We are running a survey to help us improve the experience for all of our members. If you see the survey appear, please take the time to tell us about your experience if you can.
Hello, everyone.
Let me post a question regarding booting Linux on ARM FVP (with Cortex-A9 MPCore).
I'm setting up an experiment which uses TrustZone on ARM FVP. I'm not sure which
kernel to run in the secure world, but am sure to run Linux in Normal world.
I found linaro linux which can run on the ARM FVP. Following the instruction [*1],
it successfully runs on DS-5 FVP simulator, but I realized it cannot run in the
normal world. I mean, original DS-5 FVP is not enabling TrustZone, and resource
separation is enabled only when secure_memory parameter is set to true.
So, if I want to run linaro linux in the normal world, 2 problems arise.
(1) With secure_memory option, FVP memory map is changed. But, linaro linux
boots from UEFI (at address 0x00000000) which is loaded in the secure world.
So, I need to change the boot sequence to load the kernel in normal world
region. I'm planning to load the kernel from FLASH1 at 0x0C000000 in the
normal world.
(2) The original Linaro kernel uses UEFI for initial boot, but its source code
seems to be not available to the public.
Normal world region is basically (a) flashloader1 located at 0x0C000000, and
(2) 2GB DRAM at 0x80000000. So, I need to boot the kernel using tnly those resources.
What is in my mind is that, make boot loader that loads the kernel and ramdisk
from flashloader1 to DRAM region. And, jump to the kernel's entry address.
I'm using ATAG to pass the boot parameter. (For your information, command
line parameter is "console=ttyAMA0,115200n8 root=/dev/mmcblk0p2 rootwait ro
mem=1024M ip=dhcp" as in instructions in [*1])
I implemented those, and jumped to the kernel's entry point. However, it does
not boot the system as expected. It seems to be halting somewhere during boot
process, and keeping on jump to the same address. It does not give any message
on UART window, actually it even doesn't show UART window.
Does anyone have any suggestion or advice for that?
Possibly, could it be the case we have to initialize all the peripherals
(e.g. uart, LDC, timer and mmc) which is used by the kernel in advance?
My concern is linaro kernel is only bootable with UEFI support...
[*1] Linaro's ubuntu boot instruction (refer to RTSM tab).
https://releases.linaro.org/13.08/ubuntu/vexpress
[*2] ARM FVP's memory map info. As in Table3, secure_memory option changes memory map.
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0575g/Bbajihec.html
There are a few things it could be. I think the mostly likely is that your firmware hasn't enabled Non-secure access to something that the Kernel expects to be able to use. For example, enabling Non-secure access to the FPU (controlled via NSACR). Similarly, in the interrupt controller you need to have configured those interrupts the kernel needs to use as Non-secure (GICD_IGROUPRn) or set the priority mask registers (GICC_PMR, banked per core).
Although it targets ARMv8-A (rather than ARMv7-A which the Cortex-A9 uses) you could take a look at the ARM Trusted Firmware:
https://github.com/ARM-software/arm-trusted-firmware
It's a reference firmware implementation that, amongst other things, performs the steps to allow an OS to run in Non-secure state. One of the target platforms in the free Foundation Model.
A little old, but the following knowledge article might also be useful:
Can I boot Linux in the Normal world on the Cortex-A8 EB RTSM?
Hi, Martin.
Thanks for useful information.
Trusted firmware looks nice project, but I'm particularly interested in ARMv7-A architecture.
So, I'm still looking for the solution.
For now, my thought is that, we need to initialize peripherals before kernel is booting
since following slides tells ARM Linux kernel assumes peripherals have been already
initialized. Linux Porting
I found some codes in u-boot which initializes Versatile Express peripherals.
So, I'm planning to use it for my purpose.
Thank you for your help again. And, I'll post the result after u-boot test is done.
And, yes. Interrupt controller is what we have to take care of.
But, for now, I'm still using secure world only FVP, and trying to boot the kernel
in the same memory layout as TrustZone enabled FVP.
After this is succeeded, I'll have to set up interrupt controllers in secure world, and switch
to normal world.
I'm now realizing that TrustZone setup is not so simple as it's is often mentioned in PPT slides. :-)