From ce2b1ec6f0da35e20424c0a886d3d24dfded7189 Mon Sep 17 00:00:00 2001 From: Manish Pandey Date: Tue, 14 Jan 2020 11:52:05 +0000 Subject: [PATCH] SPMD: generate and add Secure Partition blobs into FIP Till now TF-A allows limited number of external images to be made part of FIP. With SPM coming along, there may exist multiple SP packages which need to be inserted into FIP. To achieve this we need a more scalable approach to feed SP packages to FIP. This patch introduces changes in build system to generate and add SP packages into FIP based on information provided by platform. Platform provides information in form of JSON which contains layout description of available Secure Partitions. JSON parser script is invoked by build system early on and generates a makefile which updates FIP, SPTOOL and FDT arguments which will be used by build system later on for final packaging. "SP_LAYOUT_FILE" passed as a build argument and can be outside of TF-A tree. This option will be used only when SPD=spmd. For each SP, generated makefile will have following entries - FDT_SOURCES += sp1.dts - SPTOOL_ARGS += -i sp1.img:sp1.dtb -o sp1.pkg - FIP_ARGS += --blob uuid=XXXX-XXX...,file=SP1.pkg Signed-off-by: Manish Pandey Change-Id: Ib6a9c064400caa3cd825d9886008a3af67741af7 --- Makefile | 26 ++++++- docs/getting_started/build-options.rst | 5 ++ tools/sptool/sp_mk_generator.py | 100 +++++++++++++++++++++++++ 3 files changed, 130 insertions(+), 1 deletion(-) create mode 100755 tools/sptool/sp_mk_generator.py diff --git a/Makefile b/Makefile index 547b5843f..11b0753c4 100644 --- a/Makefile +++ b/Makefile @@ -701,6 +701,7 @@ FIPTOOL ?= ${FIPTOOLPATH}/fiptool${BIN_EXT} # Variables for use with sptool SPTOOLPATH ?= tools/sptool SPTOOL ?= ${SPTOOLPATH}/sptool${BIN_EXT} +SP_MK_GEN ?= ${SPTOOLPATH}/sp_mk_generator.py # Variables for use with ROMLIB ROMLIBPATH ?= lib/romlib @@ -889,11 +890,22 @@ ifneq ($(findstring armlink,$(notdir $(LD))),) $(eval $(call add_define,USE_ARM_LINK)) endif +# Generate and include sp_gen.mk if SPD is spmd and SP_LAYOUT_FILE is defined +ifdef SP_LAYOUT_FILE +ifeq (${SPD},spmd) + -include $(BUILD_PLAT)/sp_gen.mk + FIP_DEPS += sp + NEED_SP_PKG := yes +else + $(error "SP_LAYOUT_FILE will be used only if SPD=spmd") +endif +endif + ################################################################################ # Build targets ################################################################################ -.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip fwu_fip certtool dtbs memmap doc +.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip sp fwu_fip certtool dtbs memmap doc .SUFFIXES: all: msg_start @@ -971,6 +983,17 @@ ifeq (${NEED_FDT},yes) $(eval $(call MAKE_DTBS,$(BUILD_PLAT)/fdts,$(FDT_SOURCES))) endif +# Add Secure Partition packages +ifeq (${NEED_SP_PKG},yes) +$(BUILD_PLAT)/sp_gen.mk: ${SP_MK_GEN} ${SP_LAYOUT_FILE} | ${BUILD_PLAT} + ${Q}${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT) +sp: $(SPTOOL) $(DTBS) $(BUILD_PLAT)/sp_gen.mk + ${Q}$(SPTOOL) $(SPTOOL_ARGS) + @${ECHO_BLANK_LINE} + @echo "Built SP Images successfully" + @${ECHO_BLANK_LINE} +endif + locate-checkpatch: ifndef CHECKPATCH $(error "Please set CHECKPATCH to point to the Linux checkpatch.pl file, eg: CHECKPATCH=../linux/scripts/checkpatch.pl") @@ -1132,6 +1155,7 @@ help: @echo " distclean Remove all build artifacts for all platforms" @echo " certtool Build the Certificate generation tool" @echo " fiptool Build the Firmware Image Package (FIP) creation tool" + @echo " sp Build the Secure Partition Packages" @echo " sptool Build the Secure Partition Package creation tool" @echo " dtbs Build the Device Tree Blobs (if required for the platform)" @echo " memmap Print the memory map of the built binaries" diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst index 8854a7989..7ee34c985 100644 --- a/docs/getting_started/build-options.rst +++ b/docs/getting_started/build-options.rst @@ -522,6 +522,11 @@ Common build options - ``SPM_MM`` : Boolean option to enable the Management Mode (MM)-based Secure Partition Manager (SPM) implementation. The default value is ``0``. +- ``SP_LAYOUT_FILE``: Platform provided path to JSON file containing the + description of secure partitions. Build system will parse this file and + package all secure partition blobs in FIP. This file not necessarily be + part of TF-A tree. Only avaialbe when ``SPD=spmd``. + - ``SP_MIN_WITH_SECURE_FIQ``: Boolean flag to indicate the SP_MIN handles secure interrupts (caught through the FIQ line). Platforms can enable this directive if they need to handle such interruption. When enabled, diff --git a/tools/sptool/sp_mk_generator.py b/tools/sptool/sp_mk_generator.py new file mode 100755 index 000000000..6b6fa1914 --- /dev/null +++ b/tools/sptool/sp_mk_generator.py @@ -0,0 +1,100 @@ +#!/usr/bin/python3 +# Copyright (c) 2020, Arm Limited. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause + +""" +This script is invoked by Make system and generates secure partition makefile. +It expects platform provided secure partition layout file which contains list +of Secure Partition Images and Partition manifests(PM). +Layout file can exist outside of TF-A tree and the paths of Image and PM files +must be relative to it. + +This script parses the layout file and generates a make file which updates +FDT_SOURCES, FIP_ARGS and SPTOOL_ARGS which are used in later build steps. +This script also gets SP "uuid" from parsing its PM and converting it to a +standard format. + +param1: Generated mk file "sp_gen.mk" +param2: "SP_LAYOUT_FILE", json file containing platform provided information +param3: plat out directory + +Generated "sp_gen.mk" file contains triplet of following information for each +Secure Partition entry + FDT_SOURCES += sp1.dts + SPTOOL_ARGS += -i sp1.bin:sp1.dtb -o sp1.pkg + FIP_ARGS += --blob uuid=XXXXX-XXX...,file=sp1.pkg + +A typical SP_LAYOUT_FILE file will look like +{ + "SP1" : { + "image": "sp1.bin", + "pm": "test/sp1.dts" + }, + + "SP2" : { + "image": "sp2.bin", + "pm": "test/sp2.dts" + } + + ... +} + +""" + +import getopt +import json +import os +import re +import sys +import uuid + +with open(sys.argv[2],'r') as in_file: + data = json.load(in_file) +json_file = os.path.abspath(sys.argv[2]) +json_dir = os.path.dirname(json_file) +gen_file = sys.argv[1] +out_dir = sys.argv[3][2:] +dtb_dir = out_dir + "/fdts/" +print(dtb_dir) + +with open(gen_file, 'w') as out_file: + for key in data.keys(): + + """ + Append FDT_SOURCES + """ + dts = os.path.join(json_dir, data[key]['pm']) + dtb = dtb_dir + os.path.basename(data[key]['pm'][:-1] + "b") + out_file.write("FDT_SOURCES += " + dts + "\n") + + """ + Update SPTOOL_ARGS + """ + dst = out_dir + "/" + key + ".pkg" + src = [ json_dir + "/" + data[key]['image'] , dtb ] + out_file.write("SPTOOL_ARGS += -i " + ":".join(src) + " -o " + dst + "\n") + + """ + Extract uuid from partition manifest + """ + pm_file = open(dts) + key = "uuid" + + for line in pm_file: + if key in line: + uuid_hex = re.findall(r'\<(.+?)\>', line)[0]; + + # PM has uuid in format 0xABC... 0x... 0x... 0x... + # Get rid of '0x' and spaces and convert to string of hex digits + uuid_hex = uuid_hex.replace('0x','').replace(' ','') + # make UUID from a string of hex digits + uuid_std = uuid.UUID(uuid_hex) + # convert UUID to a string of hex digits in standard form + uuid_std = str(uuid_std) + + """ + Append FIP_ARGS + """ + out_file.write("FIP_ARGS += --blob uuid=" + uuid_std + ",file=" + dst + "\n") + out_file.write("\n")