1*43f35ef5SPaul BeesleyAlternative Boot Flows 2*43f35ef5SPaul Beesley====================== 3*43f35ef5SPaul Beesley 4*43f35ef5SPaul BeesleyEL3 payloads alternative boot flow 5*43f35ef5SPaul Beesley---------------------------------- 6*43f35ef5SPaul Beesley 7*43f35ef5SPaul BeesleyOn a pre-production system, the ability to execute arbitrary, bare-metal code at 8*43f35ef5SPaul Beesleythe highest exception level is required. It allows full, direct access to the 9*43f35ef5SPaul Beesleyhardware, for example to run silicon soak tests. 10*43f35ef5SPaul Beesley 11*43f35ef5SPaul BeesleyAlthough it is possible to implement some baremetal secure firmware from 12*43f35ef5SPaul Beesleyscratch, this is a complex task on some platforms, depending on the level of 13*43f35ef5SPaul Beesleyconfiguration required to put the system in the expected state. 14*43f35ef5SPaul Beesley 15*43f35ef5SPaul BeesleyRather than booting a baremetal application, a possible compromise is to boot 16*43f35ef5SPaul Beesley``EL3 payloads`` through TF-A instead. This is implemented as an alternative 17*43f35ef5SPaul Beesleyboot flow, where a modified BL2 boots an EL3 payload, instead of loading the 18*43f35ef5SPaul Beesleyother BL images and passing control to BL31. It reduces the complexity of 19*43f35ef5SPaul Beesleydeveloping EL3 baremetal code by: 20*43f35ef5SPaul Beesley 21*43f35ef5SPaul Beesley- putting the system into a known architectural state; 22*43f35ef5SPaul Beesley- taking care of platform secure world initialization; 23*43f35ef5SPaul Beesley- loading the SCP_BL2 image if required by the platform. 24*43f35ef5SPaul Beesley 25*43f35ef5SPaul BeesleyWhen booting an EL3 payload on Arm standard platforms, the configuration of the 26*43f35ef5SPaul BeesleyTrustZone controller is simplified such that only region 0 is enabled and is 27*43f35ef5SPaul Beesleyconfigured to permit secure access only. This gives full access to the whole 28*43f35ef5SPaul BeesleyDRAM to the EL3 payload. 29*43f35ef5SPaul Beesley 30*43f35ef5SPaul BeesleyThe system is left in the same state as when entering BL31 in the default boot 31*43f35ef5SPaul Beesleyflow. In particular: 32*43f35ef5SPaul Beesley 33*43f35ef5SPaul Beesley- Running in EL3; 34*43f35ef5SPaul Beesley- Current state is AArch64; 35*43f35ef5SPaul Beesley- Little-endian data access; 36*43f35ef5SPaul Beesley- All exceptions disabled; 37*43f35ef5SPaul Beesley- MMU disabled; 38*43f35ef5SPaul Beesley- Caches disabled. 39*43f35ef5SPaul Beesley 40*43f35ef5SPaul Beesley.. _alt_boot_flows_el3_payload: 41*43f35ef5SPaul Beesley 42*43f35ef5SPaul BeesleyBooting an EL3 payload 43*43f35ef5SPaul Beesley~~~~~~~~~~~~~~~~~~~~~~ 44*43f35ef5SPaul Beesley 45*43f35ef5SPaul BeesleyThe EL3 payload image is a standalone image and is not part of the FIP. It is 46*43f35ef5SPaul Beesleynot loaded by TF-A. Therefore, there are 2 possible scenarios: 47*43f35ef5SPaul Beesley 48*43f35ef5SPaul Beesley- The EL3 payload may reside in non-volatile memory (NVM) and execute in 49*43f35ef5SPaul Beesley place. In this case, booting it is just a matter of specifying the right 50*43f35ef5SPaul Beesley address in NVM through ``EL3_PAYLOAD_BASE`` when building TF-A. 51*43f35ef5SPaul Beesley 52*43f35ef5SPaul Beesley- The EL3 payload needs to be loaded in volatile memory (e.g. DRAM) at 53*43f35ef5SPaul Beesley run-time. 54*43f35ef5SPaul Beesley 55*43f35ef5SPaul BeesleyTo help in the latter scenario, the ``SPIN_ON_BL1_EXIT=1`` build option can be 56*43f35ef5SPaul Beesleyused. The infinite loop that it introduces in BL1 stops execution at the right 57*43f35ef5SPaul Beesleymoment for a debugger to take control of the target and load the payload (for 58*43f35ef5SPaul Beesleyexample, over JTAG). 59*43f35ef5SPaul Beesley 60*43f35ef5SPaul BeesleyIt is expected that this loading method will work in most cases, as a debugger 61*43f35ef5SPaul Beesleyconnection is usually available in a pre-production system. The user is free to 62*43f35ef5SPaul Beesleyuse any other platform-specific mechanism to load the EL3 payload, though. 63*43f35ef5SPaul Beesley 64*43f35ef5SPaul Beesley 65*43f35ef5SPaul BeesleyPreloaded BL33 alternative boot flow 66*43f35ef5SPaul Beesley------------------------------------ 67*43f35ef5SPaul Beesley 68*43f35ef5SPaul BeesleySome platforms have the ability to preload BL33 into memory instead of relying 69*43f35ef5SPaul Beesleyon TF-A to load it. This may simplify packaging of the normal world code and 70*43f35ef5SPaul Beesleyimprove performance in a development environment. When secure world cold boot 71*43f35ef5SPaul Beesleyis complete, TF-A simply jumps to a BL33 base address provided at build time. 72*43f35ef5SPaul Beesley 73*43f35ef5SPaul BeesleyFor this option to be used, the ``PRELOADED_BL33_BASE`` build option has to be 74*43f35ef5SPaul Beesleyused when compiling TF-A. For example, the following command will create a FIP 75*43f35ef5SPaul Beesleywithout a BL33 and prepare to jump to a BL33 image loaded at address 76*43f35ef5SPaul Beesley0x80000000: 77*43f35ef5SPaul Beesley 78*43f35ef5SPaul Beesley.. code:: shell 79*43f35ef5SPaul Beesley 80*43f35ef5SPaul Beesley make PRELOADED_BL33_BASE=0x80000000 PLAT=fvp all fip 81*43f35ef5SPaul Beesley 82*43f35ef5SPaul Beesley-------------- 83*43f35ef5SPaul Beesley 84*43f35ef5SPaul Beesley*Copyright (c) 2019, Arm Limited. All rights reserved.* 85