User Guide
==========
Notice
------
The Corstone-1000 software stack uses the `Yocto project `__ to build
a tiny Linux distribution suitable for the Corstone-1000 platform. The yocto project relies on the
`Bitbake `__
tool as its build tool. Please see `Yocto mega manual `__
for more information.
Prerequisites
-------------
These instructions assume your host PC is running Ubuntu Linux 18.04 or 20.04 LTS, with
at least 32GB of free disk space and 16GB of RAM as minimum requirement. The
following instructions expect that you are using a bash shell.
The following prerequisites must be available on the host system. To resolve these dependencies, run:
::
sudo apt-get update
sudo apt-get install gawk wget git-core diffstat unzip texinfo gcc-multilib \
build-essential chrpath socat cpio python3 python3-pip python3-pexpect \
xz-utils debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev \
pylint3 xterm zstd liblz4-tool picocom
sudo apt-get upgrade libstdc++6
Provided components
-------------------
Within the Yocto project, each component included in the Corstone-1000 software stack is specified as
a `bitbake recipe `__.
The recipes specific to the Corstone-1000 BSP are located at:
``<_workspace>/meta-arm/meta-arm-bsp/``.
The Yocto machine config files for the Corstone-1000 FVP and FPGA are:
- ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc``
- ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf``
- ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/corstone1000-mps3.conf``
Software for Host
#################
Trusted Firmware-A
******************
Based on `Trusted Firmware-A `__
+----------+---------------------------------------------------------------------------------------------------+
| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.5.bbappend |
+----------+---------------------------------------------------------------------------------------------------+
| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.5.bb |
+----------+---------------------------------------------------------------------------------------------------+
OP-TEE
******
Based on `OP-TEE `__
+----------+------------------------------------------------------------------------------------+
| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend |
+----------+------------------------------------------------------------------------------------+
| Recipe | <_workspace>/meta-arm/meta-arm/recipes-security/optee/optee-os_3.14.0.bb |
+----------+------------------------------------------------------------------------------------+
U-Boot
******
Based on `U-Boot `__
+----------+---------------------------------------------------------------------+
| bbappend | <_workspace>/meta-arm/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend |
+----------+---------------------------------------------------------------------+
| Recipe | <_workspace>/poky/meta/recipes-bsp/u-boot/u-boot_2021.07.bb |
+----------+---------------------------------------------------------------------+
Linux
*****
The distro is based on the `poky-tiny `__
distribution which is a Linux distribution stripped down to a minimal configuration.
The provided distribution is based on busybox and built using muslibc. The
recipe responsible for building a tiny version of linux is listed below.
+-----------+----------------------------------------------------------------------------------------------+
| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_%.bbappend |
+-----------+----------------------------------------------------------------------------------------------+
| Recipe | <_workspace>/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb |
+-----------+----------------------------------------------------------------------------------------------+
| defconfig | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig |
+-----------+----------------------------------------------------------------------------------------------+
Software for Boot Processor (a.k.a Secure Enclave)
##################################################
Based on `Trusted Firmware-M `__
+----------+-------------------------------------------------------------------------------------------------+
| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_%.bbappend |
+----------+-------------------------------------------------------------------------------------------------+
| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.4.0.bb |
+----------+-------------------------------------------------------------------------------------------------+
The TF-M version has been bumped to 1.5, however the
trusted-firmware-m_1.4.0.bb recipe file is used.
Building the software stack
---------------------------
Create a new folder that will be your workspace and will henceforth be referred
to as ``<_workspace>`` in these instructions. To create the folder, run:
::
mkdir <_workspace>
cd <_workspace>
Corstone-1000 is a Bitbake based Yocto distro which uses kas and bitbake
commands to build the stack. To install kas tool, run:
::
sudo pip3 install kas
In the top directory of the workspace ``<_workspace>``, run:
::
git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.04.07
To build corstone1000 image for MPS3 FPGA, run:
::
kas shell meta-arm/kas/corstone1000-mps3.yml
bitbake corstone1000-image
Alternatively, to build corstone1000 image for FVP, run:
::
kas shell meta-arm/kas/corstone1000-fvp.yml
bitbake corstone1000-image
The initial clean build will be lengthy, given that all host utilities are to
be built as well as the target images. This includes host executables (python,
cmake, etc.) and the required toolchain(s).
Once the build is successful, all output binaries will be placed in the following folders:
- ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/`` folder for FVP build;
- ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/`` folder for FPGA build.
Everything apart from the ROM firmware is bundled into a single binary, the
``corstone1000-image-corstone1000-{mps3,fvp}.wic.nopt`` file. The ROM firmware is the
``bl1.bin`` file.
The output binaries used by FVP are the following:
- The ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/bl1.bin``
- The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic.nopt``
The output binaries used by FPGA are the following:
- The ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin``
- The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt``
Flash the firmware image on FPGA
--------------------------------
The user should download the FPGA bit file image from `this link `__
and under the section ``Arm® Corstone™-1000 for MPS3``.
The directory structure of the FPGA bundle is shown below.
::
Boardfiles
├── MB
│ ├── BRD_LOG.TXT
│ ├── HBI0309B
│ │ ├── AN550
│ │ │ ├── AN550_v1.bit
│ │ │ ├── an550_v1.txt
│ │ │ └── images.txt
│ │ ├── board.txt
│ │ └── mbb_v210.ebf
│ └── HBI0309C
│ ├── AN550
│ │ ├── AN550_v1.bit
│ │ ├── an550_v1.txt
│ │ └── images.txt
│ ├── board.txt
│ └── mbb_v210.ebf
├── SOFTWARE
│ ├── ES0.bin
│ ├── SE.bin
│ └── an550_st.axf
└── config.txt
Depending upon the MPS3 board version (printed on the MPS3 board) you should update the images.txt file
(in corresponding HBI0309x folder) so that the file points to the images under SOFTWARE directory.
Here is an example
::
;************************************************
; Preload port mapping *
;************************************************
; PORT 0 & ADDRESS: 0x00_0000_0000 QSPI Flash (XNVM) (32MB)
; PORT 0 & ADDRESS: 0x00_8000_0000 OCVM (DDR4 2GB)
; PORT 1 Secure Enclave (M0+) ROM (64KB)
; PORT 2 External System 0 (M3) Code RAM (256KB)
; PORT 3 Secure Enclave OTP memory (8KB)
; PORT 4 CVM (4MB)
;************************************************
[IMAGES]
TOTALIMAGES: 2 ;Number of Images (Max: 32)
IMAGE0PORT: 1
IMAGE0ADDRESS: 0x00_0000_0000
IMAGE0UPDATE: RAM
IMAGE0FILE: \SOFTWARE\bl1.bin
IMAGE1PORT: 0
IMAGE1ADDRESS: 0x00_00010_0000
IMAGE1UPDATE: AUTOQSPI
IMAGE1FILE: \SOFTWARE\cs1000.bin
OUTPUT_DIR = ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3``
1. Copy ``bl1.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle.
2. Copy ``corstone1000-image-corstone1000-mps3.wic.nopt`` from OUTPUT_DIR directory to SOFTWARE
directory of the FPGA bundle and rename the wic image to ``cs1000.bin``.
**NOTE:** Renaming of the images are required because MCC firmware has
limitation of 8 characters before .(dot) and 3 characters after .(dot).
Now, copy the entire folder to board's SDCard and reboot the board.
Running the software on FPGA
----------------------------
On the host machine, open 3 minicom sessions. In case of Linux machine it will
be ttyUSB0, ttyUSB1, ttyUSB2 and it might be different on Window machine.
- ttyUSB0 for MCC, OP-TEE and Secure Partition
- ttyUSB1 for Boot Processor (Cortex-M0+)
- ttyUSB2 for Host Processor (Cortex-A35)
Run following commands to open minicom sessions on Linux:
::
sudo picocom -b 115200 /dev/ttyUSB0 # in one terminal
sudo picocom -b 115200 /dev/ttyUSB1 # in another terminal
sudo picocom -b 115200 /dev/ttyUSB2 # in another terminal.
Once the system boot is completed, you should see console
logs on the minicom sessions. Once the HOST(Cortex-A35) is
booted completely, user can login to the shell using
**"root"** login.
Running the software on FVP
---------------------------
An FVP (Fixed Virtual Platform) of the Corstone-1000 platform must be available to execute the
included run script.
The fixed virtual platform (FVP) version 11.17_23 can be downloaded from the
`Arm Ecosystem FVPs`_ page. On this page, navigate to "Corstone IoT FVPs"
section to download the Corstone1000 platform FVP installer. Follow the
instructions of the installer and setup the FVP.
The run-scripts structure is as below:
::
run-scripts
|── corstone1000
└── run_model.sh
|── ...
Ensure that the FVP has its dependencies met by executing the FVP from its installation folder:
``./``.
All dependencies are met if the FVP launches without any errors, presenting a graphical interface
showing information about the current state of the FVP.
The ``run_model.sh`` script in "<_workspace>/run-scripts/corstone1000/" folder runs the FVP with
the previously built images as arguments. Execute the ``run_model.sh`` script:
::
./run_model.sh ${FVP installation path/} -D ""
When the script is executed, three terminal instances will be launched, one for the boot processor
(aka Secure Enclave) processing element and two for the Host processing element. Once the FVP is
executing, the Boot Processor will start to boot, wherein the relevant memory contents of the .wic
file are copied to their respective memory locations within the model, enforce firewall policies
on memories and peripherals and then, bring the host out of reset.
The host will boot trusted-firmware-a, OP-TEE, U-Boot and then Linux, and present a login prompt
(FVP host_terminal_0):
::
corstone1000-fvp login:
Login using the username root.
Running test applications
-------------------------
**NOTE**: Running the SystemReady-IR tests described below requires the user to
work with USB sticks. In our testing, not all USB stick models work well with
MPS3 FPGA. Here are the USB sticks models that are stable in our test
environment.
- HP V165W 8 GB USB Flash Drive
- SanDisk Ultra 32GB Dual USB Flash Drive USB M3.0
- SanDisk Ultra 16GB Dual USB Flash Drive USB M3.0
**NOTE**:
Before running each of the tests in this chapter, the user should follow the
steps described in following section "Clean Secure Flash Before Testing" to
erase the SecureEnclave flash cleanly and prepare a clean board environment for
the testing.
Clean Secure Flash Before Testing (applicable to FPGA only)
###########################################################
To prepare a clean board environment with clean secure flash for the testing,
the user should prepare an image that erases the secure flash cleanly during
boot. Run following commands to build such image.
::
cd <_workspace>
git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.02.18
git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git
cp -f systemready-patch/embedded-a/corstone1000/erase_flash/0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch meta-arm
cd meta-arm
git apply 0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch
cd ..
kas shell meta-arm/kas/corstone1000-mps3.yml
bitbake corstone1000-image
Replace the bl1.bin and cs1000.bin files on the SD card with following files:
- The ROM firmware: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin
- The flash image: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt
Now reboot the board. This step erases the Corstone1000 SecureEnclave flash
completely, the user should expect following message from TF-M log:
::
!!!SECURE FLASH HAS BEEN CLEANED!!!
NOW YOU CAN FLASH THE ACTUAL CORSTONE1000 IMAGE
PLEASE REMOVE THE LATEST ERASE SECURE FLASH PATCH AND BUILD THE IMAGE AGAIN
Then the user should follow "Building the software stack" to build a clean
software stack and flash the FPGA as normal. And continue the testing.
Run SystemReady-IR ACS tests
############################
ACS image contains two partitions. BOOT partition and RESULTS partition.
Following packages are under BOOT partition
* SCT
* FWTS
* BSA uefi
* BSA linux
* grub
* uefi manual capsule application
RESULTS partition is used to store the test results.
PLEASE MAKE SURE THAT THE RESULTS PARTITION IS EMPTY BEFORE YOU START THE TESTING. OTHERWISE THE TEST RESULTS
WILL NOT BE CONSISTENT
FPGA instructions for ACS image
*******************************
This section describes how the user can build and run Architecture Compliance
Suite (ACS) tests on Corstone1000.
First, the user should download the `Arm SystemReady ACS repository `__.
This repository contains the infrastructure to build the Architecture
Compliance Suite (ACS) and the bootable prebuilt images to be used for the
certifications of SystemReady-IR. To download the repository, run command:
::
cd <_workspace>
git clone https://github.com/ARM-software/arm-systemready.git -b v21.09_REL1.0
Once the repository is successfully downloaded, the prebuilt ACS live image can be found in:
- ``<_workspace>/arm-systemready/IR/prebuilt_images/v21.07_0.9_BETA/ir_acs_live_image.img.xz``
**NOTE**: This prebuilt ACS image includes v5.13 kernel, which doesn't provide
USB driver support for Corstone1000. The ACS image with newer kernel version
and with full USB support for Corstone1000 will be available in the next
SystemReady release in this repository.
Then, the user should prepare a USB stick with ACS image. In the given example here,
we assume the USB device is ``/dev/sdb`` (the user should use ``lsblk`` command to
confirm). Be cautious here and don't confuse your host PC's own hard drive with the
USB drive. Run the following commands to prepare the ACS image in USB stick:
::
cd <_workspace>/arm-systemready/IR/scripts/output/
unxz ir_acs_live_image.img.xz
sudo dd if=ir_acs_live_image.img of=/dev/sdb iflag=direct oflag=direct bs=1M status=progress; sync
Once the USB stick with ACS image is prepared, the user should make sure that
ensure that only the USB stick with the ACS image is connected to the board,
and then boot the board.
FVP instructions for ACS image and run
**************************************
Download acs image from:
- ``https://gitlab.arm.com/systemready/acs/arm-systemready/-/tree/linux-5.17-rc7/IR/prebuilt_images/v22.04_1.0-Linux-v5.17-rc7``
Use the below command to run the FVP with acs image support in the
SD card.
::
unxz ${/ir_acs_live_image.img.xz}
./run_model.sh ${FVP installation path/} -D ${/ir_acs_live_image.img}
The test results can be fetched following below commands:
::
sudo mkdir /mnt/test
sudo mount -o rw,offset= /ir_acs_live_image.img /mnt/test/
fdisk -lu /ir_acs_live_image.img
-> Device Start End Sectors Size Type
/home/emeara01/Downloads/ir_acs_live_image_modified.img1 2048 1050622 1048575 512M Microsoft basic data
/home/emeara01/Downloads/ir_acs_live_image_modified.img2 1050624 1153022 102399 50M Microsoft basic data
-> = 1050624 * 512 (sector size) = 537919488
The FVP will reset multiple times during the test, and it might take up to 1 day to finish
the test. At the end of test, the FVP host terminal will halt showing a shell prompt.
Once test is finished, the FVP can be stoped, and result can be copied following above
instructions.
Common to FVP and FPGA
**********************
U-Boot should be able to boot the grub bootloader from
the 1st partition and if grub is not interrupted, tests are executed
automatically in the following sequence:
- SCT
- UEFI BSA
- FWTS
- BSA Linux
The results can be fetched from the ``acs_results`` partition of the USB stick (FPGA) / SD Card (FVP).
Manual capsule update test
##########################
The following steps describe running manual capsule update with the ``direct``
method.
Check the "Run SystemReady-IR ACS tests" section above to download and unpack the acs image file
- ``ir_acs_live_image.img.xz``
Download edk2 and generate capsule file:
::
git clone https://github.com/tianocore/edk2.git
edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \
cs1k_cap --fw-version 1 --lsv 0 --guid \
e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \
0 --verbose
The here should be a corstone1000-image-corstone1000-fvp.wic.nopt image for FVP and
corstone1000-image-corstone1000-mps3.wic.nopt for FPGA. And this input binary file
(capsule) should be less than 15 MB.
Based on the user's requirement, the user can change the firmware version
number given to ``--fw-version`` option (the version number needs to be >= 1).
Capsule Copy instructions for FPGA
**********************************
The user should prepare a USB stick as explained in ACS image section (see above).
Place the generated ``cs1k_cap`` file in the root directory of the boot partition
in the USB stick. Note: As we are running the direct method, the ``cs1k_cap`` file
should not be under the EFI/UpdateCapsule directory as this may or may not trigger
the on disk method.
Capsule Copy instructions for FVP
*********************************
Run below commands to copy capsule into the
image file and run FVP software.
::
sudo mkdir /mnt/test
sudo mount -o rw,offset= /ir_acs_live_image.img /mnt/test/
sudo cp cs1k_cap /mnt/test/
sudo umount /mnt/test
exit
./run_model.sh ${FVP installation path/} -D ${/ir_acs_live_image.img}
Size of first partition in the image file is calculated in the following way. The data is
just an example and might vary with different ir_acs_live_image.img files.
::
fdisk -lu /ir_acs_live_image.img
-> Device Start End Sectors Size Type
/home/emeara01/Downloads/ir_acs_live_image_modified.img1 2048 1050622 1048575 512M Microsoft basic data
/home/emeara01/Downloads/ir_acs_live_image_modified.img2 1050624 1153022 102399 50M Microsoft basic data
-> = 2048 * 512 (sector size) = 1048576
Common to FVP and FPGA
**********************
Reach u-boot then interrupt shell to reach EFI shell. Use below command at EFI shell.
::
FS0:
EFI/BOOT/app/CapsuleApp.efi cs1k_cap
For this test, the user can provide two capsules for testing: a positive test
case capsule which boots the board correctly, and a negative test case with an
incorrect capsule which fails to boot the host software.
In the positive case scenario, the user should see following log in TF-M log,
indicating the new capsule image is successfully applied, and the board boots
correctly.
::
...
SysTick_Handler: counted = 10, expiring on = 360
SysTick_Handler: counted = 20, expiring on = 360
SysTick_Handler: counted = 30, expiring on = 360
...
metadata_write: success: active = 1, previous = 0
accept_full_capsule: exit: fwu state is changed to regular
...
In the negative case scenario, the user should see appropriate logs in
the secure enclave terminal. If capsule pass initial verification, but fails
verifications performed during boot time, secure enclave will try new images
predetermined number of times (defined in the code), before reverting back to
the previous good bank.
::
...
metadata_write: success: active = 0, previous = 1
fwu_select_previous: in regular state by choosing previous active bank
...
Linux distro install and boot (applicable to FPGA only)
#######################################################
To test Linux distro install and boot, the user should prepare two empty USB sticks.
Download one of following Linux distro images:
- Debian installer image: https://cdimage.debian.org/cdimage/weekly-builds/arm64/iso-dvd/
- OpenSUSE Tumbleweed installer image: http://download.opensuse.org/ports/aarch64/tumbleweed/iso/
- The user should look for a DVD Snapshot like openSUSE-Tumbleweed-DVD-aarch64-Snapshot20211125-Media.iso
Once the .iso file is downloaded, the .iso file needs to be flashed to your USB drive.
In the given example here, we assume the USB device is ``/dev/sdb`` (the user
should use `lsblk` command to confirm). Be cautious here and don't confuse your
host PC's own hard drive with the USB drive. Then copy the contents of an iso
file into the first USB stick, run:
::
sudo dd if= of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync;
Boot the MSP3 board with the first USB stick connected. Open following minicom sessions:
::
sudo picocom -b 115200 /dev/ttyUSB0 # in one terminal
sudo picocom -b 115200 /dev/ttyUSB2 # in another terminal.
Press .
Now plug in the second USB stick, the distro installation process will start.
**NOTE:** Due to the performance limitation of Corstone1000 MPS3 FPGA, the
distro installation process can take up to 24 hours to complete.
Once installation is complete, unplug the first USB stick and reboot the board.
After successfully installing and booting the Linux distro, the user should see
a login prompt:
::
debian login:
Login with the username root.
Run psa-arch-test (applicable to both FPGA and FVP)
###################################################
When running psa-arch-test on MPS3 FPGA, the user should make sure there is no
USB stick connected to the board. Power on the board and boot the board to
Linux. Then, the user should follow the steps below to run the psa_arch_tests.
When running psa-arch-test on Corstone1000 FVP, the user should follow the
instructions in `Running the software on FVP`_ section to boot Linux in FVP
host_terminal_0, and login using the username ``root``.
As a reference for the user's test results, the psa-arch-test report for `Corstone1000 software (CORSTONE1000-2022.02.18) `__
can be found in `here `__.
First, create a file containing SE_PROXY_SP UUID. Run:
::
echo 46bb39d1-b4d9-45b5-88ff-040027dab249 > sp_uuid_list.txt
Then, load FFA driver module into Linux kernel. Run:
::
load_ffa_debugfs.sh .
Then, check whether the FFA driver loaded correctly by using the following command:
::
cat /proc/modules | grep arm_ffa_user
The output should be:
::
arm_ffa_user 16384 - - Live 0xffffffc0084b0000 (O)
Now, run the PSA arch tests with following commands. The user should run the
tests in following order:
::
psa-iat-api-test
psa-crypto-api-test
psa-its-api-test
psa-ps-api-test
Linux distro: OpenSUSE Raw image installation (FVP Only)
########################################################
Steps to download openSUSE Tumbleweed raw image:
- Go to: http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/
- The user should look for a Tumbleweed-ARM-JeOS-efi.aarch64-* Snapshot, for example, ``openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-2022.03.18-Snapshot20220331.raw.xz``
Once the .raw.xz file is downloaded, the raw image file needs to be extracted:
::
unxz
The above command will generate a file ending with extension .raw image. Now, use the following command
to run FVP with raw image installation process.
::
./run_model.sh ${FVP installation path/} -D ${openSUSE raw image file path}
After successfully installing and booting the Linux distro, the user should see
a openSUSE login prompt.
::
localhost login:
Login with the username 'root' and password 'linux'.
Running the software on FVP on Windows
--------------------------------------
If the user needs to run the Corstone1000 software on FVP on Windows. The user
should follow the build instructions in this document to build on Linux host
PC, and copy the output binaries to the Windows PC where the FVP is located,
and launch the FVP binary.
--------------
*Copyright (c) 2022, Arm Limited. All rights reserved.*
.. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps