Nuvoton EN MA35D1 TF-A User manual

Brand: Nuvoton

Model: EN MA35D1 TF-A

Type: User manual

MA35D1

Nov. 29, 2022 Page 1 of 23 Rev 1.01

MA35D1 TF-A USER MANUAL

NuMicro® Family

Arm® Cortex®-A35- based Microprocessor

NuMicro® Family

MA35D1 TF-A

User Manual

The information described in this document is the exclusive intellectual property of

Nuvoton Technology Corporation and shall not be reproduced without permission from Nuvoton.

Nuvoton is providing this document only for reference purposes of NuMicro microprocessor based system

design. Nuvoton assumes no responsibility for errors or omissions.

All data and specifications are subject to change without notice.

For additional information or questions, please contact: Nuvoton Technology Corporation.

www.nuvoton.com

MA35D1 
 
Nov. 29, 2022  Page 2 of 23  Rev 1.01 
MA35D1 TF-A USER MANUAL 
Table of Contents  
OVERVIEW ...................................................................................................... 3 
TF-A CONFIGURATION .................................................................................. 4 
1 Boot Sequence .............................................................................................................. 4 
2 BL2................................................................................................................................... 4 
3 BL31 ................................................................................................................................ 4 
4 MA35D1 Platform Setting ............................................................................................. 5 
4.1 ma35d1.dtsi ....................................................................................................................... 5 
4.2 ma35d1_def.h ................................................................................................................... 8 
4.3 ma35d1_io_storage.c ...................................................................................................... 9 
4.4 platform.mk ...................................................................................................................... 10 
4.5 ma35d1_sip_svc.c .......................................................................................................... 11 
TF-A FEATURES ........................................................................................... 13 
1 System .......................................................................................................................... 13 
1.1 Memory ............................................................................................................................ 13 
1.2 Clock................................................................................................................................. 13 
1.3 PMIC Control ................................................................................................................... 14 
2 Power State .................................................................................................................. 14 
3 TZC-400 ........................................................................................................................ 15 
BUILD TF-A ................................................................................................... 17 
1 Build Procedure ........................................................................................................... 17 
1.1 Prerequisites ................................................................................................................... 17 
1.2 Build OP-TEE and U-Boot ............................................................................................. 17 
1.3 Build BL2 / BL31 / DTB / Firmware Image Package (FIP) ....................................... 18 
1.4 Build BL2 / BL31 / DTB / Firmware Image Package (FIP) with Certification ......... 19 
2 Execute TFA ................................................................................................................. 21 
2.1 Memory Map fip.bin ........................................................................................................ 21 
2.2 Load fip.bin from Boot Source ...................................................................................... 21 
REVISION HISTORY ..................................................................................... 22 
   

MA35D1

Nov. 29, 2022 Page 3 of 23 Rev 1.01

MA35D1 TF-A USER MANUAL

1 OVERVIEW

ARM Trusted Firmware (ATF) is the underlying firmware officially provided by ARM, which unifies the

ARM underlying interface standards, such as the power state control interface (Power Status Control

Interface, PSCI), secure boot requirements (Trusted Board Boot Requirements, TBBR), secure

monitor call (SMC) operations for switching between secure world status (SWS) and normal world

status (NWS), etc. ATF aims to unify the underlying operations of ARM so that the code can be reused

and ported easily.

This document describes how to build Trusted Firmware-A (TF-A) and run it with a tested set of other

software components using defined configurations on the Nuvoton MA35D1 development platform.

MA35D1

Nov. 29, 2022 Page 4 of 23 Rev 1.01

MA35D1 TF-A USER MANUAL

2 TF-A CONFIGURATION

The source code of ATF is divided into bl1, bl2, bl31, bl32, and bl33 parts. The parts bl1, bl2 and bl31

belong to fixed firmware, and bl32 and bl33 are used to load TEE OS and U-boot / Linux kernel

images respectively. The entire loading process can be configured as a safe boot mode, and each

image file will verify whether the electronic signature of the image file is legal before being loaded.

MA35D1 platform use the bl2 (bl2_at_el3), bl31, bl32, and bl33 parts.

2.1 Boot Sequence

Boot Rom -> BL2 -> BL31 -> BL32 -> BL31 -> BL33.

Boot ROM

Trusted Boot

FirmwareBL2

EL3 Runtime

FirmwareBL31

EL3 Runtime

FirmwareBL31

Secure-EL1

PayloadBL32

Non-Trusted

FirmwareBL33

Linux Kernel

Loading and

Authentication

External Hand-off

API

Internal Hand-off

API

EL3 Execution

Secure-EL1 Execution

EL1/EL2 Execution

Waiting

Running

PWR

Figure 2-1 Boot Sequence

2.2 BL2

BL2 is running in secure SRAM. In bl2, the image files of bl31, bl32, and bl33 will be loaded into the

memory of the corresponding permissions, and the description information of the three image files will

be formed into a linked list and saved, so that bl31 can start bl32 and bl33. In AArch64, bl31 is the

execution software of EL3, and its main function at runtime is to call (SMC) instructions and interrupt

processing in the security monitoring mode, running in the monitor mode of ARM.

bl32 is generally a TEE OS image file. MA35D1 platform takes OP-TEE as an example.

bl33 is an image file of the normal world state, such as u-boot, Linux kernel, etc.

2.3 BL31

BL31 is also running in secure SRAM. The runtime_svc_init function will be executed in bl31, which

will call the initialization function of all services registered in EL3. One of the services is the TEE

service. The initialization function of the service item will assign the initialization function of TEE OS to

the bl32_init variable. After all the service items are initialized, the function executed by bl32_init will

MA35D1

Nov. 29, 2022 Page 5 of 23 Rev 1.01

MA35D1 TF-A USER MANUAL

be called in bl31 to jump to the TEE OS and start the TEE OS.

When the TEE-OS image is started, a security monitoring mode call with ID

TEESMC_OPTEED_RETURN_ENTRY_DONE will be triggered. This call is used to inform the EL3

TEE OS image that the initialization has been completed, and then restore the CPU state to the

position of bl31_init to continue execution. bl31 traverses the linked list of all image information

recorded in bl2 to find the image of bl33 that needs to be executed. Then, by obtaining the information

of the bl33 image, set the CPU context of the next stage, exit el3 and enter the bl33 image to start

execution.

2.4 MA35D1 Platform Setting

The follow will describe MA35D1 platform setting in ATF. Build MA35D1 TFA will have three files:

bl2.bin, bl2.dtb and fip.bin

 bl2.bin: Trusted Boot-loader.

 bl2.dtb: bl2 device tree information.

 fip.bin: Firmware Image Package. It includes bl31.bin, op-tee, and u-boot.bin

2.4.1 ma35d1.dtsi

Provide the platform relative information into device tree. Common setting is in ma35d1.dtsi. Different

setting is in ma35d1-xxx.dts.

Clock

Here is the device node sample the describes the attribute of clock controller.

clk: clock-controller@40460200 {

“compatible” and “reg” has to set as following example, otherwise the driver cannot function properly.

compatible = "nuvoton,ma35d1-clk", "syscon", "simple-mfd";

reg = <0x00000000 0x40460200 0x0 0x100>;

There are 6 PLLs in MA35D1, following entries defines their default clock rate and clock switch.

assigned-clocks = <&clk capll>, <&clk syspll>,

<&clk ddrpll>, <&clk apll>,

<&clk epll>, <&clk vpll>;

assigned-clock-rates =<800000000>, <180000000>,

<266000000>, <200000000>,

<500000000>, <150000000>;

“lxt-enable” is used to enable 32.768 kHz external low speed crystal. “rtc-pwrctl-enable” is used to

enable RTC power control. “set-ph8-ph9-hight” is used to set PH.8 and PH.9 internal pull high.

lxt-enable = <1>;

rtc-pwrctl-enable = <1>;

set-ph8-ph9-hight = <0>;

DDR

Here is the device node sample the describes the attribute of DDR controller.

ddr: ddr-controller {

“compatible” has to set as following example, need select the correct DDR type, otherwise the

MA35D1

Nov. 29, 2022 Page 6 of 23 Rev 1.01

MA35D1 TF-A USER MANUAL

memory cannot function properly. It includes "wb-ddr3-256mb", "wb-ddr3-512mb", "mt-ddr3-1gb", "wb-

ddr2-128mb", " issi-ddr3-1gb" and "zentel-ddr3-1gb".

compatible = "wb-ddr3-256mb";

SSPCC

Here is the device node sample the describes the attribute of SSPCC.

sspcc: sspcc@404F0000 {

“compatible” must set to “nuvoton,ma35d1-sspcc”. Register base address of System Security

Peripheral Configuration Controller (SSPCC) is 0x404F0000.

compatible = "nuvoton,ma35d1-sspcc";

reg = <0x0 0x404F0000 0x0 0x1000>;

“config” is set all peripherals’ attribution. It includes NAND, SDH, UART, Timer, SPI, Crypto, … etc.

TZS (secure), TZNS (non-secure), or SUBM (M4). All peripherals are defined in the

plat/nuvoton/ma35d1/includes/sspcc.h. All peripherals need to change its attribute should be list here.

Other peripherals remaining their default attribute can be omitted.

config = <UART0_TZNS>,

<SDH0_TZNS>,

<SDH1_TZNS>,

<NAND_TZNS>,

<QSPI0_TZNS>,

<CRYPTO_TZNS>,

<WDTWWDT1_TZNS>,

<HSUSBD_TZNS>,

<PDMA0_TZNS>,

<PDMA1_TZNS>,

<TIMER01_TZNS>,

<UART16_SUBM>,

<TRNG_TZNS>;

“gpio_s” is set all GPIO’s attribution. S (secure), NS (non-secure), or SUBM (M4). All GPIO are

defined in the plat/nuvoton/ma35d1/includes/sspcc.h. All GPIO need to change its attribute should be

list here. Other GPIO remaining their default attribute can be omitted

gpio_s = <PD6_S>,

<PD7_S>;

NAND

Here is the device node sample that describes the attribute of NAND interface.

nand: nand@401A0000 {

“compatible” should set to “nuvoton,ma35d1-nand”.

compatible = "nuvoton,ma35d1-nand";

The remaining attributes are: The “nand-ecc-strength” can be 8, 12, or 24. The value should set

according to the NAND flash’s requirement. “nand-ecc-step-size” is 512 for T8, T12 and 1024 for T24.

“nand-page-size”, “nand-oob-size”, “nand-page-count”, and “nand-block-count” should set according to

MA35D1

Nov. 29, 2022 Page 7 of 23 Rev 1.01

MA35D1 TF-A USER MANUAL

the NAND flash. “nand-page-size” can be 2048, 4096, or 8192. “nand-oob-size” is redundant area of

one page. “nand-page-count” is page count per block. “nand-block-count” is total block count of

NAND.

nand-ecc-strength = <8>;

nand-ecc-step-size = <512>;

nand-page-size = <2048>;

nand-oob-size = <64>;

nand-page-count = <64>;

nand-block-count = <8192>;

“nand-image-offset” is the fip.bin position of the NAND flash. The value must be multiple of block size.

nand-image-offset = <0x100000>;

SDHC

Here introduce the device tree node describes the attribute of MA35D1 SDHC controller.

sdhci0: sdhci@40180000 {

“compatible” must set to “snps,dwcmshc-sdhci”.

compatible = "snps,dwcmshc-sdhci0";

“mmc-image-offset” is the fip.bin position of the SD/eMMC. The value must be multiple of block size.

Block size is 512 bytes.

mmc-image-offset = <0xC0000>;

QSPI

Below is the QSPI device node in device tree.

qspi0: qspi@40680000 {

“compatible” should set to "nuvoton,ma35d1-qspi".

compatible = "nuvoton,ma35d1-qspi";

“spi-image-offset” is the fip.bin position of the SPI flash. The value must be multiple of block size.

spi-image-offset = <0x100000>;

“spi-quad-read-cmd” should set the quad read command. “spi-status-read-cmd”, “spi-status-write-

cmd”, and “spi-status” use to enter the quad mode. These values should set according to the SPI

flash.

spi-quad-read-cmd = <0x6B>;

spi-status-read-cmd = <0x05>;

spi-status-write-cmd = <0x01>;

spi-status = <0x02>;

“spi-dummy1” is the dummy byte count between command and address. “spi-dummy2” is the dummy

bytes count between address and data. These values should set according to the SPI flash.

spi-dummy1 = <0>;

spi-dummy2 = <0x01>;

“spi-suspend-interval” provide suspend interval between two successive transmit/receive transaction in a

transfer. The range is 0 ~ 15.

MA35D1

Nov. 29, 2022 Page 8 of 23 Rev 1.01

MA35D1 TF-A USER MANUAL

spi-suspend-interval = <0x01>;

“spinand-page-size”, “spinand-oob-size”, “spinand-page-count”, and “spinand-block-count” should set

according to the SPI-NAND flash. “spinand-page-size” is the page size. “spinand-oob-size” is

redundant area of one page. “spinand-page-count” is page count per block. “spinand-block-count” is

total block count of SPI-NAND.

spinand-page-size = <2048>;

spinand-oob-size = <64>;

spinand-page-count = <64>;

spinand-block-count = <4096>;

2.4.2 ma35d1_def.h

The file location of ma35d1_def.h is in plat/nuvoton/ma35d1/ folder. All image base, IP register base,

and MMU region are defined in this header file.

 #define: BL2_BASE

Defines the base address in secure RAM where IBR loads the BL2 binary image. Must be aligned on

a page-size boundary. It must in secure RAM. It is recommended to set at Secure SRAM.

 #define: BL2_LIMIT

Defines the maximum address in secure RAM that the BL2 image can occupy.

#define MA35D1_BL2_BASE U(0x28000000)

#define MA35D1_BL2_SIZE U(0x00023000)

#define MA35D1_DTB_BASE U(0x28023000)

#define MA35D1_DTB_SIZE U(0x00002000)

#define BL2_BASE MA35D1_BL2_BASE

#define BL2_LIMIT (MA35D1_BL2_BASE + MA35D1_BL2_SIZE)

#define DTB_BASE MA35D1_DTB_BASE

#define DTB_LIMIT (MA35D1_DTB_BASE + MA35D1_DTB_SIZE)

 #define: BL31_BASE

Defines the base address in secure RAM where BL2 loads the BL31 binary image. Must be aligned on

a page-size boundary. Runtime firmware needs process the SMC. It is recommended to set at Secure

SRAM.

 #define: BL31_LIMIT

Defines the maximum address in secure RAM that the BL31 image can occupy.

Note: the address 0x2803F000 ~ 0x2803FFFF is reserved to MA35D1 IBR.

#define MA35D1_BL31_BASE U(0x28025000)

#define MA35D1_BL31_SIZE U(0x0001A000)

#define BL31_BASE MA35D1_BL31_BASE

#define BL31_LIMIT (MA35D1_BL31_BASE + MA35D1_BL31_SIZE)

 #define: BL32_BASE

Defines the base address in secure memory where BL2 loads the BL32 binary image. In MA35D1

platform, BL32 is OP-TEE. The base address is set at secure DDR 0x8f800000. The BL32 base

MA35D1

Nov. 29, 2022 Page 9 of 23 Rev 1.01

MA35D1 TF-A USER MANUAL

address is defined in platform.mk.

 #define: BL32_LIMIT

Defines the maximum address that the BL32 image can occupy.

#define MA35D1_BL32_SIZE U(0x00200000)

#define BL32_BASE MA35D1_BL32_BASE

#define BL32_LIMIT (MA35D1_BL32_BASE + MA35D1_BL32_SIZE)

 #define: BL33_BASE

Defines the base address in non-secure memory where BL2 loads the BL33 binary image. In MA35D1

platform, BL33 is u-boot. The base address is set at non-secure DDR 0x85500000.

 #define: BL33_LIMIT

Defines the maximum address that the BL33 image can occupy.

#define MA35D1_BL33_BASE U(0x85500000)

#define MA35D1_BL33_SIZE U(0x00200000)

#define BL33_BASE MA35D1_BL33_BASE

#define BL33_LIMIT (MA35D1_BL33_BASE + MA35D1_BL33_SIZE)

Defines the buffer address for BL2 to load fip.bin from boot storage.

#define MA35D1_DDR_BASE U(0x80000000)

#define MA35D1_DDR_MAX_SIZE U(0x10000000) /* 256MB */

#define MA35D1_FIP_SIZE 0x00200000

#define MA35D1_FIP_BASE U(0x86000000)

#define MA35D1_FIP_LIMIT (MA35D1_FIP_BASE + MA35D1_FIP_SIZE)

Defines some regions for MMU. Registers, Secure Memory, and Non-Secure Memory.

MA35D1 peripheral registers map at 0x40000000 ~ 0x5FFFFFFF.

#define MA35D1_REG_BASE U(0x40000000)

#define MA35D1_REG_SIZE U(0x20000000)

Defines the secure memory base from 0x8f800000 to 0x8fffffff. The base address could set according

to the DDR size. The OP-TEE should in this range.

#define MA35D1_DRAM_S_BASE U(0x8f800000)

#define MA35D1_DRAM_S_SIZE U(0x00800000)

Defines the non-secure memory base from 0x80000000 to 0x8f7fffff. The base address could set

according to the DDR size.

#define MA35D1_DRAM_BASE U(0x80000000)

#define MA35D1_DRAM_SIZE U(0x0f800000)

2.4.3 ma35d1_io_storage.c

The file location of ma35d1_io_storage.c is in plat/nuvoton/ma35d1/ folder. If the system not define

NVT_FIP_MMAP, it will read power-on-setting and load image from boot source. Load fip.bin to

MA35D1

Nov. 29, 2022 Page 10 of 23 Rev 1.01

MA35D1 TF-A USER MANUAL

memory directly is only for debug use.

#define NVT_FIP_MMAP

#ifndef NVT_FIP_MMAP

static const io_dev_connector_t *backend_dev_con;

static uintptr_t backend_dev_handle;

static io_block_spec_t fip_block_spec = {

.length = MA35D1_FIP_SIZE

};

#else

static const io_dev_connector_t *memmap_dev_con;

static uintptr_t memmap_dev_handle;

static const io_block_spec_t fip_block_spec = {

.offset = MA35D1_FIP_BASE,

.length = MA35D1_FIP_SIZE

};

#endif

2.4.4 platform.mk

The file location of platform.mk is in plat/nuvoton/ma35d1/ folder. This file is the makefile of ma35d1

platform.

For debug, user can define the follow build options.

# Build option to add debugfs support

USE_DEBUGFS := 1

DEBUG := 1

LOG_LEVEL := 40

DEBUG: Chooses between a debug and release build. It can take either 0 (release) or 1 (debug) as

values. 0 is the default.

LOG_LEVEL: Chooses the log level, which controls the amount of console log output compiled into

the build. This should be one of the following:

 (LOG_LEVEL_NONE)

 10 (LOG_LEVEL_NOTICE)

 20 (LOG_LEVEL_ERROR)

 30 (LOG_LEVEL_WARNING)

 40 (LOG_LEVEL_INFO)

 50 (LOG_LEVEL_VERBOSE)

All log output up to and including the log level is compiled into the build. The default value is 40 in

debug builds and 20 in release builds

MA35D1

Nov. 29, 2022 Page 11 of 23 Rev 1.01

MA35D1 TF-A USER MANUAL

Define the TRUSTED_BOARD_BOOT to protect the images. User can select RSA or ECDSA to do

certification. Before doing certificate, download mbedTLS 2.18 first. mbedTLS will supports crypto and

authentication functions.

# Flags to build TF with Trusted Boot support

TRUSTED_BOARD_BOOT := 0

NVT_USE_RSA := 0

NVT_USE_ECDSA := 1

RSA function: use openssl to generate private key and calculate hash. Default key size is 2048 bytes.

openssl genrsa 2048 > $@ 2>/dev/null; \

$(Q)openssl rsa -in $< -pubout -outform DER 2>/dev/null |\

openssl dgst -sha256 -binary > $@ 2>/dev/null

ECDSA function: use openssl to generate private key and calculate hash. The curve is SECP256R1

openssl ecparam -name secp256r1 -genkey -noout > $@ 2>/dev/null; \

$(Q)openssl ec -in $< -pubout -outform DER 2>/dev/null |\

openssl dgst -sha256 -binary > $@ 2>/dev/null

2.4.5 ma35d1_sip_svc.c

The file location of ma35d1_sip_svc.c is in plat/nuvoton/ma35d1/ folder. TF-A supports the Arm SiP

(Silicon Provider) services. SiP services are non-standard, platform-specific services offered by the

silicon implementer or platform provider. They are accessed via SMC (“SMC calls”) instruction

executed from Exception Levels below EL3. Customer can define self SMC function IDs. The SiP

range is between 0xc2000000 ~ 0xc200ffff for 64-bit. In MA35D1 platform, it defines the five SMC IDs.

#define SIP_SVC_PMIC 0xC2000008

#define SIP_CPU_CLK 0xC2000009

#define SIP_SET_EPLL 0xC200000A

#define SIP_LOW_SPEED 0xC200000B

#define SIP_SVC_VERSION 0xC200000F

The sip_smc_handler() routine is responsible for SiP SMC call service.

* This function is responsible for handling all SiP calls from the NS world

uintptr_t sip_smc_handler(uint32_t smc_fid,

u_register_t x1,

u_register_t x2,

u_register_t x3,

u_register_t x4,

void *cookie,

MA35D1

Nov. 29, 2022 Page 12 of 23 Rev 1.01

MA35D1 TF-A USER MANUAL

void *handle,

u_register_t flags)

{

switch (smc_fid) {

case SIP_SVC_PMIC:

/* Return the number of ma35d1 SiP Service Calls. */

volt = (uint32_t)x2;

if(volt==0)

volt = ma35d1_get_pmic(x1);

else {

if(volt!=ma35d1_get_pmic(x1))

ma35d1_set_pmic(x1,x2);

}

SMC_RET1(handle,volt);

case SIP_CPU_CLK:

if((uint32_t)x1 == CPU_1000MHZ) CPU_CLK = CPU_PLL_1G;

else if((uint32_t)x1 == CPU_700MHZ) CPU_CLK = CPU_PLL_700;

else if((uint32_t)x1 == CPU_500MHZ) CPU_CLK = CPU_PLL_500;

rev = ma35d1_change_pll(CPU_CLK);

if (rev == 1) {

WARN("Set CPU clock Fail !!\n");

}

SMC_RET1(handle, rev);

default:

return ma35d1_plat_sip_handler(smc_fid, x1, x2, x3, x4,

cookie, handle, flags);

};

}

MA35D1

Nov. 29, 2022 Page 13 of 23 Rev 1.01

MA35D1 TF-A USER MANUAL

3 TF-A FEATURES

3.1 System

3.1.1 Memory

The following diagram is the Memory Map of TFA. BL2 and BL31 are put at embedded SRAM. BL32

and BL33 are put at DDR. The base address setting could be modified in ma35d1_def.h. Please

reference 2.4.2 ma35d1_def.h

BL2

BL31

BL2 DTB

0x0000_0000

0x2400_0000

0x2800_0000

0x2802_3000

0x2802_5000

0x2804_0000

0x4000_0000

0x5000_0000

0x6000_0000

BL33

...

BL32

0x8000_0000

0x8F80_0000

0x8FFF_FFFF

Secure RAM (DDR)

Non-secure RAM (DDR)

Boot Rom, GIC

Peripheral

Embedded SRAM

Figure 3-3-1 TFA Memory Map

3.1.2 Clock

TFA will set the CPU-PLL, SYS-PLL, DDR-PLL and E-PLL. The supported clock is list as follow. User

can set it by device-node (Please refer to 2.4.1.1).

Option 1

Option 2

Option 3

CA-PLL

1000 MHz

800 MHz

700 MHz

SYS-PLL

180 MHz

DDR-PLL

266 MHz

E-PLL

500 MHz

MA35D1

Nov. 29, 2022 Page 14 of 23 Rev 1.01

MA35D1 TF-A USER MANUAL

3.1.3 PMIC Control

MA35D1 CPU and SD may have to control the voltage for high speed. In the MA35D1 platform, now

select DA9062 or IP6103 for power management integrated circuit (PMIC) and use I2C0 to control it.

BULK2 is for CPU; BULK4 is for SD/eMMC.

CPU core power default is 1.2v. If the system needs to run 1GHz, the core power should set to 1.30v.

SD/eMMC high speed mode, the voltage should set to 1.8v. MA35D1 platform prepare the API –

ma35d1_set_pmic() – for user to set the PMIC.

/* CA-PLL */

…

switch (clock) {

case 1000000000: /* 1.302V */

/* set the voltage VDD_CPU first */

if (ma35d1_set_pmic(VOL_CPU, VOL_1_30))

INFO("CA-PLL is %d Hz\n", clock);

else

WARN("CA-PLL is %d Hz without PSCI setting.\n", clock);

index = 0;

break;

…

};

/* SD/eMMC setting */

if (ma35d1_set_pmic(VOL_SD, VOL_1_80)) {

INFO("Set 1.8v OK\n");

}

3.2 Power State

TF-A provides Power State Coordination Interface (PSCI). This Power State Coordination Interface

(PSCI) defines a standard interface for power management that can be used by operating system

vendors, for supervisory software working at different levels of privilege on an ARM device. Rich

operating system, like Linux, use PSCI for CPU and overall system power management. The Linux

calls the SMC to TFA to switch the power state. The psci_smc_handler() will handle all power states.

MA35D1 platform supports the follow power functions.

plat_psci_ops_t plat_arm_psci_pm_ops = {

.cpu_standby = ma35d1_cpu_standby,

.pwr_domain_on = ma35d1_pwr_domain_on,

.pwr_domain_off = ma35d1_pwr_domain_off,

.validate_ns_entrypoint = ma35d1_validate_ns_entrypoint,

.pwr_domain_suspend = ma35d1_pwr_domain_suspend,

.pwr_domain_on_finish = ma35d1_pwr_domain_on_finish,

MA35D1

Nov. 29, 2022 Page 15 of 23 Rev 1.01

MA35D1 TF-A USER MANUAL

.pwr_domain_suspend_finish = ma35d1_pwr_domain_suspend_finish,

.system_off = ma35d1_system_off,

.system_reset = ma35d1_system_reset,

.validate_power_state = ma35d1_validate_power_state,

.pwr_domain_pwr_down_wfi = ma35d1_pwr_domain_pwr_down_wfi,

.get_sys_suspend_power_state = ma35d1_get_sys_suspend_power_state,

};

3.3 TZC-400

TF-A provides TZC-400 to configure Secure/Non-Secure RW access. The CoreLink TZC-400

TrustZone Address Space Controller (TZC-400) is an AMBA compliant System-on-Chip (SoC)

peripheral. It performs security checks on transactions to memory or peripherals. You can use the

TZC-400 to create up to eight separate regions in the address space, each with an individual security

level setting. Any transactions must meet the security requirements to gain access to the memory or

peripheral. You can program the base address, top address, enable, and security parameters for each

region.

MA35D1 platform configure the Region1 to all secure/ non-secure / CM4 peripherals can access

0x80000000 ~ 0x8fffffff, Region2 only secure peripherals can access 0x8f800000 ~ 0x8fffffff. The

setting is as follow.

#define PLAT_ARM_TZC_NS_DEV_ACCESS ( \

TZC_REGION_ACCESS_RDWR(MA35D1_NSAID_TZNS) | \

TZC_REGION_ACCESS_RDWR(MA35D1_NSAID_SUBM))

static void init_tzc400(void)

{

#ifdef MA35D1_LOAD_BL32

unsigned long long ddr_s_size = MA35D1_DDR_MAX_SIZE - MA35D1_DRAM_SIZE;

#endif

/* TZC2 */

…

/* TZC0 */

tzc400_init(MA35D1_TZC0_BASE);

tzc400_disable_filters();

/* Region 1 set to cover Non-Secure DRAM at 0x8000_0000 */

tzc400_configure_region(MA35D1_FILTER_BIT_ALL, 1,

MA35D1_DDR_BASE,

MA35D1_DDR_BASE +

(MA35D1_DDR_MAX_SIZE - 1U),

TZC_REGION_S_NONE,

PLAT_ARM_TZC_NS_DEV_ACCESS);

/* Raise an exception if a NS device tries to access secure memory */

tzc400_set_action(TZC_ACTION_ERR);

tzc400_enable_filters();

MA35D1

Nov. 29, 2022 Page 16 of 23 Rev 1.01

MA35D1 TF-A USER MANUAL

#ifdef MA35D1_LOAD_BL32

/* TZC2 */

…

/* TZC0 */

tzc400_init(MA35D1_TZC0_BASE);

tzc400_disable_filters();

/* Region 2 set to cover Secure DRAM at 0x8f80_0000 */

tzc400_configure_region(MA35D1_FILTER_BIT_ALL, 2,

MA35D1_DRAM_S_BASE,

MA35D1_DRAM_S_BASE +

(ddr_s_size - 1U),

TZC_REGION_S_RDWR,

0);

/* Raise an exception if a NS device tries to access secure memory */

tzc400_set_action(TZC_ACTION_ERR);

tzc400_enable_filters();

#endif

}

MA35D1

Nov. 29, 2022 Page 17 of 23 Rev 1.01

MA35D1 TF-A USER MANUAL

4 BUILD TF-A

4.1 Build Procedure

4.1.1 Prerequisites

Toolchain:

TFA can be built with any of the following cross-compiler toolchains that target the Armv8-A

architectures:

 GCC >= 9.2-2019.12 (from the Arm Developer website)

 Clang >= 4.0

 Arm Compiler >= 6.0

Software:

 An appropriate toolchain

 GNU Make

 Git

Libraries

 OpenSSL >= 1.0.1

Required to build the cert_create tool.

 mbed TLS == 2.18.0 (tag: mbedtls-2.18.0)

These libraries are required for Trusted Board Boot support

 Device Tree Compiler (DTC) >= 1.4.6

Needed to rebuild the provided Flattened Device Tree (FDT) source files (.dts files). DTC

is available for Linux through the package repositories of most distributions.

4.1.2 Build OP-TEE and U-Boot

Please reference UM_EN_MA35D1_OP-TEE.docx and UM_EN_MA35D1_U-boot.docx.

Copy the OP-TEE (tee-header_v2.bin, tee-pager_v2.bin) and u-boot.bin to fiptool_images folder.

MA35D1

Nov. 29, 2022 Page 18 of 23 Rev 1.01

MA35D1 TF-A USER MANUAL

Figure 4-1 BL32 and BL33 Files

4.1.3 Build BL2 / BL31 / DTB / Firmware Image Package (FIP)

Firmware Image Package (FIP) is a packaging format used by TF-A to package firmware images in a

single binary. The number and type of images that should be packed in a FIP is platform specific and

may include TF-A images and other firmware images required by the platform. For example, most

platforms require a BL33 image which corresponds to the normal world bootloader (e.g. U-Boot).

It is recommended to remove old artifacts before building.

$ make realclean

If no need BL32 (OP-TEE), set the follow options.

$ CROSS_COMPILE=aarch64-linux-gnu- make PLAT=ma35d1 \

NEED_BL31=yes bl31 BL33=fiptool_images/u-boot.bin all fip

The terminal shows the following message.

Built build/ma35d1/release/bl2.bin successfully

OD build/ma35d1/release/bl2/bl2.dump

CPP fdts/bl2.dts

DTC fdts/bl2.dts

HOSTCC fiptool.c

HOSTCC tbbr_config.c

HOSTLD fiptool

Built fiptool successfully

EL3 Runtime Firmware BL31: offset=0x88, size=0xA181, cmdline="--soc-fw"

Non-Trusted Firmware BL33: offset=0xA209, size=0x621CF, cmdline="--nt-fw"

Built build/ma35d1/release/fip.bin successfully

Build all images. It includes BL2, BL31, BL32 and BL33.

$ CROSS_COMPILE=aarch64-linux-gnu- make PLAT=ma35d1 \

NEED_BL31=yes bl31 NEED_BL32=yes BL32=fiptool_images/tee-header_v2.bin \

BL32_EXTRA1=fiptool_images/tee-pager_v2.bin BL33=fiptool_images/u-boot.bin \

all fip

The terminal shows the following message.

Built build/ma35d1/release/bl2.bin successfully

OD build/ma35d1/release/bl2/bl2.dump

CPP fdts/bl2.dts

DTC fdts/bl2.dts

HOSTCC fiptool.c

HOSTCC tbbr_config.c

HOSTLD fiptool

Built fiptool successfully

MA35D1

Nov. 29, 2022 Page 19 of 23 Rev 1.01

MA35D1 TF-A USER MANUAL

EL3 Runtime Firmware BL31: offset=0xD8, size=0xC181, cmdline="--soc-fw"

Secure Payload BL32 (Trusted OS): offset=0xC259, size=0x1C, cmdline="--tos-fw"

Secure Payload BL32 Extra1 (Trusted OS Extra1): offset=0xC275, size=0x66820,

cmdline="--tos-fw-extra1"

Non-Trusted Firmware BL33: offset=0x72A95, size=0x621CF, cmdline="--nt-fw"

Built build/ma35d1/release/fip.bin successfully

4.1.4 Build BL2 / BL31 / DTB / Firmware Image Package (FIP) with Certification

Trusted Board Boot primarily feature is Image Authentication, described in Trusted Board Boot.

Openssl built the key.

OPENSSL build/ma35d1/release/rot_key.pem

NOTICE: CoT Generation Tool: Built : 15:28:31, Feb 4 2021

NOTICE: Target platform: TBBR Generic

NOTICE: Creating new key for 'Trusted World key'

NOTICE: Creating new key for 'Non Trusted World key'

NOTICE: Creating new key for 'SCP Firmware Content Certificate key'

NOTICE: Creating new key for 'SoC Firmware Content Certificate key'

NOTICE: Creating new key for 'Trusted OS Firmware Content Certificate key'

NOTICE: Creating new key for 'Non Trusted Firmware Content Certificate key'

Built certificates successfully

Certificates can be found in ./build/ma35d1/release

If no need BL32 (OP-TEE), set the follow options.

$ CROSS_COMPILE=aarch64-linux-gnu- make PLAT=ma35d1 TRUSTED_BOARD_BOOT=1 \

NEED_BL31=yes bl31 BL33=fiptool_images/u-boot.bin certificates all fip

The terminal shows the following message.

Built build/ma35d1/release/bl2.bin successfully

OD build/ma35d1/release/bl2/bl2.dump

CPP fdts/bl2.dts

DTC fdts/bl2.dts

HOSTCC fiptool.c

HOSTCC tbbr_config.c

HOSTLD fiptool

Built fiptool successfully

EL3 Runtime Firmware BL31: offset=0x150, size=0xA181, cmdline="--soc-fw"

Non-Trusted Firmware BL33: offset=0xA2D1, size=0x621CF, cmdline="--nt-fw"

Trusted key certificate: offset=0x6C4A0, size=0x284, cmdline="--trusted-key-cert"

SoC Firmware key certificate: offset=0x6C724, size=0x21C, cmdline="--soc-fw-key-

cert"

MA35D1

Nov. 29, 2022 Page 20 of 23 Rev 1.01

MA35D1 TF-A USER MANUAL

Non-Trusted Firmware key certificate: offset=0x6C940, size=0x22C, cmdline="--nt-

fw-key-cert"

SoC Firmware content certificate: offset=0x6CB6C, size=0x243, cmdline="--soc-fw-

cert"

Non-Trusted Firmware content certificate: offset=0x6CDAF, size=0x253, cmdline="--

nt-fw-cert"

Built build/ma35d1/release/fip.bin successfully

Build all images. It includes BL2, BL31, BL32 and BL33.

$ CROSS_COMPILE=aarch64-linux-gnu- make PLAT=ma35d1 TRUSTED_BOARD_BOOT=1 \

NEED_BL31=yes bl31 NEED_BL32=yes BL32=fiptool_images/tee-header_v2.bin \

BL32_EXTRA1=fiptool_images/tee-pager_v2.bin BL33=fiptool_images/u-boot.bin \

certificates all fip

The terminal shows the following message.

Built build/ma35d1/release/bl2.bin successfully

OD build/ma35d1/release/bl2/bl2.dump

CPP fdts/bl2.dts

DTC fdts/bl2.dts

HOSTCC fiptool.c

HOSTCC tbbr_config.c

HOSTLD fiptool

Built fiptool successfully

EL3 Runtime Firmware BL31: offset=0x1F0, size=0xC181, cmdline="--soc-fw"

Secure Payload BL32 (Trusted OS): offset=0xC371, size=0x1C, cmdline="--tos-fw"

Secure Payload BL32 Extra1 (Trusted OS Extra1): offset=0xC38D, size=0x66820,

cmdline="--tos-fw-extra1"

Non-Trusted Firmware BL33: offset=0x72BAD, size=0x621CF, cmdline="--nt-fw"

Trusted key certificate: offset=0xD4D7C, size=0x283, cmdline="--trusted-key-cert"

SoC Firmware key certificate: offset=0xD4FFF, size=0x21D, cmdline="--soc-fw-key-

cert"

Trusted OS Firmware key certificate: offset=0xD521C, size=0x22B, cmdline="--tos-

fw-key-cert"

Non-Trusted Firmware key certificate: offset=0xD5447, size=0x22E, cmdline="--nt-

fw-key-cert"

SoC Firmware content certificate: offset=0xD5675, size=0x245, cmdline="--soc-fw-

cert"

Trusted OS Firmware content certificate: offset=0xD58BA, size=0x2E1, cmdline="--

tos-fw-cert"

Non-Trusted Firmware content certificate: offset=0xD5B9B, size=0x255, cmdline="--

nt-fw-cert"

Built build/ma35d1/release/fip.bin successfully

Page is loading ...

Nuvoton EN MA35D1 TF-A User manual

Nuvoton EN MA35D1 TF-A User manual

Nuvoton EN MA35D1 TF-A User manual

Related papers

Other documents