1Corstone SSE-310 with Ethos-U55 Example Subsystem for Arm Virtual Hardware, and for MPS3 (AN555) 2================================================================================================ 3 4Introduction 5------------ 6 7Corstone-310 (formerly Corstone-Polaris) is an Arm reference subsystem for 8secure System on Chips containing an Armv8.1-M Cortex-M85 processor and an 9Ethos-U55 neural network processor. It is an MPS3 based platform with the 10usual MPS3 peripherals. 11 12This platform port supports all TF-M regression tests (Secure and Non-secure) 13with Isolation Level 1 and 2. 14 15.. note:: 16 17 This platform support does not provide software for Ethos-U55 IP, only 18 contains base address and interrupt number for it. 19 20.. note:: 21 22 For Armclang compiler v6.18 or later version is required. 23 24Building TF-M 25------------- 26 27Follow the instructions in :doc:`Building instructions </building/tfm_build_instruction>`. 28 29For Corstone-310 Ethos-U55 Arm Virtual Hardware use the following platform name: 30 31``-DTFM_PLATFORM=arm/mps3/corstone310/fvp`` 32 33.. note:: 34 35 The built binaries can be run on the Corstone-310 Arm Virtual Hardware 36 (VHT_Corstone_SSE-310). At least VHT version 11.17 is required. 37 38For AN555 use the following platform name: 39 40``-DTFM_PLATFORM=arm/mps3/corstone310/an555`` 41 42To run the example code on Corstone-310 Ethos-U55 Arm Virtual Hardware 43---------------------------------------------------------------------- 44 45To utilize the `Arm Virtual Hardware (AVH) <https://arm-software.github.io/AVH/main/simulation/html/Using.html>`_, you will need to create an `AWS Account <https://aws.amazon.com/>`_ if you don’t already have one. 46 47Launching the instance in EC2 `(AWS on getting started) <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html>`_ 481. Go to `EC2 <https://console.aws.amazon.com/ec2/v2/>`_ in the AWS Web Console. 492. Select **Launch Instances** which will take you to a wizard for launching the instance. 50 51 1. **Choose an Amazon Machine Image** `(AMI) <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html>`_ In the Search box, type `Arm Virtual Hardware` then find the item called "Arm Virtual Hardware" that is by Arm, and press Select for that item. 52 This will raise a subscription page/pop-up titled, **Arm Virtual Hardware**. You will note that the subscription is free from Arm, but AWS does charge for the costs of the instances themselves according to the pricing chart provided. 53 54 You must select Continue if you want to move forward. 55 56 2. **Choose an Instance Type** - Select one of the instance types from the list. Keep in mind that there are charges that accrue while the instance is running. 57 From here you may select **Review and Launch** to move directly to the launch page or select **Next: Configure Instance Details** if you need to set any custom settings for this instance. 58 59 60Once you complete the wizard by initiating the instance launch you will see a page that allows you to navigate directly to the new instance. You may click this link or go back to your list of instances and find the instance through that method. 61 62Whichever way you choose find your new instance and select its instance ID to open the page to manage the instance. 63 64Connecting to the instance: 65 1. Select **Connect** to open an SSH terminal session to the instance in your browser. 66 2. Ensure the **User name** field is set to `ubuntu`. 67 3. Select the **Connect** button to open the session. This will put you in a browser window where you will have an SSH terminal window ready for your input. 68 69The TF-M can be cloned and built in the instance after connecting. 70To run the built binaries: 71 72#. Execute the following command to start VHT:: 73 74 $ VHT_Corstone_SSE-310 -a cpu0*="<path-to-build-directory>/bl2.axf" --data "<path-to-build-directory>/tfm_s_ns_signed.bin"@0x01020000 75 76#. The serial port's output can be redirected to a file with:: 77 78 $ VHT_Corstone_SSE-310 -a cpu0*="<path-to-build-directory>/bl2.axf" --data "<path-to-build-directory>/tfm_s_ns_signed.bin"@0x01020000 -C mps3_board.uart0.unbuffered_output=1 -C mps3_board.uart0.out_file="output.log" 79 80 The output should contain the following messages:: 81 82 Trying 127.0.0.1... 83 Connected to localhost. 84 Escape character is '^]'. 85 [INF] Starting bootloader 86 [INF] Beginning BL2 provisioning 87 [INF] Swap type: none 88 [INF] Swap type: none 89 [INF] Bootloader chainload address offset: 0x40000 90 [INF] Jumping to the first image slot 91 [INF] Beginning TF-M provisioning 92 [Sec Thread] Secure image initializing! 93 TF-M isolation level is:0x00000001 94 Booting TF-M v1.6.0 95 Creating an empty ITS flash layout. 96 Creating an empty PS flash layout. 97 Non-Secure system starting... 98 99 100.. note:: 101 102 Some of the messages above are only visible when ``CMAKE_BUILD_TYPE`` is set 103 to ``Debug``. 104 105To run the example code on AN555 106-------------------------------- 107FPGA image is available for download from `here <https://developer.arm.com/downloads/view/AN555>`__ 108 109If the link above is not working just go to `Arm PDH <https://developer.arm.com/downloads>`__ and search for AN555. 110 111To run BL2 bootloader, TF-M example application and tests in the MPS3 board, 112it is required to have AN555 image in the MPS3 board SD card. The image should 113be located in ``<MPS3 device name>/MB/HBI<BoardNumberBoardrevision>/AN555`` 114 115The MPS3 board tested is HBI0309C. 116 117#. Execute the following command to create the tfm.bin binary 118 which fills the entire available space on the MPS3 onboard QSPI. 119 This way the whole flash content (PS, ITS, OTP, NV counters) is in a known state. 120 (If anything left in the QSPI, this binary will overwrite it.) 121 Also, MPS3 can only handle SFN 8.3 format, so the binary name must be shortened.:: 122 123 $ cd <build dir>/bin 124 $ cp tfm_s_ns_signed.bin tfm.bin 125 $ truncate -s 8M tfm.bin 126 127#. Copy ``bl2.bin`` and ``tfm.bin`` files from 128 build dir to ``<MPS3 device name>/SOFTWARE/`` 129#. Open ``<MPS3 device name>/MB/HBI0309C/AN555/images.txt`` 130#. Update the ``images.txt`` file as follows:: 131 132 [IMAGES] 133 TOTALIMAGES: 2 134 135 IMAGE0ADDRESS: 0x01_00_1100_0000 136 IMAGE0UPDATE: RAM 137 IMAGE0FILE: \SOFTWARE\bl2.bin 138 139 IMAGE1ADDRESS: 0x01_00_0000_0000 140 IMAGE1UPDATE: FORCEQSPI 141 IMAGE1FILE: \SOFTWARE\tfm.bin 142 143#. Close ``<MPS3 device name>/MB/HBI0309C/AN555/images.txt`` 144#. Unmount/eject the ``<MPS3 device name>`` unit 145#. Reset the board to execute the TF-M example application 146#. After completing the procedure you should be able to see similar messages 147 to this on the serial port (baud 115200 8n1):: 148 149 [INF] Starting bootloader 150 [INF] Beginning BL2 provisioning 151 [WRN] TFM_DUMMY_PROVISIONING is not suitable for production! This device is NOT SECURE 152 [INF] Swap type: none 153 [INF] Swap type: none 154 [INF] Bootloader chainload address offset: 0x0 155 [INF] Jumping to the first image slot 156 [INF] Beginning TF-M provisioning 157 [WRN] TFM_DUMMY_PROVISIONING is not suitable for production! This device is NOT SECURE 158 [Sec Thread] Secure image initializing! 159 TF-M isolation level is: 0x00000002 160 Booting TF-M <TF-M version and git hash> 161 Creating an empty ITS flash layout. 162 Creating an empty PS flash layout. 163 [INF][Crypto] Provisioning entropy seed... complete. 164 Non-Secure system starting... 165 166.. note:: 167 168 Some of the messages above are only visible when ``CMAKE_BUILD_TYPE`` is set 169 to ``Debug``. 170 171-------------- 172 173*Copyright (c) 2021-2023, Arm Limited. All rights reserved.* 174
