1Corstone SSE-315 with Ethos-U65 Example Subsystem for Ecosystem FVP
2===================================================================
3
4Introduction
5------------
6
7Corstone-315 is an Arm reference subsystem for secure System on Chips containing
8an Armv8.1-M Cortex-M85 processor and LCM, KMU and SAM IPs. and an
9Ethos-U65 neural network processor. It is an MPS4 based platform.
10
11This platform port supports all TF-M regression tests (Secure and Non-secure)
12with Isolation Level 1 and 2.
13
14.. note::
15
16   For Ethos-U65 IP this platform support only provides base address,
17   interrupt number and an example NPU setup as non-secure, unprivileged.
18
19.. note::
20
21   For Armclang compiler v6.18 or later version is required.
22
23Building TF-M
24-------------
25
26Follow the instructions in :doc:`Building instructions </building/tfm_build_instruction>`.
27^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
28
29Build instructions with platform name: arm/mps4/corstone315
30^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
31``-DTFM_PLATFORM=arm/mps4/corstone315``
32
33.. note::
34
35   The built binaries can be run on the Corstone-315 Ethos-U65 Ecosystem FVP
36   (FVP_Corstone_SSE-315).
37
38.. note::
39
40   If ``-DTFM_DUMMY_PROVISIONING=ON`` then the keys in the
41   ``tf-M/platform/ext/target/arm/mps4/common/provisioning/bundle_cm/cm_provisioning_config.cmake``,
42   ``tf-M/platform/ext/target/arm/mps4/common/provisioning/bundle_dm/dm_provisioning_config.cmake`` and
43   default MCUBoot signing and encryption keys will be used for provisioning.
44
45   If ``-DTFM_DUMMY_PROVISIONING=OFF`` is set then unique values can be used for provisioning. The keys
46   and seeds can be changed by passing the new values to the build command, or by setting the
47   ``-DDM_PROVISIONING_KEYS_CONFIG`` and  ``-DCM_PROVISIONING_KEYS_CONFIG`` flag to the ``.cmake`` files
48   which contain the keys. An example config cmake file can be seen at
49   ``tf-m/platform/ext/target/arm/mps4/common/provisioning/bundle_cm/cm_provisioning_config.cmake``
50   and ``tf-m/platform/ext/target/arm/mps4/common/provisioning/bundle_dm/dm_provisioning_config.cmake``.
51   Otherwise new random values are going to be generated and used (or default values in some cases).
52
53   For signing the BL2 image, ``${TFM_BL1_2_CM_SIGNING_KEY_PATH}`` key will be used. This should point
54   to a valid LMS ``.pub`` file. The private key is found with the ``.prv`` extension. If
55   ``-DTFM_GENERATE_BL1_2_CM_SIGNING_KEY=ON`` is set, then a new signing public and private keypair
56   is going to be generated and it's going to be used to sign the the BL2 image.
57
58   For the image signing the ``${MCUBOOT_KEY_S}`` and ``${MCUBOOT_KEY_NS}`` will be used. These variables
59   should point to ``.pem`` files that contain the code signing private keys. The public keys are going
60   to be generated from these private keys and will be used for provisioning. The hash of the public
61   key is going to be written into the ``provisioning_data.c`` automatically. For the BL2 image
62   encryption the ``TFM_BL2_ENCRYPTION_KEY_PATH`` has to be set to a .bin file which contains the
63   encryption key.
64   (For an example, see ``tf-m/bl1/bl1_2/bl2_dummy_encryption_key.bin``)
65
66   If ``-DMCUBOOT_GENERATE_SIGNING_KEYPAIR=ON`` is set then a new MCUBoot signing public and private
67   keypair is going to be generated and it's going to be used to sign the S and NS binaries.
68
69
70   The new generated keypair can be found in the ``<build dir>/bin`` folder or in the
71   ``<install directory>/image_signing/keys`` after installation.
72   The generated provisioning_data.c file can be found at
73   ``<build directory>/platform/target/provisioning/provisioning_data.c``
74
75.. note::
76
77   The provisioning bundle generation depends on pyelftools that's have to be installed::
78
79    pip3 install pyelftools
80
81
82To run the example code on Corstone-315 Ethos-U65 Ecosystem FVP
83---------------------------------------------------------------
84FVP is available to download `here <https://developer.arm.com/Tools%20and%20Software/Fixed%20Virtual%20Platforms/IoT%20FVPs>`__
85
86#. Install the FVP
87#. Copy ``bl1_1.bin``, ``cm_provisioning_bundle.bin``, ``dm_provisioning_bundle.bin``,
88   ``bl2_signed.bin`` and ``tfm_s_ns_signed.bin``  files from
89   build dir to ``<FVP installation path>/models/Linux64_GCC-6.4/``
90#. Navigate to the same directory and execute the following command to start FVP::
91
92    $ ./FVP_Corstone_SSE-315 --data "bl1_1.bin"@0x11000000
93                   --data "cm_provisioning_bundle.bin"@0x12024000
94                   --data "dm_provisioning_bundle.bin"@0x1202aa00
95                   --data "bl2_signed.bin"@0x12031400
96                   --data "tfm_s_ns_signed.bin"@0x38000000
97
98
99#. After completing the procedure you should be able to see similar messages
100   to this on the serial port (baud 115200 8n1)::
101
102    Trying 127.0.0.1...
103    Connected to localhost.
104    Escape character is '^]'.
105    [INF] Starting TF-M BL1_1
106    [INF] Beginning provisioning
107    [INF] TP mode set complete, system will now reset.
108    [INF] Starting TF-M BL1_1
109    [INF] Beginning provisioning
110    [INF] Waiting for CM provisioning bundle
111    [INF] Enabling secure provisioning mode, system will now reset.
112    [INF] Starting TF-M BL1_1
113    [INF] Beginning provisioning
114    [INF] Waiting for CM provisioning bundle
115    [INF] Running CM provisioning bundle
116    [INF] Starting TF-M BL1_1
117    [INF] Beginning provisioning
118    [INF] Waiting for DM provisioning bundle
119    [INF] Enabling secure provisioning mode, system will now reset.
120    [INF] Starting TF-M BL1_1
121    [INF] Beginning provisioning
122    [INF] Waiting for DM provisioning bundle
123    [INF] Running DM provisioning bundle
124    [INF] Starting TF-M BL1_1
125    [INF] Jumping to BL1_2
126    [INF] starting TF-M bl1_2
127    [INF] Attempting to boot image 0
128    [INF] BL2 image decrypted successfully
129    [INF] BL2 image validated successfully
130    [INF] Jumping to BL2
131    [INF] Starting bootloader
132    [INF] Image index: 1, Swap type: none
133    [INF] Image index: 0, Swap type: none
134    [INF] Bootloader chainload address offset: 0x0
135    [INF] Jumping to the first image slot
136    Booting TF-M v2.0.0+d09934721
137    Non-Secure system starting...
138
139.. note::
140
141   Some of the messages above are only visible when ``CMAKE_BUILD_TYPE`` is set
142   to ``Debug``.
143
144-------------
145
146*Copyright (c) 2024-2025, Arm Limited. All rights reserved.*
147