1RD-Aspen (Zena CSS) Platform 2============================ 3 4The RD-Aspen platform, as referenced in TF-A, includes the following features: 5 6* Primary Compute with four processor clusters, each containing: 7 8 * Four Cortex-A720AE cores (Armv9.2-A application processor, 64-bit mode) 9 * A DynamIQ Shared Unit (DSU-120AE) 10 11* A GIC-720AE, which is GICv4-compatible and supports GICv3 mode as well. 12 13Further information on RD-Aspen is available at `Zena CSS`_ 14 15Boot Sequence 16------------- 17 18The boot process begins with the Runtime Security Engine (RSE), which loads the 19Application Processor (AP) BL2 image into the Trusted SRAM at a fixed address. 20Once loaded, the RSE signals the System Control Processor firmware (SCP-firmware) 21running on Safety Island Cluster 0 (SI CL0) to initiate the AP power-up sequence. 22 23The SCP-firmware then sets the reset vector base address (RVBAR) for the AP, ensuring 24it starts executing BL2 from the designated address. Following this, the SCP-firmware 25powers on AP Cluster 0, allowing the AP to run AP BL2. 26 27The following tasks are executed for each AP BL stage: 28 291. AP BL2: 30 31 * Performs the actions described in the `Trusted Board Boot (TBB)`_ document. 32 * (Optional step) Find the FIP image in a GPT partition, incase the FIP lies 33 within in a GPT image. 34 * Copies the FW_CONFIG from Secure Flash to Trusted SRAM. 35 * Completes its dynamic configuration from the FW_CONFIG loaded. 36 This includes: 37 38 * Parsing the configuration data. 39 * Setting up the required system parameters. 40 41 * Reads and loads AP BL31 image into the Trusted SRAM. 42 * (If present) Reads and loads AP BL32 (Secure Payload) image into Secure DRAM. 43 * (If present) Reads and loads the SPMC manifest (for S-EL2 firmware configuration) 44 into Trusted SRAM and passes its location to BL31. 45 * Copies AP BL33 and Device tree blob from Secure Flash to Normal DRAM. 46 * Transfers the execution to AP BL31. 47 482. AP BL31: 49 50 * Initializes Trusted Firmware-A Services. 51 * Transfers the execution to AP BL32 and then transfers the execution to AP BL33 52 533. AP BL32: 54 55 * Initializes Trusted OS (OP-TEE) environment 56 * Initializes Secure Partitions 57 * Transfers the execution back to AP BL31 58 * During runtime, it facilitates secure communication between the 59 normal world environment (e.g. Linux) and the Trusted Execution Environment. 60 61Build Procedure (TF-A only) 62--------------------------- 63 64- Ensure all `Prerequisites`_ are met, and the ``CROSS_COMPILE`` environment 65 variable is properly set. 66 67- Build TF-A: 68 69 70 .. code:: shell 71 72 make \ 73 PLAT=rdaspen \ 74 MBEDTLS_DIR=<mbedtls_dir> \ 75 CREATE_KEYS=1 \ 76 GENERATE_COT=1 \ 77 TRUSTED_BOARD_BOOT=1 \ 78 COT=tbbr \ 79 ARM_ROTPK_LOCATION=devel_rsa \ 80 ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \ 81 BL32=<path to optee binary> \ 82 ARM_GPT_SUPPORT=1 \ 83 BL33=<PATH-TO-BL33-BINARY> \ 84 85.. note:: 86 87 The ``BL32`` flag is optional and should be set only if a Trusted OS is required. 88 If it is not set, then ``BL33`` will be loaded directly after ``BL31``. 89 90 The ``ARM_GPT_SUPPORT`` flag is also optional. It must be enabled when the 91 FIP image resides inside a GPT partition on Secure Flash. 92 93-------------- 94 95*Copyright (c) 2025, Arm Limited. All rights reserved.* 96 97.. _Prerequisites: https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/prerequisites.html 98.. _Trusted Board Boot (TBB): https://trustedfirmware-a.readthedocs.io/en/latest/design/trusted-board-boot.html 99.. _Zena CSS: https://www.arm.com/products/automotive/compute-subsystems/zena 100