Creating a custom Linux distribution for an ARM® Cortex®-A9 based SBC

The Yocto project provides an ideal platform for building a custom Linux distribution.  It's design was intended to model a machine.  The Yocto project or machine should take a number of inputs and produce an output.  The inputs to the machine are the specifications for the Linux distribution.  The output of the machine is the Linux distribution.

The Yocto project is the most widely supported system for building custom Linux distributions.

The Yocto project is very well supported by both communities and companies.  The project consists of a tool called bitbake and a build system that is based off of OpenEmbedded.  Together, these two components along with a defined set of metadata comprise what is called the Poky reference platform.

Setting up an ARM® Cortex®-A9 based SBC

The RiOTboard - an ARM® Cortex®-A9 based SBC

The RIoTboard is an ARM® Cortex®-A9 based single board computer (SBC).  The RIoTboard has a Freescale i.MX6 Solo application processor and an integrated Freescale Kinetis MCU for additional debugging and development.  The i.MX6 Solo supports the single ARM® Cortex®-A9 MPCore Platform.  The i.MX6 Solo contains ARM® TrustZone® technology and the i.MX 6 SoC on the RIoTboard has a 96 KB Boot Rom with support for high assurance boot.   Other features of the board include 1 GB of DDR3 memory, 4 GB eMMC, JTAG, Serial, mini USB for OpenSDA, mini USB for USB OTG, LVDS, parallel RGB expansion, 4 USB-A ports, HDMI, audio, reset button, microSD card slot, SD card slot, and boot onboard boot switches.   The board is very reasonably priced.  Last but not least, the Freescale i.MX 6 ARM® Cortex®-A9 application processor has ARM® TrustZone® technology.

ARM® TrustZone® Technology

The i.MX6 Solo processor on the RIoTboard is labeled MCIMX6S8DVM10AB.  According to the i.MX6 Solo data sheet, the processor supports a number of security related features. The list includes ARM® TrustZone® technology with TZ architecture support, a secure JTAG controller for locking down and protecting the JTAG port, a cryptographic acceleration and assurance module with secure RAM and a true PRNG, a central security unit (CSU) including secure non-volatile storage, high assurance boot, and the separation of memory and interrupts between secure world and normal world.  There are more security related features but this is a general list.

the view from above - a trusted zone

ARM®, NFC Technology, and the Single Wire Protocol

At the heart of an ARM Powered® smartphone with NFC technology is the contactless front end or CLF. The CLF is responsible for managing radio-frequency communication at 13.56 MHz.

A mobile phone with NFC technology contains only one CLF.  The CLF is connected to the ARM® processor or application processor via UART, I²C, and in some cases SPI.  These protocols are fairly basic and facilitate straightforward communication between the application processor and CLF via a typical Linux or UNIX-based kernel.  Updating the firmware on the CLF is a typical operation that is performed over the UART serial line.

While a mobile phone with NFC technology contains only one CLF, the phone may contain multiple secure elements. There may be a secure element on the UICC card, on the microSD card, and/or embedded with the CLF on the PCB.  Applets residing on each of the secure elements can serve both similar and different purposes.  Both the secure element and the CLF are small, self-contained computers with I/O communications interfaces. In the case where there are multiple secure elements residing on the phone, each of the secure elements is a small, self-contained computer with I/O communication interfaces.  A secure element differs from a normal computer in that it is embedded. It has limited resources available for performing computations.

ARM Powered® smartphones with NFC technology

Turing machines, first described by Alan Turing in (Turing 1937), are simple abstract computational devices intended to help investigate the extent and limitations of what can be computed.  - Stanford Encyclopedia of Philosophy

The head and the tape in a turing machine

There are a large number of Near field communication (NFC)-enabled phones (devices) on the consumer market. LG, Huawei, Motorola, Samsung, HTC, Nokia, ZTE, Sony, RIM, Amazon, and Apple manufacture and sell mobile phones with NFC technology.

The ARM® Cortex®-A9 Processor - Real World Uses

The ARM^® Cortex^®-A processor is found in compute-intensive applications.  ARM^® Cortex^®-A processors run full or rich operating systems such as Linux or UNIX.  I mentioned the ARM^® Cortex^®-A9 based MPCore in the last blog post.  The ARM^® Cortex^®-A9 processor processor is highly configurable.

ARM® Processor with Freescale logo (© Freescale Semiconductor)

Freescale Semiconductor implements an ARM^® Cortex^®-A9 processor called the i.MX 6.  Freescale sells the i.MX 6 processor in a lite, single, dual, dual-lite, and quad-core configuration. The i.MX 6 processor is used in critical applications across multiple industries.  These industries include aerospace, medical, and industrial.  i.MX processors can be found in Medical-CT scanners, ultrasound machines, automotive telematic systems, airplane computers, e-readers, and a host of other devices.  The power efficiency characteristics of the i.MX 6 make them attractive for wearables such as eye glasses and watches.

ARM® TrustZone® technology - a Few Good Boards

ARM® provides a reference platform for software and hardware developers building systems based on ARM® Cortex®-A processors. The system is called the Juno ARM® Development Platform. The platform ships with a board that contains an ARM® Cortex®-A57 processor and ARM® Cortex®-A53 MPCore processor. The ARM® Cortex®-A57 processor and ARM® Cortex®-A57 processor are 64-bit and implement the ARM®v8-A instruction set architecture (ISA). A board support package can be built for this board using OpenEmbedded / Yocto.

You may notice that the Apple® A7 and Apple® A8 chips in the iPhone® 5c, iPhone® 5s, iPhone® 6, and iPhone® 6 Plus are based on the ARM® Cortex®-A53 and ARM® Cortex®-A57.  The Samsung Exynos 5433 Octa SoC also has an ARM® Cortex®-A57 and ARM® Cortex®-A53 MPCore.  The Samsung Galaxy Note 4 apparently has an 8-core Exynos 5433 processor in it.

Another development board is the Nvidia TK1 development board.  This board has a quad-core ARM® Cortex®-A15 processor.  These boards have been available for purchase at local retailers as of lately. However; the Nvidia K1 "Denver" is the latest product that they are working on and is not available for purchase yet.  It is rumored that the project "Denver" board has an ARM® Cortex®-A57 and an ARM® Cortex®-A53 MPCore.

The Freescale I.MX 6 processor has been hugely popular across a multitude of industries in a variety of embedded products. Freescale sells a development board with the I.MX 6 processor on it. The board is called the SABRE board for smart devices. The SABRE board has a Freescale I.MX 6 Quad Core ARM® Cortex®-A9 processor.   There are other vendors on the Internet that sell their variation of this development board.  One example is Boundary Devices. They sell their version of this board with the same Freescale I.MX 6 Quad Core ARM® Cortex®-A9 MPCore.  A board support package can be built for both the Freescale SABRE board and the Boundary Devices board using OpenEmbedded / Yocto.

There are a few key features of ARM development boards that should be taken into account if you purchase one. Namely; the e-fuses should not be blown out of the box. They should be left open. You can then blow the fuses to fit your configuration.

Here is a quick overview of the processors and boards I've mentioned above.

Processor	Manuf	ISA	Dev Board	TrustZone
ARM® Cortex®-A57 and ARM® Cortex®-A53 MPCore	ARM®	ARM®v8-A	Juno Ref Platform	Yes
ARM® Cortex®-A15	Nvidia	ARM®v7	TK1	Yes
ARM® Cortex®-A15	Samsung	ARM®v7	Arndale Exynos 5420	Yes
ARM® Cortex®-A9 MPCore	Freescale	ARM®v7	Freescale SABRE	Yes
ARM® Cortex®-A9 MPCore	Freescale	ARM®v7	Boundary Devices	Yes
ARM® Cortex®-A9 MPCore + Zync 7000 FPGA	Xilinx	ARM®v7	Zed Board	Yes
ARM® Cortex®-A9 MPCore + Zync 7000 FPGA	Xilinx	ARM®v7	Digilent Zybo	Yes

ARM and Cortex are registered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. ARM and TrustZone are registered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. ARM and SecurCore are registered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, ColdFire+, C-Ware, the Energy Efficient Solutions logo, Kinetis, MagniV, mobileGT, PEG, PowerQUICC, Processor Expert, QorIQ, QorIQ Qonverge, Qorivva, Ready Play, SafeAssure, the SafeAssure logo, StarCore, Symphony, VortiQa, Vybrid and Xtrinsic are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. iPhone is a trademark of Apple Inc., registered in the U.S. and other countries

ARM® TrustZone® technology - from Monitor Mode to Dedicated Security Co-Processing and the Secure Element(s)

In the last blog post I explained how software running in normal world was different from software running in secure world. Each world, secure and normal, has an operating system and a set of applications that run on that operating system. The operating systems and application software are different between the two worlds.


I mentioned a key point in the last blog post: when you turn the power on to your phone, ARM®-Cortex®-based smartphones with ARM® TrustZone® technology allow two operating systems start up at the same time. The operating system in the secure world is called secure OS, and the operating system in the normal world is called normal OS. While both operating systems  run on the same physical processor, the secure OS typically has access to additional physical resources and hardware peripherals.