MPSoC Boot Process
Hardware Resources
The boot process in the Zynq UltraScale+ MPSoC is managed by the Platform Management Unit (PMU) and the Configuration Security Unit (CSU).
Platform Management Unit (PMU)
The Platform Management Unit (PMU) is in charge of powering up and down peripherals and processors:
- Generating and handling system reset signals.
- Power sequencing the different domains in the platform.
At the hardware level, the PMU is composed by:
- Fault tolerant triple-redundant Microblaze core.
- ROM to hold PMU ROM code that includes the PMU startup sequence, routines to handle power-up or down requests, and interrupts.
- 128 KB RAM with ECC used for user PMU Firmware code and data.
- Local registers that are only used by the PMU.
- Global registers that can be accessed from other masters to request power, isolation and reset requests.
Configuration Security Unit (CSU)
The Configuration Security Unit (CSU) is the central configuration processor that manages secure and non-secure system-level configuration.
At the hardware level, the CSU is composed by:
- Fault tolerant triple-redundant Microblaze core and built-in ECC for SEU tolerance.
- ROM memory to store CSU Boot Room (CBR) code.
- Small private RAM (not user accessible) for security sensitive data.
- Dedicated DMA engine for efficient data transfer between PS memories and CSU peripherals.
- Key Management Unit and cryptographic accelerators.
- Process Configuration-Access Port (PCAP), used to program the Programmable Logic.
Stages in the Boot Process
The boot process in the Zynq UltraScale+ MPSoC is a complex mechanism composed by three functional stages.
Pre-configuration Stage
After a power-on reset (POR), the PMU ROM code is executed and initializes the system, including:
- Initialize the PS SYSMON (System Monitor) and the PLL required for boot.
- Clear the PMU RAM and CSU RAM
- Validate the PLL locks.
- Validate the LPD, AUX and I/O supply ranges using the PS SYSMON.
- Clear the low-power and full-power domains.
- If the previous steps are successful, the PMU releases the CSU reset and enters the PMU service mode.
Configuration Stage
When the CSU reset is released, it execute the CSU ROM code and performs the following steps.
- Initialize the On-Chip Memory (OCM).
- Determine the boot mode selected by the associated external pins. There are several available boot modes in the CSU Boot ROM code that can be grouped in two categories:
-
Boot Image based: The boot image is a software container that must include an information header and contains multiple data partition, being the first one the mandatory First Stage Boot Loader (FSBL) program. The boot image can reside in several primary boot devices:
- Quad-SPI
- SD / eMMC
- USB 2.0 (controller 0)
- NAND Flash
- JTAG based: If this mode is detected, the JTAG host takes the control of the booting process.
-
Boot Image based: The boot image is a software container that must include an information header and contains multiple data partition, being the first one the mandatory First Stage Boot Loader (FSBL) program. The boot image can reside in several primary boot devices:
- Interpret the boot image header and perform the associated actions, including:
- Determine the secure boot mode.
- Boot image is non secure
- Boot image is encrypted
- Boot image is authenticated
- Boot image is encrypted and authenticated
- Determine the RPU or APU processor that will execute the FSBL, i.e.:
- Cortex-A53, core 0.
- Cortex-R5, core 0.
- Cortex-R5, lockstep mode.
- Determine the secure boot mode.
- Load the FSBL from the boot image in the On-Chip Memory (OCM) for execution by the selected processor.
- Load the PMU User Firmware (PMU FW) from the boot image into the PMU RAM (optional).
Post-configuration Stage
Once the FSBL starts execution, the CSU ROM code enters the post-configuration stage and monitors tamper signals from the system, detecting if the secure boot process is correct.
From this point, the CSU will provide hardware services to the system:
- File authentication and decryption.
- Store and manage secure keys.
- PL configuration via PCAP interface.
From this moment onward, the FSBL will be in charge of further boot operations, such as accessing and loading other data partitions in the boot image, including:
- PMU Firmware if the CSU Boot Room didn't load it previously.
- Bitstream for the Programmable Logic
- Software executables for the APU and RPU processors.
Even after the boot process has finished, the PMU will provide platform management services by using the PMU FW in conjunction with the PMU ROM code. The PMU FW is not mandatory but required in most systems and must be present if the FSBL and other system software need to access to power management related functionality (e.g. u-boot and Linux).
NOTE: as pointed out, Programmable Logic (PL) bitstream can be included in the boot image and programmed by the First Stage Boot-loader(FSBL). Alternatively, it can also be programmed by other system software executed afterwards (e.g. U-Boot or Linux). The PL bitstream can be secure or non secure.