1*4def07d5SDan HandleyTrusted Firmware-A for Socionext UniPhier SoCs 2*4def07d5SDan Handley============================================== 36f625747SDouglas Raillard 458b6fccfSMasahiro Yamada 5*4def07d5SDan HandleySocionext UniPhier Armv8-A SoCs use Trusted Firmware-A (TF-A) as the secure 6*4def07d5SDan Handleyworld firmware, supporting BL2 and BL31. 76f625747SDouglas Raillard 8247fc043SMasahiro YamadaUniPhier SoC family implements its internal boot ROM, which loads 64KB [1]_ 9247fc043SMasahiro Yamadaimage from a non-volatile storage to the on-chip SRAM, and jumps over to it. 10*4def07d5SDan HandleyTF-A provides a special mode, BL2-AT-EL3, which enables BL2 to execute at EL3. 11*4def07d5SDan HandleyIt is useful for platforms with non-TF-A boot ROM, like UniPhier. Here, a 12*4def07d5SDan Handleyproblem is BL2 does not fit in the 64KB limit if `Trusted Board Boot`_ (TBB) 13*4def07d5SDan Handleyis enabled. To solve this issue, Socionext provides a first stage loader 14247fc043SMasahiro Yamadacalled `UniPhier BL`_. This loader runs in the on-chip SRAM, initializes the 15247fc043SMasahiro YamadaDRAM, expands BL2 there, and hands the control over to it. Therefore, all images 16*4def07d5SDan Handleyof TF-A run in DRAM. 176f625747SDouglas Raillard 186f625747SDouglas RaillardThe UniPhier platform works with/without TBB. See below for the build process 196f625747SDouglas Raillardof each case. The image authentication for the UniPhier platform fully 206f625747SDouglas Raillardcomplies with the Trusted Board Boot Requirements (TBBR) specification. 216f625747SDouglas Raillard 226f625747SDouglas RaillardThe UniPhier BL does not implement the authentication functionality, that is, 23247fc043SMasahiro Yamadait can not verify the BL2 image by itself. Instead, the UniPhier BL assures 24247fc043SMasahiro Yamadathe BL2 validity in a different way; BL2 is GZIP-compressed and appended to 25247fc043SMasahiro Yamadathe UniPhier BL. The concatenation of the UniPhier BL and the compressed BL2 26247fc043SMasahiro Yamadafits in the 64KB limit. The concatenated image is loaded by the internal boot 27247fc043SMasahiro YamadaROM (and verified if the chip fuses are blown). 286f625747SDouglas Raillard 296f625747SDouglas Raillard 306f625747SDouglas RaillardBoot Flow 316f625747SDouglas Raillard--------- 326f625747SDouglas Raillard 3358b6fccfSMasahiro Yamada1. The Boot ROM 346f625747SDouglas Raillard 356f625747SDouglas Raillard This is hard-wired ROM, so never corrupted. It loads the UniPhier BL (with 36247fc043SMasahiro Yamada compressed-BL2 appended) into the on-chip SRAM. If the SoC fuses are blown, 376f625747SDouglas Raillard the image is verified by the SoC's own method. 386f625747SDouglas Raillard 3958b6fccfSMasahiro Yamada2. UniPhier BL 406f625747SDouglas Raillard 416f625747SDouglas Raillard This runs in the on-chip SRAM. After the minimum SoC initialization and DRAM 42247fc043SMasahiro Yamada setup, it decompresses the appended BL2 image into the DRAM, then jumps to 43247fc043SMasahiro Yamada the BL2 entry. 446f625747SDouglas Raillard 45247fc043SMasahiro Yamada3. BL2 (at EL3) 466f625747SDouglas Raillard 47247fc043SMasahiro Yamada This runs in the DRAM. It extracts more images such as BL31, BL33 (optionally 48247fc043SMasahiro Yamada SCP_BL2, BL32 as well) from Firmware Image Package (FIP). If TBB is enabled, 49*4def07d5SDan Handley they are all authenticated by the standard mechanism of TF-A. 50247fc043SMasahiro Yamada After loading all the images, it jumps to the BL31 entry. 516f625747SDouglas Raillard 52247fc043SMasahiro Yamada4. BL31, BL32, and BL33 536f625747SDouglas Raillard 54247fc043SMasahiro Yamada They all run in the DRAM. See `Firmware Design`_ for details. 556f625747SDouglas Raillard 5658b6fccfSMasahiro Yamada 576f625747SDouglas RaillardBasic Build 586f625747SDouglas Raillard----------- 596f625747SDouglas Raillard 60247fc043SMasahiro YamadaBL2 must be compressed for the reason above. The UniPhier's platform makefile 61247fc043SMasahiro Yamadaprovides a build target ``bl2_gzip`` for this. 626f625747SDouglas Raillard 636f625747SDouglas RaillardFor a non-secure boot loader (aka BL33), U-Boot is well supported for UniPhier 646f625747SDouglas RaillardSoCs. The U-Boot image (``u-boot.bin``) must be built in advance. For the build 656f625747SDouglas Raillardprocedure of U-Boot, refer to the document in the `U-Boot`_ project. 666f625747SDouglas Raillard 6758b6fccfSMasahiro YamadaTo build minimum functionality for UniPhier (without TBB):: 686f625747SDouglas Raillard 69247fc043SMasahiro Yamada make CROSS_COMPILE=<gcc-prefix> PLAT=uniphier BL33=<path-to-BL33> bl2_gzip fip 706f625747SDouglas Raillard 716f625747SDouglas RaillardOutput images: 726f625747SDouglas Raillard 73247fc043SMasahiro Yamada- ``bl2.bin.gz`` 746f625747SDouglas Raillard- ``fip.bin`` 756f625747SDouglas Raillard 7658b6fccfSMasahiro Yamada 776f625747SDouglas RaillardOptional features 786f625747SDouglas Raillard----------------- 796f625747SDouglas Raillard 806f625747SDouglas Raillard- Trusted Board Boot 816f625747SDouglas Raillard 826f625747SDouglas Raillard `mbed TLS`_ is needed as the cryptographic and image parser modules. 836f625747SDouglas Raillard Refer to the `User Guide`_ for the appropriate version of mbed TLS. 846f625747SDouglas Raillard 8558b6fccfSMasahiro Yamada To enable TBB, add the following options to the build command:: 866f625747SDouglas Raillard 876f625747SDouglas Raillard TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 MBEDTLS_DIR=<path-to-mbedtls> 886f625747SDouglas Raillard 896f625747SDouglas Raillard- System Control Processor (SCP) 906f625747SDouglas Raillard 916f625747SDouglas Raillard If desired, FIP can include an SCP BL2 image. If BL2 finds an SCP BL2 image 926f625747SDouglas Raillard in FIP, BL2 loads it into DRAM and kicks the SCP. Most of UniPhier boards 936f625747SDouglas Raillard still work without SCP, but SCP provides better power management support. 946f625747SDouglas Raillard 9558b6fccfSMasahiro Yamada To include SCP BL2, add the following option to the build command:: 966f625747SDouglas Raillard 976f625747SDouglas Raillard SCP_BL2=<path-to-SCP> 986f625747SDouglas Raillard 996f625747SDouglas Raillard- BL32 (Secure Payload) 1006f625747SDouglas Raillard 10158b6fccfSMasahiro Yamada To enable BL32, add the following options to the build command:: 1026f625747SDouglas Raillard 1036f625747SDouglas Raillard SPD=<spd> BL32=<path-to-BL32> 1046f625747SDouglas Raillard 1056f625747SDouglas Raillard If you use TSP for BL32, ``BL32=<path-to-BL32>`` is not required. Just add the 10658b6fccfSMasahiro Yamada following:: 1076f625747SDouglas Raillard 1086f625747SDouglas Raillard SPD=tspd 1096f625747SDouglas Raillard 11058b6fccfSMasahiro Yamada 11158b6fccfSMasahiro Yamada.. [1] Some SoCs can load 80KB, but the software implementation must be aligned 11258b6fccfSMasahiro Yamada to the lowest common denominator. 1136f625747SDouglas Raillard.. _Trusted Board Boot: ../trusted-board-boot.rst 1146f625747SDouglas Raillard.. _UniPhier BL: https://github.com/uniphier/uniphier-bl 1156f625747SDouglas Raillard.. _Firmware Design: ../firmware-design.rst 1166f625747SDouglas Raillard.. _U-Boot: https://www.denx.de/wiki/U-Boot 1176f625747SDouglas Raillard.. _mbed TLS: https://tls.mbed.org/ 1186f625747SDouglas Raillard.. _User Guide: ../user-guide.rst 119