Versal SDCard support

arch.mk

@@ -1444,7 +1444,20 @@ BOOT_IMG?=test-app/image.bin
 ifeq ($(ARCH),AARCH64)
   CFLAGS+=-DMMU -DWOLFBOOT_FDT -DWOLFBOOT_DUALBOOT
   OBJS+=src/fdt.o
-  UPDATE_OBJS:=src/update_ram.o
+  ifneq ($(filter 1,$(DISK_SDCARD) $(DISK_EMMC)),)
+    # Disk-based boot (SD card or eMMC)
+    CFLAGS+=-DWOLFBOOT_UPDATE_DISK
+    ifeq ($(MAX_DISKS),)
+      MAX_DISKS=1
+    endif
+    CFLAGS+=-DMAX_DISKS=$(MAX_DISKS)
+    UPDATE_OBJS:=src/update_disk.o
+    OBJS+=src/gpt.o
+    OBJS+=src/disk.o
+  else
+    # RAM-based boot from external flash (default)
+    UPDATE_OBJS:=src/update_ram.o
+  endif
 else
   ifeq ($(DUALBANK_SWAP),1)
     CFLAGS+=-DWOLFBOOT_DUALBOOT

config/examples/versal_vmk180_sdcard.config

@@ -0,0 +1,118 @@
+# wolfBoot configuration for AMD Versal VMK180 - SD Card Boot
+# Versal Prime VM1802 ACAP - Dual ARM Cortex-A72
+#
+# This configuration enables SD card boot for the Versal:
+#   PLM -> PSM -> BL31 (EL3) -> wolfBoot (EL2) -> Linux (EL1)
+#
+# wolfBoot loads firmware images from MBR partitions on SD card.
+# Uses the generic SDHCI driver with SD1 controller (external SD slot).
+
+ARCH?=AARCH64
+TARGET?=versal
+
+WOLFBOOT_VERSION?=1
+
+# ECC-384 with SHA-384 (good balance of security and performance)
+SIGN?=ECC384
+HASH?=SHA384
+IMAGE_HEADER_SIZE?=512
+
+# Debug options
+DEBUG?=1
+DEBUG_SYMBOLS=1
+DEBUG_UART=1
+
+# SD card support - use SDHCI driver
+DISK_SDCARD?=1
+DISK_EMMC?=0
+
+# Disable QSPI flash when using SD card
+EXT_FLASH?=0
+NO_XIP=1
+
+# ELF loading support
+ELF?=1
+
+# Boot Benchmarking (optional)
+BOOT_BENCHMARK?=1
+
+# General options
+VTOR?=1
+CORTEX_M0?=0
+NO_ASM?=0
+ALLOW_DOWNGRADE?=0
+NVM_FLASH_WRITEONCE?=0
+V?=0
+SPMATH?=1
+RAM_CODE?=0
+DUALBANK_SWAP?=0
+PKA?=0
+WOLFTPM?=0
+
+# Toolchain
+USE_GCC=1
+CROSS_COMPILE=aarch64-none-elf-
+
+# ============================================================================
+# Partition Layout - MBR (required by Versal boot ROM)
+# ============================================================================
+# SD Card partition layout (MBR):
+#   Partition 1: boot   (128MB, FAT32 LBA, bootable) - BOOT.BIN
+#   Partition 2: OFP_A  (200MB, Linux)               - Primary signed image
+#   Partition 3: OFP_B  (200MB, Linux)               - Update signed image
+#   Partition 4: rootfs (remainder)                  - Linux root filesystem
+#
+# Use partition numbers instead of flash addresses
+# These are 0-based indices into the parsed partition array:
+#   part[0]=boot, part[1]=OFP_A, part[2]=OFP_B, part[3]=rootfs
+WOLFBOOT_NO_PARTITIONS=1
+CFLAGS_EXTRA+=-DBOOT_PART_A=1
+CFLAGS_EXTRA+=-DBOOT_PART_B=2
+
+# Disk read chunk size (512KB)
+CFLAGS_EXTRA+=-DDISK_BLOCK_SIZE=0x80000
+
+# Disable SDMA for multi-block transfers - use PIO instead.
+# The Versal Arasan SDHCI controller does not restart SDMA after
+# boundary crossings via SRS22/SRS23 writes (Cadence-specific behavior).
+CFLAGS_EXTRA+=-DSDHCI_SDMA_DISABLED
+
+# Linux rootfs is on partition 4 (default is /dev/mmcblk0p2 for QSPI boot)
+CFLAGS_EXTRA+=-DLINUX_BOOTARGS_ROOT=\"/dev/mmcblk0p4\"
+
+# ============================================================================
+# Boot Memory Layout
+# ============================================================================
+# wolfBoot runs from DDR at 0x8000000 (same address as U-Boot)
+WOLFBOOT_ORIGIN=0x8000000
+
+# Load Partition to RAM Address (Linux kernel loads here)
+WOLFBOOT_LOAD_ADDRESS?=0x10000000
+
+# DTS (Device Tree) load address
+# Must be in DDR low (0x0-0x7FFFFFFF) - matches QSPI config and FIT ITS load address
+WOLFBOOT_LOAD_DTS_ADDRESS?=0x1000
+
+# ============================================================================
+# Required for test-app (even with WOLFBOOT_NO_PARTITIONS=1)
+# ============================================================================
+WOLFBOOT_PARTITION_BOOT_ADDRESS=0x80200000
+WOLFBOOT_PARTITION_SIZE=0x4000000
+WOLFBOOT_SECTOR_SIZE=0x1000
+
+# ============================================================================
+# UART Configuration - UART1 for APU console (matches VMK180 board)
+# ============================================================================
+CFLAGS_EXTRA+=-DDEBUG_UART_NUM=0
+
+# ============================================================================
+# Optional Debug Options (uncomment to enable)
+# ============================================================================
+# SDHCI driver debug logs
+#CFLAGS_EXTRA+=-DDEBUG_SDHCI
+# Disk layer debug logs
+#CFLAGS_EXTRA+=-DDEBUG_DISK
+# GPT partition debug logs
+#CFLAGS_EXTRA+=-DDEBUG_GPT
+# Disk read/write test at boot
+#CFLAGS_EXTRA+=-DDISK_TEST

docs/Targets.md

@@ -2306,6 +2306,108 @@ Typical boot timing with ECC384/SHA384 signing:
 | **Total wolfBoot overhead** | **~870ms** |
 
 
+### SD Card Boot
+
+wolfBoot supports booting from SD card on the VMK180 using the Cadence SDHCI controller. This enables A/B partition-based firmware updates from GPT partitions on the SD card.
+
+#### SD Card Partition Layout
+
+The SD card uses MBR partitioning to match the stock Versal SD card format:
+
+| Partition | Name | Size | Type | Contents |
+|-----------|------|------|------|----------|
+| 1 | boot | 128MB | FAT32 LBA (0x0c), bootable | BOOT.BIN (PLM + PSM + BL31 + wolfBoot) |
+| 2 | OFP_A | 200MB | Linux (0x83) | Primary signed firmware image |
+| 3 | OFP_B | 200MB | Linux (0x83) | Update signed firmware image |
+| 4 | rootfs | remainder | Linux (0x83) | Linux root filesystem |
+
+#### Configuration
+
+Use the SD card configuration file:
+
+```sh
+cp config/examples/versal_vmk180_sdcard.config .config
+make clean
+make
+```
+
+Key differences from QSPI configuration:
+- `DISK_SDCARD=1` - Enable SD card support via SDHCI driver
+- `EXT_FLASH=0` - Disable QSPI flash
+- `BOOT_PART_A=2` - Primary firmware on partition 2
+- `BOOT_PART_B=3` - Update firmware on partition 3
+
+#### Building and Provisioning
+
+1. **Build wolfBoot and create SD card image:**
+
+```sh
+./tools/scripts/versal_test.sh --sdcard
+```
+
+This creates:
+- `wolfboot.elf` - wolfBoot bootloader
+- `BOOT.BIN` - Complete boot image for partition 1
+- `sdcard.img` - GPT-partitioned SD card image with signed test apps
+- `test-app/image_v1_signed.bin` - Signed primary firmware
+- `test-app/image_v2_signed.bin` - Signed update firmware
+
+2. **Provision the SD card:**
+
+```sh
+sudo ./tools/scripts/versal_sdcard_provision.sh /dev/sdX
+```
+
+Or manually:
+
+```sh
+# Write partition image
+sudo dd if=sdcard.img of=/dev/sdX bs=4M status=progress conv=fsync
+sync
+
+# Format boot partition and copy BOOT.BIN
+sudo mkfs.vfat -F 32 -n BOOT /dev/sdX1
+sudo mount /dev/sdX1 /mnt
+sudo cp BOOT.BIN /mnt/
+sudo umount /mnt
+```
+
+3. **Verify partitions:**
+
+```sh
+sudo sgdisk -p /dev/sdX
+```
+
+#### Boot Mode Selection
+
+Set the VMK180 boot mode switches for SD card boot:
+- MODE[3:0] = 0b1110 (SD1 boot)
+
+#### Expected Boot Output
+
+```
+========================================
+wolfBoot Secure Boot - AMD Versal
+========================================
+Current EL: 2
+SDHCI: SDCard mode
+...
+Boot partition: A (2)
+Firmware Valid
+Booting at 0x10000000
+```
+
+#### Firmware Updates
+
+To test A/B updates:
+
+1. Boot from partition A (OFP_A) with version 1
+2. Write new signed image to partition B (OFP_B)
+3. Trigger update via wolfBoot API
+4. On next boot, wolfBoot verifies and boots from partition B
+5. If verification fails, wolfBoot falls back to partition A
+
+
 ## Cypress PSoC-6
 
 The Cypress PSoC 62S2 is a dual-core Cortex-M4 & Cortex-M0+ MCU. The secure boot process is managed by the M0+.