diff --git a/docs/totalcompute/readme.rst b/docs/totalcompute/readme.rst index 2164a427eccde48fb6c6cf48f1e3f980c96b31d1..26be5fa9b8c28b650b15e524a4db50f29a3a992a 100644 --- a/docs/totalcompute/readme.rst +++ b/docs/totalcompute/readme.rst @@ -7,6 +7,11 @@ Total Compute is an approach to moving beyond optimizing individual IP to take a Total Compute focuses on optimizing Performance, Security, and Developer Access across Arm’s IP, software, and tools. This means higher-performing, more immersive, and more secure experiences on devices coupled with an easier app and software development process. +TC2 release tags +================ + +`TC2-2022.08.12 `_ + TC1 release tags ================ diff --git a/docs/totalcompute/tc2/Debug_control_console.png b/docs/totalcompute/tc2/Debug_control_console.png new file mode 100644 index 0000000000000000000000000000000000000000..7098d6accd62b7a37a931b412f972a628ec3ba0b Binary files /dev/null and b/docs/totalcompute/tc2/Debug_control_console.png differ diff --git a/docs/totalcompute/tc2/Switch_Cores.png b/docs/totalcompute/tc2/Switch_Cores.png new file mode 100644 index 0000000000000000000000000000000000000000..d401e9157f83c309c8cd3415df53f5c6acff23a4 Binary files /dev/null and b/docs/totalcompute/tc2/Switch_Cores.png differ diff --git a/docs/totalcompute/tc2/change-log.rst b/docs/totalcompute/tc2/change-log.rst new file mode 100644 index 0000000000000000000000000000000000000000..6a6ffdf9235f8794fa47fe498772165e057b90b0 --- /dev/null +++ b/docs/totalcompute/tc2/change-log.rst @@ -0,0 +1,20 @@ +.. _docs/totalcompute/tc2/change-log: + +Change Log +========== + +.. contents:: + +This document contains a summary of the new features, changes and +fixes in each release of TC2 software stack. + +Version 2022.08.12 +------------------ + +Features added +~~~~~~~~~~~~~~ +- Hardware Root of Trust +- Updated Android to AOSP master +- Microdroid based pVM support in Android + +*Copyright (c) 2022, Arm Limited. All rights reserved.* diff --git a/docs/totalcompute/tc2/readme.rst b/docs/totalcompute/tc2/readme.rst new file mode 100644 index 0000000000000000000000000000000000000000..8d260215995f191241b7d9375dbf0283e7e3e58a --- /dev/null +++ b/docs/totalcompute/tc2/readme.rst @@ -0,0 +1,38 @@ +.. _docs/totalcompute/tc2/readme: + +.. section-numbering:: + :suffix: . + +Instructions: Obtaining Total Compute software deliverables +----------------------------------------------------------- + * To build the TC2 software stack please refer to :ref:`user-guide ` + * For the list of changes and features added please refer to :ref:`change-log ` + * For further details on the latest release and features please refer to :ref:`release_notes ` + +TC Software Stack Overview +-------------------------- + +The TC2 software consists of firmware, kernel and file system components that can run on the associated FVP. +Following are the Software components: + + #. SCP firmware – System initialization, Clock and Power control + #. AP firmware – Trusted Firmware-A (TF-A) + #. Secure Partition Manager + #. Secure Partitions + + * OP-TEE Trusted OS in Buildroot + * Trusted Services with Shim layer in Buildroot + * Trusty Trusted OS in Android + + #. U-Boot – loads and verifies the fitImage for buildroot boot, containing kernel and filesystem or boot Image for Android Verified Boot, containing kernel and ramdisk. + #. Kernel – supports the following hardware features + + * Message Handling Unit + * PAC/MTE/BTI features + + #. Android + + * Supports PAC/MTE/BTI features + +:ref:`Total Compute Platform Software Components ` + diff --git a/docs/totalcompute/tc2/release_notes.rst b/docs/totalcompute/tc2/release_notes.rst new file mode 100755 index 0000000000000000000000000000000000000000..448ca7e7b86c545099ad6627eeccd9fa707b6efb --- /dev/null +++ b/docs/totalcompute/tc2/release_notes.rst @@ -0,0 +1,81 @@ +.. _docs/totalcompute/tc2/release_notes: + +Release notes - 2022.08.12 +========================== + +.. contents:: + +Release tag +----------- +The manifest tag for this release is TC2-2022.08.12 + +Components +---------- +The following is a summary of the key software features of the release: + - BSP build supporting Android and Buildroot distro. + - Trusted firmware-A for secure boot. + - System control processor(SCP) firmware for programming the interconnect, doing power control etc. + - U-Boot bootloader. + - Hafnium for S-EL2 Secure Partition Manager core. + - OP-TEE for Trusted Execution Environment (TEE) in Buildroot. + - Trusted Services (Crypto and Internal Trusted Storage) in Buildroot. + - Trusty for Trusted Execution Environment (TEE) with FF-A messaging in Android. + +Hardware Features +----------------- + - Booker CI with Memory Tagging Unit(MTU) support driver in SCP firmware. + - GIC Clayton Initialization in Trusted Firmware-A. + - Mali-D71 DPU and virtual encoder support for display in Linux. + - MHUv2 Driver for SCP and AP communication. + - UARTs, Timers, Flash, PIK, Clock drivers. + - PL180 MMC. + - DynamIQ Shared Unit (DSU) with 8 cores. 4 Hunter + 4 Hayes cores configuration. + +Software Features +----------------- + - Buildroot distribution support. + - Android AOSP master support. + - Android Common Kernel 5.15 + - With Android AOSP master support, the KVM default mode of operation is set to ``protected``. This is a nVHE based mode with kernel running at EL1. + - Microdroid based pVM support in Android + - Trusted Firmware-A & Hafnium v2.7 + - OP-TEE 3.18.0 + - Trusty with FF-A messaging + - CI700-PMU enabled for profiling + - Support secure boot based on TBBR specification https://developer.arm.com/documentation/den0006/latest + - System Control Processor (SCP) firmware v2.10 + - Build system based on scripts + - U-Boot bootloader v2022.01 + - Power management features: cpufreq and cpuidle. + - SCMI (System Control and Management Interface) support. + - Verified u-boot for authenticating fit image (containing kernel + ramdisk) during Buildroot boot. + - Android Verified Boot (AVB) for authenticating boot and system image during Android boot. + - Software rendering on Android with DRM Hardware Composer offloading composition to Mali D71 DPU. + - Hafnium as Secure Partition Manager (SPM) at S-EL2. + - OP-TEE as Secure Partition at S-EL1, managed by S-EL2 SPMC (Hafnium) + - Arm FF-A driver and FF-A Transport support for OP-TEE driver in Android Common Kernel. + - OP-TEE Support in Buildroot distribution. This includes OP-TEE client and OP-TEE test suite. + - Trusted Services (Crypto and Internal Trusted Storage) running at S-EL0. + - Trusted Services test suite added to Buildroot distribution. + - Shim Layer at S-EL1 running on top of S-EL2 SPMC (Hafnium) used by Trusted Services running in S-EL0. + - Tracing - Added support for ETE and TRBE v1.0 in TF-A, kernel and simpleperf. Traces can be captured with simpleperf. However, to enable tracing, the libete plugin has to be loaded while executing the FVP with ``--plugin /libete-plugin.so`` + +Platform Support +---------------- + - This Software release is tested on TC2 Fast Model platform (FVP). + - Supported Fast model version for this release is 11.18.20 + +Known issues or Limitations +--------------------------- + #. At the U-Boot prompt press enter and type "boot" to continue booting else wait + for ~15 secs for boot to continue automatically. This is because of the time + difference in CPU frequency and FVP operating frequency. + + +Support +------- +For support email: support-arch@arm.com + +-------------- + +*Copyright (c) 2022, Arm Limited. All rights reserved.* diff --git a/docs/totalcompute/tc2/tc2_sw_stack.png b/docs/totalcompute/tc2/tc2_sw_stack.png new file mode 100644 index 0000000000000000000000000000000000000000..c8d686c7f91fd0442bcc8db58c3f108d60ad18b5 Binary files /dev/null and b/docs/totalcompute/tc2/tc2_sw_stack.png differ diff --git a/docs/totalcompute/tc2/tc2_sw_stack.rst b/docs/totalcompute/tc2/tc2_sw_stack.rst new file mode 100644 index 0000000000000000000000000000000000000000..27cfa6b03d92bb8857d87eafbf9c5b97a4c4a490 --- /dev/null +++ b/docs/totalcompute/tc2/tc2_sw_stack.rst @@ -0,0 +1,114 @@ +.. _docs/totalcompute/tc2/tc2_sw_stack: + +.. section-numbering:: + :suffix: . + +Total Compute Platform Software Components +========================================== + +.. figure:: tc2_sw_stack.png + :alt: Total Compute Software Stack + +Hardware Root of Trust is enabled in TC2. It bootstraps SCP and AP by loading the below images. + + #. SCP BL1 + #. AP BL1 + +SCP Firmware +------------ +The System Control Processor (SCP) is a compute unit of Total Compute and is responsible for low-level system management. The SCP is a Cortex-M3 processor with a set of dedicated peripherals and interfaces that you can extend. +SCP firmware supports: + + #. Powerup sequence and system start-up + #. Initial hardware configuration + #. Clock management + #. Servicing power state requests from the OS Power Management (OSPM) software + +SCP BL1 +........ +It performs the following functions: + + #. Sets up generic timer, UART console and clocks + #. Initializes the Coherent Interconnect + #. Powers ON primary AP CPU + #. Loads SCP Runtime Firmware + +SCP Runtime Firmware +.................... +SCP runtime code starts execution after TF-A BL2 has authenticated and copied it from flash. +It performs the following functions: + + #. Responds to SCMI messages via MHUv2 for CPU power control and DVFS + #. Power Domain management + #. Clock management + +Secure Software +--------------- +Secure software/firmware is a trusted software component that runs in the AP secure world. It mainly consists of AP firmware, Secure Partition Manager and Secure Partitions (OP-TEE, Trusted Services). + +AP firmware +........... +The AP firmware consists of the code that is required to boot Total Compute platform up the point where the OS execution starts. This firmware performs architecture and platform initialization. It also loads and initializes secure world images like Secure partition manager and Trusted OS. + +Trusted Firmware-A (TF-A) BL1 ++++++++++++++++++++++++++++++ +BL1 performs minimal architectural initialization (like exception vectors, CPU initialization) and Platform initialization. It loads the BL2 image and passes control to it. + +Trusted Firmware-A (TF-A) BL2 ++++++++++++++++++++++++++++++ +BL2 runs at S-EL1 and performs architectural initialization required for subsequent stages of TF-A and normal world software. It configures the TrustZone Controller and carves out memory region in DRAM for secure and non-secure use. BL2 loads below images: + + #. SCP BL2 image + #. EL3 Runtime Software (BL31 image) + #. Secure Partition Manager (BL32 image) + #. Non-Trusted firmware - U-boot (BL33 image) + #. Secure Partitions images (OP-TEE and Trusted Services) + +Trusted Firmware-A (TF-A) BL31 +++++++++++++++++++++++++++++++ +BL2 loads EL3 Runtime Software (BL31) and BL1 passes control to BL31 at EL3. In Total Compute BL31 runs at trusted SRAM. It provides below mentioned runtime services: + + #. Power State Coordination Interface (PSCI) + #. Secure Monitor framework + #. Secure Partition Manager Dispatcher + +Secure Partition Manager +........................ +Total Compute enables FEAT S-EL2 architectural extension, and it uses Hafnium as Secure Partition Manager Core (SPMC). BL32 option in TF-A is re-purposed to specify the SPMC image. The SPMC component runs at S-EL2 exception level. + +Secure Partitions +................. +Software image isolated using SPM is Secure Partition. Total Compute enables OP-TEE and Trusted Services (Crypto, Internal Trusted Storage) as Secure Partitions. + +OP-TEE +++++++ +OP-TEE Trusted OS is virtualized using Hafnium at S-EL2. OP-TEE OS for Total Compute is built with FFA and SEL2 SPMC support. This enables OP-TEE as a Secure Partition running in an isolated address space managed by Hafnium. The OP-TEE kernel runs at S-EL1 with Trusted applications running at S-EL0. + +Trusted Services +++++++++++++++++ +Trusted Services like Crypto Service and Internal Trusted Storage runs as S-EL0 Secure Partitions using a Shim layer at S-EL1. These services along with S-EL1 Shim layer are built as a single image. The Shim layer forwards FF-A calls from S-EL0 to S-EL2. + +U-Boot +------ +TF-A BL31 passes execution control to U-boot bootloader (BL33). U-boot in Total Compute has support for multiple image formats: + + #. FitImage format: this contains the Linux kernel and Buildroot ramdisk which are authenticated and loaded in their respective positions in DRAM and execution is handed off to the kernel. + #. Android boot image: This contains the Linux kernel and Android ramdisk. If using Android Verified Boot (AVB) boot.img is loaded from MMC to DRAM, authenticated and then execution is handed off to the kernel. + +Kernel +------ +Linux Kernel in Total Compute contains the subsystem-specific features that demonstrate the capabilities of Total Compute. Apart from default configuration, it enables: + + #. Arm MHUv2 controller driver + #. Arm FF-A driver + #. OP-TEE driver with FF-A Transport Support + #. Arm FF-A user space interface driver + #. Trusty driver with FF-A Transport Support + +Android +------- +Total Compute has support for Android Open-Source Project (AOSP), which contains the Android framework, Native Libraries, Android Runtime and the Hardware Abstraction Layers (HALs) for Android Operating system. +The Total Compute device profile defines the required variables for Android such as partition size and product packages and has support for the below configuration of Android: + + #. Software rendering: This profile has support for Android UI and boots Android to home screen. It uses SwiftShader to achieve this. Swiftshader is a CPU base implementation of the Vulkan graphics API by Google. + diff --git a/docs/totalcompute/tc2/user-guide.rst b/docs/totalcompute/tc2/user-guide.rst new file mode 100755 index 0000000000000000000000000000000000000000..5b488277661da7155f6b1442455bcb0830cf6171 --- /dev/null +++ b/docs/totalcompute/tc2/user-guide.rst @@ -0,0 +1,431 @@ +.. _docs/totalcompute/tc2/user-guide: + +User Guide +========== + +.. contents:: + + +Notice +------ + +The Total Compute 2022 (TC2) software stack uses bash scripts to build a Board +Support Package (BSP) and a choice of Buildroot Linux distribution or Android +userspace. + +Prerequisites +------------- + +These instructions assume that: + * Your host PC is running a recent Ubuntu Linux (18.04, 20.04 or 22.04) + * You are running the provided scripts in a ``bash`` shell environment. + +To get the latest repo tool from google, run the following commands: + +:: + + mkdir -p ~/bin + curl https://storage.googleapis.com/git-repo-downloads/repo > ~/bin/repo + chmod a+x ~/bin/repo + export PATH=~/bin:$PATH + +If syncing and building android, the minimum requirements for the host machine can be found at https://source.android.com/setup/build/requirements, These include: + * At least 250GB of free disk space to check out the code and an extra 150 GB to build it. If you conduct multiple builds, you need additional space. + * At least 16 GB of available RAM/swap. + * Git configured properly using "git config" otherwise it may throw error while fetching the code. + +The software requirements can be automatically installed by running +``requirements.sh`` with sudo, once the code is synced. They can also be +installed by running the following steps: +(Note: Python modules will be installed in a virtual environment) + +To install the required packages, run: + +:: + + sudo apt install chrpath gawk texinfo diffstat wget git unzip gcc-arm-linux-gnueabihf \ + build-essential socat cpio python3 python3-pip python3-pexpect xz-utils debianutils \ + iputils-ping python3-git libegl1-mesa libsdl1.2-dev xterm git-lfs openssl \ + curl lib32ncurses5-dev libz-dev u-boot-tools m4 zip liblz4-tool zstd make \ + dwarves ninja-build libssl-dev srecord libelf-dev bison flex + +For Ubuntu 18.04: +:: + sudo apt install pylint3 python-pip python + +For ubuntu 20.04 and higher: +:: + sudo apt install pylint python + +Syncing and building the source code +------------------------------------ + +There are two distros supported in the TC2 software stack: buildroot (a minimal distro containing busybox) and android. + +Syncing code +############ + +Create a new folder that will be your workspace, which will henceforth be referred to as ```` +in these instructions. +:: + mkdir + cd + export TC2_RELEASE=refs/tags/TC2-2022.08.12 + +To sync BSP only without Android, run the following repo command. +:: + repo init -u https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-manifest -m tc2.xml -b ${TC2_RELEASE} -g bsp + repo sync -j `nproc` --fetch-submodules + +To sync both the BSP and Android, run the following repo command. +:: + repo init -u https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-manifest -m tc2.xml -b ${TC2_RELEASE} -g android + repo sync -j `nproc` --fetch-submodules + +The resulting files will have the following structure: +- build-scripts/: the components build scripts +- run-scripts/: scripts to run the FVP +- src/: each component's git repository + +Initial Setup +############# + +NOTE: python cryptography module is needed, but might be already installed as an apt package in an older version. If this is the case, run +:: + sudo apt remove python3-cryptography + +To patch the components and install the toolchains and build tools, navigate to +the build-scripts directory, then run: +For buildroot build: +:: + export PLATFORM=tc2 + export FILESYSTEM=buildroot + ./setup.sh + +For an Android build: +:: + export PLATFORM=tc2 + export FILESYSTEM=android-swr + ./setup.sh + +The various tools will be installed in the tools/ directory at the root of the workspace. + +To build Android with AVB (Android Verified Boot) enabled, run: +:: + export AVB=true + +NOTES: + +* If running ``repo sync`` again is needed at some point, then the setup.sh script also needs to be run again, as repo sync can discard the patches. + +* Most builds will be done in parallel using all the available cores by default. To change this number, run ``export PARALLELISM=`` + +Board Support Package build +############################ + +To build the whole stack, simply run: +:: + ./build-all.sh build + +Build files are stored in build-scripts/output/tmp_build/, final images will be placed in build-script/output/deploy/. + +More about the build system +########################### + +``build-all.sh`` will build all the components, but each component has its own script, allowing it to be built, cleaned and deployed separately. +All scripts support the ``build``, ``clean``, ``deploy``, ``patch`` commands. ``build-all.sh`` also supports ``all``, to clean then rebuild all the stack. + +For example, to build, deploy, and clean SCP, run +:: + ./build-scp.sh build + ./build-scp.sh deploy + ./build-scp.sh clean + +The platform and filesystem used should be defined as described previously, but they can also be specified like so: +:: + ./build-all -p $PLATFORM -f $FILESYSTEM build + +Additionally, Android Verified Boot (AVB) can be enabled with the ``-a`` option. +Those options work for all the build-*.sh scripts. + +Android OS build +################# + +* tc2_swr : This supports Android display with swiftshader (software rendering). + +The android images can be built with or without authentication enabled using Android Verified Boot(AVB). +AVB build is done in userdebug mode and takes a longer time to boot as the images are verified. + +The ``-a`` option does not influence the way the system boots rather it adds an optional sanity check on the prerequisite images. + +Android based stack takes considerable time to build, so start the build and go grab a cup of coffee! + +Provided components +------------------- + +Firmware Components +################### + +Trusted Firmware-A +****************** + +Based on `Trusted Firmware-A `__ + ++--------+------------------------------------------------------------------------------------------------------------+ +| Script | /build-scripts/build-tfa.sh | ++--------+------------------------------------------------------------------------------------------------------------+ +| Files | * /build-scripts/output/deploy/tc2/bl1-tc.bin | +| | * /build-scripts/output/deploy/tc2/fip-tc.bin | ++--------+------------------------------------------------------------------------------------------------------------+ + + +System Control Processor (SCP) +****************************** + +Based on `SCP Firmware `__ + ++--------+------------------------------------------------------------------------------------------------+ +| Script | /build-scripts/build-scp.sh | ++--------+------------------------------------------------------------------------------------------------+ +| Files | * /build-scripts/output/deploy/tc2/scp_ramfw.bin | +| | * /build-scripts/output/deploy/tc2/scp_romfw.bin | ++--------+------------------------------------------------------------------------------------------------+ + + +U-Boot +****** + +Based on `U-Boot gitlab `__ + ++--------+---------------------------------------------------------------------------------------+ +| Script | /build-scripts/build-u-boot.sh | ++--------+---------------------------------------------------------------------------------------+ +| Files | * /build-scripts/output/deploy/tc2/u-boot.bin | ++--------+---------------------------------------------------------------------------------------+ + + +Hafnium +******* + +Based on `Hafnium `__ + ++--------+--------------------------------------------------------------------------------------+ +| Script | /build-scripts/build-hafnium.sh | ++--------+--------------------------------------------------------------------------------------+ +| Files | * /build-scripts/output/deploy/tc2/hafnium.bin | ++--------+--------------------------------------------------------------------------------------+ + + +OP-TEE +****** + +Based on `OP-TEE `__ + ++--------+------------------------------------------------------------------------------------------+ +| Script | /build-scripts/build-optee-os.sh | ++--------+------------------------------------------------------------------------------------------+ +| Files | * /build-scripts/output/tmp_build/tfa_sp/tee-pager_v2.bin | ++--------+------------------------------------------------------------------------------------------+ + + +S-EL0 trusted-services +********************** + +Based on `Trusted Services `__ + ++--------+-----------------------------------------------------------------------------------------------+ +| Script | /build-scripts/build-trusted-services.sh | ++--------+-----------------------------------------------------------------------------------------------+ +| Files | * /build-scripts/output/tmp_build/tfa_sp/crypto-sp.bin | +| | * /build-scripts/output/tmp_build/tfa_sp/internal-trusted-storage.bin | ++--------+-----------------------------------------------------------------------------------------------+ + +Linux +***** + +The component responsible for building a 5.10 version of the Android Common kernel (`ACK `__). + ++--------+-----------------------------------------------------------------------------------------------+ +| Script | /build-scripts/build-linux.sh | ++--------+-----------------------------------------------------------------------------------------------+ +| Files | * /build-scripts/output/deploy/tc2/Image | ++--------+-----------------------------------------------------------------------------------------------+ + +Trusty +****** + +Based on `Trusty `__ + ++--------+---------------------------------------------------------------------------+ +| Script | /build-scripts/build-trusty.sh | ++--------+---------------------------------------------------------------------------+ +| Files | * /build-scripts/output/deploy/tc2/lk.bin | ++--------+---------------------------------------------------------------------------+ + +Distributions +############# + +Buildroot Linux distro +***************** + +The layer is based on the `buildroot `__ Linux distribution. +The provided distribution is based on BusyBox and built using glibc. + ++--------+-------------------------------------------------------------------------------------------------+ +| Script | /build-scripts/build-buildroot.sh | ++--------+-------------------------------------------------------------------------------------------------+ +| Files | * /build-scripts/output/deploy/tc2/tc-fitImage.bin | ++--------+-------------------------------------------------------------------------------------------------+ + + +Android +******* + ++--------+-------------------------------------------------------------------------+ +| Script | /build-scripts/build-android.sh | ++--------+-------------------------------------------------------------------------+ +| Files | * /build-scripts/output/deploy/tc2/android.img | +| | * /build-scripts/output/deploy/tc2/ramdisk_uboot.img | +| | * /build-scripts/output/deploy/tc2/system.img | +| | * /build-scripts/output/deploy/tc2/userdata.img | +| | * /build-scripts/output/deploy/tc2/boot.img (AVB only) | +| | * /build-scripts/output/deploy/tc2/vbmeta.img (AVB only) | ++--------+-------------------------------------------------------------------------+ + + +Run scripts +########### + +Within the ``/run-scripts/`` are several convenience functions for testing the software +stack. Usage descriptions for the various scripts are provided in the following sections. + + +Obtaining the TC2 FVP +--------------------- + +The TC2 FVP is available to partners for build and run on Linux host environments. +Please contact Arm to have access (support@arm.com). + + +Running the software on FVP +--------------------------- + +A Fixed Virtual Platform (FVP) of the TC2 platform must be available to run the included run scripts. + +The run-scripts structure is as follows: + +:: + + run-scripts + |--tc2 + |--run_model.sh + |-- ... + +Ensure that all dependencies are met by running the FVP: ``./path/to/FVP_TC2``. You should see +the FVP launch, presenting a graphical interface showing information about the current state of the FVP. + +The ``run_model.sh`` script in ``/bsp/run-scripts/tc2`` will launch the FVP, providing +the previously built images as arguments. Run the ``run_model.sh`` script: + +:: + + ./run_model.sh + Incorrect script use, call script as: + [OPTIONS] + OPTIONS: + -m, --model path to model + -d, --distro distro version, values supported [buildroot, android-swr] + -a, --avb [OPTIONAL] avb boot, values supported [true, false], DEFAULT: false + -t, --tap-interface [OPTIONAL] enable TAP interface + -e, --extra-model-params [OPTIONAL] extra model parameters + +Running Buildroot +################# + +:: + + ./run-scripts/tc2/run_model.sh -m -d buildroot + +Running Android +############### + +:: + + For running android with AVB disabled: + ./run-scripts/tc2/run_model.sh -m -d android-swr + + For running android with AVB enabled: + ./run-scripts/tc2/run_model.sh -m -d android-swr -a true + +When the script is run, three terminal instances will be launched. +terminal_uart_ap used for TF-M firmware logs, terminal_s0 used for the SCP, +TF-A, OP-TEE core logs and terminal_s1 used by TF-A early boot, Hafnium, U-boot +and Linux. + +Once the FVP is running, hardware Root of Trust will verify AP and SCP +images, initialize various crypto services and then handover execution to the +SCP. SCP will bring the AP out of reset. The AP will start booting from its +ROM and then proceed to boot Trusted Firmware-A, Hafnium, +Secure Partitions (OP-TEE, Trusted Services in Buildroot and Trusty in Android) then +U-Boot, and then Linux and Buildroot/Android. + +When booting Buildroot the model will boot Linux and present a login prompt on terminal_s1. Login +using the username ``root``. You may need to hit Enter for the prompt to appear. + +The OP-TEE and Trusted Services are initialized in Buildroot distribution. The functionality of OP-TEE and +core set of trusted services such as Crypto and Internal Trusted Storage can be invoked only on Builroot distribution. +For OP-TEE, the TEE sanity test suite can be run using command ``xtest`` on terminal_s1. +For Trusted Services, run command ``ts-service-test -sg ItsServiceTests -sg PsaCryptoApiTests -sg +CryptoServicePackedcTests -sg CryptoServiceProtobufTests -sg CryptoServiceLimitTests -v`` for Service API level tests +and run command ``ts-demo`` for the demonstration client application. + +On Android distribution, Trusty provides a Trusted Execution Environment (TEE). +The functionality of Trusty IPC can be tested using command ``tipc-test -t ta2ta-ipc`` with root privilege. +(Once Android boots to prompt, do ``su 0`` for root access) + +While booting, GUI window - ``Fast Models - Total Compute 2 DP0`` shows Android logo and on boot completion, +the window will show the Android home screen. + +On Android distribution, Virtualization service provides support to run Microdroid based pVM (Protected VM). +For running a demo Microdroid, boot TC FVP with Android distribution. Once the Android is completely up, run below command: + +:: + + ./run-scripts/tc2/run_microdroid_demo.sh + +Debugging on Arm Development Studio +----------------------------------- + +Creating a new connection +######################### + +#. File->new->model connection +#. Name it and next +#. Add a new model and select CADI interface +#. Select ``Launch and select a specific model`` +#. Give TC2 FVP model path and Finish +#. Close + +Attach and Debug +################ + +#. Build the target with debug enabled. ``build-scripts/config`` can be configured to enable debug. +#. Run Buildroot/Android as described above. +#. Select the target created as mentioned in ``Creating a new connection`` and ``connect to target`` from debug control console. +#. After connection, use options in debug control console (highlighted in the below diagram) or keyboard shortcuts to ``step``, ``run`` or ``halt``. +#. To add debug symbols, right click on target -> ``Debug configurations`` and under ``files`` tab add path to ``elf`` files. +#. Debug options such as ``break points``, ``variable watch``, ``memory view`` and so on can be used. + +.. figure:: Debug_control_console.png + +Switch between SCP and AP +######################### + +#. Right click on target and select ``Debug Configurations`` +#. Under ``Connection``, select ``Cortex-M3`` for SCP and ``Arm-Hayes_x/Arm-Hunter_x`` for AP core x and then debug + +.. figure:: Switch_Cores.png + +-------------- + +*Copyright (c) 2022, Arm Limited. All rights reserved.*