readme.rst
1#############
2Corstone-1000
3#############
4
5************
6Introduction
7************
8
9The ARM's Corstone-1000 platform is a reference implementation of PSA FF-M
10architecture where NSPE and SPE environments are partitioned/isolated into
11Cortex-A35 and Cortex-M0+ respectively.
12
13Cortex-M0+ acting as Secure Enclave is the Root-of-trust of SoC. Its
14software comprises of two boot loading stages, i.e. Bl1 and Bl2 (based on
15mcuboot) and TF-M as run time software. Cortex-A35, also referred as host,
16is treated as non-secure from the Secure Enclave perspective.
17The Cortex-A35 is brought out of rest by Secure Enclave in aarch64 bit mode,
18and boots the software ecosystem based on linux, u-boot, UEFI run time
19services, TF-A, Secure Partitions and Optee.
20
21The communication between NSPE and SPE is based on PSA IPC protocol running on
22top of FF-A/OpenAMP.
23
24.. toctree::
25 :maxdepth: 1
26 :glob:
27
28 openamp/**
29
30The secure enclave subsystem has ARM's CC-312 (Crypto Cell) hardware to
31accelerate cryptographic operations. Additionaly, platform supports Secure Debug
32using SDC-600 as the communication interface between host debugger and platform
33target. The platform has the build option to enable secure debug protocol to
34unlock debug ports during boot time. The protocol is based on ARM's ADAC
35(Authenticated Debug Access Control) standard.
36
37
38***********
39System boot
40***********
41
42- The SoC reset brings Secure Enclave (SE), that is Cortex-M0+, out of rest.
43- SE executes the BL1 ROM code based on mcuboot.
44- BL1 load, verifies and transfer execution to BL2 which is again based on mcuboot.
45- BL2 loads and verifies TF-M and host's initial boot loader image.
46- BL2 transfer the execution to the TF-M.
47- During TF-M initialization, the host is taken out of rest.
48- Hashes of the keys used for image verification are stored in the OTP memory.
49
50*****
51Build
52*****
53
54Platform solution
55=================
56
57The platform binaries are build using Yocto. Below is the user guide:
58
59`Arm Corstone-1000 User Guide`_
60
61Secure Test
62===========
63
64This section can be used to test the secure enclave software indedendently from
65the host. The below configuration builds the secure enclave binaries with CI test
66frame integrated. On boot, secure enclave softwares stack is brought up, and
67CI tests starts executing at the end of the initialization process. In the
68below configuration, host software support is disabled, and meant only
69to test/verify the secure enclave softwares.
70
71FVP
72---
73
74- Download Corstone-1000 FVP from : `Arm Ecosystem FVPs`_
75- Install FVP by running the shell script.
76- Running of the binary will boot secure enclave software stack and at the end all CI test
77 from tf-m-test along with platform specific tests are executed.
78
79.. code-block:: bash
80
81 cmake -B build/ -S <tf-m-root>/ -DCMAKE_BUILD_TYPE=Debug -DTFM_TOOLCHAIN_FILE=<tf-m-root>/toolchain_GNUARM.cmake -DTFM_PLATFORM=arm/corstone1000 -DPLATFORM_IS_FVP=TRUE -DTEST_NS=OFF -DTEST_S=ON -DEXTRA_S_TEST_SUITE_PATH=<tf-m-root>/trusted-firmware-m/platform/ext/target/arm/corstone1000/ci_regression_tests/
82 cmake --build build -- install
83 cd ./build/install/outputs/
84 cat bl2_signed.bin bl2_signed.bin tfm_s_signed.bin > cs1000.bin
85 cd <path-to-FVP-installation>/models/Linux64_GCC-9.3/
86 ./FVP_Corstone-1000 -C board.flashloader0.fname="none" -C se.trustedBootROMloader.fname="./<path-to-build-dir>/install/outputs/bl1.bin" -C board.xnvm_size=64 -C se.trustedSRAM_config=6 -C se.BootROM_config="3" -C board.smsc_91c111.enabled=0 -C board.hostbridge.userNetworking=true --data board.flash0=./<path-to-build-dir>/install/outputs/cs1000.bin@0x68100000 -C diagnostics=4 -C disable_visualisation=true -C board.se_flash_size=8192 -C diagnostics=4 -C disable_visualisation=true
87
88FPGA
89----
90
91- Follow the above pointed platform user guide to setup the FPGA board.
92- Use the BL1 generated from the below commands to place it inside FPGA board SD Card.
93- Use the cs1000.bin created from the below commands to place it inside FPGA board SD Card.
94
95.. code-block:: bash
96
97 cmake -B build/ -S <tf-m-root>/ -DCMAKE_BUILD_TYPE=Debug -DTFM_TOOLCHAIN_FILE=<tf-m-root>/toolchain_GNUARM.cmake -DTFM_PLATFORM=arm/corstone1000 -DTEST_NS=OFF -DTEST_S=ON -DEXTRA_S_TEST_SUITE_PATH=<tf-m-root>/trusted-firmware-m/platform/ext/target/arm/corstone1000/ci_regression_tests/ -DTEST_S_PS=OFF -DTEST_S_PLATFORM=OFF
98 cmake --build build -- install
99 cd ./build/install/outputs/
100 cat bl2_signed.bin bl2_signed.bin tfm_s_signed.bin > cs1000.bin
101 cp bl1.bin <path-to-FPGA-SD-CARD>/SOFTWARE/
102 cp cs1000.bin <path-to-FPGA-SD-CARD>/SOFTWARE/
103
104FPGA build can not compile all the CI tests into a single build as it exceeds
105the available RAM size. So there is a need to select few tests but not all.
106The above configuration disable build of -DTEST_S_PS and -DTEST_S_PLATFORM.
107Other test configurations are:
108
109- -DTEST_S_ATTESTATION=ON/OFF
110- -DTEST_S_CRYPTO=ON/OFF
111- -DTEST_S_ITS=ON/OFF
112- -DTEST_S_PS=ON/OFF
113- -DTEST_S_PLATFORM=ON/OFF
114
115*Copyright (c) 2021-2022, Arm Limited. All rights reserved.*
116
117.. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
118.. _Arm Corstone-1000 User Guide: https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-docs/-/blob/CORSTONE1000-2022.04.19/docs/embedded-a/corstone1000/user-guide.rst
119