diff options
| -rw-r--r-- | docs/about/maintainers.rst | 15 | ||||
| -rw-r--r-- | docs/design/auth-framework.rst | 28 | ||||
| -rw-r--r-- | include/export/common/tbbr/tbbr_img_def_exp.h | 5 | ||||
| -rw-r--r-- | include/plat/arm/common/fconf_arm_sp_getter.h | 30 | ||||
| -rw-r--r-- | plat/arm/board/fvp/fdts/fvp_fw_config.dts | 19 | ||||
| -rw-r--r-- | plat/arm/common/arm_bl2_setup.c | 7 | ||||
| -rw-r--r-- | plat/arm/common/arm_common.mk | 3 | ||||
| -rw-r--r-- | plat/arm/common/arm_image_load.c | 55 | ||||
| -rw-r--r-- | plat/arm/common/fconf/arm_fconf_sp.c | 107 | ||||
| -rw-r--r-- | plat/imx/common/aarch32/imx_uart_console.S | 8 | ||||
| -rw-r--r-- | plat/imx/common/imx_uart_console.S | 6 | ||||
| -rw-r--r-- | plat/imx/common/lpuart_console.S | 6 | ||||
| -rw-r--r-- | plat/nvidia/tegra/common/drivers/spe/shared_console.S | 6 |
13 files changed, 258 insertions, 37 deletions
diff --git a/docs/about/maintainers.rst b/docs/about/maintainers.rst index 802dafcd8..2bf5eb7ba 100644 --- a/docs/about/maintainers.rst +++ b/docs/about/maintainers.rst @@ -53,7 +53,6 @@ Amlogic Meson S905x (GXL) platform port :M: Remi Pommarel <repk@triplefau.lt> :G: `remi-triplefault`_ :F: docs/plat/meson-gxl.rst -:F: drivers/amlogic/gxl :F: plat/amlogic/gxl/ Amlogic Meson S905X2 (G12A) platform port @@ -61,7 +60,6 @@ Amlogic Meson S905X2 (G12A) platform port :M: Carlo Caione <ccaione@baylibre.com> :G: `carlocaione`_ :F: docs/plat/meson-g12a.rst -:F: drivers/amlogic/g12a :F: plat/amlogic/g12a/ Amlogic Meson A113D (AXG) platform port @@ -69,7 +67,6 @@ Amlogic Meson A113D (AXG) platform port :M: Carlo Caione <ccaione@baylibre.com> :G: `carlocaione`_ :F: docs/plat/meson-axg.rst -:F: drivers/amlogic/axg :F: plat/amlogic/axg/ Armv7-A architecture port @@ -152,7 +149,7 @@ Marvell platform ports and SoC drivers -------------------------------------- :M: Konstantin Porotchkin <kostap@marvell.com> :G: `kostapr`_ -:F: docs/marvell/ +:F: docs/plat/marvell/ :F: plat/marvell/ :F: drivers/marvell/ :F: tools/marvell/ @@ -197,14 +194,14 @@ NXP i.MX8M platform port ------------------------ :M: Jacky Bai <ping.bai@nxp.com> :G: `JackyBai`_ -:F: doc/plat/imx8m.rst +:F: docs/plat/imx8m.rst :F: plat/imx/imx8m/ OP-TEE dispatcher ----------------- :M: Jens Wiklander <jens.wiklander@linaro.org> :G: `jenswi-linaro`_ -:F: docs/spd/optee-dispatcher.rst +:F: docs/components/spd/optee-dispatcher.rst :F: services/spd/opteed/ QEMU platform port @@ -219,7 +216,7 @@ Raspberry Pi 3 platform port :M: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org> :G: `grandpaul`_ :F: docs/plat/rpi3.rst -:F: plat/rpi3/ +:F: plat/rpi/rpi3/ :F: drivers/rpi3/ :F: include/drivers/rpi3/ @@ -273,8 +270,8 @@ TLK/Trusty secure payloads -------------------------- :M: Varun Wadekar <vwadekar@nvidia.com> :G: `vwadekar`_ -:F: docs/spd/tlk-dispatcher.rst -:F: docs/spd/trusty-dispatcher.rst +:F: docs/components/spd/tlk-dispatcher.rst +:F: docs/components/spd/trusty-dispatcher.rst :F: include/bl32/payloads/tlk.h :F: services/spd/tlkd/ :F: services/spd/trusty/ diff --git a/docs/design/auth-framework.rst b/docs/design/auth-framework.rst index 93f691b7b..ae7739140 100644 --- a/docs/design/auth-framework.rst +++ b/docs/design/auth-framework.rst @@ -621,7 +621,7 @@ The TBBR CoT The CoT can be found in ``drivers/auth/tbbr/tbbr_cot.c``. This CoT consists of an array of pointers to image descriptors and it is registered in the framework -using the macro ``REGISTER_COT(cot_desc)``, where 'cot_desc' must be the name +using the macro ``REGISTER_COT(cot_desc)``, where ``cot_desc`` must be the name of the array (passing a pointer or any other type of indirection will cause the registration process to fail). @@ -870,32 +870,32 @@ Once the signature has been checked and the certificate authenticated, the Trusted World public key needs to be extracted from the certificate. A new entry is created in the ``authenticated_data`` array for that purpose. In that entry, the corresponding parameter descriptor must be specified along with the buffer -address to store the parameter value. In this case, the ``tz_world_pk`` descriptor -is used to extract the public key from an x509v3 extension with OID +address to store the parameter value. In this case, the ``trusted_world_pk`` +descriptor is used to extract the public key from an x509v3 extension with OID ``TRUSTED_WORLD_PK_OID``. The BL31 key certificate will use this descriptor as parameter in the signature authentication method. The key is stored in the -``plat_tz_world_pk_buf`` buffer. +``trusted_world_pk_buf`` buffer. The **BL31 Key certificate** is authenticated by checking its digital signature using the Trusted World public key obtained previously from the Trusted Key certificate. In the image descriptor, we specify a single authentication method -by signature whose public key is the ``tz_world_pk``. Once this certificate has -been authenticated, we have to extract the BL31 public key, stored in the -extension specified by ``bl31_content_pk``. This key will be copied to the -``plat_content_pk`` buffer. +by signature whose public key is the ``trusted_world_pk``. Once this certificate +has been authenticated, we have to extract the BL31 public key, stored in the +extension specified by ``soc_fw_content_pk``. This key will be copied to the +``content_pk_buf`` buffer. The **BL31 certificate** is authenticated by checking its digital signature using the BL31 public key obtained previously from the BL31 Key certificate. -We specify the authentication method using ``bl31_content_pk`` as public key. +We specify the authentication method using ``soc_fw_content_pk`` as public key. After authentication, we need to extract the BL31 hash, stored in the extension -specified by ``bl31_hash``. This hash will be copied to the ``plat_bl31_hash_buf`` -buffer. +specified by ``soc_fw_hash``. This hash will be copied to the +``soc_fw_hash_buf`` buffer. The **BL31 image** is authenticated by calculating its hash and matching it with the hash obtained from the BL31 certificate. The image descriptor contains a single authentication method by hash. The parameters to the hash method are -the reference hash, ``bl31_hash``, and the data to be hashed. In this case, it is -the whole image, so we specify ``raw_data``. +the reference hash, ``soc_fw_hash``, and the data to be hashed. In this case, +it is the whole image, so we specify ``raw_data``. The image parser library ~~~~~~~~~~~~~~~~~~~~~~~~ @@ -965,6 +965,6 @@ The mbedTLS library algorithm support is configured by both the -------------- -*Copyright (c) 2017-2019, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2017-2020, Arm Limited and Contributors. All rights reserved.* .. _TBBR-Client specification: https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a diff --git a/include/export/common/tbbr/tbbr_img_def_exp.h b/include/export/common/tbbr/tbbr_img_def_exp.h index ff0d16c73..360255413 100644 --- a/include/export/common/tbbr/tbbr_img_def_exp.h +++ b/include/export/common/tbbr/tbbr_img_def_exp.h @@ -86,6 +86,11 @@ #define STM32_IMAGE_ID U(29) /* Define size of the array */ +#if defined(SPD_spmd) +#define MAX_SP_IDS U(8) +#define MAX_NUMBER_IDS MAX_SP_IDS + U(30) +#else #define MAX_NUMBER_IDS U(30) +#endif #endif /* ARM_TRUSTED_FIRMWARE_EXPORT_COMMON_TBBR_TBBR_IMG_DEF_EXP_H */ diff --git a/include/plat/arm/common/fconf_arm_sp_getter.h b/include/plat/arm/common/fconf_arm_sp_getter.h new file mode 100644 index 000000000..38c30fbf9 --- /dev/null +++ b/include/plat/arm/common/fconf_arm_sp_getter.h @@ -0,0 +1,30 @@ +/* + * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef FCONF_ARM_SP_GETTER_H +#define FCONF_ARM_SP_GETTER_H + +#include <lib/fconf/fconf.h> +#include <tools_share/uuid.h> + +/* arm_sp getter */ +#define arm__sp_getter(prop) arm_sp.prop + +#define ARM_SP_MAX_SIZE U(0x10000) + +struct arm_sp_t { + unsigned int number_of_sp; + union uuid_helper_t uuids[MAX_SP_IDS]; + uintptr_t load_addr[MAX_SP_IDS]; +}; + +int fconf_populate_arm_sp(uintptr_t config); + +extern struct arm_sp_t arm_sp; + +extern bl_mem_params_node_t sp_mem_params_descs[MAX_SP_IDS]; + +#endif /* FCONF_ARM_SP_GETTER_H */ diff --git a/plat/arm/board/fvp/fdts/fvp_fw_config.dts b/plat/arm/board/fvp/fdts/fvp_fw_config.dts index d0f60331d..9a4a05799 100644 --- a/plat/arm/board/fvp/fdts/fvp_fw_config.dts +++ b/plat/arm/board/fvp/fdts/fvp_fw_config.dts @@ -69,6 +69,12 @@ mbedtls_heap_size = <0x0>; }; + /* + * Though TF-A is UUID RFC 4122 compliant meaning fields are stored in + * network order (big endian), UUID's mentioned in this file are are + * stored in machine order (little endian). + * This will be fixed in future. + */ arm-io_policies { fip-handles { compatible = "arm,io-fip-handle"; @@ -93,4 +99,17 @@ nt_fw_content_cert_uuid = <0xf3c1c48e 0x11e4635d 0xee87a9a7 0xa73fb240>; }; }; + + secure-partitions { + compatible = "arm,sp"; + cactus { + uuid = <0x1e67b5b4 0xe14f904a 0x13fb1fb8 0xcbdae1da>; + load-address = <0x7000000>; + }; + + ivy { + uuid = <0x092358d1 0xb94723f0 0x64447c82 0xc88f57f5>; + load-address = <0x7100000>; + }; + }; }; diff --git a/plat/arm/common/arm_bl2_setup.c b/plat/arm/common/arm_bl2_setup.c index dd392085d..136e65a1f 100644 --- a/plat/arm/common/arm_bl2_setup.c +++ b/plat/arm/common/arm_bl2_setup.c @@ -205,6 +205,13 @@ int arm_bl2_handle_post_image_load(unsigned int image_id) ******************************************************************************/ int arm_bl2_plat_handle_post_image_load(unsigned int image_id) { +#if defined(SPD_spmd) + /* For Secure Partitions we don't need post processing */ + if ((image_id >= (MAX_NUMBER_IDS - MAX_SP_IDS)) && + (image_id < MAX_NUMBER_IDS)) { + return 0; + } +#endif return arm_bl2_handle_post_image_load(image_id); } diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk index 17058d1a5..4fb85fbee 100644 --- a/plat/arm/common/arm_common.mk +++ b/plat/arm/common/arm_common.mk @@ -182,6 +182,9 @@ ARM_IO_SOURCES += plat/arm/common/arm_io_storage.c else ARM_IO_SOURCES += plat/arm/common/arm_fconf_io_storage.c \ plat/arm/common/fconf/arm_fconf_io.c +ifeq (${SPD},spmd) +ARM_IO_SOURCES += plat/arm/common/fconf/arm_fconf_sp.c +endif endif BL1_SOURCES += drivers/io/io_fip.c \ diff --git a/plat/arm/common/arm_image_load.c b/plat/arm/common/arm_image_load.c index 2faaa76c4..593199d46 100644 --- a/plat/arm/common/arm_image_load.c +++ b/plat/arm/common/arm_image_load.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -7,6 +7,9 @@ #include <assert.h> #include <common/bl_common.h> #include <common/desc_image_load.h> +#if defined(SPD_spmd) +#include <plat/arm/common/fconf_arm_sp_getter.h> +#endif #include <plat/arm/common/plat_arm.h> #include <plat/common/platform.h> @@ -29,12 +32,62 @@ void plat_flush_next_bl_params(void) next_bl_params_cpy_ptr); } +#if defined(SPD_spmd) +/******************************************************************************* + * This function appends Secure Partitions to list of loadable images. + ******************************************************************************/ +void plat_add_sp_images_load_info(struct bl_load_info *load_info) +{ + bl_load_info_node_t *node_info = load_info->head; + unsigned int index = 0; + + if (sp_mem_params_descs[index].image_id == 0) { + ERROR("No Secure Partition Image available\n"); + return; + } + + /* Traverse through the bl images list */ + do { + node_info = node_info->next_load_info; + } while (node_info->next_load_info != NULL); + + for (; index < MAX_SP_IDS; index++) { + /* Populate the image information */ + node_info->image_id = sp_mem_params_descs[index].image_id; + node_info->image_info = &sp_mem_params_descs[index].image_info; + + if ((index + 1U) == MAX_SP_IDS) { + INFO("Reached Max number of SPs\n"); + return; + } + + if (sp_mem_params_descs[index + 1U].image_id == 0) { + return; + } + + node_info->next_load_info = + &sp_mem_params_descs[index + 1U].load_node_mem; + node_info = node_info->next_load_info; + + } +} +#endif + /******************************************************************************* * This function returns the list of loadable images. ******************************************************************************/ struct bl_load_info *plat_get_bl_image_load_info(void) { +#if defined(SPD_spmd) + bl_load_info_t *bl_load_info; + + bl_load_info = get_bl_load_info_from_mem_params_desc(); + plat_add_sp_images_load_info(bl_load_info); + + return bl_load_info; +#else return get_bl_load_info_from_mem_params_desc(); +#endif } /******************************************************************************* diff --git a/plat/arm/common/fconf/arm_fconf_sp.c b/plat/arm/common/fconf/arm_fconf_sp.c new file mode 100644 index 000000000..bb88aff6f --- /dev/null +++ b/plat/arm/common/fconf/arm_fconf_sp.c @@ -0,0 +1,107 @@ +/* + * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <assert.h> + +#include <common/debug.h> +#include <common/desc_image_load.h> +#include <common/fdt_wrappers.h> +#include <drivers/io/io_storage.h> +#include <lib/object_pool.h> +#include <libfdt.h> +#include <plat/arm/common/arm_fconf_getter.h> +#include <plat/arm/common/arm_fconf_io_storage.h> +#include <plat/arm/common/fconf_arm_sp_getter.h> +#include <platform_def.h> +#include <tools_share/firmware_image_package.h> + +#ifdef IMAGE_BL2 + +bl_mem_params_node_t sp_mem_params_descs[MAX_SP_IDS]; + +struct arm_sp_t arm_sp; + +int fconf_populate_arm_sp(uintptr_t config) +{ + int sp_node, node, err; + union uuid_helper_t uuid_helper; + unsigned int index = 0; + const unsigned int sp_start_index = MAX_NUMBER_IDS - MAX_SP_IDS; + + /* As libfdt use void *, we can't avoid this cast */ + const void *dtb = (void *)config; + + /* Assert the node offset point to "arm,sp" compatible property */ + const char *compatible_str = "arm,sp"; + + node = fdt_node_offset_by_compatible(dtb, -1, compatible_str); + if (node < 0) { + ERROR("FCONF: Can't find %s in dtb\n", compatible_str); + return node; + } + + fdt_for_each_subnode(sp_node, dtb, node) { + err = fdtw_read_array(dtb, sp_node, "uuid", 4, + &uuid_helper.word); + if (err < 0) { + ERROR("FCONF: cannot read SP uuid\n"); + return -1; + } + + arm_sp.uuids[index] = uuid_helper; + + err = fdtw_read_cells(dtb, sp_node, "load-address", 1, + &arm_sp.load_addr[index]); + if (err < 0) { + ERROR("FCONF: cannot read SP load address\n"); + return -1; + } + + VERBOSE("FCONF: %s UUID %x-%x-%x-%x load_addr=%lx\n", + __func__, + uuid_helper.word[0], + uuid_helper.word[1], + uuid_helper.word[2], + uuid_helper.word[3], + arm_sp.load_addr[index]); + + /* Add SP information in mem param descriptor */ + sp_mem_params_descs[index].image_id = sp_start_index + index; + SET_PARAM_HEAD(&sp_mem_params_descs[index].image_info, + PARAM_IMAGE_BINARY, VERSION_2, 0); + sp_mem_params_descs[index].image_info.image_max_size = + ARM_SP_MAX_SIZE; + sp_mem_params_descs[index].next_handoff_image_id = + INVALID_IMAGE_ID; + sp_mem_params_descs[index].image_info.image_base = + arm_sp.load_addr[index]; + + /* Add SP information in IO policies structure */ + policies[sp_start_index + index].image_spec = + (uintptr_t)&arm_sp.uuids[index]; + policies[sp_start_index + index].dev_handle = &fip_dev_handle; + policies[sp_start_index + index].check = open_fip; + + index++; + + if (index >= MAX_SP_IDS) { + ERROR("FCONF: reached max number of SPs\n"); + return -1; + } + } + + if ((sp_node < 0) && (sp_node != -FDT_ERR_NOTFOUND)) { + ERROR("%d: fdt_for_each_subnode(): %d\n", __LINE__, node); + return sp_node; + } + + arm_sp.number_of_sp = index; + return 0; +} + +FCONF_REGISTER_POPULATOR(arm_sp, fconf_populate_arm_sp); + +#endif /* IMAGE_BL2 */ diff --git a/plat/imx/common/aarch32/imx_uart_console.S b/plat/imx/common/aarch32/imx_uart_console.S index 1c729b1d7..1a1229aab 100644 --- a/plat/imx/common/aarch32/imx_uart_console.S +++ b/plat/imx/common/aarch32/imx_uart_console.S @@ -20,7 +20,7 @@ func console_imx_uart_register mov r4, r3 cmp r4, #0 beq register_fail - str r0, [r4, #CONSOLE_T_DRVDATA] + str r0, [r4, #CONSOLE_T_BASE] bl console_imx_uart_core_init cmp r0, #0 @@ -35,16 +35,16 @@ register_fail: endfunc console_imx_uart_register func console_imx_uart_putc - ldr r1, [r1, #CONSOLE_T_DRVDATA] + ldr r1, [r1, #CONSOLE_T_BASE] b console_imx_uart_core_putc endfunc console_imx_uart_putc func console_imx_uart_getc - ldr r0, [r0, #CONSOLE_T_DRVDATA] + ldr r0, [r0, #CONSOLE_T_BASE] b console_imx_uart_core_getc endfunc console_imx_uart_getc func console_imx_uart_flush - ldr r0, [r0, #CONSOLE_T_DRVDATA] + ldr r0, [r0, #CONSOLE_T_BASE] b console_imx_uart_core_flush endfunc console_imx_uart_flush diff --git a/plat/imx/common/imx_uart_console.S b/plat/imx/common/imx_uart_console.S index 3bdeea26c..0cb4fb870 100644 --- a/plat/imx/common/imx_uart_console.S +++ b/plat/imx/common/imx_uart_console.S @@ -25,7 +25,7 @@ func console_imx_uart_register mov x7, x30 mov x6, x3 cbz x6, register_fail - str x0, [x6, #CONSOLE_T_DRVDATA] + str x0, [x6, #CONSOLE_T_BASE] bl console_imx_uart_init cbz x0, register_fail @@ -44,7 +44,7 @@ func console_imx_uart_init endfunc console_imx_uart_init func console_imx_uart_putc - ldr x1, [x1, #CONSOLE_T_DRVDATA] + ldr x1, [x1, #CONSOLE_T_BASE] cbz x1, putc_error /* Prepare '\r' to '\n' */ @@ -68,7 +68,7 @@ putc_error: endfunc console_imx_uart_putc func console_imx_uart_getc - ldr x0, [x0, #CONSOLE_T_DRVDATA] + ldr x0, [x0, #CONSOLE_T_BASE] cbz x0, getc_error 1: ldr w1, [x0, #UTS] diff --git a/plat/imx/common/lpuart_console.S b/plat/imx/common/lpuart_console.S index d8dac2cea..98b358807 100644 --- a/plat/imx/common/lpuart_console.S +++ b/plat/imx/common/lpuart_console.S @@ -20,7 +20,7 @@ func console_lpuart_register mov x7, x30 mov x6, x3 cbz x6, register_fail - str x0, [x6, #CONSOLE_T_DRVDATA] + str x0, [x6, #CONSOLE_T_BASE] bl console_lpuart_init cbz x0, register_fail @@ -39,7 +39,7 @@ func console_lpuart_init endfunc console_lpuart_init func console_lpuart_putc - ldr x1, [x1, #CONSOLE_T_DRVDATA] + ldr x1, [x1, #CONSOLE_T_BASE] cbz x1, putc_error /* Prepare '\r' to '\n' */ cmp w0, #0xA @@ -62,7 +62,7 @@ putc_error: endfunc console_lpuart_putc func console_lpuart_getc - ldr x0, [x0, #CONSOLE_T_DRVDATA] + ldr x0, [x0, #CONSOLE_T_BASE] cbz x0, getc_error /* Check if the receive FIFO state */ ret diff --git a/plat/nvidia/tegra/common/drivers/spe/shared_console.S b/plat/nvidia/tegra/common/drivers/spe/shared_console.S index c783373dd..6df73ec24 100644 --- a/plat/nvidia/tegra/common/drivers/spe/shared_console.S +++ b/plat/nvidia/tegra/common/drivers/spe/shared_console.S @@ -69,7 +69,7 @@ func console_spe_register check_if_console_is_ready x0, x1, x2, register_fail cbz x3, register_fail - str x0, [x3, #CONSOLE_T_DRVDATA] + str x0, [x3, #CONSOLE_T_BASE] mov x0, x3 finish_console_register spe putc=1, getc=1, flush=1 @@ -132,7 +132,7 @@ endfunc console_spe_core_putc * -------------------------------------------------------- */ func console_spe_putc - ldr x1, [x1, #CONSOLE_T_DRVDATA] + ldr x1, [x1, #CONSOLE_T_BASE] b console_spe_core_putc endfunc console_spe_putc @@ -183,6 +183,6 @@ endfunc console_spe_core_flush * --------------------------------------------- */ func console_spe_flush - ldr x0, [x0, #CONSOLE_T_DRVDATA] + ldr x0, [x0, #CONSOLE_T_BASE] b console_spe_core_flush endfunc console_spe_flush |