xref: /rk3399_ARM-atf/docs/plat/socionext-uniphier.rst (revision 7593252cee8745bbf1b05deb2f4a5f742d36c412) 
1ARM Trusted Firmware for Socionext UniPhier SoCs
2================================================
3
4
5Socionext UniPhier ARMv8-A SoCs use ARM Trusted Firmware as the secure world
6firmware, supporting BL1, BL2, and BL31.
7
8UniPhier SoC family implements its internal boot ROM, so BL1 is used as pseudo
9ROM (i.e. runs in RAM). The internal boot ROM loads 64KB [1]_ image from a
10non-volatile storage to the on-chip SRAM. Unfortunately, BL1 does not fit in
11the 64KB limit if `Trusted Board Boot`_ (TBB) is enabled. To solve this problem,
12Socionext provides a first stage loader called `UniPhier BL`_. This loader runs
13in the on-chip SRAM, initializes the DRAM, expands BL1 there, and hands the
14control over to it. Therefore, all images of ARM Trusted Firmware run in DRAM.
15
16The UniPhier platform works with/without TBB. See below for the build process
17of each case. The image authentication for the UniPhier platform fully
18complies with the Trusted Board Boot Requirements (TBBR) specification.
19
20The UniPhier BL does not implement the authentication functionality, that is,
21it can not verify the BL1 image by itself. Instead, the UniPhier BL assures
22the BL1 validity in a different way; BL1 is GZIP-compressed and appended to
23the UniPhier BL. The concatenation of the UniPhier BL and the compressed BL1
24fits in the 64KB limit. The concatenated image is loaded by the boot ROM
25(and verified if the chip fuses are blown).
26
27
28Boot Flow
29---------
30
311. The Boot ROM
32
33   This is hard-wired ROM, so never corrupted. It loads the UniPhier BL (with
34   compressed-BL1 appended) into the on-chip SRAM. If the SoC fuses are blown,
35   the image is verified by the SoC's own method.
36
372. UniPhier BL
38
39   This runs in the on-chip SRAM. After the minimum SoC initialization and DRAM
40   setup, it decompresses the appended BL1 image into the DRAM, then jumps to
41   the BL1 entry.
42
433. BL1
44
45   This runs in the DRAM. It extracts BL2 from FIP (Firmware Image Package).
46   If TBB is enabled, the BL2 is authenticated by the standard mechanism of ARM
47   Trusted Firmware.
48
494. BL2, BL31, and more
50
51   They all run in the DRAM, and are authenticated by the standard mechanism if
52   TBB is enabled. See `Firmware Design`_ for details.
53
54
55Basic Build
56-----------
57
58BL1 must be compressed for the reason above. The UniPhier's platform makefile
59provides a build target ``bl1_gzip`` for this.
60
61For a non-secure boot loader (aka BL33), U-Boot is well supported for UniPhier
62SoCs. The U-Boot image (``u-boot.bin``) must be built in advance. For the build
63procedure of U-Boot, refer to the document in the `U-Boot`_ project.
64
65To build minimum functionality for UniPhier (without TBB)::
66
67    make CROSS_COMPILE=<gcc-prefix> PLAT=uniphier BL33=<path-to-BL33> bl1_gzip fip
68
69Output images:
70
71- ``bl1.bin.gzip``
72- ``fip.bin``
73
74
75Optional features
76-----------------
77
78- Trusted Board Boot
79
80  `mbed TLS`_ is needed as the cryptographic and image parser modules.
81  Refer to the `User Guide`_ for the appropriate version of mbed TLS.
82
83  To enable TBB, add the following options to the build command::
84
85      TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 MBEDTLS_DIR=<path-to-mbedtls>
86
87- System Control Processor (SCP)
88
89  If desired, FIP can include an SCP BL2 image. If BL2 finds an SCP BL2 image
90  in FIP, BL2 loads it into DRAM and kicks the SCP. Most of UniPhier boards
91  still work without SCP, but SCP provides better power management support.
92
93  To include SCP BL2, add the following option to the build command::
94
95      SCP_BL2=<path-to-SCP>
96
97- BL32 (Secure Payload)
98
99  To enable BL32, add the following options to the build command::
100
101      SPD=<spd> BL32=<path-to-BL32>
102
103  If you use TSP for BL32, ``BL32=<path-to-BL32>`` is not required. Just add the
104  following::
105
106      SPD=tspd
107
108
109.. [1] Some SoCs can load 80KB, but the software implementation must be aligned
110   to the lowest common denominator.
111.. _Trusted Board Boot: ../trusted-board-boot.rst
112.. _UniPhier BL: https://github.com/uniphier/uniphier-bl
113.. _Firmware Design: ../firmware-design.rst
114.. _U-Boot: https://www.denx.de/wiki/U-Boot
115.. _mbed TLS: https://tls.mbed.org/
116.. _User Guide: ../user-guide.rst
117