- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- MCUXpresso Training Hub
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
-
- Home
- :
- QorIQ Processing Platforms
- :
- Layerscape Knowledge Base
- :
- LS2088ARDB - How to deploy TF-A binaries in NOR flash
LS2088ARDB - How to deploy TF-A binaries in NOR flash
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
LS2088ARDB - How to deploy TF-A binaries in NOR flash
LS2088ARDB - How to deploy TF-A binaries in NOR flash
Trusted Firmware for Cortex-A (TF-A) is an implementation of EL3 secure firmware. TF-A replaces PPA in secure firmware role.
Please note the steps listed in this topic can only be performed with LSDK 18.12 and newer releases.
To migrate to the TF-A boot flow from the previous boot flow (with PPA), you need to compile the TF-A binaries, bl2_<boot_mode>.pbl and fip.bin, and flash these binaries on the specific boot medium on the board.
For NOR boot, you need to compile the following TF-A binaries.
| TF-A binary name | Components |
|---|---|
bl2_nor.pbl |
|
fip.bin |
|
Follow these steps to compile and deploy TF-A binaries (bl2_nor.pbl and fip.bin) on the NOR flash.
- Compile RCW binary
- Compile U-Boot binary
- [Optional] Compile OPTEE binary
- Compile TF-A binaries (bl2_nor.pbl and fip.bin) for NOR boot
- Program TF-A binaries to the NOR flash
Step 1: Compile RCW binary
You need to compile the rcw_1800.bin binary to build the bl2_nor.pbl binary.
Clone the rcw repository and compile the PBL binary.
- $ git clone https://source.codeaurora.org/external/qoriq/qoriq-components/rcw
- $ cd rcw
- $ git checkout -b <new branch name> <LSDK tag>. For example, $ git checkout -b LSDK-19.09 LSDK-19.09
- $ cd ls2088ardb
- If required, make changes to the rcw files.
- $ make
The compiled PBL binary for NOR boot on LS2088ARDB, rcw_1800.bin, is available at rcw/ls2088ardb/FFFFFFFF_PP_HH_0x2a_0x41
See the rcw/ls2088ardb/README file for an explanation of the naming convention for the directories that contain the RCW source and binary files.Step 2: Compile U-Boot binary
You need to compile the u-boot.bin binary to build the fip.bin binary.
Clone the u-boot repository and compile the U-Boot binary for TF-A.
- $ git clone https://source.codeaurora.org/external/qoriq/qoriq-components/u-boot.git
- $ cd u-boot
- $ git checkout -b <new branch name> LSDK-<LSDK version>. For example, $ git checkout -b LSDK-19.09 LSDK-19.09
- $ export ARCH=arm64
- $ export CROSS_COMPILE=aarch64-linux-gnu-
- $ make distclean
- $ make ls2088ardb_tfa_defconfig
- $ make
If the make command shows the error "*** Your GCC is older than 6.0 and is not supported", ensure that you are using Ubuntu 18.04 64-bit version for building the LSDK 18.12 and onwards U-Boot binary.
The compiled U-Boot binary, u-boot.bin, is available at u-boot/.
Step 3: [Optional] Compile OPTEE binary
You need to compile the tee.bin binary to build fip.bin with OPTEE. However, OPTEE is optional, you can skip the procedure to compile OPTEE if you want to build the FIP binary without OPTEE.
Clone the optee_os repository and build the OPTEE binary.
- $ git clone https://source.codeaurora.org/external/qoriq/qoriq-components/optee_os
- $ cd optee_os
- $ git checkout -b <new branch name> LSDK-<LSDK version>. For example, $ git checkout -b LSDK-19.09 LSDK-19.09
- $ export ARCH=arm
- $ export CROSS_COMPILE=aarch64-linux-gnu-
- $ make CFG_ARM64_core=y PLATFORM=ls-ls2088ardb
- $ aarch64-linux-gnu-objcopy -v -O binary out/arm-plat-ls/core/tee.elf out/arm-plat-ls/core/tee.bin
The compiled OPTEE image, tee.bin, is available at optee_os/out/arm-plat-ls/core/.
Step 4: Compile TF-A binaries for NOR boot
Clone the atf repository and compile the TF-A binaries, bl2_nor.pbl and fip.bin.
- $ git clone https://source.codeaurora.org/external/qoriq/qoriq-components/atf
- $ cd atf
- $ git checkout -b <new branch name> LSDK-<LSDK version>. For example, $ git checkout -b LSDK-19.09 LSDK-19.09
- $ export ARCH=arm64
- $ export CROSS_COMPILE=aarch64-linux-gnu-
- Build BL2 binary with OPTEE.
- $ make PLAT=ls2088ardb bl2 SPD=opteed BOOT_MODE=nor BL32=<path_to_optee_binary>/tee.bin pbl RCW=<path_to_rcw_binary>/rcw_1800.bin
The compiled BL2 images, bl2.bin and bl2_nor.pbl are available at atf/build/ls2088ardb/release/.
For any update in the BL2 source code or RCW binary, the bl2_nor.pbl binary needs to be recompiled.To compile the BL2 binary without OPTEE:
$ make PLAT=ls2088ardb bl2 BOOT_MODE=nor pbl RCW=<path_to_rcw_binary>/rcw_1800.bin
- $ make PLAT=ls2088ardb bl2 SPD=opteed BOOT_MODE=nor BL32=<path_to_optee_binary>/tee.bin pbl RCW=<path_to_rcw_binary>/rcw_1800.bin
- Build FIP binary with OPTEE and without trusted board boot.
- $ make PLAT=ls2088ardb fip BL33=<path_to_u-boot_binary>/u-boot.bin SPD=opteed BL32=<path_to_optee_binary>/tee.bin
The compiled BL31 and FIP binaries, bl31.bin, fip.bin, are available at atf/build/ls2088ardb/release/.
For any update in the BL31, BL32, or BL33 binaries, the fip.bin binary needs to be recompiled.To compile the FIP binary without OPTEE and without trusted board boot:
$ make PLAT=ls2088ardb fip BOOT_MODE=nor BL33=<path_to_u-boot_binary>/u-boot.bin
To compile the FIP binary with trusted board boot, refer the read me at <atf repository>/plat/nxp/README.TRUSTED_BOOT
- $ make PLAT=ls2088ardb fip BL33=<path_to_u-boot_binary>/u-boot.bin SPD=opteed BL32=<path_to_optee_binary>/tee.bin
Step 5: Program TF-A binaries to NOR flash
- Boot LS2088ARDB from NOR flash. Ensure that the switches and jumpers are set to boot the board from NOR bank 0.
- SW5[1:8] = 1111 1111
- SW3[1:8] = 0001 0010
- SW4[1:8] = 1111 1111
- SW6[1:8] = 1111 1111
- SW7[1:8] = 0100 0010
- SW9[1:8] = 0100 0000
- SW8[1:8] = 0111 1111
- In addition to the above switch settings, make sure the following jumper settings are correct (for RDB Rev E and later)
- J14 = 1-2, for NOR boot
- Boot from NOR bank 0: => qixis_reset
For LS2088ARDB, in boot log, you'll see:
Board: LS2088AE Rev1.1-RDB, Board Arch: V1, Board version: F, boot from vBank: 0
TF-A binaries can be loaded to LS2088ARDB from a TFTP server or from a mass storage device (SD, USB, or SATA).
Option 1: Load image from the TFTP server
Set up Ethernet connection
When board boots up, U-Boot prints a list of enabled Ethernet interfaces.
DPMAC1@xgmii, DPMAC2@xgmii, DPMAC3@xgmii, DPMAC4@xgmii, DPMAC5@xgmii, DPMAC6@xgmii, DPMAC7@xgmii, DPMAC8@xgmii
- Set server IP address to the IP address of the host machine on which you have configured the TFTP server.
=> setenv serverip <ipaddress1>
Set ethact and ethprime as the Ethernet interface connected to the TFTP server.
See LS2088ARDB Ethernet port mapping for the mapping of Ethernet port names appearing on the chassis front panel with the port names in U-Boot and Linux.
=> setenv ethprime <name of interface connected to TFTP server>
For example:
=> setenv ethprime DPMAC1@xgmii
=> setenv ethact <name of interface connected to TFTP server>
For example:
=> setenv ethact DPMAC1@xgmii
- Set IP address of the board. You can set a static IP address or, if the board can connect to a dhcp server, you can use the dhcp command.
Static IP address assignment:
=> setenv ipaddr <ipaddress2>
=> setenv netmask <subnet mask>Dynamic IP address assignment:
=> dhcp - Save the settings. => saveenv
- Check the connection between the board and the TFTP server.
=> ping $serverip
Using DPMAC1@xgmii device
host 192.168.1.1 is alive
Load TF-A binaries from the TFTP server
For details about the flash image layout for TF-A binaries, refer LSDK memory layout for TF-A boot flow.
Flash bl2_nor.pbl to NOR bank 4 (after booting from NOR bank 0).
- => tftp 82000000 bl2_nor.pbl
- => erase 0x584000000 +$filesize;cp.b 82000000 0x584000000 $filesize
- Flash fip.bin to NOR bank 4 (after booting from NOR bank 0).
- => tftp 82000000 fip.bin
=> erase 0x584100000 +$filesize;cp.b 82000000 0x584100000 $filesize
- Boot from NOR bank 4: => qixis_reset altbank
LS2088ARDB will boot with TF-A. In the boot log, you will see:
NOTICE: UDIMM 18ASF1G72AZ-2G3B1
NOTICE: 16 GB DDR4, 64-bit, CL=13, ECC on, 256B, CS0+CS1
NOTICE: UDIMM 18ASF1G72AZ-2G3B1NOTICE: 4 GB DDR4, 32-bit, CL=11, ECC on, CS0+CS1
NOTICE: BL2: v1.5(release):LSDK-19.09
NOTICE: BL2: Built : 16:04:08, Nov 4 2019
NOTICE: BL31: v1.5(release):LSDK-19.09
NOTICE: BL31: Built : 16:40:39, Nov 4 2019
NOTICE: Welcome to LS2088 BL31 Phase
U-Boot 2019.04 (Nov 04 2019 - 15:57:49 +0530)SoC: LS2088AE Rev1.1 (0x87090011)
.......
Clock Configuration:
CPU0(A72):1800 MHz CPU1(A72):1800 MHz CPU2(A72):1800 MHz
CPU3(A72):1800 MHz CPU4(A72):1800 MHz CPU5(A72):1800 MHz
CPU6(A72):1800 MHz CPU7(A72):1800 MHz
Bus: 700 MHz DDR: 1866.667 MT/s DP-DDR: 1600 MT/s
Reset Configuration Word (RCW):
00000000: 483038b8 48480048 00000000 00000000
00000010: 00000000 00000000 00a00000 00000000
00000020: 01e01180 00002581 00000000 00000000
00000030: 00400c0b 00000000 00000000 00000000
00000040: 00000000 00000000 00000000 00000000
00000050: 00000000 00000000 00000000 00000000
00000060: 00000000 00000000 00027000 00000000
00000070: 412a0000 00040000
Model: Freescale Layerscape 2080a RDB Board
Board: LS2088AE Rev1.1-RDB, Board Arch: V1, Board version: F, boot from vBank: 4
Option 2: Load image from partition on mass storage device (SD, USB, or SATA)
- Select mass storage device to use.
=> mmc rescan=> mmc infoOr
=> usb start => usb info
Or
=> scsi scan
=> scsi info
- Optional – List files on storage device
=> ls mmc <device:partition>
For example:
=> ls mmc 0:2
Or
=> ls usb <device:partition>
For example:
=> ls usb 0:1
Or
=> ls scsi <device:partition>
For example:
=> ls scsi 0:2
If the ls command fails to run, check that U-Boot in NOR bank 0 supports the command by typing ls at the U-Boot prompt:
=> ls ls - Lists files in a directory (default)
Usage: ls <interface> [<dev[:part]> [directory]] - Lists files in directory [directory] of partition [part] on device type [interface] and instance [dev].
If U-Boot does not support this command, then update the composite firmware image in NOR bank 0.
For steps to update composite firmware image in NOR bank, see Layerscape Software Development Kit User Guide .
Use the following command if the SD card is formatted/created using LSDK flex-installer command:
=> load <interface> [<dev[:part]> [<addr> [<filename> [bytes [pos]]]]] For example:
=> load mmc 0:2 $load_addr bl2_nor.pbl Use the following command if the SD card is formatted/created on a Windows PC:
=> fatload <interface> [<dev[:part]> [<addr> [<filename> [bytes [pos]]]]] For example:
=> fatload mmc 0:2 $load_addr bl2_nor.pbl Use the following command if the SD card is formatted/created on a Linux PC:
=> ext2load <interface> [<dev[:part]> [<addr> [<filename> [bytes [pos]]]]] For example:
=>ext2load mmc 0:2 $load_addr bl2_nor.pbl Also note that LSDK flex-installer command puts the images on the IInd partition, so 0:2 is used in the load command. If the SD card is formatted on Windows PC or Linux PC for single partition only, then 0 should be used instead of 0:2 in the fatload/ext2load command.
- Load bl2_nor.pbl image from the storage device
=> load mmc 0:2 0xa0000000 <image name>
=> print filesize
For example:
=> load mmc 0:2 0xa0000000 bl2_nor.pbl
=> print filesize
filesize=14379
Or
=> load usb 0:2 0xa0000000 <image name>
=> print filesize
Or
=> load scsi 0:2 0xa0000000 <image name>
=> print filesize
- Program bl2_nor.pbl to NOR bank 4 (after booting from NOR bank 0): => erase 0x584000000 +$filesize;cp.b 0xa0000000 0x584000000 $filesize
- Load fip.bin image from the storage device
=> load mmc 0:2 0xa0000000 <image name>
=> print filesize
For example:
=> load mmc 0:2 0xa0000000 fip.bin
=> print filesize
filesize=131510
Or
=> load usb 0:2 0xa0000000 <image name>
=> print filesize
Or
=> load scsi 0:2 0xa0000000 <image name>
=> print filesize
- Program fip.bin to NOR bank 4 (after booting from NOR bank 0): => erase 0x584100000 +$filesize;cp.b 0xa0000000 0x584100000 $filesize
- Boot from NOR bank 4: => qixis_reset altbank
LS2088ARDB will boot with TF-A.
