1*54fd6939SJiyong ParkSocionext UniPhier 2*54fd6939SJiyong Park================== 3*54fd6939SJiyong Park 4*54fd6939SJiyong ParkSocionext UniPhier Armv8-A SoCs use Trusted Firmware-A (TF-A) as the secure 5*54fd6939SJiyong Parkworld firmware, supporting BL2 and BL31. 6*54fd6939SJiyong Park 7*54fd6939SJiyong ParkUniPhier SoC family implements its internal boot ROM, which loads 64KB [1]_ 8*54fd6939SJiyong Parkimage from a non-volatile storage to the on-chip SRAM, and jumps over to it. 9*54fd6939SJiyong ParkTF-A provides a special mode, BL2-AT-EL3, which enables BL2 to execute at EL3. 10*54fd6939SJiyong ParkIt is useful for platforms with non-TF-A boot ROM, like UniPhier. Here, a 11*54fd6939SJiyong Parkproblem is BL2 does not fit in the 64KB limit if 12*54fd6939SJiyong Park:ref:`Trusted Board Boot (TBB) <Trusted Board Boot>` is enabled. 13*54fd6939SJiyong ParkTo solve this issue, Socionext provides a first stage loader called 14*54fd6939SJiyong Park`UniPhier BL`_. This loader runs in the on-chip SRAM, initializes the DRAM, 15*54fd6939SJiyong Parkexpands BL2 there, and hands the control over to it. Therefore, all images 16*54fd6939SJiyong Parkof TF-A run in DRAM. 17*54fd6939SJiyong Park 18*54fd6939SJiyong ParkThe UniPhier platform works with/without TBB. See below for the build process 19*54fd6939SJiyong Parkof each case. The image authentication for the UniPhier platform fully 20*54fd6939SJiyong Parkcomplies with the Trusted Board Boot Requirements (TBBR) specification. 21*54fd6939SJiyong Park 22*54fd6939SJiyong ParkThe UniPhier BL does not implement the authentication functionality, that is, 23*54fd6939SJiyong Parkit can not verify the BL2 image by itself. Instead, the UniPhier BL assures 24*54fd6939SJiyong Parkthe BL2 validity in a different way; BL2 is GZIP-compressed and appended to 25*54fd6939SJiyong Parkthe UniPhier BL. The concatenation of the UniPhier BL and the compressed BL2 26*54fd6939SJiyong Parkfits in the 64KB limit. The concatenated image is loaded by the internal boot 27*54fd6939SJiyong ParkROM (and verified if the chip fuses are blown). 28*54fd6939SJiyong Park 29*54fd6939SJiyong Park 30*54fd6939SJiyong ParkBoot Flow 31*54fd6939SJiyong Park--------- 32*54fd6939SJiyong Park 33*54fd6939SJiyong Park1. The Boot ROM 34*54fd6939SJiyong Park 35*54fd6939SJiyong Park This is hard-wired ROM, so never corrupted. It loads the UniPhier BL (with 36*54fd6939SJiyong Park compressed-BL2 appended) into the on-chip SRAM. If the SoC fuses are blown, 37*54fd6939SJiyong Park the image is verified by the SoC's own method. 38*54fd6939SJiyong Park 39*54fd6939SJiyong Park2. UniPhier BL 40*54fd6939SJiyong Park 41*54fd6939SJiyong Park This runs in the on-chip SRAM. After the minimum SoC initialization and DRAM 42*54fd6939SJiyong Park setup, it decompresses the appended BL2 image into the DRAM, then jumps to 43*54fd6939SJiyong Park the BL2 entry. 44*54fd6939SJiyong Park 45*54fd6939SJiyong Park3. BL2 (at EL3) 46*54fd6939SJiyong Park 47*54fd6939SJiyong Park This runs in the DRAM. It extracts more images such as BL31, BL33 (optionally 48*54fd6939SJiyong Park SCP_BL2, BL32 as well) from Firmware Image Package (FIP). If TBB is enabled, 49*54fd6939SJiyong Park they are all authenticated by the standard mechanism of TF-A. 50*54fd6939SJiyong Park After loading all the images, it jumps to the BL31 entry. 51*54fd6939SJiyong Park 52*54fd6939SJiyong Park4. BL31, BL32, and BL33 53*54fd6939SJiyong Park 54*54fd6939SJiyong Park They all run in the DRAM. See :ref:`Firmware Design` for details. 55*54fd6939SJiyong Park 56*54fd6939SJiyong Park 57*54fd6939SJiyong ParkBasic Build 58*54fd6939SJiyong Park----------- 59*54fd6939SJiyong Park 60*54fd6939SJiyong ParkBL2 must be compressed for the reason above. The UniPhier's platform makefile 61*54fd6939SJiyong Parkprovides a build target ``bl2_gzip`` for this. 62*54fd6939SJiyong Park 63*54fd6939SJiyong ParkFor a non-secure boot loader (aka BL33), U-Boot is well supported for UniPhier 64*54fd6939SJiyong ParkSoCs. The U-Boot image (``u-boot.bin``) must be built in advance. For the build 65*54fd6939SJiyong Parkprocedure of U-Boot, refer to the document in the `U-Boot`_ project. 66*54fd6939SJiyong Park 67*54fd6939SJiyong ParkTo build minimum functionality for UniPhier (without TBB):: 68*54fd6939SJiyong Park 69*54fd6939SJiyong Park make CROSS_COMPILE=<gcc-prefix> PLAT=uniphier BL33=<path-to-BL33> bl2_gzip fip 70*54fd6939SJiyong Park 71*54fd6939SJiyong ParkOutput images: 72*54fd6939SJiyong Park 73*54fd6939SJiyong Park- ``bl2.bin.gz`` 74*54fd6939SJiyong Park- ``fip.bin`` 75*54fd6939SJiyong Park 76*54fd6939SJiyong Park 77*54fd6939SJiyong ParkOptional features 78*54fd6939SJiyong Park----------------- 79*54fd6939SJiyong Park 80*54fd6939SJiyong Park- Trusted Board Boot 81*54fd6939SJiyong Park 82*54fd6939SJiyong Park `mbed TLS`_ is needed as the cryptographic and image parser modules. 83*54fd6939SJiyong Park Refer to the :ref:`Prerequisites` document for the appropriate version of 84*54fd6939SJiyong Park mbed TLS. 85*54fd6939SJiyong Park 86*54fd6939SJiyong Park To enable TBB, add the following options to the build command:: 87*54fd6939SJiyong Park 88*54fd6939SJiyong Park TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 MBEDTLS_DIR=<path-to-mbedtls> 89*54fd6939SJiyong Park 90*54fd6939SJiyong Park- System Control Processor (SCP) 91*54fd6939SJiyong Park 92*54fd6939SJiyong Park If desired, FIP can include an SCP BL2 image. If BL2 finds an SCP BL2 image 93*54fd6939SJiyong Park in FIP, BL2 loads it into DRAM and kicks the SCP. Most of UniPhier boards 94*54fd6939SJiyong Park still work without SCP, but SCP provides better power management support. 95*54fd6939SJiyong Park 96*54fd6939SJiyong Park To include SCP BL2, add the following option to the build command:: 97*54fd6939SJiyong Park 98*54fd6939SJiyong Park SCP_BL2=<path-to-SCP> 99*54fd6939SJiyong Park 100*54fd6939SJiyong Park- BL32 (Secure Payload) 101*54fd6939SJiyong Park 102*54fd6939SJiyong Park To enable BL32, add the following options to the build command:: 103*54fd6939SJiyong Park 104*54fd6939SJiyong Park SPD=<spd> BL32=<path-to-BL32> 105*54fd6939SJiyong Park 106*54fd6939SJiyong Park If you use TSP for BL32, ``BL32=<path-to-BL32>`` is not required. Just add the 107*54fd6939SJiyong Park following:: 108*54fd6939SJiyong Park 109*54fd6939SJiyong Park SPD=tspd 110*54fd6939SJiyong Park 111*54fd6939SJiyong Park 112*54fd6939SJiyong Park.. [1] Some SoCs can load 80KB, but the software implementation must be aligned 113*54fd6939SJiyong Park to the lowest common denominator. 114*54fd6939SJiyong Park.. _UniPhier BL: https://github.com/uniphier/uniphier-bl 115*54fd6939SJiyong Park.. _U-Boot: https://www.denx.de/wiki/U-Boot 116*54fd6939SJiyong Park.. _mbed TLS: https://tls.mbed.org/ 117