Commit 1a20683d authored by Xueliang Zhong's avatar Xueliang Zhong
Browse files

corstone1000: update for CORSTONE1000-2022.01.07



This commit updates documentation for running SystemReady-IR tests on
corstone1000 MPS3 FPGA:
  - ACS tests (SCT, FWTS, BSA),
  - manual capsule update test,
  - Linux distro install and boot, etc.
Signed-off-by: Xueliang Zhong's avatarXueliang Zhong <xueliang.zhong@arm.com>
parent 59221f1e
......@@ -4,6 +4,18 @@ Change Log
This document contains a summary of the new features, changes and
fixes in each release of Corstone-1000 software stack.
Version 2022.01.07
------------------
Changes
~~~~~~~
- Corstone1000: fix SystemReady-IR ACS test (SCT, FWTS) failures.
- U-Boot: send bootcomplete event to secure enclave.
- U-Boot: support populating corstone1000 image_info to ESRT table.
- U-Boot: add ethernet device and enable configs to support bootfromnetwork SCT.
Version 2021.12.15
------------------
......
......@@ -3,6 +3,17 @@
.. contents::
Release notes - 2022.01.07
==========================
Known Issues or Limitations
---------------------------
- Before running each SystemReady-IR tests: ACS tests (SCT, FWTS, BSA), manual
capsule update test, Linux distro install and boot, etc., the SecureEnclave
flash must be cleaned. See user-guide "Clean Secure Flash Before Testing"
section.
Release notes - 2021.12.15
==========================
......
......@@ -126,7 +126,7 @@ In the top directory of the workspace ``<_workspace>``, run:
::
git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2021.12.15
git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.01.06
To build corstone1000 image for MPS3 FPGA, run:
......@@ -263,18 +263,115 @@ booted completely, user can login to the shell using
Running test applications (applicable to FPGA only)
----------------------------------------------------------
**NOTE**: Running the SystemReady-IR tests described below requires the user to
work with USB sticks. In our testing, not all USB stick models work well with
MPS3 FPGA. Here are the USB sticks models that are stable in our test
environment.
- HP V165W 8 GB USB Flash Drive
- SanDisk Ultra 32GB Dual USB Flash Drive USB M3.0
- SanDisk Ultra 16GB Dual USB Flash Drive USB M3.0
**NOTE**:
Before running each of the tests in this chapter, the user should follow the
steps described in following section "Clean Secure Flash Before Testing" to
erase the SecureEnclave flash cleanly and prepare a clean board environment for
the testing.
Clean Secure Flash Before Testing
#################################
To prepare a clean board environment with clean secure flash for the testing,
the user should prepare an image that erases the secure flash cleanly during
boot. Run following commands to build such image.
::
cd <_workspace>
git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.01.06
git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git
cp -f systemready-patch/embedded-a/corstone1000/erase_flash/0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch meta-arm
cd meta-arm
git apply 0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch
cd ..
kas shell meta-arm/kas/corstone1000-mps3.yml
bitbake corstone1000-image
Replace the bl1.bin and cs1000.bin files on the SD card with following files:
- The ROM firmware: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin
- The flash image: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt
Now reboot the board. This step erases the Corstone1000 SecureEnclave flash
completely, the user should expect following message from TF-M log:
::
!!!SECURE FLASH HAS BEEN CLEANED!!!
NOW YOU CAN FLASH THE ACTUAL CORSTONE1000 IMAGE
PLEASE REMOVE THE LATEST ERASE SECURE FLASH PATCH AND BUILD THE IMAGE AGAIN
Then the user should follow "Building the software stack" to build a clean
software stack and flash the FPGA as normal. And continue the testing.
Run SystemReady-IR ACS tests
############################
First, the user should prepare a USB stick with ACS image. Provided the USB
device is sda, run the following commands to prepare the ACS image in USB
stick:
This section describes how the user can build and run Architecture Compliance
Suite (ACS) tests on Corstone1000.
First, the user should download the `Arm SystemReady ACS repository <https://github.com/ARM-software/arm-systemready/>`__.
This repository contains the infrastructure to build the Architecture
Compliance Suite (ACS) and the bootable prebuilt images to be used for the
certifications of SystemReady-IR. To download the repository, run command:
::
cd <_workspace>
git clone https://github.com/ARM-software/arm-systemready.git -b v21.07_0.9_BETA
**NOTE**: Currently the bootable prebuilt images included this repository
doesn't contain the 5.14 Linux kernel, thus it doesn't provide USB driver
support for Corstone1000. The user needs to follow the instructions below to
build the ACS images from source with USB driver patches for testing on
Corstone1000.
To download the USB driver patches, run:
::
wget https://github.com/ARM-software/arm-systemready/raw/main/IR/prebuilt_images/v21.09_1.0/ir_acs_live_image.img.xz
cd <_workspace>
git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git
cp -fr systemready-patch/embedded-a/corstone1000/IR/patches/usb arm-systemready/IR/patches/
cp -f systemready-patch/embedded-a/corstone1000/common/config/startup.nsh arm-systemready/common/config/startup.nsh
cp -f systemready-patch/embedded-a/corstone1000/common/ramdisk/init.sh arm-systemready/common/ramdisk/init.sh
cp -f systemready-patch/embedded-a/corstone1000/common/scripts/build-linux.sh arm-systemready/common/scripts/build-linux.sh
Then, to build the ACS image, run following commands.
**NOTE**: the scripts below require the user to have ``sudo`` permission on the
host build machine.
::
cd <_workspace>/arm-systemready/IR/scripts
# Make sure this is a clean build, remove directories generated from previous builds
rm -rf bbr-acs busybox edk2 edk2-test fwts grub linux-5.11 linux-acs output tools
./build-scripts/get_source.sh
./build-scripts/build-ir-live-image.sh
Once the build is successful, the output ACS live image will be placed in the following path:
- ``<_workspace>/arm-systemready/IR/scripts/output/ir_acs_live_image.img.xz``
Then, the user should prepare a USB stick with ACS image. In the given example
here, we assume the USB device is ``/dev/sdb`` (the user should use ``lsblk``
command to confirm). Be cautious here and don't confuse your host PC's own hard
drive with the USB drive. Run the following commands to prepare the ACS image
in USB stick:
::
cd <_workspace>/arm-systemready/IR/scripts/output/
unxz ir_acs_live_image.img.xz
sudo dd if=ir_acs_live_image.img of=/dev/sda iflag=direct oflag=direct bs=1M status=progress; sync
sudo dd if=ir_acs_live_image.img of=/dev/sdb iflag=direct oflag=direct bs=1M status=progress; sync
Once the USB stick with ACS image is prepared, the user should make sure that
ensure that only the USB stick with the ACS image is connected to the board,
......@@ -309,7 +406,7 @@ The <binary_file> here should be a wic image. And this input binary file
(capsule) should be less than 15 MB.
Based on the user's requirement, the user can change the firmware version
number given to --fw-version option (the version number needs to be >= 1).
number given to ``--fw-version`` option (the version number needs to be >= 1).
Place the generated ``cs1k_cap`` file in the root directory of the boot partition in
the USB stick. Note: As we are running the direct method, the ``cs1k_cap`` file should
......@@ -323,6 +420,38 @@ Boot the board and reach u-boot shell. Run the EFI Shell. In the EFI Shell, run:
FS0:
EFI/BOOT/app/CapsuleApp.efi cs1k_cap
For this test, the user can provide two capsules for testing: a positive test
case capsule which boots the board correctly, and a negative test case with an
incorrect capsule which fails to boot the host software.
In the positive case scenario, the user should see following log in TF-M log,
indicating the new capsule image is successfully applied, and the board boots
correctly.
::
...
SysTick_Handler: counted = 10, expiring on = 360
SysTick_Handler: counted = 20, expiring on = 360
SysTick_Handler: counted = 30, expiring on = 360
...
metadata_write: success: active = 1, previous = 0
accept_full_capsule: exit: fwu state is changed to regular
...
In the negative case scenario, the user should see that Secure Enclave tries to
boot 5 times with the new image (can be seen from the TF-M log). If Secure
Enclave found the new image still cannot boot correctly after 5 attempts, it will
switch to the previous active bank, and the board boots correctly.
::
...
metadata_write: success: active = 0, previous = 1
fwu_select_previous: in regular state by choosing previous active bank
...
Linux distro install and boot
#############################
......@@ -335,14 +464,14 @@ Download one of following Linux distro images:
Once the .iso file is downloaded, the .iso file needs to be flashed to your USB drive.
In the given example here, we assume the USB device is /dev/sdb (the user
In the given example here, we assume the USB device is ``/dev/sdb`` (the user
should use `lsblk` command to confirm). Be cautious here and don't confuse your
host PC's own hard drive with the USB drive. Then copy the contents of an iso
file into the first USB stick, run:
::
sudo dd if=/path/to/iso_file of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync;
sudo dd if=</path/to/iso_file> of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync;
Boot the MSP3 board with the first USB stick connected. Open following minicom sessions:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment