed BOOT_MODE=sd pbl RCW=<path_to_rcw_binary>/rcw_1600_sd.bin
- Build FIP binary with OPTEE and without trusted board boot.
- $ make PLAT=ls1088ardb fip BL33=<path_to_u-boot_binary>/u-boot.bin SPD=opteed BL32=<path_to_optee_binary>/tee.bin
The compiled BL31 and FIP binaries, bl31.bin, fip.bin, are available at atf/build/ls1088ardb/release/.
For any update in the BL31, BL32, or BL33 binaries, the fip.bin binary needs to be recompiled.To compile the FIP binary without OPTEE and without trusted board boot:
$ make PLAT=ls1088ardb fip BOOT_MODE=sd BL33=<path_to_u-boot_binary>/u-boot.bin
To compile the FIP binary with trusted board boot, refer the read me at <atf repository>/plat/nxp/README.TRUSTED_BOOT
- $ make PLAT=ls1088ardb fip BL33=<path_to_u-boot_binary>/u-boot.bin SPD=opteed BL32=<path_to_optee_binary>/tee.bin
Step 5: Program TF-A binaries to SD card
- Boot LS1088ARDB-PB from QSPI. Ensure that the switches are set to boot the board from QSPI. For booting from QSPI , SW1[1:8] + SW2[1] = 0011_0001_X
- Boot from QSPI NOR flash0: => qixis_reset
For LS1088ARDB-PB, in boot log, you'll see:
Board: LS1088ARDB-PB, Board Arch: V1, Board version: A, boot from QSPI:0
Please ensure that you are using LS1088ARDB-PB to flash the TF-A binaries, as LS1088ARDB is not supported LSDK 18.12 release onwards.
Set up Ethernet connection
When board boots up, U-Boot prints a list of enabled Ethernet interfaces.
DPMAC1@xgmii, DPMAC2@xgmii, DPMAC3@qsgmii, DPMAC4@qsgmii, DPMAC5@qsgmii, DPMAC6@qsgmii, DPMAC7@qsgmii, DPMAC8@qsgmii, DPMAC9@qsgmii, DPMAC10@qsgmii
- Set server IP address to the IP address of the host machine on which you have configured the TFTP server.
=> setenv serverip <ipaddress1>
Set ethact and ethprime as the Ethernet interface connected to the TFTP server.
See LS1088ARDB/LS1088RDB-PB Ethernet port mapping for the mapping of Ethernet port names appearing on the chassis front panel with the port names in U-Boot and Linux.
=> setenv ethprime <name of interface connected to TFTP server>
For example:
=> setenv ethprime DPMAC3@qsgmii
=> setenv ethact <name of interface connected to TFTP server>
For example:
=> setenv ethact DPMAC3@qsgmii
- Set IP address of the board. You can set a static IP address or, if the board can connect to a dhcp server, you can use the dhcp command.
Static IP address assignment:
=> setenv ipaddr <ipaddress2>
=> setenv netmask <subnet mask>Dynamic IP address assignment:
=> dhcp - Save the settings. => saveenv
- Check the connection between the board and the TFTP server.
=> ping $serverip
Using DPMAC3@qsgmii device
host 192.168.1.1 is alive
Load TF-A binaries from the TFTP server
For details about the flash image layout for TF-A binaries, refer LSDK memory layout for TF-A boot flow.
Flash bl2_sd.pbl:
- => tftp 82000000 bl2_sd.pbl
- => mmc write 82000000 8 <blk_cnt>
Here, blk_cnt refers to number of blocks in SD card that need to be written as per the file size.
For example, when you load bl2_sd.pbl from the TFTP server, if the bytes transferred is 82809 (14379 hex), then blk_cnt is calculated as 82809/512 = 161 (A1 hex). For this example, mmc write command will be: => mmc write 82000000 8 A1
- Flash fip.bin:
- => tftp 82000000 fip.bin
=> mmc write 82000000 800 <blk_cnt>
Here, blk_cnt refers to number of blocks in SD card that need to be written as per the file size.
For example, when you load fip.bin from the TFTP server, if the bytes transferred is 1077157 (106fa5 hex), then blk_cnt is calculated as 1077157/512 = 2103 (837 hex). For this example, mmc write command will be: => mmc write 82000000 800 837
- Boot from SD card: => qixis_reset sd
LS1088ARDB-PB will boot with TF-A. In the boot log, you will see:
NOTICE: UDIMM 18ASF1G72AZ-2G6B1
NOTICE: 8 GB DDR4, 64-bit, CL=15, ECC on, CS0+CS1
NOTICE: BL2: v1.5(release):LSDK-18.12
NOTICE: BL2: Built : 11:57:03, Dec 23 2018
NOTICE: BL31: v1.5(release):LSDK-18.12
NOTICE: BL31: Built : 15:21:44, Feb 11 2019
NOTICE: Welcome to LS1088 BL31 Phase
For steps to deploy TF-A binaries in QSPI NOR flash, see LS1088ARDB-PB - How to deploy TF-A binaries in QSPI NOR flash
