1QEMU virt Armv8-A 2================= 3 4Trusted Firmware-A (TF-A) implements the EL3 firmware layer for QEMU virt 5Armv8-A. BL1 is used as the BootROM, supplied with the -bios argument. 6When QEMU starts all CPUs are released simultaneously, BL1 selects a 7primary CPU to handle the boot and the secondaries are placed in a polling 8loop to be released by normal world via PSCI. 9 10BL2 edits the Flattened Device Tree, FDT, generated by QEMU at run-time to 11add a node describing PSCI and also enable methods for the CPUs. 12 13If ``ARM_LINUX_KERNEL_AS_BL33`` is set to 1 then this FDT will be passed to BL33 14via register x0, as expected by a Linux kernel. This allows a Linux kernel image 15to be booted directly as BL33 rather than using a bootloader. 16 17An ARM64 defconfig v5.5 Linux kernel is known to boot, FDT doesn't need to be 18provided as it's generated by QEMU. 19 20Current limitations: 21 22- Only cold boot is supported 23- No build instructions for QEMU\_EFI.fd and rootfs-arm64.cpio.gz 24 25``QEMU_EFI.fd`` can be dowloaded from 26http://snapshots.linaro.org/components/kernel/leg-virt-tianocore-edk2-upstream/latest/QEMU-KERNEL-AARCH64/RELEASE_GCC5/QEMU_EFI.fd 27 28Booting via semi-hosting option 29------------------------------- 30 31Boot binaries, except BL1, are primarily loaded via semi-hosting so all 32binaries has to reside in the same directory as QEMU is started from. This 33is conveniently achieved with symlinks the local names as: 34 35- ``bl2.bin`` -> BL2 36- ``bl31.bin`` -> BL31 37- ``bl33.bin`` -> BL33 (``QEMU_EFI.fd``) 38- ``Image`` -> linux/arch/arm64/boot/Image 39 40To build: 41 42.. code:: shell 43 44 make CROSS_COMPILE=aarch64-none-elf- PLAT=qemu 45 46To start (QEMU v4.1.0): 47 48.. code:: shell 49 50 qemu-system-aarch64 -nographic -machine virt,secure=on -cpu cortex-a57 \ 51 -kernel Image \ 52 -append "console=ttyAMA0,38400 keep_bootcon root=/dev/vda2" \ 53 -initrd rootfs-arm64.cpio.gz -smp 2 -m 1024 -bios bl1.bin \ 54 -d unimp -semihosting-config enable,target=native 55 56Booting via flash based firmwares 57--------------------------------- 58 59Boot firmwares are loaded via secure FLASH0 device so ``bl1.bin`` and 60``fip.bin`` should be concatenated to create a ``flash.bin`` that is flashed 61onto secure FLASH0. 62 63- ``bl32.bin`` -> BL32 (``tee-header_v2.bin``) 64- ``bl32_extra1.bin`` -> BL32 Extra1 (``tee-pager_v2.bin``) 65- ``bl32_extra2.bin`` -> BL32 Extra2 (``tee-pageable_v2.bin``) 66- ``bl33.bin`` -> BL33 (``QEMU_EFI.fd``) 67- ``Image`` -> linux/arch/arm64/boot/Image 68 69To build: 70 71.. code:: shell 72 73 make CROSS_COMPILE=aarch64-linux-gnu- PLAT=qemu BL32=bl32.bin \ 74 BL32_EXTRA1=bl32_extra1.bin BL32_EXTRA2=bl32_extra2.bin \ 75 BL33=bl33.bin BL32_RAM_LOCATION=tdram SPD=opteed all fip 76 77To build with TBBR enabled, BL31 and BL32 encrypted with test key: 78 79.. code:: shell 80 81 make CROSS_COMPILE=aarch64-linux-gnu- PLAT=qemu BL32=bl32.bin \ 82 BL32_EXTRA1=bl32_extra1.bin BL32_EXTRA2=bl32_extra2.bin \ 83 BL33=bl33.bin BL32_RAM_LOCATION=tdram SPD=opteed all fip \ 84 MBEDTLS_DIR=<path-to-mbedtls-repo> TRUSTED_BOARD_BOOT=1 \ 85 GENERATE_COT=1 DECRYPTION_SUPPORT=aes_gcm FW_ENC_STATUS=0 \ 86 ENCRYPT_BL31=1 ENCRYPT_BL32=1 87 88To build flash.bin: 89 90.. code:: shell 91 92 dd if=build/qemu/release/bl1.bin of=flash.bin bs=4096 conv=notrunc 93 dd if=build/qemu/release/fip.bin of=flash.bin seek=64 bs=4096 conv=notrunc 94 95To start (QEMU v2.6.0): 96 97.. code:: shell 98 99 qemu-system-aarch64 -nographic -machine virt,secure=on -cpu cortex-a57 \ 100 -kernel Image -no-acpi \ 101 -append 'console=ttyAMA0,38400 keep_bootcon root=/dev/vda2' \ 102 -initrd rootfs-arm64.cpio.gz -smp 2 -m 1024 -bios flash.bin \ 103 -d unimp 104