Intel Stratix 10 SoC UEFI Boot Loader User Guide

Download PDF
ID 683134
Date 6/19/2020
Public
Document Table of Contents
Document Table of Contents x
1. Overview 2. System Requirements 3. Getting Started 4. Running UEFI on Intel Stratix 10 Hardware 5. Document Revision History for Intel Stratix 10 SoC UEFI Boot Loader User Guide
2. System Requirements x
2.1. Minimum Hardware Requirements 2.2. Minimum Software Requirements
3. Getting Started x
3.1. Installing Software Components 3.2. Building the Secure Monitor 3.3. Building the UEFI Boot Loader
3.1. Installing Software Components x
3.1.1. Installing the Intel SoC EDS 3.1.2. Installing the Compiler Toolchain
3.2. Building the Secure Monitor x
3.2.1. User Configuration 3.2.2. Getting the Arm* Trusted Firmware Source Code 3.2.3. Building the ATF
3.3. Building the UEFI Boot Loader x
3.3.1. Prerequisites 3.3.2. Obtaining the UEFI Source Code 3.3.3. Obtaining the edk2 Platform Source Code 3.3.4. Compiling the UEFI Source Code with the Linaro Tool Chain 3.3.5. UEFI Generated Files 3.3.6. Generating the FIP
4. Running UEFI on Intel Stratix 10 Hardware x
4.1. Running on a Physical Board with ATF and UEFI Bootloader 4.2. Booting Linux
4.1. Running on a Physical Board with ATF and UEFI Bootloader x
4.1.1. Generate a .sof file with ATF 4.1.2. Creating an SD Card Image 4.1.3. Running the Secure Monitor 4.1.4. Debugging with DS
4.2. Booting Linux x
4.2.1. Booting from the UEFI Shell
1. Overview
2. System Requirements
3. Getting Started
4. Running UEFI on Intel Stratix 10 Hardware
5. Document Revision History for Intel Stratix 10 SoC UEFI Boot Loader User Guide

1. Overview

This document provides comprehensive information on Unified Extensible Firmware Interface (UEFI) boot loader for Intel Stratix 10 SoC.
The Intel Stratix 10 SoC provides a secure boot flow, consisting of:
  • The boot ROM
  • The secure device manager (SDM)
  • The Secure Monitor
  • The UEFI boot loader

The Intel Stratix 10 SoC secure boot flow ensures that the system boot loader is signed with a cryptographic key, validated by the firmware.

The Secure Monitor stage also implements the TrustZone* model of secure partitioning. This model divides the software environment into two isolated partitions, called the secure world and the non-secure world. The two worlds can only communicate with each other through the Secure Monitor.

The binary image of the UEFI boot loader can be stored on Quad SPI flash SD/MMC card. On board power-up, the secure device manager (SDM) loads the Secure Monitor directly onto Hard Processor System (HPS) on-chip RAM. Then the Secure Monitor loads the UEFI boot loader in HPS DDR memory.

The Secure Monitor tasks include:
  • Initializing DDR SDRAM memory
  • Configuring low level hardware, such as PLL, IOs, and pin MUXes, needed by nonsecure world software
The UEFI boot loader tasks include:
  • Providing Ethernet support
  • Supporting basic hardware diagnostic features
  • Fetching subsequent boot software such as the operating system package or kernel image.
Note: For non-secure boot, the operating system package can include kernel image, device tree blob and filesystem. For secure boot it can be a secure kernel.
Figure 1. UEFI Boot Flow Overview
Level Two Title