docs/plat/qemu.rst - platform/external/arm-trusted-firmware - Gitiles

 QEMU virt Armv8-A
 =================

 Trusted Firmware-A (TF-A) implements the EL3 firmware layer for QEMU virt
 Armv8-A. BL1 is used as the BootROM, supplied with the -bios argument.
 When QEMU starts all CPUs are released simultaneously, BL1 selects a
 primary CPU to handle the boot and the secondaries are placed in a polling
 loop to be released by normal world via PSCI.

 BL2 edits the Flattened Device Tree, FDT, generated by QEMU at run-time to
 add a node describing PSCI and also enable methods for the CPUs.

 If ``ARM_LINUX_KERNEL_AS_BL33`` is set to 1 then this FDT will be passed to BL33
 via register x0, as expected by a Linux kernel. This allows a Linux kernel image
 to be booted directly as BL33 rather than using a bootloader.

 An ARM64 defconfig v5.5 Linux kernel is known to boot, FDT doesn't need to be
 provided as it's generated by QEMU.

 Current limitations:

 -  Only cold boot is supported
 -  No build instructions for QEMU\_EFI.fd and rootfs-arm64.cpio.gz
 -  No instructions for how to load a BL32 (Secure Payload)

 ``QEMU_EFI.fd`` can be dowloaded from
 http://snapshots.linaro.org/components/kernel/leg-virt-tianocore-edk2-upstream/latest/QEMU-KERNEL-AARCH64/RELEASE_GCC5/QEMU_EFI.fd

 Boot binaries, except BL1, are primarily loaded via semi-hosting so all
 binaries has to reside in the same directory as QEMU is started from. This
 is conveniently achieved with symlinks the local names as:

 -  ``bl2.bin`` -> BL2
 -  ``bl31.bin`` -> BL31
 -  ``bl33.bin`` -> BL33 (``QEMU_EFI.fd``)
 -  ``Image`` -> linux/arch/arm64/boot/Image

 To build:

 .. code:: shell

     make CROSS_COMPILE=aarch64-none-elf- PLAT=qemu

 To start (QEMU v4.1.0):

 .. code:: shell

     qemu-system-aarch64 -nographic -machine virt,secure=on -cpu cortex-a57  \
         -kernel Image                           \
         -append "console=ttyAMA0,38400 keep_bootcon root=/dev/vda2"   \
         -initrd rootfs-arm64.cpio.gz -smp 2 -m 1024 -bios bl1.bin   \
         -d unimp -semihosting-config enable,target=native
	QEMU virt Armv8-A
	=================

	Trusted Firmware-A (TF-A) implements the EL3 firmware layer for QEMU virt
	Armv8-A. BL1 is used as the BootROM, supplied with the -bios argument.
	When QEMU starts all CPUs are released simultaneously, BL1 selects a
	primary CPU to handle the boot and the secondaries are placed in a polling
	loop to be released by normal world via PSCI.

	BL2 edits the Flattened Device Tree, FDT, generated by QEMU at run-time to
	add a node describing PSCI and also enable methods for the CPUs.

	If ``ARM_LINUX_KERNEL_AS_BL33`` is set to 1 then this FDT will be passed to BL33
	via register x0, as expected by a Linux kernel. This allows a Linux kernel image
	to be booted directly as BL33 rather than using a bootloader.

	An ARM64 defconfig v5.5 Linux kernel is known to boot, FDT doesn't need to be
	provided as it's generated by QEMU.

	Current limitations:

	- Only cold boot is supported
	- No build instructions for QEMU\_EFI.fd and rootfs-arm64.cpio.gz
	- No instructions for how to load a BL32 (Secure Payload)

	``QEMU_EFI.fd`` can be dowloaded from
	http://snapshots.linaro.org/components/kernel/leg-virt-tianocore-edk2-upstream/latest/QEMU-KERNEL-AARCH64/RELEASE_GCC5/QEMU_EFI.fd

	Boot binaries, except BL1, are primarily loaded via semi-hosting so all
	binaries has to reside in the same directory as QEMU is started from. This
	is conveniently achieved with symlinks the local names as:

	- ``bl2.bin`` -> BL2
	- ``bl31.bin`` -> BL31
	- ``bl33.bin`` -> BL33 (``QEMU_EFI.fd``)
	- ``Image`` -> linux/arch/arm64/boot/Image

	To build:

	.. code:: shell

	make CROSS_COMPILE=aarch64-none-elf- PLAT=qemu

	To start (QEMU v4.1.0):

	.. code:: shell

	qemu-system-aarch64 -nographic -machine virt,secure=on -cpu cortex-a57 \
	-kernel Image \
	-append "console=ttyAMA0,38400 keep_bootcon root=/dev/vda2" \
	-initrd rootfs-arm64.cpio.gz -smp 2 -m 1024 -bios bl1.bin \
	-d unimp -semihosting-config enable,target=native