xref: /rk3399_ARM-atf/docs/plat/qti/rb3gen2.rst (revision 1c63cd61495542b0b52e1b6e484c59ce5c26e0d2)

Dragonwing RB3 Gen 2 development platform
=========================================

Trusted Firmware-A (TF-A) platform port for Kodiak SoC based RB3Gen2 platform.
For details about RB3Gen2 platform, refer to this
`link <https://www.qualcomm.com/developer/hardware/rb3-gen-2-development-kit>`__

Boot flow
-------------

The boot flow on RB3Gen2 with TF-A BL2 replacing the TZ firmware binary and
FIP payload replcacing UEFI binary as::

        PBL (ROM) -> XBL -> TF-A BL2 -> TF-A BL31 -> BL33 -> Linux kernel
                                            |
                                             --> OP-TEE as BL32

BL33 can either be edk2, U-Boot, Coreboot + Depthcharge etc.

Summary:

- PBL authenticates and loads XBL on on-chip RAM (IMEM) which is responsible
  to initializing DRAM and has the flash storage driver.
- XBL/XBL_SEC authenticates and loads TF-A BL2 from `tz_a/b` partition and
  FIP payload from `uefi_a/b` partition on flash to DRAM.
- TF-A BL2 parses the FIP payload on DRAM and loads BL31, BL32 and BL33
  components in corresponding locations as specified in FIP metadata.

How to build
------------

Steps to build TF-A BL2 and FIP payload::

	$ make CROSS_COMPILE=aarch64-none-elf- PLAT=rb3gen2 SPD=opteed \
            QTISECLIB_PATH=<qtiseclib-path> BL32=<path-to-optee-bin> \
            BL33=<path-to-os-bootloader-bin> fip all

        $ ./tools/qti/generate_fip_elf.sh build/rb3gen2/release/fip.bin \
            0x9fc00000

QTISELIB for Kodiak/SC7280 is available at
`link <https://github.com/coreboot/qc_blobs/blob/master/sc7280/qtiseclib/libqtisec.a?raw=true>`__

Note that the bl2.elf generated here is required to be signed as TZ image with
QTI signing involved. Also, the fip.elf generated above is signed using
`qtestsign <https://github.com/msm8916-mainline/qtestsign>`__ which just puts
the OEM test signature to allow it to work on devices in non-secure mode. In
secure mode, it is required to be signed using
`sectools v2 <https://docs.qualcomm.com/bundle/publicresource/topics/80-70020-11/tools.html>`__

How to flash
------------

Generate a Yocto BSP image for RB3Gen2 following instructions from meta-qcom
`here <https://github.com/qualcomm-linux/meta-qcom?tab=readme-ov-file#quick-build>`__

It will generate a tar ball in the build folder for RB3Gen2 something like:
`qcom-multimedia-image-qcs6490-rb3gen2-core-kit.rootfs.qcomflash.tar.gz`. Untar
it and replace `tz.mbn` with `bl2.mbn` and `uefi.elf` with `fip.elf` that you
have generated by yourself.

Then flash the board following the meta-qcom instructions
`here <https://github.com/qualcomm-linux/meta-qcom?tab=readme-ov-file#flash-images>`__

Boot Trace
-------------

Boot logs on RB3Gen2::

        Format: Log Type - Time(microsec) - Message - Optional Info
        Log Type: B - Since Boot(Power On Reset),  D - Delta,  S - Statistic
        <snip-XBL-logs>
        NOTICE:  BL2: v2.13.0(release):v2.13.0-825-gc17b22110
        NOTICE:  BL2: Built : 15:54:07, Sep 25 2025
        NOTICE:  BL2: Booting BL31
        NOTICE:  BL31: v2.13.0(release):v2.13.0-825-gc17b22110
        NOTICE:  BL31: Built : 15:58:59, Sep 25 2025
        QTISECLIB [0019dc805]QC_IMAGE_VERSION_STRING=QTISECLIB.CB.1.0-00069-SC7280AAAAAANAZT-1
        QTISECLIB [001a0817c]IMAGE_VARIANT_STRING=SC7180LC
        QTISECLIB [001a221d8]OEM_IMAGE_VERSION_STRING=crm-ubuntu54
        QTISECLIB [001a40244]QC_IMAGE_TS_STRING=23:42:01, Aug 31 2022
        I/TC:
        I/TC: OP-TEE version: 4.7.0-79-g8a8fab26c (gcc version 14.2.0 (Ubuntu 14.2.0-19ubuntu2)) #7 Thu Sep 25 10:28:22 UTC 2025 aarch64
        I/TC: WARNING: This OP-TEE configuration might be insecure!
        I/TC: WARNING: Please check https://optee.readthedocs.io/en/latest/architecture/porting_guidelines.html
        I/TC: Primary CPU initializing
        I/TC: Primary CPU switching to normal world boot
        <snip>