Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame^] | 1 | .. |
| 2 | # Copyright (c) 2022, Arm Limited. |
| 3 | # |
| 4 | # SPDX-License-Identifier: MIT |
| 5 | |
| 6 | ########## |
| 7 | User Guide |
| 8 | ########## |
| 9 | |
| 10 | Notice |
| 11 | ------ |
| 12 | The corstone1000 software stack uses the `Yocto Project <https://www.yoctoproject.org/>`__ to build |
| 13 | a tiny Linux distribution suitable for the corstone1000 platform. The Yocto Project relies on the |
| 14 | `Bitbake <https://docs.yoctoproject.org/bitbake.html#bitbake-documentation>`__ |
| 15 | tool as its build tool. Please see `Yocto Project documentation <https://docs.yoctoproject.org/>`__ |
| 16 | for more information. |
| 17 | |
| 18 | |
| 19 | Prerequisites |
| 20 | ------------- |
| 21 | These instructions assume your host PC is running Ubuntu Linux 18.04 or 20.04 LTS, with |
| 22 | at least 32GB of free disk space and 16GB of RAM as minimum requirement. The |
| 23 | following instructions expect that you are using a bash shell. |
| 24 | |
| 25 | The following prerequisites must be available on the host system. To resolve these dependencies, run: |
| 26 | |
| 27 | :: |
| 28 | |
| 29 | sudo apt-get update |
| 30 | sudo apt-get install gawk wget git-core diffstat unzip texinfo gcc-multilib \ |
| 31 | build-essential chrpath socat cpio python3 python3-pip python3-pexpect \ |
| 32 | xz-utils debianutils iputils-ping python3-git libegl1-mesa libsdl1.2-dev \ |
| 33 | xterm zstd liblz4-tool picocom |
| 34 | sudo apt-get upgrade libstdc++6 |
| 35 | |
| 36 | Provided components |
| 37 | ------------------- |
| 38 | Within the Yocto Project, each component included in the corstone1000 software stack is specified as |
| 39 | a `bitbake recipe <https://www.yoctoproject.org/docs/1.6/bitbake-user-manual/bitbake-user-manual.html#recipes>`__. |
| 40 | The recipes specific to the corstone1000 BSP are located at: |
| 41 | ``<_workspace>/meta-arm/meta-arm-bsp/``. |
| 42 | |
| 43 | The Yocto machine config files for the corstone1000 FVP and FPGA are: |
| 44 | |
| 45 | - ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc`` |
| 46 | - ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf`` |
| 47 | - ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/corstone1000-mps3.conf`` |
| 48 | |
| 49 | ***************** |
| 50 | Software for Host |
| 51 | ***************** |
| 52 | |
| 53 | Trusted Firmware-A |
| 54 | ================== |
| 55 | Based on `Trusted Firmware-A <https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git>`__ |
| 56 | |
| 57 | +----------+---------------------------------------------------------------------------------------------------+ |
| 58 | | bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.bbappend | |
| 59 | +----------+---------------------------------------------------------------------------------------------------+ |
| 60 | | Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.bb | |
| 61 | +----------+---------------------------------------------------------------------------------------------------+ |
| 62 | |
| 63 | OP-TEE |
| 64 | ====== |
| 65 | Based on `OP-TEE <https://git.trustedfirmware.org/OP-TEE/optee_os.git>`__ |
| 66 | |
| 67 | +----------+------------------------------------------------------------------------------------+ |
| 68 | | bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend | |
| 69 | +----------+------------------------------------------------------------------------------------+ |
| 70 | | Recipe | <_workspace>/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb | |
| 71 | +----------+------------------------------------------------------------------------------------+ |
| 72 | |
| 73 | U-Boot |
| 74 | ======= |
| 75 | Based on `U-Boot <https://gitlab.com/u-boot>`__ |
| 76 | |
| 77 | +----------+---------------------------------------------------------------------+ |
| 78 | | bbappend | <_workspace>/meta-arm/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend | |
| 79 | +----------+---------------------------------------------------------------------+ |
| 80 | | Recipe | <_workspace>/poky/meta/recipes-bsp/u-boot/u-boot_2022.07.bb | |
| 81 | +----------+---------------------------------------------------------------------+ |
| 82 | |
| 83 | Linux |
| 84 | ===== |
| 85 | The distro is based on the `poky-tiny <https://wiki.yoctoproject.org/wiki/Poky-Tiny>`__ |
| 86 | distribution which is a Linux distribution stripped down to a minimal configuration. |
| 87 | |
| 88 | The provided distribution is based on busybox and built using muslibc. The |
| 89 | recipe responsible for building a tiny version of linux is listed below. |
| 90 | |
| 91 | +-----------+----------------------------------------------------------------------------------------------+ |
| 92 | | bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_%.bbappend | |
| 93 | +-----------+----------------------------------------------------------------------------------------------+ |
| 94 | | Recipe | <_workspace>/poky/meta/recipes-kernel/linux/linux-yocto_5.19.bb | |
| 95 | +-----------+----------------------------------------------------------------------------------------------+ |
| 96 | | defconfig | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig | |
| 97 | +-----------+----------------------------------------------------------------------------------------------+ |
| 98 | |
| 99 | ************************************************** |
| 100 | Software for Boot Processor (a.k.a Secure Enclave) |
| 101 | ************************************************** |
| 102 | Based on `Trusted Firmware-M <https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git>`__ |
| 103 | |
| 104 | +----------+-------------------------------------------------------------------------------------------------+ |
| 105 | | bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_%.bbappend | |
| 106 | +----------+-------------------------------------------------------------------------------------------------+ |
| 107 | | Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb | |
| 108 | +----------+-------------------------------------------------------------------------------------------------+ |
| 109 | |
| 110 | Building the software stack |
| 111 | --------------------------- |
| 112 | Create a new folder that will be your workspace and will henceforth be referred |
| 113 | to as ``<_workspace>`` in these instructions. To create the folder, run: |
| 114 | |
| 115 | :: |
| 116 | |
| 117 | mkdir <_workspace> |
| 118 | cd <_workspace> |
| 119 | |
| 120 | corstone1000 is a Bitbake based Yocto Project which uses kas and bitbake |
| 121 | commands to build the stack. To install kas tool, run: |
| 122 | |
| 123 | :: |
| 124 | |
| 125 | pip3 install kas |
| 126 | |
| 127 | In the top directory of the workspace ``<_workspace>``, run: |
| 128 | |
| 129 | :: |
| 130 | |
| 131 | git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.04.07 |
| 132 | |
| 133 | To build corstone1000 image for MPS3 FPGA, run: |
| 134 | |
| 135 | :: |
| 136 | |
| 137 | kas build meta-arm/kas/corstone1000-mps3.yml |
| 138 | |
| 139 | Alternatively, to build corstone1000 image for FVP, run: |
| 140 | |
| 141 | :: |
| 142 | |
| 143 | kas build meta-arm/kas/corstone1000-fvp.yml |
| 144 | |
| 145 | The initial clean build will be lengthy, given that all host utilities are to |
| 146 | be built as well as the target images. This includes host executables (python, |
| 147 | cmake, etc.) and the required toolchain(s). |
| 148 | |
| 149 | Once the build is successful, all output binaries will be placed in the following folders: |
| 150 | - ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/`` folder for FVP build; |
| 151 | - ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/`` folder for FPGA build. |
| 152 | |
| 153 | Everything apart from the ROM firmware is bundled into a single binary, the |
| 154 | ``corstone1000-image-corstone1000-{mps3,fvp}.wic.nopt`` file. The ROM firmware is the |
| 155 | ``bl1.bin`` file. |
| 156 | |
| 157 | The output binaries used by FVP are the following: |
| 158 | - The ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/bl1.bin`` |
| 159 | - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic.nopt`` |
| 160 | |
| 161 | The output binaries used by FPGA are the following: |
| 162 | - The ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin`` |
| 163 | - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt`` |
| 164 | |
| 165 | Flash the firmware image on FPGA |
| 166 | -------------------------------- |
| 167 | |
| 168 | The user should download the FPGA bit file image from `this link <https://developer.arm.com/tools-and-software/development-boards/fpga-prototyping-boards/download-fpga-images>`__ |
| 169 | and under the section ``Arm® Corstone™-1000 for MPS3``. |
| 170 | |
| 171 | The directory structure of the FPGA bundle is shown below. |
| 172 | |
| 173 | :: |
| 174 | |
| 175 | Boardfiles |
| 176 | ├── MB |
| 177 | │ ├── BRD_LOG.TXT |
| 178 | │ ├── HBI0309B |
| 179 | │ │ ├── AN550 |
| 180 | │ │ │ ├── AN550_v1.bit |
| 181 | │ │ │ ├── an550_v1.txt |
| 182 | │ │ │ └── images.txt |
| 183 | │ │ ├── board.txt |
| 184 | │ │ └── mbb_v210.ebf |
| 185 | │ └── HBI0309C |
| 186 | │ ├── AN550 |
| 187 | │ │ ├── AN550_v1.bit |
| 188 | │ │ ├── an550_v1.txt |
| 189 | │ │ └── images.txt |
| 190 | │ ├── board.txt |
| 191 | │ └── mbb_v210.ebf |
| 192 | ├── SOFTWARE |
| 193 | │ ├── ES0.bin |
| 194 | │ ├── SE.bin |
| 195 | │ └── an550_st.axf |
| 196 | └── config.txt |
| 197 | |
| 198 | Depending upon the MPS3 board version (printed on the MPS3 board) you should update the images.txt file |
| 199 | (in corresponding HBI0309x folder) so that the file points to the images under SOFTWARE directory. |
| 200 | |
| 201 | Here is an example |
| 202 | |
| 203 | :: |
| 204 | |
| 205 | ;************************************************ |
| 206 | ; Preload port mapping * |
| 207 | ;************************************************ |
| 208 | ; PORT 0 & ADDRESS: 0x00_0000_0000 QSPI Flash (XNVM) (32MB) |
| 209 | ; PORT 0 & ADDRESS: 0x00_8000_0000 OCVM (DDR4 2GB) |
| 210 | ; PORT 1 Secure Enclave (M0+) ROM (64KB) |
| 211 | ; PORT 2 External System 0 (M3) Code RAM (256KB) |
| 212 | ; PORT 3 Secure Enclave OTP memory (8KB) |
| 213 | ; PORT 4 CVM (4MB) |
| 214 | ;************************************************ |
| 215 | |
| 216 | [IMAGES] |
| 217 | TOTALIMAGES: 2 ;Number of Images (Max: 32) |
| 218 | |
| 219 | IMAGE0PORT: 1 |
| 220 | IMAGE0ADDRESS: 0x00_0000_0000 |
| 221 | IMAGE0UPDATE: RAM |
| 222 | IMAGE0FILE: \SOFTWARE\bl1.bin |
| 223 | |
| 224 | IMAGE1PORT: 0 |
| 225 | IMAGE1ADDRESS: 0x00_00010_0000 |
| 226 | IMAGE1UPDATE: AUTOQSPI |
| 227 | IMAGE1FILE: \SOFTWARE\cs1000.bin |
| 228 | |
| 229 | OUTPUT_DIR = ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3`` |
| 230 | |
| 231 | 1. Copy ``bl1.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle. |
| 232 | 2. Copy ``corstone1000-image-corstone1000-mps3.wic.nopt`` from OUTPUT_DIR directory to SOFTWARE |
| 233 | directory of the FPGA bundle and rename the wic image to ``cs1000.bin``. |
| 234 | |
| 235 | **NOTE:** Renaming of the images are required because MCC firmware has |
| 236 | limitation of 8 characters before .(dot) and 3 characters after .(dot). |
| 237 | |
| 238 | Now, copy the entire folder to board's SDCard and reboot the board. |
| 239 | |
| 240 | Running the software on FPGA |
| 241 | ---------------------------- |
| 242 | |
| 243 | On the host machine, open 3 minicom sessions. In case of Linux machine it will |
| 244 | be ttyUSB0, ttyUSB1, ttyUSB2 and it might be different on Window machine. |
| 245 | |
| 246 | - ttyUSB0 for MCC, OP-TEE and Secure Partition |
| 247 | - ttyUSB1 for Boot Processor (Cortex-M0+) |
| 248 | - ttyUSB2 for Host Processor (Cortex-A35) |
| 249 | |
| 250 | Run following commands to open minicom sessions on Linux: |
| 251 | |
| 252 | :: |
| 253 | |
| 254 | sudo picocom -b 115200 /dev/ttyUSB0 # in one terminal |
| 255 | sudo picocom -b 115200 /dev/ttyUSB1 # in another terminal |
| 256 | sudo picocom -b 115200 /dev/ttyUSB2 # in another terminal. |
| 257 | |
| 258 | Once the system boot is completed, you should see console |
| 259 | logs on the minicom sessions. Once the HOST(Cortex-A35) is |
| 260 | booted completely, user can login to the shell using |
| 261 | **"root"** login. |
| 262 | |
| 263 | Running the software on FVP |
| 264 | --------------------------- |
| 265 | An FVP (Fixed Virtual Platform) of the corstone1000 platform must be available to execute the |
| 266 | included run script. |
| 267 | |
| 268 | The Fixed Virtual Platform (FVP) version 11.17_23 can be downloaded from the |
| 269 | `Arm Ecosystem FVPs`_ page. On this page, navigate to "Corstone IoT FVPs" |
| 270 | section to download the Corstone1000 platform FVP installer. Follow the |
| 271 | instructions of the installer and setup the FVP. |
| 272 | |
| 273 | <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf |
| 274 | |
| 275 | When the script is executed, three terminal instances will be launched, one for the boot processor |
| 276 | (aka Secure Enclave) processing element and two for the Host processing element. Once the FVP is |
| 277 | executing, the Boot Processor will start to boot, wherein the relevant memory contents of the .wic |
| 278 | file are copied to their respective memory locations within the model, enforce firewall policies |
| 279 | on memories and peripherals and then, bring the host out of reset. |
| 280 | |
| 281 | The host will boot trusted-firmware-a, OP-TEE, U-Boot and then Linux, and present a login prompt |
| 282 | (FVP host_terminal_0): |
| 283 | |
| 284 | :: |
| 285 | corstone1000-fvp login: |
| 286 | |
| 287 | Login using the username root. |
| 288 | |
| 289 | Running test applications |
| 290 | ------------------------- |
| 291 | |
| 292 | **NOTE**: Running the SystemReady-IR tests described below requires the user to |
| 293 | work with USB sticks. In our testing, not all USB stick models work well with |
| 294 | MPS3 FPGA. Here are the USB sticks models that are stable in our test |
| 295 | environment. |
| 296 | |
| 297 | - HP V165W 8 GB USB Flash Drive |
| 298 | - SanDisk Ultra 32GB Dual USB Flash Drive USB M3.0 |
| 299 | - SanDisk Ultra 16GB Dual USB Flash Drive USB M3.0 |
| 300 | |
| 301 | **NOTE**: |
| 302 | Before running each of the tests in this chapter, the user should follow the |
| 303 | steps described in following section "Clean Secure Flash Before Testing" to |
| 304 | erase the SecureEnclave flash cleanly and prepare a clean board environment for |
| 305 | the testing. |
| 306 | |
| 307 | Clean Secure Flash Before Testing (applicable to FPGA only) |
| 308 | ----------------------------------------------------------- |
| 309 | To prepare a clean board environment with clean secure flash for the testing, |
| 310 | the user should prepare an image that erases the secure flash cleanly during |
| 311 | boot. Run following commands to build such image. |
| 312 | |
| 313 | :: |
| 314 | |
| 315 | cd <_workspace> |
| 316 | git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.02.18 |
| 317 | git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git |
| 318 | cp -f systemready-patch/embedded-a/corstone1000/erase_flash/0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch meta-arm |
| 319 | cd meta-arm |
| 320 | git apply 0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch |
| 321 | cd .. |
| 322 | kas build meta-arm/kas/corstone1000-mps3.yml |
| 323 | |
| 324 | Replace the bl1.bin and cs1000.bin files on the SD card with following files: |
| 325 | - The ROM firmware: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin |
| 326 | - The flash image: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt |
| 327 | |
| 328 | Now reboot the board. This step erases the Corstone1000 SecureEnclave flash |
| 329 | completely, the user should expect following message from TF-M log: |
| 330 | |
| 331 | :: |
| 332 | |
| 333 | !!!SECURE FLASH HAS BEEN CLEANED!!! |
| 334 | NOW YOU CAN FLASH THE ACTUAL CORSTONE1000 IMAGE |
| 335 | PLEASE REMOVE THE LATEST ERASE SECURE FLASH PATCH AND BUILD THE IMAGE AGAIN |
| 336 | |
| 337 | Then the user should follow "Building the software stack" to build a clean |
| 338 | software stack and flash the FPGA as normal. And continue the testing. |
| 339 | |
| 340 | Run SystemReady-IR ACS tests |
| 341 | ----------------------------- |
| 342 | |
| 343 | ACS image contains two partitions. BOOT partition and RESULTS partition. |
| 344 | Following packages are under BOOT partition |
| 345 | |
| 346 | * SCT |
| 347 | * FWTS |
| 348 | * BSA uefi |
| 349 | * BSA linux |
| 350 | * grub |
| 351 | * uefi manual capsule application |
| 352 | |
| 353 | RESULTS partition is used to store the test results. |
| 354 | PLEASE MAKE SURE THAT THE RESULTS PARTITION IS EMPTY BEFORE YOU START THE TESTING. OTHERWISE THE TEST RESULTS |
| 355 | WILL NOT BE CONSISTENT |
| 356 | |
| 357 | FPGA instructions for ACS image |
| 358 | ------------------------------- |
| 359 | |
| 360 | This section describes how the user can build and run Architecture Compliance |
| 361 | Suite (ACS) tests on Corstone1000. |
| 362 | |
| 363 | First, the user should download the `Arm SystemReady ACS repository <https://github.com/ARM-software/arm-systemready/>`__. |
| 364 | This repository contains the infrastructure to build the Architecture |
| 365 | Compliance Suite (ACS) and the bootable prebuilt images to be used for the |
| 366 | certifications of SystemReady-IR. To download the repository, run command: |
| 367 | |
| 368 | :: |
| 369 | |
| 370 | cd <_workspace> |
| 371 | git clone https://github.com/ARM-software/arm-systemready.git -b v21.09_REL1.0 |
| 372 | |
| 373 | Once the repository is successfully downloaded, the prebuilt ACS live image can be found in: |
| 374 | - ``<_workspace>/arm-systemready/IR/prebuilt_images/v21.07_0.9_BETA/ir_acs_live_image.img.xz`` |
| 375 | |
| 376 | **NOTE**: This prebuilt ACS image includes v5.13 kernel, which doesn't provide |
| 377 | USB driver support for Corstone1000. The ACS image with newer kernel version |
| 378 | and with full USB support for Corstone1000 will be available in the next |
| 379 | SystemReady release in this repository. |
| 380 | |
| 381 | Then, the user should prepare a USB stick with ACS image. In the given example here, |
| 382 | we assume the USB device is ``/dev/sdb`` (the user should use ``lsblk`` command to |
| 383 | confirm). Be cautious here and don't confuse your host PC's own hard drive with the |
| 384 | USB drive. Run the following commands to prepare the ACS image in USB stick: |
| 385 | |
| 386 | :: |
| 387 | |
| 388 | cd <_workspace>/arm-systemready/IR/scripts/output/ |
| 389 | unxz ir_acs_live_image.img.xz |
| 390 | sudo dd if=ir_acs_live_image.img of=/dev/sdb iflag=direct oflag=direct bs=1M status=progress; sync |
| 391 | |
| 392 | Once the USB stick with ACS image is prepared, the user should make sure that |
| 393 | ensure that only the USB stick with the ACS image is connected to the board, |
| 394 | and then boot the board. |
| 395 | |
| 396 | FVP instructions for ACS image and run |
| 397 | --------------------------------------- |
| 398 | |
| 399 | Download acs image from: |
| 400 | - ``https://gitlab.arm.com/systemready/acs/arm-systemready/-/tree/linux-5.17-rc7/IR/prebuilt_images/v22.04_1.0-Linux-v5.17-rc7`` |
| 401 | |
| 402 | Use the below command to run the FVP with acs image support in the |
| 403 | SD card. |
| 404 | |
| 405 | :: |
| 406 | |
| 407 | unxz ${<path-to-img>/ir_acs_live_image.img.xz} |
| 408 | |
| 409 | <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${<path-to-img>/ir_acs_live_image.img}" |
| 410 | |
| 411 | The test results can be fetched using following commands: |
| 412 | |
| 413 | :: |
| 414 | |
| 415 | sudo mkdir /mnt/test |
| 416 | sudo mount -o rw,offset=<offset_2nd_partition> <path-to-img>/ir_acs_live_image.img /mnt/test/ |
| 417 | fdisk -lu <path-to-img>/ir_acs_live_image.img |
| 418 | -> Device Start End Sectors Size Type |
| 419 | /home/emeara01/Downloads/ir_acs_live_image_modified.img1 2048 1050622 1048575 512M Microsoft basic data |
| 420 | /home/emeara01/Downloads/ir_acs_live_image_modified.img2 1050624 1153022 102399 50M Microsoft basic data |
| 421 | |
| 422 | -> <offset_2nd_partition> = 1050624 * 512 (sector size) = 537919488 |
| 423 | |
| 424 | The FVP will reset multiple times during the test, and it might take up to 1 day to finish |
| 425 | the test. At the end of test, the FVP host terminal will halt showing a shell prompt. |
| 426 | Once test is finished, the FVP can be stoped, and result can be copied following above |
| 427 | instructions. |
| 428 | |
| 429 | Common to FVP and FPGA |
| 430 | ----------------------- |
| 431 | |
| 432 | U-Boot should be able to boot the grub bootloader from |
| 433 | the 1st partition and if grub is not interrupted, tests are executed |
| 434 | automatically in the following sequence: |
| 435 | |
| 436 | - SCT |
| 437 | - UEFI BSA |
| 438 | - FWTS |
| 439 | - BSA Linux |
| 440 | |
| 441 | The results can be fetched from the ``acs_results`` partition of the USB stick (FPGA) / SD Card (FVP). |
| 442 | |
| 443 | Manual capsule update test |
| 444 | -------------------------- |
| 445 | |
| 446 | The following steps describe running manual capsule update with the ``direct`` |
| 447 | method. |
| 448 | |
| 449 | Check the "Run SystemReady-IR ACS tests" section above to download and unpack the acs image file |
| 450 | - ``ir_acs_live_image.img.xz`` |
| 451 | |
| 452 | Download edk2 and generate capsule file: |
| 453 | |
| 454 | :: |
| 455 | |
| 456 | git clone https://github.com/tianocore/edk2.git |
| 457 | edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ |
| 458 | cs1k_cap --fw-version 1 --lsv 0 --guid \ |
| 459 | e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ |
| 460 | 0 --verbose <binary_file> |
| 461 | |
| 462 | The <binary_file> here should be a corstone1000-image-corstone1000-fvp.wic.nopt image for FVP and |
| 463 | corstone1000-image-corstone1000-mps3.wic.nopt for FPGA. And this input binary file |
| 464 | (capsule) should be less than 15 MB. |
| 465 | |
| 466 | Based on the user's requirement, the user can change the firmware version |
| 467 | number given to ``--fw-version`` option (the version number needs to be >= 1). |
| 468 | |
| 469 | Capsule Copy instructions for FPGA |
| 470 | ----------------------------------- |
| 471 | |
| 472 | The user should prepare a USB stick as explained in ACS image section (see above). |
| 473 | Place the generated ``cs1k_cap`` file in the root directory of the boot partition |
| 474 | in the USB stick. Note: As we are running the direct method, the ``cs1k_cap`` file |
| 475 | should not be under the EFI/UpdateCapsule directory as this may or may not trigger |
| 476 | the on disk method. |
| 477 | |
| 478 | Capsule Copy instructions for FVP |
| 479 | --------------------------------- |
| 480 | |
| 481 | Run below commands to copy capsule into the |
| 482 | image file and run FVP software. |
| 483 | |
| 484 | :: |
| 485 | |
| 486 | sudo mkdir /mnt/test |
| 487 | sudo mount -o rw,offset=<offset_1st_partition> <path-to-img>/ir_acs_live_image.img /mnt/test/ |
| 488 | sudo cp cs1k_cap /mnt/test/ |
| 489 | sudo umount /mnt/test |
| 490 | exit |
| 491 | |
| 492 | <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C "board.msd_mmc.p_mmc_file ${<path-to-img>/ir_acs_live_image.img}" |
| 493 | |
| 494 | Size of first partition in the image file is calculated in the following way. The data is |
| 495 | just an example and might vary with different ir_acs_live_image.img files. |
| 496 | |
| 497 | :: |
| 498 | |
| 499 | fdisk -lu <path-to-img>/ir_acs_live_image.img |
| 500 | -> Device Start End Sectors Size Type |
| 501 | /home/emeara01/Downloads/ir_acs_live_image_modified.img1 2048 1050622 1048575 512M Microsoft basic data |
| 502 | /home/emeara01/Downloads/ir_acs_live_image_modified.img2 1050624 1153022 102399 50M Microsoft basic data |
| 503 | |
| 504 | -> <offset_1st_partition> = 2048 * 512 (sector size) = 1048576 |
| 505 | |
| 506 | Common to FVP and FPGA |
| 507 | ----------------------- |
| 508 | Reach u-boot then interrupt shell to reach EFI shell. Use below command at EFI shell. |
| 509 | |
| 510 | :: |
| 511 | |
| 512 | FS0: |
| 513 | EFI/BOOT/app/CapsuleApp.efi cs1k_cap |
| 514 | |
| 515 | For this test, the user can provide two capsules for testing: a positive test |
| 516 | case capsule which boots the board correctly, and a negative test case with an |
| 517 | incorrect capsule which fails to boot the host software. |
| 518 | |
| 519 | In the positive case scenario, the user should see following log in TF-M log, |
| 520 | indicating the new capsule image is successfully applied, and the board boots |
| 521 | correctly. |
| 522 | |
| 523 | :: |
| 524 | |
| 525 | ... |
| 526 | SysTick_Handler: counted = 10, expiring on = 360 |
| 527 | SysTick_Handler: counted = 20, expiring on = 360 |
| 528 | SysTick_Handler: counted = 30, expiring on = 360 |
| 529 | ... |
| 530 | metadata_write: success: active = 1, previous = 0 |
| 531 | accept_full_capsule: exit: fwu state is changed to regular |
| 532 | ... |
| 533 | |
| 534 | |
| 535 | In the negative case scenario, the user should see appropriate logs in |
| 536 | the secure enclave terminal. If capsule pass initial verification, but fails |
| 537 | verifications performed during boot time, secure enclave will try new images |
| 538 | predetermined number of times (defined in the code), before reverting back to |
| 539 | the previous good bank. |
| 540 | |
| 541 | :: |
| 542 | |
| 543 | ... |
| 544 | metadata_write: success: active = 0, previous = 1 |
| 545 | fwu_select_previous: in regular state by choosing previous active bank |
| 546 | ... |
| 547 | |
| 548 | ******************************************************* |
| 549 | Linux distro install and boot (applicable to FPGA only) |
| 550 | ******************************************************* |
| 551 | |
| 552 | To test Linux distro install and boot, the user should prepare two empty USB sticks. |
| 553 | |
| 554 | Download one of following Linux distro images: |
| 555 | - Debian installer image: https://cdimage.debian.org/cdimage/weekly-builds/arm64/iso-dvd/ |
| 556 | - OpenSUSE Tumbleweed installer image: http://download.opensuse.org/ports/aarch64/tumbleweed/iso/ |
| 557 | - The user should look for a DVD Snapshot like openSUSE-Tumbleweed-DVD-aarch64-Snapshot20211125-Media.iso |
| 558 | |
| 559 | Once the .iso file is downloaded, the .iso file needs to be flashed to your USB drive. |
| 560 | |
| 561 | In the given example here, we assume the USB device is ``/dev/sdb`` (the user |
| 562 | should use `lsblk` command to confirm). Be cautious here and don't confuse your |
| 563 | host PC's own hard drive with the USB drive. Then copy the contents of an iso |
| 564 | file into the first USB stick, run: |
| 565 | |
| 566 | :: |
| 567 | |
| 568 | sudo dd if=</path/to/iso_file> of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync; |
| 569 | |
| 570 | Boot the MSP3 board with the first USB stick connected. Open following minicom sessions: |
| 571 | |
| 572 | :: |
| 573 | |
| 574 | sudo picocom -b 115200 /dev/ttyUSB0 # in one terminal |
| 575 | sudo picocom -b 115200 /dev/ttyUSB2 # in another terminal. |
| 576 | |
| 577 | Press <Ctrl+x>. |
| 578 | |
| 579 | Now plug in the second USB stick, the distro installation process will start. |
| 580 | |
| 581 | **NOTE:** Due to the performance limitation of Corstone1000 MPS3 FPGA, the |
| 582 | distro installation process can take up to 24 hours to complete. |
| 583 | |
| 584 | Once installation is complete, unplug the first USB stick and reboot the board. |
| 585 | After successfully installing and booting the Linux distro, the user should see |
| 586 | a login prompt: |
| 587 | |
| 588 | :: |
| 589 | |
| 590 | debian login: |
| 591 | |
| 592 | Login with the username root. |
| 593 | |
| 594 | Run psa-arch-test (applicable to both FPGA and FVP) |
| 595 | --------------------------------------------------- |
| 596 | |
| 597 | When running psa-arch-test on MPS3 FPGA, the user should make sure there is no |
| 598 | USB stick connected to the board. Power on the board and boot the board to |
| 599 | Linux. Then, the user should follow the steps below to run the psa_arch_tests. |
| 600 | |
| 601 | When running psa-arch-test on Corstone1000 FVP, the user should follow the |
| 602 | instructions in `Running the software on FVP`_ section to boot Linux in FVP |
| 603 | host_terminal_0, and login using the username ``root``. |
| 604 | |
| 605 | As a reference for the user's test results, the psa-arch-test report for `Corstone1000 software (CORSTONE1000-2022.02.18) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2022.02.18>`__ |
| 606 | can be found in `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/master/embedded-a/corstone1000>`__. |
| 607 | |
| 608 | First, create a file containing SE_PROXY_SP UUID. Run: |
| 609 | |
| 610 | :: |
| 611 | |
| 612 | echo 46bb39d1-b4d9-45b5-88ff-040027dab249 > sp_uuid_list.txt |
| 613 | |
| 614 | Then, load FFA driver module into Linux kernel. Run: |
| 615 | |
| 616 | :: |
| 617 | |
| 618 | load_ffa_debugfs.sh . |
| 619 | |
| 620 | Then, check whether the FFA driver loaded correctly by using the following command: |
| 621 | |
| 622 | :: |
| 623 | |
| 624 | cat /proc/modules | grep arm_ffa_user |
| 625 | |
| 626 | The output should be: |
| 627 | |
| 628 | :: |
| 629 | |
| 630 | arm_ffa_user 16384 - - Live 0xffffffc0084b0000 (O) |
| 631 | |
| 632 | Now, run the PSA arch tests with following commands. The user should run the |
| 633 | tests in following order: |
| 634 | |
| 635 | :: |
| 636 | |
| 637 | psa-iat-api-test |
| 638 | psa-crypto-api-test |
| 639 | psa-its-api-test |
| 640 | psa-ps-api-test |
| 641 | |
| 642 | ******************************************************** |
| 643 | Linux distro: OpenSUSE Raw image installation (FVP Only) |
| 644 | ******************************************************** |
| 645 | |
| 646 | Steps to download openSUSE Tumbleweed raw image: |
| 647 | - Go to: http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/ |
| 648 | - The user should look for a Tumbleweed-ARM-JeOS-efi.aarch64-* Snapshot, for example, ``openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-2022.03.18-Snapshot20220331.raw.xz`` |
| 649 | |
| 650 | Once the .raw.xz file is downloaded, the raw image file needs to be extracted: |
| 651 | |
| 652 | :: |
| 653 | |
| 654 | unxz <file-name.raw.xz> |
| 655 | |
| 656 | |
| 657 | The above command will generate a file ending with extension .raw image. Now, use the following command |
| 658 | to run FVP with raw image installation process. |
| 659 | |
| 660 | :: |
| 661 | |
| 662 | <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${openSUSE raw image file path}" |
| 663 | |
| 664 | After successfully installing and booting the Linux distro, the user should see |
| 665 | a openSUSE login prompt. |
| 666 | |
| 667 | :: |
| 668 | |
| 669 | localhost login: |
| 670 | |
| 671 | Login with the username 'root' and password 'linux'. |
| 672 | |
| 673 | ************************************** |
| 674 | Running the software on FVP on Windows |
| 675 | ************************************** |
| 676 | If the user needs to run the Corstone1000 software on FVP on Windows. The user |
| 677 | should follow the build instructions in this document to build on Linux host |
| 678 | PC, and copy the output binaries to the Windows PC where the FVP is located, |
| 679 | and launch the FVP binary. |
| 680 | |
| 681 | -------------- |
| 682 | |
| 683 | *Copyright (c) 2021, Arm Limited. All rights reserved.* |
| 684 | |
| 685 | .. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps |