Zynq UltraScale+ MPSoC Non-Secure Boot

Table of Contents

1.0 Zynq UltraScale+ MPSoC boot in Non Secure Boot


This page provides the instructions to create images and boot the Zynq UltraScale+ MPSoc in Non-Secure method.
This page addresses the procedures based on the following
1. ZCU102 hardware platform
2. QEMU simulation platform

1.1 ZCU102 Hardware platform

This section provides the image creation and flashing procedures in Non Secure mode for ZCU102 hardware platform

1. Generation of images using PetaLinux environment.
2. Programming QSPI flash from U-Boot and verify the QSPI boot.
3. Programming QSPI flash from Linux and verify the QSPI boot.
4. Programming the SD Card from Linux and verify the SD boot.
5. Booting Linux from U-Boot using TFTP.

1.1.1 Generate images using PetaLinux environment


Follow the steps below to create boot images using Petalinux on Host Linux PC

1. Set the Petalinux environment using the following command based on shell or cshell prompt
or
2. Set the SDK environment for the bootgen utility using the following command based on shell or cshell prompt
or
3.Create the project using Petalinux utils as follows
4.Configure the petalinux as follows

Figure 1: Configure the Ethernet settings as static

Figure 2: Configure the qspi partition information.


Figure 3: Set the QSPI partitions


Figure 4: Uncheck the tftp boot from Image package Configuration.


5. Modify the QSPI partitions information in device tree file system-conf.dtsi as follows

5. Build the images using Petalinux utils as follows
Note: This will take a few minutes to build the FSBL, u-boot, ATF, Linux kernel, ramdisk and device tree images.
Tested images are in file

1.1.2 Programming the QSPI flash from U-Boot and verify the QSPI boot.

1. Refer to the section Generate Boot Images using Petalinux
2. Create the boota53_sd.bif for making the SD images as follows
3. Create the boot.bin for SD Card using the following commands
4. Create the "boota53_qspi.bif" for making the QSPI images as follows
5. Create the boot_qspi.bin for QSPI using the following commands
6. Copy the SD images(boot.bin) and QSPI image(boot_qspi.bin) into SD card.
7. Connect the board as per the following figure with SW6 as follows for SD card
Figure 5: SD Boot mode Switch settings

8. Connect the Serial Cable to the board and Open the serial terminal connected on COM interface0 with settings as below figure
Figure 6: Serial console settings
9. Power on the board, user can see the log on the serial terminal stops at u-boot prompt
10. Copy the boot_qspi.bin from SD card into QSPI using the following commands
11. Restart the board by keeping the boot mode in QSPI with SW6 as per the following figure
Figure 7: QSPI Boot mode switch settings
12. User should see the Hello World A53_0 message on the serial terminal.

1.1.3 Programming the QSPI flash from Linux and verify the QSPI boot.


1. Refer to the section Generate Boot Images using Petalinux.

2. Create the "boota53_sd.bif" with the following contents:
$cat boot_sd.bif

3. Create the boot.bin for SD Card using the following commands

4. Copy the images(boot.bin, image.ub, Image and system.dtb) into SD card.

5. Insert the SD-MMC memory card on the ZCU102 board. Refer to Figure 5 For SD boot mode switch settings

6. Connect the Serial Cable to the board and Open the serial terminal connected on COM interface0. Refer to the Figure 6.

7. Power on the board. User can see the log on the serial terminal .

8. Once the Linux boots up , login ID prompts, provide login details as follows
ID : "root"
password : "root"

9. Mount the SD card using the following commands

10. Copy the images from SD card to QSPI MTD partition as per the MTD partitions on the board
$cat /proc/mtd

Now , copy the images from the SD to corresponding partitions.

11. Restart the board by keeping the boot mode in QSPI. Refer to the Figure 7

12. Stop at u-boot prompt
13. Booting from QSPI, following commands should run manually on u-boot prompt.
14. Linux should boot from QSPI flash.

1.1.4 Programming the SD Card from Linux and verify the SD boot


1. Refer to the section Generate Boot Images using PetaLinux

2. Assuming that the QSPI is already flashed using the QSPI flashing from Linux Procedure. Refer to Figure 7 for QSPI boot mode.

3. Connect the Serial Cable to the board and Open the serial terminal connected on COM interface0 with settings. Refer to Figure 6.

4. Power on the board with QSPI mode. User can see the log on the serial terminal

5. Once the Linux boots up and login ID prompts, provide the login details as below.
ID : "root"
password :"root"


6. Mount the SD card using the following commands

7. Copy the image from QSPI MTD partition to SD Card. To know which corresponds to QSPI partition, use
$cat /proc/mtd

8. Restart the board by keeping the boot mode in SD. Refer to Figure 5 for SD boot mode.

9. User should see the Linux booting on the serial terminal using SD card.

1.1.5 Booting Linux From U-Boot Using TFTP


Procedure to be followed on the Host PC

1. Download TFTP server application from Cnet .
2. Install the application
3. Set the current directory path to the folder in which images are generated.
4. Configure the client ip address in tftp server.

Procedure to be followed on ZCU102 Target board

1.Refer to the section Generate Boot Images using Petalinux
2.Create the "boota53_sd.bif" with the following contents:
$cat boota53_sd.bif
3. Create the boot.bin for SD Card using the following commands
4.Copy the SD images(boot.bin, Image and system.dtb) into SD card.

5. Connect the board for SD boot mode. Refer to Figure 5.

6. Connect the board and the host PC with a Ethernet Cable.

7. Connect the Serial Cable to the board. Refer to Figure 6 for console settings

8. Power on the board. User can see the log on the serial terminal which stops at u-boot prompt

9. Set the environment to setup the server and client ip address on u-boot prompt
10.Set the tftp block size to 512

11. Run a ping test to check if the connection is properly set.
ping <serverip>
If ping test works in U-boot, user should see the following log being displayed on the console

12. Run the following commands to download the kernel and the device tree images.

13. Run the boot command

14.Kernel will boot and come to the linux prompt

1.2 QEMU Prodecures


The below section describes booting of QEMU in Non-Secure mode using the following boot devices:
- QSPI24
- NAND
- SD

1.2.1 QSPI24 Non-Secure Boot


1. Set the Petalinux environment using the following command
$source <Petalinux installation path>/settings.sh

2. Create a bif file “QSPI_R5_0.bif” with the following contents:
$cat QSPI_R5_0.bif

3. Run the bootgen tool to generate the bin file
$ bootgen -r -w –image ./QSPI_R5_0.bif -o Boot.bin

4. Create the QEMU QSPI single mode boot image
$ dd if=/dev/zero of=qemu_qspi_R5_0.bin bs=32M count=1
$ dd if=Boot.bin of=qemu_qspi_R5_0.bin bs=1 seek=0 conv=notrunc

5. Now the QEMU QSPI single mode boot image qemu_qspi_R5_0.bin can be used for the execution on QEMU

6. Execute the application on R5 core-0 using the following command
$ qemu-system-aarch64 -nographic -M arm-generic-fdt -dtb ./xilinx-zynqmp-arm.dtb -device loader,file=R5_FSBL.elf,cpu=4 -device loader,addr=0xff5e023c,
data=0x80008fde,data-len=4 -device loader,addr=0xff9a0000,data=0x80000218,data-len=4 -mtdblock qemu_qspi_R5.bin -boot mode=1

1.2.2 NAND Non-Secure Boot


1. Set the Petalinux environment using the following command
$source <Petalinux installation path>/settings.sh

2. Create a bif file “NAND.bif” with the following contents:
$cat NAND.bif
3. Run the bootgen tool to generate the bin file
$ bootgen -r -w –image ./NAND.bif -o Boot.bin

4. Create the NAND boot image
$ dd if=/dev/zero of=nand.bin bs=1G count=4
$ dd if=Boot.bin of=nand.bin bs=1 seek=0 conv=notrunc
5. Execute the qemu-nand-creator to convert the binary file to NAND image
$ qemu-nand-creator 16384 < nand.bin > qemu_nand.bin
6. Now the QEMU NAND mode boot image qemu_nand.bin can be used for the execution on QEMU

7. Execute the application on A53 core-0 using the following command
$ qemu-system-aarch64 -nographic -M arm-generic-fdt -hw-dtb xilinx-zynqmp-arm.dtb -device loader,file=./fsbl_a530.elf,cpu=0 -device loader,addr=0xfd1a0104,
data=0x8000000e,data-len=4 -pflash qemu_nand.bin -boot mode=4

1.2.3 SD Non-Secure Boot

1. Set the Petalinux environment using the following command
$source <Petalinux installation path>/settings.sh

2. Create a bif file “SD.bif” with the following contents:
$ cat SD.bif
3. Run the bootgen tool to generate the bin file
$ bootgen -r -w -image SD.bif -o Boot.bin

4. Create the QEMU SD boot image
$ dd if=/dev/zero of=qemu_sd.img bs=128M count=1
$ mkfs.vfat -F 32 qemu_sd.img
$ mcopy -i qemu_sd.img Boot.bin ::/

5. Now the QEMU SD mode boot image qemu_sd.img can be used for the execution on QEMU

6. Execute the application on R5 core-0 using the following command
$ qemu-system-aarch64 -nographic -M arm-generic-fdt -dtb ./
xilinx-zynqmp-arm.dtb
-device loader,file=ron_a53_fsbl.elf,cpu=0 -device loader,addr=0xfd1a0104,
data=0x8000000e,data-len=4 -sd qemu_sd.img -boot mode=5

Related Links

Zynq UltraScale+ MPSoC Secure Boot
Zynq Ultrascale+ MPSoC Multiboot and Fallback