WolfSSL
/
wolfBoot
mirror of https://github.com/wolfSSL/wolfBoot.git
1
0
Fork 0
Code Issues Releases Wiki Activity
wolfBoot/IDE/XilinxSDK/README.md

85 lines
3.9 KiB
Markdown
Raw Permalink Blame History

# Xilinx SDK wolfBoot Project
To use this example project:
1. Copy `.cproject` and `.project` into the wolfBoot root.
2. From the Xilinx SDK Import wolfBoot using "Import" -> "Existing Projects into Workspace".
## Xilinx SDK BSP
This project uses a BSP named `standalone_bsp_0`, which must be configured to use "hypervisor guest" in the BSP configuration settings. This will enable the EL-1 support required with Bl31 (ARM Trusted Firmware). The BSP generates a include/bspconfig.h, which should have these defines set:
```
#define EL1_NONSECURE 1
#define HYP_GUEST 1
```
Note: This is a generated file from the BSP configurator tool, which is edited by opening the `system.mss` file.
## wolfBoot Configuration
A build settings template for Zynq UltraScale+ can be found here `./config/examples/zynqmp.config`. This file can be copied to wolfBoot root as `.config` for building from the command line. These template settings are also in this `.cproject` as preprocessor macros. These settings are loaded into the `target.h.in` template by the wolfBoot `make`. If not using the built-in make then the following defines will need to be manually created in `target.h`:
```
#define WOLFBOOT_SECTOR_SIZE 0x20000
#define WOLFBOOT_PARTITION_BOOT_ADDRESS 0x800000
#define WOLFBOOT_LOAD_ADDRESS 0x10000000
#define WOLFBOOT_PARTITION_SIZE 0x2A00000
#define WOLFBOOT_PARTITION_UPDATE_ADDRESS 0x3A00000
#define WOLFBOOT_PARTITION_SWAP_ADDRESS 0x63E0000
#define WOLFBOOT_DTS_BOOT_ADDRESS 0x7E0000
#define WOLFBOOT_DTS_UPDATE_ADDRESS 0x39E0000
#define WOLFBOOT_LOAD_DTS_ADDRESS 0x11800000
```
Note: If not using Position Independent Code (PIC) the linker script `ldscript.ld` must have the start address offset to match the `WOLFBOOT_LOAD_ADDRESS`.
## Signing Example
```sh
python3 ./tools/keytools/sign.py --rsa4096 --sha3 ../helloworld/Debug/helloworld.elf ./rsa4096.der 1
```
## Bootgen
Xilinx uses a `bootgen` tool for generating a boot binary image that has Xilinx headers, which the FSBL (First Stage Boot Loader) understands. See the `boot.bif` and `boot_auth.bif` as examples.
* Use "partition_owner=uboot" to prevent a partition from being loaded into RAM.
* Use "offset=" option to place the application into a specific location in flash.
* Use "load=" option to have FSBL load into specific location in RAM.
### Adding RSA Authentication
1. Generate keys:
* `bootgen.exe -generate_keys auth pem -arch zynqmp -image boot.bif`
2. Create hash for primary key:
* `bootgen.exe -image boot.bif -arch zynqmp -w -o i BOOT.BIN -efuseppkbits ppkf_hash.txt`
3. Import example project for programming eFuses:
* New BSP project (program efuses , ZCU102_hw_platform, standalone, CPU: PSU_cortexa53_0)
* Goto Xilinx Board Support Packet Settings.
* Scroll down to Supported Libraries and Check the xiskey libray
* In the system.mss pane, scroll down to Libraries and click Import Examples.
* Check the xilskey_esfuseps_zynqmp_example
4. Edit `xilskey_efuseps_zynqmp_input.h`
* 433 `#define XSK_EFUSEPS_WRITE_PPK0_HASH TRUE`
* 453 `#define XSK_EFUSEPS_PPK0_IS_SHA3 TRUE`
* 454 `#define XSK_EFUSEPS_PPK0_HASH "0000000000000000000000000000000000000000000000000000000000000000" /* from ppkf_hash.txt */``
5. Update boot.bif (see boot_auth.bif)
```
[auth_params] ppk_select=0; spk_id=0x00000000
[pskfile] pskf.pem
[sskfile] sskf.pem
authentication=rsa
```
6. Build “boot.bin” image:
* `bootgen.exe -image boot.bif -arch zynqmp -o i BOOT.BIN -w`
Note: To generate a report of a boot.bin use the `bootgen_utility`:
`bootgen_utility -arch zynqmp -bin boot.bin -out boot.bin.txt`
### References:
* [ZAPP1319](https://www.xilinx.com/support/documentation/application_notes/xapp1319-zynq-usp-prog-nvm.pdf): Programming BBRAM and eFUSEs
* [UG1283](https://www.xilinx.com/support/documentation/sw_manuals/xilinx2018_2/ug1283-bootgen-user-guide.pdf): Bootgen User Guide
Reference in New Issue View Git Blame Copy Permalink