From 6d01a463348b04af2afa3c00579ebc6ecd12eaf1 Mon Sep 17 00:00:00 2001 From: John Tsichritzis Date: Thu, 7 Jun 2018 16:31:34 +0100 Subject: [PATCH 1/5] Prepare Mbed TLS drivers for shared heap The Mbed TLS drivers, in order to work, need a heap for internal usage. This heap, instead of being directly referenced by the drivers, now it is being accessed indirectly through a pointer. Also, the heap, instead of being part of the drivers, now it is being received through the plat_get_mbedtls_heap() function. This function requests a heap from the current BL image which utilises the Mbed TLS drivers. Those changes create the opportunity for the Mbed TLS heap to be shared among different images, thus saving memory. A default heap implementation is provided but it can be overridden by a platform specific, optimised implemenetation. Change-Id: I286a1f10097a9cdcbcd312201eea576c18d157fa Signed-off-by: John Tsichritzis --- docs/porting-guide.rst | 26 +++++++++++++-- drivers/auth/mbedtls/mbedtls_common.c | 33 ++++++++++--------- include/drivers/auth/mbedtls/mbedtls_config.h | 14 +++++++- include/plat/common/platform.h | 1 + plat/common/plat_bl_common.c | 23 +++++++++++++ 5 files changed, 78 insertions(+), 19 deletions(-) diff --git a/docs/porting-guide.rst b/docs/porting-guide.rst index de7b5dba3..83fac2860 100644 --- a/docs/porting-guide.rst +++ b/docs/porting-guide.rst @@ -1055,7 +1055,7 @@ next image. This function is currently invoked in BL2 to flush this information to the next BL image, when LOAD\_IMAGE\_V2 is enabled. Function : plat\_log\_get\_prefix() -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :: @@ -1066,9 +1066,31 @@ This function defines the prefix string corresponding to the `log_level` to be prepended to all the log output from TF-A. The `log_level` (argument) will correspond to one of the standard log levels defined in debug.h. The platform can override the common implementation to define a different prefix string for -the log output. The implementation should be robust to future changes that +the log output. The implementation should be robust to future changes that increase the number of log levels. +Function : plat\_get\_mbedtls\_heap() +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +:: + + Arguments : void **heap_addr, size_t *heap_size + Return : int + +This function is invoked during Mbed TLS library initialisation to get +a heap, by means of a starting address and a size. This heap will then be used +internally by the Mbed TLS library. The heap is requested from the current +BL stage, i.e. the current BL image inside which Mbed TLS is used. + +The default implementation allocates a new heap every time Mbed TLS gets +initialised. This means that a new heap is statically allocated inside +every image (i.e. every BL stage) that utilises Mbed TLS. In the default +implementation, this function returns the address and size of this default +heap. However, by overriding the default implementation, platforms have the ability +to optimise memory usage. + +On success it returns 0 and a negative error code otherwise. + Modifications specific to a Boot Loader stage --------------------------------------------- diff --git a/drivers/auth/mbedtls/mbedtls_common.c b/drivers/auth/mbedtls/mbedtls_common.c index 7095fde33..dbf45baeb 100644 --- a/drivers/auth/mbedtls/mbedtls_common.c +++ b/drivers/auth/mbedtls/mbedtls_common.c @@ -4,26 +4,15 @@ * SPDX-License-Identifier: BSD-3-Clause */ +#include #include -#include -#include - /* mbed TLS headers */ #include #include -#include #include - -/* - * mbed TLS heap - */ -#if (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA) \ - || (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA) -#define MBEDTLS_HEAP_SIZE (13*1024) -#elif (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA) -#define MBEDTLS_HEAP_SIZE (7*1024) -#endif -static unsigned char heap[MBEDTLS_HEAP_SIZE]; +#include +#include +#include static void cleanup(void) { @@ -37,13 +26,25 @@ static void cleanup(void) void mbedtls_init(void) { static int ready; + void *heap_addr; + size_t heap_size = 0; + int err; if (!ready) { if (atexit(cleanup)) panic(); + err = plat_get_mbedtls_heap(&heap_addr, &heap_size); + + /* Ensure heap setup is proper */ + if (err < 0) { + ERROR("Mbed TLS failed to get a heap\n"); + panic(); + } + assert(heap_size >= TF_MBEDTLS_HEAP_SIZE); + /* Initialize the mbed TLS heap */ - mbedtls_memory_buffer_alloc_init(heap, MBEDTLS_HEAP_SIZE); + mbedtls_memory_buffer_alloc_init(heap_addr, heap_size); #ifdef MBEDTLS_PLATFORM_SNPRINTF_ALT mbedtls_platform_set_snprintf(snprintf); diff --git a/include/drivers/auth/mbedtls/mbedtls_config.h b/include/drivers/auth/mbedtls/mbedtls_config.h index f8f260808..59aeea992 100644 --- a/include/drivers/auth/mbedtls/mbedtls_config.h +++ b/include/drivers/auth/mbedtls/mbedtls_config.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -95,4 +95,16 @@ #include "mbedtls/check_config.h" #endif +/* + * Determine Mbed TLS heap size + * 13312 = 13*1024 + * 7168 = 7*1024 + */ +#if (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA) \ + || (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA) +#define TF_MBEDTLS_HEAP_SIZE U(13312) +#elif (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA) +#define TF_MBEDTLS_HEAP_SIZE U(7168) +#endif + #endif /* __MBEDTLS_CONFIG_H__ */ diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h index dae958957..e0297ae2e 100644 --- a/include/plat/common/platform.h +++ b/include/plat/common/platform.h @@ -103,6 +103,7 @@ void plat_panic_handler(void) __dead2; const char *plat_log_get_prefix(unsigned int log_level); void bl2_plat_preload_setup(void); int plat_try_next_boot_source(void); +int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size); /******************************************************************************* * Mandatory BL1 functions diff --git a/plat/common/plat_bl_common.c b/plat/common/plat_bl_common.c index b471a7e7b..95d73e3c9 100644 --- a/plat/common/plat_bl_common.c +++ b/plat/common/plat_bl_common.c @@ -9,6 +9,9 @@ #include #include #include +#if TRUSTED_BOARD_BOOT +#include +#endif #include /* @@ -21,6 +24,7 @@ #pragma weak bl2_plat_handle_pre_image_load #pragma weak bl2_plat_handle_post_image_load #pragma weak plat_try_next_boot_source +#pragma weak plat_get_mbedtls_heap void bl2_el3_plat_prepare_exit(void) { @@ -66,3 +70,22 @@ void bl2_early_platform_setup2(u_register_t arg0, u_register_t arg1, bl2_early_platform_setup((void *)arg1); } #endif + + +#if TRUSTED_BOARD_BOOT +/* + * The following default implementation of the function simply returns the + * by-default allocated heap. + */ +int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size) +{ + static unsigned char heap[TF_MBEDTLS_HEAP_SIZE]; + + assert(heap_addr != NULL); + assert(heap_size != NULL); + + *heap_addr = heap; + *heap_size = sizeof(heap); + return 0; +} +#endif /* TRUSTED_BOARD_BOOT */ From ba597da7fd23d34e8867342f1dfee7925991300c Mon Sep 17 00:00:00 2001 From: John Tsichritzis Date: Mon, 30 Jul 2018 13:41:52 +0100 Subject: [PATCH 2/5] Support shared Mbed TLS heap for FVP This patch introduces the shared Mbed TLS heap optimisation for Arm platforms. The objective is the Mbed TLS heap to be shared between BL1 and BL2 so as to not allocate the heap memory twice. To achieve that, the patch introduces all the necessary helpers for implementing this optimisation. It also applies it for FVP. Change-Id: I6d85eaa1361517b7490956b2ac50f5fa0d0bb008 Signed-off-by: John Tsichritzis --- docs/porting-guide.rst | 21 ++-- include/plat/arm/common/arm_def.h | 11 ++ include/plat/arm/common/arm_dyn_cfg_helpers.h | 7 +- include/plat/arm/common/plat_arm.h | 2 + plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts | 11 ++ plat/arm/board/fvp/fvp_common.c | 17 ++- plat/arm/common/arm_bl1_setup.c | 6 +- plat/arm/common/arm_dyn_cfg.c | 92 +++++++++++++++- plat/arm/common/arm_dyn_cfg_helpers.c | 101 ++++++++++++++++++ 9 files changed, 253 insertions(+), 15 deletions(-) diff --git a/docs/porting-guide.rst b/docs/porting-guide.rst index 83fac2860..84f4c9dfa 100644 --- a/docs/porting-guide.rst +++ b/docs/porting-guide.rst @@ -1075,21 +1075,22 @@ Function : plat\_get\_mbedtls\_heap() :: Arguments : void **heap_addr, size_t *heap_size - Return : int + Return : int This function is invoked during Mbed TLS library initialisation to get a heap, by means of a starting address and a size. This heap will then be used -internally by the Mbed TLS library. The heap is requested from the current -BL stage, i.e. the current BL image inside which Mbed TLS is used. +internally by the Mbed TLS library. The heap is requested from the current BL +stage, i.e. the current BL image inside which Mbed TLS is used. -The default implementation allocates a new heap every time Mbed TLS gets -initialised. This means that a new heap is statically allocated inside -every image (i.e. every BL stage) that utilises Mbed TLS. In the default -implementation, this function returns the address and size of this default -heap. However, by overriding the default implementation, platforms have the ability -to optimise memory usage. +In the default implementation a heap is statically allocated inside every image +(i.e. every BL stage) that utilises Mbed TLS. So, in this case, the function +simply returns the address and size of this "pre-allocated" heap. However, by +overriding the default implementation, platforms have the potential to optimise +memory usage. For example, on some Arm platforms, the Mbed TLS heap is shared +between BL1 and BL2 stages and, thus, the necessary space is not reserved +twice. -On success it returns 0 and a negative error code otherwise. +On success the function should return 0 and a negative error code otherwise. Modifications specific to a Boot Loader stage --------------------------------------------- diff --git a/include/plat/arm/common/arm_def.h b/include/plat/arm/common/arm_def.h index ea9d811c2..c4994173a 100644 --- a/include/plat/arm/common/arm_def.h +++ b/include/plat/arm/common/arm_def.h @@ -241,6 +241,17 @@ ARM_EL3_TZC_DRAM1_SIZE, \ MT_MEMORY | MT_RW | MT_SECURE) +/* + * Mapping for the BL1 RW region. This mapping is needed by BL2 in order to + * share the Mbed TLS heap. Since the heap is allocated inside BL1, it resides + * in the BL1 RW region. Hence, BL2 needs access to the BL1 RW region in order + * to be able to access the heap. + */ +#define ARM_MAP_BL1_RW MAP_REGION_FLAT( \ + BL1_RW_BASE, \ + BL1_RW_LIMIT - BL1_RW_BASE, \ + MT_MEMORY | MT_RW | MT_SECURE) + /* * If SEPARATE_CODE_AND_RODATA=1 we define a region for each section * otherwise one region is defined containing both. diff --git a/include/plat/arm/common/arm_dyn_cfg_helpers.h b/include/plat/arm/common/arm_dyn_cfg_helpers.h index 382ec6011..cb17c95f2 100644 --- a/include/plat/arm/common/arm_dyn_cfg_helpers.h +++ b/include/plat/arm/common/arm_dyn_cfg_helpers.h @@ -6,12 +6,17 @@ #ifndef __ARM_DYN_CFG_HELPERS_H__ #define __ARM_DYN_CFG_HELPERS_H__ +#include #include -/* Function declaration */ +/* Function declarations */ int arm_dyn_get_config_load_info(void *dtb, int node, unsigned int config_id, uint64_t *config_addr, uint32_t *config_size); int arm_dyn_tb_fw_cfg_init(void *dtb, int *node); int arm_dyn_get_disable_auth(void *dtb, int node, uint32_t *disable_auth); +int arm_get_dtb_mbedtls_heap_info(void *dtb, void **heap_addr, + size_t *heap_size); +int arm_set_dtb_mbedtls_heap_info(void *dtb, void *heap_addr, + size_t heap_size); #endif /* __ARM_DYN_CFG_HELPERS_H__ */ diff --git a/include/plat/arm/common/plat_arm.h b/include/plat/arm/common/plat_arm.h index 1af4dd1ac..0770c0ec5 100644 --- a/include/plat/arm/common/plat_arm.h +++ b/include/plat/arm/common/plat_arm.h @@ -223,6 +223,8 @@ int arm_io_is_toc_valid(void); void arm_load_tb_fw_config(void); void arm_bl2_set_tb_cfg_addr(void *dtb); void arm_bl2_dyn_cfg_init(void); +void arm_bl1_set_mbedtls_heap(void); +int arm_get_mbedtls_heap(void **heap_addr, size_t *heap_size); /* * Mandatory functions required in ARM standard platforms diff --git a/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts b/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts index 28299f65a..ce589385c 100644 --- a/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts +++ b/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts @@ -26,5 +26,16 @@ tos_fw_config_max_size = <0x200>; nt_fw_config_addr = <0x0 0x80000000>; nt_fw_config_max_size = <0x200>; + /* + * The following two entries are placeholders for Mbed TLS + * heap information. The default values don't matter since + * they will be overwritten by BL1. + * In case of having shared Mbed TLS heap between BL1 and BL2, + * BL1 will populate these two properties with the respective + * info about the shared heap. This info will be available for + * BL2 in order to locate and re-use the heap. + */ + mbedtls_heap_addr = <0x0 0x0>; + mbedtls_heap_size = <0x0>; }; }; diff --git a/plat/arm/board/fvp/fvp_common.c b/plat/arm/board/fvp/fvp_common.c index af258b060..1b0c764ff 100644 --- a/plat/arm/board/fvp/fvp_common.c +++ b/plat/arm/board/fvp/fvp_common.c @@ -15,6 +15,7 @@ #include #include #include +#include #include #include #include "../fvp_def.h" @@ -50,7 +51,6 @@ arm_config_t arm_config; DEVICE2_SIZE, \ MT_DEVICE | MT_RW | MT_SECURE) - /* * Table of memory regions for various BL stages to map using the MMU. * This doesn't include Trusted SRAM as arm_setup_page_tables() already @@ -92,7 +92,10 @@ const mmap_region_t plat_arm_mmap[] = { #if TRUSTED_BOARD_BOOT /* To access the Root of Trust Public Key registers. */ MAP_DEVICE2, -#endif +#if LOAD_IMAGE_V2 && !BL2_AT_EL3 + ARM_MAP_BL1_RW, +#endif /* LOAD_IMAGE_V2 && !BL2_AT_EL3 */ +#endif /* TRUSTED_BOARD_BOOT */ #if ENABLE_SPM ARM_SP_IMAGE_MMAP, #endif @@ -395,3 +398,13 @@ void fvp_interconnect_disable(void) } #endif } + +#if TRUSTED_BOARD_BOOT && LOAD_IMAGE_V2 +int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size) +{ + assert(heap_addr != NULL); + assert(heap_size != NULL); + + return arm_get_mbedtls_heap(heap_addr, heap_size); +} +#endif diff --git a/plat/arm/common/arm_bl1_setup.c b/plat/arm/common/arm_bl1_setup.c index d43555382..a4d2b44c1 100644 --- a/plat/arm/common/arm_bl1_setup.c +++ b/plat/arm/common/arm_bl1_setup.c @@ -149,7 +149,11 @@ void arm_bl1_platform_setup(void) plat_arm_io_setup(); #if LOAD_IMAGE_V2 arm_load_tb_fw_config(); -#endif +#if TRUSTED_BOARD_BOOT + /* Share the Mbed TLS heap info with other images */ + arm_bl1_set_mbedtls_heap(); +#endif /* TRUSTED_BOARD_BOOT */ +#endif /* LOAD_IMAGE_V2 */ /* * Allow access to the System counter timer module and program * counter frequency for non secure images during FWU diff --git a/plat/arm/common/arm_dyn_cfg.c b/plat/arm/common/arm_dyn_cfg.c index b9c73f0b0..f2570a84c 100644 --- a/plat/arm/common/arm_dyn_cfg.c +++ b/plat/arm/common/arm_dyn_cfg.c @@ -8,6 +8,9 @@ #include #include #include +#if TRUSTED_BOARD_BOOT +#include +#endif #include #include #include @@ -16,9 +19,94 @@ #if LOAD_IMAGE_V2 -/* Variable to store the address to TB_FW_CONFIG passed from BL1 */ +/* Variable to store the address of TB_FW_CONFIG file */ static void *tb_fw_cfg_dtb; + +#if TRUSTED_BOARD_BOOT + +static void *mbedtls_heap_addr; +static size_t mbedtls_heap_size; + +/* + * This function is the implementation of the shared Mbed TLS heap between + * BL1 and BL2 for Arm platforms. The shared heap address is passed from BL1 + * to BL2 with a pointer. This pointer resides inside the TB_FW_CONFIG file + * which is a DTB. + * + * This function is placed inside an #if directive for the below reasons: + * - To allocate space for the Mbed TLS heap --only if-- Trusted Board Boot + * is enabled. + * - This implementation requires the DTB to be present so that BL1 has a + * mechanism to pass the pointer to BL2. If LOAD_IMAGE_V2=0 then + * TB_FW_CONFIG is not present, which means that this implementation + * cannot be applied. + */ +int arm_get_mbedtls_heap(void **heap_addr, size_t *heap_size) +{ + assert(heap_addr != NULL); + assert(heap_size != NULL); + +#if defined(IMAGE_BL1) || BL2_AT_EL3 + + /* If in BL1 or BL2_AT_EL3 define a heap */ + static unsigned char heap[TF_MBEDTLS_HEAP_SIZE]; + + *heap_addr = heap; + *heap_size = sizeof(heap); + mbedtls_heap_addr = heap; + mbedtls_heap_size = sizeof(heap); + +#elif defined(IMAGE_BL2) + + int err; + + /* If in BL2, retrieve the already allocated heap's info from DTB */ + err = arm_get_dtb_mbedtls_heap_info(tb_fw_cfg_dtb, heap_addr, + heap_size); + if (err < 0) { + ERROR("BL2: unable to retrieve shared Mbed TLS heap " + "information from DTB\n"); + panic(); + } +#endif + + return 0; +} + +/* + * Puts the shared Mbed TLS heap information to the DTB. + * Executed only from BL1. + */ +void arm_bl1_set_mbedtls_heap(void) +{ + int err; + + /* + * If tb_fw_cfg_dtb==NULL then DTB is not present for the current + * platform. As such, we don't attempt to write to the DTB at all. + * + * If mbedtls_heap_addr==NULL, then it means we are using the default + * heap implementation. As such, BL2 will have its own heap for sure + * and hence there is no need to pass any information to the DTB. + * + * In the latter case, if we still wanted to write in the DTB the heap + * information, we would need to call plat_get_mbedtls_heap to retrieve + * the default heap's address and size. + */ + if ((tb_fw_cfg_dtb != NULL) && (mbedtls_heap_addr != NULL)) { + err = arm_set_dtb_mbedtls_heap_info(tb_fw_cfg_dtb, + mbedtls_heap_addr, mbedtls_heap_size); + if (err < 0) { + ERROR("BL1: unable to write shared Mbed TLS heap " + "information to DTB\n"); + panic(); + } + } +} + +#endif /* TRUSTED_BOARD_BOOT */ + /* * Helper function to load TB_FW_CONFIG and populate the load information to * arg0 of BL2 entrypoint info. @@ -45,7 +133,9 @@ void arm_load_tb_fw_config(void) return; } + /* At this point we know that a DTB is indeed available */ config_base = arm_tb_fw_info.image_info.image_base; + tb_fw_cfg_dtb = (void *)config_base; /* The BL2 ep_info arg0 is modified to point to TB_FW_CONFIG */ image_desc = bl1_plat_get_image_desc(BL2_IMAGE_ID); diff --git a/plat/arm/common/arm_dyn_cfg_helpers.c b/plat/arm/common/arm_dyn_cfg_helpers.c index 5a7e20ac8..e61090384 100644 --- a/plat/arm/common/arm_dyn_cfg_helpers.c +++ b/plat/arm/common/arm_dyn_cfg_helpers.c @@ -11,6 +11,8 @@ #include #include +#define DTB_PROP_MBEDTLS_HEAP_ADDR "mbedtls_heap_addr" +#define DTB_PROP_MBEDTLS_HEAP_SIZE "mbedtls_heap_size" typedef struct config_load_info_prop { unsigned int config_id; @@ -164,3 +166,102 @@ int arm_dyn_tb_fw_cfg_init(void *dtb, int *node) VERBOSE("Dyn cfg: Found \"arm,tb_fw\" in the config\n"); return 0; } + + +#if TRUSTED_BOARD_BOOT && LOAD_IMAGE_V2 +/* + * Reads and returns the Mbed TLS shared heap information from the DTB. + * This function is supposed to be called *only* when a DTB is present. + * This function is supposed to be called only by BL2. + * + * Returns: + * 0 = success + * -1 = error. In this case the values of heap_addr, heap_size should be + * considered as garbage by the caller. + */ +int arm_get_dtb_mbedtls_heap_info(void *dtb, void **heap_addr, + size_t *heap_size) +{ + int err, dtb_root; + + /* Verify the DTB is valid and get the root node */ + err = arm_dyn_tb_fw_cfg_init(dtb, &dtb_root); + if (err < 0) { + ERROR("%s: Invalid TB_FW_CONFIG. Cannot retrieve Mbed TLS " + "heap information from DTB\n", __func__); + return -1; + } + + /* Retrieve the Mbed TLS heap details from the DTB */ + err = fdtw_read_cells(dtb, dtb_root, + DTB_PROP_MBEDTLS_HEAP_ADDR, 2, heap_addr); + if (err < 0) { + ERROR("%s: error while reading %s from DTB\n", __func__, + DTB_PROP_MBEDTLS_HEAP_ADDR); + return -1; + } + err = fdtw_read_cells(dtb, dtb_root, + DTB_PROP_MBEDTLS_HEAP_SIZE, 1, heap_size); + if (err < 0) { + ERROR("%s: error while reading %s from DTB\n", __func__, + DTB_PROP_MBEDTLS_HEAP_SIZE); + return -1; + } + return 0; +} + + +/* + * This function writes the Mbed TLS heap address and size in the DTB. When it + * is called, it is guaranteed that a DTB is available. However it is not + * guaranteed that the shared Mbed TLS heap implementation is used. Thus we + * return error code from here and it's the responsibility of the caller to + * determine the action upon error. + * + * This function is supposed to be called only by BL1. + * + * Returns: + * 0 = success + * 1 = error + */ +int arm_set_dtb_mbedtls_heap_info(void *dtb, void *heap_addr, size_t heap_size) +{ + int err, dtb_root; + + /* + * Verify that the DTB is valid, before attempting to write to it, + * and get the DTB root node. + */ + err = arm_dyn_tb_fw_cfg_init(dtb, &dtb_root); + if (err < 0) { + ERROR("%s: Invalid TB_FW_CONFIG loaded. Unable to get " + "root node\n", __func__); + return -1; + } + + /* + * Write the heap address and size in the DTB. + * + * NOTE: The variables heap_addr and heap_size are corrupted + * by the "fdtw_write_inplace_cells" function. After the + * function calls they must NOT be reused. + */ + err = fdtw_write_inplace_cells(dtb, dtb_root, + DTB_PROP_MBEDTLS_HEAP_ADDR, 2, &heap_addr); + if (err < 0) { + ERROR("%s: unable to write DTB property %s\n", + __func__, DTB_PROP_MBEDTLS_HEAP_ADDR); + return -1; + } + + err = fdtw_write_inplace_cells(dtb, dtb_root, + DTB_PROP_MBEDTLS_HEAP_SIZE, 1, &heap_size); + if (err < 0) { + ERROR("%s: unable to write DTB property %s\n", + __func__, DTB_PROP_MBEDTLS_HEAP_SIZE); + return -1; + } + + return 0; +} +#endif /* TRUSTED_BOARD_BOOT && LOAD_IMAGE_V2 */ From 37574c5669fd10f164b24a365e6e369b85dc4de2 Mon Sep 17 00:00:00 2001 From: John Tsichritzis Date: Mon, 3 Sep 2018 15:06:44 +0100 Subject: [PATCH 3/5] Reduce BL2 size for FVP This patch reduces BL2 size by 12kB. Thanks to the shared Mbed TLS heap between BL1 and BL2, BL2 now requires less memory since it doesn't need to allocate a heap anymore. Change-Id: I58a15f8c424273650c9f55112abe88105b6cdbae Signed-off-by: John Tsichritzis --- include/plat/arm/board/common/board_arm_def.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/plat/arm/board/common/board_arm_def.h b/include/plat/arm/board/common/board_arm_def.h index a388ed9ac..86c85123e 100644 --- a/include/plat/arm/board/common/board_arm_def.h +++ b/include/plat/arm/board/common/board_arm_def.h @@ -102,7 +102,7 @@ * little space for growth. */ #if TRUSTED_BOARD_BOOT -# define PLAT_ARM_MAX_BL2_SIZE 0x1F000 +# define PLAT_ARM_MAX_BL2_SIZE 0x1C000 #else # define PLAT_ARM_MAX_BL2_SIZE 0x11000 #endif From 7cdb43470a1b97fdd5c0ed36c69ea6913b4f96b6 Mon Sep 17 00:00:00 2001 From: John Tsichritzis Date: Wed, 22 Aug 2018 12:36:37 +0100 Subject: [PATCH 4/5] Support shared Mbed TLS heap for SGI Change-Id: Iac454c745543842bfeed004aee7a3f4fb94d37e1 Signed-off-by: John Tsichritzis --- plat/arm/css/sgi/fdts/sgi575_tb_fw_config.dts | 11 +++++++++++ plat/arm/css/sgi/sgi_plat.c | 14 ++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/plat/arm/css/sgi/fdts/sgi575_tb_fw_config.dts b/plat/arm/css/sgi/fdts/sgi575_tb_fw_config.dts index 0bb0a94e3..315fa6999 100644 --- a/plat/arm/css/sgi/fdts/sgi575_tb_fw_config.dts +++ b/plat/arm/css/sgi/fdts/sgi575_tb_fw_config.dts @@ -11,4 +11,15 @@ compatible = "arm,tb_fw"; hw_config_addr = <0x0 0xFEF00000>; hw_config_max_size = <0x0100000>; + /* + * The following two entries are placeholders for Mbed TLS + * heap information. The default values don't matter since + * they will be overwritten by BL1. + * In case of having shared Mbed TLS heap between BL1 and BL2, + * BL1 will populate these two properties with the respective + * info about the shared heap. This info will be available for + * BL2 in order to locate and re-use the heap. + */ + mbedtls_heap_addr = <0x0 0x0>; + mbedtls_heap_size = <0x0>; }; diff --git a/plat/arm/css/sgi/sgi_plat.c b/plat/arm/css/sgi/sgi_plat.c index 6aa76efe0..0a7e319db 100644 --- a/plat/arm/css/sgi/sgi_plat.c +++ b/plat/arm/css/sgi/sgi_plat.c @@ -6,6 +6,7 @@ #include #include +#include #include #include #include @@ -63,6 +64,9 @@ const mmap_region_t plat_arm_mmap[] = { #endif #if ENABLE_SPM ARM_SP_IMAGE_MMAP, +#endif +#if TRUSTED_BOARD_BOOT && LOAD_IMAGE_V2 && !BL2_AT_EL3 + ARM_MAP_BL1_RW, #endif {0} }; @@ -143,3 +147,13 @@ const struct secure_partition_boot_info *plat_get_secure_partition_boot_info( return &plat_arm_secure_partition_boot_info; } #endif /* ENABLE_SPM && defined(IMAGE_BL31) */ + +#if TRUSTED_BOARD_BOOT && LOAD_IMAGE_V2 +int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size) +{ + assert(heap_addr != NULL); + assert(heap_size != NULL); + + return arm_get_mbedtls_heap(heap_addr, heap_size); +} +#endif From 2a579540a6fc2780035a8c759ca645564dfb2ddc Mon Sep 17 00:00:00 2001 From: John Tsichritzis Date: Wed, 22 Aug 2018 12:55:41 +0100 Subject: [PATCH 5/5] Support shared Mbed TLS heap for SGM Change-Id: Ibbfedb6601feff51dfb82c1d94850716c5a36d24 Signed-off-by: John Tsichritzis --- plat/arm/css/sgm/fdts/sgm_tb_fw_config.dts | 11 +++++++++++ plat/arm/css/sgm/sgm_mmap_config.c | 3 +++ plat/arm/css/sgm/sgm_plat_config.c | 10 ++++++++++ 3 files changed, 24 insertions(+) diff --git a/plat/arm/css/sgm/fdts/sgm_tb_fw_config.dts b/plat/arm/css/sgm/fdts/sgm_tb_fw_config.dts index 95025493b..d48101842 100644 --- a/plat/arm/css/sgm/fdts/sgm_tb_fw_config.dts +++ b/plat/arm/css/sgm/fdts/sgm_tb_fw_config.dts @@ -12,5 +12,16 @@ compatible = "arm,tb_fw"; hw_config_addr = <0x0 0x83000000>; hw_config_max_size = <0x01000000>; + /* + * The following two entries are placeholders for Mbed TLS + * heap information. The default values don't matter since + * they will be overwritten by BL1. + * In case of having shared Mbed TLS heap between BL1 and BL2, + * BL1 will populate these two properties with the respective + * info about the shared heap. This info will be available for + * BL2 in order to locate and re-use the heap. + */ + mbedtls_heap_addr = <0x0 0x0>; + mbedtls_heap_size = <0x0>; }; }; diff --git a/plat/arm/css/sgm/sgm_mmap_config.c b/plat/arm/css/sgm/sgm_mmap_config.c index 009ee6403..8a4a8ab03 100644 --- a/plat/arm/css/sgm/sgm_mmap_config.c +++ b/plat/arm/css/sgm/sgm_mmap_config.c @@ -42,6 +42,9 @@ const mmap_region_t plat_arm_mmap[] = { ARM_MAP_TSP_SEC_MEM, #ifdef SPD_opteed ARM_OPTEE_PAGEABLE_LOAD_MEM, +#endif +#if TRUSTED_BOARD_BOOT && LOAD_IMAGE_V2 && !BL2_AT_EL3 + ARM_MAP_BL1_RW, #endif {0} }; diff --git a/plat/arm/css/sgm/sgm_plat_config.c b/plat/arm/css/sgm/sgm_plat_config.c index 809edf68e..97b16a8f8 100644 --- a/plat/arm/css/sgm/sgm_plat_config.c +++ b/plat/arm/css/sgm/sgm_plat_config.c @@ -67,3 +67,13 @@ css_plat_config_t *get_plat_config(void) assert(css_plat_info != NULL); return css_plat_info; } + +#if TRUSTED_BOARD_BOOT && LOAD_IMAGE_V2 +int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size) +{ + assert(heap_addr != NULL); + assert(heap_size != NULL); + + return arm_get_mbedtls_heap(heap_addr, heap_size); +} +#endif