124dba2b3SPaul BeesleyQEMU virt Armv8-A 224dba2b3SPaul Beesley================= 36f625747SDouglas Raillard 44def07d5SDan HandleyTrusted Firmware-A (TF-A) implements the EL3 firmware layer for QEMU virt 54def07d5SDan HandleyArmv8-A. BL1 is used as the BootROM, supplied with the -bios argument. 66f625747SDouglas RaillardWhen QEMU starts all CPUs are released simultaneously, BL1 selects a 76f625747SDouglas Raillardprimary CPU to handle the boot and the secondaries are placed in a polling 86f625747SDouglas Raillardloop to be released by normal world via PSCI. 96f625747SDouglas Raillard 106f625747SDouglas RaillardBL2 edits the Flattened Device Tree, FDT, generated by QEMU at run-time to 116f625747SDouglas Raillardadd a node describing PSCI and also enable methods for the CPUs. 126f625747SDouglas Raillard 1374464d5bSAndrew WalbranIf ``ARM_LINUX_KERNEL_AS_BL33`` is set to 1 then this FDT will be passed to BL33 1474464d5bSAndrew Walbranvia register x0, as expected by a Linux kernel. This allows a Linux kernel image 1574464d5bSAndrew Walbranto be booted directly as BL33 rather than using a bootloader. 1674464d5bSAndrew Walbran 1762038be7SMasahiro YamadaAn ARM64 defconfig v5.5 Linux kernel is known to boot, FDT doesn't need to be 186f625747SDouglas Raillardprovided as it's generated by QEMU. 196f625747SDouglas Raillard 206f625747SDouglas RaillardCurrent limitations: 216f625747SDouglas Raillard 226f625747SDouglas Raillard- Only cold boot is supported 236f625747SDouglas Raillard- No build instructions for QEMU\_EFI.fd and rootfs-arm64.cpio.gz 246f625747SDouglas Raillard 256f625747SDouglas Raillard``QEMU_EFI.fd`` can be dowloaded from 2662038be7SMasahiro Yamadahttp://snapshots.linaro.org/components/kernel/leg-virt-tianocore-edk2-upstream/latest/QEMU-KERNEL-AARCH64/RELEASE_GCC5/QEMU_EFI.fd 276f625747SDouglas Raillard 28*4ebbea95SSumit GargBooting via semi-hosting option 29*4ebbea95SSumit Garg------------------------------- 30*4ebbea95SSumit Garg 316f625747SDouglas RaillardBoot binaries, except BL1, are primarily loaded via semi-hosting so all 326f625747SDouglas Raillardbinaries has to reside in the same directory as QEMU is started from. This 336f625747SDouglas Raillardis conveniently achieved with symlinks the local names as: 346f625747SDouglas Raillard 356f625747SDouglas Raillard- ``bl2.bin`` -> BL2 366f625747SDouglas Raillard- ``bl31.bin`` -> BL31 376f625747SDouglas Raillard- ``bl33.bin`` -> BL33 (``QEMU_EFI.fd``) 3862038be7SMasahiro Yamada- ``Image`` -> linux/arch/arm64/boot/Image 396f625747SDouglas Raillard 406f625747SDouglas RaillardTo build: 416f625747SDouglas Raillard 4229c02529SPaul Beesley.. code:: shell 436f625747SDouglas Raillard 446f625747SDouglas Raillard make CROSS_COMPILE=aarch64-none-elf- PLAT=qemu 456f625747SDouglas Raillard 4662038be7SMasahiro YamadaTo start (QEMU v4.1.0): 476f625747SDouglas Raillard 4829c02529SPaul Beesley.. code:: shell 496f625747SDouglas Raillard 506f625747SDouglas Raillard qemu-system-aarch64 -nographic -machine virt,secure=on -cpu cortex-a57 \ 516f625747SDouglas Raillard -kernel Image \ 5262038be7SMasahiro Yamada -append "console=ttyAMA0,38400 keep_bootcon root=/dev/vda2" \ 536f625747SDouglas Raillard -initrd rootfs-arm64.cpio.gz -smp 2 -m 1024 -bios bl1.bin \ 546f625747SDouglas Raillard -d unimp -semihosting-config enable,target=native 55*4ebbea95SSumit Garg 56*4ebbea95SSumit GargBooting via flash based firmwares 57*4ebbea95SSumit Garg--------------------------------- 58*4ebbea95SSumit Garg 59*4ebbea95SSumit GargBoot firmwares are loaded via secure FLASH0 device so ``bl1.bin`` and 60*4ebbea95SSumit Garg``fip.bin`` should be concatenated to create a ``flash.bin`` that is flashed 61*4ebbea95SSumit Gargonto secure FLASH0. 62*4ebbea95SSumit Garg 63*4ebbea95SSumit Garg- ``bl32.bin`` -> BL32 (``tee-header_v2.bin``) 64*4ebbea95SSumit Garg- ``bl32_extra1.bin`` -> BL32 Extra1 (``tee-pager_v2.bin``) 65*4ebbea95SSumit Garg- ``bl32_extra2.bin`` -> BL32 Extra2 (``tee-pageable_v2.bin``) 66*4ebbea95SSumit Garg- ``bl33.bin`` -> BL33 (``QEMU_EFI.fd``) 67*4ebbea95SSumit Garg- ``Image`` -> linux/arch/arm64/boot/Image 68*4ebbea95SSumit Garg 69*4ebbea95SSumit GargTo build: 70*4ebbea95SSumit Garg 71*4ebbea95SSumit Garg.. code:: shell 72*4ebbea95SSumit Garg 73*4ebbea95SSumit Garg make CROSS_COMPILE=aarch64-linux-gnu- PLAT=qemu BL32=bl32.bin \ 74*4ebbea95SSumit Garg BL32_EXTRA1=bl32_extra1.bin BL32_EXTRA2=bl32_extra2.bin \ 75*4ebbea95SSumit Garg BL33=bl33.bin BL32_RAM_LOCATION=tdram SPD=opteed all fip 76*4ebbea95SSumit Garg 77*4ebbea95SSumit GargTo build with TBBR enabled, BL31 and BL32 encrypted with test key: 78*4ebbea95SSumit Garg 79*4ebbea95SSumit Garg.. code:: shell 80*4ebbea95SSumit Garg 81*4ebbea95SSumit Garg make CROSS_COMPILE=aarch64-linux-gnu- PLAT=qemu BL32=bl32.bin \ 82*4ebbea95SSumit Garg BL32_EXTRA1=bl32_extra1.bin BL32_EXTRA2=bl32_extra2.bin \ 83*4ebbea95SSumit Garg BL33=bl33.bin BL32_RAM_LOCATION=tdram SPD=opteed all fip \ 84*4ebbea95SSumit Garg MBEDTLS_DIR=<path-to-mbedtls-repo> TRUSTED_BOARD_BOOT=1 \ 85*4ebbea95SSumit Garg GENERATE_COT=1 DECRYPTION_SUPPORT=aes_gcm FW_ENC_STATUS=0 \ 86*4ebbea95SSumit Garg ENCRYPT_BL31=1 ENCRYPT_BL32=1 87*4ebbea95SSumit Garg 88*4ebbea95SSumit GargTo build flash.bin: 89*4ebbea95SSumit Garg 90*4ebbea95SSumit Garg.. code:: shell 91*4ebbea95SSumit Garg 92*4ebbea95SSumit Garg dd if=build/qemu/release/bl1.bin of=flash.bin bs=4096 conv=notrunc 93*4ebbea95SSumit Garg dd if=build/qemu/release/fip.bin of=flash.bin seek=64 bs=4096 conv=notrunc 94*4ebbea95SSumit Garg 95*4ebbea95SSumit GargTo start (QEMU v2.6.0): 96*4ebbea95SSumit Garg 97*4ebbea95SSumit Garg.. code:: shell 98*4ebbea95SSumit Garg 99*4ebbea95SSumit Garg qemu-system-aarch64 -nographic -machine virt,secure=on -cpu cortex-a57 \ 100*4ebbea95SSumit Garg -kernel Image -no-acpi \ 101*4ebbea95SSumit Garg -append 'console=ttyAMA0,38400 keep_bootcon root=/dev/vda2' \ 102*4ebbea95SSumit Garg -initrd rootfs-arm64.cpio.gz -smp 2 -m 1024 -bios flash.bin \ 103*4ebbea95SSumit Garg -d unimp 104