Commit 4a75b84a authored by Dan Handley's avatar Dan Handley
Browse files

Doc updates following platform port reorganization

Update the User Guide, Porting Guide and Firmware Design documents
to align them with the recent changes made to the FVP and Juno
platform ports.

Also fix some other historical inaccuracies.

Change-Id: I37aba4805f9044b1a047996d3e396c75f4a09176
parent 85135283
...@@ -88,13 +88,9 @@ This stage begins execution from the platform's reset vector at EL3. The reset ...@@ -88,13 +88,9 @@ This stage begins execution from the platform's reset vector at EL3. The reset
address is platform dependent but it is usually located in a Trusted ROM area. address is platform dependent but it is usually located in a Trusted ROM area.
The BL1 data section is copied to trusted SRAM at runtime. The BL1 data section is copied to trusted SRAM at runtime.
On the ARM FVP port, BL1 code starts execution from the reset vector at address On the ARM development platforms, BL1 code starts execution from the reset
`0x00000000` (trusted ROM). The BL1 data section is copied to the start of vector defined by the constant `BL1_RO_BASE`. The BL1 data section is copied
trusted SRAM at address `0x04000000`. to the top of trusted SRAM as defined by the constant `BL1_RW_BASE`.
On the Juno ARM development platform port, BL1 code starts execution at
`0x0BEC0000` (FLASH). The BL1 data section is copied to trusted SRAM at address
`0x04001000.
The functionality implemented by this stage is as follows. The functionality implemented by this stage is as follows.
...@@ -189,9 +185,9 @@ BL1 performs minimal architectural initialization as follows. ...@@ -189,9 +185,9 @@ BL1 performs minimal architectural initialization as follows.
#### Platform initialization #### Platform initialization
BL1 enables issuing of snoop and DVM (Distributed Virtual Memory) requests from BL1 enables issuing of snoop and DVM (Distributed Virtual Memory) requests from
the CCI-400 slave interface corresponding to the cluster that includes the the CCI slave interface corresponding to the cluster that includes the
primary CPU. BL1 also initializes UART0 (PL011 console), which enables access to primary CPU. BL1 also initializes a UART (PL011 console), which enables access
the `printf` family of functions in BL1. to the `printf` family of functions in BL1.
#### BL2 image load and execution #### BL2 image load and execution
...@@ -247,7 +243,7 @@ platform-specific mechanism. It calculates the limits of DRAM (main memory) ...@@ -247,7 +243,7 @@ platform-specific mechanism. It calculates the limits of DRAM (main memory)
to determine whether there is enough space to load the BL3-3 image. A platform to determine whether there is enough space to load the BL3-3 image. A platform
defined base address is used to specify the load address for the BL3-1 image. defined base address is used to specify the load address for the BL3-1 image.
It also defines the extents of memory available for use by the BL3-2 image. It also defines the extents of memory available for use by the BL3-2 image.
BL2 also initializes UART0 (PL011 console), which enables access to the BL2 also initializes a UART (PL011 console), which enables access to the
`printf` family of functions in BL2. Platform security is initialized to allow `printf` family of functions in BL2. Platform security is initialized to allow
access to controlled components. The storage abstraction layer is initialized access to controlled components. The storage abstraction layer is initialized
which is used to load further bootloader images. which is used to load further bootloader images.
...@@ -258,8 +254,8 @@ Some systems have a separate System Control Processor (SCP) for power, clock, ...@@ -258,8 +254,8 @@ Some systems have a separate System Control Processor (SCP) for power, clock,
reset and system control. BL2 loads the optional BL3-0 image from platform reset and system control. BL2 loads the optional BL3-0 image from platform
storage into a platform-specific region of secure memory. The subsequent storage into a platform-specific region of secure memory. The subsequent
handling of BL3-0 is platform specific. For example, on the Juno ARM development handling of BL3-0 is platform specific. For example, on the Juno ARM development
platform port the image is transferred into SCP memory using the SCPI protocol platform port the image is transferred into SCP's internal memory using the Boot
after being loaded in the trusted SRAM memory at address `0x04009000`. The SCP Over MHU (BOM) protocol after being loaded in the trusted SRAM memory. The SCP
executes BL3-0 and signals to the Application Processor (AP) for BL2 execution executes BL3-0 and signals to the Application Processor (AP) for BL2 execution
to continue. to continue.
...@@ -338,7 +334,7 @@ the clock frequency of the system counter, which is provided by the platform. ...@@ -338,7 +334,7 @@ the clock frequency of the system counter, which is provided by the platform.
BL3-1 performs detailed platform initialization, which enables normal world BL3-1 performs detailed platform initialization, which enables normal world
software to function correctly. It also retrieves entrypoint information for software to function correctly. It also retrieves entrypoint information for
the BL3-3 image loaded by BL2 from the platform defined memory address populated the BL3-3 image loaded by BL2 from the platform defined memory address populated
by BL2. BL3-1 also initializes UART0 (PL011 console), which enables by BL2. BL3-1 also initializes a UART (PL011 console), which enables
access to the `printf` family of functions in BL3-1. It enables the system access to the `printf` family of functions in BL3-1. It enables the system
level implementation of the generic timer through the memory mapped interface. level implementation of the generic timer through the memory mapped interface.
...@@ -460,7 +456,8 @@ the CPU caches if it is provided by an earlier boot stage and then accessed by ...@@ -460,7 +456,8 @@ the CPU caches if it is provided by an earlier boot stage and then accessed by
BL3-1 platform code before the caches are enabled. BL3-1 platform code before the caches are enabled.
ARM Trusted Firmware's BL2 implementation passes a `bl31_params` structure in ARM Trusted Firmware's BL2 implementation passes a `bl31_params` structure in
`X0` and the FVP port interprets this in the BL3-1 platform code. `X0` and the ARM development platforms interpret this in the BL3-1 platform
code.
##### MMU, Data caches & Coherency ##### MMU, Data caches & Coherency
...@@ -490,7 +487,7 @@ BL3-1 to detect which information is present and respond appropriately. The ...@@ -490,7 +487,7 @@ BL3-1 to detect which information is present and respond appropriately. The
The structures using this format are `entry_point_info`, `image_info` and The structures using this format are `entry_point_info`, `image_info` and
`bl31_params`. The code that allocates and populates these structures must set `bl31_params`. The code that allocates and populates these structures must set
the header fields appropriately, and the `SET_PARA_HEAD()` a macro is defined the header fields appropriately, and the `SET_PARAM_HEAD()` a macro is defined
to simplify this action. to simplify this action.
#### Required CPU state for BL3-1 Warm boot initialization #### Required CPU state for BL3-1 Warm boot initialization
...@@ -870,10 +867,10 @@ before returning through EL3 and running the non-trusted firmware (BL3-3): ...@@ -870,10 +867,10 @@ before returning through EL3 and running the non-trusted firmware (BL3-3):
6. Crash Reporting in BL3-1 6. Crash Reporting in BL3-1
---------------------------- ----------------------------
The BL3-1 implements a scheme for reporting the processor state when an unhandled BL3-1 implements a scheme for reporting the processor state when an unhandled
exception is encountered. The reporting mechanism attempts to preserve all the exception is encountered. The reporting mechanism attempts to preserve all the
register contents and report it via the default serial output. The general purpose register contents and report it via a dedicated UART (PL011 console). BL3-1
registers, EL3, Secure EL1 and some EL2 state registers are reported. reports the general purpose, EL3, Secure EL1 and some EL2 state registers.
A dedicated per-CPU crash stack is maintained by BL3-1 and this is retrieved via A dedicated per-CPU crash stack is maintained by BL3-1 and this is retrieved via
the per-CPU pointer cache. The implementation attempts to minimise the memory the per-CPU pointer cache. The implementation attempts to minimise the memory
...@@ -1253,27 +1250,37 @@ on FVP, BL3-1 and TSP need to know the limit address that their PROGBITS ...@@ -1253,27 +1250,37 @@ on FVP, BL3-1 and TSP need to know the limit address that their PROGBITS
sections must not overstep. The platform code must provide those. sections must not overstep. The platform code must provide those.
#### Memory layout on ARM FVPs #### Memory layout on ARM development platforms
The following list describes the memory layout on the ARM development platforms:
The following list describes the memory layout on the FVP: * A 4KB page of shared memory is used for communication between Trusted
Firmware and the platform's power controller. This is located at the base of
Trusted SRAM. The amount of Trusted SRAM available to load the bootloader
images is reduced by the size of the shared memory.
* A 4KB page of shared memory is used to store the entrypoint mailboxes The shared memory is used to store the entrypoint mailboxes for each CPU.
and the parameters passed between bootloaders. The shared memory is located On Juno, this is also used for the MHU payload when passing messages to and
at the base of the Trusted SRAM. The amount of Trusted SRAM available to from the SCP.
load the bootloader images will be reduced by the size of the shared memory.
* BL1 is originally sitting in the Trusted ROM at address `0x0`. Its * On FVP, BL1 is originally sitting in the Trusted ROM at address `0x0`. On
read-write data are relocated at the top of the Trusted SRAM at runtime. Juno, BL1 resides in flash memory at address `0x0BEC0000`. BL1 read-write
data are relocated to the top of Trusted SRAM at runtime.
* BL3-1 is loaded at the top of the Trusted SRAM, such that its NOBITS * BL3-1 is loaded at the top of the Trusted SRAM, such that its NOBITS
sections will overwrite BL1 R/W data. sections will overwrite BL1 R/W data. This implies that BL1 global variables
remain valid only until execution reaches the BL3-1 entry point during
a cold boot.
* BL2 is loaded below BL3-1. * BL2 is loaded below BL3-1.
* On Juno, BL3-0 is loaded temporarily into the BL3-1 memory region and
transfered to the SCP before being overwritten by BL3-1.
* BL3-2 can be loaded in one of the following locations: * BL3-2 can be loaded in one of the following locations:
* Trusted SRAM * Trusted SRAM
* Trusted DRAM * Trusted DRAM (FVP only)
* Secure region of DRAM (top 16MB of DRAM configured by the TrustZone * Secure region of DRAM (top 16MB of DRAM configured by the TrustZone
controller) controller)
...@@ -1282,9 +1289,13 @@ overlay BL2. This memory layout is designed to give the BL3-2 image as much ...@@ -1282,9 +1289,13 @@ overlay BL2. This memory layout is designed to give the BL3-2 image as much
memory as possible when it is loaded into Trusted SRAM. memory as possible when it is loaded into Trusted SRAM.
The location of the BL3-2 image will result in different memory maps. This is The location of the BL3-2 image will result in different memory maps. This is
illustrated in the following diagrams using the TSP as an example. illustrated for both FVP and Juno in the following diagrams, using the TSP as
an example.
Note: Loading the BL3-2 image in TZC secured DRAM doesn't change the memory
layout of the other images in Trusted SRAM.
**TSP in Trusted SRAM (default option):** **FVP with TSP in Trusted SRAM (default option):**
Trusted SRAM Trusted SRAM
0x04040000 +----------+ loaded by BL2 ------------------ 0x04040000 +----------+ loaded by BL2 ------------------
...@@ -1305,7 +1316,7 @@ illustrated in the following diagrams using the TSP as an example. ...@@ -1305,7 +1316,7 @@ illustrated in the following diagrams using the TSP as an example.
0x00000000 +----------+ 0x00000000 +----------+
**TSP in Trusted DRAM:** **FVP with TSP in Trusted DRAM:**
Trusted DRAM Trusted DRAM
0x08000000 +----------+ 0x08000000 +----------+
...@@ -1330,7 +1341,7 @@ illustrated in the following diagrams using the TSP as an example. ...@@ -1330,7 +1341,7 @@ illustrated in the following diagrams using the TSP as an example.
| BL1 (ro) | | BL1 (ro) |
0x00000000 +----------+ 0x00000000 +----------+
**TSP in the TZC-Secured DRAM:** **FVP with TSP in TZC-Secured DRAM:**
DRAM DRAM
0xffffffff +----------+ 0xffffffff +----------+
...@@ -1359,43 +1370,8 @@ illustrated in the following diagrams using the TSP as an example. ...@@ -1359,43 +1370,8 @@ illustrated in the following diagrams using the TSP as an example.
| BL1 (ro) | | BL1 (ro) |
0x00000000 +----------+ 0x00000000 +----------+
Moving the TSP image out of the Trusted SRAM doesn't change the memory layout
of the other boot loader images in Trusted SRAM.
#### Memory layout on Juno ARM development platform
The following list describes the memory layout on Juno:
* Trusted SRAM at 0x04000000 contains the MHU page, BL1 r/w section, BL2
image, BL3-1 image and, optionally, the BL3-2 image.
* The MHU 4 KB page is used as communication channel between SCP and AP. It
also contains the entrypoint mailboxes for the AP. Mailboxes are stored in
the first 128 bytes of the MHU page.
* BL1 resides in flash memory at address `0x0BEC0000`. Its read-write data **Juno with BL3-2 in Trusted SRAM (default option):**
section is relocated to the top of the Trusted SRAM at runtime.
* BL3-1 is loaded at the top of the Trusted SRAM, such that its NOBITS
sections will overwrite BL1 R/W data. This implies that BL1 global variables
will remain valid only until execution reaches the BL3-1 entry point during
a cold boot.
* BL2 is loaded below BL3-1.
* BL3-0 is loaded temporarily into the BL3-1 memory region and transfered to
the SCP before being overwritten by BL3-1.
* The BL3-2 image is optional and can be loaded into one of these two
locations: Trusted SRAM (right after the MHU page) or DRAM (14 MB starting
at 0xFF000000 and secured by the TrustZone controller). When loaded into
Trusted SRAM, its NOBITS sections are allowed to overlap BL2.
Depending on the location of the BL3-2 image, it will result in different memory
maps, illustrated by the following diagrams.
**BL3-2 in Trusted SRAM (default option):**
Flash0 Flash0
0x0C000000 +----------+ 0x0C000000 +----------+
...@@ -1420,7 +1396,7 @@ maps, illustrated by the following diagrams. ...@@ -1420,7 +1396,7 @@ maps, illustrated by the following diagrams.
0x04000000 +----------+ 0x04000000 +----------+
**BL3-2 in the secure region of DRAM:** **Juno with BL3-2 in TZC-secured DRAM:**
DRAM DRAM
0xFFE00000 +----------+ 0xFFE00000 +----------+
...@@ -1453,9 +1429,6 @@ maps, illustrated by the following diagrams. ...@@ -1453,9 +1429,6 @@ maps, illustrated by the following diagrams.
| MHU | | MHU |
0x04000000 +----------+ 0x04000000 +----------+
Loading the BL3-2 image in DRAM doesn't change the memory layout of the other
images in Trusted SRAM.
10. Firmware Image Package (FIP) 10. Firmware Image Package (FIP)
--------------------------------- ---------------------------------
...@@ -1524,15 +1497,16 @@ The tool can be found in `tools/fip_create`. ...@@ -1524,15 +1497,16 @@ The tool can be found in `tools/fip_create`.
### Loading from a Firmware Image Package (FIP) ### Loading from a Firmware Image Package (FIP)
The Firmware Image Package (FIP) driver can load images from a binary package on The Firmware Image Package (FIP) driver can load images from a binary package on
non-volatile platform storage. For the FVPs this is currently NOR FLASH. non-volatile platform storage. For the ARM development platforms, this is
currently NOR FLASH.
Bootloader images are loaded according to the platform policy as specified in Bootloader images are loaded according to the platform policy as specified by
`plat/<platform>/plat_io_storage.c`. For the FVPs this means the platform will the function `plat_get_image_source()`. For the ARM development platforms, this
attempt to load images from a Firmware Image Package located at the start of NOR means the platform will attempt to load images from a Firmware Image Package
FLASH0. located at the start of NOR FLASH0.
Currently the FVP's policy only allows loading of a known set of images. The The ARM development platforms' policy is to only allow loading of a known set of
platform policy can be modified to allow additional images. images. The platform policy can be modified to allow additional images.
11. Use of coherent memory in Trusted Firmware 11. Use of coherent memory in Trusted Firmware
...@@ -1743,7 +1717,6 @@ Trusted Firmware code is logically divided between the three boot loader ...@@ -1743,7 +1717,6 @@ Trusted Firmware code is logically divided between the three boot loader
stages mentioned in the previous sections. The code is also divided into the stages mentioned in the previous sections. The code is also divided into the
following categories (present as directories in the source code): following categories (present as directories in the source code):
* **Architecture specific.** This could be AArch32 or AArch64.
* **Platform specific.** Choice of architecture specific code depends upon * **Platform specific.** Choice of architecture specific code depends upon
the platform. the platform.
* **Common code.** This is platform and architecture agnostic code. * **Common code.** This is platform and architecture agnostic code.
...@@ -1761,7 +1734,6 @@ categories. Based upon the above, the code layout looks like this: ...@@ -1761,7 +1734,6 @@ categories. Based upon the above, the code layout looks like this:
bl1 Yes No No bl1 Yes No No
bl2 No Yes No bl2 No Yes No
bl31 No No Yes bl31 No No Yes
arch Yes Yes Yes
plat Yes Yes Yes plat Yes Yes Yes
drivers Yes No Yes drivers Yes No Yes
common Yes Yes Yes common Yes Yes Yes
...@@ -1795,7 +1767,7 @@ kernel at boot time. These can be found in the `fdts` directory. ...@@ -1795,7 +1767,7 @@ kernel at boot time. These can be found in the `fdts` directory.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
_Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved._ _Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved._
[ARM ARM]: http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0487a.e/index.html "ARMv8-A Reference Manual (ARM DDI0487A.E)" [ARM ARM]: http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0487a.e/index.html "ARMv8-A Reference Manual (ARM DDI0487A.E)"
[PSCI]: http://infocenter.arm.com/help/topic/com.arm.doc.den0022c/DEN0022C_Power_State_Coordination_Interface.pdf "Power State Coordination Interface PDD (ARM DEN 0022C)" [PSCI]: http://infocenter.arm.com/help/topic/com.arm.doc.den0022c/DEN0022C_Power_State_Coordination_Interface.pdf "Power State Coordination Interface PDD (ARM DEN 0022C)"
......
This diff is collapsed.
...@@ -206,8 +206,8 @@ performed. ...@@ -206,8 +206,8 @@ performed.
wants the timer registers to be saved and restored. wants the timer registers to be saved and restored.
* `PLAT`: Choose a platform to build ARM Trusted Firmware for. The chosen * `PLAT`: Choose a platform to build ARM Trusted Firmware for. The chosen
platform name must be the name of one of the directories under the `plat/` platform name must be subdirectory of any depth under `plat/`, and must
directory other than `common`. contain a platform makefile named `platform.mk`.
* `SPD`: Choose a Secure Payload Dispatcher component to be built into the * `SPD`: Choose a Secure Payload Dispatcher component to be built into the
Trusted Firmware. The value should be the path to the directory containing Trusted Firmware. The value should be the path to the directory containing
...@@ -320,21 +320,16 @@ performed. ...@@ -320,21 +320,16 @@ performed.
* `BL33_KEY`: This option is used when `GENERATE_COT=1`. It specifies the * `BL33_KEY`: This option is used when `GENERATE_COT=1`. It specifies the
file that contains the BL3-3 private key in PEM format. file that contains the BL3-3 private key in PEM format.
#### FVP specific build options #### ARM development platform specific build options
* `FVP_TSP_RAM_LOCATION`: location of the TSP binary. Options: * `ARM_TSP_RAM_LOCATION_ID`: location of the TSP binary. Options:
- `tsram` : Trusted SRAM (default option) - `tsram` : Trusted SRAM (default option)
- `tdram` : Trusted DRAM - `tdram` : Trusted DRAM (if available)
- `dram` : Secure region in DRAM (configured by the TrustZone controller) - `dram` : Secure region in DRAM (configured by the TrustZone controller)
For a better understanding of FVP options, the FVP memory map is explained in For a better understanding of these options, the ARM development platform memory
the [Firmware Design]. map is explained in the [Firmware Design].
#### Juno specific build options
* `PLAT_TSP_LOCATION`: location of the TSP binary. Options:
- `tsram` : Trusted SRAM (default option)
- `dram` : Secure region in DRAM (set by the TrustZone controller)
### Creating a Firmware Image Package ### Creating a Firmware Image Package
...@@ -409,8 +404,8 @@ When debugging logic problems it might also be useful to disable all compiler ...@@ -409,8 +404,8 @@ When debugging logic problems it might also be useful to disable all compiler
optimizations by using `-O0`. optimizations by using `-O0`.
NOTE: Using `-O0` could cause output images to be larger and base addresses NOTE: Using `-O0` could cause output images to be larger and base addresses
might need to be recalculated (see the "Memory layout of BL images" section in might need to be recalculated (see the **Memory layout on ARM development
the [Firmware Design]). platforms** section in the [Firmware Design]).
Extra debug options can be passed to the build system by setting `CFLAGS`: Extra debug options can be passed to the build system by setting `CFLAGS`:
...@@ -461,7 +456,7 @@ FVP_AARCH64_EFI.fd as BL3-3 image: ...@@ -461,7 +456,7 @@ FVP_AARCH64_EFI.fd as BL3-3 image:
The `cert_create` tool can be built separately through the following commands: The `cert_create` tool can be built separately through the following commands:
$ cd tools/cert_create $ cd tools/cert_create
$ make [DEBUG=1] [V=1] $ make PLAT=<platform> [DEBUG=1] [V=1]
`DEBUG=1` builds the tool in debug mode. `V=1` makes the build process more `DEBUG=1` builds the tool in debug mode. `V=1` makes the build process more
verbose. The following command should be used to obtain help about the tool: verbose. The following command should be used to obtain help about the tool:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment