Merge "SPMD: generate and add Secure Partition blobs into FIP" into integration
This commit is contained in:
commit
7390559bee
26
Makefile
26
Makefile
|
@ -701,6 +701,7 @@ FIPTOOL ?= ${FIPTOOLPATH}/fiptool${BIN_EXT}
|
|||
# Variables for use with sptool
|
||||
SPTOOLPATH ?= tools/sptool
|
||||
SPTOOL ?= ${SPTOOLPATH}/sptool${BIN_EXT}
|
||||
SP_MK_GEN ?= ${SPTOOLPATH}/sp_mk_generator.py
|
||||
|
||||
# Variables for use with ROMLIB
|
||||
ROMLIBPATH ?= lib/romlib
|
||||
|
@ -889,11 +890,22 @@ ifneq ($(findstring armlink,$(notdir $(LD))),)
|
|||
$(eval $(call add_define,USE_ARM_LINK))
|
||||
endif
|
||||
|
||||
# Generate and include sp_gen.mk if SPD is spmd and SP_LAYOUT_FILE is defined
|
||||
ifdef SP_LAYOUT_FILE
|
||||
ifeq (${SPD},spmd)
|
||||
-include $(BUILD_PLAT)/sp_gen.mk
|
||||
FIP_DEPS += sp
|
||||
NEED_SP_PKG := yes
|
||||
else
|
||||
$(error "SP_LAYOUT_FILE will be used only if SPD=spmd")
|
||||
endif
|
||||
endif
|
||||
|
||||
################################################################################
|
||||
# Build targets
|
||||
################################################################################
|
||||
|
||||
.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip fwu_fip certtool dtbs memmap doc
|
||||
.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip sp fwu_fip certtool dtbs memmap doc
|
||||
.SUFFIXES:
|
||||
|
||||
all: msg_start
|
||||
|
@ -971,6 +983,17 @@ ifeq (${NEED_FDT},yes)
|
|||
$(eval $(call MAKE_DTBS,$(BUILD_PLAT)/fdts,$(FDT_SOURCES)))
|
||||
endif
|
||||
|
||||
# Add Secure Partition packages
|
||||
ifeq (${NEED_SP_PKG},yes)
|
||||
$(BUILD_PLAT)/sp_gen.mk: ${SP_MK_GEN} ${SP_LAYOUT_FILE} | ${BUILD_PLAT}
|
||||
${Q}${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT)
|
||||
sp: $(SPTOOL) $(DTBS) $(BUILD_PLAT)/sp_gen.mk
|
||||
${Q}$(SPTOOL) $(SPTOOL_ARGS)
|
||||
@${ECHO_BLANK_LINE}
|
||||
@echo "Built SP Images successfully"
|
||||
@${ECHO_BLANK_LINE}
|
||||
endif
|
||||
|
||||
locate-checkpatch:
|
||||
ifndef CHECKPATCH
|
||||
$(error "Please set CHECKPATCH to point to the Linux checkpatch.pl file, eg: CHECKPATCH=../linux/scripts/checkpatch.pl")
|
||||
|
@ -1132,6 +1155,7 @@ help:
|
|||
@echo " distclean Remove all build artifacts for all platforms"
|
||||
@echo " certtool Build the Certificate generation tool"
|
||||
@echo " fiptool Build the Firmware Image Package (FIP) creation tool"
|
||||
@echo " sp Build the Secure Partition Packages"
|
||||
@echo " sptool Build the Secure Partition Package creation tool"
|
||||
@echo " dtbs Build the Device Tree Blobs (if required for the platform)"
|
||||
@echo " memmap Print the memory map of the built binaries"
|
||||
|
|
|
@ -522,6 +522,11 @@ Common build options
|
|||
- ``SPM_MM`` : Boolean option to enable the Management Mode (MM)-based Secure
|
||||
Partition Manager (SPM) implementation. The default value is ``0``.
|
||||
|
||||
- ``SP_LAYOUT_FILE``: Platform provided path to JSON file containing the
|
||||
description of secure partitions. Build system will parse this file and
|
||||
package all secure partition blobs in FIP. This file not necessarily be
|
||||
part of TF-A tree. Only avaialbe when ``SPD=spmd``.
|
||||
|
||||
- ``SP_MIN_WITH_SECURE_FIQ``: Boolean flag to indicate the SP_MIN handles
|
||||
secure interrupts (caught through the FIQ line). Platforms can enable
|
||||
this directive if they need to handle such interruption. When enabled,
|
||||
|
|
|
@ -0,0 +1,100 @@
|
|||
#!/usr/bin/python3
|
||||
# Copyright (c) 2020, Arm Limited. All rights reserved.
|
||||
#
|
||||
# SPDX-License-Identifier: BSD-3-Clause
|
||||
|
||||
"""
|
||||
This script is invoked by Make system and generates secure partition makefile.
|
||||
It expects platform provided secure partition layout file which contains list
|
||||
of Secure Partition Images and Partition manifests(PM).
|
||||
Layout file can exist outside of TF-A tree and the paths of Image and PM files
|
||||
must be relative to it.
|
||||
|
||||
This script parses the layout file and generates a make file which updates
|
||||
FDT_SOURCES, FIP_ARGS and SPTOOL_ARGS which are used in later build steps.
|
||||
This script also gets SP "uuid" from parsing its PM and converting it to a
|
||||
standard format.
|
||||
|
||||
param1: Generated mk file "sp_gen.mk"
|
||||
param2: "SP_LAYOUT_FILE", json file containing platform provided information
|
||||
param3: plat out directory
|
||||
|
||||
Generated "sp_gen.mk" file contains triplet of following information for each
|
||||
Secure Partition entry
|
||||
FDT_SOURCES += sp1.dts
|
||||
SPTOOL_ARGS += -i sp1.bin:sp1.dtb -o sp1.pkg
|
||||
FIP_ARGS += --blob uuid=XXXXX-XXX...,file=sp1.pkg
|
||||
|
||||
A typical SP_LAYOUT_FILE file will look like
|
||||
{
|
||||
"SP1" : {
|
||||
"image": "sp1.bin",
|
||||
"pm": "test/sp1.dts"
|
||||
},
|
||||
|
||||
"SP2" : {
|
||||
"image": "sp2.bin",
|
||||
"pm": "test/sp2.dts"
|
||||
}
|
||||
|
||||
...
|
||||
}
|
||||
|
||||
"""
|
||||
|
||||
import getopt
|
||||
import json
|
||||
import os
|
||||
import re
|
||||
import sys
|
||||
import uuid
|
||||
|
||||
with open(sys.argv[2],'r') as in_file:
|
||||
data = json.load(in_file)
|
||||
json_file = os.path.abspath(sys.argv[2])
|
||||
json_dir = os.path.dirname(json_file)
|
||||
gen_file = sys.argv[1]
|
||||
out_dir = sys.argv[3][2:]
|
||||
dtb_dir = out_dir + "/fdts/"
|
||||
print(dtb_dir)
|
||||
|
||||
with open(gen_file, 'w') as out_file:
|
||||
for key in data.keys():
|
||||
|
||||
"""
|
||||
Append FDT_SOURCES
|
||||
"""
|
||||
dts = os.path.join(json_dir, data[key]['pm'])
|
||||
dtb = dtb_dir + os.path.basename(data[key]['pm'][:-1] + "b")
|
||||
out_file.write("FDT_SOURCES += " + dts + "\n")
|
||||
|
||||
"""
|
||||
Update SPTOOL_ARGS
|
||||
"""
|
||||
dst = out_dir + "/" + key + ".pkg"
|
||||
src = [ json_dir + "/" + data[key]['image'] , dtb ]
|
||||
out_file.write("SPTOOL_ARGS += -i " + ":".join(src) + " -o " + dst + "\n")
|
||||
|
||||
"""
|
||||
Extract uuid from partition manifest
|
||||
"""
|
||||
pm_file = open(dts)
|
||||
key = "uuid"
|
||||
|
||||
for line in pm_file:
|
||||
if key in line:
|
||||
uuid_hex = re.findall(r'\<(.+?)\>', line)[0];
|
||||
|
||||
# PM has uuid in format 0xABC... 0x... 0x... 0x...
|
||||
# Get rid of '0x' and spaces and convert to string of hex digits
|
||||
uuid_hex = uuid_hex.replace('0x','').replace(' ','')
|
||||
# make UUID from a string of hex digits
|
||||
uuid_std = uuid.UUID(uuid_hex)
|
||||
# convert UUID to a string of hex digits in standard form
|
||||
uuid_std = str(uuid_std)
|
||||
|
||||
"""
|
||||
Append FIP_ARGS
|
||||
"""
|
||||
out_file.write("FIP_ARGS += --blob uuid=" + uuid_std + ",file=" + dst + "\n")
|
||||
out_file.write("\n")
|
Loading…
Reference in New Issue