Skip to content
ARM Trusted Firmware for Raspberry Pi 3
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
bl1 AArch32: Fix detection of virtualization support Sep 23, 2016
bl2 AArch32: Add generic changes in BL2 Sep 21, 2016
bl2u Introduce SEPARATE_CODE_AND_RODATA build flag Jul 8, 2016
bl31 PSCI: Do psci_setup() as part of std_svc_setup() Sep 22, 2016
bl32 PSCI: Do psci_setup() as part of std_svc_setup() Sep 22, 2016
common AArch32: Common changes needed for BL1/BL2 Sep 21, 2016
include AArch32: Add `memcpy4` function in assembly Sep 28, 2016
lib el3_runtime: always initialize sane EL2 state Apr 25, 2018
services PSCI: Do psci_setup() as part of std_svc_setup() Sep 22, 2016
.gitignore Replace fip_create with fiptool Jul 29, 2016
Makefile Release v1.3: Update minor version number to 3 Oct 13, 2016 Add Xilinx to acknowledgements file Apr 6, 2016
dco.txt Drop requirement for CLA in Sep 27, 2016 Update year in copyright text to 2014 Jan 17, 2014 RPi3: add readme. Jul 8, 2018

ARM Trusted Firmware for RPi3

Last updated May 9th, 2018.

This is an implementation of ATF for the RPi3 platform, based off of

No attempt has been made to keep it in sync with Sorry.


This tree is meant to be used with a preloaded BL33 payload, as part of a UEFI or U-Boot implementation for the Raspberry Pi 3.

This is a 64-bit implementation.


export CROSS_COMPILE=aarch64-linux-gnu-
make -C raspberry-pi3-atf PLAT=rpi3 PRELOADED_BL33_BASE=0x30000 SUPPORT_VFP=1 DEBUG=1 V=1 fip all

This is not directly useful by itself, since you would need to combine the BL1 and FIP with a BL33 payload.


  • Compatible with Windows on Arm ;-).

Implementation Details

ATF of course runs in secure mode, but there is no secure memory, and there are no secure peripherals. Caveat Emptor!

This ATF implementation expects the following memory layout:

Address Start Address End What
0x00000000 0x00007FFF BL1
0x00008000 0x0000FFFF DTB
0x00010000 0x0002FFFF FIP containing BL2 + BL31
0x00030000 0x001FFFFF BL33 Non-Secure firmware
0x00200000 0x0024FFFF "Secure SRAM"
0x00250000 0x003FFFFF "Secure DRAM"
0x00400000 ... Non-Secure DRAM

This means that a minimally-viable image will concatenate BL1, FIP and the BL33 payload, to be loaded via a custom config.txt:


[0x8000:0x10000) is where you can load the DTB if you want it, this ATF implementation does not use the DTB in any way.


Andrey Warkentin

Btw, feel free to upstream, if so inclined.

You can’t perform that action at this time.