1*24dba2b3SPaul BeesleySocionext UniPhier 2*24dba2b3SPaul Beesley================== 358b6fccfSMasahiro Yamada 44def07d5SDan HandleySocionext UniPhier Armv8-A SoCs use Trusted Firmware-A (TF-A) as the secure 54def07d5SDan Handleyworld firmware, supporting BL2 and BL31. 66f625747SDouglas Raillard 7247fc043SMasahiro YamadaUniPhier SoC family implements its internal boot ROM, which loads 64KB [1]_ 8247fc043SMasahiro Yamadaimage from a non-volatile storage to the on-chip SRAM, and jumps over to it. 94def07d5SDan HandleyTF-A provides a special mode, BL2-AT-EL3, which enables BL2 to execute at EL3. 104def07d5SDan HandleyIt is useful for platforms with non-TF-A boot ROM, like UniPhier. Here, a 114def07d5SDan Handleyproblem is BL2 does not fit in the 64KB limit if `Trusted Board Boot`_ (TBB) 124def07d5SDan Handleyis enabled. To solve this issue, Socionext provides a first stage loader 13247fc043SMasahiro Yamadacalled `UniPhier BL`_. This loader runs in the on-chip SRAM, initializes the 14247fc043SMasahiro YamadaDRAM, expands BL2 there, and hands the control over to it. Therefore, all images 154def07d5SDan Handleyof TF-A run in DRAM. 166f625747SDouglas Raillard 176f625747SDouglas RaillardThe UniPhier platform works with/without TBB. See below for the build process 186f625747SDouglas Raillardof each case. The image authentication for the UniPhier platform fully 196f625747SDouglas Raillardcomplies with the Trusted Board Boot Requirements (TBBR) specification. 206f625747SDouglas Raillard 216f625747SDouglas RaillardThe UniPhier BL does not implement the authentication functionality, that is, 22247fc043SMasahiro Yamadait can not verify the BL2 image by itself. Instead, the UniPhier BL assures 23247fc043SMasahiro Yamadathe BL2 validity in a different way; BL2 is GZIP-compressed and appended to 24247fc043SMasahiro Yamadathe UniPhier BL. The concatenation of the UniPhier BL and the compressed BL2 25247fc043SMasahiro Yamadafits in the 64KB limit. The concatenated image is loaded by the internal boot 26247fc043SMasahiro YamadaROM (and verified if the chip fuses are blown). 276f625747SDouglas Raillard 286f625747SDouglas Raillard 296f625747SDouglas RaillardBoot Flow 306f625747SDouglas Raillard--------- 316f625747SDouglas Raillard 3258b6fccfSMasahiro Yamada1. The Boot ROM 336f625747SDouglas Raillard 346f625747SDouglas Raillard This is hard-wired ROM, so never corrupted. It loads the UniPhier BL (with 35247fc043SMasahiro Yamada compressed-BL2 appended) into the on-chip SRAM. If the SoC fuses are blown, 366f625747SDouglas Raillard the image is verified by the SoC's own method. 376f625747SDouglas Raillard 3858b6fccfSMasahiro Yamada2. UniPhier BL 396f625747SDouglas Raillard 406f625747SDouglas Raillard This runs in the on-chip SRAM. After the minimum SoC initialization and DRAM 41247fc043SMasahiro Yamada setup, it decompresses the appended BL2 image into the DRAM, then jumps to 42247fc043SMasahiro Yamada the BL2 entry. 436f625747SDouglas Raillard 44247fc043SMasahiro Yamada3. BL2 (at EL3) 456f625747SDouglas Raillard 46247fc043SMasahiro Yamada This runs in the DRAM. It extracts more images such as BL31, BL33 (optionally 47247fc043SMasahiro Yamada SCP_BL2, BL32 as well) from Firmware Image Package (FIP). If TBB is enabled, 484def07d5SDan Handley they are all authenticated by the standard mechanism of TF-A. 49247fc043SMasahiro Yamada After loading all the images, it jumps to the BL31 entry. 506f625747SDouglas Raillard 51247fc043SMasahiro Yamada4. BL31, BL32, and BL33 526f625747SDouglas Raillard 53247fc043SMasahiro Yamada They all run in the DRAM. See `Firmware Design`_ for details. 546f625747SDouglas Raillard 5558b6fccfSMasahiro Yamada 566f625747SDouglas RaillardBasic Build 576f625747SDouglas Raillard----------- 586f625747SDouglas Raillard 59247fc043SMasahiro YamadaBL2 must be compressed for the reason above. The UniPhier's platform makefile 60247fc043SMasahiro Yamadaprovides a build target ``bl2_gzip`` for this. 616f625747SDouglas Raillard 626f625747SDouglas RaillardFor a non-secure boot loader (aka BL33), U-Boot is well supported for UniPhier 636f625747SDouglas RaillardSoCs. The U-Boot image (``u-boot.bin``) must be built in advance. For the build 646f625747SDouglas Raillardprocedure of U-Boot, refer to the document in the `U-Boot`_ project. 656f625747SDouglas Raillard 6658b6fccfSMasahiro YamadaTo build minimum functionality for UniPhier (without TBB):: 676f625747SDouglas Raillard 68247fc043SMasahiro Yamada make CROSS_COMPILE=<gcc-prefix> PLAT=uniphier BL33=<path-to-BL33> bl2_gzip fip 696f625747SDouglas Raillard 706f625747SDouglas RaillardOutput images: 716f625747SDouglas Raillard 72247fc043SMasahiro Yamada- ``bl2.bin.gz`` 736f625747SDouglas Raillard- ``fip.bin`` 746f625747SDouglas Raillard 7558b6fccfSMasahiro Yamada 766f625747SDouglas RaillardOptional features 776f625747SDouglas Raillard----------------- 786f625747SDouglas Raillard 796f625747SDouglas Raillard- Trusted Board Boot 806f625747SDouglas Raillard 816f625747SDouglas Raillard `mbed TLS`_ is needed as the cryptographic and image parser modules. 826f625747SDouglas Raillard Refer to the `User Guide`_ for the appropriate version of mbed TLS. 836f625747SDouglas Raillard 8458b6fccfSMasahiro Yamada To enable TBB, add the following options to the build command:: 856f625747SDouglas Raillard 866f625747SDouglas Raillard TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 MBEDTLS_DIR=<path-to-mbedtls> 876f625747SDouglas Raillard 886f625747SDouglas Raillard- System Control Processor (SCP) 896f625747SDouglas Raillard 906f625747SDouglas Raillard If desired, FIP can include an SCP BL2 image. If BL2 finds an SCP BL2 image 916f625747SDouglas Raillard in FIP, BL2 loads it into DRAM and kicks the SCP. Most of UniPhier boards 926f625747SDouglas Raillard still work without SCP, but SCP provides better power management support. 936f625747SDouglas Raillard 9458b6fccfSMasahiro Yamada To include SCP BL2, add the following option to the build command:: 956f625747SDouglas Raillard 966f625747SDouglas Raillard SCP_BL2=<path-to-SCP> 976f625747SDouglas Raillard 986f625747SDouglas Raillard- BL32 (Secure Payload) 996f625747SDouglas Raillard 10058b6fccfSMasahiro Yamada To enable BL32, add the following options to the build command:: 1016f625747SDouglas Raillard 1026f625747SDouglas Raillard SPD=<spd> BL32=<path-to-BL32> 1036f625747SDouglas Raillard 1046f625747SDouglas Raillard If you use TSP for BL32, ``BL32=<path-to-BL32>`` is not required. Just add the 10558b6fccfSMasahiro Yamada following:: 1066f625747SDouglas Raillard 1076f625747SDouglas Raillard SPD=tspd 1086f625747SDouglas Raillard 10958b6fccfSMasahiro Yamada 11058b6fccfSMasahiro Yamada.. [1] Some SoCs can load 80KB, but the software implementation must be aligned 11158b6fccfSMasahiro Yamada to the lowest common denominator. 1126f625747SDouglas Raillard.. _Trusted Board Boot: ../trusted-board-boot.rst 1136f625747SDouglas Raillard.. _UniPhier BL: https://github.com/uniphier/uniphier-bl 1146f625747SDouglas Raillard.. _Firmware Design: ../firmware-design.rst 1156f625747SDouglas Raillard.. _U-Boot: https://www.denx.de/wiki/U-Boot 1166f625747SDouglas Raillard.. _mbed TLS: https://tls.mbed.org/ 1176f625747SDouglas Raillard.. _User Guide: ../user-guide.rst 118