diff options
Diffstat (limited to 'include')
31 files changed, 431 insertions, 112 deletions
diff --git a/include/arch/aarch32/asm_macros.S b/include/arch/aarch32/asm_macros.S index 8cfa21231..ea1636e24 100644 --- a/include/arch/aarch32/asm_macros.S +++ b/include/arch/aarch32/asm_macros.S @@ -95,11 +95,24 @@ #if ARM_ARCH_MAJOR == 7 && !defined(ARMV7_SUPPORTS_VIRTUALIZATION) /* + * Macro for mitigating against speculative execution. * ARMv7 cores without Virtualization extension do not support the * eret instruction. */ - .macro eret + .macro exception_return movs pc, lr + dsb nsh + isb + .endm + +#else + /* + * Macro for mitigating against speculative execution beyond ERET. + */ + .macro exception_return + eret + dsb nsh + isb .endm #endif diff --git a/include/arch/aarch32/smccc_macros.S b/include/arch/aarch32/smccc_macros.S index 4ec229218..ea7835a42 100644 --- a/include/arch/aarch32/smccc_macros.S +++ b/include/arch/aarch32/smccc_macros.S @@ -235,7 +235,7 @@ /* Restore the rest of the general purpose registers */ ldm r0, {r0-r12} - eret + exception_return .endm #endif /* SMCCC_MACROS_S */ diff --git a/include/arch/aarch64/arch.h b/include/arch/aarch64/arch.h index 1faddbedc..b0c265047 100644 --- a/include/arch/aarch64/arch.h +++ b/include/arch/aarch64/arch.h @@ -97,6 +97,32 @@ #define ICC_SGI0R_EL1 S3_0_c12_c11_7 /******************************************************************************* + * Definitions for EL2 system registers for save/restore routine + ******************************************************************************/ + +#define CNTPOFF_EL2 S3_4_C14_C0_6 +#define HAFGRTR_EL2 S3_4_C3_C1_6 +#define HDFGRTR_EL2 S3_4_C3_C1_4 +#define HDFGWTR_EL2 S3_4_C3_C1_5 +#define HFGITR_EL2 S3_4_C1_C1_6 +#define HFGRTR_EL2 S3_4_C1_C1_4 +#define HFGWTR_EL2 S3_4_C1_C1_5 +#define ICH_HCR_EL2 S3_4_C12_C11_0 +#define ICH_VMCR_EL2 S3_4_C12_C11_7 +#define MPAMVPM0_EL2 S3_4_C10_C5_0 +#define MPAMVPM1_EL2 S3_4_C10_C5_1 +#define MPAMVPM2_EL2 S3_4_C10_C5_2 +#define MPAMVPM3_EL2 S3_4_C10_C5_3 +#define MPAMVPM4_EL2 S3_4_C10_C5_4 +#define MPAMVPM5_EL2 S3_4_C10_C5_5 +#define MPAMVPM6_EL2 S3_4_C10_C5_6 +#define MPAMVPM7_EL2 S3_4_C10_C5_7 +#define MPAMVPMV_EL2 S3_4_C10_C4_1 +#define TRFCR_EL2 S3_4_C1_C2_1 +#define PMSCR_EL2 S3_4_C9_C9_0 +#define TFSR_EL2 S3_4_C5_C6_0 + +/******************************************************************************* * Generic timer memory mapped registers & offsets ******************************************************************************/ #define CNTCR_OFF U(0x000) diff --git a/include/drivers/amlogic/meson_console.h b/include/drivers/amlogic/meson_console.h index 70e3b0bd4..8d52d794b 100644 --- a/include/drivers/amlogic/meson_console.h +++ b/include/drivers/amlogic/meson_console.h @@ -9,17 +9,10 @@ #include <drivers/console.h> -#define CONSOLE_T_MESON_BASE CONSOLE_T_DRVDATA - #ifndef __ASSEMBLER__ #include <stdint.h> -typedef struct { - console_t console; - uintptr_t base; -} console_meson_t; - /* * Initialize a new meson console instance and register it with the console * framework. The |console| pointer must point to storage that will be valid @@ -30,7 +23,7 @@ typedef struct { * order to make this function future-proof. */ int console_meson_register(uintptr_t baseaddr, uint32_t clock, uint32_t baud, - console_meson_t *console); + console_t *console); #endif /*__ASSEMBLER__*/ diff --git a/include/drivers/arm/pl011.h b/include/drivers/arm/pl011.h index 8733d1964..ebc664348 100644 --- a/include/drivers/arm/pl011.h +++ b/include/drivers/arm/pl011.h @@ -81,17 +81,10 @@ #endif /* !PL011_GENERIC_UART */ -#define CONSOLE_T_PL011_BASE CONSOLE_T_DRVDATA - #ifndef __ASSEMBLER__ #include <stdint.h> -typedef struct { - console_t console; - uintptr_t base; -} console_pl011_t; - /* * Initialize a new PL011 console instance and register it with the console * framework. The |console| pointer must point to storage that will be valid @@ -99,7 +92,7 @@ typedef struct { * Its contents will be reinitialized from scratch. */ int console_pl011_register(uintptr_t baseaddr, uint32_t clock, uint32_t baud, - console_pl011_t *console); + console_t *console); #endif /*__ASSEMBLER__*/ diff --git a/include/drivers/auth/crypto_mod.h b/include/drivers/auth/crypto_mod.h index f211035d7..71cf67306 100644 --- a/include/drivers/auth/crypto_mod.h +++ b/include/drivers/auth/crypto_mod.h @@ -13,9 +13,18 @@ enum crypto_ret_value { CRYPTO_ERR_INIT, CRYPTO_ERR_HASH, CRYPTO_ERR_SIGNATURE, + CRYPTO_ERR_DECRYPTION, CRYPTO_ERR_UNKNOWN }; +#define CRYPTO_MAX_IV_SIZE 16U +#define CRYPTO_MAX_TAG_SIZE 16U + +/* Decryption algorithm */ +enum crypto_dec_algo { + CRYPTO_GCM_DECRYPT = 0 +}; + /* * Cryptographic library descriptor */ @@ -44,6 +53,15 @@ typedef struct crypto_lib_desc_s { unsigned int data_len, unsigned char *output); #endif /* MEASURED_BOOT */ + /* + * Authenticated decryption. Return one of the + * 'enum crypto_ret_value' options. + */ + int (*auth_decrypt)(enum crypto_dec_algo dec_algo, void *data_ptr, + size_t len, const void *key, unsigned int key_len, + unsigned int key_flags, const void *iv, + unsigned int iv_len, const void *tag, + unsigned int tag_len); } crypto_lib_desc_t; /* Public functions */ @@ -54,6 +72,11 @@ int crypto_mod_verify_signature(void *data_ptr, unsigned int data_len, void *pk_ptr, unsigned int pk_len); int crypto_mod_verify_hash(void *data_ptr, unsigned int data_len, void *digest_info_ptr, unsigned int digest_info_len); +int crypto_mod_auth_decrypt(enum crypto_dec_algo dec_algo, void *data_ptr, + size_t len, const void *key, unsigned int key_len, + unsigned int key_flags, const void *iv, + unsigned int iv_len, const void *tag, + unsigned int tag_len); #if MEASURED_BOOT int crypto_mod_calc_hash(unsigned int alg, void *data_ptr, @@ -61,21 +84,24 @@ int crypto_mod_calc_hash(unsigned int alg, void *data_ptr, /* Macro to register a cryptographic library */ #define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash, \ - _calc_hash) \ + _calc_hash, _auth_decrypt) \ const crypto_lib_desc_t crypto_lib_desc = { \ .name = _name, \ .init = _init, \ .verify_signature = _verify_signature, \ .verify_hash = _verify_hash, \ - .calc_hash = _calc_hash \ + .calc_hash = _calc_hash, \ + .auth_decrypt = _auth_decrypt \ } #else -#define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash) \ +#define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash, \ + _auth_decrypt) \ const crypto_lib_desc_t crypto_lib_desc = { \ .name = _name, \ .init = _init, \ .verify_signature = _verify_signature, \ - .verify_hash = _verify_hash \ + .verify_hash = _verify_hash, \ + .auth_decrypt = _auth_decrypt \ } #endif /* MEASURED_BOOT */ diff --git a/include/drivers/auth/mbedtls/mbedtls_config.h b/include/drivers/auth/mbedtls/mbedtls_config.h index 6e179bbd1..dc00da7d6 100644 --- a/include/drivers/auth/mbedtls/mbedtls_config.h +++ b/include/drivers/auth/mbedtls/mbedtls_config.h @@ -79,6 +79,12 @@ #define MBEDTLS_X509_USE_C #define MBEDTLS_X509_CRT_PARSE_C +#if TF_MBEDTLS_USE_AES_GCM +#define MBEDTLS_AES_C +#define MBEDTLS_CIPHER_C +#define MBEDTLS_GCM_C +#endif + /* MPI / BIGNUM options */ #define MBEDTLS_MPI_WINDOW_SIZE 2 diff --git a/include/drivers/cadence/cdns_uart.h b/include/drivers/cadence/cdns_uart.h index 64a062ca1..46ba4663e 100644 --- a/include/drivers/cadence/cdns_uart.h +++ b/include/drivers/cadence/cdns_uart.h @@ -25,17 +25,10 @@ #define R_UART_TX 0x30 #define R_UART_RX 0x30 -#define CONSOLE_T_CDNS_BASE CONSOLE_T_DRVDATA - #ifndef __ASSEMBLER__ #include <stdint.h> -typedef struct { - console_t console; - uintptr_t base; -} console_cdns_t; - /* * Initialize a new Cadence console instance and register it with the console * framework. The |console| pointer must point to storage that will be valid @@ -43,7 +36,7 @@ typedef struct { * Its contents will be reinitialized from scratch. */ int console_cdns_register(uintptr_t baseaddr, uint32_t clock, uint32_t baud, - console_cdns_t *console); + console_t *console); #endif /*__ASSEMBLER__*/ diff --git a/include/drivers/console.h b/include/drivers/console.h index a4859d80f..761816ac7 100644 --- a/include/drivers/console.h +++ b/include/drivers/console.h @@ -14,7 +14,8 @@ #define CONSOLE_T_PUTC (U(2) * REGSZ) #define CONSOLE_T_GETC (U(3) * REGSZ) #define CONSOLE_T_FLUSH (U(4) * REGSZ) -#define CONSOLE_T_DRVDATA (U(5) * REGSZ) +#define CONSOLE_T_BASE (U(5) * REGSZ) +#define CONSOLE_T_DRVDATA (U(6) * REGSZ) #define CONSOLE_FLAG_BOOT (U(1) << 0) #define CONSOLE_FLAG_RUNTIME (U(1) << 1) @@ -43,6 +44,7 @@ typedef struct console { int (*const putc)(int character, struct console *console); int (*const getc)(struct console *console); int (*const flush)(struct console *console); + uintptr_t base; /* Additional private driver data may follow here. */ } console_t; diff --git a/include/drivers/coreboot/cbmem_console.h b/include/drivers/coreboot/cbmem_console.h index 40c90e6bb..30b39f14d 100644 --- a/include/drivers/coreboot/cbmem_console.h +++ b/include/drivers/coreboot/cbmem_console.h @@ -9,14 +9,12 @@ #include <drivers/console.h> -#define CONSOLE_T_CBMC_BASE CONSOLE_T_DRVDATA -#define CONSOLE_T_CBMC_SIZE (CONSOLE_T_DRVDATA + REGSZ) +#define CONSOLE_T_CBMC_SIZE CONSOLE_T_DRVDATA #ifndef __ASSEMBLER__ typedef struct { console_t console; - uintptr_t base; uint32_t size; } console_cbmc_t; diff --git a/include/drivers/io/io_encrypted.h b/include/drivers/io/io_encrypted.h new file mode 100644 index 000000000..9dcf061b4 --- /dev/null +++ b/include/drivers/io/io_encrypted.h @@ -0,0 +1,15 @@ +/* + * Copyright (c) 2020, Linaro Limited. All rights reserved. + * Author: Sumit Garg <sumit.garg@linaro.org> + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef IO_ENCRYPTED_H +#define IO_ENCRYPTED_H + +struct io_dev_connector; + +int register_io_dev_enc(const struct io_dev_connector **dev_con); + +#endif /* IO_ENCRYPTED_H */ diff --git a/include/drivers/io/io_storage.h b/include/drivers/io/io_storage.h index a301ad563..f2d641c2d 100644 --- a/include/drivers/io/io_storage.h +++ b/include/drivers/io/io_storage.h @@ -25,6 +25,7 @@ typedef enum { IO_TYPE_MTD, IO_TYPE_MMC, IO_TYPE_STM32IMAGE, + IO_TYPE_ENCRYPTED, IO_TYPE_MAX } io_type_t; diff --git a/include/drivers/marvell/uart/a3700_console.h b/include/drivers/marvell/uart/a3700_console.h index 517f01a8f..5e3ab0515 100644 --- a/include/drivers/marvell/uart/a3700_console.h +++ b/include/drivers/marvell/uart/a3700_console.h @@ -54,17 +54,10 @@ #define UART_CTRL_TXFIFO_RESET (1 << 15) #define UARTLSR_TXFIFOEMPTY (1 << 6) -#define CONSOLE_T_A3700_BASE CONSOLE_T_DRVDATA - #ifndef __ASSEMBLER__ #include <stdint.h> -typedef struct { - console_t console; - uintptr_t base; -} console_a3700_t; - /* * Initialize a new a3700 console instance and register it with the console * framework. The |console| pointer must point to storage that will be valid @@ -72,7 +65,7 @@ typedef struct { * Its contents will be reinitialized from scratch. */ int console_a3700_register(uintptr_t baseaddr, uint32_t clock, uint32_t baud, - console_a3700_t *console); + console_t *console); #endif /*__ASSEMBLER__*/ diff --git a/include/drivers/renesas/rcar/console/console.h b/include/drivers/renesas/rcar/console/console.h index 0e4ed8f35..7d5b5d3ce 100644 --- a/include/drivers/renesas/rcar/console/console.h +++ b/include/drivers/renesas/rcar/console/console.h @@ -7,17 +7,10 @@ #ifndef RCAR_PRINTF_H #define RCAR_PRINTF_H -#define CONSOLE_T_RCAR_BASE CONSOLE_T_DRVDATA - #ifndef __ASSEMBLER__ #include <stdint.h> -typedef struct { - console_t console; - uintptr_t base; -} console_rcar_t; - /* * Initialize a new rcar console instance and register it with the console * framework. The |console| pointer must point to storage that will be valid @@ -25,7 +18,7 @@ typedef struct { * Its contents will be reinitialized from scratch. */ int console_rcar_register(uintptr_t baseaddr, uint32_t clock, uint32_t baud, - console_rcar_t *console); + console_t *console); #endif /*__ASSEMBLER__*/ diff --git a/include/drivers/st/stm32_console.h b/include/drivers/st/stm32_console.h index a2ad87cb5..8d9187d2a 100644 --- a/include/drivers/st/stm32_console.h +++ b/include/drivers/st/stm32_console.h @@ -9,17 +9,10 @@ #include <drivers/console.h> -#define CONSOLE_T_STM32_BASE CONSOLE_T_DRVDATA - #ifndef __ASSEMBLER__ #include <stdint.h> -struct console_stm32 { - console_t console; - uintptr_t base; -}; - /* * Initialize a new STM32 console instance and register it with the console * framework. The |console| pointer must point to storage that will be valid @@ -27,7 +20,7 @@ struct console_stm32 { * Its contents will be reinitialized from scratch. */ int console_stm32_register(uintptr_t baseaddr, uint32_t clock, uint32_t baud, - struct console_stm32 *console); + console_t *console); #endif /*__ASSEMBLER__*/ diff --git a/include/drivers/ti/uart/uart_16550.h b/include/drivers/ti/uart/uart_16550.h index 2b95fa33a..bddd9970c 100644 --- a/include/drivers/ti/uart/uart_16550.h +++ b/include/drivers/ti/uart/uart_16550.h @@ -71,17 +71,10 @@ #define UARTLSR_RDR_BIT (0) /* Rx Data Ready Bit */ #define UARTLSR_RDR (1 << UARTLSR_RDR_BIT) /* Rx Data Ready */ -#define CONSOLE_T_16550_BASE CONSOLE_T_DRVDATA - #ifndef __ASSEMBLER__ #include <stdint.h> -typedef struct { - console_t console; - uintptr_t base; -} console_16550_t; - /* * Initialize a new 16550 console instance and register it with the console * framework. The |console| pointer must point to storage that will be valid @@ -94,7 +87,7 @@ typedef struct { * case as well. */ int console_16550_register(uintptr_t baseaddr, uint32_t clock, uint32_t baud, - console_16550_t *console); + console_t *console); #endif /*__ASSEMBLER__*/ diff --git a/include/export/common/tbbr/tbbr_img_def_exp.h b/include/export/common/tbbr/tbbr_img_def_exp.h index ff0d16c73..89dbc58fe 100644 --- a/include/export/common/tbbr/tbbr_img_def_exp.h +++ b/include/export/common/tbbr/tbbr_img_def_exp.h @@ -85,7 +85,15 @@ /* Binary with STM32 header */ #define STM32_IMAGE_ID U(29) +/* Encrypted image identifier */ +#define ENC_IMAGE_ID U(30) + /* Define size of the array */ -#define MAX_NUMBER_IDS U(30) +#if defined(SPD_spmd) +#define MAX_SP_IDS U(8) +#define MAX_NUMBER_IDS MAX_SP_IDS + U(31) +#else +#define MAX_NUMBER_IDS U(31) +#endif #endif /* ARM_TRUSTED_FIRMWARE_EXPORT_COMMON_TBBR_TBBR_IMG_DEF_EXP_H */ diff --git a/include/lib/el3_runtime/aarch64/context.h b/include/lib/el3_runtime/aarch64/context.h index 4158c023e..e061950c8 100644 --- a/include/lib/el3_runtime/aarch64/context.h +++ b/include/lib/el3_runtime/aarch64/context.h @@ -68,7 +68,7 @@ * registers are only 32-bits wide but are stored as 64-bit values for * convenience ******************************************************************************/ -#define CTX_SYSREGS_OFFSET (CTX_EL3STATE_OFFSET + CTX_EL3STATE_END) +#define CTX_EL1_SYSREGS_OFFSET (CTX_EL3STATE_OFFSET + CTX_EL3STATE_END) #define CTX_SPSR_EL1 U(0x0) #define CTX_ELR_EL1 U(0x8) #define CTX_SCTLR_EL1 U(0x10) @@ -138,13 +138,118 @@ /* * End of system registers. */ -#define CTX_SYSREGS_END CTX_MTE_REGS_END +#define CTX_EL1_SYSREGS_END CTX_MTE_REGS_END + +/* + * EL2 register set + */ + +#if CTX_INCLUDE_EL2_REGS +/* For later discussion + * ICH_AP0R<n>_EL2 + * ICH_AP1R<n>_EL2 + * AMEVCNTVOFF0<n>_EL2 + * AMEVCNTVOFF1<n>_EL2 + * ICH_LR<n>_EL2 + */ +#define CTX_EL2_SYSREGS_OFFSET (CTX_EL1_SYSREGS_OFFSET + CTX_EL1_SYSREGS_END) + +#define CTX_ACTLR_EL2 U(0x0) +#define CTX_AFSR0_EL2 U(0x8) +#define CTX_AFSR1_EL2 U(0x10) +#define CTX_AMAIR_EL2 U(0x18) +#define CTX_CNTHCTL_EL2 U(0x20) +#define CTX_CNTHP_CTL_EL2 U(0x28) +#define CTX_CNTHP_CVAL_EL2 U(0x30) +#define CTX_CNTHP_TVAL_EL2 U(0x38) +#define CTX_CNTVOFF_EL2 U(0x40) +#define CTX_CPTR_EL2 U(0x48) +#define CTX_DBGVCR32_EL2 U(0x50) +#define CTX_ELR_EL2 U(0x58) +#define CTX_ESR_EL2 U(0x60) +#define CTX_FAR_EL2 U(0x68) +#define CTX_FPEXC32_EL2 U(0x70) +#define CTX_HACR_EL2 U(0x78) +#define CTX_HCR_EL2 U(0x80) +#define CTX_HPFAR_EL2 U(0x88) +#define CTX_HSTR_EL2 U(0x90) +#define CTX_ICC_SRE_EL2 U(0x98) +#define CTX_ICH_HCR_EL2 U(0xa0) +#define CTX_ICH_VMCR_EL2 U(0xa8) +#define CTX_MAIR_EL2 U(0xb0) +#define CTX_MDCR_EL2 U(0xb8) +#define CTX_PMSCR_EL2 U(0xc0) +#define CTX_SCTLR_EL2 U(0xc8) +#define CTX_SPSR_EL2 U(0xd0) +#define CTX_SP_EL2 U(0xd8) +#define CTX_TCR_EL2 U(0xe0) +#define CTX_TRFCR_EL2 U(0xe8) +#define CTX_TTBR0_EL2 U(0xf0) +#define CTX_VBAR_EL2 U(0xf8) +#define CTX_VMPIDR_EL2 U(0x100) +#define CTX_VPIDR_EL2 U(0x108) +#define CTX_VTCR_EL2 U(0x110) +#define CTX_VTTBR_EL2 U(0x118) + +// Only if MTE registers in use +#define CTX_TFSR_EL2 U(0x120) + +// Only if ENABLE_MPAM_FOR_LOWER_ELS==1 +#define CTX_MPAM2_EL2 U(0x128) +#define CTX_MPAMHCR_EL2 U(0x130) +#define CTX_MPAMVPM0_EL2 U(0x138) +#define CTX_MPAMVPM1_EL2 U(0x140) +#define CTX_MPAMVPM2_EL2 U(0x148) +#define CTX_MPAMVPM3_EL2 U(0x150) +#define CTX_MPAMVPM4_EL2 U(0x158) +#define CTX_MPAMVPM5_EL2 U(0x160) +#define CTX_MPAMVPM6_EL2 U(0x168) +#define CTX_MPAMVPM7_EL2 U(0x170) +#define CTX_MPAMVPMV_EL2 U(0x178) + +// Starting with Armv8.6 +#define CTX_HAFGRTR_EL2 U(0x180) +#define CTX_HDFGRTR_EL2 U(0x188) +#define CTX_HDFGWTR_EL2 U(0x190) +#define CTX_HFGITR_EL2 U(0x198) +#define CTX_HFGRTR_EL2 U(0x1a0) +#define CTX_HFGWTR_EL2 U(0x1a8) +#define CTX_CNTPOFF_EL2 U(0x1b0) + +// Starting with Armv8.4 +#define CTX_CNTHPS_CTL_EL2 U(0x1b8) +#define CTX_CNTHPS_CVAL_EL2 U(0x1c0) +#define CTX_CNTHPS_TVAL_EL2 U(0x1c8) +#define CTX_CNTHVS_CTL_EL2 U(0x1d0) +#define CTX_CNTHVS_CVAL_EL2 U(0x1d8) +#define CTX_CNTHVS_TVAL_EL2 U(0x1e0) +#define CTX_CNTHV_CTL_EL2 U(0x1e8) +#define CTX_CNTHV_CVAL_EL2 U(0x1f0) +#define CTX_CNTHV_TVAL_EL2 U(0x1f8) +#define CTX_CONTEXTIDR_EL2 U(0x200) +#define CTX_SDER32_EL2 U(0x208) +#define CTX_TTBR1_EL2 U(0x210) +#define CTX_VDISR_EL2 U(0x218) +#define CTX_VNCR_EL2 U(0x220) +#define CTX_VSESR_EL2 U(0x228) +#define CTX_VSTCR_EL2 U(0x230) +#define CTX_VSTTBR_EL2 U(0x238) + +// Starting with Armv8.5 +#define CTX_SCXTNUM_EL2 U(0x240) +/* Align to the next 16 byte boundary */ +#define CTX_EL2_SYSREGS_END U(0x250) +#endif /* CTX_INCLUDE_EL2_REGS */ /******************************************************************************* * Constants that allow assembler code to access members of and the 'fp_regs' * structure at their correct offsets. ******************************************************************************/ -#define CTX_FPREGS_OFFSET (CTX_SYSREGS_OFFSET + CTX_SYSREGS_END) +#if CTX_INCLUDE_EL2_REGS +# define CTX_FPREGS_OFFSET (CTX_EL2_SYSREGS_OFFSET + CTX_EL2_SYSREGS_END) +#else +# define CTX_FPREGS_OFFSET (CTX_EL1_SYSREGS_OFFSET + CTX_EL1_SYSREGS_END) +#endif #if CTX_INCLUDE_FPREGS #define CTX_FP_Q0 U(0x0) #define CTX_FP_Q1 U(0x10) @@ -235,7 +340,10 @@ /* Constants to determine the size of individual context structures */ #define CTX_GPREG_ALL (CTX_GPREGS_END >> DWORD_SHIFT) -#define CTX_SYSREG_ALL (CTX_SYSREGS_END >> DWORD_SHIFT) +#define CTX_EL1_SYSREGS_ALL (CTX_EL1_SYSREGS_END >> DWORD_SHIFT) +#if CTX_INCLUDE_EL2_REGS +# define CTX_EL2_SYSREGS_ALL (CTX_EL2_SYSREGS_END >> DWORD_SHIFT) +#endif #if CTX_INCLUDE_FPREGS # define CTX_FPREG_ALL (CTX_FPREGS_END >> DWORD_SHIFT) #endif @@ -256,10 +364,18 @@ DEFINE_REG_STRUCT(gp_regs, CTX_GPREG_ALL); /* * AArch64 EL1 system register context structure for preserving the - * architectural state during switches from one security state to - * another in EL1. + * architectural state during world switches. + */ +DEFINE_REG_STRUCT(el1_sysregs, CTX_EL1_SYSREGS_ALL); + + +/* + * AArch64 EL2 system register context structure for preserving the + * architectural state during world switches. */ -DEFINE_REG_STRUCT(el1_sys_regs, CTX_SYSREG_ALL); +#if CTX_INCLUDE_EL2_REGS +DEFINE_REG_STRUCT(el2_sysregs, CTX_EL2_SYSREGS_ALL); +#endif /* * AArch64 floating point register context structure for preserving @@ -304,7 +420,10 @@ DEFINE_REG_STRUCT(pauth, CTX_PAUTH_REGS_ALL); typedef struct cpu_context { gp_regs_t gpregs_ctx; el3_state_t el3state_ctx; - el1_sys_regs_t sysregs_ctx; + el1_sysregs_t el1_sysregs_ctx; +#if CTX_INCLUDE_EL2_REGS + el2_sysregs_t el2_sysregs_ctx; +#endif #if CTX_INCLUDE_FPREGS fp_regs_t fpregs_ctx; #endif @@ -319,7 +438,10 @@ typedef struct cpu_context { #if CTX_INCLUDE_FPREGS # define get_fpregs_ctx(h) (&((cpu_context_t *) h)->fpregs_ctx) #endif -#define get_sysregs_ctx(h) (&((cpu_context_t *) h)->sysregs_ctx) +#define get_el1_sysregs_ctx(h) (&((cpu_context_t *) h)->el1_sysregs_ctx) +#if CTX_INCLUDE_EL2_REGS +# define get_el2_sysregs_ctx(h) (&((cpu_context_t *) h)->el2_sysregs_ctx) +#endif #define get_gpregs_ctx(h) (&((cpu_context_t *) h)->gpregs_ctx) #define get_cve_2018_3639_ctx(h) (&((cpu_context_t *) h)->cve_2018_3639_ctx) #if CTX_INCLUDE_PAUTH_REGS @@ -333,8 +455,12 @@ typedef struct cpu_context { */ CASSERT(CTX_GPREGS_OFFSET == __builtin_offsetof(cpu_context_t, gpregs_ctx), \ assert_core_context_gp_offset_mismatch); -CASSERT(CTX_SYSREGS_OFFSET == __builtin_offsetof(cpu_context_t, sysregs_ctx), \ - assert_core_context_sys_offset_mismatch); +CASSERT(CTX_EL1_SYSREGS_OFFSET == __builtin_offsetof(cpu_context_t, el1_sysregs_ctx), \ + assert_core_context_el1_sys_offset_mismatch); +#if CTX_INCLUDE_EL2_REGS +CASSERT(CTX_EL2_SYSREGS_OFFSET == __builtin_offsetof(cpu_context_t, el2_sysregs_ctx), \ + assert_core_context_el2_sys_offset_mismatch); +#endif #if CTX_INCLUDE_FPREGS CASSERT(CTX_FPREGS_OFFSET == __builtin_offsetof(cpu_context_t, fpregs_ctx), \ assert_core_context_fp_offset_mismatch); @@ -387,8 +513,14 @@ CASSERT(CTX_PAUTH_REGS_OFFSET == __builtin_offsetof(cpu_context_t, pauth_ctx), \ /******************************************************************************* * Function prototypes ******************************************************************************/ -void el1_sysregs_context_save(el1_sys_regs_t *regs); -void el1_sysregs_context_restore(el1_sys_regs_t *regs); +void el1_sysregs_context_save(el1_sysregs_t *regs); +void el1_sysregs_context_restore(el1_sysregs_t *regs); + +#if CTX_INCLUDE_EL2_REGS +void el2_sysregs_context_save(el2_sysregs_t *regs); +void el2_sysregs_context_restore(el2_sysregs_t *regs); +#endif + #if CTX_INCLUDE_FPREGS void fpregs_context_save(fp_regs_t *regs); void fpregs_context_restore(fp_regs_t *regs); diff --git a/include/lib/el3_runtime/context_mgmt.h b/include/lib/el3_runtime/context_mgmt.h index 17955e3a8..b36cd3d70 100644 --- a/include/lib/el3_runtime/context_mgmt.h +++ b/include/lib/el3_runtime/context_mgmt.h @@ -36,6 +36,11 @@ void cm_setup_context(cpu_context_t *ctx, const entry_point_info_t *ep); void cm_prepare_el3_exit(uint32_t security_state); #ifdef __aarch64__ +#if CTX_INCLUDE_EL2_REGS +void cm_el2_sysregs_context_save(uint32_t security_state); +void cm_el2_sysregs_context_restore(uint32_t security_state); +#endif + void cm_el1_sysregs_context_save(uint32_t security_state); void cm_el1_sysregs_context_restore(uint32_t security_state); void cm_set_elr_el3(uint32_t security_state, uintptr_t entrypoint); diff --git a/include/lib/fconf/fconf.h b/include/lib/fconf/fconf.h index f58ff5710..0401e5c06 100644 --- a/include/lib/fconf/fconf.h +++ b/include/lib/fconf/fconf.h @@ -14,9 +14,9 @@ #define FCONF_REGISTER_POPULATOR(name, callback) \ __attribute__((used, section(".fconf_populator"))) \ - const struct fconf_populator name##__populator = { \ - .info = #name, \ - .populate = callback \ + const struct fconf_populator (name##__populator) = { \ + .info = (#name), \ + .populate = (callback) \ }; /* diff --git a/include/lib/object_pool.h b/include/lib/object_pool.h index 0f85331a8..66e8c4780 100644 --- a/include/lib/object_pool.h +++ b/include/lib/object_pool.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2018-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -56,13 +56,13 @@ struct object_pool { */ static inline void *pool_alloc_n(struct object_pool *pool, size_t count) { - if (pool->used + count > pool->capacity) { + if ((pool->used + count) > pool->capacity) { ERROR("Cannot allocate %zu objects out of pool (%zu objects left).\n", count, pool->capacity - pool->used); panic(); } - void *obj = (char *)(pool->objects) + pool->obj_size * pool->used; + void *obj = (char *)(pool->objects) + (pool->obj_size * pool->used); pool->used += count; return obj; } diff --git a/include/lib/xlat_tables/xlat_tables_v2.h b/include/lib/xlat_tables/xlat_tables_v2.h index 0e099987e..a80fab073 100644 --- a/include/lib/xlat_tables/xlat_tables_v2.h +++ b/include/lib/xlat_tables/xlat_tables_v2.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -345,6 +345,16 @@ int xlat_change_mem_attributes_ctx(const xlat_ctx_t *ctx, uintptr_t base_va, size_t size, uint32_t attr); int xlat_change_mem_attributes(uintptr_t base_va, size_t size, uint32_t attr); +#if PLAT_RO_XLAT_TABLES +/* + * Change the memory attributes of the memory region encompassing the higher + * level translation tables to secure read-only data. + * + * Return 0 on success, a negative error code on error. + */ +int xlat_make_tables_readonly(void); +#endif + /* * Query the memory attributes of a memory page in a set of translation tables. * diff --git a/include/lib/xlat_tables/xlat_tables_v2_helpers.h b/include/lib/xlat_tables/xlat_tables_v2_helpers.h index b17b71a87..c88fa4dd5 100644 --- a/include/lib/xlat_tables/xlat_tables_v2_helpers.h +++ b/include/lib/xlat_tables/xlat_tables_v2_helpers.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -70,6 +70,9 @@ struct xlat_ctx { */ uint64_t (*tables)[XLAT_TABLE_ENTRIES]; int tables_num; +#if PLAT_RO_XLAT_TABLES + bool readonly_tables; +#endif /* * Keep track of how many regions are mapped in each table. The base * table can't be unmapped so it isn't needed to keep track of it. @@ -122,6 +125,14 @@ struct xlat_ctx { /* do nothing */ #endif /* PLAT_XLAT_TABLES_DYNAMIC */ +#if PLAT_RO_XLAT_TABLES +#define XLAT_CTX_INIT_TABLE_ATTR() \ + .readonly_tables = false, +#else +#define XLAT_CTX_INIT_TABLE_ATTR() + /* do nothing */ +#endif + #define REGISTER_XLAT_CONTEXT_FULL_SPEC(_ctx_name, _mmap_count, \ _xlat_tables_count, _virt_addr_space_size, \ _phy_addr_space_size, _xlat_regime, _section_name)\ @@ -142,22 +153,63 @@ struct xlat_ctx { XLAT_ALLOC_DYNMAP_STRUCT(_ctx_name, _xlat_tables_count) \ \ static xlat_ctx_t _ctx_name##_xlat_ctx = { \ - .va_max_address = (_virt_addr_space_size) - 1UL, \ .pa_max_address = (_phy_addr_space_size) - 1ULL, \ + .va_max_address = (_virt_addr_space_size) - 1UL, \ .mmap = _ctx_name##_mmap, \ .mmap_num = (_mmap_count), \ - .base_level = GET_XLAT_TABLE_LEVEL_BASE(_virt_addr_space_size),\ + .tables = _ctx_name##_xlat_tables, \ + .tables_num = _xlat_tables_count, \ + XLAT_CTX_INIT_TABLE_ATTR() \ + XLAT_REGISTER_DYNMAP_STRUCT(_ctx_name) \ + .next_table = 0, \ .base_table = _ctx_name##_base_xlat_table, \ .base_table_entries = \ GET_NUM_BASE_LEVEL_ENTRIES(_virt_addr_space_size),\ + .max_pa = 0U, \ + .max_va = 0U, \ + .base_level = GET_XLAT_TABLE_LEVEL_BASE(_virt_addr_space_size),\ + .initialized = false, \ + .xlat_regime = (_xlat_regime) \ + } + +#define REGISTER_XLAT_CONTEXT_RO_BASE_TABLE(_ctx_name, _mmap_count, \ + _xlat_tables_count, _virt_addr_space_size, \ + _phy_addr_space_size, _xlat_regime, _section_name)\ + CASSERT(CHECK_PHY_ADDR_SPACE_SIZE(_phy_addr_space_size), \ + assert_invalid_physical_addr_space_sizefor_##_ctx_name);\ + \ + static mmap_region_t _ctx_name##_mmap[_mmap_count + 1]; \ + \ + static uint64_t _ctx_name##_xlat_tables[_xlat_tables_count] \ + [XLAT_TABLE_ENTRIES] \ + __aligned(XLAT_TABLE_SIZE) __section(_section_name); \ + \ + static uint64_t _ctx_name##_base_xlat_table \ + [GET_NUM_BASE_LEVEL_ENTRIES(_virt_addr_space_size)] \ + __aligned(GET_NUM_BASE_LEVEL_ENTRIES(_virt_addr_space_size)\ + * sizeof(uint64_t)) \ + __section(".rodata"); \ + \ + XLAT_ALLOC_DYNMAP_STRUCT(_ctx_name, _xlat_tables_count) \ + \ + static xlat_ctx_t _ctx_name##_xlat_ctx = { \ + .pa_max_address = (_phy_addr_space_size) - 1ULL, \ + .va_max_address = (_virt_addr_space_size) - 1UL, \ + .mmap = _ctx_name##_mmap, \ + .mmap_num = (_mmap_count), \ .tables = _ctx_name##_xlat_tables, \ .tables_num = _xlat_tables_count, \ + XLAT_CTX_INIT_TABLE_ATTR() \ XLAT_REGISTER_DYNMAP_STRUCT(_ctx_name) \ - .xlat_regime = (_xlat_regime), \ + .next_table = 0, \ + .base_table = _ctx_name##_base_xlat_table, \ + .base_table_entries = \ + GET_NUM_BASE_LEVEL_ENTRIES(_virt_addr_space_size),\ .max_pa = 0U, \ .max_va = 0U, \ - .next_table = 0, \ + .base_level = GET_XLAT_TABLE_LEVEL_BASE(_virt_addr_space_size),\ .initialized = false, \ + .xlat_regime = (_xlat_regime) \ } #endif /*__ASSEMBLER__*/ diff --git a/include/plat/arm/board/common/board_css_def.h b/include/plat/arm/board/common/board_css_def.h index 4637b6785..b79e0d572 100644 --- a/include/plat/arm/board/common/board_css_def.h +++ b/include/plat/arm/board/common/board_css_def.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -50,13 +50,6 @@ #define PLAT_ARM_NVM_BASE V2M_FLASH0_BASE #define PLAT_ARM_NVM_SIZE (V2M_FLASH0_SIZE - V2M_FLASH_BLOCK_SIZE) -/* - * Required platform porting definitions common to all ARM CSS-based - * development platforms - */ -#define PLAT_ARM_DRAM2_BASE ULL(0x880000000) -#define PLAT_ARM_DRAM2_SIZE ULL(0x180000000) - /* UART related constants */ #define PLAT_ARM_BOOT_UART_BASE SOC_CSS_UART0_BASE #define PLAT_ARM_BOOT_UART_CLK_IN_HZ SOC_CSS_UART0_CLK_IN_HZ diff --git a/include/plat/arm/common/fconf_arm_sp_getter.h b/include/plat/arm/common/fconf_arm_sp_getter.h new file mode 100644 index 000000000..38c30fbf9 --- /dev/null +++ b/include/plat/arm/common/fconf_arm_sp_getter.h @@ -0,0 +1,30 @@ +/* + * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef FCONF_ARM_SP_GETTER_H +#define FCONF_ARM_SP_GETTER_H + +#include <lib/fconf/fconf.h> +#include <tools_share/uuid.h> + +/* arm_sp getter */ +#define arm__sp_getter(prop) arm_sp.prop + +#define ARM_SP_MAX_SIZE U(0x10000) + +struct arm_sp_t { + unsigned int number_of_sp; + union uuid_helper_t uuids[MAX_SP_IDS]; + uintptr_t load_addr[MAX_SP_IDS]; +}; + +int fconf_populate_arm_sp(uintptr_t config); + +extern struct arm_sp_t arm_sp; + +extern bl_mem_params_node_t sp_mem_params_descs[MAX_SP_IDS]; + +#endif /* FCONF_ARM_SP_GETTER_H */ diff --git a/include/plat/arm/common/plat_arm.h b/include/plat/arm/common/plat_arm.h index 025a64fa2..ff1b9799a 100644 --- a/include/plat/arm/common/plat_arm.h +++ b/include/plat/arm/common/plat_arm.h @@ -152,7 +152,8 @@ void arm_setup_romlib(void); int arm_io_setup(void); /* Security utility functions */ -void arm_tzc400_setup(const arm_tzc_regions_info_t *tzc_regions); +void arm_tzc400_setup(uintptr_t tzc_base, + const arm_tzc_regions_info_t *tzc_regions); struct tzc_dmc500_driver_data; void arm_tzc_dmc500_setup(struct tzc_dmc500_driver_data *plat_driver_data, const arm_tzc_regions_info_t *tzc_regions); @@ -237,6 +238,11 @@ int arm_get_mbedtls_heap(void **heap_addr, size_t *heap_size); void arm_free_init_memory(void); /* + * Make the higher level translation tables read-only + */ +void arm_xlat_make_tables_readonly(void); + +/* * Mandatory functions required in ARM standard platforms */ unsigned int plat_arm_get_cluster_core_count(u_register_t mpidr); diff --git a/include/plat/arm/css/common/css_def.h b/include/plat/arm/css/common/css_def.h index 7b6148445..d59935266 100644 --- a/include/plat/arm/css/common/css_def.h +++ b/include/plat/arm/css/common/css_def.h @@ -189,9 +189,6 @@ /* Load address of Non-Secure Image for CSS platform ports */ #define PLAT_ARM_NS_IMAGE_BASE U(0xE0000000) -/* TZC related constants */ -#define PLAT_ARM_TZC_FILTERS TZC_400_REGION_ATTR_FILTER_BIT_ALL - /* * Parsing of CPU and Cluster states, as returned by 'Get CSS Power State' SCP * command diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h index f5bd298c5..5b5ebb973 100644 --- a/include/plat/common/platform.h +++ b/include/plat/common/platform.h @@ -27,6 +27,7 @@ struct bl_params; struct mmap_region; struct spm_mm_boot_info; struct sp_res_desc; +enum fw_enc_status_t; /******************************************************************************* * plat_get_rotpk_info() flags @@ -37,6 +38,15 @@ struct sp_res_desc; #define ROTPK_NOT_DEPLOYED (1 << 1) /******************************************************************************* + * plat_get_enc_key_info() flags + ******************************************************************************/ +/* + * Flag used to notify caller that information provided in key buffer is an + * identifier rather than an actual key. + */ +#define ENC_KEY_IS_IDENTIFIER (1 << 0) + +/******************************************************************************* * Function declarations ******************************************************************************/ /******************************************************************************* @@ -265,6 +275,9 @@ int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr); int plat_set_nv_ctr2(void *cookie, const struct auth_img_desc_s *img_desc, unsigned int nv_ctr); int get_mbedtls_heap_helper(void **heap_addr, size_t *heap_size); +int plat_get_enc_key_info(enum fw_enc_status_t fw_enc_status, uint8_t *key, + size_t *key_len, unsigned int *flags, + const uint8_t *img_id, size_t img_id_len); /******************************************************************************* * Secure Partitions functions diff --git a/include/services/spm_core_manifest.h b/include/services/spm_core_manifest.h index 06ecc1391..78748826d 100644 --- a/include/services/spm_core_manifest.h +++ b/include/services/spm_core_manifest.h @@ -21,13 +21,6 @@ typedef struct spm_core_manifest_sect_attribute { uint32_t minor_version; /* - * Run-Time Exception Level (mandatory): - * - 1: SEL1 - * - 2: SEL2 - */ - uint32_t runtime_el; - - /* * Run-Time Execution state (optional): * - 0: AArch64 (default) * - 1: AArch32 diff --git a/include/services/spmd_svc.h b/include/services/spmd_svc.h index 6e4caf266..a766dcf8f 100644 --- a/include/services/spmd_svc.h +++ b/include/services/spmd_svc.h @@ -11,7 +11,7 @@ #include <services/spci_svc.h> #include <stdint.h> -int32_t spmd_setup(void); +int spmd_setup(void); uint64_t spmd_smc_handler(uint32_t smc_fid, uint64_t x1, uint64_t x2, diff --git a/include/tools_share/firmware_encrypted.h b/include/tools_share/firmware_encrypted.h new file mode 100644 index 000000000..7ca634f5e --- /dev/null +++ b/include/tools_share/firmware_encrypted.h @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2020, Linaro Limited. All rights reserved. + * Author: Sumit Garg <sumit.garg@linaro.org> + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef FIRMWARE_ENCRYPTED_H +#define FIRMWARE_ENCRYPTED_H + +#include <stdint.h> + +/* This is used as a signature to validate the encryption header */ +#define ENC_HEADER_MAGIC 0xAA640001U + +/* Firmware encryption status flag mask */ +#define FW_ENC_STATUS_FLAG_MASK 0x1 + +/* + * SSK: Secret Symmetric Key + * BSSK: Binding Secret Symmetric Key + */ +enum fw_enc_status_t { + FW_ENC_WITH_SSK = 0, + FW_ENC_WITH_BSSK = 1, +}; + +#define ENC_MAX_IV_SIZE 16U +#define ENC_MAX_TAG_SIZE 16U +#define ENC_MAX_KEY_SIZE 32U + +struct fw_enc_hdr { + uint32_t magic; + uint16_t dec_algo; + uint16_t flags; + uint16_t iv_len; + uint16_t tag_len; + uint8_t iv[ENC_MAX_IV_SIZE]; + uint8_t tag[ENC_MAX_TAG_SIZE]; +}; + +#endif /* FIRMWARE_ENCRYPTED_H */ |