aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/plat/arm/common/arm_dyn_cfg_helpers.h1
-rw-r--r--plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts2
-rw-r--r--plat/arm/board/fvp/platform.mk8
-rw-r--r--plat/arm/common/arm_bl2_setup.c11
-rw-r--r--plat/arm/common/arm_common.mk7
-rw-r--r--plat/arm/common/arm_dyn_cfg.c30
-rw-r--r--plat/arm/common/arm_dyn_cfg_helpers.c45
7 files changed, 100 insertions, 4 deletions
diff --git a/include/plat/arm/common/arm_dyn_cfg_helpers.h b/include/plat/arm/common/arm_dyn_cfg_helpers.h
index 4a0f6397d..826924de0 100644
--- a/include/plat/arm/common/arm_dyn_cfg_helpers.h
+++ b/include/plat/arm/common/arm_dyn_cfg_helpers.h
@@ -12,5 +12,6 @@
int arm_dyn_get_hwconfig_info(void *dtb, int node,
uint64_t *hw_config_addr, uint32_t *hw_config_size);
int arm_dyn_tb_fw_cfg_init(void *dtb, int *node);
+int arm_dyn_get_disable_auth(void *dtb, int node, uint32_t *disable_auth);
#endif /* __ARM_DYN_CFG_HELPERS_H__ */
diff --git a/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts b/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts
index 5c24f94e4..fb7e2c51a 100644
--- a/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts
+++ b/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts
@@ -12,5 +12,7 @@
compatible = "arm,tb_fw";
hw_config_addr = <0x0 0x82000000>;
hw_config_max_size = <0x01000000>;
+ /* Disable authentication for development */
+ disable_auth = <0x0>;
};
};
diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk
index bb7753822..c5e33d2c6 100644
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@@ -208,3 +208,11 @@ endif
include plat/arm/board/common/board_common.mk
include plat/arm/common/arm_common.mk
+
+# FVP being a development platform, enable capability to disable Authentication
+# dynamically if TRUSTED_BOARD_BOOT and LOAD_IMAGE_V2 is set.
+ifeq (${TRUSTED_BOARD_BOOT}, 1)
+ ifeq (${LOAD_IMAGE_V2}, 1)
+ DYN_DISABLE_AUTH := 1
+ endif
+endif
diff --git a/plat/arm/common/arm_bl2_setup.c b/plat/arm/common/arm_bl2_setup.c
index dc7cd6802..d490f83c8 100644
--- a/plat/arm/common/arm_bl2_setup.c
+++ b/plat/arm/common/arm_bl2_setup.c
@@ -207,14 +207,21 @@ void bl2_early_platform_setup2(u_register_t arg0, u_register_t arg1, u_register_
}
/*
- * Perform ARM standard platform setup.
+ * Perform BL2 preload setup. Currently we initialise the dynamic
+ * configuration here.
*/
-void arm_bl2_platform_setup(void)
+void bl2_plat_preload_setup(void)
{
#if LOAD_IMAGE_V2
arm_bl2_dyn_cfg_init();
#endif
+}
+/*
+ * Perform ARM standard platform setup.
+ */
+void arm_bl2_platform_setup(void)
+{
/* Initialize the secure environment */
plat_arm_security_setup();
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index 12185486f..4b23ac675 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -157,7 +157,6 @@ BL1_SOURCES += drivers/arm/sp805/sp805.c \
drivers/io/io_memmap.c \
drivers/io/io_storage.c \
plat/arm/common/arm_bl1_setup.c \
- plat/arm/common/arm_dyn_cfg.c \
plat/arm/common/arm_err.c \
plat/arm/common/arm_io_storage.c
ifdef EL3_PAYLOAD_BASE
@@ -177,11 +176,15 @@ BL2_SOURCES += drivers/delay_timer/delay_timer.c \
# Add `libfdt` and Arm common helpers required for Dynamic Config
include lib/libfdt/libfdt.mk
-BL2_SOURCES += plat/arm/common/arm_dyn_cfg.c \
+
+DYN_CFG_SOURCES += plat/arm/common/arm_dyn_cfg.c \
plat/arm/common/arm_dyn_cfg_helpers.c \
common/fdt_wrappers.c \
${LIBFDT_SRCS}
+BL1_SOURCES += ${DYN_CFG_SOURCES}
+BL2_SOURCES += ${DYN_CFG_SOURCES}
+
ifeq (${BL2_AT_EL3},1)
BL2_SOURCES += plat/arm/common/arm_bl2_el3_setup.c
endif
diff --git a/plat/arm/common/arm_dyn_cfg.c b/plat/arm/common/arm_dyn_cfg.c
index 02f995f7f..33dc08b9e 100644
--- a/plat/arm/common/arm_dyn_cfg.c
+++ b/plat/arm/common/arm_dyn_cfg.c
@@ -54,6 +54,24 @@ void arm_load_tb_fw_config(void)
INFO("BL1: TB_FW_CONFIG loaded at address = %p\n",
(void *) config_base);
+
+#if TRUSTED_BOARD_BOOT && defined(DYN_DISABLE_AUTH)
+ int tb_fw_node;
+ uint32_t disable_auth = 0;
+
+ err = arm_dyn_tb_fw_cfg_init((void *)config_base, &tb_fw_node);
+ if (err < 0) {
+ WARN("Invalid TB_FW_CONFIG loaded\n");
+ return;
+ }
+
+ err = arm_dyn_get_disable_auth((void *)config_base, tb_fw_node, &disable_auth);
+ if (err < 0)
+ return;
+
+ if (disable_auth == 1)
+ dyn_disable_auth();
+#endif
}
/*
@@ -104,6 +122,18 @@ void arm_bl2_dyn_cfg_init(void)
/* Remove the IMAGE_ATTRIB_SKIP_LOADING attribute from HW_CONFIG node */
hw_cfg_mem_params->image_info.h.attr &= ~IMAGE_ATTRIB_SKIP_LOADING;
+
+#if TRUSTED_BOARD_BOOT && defined(DYN_DISABLE_AUTH)
+ uint32_t disable_auth = 0;
+
+ err = arm_dyn_get_disable_auth((void *)tb_fw_cfg_dtb, tb_fw_node,
+ &disable_auth);
+ if (err < 0)
+ return;
+
+ if (disable_auth == 1)
+ dyn_disable_auth();
+#endif
}
#endif /* LOAD_IMAGE_V2 */
diff --git a/plat/arm/common/arm_dyn_cfg_helpers.c b/plat/arm/common/arm_dyn_cfg_helpers.c
index 9ba51a3e1..e37e7e722 100644
--- a/plat/arm/common/arm_dyn_cfg_helpers.c
+++ b/plat/arm/common/arm_dyn_cfg_helpers.c
@@ -64,6 +64,51 @@ int arm_dyn_get_hwconfig_info(void *dtb, int node,
}
/*******************************************************************************
+ * Helper to read the `disable_auth` property in config DTB. This function
+ * expects the following properties to be present in the config DTB.
+ * name : disable_auth size : 1 cell
+ *
+ * Arguments:
+ * void *dtb - pointer to the TB_FW_CONFIG in memory
+ * int node - The node offset to appropriate node in the
+ * DTB.
+ * uint64_t *disable_auth - The value of `disable_auth` property on
+ * successful read. Must be 0 or 1.
+ *
+ * Returns 0 on success and -1 on error.
+ ******************************************************************************/
+int arm_dyn_get_disable_auth(void *dtb, int node, uint32_t *disable_auth)
+{
+ int err;
+
+ assert(dtb != NULL);
+ assert(disable_auth != NULL);
+
+ /* Check if the pointer to DT is correct */
+ assert(fdt_check_header(dtb) == 0);
+
+ /* Assert the node offset point to "arm,tb_fw" compatible property */
+ assert(node == fdt_node_offset_by_compatible(dtb, -1, "arm,tb_fw"));
+
+ /* Locate the disable_auth cell and read the value */
+ err = fdtw_read_cells(dtb, node, "disable_auth", 1, disable_auth);
+ if (err < 0) {
+ WARN("Read cell failed for `disable_auth`\n");
+ return -1;
+ }
+
+ /* Check if the value is boolean */
+ if (*disable_auth != 0 && *disable_auth != 1) {
+ WARN("Invalid value for `disable_auth` cell %d\n", *disable_auth);
+ return -1;
+ }
+
+ VERBOSE("Dyn cfg: `disable_auth` cell found with value = %d\n",
+ *disable_auth);
+ return 0;
+}
+
+/*******************************************************************************
* Validate the tb_fw_config is a valid DTB file and returns the node offset
* to "arm,tb_fw" property.
* Arguments:
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-15 07:32:25 +0000