Commit f325f9ce authored by Sandrine Bailleux's avatar Sandrine Bailleux Committed by TrustedFirmware Code Review
Browse files

Merge "doc: Split the User Guide into multiple files" into integration

parents d537ee79 43f35ef5
......@@ -115,21 +115,27 @@ Memory impact
~~~~~~~~~~~~~
Using library at ROM will modify the memory layout of the BL images:
- The ROM library needs a page aligned RAM section to hold the RW data. This
section is defined by the ROMLIB_RW_BASE and ROMLIB_RW_END macros.
On Arm platforms a section of 1 page (0x1000) is allocated at the top of SRAM.
This will have for effect to shift down all the BL images by 1 page.
- Depending on the functions moved to the ROM library, the size of the BL images
will be reduced.
For example: moving MbedTLS function into the ROM library reduces BL1 and
BL2, but not BL31.
- This change in BL images size can be taken into consideration to optimize the
memory layout when defining the BLx_BASE macros.
Build library at ROM
~~~~~~~~~~~~~~~~~~~~~
The environment variable ``CROSS_COMPILE`` must be set as per the user guide.
The environment variable ``CROSS_COMPILE`` must be set appropriately. Refer to
:ref:`Performing an Initial Build` for more information about setting this
variable.
In the below example the usage of ROMLIB together with mbed TLS is demonstrated
to showcase the benefits of library at ROM - it's not mandatory.
......
Alternative Boot Flows
======================
EL3 payloads alternative boot flow
----------------------------------
On a pre-production system, the ability to execute arbitrary, bare-metal code at
the highest exception level is required. It allows full, direct access to the
hardware, for example to run silicon soak tests.
Although it is possible to implement some baremetal secure firmware from
scratch, this is a complex task on some platforms, depending on the level of
configuration required to put the system in the expected state.
Rather than booting a baremetal application, a possible compromise is to boot
``EL3 payloads`` through TF-A instead. This is implemented as an alternative
boot flow, where a modified BL2 boots an EL3 payload, instead of loading the
other BL images and passing control to BL31. It reduces the complexity of
developing EL3 baremetal code by:
- putting the system into a known architectural state;
- taking care of platform secure world initialization;
- loading the SCP_BL2 image if required by the platform.
When booting an EL3 payload on Arm standard platforms, the configuration of the
TrustZone controller is simplified such that only region 0 is enabled and is
configured to permit secure access only. This gives full access to the whole
DRAM to the EL3 payload.
The system is left in the same state as when entering BL31 in the default boot
flow. In particular:
- Running in EL3;
- Current state is AArch64;
- Little-endian data access;
- All exceptions disabled;
- MMU disabled;
- Caches disabled.
.. _alt_boot_flows_el3_payload:
Booting an EL3 payload
~~~~~~~~~~~~~~~~~~~~~~
The EL3 payload image is a standalone image and is not part of the FIP. It is
not loaded by TF-A. Therefore, there are 2 possible scenarios:
- The EL3 payload may reside in non-volatile memory (NVM) and execute in
place. In this case, booting it is just a matter of specifying the right
address in NVM through ``EL3_PAYLOAD_BASE`` when building TF-A.
- The EL3 payload needs to be loaded in volatile memory (e.g. DRAM) at
run-time.
To help in the latter scenario, the ``SPIN_ON_BL1_EXIT=1`` build option can be
used. The infinite loop that it introduces in BL1 stops execution at the right
moment for a debugger to take control of the target and load the payload (for
example, over JTAG).
It is expected that this loading method will work in most cases, as a debugger
connection is usually available in a pre-production system. The user is free to
use any other platform-specific mechanism to load the EL3 payload, though.
Preloaded BL33 alternative boot flow
------------------------------------
Some platforms have the ability to preload BL33 into memory instead of relying
on TF-A to load it. This may simplify packaging of the normal world code and
improve performance in a development environment. When secure world cold boot
is complete, TF-A simply jumps to a BL33 base address provided at build time.
For this option to be used, the ``PRELOADED_BL33_BASE`` build option has to be
used when compiling TF-A. For example, the following command will create a FIP
without a BL33 and prepare to jump to a BL33 image loaded at address
0x80000000:
.. code:: shell
make PRELOADED_BL33_BASE=0x80000000 PLAT=fvp all fip
--------------
*Copyright (c) 2019, Arm Limited. All rights reserved.*
......@@ -597,7 +597,7 @@ registered function to initialize BL32 before running BL33. This initialization
is not necessary for AArch32 SPs.
Details on BL32 initialization and the SPD's role are described in the
"Secure-EL1 Payloads and Dispatchers" section below.
:ref:`firmware_design_sel1_spd` section below.
BL33 (Non-trusted Firmware) execution
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
......@@ -868,7 +868,7 @@ not all been instantiated in the current implementation.
TF-A provides a Test Secure-EL1 Payload (TSP) and its associated Dispatcher
(TSPD). Details of SPD design and TSP/TSPD operation are described in the
"Secure-EL1 Payloads and Dispatchers" section below.
:ref:`firmware_design_sel1_spd` section below.
#. CPU implementation service
......@@ -1875,10 +1875,7 @@ BL image during boot.
| MHU |
0x04000000 +----------+
Library at ROM
---------------
Please refer to the :ref:`Library at ROM` document.
.. _firmware_design_fip:
Firmware Image Package (FIP)
----------------------------
......@@ -2543,7 +2540,7 @@ Architecture Extension-specific code is included in the build. Otherwise, TF-A
targets the base Armv8.0-A architecture; i.e. as if ``ARM_ARCH_MAJOR`` == 8
and ``ARM_ARCH_MINOR`` == 0, which are also their respective default values.
See also the *Summary of build options* in :ref:`User Guide`.
.. seealso:: :ref:`Build Options`
For details on the Architecture Extension and available features, please refer
to the respective Architecture Extension Supplement.
......
......@@ -6,6 +6,7 @@ System Design
:caption: Contents
:numbered:
alt-boot-flows
auth-framework
cpu-specific-build-macros
firmware-design
......@@ -13,3 +14,8 @@ System Design
psci-pd-tree
reset-design
trusted-board-boot
trusted-board-boot-build
--------------
*Copyright (c) 2019, Arm Limited. All rights reserved.*
......@@ -115,8 +115,8 @@ only.
It allows the Arm FVP port to support the ``RESET_TO_BL31`` configuration, in
which case the ``bl31.bin`` image must be loaded to its run address in Trusted
SRAM and all CPU reset vectors be changed from the default ``0x0`` to this run
address. See the :ref:`User Guide` for details of running the FVP models in this
way.
address. See the :ref:`Arm Fixed Virtual Platforms (FVP)` for details of running
the FVP models in this way.
Although technically it would be possible to program the reset base address with
the right support in the SCP firmware, this is currently not implemented so the
......
Building FIP images with support for Trusted Board Boot
=======================================================
Trusted Board Boot primarily consists of the following two features:
- Image Authentication, described in :ref:`Trusted Board Boot`, and
- Firmware Update, described in :ref:`Firmware Update (FWU)`
The following steps should be followed to build FIP and (optionally) FWU_FIP
images with support for these features:
#. Fulfill the dependencies of the ``mbedtls`` cryptographic and image parser
modules by checking out a recent version of the `mbed TLS Repository`_. It
is important to use a version that is compatible with TF-A and fixes any
known security vulnerabilities. See `mbed TLS Security Center`_ for more
information. See the :ref:`Prerequisites` document for the appropriate
version of mbed TLS to use.
The ``drivers/auth/mbedtls/mbedtls_*.mk`` files contain the list of mbed TLS
source files the modules depend upon.
``include/drivers/auth/mbedtls/mbedtls_config.h`` contains the configuration
options required to build the mbed TLS sources.
Note that the mbed TLS library is licensed under the Apache version 2.0
license. Using mbed TLS source code will affect the licensing of TF-A
binaries that are built using this library.
#. To build the FIP image, ensure the following command line variables are set
while invoking ``make`` to build TF-A:
- ``MBEDTLS_DIR=<path of the directory containing mbed TLS sources>``
- ``TRUSTED_BOARD_BOOT=1``
- ``GENERATE_COT=1``
In the case of Arm platforms, the location of the ROTPK hash must also be
specified at build time. Two locations are currently supported (see
``ARM_ROTPK_LOCATION`` build option):
- ``ARM_ROTPK_LOCATION=regs``: the ROTPK hash is obtained from the Trusted
root-key storage registers present in the platform. On Juno, this
registers are read-only. On FVP Base and Cortex models, the registers
are read-only, but the value can be specified using the command line
option ``bp.trusted_key_storage.public_key`` when launching the model.
On both Juno and FVP models, the default value corresponds to an
ECDSA-SECP256R1 public key hash, whose private part is not currently
available.
- ``ARM_ROTPK_LOCATION=devel_rsa``: use the ROTPK hash that is hardcoded
in the Arm platform port. The private/public RSA key pair may be
found in ``plat/arm/board/common/rotpk``.
- ``ARM_ROTPK_LOCATION=devel_ecdsa``: use the ROTPK hash that is hardcoded
in the Arm platform port. The private/public ECDSA key pair may be
found in ``plat/arm/board/common/rotpk``.
Example of command line using RSA development keys:
.. code:: shell
MBEDTLS_DIR=<path of the directory containing mbed TLS sources> \
make PLAT=<platform> TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 \
ARM_ROTPK_LOCATION=devel_rsa \
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \
BL33=<path-to>/<bl33_image> \
all fip
The result of this build will be the bl1.bin and the fip.bin binaries. This
FIP will include the certificates corresponding to the Chain of Trust
described in the TBBR-client document. These certificates can also be found
in the output build directory.
#. The optional FWU_FIP contains any additional images to be loaded from
Non-Volatile storage during the :ref:`Firmware Update (FWU)` process. To build the
FWU_FIP, any FWU images required by the platform must be specified on the
command line. On Arm development platforms like Juno, these are:
- NS_BL2U. The AP non-secure Firmware Updater image.
- SCP_BL2U. The SCP Firmware Update Configuration image.
Example of Juno command line for generating both ``fwu`` and ``fwu_fip``
targets using RSA development:
::
MBEDTLS_DIR=<path of the directory containing mbed TLS sources> \
make PLAT=juno TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 \
ARM_ROTPK_LOCATION=devel_rsa \
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \
BL33=<path-to>/<bl33_image> \
SCP_BL2=<path-to>/<scp_bl2_image> \
SCP_BL2U=<path-to>/<scp_bl2u_image> \
NS_BL2U=<path-to>/<ns_bl2u_image> \
all fip fwu_fip
.. note::
The BL2U image will be built by default and added to the FWU_FIP.
The user may override this by adding ``BL2U=<path-to>/<bl2u_image>``
to the command line above.
.. note::
Building and installing the non-secure and SCP FWU images (NS_BL1U,
NS_BL2U and SCP_BL2U) is outside the scope of this document.
The result of this build will be bl1.bin, fip.bin and fwu_fip.bin binaries.
Both the FIP and FWU_FIP will include the certificates corresponding to the
Chain of Trust described in the TBBR-client document. These certificates
can also be found in the output build directory.
--------------
*Copyright (c) 2019, Arm Limited. All rights reserved.*
.. _mbed TLS Repository: https://github.com/ARMmbed/mbedtls.git
.. _mbed TLS Security Center: https://tls.mbed.org/security
......@@ -187,8 +187,8 @@ The next step is executed for all the boot loader images.
The Trusted Board Boot implementation spans both generic and platform-specific
BL1 and BL2 code, and in tool code on the host build machine. The feature is
enabled through use of specific build flags as described in the
:ref:`User Guide`.
enabled through use of specific build flags as described in
:ref:`Build Options`.
On the host machine, a tool generates the certificates, which are included in
the FIP along with the boot loader images. These certificates are loaded in
......@@ -222,9 +222,12 @@ passed as inputs to the ``fiptool`` utility for creating the FIP.
The certificates are also stored individually in the in the output build
directory.
The tool resides in the ``tools/cert_create`` directory. It uses OpenSSL SSL
library version 1.0.1 or later to generate the X.509 certificates. Instructions
for building and using the tool can be found in the :ref:`User Guide`.
The tool resides in the ``tools/cert_create`` directory. It uses the OpenSSL SSL
library version to generate the X.509 certificates. The specific version of the
library that is required is given in the :ref:`Prerequisites` document.
Instructions for building and using the tool can be found at
:ref:`tools_build_cert_create`.
--------------
......
......@@ -22,6 +22,9 @@ For building a local copy of the |TF-A| documentation you will need, at minimum:
- Python 3 (3.5 or later)
- PlantUML (1.2017.15 or later)
Optionally, the `Dia`_ application can be installed if you need to edit
existing ``.dia`` diagram files, or create new ones.
You must also install the Python modules that are specified in the
``requirements.txt`` file in the root of the ``docs`` directory. These modules
can be installed using ``pip3`` (the Python Package Installer). Passing this
......@@ -33,7 +36,7 @@ that the working directory is ``docs``:
.. code:: shell
sudo apt install python3 python3-pip plantuml
sudo apt install python3 python3-pip plantuml [dia]
pip3 install [--user] -r requirements.txt
.. note::
......@@ -75,3 +78,4 @@ Output from the build process will be placed in:
.. _Sphinx: http://www.sphinx-doc.org/en/master/
.. _pip homepage: https://pip.pypa.io/en/stable/
.. _Dia: https://wiki.gnome.org/Apps/Dia
......@@ -6,9 +6,16 @@ Getting Started
:caption: Contents
:numbered:
user-guide
prerequisites
docs-build
tools-build
initial-build
build-options
image-terminology
porting-guide
psci-lib-integration-guide
rt-svc-writers-guide
--------------
*Copyright (c) 2019, Arm Limited. All rights reserved.*
Performing an Initial Build
===========================
- Before building TF-A, the environment variable ``CROSS_COMPILE`` must point
to the Linaro cross compiler.
For AArch64:
.. code:: shell
export CROSS_COMPILE=<path-to-aarch64-gcc>/bin/aarch64-linux-gnu-
For AArch32:
.. code:: shell
export CROSS_COMPILE=<path-to-aarch32-gcc>/bin/arm-eabi-
It is possible to build TF-A using Clang or Arm Compiler 6. To do so
``CC`` needs to point to the clang or armclang binary, which will
also select the clang or armclang assembler. Be aware that the
GNU linker is used by default. In case of being needed the linker
can be overridden using the ``LD`` variable. Clang linker version 6 is
known to work with TF-A.
In both cases ``CROSS_COMPILE`` should be set as described above.
Arm Compiler 6 will be selected when the base name of the path assigned
to ``CC`` matches the string 'armclang'.
For AArch64 using Arm Compiler 6:
.. code:: shell
export CROSS_COMPILE=<path-to-aarch64-gcc>/bin/aarch64-linux-gnu-
make CC=<path-to-armclang>/bin/armclang PLAT=<platform> all
Clang will be selected when the base name of the path assigned to ``CC``
contains the string 'clang'. This is to allow both clang and clang-X.Y
to work.
For AArch64 using clang:
.. code:: shell
export CROSS_COMPILE=<path-to-aarch64-gcc>/bin/aarch64-linux-gnu-
make CC=<path-to-clang>/bin/clang PLAT=<platform> all
- Change to the root directory of the TF-A source tree and build.
For AArch64:
.. code:: shell
make PLAT=<platform> all
For AArch32:
.. code:: shell
make PLAT=<platform> ARCH=aarch32 AARCH32_SP=sp_min all
Notes:
- If ``PLAT`` is not specified, ``fvp`` is assumed by default. See the
:ref:`Build Options` document for more information on available build
options.
- (AArch32 only) Currently only ``PLAT=fvp`` is supported.
- (AArch32 only) ``AARCH32_SP`` is the AArch32 EL3 Runtime Software and it
corresponds to the BL32 image. A minimal ``AARCH32_SP``, sp_min, is
provided by TF-A to demonstrate how PSCI Library can be integrated with
an AArch32 EL3 Runtime Software. Some AArch32 EL3 Runtime Software may
include other runtime services, for example Trusted OS services. A guide
to integrate PSCI library with AArch32 EL3 Runtime Software can be found
at :ref:`PSCI Library Integration guide for Armv8-A AArch32 systems`.
- (AArch64 only) The TSP (Test Secure Payload), corresponding to the BL32
image, is not compiled in by default. Refer to the
:ref:`Test Secure Payload (TSP) and Dispatcher (TSPD)` document for
details on building the TSP.
- By default this produces a release version of the build. To produce a
debug version instead, refer to the "Debugging options" section below.
- The build process creates products in a ``build`` directory tree, building
the objects and binaries for each boot loader stage in separate
sub-directories. The following boot loader binary files are created
from the corresponding ELF files:
- ``build/<platform>/<build-type>/bl1.bin``
- ``build/<platform>/<build-type>/bl2.bin``
- ``build/<platform>/<build-type>/bl31.bin`` (AArch64 only)
- ``build/<platform>/<build-type>/bl32.bin`` (mandatory for AArch32)
where ``<platform>`` is the name of the chosen platform and ``<build-type>``
is either ``debug`` or ``release``. The actual number of images might differ
depending on the platform.
- Build products for a specific build variant can be removed using:
.. code:: shell
make DEBUG=<D> PLAT=<platform> clean
... where ``<D>`` is ``0`` or ``1``, as specified when building.
The build tree can be removed completely using:
.. code:: shell
make realclean
--------------
*Copyright (c) 2019, Arm Limited. All rights reserved.*
......@@ -23,8 +23,6 @@ Some modifications are common to all Boot Loader (BL) stages. Section 2
discusses these in detail. The subsequent sections discuss the remaining
modifications for each BL stage in detail.
This document should be read in conjunction with the TF-A :ref:`User Guide`.
Please refer to the :ref:`Platform Compatibility Policy` for the policy
regarding compatibility and deprecation of these porting interfaces.
......@@ -2387,8 +2385,8 @@ present in the platform. Arm standard platform layer supports both
`Arm Generic Interrupt Controller version 2.0 (GICv2)`_
and `3.0 (GICv3)`_. Juno builds the Arm platform layer to use GICv2 and the
FVP can be configured to use either GICv2 or GICv3 depending on the build flag
``FVP_USE_GIC_DRIVER`` (See FVP platform specific build options in
:ref:`User Guide` for more details).
``FVP_USE_GIC_DRIVER`` (See :ref:`build_options_arm_fvp_platform` for more
details).
See also: `Interrupt Controller Abstraction APIs`__.
......@@ -2796,10 +2794,10 @@ storage access is only required by BL1 and BL2 phases and performed inside the
It is mandatory to implement at least one storage driver. For the Arm
development platforms the Firmware Image Package (FIP) driver is provided as
the default means to load data from storage (see the "Firmware Image Package"
section in the :ref:`User Guide`). The storage layer is described in the header file
``include/drivers/io/io_storage.h``. The implementation of the common library
is in ``drivers/io/io_storage.c`` and the driver files are located in
the default means to load data from storage (see :ref:`firmware_design_fip`).
The storage layer is described in the header file
``include/drivers/io/io_storage.h``. The implementation of the common library is
in ``drivers/io/io_storage.c`` and the driver files are located in
``drivers/io/``.
.. uml:: ../resources/diagrams/plantuml/io_arm_class_diagram.puml
......
Prerequisites
=============
This document describes the software requirements for building |TF-A| for
AArch32 and AArch64 target platforms.
It may possible to build |TF-A| with combinations of software packages that are
different from those listed below, however only the software described in this
document can be officially supported.
Build Host
----------
|TF-A| can be built using either a Linux or a Windows machine as the build host.
A relatively recent Linux distribution is recommended for building |TF-A|. We
have performed tests using Ubuntu 16.04 LTS (64-bit) but other distributions
should also work fine as a base, provided that the necessary tools and libraries
can be installed.
.. _prerequisites_toolchain:
Toolchain
---------
|TF-A| can be built with any of the following *cross-compiler* toolchains that
target the Armv7-A or Armv8-A architectures:
- GCC >= 8.3-2019.03 (from the `Arm Developer website`_)
- Clang >= 4.0
- Arm Compiler >= 6.0
In addition, a native compiler is required to build the supporting tools.
.. note::
The software has also been built on Windows 7 Enterprise SP1, using CMD.EXE,
Cygwin, and Msys (MinGW) shells, using version 5.3.1 of the GNU toolchain.
.. note::
For instructions on how to select the cross compiler refer to
:ref:`Performing an Initial Build`.
.. _prerequisites_software_and_libraries:
Software and Libraries
----------------------
The following tools are required to obtain and build |TF-A|:
- An appropriate toolchain (see :ref:`prerequisites_toolchain`)
- GNU Make
- Git
The following libraries must be available to build one or more components or
supporting tools:
- OpenSSL >= 1.0.1
Required to build the cert_create tool.
The following libraries are required for Trusted Board Boot support:
- mbed TLS == 2.16.2 (tag: ``mbedtls-2.16.2``)
These tools are optional:
- Device Tree Compiler (DTC) >= 1.4.6
Needed if you want to rebuild the provided Flattened Device Tree (FDT)
source files (``.dts`` files). DTC is available for Linux through the package
repositories of most distributions.
- Arm `Development Studio 5 (DS-5)`_
The standard software package used for debugging software on Arm development
platforms and |FVP| models.
Package Installation (Linux)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you are using the recommended Ubuntu distribution then you can install the
required packages with the following command:
.. code:: shell
sudo apt install build-essential git libssl-dev
The optional packages can be installed using:
.. code:: shell
sudo apt install device-tree-compiler
Supporting Files
----------------
TF-A has been tested with pre-built binaries and file systems from `Linaro
Release 19.06`_. Alternatively, you can build the binaries from source using
instructions in :ref:`Performing an Initial Build`.
.. _prerequisites_get_source:
Getting the TF-A Source
-----------------------
Source code for |TF-A| is maintained in a Git repository hosted on
TrustedFirmware.org. To clone this repository from the server, run the following
in your shell:
.. code:: shell
git clone "https://review.trustedfirmware.org/TF-A/trusted-firmware-a" && (cd "trusted-firmware-a" && mkdir -p .git/hooks && curl -Lo `git rev-parse --git-dir`/hooks/commit-msg https://review.trustedfirmware.org/tools/hooks/commit-msg; chmod +x `git rev-parse --git-dir`/hooks/commit-msg)
This will clone the Git repository also install a *commit hook* that
automatically inserts appropriate *Change-Id:* lines at the end of your
commit messages. These change IDs are required when committing changes that you
intend to push for review via our Gerrit system.
You can read more about Git hooks in the *githooks* page of the Git documentation,
available at: https://git-scm.com/docs/githooks
Alternatively, you can clone without the commit hook using:
.. code:: shell
git clone "https://review.trustedfirmware.org/TF-A/trusted-firmware-a"
--------------
*Copyright (c) 2019, Arm Limited. All rights reserved.*
.. _Arm Developer website: https://developer.arm.com/open-source/gnu-toolchain/gnu-a/downloads
.. _Linaro Release Notes: https://community.arm.com/dev-platforms/w/docs/226/old-release-notes
.. _Linaro instructions: https://community.arm.com/dev-platforms/w/docs/304/arm-reference-platforms-deliverables
.. _Development Studio 5 (DS-5): https://developer.arm.com/products/software-development-tools/ds-5-development-studio
.. _Linaro Release 19.06: http://releases.linaro.org/members/arm/platforms/19.06
Building Supporting Tools
=========================
Building and using the FIP tool
-------------------------------
Firmware Image Package (FIP) is a packaging format used by TF-A to package
firmware images in a single binary. The number and type of images that should
be packed in a FIP is platform specific and may include TF-A images and other
firmware images required by the platform. For example, most platforms require
a BL33 image which corresponds to the normal world bootloader (e.g. UEFI or
U-Boot).
The TF-A build system provides the make target ``fip`` to create a FIP file
for the specified platform using the FIP creation tool included in the TF-A
project. Examples below show how to build a FIP file for FVP, packaging TF-A
and BL33 images.
For AArch64:
.. code:: shell
make PLAT=fvp BL33=<path-to>/bl33.bin fip
For AArch32:
.. code:: shell
make PLAT=fvp ARCH=aarch32 AARCH32_SP=sp_min BL33=<path-to>/bl33.bin fip
The resulting FIP may be found in:
::
build/fvp/<build-type>/fip.bin
For advanced operations on FIP files, it is also possible to independently build
the tool and create or modify FIPs using this tool. To do this, follow these
steps:
It is recommended to remove old artifacts before building the tool:
.. code:: shell
make -C tools/fiptool clean
Build the tool:
.. code:: shell
make [DEBUG=1] [V=1] fiptool
The tool binary can be located in:
::
./tools/fiptool/fiptool
Invoking the tool with ``help`` will print a help message with all available
options.
Example 1: create a new Firmware package ``fip.bin`` that contains BL2 and BL31:
.. code:: shell
./tools/fiptool/fiptool create \
--tb-fw build/<platform>/<build-type>/bl2.bin \
--soc-fw build/<platform>/<build-type>/bl31.bin \
fip.bin
Example 2: view the contents of an existing Firmware package:
.. code:: shell
./tools/fiptool/fiptool info <path-to>/fip.bin
Example 3: update the entries of an existing Firmware package:
.. code:: shell
# Change the BL2 from Debug to Release version
./tools/fiptool/fiptool update \
--tb-fw build/<platform>/release/bl2.bin \
build/<platform>/debug/fip.bin
Example 4: unpack all entries from an existing Firmware package:
.. code:: shell
# Images will be unpacked to the working directory
./tools/fiptool/fiptool unpack <path-to>/fip.bin
Example 5: remove an entry from an existing Firmware package:
.. code:: shell
./tools/fiptool/fiptool remove \
--tb-fw build/<platform>/debug/fip.bin
Note that if the destination FIP file exists, the create, update and
remove operations will automatically overwrite it.
The unpack operation will fail if the images already exist at the
destination. In that case, use -f or --force to continue.
More information about FIP can be found in the :ref:`Firmware Design` document.
.. _tools_build_cert_create:
Building the Certificate Generation Tool
----------------------------------------
The ``cert_create`` tool is built as part of the TF-A build process when the
``fip`` make target is specified and TBB is enabled (as described in the
previous section), but it can also be built separately with the following
command:
.. code:: shell
make PLAT=<platform> [DEBUG=1] [V=1] certtool
For platforms that require their own IDs in certificate files, the generic
'cert_create' tool can be built with the following command. Note that the target
platform must define its IDs within a ``platform_oid.h`` header file for the
build to succeed.
.. code:: shell
make PLAT=<platform> USE_TBBR_DEFS=0 [DEBUG=1] [V=1] certtool
``DEBUG=1`` builds the tool in debug mode. ``V=1`` makes the build process more
verbose. The following command should be used to obtain help about the tool:
.. code:: shell
./tools/cert_create/cert_create -h
--------------
*Copyright (c) 2019, Arm Limited. All rights reserved.*
......@@ -7,3 +7,8 @@ Performance & Testing
:numbered:
psci-performance-juno
tsp
--------------
*Copyright (c) 2019, Arm Limited. All rights reserved.*
Test Secure Payload (TSP) and Dispatcher (TSPD)
===============================================
Building the Test Secure Payload
--------------------------------
The TSP is coupled with a companion runtime service in the BL31 firmware,
called the TSPD. Therefore, if you intend to use the TSP, the BL31 image
must be recompiled as well. For more information on SPs and SPDs, see the
:ref:`firmware_design_sel1_spd` section in the :ref:`Firmware Design`.
First clean the TF-A build directory to get rid of any previous BL31 binary.
Then to build the TSP image use:
.. code:: shell
make PLAT=<platform> SPD=tspd all
An additional boot loader binary file is created in the ``build`` directory:
::
build/<platform>/<build-type>/bl32.bin
--------------
*Copyright (c) 2019, Arm Limited. All rights reserved.*
Arm Development Platform Build Options
======================================
Arm Platform Build Options
--------------------------
- ``ARM_BL31_IN_DRAM``: Boolean option to select loading of BL31 in TZC secured
DRAM. By default, BL31 is in the secure SRAM. Set this flag to 1 to load
BL31 in TZC secured DRAM. If TSP is present, then setting this option also
sets the TSP location to DRAM and ignores the ``ARM_TSP_RAM_LOCATION`` build
flag.
- ``ARM_CONFIG_CNTACR``: boolean option to unlock access to the ``CNTBase<N>``
frame registers by setting the ``CNTCTLBase.CNTACR<N>`` register bits. The
frame number ``<N>`` is defined by ``PLAT_ARM_NSTIMER_FRAME_ID``, which
should match the frame used by the Non-Secure image (normally the Linux
kernel). Default is true (access to the frame is allowed).
- ``ARM_DISABLE_TRUSTED_WDOG``: boolean option to disable the Trusted Watchdog.
By default, Arm platforms use a watchdog to trigger a system reset in case
an error is encountered during the boot process (for example, when an image
could not be loaded or authenticated). The watchdog is enabled in the early
platform setup hook at BL1 and disabled in the BL1 prepare exit hook. The
Trusted Watchdog may be disabled at build time for testing or development
purposes.
- ``ARM_LINUX_KERNEL_AS_BL33``: The Linux kernel expects registers x0-x3 to
have specific values at boot. This boolean option allows the Trusted Firmware
to have a Linux kernel image as BL33 by preparing the registers to these
values before jumping to BL33. This option defaults to 0 (disabled). For
AArch64 ``RESET_TO_BL31`` and for AArch32 ``RESET_TO_SP_MIN`` must be 1 when
using it. If this option is set to 1, ``ARM_PRELOADED_DTB_BASE`` must be set
to the location of a device tree blob (DTB) already loaded in memory. The
Linux Image address must be specified using the ``PRELOADED_BL33_BASE``
option.
- ``ARM_PLAT_MT``: This flag determines whether the Arm platform layer has to
cater for the multi-threading ``MT`` bit when accessing MPIDR. When this flag
is set, the functions which deal with MPIDR assume that the ``MT`` bit in
MPIDR is set and access the bit-fields in MPIDR accordingly. Default value of
this flag is 0. Note that this option is not used on FVP platforms.
- ``ARM_RECOM_STATE_ID_ENC``: The PSCI1.0 specification recommends an encoding
for the construction of composite state-ID in the power-state parameter.
The existing PSCI clients currently do not support this encoding of
State-ID yet. Hence this flag is used to configure whether to use the
recommended State-ID encoding or not. The default value of this flag is 0,
in which case the platform is configured to expect NULL in the State-ID
field of power-state parameter.
- ``ARM_ROTPK_LOCATION``: used when ``TRUSTED_BOARD_BOOT=1``. It specifies the
location of the ROTPK hash returned by the function ``plat_get_rotpk_info()``
for Arm platforms. Depending on the selected option, the proper private key
must be specified using the ``ROT_KEY`` option when building the Trusted
Firmware. This private key will be used by the certificate generation tool
to sign the BL2 and Trusted Key certificates. Available options for
``ARM_ROTPK_LOCATION`` are:
- ``regs`` : return the ROTPK hash stored in the Trusted root-key storage
registers. The private key corresponding to this ROTPK hash is not
currently available.
- ``devel_rsa`` : return a development public key hash embedded in the BL1
and BL2 binaries. This hash has been obtained from the RSA public key
``arm_rotpk_rsa.der``, located in ``plat/arm/board/common/rotpk``. To use
this option, ``arm_rotprivk_rsa.pem`` must be specified as ``ROT_KEY``
when creating the certificates.
- ``devel_ecdsa`` : return a development public key hash embedded in the BL1
and BL2 binaries. This hash has been obtained from the ECDSA public key
``arm_rotpk_ecdsa.der``, located in ``plat/arm/board/common/rotpk``. To
use this option, ``arm_rotprivk_ecdsa.pem`` must be specified as
``ROT_KEY`` when creating the certificates.
- ``ARM_TSP_RAM_LOCATION``: location of the TSP binary. Options:
- ``tsram`` : Trusted SRAM (default option when TBB is not enabled)
- ``tdram`` : Trusted DRAM (if available)
- ``dram`` : Secure region in DRAM (default option when TBB is enabled,
configured by the TrustZone controller)
- ``ARM_XLAT_TABLES_LIB_V1``: boolean option to compile TF-A with version 1
of the translation tables library instead of version 2. It is set to 0 by
default, which selects version 2.
- ``ARM_CRYPTOCELL_INTEG`` : bool option to enable TF-A to invoke Arm®
TrustZone® CryptoCell functionality for Trusted Board Boot on capable Arm
platforms. If this option is specified, then the path to the CryptoCell
SBROM library must be specified via ``CCSBROM_LIB_PATH`` flag.
For a better understanding of these options, the Arm development platform memory
map is explained in the :ref:`Firmware Design`.
.. _build_options_arm_css_platform:
Arm CSS Platform-Specific Build Options
---------------------------------------
- ``CSS_DETECT_PRE_1_7_0_SCP``: Boolean flag to detect SCP version
incompatibility. Version 1.7.0 of the SCP firmware made a non-backwards
compatible change to the MTL protocol, used for AP/SCP communication.
TF-A no longer supports earlier SCP versions. If this option is set to 1
then TF-A will detect if an earlier version is in use. Default is 1.
- ``CSS_LOAD_SCP_IMAGES``: Boolean flag, which when set, adds SCP_BL2 and
SCP_BL2U to the FIP and FWU_FIP respectively, and enables them to be loaded
during boot. Default is 1.
- ``CSS_USE_SCMI_SDS_DRIVER``: Boolean flag which selects SCMI/SDS drivers
instead of SCPI/BOM driver for communicating with the SCP during power
management operations and for SCP RAM Firmware transfer. If this option
is set to 1, then SCMI/SDS drivers will be used. Default is 0.
--------------
*Copyright (c) 2019, Arm Limited. All rights reserved.*
......@@ -78,3 +78,7 @@ Trusted Firmware-A made using the above make commands:
-C motherboard.flashloader1.fname=<path_to_fip.bin> \
--data cluster.cpu0=<path_to_zImage>@0x80080000 \
--data cluster.cpu0=<path_to_ramdisk>@0x84000000
--------------
*Copyright (c) 2019, Arm Limited. All rights reserved.*
This diff is collapsed.
Arm Development Platforms
=========================
.. toctree::
:maxdepth: 1
:caption: Contents
juno/index
fvp/index
fvp-ve/index
arm-build-options
This chapter holds documentation related to Arm's development platforms,
including both software models (FVPs) and hardware development boards
such as Juno.
--------------
*Copyright (c) 2019, Arm Limited. All rights reserved.*
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment