| Message ID | 20230410230436.72664-1-jaswinder.singh@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | FWU: Add support for mtd backed feature on DeveloperBox | expand |
Hello Jassi, On Tue, 11 Apr 2023 at 01:04, <jaswinder.singh@linaro.org> wrote: > > From: Jassi Brar <jaswinder.singh@linaro.org> > > Add code to support FWU_MULTI_BANK_UPDATE. > The platform does not have gpt-partition storage for > Banks and MetaData, rather it used SPI-NOR backed > mtd regions for the purpose. > I think you should mention this change enables EFI secure boot. > Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org> > --- > board/socionext/developerbox/Makefile | 1 + > board/socionext/developerbox/developerbox.c | 8 + > board/socionext/developerbox/fwu_plat.c | 37 +++++ > configs/synquacer_developerbox_defconfig | 8 + > doc/board/socionext/developerbox.rst | 155 +++++++++++++++++++- > include/configs/synquacer.h | 10 ++ > 6 files changed, 213 insertions(+), 6 deletions(-) > create mode 100644 board/socionext/developerbox/fwu_plat.c > > diff --git a/board/socionext/developerbox/Makefile b/board/socionext/developerbox/Makefile > index 4a46de995a..1acd067a7e 100644 > --- a/board/socionext/developerbox/Makefile > +++ b/board/socionext/developerbox/Makefile > @@ -7,3 +7,4 @@ > # > > obj-y := developerbox.o > +obj-$(CONFIG_FWU_MDATA_MTD) += fwu_plat.o > diff --git a/board/socionext/developerbox/developerbox.c b/board/socionext/developerbox/developerbox.c > index 16e14d4f7f..ce2cccf4f0 100644 > --- a/board/socionext/developerbox/developerbox.c > +++ b/board/socionext/developerbox/developerbox.c > @@ -20,6 +20,13 @@ > > #if IS_ENABLED(CONFIG_EFI_HAVE_CAPSULE_SUPPORT) > struct efi_fw_image fw_images[] = { > +#if CONFIG_IS_ENABLED(FWU_MULTI_BANK_UPDATE) > + { > + .image_type_id = DEVELOPERBOX_FIP_IMAGE_GUID, > + .fw_name = u"DEVELOPERBOX-FIP", > + .image_index = 1, > + }, > +#else > { > .image_type_id = DEVELOPERBOX_UBOOT_IMAGE_GUID, > .fw_name = u"DEVELOPERBOX-UBOOT", > @@ -35,6 +42,7 @@ struct efi_fw_image fw_images[] = { > .fw_name = u"DEVELOPERBOX-OPTEE", > .image_index = 3, > }, > +#endif > }; > > struct efi_capsule_update_info update_info = { > diff --git a/board/socionext/developerbox/fwu_plat.c b/board/socionext/developerbox/fwu_plat.c > new file mode 100644 > index 0000000000..e5dae0ff11 > --- /dev/null > +++ b/board/socionext/developerbox/fwu_plat.c > @@ -0,0 +1,37 @@ > +// SPDX-License-Identifier: GPL-2.0-or-later > +/* > + * Copyright (c) 2023, Linaro Limited > + */ > + > +#include <efi_loader.h> > +#include <fwu.h> > +#include <fwu_mdata.h> > +#include <memalign.h> > +#include <mtd.h> > + > +#define DFU_ALT_BUF_LEN 256 > + > +/* Generate dfu_alt_info from partitions */ > +void set_dfu_alt_info(char *interface, char *devstr) > +{ > + int ret; > + struct mtd_info *mtd; > + > + ALLOC_CACHE_ALIGN_BUFFER(char, buf, DFU_ALT_BUF_LEN); ALLOC_CACHE_ALIGN_BUFFER() should be used within local variable definitions at block entry. Prefer: + ALLOC_CACHE_ALIGN_BUFFER(char, buf, DFU_ALT_BUF_LEN); + struct mtd_info *mtd; + int ret; + > + memset(buf, 0, sizeof(buf)); > + > + mtd_probe_devices(); > + > + mtd = get_mtd_device_nm("nor1"); > + if (IS_ERR_OR_NULL(mtd)) > + return; > + > + ret = fwu_gen_alt_info_from_mtd(buf, DFU_ALT_BUF_LEN, mtd); > + if (ret < 0) { > + log_err("Error: Failed to generate dfu_alt_info. (%d)\n", ret); > + return; > + } > + log_debug("Make dfu_alt_info: '%s'\n", buf); > + > + env_set("dfu_alt_info", buf); > +} > diff --git a/configs/synquacer_developerbox_defconfig b/configs/synquacer_developerbox_defconfig > index 09e12b739b..d09684153a 100644 > --- a/configs/synquacer_developerbox_defconfig > +++ b/configs/synquacer_developerbox_defconfig > @@ -97,3 +97,11 @@ CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y > CONFIG_EFI_CAPSULE_ON_DISK=y > CONFIG_EFI_IGNORE_OSINDICATIONS=y > CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y > +CONFIG_EFI_SECURE_BOOT=y > +CONFIG_FWU_MULTI_BANK_UPDATE=y > +CONFIG_FWU_MDATA=y > +CONFIG_FWU_MDATA_MTD=y > +CONFIG_FWU_NUM_BANKS=2 > +CONFIG_FWU_NUM_IMAGES_PER_BANK=1 > +CONFIG_CMD_FWU_METADATA=y > +CONFIG_TOOLS_MKFWUMDATA=y > diff --git a/doc/board/socionext/developerbox.rst b/doc/board/socionext/developerbox.rst > index 2d943c23be..908d3a7e6f 100644 > --- a/doc/board/socionext/developerbox.rst > +++ b/doc/board/socionext/developerbox.rst > @@ -57,14 +57,20 @@ Installation > > You can install the SNI_NOR_UBOOT.fd via NOR flash writer. > > -Flashing the U-Boot image on DeveloperBox requires a 96boards UART mezzanine or other mezzanine which can connect to LS-UART0 port. > -Connect USB cable from host to the LS-UART0 and set DSW2-7 to ON, and turn the board on again. The flash writer program will be started automatically; don’t forget to turn the DSW2-7 off again after flashing. > +Flashing the U-Boot image on DeveloperBox requires a 96boards UART mezzanine > +or other mezzanine which can connect to LS-UART0 port. nitpicking: ...to **the** LS-UART0.. > +Connect USB cable from host to the LS-UART0 and set DSW2-7 to ON, and turn the > +board on again. The flash writer program will be started automatically; > +don't forget to turn the DSW2-7 off again after flashing. > > -*!!CAUTION!! If you failed to write the U-Boot image on wrong address, the board can be bricked. See below page if you need to recover the bricked board. See the following page for more detail* > +*!!CAUTION!! If you write the U-Boot image on wrong address, the board can > +be bricked. See below page if you need to recover the bricked board. See > +the following page for more detail* s/detail/details/ > > https://www.96boards.org/documentation/enterprise/developerbox/installation/board-recovery.md.html > > -When the serial flasher is running correctly is will show the following boot messages shown via LS-UART0:: > +When the serial flasher is running correctly is will show the following boot s/is/it/ > +messages shown via LS-UART0:: I would replace "shown via" with "printed to LS-UART0 console". > > > /*------------------------------------------*/ > @@ -81,7 +87,144 @@ Once the flasher tool is running we are ready flash the UEFI image:: > flash rawwrite 200000 100000 > >> Send SPI_NOR_UBOOT.fd via XMODEM (Control-A S in minicom) << > > -*!!NOTE!! The flasher command parameter is different from the command for board recovery. U-Boot uses the offset 200000 (2-five-0, 2M in hex) and the size 100000 (1-five-0, 1M in hex).* > +*!!NOTE!! The flasher command parameter is different from the command for > +board recovery. U-Boot uses the offset 200000 (2-five-0, 2M in hex) and the > +size 100000 (1-five-0, 1M in hex).* > > -After transferring the SPI_NOR_UBOOT.fd, turn off the DSW2-7 and reset the board. > +After transferring the SPI_NOR_UBOOT.fd, turn off the DSW2-7 and > +reset the board. > > + > +Enable FWU Multi Bank Update > +============================ > + > +DeveloperBox supports the FWU Multi Bank Update. You *MUST* update both > +*SCP firmware* and *TF-A* for this feature. This will change the layout and Youmlean SCP-firmware and TF-A **and U-Boot**? > +the boot process but you can switch back to the normal one by changing > +the DSW 1-4 off. > + > +Configure U-Boot > +---------------- > + > +To enable the FWU Multi Bank Update on the DeveloperBox, you need to add > +following configurations to configs/synquacer_developerbox_defconfig :: Actually this change already updates defconfig file. Maybe: - you need to add following configurations to configs/synquacer_developerbox_defconfig + Board configs/synquacer_developerbox_defconfig enables default FWU + configuration: > + > + CONFIG_FWU_MULTI_BANK_UPDATE=y > + CONFIG_FWU_MDATA=y > + CONFIG_FWU_MDATA_MTD=y > + CONFIG_FWU_NUM_BANKS=2 > + CONFIG_FWU_NUM_IMAGES_PER_BANK=1 > + CONFIG_CMD_FWU_METADATA=y > + > +And build it:: > + > + cd u-boot/ > + export ARCH=arm64 > + export CROSS_COMPILE=aarch64-linux-gnu- > + make synquacer_developerbox_defconfig > + make -j `noproc` > + cd ../ > + > +By default, the CONFIG_FWU_NUM_BANKS and CONFIG_FWU_NUM_IMAGES_PER_BANKS are > +set to 2 and 1 respectively. This uses FIP (Firmware Image Package) type image > +which contains TF-A, U-Boot and OP-TEE (the OP-TEE is optional.) s/.)/)./ > +You can use fiptool to compose the FIP image from those firmware images. > + > +Rebuild SCP firmware > +-------------------- > + > +Rebuild SCP firmware which supports FWU Multi Bank Update as below:: > + > + cd SCP-firmware/ > + OUT=./build/product/synquacer > + ROMFW_FILE=$OUT/scp_romfw/$SCP_BUILD_MODE/bin/scp_romfw.bin > + RAMFW_FILE=$OUT/scp_ramfw/$SCP_BUILD_MODE/bin/scp_ramfw.bin > + ROMRAMFW_FILE=scp_romramfw_release.bin > + > + make CC=arm-none-eabi-gcc PRODUCT=synquacer MODE=release > + tr "\000" "\377" < /dev/zero | dd of=${ROMRAMFW_FILE} bs=1 count=196608 > + dd if=${ROMFW_FILE} of=${ROMRAMFW_FILE} bs=1 conv=notrunc seek=0 > + dd if=${RAMFW_FILE} of=${ROMRAMFW_FILE} bs=1 seek=65536 > + cd ../ > + > +And you can get the `scp_romramfw_release.bin` file Add a period '.' > + > +Rebuild OPTEE firmware > +---------------------- > + > +Rebuild OPTEE to use in new-layout fip as below:: s/fip/FIP/g > + > + cd optee_os/ > + make -j`nproc` PLATFORM=synquacer ARCH=arm \ > + CROSS_COMPILE64=aarch64-linux-gnu- CFG_ARM64_core=y \ > + CFG_CRYPTO_WITH_CE=y CFG_CORE_HEAP_SIZE=524288 CFG_CORE_DYN_SHM=y \ > + CFG_CORE_ARM64_PA_BITS=48 CFG_TEE_CORE_LOG_LEVEL=1 CFG_TEE_TA_LOG_LEVEL=1 > + cp out/arm-plat-synquacer/core/tee-pager_v2.bin ../arm-trusted-firmware/ > + > +The produced `tee-pager_v2.bin` is to be used while building TF-A next. > + > + > +Rebuild TF-A and FIP > +-------------------- > + > +Rebuild TF-A which supports FWU Multi Bank Update as below:: > + > + cd arm-trusted-firmware/ > + make CROSS_COMPILE=aarch64-linux-gnu- -j`nproc` PLAT=synquacer \ > + TRUSTED_BOARD_BOOT=1 SPD=opteed SQ_RESET_TO_BL2=1 GENERATE_COT=1 \ > + MBEDTLS_DIR=../mbedtls BL32=tee-pager_v2.bin \ > + BL33=../u-boot/u-boot.bin all fip fiptool > + > +And make a FIP image.:: > + > + cp build/synquacer/release/fip.bin SPI_NOR_NEWFIP.fd > + tools/fiptool/fiptool update --tb-fw build/synquacer/release/bl2.bin SPI_NOR_NEWFIP.fd > + > +UUIDs for the FWU Multi Bank Update > +----------------------------------- > + > +FWU multi-bank update requires some UUIDs. The DeveloperBox platform uses > +following UUIDs. > + > + - Location UUID for the FIP image: 17e86d77-41f9-4fd7-87ec-a55df9842de5 > + - Image type UUID for the FIP image: 10c36d7d-ca52-b843-b7b9-f9d6c501d108 > + - Image UUID for Bank0 : 5a66a702-99fd-4fef-a392-c26e261a2828 > + - Image UUID for Bank1 : a8f868a1-6e5c-4757-878d-ce63375ef2c0 > + > +These UUIDs are used for making a FWU metadata image. > + > +u-boot$ ./tools/mkfwumdata -i 1 -b 2 \ > + 17e86d77-41f9-4fd7-87ec-a55df9842de5,10c36d7d-ca52-b843-b7b9-f9d6c501d108,5a66a702-99fd-4fef-a392-c26e261a2828,a8f868a1-6e5c-4757-878d-ce63375ef2c0 \ > + ../devbox-fwu-mdata.img > + > +Create Accept & Revert capsules > + > +u-boot$ ./tools/mkeficapsule -A -g 7d6dc310-52ca-43b8-b7b9-f9d6c501d108 NEWFIP_accept.Cap > +u-boot$ ./tools/mkeficapsule -R NEWFIP_revert.Cap > + > +Install via flash writer > +------------------------ > + > +As explained in above section, the new FIP image and the FWU metadata image > +can be installed via NOR flash writer. Note that the installation offsets for > +the FWU multi bank update supported firmware. This last sentence sounds strange. Is something missing? > + > +Once the flasher tool is running we are ready flash the images.:: > +Write the FIP image to the Bank-0 & 1 at 6MB and 10MB offset.:: > + > + flash rawwrite 600000 180000 > + flash rawwrite a00000 180000 > + >> Send SPI_NOR_NEWFIP.fd via XMODEM (Control-A S in minicom) << > + > + flash rawwrite 500000 1000 > + flash rawwrite 530000 1000 > + >> Send devbox-fwu-mdata.img via XMODEM (Control-A S in minicom) << > + > +And write the new SCP firmware.:: > + > + flash write cm3 > + >> Send scp_romramfw_release.bin via XMODEM (Control-A S in minicom) << > + > +At last, turn on the DSW 3-4 on the board, and reboot. > +Note that if DSW 3-4 is turned off, the DeveloperBox will boot from > +the original EDK2 firmware (or non-FWU U-Boot if you already installed.) swap the 2 last characters: s/.)/)./ > diff --git a/include/configs/synquacer.h b/include/configs/synquacer.h > index 8f44c6f66a..cd7359c2f8 100644 > --- a/include/configs/synquacer.h > +++ b/include/configs/synquacer.h > @@ -40,19 +40,29 @@ > > /* Since U-Boot 64bit PCIe support is limited, disable 64bit MMIO support */ > > +#ifdef CONFIG_FWU_MULTI_BANK_UPDATE > +#define DEFAULT_DFU_ALT_INFO > +#else > #define DEFAULT_DFU_ALT_INFO "dfu_alt_info=" \ > "mtd nor1=u-boot.bin raw 200000 100000;" \ > "fip.bin raw 180000 78000;" \ > "optee.bin raw 500000 100000\0" > +#endif > > /* GUIDs for capsule updatable firmware images */ > #define DEVELOPERBOX_UBOOT_IMAGE_GUID \ > EFI_GUID(0x53a92e83, 0x4ef4, 0x473a, 0x8b, 0x0d, \ > 0xb5, 0xd8, 0xc7, 0xb2, 0xd6, 0x00) > > +#ifdef CONFIG_FWU_MULTI_BANK_UPDATE > +#define DEVELOPERBOX_FIP_IMAGE_GUID \ > + EFI_GUID(0x7d6dc310, 0x52ca, 0x43b8, 0xb7, 0xb9, \ > + 0xf9, 0xd6, 0xc5, 0x01, 0xd1, 0x08) > +#else > #define DEVELOPERBOX_FIP_IMAGE_GUID \ > EFI_GUID(0x880866e9, 0x84ba, 0x4793, 0xa9, 0x08, \ > 0x33, 0xe0, 0xb9, 0x16, 0xf3, 0x98) > +#endif > > #define DEVELOPERBOX_OPTEE_IMAGE_GUID \ > EFI_GUID(0xc1b629f1, 0xce0e, 0x4894, 0x82, 0xbf, \ > -- > 2.34.1 >
diff --git a/board/socionext/developerbox/Makefile b/board/socionext/developerbox/Makefile index 4a46de995a..1acd067a7e 100644 --- a/board/socionext/developerbox/Makefile +++ b/board/socionext/developerbox/Makefile @@ -7,3 +7,4 @@ # obj-y := developerbox.o +obj-$(CONFIG_FWU_MDATA_MTD) += fwu_plat.o diff --git a/board/socionext/developerbox/developerbox.c b/board/socionext/developerbox/developerbox.c index 16e14d4f7f..ce2cccf4f0 100644 --- a/board/socionext/developerbox/developerbox.c +++ b/board/socionext/developerbox/developerbox.c @@ -20,6 +20,13 @@ #if IS_ENABLED(CONFIG_EFI_HAVE_CAPSULE_SUPPORT) struct efi_fw_image fw_images[] = { +#if CONFIG_IS_ENABLED(FWU_MULTI_BANK_UPDATE) + { + .image_type_id = DEVELOPERBOX_FIP_IMAGE_GUID, + .fw_name = u"DEVELOPERBOX-FIP", + .image_index = 1, + }, +#else { .image_type_id = DEVELOPERBOX_UBOOT_IMAGE_GUID, .fw_name = u"DEVELOPERBOX-UBOOT", @@ -35,6 +42,7 @@ struct efi_fw_image fw_images[] = { .fw_name = u"DEVELOPERBOX-OPTEE", .image_index = 3, }, +#endif }; struct efi_capsule_update_info update_info = { diff --git a/board/socionext/developerbox/fwu_plat.c b/board/socionext/developerbox/fwu_plat.c new file mode 100644 index 0000000000..e5dae0ff11 --- /dev/null +++ b/board/socionext/developerbox/fwu_plat.c @@ -0,0 +1,37 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (c) 2023, Linaro Limited + */ + +#include <efi_loader.h> +#include <fwu.h> +#include <fwu_mdata.h> +#include <memalign.h> +#include <mtd.h> + +#define DFU_ALT_BUF_LEN 256 + +/* Generate dfu_alt_info from partitions */ +void set_dfu_alt_info(char *interface, char *devstr) +{ + int ret; + struct mtd_info *mtd; + + ALLOC_CACHE_ALIGN_BUFFER(char, buf, DFU_ALT_BUF_LEN); + memset(buf, 0, sizeof(buf)); + + mtd_probe_devices(); + + mtd = get_mtd_device_nm("nor1"); + if (IS_ERR_OR_NULL(mtd)) + return; + + ret = fwu_gen_alt_info_from_mtd(buf, DFU_ALT_BUF_LEN, mtd); + if (ret < 0) { + log_err("Error: Failed to generate dfu_alt_info. (%d)\n", ret); + return; + } + log_debug("Make dfu_alt_info: '%s'\n", buf); + + env_set("dfu_alt_info", buf); +} diff --git a/configs/synquacer_developerbox_defconfig b/configs/synquacer_developerbox_defconfig index 09e12b739b..d09684153a 100644 --- a/configs/synquacer_developerbox_defconfig +++ b/configs/synquacer_developerbox_defconfig @@ -97,3 +97,11 @@ CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y CONFIG_EFI_CAPSULE_ON_DISK=y CONFIG_EFI_IGNORE_OSINDICATIONS=y CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y +CONFIG_EFI_SECURE_BOOT=y +CONFIG_FWU_MULTI_BANK_UPDATE=y +CONFIG_FWU_MDATA=y +CONFIG_FWU_MDATA_MTD=y +CONFIG_FWU_NUM_BANKS=2 +CONFIG_FWU_NUM_IMAGES_PER_BANK=1 +CONFIG_CMD_FWU_METADATA=y +CONFIG_TOOLS_MKFWUMDATA=y diff --git a/doc/board/socionext/developerbox.rst b/doc/board/socionext/developerbox.rst index 2d943c23be..908d3a7e6f 100644 --- a/doc/board/socionext/developerbox.rst +++ b/doc/board/socionext/developerbox.rst @@ -57,14 +57,20 @@ Installation You can install the SNI_NOR_UBOOT.fd via NOR flash writer. -Flashing the U-Boot image on DeveloperBox requires a 96boards UART mezzanine or other mezzanine which can connect to LS-UART0 port. -Connect USB cable from host to the LS-UART0 and set DSW2-7 to ON, and turn the board on again. The flash writer program will be started automatically; don’t forget to turn the DSW2-7 off again after flashing. +Flashing the U-Boot image on DeveloperBox requires a 96boards UART mezzanine +or other mezzanine which can connect to LS-UART0 port. +Connect USB cable from host to the LS-UART0 and set DSW2-7 to ON, and turn the +board on again. The flash writer program will be started automatically; +don't forget to turn the DSW2-7 off again after flashing. -*!!CAUTION!! If you failed to write the U-Boot image on wrong address, the board can be bricked. See below page if you need to recover the bricked board. See the following page for more detail* +*!!CAUTION!! If you write the U-Boot image on wrong address, the board can +be bricked. See below page if you need to recover the bricked board. See +the following page for more detail* https://www.96boards.org/documentation/enterprise/developerbox/installation/board-recovery.md.html -When the serial flasher is running correctly is will show the following boot messages shown via LS-UART0:: +When the serial flasher is running correctly is will show the following boot +messages shown via LS-UART0:: /*------------------------------------------*/ @@ -81,7 +87,144 @@ Once the flasher tool is running we are ready flash the UEFI image:: flash rawwrite 200000 100000 >> Send SPI_NOR_UBOOT.fd via XMODEM (Control-A S in minicom) << -*!!NOTE!! The flasher command parameter is different from the command for board recovery. U-Boot uses the offset 200000 (2-five-0, 2M in hex) and the size 100000 (1-five-0, 1M in hex).* +*!!NOTE!! The flasher command parameter is different from the command for +board recovery. U-Boot uses the offset 200000 (2-five-0, 2M in hex) and the +size 100000 (1-five-0, 1M in hex).* -After transferring the SPI_NOR_UBOOT.fd, turn off the DSW2-7 and reset the board. +After transferring the SPI_NOR_UBOOT.fd, turn off the DSW2-7 and +reset the board. + +Enable FWU Multi Bank Update +============================ + +DeveloperBox supports the FWU Multi Bank Update. You *MUST* update both +*SCP firmware* and *TF-A* for this feature. This will change the layout and +the boot process but you can switch back to the normal one by changing +the DSW 1-4 off. + +Configure U-Boot +---------------- + +To enable the FWU Multi Bank Update on the DeveloperBox, you need to add +following configurations to configs/synquacer_developerbox_defconfig :: + + CONFIG_FWU_MULTI_BANK_UPDATE=y + CONFIG_FWU_MDATA=y + CONFIG_FWU_MDATA_MTD=y + CONFIG_FWU_NUM_BANKS=2 + CONFIG_FWU_NUM_IMAGES_PER_BANK=1 + CONFIG_CMD_FWU_METADATA=y + +And build it:: + + cd u-boot/ + export ARCH=arm64 + export CROSS_COMPILE=aarch64-linux-gnu- + make synquacer_developerbox_defconfig + make -j `noproc` + cd ../ + +By default, the CONFIG_FWU_NUM_BANKS and CONFIG_FWU_NUM_IMAGES_PER_BANKS are +set to 2 and 1 respectively. This uses FIP (Firmware Image Package) type image +which contains TF-A, U-Boot and OP-TEE (the OP-TEE is optional.) +You can use fiptool to compose the FIP image from those firmware images. + +Rebuild SCP firmware +-------------------- + +Rebuild SCP firmware which supports FWU Multi Bank Update as below:: + + cd SCP-firmware/ + OUT=./build/product/synquacer + ROMFW_FILE=$OUT/scp_romfw/$SCP_BUILD_MODE/bin/scp_romfw.bin + RAMFW_FILE=$OUT/scp_ramfw/$SCP_BUILD_MODE/bin/scp_ramfw.bin + ROMRAMFW_FILE=scp_romramfw_release.bin + + make CC=arm-none-eabi-gcc PRODUCT=synquacer MODE=release + tr "\000" "\377" < /dev/zero | dd of=${ROMRAMFW_FILE} bs=1 count=196608 + dd if=${ROMFW_FILE} of=${ROMRAMFW_FILE} bs=1 conv=notrunc seek=0 + dd if=${RAMFW_FILE} of=${ROMRAMFW_FILE} bs=1 seek=65536 + cd ../ + +And you can get the `scp_romramfw_release.bin` file + +Rebuild OPTEE firmware +---------------------- + +Rebuild OPTEE to use in new-layout fip as below:: + + cd optee_os/ + make -j`nproc` PLATFORM=synquacer ARCH=arm \ + CROSS_COMPILE64=aarch64-linux-gnu- CFG_ARM64_core=y \ + CFG_CRYPTO_WITH_CE=y CFG_CORE_HEAP_SIZE=524288 CFG_CORE_DYN_SHM=y \ + CFG_CORE_ARM64_PA_BITS=48 CFG_TEE_CORE_LOG_LEVEL=1 CFG_TEE_TA_LOG_LEVEL=1 + cp out/arm-plat-synquacer/core/tee-pager_v2.bin ../arm-trusted-firmware/ + +The produced `tee-pager_v2.bin` is to be used while building TF-A next. + + +Rebuild TF-A and FIP +-------------------- + +Rebuild TF-A which supports FWU Multi Bank Update as below:: + + cd arm-trusted-firmware/ + make CROSS_COMPILE=aarch64-linux-gnu- -j`nproc` PLAT=synquacer \ + TRUSTED_BOARD_BOOT=1 SPD=opteed SQ_RESET_TO_BL2=1 GENERATE_COT=1 \ + MBEDTLS_DIR=../mbedtls BL32=tee-pager_v2.bin \ + BL33=../u-boot/u-boot.bin all fip fiptool + +And make a FIP image.:: + + cp build/synquacer/release/fip.bin SPI_NOR_NEWFIP.fd + tools/fiptool/fiptool update --tb-fw build/synquacer/release/bl2.bin SPI_NOR_NEWFIP.fd + +UUIDs for the FWU Multi Bank Update +----------------------------------- + +FWU multi-bank update requires some UUIDs. The DeveloperBox platform uses +following UUIDs. + + - Location UUID for the FIP image: 17e86d77-41f9-4fd7-87ec-a55df9842de5 + - Image type UUID for the FIP image: 10c36d7d-ca52-b843-b7b9-f9d6c501d108 + - Image UUID for Bank0 : 5a66a702-99fd-4fef-a392-c26e261a2828 + - Image UUID for Bank1 : a8f868a1-6e5c-4757-878d-ce63375ef2c0 + +These UUIDs are used for making a FWU metadata image. + +u-boot$ ./tools/mkfwumdata -i 1 -b 2 \ + 17e86d77-41f9-4fd7-87ec-a55df9842de5,10c36d7d-ca52-b843-b7b9-f9d6c501d108,5a66a702-99fd-4fef-a392-c26e261a2828,a8f868a1-6e5c-4757-878d-ce63375ef2c0 \ + ../devbox-fwu-mdata.img + +Create Accept & Revert capsules + +u-boot$ ./tools/mkeficapsule -A -g 7d6dc310-52ca-43b8-b7b9-f9d6c501d108 NEWFIP_accept.Cap +u-boot$ ./tools/mkeficapsule -R NEWFIP_revert.Cap + +Install via flash writer +------------------------ + +As explained in above section, the new FIP image and the FWU metadata image +can be installed via NOR flash writer. Note that the installation offsets for +the FWU multi bank update supported firmware. + +Once the flasher tool is running we are ready flash the images.:: +Write the FIP image to the Bank-0 & 1 at 6MB and 10MB offset.:: + + flash rawwrite 600000 180000 + flash rawwrite a00000 180000 + >> Send SPI_NOR_NEWFIP.fd via XMODEM (Control-A S in minicom) << + + flash rawwrite 500000 1000 + flash rawwrite 530000 1000 + >> Send devbox-fwu-mdata.img via XMODEM (Control-A S in minicom) << + +And write the new SCP firmware.:: + + flash write cm3 + >> Send scp_romramfw_release.bin via XMODEM (Control-A S in minicom) << + +At last, turn on the DSW 3-4 on the board, and reboot. +Note that if DSW 3-4 is turned off, the DeveloperBox will boot from +the original EDK2 firmware (or non-FWU U-Boot if you already installed.) diff --git a/include/configs/synquacer.h b/include/configs/synquacer.h index 8f44c6f66a..cd7359c2f8 100644 --- a/include/configs/synquacer.h +++ b/include/configs/synquacer.h @@ -40,19 +40,29 @@ /* Since U-Boot 64bit PCIe support is limited, disable 64bit MMIO support */ +#ifdef CONFIG_FWU_MULTI_BANK_UPDATE +#define DEFAULT_DFU_ALT_INFO +#else #define DEFAULT_DFU_ALT_INFO "dfu_alt_info=" \ "mtd nor1=u-boot.bin raw 200000 100000;" \ "fip.bin raw 180000 78000;" \ "optee.bin raw 500000 100000\0" +#endif /* GUIDs for capsule updatable firmware images */ #define DEVELOPERBOX_UBOOT_IMAGE_GUID \ EFI_GUID(0x53a92e83, 0x4ef4, 0x473a, 0x8b, 0x0d, \ 0xb5, 0xd8, 0xc7, 0xb2, 0xd6, 0x00) +#ifdef CONFIG_FWU_MULTI_BANK_UPDATE +#define DEVELOPERBOX_FIP_IMAGE_GUID \ + EFI_GUID(0x7d6dc310, 0x52ca, 0x43b8, 0xb7, 0xb9, \ + 0xf9, 0xd6, 0xc5, 0x01, 0xd1, 0x08) +#else #define DEVELOPERBOX_FIP_IMAGE_GUID \ EFI_GUID(0x880866e9, 0x84ba, 0x4793, 0xa9, 0x08, \ 0x33, 0xe0, 0xb9, 0x16, 0xf3, 0x98) +#endif #define DEVELOPERBOX_OPTEE_IMAGE_GUID \ EFI_GUID(0xc1b629f1, 0xce0e, 0x4894, 0x82, 0xbf, \