1*54fd6939SJiyong ParkQEMU virt Armv8-A 2*54fd6939SJiyong Park================= 3*54fd6939SJiyong Park 4*54fd6939SJiyong ParkTrusted Firmware-A (TF-A) implements the EL3 firmware layer for QEMU virt 5*54fd6939SJiyong ParkArmv8-A. BL1 is used as the BootROM, supplied with the -bios argument. 6*54fd6939SJiyong ParkWhen QEMU starts all CPUs are released simultaneously, BL1 selects a 7*54fd6939SJiyong Parkprimary CPU to handle the boot and the secondaries are placed in a polling 8*54fd6939SJiyong Parkloop to be released by normal world via PSCI. 9*54fd6939SJiyong Park 10*54fd6939SJiyong ParkBL2 edits the Flattened Device Tree, FDT, generated by QEMU at run-time to 11*54fd6939SJiyong Parkadd a node describing PSCI and also enable methods for the CPUs. 12*54fd6939SJiyong Park 13*54fd6939SJiyong ParkIf ``ARM_LINUX_KERNEL_AS_BL33`` is set to 1 then this FDT will be passed to BL33 14*54fd6939SJiyong Parkvia register x0, as expected by a Linux kernel. This allows a Linux kernel image 15*54fd6939SJiyong Parkto be booted directly as BL33 rather than using a bootloader. 16*54fd6939SJiyong Park 17*54fd6939SJiyong ParkAn ARM64 defconfig v5.5 Linux kernel is known to boot, FDT doesn't need to be 18*54fd6939SJiyong Parkprovided as it's generated by QEMU. 19*54fd6939SJiyong Park 20*54fd6939SJiyong ParkCurrent limitations: 21*54fd6939SJiyong Park 22*54fd6939SJiyong Park- Only cold boot is supported 23*54fd6939SJiyong Park 24*54fd6939SJiyong ParkGetting non-TF images 25*54fd6939SJiyong Park--------------------- 26*54fd6939SJiyong Park 27*54fd6939SJiyong Park``QEMU_EFI.fd`` can be downloaded from 28*54fd6939SJiyong Parkhttp://snapshots.linaro.org/components/kernel/leg-virt-tianocore-edk2-upstream/latest/QEMU-KERNEL-AARCH64/RELEASE_GCC5/QEMU_EFI.fd 29*54fd6939SJiyong Park 30*54fd6939SJiyong Parkor, can be built as follows: 31*54fd6939SJiyong Park 32*54fd6939SJiyong Park.. code:: shell 33*54fd6939SJiyong Park 34*54fd6939SJiyong Park git clone https://github.com/tianocore/edk2.git 35*54fd6939SJiyong Park cd edk2 36*54fd6939SJiyong Park git submodule update --init 37*54fd6939SJiyong Park make -C BaseTools 38*54fd6939SJiyong Park source edksetup.sh 39*54fd6939SJiyong Park export GCC5_AARCH64_PREFIX=aarch64-linux-gnu- 40*54fd6939SJiyong Park build -a AARCH64 -t GCC5 -p ArmVirtPkg/ArmVirtQemuKernel.dsc 41*54fd6939SJiyong Park 42*54fd6939SJiyong Park```` 43*54fd6939SJiyong Park 44*54fd6939SJiyong ParkThen, you will get ``Build/ArmVirtQemuKernel-AARCH64/DEBUG_GCC5/FV/QEMU_EFI.fd`` 45*54fd6939SJiyong Park 46*54fd6939SJiyong ParkPlease note you do not need to use GCC 5 in spite of the environment variable 47*54fd6939SJiyong Park``GCC5_AARCH64_PREFIX`` 48*54fd6939SJiyong Park 49*54fd6939SJiyong ParkThe rootfs can be built by using Buildroot as follows: 50*54fd6939SJiyong Park 51*54fd6939SJiyong Park.. code:: shell 52*54fd6939SJiyong Park 53*54fd6939SJiyong Park git clone git://git.buildroot.net/buildroot.git 54*54fd6939SJiyong Park cd buildroot 55*54fd6939SJiyong Park make qemu_aarch64_virt_defconfig 56*54fd6939SJiyong Park utils/config -e BR2_TARGET_ROOTFS_CPIO 57*54fd6939SJiyong Park utils/config -e BR2_TARGET_ROOTFS_CPIO_GZIP 58*54fd6939SJiyong Park make olddefconfig 59*54fd6939SJiyong Park make 60*54fd6939SJiyong Park 61*54fd6939SJiyong ParkThen, you will get ``output/images/rootfs.cpio.gz``. 62*54fd6939SJiyong Park 63*54fd6939SJiyong ParkBooting via semi-hosting option 64*54fd6939SJiyong Park------------------------------- 65*54fd6939SJiyong Park 66*54fd6939SJiyong ParkBoot binaries, except BL1, are primarily loaded via semi-hosting so all 67*54fd6939SJiyong Parkbinaries has to reside in the same directory as QEMU is started from. This 68*54fd6939SJiyong Parkis conveniently achieved with symlinks the local names as: 69*54fd6939SJiyong Park 70*54fd6939SJiyong Park- ``bl2.bin`` -> BL2 71*54fd6939SJiyong Park- ``bl31.bin`` -> BL31 72*54fd6939SJiyong Park- ``bl33.bin`` -> BL33 (``QEMU_EFI.fd``) 73*54fd6939SJiyong Park- ``Image`` -> linux/arch/arm64/boot/Image 74*54fd6939SJiyong Park 75*54fd6939SJiyong ParkTo build: 76*54fd6939SJiyong Park 77*54fd6939SJiyong Park.. code:: shell 78*54fd6939SJiyong Park 79*54fd6939SJiyong Park make CROSS_COMPILE=aarch64-none-elf- PLAT=qemu 80*54fd6939SJiyong Park 81*54fd6939SJiyong ParkTo start (QEMU v5.0.0): 82*54fd6939SJiyong Park 83*54fd6939SJiyong Park.. code:: shell 84*54fd6939SJiyong Park 85*54fd6939SJiyong Park qemu-system-aarch64 -nographic -machine virt,secure=on -cpu cortex-a57 \ 86*54fd6939SJiyong Park -kernel Image \ 87*54fd6939SJiyong Park -append "console=ttyAMA0,38400 keep_bootcon" \ 88*54fd6939SJiyong Park -initrd rootfs.cpio.gz -smp 2 -m 1024 -bios bl1.bin \ 89*54fd6939SJiyong Park -d unimp -semihosting-config enable,target=native 90*54fd6939SJiyong Park 91*54fd6939SJiyong ParkBooting via flash based firmwares 92*54fd6939SJiyong Park--------------------------------- 93*54fd6939SJiyong Park 94*54fd6939SJiyong ParkBoot firmwares are loaded via secure FLASH0 device so ``bl1.bin`` and 95*54fd6939SJiyong Park``fip.bin`` should be concatenated to create a ``flash.bin`` that is flashed 96*54fd6939SJiyong Parkonto secure FLASH0. 97*54fd6939SJiyong Park 98*54fd6939SJiyong Park- ``bl32.bin`` -> BL32 (``tee-header_v2.bin``) 99*54fd6939SJiyong Park- ``bl32_extra1.bin`` -> BL32 Extra1 (``tee-pager_v2.bin``) 100*54fd6939SJiyong Park- ``bl32_extra2.bin`` -> BL32 Extra2 (``tee-pageable_v2.bin``) 101*54fd6939SJiyong Park- ``bl33.bin`` -> BL33 (``QEMU_EFI.fd``) 102*54fd6939SJiyong Park- ``Image`` -> linux/arch/arm64/boot/Image 103*54fd6939SJiyong Park 104*54fd6939SJiyong ParkTo build: 105*54fd6939SJiyong Park 106*54fd6939SJiyong Park.. code:: shell 107*54fd6939SJiyong Park 108*54fd6939SJiyong Park make CROSS_COMPILE=aarch64-linux-gnu- PLAT=qemu BL32=bl32.bin \ 109*54fd6939SJiyong Park BL32_EXTRA1=bl32_extra1.bin BL32_EXTRA2=bl32_extra2.bin \ 110*54fd6939SJiyong Park BL33=bl33.bin BL32_RAM_LOCATION=tdram SPD=opteed all fip 111*54fd6939SJiyong Park 112*54fd6939SJiyong ParkTo build with TBBR enabled, BL31 and BL32 encrypted with test key: 113*54fd6939SJiyong Park 114*54fd6939SJiyong Park.. code:: shell 115*54fd6939SJiyong Park 116*54fd6939SJiyong Park make CROSS_COMPILE=aarch64-linux-gnu- PLAT=qemu BL32=bl32.bin \ 117*54fd6939SJiyong Park BL32_EXTRA1=bl32_extra1.bin BL32_EXTRA2=bl32_extra2.bin \ 118*54fd6939SJiyong Park BL33=bl33.bin BL32_RAM_LOCATION=tdram SPD=opteed all fip \ 119*54fd6939SJiyong Park MBEDTLS_DIR=<path-to-mbedtls-repo> TRUSTED_BOARD_BOOT=1 \ 120*54fd6939SJiyong Park GENERATE_COT=1 DECRYPTION_SUPPORT=aes_gcm FW_ENC_STATUS=0 \ 121*54fd6939SJiyong Park ENCRYPT_BL31=1 ENCRYPT_BL32=1 122*54fd6939SJiyong Park 123*54fd6939SJiyong ParkTo build flash.bin: 124*54fd6939SJiyong Park 125*54fd6939SJiyong Park.. code:: shell 126*54fd6939SJiyong Park 127*54fd6939SJiyong Park dd if=build/qemu/release/bl1.bin of=flash.bin bs=4096 conv=notrunc 128*54fd6939SJiyong Park dd if=build/qemu/release/fip.bin of=flash.bin seek=64 bs=4096 conv=notrunc 129*54fd6939SJiyong Park 130*54fd6939SJiyong ParkTo start (QEMU v5.0.0): 131*54fd6939SJiyong Park 132*54fd6939SJiyong Park.. code:: shell 133*54fd6939SJiyong Park 134*54fd6939SJiyong Park qemu-system-aarch64 -nographic -machine virt,secure=on -cpu cortex-a57 \ 135*54fd6939SJiyong Park -kernel Image -no-acpi \ 136*54fd6939SJiyong Park -append 'console=ttyAMA0,38400 keep_bootcon' \ 137*54fd6939SJiyong Park -initrd rootfs.cpio.gz -smp 2 -m 1024 -bios flash.bin \ 138*54fd6939SJiyong Park -d unimp 139