Restoring SecureBoot Images

In case of a blank eMMC or NOR device, the following instructions can be applied for the initial bringup of the LAN966x SoC.

The procedure described here will not work for the PCB8290, as this board is using a USB device as console and TFA monitor for lan966x it is using FlexCom3 which is a different device. For this board you will have to use a flash programmer. An alternative would be to wire cables to the board to get access to FlexCom3 to use the method described here.

1. Reference information

This is where you can find more details about enabling EVB image restoration:

SoC Name Strapping Pins Monitor Mode

LAN966x

LAN966x Strapping Pins

LAN966x UART Monitor

2. How to restore an image

3. Enable TF-A-Monitor at FC3

This section will give an overview on how the TF-A monitor can be loaded to the SoC and used for e.g. writing a FIP or a GPT image on a flash device.

The following description is based on a host PC running Ubuntu Linux:

  1. Set the strapping mode on the eval board to the "Monitor Mode" to enabling the UART monitor mode. See previous section for the details.

  2. Connect the eval board via USB cable to the host PC.

  3. The host machine should now enumerate a new TTY device like e.g. '/dev/ttyACM0'.

  4. From now on, no other application should be attached to this port (e.g. Putty or Termhub).

  5. Use a Chrome or MS Edge browser and open the fwu.html file in the address bar. This file can be found inside the artifacts archive.

bl2

Please follow the instructions and the red markers, illustrated on the previous screenshot.

  1. Arrow #1, Press the [Connect Device] button

  2. Arrow #2, Choose the appropriate console interface in the dropdown menu

  3. Arrow #3, Press [Connect] button

  4. After successful connection, the 'BL1 bootstrap' page should be loaded.

bl3

  1. Arrow #1, Press the [Download BL2U] button

After uploading and execution, the 'BL2U bootstrap' screen should be appear.

3.1. Program NOR with FIP

The main purpose of this description is to a write a FIP file to a blank NOR device. Be aware, that only a FIP file format can be written to the NOR flash. Using a GPT file will not work here.

When writing a FIP to the NOR, following methods can be used:

  1. Attach a SPI flasher to the board and write the FIP to the memory address offset of 0x0 (zero).

  2. Use the HTML5 based firmware update browser tool (fwu.html).

This section will describe, how to proceed with the second approach here. Therefore no further programmer hardware is required.

The following description assumes that the TF-A monitor mode has been started.

bl2u

Please follow according the instructions and the red markers, illustrated on the previous screenshot.

  • Arrow #1, Choose now the proper .fip file [Choose File].

  • Arrow #2, Upload the file by pressing the [Upload file] button.

  • Arrow #3, If the upload is finished, change dropdown value to [NOR Flash] device.

  • Arrow #3, Afterwards the [Write FIP Image] button can be pressed.

  • Wait till the write NOR procedure is completed. The process can take a few minutes.

  • The progress can be checked anytime inside the [Log:] field.

  • Change the strapping mode back to 0x1 or 0x4 for the NOR boot mode. See Reference Information

  • Reset the board

3.2. Program eMMC with GPT image

The main purpose of this description is to a write a GPT image to a blank eMMC or SDCard device. Writing this image will trigger following actions to the device:

  • Create a GPT based partition table and all required partitions.

  • Store a FIP file inside the 'fip' named partition.

  • According the chosen GPT image, the BL33 can contain an 'UBoot' or a 'Linux' as data payload.

A simple file copy of the GPT image to the eMMC or SDCard device will not work here ! A raw byte copy needs to be established here.

The GPT image can be written to the eMMC device using following methods:

  1. Using UBoot with network and upload/write the GPT image with mmc commands

  2. Using external programmers and write the GPT image to the eMMC address offset of 0x0 (zero).

  3. Use the HTML5 based firmware update browser tool (fwu.html).

This section will describe, how to proceed with the third approach here. Therefore no further programmer hardware is required.

First boot into the TF-A monitor using the correct strapping pin setting. See Reference Information

bl2u_gpt

Please follow the instructions and the red markers, illustrated on the previous screenshot.

  • Arrow #1, Choose now the proper .gpt file [Choose File]

  • Arrow #2, Upload the file by pressing the [Upload file] button

  • Arrow #3, If the upload is finished, check dropdown value is set to [eMMC] device

  • Arrow #3, Afterwards the [Write Flash Image] button can be pressed

  • Wait till the write procedure is completed. This process can take a few minutes.

  • The progress can be checked anytime inside the [Log:] field.

  • Change the strapping mode back to 0x0 or 0x3 for the eMMC boot mode. See the reference section for more info.

  • Reset the board

3.3. Programm eMMC with FIP

A FIP file can only be programmed, if the eMMC device is already partitioned. If not please follow the description of: Program eMMC with GPT Image

This description is also valid for updating an existing FIP on the target.

The FIP file can be written by using one of this following methods.

  1. Using UBoot console with network and upload/write the FIP using mmc commands

  2. Use the HTML5 based firmware update browser tool (fwu.html).

We will focus here on the second approach.

First Boot into the TF-A monitor using the correct strapping pin setting. See Reference Information

Afterwards follow the description based on the BL2U bootstrap monitor page:

bl2u

The following instructions and the red markers illustrating the needed actions.

  • Arrow #1, Choose now the proper .fip file [Choose File]

  • Arrow #2, Upload the file by pressing the [Upload file] button

  • Arrow #3, If the upload is finished, check dropdown value is set to [eMMC] device

  • Arrow #3, Afterwards the [Write FIP Image] button can be pressed

  • Wait till the write eMMC procedure is completed. This process can take a few minutes.

  • The progress can be checked anytime inside the [Log:] field.

  • Change the strapping mode back to 0x0 or 0x3 for the eMMC boot mode. See Reference Information

  • Reset the board