Arria® 10 SoC Boot User Guide

Download PDF
ID 683735
Date 4/03/2019
Public
Document Table of Contents
Document Table of Contents x
1. Arria 10 SoC Boot User Guide
1. Arria 10 SoC Boot User Guide x
1.1. Boot Process 1.2. Boot Stages 1.3. Boot Devices 1.4. Second-Stage Boot Loader Support Package Generator Tool 1.5. Generating a Boot Loader with an External Flash Boot Device 1.6. Boot and FPGA Configuration 1.7. Boot Debugging 1.8. Appendix A: Building the UEFI Boot Loader 1.9. Revision History for Arria 10 SoC Boot User Guide
1.1. Boot Process x
1.1.1. Typical Boot Flow 1.1.2. Bare Metal Boot Flow 1.1.3. Custom Boot Loader
1.2. Boot Stages x
1.2.1. Reset 1.2.2. First Stage: Boot ROM 1.2.3. Second Stage: Boot Loader (U-Boot)
1.2.2. First Stage: Boot ROM x
1.2.2.1. Boot ROM Flow
1.2.3. Second Stage: Boot Loader (U-Boot) x
1.2.3.1. Second-Stage Boot Flow
1.2.3.1. Second-Stage Boot Flow x
1.2.3.1.1. Typical Boot Flow (Non-Secure) 1.2.3.1.2. Secure Boot Flow
1.3. Boot Devices x
1.3.1. Boot Select 1.3.2. Flash Memory Devices for Booting 1.3.3. Booting From FPGA
1.3.2. Flash Memory Devices for Booting x
1.3.2.1. Quad SPI Flash Devices 1.3.2.2. SD/MMC Flash Devices 1.3.2.3. NAND Flash Devices
1.4. Second-Stage Boot Loader Support Package Generator Tool x
1.4.1. Boot Loader Generation and Flow
1.4.1. Boot Loader Generation and Flow x
1.4.1.1. Step 1: Compiling the FPGA Design 1.4.1.2. Step 2: Hardware Hand-off Files 1.4.1.3. Step 3: Generating the Boot Loader Source 1.4.1.4. Boot Loader Generator Tool: BSP Editor
1.5. Generating a Boot Loader with an External Flash Boot Device x
1.5.1. Prerequisites 1.5.2. Boot Loader Generation Example Using an SD/MMC Controller 1.5.3. Boot Loader Generation Example Using a QSPI Flash Controller 1.5.4. Boot Loader Generation Example Using a NAND Flash Controller
1.7. Boot Debugging x
1.7.1. Cold Boot Debug 1.7.2. Warm Boot Debug 1.7.3. Using the Boot ROM and Boot Loader Debug Registers 1.7.4. Boot Flash Device Issues 1.7.5. HPS Boot Loader Debugging
1.8. Appendix A: Building the UEFI Boot Loader x
1.8.1. Prerequisites 1.8.2. Supported Compiler Toolchains 1.8.3. Obtaining the UEFI Source Code 1.8.4. Compiling the UEFI Source Code with the Linaro Tool Chain 1.8.5. Compiling the UEFI Source Code with the ARM Tool Chain 1.8.6. UEFI Generated Files
1. Arria 10 SoC Boot User Guide

1.2.3.1.2. Secure Boot Flow

The main purpose of secure boot is to pass the chain of trust to the subsequent boot software. During a secure boot, the second-stage boot loader may authenticate or decrypt the subsequent boot image, depending on the current state registers in the Security Manager. In addition, the second-stage boot loader must ensure that the subsequent boot image is executed from secure memory such as on-chip RAM. The second-stage boot loader fits into the chain of trust as such:

Figure 10. Secure Boot Flow

The micro OS provides secure APIs to allow the application in the normal world OS to establish trusted services.

During a verified boot, the second-stage boot loader only authenticates the OS image and other images required by the OS. A flow for a verified boot is shown below.

Figure 11. Verified (Authenticated) Boot Flow

For both the secure and verified boot, the subsequent boot image must be executed in on-chip RAM while the second-stage boot loader is still executing from on-chip RAM. In order to accommodate this requirement, the authentication and decryption process might follow the following steps depicted in the next three diagrams, depending on the type of secure boot chosen.

Figure 12. Second-Stage Boot Loader Authentication Process
Figure 13. Second-Stage Boot Loader Decryption Process

Decryption is optional and is not required for secure boot. Upon entry into the second-stage boot loader, the CSS engine is enabled. The second-stage boot loader decrypts the subsequent boot image and disables the CSS engine upon exit.

Figure 14. Second-Stage Boot Loader Authentication and Decryption Process
Level Two Title