7.33.3. Dragonwing RB3 Gen 2 development platform
Trusted Firmware-A (TF-A) platform port for Kodiak SoC based RB3Gen2 platform. For details about RB3Gen2 platform, refer to this link
7.33.3.1. Boot flow
The boot flow on RB3Gen2 with TF-A BL2 replacing the TZ firmware binary and FIP payload replcacing UEFI binary as:
PBL (ROM) -> XBL -> TF-A BL2 -> TF-A BL31 -> BL33 -> Linux kernel
|
--> OP-TEE as BL32
BL33 can either be edk2, U-Boot, Coreboot + Depthcharge etc.
Summary:
PBL authenticates and loads XBL on on-chip RAM (IMEM) which is responsible to initializing DRAM and has the flash storage driver.
XBL/XBL_SEC authenticates and loads TF-A BL2 from tz_a/b partition and FIP payload from uefi_a/b partition on flash to DRAM.
TF-A BL2 parses the FIP payload on DRAM and loads BL31, BL32 and BL33 components in corresponding locations as specified in FIP metadata.
7.33.3.2. How to build
Steps to build TF-A BL2 and FIP payload:
$ make CROSS_COMPILE=aarch64-none-elf- PLAT=rb3gen2 SPD=opteed \
QTISECLIB_PATH=<qtiseclib-path> BL32=<path-to-optee-bin> \
BL33=<path-to-os-bootloader-bin> fip all
$ ./tools/qti/generate_fip_elf.sh build/rb3gen2/release/fip.bin \
0x9fc00000
QTISELIB for Kodiak/SC7280 is available at link
Note that the bl2.elf generated here is required to be signed as TZ image with QTI signing involved. Also, the fip.elf generated above is signed using qtestsign which just puts the OEM test signature to allow it to work on devices in non-secure mode. In secure mode, it is required to be signed using sectools v2
7.33.3.3. How to flash
Generate a Yocto BSP image for RB3Gen2 following instructions from meta-qcom here
It will generate a tar ball in the build folder for RB3Gen2 something like: qcom-multimedia-image-qcs6490-rb3gen2-core-kit.rootfs.qcomflash.tar.gz. Untar it and replace tz.mbn with bl2.mbn and uefi.elf with fip.elf that you have generated by yourself.
Then flash the board following the meta-qcom instructions here
7.33.3.4. Boot Trace
Boot logs on RB3Gen2:
Format: Log Type - Time(microsec) - Message - Optional Info
Log Type: B - Since Boot(Power On Reset), D - Delta, S - Statistic
<snip-XBL-logs>
NOTICE: BL2: v2.13.0(release):v2.13.0-825-gc17b22110
NOTICE: BL2: Built : 15:54:07, Sep 25 2025
NOTICE: BL2: Booting BL31
NOTICE: BL31: v2.13.0(release):v2.13.0-825-gc17b22110
NOTICE: BL31: Built : 15:58:59, Sep 25 2025
QTISECLIB [0019dc805]QC_IMAGE_VERSION_STRING=QTISECLIB.CB.1.0-00069-SC7280AAAAAANAZT-1
QTISECLIB [001a0817c]IMAGE_VARIANT_STRING=SC7180LC
QTISECLIB [001a221d8]OEM_IMAGE_VERSION_STRING=crm-ubuntu54
QTISECLIB [001a40244]QC_IMAGE_TS_STRING=23:42:01, Aug 31 2022
I/TC:
I/TC: OP-TEE version: 4.7.0-79-g8a8fab26c (gcc version 14.2.0 (Ubuntu 14.2.0-19ubuntu2)) #7 Thu Sep 25 10:28:22 UTC 2025 aarch64
I/TC: WARNING: This OP-TEE configuration might be insecure!
I/TC: WARNING: Please check https://optee.readthedocs.io/en/latest/architecture/porting_guidelines.html
I/TC: Primary CPU initializing
I/TC: Primary CPU switching to normal world boot
<snip>