Building Stock RD-1AE Images
The RD-1AE automotive solution from Arm has an extensive set of software and documentation provided by Arm. This document will cover the steps needed to build and run these software images on Arm Virtual Hardware powered by Corellium.
Note that the RD-1AE model contains all of the stock firmware already and you can choose which software package to run by using the pulldown menu for Firmware version when you create the device.
For more information on the Arm software packages for the RD-1AE, refer to the Arm Automotive Solutions webpage. Note that the terms RD-1AE and Kronos are used interchangeably by Arm, as Kronos was originally the codename for the device as it was being developed.
Build your image
To build your own version of the stock firmware, follow these steps:
Follow the Ubuntu instructions on this Yocto documentation page.
Install additional dependencies.
sudo apt install -y python3-newt tmux
sudo -H pip3 install --upgrade kas==4.2Clone the repository with tmux.
tmux new-session -s rd-1ae
tmux attach -t rd-1ae
mkdir -p $HOME/rd-1ae
cd $HOME/rd-1ae
git clone https://git.gitlab.arm.com/automotive-and-industrial/kronos-ref-stack/kronos.git --branch v1.0Apply the following changes to the repository to increase the mem size and disable SVE support.
$ git diff
diff --git a/yocto/kas/base.yml b/yocto/kas/base.yml
index cc2481d..ae8e01a 100644
--- a/yocto/kas/base.yml
+++ b/yocto/kas/base.yml
@@ -50,7 +50,7 @@ repos:
env:
TESTIMAGE_AUTO:
- SVE_DISABLE_FLAG:
+ SVE_DISABLE_FLAG: "1"
local_conf_header:
meta-kronos-error-qa: |
@@ -72,5 +72,5 @@ local_conf_header:
HALT,${DL_DIR},100M,1K \
HALT,${SSTATE_DIR},100M,1K \
HALT,/tmp,10M,1K"
+ mem: |
+ BAREMETAL_IMAGE_MEM_SIZE = "4064M"Apply the following patch to disable PCI passthrough of an unmodeled AHCI PCI device. This is relevant only for the virtualization firmware targets.
diff --git a/yocto/meta-kronos/recipes-core/domu-package/domu-envs.inc b/yocto/meta-kronos/recipes-core/domu-package/domu-envs.inc
index 6ba5380..0367462 100644
--- a/yocto/meta-kronos/recipes-core/domu-package/domu-envs.inc
+++ b/yocto/meta-kronos/recipes-core/domu-package/domu-envs.inc
@@ -35,7 +35,7 @@ DOMU1_NUMBER_OF_CPUS ?= "2"
DOMU1_VCPU_PIN ?= "cpus = [\"1-2\"]"
DOMU1_MPAM ?= "mpam = [\"slc=0xc0\"]"
DOMU1_SVE ?= "sve = \"${DOMU_SVE_SETTING}\""
-DOMU1_PCI_PASSTHROUGH ?= "pci = [\"${DOMU1_PCI_ID}\"]"
+DOMU1_PCI_PASSTHROUGH ?= ""
DOMU1_EXTRA ?= "${DOMU1_BRIDGES}\\n${DOMU1_VCPU_PIN}\\n${DOMU1_MPAM}\\n${DOMU1_SVE}\\n${DOMU1_PCI_PASSTHROUGH}\\n"
DOMU2_BRIDGES ?= "vif = ['script=vif-openvswitch,bridge=ovsbr0,vifname=domu2.ext0', 'script=vif-openvswitch,bridge=brsi0.100,vifname=domu2.ethsi0', 'script=vif-openvswitch,bridge=brsi1.200,vifname=domu2.ethsi1', 'script=vif-openvswitch,bridge=brsi2.300,vifname=domu2.ethsi2']"The default disk size in the reference software build is only 2GB. Apply the following change to
meta-arm-bsp
to increase the disk size to 32GB.ubuntu@ip-100-68-0-137:~/rd1ae/layers/meta-arm/meta-arm-bsp$ git diff
diff --git a/meta-arm-bsp/wic/fvp-rd-kronos-efi-disk.wks.in b/meta-arm-bsp/wic/fvp-rd-kronos-efi-disk.wks.in
index 928308e9..87b731dc 100644
--- a/meta-arm-bsp/wic/fvp-rd-kronos-efi-disk.wks.in
+++ b/meta-arm-bsp/wic/fvp-rd-kronos-efi-disk.wks.in
@@ -1,5 +1,5 @@
part /boot --label boot --active --align 1024 --use-uuid --part-type EF00 --source bootimg-efi --sourceparams="loader=${EFI_PROVIDER}" --size=128M
-part / --label root --align 1024 --use-uuid --source rootfs --fstype=ext4
+part / --label root --align 1024 --use-uuid --source rootfs --fstype=ext4 --size=16384
bootloader --ptable gpt --timeout=1 --append="${GRUB_LINUX_APPEND}"Check to ensure the changes have been made using
kas
.kas shell -c "bitbake-getvar BAREMETAL_IMAGE_MEM_SIZE"
Transfer and unpack the tarball, then run the following.
chmod a+x build_run.sh
./build_run.shStart the build through the
kas menu
. In this example, we select "Safety Island Actuation Demo" and "Baremetal".kas menu kronos/Kconfig
When selecting "Safety Island Actuation Demo", the compiled binaries can be found in
build/tmp_$type/deploy/images/fvp-rd-kronos/
. Note that$type
is either baremetal, virtualization, or systemready-glibc.
Upload your image
The simplest way to upload your own firmware image is to download an existing image and replace the relevant components.
Filename Yocto build | Description | Filename Corellium build |
---|---|---|
rss-flash-image-fvp-rd-kronos.wic | RSS boot flash, three SI images and SCP | boot_flash |
ap-flash-image-fvp-rd-kronos.wic | AP boot flash | ap_flash |
mmc-image-fvp-rd-kronos.wic | SD card | sdcard |
rss-nvm-image.bin | Lifecycle Manager OTP | lcm_op |
$type-image-fvp-rd-kronos.wic / arm-systemready-ir-acs-fvp-rd-kronos.wic | System storage | virtio_0 |
encrypted_dm_provisioning_bundle.bin | DM provisioning bundle | firmware/encrypted_dm_provisioning_bundle.bin |
encrypted_cm_provisioning_bundle_0.bin | CM provisioning bundle | firmware/encrypted_cm_provisioning_bundle_0.bin |
rss-rom-image-fvp-rd-kronos.wic.nopt | RSS ROM | firmware/rss-rom-image-fvp-rd-kronos.wic.nopt |
Boot a custom ISO
The build config for the reference software stack supports different opterating systems including Debian and openSUSE.
Users who want to run a custom Linux operating system have several options.
Upload a custom ISO to the SD card
Start with an existing RD-1AE device.
Navigate to Settings -> Partitions for your device on the AVH web interface.
Upload your custom ISO to the SD card partition then click Save & Reboot.
The boot order is VIRTIO -> MMC -> PXE, so you will need to stop U-Boot. Press
return
when you seeHit any key to stop autoboot
during the boot process.U-Boot 2023.07.02 (Jul 11 2023 - 15:20:44 +0000) arm_fvp
Model: RD Kronos
DRAM: 2 GiB (effective 4 GiB)
Arm FF-A framework discovery
FF-A driver 1.0
FF-A framework 1.0
FF-A versions are compatible
Core: 25 devices, 16 uclasses, devicetree: board
MMC: mmci@c050000: 0
Loading Environment from nowhere... OK
In: serial@2a400000
Out: serial@2a400000
Err: serial@2a400000
Net: eth0: virtio-net#0
Hit any key to stop autoboot: 3After interrupting the boot, explicitly choose the SD card at the prompt.
=> run bootcmd_mmc0
switch to partitions #0, OK
mmc0 is current device
Scanning mmc 0:2...
FF-A driver 1.0
FF-A framework 1.0
FF-A versions are compatible
...
Package a custom ISO into the firmware image
Download the source image ("coreimg") for your desired RD-1AE firmware image from the device creation menu.
Move the ISO to the same working directory as the coreimg.
mv /path/to/iso sdcard
Update the
sdcard
archive member of the coreimg file.zip <coreimg_source_image> sdcard
Create an RD-1AE using your custom firmware image.
Building the image with custom Safety Island, SCP, or RSS firmware
Due to the use of secure boot through the RD1-AE firmware boot process it is not possible to shim in new firmware revisions of a specific subsystem component without rebuilding the entire stack. The RD1-AE Yocto-based firmware builds flattened flash images that include the firmware of all subsystems, each signed with common keys generated during the build. Consequentially, each firmware element is not exported explicitly - but are rather contained within the AP Flash
and Boot Flash
flash partitions and are used as-is from the build process.