1Corstone SSE-315 with Ethos-U65 Example Subsystem for Ecosystem FVP 2=================================================================== 3 4Introduction 5------------ 6 7Corstone-315 is an Arm reference subsystem for secure System on Chips containing 8an Armv8.1-M Cortex-M85 processor and LCM, KMU and SAM IPs. and an 9Ethos-U65 neural network processor. It is an MPS4 based platform. 10 11This platform port supports all TF-M regression tests (Secure and Non-secure) 12with Isolation Level 1 and 2. 13 14.. note:: 15 16 For Ethos-U65 IP this platform support only provides base address, 17 interrupt number and an example NPU setup as non-secure, unprivileged. 18 19.. note:: 20 21 For Armclang compiler v6.18 or later version is required. 22 23Building TF-M 24------------- 25 26Follow the instructions in :doc:`Building instructions </building/tfm_build_instruction>`. 27^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 28 29Build instructions with platform name: arm/mps4/corstone315 30^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 31``-DTFM_PLATFORM=arm/mps4/corstone315`` 32 33.. note:: 34 35 The built binaries can be run on the Corstone-315 Ethos-U65 Ecosystem FVP 36 (FVP_Corstone_SSE-315). 37 38.. note:: 39 40 If ``-DTFM_DUMMY_PROVISIONING=ON`` then the keys in the 41 ``tf-M/platform/ext/target/arm/mps4/corstone315/provisioning/bundle_cm/cm_provisioning_config.cmake``, 42 ``tf-M/platform/ext/target/arm/mps4/corstone315/provisioning/bundle_dm/dm_provisioning_config.cmake`` and 43 default MCUBoot signing and encryption keys will be used for provisioning. 44 45 If ``-DTFM_DUMMY_PROVISIONING=OFF`` is set then unique values can be used for provisioning. The keys 46 and seeds can be changed by passing the new values to the build command, or by setting the 47 ``-DDM_PROVISIONING_KEYS_CONFIG`` and ``-DCM_PROVISIONING_KEYS_CONFIG` flag to the .cmake files 48 which contain the keys. An example config cmake file can be seen at 49 ``tf-m/platform/ext/target/arm/mps4/corstone315/provisioning/bundle_cm/cm_provisioning_config.cmake`` 50 and ``tf-m/platform/ext/target/arm/mps4/corstone315/provisioning/bundle_dm/dm_provisioning_config.cmake``. 51 Otherwise new random values are going to be generated and used (or default values in some cases). For the image signing 52 the ${MCUBOOT_KEY_S} and ${MCUBOOT_KEY_NS} will be used. These variables should point to 53 .pem files that contain the code signing private keys. The public keys are going to be generated 54 from these private keys and will be used for provisioning. The hash of the public key is going to 55 be written into the ``provisioning_data.c`` automatically. For the BL2 image encryption the 56 ``TFM_BL2_ENCRYPTION_KEY_PATH`` has to be set to a .bin file which contains the encryption key. 57 (For an example, see ``tf-m/bl1/bl1_2/bl2_dummy_encryption_key.bin``) 58 59 If ``-DMCUBOOT_GENERATE_SIGNING_KEYPAIR=ON`` is set then a new MCUBoot signing public and private 60 keypair is going to be generated and it's going to be used to sign the S and NS binaries. 61 62 63 The new generated keypair can be found in the ``<build dir>/bin`` folder or in the 64 ``<install directory>/image_signing/keys`` after installation. 65 The generated provisioning_data.c file can be found at 66 ``<build directory>/platform/target/provisioning/provisioning_data.c`` 67 68.. note:: 69 70 The provisioning bundle generation depends on pyelftools that's have to be installed:: 71 72 pip3 install pyelftools 73 74 75To run the example code on Corstone-315 Ethos-U65 Ecosystem FVP 76--------------------------------------------------------------- 77FVP is available to download `here <https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps>`__ 78 79#. Install the FVP 80#. Copy ``bl1_1.bin``, ``cm_provisioning_bundle.bin``, ``dm_provisioning_bundle.bin``, 81 ``bl2_signed.bin`` and ``tfm_s_ns_signed.bin`` files from 82 build dir to ``<FVP installation path>/models/Linux64_GCC-6.4/`` 83#. Navigate to the same directory and execute the following command to start FVP:: 84 85 $ ./FVP_Corstone_SSE-315 --data "bl1_1.bin"@0x11000000 86 --data "cm_provisioning_bundle.bin"@0x12024000 87 --data "dm_provisioning_bundle.bin"@0x1202aa00 88 --data "bl2_signed.bin"@0x12031400 89 --data "tfm_s_ns_signed.bin"@0x38000000 90 91 92#. After completing the procedure you should be able to see similar messages 93 to this on the serial port (baud 115200 8n1):: 94 95 Trying 127.0.0.1... 96 Connected to localhost. 97 Escape character is '^]'. 98 [INF] Starting TF-M BL1_1 99 [INF] Beginning provisioning 100 [INF] TP mode set complete, system will now reset. 101 [INF] Starting TF-M BL1_1 102 [INF] Beginning provisioning 103 [INF] Waiting for CM provisioning bundle 104 [INF] Enabling secure provisioning mode, system will now reset. 105 [INF] Starting TF-M BL1_1 106 [INF] Beginning provisioning 107 [INF] Waiting for CM provisioning bundle 108 [INF] Running CM provisioning bundle 109 [INF] Starting TF-M BL1_1 110 [INF] Beginning provisioning 111 [INF] Waiting for DM provisioning bundle 112 [INF] Enabling secure provisioning mode, system will now reset. 113 [INF] Starting TF-M BL1_1 114 [INF] Beginning provisioning 115 [INF] Waiting for DM provisioning bundle 116 [INF] Running DM provisioning bundle 117 [INF] Starting TF-M BL1_1 118 [INF] Jumping to BL1_2 119 [INF] starting TF-M bl1_2 120 [INF] Attempting to boot image 0 121 [INF] BL2 image decrypted successfully 122 [INF] BL2 image validated successfully 123 [INF] Jumping to BL2 124 [INF] Starting bootloader 125 [INF] Image index: 1, Swap type: none 126 [INF] Image index: 0, Swap type: none 127 [INF] Bootloader chainload address offset: 0x0 128 [INF] Jumping to the first image slot 129 Booting TF-M v2.0.0+d09934721 130 Non-Secure system starting... 131 132.. note:: 133 134 Some of the messages above are only visible when ``CMAKE_BUILD_TYPE`` is set 135 to ``Debug``. 136 137------------- 138 139*Copyright (c) 2024, Arm Limited. All rights reserved.* 140
