3.8. ARM Trusted Firmware-AΒΆ

Overview

Trusted Firmware-A (TF-A) provides a reference implementation of secure world software for Armv7-A and Armv8-A, including a Secure Monitor executing at Exception Level 3 (EL3).

ATF is used as the initial start code on ARMv8-A cores for all K3 platforms. After setting up the initial core state and applying any needed errata fixes it sets up itself as the EL3 monitor handler. Following that, it installs the secure world software (OP-TEE) and passes execution on to either the Linux kernel or U-Boot in the non-secure world.


Getting the ATF Source Code

The pre-built TF-A binary should be packaged in TI Processor SDK: <path-to-processor-sdk>/board-support/prebuilt-images/<optional-build-machine-name>/bl31.bin. Use this binary since it has been tested with TI Processor SDK.

If it is not possible to use pre-build binary, use the following:

$ git clone https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git
$ git checkout <hash>

Where <hash> is the commit shown here: TF-A.


Setting up the toolchain paths

Refer to Yocto-built SDK Toolchains section to use the toolchain packaged in the Processor SDK (recommended).

Refer to ARM toolchains to download and setup ARM toolchains, if the Processor SDK is not used.

In either of the above setups, the build commands in the next section will assume the below variables are set appropriately.

  • CROSS_COMPILE_64

Building ATF

Without Low Power Modes enabled:

$ export TFA_DIR=<path-to-arm-trusted-firmware>
$ cd $TFA_DIR
$ make ARCH=aarch64 CROSS_COMPILE="$CROSS_COMPILE_64" PLAT=k3 TARGET_BOARD=lite SPD=opteed

Default load locations

+---------------------------+------------+
| ATF image                 | 0x701c0000 |
+---------------------------+------------+
| OP-TEE image              | 0x9e800000 |
+---------------------------+------------+
| U-Boot/Linux kernel image | 0x80080000 |
+---------------------------+------------+
| DTB                       | 0x82000000 |
+---------------------------+------------+

To change the default load address of these binaries, an address has to be changed in several source trees. The following is an example for AM64x family devices. Other family devices might not at the moment have binman dtsi files associated with them but they could in the future.

+-----------------------------------------------------+------------------+-----------------------+---------------------+---------------+-------------------+----------+----------------------------------------+
| Source                                              | ATF              | OPTEE                 |  A53 SPL            | A53 U-Boot    | DTB               | kernel   | Comments                               |
+=====================================================+==================+=======================+=====================+===============+===================+==========+========================================+
| <atf>/plat/ti/k3/board/lite/board.mk                |                  | BL32_BASE             | PRELOADED_BL33_BASE |               | K3_HW_CONFIG_BASE |          | Change K3_HW_CONFIG_BASE for           |
|                                                     |                  |                       |                     |               |                   |          | u-boot a53 skip case                   |
+-----------------------------------------------------+------------------+-----------------------+---------------------+---------------+-------------------+----------+----------------------------------------+
| <optee>/core/arch/arm/plat-k3/conf.mk               |                  | CFG_TZDRAM_START      |                     |               |                   |          |                                        |
+-----------------------------------------------------+------------------+-----------------------+---------------------+---------------+-------------------+----------+----------------------------------------+
| <uboot>/configs/am64x_evm_r5_defconfig              | K3_ATF_LOAD_ADDR |                       |                     |               |                   |          |                                        |
+-----------------------------------------------------+------------------+-----------------------+---------------------+---------------+-------------------+----------+----------------------------------------+
| <uboot>/configs/am64x_evm_a53_defconfig             |                  |                       | SPL_TEXT_BASE       | SYS_TEXT_BASE |                   |          | SYS_TEXT_BASE can be set in defconfig, |
|                                                     |                  |                       |                     |               |                   |          | has default value in Kconfig           |
+-----------------------------------------------------+------------------+-----------------------+---------------------+---------------+-------------------+----------+----------------------------------------+
| <uboot/linux>/arch/arm/dts/k3-am642*.dts files      |                  | reserved-memory nodes |                     |               |                   |          |                                        |
+-----------------------------------------------------+------------------+-----------------------+---------------------+---------------+-------------------+----------+----------------------------------------+
| <uboot>/arch/arm/dts/k3-am642-evm-binman.dtsi file  |                  | tee nodes             | uboot nodes         | uboot nodes   |                   |          |                                        |
+-----------------------------------------------------+------------------+-----------------------+---------------------+---------------+-------------------+----------+----------------------------------------+
| <uboot>/include/configs/ti_armv7_common.h           |                  |                       |                     |               | fdtaddr           | loadaddr | If not defined here, u-boot            |
|                                                     |                  |                       |                     |               |                   |          | will pick any adress                   |
+-----------------------------------------------------+------------------+-----------------------+---------------------+---------------+-------------------+----------+----------------------------------------+
| uEnv.txt                                            |                  |                       |                     |               | fdtaddr           | loadaddr | Overwrite the u-boot environment       |
|                                                     |                  |                       |                     |               |                   |          | variables                              |
+-----------------------------------------------------+------------------+-----------------------+---------------------+---------------+-------------------+----------+----------------------------------------+