There are two boot flows in the Zynq UltraScale+ MPSoC architecture: secure and non-secure. The following sections describe some of the example boot sequences in which you bring up various processors and execute the required boot tasks.
Non-Secure Boot Flow
In non-secure boot mode, the PMU releases the reset of the configuration security unit (CSU), and enters the PMU server mode where it monitors power. After the PMU releases the CSU from reset, it loads the FSBL into OCM. PMU firmware runs from PMU RAM in parallel to FSBL in OCM. FSBL is run on APU or RPU. FSBL runs from APU/RPU and TF-A; U-Boot and Linux run on APU. Other boot configurations allow the RPU to start and operate wholly independent of the APU and vice-versa.
- On APU, TF-A will be executed after the FSBL hands off to TF-A. TF-A hands off to a second stage boot loader like U-Boot which executes and loads an operating system such as Linux.
- On RPU, FSBL hands off to a software application.
- Linux, in turn, loads the executable software.
Secure Boot Flow
In the secure boot mode, the PMU releases the reset of the configuration security unit (CSU) and enters the PMU server mode where it monitors power. After the PMU releases the CSU from reset, the CSU checks to determine if authentication is required by the FSBL or the user application.
The CSU does the following:
- Performs an authentication check and proceeds only if the authentication check passes. Then checks the image for any encrypted partitions.
- If the CSU detects partitions that are encrypted, the CSU performs decryption and loads the FSBL into the OCM.
For more information on CSU, see the Configuration Security Unit section.
FSBL running on APU hands off to TF-A. FSBL running on RPU loads TF-A. In both the cases, TF-A loads U-Boot which loads the OS. TF-A then executes the U-Boot and loads an OS such as Linux. Then Linux, in turn, loads the executable software. Similarly, FSBL checks for authentication and encryption of each partition it tries to load. The partitions are only loaded by FSBL on successful authentication and decryption (if previously encrypted).
psu_coresight_0
is not supported as a
stdout
port.