You are currently reviewing an older revision of this page.
Hafnium is a reference Secure Partition Manager (SPM) for systems that implement the Armv8.4-A Secure-EL2 extension. It enables multiple, isolated Secure Partitions (SPs) to run at Secure-EL1.
The Total Compute software stack also includes the BL32 (SPM), which is implemented as a Hafnium software component. You can find the introduction information at Total Compute Platform Software Components.
The following figure shows the software stack of the TC platform:
The TC software stack can support both the buildroot and Android file systems, because the hafnium is part of fimrware. This guide uess the buildroot file system as an example.
Perform the following steps to build the whole software stack. Consider the buildroot file system as an example. For more information about seting up workspace, see the Total Compute (TC) User Guide.
./run_docker.sh ./build-all.sh build
./run-scripts/tc2/run_model.sh -m <model binary path> -d buildroot
The boot flow of AP firmware is as follows:
BL1 --> BL2 --> BL1 --> BL31 --> BL32(SPM) --> BL31 --> BL33
diff --git a/build/BUILD.gn b/build/BUILD.gn index 1baac1ba..80b9f44d 100644 --- a/build/BUILD.gn +++ b/build/BUILD.gn @@ -20,6 +20,7 @@ config("compiler_defaults") { "-fstack-protector-all", ] + asmflags = ["-g"] cflags_c = [ "-std=c11" ] cflags_cc = [ "-std=c++2a" ]
The build scirpt build-scripts/build-hafnium.sh can be used to build the Hafnium seperately, but the hafnium.bin image is added into the FIP package. Therefore, when you modify and build the source code of hafnium, you must re-package again. The steps can be as follows: build-scripts/run_docker.sh build-scripts/build-hafnium.sh build build-scripts/run_docker.sh build-scripts/build-hafnium.sh deploy build-scripts/run_docker.sh build-scripts/build-tfa.sh build build-scripts/run_docker.sh build-scripts/build-tfa.sh deploy build-scripts/run_docker.sh build-scripts/build-flash-image.sh build build-scripts/run_docker.sh build-scripts/build-flash-image.sh deploy
build-scripts/build-hafnium.sh
hafnium.bin
build-scripts/run_docker.sh build-scripts/build-hafnium.sh build build-scripts/run_docker.sh build-scripts/build-hafnium.sh deploy build-scripts/run_docker.sh build-scripts/build-tfa.sh build build-scripts/run_docker.sh build-scripts/build-tfa.sh deploy build-scripts/run_docker.sh build-scripts/build-flash-image.sh build build-scripts/run_docker.sh build-scripts/build-flash-image.sh deploy
From the ARM DS Debug control pannel, navigate to:Debug Congtrol--> New Debug Connection... -->Choose "Model Connection --> Debug connection name, such as "TC22-Hafnium-debug" -> Next --> Target Selection --> Add a new model ...
Then, "Select Model Interface(Iris)" --> Next--> choose "Launch and connect to specific model" --> Next --> Browse the Model Path to select the downloaded file path of “TC22 model” --> Finish
At last, the model is imported as below:
-C board.flashloader0.fname=/data/jetzho01/tc22-2023.04.21/build-scripts/output/deploy/tc2/fip_gpt-tc.bin -C css.rss.rom.raw_image=/data/jetzho01/tc22-2023.04.21/build-scripts/output/deploy/tc2/rss_rom.bin -C css.scp.c0_pik.rvbaraddr_lw=0x1000 -C css.scp.c0_pik.rvbaraddr_up=0x0000 -C css.rss.VMADDRWIDTH=23 -C css.rss.CMU0_NUM_DB_CH=16 -C displayController=2 -C board.smsc_91c111.enabled=1 -C board.hostbridge.userNetworking=1 -C board.hostbridge.userNetPorts="5555=5555,8080=80,8022=22" --data board.dram=/data/jetzho01/tc22-2023.04.21/build-scripts/output/deploy/tc2/tc-fitImage.bin@0x20000000
On the window that opens, navigate to the "Debugger" tab, tick "Connect only", tick "Execute debugger commands", and copy-paste the following into the text box to automatically load all symbols into the correct virtual address space each time you connect to the model:
add-symbol-file "<workspace>/build-scripts/output/tmp_build/tfa/build/tc/debug/bl1/bl1.elf" EL3:0x0add-symbol-file "<workspace>/build-scripts/output/tmp_build/tfa/build/tc/debug/bl2/bl2.elf" EL1S:0x0add-symbol-file "<workspace>/build-scripts/output/tmp_build/tfa/build/tc/debug/bl31/bl31.elf" EL3:0x0add-symbol-file "<workspace>/build-scripts/output/tmp_build/hafnium/secure_tc_clang/hafnium.elf" EL2S:0x0
Replacing <workspace> with the path to your workspace directory.
<workspace>
The EL and number at the end of each command (e.g. `EL2S:0') ensure the symbols are loaded into the correct virtual address space and at the correct memory offset, for software uses absolute addresses for its symbols so we ensure an offset of 0.
`EL2S:0'
Click "Apply" and then "Debug" to connect to the paused model. You can now step through the Hafnium code or set a breakpoint on the symbol corresponding to the functionality that you are interested.
.section .init.entry, "ax" .global entry entry: /* Linux aarch64 image header. */ b 0f .word 0 .quad 0x1000 /* text_offset */ .quad image_size /* image_size */ .quad 0 /* flags */ .quad 0 /* res2 */ .quad 0 /* res3 */ .quad 0 /* res4 */ .word 0x644d5241 /* magic */ .word 0 /* * Calculate the difference between the actual load address and the * preferred one. We'll use this to relocate. */ 0: adrp x25, entry add x25, x25, :lo12:entry