From 209a60cca5c6a8cd1b68e6e0e53f0b66555a4458 Mon Sep 17 00:00:00 2001 From: Soby Mathew Date: Mon, 26 Mar 2018 12:43:37 +0100 Subject: Allow disabling authentication dynamically This patch allows platforms to dynamically disable authentication of images during cold boot. This capability is controlled via the DYN_DISABLE_AUTH build flag and is only meant for development purposes. Change-Id: Ia3df8f898824319bb76d5cc855b5ad6c3d227260 Signed-off-by: Soby Mathew --- Makefile | 16 ++++++++++ common/bl_common.c | 73 +++++++++++++++++++++++++++++++++------------- docs/user-guide.rst | 5 ++++ include/common/bl_common.h | 8 +++++ make_helpers/defaults.mk | 4 +++ 5 files changed, 86 insertions(+), 20 deletions(-) diff --git a/Makefile b/Makefile index b7116a7ea..17630fbf3 100644 --- a/Makefile +++ b/Makefile @@ -401,6 +401,16 @@ ifeq ($(FAULT_INJECTION_SUPPORT),1) endif endif +# DYN_DISABLE_AUTH can be set only when TRUSTED_BOARD_BOOT=1 and LOAD_IMAGE_V2=1 +ifeq ($(DYN_DISABLE_AUTH), 1) + ifeq (${TRUSTED_BOARD_BOOT}, 0) + $(error "TRUSTED_BOARD_BOOT must be enabled for DYN_DISABLE_AUTH to be set.") + endif + ifeq (${LOAD_IMAGE_V2}, 0) + $(error "DYN_DISABLE_AUTH is only supported for LOAD_IMAGE_V2.") + endif +endif + ################################################################################ # Process platform overrideable behaviour ################################################################################ @@ -517,6 +527,7 @@ $(eval $(call assert_boolean,CTX_INCLUDE_AARCH32_REGS)) $(eval $(call assert_boolean,CTX_INCLUDE_FPREGS)) $(eval $(call assert_boolean,DEBUG)) $(eval $(call assert_boolean,DISABLE_PEDANTIC)) +$(eval $(call assert_boolean,DYN_DISABLE_AUTH)) $(eval $(call assert_boolean,EL3_EXCEPTION_HANDLING)) $(eval $(call assert_boolean,ENABLE_AMU)) $(eval $(call assert_boolean,ENABLE_ASSERTIONS)) @@ -620,6 +631,11 @@ else $(eval $(call add_define,AARCH64)) endif +# Define the DYN_DISABLE_AUTH flag only if set. +ifeq (${DYN_DISABLE_AUTH},1) +$(eval $(call add_define,DYN_DISABLE_AUTH)) +endif + ################################################################################ # Build targets ################################################################################ diff --git a/common/bl_common.c b/common/bl_common.c index b0d1bfa75..6b979f64a 100644 --- a/common/bl_common.c +++ b/common/bl_common.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2017, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -17,6 +17,35 @@ #include #include +#if TRUSTED_BOARD_BOOT +# ifdef DYN_DISABLE_AUTH +static int disable_auth; + +/****************************************************************************** + * API to dynamically disable authentication. Only meant for development + * systems. This is only invoked if DYN_DISABLE_AUTH is defined. This + * capability is restricted to LOAD_IMAGE_V2. + *****************************************************************************/ +void dyn_disable_auth(void) +{ + INFO("Disabling authentication of images dynamically\n"); + disable_auth = 1; +} +# endif /* DYN_DISABLE_AUTH */ + +/****************************************************************************** + * Function to determine whether the authentication is disabled dynamically. + *****************************************************************************/ +static int dyn_is_auth_disabled(void) +{ +# ifdef DYN_DISABLE_AUTH + return disable_auth; +# else + return 0; +# endif +} +#endif /* TRUSTED_BOARD_BOOT */ + uintptr_t page_align(uintptr_t value, unsigned dir) { /* Round up the limit to the next page boundary */ @@ -287,14 +316,16 @@ static int load_auth_image_internal(unsigned int image_id, int rc; #if TRUSTED_BOARD_BOOT - unsigned int parent_id; - - /* Use recursion to authenticate parent images */ - rc = auth_mod_get_parent_id(image_id, &parent_id); - if (rc == 0) { - rc = load_auth_image_internal(parent_id, image_data, 1); - if (rc != 0) { - return rc; + if (dyn_is_auth_disabled() == 0) { + unsigned int parent_id; + + /* Use recursion to authenticate parent images */ + rc = auth_mod_get_parent_id(image_id, &parent_id); + if (rc == 0) { + rc = load_auth_image_internal(parent_id, image_data, 1); + if (rc != 0) { + return rc; + } } } #endif /* TRUSTED_BOARD_BOOT */ @@ -306,17 +337,19 @@ static int load_auth_image_internal(unsigned int image_id, } #if TRUSTED_BOARD_BOOT - /* Authenticate it */ - rc = auth_mod_verify_img(image_id, - (void *)image_data->image_base, - image_data->image_size); - if (rc != 0) { - /* Authentication error, zero memory and flush it right away. */ - zero_normalmem((void *)image_data->image_base, - image_data->image_size); - flush_dcache_range(image_data->image_base, - image_data->image_size); - return -EAUTH; + if (dyn_is_auth_disabled() == 0) { + /* Authenticate it */ + rc = auth_mod_verify_img(image_id, + (void *)image_data->image_base, + image_data->image_size); + if (rc != 0) { + /* Authentication error, zero memory and flush it right away. */ + zero_normalmem((void *)image_data->image_base, + image_data->image_size); + flush_dcache_range(image_data->image_base, + image_data->image_size); + return -EAUTH; + } } #endif /* TRUSTED_BOARD_BOOT */ diff --git a/docs/user-guide.rst b/docs/user-guide.rst index 069ad113c..fbe258fdf 100644 --- a/docs/user-guide.rst +++ b/docs/user-guide.rst @@ -323,6 +323,11 @@ Common build options - ``DEBUG``: Chooses between a debug and release build. It can take either 0 (release) or 1 (debug) as values. 0 is the default. +- ``DYN_DISABLE_AUTH``: Enables the capability to disable Trusted Board Boot + authentication. This option is only meant to be enabled for development + platforms. Both TRUSTED_BOARD_BOOT and the LOAD_IMAGE_V2 flags need to be + set if this flag has to be enabled. 0 is the default. + - ``EL3_PAYLOAD_BASE``: This option enables booting an EL3 payload instead of the normal boot flow. It must specify the entry point address of the EL3 payload. Please refer to the "Booting an EL3 payload" section for more diff --git a/include/common/bl_common.h b/include/common/bl_common.h index 09a394dd1..c7c748729 100644 --- a/include/common/bl_common.h +++ b/include/common/bl_common.h @@ -233,6 +233,14 @@ void reserve_mem(uintptr_t *free_base, size_t *free_size, #endif /* LOAD_IMAGE_V2 */ +#if TRUSTED_BOARD_BOOT && defined(DYN_DISABLE_AUTH) +/* + * API to dynamically disable authentication. Only meant for development + * systems. + */ +void dyn_disable_auth(void); +#endif + extern const char build_message[]; extern const char version_string[]; diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk index 4bbff0345..cea853381 100644 --- a/make_helpers/defaults.mk +++ b/make_helpers/defaults.mk @@ -58,6 +58,10 @@ DEBUG := 0 # Build platform DEFAULT_PLAT := fvp +# Enable capability to disable authentication dynamically. Only meant for +# development platforms. +DYN_DISABLE_AUTH := 0 + # Flag to enable Performance Measurement Framework ENABLE_PMF := 0 -- cgit v1.2.3 From 6e79f9fd4b65f473374391595e31c155e9e0ad85 Mon Sep 17 00:00:00 2001 From: Soby Mathew Date: Mon, 26 Mar 2018 15:16:46 +0100 Subject: FVP: Enable capability to disable auth via dynamic config This patch adds capability to FVP to disable authentication dynamically via the `disable_auth` property in TB_FW_CONFIG. Both BL1 and BL2 parses the TB_FW_CONFIG for the `disable_auth` property and invokes the `load_dyn_disable_auth()` API to disable authentication if the property is set to 1. The DYN_DISABLE_AUTH is enabled by default for FVP as it is a development platform. Note that the TB_FW_CONFIG has to be authenticated by BL1 irrespective of these settings. The arm_bl2_dyn_cfg_init() is now earlier in bl2_plat_preload_setup() rather than in bl2_platform_setup() as we need to get the value of `disable_auth` property prior to authentication of any image by BL2. Change-Id: I734acd59572849793e5020ec44c6ac51f654a4d1 Signed-off-by: Soby Mathew --- include/plat/arm/common/arm_dyn_cfg_helpers.h | 1 + plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts | 2 ++ plat/arm/board/fvp/platform.mk | 8 +++++ plat/arm/common/arm_bl2_setup.c | 11 +++++-- plat/arm/common/arm_common.mk | 7 +++-- plat/arm/common/arm_dyn_cfg.c | 30 ++++++++++++++++++ plat/arm/common/arm_dyn_cfg_helpers.c | 45 +++++++++++++++++++++++++++ 7 files changed, 100 insertions(+), 4 deletions(-) diff --git a/include/plat/arm/common/arm_dyn_cfg_helpers.h b/include/plat/arm/common/arm_dyn_cfg_helpers.h index 4a0f6397d..826924de0 100644 --- a/include/plat/arm/common/arm_dyn_cfg_helpers.h +++ b/include/plat/arm/common/arm_dyn_cfg_helpers.h @@ -12,5 +12,6 @@ int arm_dyn_get_hwconfig_info(void *dtb, int node, uint64_t *hw_config_addr, uint32_t *hw_config_size); int arm_dyn_tb_fw_cfg_init(void *dtb, int *node); +int arm_dyn_get_disable_auth(void *dtb, int node, uint32_t *disable_auth); #endif /* __ARM_DYN_CFG_HELPERS_H__ */ diff --git a/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts b/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts index 5c24f94e4..fb7e2c51a 100644 --- a/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts +++ b/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts @@ -12,5 +12,7 @@ compatible = "arm,tb_fw"; hw_config_addr = <0x0 0x82000000>; hw_config_max_size = <0x01000000>; + /* Disable authentication for development */ + disable_auth = <0x0>; }; }; diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk index bb7753822..c5e33d2c6 100644 --- a/plat/arm/board/fvp/platform.mk +++ b/plat/arm/board/fvp/platform.mk @@ -208,3 +208,11 @@ endif include plat/arm/board/common/board_common.mk include plat/arm/common/arm_common.mk + +# FVP being a development platform, enable capability to disable Authentication +# dynamically if TRUSTED_BOARD_BOOT and LOAD_IMAGE_V2 is set. +ifeq (${TRUSTED_BOARD_BOOT}, 1) + ifeq (${LOAD_IMAGE_V2}, 1) + DYN_DISABLE_AUTH := 1 + endif +endif diff --git a/plat/arm/common/arm_bl2_setup.c b/plat/arm/common/arm_bl2_setup.c index dc7cd6802..d490f83c8 100644 --- a/plat/arm/common/arm_bl2_setup.c +++ b/plat/arm/common/arm_bl2_setup.c @@ -207,14 +207,21 @@ void bl2_early_platform_setup2(u_register_t arg0, u_register_t arg1, u_register_ } /* - * Perform ARM standard platform setup. + * Perform BL2 preload setup. Currently we initialise the dynamic + * configuration here. */ -void arm_bl2_platform_setup(void) +void bl2_plat_preload_setup(void) { #if LOAD_IMAGE_V2 arm_bl2_dyn_cfg_init(); #endif +} +/* + * Perform ARM standard platform setup. + */ +void arm_bl2_platform_setup(void) +{ /* Initialize the secure environment */ plat_arm_security_setup(); diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk index 12185486f..4b23ac675 100644 --- a/plat/arm/common/arm_common.mk +++ b/plat/arm/common/arm_common.mk @@ -157,7 +157,6 @@ BL1_SOURCES += drivers/arm/sp805/sp805.c \ drivers/io/io_memmap.c \ drivers/io/io_storage.c \ plat/arm/common/arm_bl1_setup.c \ - plat/arm/common/arm_dyn_cfg.c \ plat/arm/common/arm_err.c \ plat/arm/common/arm_io_storage.c ifdef EL3_PAYLOAD_BASE @@ -177,11 +176,15 @@ BL2_SOURCES += drivers/delay_timer/delay_timer.c \ # Add `libfdt` and Arm common helpers required for Dynamic Config include lib/libfdt/libfdt.mk -BL2_SOURCES += plat/arm/common/arm_dyn_cfg.c \ + +DYN_CFG_SOURCES += plat/arm/common/arm_dyn_cfg.c \ plat/arm/common/arm_dyn_cfg_helpers.c \ common/fdt_wrappers.c \ ${LIBFDT_SRCS} +BL1_SOURCES += ${DYN_CFG_SOURCES} +BL2_SOURCES += ${DYN_CFG_SOURCES} + ifeq (${BL2_AT_EL3},1) BL2_SOURCES += plat/arm/common/arm_bl2_el3_setup.c endif diff --git a/plat/arm/common/arm_dyn_cfg.c b/plat/arm/common/arm_dyn_cfg.c index 02f995f7f..33dc08b9e 100644 --- a/plat/arm/common/arm_dyn_cfg.c +++ b/plat/arm/common/arm_dyn_cfg.c @@ -54,6 +54,24 @@ void arm_load_tb_fw_config(void) INFO("BL1: TB_FW_CONFIG loaded at address = %p\n", (void *) config_base); + +#if TRUSTED_BOARD_BOOT && defined(DYN_DISABLE_AUTH) + int tb_fw_node; + uint32_t disable_auth = 0; + + err = arm_dyn_tb_fw_cfg_init((void *)config_base, &tb_fw_node); + if (err < 0) { + WARN("Invalid TB_FW_CONFIG loaded\n"); + return; + } + + err = arm_dyn_get_disable_auth((void *)config_base, tb_fw_node, &disable_auth); + if (err < 0) + return; + + if (disable_auth == 1) + dyn_disable_auth(); +#endif } /* @@ -104,6 +122,18 @@ void arm_bl2_dyn_cfg_init(void) /* Remove the IMAGE_ATTRIB_SKIP_LOADING attribute from HW_CONFIG node */ hw_cfg_mem_params->image_info.h.attr &= ~IMAGE_ATTRIB_SKIP_LOADING; + +#if TRUSTED_BOARD_BOOT && defined(DYN_DISABLE_AUTH) + uint32_t disable_auth = 0; + + err = arm_dyn_get_disable_auth((void *)tb_fw_cfg_dtb, tb_fw_node, + &disable_auth); + if (err < 0) + return; + + if (disable_auth == 1) + dyn_disable_auth(); +#endif } #endif /* LOAD_IMAGE_V2 */ diff --git a/plat/arm/common/arm_dyn_cfg_helpers.c b/plat/arm/common/arm_dyn_cfg_helpers.c index 9ba51a3e1..e37e7e722 100644 --- a/plat/arm/common/arm_dyn_cfg_helpers.c +++ b/plat/arm/common/arm_dyn_cfg_helpers.c @@ -63,6 +63,51 @@ int arm_dyn_get_hwconfig_info(void *dtb, int node, return 0; } +/******************************************************************************* + * Helper to read the `disable_auth` property in config DTB. This function + * expects the following properties to be present in the config DTB. + * name : disable_auth size : 1 cell + * + * Arguments: + * void *dtb - pointer to the TB_FW_CONFIG in memory + * int node - The node offset to appropriate node in the + * DTB. + * uint64_t *disable_auth - The value of `disable_auth` property on + * successful read. Must be 0 or 1. + * + * Returns 0 on success and -1 on error. + ******************************************************************************/ +int arm_dyn_get_disable_auth(void *dtb, int node, uint32_t *disable_auth) +{ + int err; + + assert(dtb != NULL); + assert(disable_auth != NULL); + + /* Check if the pointer to DT is correct */ + assert(fdt_check_header(dtb) == 0); + + /* Assert the node offset point to "arm,tb_fw" compatible property */ + assert(node == fdt_node_offset_by_compatible(dtb, -1, "arm,tb_fw")); + + /* Locate the disable_auth cell and read the value */ + err = fdtw_read_cells(dtb, node, "disable_auth", 1, disable_auth); + if (err < 0) { + WARN("Read cell failed for `disable_auth`\n"); + return -1; + } + + /* Check if the value is boolean */ + if (*disable_auth != 0 && *disable_auth != 1) { + WARN("Invalid value for `disable_auth` cell %d\n", *disable_auth); + return -1; + } + + VERBOSE("Dyn cfg: `disable_auth` cell found with value = %d\n", + *disable_auth); + return 0; +} + /******************************************************************************* * Validate the tb_fw_config is a valid DTB file and returns the node offset * to "arm,tb_fw" property. -- cgit v1.2.3 From 17bc617e80e2b31ddaa65215526c556c23ca1374 Mon Sep 17 00:00:00 2001 From: Soby Mathew Date: Thu, 29 Mar 2018 14:29:55 +0100 Subject: Dynamic cfg: Enable support on CoT for other configs This patch implements support for adding dynamic configurations for BL31 (soc_fw_config), BL32 (tos_fw_config) and BL33 (nt_fw_config). The necessary cert tool support and changes to default chain of trust are made for these configs. Change-Id: I25f266277b5b5501a196d2f2f79639d838794518 Signed-off-by: Soby Mathew --- drivers/auth/tbbr/tbbr_cot.c | 75 ++++++++++++++++++++++++++++ include/tools_share/firmware_image_package.h | 6 +++ include/tools_share/tbbr_oid.h | 8 ++- tools/cert_create/include/cert.h | 2 +- tools/cert_create/include/tbbr/tbb_ext.h | 3 ++ tools/cert_create/src/tbbr/tbb_cert.c | 15 +++--- tools/cert_create/src/tbbr/tbb_ext.c | 30 +++++++++++ tools/fiptool/tbbr_config.c | 15 ++++++ 8 files changed, 145 insertions(+), 9 deletions(-) diff --git a/drivers/auth/tbbr/tbbr_cot.c b/drivers/auth/tbbr/tbbr_cot.c index 6ad00592d..a950a7a8d 100644 --- a/drivers/auth/tbbr/tbbr_cot.c +++ b/drivers/auth/tbbr/tbbr_cot.c @@ -38,6 +38,9 @@ static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN]; static unsigned char trusted_world_pk_buf[PK_DER_LEN]; static unsigned char non_trusted_world_pk_buf[PK_DER_LEN]; static unsigned char content_pk_buf[PK_DER_LEN]; +static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN]; +static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN]; +static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN]; /* * Parameter type descriptors @@ -80,14 +83,20 @@ static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC( AUTH_PARAM_HASH, SCP_FW_HASH_OID); static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC( AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID); +static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC( + AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID); static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC( AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID); +static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC( + AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID); static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC( AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID); static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC( AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID); static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC( AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID); +static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC( + AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID); static auth_param_type_desc_t scp_bl2u_hash = AUTH_PARAM_TYPE_DESC( AUTH_PARAM_HASH, SCP_FWU_CFG_HASH_OID); static auth_param_type_desc_t bl2u_hash = AUTH_PARAM_TYPE_DESC( @@ -379,6 +388,13 @@ static const auth_img_desc_t cot_desc[] = { .ptr = (void *)soc_fw_hash_buf, .len = (unsigned int)HASH_DER_LEN } + }, + [1] = { + .type_desc = &soc_fw_config_hash, + .data = { + .ptr = (void *)soc_fw_config_hash_buf, + .len = (unsigned int)HASH_DER_LEN + } } } }, @@ -396,6 +412,21 @@ static const auth_img_desc_t cot_desc[] = { } } }, + /* SOC FW Config */ + [SOC_FW_CONFIG_ID] = { + .img_id = SOC_FW_CONFIG_ID, + .img_type = IMG_RAW, + .parent = &cot_desc[SOC_FW_CONTENT_CERT_ID], + .img_auth_methods = { + [0] = { + .type = AUTH_METHOD_HASH, + .param.hash = { + .data = &raw_data, + .hash = &soc_fw_config_hash, + } + } + } + }, /* * Trusted OS Firmware */ @@ -474,6 +505,13 @@ static const auth_img_desc_t cot_desc[] = { .ptr = (void *)tos_fw_extra2_hash_buf, .len = (unsigned int)HASH_DER_LEN } + }, + [3] = { + .type_desc = &tos_fw_config_hash, + .data = { + .ptr = (void *)tos_fw_config_hash_buf, + .len = (unsigned int)HASH_DER_LEN + } } } }, @@ -519,6 +557,21 @@ static const auth_img_desc_t cot_desc[] = { } } }, + /* TOS FW Config */ + [TOS_FW_CONFIG_ID] = { + .img_id = TOS_FW_CONFIG_ID, + .img_type = IMG_RAW, + .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID], + .img_auth_methods = { + [0] = { + .type = AUTH_METHOD_HASH, + .param.hash = { + .data = &raw_data, + .hash = &tos_fw_config_hash, + } + } + } + }, /* * Non-Trusted Firmware */ @@ -583,6 +636,13 @@ static const auth_img_desc_t cot_desc[] = { .ptr = (void *)nt_world_bl_hash_buf, .len = (unsigned int)HASH_DER_LEN } + }, + [1] = { + .type_desc = &nt_fw_config_hash, + .data = { + .ptr = (void *)nt_fw_config_hash_buf, + .len = (unsigned int)HASH_DER_LEN + } } } }, @@ -600,6 +660,21 @@ static const auth_img_desc_t cot_desc[] = { } } }, + /* NT FW Config */ + [NT_FW_CONFIG_ID] = { + .img_id = NT_FW_CONFIG_ID, + .img_type = IMG_RAW, + .parent = &cot_desc[NON_TRUSTED_FW_CONTENT_CERT_ID], + .img_auth_methods = { + [0] = { + .type = AUTH_METHOD_HASH, + .param.hash = { + .data = &raw_data, + .hash = &nt_fw_config_hash, + } + } + } + }, /* * FWU auth descriptor. */ diff --git a/include/tools_share/firmware_image_package.h b/include/tools_share/firmware_image_package.h index b7fac07f6..f25855523 100644 --- a/include/tools_share/firmware_image_package.h +++ b/include/tools_share/firmware_image_package.h @@ -68,6 +68,12 @@ {0xd9f1b808, 0xcfc9, 0x4993, 0xa9, 0x62, {0x6f, 0xbc, 0x6b, 0x72, 0x65, 0xcc} } #define UUID_TB_FW_CONFIG \ {0xff58046c, 0x6baf, 0x4f7d, 0x82, 0xed, {0xaa, 0x27, 0xbc, 0x69, 0xbf, 0xd2} } +#define UUID_SOC_FW_CONFIG \ + {0x4b817999, 0x7603, 0x46fb, 0x8c, 0x8e, {0x8d, 0x26, 0x7f, 0x78, 0x59, 0xe0} } +#define UUID_TOS_FW_CONFIG \ + {0x1a7c2526, 0xc6bd, 0x477f, 0x8d, 0x96, {0xc4, 0xc4, 0xb0, 0x24, 0x80, 0x21} } +#define UUID_NT_FW_CONFIG \ + {0x1598da28, 0xe893, 0x447e, 0xac, 0x66, {0x1a, 0xaf, 0x80, 0x15, 0x50, 0xf9} } typedef struct fip_toc_header { uint32_t name; diff --git a/include/tools_share/tbbr_oid.h b/include/tools_share/tbbr_oid.h index 18ddbdc2a..b0b95e420 100644 --- a/include/tools_share/tbbr_oid.h +++ b/include/tools_share/tbbr_oid.h @@ -75,7 +75,6 @@ /* SoCFirmwareContentCertPK */ #define SOC_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.501" - /* * SoC Firmware Content Certificate */ @@ -86,7 +85,8 @@ #define SOC_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.602" /* SoCAPFirmwareHash - BL31 */ #define SOC_AP_FW_HASH_OID "1.3.6.1.4.1.4128.2100.603" - +/* SoCFirmwareConfigHash = SOC_FW_CONFIG */ +#define SOC_FW_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.604" /* * SCP Firmware Key Certificate @@ -124,6 +124,8 @@ #define TRUSTED_OS_FW_EXTRA1_HASH_OID "1.3.6.1.4.1.4128.2100.1002" /* TrustedOSExtra2FirmwareHash - BL32 Extra2 */ #define TRUSTED_OS_FW_EXTRA2_HASH_OID "1.3.6.1.4.1.4128.2100.1003" +/* TrustedOSFirmwareConfigHash - TOS_FW_CONFIG */ +#define TRUSTED_OS_FW_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.1004" /* @@ -140,5 +142,7 @@ /* NonTrustedWorldBootloaderHash - BL33 */ #define NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID "1.3.6.1.4.1.4128.2100.1201" +/* NonTrustedFirmwareConfigHash - NT_FW_CONFIG */ +#define NON_TRUSTED_FW_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.1202" #endif /* __TBBR_OID_H__ */ diff --git a/tools/cert_create/include/cert.h b/tools/cert_create/include/cert.h index 9b4ef5af6..07bb3379a 100644 --- a/tools/cert_create/include/cert.h +++ b/tools/cert_create/include/cert.h @@ -12,7 +12,7 @@ #include "ext.h" #include "key.h" -#define CERT_MAX_EXT 4 +#define CERT_MAX_EXT 5 /* * This structure contains information related to the generation of the diff --git a/tools/cert_create/include/tbbr/tbb_ext.h b/tools/cert_create/include/tbbr/tbb_ext.h index 5b427d352..075d5f3bf 100644 --- a/tools/cert_create/include/tbbr/tbb_ext.h +++ b/tools/cert_create/include/tbbr/tbb_ext.h @@ -21,12 +21,15 @@ enum { SCP_FW_HASH_EXT, SOC_FW_CONTENT_CERT_PK_EXT, SOC_AP_FW_HASH_EXT, + SOC_FW_CONFIG_HASH_EXT, TRUSTED_OS_FW_CONTENT_CERT_PK_EXT, TRUSTED_OS_FW_HASH_EXT, TRUSTED_OS_FW_EXTRA1_HASH_EXT, TRUSTED_OS_FW_EXTRA2_HASH_EXT, + TRUSTED_OS_FW_CONFIG_HASH_EXT, NON_TRUSTED_FW_CONTENT_CERT_PK_EXT, NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT, + NON_TRUSTED_FW_CONFIG_HASH_EXT, SCP_FWU_CFG_HASH_EXT, AP_FWU_CFG_HASH_EXT, FWU_HASH_EXT diff --git a/tools/cert_create/src/tbbr/tbb_cert.c b/tools/cert_create/src/tbbr/tbb_cert.c index 325b46223..7fb32d82c 100644 --- a/tools/cert_create/src/tbbr/tbb_cert.c +++ b/tools/cert_create/src/tbbr/tbb_cert.c @@ -99,9 +99,10 @@ static cert_t tbb_certs[] = { .issuer = SOC_FW_CONTENT_CERT, .ext = { TRUSTED_FW_NVCOUNTER_EXT, - SOC_AP_FW_HASH_EXT + SOC_AP_FW_HASH_EXT, + SOC_FW_CONFIG_HASH_EXT, }, - .num_ext = 2 + .num_ext = 3 }, [TRUSTED_OS_FW_KEY_CERT] = { .id = TRUSTED_OS_FW_KEY_CERT, @@ -129,9 +130,10 @@ static cert_t tbb_certs[] = { TRUSTED_FW_NVCOUNTER_EXT, TRUSTED_OS_FW_HASH_EXT, TRUSTED_OS_FW_EXTRA1_HASH_EXT, - TRUSTED_OS_FW_EXTRA2_HASH_EXT + TRUSTED_OS_FW_EXTRA2_HASH_EXT, + TRUSTED_OS_FW_CONFIG_HASH_EXT, }, - .num_ext = 4 + .num_ext = 5 }, [NON_TRUSTED_FW_KEY_CERT] = { .id = NON_TRUSTED_FW_KEY_CERT, @@ -157,9 +159,10 @@ static cert_t tbb_certs[] = { .issuer = NON_TRUSTED_FW_CONTENT_CERT, .ext = { NON_TRUSTED_FW_NVCOUNTER_EXT, - NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT + NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT, + NON_TRUSTED_FW_CONFIG_HASH_EXT, }, - .num_ext = 2 + .num_ext = 3 }, [FWU_CERT] = { .id = FWU_CERT, diff --git a/tools/cert_create/src/tbbr/tbb_ext.c b/tools/cert_create/src/tbbr/tbb_ext.c index 5f2cec192..d0038a2bd 100644 --- a/tools/cert_create/src/tbbr/tbb_ext.c +++ b/tools/cert_create/src/tbbr/tbb_ext.c @@ -123,6 +123,16 @@ static ext_t tbb_ext[] = { .asn1_type = V_ASN1_OCTET_STRING, .type = EXT_TYPE_HASH }, + [SOC_FW_CONFIG_HASH_EXT] = { + .oid = SOC_FW_CONFIG_HASH_OID, + .opt = "soc-fw-config", + .help_msg = "SoC Firmware Config file", + .sn = "SocFirmwareConfigHash", + .ln = "SoC Firmware Config hash", + .asn1_type = V_ASN1_OCTET_STRING, + .type = EXT_TYPE_HASH, + .optional = 1 + }, [TRUSTED_OS_FW_CONTENT_CERT_PK_EXT] = { .oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID, .sn = "TrustedOSFirmwareContentCertPK", @@ -160,6 +170,16 @@ static ext_t tbb_ext[] = { .type = EXT_TYPE_HASH, .optional = 1 }, + [TRUSTED_OS_FW_CONFIG_HASH_EXT] = { + .oid = TRUSTED_OS_FW_CONFIG_HASH_OID, + .opt = "tos-fw-config", + .help_msg = "Trusted OS Firmware Config file", + .sn = "TrustedOSFirmwareConfigHash", + .ln = "Trusted OS Firmware Config hash", + .asn1_type = V_ASN1_OCTET_STRING, + .type = EXT_TYPE_HASH, + .optional = 1 + }, [NON_TRUSTED_FW_CONTENT_CERT_PK_EXT] = { .oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID, .sn = "NonTrustedFirmwareContentCertPK", @@ -177,6 +197,16 @@ static ext_t tbb_ext[] = { .asn1_type = V_ASN1_OCTET_STRING, .type = EXT_TYPE_HASH }, + [NON_TRUSTED_FW_CONFIG_HASH_EXT] = { + .oid = NON_TRUSTED_FW_CONFIG_HASH_OID, + .opt = "nt-fw-config", + .help_msg = "Non Trusted OS Firmware Config file", + .sn = "NonTrustedOSFirmwareConfigHash", + .ln = "Non-Trusted OS Firmware Config hash", + .asn1_type = V_ASN1_OCTET_STRING, + .type = EXT_TYPE_HASH, + .optional = 1 + }, [SCP_FWU_CFG_HASH_EXT] = { .oid = SCP_FWU_CFG_HASH_OID, .opt = "scp-fwu-cfg", diff --git a/tools/fiptool/tbbr_config.c b/tools/fiptool/tbbr_config.c index 2c0adcd22..c7df243a7 100644 --- a/tools/fiptool/tbbr_config.c +++ b/tools/fiptool/tbbr_config.c @@ -78,6 +78,21 @@ toc_entry_t toc_entries[] = { .uuid = UUID_TB_FW_CONFIG, .cmdline_name = "tb-fw-config" }, + { + .name = "SOC_FW_CONFIG", + .uuid = UUID_SOC_FW_CONFIG, + .cmdline_name = "soc-fw-config" + }, + { + .name = "TOS_FW_CONFIG", + .uuid = UUID_TOS_FW_CONFIG, + .cmdline_name = "tos-fw-config" + }, + { + .name = "NT_FW_CONFIG", + .uuid = UUID_NT_FW_CONFIG, + .cmdline_name = "nt-fw-config" + }, /* Key Certificates */ { .name = "Root Of Trust key certificate", -- cgit v1.2.3 From 1d71ba141d32c9e8974d4e3e973a90fd0c6bf458 Mon Sep 17 00:00:00 2001 From: Soby Mathew Date: Wed, 4 Apr 2018 09:40:32 +0100 Subject: FVP: Add dummy configs for BL31, BL32 and BL33 This patch adds soc_fw_config, tos_fw_config and nt_fw_config to the FVP. The config files are placeholders and do not have any useful bindings defined. The tos_fw_config is packaged in FIP and loaded by BL2 only if SPD=tspd. The load address of these configs are specified in tb_fw_config via new bindings defined for these configs. Currently, in FVP, the soc_fw_config and tos_fw_config is loaded in the page between BL2_BASE and ARM_SHARED_RAM. This memory was typically used for BL32 when ARM_TSP_RAM_LOCATION=tsram but since we cannot fit BL32 in that space anymore, it should be safe to use this memory for these configs. There is also a runtime check in arm_bl2_dyn_cfg_init() which ensures that this overlap doesn't happen. The previous arm_dyn_get_hwconfig_info() is modified to accept configs other than hw_config and hence renamed to arm_dyn_get_config_load_info(). The patch also corrects the definition of ARM_TB_FW_CONFIG_LIMIT to be BL2_BASE. Change-Id: I03a137d9fa1f92c862c254be808b8330cfd17a5a Signed-off-by: Soby Mathew --- include/plat/arm/board/common/board_arm_def.h | 2 +- include/plat/arm/common/arm_def.h | 2 +- include/plat/arm/common/arm_dyn_cfg_helpers.h | 4 +- plat/arm/board/fvp/fdts/fvp_nt_fw_config.dts | 11 +++ plat/arm/board/fvp/fdts/fvp_soc_fw_config.dts | 11 +++ plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts | 14 +++- plat/arm/board/fvp/fdts/fvp_tsp_fw_config.dts | 11 +++ plat/arm/board/fvp/platform.mk | 21 +++++- plat/arm/common/aarch64/arm_bl2_mem_params_desc.c | 28 ++++++++ plat/arm/common/arm_dyn_cfg.c | 85 +++++++++++++++++------ plat/arm/common/arm_dyn_cfg_helpers.c | 64 ++++++++++++----- plat/arm/common/arm_io_storage.c | 27 +++++++ 12 files changed, 235 insertions(+), 45 deletions(-) create mode 100644 plat/arm/board/fvp/fdts/fvp_nt_fw_config.dts create mode 100644 plat/arm/board/fvp/fdts/fvp_soc_fw_config.dts create mode 100644 plat/arm/board/fvp/fdts/fvp_tsp_fw_config.dts diff --git a/include/plat/arm/board/common/board_arm_def.h b/include/plat/arm/board/common/board_arm_def.h index 845f14037..ad6b4f8f5 100644 --- a/include/plat/arm/board/common/board_arm_def.h +++ b/include/plat/arm/board/common/board_arm_def.h @@ -87,7 +87,7 @@ #if TRUSTED_BOARD_BOOT # define PLAT_ARM_MAX_BL2_SIZE 0x1E000 #else -# define PLAT_ARM_MAX_BL2_SIZE 0xF000 +# define PLAT_ARM_MAX_BL2_SIZE 0x10000 #endif /* diff --git a/include/plat/arm/common/arm_def.h b/include/plat/arm/common/arm_def.h index 4473b5355..18390d6a7 100644 --- a/include/plat/arm/common/arm_def.h +++ b/include/plat/arm/common/arm_def.h @@ -317,7 +317,7 @@ * and limit. Leave enough space of BL2 meminfo. */ #define ARM_TB_FW_CONFIG_BASE ARM_BL_RAM_BASE + sizeof(meminfo_t) -#define ARM_TB_FW_CONFIG_LIMIT BL2_LIMIT +#define ARM_TB_FW_CONFIG_LIMIT BL2_BASE /******************************************************************************* * BL1 specific defines. diff --git a/include/plat/arm/common/arm_dyn_cfg_helpers.h b/include/plat/arm/common/arm_dyn_cfg_helpers.h index 826924de0..382ec6011 100644 --- a/include/plat/arm/common/arm_dyn_cfg_helpers.h +++ b/include/plat/arm/common/arm_dyn_cfg_helpers.h @@ -9,8 +9,8 @@ #include /* Function declaration */ -int arm_dyn_get_hwconfig_info(void *dtb, int node, - uint64_t *hw_config_addr, uint32_t *hw_config_size); +int arm_dyn_get_config_load_info(void *dtb, int node, unsigned int config_id, + uint64_t *config_addr, uint32_t *config_size); int arm_dyn_tb_fw_cfg_init(void *dtb, int *node); int arm_dyn_get_disable_auth(void *dtb, int node, uint32_t *disable_auth); diff --git a/plat/arm/board/fvp/fdts/fvp_nt_fw_config.dts b/plat/arm/board/fvp/fdts/fvp_nt_fw_config.dts new file mode 100644 index 000000000..7ab980b1b --- /dev/null +++ b/plat/arm/board/fvp/fdts/fvp_nt_fw_config.dts @@ -0,0 +1,11 @@ +/* + * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/dts-v1/; + +/ { + +}; diff --git a/plat/arm/board/fvp/fdts/fvp_soc_fw_config.dts b/plat/arm/board/fvp/fdts/fvp_soc_fw_config.dts new file mode 100644 index 000000000..7ab980b1b --- /dev/null +++ b/plat/arm/board/fvp/fdts/fvp_soc_fw_config.dts @@ -0,0 +1,11 @@ +/* + * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/dts-v1/; + +/ { + +}; diff --git a/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts b/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts index fb7e2c51a..716b02377 100644 --- a/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts +++ b/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts @@ -13,6 +13,18 @@ hw_config_addr = <0x0 0x82000000>; hw_config_max_size = <0x01000000>; /* Disable authentication for development */ - disable_auth = <0x0>; + disable_auth = <0x1>; + /* + * Load SoC and TOS firmware configs at the base of + * non shared SRAM. The runtime checks ensure we don't + * overlap BL2, BL31 or BL32. The NT firmware config + * is loaded at base of DRAM. + */ + soc_fw_config_addr = <0x0 0x04001000>; + soc_fw_config_max_size = <0x200>; + tos_fw_config_addr = <0x0 0x04001200>; + tos_fw_config_max_size = <0x200>; + nt_fw_config_addr = <0x0 0x80000000>; + nt_fw_config_max_size = <0x200>; }; }; diff --git a/plat/arm/board/fvp/fdts/fvp_tsp_fw_config.dts b/plat/arm/board/fvp/fdts/fvp_tsp_fw_config.dts new file mode 100644 index 000000000..7ab980b1b --- /dev/null +++ b/plat/arm/board/fvp/fdts/fvp_tsp_fw_config.dts @@ -0,0 +1,11 @@ +/* + * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/dts-v1/; + +/ { + +}; diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk index c5e33d2c6..f807dc6e4 100644 --- a/plat/arm/board/fvp/platform.mk +++ b/plat/arm/board/fvp/platform.mk @@ -166,11 +166,30 @@ BL31_SOURCES += drivers/arm/smmu/smmu_v3.c \ # Add the FDT_SOURCES and options for Dynamic Config (only for Unix env) ifdef UNIX_MK FVP_HW_CONFIG_DTS := fdts/${FVP_DT_PREFIX}.dts -FDT_SOURCES += plat/arm/board/fvp/fdts/${PLAT}_tb_fw_config.dts +FDT_SOURCES += $(addprefix plat/arm/board/fvp/fdts/, \ + ${PLAT}_tb_fw_config.dts \ + ${PLAT}_soc_fw_config.dts \ + ${PLAT}_nt_fw_config.dts \ + ) + FVP_TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb +FVP_SOC_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_soc_fw_config.dtb +FVP_NT_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_nt_fw_config.dtb + +ifeq (${SPD},tspd) +FDT_SOURCES += plat/arm/board/fvp/fdts/${PLAT}_tsp_fw_config.dts +FVP_TOS_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tsp_fw_config.dtb + +# Add the TOS_FW_CONFIG to FIP and specify the same to certtool +$(eval $(call TOOL_ADD_PAYLOAD,${FVP_TOS_FW_CONFIG},--tos-fw-config)) +endif # Add the TB_FW_CONFIG to FIP and specify the same to certtool $(eval $(call TOOL_ADD_PAYLOAD,${FVP_TB_FW_CONFIG},--tb-fw-config)) +# Add the SOC_FW_CONFIG to FIP and specify the same to certtool +$(eval $(call TOOL_ADD_PAYLOAD,${FVP_SOC_FW_CONFIG},--soc-fw-config)) +# Add the NT_FW_CONFIG to FIP and specify the same to certtool +$(eval $(call TOOL_ADD_PAYLOAD,${FVP_NT_FW_CONFIG},--nt-fw-config)) FDT_SOURCES += ${FVP_HW_CONFIG_DTS} $(eval FVP_HW_CONFIG := ${BUILD_PLAT}/$(patsubst %.dts,%.dtb,$(FVP_HW_CONFIG_DTS))) diff --git a/plat/arm/common/aarch64/arm_bl2_mem_params_desc.c b/plat/arm/common/aarch64/arm_bl2_mem_params_desc.c index fef01c9d2..8e6d00d05 100644 --- a/plat/arm/common/aarch64/arm_bl2_mem_params_desc.c +++ b/plat/arm/common/aarch64/arm_bl2_mem_params_desc.c @@ -91,6 +91,15 @@ static bl_mem_params_node_t bl2_mem_params_descs[] = { VERSION_2, image_info_t, IMAGE_ATTRIB_SKIP_LOADING), .next_handoff_image_id = INVALID_IMAGE_ID, }, + /* Fill SOC_FW_CONFIG related information */ + { + .image_id = SOC_FW_CONFIG_ID, + SET_STATIC_PARAM_HEAD(ep_info, PARAM_IMAGE_BINARY, + VERSION_2, entry_point_info_t, SECURE | NON_EXECUTABLE), + SET_STATIC_PARAM_HEAD(image_info, PARAM_IMAGE_BINARY, + VERSION_2, image_info_t, IMAGE_ATTRIB_SKIP_LOADING), + .next_handoff_image_id = INVALID_IMAGE_ID, + }, # ifdef BL32_BASE /* Fill BL32 related information */ { @@ -144,6 +153,16 @@ static bl_mem_params_node_t bl2_mem_params_descs[] = { #endif .next_handoff_image_id = INVALID_IMAGE_ID, }, + + /* Fill TOS_FW_CONFIG related information */ + { + .image_id = TOS_FW_CONFIG_ID, + SET_STATIC_PARAM_HEAD(ep_info, PARAM_IMAGE_BINARY, + VERSION_2, entry_point_info_t, SECURE | NON_EXECUTABLE), + SET_STATIC_PARAM_HEAD(image_info, PARAM_IMAGE_BINARY, + VERSION_2, image_info_t, IMAGE_ATTRIB_SKIP_LOADING), + .next_handoff_image_id = INVALID_IMAGE_ID, + }, # endif /* BL32_BASE */ /* Fill BL33 related information */ @@ -166,6 +185,15 @@ static bl_mem_params_node_t bl2_mem_params_descs[] = { # endif /* PRELOADED_BL33_BASE */ .next_handoff_image_id = INVALID_IMAGE_ID, + }, + /* Fill NT_FW_CONFIG related information */ + { + .image_id = NT_FW_CONFIG_ID, + SET_STATIC_PARAM_HEAD(ep_info, PARAM_IMAGE_BINARY, + VERSION_2, entry_point_info_t, NON_SECURE | NON_EXECUTABLE), + SET_STATIC_PARAM_HEAD(image_info, PARAM_IMAGE_BINARY, + VERSION_2, image_info_t, IMAGE_ATTRIB_SKIP_LOADING), + .next_handoff_image_id = INVALID_IMAGE_ID, } #endif /* EL3_PAYLOAD_BASE */ }; diff --git a/plat/arm/common/arm_dyn_cfg.c b/plat/arm/common/arm_dyn_cfg.c index 33dc08b9e..3f0a9b4cf 100644 --- a/plat/arm/common/arm_dyn_cfg.c +++ b/plat/arm/common/arm_dyn_cfg.c @@ -85,14 +85,25 @@ void arm_bl2_set_tb_cfg_addr(void *dtb) /* * BL2 utility function to initialize dynamic configuration specified by - * TB_FW_CONFIG. Return early if TB_FW_CONFIG is not found or HW_CONFIG is - * not specified in TB_FW_CONFIG. + * TB_FW_CONFIG. Populate the bl_mem_params_node_t of other FW_CONFIGs if + * specified in TB_FW_CONFIG. */ void arm_bl2_dyn_cfg_init(void) { - int err = 0; - int tb_fw_node; - bl_mem_params_node_t *hw_cfg_mem_params = NULL; + int err = 0, tb_fw_node; + unsigned int i; + bl_mem_params_node_t *cfg_mem_params = NULL; + uint64_t image_base; + uint32_t image_size; + const unsigned int config_ids[] = { + HW_CONFIG_ID, + SOC_FW_CONFIG_ID, + NT_FW_CONFIG_ID, +#ifdef SPD_tspd + /* Currently tos_fw_config is only present for TSP */ + TOS_FW_CONFIG_ID +#endif + }; if (tb_fw_cfg_dtb == NULL) { VERBOSE("No TB_FW_CONFIG specified\n"); @@ -105,23 +116,57 @@ void arm_bl2_dyn_cfg_init(void) panic(); } - /* Get the hw_config load address and size from TB_FW_CONFIG */ - hw_cfg_mem_params = get_bl_mem_params_node(HW_CONFIG_ID); - if (hw_cfg_mem_params == NULL) { - VERBOSE("Couldn't find HW_CONFIG in bl_mem_params_node\n"); - return; - } + /* Iterate through all the fw config IDs */ + for (i = 0; i < ARRAY_SIZE(config_ids); i++) { + /* Get the config load address and size from TB_FW_CONFIG */ + cfg_mem_params = get_bl_mem_params_node(config_ids[i]); + if (cfg_mem_params == NULL) { + VERBOSE("Couldn't find HW_CONFIG in bl_mem_params_node\n"); + continue; + } + + err = arm_dyn_get_config_load_info((void *)tb_fw_cfg_dtb, tb_fw_node, + config_ids[i], &image_base, &image_size); + if (err < 0) { + VERBOSE("Couldn't find config_id %d load info in TB_FW_CONFIG\n", + config_ids[i]); + continue; + } + + /* + * Do some runtime checks on the load addresses of soc_fw_config, + * tos_fw_config, nt_fw_config. This is not a comprehensive check + * of all invalid addresses but to prevent trivial porting errors. + */ + if (config_ids[i] != HW_CONFIG_ID) { + + if (check_uptr_overflow(image_base, image_size) != 0) + continue; + + /* Ensure the configs don't overlap with BL2 */ + if ((image_base > BL2_BASE) || ((image_base + image_size) > BL2_BASE)) + continue; + + /* Ensure the configs are loaded in a valid address */ + if (image_base < ARM_BL_RAM_BASE) + continue; +#ifdef BL32_BASE + /* + * If BL32 is present, ensure that the configs don't + * overlap with it. + */ + if (image_base >= BL32_BASE && image_base <= BL32_LIMIT) + continue; +#endif + } - err = arm_dyn_get_hwconfig_info((void *)tb_fw_cfg_dtb, tb_fw_node, - (uint64_t *) &hw_cfg_mem_params->image_info.image_base, - &hw_cfg_mem_params->image_info.image_max_size); - if (err < 0) { - VERBOSE("Couldn't find HW_CONFIG load info in TB_FW_CONFIG\n"); - return; - } - /* Remove the IMAGE_ATTRIB_SKIP_LOADING attribute from HW_CONFIG node */ - hw_cfg_mem_params->image_info.h.attr &= ~IMAGE_ATTRIB_SKIP_LOADING; + cfg_mem_params->image_info.image_base = (uintptr_t)image_base; + cfg_mem_params->image_info.image_max_size = image_size; + + /* Remove the IMAGE_ATTRIB_SKIP_LOADING attribute from HW_CONFIG node */ + cfg_mem_params->image_info.h.attr &= ~IMAGE_ATTRIB_SKIP_LOADING; + } #if TRUSTED_BOARD_BOOT && defined(DYN_DISABLE_AUTH) uint32_t disable_auth = 0; diff --git a/plat/arm/common/arm_dyn_cfg_helpers.c b/plat/arm/common/arm_dyn_cfg_helpers.c index e37e7e722..5a7e20ac8 100644 --- a/plat/arm/common/arm_dyn_cfg_helpers.c +++ b/plat/arm/common/arm_dyn_cfg_helpers.c @@ -11,31 +11,57 @@ #include #include + +typedef struct config_load_info_prop { + unsigned int config_id; + const char *config_addr; + const char *config_max_size; +} config_load_info_prop_t; + +static const config_load_info_prop_t prop_names[] = { + {HW_CONFIG_ID, "hw_config_addr", "hw_config_max_size"}, + {SOC_FW_CONFIG_ID, "soc_fw_config_addr", "soc_fw_config_max_size"}, + {TOS_FW_CONFIG_ID, "tos_fw_config_addr", "tos_fw_config_max_size"}, + {NT_FW_CONFIG_ID, "nt_fw_config_addr", "nt_fw_config_max_size"} +}; + /******************************************************************************* - * Helper to read the `hw_config` property in config DTB. This function - * expects the following properties to be present in the config DTB. - * name : hw_config_addr size : 2 cells - * name : hw_config_max_size size : 1 cell + * Helper to read the load information corresponding to the `config_id` in + * TB_FW_CONFIG. This function expects the following properties to be defined : + * _addr size : 2 cells + * _max_size size : 1 cell * * Arguments: * void *dtb - pointer to the TB_FW_CONFIG in memory * int node - The node offset to appropriate node in the * DTB. - * uint64_t *hw_config_addr - Returns the `hw_config` load address if read + * unsigned int config_id - The configuration id + * uint64_t *config_addr - Returns the `config` load address if read * is successful. - * uint32_t *hw_config_size - Returns the `hw_config` size if read is + * uint32_t *config_size - Returns the `config` size if read is * successful. * * Returns 0 on success and -1 on error. ******************************************************************************/ -int arm_dyn_get_hwconfig_info(void *dtb, int node, - uint64_t *hw_config_addr, uint32_t *hw_config_size) +int arm_dyn_get_config_load_info(void *dtb, int node, unsigned int config_id, + uint64_t *config_addr, uint32_t *config_size) { int err; + unsigned int i; assert(dtb != NULL); - assert(hw_config_addr != NULL); - assert(hw_config_size != NULL); + assert(config_addr != NULL); + assert(config_size != NULL); + + for (i = 0; i < ARRAY_SIZE(prop_names); i++) { + if (prop_names[i].config_id == config_id) + break; + } + + if (i == ARRAY_SIZE(prop_names)) { + WARN("Invalid config id %d\n", config_id); + return -1; + } /* Check if the pointer to DT is correct */ assert(fdt_check_header(dtb) == 0); @@ -43,22 +69,22 @@ int arm_dyn_get_hwconfig_info(void *dtb, int node, /* Assert the node offset point to "arm,tb_fw" compatible property */ assert(node == fdt_node_offset_by_compatible(dtb, -1, "arm,tb_fw")); - err = fdtw_read_cells(dtb, node, "hw_config_addr", 2, - (void *) hw_config_addr); + err = fdtw_read_cells(dtb, node, prop_names[i].config_addr, 2, + (void *) config_addr); if (err < 0) { - WARN("Read cell failed for hw_config_addr\n"); + WARN("Read cell failed for %s\n", prop_names[i].config_addr); return -1; } - err = fdtw_read_cells(dtb, node, "hw_config_max_size", 1, - (void *) hw_config_size); + err = fdtw_read_cells(dtb, node, prop_names[i].config_max_size, 1, + (void *) config_size); if (err < 0) { - WARN("Read cell failed for hw_config_max_size\n"); + WARN("Read cell failed for %s\n", prop_names[i].config_max_size); return -1; } - VERBOSE("Dyn cfg: Read hw_config address from TB_FW_CONFIG 0x%p %p\n", - hw_config_addr, hw_config_size); + VERBOSE("Dyn cfg: Read config_id %d load info from TB_FW_CONFIG 0x%llx 0x%x\n", + config_id, (unsigned long long)*config_addr, *config_size); return 0; } @@ -98,7 +124,7 @@ int arm_dyn_get_disable_auth(void *dtb, int node, uint32_t *disable_auth) } /* Check if the value is boolean */ - if (*disable_auth != 0 && *disable_auth != 1) { + if ((*disable_auth != 0U) && (*disable_auth != 1U)) { WARN("Invalid value for `disable_auth` cell %d\n", *disable_auth); return -1; } diff --git a/plat/arm/common/arm_io_storage.c b/plat/arm/common/arm_io_storage.c index 652f5e95e..cd58e4564 100644 --- a/plat/arm/common/arm_io_storage.c +++ b/plat/arm/common/arm_io_storage.c @@ -63,6 +63,18 @@ static const io_uuid_spec_t hw_config_uuid_spec = { .uuid = UUID_HW_CONFIG, }; +static const io_uuid_spec_t soc_fw_config_uuid_spec = { + .uuid = UUID_SOC_FW_CONFIG, +}; + +static const io_uuid_spec_t tos_fw_config_uuid_spec = { + .uuid = UUID_TOS_FW_CONFIG, +}; + +static const io_uuid_spec_t nt_fw_config_uuid_spec = { + .uuid = UUID_NT_FW_CONFIG, +}; + #if TRUSTED_BOARD_BOOT static const io_uuid_spec_t tb_fw_cert_uuid_spec = { .uuid = UUID_TRUSTED_BOOT_FW_CERT, @@ -167,6 +179,21 @@ static const struct plat_io_policy policies[] = { (uintptr_t)&hw_config_uuid_spec, open_fip }, + [SOC_FW_CONFIG_ID] = { + &fip_dev_handle, + (uintptr_t)&soc_fw_config_uuid_spec, + open_fip + }, + [TOS_FW_CONFIG_ID] = { + &fip_dev_handle, + (uintptr_t)&tos_fw_config_uuid_spec, + open_fip + }, + [NT_FW_CONFIG_ID] = { + &fip_dev_handle, + (uintptr_t)&nt_fw_config_uuid_spec, + open_fip + }, #if TRUSTED_BOARD_BOOT [TRUSTED_BOOT_FW_CERT_ID] = { &fip_dev_handle, -- cgit v1.2.3