NXP Supplied Reference Code for ESBC

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

NXP Supplied Reference Code for ESBC

892 Views
rashmitharamesh
Contributor III

Hi,

1.I am trying to find the NXP Reference code which is mentioned in all NXP documents which describes ESBC phase. 

But none of the SDK documents give exact location or content of this code.

2.In LSDKUG_Rev19.06, 6.1.1.5 ESBC Phase says 

ESBC is NXP – supplied reference code, and can be changed by OEMs. ESBC is the BL2 image, which is signed using private key.

That image then loads a FIP image that includes,

BL31 ( EL3 runtime software) ,

BL32( optional image for platform storage) and

BL33 (Uboot) to DDR and their headers to DDR, then validates these images.

Is there sample/reference code for BL31 and BL32?

Or could you provide a brief description what is the expected image there?

3. In QorIQ Yocto Environment, i edited my U-Boot source code in arch/arm/cpu/armv8 folder as my board is LS1046ARDB. The output qspi-secure-boot.bin file is 800MB in size. Even if i remove all other boards and CPU configuration folders and remove them from the Kconfigs, the size remains unchanged and is still 800MB.

What are the folder/files/configurations that should be removed to reduce the file size?

4. In QorIQ Yocto Environment, once I do bitbake U-Boot and it succeeds running all the tasks. If I make a change and do bitbake again, the compiling of changed files doesn't take place and no new output file is generated.

So I am doing bitbake -c compile -f u-boot

and then bitbake u-boot

To do a forced compile

But this throws a warning that the .bb is tainted due to force run. Does this have any impact on the generated files?

In there some other way in bitbake to do an incremental build/build new changes?

Regards,

Rashmitha

chitra.amzarewale@utas.utc.com

Labels (1)
4 Replies

743 Views
yipingwang
NXP TechSupport
NXP TechSupport

Hello Rashmitha,

1. Please refer to flash layout for boot flow with TF-A.

pastedImage_1.png

2. For BL31 and BL32 source code, please refer to atf source code.

In LSDK environment, please execute the following command to get atf source code in packages/firmware/atf/.

$ flex-builder -c atf -m ls1046ardb

Please refer to atf/bl31/ and atf bl32 for BL31 and BL32 source code.

You also could get atf source code from git tree

$ git clone https://source.codeaurora.org/external/qoriq/qoriq-components/atf.git -b LSDK-19.06

$ git checkout -b LSDK-19.06

3. I just download the latest Yocto release from the following link.

readme - qoriq-components/yocto-sdk - Repo manifest for QorIQ Yocto SDK 

Modify sources/meta-freescale/conf/machine/ls1046ardb.conf as the following.

BOOT_CONFIG ??= "tfa-secure-boot tfa qspi-secure-boot"
UBOOT_CONFIG[tfa] = "ls1046ardb_tfa_defconfig,,u-boot-dtb.bin"
UBOOT_CONFIG[tfa-secure-boot] = "ls1046ardb_tfa_SECURE_BOOT_defconfig,,u-boot-dtb.bin"
UBOOT_CONFIG[qspi-secure-boot] = "ls1046ardb_qspi_SECURE_BOOT_defconfig,,u-boot-dtb.bin"

I generated secure QSPI boot image u-boot-qspi-secure-boot-2018.09+fslgit-r0.bin about 745K.

4. The following procedure should be correct.

$ bitbake -c compile -f u-boot

$ bitbake u-boot

Thanks,

Yiping

743 Views
rashmitharamesh
Contributor III

Hi Yiping,

1.

(i)Could you please tell is TF-A ->Trusted Firmware Architecture or anything else?

(ii)I think my question was not worded properly, but I was asking where will I find ESBC-NXP Reference Code in QorIQ SDK folder or in U-boot folder.

2. I am not using LSDK, I am using QorIQ SDK V2 Yocto, I understand that flex-builder is for LSDK.

Could you suggest steps for getting "package folder" in QorIQ Yocto Env?

3.

Why is tfa-secure-boot and qspi-secure-boot both required?

I am trying to boot from QSPI alone, also I am not able to understand what exactly is TFA-SECURE-BOOT used for.

4.

Forced compile throws a warning that the .bb is tainted due to force run. Does this have any impact on the generated files?

Thanks & Regards,

Rashmitha

chitra.amzarewale@utas.utc.com

0 Kudos

743 Views
yipingwang
NXP TechSupport
NXP TechSupport

1.

i. Please refer to "5.1.3 Boot flow with TF-A" in LSDK LSDKUG_Rev19.06.

ii. Please refer to bl2 in atf folder.

2. You could run the following command to get atf in build_ls1046ardb/tmp/work/aarch64-fsl-linux/atf/git-r0/git/.

$ bitbake atf -c patch -f

3. You could modify sources/meta-freescale/conf/machine/ls1046ardb.conf as the following.

BOOT_CONFIG ??= "qspi-secure-boot"
UBOOT_CONFIG[qspi-secure-boot] = "ls1046ardb_qspi_SECURE_BOOT_defconfig,,u-boot-dtb.bin"

4. No impact for the generated file.

743 Views
rashmitharamesh
Contributor III

Hi yipingwang,

$ bitbake atf -c patch -f ------ Is giving error saying atf not found, try at or atftp

You are referring to LSDK again, I am using QorIQ SDK V2 Yocto

Could you please provide guidance w.r.t. QorIQ Yocto SDK

New Questions:

1. Below given CST Tool steps asks to change config to create secure u-boot image .

What is the difference between normal u-boot bin and secure u-boot bin?

c.Build Secure u-boot image
Modify the recipe sources/meta-freescale/conf/machine/ls1043ardb.conf, add secure u-boot in the build configuration.
UBOOT_CONFIG ??= "nand sdcard nor secure-boot"
Execute “$bitbake u-boot” and get secure u-boot image build_ls1043ardb/tmp/deploy/images/ls1043ardb/u-boot-secure-boot.bin, copy it to folder build_ls1043ardb/tmp/sysroots/x86_64-linux/usr/bin/cst and rename it as u-boot.bin.

2Is there any guide for list of U-Boot configurations for enabling and operating only in Arm Trust Zone?

3. I want my secure-boot flow to be

First, BL1 (ISBC in Internal BOOT ROM) which is present by default

After that if i just want a single BL with basic boot functionality(System register initialization, RAM Init, basic tests).

BL1-> Basic Boot->Linux

Which are the files that set this one image to next image transition/flow?

Thanks,

Rashmitha

chitra.amzarewale@utas.utc.com

 

0 Kudos