2018-01-15 14:43:42 +00:00
|
|
|
/*
|
|
|
|
* Copyright (c) 2018, ARM Limited and Contributors. All rights reserved.
|
|
|
|
*
|
|
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
*/
|
|
|
|
|
2018-01-15 14:45:33 +00:00
|
|
|
#include <arm_dyn_cfg_helpers.h>
|
2018-01-15 14:43:42 +00:00
|
|
|
#include <assert.h>
|
|
|
|
#include <debug.h>
|
|
|
|
#include <desc_image_load.h>
|
2018-02-21 01:16:39 +00:00
|
|
|
#include <plat_arm.h>
|
2018-01-15 14:43:42 +00:00
|
|
|
#include <platform.h>
|
|
|
|
#include <platform_def.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <tbbr_img_def.h>
|
|
|
|
|
|
|
|
#if LOAD_IMAGE_V2
|
|
|
|
|
2018-01-15 14:45:33 +00:00
|
|
|
/* Variable to store the address to TB_FW_CONFIG passed from BL1 */
|
|
|
|
static void *tb_fw_cfg_dtb;
|
|
|
|
|
2018-01-15 14:43:42 +00:00
|
|
|
/*
|
|
|
|
* Helper function to load TB_FW_CONFIG and populate the load information to
|
|
|
|
* arg0 of BL2 entrypoint info.
|
|
|
|
*/
|
|
|
|
void arm_load_tb_fw_config(void)
|
|
|
|
{
|
|
|
|
int err;
|
|
|
|
uintptr_t config_base = 0;
|
|
|
|
image_desc_t *image_desc;
|
|
|
|
|
|
|
|
image_desc_t arm_tb_fw_info = {
|
|
|
|
.image_id = TB_FW_CONFIG_ID,
|
|
|
|
SET_STATIC_PARAM_HEAD(image_info, PARAM_IMAGE_BINARY,
|
|
|
|
VERSION_2, image_info_t, 0),
|
|
|
|
.image_info.image_base = ARM_TB_FW_CONFIG_BASE,
|
|
|
|
.image_info.image_max_size = ARM_TB_FW_CONFIG_LIMIT - ARM_TB_FW_CONFIG_BASE,
|
|
|
|
};
|
|
|
|
|
|
|
|
VERBOSE("BL1: Loading TB_FW_CONFIG\n");
|
|
|
|
err = load_auth_image(TB_FW_CONFIG_ID, &arm_tb_fw_info.image_info);
|
2018-02-21 01:16:39 +00:00
|
|
|
if (err != 0) {
|
2018-01-15 14:43:42 +00:00
|
|
|
/* Return if TB_FW_CONFIG is not loaded */
|
|
|
|
VERBOSE("Failed to load TB_FW_CONFIG\n");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
config_base = arm_tb_fw_info.image_info.image_base;
|
|
|
|
|
|
|
|
/* The BL2 ep_info arg0 is modified to point to TB_FW_CONFIG */
|
|
|
|
image_desc = bl1_plat_get_image_desc(BL2_IMAGE_ID);
|
2018-02-21 01:16:39 +00:00
|
|
|
assert(image_desc != NULL);
|
2018-01-15 14:43:42 +00:00
|
|
|
image_desc->ep_info.args.arg0 = config_base;
|
|
|
|
|
|
|
|
INFO("BL1: TB_FW_CONFIG loaded at address = %p\n",
|
|
|
|
(void *) config_base);
|
2018-03-26 15:16:46 +01:00
|
|
|
|
|
|
|
#if TRUSTED_BOARD_BOOT && defined(DYN_DISABLE_AUTH)
|
|
|
|
int tb_fw_node;
|
|
|
|
uint32_t disable_auth = 0;
|
|
|
|
|
|
|
|
err = arm_dyn_tb_fw_cfg_init((void *)config_base, &tb_fw_node);
|
|
|
|
if (err < 0) {
|
Panic in BL1 when TB_FW_CONFIG is invalid
In Arm platforms, when using dynamic configuration, the necessary
parameters are made available as a DTB. The DTB is loaded by BL1 and,
later on, is parsed by BL1, BL2 or even both, depending on when
information from the DTB is needed.
When the DTB is going to be parsed, it must be validated first, to
ensure that it is properly structured. If an invalid DTB is detected
then:
- BL1 prints a diagnostic but allows execution to continue,
- BL2 prints a diagnostic and panics.
Now the behaviour of BL1 is changed so for it also to panic. Thus, the
behaviour of BL1 and BL2 is now similar.
Keep in mind that if BL1 only loads the DTB but it doesn't need to
read/write it, then it doesn't validate it. The validation is done only
when the DTB is actually going to be accessed.
Change-Id: Idcae6092e6dbeab7248dd5e041d6cbb7784fe410
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
2018-06-15 11:43:02 +01:00
|
|
|
ERROR("Invalid TB_FW_CONFIG loaded\n");
|
|
|
|
panic();
|
2018-03-26 15:16:46 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
err = arm_dyn_get_disable_auth((void *)config_base, tb_fw_node, &disable_auth);
|
|
|
|
if (err < 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
if (disable_auth == 1)
|
|
|
|
dyn_disable_auth();
|
|
|
|
#endif
|
2018-01-15 14:43:42 +00:00
|
|
|
}
|
|
|
|
|
2018-01-15 14:45:33 +00:00
|
|
|
/*
|
|
|
|
* BL2 utility function to set the address of TB_FW_CONFIG passed from BL1.
|
|
|
|
*/
|
|
|
|
void arm_bl2_set_tb_cfg_addr(void *dtb)
|
|
|
|
{
|
2018-02-21 01:16:39 +00:00
|
|
|
assert(dtb != NULL);
|
2018-01-15 14:45:33 +00:00
|
|
|
tb_fw_cfg_dtb = dtb;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* BL2 utility function to initialize dynamic configuration specified by
|
2018-04-04 09:40:32 +01:00
|
|
|
* TB_FW_CONFIG. Populate the bl_mem_params_node_t of other FW_CONFIGs if
|
|
|
|
* specified in TB_FW_CONFIG.
|
2018-01-15 14:45:33 +00:00
|
|
|
*/
|
|
|
|
void arm_bl2_dyn_cfg_init(void)
|
|
|
|
{
|
2018-04-04 09:40:32 +01:00
|
|
|
int err = 0, tb_fw_node;
|
|
|
|
unsigned int i;
|
|
|
|
bl_mem_params_node_t *cfg_mem_params = NULL;
|
|
|
|
uint64_t image_base;
|
|
|
|
uint32_t image_size;
|
|
|
|
const unsigned int config_ids[] = {
|
|
|
|
HW_CONFIG_ID,
|
|
|
|
SOC_FW_CONFIG_ID,
|
|
|
|
NT_FW_CONFIG_ID,
|
|
|
|
#ifdef SPD_tspd
|
|
|
|
/* Currently tos_fw_config is only present for TSP */
|
|
|
|
TOS_FW_CONFIG_ID
|
|
|
|
#endif
|
|
|
|
};
|
2018-01-15 14:45:33 +00:00
|
|
|
|
|
|
|
if (tb_fw_cfg_dtb == NULL) {
|
|
|
|
VERBOSE("No TB_FW_CONFIG specified\n");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2018-08-23 09:57:54 +01:00
|
|
|
err = arm_dyn_tb_fw_cfg_init(tb_fw_cfg_dtb, &tb_fw_node);
|
2018-01-15 14:45:33 +00:00
|
|
|
if (err < 0) {
|
|
|
|
ERROR("Invalid TB_FW_CONFIG passed from BL1\n");
|
|
|
|
panic();
|
|
|
|
}
|
|
|
|
|
2018-04-04 09:40:32 +01:00
|
|
|
/* Iterate through all the fw config IDs */
|
|
|
|
for (i = 0; i < ARRAY_SIZE(config_ids); i++) {
|
|
|
|
/* Get the config load address and size from TB_FW_CONFIG */
|
|
|
|
cfg_mem_params = get_bl_mem_params_node(config_ids[i]);
|
|
|
|
if (cfg_mem_params == NULL) {
|
|
|
|
VERBOSE("Couldn't find HW_CONFIG in bl_mem_params_node\n");
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2018-08-23 09:57:54 +01:00
|
|
|
err = arm_dyn_get_config_load_info(tb_fw_cfg_dtb, tb_fw_node,
|
2018-04-04 09:40:32 +01:00
|
|
|
config_ids[i], &image_base, &image_size);
|
|
|
|
if (err < 0) {
|
|
|
|
VERBOSE("Couldn't find config_id %d load info in TB_FW_CONFIG\n",
|
|
|
|
config_ids[i]);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Do some runtime checks on the load addresses of soc_fw_config,
|
|
|
|
* tos_fw_config, nt_fw_config. This is not a comprehensive check
|
|
|
|
* of all invalid addresses but to prevent trivial porting errors.
|
|
|
|
*/
|
|
|
|
if (config_ids[i] != HW_CONFIG_ID) {
|
|
|
|
|
|
|
|
if (check_uptr_overflow(image_base, image_size) != 0)
|
|
|
|
continue;
|
|
|
|
|
2018-06-01 16:53:38 +01:00
|
|
|
/* Ensure the configs don't overlap with BL31 */
|
|
|
|
if ((image_base > BL31_BASE) || ((image_base + image_size) > BL31_BASE))
|
2018-04-04 09:40:32 +01:00
|
|
|
continue;
|
|
|
|
|
|
|
|
/* Ensure the configs are loaded in a valid address */
|
|
|
|
if (image_base < ARM_BL_RAM_BASE)
|
|
|
|
continue;
|
|
|
|
#ifdef BL32_BASE
|
|
|
|
/*
|
|
|
|
* If BL32 is present, ensure that the configs don't
|
|
|
|
* overlap with it.
|
|
|
|
*/
|
|
|
|
if (image_base >= BL32_BASE && image_base <= BL32_LIMIT)
|
|
|
|
continue;
|
|
|
|
#endif
|
|
|
|
}
|
2018-01-15 14:45:33 +00:00
|
|
|
|
|
|
|
|
2018-04-04 09:40:32 +01:00
|
|
|
cfg_mem_params->image_info.image_base = (uintptr_t)image_base;
|
|
|
|
cfg_mem_params->image_info.image_max_size = image_size;
|
|
|
|
|
|
|
|
/* Remove the IMAGE_ATTRIB_SKIP_LOADING attribute from HW_CONFIG node */
|
|
|
|
cfg_mem_params->image_info.h.attr &= ~IMAGE_ATTRIB_SKIP_LOADING;
|
|
|
|
}
|
2018-03-26 15:16:46 +01:00
|
|
|
|
|
|
|
#if TRUSTED_BOARD_BOOT && defined(DYN_DISABLE_AUTH)
|
|
|
|
uint32_t disable_auth = 0;
|
|
|
|
|
2018-08-23 09:57:54 +01:00
|
|
|
err = arm_dyn_get_disable_auth(tb_fw_cfg_dtb, tb_fw_node,
|
2018-03-26 15:16:46 +01:00
|
|
|
&disable_auth);
|
|
|
|
if (err < 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
if (disable_auth == 1)
|
|
|
|
dyn_disable_auth();
|
|
|
|
#endif
|
2018-01-15 14:45:33 +00:00
|
|
|
}
|
|
|
|
|
2018-01-15 14:43:42 +00:00
|
|
|
#endif /* LOAD_IMAGE_V2 */
|