1ARM Trusted Firmware for Socionext UniPhier SoCs 2================================================ 3 4Socionext UniPhier ARMv8-A SoCs use ARM Trusted Firmware as the secure world 5firmware, supporting BL1, BL2, and BL31. 6 7UniPhier SoC family implements its internal boot ROM, so BL1 is used as pseudo 8ROM (i.e. runs in RAM). The internal boot ROM loads 64KB `1`_ image from a 9non-volatile storage to the on-chip SRAM. Unfortunately, BL1 does not fit in 10the 64KB limit if `Trusted Board Boot`_ (TBB) is enabled. To solve this problem, 11Socionext provides a first stage loader called `UniPhier BL`_. This loader runs 12in the on-chip SRAM, initializes the DRAM, expands BL1 there, and hands the 13control over to it. Therefore, all images of ARM Trusted Firmware run in DRAM. 14 15The UniPhier platform works with/without TBB. See below for the build process 16of each case. The image authentication for the UniPhier platform fully 17complies with the Trusted Board Boot Requirements (TBBR) specification. 18 19The UniPhier BL does not implement the authentication functionality, that is, 20it can not verify the BL1 image by itself. Instead, the UniPhier BL assures 21the BL1 validity in a different way; BL1 is GZIP-compressed and appended to 22the UniPhier BL. The concatenation of the UniPhier BL and the compressed BL1 23fits in the 64KB limit. The concatenated image is loaded by the boot ROM 24(and verified if the chip fuses are blown). 25 26:: 27 28 to the lowest common denominator. 29 30Boot Flow 31--------- 32 33#. The Boot ROM 34 35This is hard-wired ROM, so never corrupted. It loads the UniPhier BL (with 36compressed-BL1 appended) into the on-chip SRAM. If the SoC fuses are blown, 37the image is verified by the SoC's own method. 38 39#. UniPhier BL 40 41This runs in the on-chip SRAM. After the minimum SoC initialization and DRAM 42setup, it decompresses the appended BL1 image into the DRAM, then jumps to 43the BL1 entry. 44 45#. BL1 46 47This runs in the DRAM. It extracts BL2 from FIP (Firmware Image Package). 48If TBB is enabled, the BL2 is authenticated by the standard mechanism of ARM 49Trusted Firmware. 50 51#. BL2, BL31, and more 52 53They all run in the DRAM, and are authenticated by the standard mechanism if 54TBB is enabled. See `Firmware Design`_ for details. 55 56Basic Build 57----------- 58 59BL1 must be compressed for the reason above. The UniPhier's platform makefile 60provides a build target ``bl1_gzip`` for this. 61 62For a non-secure boot loader (aka BL33), U-Boot is well supported for UniPhier 63SoCs. The U-Boot image (``u-boot.bin``) must be built in advance. For the build 64procedure of U-Boot, refer to the document in the `U-Boot`_ project. 65 66To build minimum functionality for UniPhier (without TBB): 67 68:: 69 70 make CROSS_COMPILE=<gcc-prefix> PLAT=uniphier BL33=<path-to-BL33> bl1_gzip fip 71 72Output images: 73 74- ``bl1.bin.gzip`` 75- ``fip.bin`` 76 77Optional features 78----------------- 79 80- Trusted Board Boot 81 82`mbed TLS`_ is needed as the cryptographic and image parser modules. 83Refer to the `User Guide`_ for the appropriate version of mbed TLS. 84 85To enable TBB, add the following options to the build command: 86 87:: 88 89 TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 MBEDTLS_DIR=<path-to-mbedtls> 90 91- System Control Processor (SCP) 92 93If desired, FIP can include an SCP BL2 image. If BL2 finds an SCP BL2 image 94in FIP, BL2 loads it into DRAM and kicks the SCP. Most of UniPhier boards 95still work without SCP, but SCP provides better power management support. 96 97To include SCP\_BL2, add the following option to the build command: 98 99:: 100 101 SCP_BL2=<path-to-SCP> 102 103- BL32 (Secure Payload) 104 105To enable BL32, add the following option to the build command: 106 107:: 108 109 SPD=<spd> BL32=<path-to-BL32> 110 111If you use TSP for BL32, ``BL32=<path-to-BL32>`` is not required. Just add the 112following: 113 114:: 115 116 SPD=tspd 117 118.. _1: Some%20SoCs%20can%20load%2080KB,%20but%20the%20software%20implementation%20must%20be%20aligned 119.. _Trusted Board Boot: ../trusted-board-boot.rst 120.. _UniPhier BL: https://github.com/uniphier/uniphier-bl 121.. _Firmware Design: ../firmware-design.rst 122.. _U-Boot: https://www.denx.de/wiki/U-Boot 123.. _mbed TLS: https://tls.mbed.org/ 124.. _User Guide: ../user-guide.rst 125