github
/
arm-trusted-firmware
mirror of https://github.com/ARM-software/arm-trusted-firmware.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #336 from danh-arm/sb/move-user-guide-to-linaro-release 

Update user guide to use Linaro releases
pull/334/merge
danh-arm 9 years ago
parent
6058ee6a21 640af0ee72
commit
ba06cf1b02
1 changed files with 205 additions and 314 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 519
      docs/user-guide.md

519
docs/user-guide.md
View File

@ -6,22 +6,25 @@ Contents :
1. [Introduction](#1--introduction)
2. [Host machine requirements](#2--host-machine-requirements)
3. [Tools](#3--tools)
4. [Building the Trusted Firmware](#4--building-the-trusted-firmware)
5. [Obtaining the normal world software](#5--obtaining-the-normal-world-software)
6. [Preparing the images to run on FVP](#6--preparing-the-images-to-run-on-fvp)
7. [Running the software on FVP](#7--running-the-software-on-fvp)
8. [Running the software on Juno](#8--running-the-software-on-juno)
4. [Getting the Trusted Firmware source code](#4--getting-the-trusted-firmware-source-code)
5. [Building the Trusted Firmware](#5--building-the-trusted-firmware)
6. [Building the rest of the software stack](#6--building-the-rest-of-the-software-stack)
7. [Preparing the images to run on FVP](#7--preparing-the-images-to-run-on-fvp)
8. [Running the software on FVP](#8--running-the-software-on-fvp)
9. [Running the software on Juno](#9--running-the-software-on-juno)
1. Introduction
----------------
This document describes how to build ARM Trusted Firmware and run it with a
tested set of other software components using defined configurations on the Juno
ARM development platform and ARM Fixed Virtual Platform (FVP) models. It is
possible to use other software components, configurations and platforms but that
is outside the scope of this document.
This document should be used in conjunction with the [Firmware Design].
This document should be used in conjunction with the [Firmware Design] and the
[Linaro release notes][Linaro releases].
2. Host machine requirements
@ -32,57 +35,79 @@ running the FVP models is a dual-core processor running at 2GHz with 12GB of
RAM. For best performance, use a machine with a quad-core processor running at
2.6GHz with 16GB of RAM.
The software has been tested on Ubuntu 12.04.04 (64-bit). Packages used
for building the software were installed from that distribution unless
otherwise specified.
The software has been tested on Ubuntu 14.04 LTS (64-bit). Packages used for
building the software were installed from that distribution unless otherwise
specified.
3. Tools
---------
The following tools are required to use the ARM Trusted Firmware:
* `git` package to obtain source code.
* `build-essential`, `uuid-dev` and `iasl` packages for building UEFI and the
Firmware Image Package (FIP) tool.
* `bc` and `ncurses-dev` packages for building Linux.
In addition to the prerequisite tools listed on the
[Linaro release notes][Linaro releases], the following tools are needed to use
the ARM Trusted Firmware:
* `device-tree-compiler` package for building the Flattened Device Tree (FDT)
source files (`.dts` files) provided with this software.
* Baremetal GNU GCC tools. Verified packages can be downloaded from [Linaro]
[Linaro Toolchain]. The rest of this document assumes that the
`gcc-linaro-aarch64-none-elf-4.9-2014.07_linux.tar.xz` tools are used.
wget http://releases.linaro.org/14.07/components/toolchain/binaries/gcc-linaro-aarch64-none-elf-4.9-2014.07_linux.tar.xz
tar -xf gcc-linaro-aarch64-none-elf-4.9-2014.07_linux.tar.xz
* `libssl-dev` package to build the certificate generation tool when support
for Trusted Board Boot is needed.
* (Optional) For debugging, ARM [Development Studio 5 (DS-5)][DS-5] v5.21.
4. Building the Trusted Firmware
---------------------------------
4. Getting the Trusted Firmware source code
--------------------------------------------
The Trusted Firmware source code can be obtained as part of the standard Linaro
releases, which provide a full software stack, including the Trusted Firmware,
normal world firmware, Linux kernel and device tree, file system as well as any
additional micro-controller firmware required by the platform. Please follow the
instructions on the [Linaro release notes][Linaro releases], section 2.2
"Downloading the software sources" and section 2.3 "Downloading the filesystem
binaries".
Note: Both the LSK kernel or the latest tracking kernel can be used along the
ARM Trusted Firmware, choose the one that best suits your needs.
The Trusted Firmware source code can then be found in the `arm-tf/` directory.
This is the full git repository cloned from Github. The revision checked out by
the `repo` tool is indicated by the manifest file. Depending on the manifest
file you're using, this might not be the latest development version. To
synchronize your copy of the repository and get the latest updates, use the
following commands:
# Change to the Trusted Firmware directory.
cd arm-tf
# Download the latest code from Github.
git fetch github
To build the Trusted Firmware images, follow these steps:
# Update your working copy to the latest master.
# This command will create a local branch master that tracks the remote
# branch master from Github.
git checkout --track github/master
1. Clone the ARM Trusted Firmware repository from GitHub:
git clone https://github.com/ARM-software/arm-trusted-firmware.git
Alternatively, the Trusted Firmware source code can be fetched on its own
from GitHub:
2. Change to the trusted firmware directory:
git clone https://github.com/ARM-software/arm-trusted-firmware.git
cd arm-trusted-firmware
However, the rest of this document assumes that you got the Trusted Firmware
as part of the Linaro release.
3. Set the compiler path, specify a Non-trusted Firmware image (BL3-3) and
5. Building the Trusted Firmware
---------------------------------
To build the Trusted Firmware images, change to the root directory of the
Trusted Firmware source tree and follow these steps:
1. Set the compiler path, specify a Non-trusted Firmware image (BL3-3) and
a valid platform, and then build:
CROSS_COMPILE=<path-to-aarch64-gcc>/bin/aarch64-none-elf- \
BL33=<path-to>/<bl33_image> \
CROSS_COMPILE=<path-to-aarch64-gcc>/bin/aarch64-linux-gnu- \
BL33=<path-to>/<bl33_image> \
make PLAT=<platform> all fip
If `PLAT` is not specified, `fvp` is assumed by default. See the "Summary of
@ -90,7 +115,7 @@ To build the Trusted Firmware images, follow these steps:
The BL3-3 image corresponds to the software that is executed after switching
to the non-secure world. UEFI can be used as the BL3-3 image. Refer to the
"Obtaining the normal world software" section below.
"Building the rest of the software stack" section below.
The TSP (Test Secure Payload), corresponding to the BL3-2 image, is not
compiled in by default. Refer to the "Building the Test Secure Payload"
@ -118,17 +143,17 @@ To build the Trusted Firmware images, follow these steps:
For more information on FIPs, see the "Firmware Image Package" section in
the [Firmware Design].
4. (Optional) Some platforms may require a BL3-0 image to boot. This image can
2. (Optional) Some platforms may require a BL3-0 image to boot. This image can
be included in the FIP when building the Trusted Firmware by specifying the
`BL30` build option:
BL30=<path-to>/<bl30_image>
5. Output binary files `bl1.bin` and `fip.bin` are both required to boot the
3. Output binary files `bl1.bin` and `fip.bin` are both required to boot the
system. How these files are used is platform specific. Refer to the
platform documentation on how to use the firmware images.
6. (Optional) Build products for a specific build variant can be removed using:
4. (Optional) Build products for a specific build variant can be removed using:
make DEBUG=<D> PLAT=<platform> clean
@ -138,7 +163,7 @@ To build the Trusted Firmware images, follow these steps:
make realclean
7. (Optional) Path to binary for certain BL stages (BL2, BL3-1 and BL3-2) can be
5. (Optional) Path to binary for certain BL stages (BL2, BL3-1 and BL3-2) can be
provided by specifying the BLx=<path-to>/<blx_image> where BLx is the BL stage.
This will bypass the build of the BL component from source, but will include
the specified binary in the final FIP image. Please note that BL3-2 will be
@ -424,8 +449,8 @@ Existing package entries can be individially updated:
To compile a debug version and make the build more verbose use
CROSS_COMPILE=<path-to-aarch64-gcc>/bin/aarch64-none-elf- \
BL33=<path-to>/<bl33_image> \
CROSS_COMPILE=<path-to-aarch64-gcc>/bin/aarch64-linux-gnu- \
BL33=<path-to>/<bl33_image> \
make PLAT=<platform> DEBUG=1 V=1 all fip
AArch64 GCC uses DWARF version 4 debugging symbols by default. Some tools (for
@ -443,9 +468,9 @@ platforms** section in the [Firmware Design]).
Extra debug options can be passed to the build system by setting `CFLAGS`:
CFLAGS='-O0 -gdwarf-2' \
CROSS_COMPILE=<path-to-aarch64-gcc>/bin/aarch64-none-elf- \
BL33=<path-to>/<bl33_image> \
CFLAGS='-O0 -gdwarf-2' \
CROSS_COMPILE=<path-to-aarch64-gcc>/bin/aarch64-linux-gnu- \
BL33=<path-to>/<bl33_image> \
make PLAT=<platform> DEBUG=1 V=1 all fip
@ -459,8 +484,8 @@ must be recompiled as well. For more information on SPs and SPDs, see the
First clean the Trusted Firmware build directory to get rid of any previous
BL3-1 binary. Then to build the TSP image and include it into the FIP use:
CROSS_COMPILE=<path-to-aarch64-gcc>/bin/aarch64-none-elf- \
BL33=<path-to>/<bl33_image> \
CROSS_COMPILE=<path-to-aarch64-gcc>/bin/aarch64-linux-gnu- \
BL33=<path-to>/<bl33_image> \
make PLAT=<platform> SPD=tspd all fip
An additional boot loader binary file is created in the `build` directory:
@ -546,7 +571,7 @@ feature.
Example of command line using RSA development keys:
CROSS_COMPILE=<path-to-aarch64-gcc>/bin/aarch64-none-elf- \
CROSS_COMPILE=<path-to-aarch64-gcc>/bin/aarch64-linux-gnu- \
BL33=<path-to>/<bl33_image> \
MBEDTLS_DIR=<path of the directory containing mbedTLS sources> \
make PLAT=<platform> TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 \
@ -583,121 +608,71 @@ set the `BASE_COMMIT` variable to your desired branch. By default, `BASE_COMMIT`
is set to `origin/master`.
5. Obtaining the normal world software
---------------------------------------
### Obtaining EDK2
Potentially any kind of non-trusted firmware may be used with the ARM Trusted
Firmware but the software has only been tested with the EFI Development Kit 2
(EDK2) open source implementation of the UEFI specification.
6. Building the rest of the software stack
-------------------------------------------
To build the software to be compatible with the Foundation and Base FVPs, or the
Juno platform, follow these steps:
The Linaro release provides a set of scripts that automate the process of
building all components of the software stack. However, the scripts only support
a limited number of Trusted Firmware build options. Therefore, it is recommended
to modify these scripts to build all components except Trusted Firmware, and
build Trusted Firmware separately as described in the section "Building the
Trusted Firmware" above.
1. Clone the [EDK2 source code][EDK2] from GitHub:
The instructions below are targeted at an OpenEmbedded filesystem.
git clone -n https://github.com/tianocore/edk2.git
1. To exclude Trusted Firmware from the automated build process, edit the
variant file `build-scripts/variants/<platform>-oe`, where `<platform>`
is either `fvp` or `juno`. Add the following lines at the end of the file:
Not all required features are available in the EDK2 mainline yet. These can
be obtained from the ARM-software EDK2 repository instead:
# Disable ARM Trusted Firmware build
ARM_TF_BUILD_ENABLED=0
cd edk2
git remote add -f --tags arm-software https://github.com/ARM-software/edk2.git
git checkout --detach v3.0
2. Launch the build script:
2. Copy build config templates to local workspace
CROSS_COMPILE=aarch64-linux-gnu- \
build-scripts/build-all.sh <platform>-oe
# in edk2/
. edksetup.sh
### Preparing the Firmware Image Package
3. Build the EDK2 host tools
The EDK2 binary should be specified as `BL33` in the `make` command line when
building the Trusted Firmware. See the "Building the Trusted Firmware" section
above. The EDK2 binary for use with the ARM Trusted Firmware can be found here:
make -C BaseTools clean
make -C BaseTools
uefi/edk2/Build/ArmVExpress-FVP-AArch64-Minimal/DEBUG_GCC49/FV/FVP_AARCH64_EFI.fd [for FVP]
uefi/edk2/Build/ArmJuno/DEBUG_GCC49/FV/BL33_AP_UEFI.fd [for Juno]
4. Build the EDK2 software
### Building an alternative EDK2
1. Build for FVP
* By default, EDK2 is built in debug mode. To build a release version instead,
change the following line in the variant file:
GCC49_AARCH64_PREFIX=<absolute-path-to-aarch64-gcc>/bin/aarch64-none-elf- \
make -f ArmPlatformPkg/Scripts/Makefile EDK2_ARCH=AARCH64 \
EDK2_DSC=ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc \
EDK2_TOOLCHAIN=GCC49 EDK2_BUILD=RELEASE \
EDK2_MACROS="-n 6 -D ARM_FOUNDATION_FVP=1"
UEFI_BUILD_MODE=DEBUG
The EDK2 binary for use with the ARM Trusted Firmware can then be found
here:
into:
Build/ArmVExpress-FVP-AArch64/RELEASE_GCC49/FV/FVP_AARCH64_EFI.fd
UEFI_BUILD_MODE=RELEASE
2. Build for Juno
* On FVP, if legacy GICv2 locations are used, the EDK2 platform makefile must
be updated. This is required as EDK2 does not support probing for the GIC
location. To do this, first clean the EDK2 build directory:
GCC49_AARCH64_PREFIX=<absolute-path-to-aarch64-gcc>/bin/aarch64-none-elf- \
make -f ArmPlatformPkg/ArmJunoPkg/Makefile EDK2_ARCH=AARCH64 \
EDK2_TOOLCHAIN=GCC49 EDK2_BUILD=RELEASE
build-scripts/build-uefi.sh fvp-oe clean
The EDK2 binary for use with the ARM Trusted Firmware can then be found
here:
Then edit the following file:
Build/ArmJuno/RELEASE_GCC49/FV/BL33_AP_UEFI.fd
uefi/edk2/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.mak
The EDK2 binary should be specified as `BL33` in in the `make` command line
when building the Trusted Firmware. See the "Building the Trusted Firmware"
section above.
5. (Optional) To build EDK2 in debug mode, remove `EDK2_BUILD=RELEASE` from the
command line.
6. (Optional) To boot Linux using a VirtioBlock file-system, the command line
passed from EDK2 to the Linux kernel must be modified as described in the
"Obtaining a root file-system" section below.
7. (Optional) If legacy GICv2 locations are used, the EDK2 platform description
must be updated. This is required as EDK2 does not support probing for the
GIC location. To do this, first clean the EDK2 build directory.
make -f ArmPlatformPkg/Scripts/Makefile EDK2_ARCH=AARCH64 \
EDK2_DSC=ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc \
EDK2_TOOLCHAIN=ARMGCC clean
Then rebuild EDK2 as described in step 3, using the following flag:
and add the following build flag into the `EDK2_MACROS` variable:
-D ARM_FVP_LEGACY_GICV2_LOCATION=1
Then rebuild everything as described above in step 2.
Finally rebuild the Trusted Firmware to generate a new FIP using the
instructions in the "Building the Trusted Firmware" section.
### Obtaining a Linux kernel
Preparing a Linux kernel for use on the FVPs can be done as follows
(GICv2 support only):
1. Clone Linux:
git clone git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Not all required features are available in the kernel mainline yet. These
can be obtained from the ARM-software Linux repository instead:
cd linux
git remote add -f --tags arm-software https://github.com/ARM-software/linux.git
git checkout --detach 1.6-Juno
2. Build with the Linaro GCC tools.
# in linux/
make mrproper
make ARCH=arm64 defconfig
CROSS_COMPILE=<path-to-aarch64-gcc>/bin/aarch64-none-elf- \
make -j6 ARCH=arm64
The compiled Linux image will now be found at `arch/arm64/boot/Image`.
6. Preparing the images to run on FVP
7. Preparing the images to run on FVP
--------------------------------------
### Obtaining the Flattened Device Trees
@ -708,6 +683,9 @@ the Trusted Firmware source directory under `fdts/`. The Foundation FVP has a
subset of the Base FVP components. For example, the Foundation FVP lacks CLCD
and MMC support, and has only one CPU cluster.
Note: It is not recommended to use the FDTs built along the kernel because not
all FDTs are available from there.
* `fvp-base-gicv2-psci.dtb`
(Default) For use with both AEMv8 and Cortex-A57-A53 Base FVPs with
@ -735,110 +713,16 @@ and MMC support, and has only one CPU cluster.
For use with Foundation FVP with Base memory map configuration and Linux
GICv3 support.
Copy the chosen FDT blob as `fdt.dtb` to the directory from which the FVP
is launched. Alternatively a symbolic link may be used.
### Preparing the kernel image
Copy the kernel image file `arch/arm64/boot/Image` to the directory from which
the FVP is launched. Alternatively a symbolic link may be used.
### Obtaining a root file-system
To prepare a Linaro LAMP based Open Embedded file-system, the following
instructions can be used as a guide. The file-system can be provided to Linux
via VirtioBlock or as a RAM-disk. Both methods are described below.
#### Prepare VirtioBlock
To prepare a VirtioBlock file-system, do the following:
1. Download and unpack the disk image.
NOTE: The unpacked disk image grows to 3 GiB in size.
wget http://releases.linaro.org/15.03/members/arm/openembedded/aarch64/vexpress64-openembedded_lamp-armv8-gcc-4.9_20150324-715.img.gz
gunzip vexpress64-openembedded_lamp-armv8-gcc-4.9_20150324-715.img.gz
2. Make sure the Linux kernel has Virtio support enabled using
`make ARCH=arm64 menuconfig`.
Device Drivers ---> Virtio drivers ---> <*> Platform bus driver for memory mapped virtio devices
Device Drivers ---> [*] Block devices ---> <*> Virtio block driver
File systems ---> <*> The Extended 4 (ext4) filesystem
If some of these configurations are missing, enable them, save the kernel
configuration, then rebuild the kernel image using the instructions
provided in the section "Obtaining a Linux kernel".
3. Change the Kernel command line to include `root=/dev/vda2`. This can either
be done in the EDK2 boot menu or in the platform file. Editing the platform
file and rebuilding EDK2 will make the change persist. To do this:
1. In EDK2, edit the following file:
Copy the kernel image file `linux/arch/arm64/boot/Image` to the directory from
which the FVP is launched. Alternatively a symbolic link may be used.
ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc
2. Add `root=/dev/vda2` to:
gArmPlatformTokenSpaceGuid.PcdDefaultBootArgument|"<Other default options>"
3. Remove the entry:
gArmPlatformTokenSpaceGuid.PcdDefaultBootInitrdPath|""
4. Rebuild EDK2 (see "Obtaining UEFI" section above).
4. The file-system image file should be provided to the model environment by
passing it the correct command line option. In the FVPs the following
option should be provided in addition to the ones described in the
"Running the software on FVP" section below.
NOTE: A symbolic link to this file cannot be used with the FVP; the path
to the real file must be provided.
On the Base FVPs:
-C bp.virtioblockdevice.image_path="<path-to>/<file-system-image>"
On the Foundation FVP:
--block-device="<path-to>/<file-system-image>"
5. Ensure that the FVP doesn't output any error messages. If the following
error message is displayed:
ERROR: BlockDevice: Failed to open "<path-to>/<file-system-image>"!
then make sure the path to the file-system image in the model parameter is
correct and that read permission is correctly set on the file-system image
file.
#### Prepare RAM-disk
To prepare a RAM-disk root file-system, do the following:
1. Download the file-system image:
wget http://releases.linaro.org/15.03/members/arm/openembedded/aarch64/linaro-image-lamp-genericarmv8-20150323-747.rootfs.tar.gz
2. Modify the Linaro image:
# Prepare for use as RAM-disk. Normally use MMC, NFS or VirtioBlock.
# Be careful, otherwise you could damage your host file-system.
mkdir tmp; cd tmp
sudo sh -c "zcat ../linaro-image-lamp-genericarmv8-20150323-747.rootfs.tar.gz | cpio -id"
sudo ln -s sbin/init .
sudo sh -c "echo 'devtmpfs /dev devtmpfs mode=0755,nosuid 0 0' >> etc/fstab"
sudo sh -c "find . | cpio --quiet -H newc -o | gzip -3 -n > ../filesystem.cpio.gz"
cd ..
3. Copy the resultant `filesystem.cpio.gz` to the directory where the FVP is
launched from. Alternatively a symbolic link may be used.
7. Running the software on FVP
8. Running the software on FVP
-------------------------------
This version of the ARM Trusted Firmware has been tested on the following ARM
@ -871,29 +755,33 @@ downloaded for free from [ARM's website][ARM FVP website].
The following `Foundation_Platform` parameters should be used to boot Linux with
4 CPUs using the ARM Trusted Firmware.
NOTE: Using the `--block-device` parameter is not necessary if a Linux RAM-disk
file-system is used (see the "Obtaining a File-system" section above).
<path-to>/Foundation_Platform \
--cores=4 \
--secure-memory \
--visualization \
--gicv3 \
--data="<path-to>/<bl1-binary>"@0x0 \
--data="<path-to>/<FIP-binary>"@0x08000000 \
--data="<path-to>/<fdt>"@0x83000000 \
--data="<path-to>/<kernel-binary>"@0x80080000 \
--block-device="<path-to>/<file-system-image>"
NOTE: The `--data="<path to FIP binary>"@0x8000000` parameter is used to load a
Firmware Image Package at the start of NOR FLASH0 (see the "Building the
Trusted Firmware" section above).
1. The `--data="<path-to-some-binary>"@0x...` parameters are used to load
binaries into memory.
<path-to>/Foundation_Platform \
--cores=4 \
--secure-memory \
--visualization \
--gicv3 \
--data="<path-to>/<bl1-binary>"@0x0 \
--data="<path-to>/<FIP-binary>"@0x8000000 \
--block-device="<path-to>/<file-system-image>"
* BL1 is loaded at the start of the Trusted ROM.
* The Firmware Image Package is loaded at the start of NOR FLASH0.
* The Linux kernel image and device tree are loaded in DRAM.
2. The `--block-device` parameter is used to specify the path to the file
system image provided to Linux via VirtioBlock. Note that it must point to
the real file and that a symbolic link to this file cannot be used with the
FVP.
The default use-case for the Foundation FVP is to enable the GICv3 device in
the model but use the GICv2 FDT, in order for Linux to drive the GIC in GICv2
emulation mode.
The memory mapped addresses `0x0` and `0x8000000` correspond to the start of
trusted ROM and NOR FLASH0 respectively.
### Notes regarding Base FVP configuration options
Please refer to these notes in the subsequent "Running on the Base FVP"
@ -907,9 +795,17 @@ sections.
still work (and run much faster) without this option but this will hide any
cache maintenance defects in the software.
3. Using the `-C bp.virtioblockdevice.image_path` parameter is not necessary
if a Linux RAM-disk file-system is used (see the "Obtaining a root
file-system" section above).
3. The `-C bp.virtioblockdevice.image_path` parameter is used to specify the
path to the file system image provided to Linux via VirtioBlock. Note that
it must point to the real file and that a symbolic link to this file cannot
be used with the FVP. Ensure that the FVP doesn't output any error messages.
If the following error message is displayed:
ERROR: BlockDevice: Failed to open "<path-to>/<file-system-image>"!
then make sure the path to the file-system image in the model parameter is
correct and that read permission is correctly set on the file-system image
file.
4. Setting the `-C bp.secure_memory` parameter to `1` is only supported on
Base FVP versions 5.4 and newer. Setting this parameter to `0` is also
@ -917,30 +813,33 @@ sections.
instructs the FVP to provide some helpful information if a secure memory
violation occurs.
5. This and the following notes only apply when the firmware is built with
5. The `--data="<path-to-some-binary>"@<base-address-of-binary>` parameter is
used to load images into Base FVP memory. The base addresses used should
match the image base addresses used while linking the images. This parameter
is used to load the Linux kernel image and device tree into DRAM.
6. This and the following notes only apply when the firmware is built with
the `RESET_TO_BL31` option.
The `--data="<path-to><bl31|bl32|bl33-binary>"@<base-address-of-binary>`
parameter is used to load bootloader images into Base FVP memory (see the
"Building the Trusted Firmware" section above). The base addresses used
should match the image base addresses in `platform_def.h` used while linking
the images. The BL3-2 image is only needed if BL3-1 has been built to expect
a Secure-EL1 Payload.
parameter is needed to load the individual bootloader images in memory.
BL32 image is only needed if BL31 has been built to expect a Secure-EL1
Payload.
6. The `-C cluster<X>.cpu<Y>.RVBAR=@<base-address-of-bl31>` parameter, where
7. The `-C cluster<X>.cpu<Y>.RVBAR=@<base-address-of-bl31>` parameter, where
X and Y are the cluster and CPU numbers respectively, is used to set the
reset vector for each core.
7. Changing the default value of `FVP_SHARED_DATA_LOCATION` will also require
8. Changing the default value of `FVP_SHARED_DATA_LOCATION` will also require
changing the value of
`--data="<path-to><bl31-binary>"@<base-address-of-bl31>` and
`-C cluster<X>.cpu<X>.RVBAR=@<base-address-of-bl31>`, to the new value of
`BL31_BASE` in `platform_def.h`.
`BL31_BASE`.
8. Changing the default value of `FVP_TSP_RAM_LOCATION` will also require
9. Changing the default value of `FVP_TSP_RAM_LOCATION` will also require
changing the value of
`--data="<path-to><bl32-binary>"@<base-address-of-bl32>` to the new value of
`BL32_BASE` in `platform_def.h`.
`BL32_BASE`.
### Running on the AEMv8 Base FVP with reset to BL1 entrypoint
@ -951,15 +850,17 @@ information about some of the options to run the software.
The following `FVP_Base_AEMv8A-AEMv8A` parameters should be used to boot Linux
with 8 CPUs using the ARM Trusted Firmware.
<path-to>/FVP_Base_AEMv8A-AEMv8A \
-C pctl.startup=0.0.0.0 \
-C bp.secure_memory=1 \
-C bp.tzc_400.diagnostics=1 \
-C cluster0.NUM_CORES=4 \
-C cluster1.NUM_CORES=4 \
-C cache_state_modelled=1 \
-C bp.secureflashloader.fname="<path-to>/<bl1-binary>" \
-C bp.flashloader0.fname="<path-to>/<FIP-binary>" \
<path-to>/FVP_Base_AEMv8A-AEMv8A \
-C pctl.startup=0.0.0.0 \
-C bp.secure_memory=1 \
-C bp.tzc_400.diagnostics=1 \
-C cluster0.NUM_CORES=4 \
-C cluster1.NUM_CORES=4 \
-C cache_state_modelled=1 \
-C bp.secureflashloader.fname="<path-to>/<bl1-binary>" \
-C bp.flashloader0.fname="<path-to>/<FIP-binary>" \
--data cluster0.cpu0="<path-to>/<fdt>"@0x83000000 \
--data cluster0.cpu0="<path-to>/<kernel-binary>"@0x80080000 \
-C bp.virtioblockdevice.image_path="<path-to>/<file-system-image>"
### Running on the Cortex-A57-A53 Base FVP with reset to BL1 entrypoint
@ -970,13 +871,15 @@ information about some of the options to run the software.
The following `FVP_Base_Cortex-A57x4-A53x4` model parameters should be used to
boot Linux with 8 CPUs using the ARM Trusted Firmware.
<path-to>/FVP_Base_Cortex-A57x4-A53x4 \
-C pctl.startup=0.0.0.0 \
-C bp.secure_memory=1 \
-C bp.tzc_400.diagnostics=1 \
-C cache_state_modelled=1 \
-C bp.secureflashloader.fname="<path-to>/<bl1-binary>" \
-C bp.flashloader0.fname="<path-to>/<FIP-binary>" \
<path-to>/FVP_Base_Cortex-A57x4-A53x4 \
-C pctl.startup=0.0.0.0 \
-C bp.secure_memory=1 \
-C bp.tzc_400.diagnostics=1 \
-C cache_state_modelled=1 \
-C bp.secureflashloader.fname="<path-to>/<bl1-binary>" \
-C bp.flashloader0.fname="<path-to>/<FIP-binary>" \
--data cluster0.cpu0="<path-to>/<fdt>"@0x83000000 \
--data cluster0.cpu0="<path-to>/<kernel-binary>"@0x80080000 \
-C bp.virtioblockdevice.image_path="<path-to>/<file-system-image>"
### Running on the AEMv8 Base FVP with reset to BL3-1 entrypoint
@ -1005,6 +908,8 @@ with 8 CPUs using the ARM Trusted Firmware.
--data cluster0.cpu0="<path-to>/<bl31-binary>"@0x04023000 \
--data cluster0.cpu0="<path-to>/<bl32-binary>"@0x04001000 \
--data cluster0.cpu0="<path-to>/<bl33-binary>"@0x88000000 \
--data cluster0.cpu0="<path-to>/<fdt>"@0x83000000 \
--data cluster0.cpu0="<path-to>/<kernel-binary>"@0x80080000 \
-C bp.virtioblockdevice.image_path="<path-to>/<file-system-image>"
### Running on the Cortex-A57-A53 Base FVP with reset to BL3-1 entrypoint
@ -1031,6 +936,8 @@ boot Linux with 8 CPUs using the ARM Trusted Firmware.
--data cluster0.cpu0="<path-to>/<bl31-binary>"@0x04023000 \
--data cluster0.cpu0="<path-to>/<bl32-binary>"@0x04001000 \
--data cluster0.cpu0="<path-to>/<bl33-binary>"@0x88000000 \
--data cluster0.cpu0="<path-to>/<fdt>"@0x83000000 \
--data cluster0.cpu0="<path-to>/<kernel-binary>"@0x80080000 \
-C bp.virtioblockdevice.image_path="<path-to>/<file-system-image>"
### Configuring the GICv2 memory map
@ -1115,48 +1022,38 @@ The `bp.variant` parameter corresponds to the build variant field of the
detect the legacy VE memory map while configuring the GIC.
8. Running the software on Juno
9. Running the software on Juno
--------------------------------
### Preparing Trusted Firmware images
This version of the ARM Trusted Firmware has been tested on Juno r0 and Juno r1.
To execute the versions of software components on Juno referred to in this
document, the latest [Juno Board Recovery Image] must be installed. If you
document, the latest Juno board recovery image must be installed. If you
have an earlier version installed or are unsure which version is installed,
follow the recovery image update instructions in the [Juno Software Guide]
on the [ARM Connected Community] website.
on the [ARM Connected Community] website. The latest Juno board recovery image
can be obtained from [Linaro releases], see section 2.7 "Using prebuilt
binaries".
Note that you must use the board recovery image provided in the Juno R1 Initial
Alpha release, even for Juno R0. This is because the Trusted Firmware now
supports the new [SCPI v1.0 final protocol][Juno SCP Protocols v1.0]
exclusively, which is not compatible with the SCP firmware provided in the
latest Juno R0 release. Although the Juno R1 Initial Alpha release is generally
not recommended for use with Juno R0 boards, it is suitable for Trusted Firmware
development.
### Preparing Trusted Firmware images
The Juno platform requires a BL0 and a BL3-0 image to boot up. The BL0 image
The Juno platform requires a BL0 and a BL30 image to boot up. The BL0 image
contains the ROM firmware that runs on the SCP (System Control Processor),
whereas the BL3-0 image contains the SCP Runtime firmware. Both images are
embedded within the [Juno Board Recovery Image] but they can also be downloaded
directly: [Juno SCP ROM Firmware] and [Juno SCP Runtime Firmware].
Rebuild the Trusted Firmware specifying the BL3-0 image. Refer to the section
"Building the Trusted Firmware". Alternatively, the FIP image can be updated
manually with the BL3-0 image:
whereas the BL30 image contains the SCP Runtime firmware. Both images are
embedded within the Juno board recovery image, these are the files `bl0.bin`
and `bl30.bin`.
fip_create --dump --bl30 <path-to>/<bl30-binary> <path-to>/<FIP-binary>
The BL30 file must be part of the FIP image. Therefore, its path must be
supplied using the `BL30` variable on the command line when building the
FIP. Please refer to the section "Building the Trusted Firmware".
### Obtaining the Flattened Device Tree
Juno's device tree blob is built along with the kernel. It is located in:
<path-to-linux>/arch/arm64/boot/dts/arm/juno.dtb
After building Trusted Firmware, the files `bl1.bin` and `fip.bin` need copying
to the `SOFTWARE/` directory as explained in the [Juno Software Guide].
### Other Juno software information
Please refer to the [Juno Software Guide] to:
* Deploy a root filesystem
* Install and run the Juno binaries on the board
* Obtain any other Juno software information
@ -1166,17 +1063,11 @@ Please refer to the [Juno Software Guide] to:
_Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved._
[Firmware Design]: ./firmware-design.md
[Firmware Design]: firmware-design.md
[Linaro releases]: http://releases.linaro.org/15.06/members/arm/platforms
[ARM FVP website]: http://www.arm.com/fvp
[ARM Connected Community]: http://community.arm.com
[Juno Software Guide]: http://community.arm.com/docs/DOC-8396
[Juno Board Recovery Image]: http://community.arm.com/servlet/JiveServlet/download/10177-1-18236/board_recovery_image_0.11.3.zip
[Juno SCP ROM Firmware]: http://community.arm.com/servlet/JiveServlet/download/10177-1-18187/bl0.bin.zip
[Juno SCP Runtime Firmware]: http://community.arm.com/servlet/JiveServlet/download/10177-1-18193/bl30.bin.zip
[Juno SCP Protocols v1.0]: http://community.arm.com/servlet/JiveServlet/download/8401-40-18262/DUI0922A_scp_message_interface.pdf
[Linaro Toolchain]: http://releases.linaro.org/14.07/components/toolchain/binaries/
[EDK2]: http://github.com/tianocore/edk2
[DS-5]: http://www.arm.com/products/tools/software-tools/ds-5/index.php
[mbedTLS Repository]: https://github.com/ARMmbed/mbedtls.git
[Trusted Board Boot]: trusted-board-boot.md

Write Preview
Loading…
Cancel
Save