1TF-A Build Instructions for Marvell Platforms 2============================================= 3 4This section describes how to compile the Trusted Firmware-A (TF-A) project for Marvell's platforms. 5 6Build Instructions 7------------------ 8(1) Set the cross compiler 9 10 .. code:: shell 11 12 > export CROSS_COMPILE=/path/to/toolchain/aarch64-linux-gnu- 13 14(2) Set path for FIP images: 15 16Set U-Boot image path (relatively to TF-A root or absolute path) 17 18 .. code:: shell 19 20 > export BL33=path/to/u-boot.bin 21 22For example: if U-Boot project (and its images) is located at ``~/project/u-boot``, 23BL33 should be ``~/project/u-boot/u-boot.bin`` 24 25 .. note:: 26 27 *u-boot.bin* should be used and not *u-boot-spl.bin* 28 29Set MSS/SCP image path (mandatory only for A7K/8K/CN913x when MSS_SUPPORT=1) 30 31 .. code:: shell 32 33 > export SCP_BL2=path/to/mrvl_scp_bl2*.img 34 35(3) Armada-37x0 build requires WTP tools installation. 36 37See below in the section "Tools and external components installation". 38Install ARM 32-bit cross compiler, which is required for building WTMI image for CM3 39 40 .. code:: shell 41 42 > sudo apt-get install gcc-arm-linux-gnueabi 43 44(4) Clean previous build residuals (if any) 45 46 .. code:: shell 47 48 > make distclean 49 50(5) Build TF-A 51 52There are several build options: 53 54- PLAT 55 56 Supported Marvell platforms are: 57 58 - a3700 - A3720 DB, EspressoBin and Turris MOX 59 - a70x0 60 - a70x0_amc - AMC board 61 - a80x0 62 - a80x0_mcbin - MacchiatoBin 63 - a80x0_puzzle - IEI Puzzle-M801 64 - t9130 - CN913x 65 - t9130_cex7_eval - CN913x CEx7 Evaluation Board 66 67- DEBUG 68 69 Default is without debug information (=0). in order to enable it use ``DEBUG=1``. 70 Must be disabled when building UART recovery images due to current console driver 71 implementation that is not compatible with Xmodem protocol used for boot image download. 72 73- LOG_LEVEL 74 75 Defines the level of logging which will be purged to the default output port. 76 77 - 0 - LOG_LEVEL_NONE 78 - 10 - LOG_LEVEL_ERROR 79 - 20 - LOG_LEVEL_NOTICE (default for DEBUG=0) 80 - 30 - LOG_LEVEL_WARNING 81 - 40 - LOG_LEVEL_INFO (default for DEBUG=1) 82 - 50 - LOG_LEVEL_VERBOSE 83 84- USE_COHERENT_MEM 85 86 This flag determines whether to include the coherent memory region in the 87 BL memory map or not. Enabled by default. 88 89- LLC_ENABLE 90 91 Flag defining the LLC (L3) cache state. The cache is enabled by default (``LLC_ENABLE=1``). 92 93- LLC_SRAM 94 95 Flag enabling the LLC (L3) cache SRAM support. The LLC SRAM is activated and used 96 by Trusted OS (OP-TEE OS, BL32). The TF-A only prepares CCU address translation windows 97 for SRAM address range at BL31 execution stage with window target set to DRAM-0. 98 When Trusted OS activates LLC SRAM, the CCU window target is changed to SRAM. 99 There is no reason to enable this feature if OP-TEE OS built with CFG_WITH_PAGER=n. 100 Only set LLC_SRAM=1 if OP-TEE OS is built with CFG_WITH_PAGER=y. 101 102- MARVELL_SECURE_BOOT 103 104 Build trusted(=1)/non trusted(=0) image, default is non trusted. 105 This parameter is used only for ``mrvl_flash`` and ``mrvl_uart`` targets. 106 107- MV_DDR_PATH 108 109 This parameter is required for ``mrvl_flash`` and ``mrvl_uart`` targets. 110 For A7K/8K/CN913x it is used for BLE build and for Armada37x0 it used 111 for ddr_tool build. 112 113 Specify path to the full checkout of Marvell mv-ddr-marvell git 114 repository. Checkout must contain also .git subdirectory because 115 mv-ddr build process calls git commands. 116 117 Do not remove any parts of git checkout becuase build process and other 118 applications need them for correct building and version determination. 119 120 121CN913x specific build options: 122 123- CP_NUM 124 125 Total amount of CPs (South Bridge) connected to AP. When the parameter is omitted, 126 the build uses the default number of CPs, which is a number of embedded CPs inside the 127 package: 1 or 2 depending on the SoC used. The parameter is valid for OcteonTX2 CN913x SoC 128 family (PLAT=t9130), which can have external CPs connected to the MCI ports. Valid 129 values with CP_NUM are in a range of 1 to 3. 130 131 132A7K/8K/CN913x specific build options: 133 134- BLE_PATH 135 136 Points to BLE (Binary ROM extension) sources folder. 137 The parameter is optional, its default value is ``plat/marvell/armada/a8k/common/ble`` 138 which uses TF-A in-tree BLE implementation. 139 140- MSS_SUPPORT 141 142 When ``MSS_SUPPORT=1``, then TF-A includes support for Management SubSystem (MSS). 143 When enabled it is required to specify path to the MSS firmware image via ``SCP_BL2`` 144 option. 145 146 This option is by default enabled. 147 148- SCP_BL2 149 150 Specify path to the MSS fimware image binary which will run on Cortex-M3 coprocessor. 151 It is available in Marvell binaries-marvell git repository. Required when ``MSS_SUPPORT=1``. 152 153 154Armada37x0 specific build options: 155 156- HANDLE_EA_EL3_FIRST 157 158 When ``HANDLE_EA_EL3_FIRST=1``, External Aborts and SError Interrupts will be always trapped 159 in TF-A. TF-A in this case enables dirty hack / workaround for a bug found in U-Boot and 160 Linux kernel PCIe controller driver pci-aardvark.c, traps and then masks SError interrupt 161 caused by AXI SLVERR on external access (syndrome 0xbf000002). 162 163 Otherwise when ``HANDLE_EA_EL3_FIRST=0``, these exceptions will be trapped in the current 164 exception level (or in EL1 if the current exception level is EL0). So exceptions caused by 165 U-Boot will be trapped in U-Boot, exceptions caused by Linux kernel (or user applications) 166 will be trapped in Linux kernel. 167 168 Mentioned bug in pci-aardvark.c driver is fixed in U-Boot version v2021.07 and Linux kernel 169 version v5.13 (workarounded since Linux kernel version 5.9) and also backported in Linux 170 kernel stable releases since versions v5.12.13, v5.10.46, v5.4.128, v4.19.198, v4.14.240. 171 172 If target system has already patched version of U-Boot and Linux kernel then it is strongly 173 recommended to not enable this workaround as it disallows propagating of all External Aborts 174 to running Linux kernel and makes correctable errors as fatal aborts. 175 176 This option is now disabled by default. In past this option was enabled by default in 177 TF-A versions v2.2, v2.3, v2.4 and v2.5. 178 179- CM3_SYSTEM_RESET 180 181 When ``CM3_SYSTEM_RESET=1``, the Cortex-M3 secure coprocessor will be used for system reset. 182 183 TF-A will send command 0x0009 with a magic value via the rWTM mailbox interface to the 184 Cortex-M3 secure coprocessor. 185 The firmware running in the coprocessor must either implement this functionality or 186 ignore the 0x0009 command (which is true for the firmware from A3700-utils-marvell 187 repository). If this option is enabled but the firmware does not support this command, 188 an error message will be printed prior trying to reboot via the usual way. 189 190 This option is needed on Turris MOX as a workaround to a HW bug which causes reset to 191 sometime hang the board. 192 193- A3720_DB_PM_WAKEUP_SRC 194 195 For Armada 3720 Development Board only, when ``A3720_DB_PM_WAKEUP_SRC=1``, 196 TF-A will setup PM wake up src configuration. This option is disabled by default. 197 198 199Armada37x0 specific build options for ``mrvl_flash`` and ``mrvl_uart`` targets: 200 201- DDR_TOPOLOGY 202 203 The DDR topology map index/name, default is 0. 204 205 Supported Options: 206 - 0 - DDR3 1CS 512MB (DB-88F3720-DDR3-Modular, EspressoBin V3-V5) 207 - 1 - DDR4 1CS 512MB (DB-88F3720-DDR4-Modular) 208 - 2 - DDR3 2CS 1GB (EspressoBin V3-V5) 209 - 3 - DDR4 2CS 4GB (DB-88F3720-DDR4-Modular) 210 - 4 - DDR3 1CS 1GB (DB-88F3720-DDR3-Modular, EspressoBin V3-V5) 211 - 5 - DDR4 1CS 1GB (EspressoBin V7, EspressoBin-Ultra) 212 - 6 - DDR4 2CS 2GB (EspressoBin V7) 213 - 7 - DDR3 2CS 2GB (EspressoBin V3-V5) 214 - CUST - CUSTOMER BOARD (Customer board settings) 215 216- CLOCKSPRESET 217 218 The clock tree configuration preset including CPU and DDR frequency, 219 default is CPU_800_DDR_800. 220 221 - CPU_600_DDR_600 - CPU at 600 MHz, DDR at 600 MHz 222 - CPU_800_DDR_800 - CPU at 800 MHz, DDR at 800 MHz 223 - CPU_1000_DDR_800 - CPU at 1000 MHz, DDR at 800 MHz 224 - CPU_1200_DDR_750 - CPU at 1200 MHz, DDR at 750 MHz 225 226 Look at Armada37x0 chip package marking on board to identify correct CPU frequency. 227 The last line on package marking (next line after the 88F37x0 line) should contain: 228 229 - C080 or I080 - chip with 800 MHz CPU - use ``CLOCKSPRESET=CPU_800_DDR_800`` 230 - C100 or I100 - chip with 1000 MHz CPU - use ``CLOCKSPRESET=CPU_1000_DDR_800`` 231 - C120 - chip with 1200 MHz CPU - use ``CLOCKSPRESET=CPU_1200_DDR_750`` 232 233- BOOTDEV 234 235 The flash boot device, default is ``SPINOR``. 236 237 Currently, Armada37x0 only supports ``SPINOR``, ``SPINAND``, ``EMMCNORM`` and ``SATA``: 238 239 - SPINOR - SPI NOR flash boot 240 - SPINAND - SPI NAND flash boot 241 - EMMCNORM - eMMC Download Mode 242 243 Download boot loader or program code from eMMC flash into CM3 or CA53 244 Requires full initialization and command sequence 245 246 - SATA - SATA device boot 247 248 Image needs to be stored at disk LBA 0 or at disk partition with 249 MBR type 0x4d (ASCII 'M' as in Marvell) or at disk partition with 250 GPT name ``MARVELL BOOT PARTITION``. 251 252- PARTNUM 253 254 The boot partition number, default is 0. 255 256 To boot from eMMC, the value should be aligned with the parameter in 257 U-Boot with name of ``CONFIG_SYS_MMC_ENV_PART``, whose value by default is 258 1. For details about CONFIG_SYS_MMC_ENV_PART, please refer to the U-Boot 259 build instructions. 260 261- WTMI_IMG 262 263 The path of the binary can point to an image which 264 does nothing, an image which supports EFUSE or a customized CM3 firmware 265 binary. The default image is ``fuse.bin`` that built from sources in WTP 266 folder, which is the next option. If the default image is OK, then this 267 option should be skipped. 268 269 Please note that this is not a full WTMI image, just a main loop without 270 hardware initialization code. Final WTMI image is built from this WTMI_IMG 271 binary and sys-init code from the WTP directory which sets DDR and CPU 272 clocks according to DDR_TOPOLOGY and CLOCKSPRESET options. 273 274 CZ.NIC as part of Turris project released free and open source WTMI 275 application firmware ``wtmi_app.bin`` for all Armada 3720 devices. 276 This firmware includes additional features like access to Hardware 277 Random Number Generator of Armada 3720 SoC which original Marvell's 278 ``fuse.bin`` image does not have. 279 280 CZ.NIC's Armada 3720 Secure Firmware is available at website: 281 282 https://gitlab.nic.cz/turris/mox-boot-builder/ 283 284- WTP 285 286 Specify path to the full checkout of Marvell A3700-utils-marvell git 287 repository. Checkout must contain also .git subdirectory because WTP 288 build process calls git commands. 289 290 WTP build process uses also Marvell mv-ddr-marvell git repository 291 specified in MV_DDR_PATH option. 292 293 Do not remove any parts of git checkout becuase build process and other 294 applications need them for correct building and version determination. 295 296- CRYPTOPP_PATH 297 298 Use this parameter to point to Crypto++ source code 299 directory. If this option is specified then Crypto++ source code in 300 CRYPTOPP_PATH directory will be automatically compiled. Crypto++ library 301 is required for building WTP image tool. Either CRYPTOPP_PATH or 302 CRYPTOPP_LIBDIR with CRYPTOPP_INCDIR needs to be specified for Armada37x0. 303 304- CRYPTOPP_LIBDIR 305 306 Use this parameter to point to the directory with 307 compiled Crypto++ library. By default it points to the CRYPTOPP_PATH. 308 309- CRYPTOPP_INCDIR 310 311 Use this parameter to point to the directory with 312 header files of Crypto++ library. By default it points to the CRYPTOPP_PATH. 313 314 315For example, in order to build the image in debug mode with log level up to 'notice' level run 316 317.. code:: shell 318 319 > make DEBUG=1 USE_COHERENT_MEM=0 LOG_LEVEL=20 PLAT=<MARVELL_PLATFORM> mrvl_flash 320 321And if we want to build a Armada37x0 image in debug mode with log level up to 'notice' level, 322the image has the preset CPU at 1000 MHz, preset DDR3 at 800 MHz, the DDR topology of DDR4 2CS, 323the image boot from SPI NOR flash partition 0, and the image is non trusted in WTP, the command 324line is as following 325 326.. code:: shell 327 328 > make DEBUG=1 USE_COHERENT_MEM=0 LOG_LEVEL=20 CLOCKSPRESET=CPU_1000_DDR_800 \ 329 MARVELL_SECURE_BOOT=0 DDR_TOPOLOGY=3 BOOTDEV=SPINOR PARTNUM=0 PLAT=a3700 \ 330 MV_DDR_PATH=/path/to/mv-ddr-marvell/ WTP=/path/to/A3700-utils-marvell/ \ 331 CRYPTOPP_PATH=/path/to/cryptopp/ BL33=/path/to/u-boot.bin \ 332 all fip mrvl_bootimage mrvl_flash mrvl_uart 333 334To build just TF-A without WTMI image (useful for A3720 Turris MOX board), run following command: 335 336.. code:: shell 337 338 > make USE_COHERENT_MEM=0 PLAT=a3700 CM3_SYSTEM_RESET=1 BL33=/path/to/u-boot.bin \ 339 CROSS_COMPILE=aarch64-linux-gnu- mrvl_bootimage 340 341Here is full example how to build production release of Marvell firmware image (concatenated 342binary of Marvell's A3720 sys-init, CZ.NIC's Armada 3720 Secure Firmware, TF-A and U-Boot) for 343EspressoBin board (PLAT=a3700) with 1GHz CPU (CLOCKSPRESET=CPU_1000_DDR_800) and 3441GB DDR4 RAM (DDR_TOPOLOGY=5): 345 346.. code:: shell 347 348 > git clone https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git 349 > git clone https://source.denx.de/u-boot/u-boot.git 350 > git clone https://github.com/weidai11/cryptopp.git 351 > git clone https://github.com/MarvellEmbeddedProcessors/mv-ddr-marvell.git 352 > git clone https://github.com/MarvellEmbeddedProcessors/A3700-utils-marvell.git 353 > git clone https://gitlab.nic.cz/turris/mox-boot-builder.git 354 > make -C u-boot CROSS_COMPILE=aarch64-linux-gnu- mvebu_espressobin-88f3720_defconfig u-boot.bin 355 > make -C mox-boot-builder CROSS_CM3=arm-linux-gnueabi- wtmi_app.bin 356 > make -C trusted-firmware-a CROSS_COMPILE=aarch64-linux-gnu- CROSS_CM3=arm-linux-gnueabi- \ 357 USE_COHERENT_MEM=0 PLAT=a3700 CLOCKSPRESET=CPU_1000_DDR_800 DDR_TOPOLOGY=5 \ 358 MV_DDR_PATH=$PWD/mv-ddr-marvell/ WTP=$PWD/A3700-utils-marvell/ \ 359 CRYPTOPP_PATH=$PWD/cryptopp/ BL33=$PWD/u-boot/u-boot.bin \ 360 WTMI_IMG=$PWD/mox-boot-builder/wtmi_app.bin FIP_ALIGN=0x100 mrvl_flash 361 362Produced Marvell firmware flash image: ``trusted-firmware-a/build/a3700/release/flash-image.bin`` 363 364Special Build Flags 365-------------------- 366 367- PLAT_RECOVERY_IMAGE_ENABLE 368 When set this option to enable secondary recovery function when build atf. 369 In order to build UART recovery image this operation should be disabled for 370 A7K/8K/CN913x because of hardware limitation (boot from secondary image 371 can interrupt UART recovery process). This MACRO definition is set in 372 ``plat/marvell/armada/a8k/common/include/platform_def.h`` file. 373 374- DDR32 375 In order to work in 32bit DDR, instead of the default 64bit ECC DDR, 376 this flag should be set to 1. 377 378For more information about build options, please refer to the 379:ref:`Build Options` document. 380 381 382Build output 383------------ 384Marvell's TF-A compilation generates 8 files: 385 386 - ble.bin - BLe image (not available for Armada37x0) 387 - bl1.bin - BL1 image 388 - bl2.bin - BL2 image 389 - bl31.bin - BL31 image 390 - fip.bin - FIP image (contains BL2, BL31 & BL33 (U-Boot) images) 391 - boot-image.bin - TF-A image (contains BL1 and FIP images) 392 - flash-image.bin - Flashable Marvell firmware image. For Armada37x0 it 393 contains TIM, WTMI and boot-image.bin images. For other platforms it contains 394 BLe and boot-image.bin images. Should be placed on the boot flash/device. 395 - uart-images.tgz.bin - GZIPed TAR archive which contains Armada37x0 images 396 for booting via UART. Could be loaded via Marvell's WtpDownload tool from 397 A3700-utils-marvell repository. 398 399Additional make target ``mrvl_bootimage`` produce ``boot-image.bin`` file. Target 400``mrvl_flash`` produce final ``flash-image.bin`` file and target ``mrvl_uart`` 401produce ``uart-images.tgz.bin`` file. 402 403 404Tools and external components installation 405------------------------------------------ 406 407Armada37x0 Builds require installation of additional components 408~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 409 410(1) ARM cross compiler capable of building images for the service CPU (CM3). 411 This component is usually included in the Linux host packages. 412 On Debian/Ubuntu hosts the default GNU ARM tool chain can be installed 413 using the following command 414 415 .. code:: shell 416 417 > sudo apt-get install gcc-arm-linux-gnueabi 418 419 Only if required, the default tool chain prefix ``arm-linux-gnueabi-`` can be 420 overwritten using the environment variable ``CROSS_CM3``. 421 Example for BASH shell 422 423 .. code:: shell 424 425 > export CROSS_CM3=/opt/arm-cross/bin/arm-linux-gnueabi 426 427(2) DDR initialization library sources (mv_ddr) available at the following repository 428 (use the "master" branch): 429 430 https://github.com/MarvellEmbeddedProcessors/mv-ddr-marvell.git 431 432(3) Armada3700 tools available at the following repository 433 (use the "master" branch): 434 435 https://github.com/MarvellEmbeddedProcessors/A3700-utils-marvell.git 436 437(4) Crypto++ library available at the following repository: 438 439 https://github.com/weidai11/cryptopp.git 440 441(5) Optional CZ.NIC's Armada 3720 Secure Firmware: 442 443 https://gitlab.nic.cz/turris/mox-boot-builder.git 444 445Armada70x0, Armada80x0 and CN913x Builds require installation of additional components 446~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 447 448(1) DDR initialization library sources (mv_ddr) available at the following repository 449 (use the "master" branch): 450 451 https://github.com/MarvellEmbeddedProcessors/mv-ddr-marvell.git 452 453(2) MSS Management SubSystem Firmware available at the following repository 454 (use the "binaries-marvell-armada-SDK10.0.1.0" branch): 455 456 https://github.com/MarvellEmbeddedProcessors/binaries-marvell.git 457