124dba2b3SPaul BeesleyQEMU virt Armv8-A 224dba2b3SPaul Beesley================= 36f625747SDouglas Raillard 44def07d5SDan HandleyTrusted Firmware-A (TF-A) implements the EL3 firmware layer for QEMU virt 54def07d5SDan HandleyArmv8-A. BL1 is used as the BootROM, supplied with the -bios argument. 66f625747SDouglas RaillardWhen QEMU starts all CPUs are released simultaneously, BL1 selects a 76f625747SDouglas Raillardprimary CPU to handle the boot and the secondaries are placed in a polling 86f625747SDouglas Raillardloop to be released by normal world via PSCI. 96f625747SDouglas Raillard 106f625747SDouglas RaillardBL2 edits the Flattened Device Tree, FDT, generated by QEMU at run-time to 116f625747SDouglas Raillardadd a node describing PSCI and also enable methods for the CPUs. 126f625747SDouglas Raillard 13*74464d5bSAndrew WalbranIf ``ARM_LINUX_KERNEL_AS_BL33`` is set to 1 then this FDT will be passed to BL33 14*74464d5bSAndrew Walbranvia register x0, as expected by a Linux kernel. This allows a Linux kernel image 15*74464d5bSAndrew Walbranto be booted directly as BL33 rather than using a bootloader. 16*74464d5bSAndrew Walbran 174def07d5SDan HandleyAn ARM64 defconfig v4.5 Linux kernel is known to boot, FDT doesn't need to be 186f625747SDouglas Raillardprovided as it's generated by QEMU. 196f625747SDouglas Raillard 206f625747SDouglas RaillardCurrent limitations: 216f625747SDouglas Raillard 226f625747SDouglas Raillard- Only cold boot is supported 236f625747SDouglas Raillard- No build instructions for QEMU\_EFI.fd and rootfs-arm64.cpio.gz 246f625747SDouglas Raillard- No instructions for how to load a BL32 (Secure Payload) 256f625747SDouglas Raillard 266f625747SDouglas Raillard``QEMU_EFI.fd`` can be dowloaded from 276f625747SDouglas Raillardhttp://snapshots.linaro.org/components/kernel/leg-virt-tianocore-edk2-upstream/latest/QEMU-KERNEL-AARCH64/RELEASE_GCC49/QEMU_EFI.fd 286f625747SDouglas Raillard 296f625747SDouglas RaillardBoot binaries, except BL1, are primarily loaded via semi-hosting so all 306f625747SDouglas Raillardbinaries has to reside in the same directory as QEMU is started from. This 316f625747SDouglas Raillardis conveniently achieved with symlinks the local names as: 326f625747SDouglas Raillard 336f625747SDouglas Raillard- ``bl2.bin`` -> BL2 346f625747SDouglas Raillard- ``bl31.bin`` -> BL31 356f625747SDouglas Raillard- ``bl33.bin`` -> BL33 (``QEMU_EFI.fd``) 366f625747SDouglas Raillard- ``Image`` -> linux/Image 376f625747SDouglas Raillard 386f625747SDouglas RaillardTo build: 396f625747SDouglas Raillard 4029c02529SPaul Beesley.. code:: shell 416f625747SDouglas Raillard 426f625747SDouglas Raillard make CROSS_COMPILE=aarch64-none-elf- PLAT=qemu 436f625747SDouglas Raillard 446f625747SDouglas RaillardTo start (QEMU v2.6.0): 456f625747SDouglas Raillard 4629c02529SPaul Beesley.. code:: shell 476f625747SDouglas Raillard 486f625747SDouglas Raillard qemu-system-aarch64 -nographic -machine virt,secure=on -cpu cortex-a57 \ 496f625747SDouglas Raillard -kernel Image \ 506f625747SDouglas Raillard -append console=ttyAMA0,38400 keep_bootcon root=/dev/vda2 \ 516f625747SDouglas Raillard -initrd rootfs-arm64.cpio.gz -smp 2 -m 1024 -bios bl1.bin \ 526f625747SDouglas Raillard -d unimp -semihosting-config enable,target=native 53