Merge "SPMD: generate and add Secure Partition blobs into FIP" into integration
This commit is contained in:
commit
7390559bee
26
Makefile
26
Makefile
|
@ -701,6 +701,7 @@ FIPTOOL ?= ${FIPTOOLPATH}/fiptool${BIN_EXT}
|
||||||
# Variables for use with sptool
|
# Variables for use with sptool
|
||||||
SPTOOLPATH ?= tools/sptool
|
SPTOOLPATH ?= tools/sptool
|
||||||
SPTOOL ?= ${SPTOOLPATH}/sptool${BIN_EXT}
|
SPTOOL ?= ${SPTOOLPATH}/sptool${BIN_EXT}
|
||||||
|
SP_MK_GEN ?= ${SPTOOLPATH}/sp_mk_generator.py
|
||||||
|
|
||||||
# Variables for use with ROMLIB
|
# Variables for use with ROMLIB
|
||||||
ROMLIBPATH ?= lib/romlib
|
ROMLIBPATH ?= lib/romlib
|
||||||
|
@ -889,11 +890,22 @@ ifneq ($(findstring armlink,$(notdir $(LD))),)
|
||||||
$(eval $(call add_define,USE_ARM_LINK))
|
$(eval $(call add_define,USE_ARM_LINK))
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
# Generate and include sp_gen.mk if SPD is spmd and SP_LAYOUT_FILE is defined
|
||||||
|
ifdef SP_LAYOUT_FILE
|
||||||
|
ifeq (${SPD},spmd)
|
||||||
|
-include $(BUILD_PLAT)/sp_gen.mk
|
||||||
|
FIP_DEPS += sp
|
||||||
|
NEED_SP_PKG := yes
|
||||||
|
else
|
||||||
|
$(error "SP_LAYOUT_FILE will be used only if SPD=spmd")
|
||||||
|
endif
|
||||||
|
endif
|
||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
# Build targets
|
# Build targets
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
||||||
.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip fwu_fip certtool dtbs memmap doc
|
.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip sp fwu_fip certtool dtbs memmap doc
|
||||||
.SUFFIXES:
|
.SUFFIXES:
|
||||||
|
|
||||||
all: msg_start
|
all: msg_start
|
||||||
|
@ -971,6 +983,17 @@ ifeq (${NEED_FDT},yes)
|
||||||
$(eval $(call MAKE_DTBS,$(BUILD_PLAT)/fdts,$(FDT_SOURCES)))
|
$(eval $(call MAKE_DTBS,$(BUILD_PLAT)/fdts,$(FDT_SOURCES)))
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
# Add Secure Partition packages
|
||||||
|
ifeq (${NEED_SP_PKG},yes)
|
||||||
|
$(BUILD_PLAT)/sp_gen.mk: ${SP_MK_GEN} ${SP_LAYOUT_FILE} | ${BUILD_PLAT}
|
||||||
|
${Q}${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT)
|
||||||
|
sp: $(SPTOOL) $(DTBS) $(BUILD_PLAT)/sp_gen.mk
|
||||||
|
${Q}$(SPTOOL) $(SPTOOL_ARGS)
|
||||||
|
@${ECHO_BLANK_LINE}
|
||||||
|
@echo "Built SP Images successfully"
|
||||||
|
@${ECHO_BLANK_LINE}
|
||||||
|
endif
|
||||||
|
|
||||||
locate-checkpatch:
|
locate-checkpatch:
|
||||||
ifndef CHECKPATCH
|
ifndef CHECKPATCH
|
||||||
$(error "Please set CHECKPATCH to point to the Linux checkpatch.pl file, eg: CHECKPATCH=../linux/scripts/checkpatch.pl")
|
$(error "Please set CHECKPATCH to point to the Linux checkpatch.pl file, eg: CHECKPATCH=../linux/scripts/checkpatch.pl")
|
||||||
|
@ -1132,6 +1155,7 @@ help:
|
||||||
@echo " distclean Remove all build artifacts for all platforms"
|
@echo " distclean Remove all build artifacts for all platforms"
|
||||||
@echo " certtool Build the Certificate generation tool"
|
@echo " certtool Build the Certificate generation tool"
|
||||||
@echo " fiptool Build the Firmware Image Package (FIP) creation tool"
|
@echo " fiptool Build the Firmware Image Package (FIP) creation tool"
|
||||||
|
@echo " sp Build the Secure Partition Packages"
|
||||||
@echo " sptool Build the Secure Partition Package creation tool"
|
@echo " sptool Build the Secure Partition Package creation tool"
|
||||||
@echo " dtbs Build the Device Tree Blobs (if required for the platform)"
|
@echo " dtbs Build the Device Tree Blobs (if required for the platform)"
|
||||||
@echo " memmap Print the memory map of the built binaries"
|
@echo " memmap Print the memory map of the built binaries"
|
||||||
|
|
|
@ -522,6 +522,11 @@ Common build options
|
||||||
- ``SPM_MM`` : Boolean option to enable the Management Mode (MM)-based Secure
|
- ``SPM_MM`` : Boolean option to enable the Management Mode (MM)-based Secure
|
||||||
Partition Manager (SPM) implementation. The default value is ``0``.
|
Partition Manager (SPM) implementation. The default value is ``0``.
|
||||||
|
|
||||||
|
- ``SP_LAYOUT_FILE``: Platform provided path to JSON file containing the
|
||||||
|
description of secure partitions. Build system will parse this file and
|
||||||
|
package all secure partition blobs in FIP. This file not necessarily be
|
||||||
|
part of TF-A tree. Only avaialbe when ``SPD=spmd``.
|
||||||
|
|
||||||
- ``SP_MIN_WITH_SECURE_FIQ``: Boolean flag to indicate the SP_MIN handles
|
- ``SP_MIN_WITH_SECURE_FIQ``: Boolean flag to indicate the SP_MIN handles
|
||||||
secure interrupts (caught through the FIQ line). Platforms can enable
|
secure interrupts (caught through the FIQ line). Platforms can enable
|
||||||
this directive if they need to handle such interruption. When enabled,
|
this directive if they need to handle such interruption. When enabled,
|
||||||
|
|
|
@ -0,0 +1,100 @@
|
||||||
|
#!/usr/bin/python3
|
||||||
|
# Copyright (c) 2020, Arm Limited. All rights reserved.
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: BSD-3-Clause
|
||||||
|
|
||||||
|
"""
|
||||||
|
This script is invoked by Make system and generates secure partition makefile.
|
||||||
|
It expects platform provided secure partition layout file which contains list
|
||||||
|
of Secure Partition Images and Partition manifests(PM).
|
||||||
|
Layout file can exist outside of TF-A tree and the paths of Image and PM files
|
||||||
|
must be relative to it.
|
||||||
|
|
||||||
|
This script parses the layout file and generates a make file which updates
|
||||||
|
FDT_SOURCES, FIP_ARGS and SPTOOL_ARGS which are used in later build steps.
|
||||||
|
This script also gets SP "uuid" from parsing its PM and converting it to a
|
||||||
|
standard format.
|
||||||
|
|
||||||
|
param1: Generated mk file "sp_gen.mk"
|
||||||
|
param2: "SP_LAYOUT_FILE", json file containing platform provided information
|
||||||
|
param3: plat out directory
|
||||||
|
|
||||||
|
Generated "sp_gen.mk" file contains triplet of following information for each
|
||||||
|
Secure Partition entry
|
||||||
|
FDT_SOURCES += sp1.dts
|
||||||
|
SPTOOL_ARGS += -i sp1.bin:sp1.dtb -o sp1.pkg
|
||||||
|
FIP_ARGS += --blob uuid=XXXXX-XXX...,file=sp1.pkg
|
||||||
|
|
||||||
|
A typical SP_LAYOUT_FILE file will look like
|
||||||
|
{
|
||||||
|
"SP1" : {
|
||||||
|
"image": "sp1.bin",
|
||||||
|
"pm": "test/sp1.dts"
|
||||||
|
},
|
||||||
|
|
||||||
|
"SP2" : {
|
||||||
|
"image": "sp2.bin",
|
||||||
|
"pm": "test/sp2.dts"
|
||||||
|
}
|
||||||
|
|
||||||
|
...
|
||||||
|
}
|
||||||
|
|
||||||
|
"""
|
||||||
|
|
||||||
|
import getopt
|
||||||
|
import json
|
||||||
|
import os
|
||||||
|
import re
|
||||||
|
import sys
|
||||||
|
import uuid
|
||||||
|
|
||||||
|
with open(sys.argv[2],'r') as in_file:
|
||||||
|
data = json.load(in_file)
|
||||||
|
json_file = os.path.abspath(sys.argv[2])
|
||||||
|
json_dir = os.path.dirname(json_file)
|
||||||
|
gen_file = sys.argv[1]
|
||||||
|
out_dir = sys.argv[3][2:]
|
||||||
|
dtb_dir = out_dir + "/fdts/"
|
||||||
|
print(dtb_dir)
|
||||||
|
|
||||||
|
with open(gen_file, 'w') as out_file:
|
||||||
|
for key in data.keys():
|
||||||
|
|
||||||
|
"""
|
||||||
|
Append FDT_SOURCES
|
||||||
|
"""
|
||||||
|
dts = os.path.join(json_dir, data[key]['pm'])
|
||||||
|
dtb = dtb_dir + os.path.basename(data[key]['pm'][:-1] + "b")
|
||||||
|
out_file.write("FDT_SOURCES += " + dts + "\n")
|
||||||
|
|
||||||
|
"""
|
||||||
|
Update SPTOOL_ARGS
|
||||||
|
"""
|
||||||
|
dst = out_dir + "/" + key + ".pkg"
|
||||||
|
src = [ json_dir + "/" + data[key]['image'] , dtb ]
|
||||||
|
out_file.write("SPTOOL_ARGS += -i " + ":".join(src) + " -o " + dst + "\n")
|
||||||
|
|
||||||
|
"""
|
||||||
|
Extract uuid from partition manifest
|
||||||
|
"""
|
||||||
|
pm_file = open(dts)
|
||||||
|
key = "uuid"
|
||||||
|
|
||||||
|
for line in pm_file:
|
||||||
|
if key in line:
|
||||||
|
uuid_hex = re.findall(r'\<(.+?)\>', line)[0];
|
||||||
|
|
||||||
|
# PM has uuid in format 0xABC... 0x... 0x... 0x...
|
||||||
|
# Get rid of '0x' and spaces and convert to string of hex digits
|
||||||
|
uuid_hex = uuid_hex.replace('0x','').replace(' ','')
|
||||||
|
# make UUID from a string of hex digits
|
||||||
|
uuid_std = uuid.UUID(uuid_hex)
|
||||||
|
# convert UUID to a string of hex digits in standard form
|
||||||
|
uuid_std = str(uuid_std)
|
||||||
|
|
||||||
|
"""
|
||||||
|
Append FIP_ARGS
|
||||||
|
"""
|
||||||
|
out_file.write("FIP_ARGS += --blob uuid=" + uuid_std + ",file=" + dst + "\n")
|
||||||
|
out_file.write("\n")
|
Loading…
Reference in New Issue