LS2088ARDB - How to deploy TF-A binaries in NOR flash

Document created by Swati Gupta Employee on Sep 6, 2019Last modified by Swati Gupta Employee on Jan 23, 2020
Version 16Show Document
  • View in full screen mode

Trusted Firmware for Cortex-A (TF-A) is an implementation of EL3 secure firmware. TF-A replaces PPA in secure firmware role.

Please note the steps listed in this topic can only be performed with LSDK 18.12 and newer releases.                     

                                      

To migrate to the TF-A boot flow from the previous boot flow (with PPA), you need to compile the TF-A binaries, bl2_<boot_mode>.pbl and fip.bin, and flash these binaries on the specific boot medium on the board.

For NOR boot, you need to compile the following TF-A binaries.

 

TF-A binary nameComponents

bl2_nor.pbl

  • BL2 binary: Platform initialization binary
  • RCW binary for NOR boot 

fip.bin

  • BL31: Secure runtime firmware
  • BL32: Trusted OS, for example, OPTEE (optional)
  • BL33: U-Boot/UEFI image

 

Follow these steps to compile and deploy TF-A  binaries (bl2_nor.pbl and fip.bin) on the NOR flash.

  1. Compile RCW binary
  2. Compile U-Boot binary
  3. [Optional] Compile OPTEE binary 
  4. Compile TF-A binaries (bl2_nor.pbl and fip.bin) for NOR boot
  5. Program TF-A binaries to the NOR flash

Step 1: Compile RCW binary 

 

You need to compile the rcw_1800.bin binary to build the bl2_nor.pbl binary.

 

Clone the  rcw repository and compile the PBL binary. 

  1. $ git clone https://source.codeaurora.org/external/qoriq/qoriq-components/rcw
  2. $ cd rcw
  3. $ git checkout -b <new branch name> <LSDK tag>For example, $git checkout -b LSDK-19.09 LSDK-19.09 
  4. $ cd ls2088ardb
  5. If required, make changes to the rcw files.
  6. $ make

 

The compiled PBL binary for NOR boot on LS2088ARDB, rcw_1800.bin, is available at rcw/ls2088ardb/FFFFFFFF_PP_HH_0x2a_0x41

See the rcw/ls2088ardb/README file for an explanation of the naming convention for the directories that contain the RCW source and binary files.

Step 2: Compile U-Boot binary

 

You need to compile the u-boot.bin binary to build the fip.bin binary.

 

Clone the u-boot repository and compile the U-Boot binary for TF-A.

 

  1. $ git clone https://source.codeaurora.org/external/qoriq/qoriq-components/u-boot.git
  2. $ cd u-boot
  3. $ git checkout -b <new branch name> LSDK-<LSDK version>. For example,$ git checkout -b LSDK-19.09 LSDK-19.09
  4. $ export ARCH=arm64
  5. $ export CROSS_COMPILE=aarch64-linux-gnu-
  6. $ make distclean
  7. make ls2088ardb_tfa_defconfig
  8. $ make

If the make command shows the error "*** Your GCC is older than 6.0 and is not supported", ensure that you are using Ubuntu 18.04 64-bit version for building the LSDK 18.12 and onwards U-Boot binary.                                

                                  

The compiled U-Boot binary, u-boot.bin, is available at u-boot/.

 

Step 3: [Optional] Compile OPTEE binary 

 

You need to compile the tee.bin binary to build fip.bin with OPTEE. However, OPTEE is optional, you can skip the procedure to compile OPTEE if you want to build the FIP binary without OPTEE.

 

Clone the optee_os repository and build the OPTEE binary. 

 

  1. $ git clone https://source.codeaurora.org/external/qoriq/qoriq-components/optee_os
  2. $ cd optee_os
  3. $ git checkout -b <new branch name> LSDK-<LSDK version>. For example,$ git checkout -b LSDK-19.09 LSDK-19.09
  4. $ export ARCH=arm
  5. $ export CROSS_COMPILE=aarch64-linux-gnu-
  6. $ make CFG_ARM64_core=y PLATFORM=ls-ls2088ardb
  7. $ aarch64-linux-gnu-objcopy -v -O binary out/arm-plat-ls/core/tee.elf out/arm-plat-ls/core/tee.bin

 

The compiled OPTEE image, tee.bin, is available at optee_os/out/arm-plat-ls/core/.

 

Step 4: Compile TF-A binaries for NOR boot

Clone the atf repository and compile the TF-A binaries, bl2_nor.pbl and fip.bin.

  1. $ git clone https://source.codeaurora.org/external/qoriq/qoriq-components/atf
  2. $ cd atf
  3. git checkout -b <new branch name> LSDK-<LSDK version>. For example,$git checkout -b LSDK-19.09 LSDK-19.09
  4. $ export ARCH=arm64
  5. $ export CROSS_COMPILE=aarch64-linux-gnu-
  6. Build BL2 binary with OPTEE.
    • $ make PLAT=ls2088ardb bl2 SPD=opteed BOOT_MODE=nor BL32=<path_to_optee_binary>/tee.bin pbl RCW=<path_to_rcw_binary>/rcw_1800.bin

      The compiled BL2 images, bl2.bin and bl2_nor.pbl are available at atf/build/ls2088ardb/release/.

      For any update in the BL2 source code or RCW binary, the bl2_nor.pbl binary needs to be recompiled.

      To compile the BL2 binary without OPTEE:

       

      make PLAT=ls2088ardb bl2 BOOT_MODE=nor pbl RCW=<path_to_rcw_binary>/rcw_1800.bin                    

            
  7. Build FIP binary with OPTEE and without trusted board boot.
    • $ make PLAT=ls2088ardb fip BL33=<path_to_u-boot_binary>/u-boot.bin SPD=opteed BL32=<path_to_optee_binary>/tee.bin

      The compiled BL31 and FIP binaries, bl31.binfip.bin, are available at atf/build/ls2088ardb/release/.

      For any update in the BL31, BL32, or BL33 binaries, the fip.bin binary needs to be recompiled.

      To compile the FIP binary without OPTEE and without trusted board boot:

      $ make PLAT=ls2088ardb fip BOOT_MODE=nor BL33=<path_to_u-boot_binary>/u-boot.bin

       

      To compile the FIP binary with trusted board boot, refer the read me at <atf repository>/plat/nxp/README.TRUSTED_BOOT

                                                                               

Step 5: Program TF-A binaries to NOR flash

  1. Boot LS2088ARDB from NOR flash. Ensure that the switches and jumpers are set to boot the board from NOR bank 0. 
    • SW5[1:8] = 1111 1111
    • SW3[1:8] = 0001 0010
    • SW4[1:8] = 1111 1111
    • SW6[1:8] = 1111 1111
    • SW7[1:8] = 0100 0010
    • SW9[1:8] = 0100 0000
    • SW8[1:8] = 0111 1111
  2. In addition to the above switch settings, make sure the following jumper settings are correct (for RDB Rev E and later)
    • J14 = 1-2, for NOR boot
  3. Boot from NOR bank 0: => qixis_reset

     

    For LS2088ARDB, in boot log, you'll see:

    Board: LS2088AE Rev1.1-RDB, Board Arch: V1, Board version: F, boot from vBank: 0

 

TF-A binaries can be loaded to LS2088ARDB from a TFTP server or from a mass storage device (SD, USB, or SATA).

 

Option 1: Load image from the TFTP server

 

Set up Ethernet connection

 

When board boots up, U-Boot prints a list of enabled Ethernet interfaces.

 

DPMAC1@xgmii, DPMAC2@xgmii, DPMAC3@xgmii, DPMAC4@xgmii, DPMAC5@xgmii, DPMAC6@xgmii, DPMAC7@xgmii, DPMAC8@xgmii

 

  1. Set server IP address to the IP address of the host machine on which you have configured the TFTP server. 

    => setenv serverip <ipaddress1>

  2. Set ethact and ethprime as the Ethernet interface connected to the TFTP server.

    See LS2088ARDB Ethernet port mapping for the mapping of Ethernet port names appearing on the chassis front panel with the port names in U-Boot and Linux.                                                

                      

    => setenv ethprime <name of interface connected to TFTP server>

    For example:

    => setenv ethprime DPMAC1@xgmii

    => setenv ethact <name of interface connected to TFTP server>

    For example:

    => setenv ethact DPMAC1@xgmii

  3. Set IP address of the board. You can set a static IP address or, if the board can connect to a dhcp server, you can use the dhcp command. 

    Static IP address assignment:
    => setenv ipaddr <ipaddress2>
    => setenv netmask <subnet mask>

    Dynamic IP address assignment:
    => dhcp

  4. Save the settings. => saveenv
  5. Check the connection between the board and the TFTP server.

=> ping $serverip

 

Using DPMAC1@xgmii device

 

host 192.168.1.1 is alive

 

Load TF-A binaries from the TFTP server

For details about the flash image layout for TF-A binaries, refer LSDK memory layout for TF-A boot flow.     

                  
  1. Flash bl2_nor.pbl to NOR bank 4 (after booting from NOR bank 0).

    • => tftp 82000000 bl2_nor.pbl
    • => erase 0x584000000 +$filesize;cp.b 82000000 0x584000000 $filesize
  2. Flash fip.bin to NOR bank 4 (after booting from NOR bank 0).
    • => tftp 82000000 fip.bin
    • => erase 0x584100000 +$filesize;cp.b 82000000 0x584100000 $filesize

  3. Boot from NOR bank 4: => qixis_reset altbank

    LS2088ARDB will boot with TF-A. In the boot log, you will see:

     

    NOTICE: UDIMM 18ASF1G72AZ-2G3B1

    NOTICE: 16 GB DDR4, 64-bit, CL=13, ECC on, 256B, CS0+CS1
    NOTICE: UDIMM 18ASF1G72AZ-2G3B1

    NOTICE: 4 GB DDR4, 32-bit, CL=11, ECC on, CS0+CS1
    NOTICE: BL2: v1.5(release):LSDK-19.09
    NOTICE: BL2: Built : 16:04:08, Nov 4 2019
    NOTICE: BL31: v1.5(release):LSDK-19.09
    NOTICE: BL31: Built : 16:40:39, Nov 4 2019
    NOTICE: Welcome to LS2088 BL31 Phase


    U-Boot 2019.04 (Nov 04 2019 - 15:57:49 +0530)

    SoC: LS2088AE Rev1.1 (0x87090011)
    Clock Configuration:
    CPU0(A72):1800 MHz CPU1(A72):1800 MHz CPU2(A72):1800 MHz
    CPU3(A72):1800 MHz CPU4(A72):1800 MHz CPU5(A72):1800 MHz
    CPU6(A72):1800 MHz CPU7(A72):1800 MHz
    Bus: 700 MHz DDR: 1866.667 MT/s DP-DDR: 1600 MT/s
    Reset Configuration Word (RCW):
    00000000: 483038b8 48480048 00000000 00000000
    00000010: 00000000 00000000 00a00000 00000000
    00000020: 01e01180 00002581 00000000 00000000
    00000030: 00400c0b 00000000 00000000 00000000
    00000040: 00000000 00000000 00000000 00000000
    00000050: 00000000 00000000 00000000 00000000
    00000060: 00000000 00000000 00027000 00000000
    00000070: 412a0000 00040000
    Model: Freescale Layerscape 2080a RDB Board
    Board: LS2088AE Rev1.1-RDB, Board Arch: V1, Board version: F, boot from vBank: 4

    .......

Option 2: Load image from partition on mass storage device (SD, USB, or SATA)

  1. Select mass storage device to use.
    => mmc rescan
    => mmc info

    Or

    => usb start
    => usb info

    Or

    => scsi scan

    => scsi info

  2. Optional – List files on storage device

    => ls mmc <device:partition>

    For example:

    => ls mmc 0:2

    Or

    => ls usb <device:partition>

    For example:

    => ls usb 0:1

    Or

    => ls scsi <device:partition>

    For example:

    => ls scsi 0:2

    If the ls command fails to run, check that U-Boot in NOR bank 0 supports the command by typing ls at the U-Boot prompt:

    => ls
    ls - Lists files in a directory (default)

     

    Usage:
    ls <interface> [<dev[:part]> [directory]]
    - Lists files in directory [directory] of partition [part] on device type [interface] and instance [dev].

     

    If U-Boot does not support this command, then update the composite firmware image in NOR bank 0.

     

    For steps to update composite firmware image in NOR bank, see Layerscape Software Development Kit User Guide .

                    

    Use the following command if the SD card is formatted/created using LSDK flex-installer command:

    => load <interface> [<dev[:part]> [<addr> [<filename> [bytes [pos]]]]]
    For example:

    => load mmc 0:2 $load_addr bl2_nor.pbl
    Use the following command if the SD card is formatted/created on a Windows PC:

    => fatload <interface> [<dev[:part]> [<addr> [<filename> [bytes [pos]]]]]
    For example:

    => fatload mmc 0:2 $load_addr bl2_nor.pbl
    Use the following command if the SD card is formatted/created on a Linux PC:

    => ext2load <interface> [<dev[:part]> [<addr> [<filename> [bytes [pos]]]]]
    For example:

    =>ext2load mmc 0:2 $load_addr bl2_nor.pbl
    Also note that LSDK flex-installer command puts the images on the IInd partition, so 0:2 is used in the load command. If the SD card is formatted on Windows PC or Linux PC for single partition only, then 0 should be used instead of 0:2 in the fatload/ext2load command.

            
  3. Load bl2_nor.pbl image from the storage device

    => load mmc 0:2 0xa0000000 <image name>

    => print filesize

    For example:

    => load mmc 0:2 0xa0000000 bl2_nor.pbl

    => print filesize

    filesize=14379

    Or

    => load usb 0:2 0xa0000000 <image name>

    => print filesize

    Or

    => load scsi 0:2 0xa0000000 <image name>

    => print filesize

  4. Program bl2_nor.pbl to NOR bank 4 (after booting from NOR bank 0)=> erase 0x584000000 +$filesize;cp.b 0xa0000000 0x584000000 $filesize
  5. Load fip.bin image from the storage device

    => load mmc 0:2 0xa0000000 <image name>

    => print filesize

    For example:

    => load mmc 0:2 0xa0000000 fip.bin

    => print filesize

    filesize=131510

    Or

    => load usb 0:2 0xa0000000 <image name>

    => print filesize

    Or

    => load scsi 0:2 0xa0000000 <image name>

    => print filesize

  6. Program fip.bin to NOR bank 4 (after booting from NOR bank 0)=> erase 0x584100000 +$filesize;cp.b 0xa0000000 0x584100000 $filesize
  7. Boot from NOR bank 4: => qixis_reset altbank

    LS2088ARDB will boot with TF-A.

Attachments

    Outcomes