diff options
Diffstat (limited to 'docs/user-guide.rst')
| -rw-r--r-- | docs/user-guide.rst | 376 |
1 files changed, 185 insertions, 191 deletions
diff --git a/docs/user-guide.rst b/docs/user-guide.rst index ebca4ecde..dc724f9c2 100644 --- a/docs/user-guide.rst +++ b/docs/user-guide.rst @@ -1,5 +1,5 @@ -ARM Trusted Firmware User Guide -=============================== +Trusted Firmware-A User Guide +============================= .. section-numbering:: @@ -7,9 +7,9 @@ ARM Trusted Firmware User Guide .. contents:: -This document describes how to build ARM Trusted Firmware (TF) and run it with a +This document describes how to build Trusted Firmware-A (TF-A) and run it with a tested set of other software components using defined configurations on the Juno -ARM development platform and ARM Fixed Virtual Platform (FVP) models. It is +Arm development platform and Arm Fixed Virtual Platform (FVP) models. It is possible to use other software components, configurations and platforms but that is outside the scope of this document. @@ -48,14 +48,13 @@ Cygwin, and Msys (MinGW) shells, using version 5.3.1 of the GNU toolchain. Tools ----- -Install the required packages to build Trusted Firmware with the following -command: +Install the required packages to build TF-A with the following command: :: sudo apt-get install build-essential gcc make git libssl-dev -ARM TF has been tested with `Linaro Release 17.10`_. +TF-A has been tested with `Linaro Release 17.10`_. Download and install the AArch32 or AArch64 little-endian GCC cross compiler. The `Linaro Release Notes`_ documents which version of the compiler to use for a @@ -63,7 +62,7 @@ given Linaro Release. Also, these `Linaro instructions`_ provide further guidance and a script, which can be used to download Linaro deliverables automatically. -Optionally, Trusted Firmware can be built using clang or ARM Compiler 6. +Optionally, TF-A can be built using clang or Arm Compiler 6. See instructions below on how to switch the default compiler. In addition, the following optional packages and tools may be needed: @@ -71,26 +70,26 @@ In addition, the following optional packages and tools may be needed: - ``device-tree-compiler`` package if you need to rebuild the Flattened Device Tree (FDT) source files (``.dts`` files) provided with this software. -- For debugging, ARM `Development Studio 5 (DS-5)`_. +- For debugging, Arm `Development Studio 5 (DS-5)`_. - To create and modify the diagram files included in the documentation, `Dia`_. This tool can be found in most Linux distributions. Inkscape is needed to generate the actual *.png files. -Getting the Trusted Firmware source code ----------------------------------------- +Getting the TF-A source code +---------------------------- -Download the Trusted Firmware source code from Github: +Download the TF-A source code from Github: :: git clone https://github.com/ARM-software/arm-trusted-firmware.git -Building the Trusted Firmware ------------------------------ +Building TF-A +------------- -- Before building Trusted Firmware, the environment variable ``CROSS_COMPILE`` - must point to the Linaro cross compiler. +- Before building TF-A, the environment variable ``CROSS_COMPILE`` must point + to the Linaro cross compiler. For AArch64: @@ -104,15 +103,15 @@ Building the Trusted Firmware export CROSS_COMPILE=<path-to-aarch32-gcc>/bin/arm-linux-gnueabihf- - It is possible to build Trusted Firmware using clang or ARM Compiler 6. - To do so ``CC`` needs to point to the clang or armclang binary. Only the - compiler is switched; the assembler and linker need to be provided by - the GNU toolchain, thus ``CROSS_COMPILE`` should be set as described above. + It is possible to build TF-A using clang or Arm Compiler 6. To do so + ``CC`` needs to point to the clang or armclang binary. Only the compiler + is switched; the assembler and linker need to be provided by the GNU + toolchain, thus ``CROSS_COMPILE`` should be set as described above. - ARM Compiler 6 will be selected when the base name of the path assigned + Arm Compiler 6 will be selected when the base name of the path assigned to ``CC`` matches the string 'armclang'. - For AArch64 using ARM Compiler 6: + For AArch64 using Arm Compiler 6: :: @@ -130,7 +129,7 @@ Building the Trusted Firmware export CROSS_COMPILE=<path-to-aarch64-gcc>/bin/aarch64-linux-gnu- make CC=<path-to-clang>/bin/clang PLAT=<platform> all -- Change to the root directory of the Trusted Firmware source tree and build. +- Change to the root directory of the TF-A source tree and build. For AArch64: @@ -154,11 +153,11 @@ Building the Trusted Firmware - (AArch32 only) ``AARCH32_SP`` is the AArch32 EL3 Runtime Software and it corresponds to the BL32 image. A minimal ``AARCH32_SP``, sp\_min, is - provided by ARM Trusted Firmware to demonstrate how PSCI Library can - be integrated with an AArch32 EL3 Runtime Software. Some AArch32 EL3 - Runtime Software may include other runtime services, for example - Trusted OS services. A guide to integrate PSCI library with AArch32 - EL3 Runtime Software can be found `here`_. + provided by TF-A to demonstrate how PSCI Library can be integrated with + an AArch32 EL3 Runtime Software. Some AArch32 EL3 Runtime Software may + include other runtime services, for example Trusted OS services. A guide + to integrate PSCI library with AArch32 EL3 Runtime Software can be found + `here`_. - (AArch64 only) The TSP (Test Secure Payload), corresponding to the BL32 image, is not compiled in by default. Refer to the @@ -198,11 +197,11 @@ Building the Trusted Firmware Summary of build options ~~~~~~~~~~~~~~~~~~~~~~~~ -ARM Trusted Firmware build system supports the following build options. Unless -mentioned otherwise, these options are expected to be specified at the build -command line and are not to be modified in any component makefiles. Note that -the build system doesn't track dependency for build options. Therefore, if any -of the build options are changed from a previous build, a clean build must be +The TF-A build system supports the following build options. Unless mentioned +otherwise, these options are expected to be specified at the build command +line and are not to be modified in any component makefiles. Note that the +build system doesn't track dependency for build options. Therefore, if any of +the build options are changed from a previous build, a clean build must be performed. Common build options @@ -213,52 +212,51 @@ Common build options directory containing the SP source, relative to the ``bl32/``; the directory is expected to contain a makefile called ``<aarch32_sp-value>.mk``. -- ``ARCH`` : Choose the target build architecture for ARM Trusted Firmware. - It can take either ``aarch64`` or ``aarch32`` as values. By default, it is - defined to ``aarch64``. +- ``ARCH`` : Choose the target build architecture for TF-A. It can take either + ``aarch64`` or ``aarch32`` as values. By default, it is defined to + ``aarch64``. -- ``ARM_ARCH_MAJOR``: The major version of ARM Architecture to target when - compiling ARM Trusted Firmware. Its value must be numeric, and defaults to - 8 . See also, *ARMv8 Architecture Extensions* and - *ARMv7 Architecture Extensions* in `Firmware Design`_. +- ``ARM_ARCH_MAJOR``: The major version of Arm Architecture to target when + compiling TF-A. Its value must be numeric, and defaults to 8 . See also, + *Armv8 Architecture Extensions* and *Armv7 Architecture Extensions* in + `Firmware Design`_. -- ``ARM_ARCH_MINOR``: The minor version of ARM Architecture to target when - compiling ARM Trusted Firmware. Its value must be a numeric, and defaults - to 0. See also, *ARMv8 Architecture Extensions* in `Firmware Design`_. +- ``ARM_ARCH_MINOR``: The minor version of Arm Architecture to target when + compiling TF-A. Its value must be a numeric, and defaults to 0. See also, + *Armv8 Architecture Extensions* in `Firmware Design`_. -- ``ARM_GIC_ARCH``: Choice of ARM GIC architecture version used by the ARM +- ``ARM_GIC_ARCH``: Choice of Arm GIC architecture version used by the Arm Legacy GIC driver for implementing the platform GIC API. This API is used by the interrupt management framework. Default is 2 (that is, version 2.0). This build option is deprecated. -- ``ARM_PLAT_MT``: This flag determines whether the ARM platform layer has to +- ``ARM_PLAT_MT``: This flag determines whether the Arm platform layer has to cater for the multi-threading ``MT`` bit when accessing MPIDR. When this flag is set, the functions which deal with MPIDR assume that the ``MT`` bit in MPIDR is set and access the bit-fields in MPIDR accordingly. Default value of this flag is 0. Note that this option is not used on FVP platforms. - ``BL2``: This is an optional build option which specifies the path to BL2 - image for the ``fip`` target. In this case, the BL2 in the ARM Trusted - Firmware will not be built. + image for the ``fip`` target. In this case, the BL2 in the TF-A will not be + built. - ``BL2U``: This is an optional build option which specifies the path to - BL2U image. In this case, the BL2U in the ARM Trusted Firmware will not - be built. + BL2U image. In this case, the BL2U in TF-A will not be built. - ``BL2_AT_EL3``: This is an optional build option that enables the use of BL2 at EL3 execution level. - ``BL31``: This is an optional build option which specifies the path to - BL31 image for the ``fip`` target. In this case, the BL31 in the ARM - Trusted Firmware will not be built. + BL31 image for the ``fip`` target. In this case, the BL31 in TF-A will not + be built. - ``BL31_KEY``: This option is used when ``GENERATE_COT=1``. It specifies the file that contains the BL31 private key in PEM format. If ``SAVE_KEYS=1``, this file name will be used to save the key. - ``BL32``: This is an optional build option which specifies the path to - BL32 image for the ``fip`` target. In this case, the BL32 in the ARM - Trusted Firmware will not be built. + BL32 image for the ``fip`` target. In this case, the BL32 in TF-A will not + be built. - ``BL32_EXTRA1``: This is an optional build option which specifies the path to Trusted OS Extra1 image for the ``fip`` target. @@ -271,7 +269,7 @@ Common build options this file name will be used to save the key. - ``BL33``: Path to BL33 image in the host file system. This is mandatory for - ``fip`` target in case the BL2 from ARM Trusted Firmware is used. + ``fip`` target in case TF-A BL2 is used. - ``BL33_KEY``: This option is used when ``GENERATE_COT=1``. It specifies the file that contains the BL33 private key in PEM format. If ``SAVE_KEYS=1``, @@ -282,8 +280,8 @@ Common build options where applicable). Defaults to a string that contains the time and date of the compilation. -- ``BUILD_STRING``: Input string for VERSION\_STRING, which allows the TF build - to be uniquely identified. Defaults to the current git commit id. +- ``BUILD_STRING``: Input string for VERSION\_STRING, which allows the TF-A + build to be uniquely identified. Defaults to the current git commit id. - ``CFLAGS``: Extra user options appended on the compiler's command line in addition to the options set by the build system. @@ -347,10 +345,10 @@ Common build options software. - ``ENABLE_RUNTIME_INSTRUMENTATION``: Boolean option to enable runtime - instrumentation which injects timestamp collection points into - Trusted Firmware to allow runtime performance to be measured. - Currently, only PSCI is instrumented. Enabling this option enables - the ``ENABLE_PMF`` build option as well. Default is 0. + instrumentation which injects timestamp collection points into TF-A to + allow runtime performance to be measured. Currently, only PSCI is + instrumented. Enabling this option enables the ``ENABLE_PMF`` build option + as well. Default is 0. - ``ENABLE_SPE_FOR_LOWER_ELS`` : Boolean option to enable Statistical Profiling extensions. This is an optional architectural feature for AArch64. @@ -427,15 +425,15 @@ Common build options - ``HANDLE_EA_EL3_FIRST``: When defined External Aborts and SError Interrupts will be always trapped in EL3 i.e. in BL31 at runtime. -- ``HW_ASSISTED_COHERENCY``: On most ARM systems to-date, platform-specific +- ``HW_ASSISTED_COHERENCY``: On most Arm systems to-date, platform-specific software operations are required for CPUs to enter and exit coherency. However, there exists newer systems where CPUs' entry to and exit from coherency is managed in hardware. Such systems require software to only initiate the operations, and the rest is managed in hardware, minimizing - active software management. In such systems, this boolean option enables ARM - Trusted Firmware to carry out build and run-time optimizations during boot - and power management operations. This option defaults to 0 and if it is - enabled, then it implies ``WARMBOOT_ENABLE_DCACHE_EARLY`` is also enabled. + active software management. In such systems, this boolean option enables + TF-A to carry out build and run-time optimizations during boot and power + management operations. This option defaults to 0 and if it is enabled, + then it implies ``WARMBOOT_ENABLE_DCACHE_EARLY`` is also enabled. - ``JUNO_AARCH32_EL3_RUNTIME``: This build flag enables you to execute EL3 runtime software in AArch32 mode, which is required to run AArch32 on Juno. @@ -497,10 +495,10 @@ Common build options any register that is not part of the SBSA generic UART specification. Default value is 0 (a full PL011 compliant UART is present). -- ``PLAT``: Choose a platform to build ARM Trusted Firmware for. The chosen - platform name must be subdirectory of any depth under ``plat/``, and must - contain a platform makefile named ``platform.mk``. For example to build ARM - Trusted Firmware for ARM Juno board select PLAT=juno. +- ``PLAT``: Choose a platform to build TF-A for. The chosen platform name + must be subdirectory of any depth under ``plat/``, and must contain a + platform makefile named ``platform.mk``. For example, to build TF-A for the + Arm Juno board, select PLAT=juno. - ``PRELOADED_BL33_BASE``: This option enables booting a preloaded BL33 image instead of the normal boot flow. When defined, it must specify the entry @@ -524,7 +522,7 @@ Common build options means by default the original power-state format is used by the PSCI implementation. This flag should be specified by the platform makefile and it governs the return value of PSCI\_FEATURES API for CPU\_SUSPEND - smc function id. When this option is enabled on ARM platforms, the + smc function id. When this option is enabled on Arm platforms, the option ``ARM_RECOM_STATE_ID_ENC`` needs to be set to 1 as well. - ``RESET_TO_BL31``: Enable BL31 entrypoint as the CPU reset vector instead @@ -532,11 +530,10 @@ Common build options entrypoint) or 1 (CPU reset to BL31 entrypoint). The default value is 0. -- ``RESET_TO_SP_MIN``: SP\_MIN is the minimal AArch32 Secure Payload provided in - ARM Trusted Firmware. This flag configures SP\_MIN entrypoint as the CPU - reset vector instead of the BL1 entrypoint. It can take the value 0 (CPU - reset to BL1 entrypoint) or 1 (CPU reset to SP\_MIN entrypoint). The default - value is 0. +- ``RESET_TO_SP_MIN``: SP\_MIN is the minimal AArch32 Secure Payload provided + in TF-A. This flag configures SP\_MIN entrypoint as the CPU reset vector + instead of the BL1 entrypoint. It can take the value 0 (CPU reset to BL1 + entrypoint) or 1 (CPU reset to SP\_MIN entrypoint). The default value is 0. - ``ROT_KEY``: This option is used when ``GENERATE_COT=1``. It specifies the file that contains the ROT private key in PEM format. If ``SAVE_KEYS=1``, this @@ -570,11 +567,11 @@ Common build options pages" section in `Firmware Design`_. This flag is disabled by default and affects all BL images. -- ``SPD``: Choose a Secure Payload Dispatcher component to be built into the - Trusted Firmware. This build option is only valid if ``ARCH=aarch64``. The - value should be the path to the directory containing the SPD source, - relative to ``services/spd/``; the directory is expected to - contain a makefile called ``<spd-value>.mk``. +- ``SPD``: Choose a Secure Payload Dispatcher component to be built into TF-A. + This build option is only valid if ``ARCH=aarch64``. The value should be + the path to the directory containing the SPD source, relative to + ``services/spd/``; the directory is expected to contain a makefile called + ``<spd-value>.mk``. - ``SPIN_ON_BL1_EXIT``: This option introduces an infinite loop in BL1. It can take either 0 (no loop) or 1 (add a loop). 0 is the default. This loop stops @@ -622,16 +619,16 @@ Common build options - ``USE_COHERENT_MEM``: This flag determines whether to include the coherent memory region in the BL memory map or not (see "Use of Coherent memory in - Trusted Firmware" section in `Firmware Design`_). It can take the value 1 + TF-A" section in `Firmware Design`_). It can take the value 1 (Coherent memory region is included) or 0 (Coherent memory region is excluded). Default is 1. - ``V``: Verbose build. If assigned anything other than 0, the build commands are printed. Default is 0. -- ``VERSION_STRING``: String used in the log output for each TF image. Defaults - to a string formed by concatenating the version number, build type and build - string. +- ``VERSION_STRING``: String used in the log output for each TF-A image. + Defaults to a string formed by concatenating the version number, build type + and build string. - ``WARMBOOT_ENABLE_DCACHE_EARLY`` : Boolean option to enable D-cache early on the CPU after warm boot. This is applicable for platforms which do not @@ -639,7 +636,7 @@ Common build options cluster platforms). If this option is enabled, then warm boot path enables D-caches immediately after enabling MMU. This option defaults to 0. -ARM development platform specific build options +Arm development platform specific build options ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - ``ARM_BL31_IN_DRAM``: Boolean option to select loading of BL31 in TZC secured @@ -652,7 +649,7 @@ ARM development platform specific build options of the memory reserved for each image. This affects the maximum size of each BL image as well as the number of allocated memory regions and translation tables. By default this flag is 0, which means it uses the default - unoptimised values for these macros. ARM development platforms that wish to + unoptimised values for these macros. Arm development platforms that wish to optimise memory usage need to set this flag to 1 and must override the related macros. @@ -663,7 +660,7 @@ ARM development platform specific build options Default is true (access to the frame is allowed). - ``ARM_DISABLE_TRUSTED_WDOG``: boolean option to disable the Trusted Watchdog. - By default, ARM platforms use a watchdog to trigger a system reset in case + By default, Arm platforms use a watchdog to trigger a system reset in case an error is encountered during the boot process (for example, when an image could not be loaded or authenticated). The watchdog is enabled in the early platform setup hook at BL1 and disabled in the BL1 prepare exit hook. The @@ -680,7 +677,7 @@ ARM development platform specific build options - ``ARM_ROTPK_LOCATION``: used when ``TRUSTED_BOARD_BOOT=1``. It specifies the location of the ROTPK hash returned by the function ``plat_get_rotpk_info()`` - for ARM platforms. Depending on the selected option, the proper private key + for Arm platforms. Depending on the selected option, the proper private key must be specified using the ``ROT_KEY`` option when building the Trusted Firmware. This private key will be used by the certificate generation tool to sign the BL2 and Trusted Key certificates. Available options for @@ -707,27 +704,26 @@ ARM development platform specific build options - ``dram`` : Secure region in DRAM (default option when TBB is enabled, configured by the TrustZone controller) -- ``ARM_XLAT_TABLES_LIB_V1``: boolean option to compile the Trusted Firmware - with version 1 of the translation tables library instead of version 2. It is - set to 0 by default, which selects version 2. +- ``ARM_XLAT_TABLES_LIB_V1``: boolean option to compile TF-A with version 1 + of the translation tables library instead of version 2. It is set to 0 by + default, which selects version 2. -- ``ARM_CRYPTOCELL_INTEG`` : bool option to enable Trusted Firmware to invoke - ARM® TrustZone® CryptoCell functionality for Trusted Board Boot on capable - ARM platforms. If this option is specified, then the path to the CryptoCell +- ``ARM_CRYPTOCELL_INTEG`` : bool option to enable TF-A to invoke Arm® + TrustZone® CryptoCell functionality for Trusted Board Boot on capable Arm + platforms. If this option is specified, then the path to the CryptoCell SBROM library must be specified via ``CCSBROM_LIB_PATH`` flag. -For a better understanding of these options, the ARM development platform memory +For a better understanding of these options, the Arm development platform memory map is explained in the `Firmware Design`_. -ARM CSS platform specific build options +Arm CSS platform specific build options ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - ``CSS_DETECT_PRE_1_7_0_SCP``: Boolean flag to detect SCP version incompatibility. Version 1.7.0 of the SCP firmware made a non-backwards compatible change to the MTL protocol, used for AP/SCP communication. - Trusted Firmware no longer supports earlier SCP versions. If this option is - set to 1 then Trusted Firmware will detect if an earlier version is in use. - Default is 1. + TF-A no longer supports earlier SCP versions. If this option is set to 1 + then TF-A will detect if an earlier version is in use. Default is 1. - ``CSS_LOAD_SCP_IMAGES``: Boolean flag, which when set, adds SCP\_BL2 and SCP\_BL2U to the FIP and FWU\_FIP respectively, and enables them to be loaded @@ -738,13 +734,12 @@ ARM CSS platform specific build options management operations and for SCP RAM Firmware transfer. If this option is set to 1, then SCMI/SDS drivers will be used. Default is 0. -ARM FVP platform specific build options +Arm FVP platform specific build options ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - ``FVP_CLUSTER_COUNT`` : Configures the cluster count to be used to - build the topology tree within Trusted Firmware. By default the - Trusted Firmware is configured for dual cluster topology and this option - can be used to override the default value. + build the topology tree within TF-A. By default TF-A is configured for dual + cluster topology and this option can be used to override the default value. - ``FVP_INTERCONNECT_DRIVER``: Selects the interconnect driver to be built. The default interconnect driver depends on the value of ``FVP_CLUSTER_COUNT`` as @@ -768,9 +763,8 @@ ARM FVP platform specific build options - ``FVP_GICV2`` : The GICv2 only driver is selected - ``FVP_GICV3`` : The GICv3 only driver is selected (default option) - ``FVP_GICV3_LEGACY``: The Legacy GICv3 driver is selected (deprecated) - Note: If Trusted Firmware is compiled with this option on FVPs with - GICv3 hardware, then it configures the hardware to run in GICv2 - emulation mode + Note: If TF-A is compiled with this option on FVPs with GICv3 hardware, + then it configures the hardware to run in GICv2 emulation mode - ``FVP_USE_SP804_TIMER`` : Use the SP804 timer instead of the Generic Timer for functions that wait for an arbitrary time length (udelay and mdelay). @@ -808,7 +802,7 @@ When debugging logic problems it might also be useful to disable all compiler optimizations by using ``-O0``. NOTE: Using ``-O0`` could cause output images to be larger and base addresses -might need to be recalculated (see the **Memory layout on ARM development +might need to be recalculated (see the **Memory layout on Arm development platforms** section in the `Firmware Design`_). Extra debug options can be passed to the build system by setting ``CFLAGS`` or @@ -823,8 +817,8 @@ Note that using ``-Wl,`` style compilation driver options in ``CFLAGS`` will be ignored as the linker is called directly. It is also possible to introduce an infinite loop to help in debugging the -post-BL2 phase of the Trusted Firmware. This can be done by rebuilding BL1 with -the ``SPIN_ON_BL1_EXIT=1`` build flag. Refer to the `Summary of build options`_ +post-BL2 phase of TF-A. This can be done by rebuilding BL1 with the +``SPIN_ON_BL1_EXIT=1`` build flag. Refer to the `Summary of build options`_ section. In this case, the developer may take control of the target using a debugger when indicated by the console output. When using DS-5, the following commands can be used: @@ -852,8 +846,8 @@ called the TSPD. Therefore, if you intend to use the TSP, the BL31 image must be recompiled as well. For more information on SPs and SPDs, see the `Secure-EL1 Payloads and Dispatchers`_ section in the `Firmware Design`_. -First clean the Trusted Firmware build directory to get rid of any previous -BL31 binary. Then to build the TSP image use: +First clean the TF-A build directory to get rid of any previous BL31 binary. +Then to build the TSP image use: :: @@ -895,17 +889,17 @@ is set to ``origin/master``. Building and using the FIP tool ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Firmware Image Package (FIP) is a packaging format used by the Trusted Firmware -project to package firmware images in a single binary. The number and type of -images that should be packed in a FIP is platform specific and may include TF -images and other firmware images required by the platform. For example, most -platforms require a BL33 image which corresponds to the normal world bootloader -(e.g. UEFI or U-Boot). +Firmware Image Package (FIP) is a packaging format used by TF-A to package +firmware images in a single binary. The number and type of images that should +be packed in a FIP is platform specific and may include TF-A images and other +firmware images required by the platform. For example, most platforms require +a BL33 image which corresponds to the normal world bootloader (e.g. UEFI or +U-Boot). -The TF build system provides the make target ``fip`` to create a FIP file for the -specified platform using the FIP creation tool included in the TF project. -Examples below show how to build a FIP file for FVP, packaging TF images and a -BL33 image. +The TF-A build system provides the make target ``fip`` to create a FIP file +for the specified platform using the FIP creation tool included in the TF-A +project. Examples below show how to build a FIP file for FVP, packaging TF-A +and BL33 images. For AArch64: @@ -1026,9 +1020,10 @@ images with support for these features: #. Fulfill the dependencies of the ``mbedtls`` cryptographic and image parser modules by checking out a recent version of the `mbed TLS Repository`_. It - is important to use a version that is compatible with TF and fixes any + is important to use a version that is compatible with TF-A and fixes any known security vulnerabilities. See `mbed TLS Security Center`_ for more - information. The latest version of TF is tested with tag ``mbedtls-2.6.0``. + information. The latest version of TF-A is tested with tag + ``mbedtls-2.6.0``. The ``drivers/auth/mbedtls/mbedtls_*.mk`` files contain the list of mbed TLS source files the modules depend upon. @@ -1036,17 +1031,17 @@ images with support for these features: options required to build the mbed TLS sources. Note that the mbed TLS library is licensed under the Apache version 2.0 - license. Using mbed TLS source code will affect the licensing of - Trusted Firmware binaries that are built using this library. + license. Using mbed TLS source code will affect the licensing of TF-A + binaries that are built using this library. #. To build the FIP image, ensure the following command line variables are set - while invoking ``make`` to build Trusted Firmware: + while invoking ``make`` to build TF-A: - ``MBEDTLS_DIR=<path of the directory containing mbed TLS sources>`` - ``TRUSTED_BOARD_BOOT=1`` - ``GENERATE_COT=1`` - In the case of ARM platforms, the location of the ROTPK hash must also be + In the case of Arm platforms, the location of the ROTPK hash must also be specified at build time. Two locations are currently supported (see ``ARM_ROTPK_LOCATION`` build option): @@ -1060,11 +1055,11 @@ images with support for these features: available. - ``ARM_ROTPK_LOCATION=devel_rsa``: use the ROTPK hash that is hardcoded - in the ARM platform port. The private/public RSA key pair may be + in the Arm platform port. The private/public RSA key pair may be found in ``plat/arm/board/common/rotpk``. - ``ARM_ROTPK_LOCATION=devel_ecdsa``: use the ROTPK hash that is hardcoded - in the ARM platform port. The private/public ECDSA key pair may be + in the Arm platform port. The private/public ECDSA key pair may be found in ``plat/arm/board/common/rotpk``. Example of command line using RSA development keys: @@ -1086,7 +1081,7 @@ images with support for these features: #. The optional FWU\_FIP contains any additional images to be loaded from Non-Volatile storage during the `Firmware Update`_ process. To build the FWU\_FIP, any FWU images required by the platform must be specified on the - command line. On ARM development platforms like Juno, these are: + command line. On Arm development platforms like Juno, these are: - NS\_BL2U. The AP non-secure Firmware Updater image. - SCP\_BL2U. The SCP Firmware Update Configuration image. @@ -1121,9 +1116,10 @@ images with support for these features: Building the Certificate Generation Tool ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -The ``cert_create`` tool is built as part of the TF build process when the ``fip`` -make target is specified and TBB is enabled (as described in the previous -section), but it can also be built separately with the following command: +The ``cert_create`` tool is built as part of the TF-A build process when the +``fip`` make target is specified and TBB is enabled (as described in the +previous section), but it can also be built separately with the following +command: :: @@ -1188,7 +1184,7 @@ corrupted binaries. Note for AArch32, the instructions below assume that nt-fw.bin is a custom Normal world boot loader that supports AArch32. -#. Build TF images and create a new FIP for FVP +#. Build TF-A images and create a new FIP for FVP :: @@ -1198,7 +1194,7 @@ corrupted binaries. # AArch32 make PLAT=fvp ARCH=aarch32 AARCH32_SP=sp_min BL33=nt-fw.bin all fip -#. Build TF images and create a new FIP for Juno +#. Build TF-A images and create a new FIP for Juno For AArch64: @@ -1322,16 +1318,16 @@ scratch, this is a complex task on some platforms, depending on the level of configuration required to put the system in the expected state. Rather than booting a baremetal application, a possible compromise is to boot -``EL3 payloads`` through the Trusted Firmware instead. This is implemented as an -alternative boot flow, where a modified BL2 boots an EL3 payload, instead of -loading the other BL images and passing control to BL31. It reduces the -complexity of developing EL3 baremetal code by: +``EL3 payloads`` through TF-A instead. This is implemented as an alternative +boot flow, where a modified BL2 boots an EL3 payload, instead of loading the +other BL images and passing control to BL31. It reduces the complexity of +developing EL3 baremetal code by: - putting the system into a known architectural state; - taking care of platform secure world initialization; - loading the SCP\_BL2 image if required by the platform. -When booting an EL3 payload on ARM standard platforms, the configuration of the +When booting an EL3 payload on Arm standard platforms, the configuration of the TrustZone controller is simplified such that only region 0 is enabled and is configured to permit secure access only. This gives full access to the whole DRAM to the EL3 payload. @@ -1350,11 +1346,11 @@ Booting an EL3 payload ~~~~~~~~~~~~~~~~~~~~~~ The EL3 payload image is a standalone image and is not part of the FIP. It is -not loaded by the Trusted Firmware. Therefore, there are 2 possible scenarios: +not loaded by TF-A. Therefore, there are 2 possible scenarios: - The EL3 payload may reside in non-volatile memory (NVM) and execute in place. In this case, booting it is just a matter of specifying the right - address in NVM through ``EL3_PAYLOAD_BASE`` when building the TF. + address in NVM through ``EL3_PAYLOAD_BASE`` when building TF-A. - The EL3 payload needs to be loaded in volatile memory (e.g. DRAM) at run-time. @@ -1423,7 +1419,7 @@ used: --data="/path/to/el3-payload"@address [Foundation FVP] The address provided to the FVP must match the ``EL3_PAYLOAD_BASE`` address - used when building the Trusted Firmware. + used when building TF-A. Booting an EL3 payload on Juno ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -1441,15 +1437,14 @@ Preloaded BL33 alternative boot flow ------------------------------------ Some platforms have the ability to preload BL33 into memory instead of relying -on Trusted Firmware to load it. This may simplify packaging of the normal world -code and improve performance in a development environment. When secure world -cold boot is complete, Trusted Firmware simply jumps to a BL33 base address -provided at build time. +on TF-A to load it. This may simplify packaging of the normal world code and +improve performance in a development environment. When secure world cold boot +is complete, TF-A simply jumps to a BL33 base address provided at build time. For this option to be used, the ``PRELOADED_BL33_BASE`` build option has to be -used when compiling the Trusted Firmware. For example, the following command -will create a FIP without a BL33 and prepare to jump to a BL33 image loaded at -address 0x80000000: +used when compiling TF-A. For example, the following command will create a FIP +without a BL33 and prepare to jump to a BL33 image loaded at address +0x80000000: :: @@ -1459,8 +1454,8 @@ Boot of a preloaded bootwrapped kernel image on Base FVP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following example uses the AArch64 boot wrapper. This simplifies normal -world booting while also making use of TF features. It can be obtained from its -repository with: +world booting while also making use of TF-A features. It can be obtained from +its repository with: :: @@ -1494,8 +1489,8 @@ to load the ELF file over JTAG on Juno. Running the software on FVP --------------------------- -The latest version of the AArch64 build of ARM Trusted Firmware has been tested -on the following ARM FVPs (64-bit host machine only). +The latest version of the AArch64 build of TF-A has been tested on the +following Arm FVPs (64-bit host machine only). NOTE: Unless otherwise stated, the model version is Version 11.2 Build 11.2.33. @@ -1510,8 +1505,8 @@ NOTE: Unless otherwise stated, the model version is Version 11.2 Build 11.2.33. - ``FVP_Base_Cortex-A73x4-A53x4`` - ``FVP_Base_Cortex-A73x4`` -The latest version of the AArch32 build of ARM Trusted Firmware has been tested -on the following ARM FVPs (64-bit host machine only). +The latest version of the AArch32 build of TF-A has been tested on the +following Arm FVPs (64-bit host machine only). - ``FVP_Base_AEMv8A-AEMv8A`` (Version 9.0, Build 0.8.9005) - ``FVP_Base_Cortex-A32x4`` @@ -1529,7 +1524,7 @@ NOTE: The software will not work on Version 1.0 of the Foundation FVP. The commands below would report an ``unhandled argument`` error in this case. NOTE: FVPs can be launched with ``--cadi-server`` option such that a -CADI-compliant debugger (for example, ARM DS-5) can connect to and control its +CADI-compliant debugger (for example, Arm DS-5) can connect to and control its execution. NOTE: Since FVP model Version 11.0 Build 11.0.34 and Version 8.5 Build 0.8.5202 @@ -1538,23 +1533,23 @@ models. The models can be launched with ``-Q 100`` option if they are required to match the run time characteristics of the older versions. The Foundation FVP is a cut down version of the AArch64 Base FVP. It can be -downloaded for free from `ARM's website`_. +downloaded for free from `Arm's website`_. The Cortex-A models listed above are also available to download from -`ARM's website`_. +`Arm's website`_. Please refer to the FVP documentation for a detailed description of the model -parameter options. A brief description of the important ones that affect the ARM -Trusted Firmware and normal world software behavior is provided below. +parameter options. A brief description of the important ones that affect TF-A +and normal world software behavior is provided below. Obtaining the Flattened Device Trees ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Depending on the FVP configuration and Linux configuration used, different FDT files are required. FDTs for the Foundation and Base FVPs can be found in -the Trusted Firmware source directory under ``fdts/``. The Foundation FVP has a -subset of the Base FVP components. For example, the Foundation FVP lacks CLCD -and MMC support, and has only one CPU cluster. +the TF-A source directory under ``fdts/``. The Foundation FVP has a subset of +the Base FVP components. For example, the Foundation FVP lacks CLCD and MMC +support, and has only one CPU cluster. Note: It is not recommended to use the FDTs built along the kernel because not all FDTs are available from there. @@ -1592,7 +1587,7 @@ Running on the Foundation FVP with reset to BL1 entrypoint ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following ``Foundation_Platform`` parameters should be used to boot Linux with -4 CPUs using the AArch64 build of ARM Trusted Firmware. +4 CPUs using the AArch64 build of TF-A. :: @@ -1616,19 +1611,19 @@ Notes: - The default use-case for the Foundation FVP is to use the ``--gicv3`` option and enable the GICv3 device in the model. Note that without this option, the Foundation FVP defaults to legacy (Versatile Express) memory map which - is not supported by ARM Trusted Firmware. -- In order for the Arm Trusted Firmware to run correctly on the Foundation - Model the architecture versions must match. The Foundation FVP defaults to - the highest v8.x version it supports but the default build for Arm Trusted - Firmware is for v8.0. To avoid issues either start the Foundation Model to - use v8.0 architecture using the ``--arm-v8.0`` option or build Arm Trusted - Firmware with an appropriate value for ``ARM_ARCH_MINOR``. + is not supported by TF-A. +- In order for TF-A to run correctly on the Foundation FVP, the architecture + versions must match. The Foundation FVP defaults to the highest v8.x + version it supports but the default build for TF-A is for v8.0. To avoid + issues either start the Foundation FVP to use v8.0 architecture using the + ``--arm-v8.0`` option, or build TF-A with an appropriate value for + ``ARM_ARCH_MINOR``. Running on the AEMv8 Base FVP with reset to BL1 entrypoint ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following ``FVP_Base_AEMv8A-AEMv8A`` parameters should be used to boot Linux -with 8 CPUs using the AArch64 build of ARM Trusted Firmware. +with 8 CPUs using the AArch64 build of TF-A. :: @@ -1649,7 +1644,7 @@ Running on the AEMv8 Base FVP (AArch32) with reset to BL1 entrypoint ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following ``FVP_Base_AEMv8A-AEMv8A`` parameters should be used to boot Linux -with 8 CPUs using the AArch32 build of ARM Trusted Firmware. +with 8 CPUs using the AArch32 build of TF-A. :: @@ -1678,7 +1673,7 @@ Running on the Cortex-A57-A53 Base FVP with reset to BL1 entrypoint ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following ``FVP_Base_Cortex-A57x4-A53x4`` model parameters should be used to -boot Linux with 8 CPUs using the AArch64 build of ARM Trusted Firmware. +boot Linux with 8 CPUs using the AArch64 build of TF-A. :: @@ -1697,7 +1692,7 @@ Running on the Cortex-A32 Base FVP (AArch32) with reset to BL1 entrypoint ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following ``FVP_Base_Cortex-A32x4`` model parameters should be used to -boot Linux with 4 CPUs using the AArch32 build of ARM Trusted Firmware. +boot Linux with 4 CPUs using the AArch32 build of TF-A. :: @@ -1716,7 +1711,7 @@ Running on the AEMv8 Base FVP with reset to BL31 entrypoint ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following ``FVP_Base_AEMv8A-AEMv8A`` parameters should be used to boot Linux -with 8 CPUs using the AArch64 build of ARM Trusted Firmware. +with 8 CPUs using the AArch64 build of TF-A. :: @@ -1763,7 +1758,7 @@ Running on the AEMv8 Base FVP (AArch32) with reset to SP\_MIN entrypoint ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following ``FVP_Base_AEMv8A-AEMv8A`` parameters should be used to boot Linux -with 8 CPUs using the AArch32 build of ARM Trusted Firmware. +with 8 CPUs using the AArch32 build of TF-A. :: @@ -1803,7 +1798,7 @@ Running on the Cortex-A57-A53 Base FVP with reset to BL31 entrypoint ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following ``FVP_Base_Cortex-A57x4-A53x4`` model parameters should be used to -boot Linux with 8 CPUs using the AArch64 build of ARM Trusted Firmware. +boot Linux with 8 CPUs using the AArch64 build of TF-A. :: @@ -1831,7 +1826,7 @@ Running on the Cortex-A32 Base FVP (AArch32) with reset to SP\_MIN entrypoint ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following ``FVP_Base_Cortex-A32x4`` model parameters should be used to -boot Linux with 4 CPUs using the AArch32 build of ARM Trusted Firmware. +boot Linux with 4 CPUs using the AArch32 build of TF-A. :: @@ -1853,8 +1848,7 @@ boot Linux with 4 CPUs using the AArch32 build of ARM Trusted Firmware. Running the software on Juno ---------------------------- -This version of the ARM Trusted Firmware has been tested on variants r0, r1 and -r2 of Juno. +This version of TF-A has been tested on variants r0, r1 and r2 of Juno. To execute the software stack on Juno, the version of the Juno board recovery image indicated in the `Linaro Release Notes`_ must be installed. If you have an @@ -1862,18 +1856,18 @@ earlier version installed or are unsure which version is installed, please re-install the recovery image by following the `Instructions for using Linaro's deliverables on Juno`_. -Preparing Trusted Firmware images -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Preparing TF-A images +~~~~~~~~~~~~~~~~~~~~~ -After building Trusted Firmware, the files ``bl1.bin`` and ``fip.bin`` need copying -to the ``SOFTWARE/`` directory of the Juno SD card. +After building TF-A, the files ``bl1.bin`` and ``fip.bin`` need copying to the +``SOFTWARE/`` directory of the Juno SD card. Other Juno software information ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Please visit the `ARM Platforms Portal`_ to get support and obtain any other Juno +Please visit the `Arm Platforms Portal`_ to get support and obtain any other Juno software information. Please also refer to the `Juno Getting Started Guide`_ to -get more detailed information about the Juno ARM development platform and how to +get more detailed information about the Juno Arm development platform and how to configure it. Testing SYSTEM SUSPEND on Juno @@ -1893,7 +1887,7 @@ wakeup interrupt from RTC. -------------- -*Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.* +*Copyright (c) 2013-2018, Arm Limited and Contributors. All rights reserved.* .. _Linaro: `Linaro Release Notes`_ .. _Linaro Release: `Linaro Release Notes`_ @@ -1901,7 +1895,7 @@ wakeup interrupt from RTC. .. _Linaro Release 17.10: https://community.arm.com/dev-platforms/w/docs/226/old-linaro-release-notes#1710 .. _Linaro instructions: https://community.arm.com/dev-platforms/w/docs/304/linaro-software-deliverables .. _Instructions for using Linaro's deliverables on Juno: https://community.arm.com/dev-platforms/w/docs/303/juno -.. _ARM Platforms Portal: https://community.arm.com/dev-platforms/ +.. _Arm Platforms Portal: https://community.arm.com/dev-platforms/ .. _Development Studio 5 (DS-5): http://www.arm.com/products/tools/software-tools/ds-5/index.php .. _Dia: https://wiki.gnome.org/Apps/Dia/Download .. _here: psci-lib-integration-guide.rst @@ -1911,7 +1905,7 @@ wakeup interrupt from RTC. .. _Firmware Design: firmware-design.rst .. _mbed TLS Repository: https://github.com/ARMmbed/mbedtls.git .. _mbed TLS Security Center: https://tls.mbed.org/security -.. _ARM's website: `FVP models`_ +.. _Arm's website: `FVP models`_ .. _FVP models: https://developer.arm.com/products/system-design/fixed-virtual-platforms .. _Juno Getting Started Guide: http://infocenter.arm.com/help/topic/com.arm.doc.dui0928e/DUI0928E_juno_arm_development_platform_gsg.pdf .. _PSCI: http://infocenter.arm.com/help/topic/com.arm.doc.den0022d/Power_State_Coordination_Interface_PDD_v1_1_DEN0022D.pdf |