Intel Stratix 10 SoC UEFI Boot Loader User Guide

ID 683134
Date 6/19/2020
Public

1. Overview

This document provides comprehensive information on Unified Extensible Firmware Interface (UEFI) boot loader for Intel Stratix 10 SoC.
The Intel Stratix 10 SoC provides a secure boot flow, consisting of:
  • The boot ROM
  • The secure device manager (SDM)
  • The Secure Monitor
  • The UEFI boot loader

The Intel Stratix 10 SoC secure boot flow ensures that the system boot loader is signed with a cryptographic key, validated by the firmware.

The Secure Monitor stage also implements the TrustZone* model of secure partitioning. This model divides the software environment into two isolated partitions, called the secure world and the non-secure world. The two worlds can only communicate with each other through the Secure Monitor.

The binary image of the UEFI boot loader can be stored on Quad SPI flash SD/MMC card. On board power-up, the secure device manager (SDM) loads the Secure Monitor directly onto Hard Processor System (HPS) on-chip RAM. Then the Secure Monitor loads the UEFI boot loader in HPS DDR memory.

The Secure Monitor tasks include:
  • Initializing DDR SDRAM memory
  • Configuring low level hardware, such as PLL, IOs, and pin MUXes, needed by nonsecure world software
The UEFI boot loader tasks include:
  • Providing Ethernet support
  • Supporting basic hardware diagnostic features
  • Fetching subsequent boot software such as the operating system package or kernel image.
Note: For non-secure boot, the operating system package can include kernel image, device tree blob and filesystem. For secure boot it can be a secure kernel.
Figure 1. UEFI Boot Flow Overview