xref: /rk3399_ARM-atf/docs/plat/socionext-uniphier.rst (revision 57354abb2032b4598ce513d5d1ca788fe3bcf356) 
1Socionext UniPhier
2==================
3
4Socionext UniPhier Armv8-A SoCs use Trusted Firmware-A (TF-A) as the secure
5world firmware, supporting BL2 and BL31.
6
7UniPhier SoC family implements its internal boot ROM, which loads 64KB [1]_
8image from a non-volatile storage to the on-chip SRAM, and jumps over to it.
9TF-A provides a special mode, BL2-AT-EL3, which enables BL2 to execute at EL3.
10It is useful for platforms with non-TF-A boot ROM, like UniPhier. Here, a
11problem is BL2 does not fit in the 64KB limit if `Trusted Board Boot`_ (TBB)
12is enabled. To solve this issue, Socionext provides a first stage loader
13called `UniPhier BL`_. This loader runs in the on-chip SRAM, initializes the
14DRAM, expands BL2 there, and hands the control over to it. Therefore, all images
15of TF-A run in DRAM.
16
17The UniPhier platform works with/without TBB. See below for the build process
18of each case. The image authentication for the UniPhier platform fully
19complies with the Trusted Board Boot Requirements (TBBR) specification.
20
21The UniPhier BL does not implement the authentication functionality, that is,
22it can not verify the BL2 image by itself. Instead, the UniPhier BL assures
23the BL2 validity in a different way; BL2 is GZIP-compressed and appended to
24the UniPhier BL. The concatenation of the UniPhier BL and the compressed BL2
25fits in the 64KB limit. The concatenated image is loaded by the internal boot
26ROM (and verified if the chip fuses are blown).
27
28
29Boot Flow
30---------
31
321. The Boot ROM
33
34   This is hard-wired ROM, so never corrupted. It loads the UniPhier BL (with
35   compressed-BL2 appended) into the on-chip SRAM. If the SoC fuses are blown,
36   the image is verified by the SoC's own method.
37
382. UniPhier BL
39
40   This runs in the on-chip SRAM. After the minimum SoC initialization and DRAM
41   setup, it decompresses the appended BL2 image into the DRAM, then jumps to
42   the BL2 entry.
43
443. BL2 (at EL3)
45
46   This runs in the DRAM. It extracts more images such as BL31, BL33 (optionally
47   SCP_BL2, BL32 as well) from Firmware Image Package (FIP). If TBB is enabled,
48   they are all authenticated by the standard mechanism of TF-A.
49   After loading all the images, it jumps to the BL31 entry.
50
514. BL31, BL32, and BL33
52
53   They all run in the DRAM. See `Firmware Design`_ for details.
54
55
56Basic Build
57-----------
58
59BL2 must be compressed for the reason above. The UniPhier's platform makefile
60provides a build target ``bl2_gzip`` for this.
61
62For a non-secure boot loader (aka BL33), U-Boot is well supported for UniPhier
63SoCs. The U-Boot image (``u-boot.bin``) must be built in advance. For the build
64procedure of U-Boot, refer to the document in the `U-Boot`_ project.
65
66To build minimum functionality for UniPhier (without TBB)::
67
68    make CROSS_COMPILE=<gcc-prefix> PLAT=uniphier BL33=<path-to-BL33> bl2_gzip fip
69
70Output images:
71
72- ``bl2.bin.gz``
73- ``fip.bin``
74
75
76Optional features
77-----------------
78
79- Trusted Board Boot
80
81  `mbed TLS`_ is needed as the cryptographic and image parser modules.
82  Refer to the `User Guide`_ for the appropriate version of mbed TLS.
83
84  To enable TBB, add the following options to the build command::
85
86      TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 MBEDTLS_DIR=<path-to-mbedtls>
87
88- System Control Processor (SCP)
89
90  If desired, FIP can include an SCP BL2 image. If BL2 finds an SCP BL2 image
91  in FIP, BL2 loads it into DRAM and kicks the SCP. Most of UniPhier boards
92  still work without SCP, but SCP provides better power management support.
93
94  To include SCP BL2, add the following option to the build command::
95
96      SCP_BL2=<path-to-SCP>
97
98- BL32 (Secure Payload)
99
100  To enable BL32, add the following options to the build command::
101
102      SPD=<spd> BL32=<path-to-BL32>
103
104  If you use TSP for BL32, ``BL32=<path-to-BL32>`` is not required. Just add the
105  following::
106
107      SPD=tspd
108
109
110.. [1] Some SoCs can load 80KB, but the software implementation must be aligned
111   to the lowest common denominator.
112.. _Trusted Board Boot: ../trusted-board-boot.rst
113.. _UniPhier BL: https://github.com/uniphier/uniphier-bl
114.. _Firmware Design: ../firmware-design.rst
115.. _U-Boot: https://www.denx.de/wiki/U-Boot
116.. _mbed TLS: https://tls.mbed.org/
117.. _User Guide: ../user-guide.rst
118