LS1043ARDB - How to deploy TF-A binaries in NOR flash

Document created by Swati Gupta Employee on Jun 12, 2019Last modified by Swati Gupta Employee on Jul 24, 2019
Version 5Show Document
  • View in full screen mode

Trusted Firmware for Cortex-A (TF-A) is an implementation of EL3 secure firmware. TF-A replaces PPA in secure firmware role.

Please note the steps listed in this topic can only be performed with LSDK 18.12 and newer releases.                     

          

To migrate to the TF-A boot flow from the previous boot flow (with PPA), you need to compile the TF-A binaries, bl2_<boot_mode>.pbl and fip.bin, and flash these binaries on the specific boot medium on the board.

 

For NOR boot, you need to compile the following TF-A binaries.

 

TF-A binary nameComponents

bl2_nor

  • BL2 binary: Platform initialization binary
  • RCW binary for NOR boot 

fip.bin

  • BL31: Secure runtime firmware
  • BL32: Trusted OS, for example, OPTEE (optional)
  • BL33: U-Boot/UEFI image

 

 

Follow these steps to compile and deploy TF-A  binaries (bl2_nor.pbl and fip.bin) on the NOR flash.

  1. Compile PBL binary from RCW source file
  2. Compile U-Boot binary
  3. [Optional] Compile OPTEE binary 
  4. Compile TF-A binaries (bl2_nor.pbl and fip.bin) for NOR boot
  5. Program TF-A binaries to the NOR flash

 

Step 1: Compile PBL binary from RCW source file

You need to compile the rcw_1600.bin binary to build the bl2_nor.pbl binary.

Clone the  rcw repository and compile the PBL binary. 

  1. $ git clone https://source.codeaurora.org/external/qoriq/qoriq-components/rcw
  2. $ cd rcw
  3. $ git checkout -b <new branch name> <LSDK tag>For example, $ git checkout -b LSDK-19.03 LSDK-19.03 
  4. $ cd ls1043ardb
  5. If required, make changes to the rcw files.
  6. $ make

 

The compiled PBL binary for NOR boot on LS1043ARDB, rcw_1600.bin, is available at rcw/ls1043ardb/RR_FQPP_1455/ 

See the rcw/ls1043ardb/README file for an explanation of the naming convention for the directories that contain the RCW source and binary files.

Step 2: Compile U-Boot binary

You need to compile the u-boot.bin binary to build the fip.bin binary.

Clone the u-boot repository and compile the U-Boot binary for TF-A.

  1. $ git clone https://source.codeaurora.org/external/qoriq/qoriq-components/u-boot.git
  2. $ cd u-boot
  3. $ git checkout -b <new branch name> LSDK-<LSDK version>. For example, $ git checkout -b LSDK-19.03 LSDK-19.03 
  4. $ export ARCH=arm64
  5. $ export CROSS_COMPILE=aarch64-linux-gnu-
  6. $ make distclean
  7. make ls1043ardb_tfa_defconfig
  8. $ make

If the make command shows the error "*** Your GCC is older than 6.0 and is not supported", ensure that you are using Ubuntu 18.04 64-bit version for building the LSDK 18.12 U-Boot binary.                                

      

The compiled U-Boot binary, u-boot.bin, is available at u-boot/.

 

Step 3: [Optional] Compile OPTEE binary 

 

You need to compile the tee.bin binary to build fip.bin with OPTEE. However, OPTEE is optional, you can skip the procedure to compile OPTEE if you want to build the FIP binary without OPTEE.

 

Clone the optee_os repository and build the OPTEE binary. 

  1. $ git clone https://source.codeaurora.org/external/qoriq/qoriq-components/optee_os
  2. $ cd optee_os
  3. $ git checkout -b <new branch name> LSDK-<LSDK version>. For example, $ git checkout -b LSDK-19.03 LSDK-19.03
  4. $ export ARCH=arm
  5. $ export CROSS_COMPILE=aarch64-linux-gnu-
  6. $ make CFG_ARM64_core=y PLATFORM=ls-ls1043ardb
  7. $ aarch64-linux-gnu-objcopy -v -O binary out/arm-plat-ls/core/tee.elf out/arm-plat-ls/core/tee.bin

The compiled OPTEE image, tee.bin, is available at optee_os/out/arm-plat-ls/core/.


Step 4: Compile TF-A binaries for NOR boot

Clone the atf repository and compile the TF-A binaries, bl2_nor.pbl and fip.bin.

  1. $ git clone https://source.codeaurora.org/external/qoriq/qoriq-components/atf
  2. $ cd atf
  3. git checkout -b <new branch name> LSDK-<LSDK version>. For example, $ git checkout -b LSDK-19.03 LSDK-19.03
  4. $ export ARCH=arm64
  5. $ export CROSS_COMPILE=aarch64-linux-gnu-
  6. Build BL2 binary with OPTEE.
    • $ make PLAT=ls1043ardb bl2 SPD=opteed BOOT_MODE=nor BL32=<path_to_optee_binary>/tee.bin pbl RCW=<path_to_rcw_binary>/rcw_1600.bin

      The compiled BL2 images, bl2.bin and bl2_nor.pbl are available at atf/build/ls1043ardb/release/.

      For any update in the BL2 source code or RCW binary, the bl2_nor.pbl binary needs to be recompiled.

      To compile the BL2 binary without OPTEE:

       

      make PLAT=ls1043ardb bl2 BOOT_MODE=nor pbl RCW=<path_to_rcw_binary>/rcw_1600.bin

                                      
  7. Build FIP binary with OPTEE and without trusted board boot.
    • $ make PLAT=ls1043ardb fip BL33=<path_to_u-boot_binary>/u-boot.bin SPD=opteed BL32=<path_to_optee_binary>/tee.bin

      The compiled BL31 and FIP binaries, bl31.binfip.bin, are available at atf/build/ls1043ardb/release/.

      For any update in the BL31, BL32, or BL33 binaries, the fip.bin binary needs to be recompiled.

      To compile the FIP binary without OPTEE and without trusted board boot:

      $ make PLAT=ls1043ardb fip BOOT_MODE=nor BL33=<path_to_u-boot_binary>/u-boot.bin

       

      To compile the FIP binary with trusted board boot, refer the read me at <atf repository>/plat/nxp/README.TRUSTED_BOOT

                                                   

Step 5: Program TF-A binaries to NOR flash

  1. Boot LS1043ARDB from NOR flash. Ensure that the switches are set to boot the board from NOR bank 0. For booting from NOR bank 0, switch settings are as follows:
    • SW3[1:8] = 10110011
    • SW4[1:8] = 00010010
    • SW5[1:8] = 10100010
  2. Boot from NOR bank 0: => cpld reset

     

    For LS1043ARDB, in boot log, you'll see:

    Board: LS1043ARDB, boot from vBank 0

 

Set up Ethernet connection

When board boots up, U-Boot prints a list of enabled Ethernet interfaces.

FM1@DTSEC1, FM1@DTSEC2, FM1@DTSEC3 [PRIME], FM1@DTSEC4, FM1@DTSEC5

  1. Set server IP address to the IP address of the host machine on which you have configured the TFTP server. 

    => setenv serverip <ipaddress1>

  2. Set ethact and ethprime as the Ethernet interface connected to the TFTP server.

    See LS1043ARDB Ethernet and FMC port mapping for the mapping of Ethernet port names appearing on the chassis front panel with the port names in U-Boot and Linux.

                                                                     

    => setenv ethprime <name of interface connected to TFTP server>

    For example:

    => setenv ethprime FM1@DTSEC4

    => setenv ethact <name of interface connected to TFTP server>

    For example:

    => setenv ethact FM1@DTSEC4

  3. Set IP address of the board. You can set a static IP address or, if the board can connect to a dhcp server, you can use the dhcp command. 

    Static IP address assignment:
    => setenv ipaddr <ipaddress2>
    => setenv netmask <subnet mask>

    Dynamic IP address assignment:
    => dhcp

  4. Save the settings. => saveenv
  5. Check the connection between the board and the TFTP server.

=> ping $serverip

Using FM1@DTSEC4 device

host 192.168.1.1 is alive

 

Load TF-A binaries from the TFTP server

For details about the flash image layout for TF-A binaries, refer LSDK memory layout for TF-A boot flow.

                                             
  1. Flash bl2_nor.pbl in NOR bank 4.

    • => tftp 82000000 bl2_nor.pbl
    • => erase 64000000 +$filesize;cp.b 82000000 64000000 $filesize
  2. Flash fip.bin in NOR bank 4.
    • => tftp 82000000 fip.bin
    • => erase 64100000 +$filesize;cp.b 82000000 64100000 $filesize

       

  3. Boot from NOR bank 4: => cpld reset altbank

    LS1043ARDB will boot with TF-A. In the boot log, you will see:

     

     

    NOTICE: 2 GB DDR4, 32-bit, CL=11, ECC off
    NOTICE: BL2: v1.5(release):LSDK-19.03
    NOTICE: BL2: Built : 14:43:06, Jun 12 2019
    NOTICE: BL31: v1.5(release):LSDK-19.03
    NOTICE: BL31: Built : 14:44:16, Jun 12 2019
    NOTICE: Welcome to LS1043 BL31 Phase

    U-Boot 2018.09 (May 23 2019 - 14:35:16 +0530)

    SoC: LS1043AE Rev1.1 (0x87920011)
    Clock Configuration:
    CPU0(A53):1600 MHz CPU1(A53):1600 MHz CPU2(A53):1600 MHz
    CPU3(A53):1600 MHz
    Bus: 400 MHz DDR: 1600 MT/s FMAN: 500 MHz
    Reset Configuration Word (RCW):
    00000000: 08100010 0a000000 00000000 00000000
    00000010: 14550002 80004012 e0025000 c1002000
    00000020: 00000000 00000000 00000000 00038800
    00000030: 00000000 00001101 00000096 00000001
    Model: LS1043A RDB Board
    Board: LS1043ARDB, boot from vBank 4

    .......
1 person found this helpful

Attachments

    Outcomes