Fallback

Zynq UltraScale+ Device Technical Reference Manual (UG1085)

Document ID
UG1085
Release Date
2023-12-21
Revision
2.4 English

Using the FSBL, a fallback boot image can be loaded by loading the address of another boot header into the CSU.csu_multi_boot register and issuing a system reset (not a POR).

After the system reset, the boot header is fetched from the address location equal to the value of csu_multi_boot register times 32,768.

If the fallback boot header is invalid, the CSU continues normally with its boot image search function if the boot device supports image search. The BootROM header is described in Table: Boot Header Format.

Fallback and MultiBoot Flow In the Zynq UltraScale+ MPSoC device, the CSU bootROM supports MultiBoot and fallback boot image search where the configuration security unit CSU ROM or bootROM searches through the boot device looking for a valid image to load.

The sequence is as follows:

   BootROM searches for a valid image identification string (as image ID) at offsets of 32 KB in the flash.

   After finding a valid identification value, validates the checksum for the header.

   If the checksum is valid, the bootROM loads the image.

This allows for more than one image in the flash. In MultiBoot:

   CSU ROM or FSBL or the user application must initiate the boot image search to choose a different image from which to boot.

   To initiate this image search, CSU ROM or FSBL updates the MultiBoot offset to point to the intended boot image and generates a soft reset by writing into the CRL_APB register.

x14936-MultiBoot-Fallback-example.jpg

 

Figure 11-2:      MultiBoot Flow

Note:   The same flow is applicable to both Secure and non-secure boot methods.

In the example fallback boot flow figure, the following sequence occurs:

   The CSU bootROM loads the boot image found at 0x000_0000.

   If this image is found to be corrupted or the decryption and authentication fails, CSU bootROM increments the MultiBoot offset by 1 and searches for a valid boot image at 0x000_8000 (32 KB offset).

   If the CSU bootROM does not find the valid identification value, it increments the MultiBoot offset by 1 again and searches for a valid boot image at the next 32 KB aligned address.

The CSU bootROM repeats this until a valid boot image is found or the image search limit is reached. In this example flow, the next image is shown at 0x002_0000 corresponding to a MultiBoot offset value of 4.

   I In This Figure, the MutiBoot offset is updated to 4 by FSBL/CSU-ROM to load the second image at the address 0x002_0000. When the MultiBoot offset is updated, soft reset the system.

Table: Boot Image Search Limits shows the MultiBoot image search range for different booting devices.