QEMU模拟器启arm64 ATF(arm trust firmware) BL1, uboot方法

目的：

使用QEMU(3.0版本以上)模拟一个arm64 virt平台，在virt平台上配置两个cfi flash. Flash0当作BootRom使用，“烧录”ATF(arm trust firmware)的BL1；Flash1上放置打包为ATF FIP格式的Image(包含了BL2, BL31, BL33(u-boot))。最终BootRom(BL1)开始执行，从Flash1 FIP.bin中加载BL2，BL2再加载BL31, BL33，最终到u-boot的命令行（cli）界面

 

准备环境：

1. OS:

4.15.0-62-generic #69~16.04.1-Ubuntu SMP Fri Sep 6 02:43:35 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

1. QEMU（至少3.0以上版本，我使用的是4.0之后的）:

Refer to https://blog.csdn.net/jasonLee_lijiaqi/article/details/80967912

Download:

git clone https://git.qemu.org/git/qemu.git

cd qemu

git submodule init

git submodule update –recursive

       Compile:

              ./configure --target-list=aarch64-softmmu

              Make

1. Cross compile tool

gcc-linaro-7.4.1-2019.02-x86_64_aarch64-linux-gnu.tar.xz

1. U-boot

Compile:

make mrproper

export CROSS_COMPILE=YourGNU_path/aarch64-linux-gnu-

make qemu_arm64_defconfig

make menuconfig

1. ARM architectureàGenerate position-independent pre-relocation code

将POSITION_INDEPENDENT项设置为yes

2. /u-boot/common/board_r.c 文件注释 initr_flash 否则u-boot crash)

Make

{ 我使用的版本

       commit 504bf790da08db9b4a443566cf6ef577f9c7996a

Merge: 8c66fb8 c23b33f

Author: Tom Rini <trini@konsulko.com>

Date:   Wed May 8 16:21:43 2019 -0400

 

    Merge branch 'master' of git://git.denx.de/u-boot-sunxi

   

    - H6 Beelink GS1 board (Clément)

    - Olimex A64-Teres-I board (Jonas)

    - sunxi build fix for CONFIG_CMD_PXE|DHCP (Ondrej)

    - Change include order (Jagan)

    - EPHY clock changes (Jagan)

    - EMAC enablement on Cubietruck Plus, BPI-M3 (Chen-Yu Tsai)

}

1. ATF：

git clone https://github.com/ARM-software/arm-trusted-firmware.git

Compile:

export ARCH=arm64

export CROSS_COMPILE=YourGNU_path/aarch64-linux-gnu-

        make PLAT=qemu BL33=uboot_path/u-boot.bin all fip

        (编译完成后，可以看到bl1.bin和fip.bin)

       { 我使用的版本

              commit 44e8d5ebc36950943d70f3517d7756e210fc42ab

Merge: 7cc287d 7bdc469

Author: Paul Beesley <paul.beesley@arm.com>

Date:   Tue Aug 20 14:47:56 2019 +0000

 

    Merge "plat/arm: Introduce corstone700 platform." into integration

       }

 

运行：

YourQEMU_path/qemu-system-aarch64 \

       -nographic \

       -smp 2 \

       -machine virt,secure=on -cpu cortex-a57 \

       -d unimp -semihosting-config enable,target=native \

       -m 1057 \

       -bios ./bl1.bin

这个时候你能够看到BL1级别的串口输出，但是BL2等都还没有被调用

 

 

QEMU修改

为了实现FIP（BL2, BL31, uboot）的加载，需要稍微修改下qemu中的代码，将fip.bin image直接塞入flash1中。

1. 找到文件/hw/arm/virt.c，修改如下代码（+为我新增代码）

     BlockBackend *pflash_blk0;

+    BlockBackend *pflash_blk1;

 

+    char fipname[] = "fip.bin";

     /* Map legacy -drive if=pflash to machine properties */

     for (i = 0; i < ARRAY_SIZE(vms->flash); i++) {

         pflash_cfi01_legacy_drive(vms->flash[i],

@@ -1030,7 +1034,37 @@ static bool virt_firmware_init(VirtMachineState *vms,

             exit(1);

         }

     }

+    //aded by customer

+    pflash_blk1 = pflash_cfi01_get_blk(vms->flash[1]);

 

+    if (fipname != NULL) {

+        char *fname;

+        MemoryRegion *mr;

+        int image_size;

+

+        if (pflash_blk1) {

+            error_report("jun:The contents of the second flash device may be "

+                         "specified with -bios or with -drive if=pflash... "

+                         "but you cannot use both options at once");

+            exit(1);

+        }

+

+        /* Fall back to -bios */

+

+        fname = qemu_find_file(QEMU_FILE_TYPE_BIOS, fipname);

+        if (!fname) {

+            error_report("Could not find ROM image '%s'", fipname);

+            exit(1);

+        }

+        mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(vms->flash[1]), 0);

+        image_size = load_image_mr(fname, mr);

+        g_free(fname);

+        if (image_size < 0) {

+            error_report("Could not load fip image '%s'", fipname);

+            exit(1);

+        }

+    }

+    //end

 

1. 保存编译 make

 

最终效果：

qemu-system-aarch64 -nographic -smp 2 -machine virt,secure=on -cpu cortex-a57 -d unimp -semihosting-config enable,target=native -m 1057 -bios ./bl1.bin

NOTICE:  Booting Trusted Firmware

NOTICE:  BL1: v2.1(release):v2.1-599-g4968468-dirty

NOTICE:  BL1: Built : 15:28:30, Sep 19 2019

NOTICE:  BL1: Booting BL2

NOTICE:  BL2: v2.1(release):v2.1-599-g4968468-dirty

NOTICE:  BL2: Built : 15:28:30, Sep 19 2019

NOTICE:  BL1: Booting BL31

NOTICE:  BL31: v2.1(release):v2.1-599-g4968468-dirty

NOTICE:  BL31: Built : 15:28:30, Sep 19 2019

 

 

U-Boot 2019.07-rc1-00350-ga11c1c0-dirty (Sep 19 2019 - 16:10:12 +0800)

 

DRAM:  1 GiB

Relocation Offset is: 82044000

Relocating to 82044000, new gd at 81003de8, sp at 81000e90

*** Warning - bad CRC, using default environment

 

In:    pl011@9000000

Out:   pl011@9000000

Err:   pl011@9000000

Net:   No ethernet found.

Hit any key to stop autoboot:  0

=>