andrius
/
arm-trusted-firmware
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #453 from yatharth-arm/yk/fwu-6 

Firmware Update patch stack
This commit is contained in:
danh-arm 2015-12-09 19:02:43 +00:00
parent 0e288c928d 0191262d23
commit ab5a53ef0f
64 changed files with 3039 additions and 520 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
Makefile
View File

@ -76,6 +76,8 @@ USE_COHERENT_MEM := 1
PSCI_EXTENDED_STATE_ID := 0
# Default FIP file name
FIP_NAME := fip.bin
# Default FWU_FIP file name
FWU_FIP_NAME := fwu_fip.bin
# By default, use the -pedantic option in the gcc command line
DISABLE_PEDANTIC := 0
# Flags to generate the Chain of Trust
@ -150,6 +152,7 @@ VERSION_STRING := v${VERSION_MAJOR}.${VERSION_MINOR}(${BUILD_TYPE}):${BUILD_STR
# target 'certificates' to create them all
ifneq (${GENERATE_COT},0)
FIP_DEPS += certificates
FWU_FIP_DEPS += fwu_certificates
endif
@ -195,7 +198,8 @@ BL_COMMON_SOURCES += common/bl_common.c \
lib/stdlib/std.c \
plat/common/aarch64/platform_helpers.S
INCLUDES += -Iinclude/bl31 \
INCLUDES += -Iinclude/bl1 \
-Iinclude/bl31 \
-Iinclude/bl31/services \
-Iinclude/common \
-Iinclude/drivers \
@ -320,8 +324,10 @@ ifneq (${GENERATE_COT},0)
# Common cert_create options
ifneq (${CREATE_KEYS},0)
$(eval CRT_ARGS += -n)
$(eval FWU_CRT_ARGS += -n)
ifneq (${SAVE_KEYS},0)
$(eval CRT_ARGS += -k)
$(eval FWU_CRT_ARGS += -k)
endif
endif
# Include TBBR makefile (unless the platform indicates otherwise)
@ -409,6 +415,11 @@ NEED_BL2 := yes
include bl2/bl2.mk
endif
ifdef BL2U_SOURCES
NEED_BL2U := yes
include bl2u/bl2u.mk
endif
ifdef BL31_SOURCES
# When booting an EL3 payload, there is no need to compile the BL31 image nor
# put it in the FIP.
@ -423,7 +434,7 @@ endif
# Build targets
################################################################################
.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool fip certtool
.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool fip fwu_fip certtool
.SUFFIXES:
all: msg_start
@ -466,6 +477,12 @@ ifeq (${NEED_BL33},yes)
$(eval $(call FIP_ADD_IMG,BL33,--bl33))
endif
ifeq (${NEED_BL2U},yes)
BL2U_PATH := $(if ${BL2U},${BL2U},$(call IMG_BIN,2u))
$(if ${BL2U}, ,$(eval $(call MAKE_BL,2u)))
$(eval $(call FWU_FIP_ADD_PAYLOAD,${BL2U_PATH},--bl2u))
endif
locate-checkpatch:
ifndef CHECKPATCH
$(error "Please set CHECKPATCH to point to the Linux checkpatch.pl file, eg: CHECKPATCH=../linux/script/checkpatch.pl")
@ -524,8 +541,24 @@ ${BUILD_PLAT}/${FIP_NAME}: ${FIP_DEPS} ${FIPTOOL}
@echo "Built $@ successfully"
@echo
ifneq (${GENERATE_COT},0)
fwu_certificates: ${FWU_CRT_DEPS} ${CRTTOOL}
${Q}${CRTTOOL} ${FWU_CRT_ARGS}
@echo
@echo "Built $@ successfully"
@echo "FWU certificates can be found in ${BUILD_PLAT}"
@echo
endif
${BUILD_PLAT}/${FWU_FIP_NAME}: ${FWU_FIP_DEPS} ${FIPTOOL}
${Q}${FIPTOOL} --dump ${FWU_FIP_ARGS} $@
@echo
@echo "Built $@ successfully"
@echo
fiptool: ${FIPTOOL}
fip: ${BUILD_PLAT}/${FIP_NAME}
fwu_fip: ${BUILD_PLAT}/${FWU_FIP_NAME}
.PHONY: ${FIPTOOL}
${FIPTOOL}:
@ -551,10 +584,12 @@ help:
@echo " all Build all individual bootloader binaries"
@echo " bl1 Build the BL1 binary"
@echo " bl2 Build the BL2 binary"
@echo " bl2u Build the BL2U binary"
@echo " bl31 Build the BL3-1 binary"
@echo " bl32 Build the BL3-2 binary"
@echo " certificates Build the certificates (requires 'GENERATE_COT=1')"
@echo " fip Build the Firmware Image Package (FIP)"
@echo " fwu_fip Build the FWU Firmware Image Package (FIP)"
@echo " checkcodebase Check the coding style of the entire source tree"
@echo " checkpatch Check the coding style on changes in the current"
@echo " branch against BASE_COMMIT (default origin/master)"

10
bl1/aarch64/bl1_entrypoint.S
View File

@ -69,10 +69,14 @@ func bl1_entrypoint
/* --------------------------------------------------
* Initialize platform and jump to our c-entry point
* for this type of reset. Panic if it returns
* for this type of reset.
* --------------------------------------------------
*/
bl bl1_main
panic:
b panic
/* --------------------------------------------------
* Do the transition to next boot image.
* --------------------------------------------------
*/
b el3_exit
endfunc bl1_entrypoint

118
bl1/aarch64/bl1_exceptions.S
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@ -31,7 +31,8 @@
#include <arch.h>
#include <asm_macros.S>
#include <bl_common.h>
#include <runtime_svc.h>
#include <bl1.h>
#include <context.h>
.globl bl1_exceptions
@ -115,10 +116,12 @@ SynchronousExceptionA64:
/* Enable the SError interrupt */
msr daifclr, #DAIF_ABT_BIT
str x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
/* Expect only SMC exceptions */
mrs x19, esr_el3
ubfx x20, x19, #ESR_EC_SHIFT, #ESR_EC_LENGTH
cmp x20, #EC_AARCH64_SMC
mrs x30, esr_el3
ubfx x30, x30, #ESR_EC_SHIFT, #ESR_EC_LENGTH
cmp x30, #EC_AARCH64_SMC
b.ne unexpected_sync_exception
b smc_handler64
@ -179,21 +182,40 @@ SErrorA32:
func smc_handler64
/* ----------------------------------------------
* Detect if this is a RUN_IMAGE or other SMC.
* ----------------------------------------------
*/
mov x30, #BL1_SMC_RUN_IMAGE
cmp x30, x0
b.ne smc_handler
/* ------------------------------------------------
* Make sure only Secure world reaches here.
* ------------------------------------------------
*/
mrs x30, scr_el3
tst x30, #SCR_NS_BIT
b.ne unexpected_sync_exception
/* ----------------------------------------------
* Handling RUN_IMAGE SMC. First switch back to
* SP_EL0 for the C runtime stack.
* ----------------------------------------------
*/
ldr x30, [sp, #CTX_EL3STATE_OFFSET + CTX_RUNTIME_SP]
msr spsel, #0
mov sp, x30
/* ---------------------------------------------------------------------
* Only a single SMC exception from BL2 to ask BL1 to pass EL3 control
* to BL31 is expected here. It expects:
* - X0 with RUN_IMAGE SMC function ID;
* - X1 with the address of a entry_point_info_t structure describing
* the BL31 entrypoint.
* Pass EL3 control to BL31.
* Here it expects X1 with the address of a entry_point_info_t
* structure describing the BL31 entrypoint.
* ---------------------------------------------------------------------
*/
mov x19, x0
mov x20, x1
mov x0, #RUN_IMAGE
cmp x19, x0
b.ne unexpected_sync_exception
mov x0, x20
bl bl1_print_bl31_ep_info
@ -228,3 +250,69 @@ unexpected_sync_exception:
bl plat_report_exception
wfi
b unexpected_sync_exception
/* -----------------------------------------------------
* Save Secure/Normal world context and jump to
* BL1 SMC handler.
* -----------------------------------------------------
*/
smc_handler:
/* -----------------------------------------------------
* Save the GP registers x0-x29.
* TODO: Revisit to store only SMCC specified registers.
* -----------------------------------------------------
*/
bl save_gp_registers
/* -----------------------------------------------------
* Populate the parameters for the SMC handler. We
* already have x0-x4 in place. x5 will point to a
* cookie (not used now). x6 will point to the context
* structure (SP_EL3) and x7 will contain flags we need
* to pass to the handler.
* -----------------------------------------------------
*/
mov x5, xzr
mov x6, sp
/* -----------------------------------------------------
* Restore the saved C runtime stack value which will
* become the new SP_EL0 i.e. EL3 runtime stack. It was
* saved in the 'cpu_context' structure prior to the last
* ERET from EL3.
* -----------------------------------------------------
*/
ldr x12, [x6, #CTX_EL3STATE_OFFSET + CTX_RUNTIME_SP]
/* ---------------------------------------------
* Switch back to SP_EL0 for the C runtime stack.
* ---------------------------------------------
*/
msr spsel, #0
mov sp, x12
/* -----------------------------------------------------
* Save the SPSR_EL3, ELR_EL3, & SCR_EL3 in case there
* is a world switch during SMC handling.
* -----------------------------------------------------
*/
mrs x16, spsr_el3
mrs x17, elr_el3
mrs x18, scr_el3
stp x16, x17, [x6, #CTX_EL3STATE_OFFSET + CTX_SPSR_EL3]
str x18, [x6, #CTX_EL3STATE_OFFSET + CTX_SCR_EL3]
/* Copy SCR_EL3.NS bit to the flag to indicate caller's security */
bfi x7, x18, #0, #1
/* -----------------------------------------------------
* Go to BL1 SMC handler.
* -----------------------------------------------------
*/
bl bl1_smc_handler
/* -----------------------------------------------------
* Do the transition to next BL image.
* -----------------------------------------------------
*/
b el3_exit

12
bl1/bl1.mk
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved.
# Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
@ -32,6 +32,14 @@ BL1_SOURCES += bl1/bl1_main.c \
bl1/aarch64/bl1_arch_setup.c \
bl1/aarch64/bl1_entrypoint.S \
bl1/aarch64/bl1_exceptions.S \
lib/cpus/aarch64/cpu_helpers.S
bl1/bl1_context_mgmt.c \
common/aarch64/context.S \
common/context_mgmt.c \
lib/cpus/aarch64/cpu_helpers.S \
plat/common/plat_bl1_common.c
ifeq (${TRUSTED_BOARD_BOOT},1)
BL1_SOURCES += bl1/bl1_fwu.c
endif
BL1_LINKERFILE := bl1/bl1.ld.S

110
bl1/bl1_context_mgmt.c Normal file
View File

@ -0,0 +1,110 @@
/*
* Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of ARM nor the names of its contributors may be used
* to endorse or promote products derived from this software without specific
* prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <arch_helpers.h>
#include <assert.h>
#include <context.h>
#include <context_mgmt.h>
#include <platform.h>
/*
* Following array will be used for context management.
* There are 2 instances, for the Secure and Non-Secure contexts.
*/
static cpu_context_t bl1_cpu_context[2];
/* Following contains the cpu context pointers. */
static void *bl1_cpu_context_ptr[2];
void *cm_get_context(uint32_t security_state)
{
assert(sec_state_is_valid(security_state));
return bl1_cpu_context_ptr[security_state];
}
void cm_set_context(void *context, uint32_t security_state)
{
assert(sec_state_is_valid(security_state));
bl1_cpu_context_ptr[security_state] = context;
}
/*******************************************************************************
* This function prepares the context for Secure/Normal world images.
* Normal world images are transitioned to EL2(if supported) else EL1.
******************************************************************************/
void bl1_prepare_next_image(unsigned int image_id)
{
unsigned int security_state;
image_desc_t *image_desc;
entry_point_info_t *next_bl_ep;
/* Get the image descriptor. */
image_desc = bl1_plat_get_image_desc(image_id);
assert(image_desc);
/* Get the entry point info. */
next_bl_ep = &image_desc->ep_info;
/* Get the image security state. */
security_state = GET_SEC_STATE(next_bl_ep->h.attr);
/* Setup the Secure/Non-Secure context if not done already. */
if (!cm_get_context(security_state))
cm_set_context(&bl1_cpu_context[security_state], security_state);
/* Prepare the SPSR for the next BL image. */
if (security_state == SECURE) {
next_bl_ep->spsr = SPSR_64(MODE_EL1, MODE_SP_ELX,
DISABLE_ALL_EXCEPTIONS);
} else {
/* Use EL2 if supported else use EL1. */
if (read_id_aa64pfr0_el1() &
(ID_AA64PFR0_ELX_MASK << ID_AA64PFR0_EL2_SHIFT)) {
next_bl_ep->spsr = SPSR_64(MODE_EL2, MODE_SP_ELX,
DISABLE_ALL_EXCEPTIONS);
} else {
next_bl_ep->spsr = SPSR_64(MODE_EL1, MODE_SP_ELX,
DISABLE_ALL_EXCEPTIONS);
}
}
/* Allow platform to make change */
bl1_plat_set_ep_info(image_id, next_bl_ep);
/* Prepare the context for the next BL image. */
cm_init_my_context(next_bl_ep);
cm_prepare_el3_exit(security_state);
/* Indicate that image is in execution state. */
image_desc->state = IMAGE_STATE_EXECUTED;
print_entry_point_info(next_bl_ep);
}

503
bl1/bl1_fwu.c Normal file
View File

@ -0,0 +1,503 @@
/*
* Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of ARM nor the names of its contributors may be used
* to endorse or promote products derived from this software without specific
* prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <assert.h>
#include <arch_helpers.h>
#include <auth_mod.h>
#include <bl1.h>
#include <bl_common.h>
#include <context.h>
#include <context_mgmt.h>
#include <debug.h>
#include <errno.h>
#include <platform.h>
#include <platform_def.h>
#include <smcc_helpers.h>
#include <string.h>
#include "bl1_private.h"
/*
* Function declarations.
*/
static int bl1_fwu_image_copy(unsigned int image_id,
uintptr_t image_addr,
unsigned int block_size,
unsigned int image_size,
unsigned int flags);
static int bl1_fwu_image_auth(unsigned int image_id,
uintptr_t image_addr,
unsigned int image_size,
unsigned int flags);
static int bl1_fwu_image_execute(unsigned int image_id,
void **handle,
unsigned int flags);
static register_t bl1_fwu_image_resume(unsigned int image_id,
register_t image_param,
void **handle,
unsigned int flags);
static int bl1_fwu_sec_image_done(void **handle,
unsigned int flags);
__dead2 static void bl1_fwu_done(void *cookie, void *reserved);
/*
* This keeps track of last executed secure image id.
*/
static unsigned int sec_exec_image_id = INVALID_IMAGE_ID;
/*******************************************************************************
* Top level handler for servicing FWU SMCs.
******************************************************************************/
register_t bl1_fwu_smc_handler(unsigned int smc_fid,
register_t x1,
register_t x2,
register_t x3,
register_t x4,
void *cookie,
void *handle,
unsigned int flags)
{
switch (smc_fid) {
case FWU_SMC_IMAGE_COPY:
SMC_RET1(handle, bl1_fwu_image_copy(x1, x2, x3, x4, flags));
case FWU_SMC_IMAGE_AUTH:
SMC_RET1(handle, bl1_fwu_image_auth(x1, x2, x3, flags));
case FWU_SMC_IMAGE_EXECUTE:
SMC_RET1(handle, bl1_fwu_image_execute(x1, &handle, flags));
case FWU_SMC_IMAGE_RESUME:
SMC_RET1(handle, bl1_fwu_image_resume(x1, x2, &handle, flags));
case FWU_SMC_SEC_IMAGE_DONE:
SMC_RET1(handle, bl1_fwu_sec_image_done(&handle, flags));
case FWU_SMC_UPDATE_DONE:
bl1_fwu_done(cookie, NULL);
/* We should never return from bl1_fwu_done() */
default:
assert(0);
break;
}
SMC_RET0(handle);
}
/*******************************************************************************
* This function is responsible for copying secure images in AP Secure RAM.
******************************************************************************/
static int bl1_fwu_image_copy(unsigned int image_id,
uintptr_t image_src,
unsigned int block_size,
unsigned int image_size,
unsigned int flags)
{
uintptr_t base_addr;
meminfo_t *mem_layout;
/* Get the image descriptor. */
image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
/* Check if we are in correct state. */
if ((!image_desc) ||
((image_desc->state != IMAGE_STATE_RESET) &&
(image_desc->state != IMAGE_STATE_COPYING))) {
WARN("BL1-FWU: Copy not allowed due to invalid state\n");
return -EPERM;
}
/* Only Normal world is allowed to copy a Secure image. */
if ((GET_SEC_STATE(flags) == SECURE) ||
(GET_SEC_STATE(image_desc->ep_info.h.attr) == NON_SECURE)) {
WARN("BL1-FWU: Copy not allowed for Non-Secure "
"image from Secure-world\n");
return -EPERM;
}
if ((!image_src) || (!block_size)) {
WARN("BL1-FWU: Copy not allowed due to invalid image source"
" or block size\n");
return -ENOMEM;
}
/* Get the image base address. */
base_addr = image_desc->image_info.image_base;
if (image_desc->state == IMAGE_STATE_COPYING) {
/*
* If last block is more than expected then
* clip the block to the required image size.
*/
if (image_desc->image_info.copied_size + block_size >
image_desc->image_info.image_size) {
block_size = image_desc->image_info.image_size -
image_desc->image_info.copied_size;
WARN("BL1-FWU: Copy argument block_size > remaining image size."
" Clipping block_size\n");
}
/* Make sure the image src/size is mapped. */
if (bl1_plat_mem_check(image_src, block_size, flags)) {
WARN("BL1-FWU: Copy arguments source/size not mapped\n");
return -ENOMEM;
}
INFO("BL1-FWU: Continuing image copy in blocks\n");
/* Copy image for given block size. */
base_addr += image_desc->image_info.copied_size;
image_desc->image_info.copied_size += block_size;
memcpy((void *)base_addr, (const void *)image_src, block_size);
flush_dcache_range(base_addr, block_size);
/* Update the state if last block. */
if (image_desc->image_info.copied_size ==
image_desc->image_info.image_size) {
image_desc->state = IMAGE_STATE_COPIED;
INFO("BL1-FWU: Image copy in blocks completed\n");
}
} else {
/* This means image is in RESET state and ready to be copied. */
INFO("BL1-FWU: Fresh call to copy an image\n");
if (!image_size) {
WARN("BL1-FWU: Copy not allowed due to invalid image size\n");
return -ENOMEM;
}
/*
* If block size is more than total size then
* assume block size as the total image size.
*/
if (block_size > image_size) {
block_size = image_size;
WARN("BL1-FWU: Copy argument block_size > image size."
" Clipping block_size\n");
}
/* Make sure the image src/size is mapped. */
if (bl1_plat_mem_check(image_src, block_size, flags)) {
WARN("BL1-FWU: Copy arguments source/size not mapped\n");
return -ENOMEM;
}
/* Find out how much free trusted ram remains after BL1 load */
mem_layout = bl1_plat_sec_mem_layout();
if ((image_desc->image_info.image_base < mem_layout->free_base) ||
(image_desc->image_info.image_base + image_size >
mem_layout->free_base + mem_layout->free_size)) {
WARN("BL1-FWU: Memory not available to copy\n");
return -ENOMEM;
}
/* Update the image size. */
image_desc->image_info.image_size = image_size;
/* Copy image for given size. */
memcpy((void *)base_addr, (const void *)image_src, block_size);
flush_dcache_range(base_addr, block_size);
/* Update the state. */
if (block_size == image_size) {
image_desc->state = IMAGE_STATE_COPIED;
INFO("BL1-FWU: Image is copied successfully\n");
} else {
image_desc->state = IMAGE_STATE_COPYING;
INFO("BL1-FWU: Started image copy in blocks\n");
}
image_desc->image_info.copied_size = block_size;
}
return 0;
}
/*******************************************************************************
* This function is responsible for authenticating Normal/Secure images.
******************************************************************************/
static int bl1_fwu_image_auth(unsigned int image_id,
uintptr_t image_src,
unsigned int image_size,
unsigned int flags)
{
int result;
uintptr_t base_addr;
unsigned int total_size;
/* Get the image descriptor. */
image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
if (!image_desc)
return -EPERM;
if (GET_SEC_STATE(flags) == SECURE) {
if (image_desc->state != IMAGE_STATE_RESET) {
WARN("BL1-FWU: Authentication from secure world "
"while in invalid state\n");
return -EPERM;
}
} else {
if (GET_SEC_STATE(image_desc->ep_info.h.attr) == SECURE) {
if (image_desc->state != IMAGE_STATE_COPIED) {
WARN("BL1-FWU: Authentication of secure image "
"from non-secure world while not in copied state\n");
return -EPERM;
}
} else {
if (image_desc->state != IMAGE_STATE_RESET) {
WARN("BL1-FWU: Authentication of non-secure image "
"from non-secure world while in invalid state\n");
return -EPERM;
}
}
}
if (image_desc->state == IMAGE_STATE_COPIED) {
/*
* Image is in COPIED state.
* Use the stored address and size.
*/
base_addr = image_desc->image_info.image_base;
total_size = image_desc->image_info.image_size;
} else {
if ((!image_src) || (!image_size)) {
WARN("BL1-FWU: Auth not allowed due to invalid"
" image source/size\n");
return -ENOMEM;
}
/*
* Image is in RESET state.
* Check the parameters and authenticate the source image in place.
*/
if (bl1_plat_mem_check(image_src, image_size, flags)) {
WARN("BL1-FWU: Authentication arguments source/size not mapped\n");
return -ENOMEM;
}
base_addr = image_src;
total_size = image_size;
/* Update the image size in the descriptor. */
image_desc->image_info.image_size = total_size;
}
/*
* Authenticate the image.
*/
INFO("BL1-FWU: Authenticating image_id:%d\n", image_id);
result = auth_mod_verify_img(image_id, (void *)base_addr, total_size);
if (result != 0) {
WARN("BL1-FWU: Authentication Failed err=%d\n", result);
/*
* Authentication has failed.
* Clear the memory if the image was copied.
* This is to prevent an attack where this contains
* some malicious code that can somehow be executed later.
*/
if (image_desc->state == IMAGE_STATE_COPIED) {
/* Clear the memory.*/
memset((void *)base_addr, 0, total_size);
flush_dcache_range(base_addr, total_size);
/* Indicate that image can be copied again*/
image_desc->state = IMAGE_STATE_RESET;
}
return -EAUTH;
}
/* Indicate that image is in authenticated state. */
image_desc->state = IMAGE_STATE_AUTHENTICATED;
/*
* Flush image_info to memory so that other
* secure world images can see changes.
*/
flush_dcache_range((unsigned long)&image_desc->image_info,
sizeof(image_info_t));
INFO("BL1-FWU: Authentication was successful\n");
return 0;
}
/*******************************************************************************
* This function is responsible for executing Secure images.
******************************************************************************/
static int bl1_fwu_image_execute(unsigned int image_id,
void **handle,
unsigned int flags)
{
/* Get the image descriptor. */
image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
/*
* Execution is NOT allowed if:
* Caller is from Secure world OR
* Image is Non-Secure OR
* Image is Non-Executable OR
* Image is NOT in AUTHENTICATED state.
*/
if ((!image_desc) ||
(GET_SEC_STATE(flags) == SECURE) ||
(GET_SEC_STATE(image_desc->ep_info.h.attr) == NON_SECURE) ||
(GET_EXEC_STATE(image_desc->image_info.h.attr) == NON_EXECUTABLE) ||
(image_desc->state != IMAGE_STATE_AUTHENTICATED)) {
WARN("BL1-FWU: Execution not allowed due to invalid state/args\n");
return -EPERM;
}
INFO("BL1-FWU: Executing Secure image\n");
/* Save NS-EL1 system registers. */
cm_el1_sysregs_context_save(NON_SECURE);
/* Prepare the image for execution. */
bl1_prepare_next_image(image_id);
/* Update the secure image id. */
sec_exec_image_id = image_id;
*handle = cm_get_context(SECURE);
return 0;
}
/*******************************************************************************
* This function is responsible for resuming Secure/Non-Secure images.
******************************************************************************/
static register_t bl1_fwu_image_resume(unsigned int image_id,
register_t image_param,
void **handle,
unsigned int flags)
{
image_desc_t *image_desc;
unsigned int resume_sec_state;
if (GET_SEC_STATE(flags) == SECURE) {
/* Get the image descriptor for last executed secure image id. */
image_desc = bl1_plat_get_image_desc(sec_exec_image_id);
if ((!image_desc) || (image_desc->state != IMAGE_STATE_EXECUTED)) {
WARN("BL1-FWU: Resume not allowed for secure image "
"due to invalid state\n");
return -EPERM;
}
/* Update the flags. */
image_desc->state = IMAGE_STATE_INTERRUPTED;
resume_sec_state = NON_SECURE;
} else {
/* Get the image descriptor for image id to be resumed. */
image_desc = bl1_plat_get_image_desc(image_id);
/* Make sure image is secure and was interrupted. */
if ((!image_desc) ||
(GET_SEC_STATE(image_desc->ep_info.h.attr) == NON_SECURE) ||
(image_desc->state != IMAGE_STATE_INTERRUPTED)) {
WARN("BL1-FWU: Resume not allowed for NS image/ invalid state\n");
return -EPERM;
}
/* Update the flags. */
image_desc->state = IMAGE_STATE_EXECUTED;
resume_sec_state = SECURE;
}
/* Save the EL1 system registers of calling world. */
cm_el1_sysregs_context_save(GET_SEC_STATE(flags));
/* Restore the EL1 system registers of resuming world. */
cm_el1_sysregs_context_restore(resume_sec_state);
/* Update the next context. */
cm_set_next_eret_context(resume_sec_state);
INFO("BL1-FWU: Resuming %s world context\n",
(resume_sec_state == SECURE) ? "Secure" : "Normal");
*handle = cm_get_context(resume_sec_state);
return image_param;
}
/*******************************************************************************
* This function is responsible for resuming normal world context.
******************************************************************************/
static int bl1_fwu_sec_image_done(void **handle, unsigned int flags)
{
/* Get the image descriptor for last executed secure image id. */
image_desc_t *image_desc = bl1_plat_get_image_desc(sec_exec_image_id);
/*
* Make sure caller is from secure world
* and the image is in EXECUTED state.
*/
if ((!image_desc) ||
(GET_SEC_STATE(flags) == NON_SECURE) ||
(image_desc->state != IMAGE_STATE_EXECUTED)) {
WARN("BL1-FWU: Done not allowed for NS caller/ invalid state\n");
return -EPERM;
}
/* Update the flags. */
image_desc->state = IMAGE_STATE_RESET;
sec_exec_image_id = INVALID_IMAGE_ID;
/*
* Secure world is done so no need to save the context.
* Just restore the Non-Secure context.
*/
cm_el1_sysregs_context_restore(NON_SECURE);
/* Update the next context. */
cm_set_next_eret_context(NON_SECURE);
INFO("BL1-FWU: Resuming Normal world context\n");
*handle = cm_get_context(NON_SECURE);
return 0;
}
/*******************************************************************************
* This function provides the opportunity for users to perform any
* platform specific handling after the Firmware update is done.
******************************************************************************/
__dead2 static void bl1_fwu_done(void *cookie, void *reserved)
{
NOTICE("BL1-FWU: *******FWU Process Completed*******\n");
/*
* Call platform done function.
*/
bl1_plat_fwu_done(cookie, reserved);
assert(0);
}

163
bl1/bl1_main.c
View File

@ -32,43 +32,22 @@
#include <arch_helpers.h>
#include <assert.h>
#include <auth_mod.h>
#include <bl1.h>
#include <bl_common.h>
#include <debug.h>
#include <platform.h>
#include <platform_def.h>
#include <smcc_helpers.h>
#include "bl1_private.h"
#include <uuid.h>
/*******************************************************************************
* Runs BL2 from the given entry point. It results in dropping the
* exception level
******************************************************************************/
static void __dead2 bl1_run_bl2(entry_point_info_t *bl2_ep)
{
/* Check bl2 security state is expected as secure */
assert(GET_SECURITY_STATE(bl2_ep->h.attr) == SECURE);
/* Check NS Bit is also set as secure */
assert(!(read_scr_el3() & SCR_NS_BIT));
/* BL1 Service UUID */
DEFINE_SVC_UUID(bl1_svc_uid,
0xfd3967d4, 0x72cb, 0x4d9a, 0xb5, 0x75,
0x67, 0x15, 0xd6, 0xf4, 0xbb, 0x4a);
bl1_arch_next_el_setup();
/* Tell next EL what we want done */
bl2_ep->args.arg0 = RUN_IMAGE;
write_spsr_el3(bl2_ep->spsr);
write_elr_el3(bl2_ep->pc);
NOTICE("BL1: Booting BL2\n");
print_entry_point_info(bl2_ep);
eret(bl2_ep->args.arg0,
bl2_ep->args.arg1,
bl2_ep->args.arg2,
bl2_ep->args.arg3,
bl2_ep->args.arg4,
bl2_ep->args.arg5,
bl2_ep->args.arg6,
bl2_ep->args.arg7);
}
static void bl1_load_bl2(void);
/*******************************************************************************
* The next function has a weak definition. Platform specific code can override
@ -91,7 +70,8 @@ void bl1_init_bl2_mem_layout(const meminfo_t *bl1_mem_layout,
/* Check that BL1's memory is lying outside of the free memory */
assert((BL1_RAM_LIMIT <= bl1_mem_layout->free_base) ||
(BL1_RAM_BASE >= bl1_mem_layout->free_base + bl1_mem_layout->free_size));
(BL1_RAM_BASE >= bl1_mem_layout->free_base +
bl1_mem_layout->free_size));
/* Remove BL1 RW data from the scope of memory visible to BL2 */
*bl2_mem_layout = *bl1_mem_layout;
@ -105,13 +85,13 @@ void bl1_init_bl2_mem_layout(const meminfo_t *bl1_mem_layout,
/*******************************************************************************
* Function to perform late architectural and platform specific initialization.
* It also locates and loads the BL2 raw binary image in the trusted DRAM. Only
* called by the primary cpu after a cold boot.
* TODO: Add support for alternative image load mechanism e.g using virtio/elf
* loader etc.
******************************************************************************/
* It also queries the platform to load and run next BL image. Only called
* by the primary cpu after a cold boot.
******************************************************************************/
void bl1_main(void)
{
unsigned int image_id;
/* Announce our arrival */
NOTICE(FIRMWARE_WELCOME_STR);
NOTICE("BL1: %s\n", version_string);
@ -119,11 +99,6 @@ void bl1_main(void)
INFO("BL1: RAM 0x%lx - 0x%lx\n", BL1_RAM_BASE, BL1_RAM_LIMIT);
image_info_t bl2_image_info = { {0} };
entry_point_info_t bl2_ep = { {0} };
meminfo_t *bl1_tzram_layout;
meminfo_t *bl2_tzram_layout = 0x0;
int err;
#if DEBUG
unsigned long val;
@ -153,28 +128,65 @@ void bl1_main(void)
/* Perform remaining generic architectural setup from EL3 */
bl1_arch_setup();
#if TRUSTED_BOARD_BOOT
/* Initialize authentication module */
auth_mod_init();
#endif /* TRUSTED_BOARD_BOOT */
/* Perform platform setup in BL1. */
bl1_platform_setup();
SET_PARAM_HEAD(&bl2_image_info, PARAM_IMAGE_BINARY, VERSION_1, 0);
SET_PARAM_HEAD(&bl2_ep, PARAM_EP, VERSION_1, 0);
/* Get the image id of next image to load and run. */
image_id = bl1_plat_get_next_image_id();
/*
* We currently interpret any image id other than
* BL2_IMAGE_ID as the start of firmware update.
*/
if (image_id == BL2_IMAGE_ID)
bl1_load_bl2();
else
NOTICE("BL1-FWU: *******FWU Process Started*******\n");
bl1_prepare_next_image(image_id);
}
/*******************************************************************************
* This function locates and loads the BL2 raw binary image in the trusted SRAM.
* Called by the primary cpu after a cold boot.
* TODO: Add support for alternative image load mechanism e.g using virtio/elf
* loader etc.
******************************************************************************/
void bl1_load_bl2(void)
{
image_desc_t *image_desc;
image_info_t *image_info;
entry_point_info_t *ep_info;
meminfo_t *bl1_tzram_layout;
meminfo_t *bl2_tzram_layout;
int err;
/* Get the image descriptor */
image_desc = bl1_plat_get_image_desc(BL2_IMAGE_ID);
assert(image_desc);
/* Get the image info */
image_info = &image_desc->image_info;
/* Get the entry point info */
ep_info = &image_desc->ep_info;
/* Find out how much free trusted ram remains after BL1 load */
bl1_tzram_layout = bl1_plat_sec_mem_layout();
INFO("BL1: Loading BL2\n");
#if TRUSTED_BOARD_BOOT
/* Initialize authentication module */
auth_mod_init();
#endif /* TRUSTED_BOARD_BOOT */
/* Load the BL2 image */
err = load_auth_image(bl1_tzram_layout,
BL2_IMAGE_ID,
BL2_BASE,
&bl2_image_info,
&bl2_ep);
image_info->image_base,
image_info,
ep_info);
if (err) {
ERROR("Failed to load BL2 firmware.\n");
@ -191,11 +203,10 @@ void bl1_main(void)
bl2_tzram_layout = (meminfo_t *) bl1_tzram_layout->free_base;
bl1_init_bl2_mem_layout(bl1_tzram_layout, bl2_tzram_layout);
bl1_plat_set_bl2_ep_info(&bl2_image_info, &bl2_ep);
bl2_ep.args.arg1 = (unsigned long)bl2_tzram_layout;
bl1_run_bl2(&bl2_ep);
return;
ep_info->args.arg1 = (unsigned long)bl2_tzram_layout;
NOTICE("BL1: Booting BL2\n");
VERBOSE("BL1: BL2 memory layout address = 0x%llx\n",
(unsigned long long) bl2_tzram_layout);
}
/*******************************************************************************
@ -216,3 +227,45 @@ void print_debug_loop_message(void)
NOTICE("BL1: Please connect the debugger to continue\n");
}
#endif
/*******************************************************************************
* Top level handler for servicing BL1 SMCs.
******************************************************************************/
register_t bl1_smc_handler(unsigned int smc_fid,
register_t x1,
register_t x2,
register_t x3,
register_t x4,
void *cookie,
void *handle,
unsigned int flags)
{
#if TRUSTED_BOARD_BOOT
/*
* Dispatch FWU calls to FWU SMC handler and return its return
* value
*/
if (is_fwu_fid(smc_fid)) {
return bl1_fwu_smc_handler(smc_fid, x1, x2, x3, x4, cookie,
handle, flags);
}
#endif
switch (smc_fid) {
case BL1_SMC_CALL_COUNT:
SMC_RET1(handle, BL1_NUM_SMC_CALLS);
case BL1_SMC_UID:
SMC_UUID_RET(handle, bl1_svc_uid);
case BL1_SMC_VERSION:
SMC_RET1(handle, BL1_SMC_MAJOR_VER | BL1_SMC_MINOR_VER);
default:
break;
}
WARN("Unimplemented BL1 SMC Call: 0x%x \n", smc_fid);
SMC_RET1(handle, SMC_UNK);
}

12
bl1/bl1_private.h
View File

@ -31,6 +31,8 @@
#ifndef __BL1_PRIVATE_H__
#define __BL1_PRIVATE_H__
#include <types.h>
/*******************************************************************************
* Declarations of linker defined symbols which will tell us where BL1 lives
* in Trusted RAM
@ -46,4 +48,14 @@ extern uint64_t __BL1_RAM_END__;
void bl1_arch_setup(void);
void bl1_arch_next_el_setup(void);
void bl1_prepare_next_image(unsigned int image_id);
register_t bl1_fwu_smc_handler(unsigned int smc_fid,
register_t x1,
register_t x2,
register_t x3,
register_t x4,
void *cookie,
void *handle,
unsigned int flags);
#endif /* __BL1_PRIVATE_H__ */

81
bl1/tbbr/tbbr_img_desc.c Normal file
View File

@ -0,0 +1,81 @@
/*
* Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of ARM nor the names of its contributors may be used
* to endorse or promote products derived from this software without specific
* prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <bl1.h>
#include <bl_common.h>
#include <platform_def.h>
image_desc_t bl1_tbbr_image_descs[] = {
{
.image_id = FWU_CERT_ID,
.image_info.h.attr = SET_EXEC_STATE(NON_EXECUTABLE),
.image_info.image_base = BL2_BASE,
.ep_info.h.attr = SET_SEC_STATE(SECURE),
},
#if NS_BL1U_BASE
{
.image_id = NS_BL1U_IMAGE_ID,
.image_info.h.attr = SET_EXEC_STATE(EXECUTABLE),
.image_info.image_base = NS_BL1U_BASE,
.ep_info.h.attr = SET_SEC_STATE(NON_SECURE),
.ep_info.pc = NS_BL1U_BASE,
},
#endif
#if SCP_BL2U_BASE
{
.image_id = SCP_BL2U_IMAGE_ID,
.image_info.h.attr = SET_EXEC_STATE(NON_EXECUTABLE),
.image_info.image_base = SCP_BL2U_BASE,
.ep_info.h.attr = SET_SEC_STATE(SECURE),
},
#endif
#if BL2U_BASE
{
.image_id = BL2U_IMAGE_ID,
.image_info.h.attr = SET_EXEC_STATE(EXECUTABLE),
.image_info.image_base = BL2U_BASE,
.ep_info.h.attr = SET_SEC_STATE(SECURE),
.ep_info.pc = BL2U_BASE,
},
#endif
#if NS_BL2U_BASE
{
.image_id = NS_BL2U_IMAGE_ID,
.image_info.h.attr = SET_EXEC_STATE(NON_EXECUTABLE),
.image_info.image_base = NS_BL2U_BASE,
.ep_info.h.attr = SET_SEC_STATE(NON_SECURE),
},
#endif
BL2_IMAGE_DESC,
{
.image_id = INVALID_IMAGE_ID,
}
};

21
bl2/aarch64/bl2_entrypoint.S
View File

@ -39,13 +39,12 @@
func bl2_entrypoint
/*---------------------------------------------
* Store the extents of the tzram available to
* BL2 for future use. Use the opcode param to
* allow implement other functions if needed.
* Save from x1 the extents of the tzram
* available to BL2 for future use.
* x0 is not currently used.
* ---------------------------------------------
*/
mov x20, x0
mov x21, x1
*/
mov x20, x1
/* ---------------------------------------------
* Set the exception vector to something sane.
@ -73,14 +72,6 @@ func bl2_entrypoint
msr sctlr_el1, x0
isb
/* ---------------------------------------------
* Check the opcodes out of paranoia.
* ---------------------------------------------
*/
mov x0, #RUN_IMAGE
cmp x0, x20
b.ne _panic
/* ---------------------------------------------
* Invalidate the RW memory used by the BL2
* image. This includes the data and NOBITS
@ -126,7 +117,7 @@ func bl2_entrypoint
* specific early arch. setup e.g. mmu setup
* ---------------------------------------------
*/
mov x0, x21
mov x0, x20
bl bl2_early_platform_setup
bl bl2_plat_arch_setup

3
bl2/bl2_main.c
View File

@ -32,6 +32,7 @@
#include <arch_helpers.h>
#include <assert.h>
#include <auth_mod.h>
#include <bl1.h>
#include <bl_common.h>
#include <debug.h>
#include <errno.h>
@ -281,5 +282,5 @@ void bl2_main(void)
* the BL3-2 (if present) and BL3-3 software images will be passed to
* BL3-1 as an argument.
*/
smc(RUN_IMAGE, (unsigned long)bl31_ep_info, 0, 0, 0, 0, 0, 0);
smc(BL1_SMC_RUN_IMAGE, (unsigned long)bl31_ep_info, 0, 0, 0, 0, 0, 0);
}

127
bl2u/aarch64/bl2u_entrypoint.S Normal file
View File

@ -0,0 +1,127 @@
/*
* Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of ARM nor the names of its contributors may be used
* to endorse or promote products derived from this software without specific
* prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <arch.h>
#include <asm_macros.S>
#include <bl_common.h>
.globl bl2u_entrypoint
func bl2u_entrypoint
/*---------------------------------------------
* Store the extents of the tzram available to
* BL2U and other platform specific information
* for future use. x0 is currently not used.
* ---------------------------------------------
*/
mov x20, x1
mov x21, x2
/* ---------------------------------------------
* Set the exception vector to something sane.
* ---------------------------------------------
*/
adr x0, early_exceptions
msr vbar_el1, x0
isb
/* ---------------------------------------------
* Enable the SError interrupt now that the
* exception vectors have been setup.
* ---------------------------------------------
*/
msr daifclr, #DAIF_ABT_BIT
/* ---------------------------------------------
* Enable the instruction cache, stack pointer
* and data access alignment checks
* ---------------------------------------------
*/
mov x1, #(SCTLR_I_BIT | SCTLR_A_BIT | SCTLR_SA_BIT)
mrs x0, sctlr_el1
orr x0, x0, x1
msr sctlr_el1, x0
isb
/* ---------------------------------------------
* Invalidate the RW memory used by the BL2U
* image. This includes the data and NOBITS
* sections. This is done to safeguard against
* possible corruption of this memory by dirty
* cache lines in a system cache as a result of
* use by an earlier boot loader stage.
* ---------------------------------------------
*/
adr x0, __RW_START__
adr x1, __RW_END__
sub x1, x1, x0
bl inv_dcache_range
/* ---------------------------------------------
* Zero out NOBITS sections. There are 2 of them:
* - the .bss section;
* - the coherent memory section.
* ---------------------------------------------
*/
ldr x0, =__BSS_START__
ldr x1, =__BSS_SIZE__
bl zeromem16
/* --------------------------------------------
* Allocate a stack whose memory will be marked
* as Normal-IS-WBWA when the MMU is enabled.
* There is no risk of reading stale stack
* memory after enabling the MMU as only the
* primary cpu is running at the moment.
* --------------------------------------------
*/
bl plat_set_my_stack
/* ---------------------------------------------
* Perform early platform setup & platform
* specific early arch. setup e.g. mmu setup
* ---------------------------------------------
*/
mov x0, x20
mov x1, x21
bl bl2u_early_platform_setup
bl bl2u_plat_arch_setup
/* ---------------------------------------------
* Jump to bl2u_main function.
* ---------------------------------------------
*/
bl bl2u_main
_panic:
b _panic
endfunc bl2u_entrypoint

134
bl2u/bl2u.ld.S Normal file
View File

@ -0,0 +1,134 @@
/*
* Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of ARM nor the names of its contributors may be used
* to endorse or promote products derived from this software without specific
* prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <platform_def.h>
OUTPUT_FORMAT(PLATFORM_LINKER_FORMAT)
OUTPUT_ARCH(PLATFORM_LINKER_ARCH)
ENTRY(bl2u_entrypoint)
MEMORY {
RAM (rwx): ORIGIN = BL2U_BASE, LENGTH = BL2U_LIMIT - BL2U_BASE
}
SECTIONS
{
. = BL2U_BASE;
ASSERT(. == ALIGN(4096),
"BL2U_BASE address is not aligned on a page boundary.")
ro . : {
__RO_START__ = .;
*bl2u_entrypoint.o(.text*)
*(.text*)
*(.rodata*)
*(.vectors)
__RO_END_UNALIGNED__ = .;
/*
* Memory page(s) mapped to this section will be marked as
* read-only, executable. No RW data from the next section must
* creep in. Ensure the rest of the current memory page is unused.
*/
. = NEXT(4096);
__RO_END__ = .;
} >RAM
/*
* Define a linker symbol to mark start of the RW memory area for this
* image.
*/
__RW_START__ = . ;
.data . : {
__DATA_START__ = .;
*(.data*)
__DATA_END__ = .;
} >RAM
stacks (NOLOAD) : {
__STACKS_START__ = .;
*(tzfw_normal_stacks)
__STACKS_END__ = .;
} >RAM
/*
* The .bss section gets initialised to 0 at runtime.
* Its base address must be 16-byte aligned.
*/
.bss : ALIGN(16) {
__BSS_START__ = .;
*(SORT_BY_ALIGNMENT(.bss*))
*(COMMON)
__BSS_END__ = .;
} >RAM
/*
* The xlat_table section is for full, aligned page tables (4K).
* Removing them from .bss avoids forcing 4K alignment on
* the .bss section and eliminates the unecessary zero init
*/
xlat_table (NOLOAD) : {
*(xlat_table)
} >RAM
#if USE_COHERENT_MEM
/*
* The base address of the coherent memory section must be page-aligned (4K)
* to guarantee that the coherent data are stored on their own pages and
* are not mixed with normal data. This is required to set up the correct
* memory attributes for the coherent data page tables.
*/
coherent_ram (NOLOAD) : ALIGN(4096) {
__COHERENT_RAM_START__ = .;
*(tzfw_coherent_mem)
__COHERENT_RAM_END_UNALIGNED__ = .;
/*
* Memory page(s) mapped to this section will be marked
* as device memory. No other unexpected data must creep in.
* Ensure the rest of the current memory page is unused.
*/
. = NEXT(4096);
__COHERENT_RAM_END__ = .;
} >RAM
#endif
/*
* Define a linker symbol to mark end of the RW memory area for this
* image.
*/
__RW_END__ = .;
__BL2U_END__ = .;
__BSS_SIZE__ = SIZEOF(.bss);
ASSERT(. <= BL2U_LIMIT, "BL2U image has exceeded its limit.")
}

35
bl2u/bl2u.mk Normal file
View File

@ -0,0 +1,35 @@
#
# Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
#
# Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# Neither the name of ARM nor the names of its contributors may be used
# to endorse or promote products derived from this software without specific
# prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
BL2U_SOURCES += bl2u/bl2u_main.c \
bl2u/aarch64/bl2u_entrypoint.S \
common/aarch64/early_exceptions.S
BL2U_LINKERFILE := bl2u/bl2u.ld.S

74
bl2u/bl2u_main.c Normal file
View File

@ -0,0 +1,74 @@
/*
* Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of ARM nor the names of its contributors may be used
* to endorse or promote products derived from this software without specific
* prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <arch.h>
#include <arch_helpers.h>
#include <assert.h>
#include <auth_mod.h>
#include <bl_common.h>
#include <bl1.h>
#include <debug.h>
#include <platform.h>
#include <platform_def.h>
#include <stdint.h>
/*******************************************************************************
* This function is responsible to:
* Load SCP_BL2U if platform has defined SCP_BL2U_BASE
* Perform platform setup.
* Go back to EL3.
******************************************************************************/
void bl2u_main(void)
{
NOTICE("BL2U: %s\n", version_string);
NOTICE("BL2U: %s\n", build_message);
#if SCP_BL2U_BASE
int rc;
/* Load the subsequent bootloader images */
rc = bl2u_plat_handle_scp_bl2u();
if (rc) {
ERROR("Failed to load SCP_BL2U (%i)\n", rc);
panic();
}
#endif
/* Perform platform setup in BL2U after loading SCP_BL2U */
bl2u_platform_setup();
/*
* Indicate that BL2U is done and resume back to
* normal world via an SMC to BL1.
* x1 could be passed to Normal world,
* so DO NOT pass any secret information.
*/
smc(FWU_SMC_SEC_IMAGE_DONE, 0, 0, 0, 0, 0, 0, 0);
wfi();
}

84
bl31/aarch64/runtime_exceptions.S
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@ -36,7 +36,6 @@
#include <runtime_svc.h>
.globl runtime_exceptions
.globl el3_exit
/* -----------------------------------------------------
* Handle SMC exceptions separately from other sync.
@ -426,38 +425,7 @@ smc_handler64:
#endif
blr x15
/* -----------------------------------------------------
* This routine assumes that the SP_EL3 is pointing to
* a valid context structure from where the gp regs and
* other special registers can be retrieved.
*
* Keep it in the same section as smc_handler as this
* function uses a fall-through to el3_exit
* -----------------------------------------------------
*/
el3_exit: ; .type el3_exit, %function
/* -----------------------------------------------------
* Save the current SP_EL0 i.e. the EL3 runtime stack
* which will be used for handling the next SMC. Then
* switch to SP_EL3
* -----------------------------------------------------
*/
mov x17, sp
msr spsel, #1
str x17, [sp, #CTX_EL3STATE_OFFSET + CTX_RUNTIME_SP]
/* -----------------------------------------------------
* Restore SPSR_EL3, ELR_EL3 and SCR_EL3 prior to ERET
* -----------------------------------------------------
*/
ldr x18, [sp, #CTX_EL3STATE_OFFSET + CTX_SCR_EL3]
ldp x16, x17, [sp, #CTX_EL3STATE_OFFSET + CTX_SPSR_EL3]
msr scr_el3, x18
msr spsr_el3, x16
msr elr_el3, x17
/* Restore saved general purpose registers and return */
b restore_gp_registers_eret
b el3_exit
smc_unknown:
/*
@ -479,51 +447,3 @@ rt_svc_fw_critical_error:
msr spsel, #1 /* Switch to SP_ELx */
bl report_unhandled_exception
endfunc smc_handler
/* -----------------------------------------------------
* The following functions are used to saved and restore
* all the general pupose registers. Ideally we would
* only save and restore the callee saved registers when
* a world switch occurs but that type of implementation
* is more complex. So currently we will always save and
* restore these registers on entry and exit of EL3.
* These are not macros to ensure their invocation fits
* within the 32 instructions per exception vector.
* -----------------------------------------------------
*/
func save_gp_registers
stp x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
stp x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
stp x4, x5, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X4]
stp x6, x7, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X6]
stp x8, x9, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X8]
stp x10, x11, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X10]
stp x12, x13, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X12]
stp x14, x15, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X14]
stp x16, x17, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X16]
save_x18_to_x29_sp_el0
ret
endfunc save_gp_registers
func restore_gp_registers_eret
ldp x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
ldp x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
restore_gp_registers_callee_eret:
ldp x4, x5, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X4]
ldp x6, x7, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X6]
ldp x8, x9, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X8]
ldp x10, x11, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X10]
ldp x12, x13, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X12]
ldp x14, x15, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X14]
ldp x18, x19, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X18]
ldp x20, x21, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X20]
ldp x22, x23, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X22]
ldp x24, x25, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X24]
ldp x26, x27, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X26]
ldp x28, x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X28]
ldp x30, x17, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
msr sp_el0, x17
ldp x16, x17, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X16]
eret
endfunc restore_gp_registers_eret

5
bl31/bl31.mk
View File

@ -29,16 +29,17 @@
#
BL31_SOURCES += bl31/bl31_main.c \
bl31/context_mgmt.c \
bl31/cpu_data_array.c \
bl31/runtime_svc.c \
bl31/interrupt_mgmt.c \
bl31/aarch64/bl31_arch_setup.c \
bl31/aarch64/bl31_entrypoint.S \
bl31/aarch64/context.S \
bl31/aarch64/cpu_data.S \
bl31/aarch64/runtime_exceptions.S \
bl31/aarch64/crash_reporting.S \
bl31/bl31_context_mgmt.c \
common/aarch64/context.S \
common/context_mgmt.c \
lib/cpus/aarch64/cpu_helpers.S \
lib/locks/exclusive/spinlock.S \
services/std_svc/std_svc_setup.c \

133
bl31/bl31_context_mgmt.c Normal file
View File

@ -0,0 +1,133 @@
/*
* Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of ARM nor the names of its contributors may be used
* to endorse or promote products derived from this software without specific
* prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <assert.h>
#include <bl31.h>
#include <context.h>
#include <context_mgmt.h>
#include <cpu_data.h>
#include <platform.h>
/*******************************************************************************
* This function returns a pointer to the most recent 'cpu_context' structure
* for the calling CPU that was set as the context for the specified security
* state. NULL is returned if no such structure has been specified.
******************************************************************************/
void *cm_get_context(uint32_t security_state)
{
assert(security_state <= NON_SECURE);
return get_cpu_data(cpu_context[security_state]);
}
/*******************************************************************************
* This function sets the pointer to the current 'cpu_context' structure for the
* specified security state for the calling CPU
******************************************************************************/
void cm_set_context(void *context, uint32_t security_state)
{
assert(security_state <= NON_SECURE);
set_cpu_data(cpu_context[security_state], context);
}
/*******************************************************************************
* This function returns a pointer to the most recent 'cpu_context' structure
* for the CPU identified by `cpu_idx` that was set as the context for the
* specified security state. NULL is returned if no such structure has been
* specified.
******************************************************************************/
void *cm_get_context_by_index(unsigned int cpu_idx,
unsigned int security_state)
{
assert(sec_state_is_valid(security_state));
return get_cpu_data_by_index(cpu_idx, cpu_context[security_state]);
}
/*******************************************************************************
* This function sets the pointer to the current 'cpu_context' structure for the
* specified security state for the CPU identified by CPU index.
******************************************************************************/
void cm_set_context_by_index(unsigned int cpu_idx, void *context,
unsigned int security_state)
{
assert(sec_state_is_valid(security_state));
set_cpu_data_by_index(cpu_idx, cpu_context[security_state], context);
}
#if !ERROR_DEPRECATED
/*
* These context management helpers are deprecated but are maintained for use
* by SPDs which have not migrated to the new API. If ERROR_DEPRECATED
* is enabled, these are excluded from the build so as to force users to
* migrate to the new API.
*/
/*******************************************************************************
* This function returns a pointer to the most recent 'cpu_context' structure
* for the CPU identified by MPIDR that was set as the context for the specified
* security state. NULL is returned if no such structure has been specified.
******************************************************************************/
void *cm_get_context_by_mpidr(uint64_t mpidr, uint32_t security_state)
{
assert(sec_state_is_valid(security_state));
return cm_get_context_by_index(platform_get_core_pos(mpidr), security_state);
}
/*******************************************************************************
* This function sets the pointer to the current 'cpu_context' structure for the
* specified security state for the CPU identified by MPIDR
******************************************************************************/
void cm_set_context_by_mpidr(uint64_t mpidr, void *context, uint32_t security_state)
{
assert(sec_state_is_valid(security_state));
cm_set_context_by_index(platform_get_core_pos(mpidr),
context, security_state);
}
/*******************************************************************************
* The following function provides a compatibility function for SPDs using the
* existing cm library routines. This function is expected to be invoked for
* initializing the cpu_context for the CPU specified by MPIDR for first use.
******************************************************************************/
void cm_init_context(unsigned long mpidr, const entry_point_info_t *ep)
{
if ((mpidr & MPIDR_AFFINITY_MASK) ==
(read_mpidr_el1() & MPIDR_AFFINITY_MASK))
cm_init_my_context(ep);
else
cm_init_context_by_index(platform_get_core_pos(mpidr), ep);
}
#endif

106
bl31/aarch64/context.S → common/aarch64/context.S
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@ -32,6 +32,17 @@
#include <asm_macros.S>
#include <context.h>
.global el1_sysregs_context_save
.global el1_sysregs_context_restore
#if CTX_INCLUDE_FPREGS
.global fpregs_context_save
.global fpregs_context_restore
#endif
.global save_gp_registers
.global restore_gp_registers_eret
.global restore_gp_registers_callee_eret
.global el3_exit
/* -----------------------------------------------------
* The following function strictly follows the AArch64
* PCS to use x9-x17 (temporary caller-saved registers)
@ -40,7 +51,6 @@
* the register context will be saved.
* -----------------------------------------------------
*/
.global el1_sysregs_context_save
func el1_sysregs_context_save
mrs x9, spsr_el1
@ -127,7 +137,6 @@ endfunc el1_sysregs_context_save
* from where the register context will be restored
* -----------------------------------------------------
*/
.global el1_sysregs_context_restore
func el1_sysregs_context_restore
ldp x9, x10, [x0, #CTX_SPSR_EL1]
@ -225,7 +234,6 @@ endfunc el1_sysregs_context_restore
* -----------------------------------------------------
*/
#if CTX_INCLUDE_FPREGS
.global fpregs_context_save
func fpregs_context_save
stp q0, q1, [x0, #CTX_FP_Q0]
stp q2, q3, [x0, #CTX_FP_Q2]
@ -269,7 +277,6 @@ endfunc fpregs_context_save
* TODO: Revisit when VFP is used in secure world
* -----------------------------------------------------
*/
.global fpregs_context_restore
func fpregs_context_restore
ldp q0, q1, [x0, #CTX_FP_Q0]
ldp q2, q3, [x0, #CTX_FP_Q2]
@ -303,3 +310,92 @@ func fpregs_context_restore
ret
endfunc fpregs_context_restore
#endif /* CTX_INCLUDE_FPREGS */
/* -----------------------------------------------------
* The following functions are used to save and restore
* all the general purpose registers. Ideally we would
* only save and restore the callee saved registers when
* a world switch occurs but that type of implementation
* is more complex. So currently we will always save and
* restore these registers on entry and exit of EL3.
* These are not macros to ensure their invocation fits
* within the 32 instructions per exception vector.
* clobbers: x18
* -----------------------------------------------------
*/
func save_gp_registers
stp x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
stp x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
stp x4, x5, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X4]
stp x6, x7, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X6]
stp x8, x9, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X8]
stp x10, x11, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X10]
stp x12, x13, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X12]
stp x14, x15, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X14]
stp x16, x17, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X16]
stp x18, x19, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X18]
stp x20, x21, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X20]
stp x22, x23, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X22]
stp x24, x25, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X24]
stp x26, x27, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X26]
stp x28, x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X28]
mrs x18, sp_el0
str x18, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_SP_EL0]
ret
endfunc save_gp_registers
func restore_gp_registers_eret
ldp x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
ldp x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
b restore_gp_registers_callee_eret
endfunc restore_gp_registers_eret
func restore_gp_registers_callee_eret
ldp x4, x5, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X4]
ldp x6, x7, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X6]
ldp x8, x9, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X8]
ldp x10, x11, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X10]
ldp x12, x13, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X12]
ldp x14, x15, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X14]
ldp x18, x19, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X18]
ldp x20, x21, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X20]
ldp x22, x23, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X22]
ldp x24, x25, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X24]
ldp x26, x27, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X26]
ldp x28, x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X28]
ldp x30, x17, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
msr sp_el0, x17
ldp x16, x17, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X16]
eret
endfunc restore_gp_registers_callee_eret
/* -----------------------------------------------------
* This routine assumes that the SP_EL3 is pointing to
* a valid context structure from where the gp regs and
* other special registers can be retrieved.
* -----------------------------------------------------
*/
func el3_exit
/* -----------------------------------------------------
* Save the current SP_EL0 i.e. the EL3 runtime stack
* which will be used for handling the next SMC. Then
* switch to SP_EL3
* -----------------------------------------------------
*/
mov x17, sp
msr spsel, #1
str x17, [sp, #CTX_EL3STATE_OFFSET + CTX_RUNTIME_SP]
/* -----------------------------------------------------
* Restore SPSR_EL3, ELR_EL3 and SCR_EL3 prior to ERET
* -----------------------------------------------------
*/
ldr x18, [sp, #CTX_EL3STATE_OFFSET + CTX_SCR_EL3]
ldp x16, x17, [sp, #CTX_EL3STATE_OFFSET + CTX_SPSR_EL3]
msr scr_el3, x18
msr spsr_el3, x16
msr elr_el3, x17
/* Restore saved general purpose registers and return */
b restore_gp_registers_eret
endfunc el3_exit

4
common/aarch64/early_exceptions.S
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@ -29,7 +29,7 @@
*/
#include <asm_macros.S>
#include <runtime_svc.h>
#include <bl_common.h>
.globl early_exceptions

109
bl31/context_mgmt.c → common/context_mgmt.c
View File

@ -32,14 +32,12 @@
#include <arch_helpers.h>
#include <assert.h>
#include <bl_common.h>
#include <bl31.h>
#include <context.h>
#include <context_mgmt.h>
#include <cpu_data.h>
#include <interrupt_mgmt.h>
#include <platform.h>
#include <platform_def.h>
#include <runtime_svc.h>
#include <smcc_helpers.h>
#include <string.h>
@ -64,105 +62,6 @@ void cm_init(void)
*/
}
/*******************************************************************************
* This function returns a pointer to the most recent 'cpu_context' structure
* for the CPU identified by `cpu_idx` that was set as the context for the
* specified security state. NULL is returned if no such structure has been
* specified.
******************************************************************************/
void *cm_get_context_by_index(unsigned int cpu_idx,
unsigned int security_state)
{
assert(sec_state_is_valid(security_state));
return get_cpu_data_by_index(cpu_idx, cpu_context[security_state]);
}
/*******************************************************************************
* This function sets the pointer to the current 'cpu_context' structure for the
* specified security state for the CPU identified by CPU index.
******************************************************************************/
void cm_set_context_by_index(unsigned int cpu_idx, void *context,
unsigned int security_state)
{
assert(sec_state_is_valid(security_state));
set_cpu_data_by_index(cpu_idx, cpu_context[security_state], context);
}
#if !ERROR_DEPRECATED
/*
* These context management helpers are deprecated but are maintained for use
* by SPDs which have not migrated to the new API. If ERROR_DEPRECATED
* is enabled, these are excluded from the build so as to force users to
* migrate to the new API.
*/
/*******************************************************************************
* This function returns a pointer to the most recent 'cpu_context' structure
* for the CPU identified by MPIDR that was set as the context for the specified
* security state. NULL is returned if no such structure has been specified.
******************************************************************************/
void *cm_get_context_by_mpidr(uint64_t mpidr, uint32_t security_state)
{
assert(sec_state_is_valid(security_state));
return cm_get_context_by_index(platform_get_core_pos(mpidr), security_state);
}
/*******************************************************************************
* This function sets the pointer to the current 'cpu_context' structure for the
* specified security state for the CPU identified by MPIDR
******************************************************************************/
void cm_set_context_by_mpidr(uint64_t mpidr, void *context, uint32_t security_state)
{
assert(sec_state_is_valid(security_state));
cm_set_context_by_index(platform_get_core_pos(mpidr),
context, security_state);
}
/*******************************************************************************
* The following function provides a compatibility function for SPDs using the
* existing cm library routines. This function is expected to be invoked for
* initializing the cpu_context for the CPU specified by MPIDR for first use.
******************************************************************************/
void cm_init_context(unsigned long mpidr, const entry_point_info_t *ep)
{
if ((mpidr & MPIDR_AFFINITY_MASK) ==
(read_mpidr_el1() & MPIDR_AFFINITY_MASK))
cm_init_my_context(ep);
else
cm_init_context_by_index(platform_get_core_pos(mpidr), ep);
}
#endif
/*******************************************************************************
* This function is used to program the context that's used for exception
* return. This initializes the SP_EL3 to a pointer to a 'cpu_context' set for
* the required security state
******************************************************************************/
static inline void cm_set_next_context(void *context)
{
#if DEBUG
uint64_t sp_mode;
/*
* Check that this function is called with SP_EL0 as the stack
* pointer
*/
__asm__ volatile("mrs %0, SPSel\n"
: "=r" (sp_mode));
assert(sp_mode == MODE_SP_EL0);
#endif
__asm__ volatile("msr spsel, #1\n"
"mov sp, %0\n"
"msr spsel, #0\n"
: : "r" (context));
}
/*******************************************************************************
* The following function initializes the cpu_context 'ctx' for
* first use, and sets the initial entrypoint state as specified by the
@ -212,7 +111,13 @@ static void cm_init_context_common(cpu_context_t *ctx, const entry_point_info_t
if (EP_GET_ST(ep->h.attr))
scr_el3 |= SCR_ST_BIT;
#if IMAGE_BL31
/*
* IRQ/FIQ bits only need setting if interrupt routing
* model has been set up for BL31.
*/
scr_el3 |= get_scr_el3_from_routing_model(security_state);
#endif
/*
* Set up SCTLR_ELx for the target exception level:

99
drivers/auth/tbbr/tbbr_cot.c
View File

@ -89,6 +89,12 @@ static auth_param_type_desc_t bl32_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, BL32_HASH_OID);
static auth_param_type_desc_t bl33_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, BL33_HASH_OID);
static auth_param_type_desc_t scp_bl2u_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, SCP_BL2U_HASH_OID);
static auth_param_type_desc_t bl2u_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, BL2U_HASH_OID);
static auth_param_type_desc_t ns_bl2u_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, NS_BL2U_HASH_OID);
/*
* TBBR Chain of trust definition
@ -438,6 +444,99 @@ static const auth_img_desc_t cot_desc[] = {
}
}
}
},
/*
* FWU auth descriptor.
*/
[FWU_CERT_ID] = {
.img_id = FWU_CERT_ID,
.img_type = IMG_CERT,
.parent = NULL,
.img_auth_methods = {
[0] = {
.type = AUTH_METHOD_SIG,
.param.sig = {
.pk = &subject_pk,
.sig = &sig,
.alg = &sig_alg,
.data = &raw_data,
}
}
},
.authenticated_data = {
[0] = {
.type_desc = &scp_bl2u_hash,
.data = {
.ptr = (void *)plat_bl30_hash_buf,
.len = (unsigned int)HASH_DER_LEN
}
},
[1] = {
.type_desc = &bl2u_hash,
.data = {
.ptr = (void *)plat_bl2_hash_buf,
.len = (unsigned int)HASH_DER_LEN
}
},
[2] = {
.type_desc = &ns_bl2u_hash,
.data = {
.ptr = (void *)plat_bl33_hash_buf,
.len = (unsigned int)HASH_DER_LEN
}
}
}
},
/*
* SCP_BL2U
*/
[SCP_BL2U_IMAGE_ID] = {
.img_id = SCP_BL2U_IMAGE_ID,
.img_type = IMG_RAW,
.parent = &cot_desc[FWU_CERT_ID],
.img_auth_methods = {
[0] = {
.type = AUTH_METHOD_HASH,
.param.hash = {
.data = &raw_data,
.hash = &scp_bl2u_hash,
}
}
}
},
/*
* BL2U
*/
[BL2U_IMAGE_ID] = {
.img_id = BL2U_IMAGE_ID,
.img_type = IMG_RAW,
.parent = &cot_desc[FWU_CERT_ID],
.img_auth_methods = {
[0] = {
.type = AUTH_METHOD_HASH,
.param.hash = {
.data = &raw_data,
.hash = &bl2u_hash,
}
}
}
},
/*
* NS_BL2U
*/
[NS_BL2U_IMAGE_ID] = {
.img_id = NS_BL2U_IMAGE_ID,
.img_type = IMG_RAW,
.parent = &cot_desc[FWU_CERT_ID],
.img_auth_methods = {
[0] = {
.type = AUTH_METHOD_HASH,
.param.hash = {
.data = &raw_data,
.hash = &ns_bl2u_hash,
}
}
}
}
};

98
include/bl1/bl1.h Normal file
View File

@ -0,0 +1,98 @@
/*
* Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of ARM nor the names of its contributors may be used
* to endorse or promote products derived from this software without specific
* prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef __BL1_FWU_H__
#define __BL1_FWU_H__
#include <bl_common.h>
/*
* Defines for BL1 SMC function ids.
*/
#define BL1_SMC_CALL_COUNT 0x0
#define BL1_SMC_UID 0x1
/* SMC #0x2 reserved */
#define BL1_SMC_VERSION 0x3
/*
* Corresponds to the function ID of the SMC that
* the BL1 exception handler service to execute BL31.
*/
#define BL1_SMC_RUN_IMAGE 0x4
/*
* BL1 SMC version
*/
#define BL1_SMC_MAJOR_VER 0x0
#define BL1_SMC_MINOR_VER 0x1
/*
* Defines for FWU SMC function ids.
*/
#define FWU_SMC_IMAGE_COPY 0x10
#define FWU_SMC_IMAGE_AUTH 0x11
#define FWU_SMC_IMAGE_EXECUTE 0x12
#define FWU_SMC_IMAGE_RESUME 0x13
#define FWU_SMC_SEC_IMAGE_DONE 0x14
#define FWU_SMC_UPDATE_DONE 0x15
/*
* Number of FWU calls (above) implemented
*/
#define FWU_NUM_SMC_CALLS 6
#if TRUSTED_BOARD_BOOT
# define BL1_NUM_SMC_CALLS (FWU_NUM_SMC_CALLS + 4)
#else
# define BL1_NUM_SMC_CALLS 4
#endif
/*
* The macros below are used to identify FWU
* calls from the SMC function ID
*/
#define FWU_SMC_FID_START FWU_SMC_IMAGE_COPY
#define FWU_SMC_FID_END FWU_SMC_UPDATE_DONE
#define is_fwu_fid(_fid) \
((_fid >= FWU_SMC_FID_START) && (_fid <= FWU_SMC_FID_END))
#ifndef __ASSEMBLY__
#include <cassert.h>
/*
* Check if the total number of FWU SMC calls are as expected.
*/
CASSERT(FWU_NUM_SMC_CALLS == \
(FWU_SMC_FID_END - FWU_SMC_FID_START + 1),\
assert_FWU_NUM_SMC_CALLS_mismatch);
#endif /* __ASSEMBLY__ */
#endif /* __BL1_FWU_H__ */

38
include/bl1/tbbr/tbbr_img_desc.h Normal file
View File

@ -0,0 +1,38 @@
/*
* Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of ARM nor the names of its contributors may be used
* to endorse or promote products derived from this software without specific
* prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef __TBBR_IMG_DESC_H__
#define __TBBR_IMG_DESC_H__
#include <bl_common.h>
extern image_desc_t bl1_tbbr_image_descs[];
#endif /* __TBBR_IMG_DESC_H__ */

152
include/bl31/runtime_svc.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@ -31,74 +31,9 @@
#ifndef __RUNTIME_SVC_H__
#define __RUNTIME_SVC_H__
/*******************************************************************************
* Bit definitions inside the function id as per the SMC calling convention
******************************************************************************/
#define FUNCID_TYPE_SHIFT 31
#define FUNCID_CC_SHIFT 30
#define FUNCID_OEN_SHIFT 24
#define FUNCID_NUM_SHIFT 0
#include <bl_common.h> /* to include exception types */
#include <smcc_helpers.h> /* to include SMCC definitions */
#define FUNCID_TYPE_MASK 0x1
#define FUNCID_CC_MASK 0x1
#define FUNCID_OEN_MASK 0x3f
#define FUNCID_NUM_MASK 0xffff
#define FUNCID_TYPE_WIDTH 1
#define FUNCID_CC_WIDTH 1
#define FUNCID_OEN_WIDTH 6
#define FUNCID_NUM_WIDTH 16
#define GET_SMC_CC(id) ((id >> FUNCID_CC_SHIFT) & \
FUNCID_CC_MASK)
#define GET_SMC_TYPE(id) ((id >> FUNCID_TYPE_SHIFT) & \
FUNCID_TYPE_MASK)
#define SMC_64 1
#define SMC_32 0
#define SMC_UNK 0xffffffff
#define SMC_TYPE_FAST 1
#define SMC_TYPE_STD 0
#define SMC_PREEMPTED 0xfffffffe
/*******************************************************************************
* Owning entity number definitions inside the function id as per the SMC
* calling convention
******************************************************************************/
#define OEN_ARM_START 0
#define OEN_ARM_END 0
#define OEN_CPU_START 1
#define OEN_CPU_END 1
#define OEN_SIP_START 2
#define OEN_SIP_END 2
#define OEN_OEM_START 3
#define OEN_OEM_END 3
#define OEN_STD_START 4 /* Standard Calls */
#define OEN_STD_END 4
#define OEN_TAP_START 48 /* Trusted Applications */
#define OEN_TAP_END 49
#define OEN_TOS_START 50 /* Trusted OS */
#define OEN_TOS_END 63
#define OEN_LIMIT 64
/*******************************************************************************
* Constants to indicate type of exception to the common exception handler.
******************************************************************************/
#define SYNC_EXCEPTION_SP_EL0 0x0
#define IRQ_SP_EL0 0x1
#define FIQ_SP_EL0 0x2
#define SERROR_SP_EL0 0x3
#define SYNC_EXCEPTION_SP_ELX 0x4
#define IRQ_SP_ELX 0x5
#define FIQ_SP_ELX 0x6
#define SERROR_SP_ELX 0x7
#define SYNC_EXCEPTION_AARCH64 0x8
#define IRQ_AARCH64 0x9
#define FIQ_AARCH64 0xa
#define SERROR_AARCH64 0xb
#define SYNC_EXCEPTION_AARCH32 0xc
#define IRQ_AARCH32 0xd
#define FIQ_AARCH32 0xe
#define SERROR_AARCH32 0xf
/*******************************************************************************
* Structure definition, typedefs & constants for the runtime service framework
@ -122,68 +57,9 @@
#ifndef __ASSEMBLY__
#include <cassert.h>
#include <context.h>
#include <stdint.h>
/* Various flags passed to SMC handlers */
#define SMC_FROM_SECURE (0 << 0)
#define SMC_FROM_NON_SECURE (1 << 0)
#define is_caller_non_secure(_f) (!!(_f & SMC_FROM_NON_SECURE))
#define is_caller_secure(_f) (!(is_caller_non_secure(_f)))
/* Prototype for runtime service initializing function */
typedef int32_t (*rt_svc_init_t)(void);
/* Convenience macros to return from SMC handler */
#define SMC_RET0(_h) { \
return (uint64_t) (_h); \
}
#define SMC_RET1(_h, _x0) { \
write_ctx_reg(get_gpregs_ctx(_h), CTX_GPREG_X0, (_x0)); \
SMC_RET0(_h); \
}
#define SMC_RET2(_h, _x0, _x1) { \
write_ctx_reg(get_gpregs_ctx(_h), CTX_GPREG_X1, (_x1)); \
SMC_RET1(_h, (_x0)); \
}
#define SMC_RET3(_h, _x0, _x1, _x2) { \
write_ctx_reg(get_gpregs_ctx(_h), CTX_GPREG_X2, (_x2)); \
SMC_RET2(_h, (_x0), (_x1)); \
}
#define SMC_RET4(_h, _x0, _x1, _x2, _x3) { \
write_ctx_reg(get_gpregs_ctx(_h), CTX_GPREG_X3, (_x3)); \
SMC_RET3(_h, (_x0), (_x1), (_x2)); \
}
/*
* Convenience macros to access general purpose registers using handle provided
* to SMC handler. These takes the offset values defined in context.h
*/
#define SMC_GET_GP(_h, _g) \
read_ctx_reg(get_gpregs_ctx(_h), (_g));
#define SMC_SET_GP(_h, _g, _v) \
write_ctx_reg(get_gpregs_ctx(_h), (_g), (_v));
/*
* Convenience macros to access EL3 context registers using handle provided to
* SMC handler. These takes the offset values defined in context.h
*/
#define SMC_GET_EL3(_h, _e) \
read_ctx_reg(get_el3state_ctx(_h), (_e));
#define SMC_SET_EL3(_h, _e, _v) \
write_ctx_reg(get_el3state_ctx(_h), (_e), (_v));
/* The macro below is used to identify a Standard Service SMC call */
#define is_std_svc_call(_fid) ((((_fid) >> FUNCID_OEN_SHIFT) & \
FUNCID_OEN_MASK) == OEN_STD_START)
/* The macro below is used to identify a valid Fast SMC call */
#define is_valid_fast_smc(_fid) ((!(((_fid) >> 16) & 0xff)) && \
(GET_SMC_TYPE(_fid) == SMC_TYPE_FAST))
/*
* Prototype for runtime service SMC handler function. x0 (SMC Function ID) to
* x4 are as passed by the caller. Rest of the arguments to SMC and the context
@ -247,28 +123,6 @@ CASSERT(RT_SVC_DESC_HANDLE == __builtin_offsetof(rt_svc_desc_t, handle), \
((call_type & FUNCID_TYPE_MASK) \
<< FUNCID_OEN_WIDTH))
/*
* Macro to define UUID for services. Apart from defining and initializing a
* uuid_t structure, this macro verifies that the first word of the defined UUID
* does not equal SMC_UNK. This is to ensure that the caller won't mistake the
* returned UUID in x0 for an invalid SMC error return
*/
#define DEFINE_SVC_UUID(_name, _tl, _tm, _th, _cl, _ch, \
_n0, _n1, _n2, _n3, _n4, _n5) \
CASSERT(_tl != SMC_UNK, invalid_svc_uuid);\
static const uuid_t _name = { \
_tl, _tm, _th, _cl, _ch, \
{ _n0, _n1, _n2, _n3, _n4, _n5 } \
}
/* Return a UUID in the SMC return registers */
#define SMC_UUID_RET(_h, _uuid) \
SMC_RET4(handle, ((const uint32_t *) &(_uuid))[0], \
((const uint32_t *) &(_uuid))[1], \
((const uint32_t *) &(_uuid))[2], \
((const uint32_t *) &(_uuid))[3])
/*******************************************************************************
* Function & variable prototypes
******************************************************************************/

82
include/common/bl_common.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@ -45,14 +45,6 @@
#define TOP 0x1
#define BOTTOM !TOP
/******************************************************************************
* Opcode passed in x0 to tell next EL that we want to run an image.
* Corresponds to the function ID of the only SMC that the BL1 exception
* handlers service. That's why the chosen value is the first function ID of
* the ARM SMC64 range.
*****************************************************************************/
#define RUN_IMAGE 0xC0000000
/*******************************************************************************
* Constants that allow assembler code to access members of and the
* 'entry_point_info' structure at their correct offsets.
@ -60,11 +52,41 @@
#define ENTRY_POINT_INFO_PC_OFFSET 0x08
#define ENTRY_POINT_INFO_ARGS_OFFSET 0x18
#define PARAM_EP_SECURITY_MASK 0x1
/* The following are used to set/get image attributes. */
#define EXECUTABLE (0x1)
#define NON_EXECUTABLE (0x0)
#define PARAM_EP_EXECUTE_MASK (0x1)
#define PARAM_EP_EXECUTE_SHIFT (0x1)
#define PARAM_EP_SECURITY_MASK (0x1)
#define PARAM_EP_SECURITY_SHIFT (0x0)
#define GET_SECURITY_STATE(x) (x & PARAM_EP_SECURITY_MASK)
#define SET_SECURITY_STATE(x, security) \
((x) = ((x) & ~PARAM_EP_SECURITY_MASK) | (security))
#define GET_EXEC_STATE(x) \
(((x) >> PARAM_EP_EXECUTE_SHIFT) & PARAM_EP_EXECUTE_MASK)
#define SET_EXEC_STATE(x) \
(((x) & PARAM_EP_EXECUTE_MASK) << PARAM_EP_EXECUTE_SHIFT)
#define GET_SEC_STATE(x) \
(((x) >> PARAM_EP_SECURITY_SHIFT) & PARAM_EP_SECURITY_MASK)
#define SET_SEC_STATE(x) \
(((x) & PARAM_EP_SECURITY_MASK) << PARAM_EP_SECURITY_SHIFT)
/*
* The following are used for image state attributes.
* Image can only be in one of the following state.
*/
#define IMAGE_STATE_RESET 0
#define IMAGE_STATE_COPIED 1
#define IMAGE_STATE_COPYING 2
#define IMAGE_STATE_AUTHENTICATED 3
#define IMAGE_STATE_EXECUTED 4
#define IMAGE_STATE_INTERRUPTED 5
#define EP_EE_MASK 0x2
#define EP_EE_LITTLE 0x0
#define EP_EE_BIG 0x2
@ -83,6 +105,8 @@
#define VERSION_1 0x01
#define INVALID_IMAGE_ID (0xFFFFFFFF)
#define SET_PARAM_HEAD(_p, _type, _ver, _attr) do { \
(_p)->h.type = (uint8_t)(_type); \
(_p)->h.version = (uint8_t)(_ver); \
@ -90,6 +114,26 @@
(_p)->h.attr = (uint32_t)(_attr) ; \
} while (0)
/*******************************************************************************
* Constants to indicate type of exception to the common exception handler.
******************************************************************************/
#define SYNC_EXCEPTION_SP_EL0 0x0
#define IRQ_SP_EL0 0x1
#define FIQ_SP_EL0 0x2
#define SERROR_SP_EL0 0x3
#define SYNC_EXCEPTION_SP_ELX 0x4
#define IRQ_SP_ELX 0x5
#define FIQ_SP_ELX 0x6
#define SERROR_SP_ELX 0x7
#define SYNC_EXCEPTION_AARCH64 0x8
#define IRQ_AARCH64 0x9
#define FIQ_AARCH64 0xa
#define SERROR_AARCH64 0xb
#define SYNC_EXCEPTION_AARCH32 0xc
#define IRQ_AARCH32 0xd
#define FIQ_AARCH32 0xe
#define SERROR_AARCH32 0xf
#ifndef __ASSEMBLY__
#include <cdefs.h> /* For __dead2 */
#include <cassert.h>
@ -106,6 +150,8 @@ extern unsigned long __RO_START__;
extern unsigned long __RO_END__;
#if IMAGE_BL2
extern unsigned long __BL2_END__;
#elif IMAGE_BL2U
extern unsigned long __BL2U_END__;
#elif IMAGE_BL31
extern unsigned long __BL31_END__;
#elif IMAGE_BL32
@ -177,8 +223,24 @@ typedef struct image_info {
param_header_t h;
uintptr_t image_base; /* physical address of base of image */
uint32_t image_size; /* bytes read from image file */
uint32_t copied_size; /* image size copied in blocks */
} image_info_t;
/*****************************************************************************
* The image descriptor struct definition.
*****************************************************************************/
typedef struct image_desc {
/* Contains unique image id for the image. */
unsigned int image_id;
image_info_t image_info;
entry_point_info_t ep_info;
/*
* This member contains Image state information.
* Refer IMAGE_STATE_XXX defined above.
*/
unsigned int state;
} image_desc_t;
/*******************************************************************************
* This structure represents the superset of information that can be passed to
* BL31 e.g. while passing control to it from BL2. The BL32 parameters will be

0
include/bl31/context.h → include/common/context.h
View File

48
include/bl31/context_mgmt.h → include/common/context_mgmt.h
View File

@ -31,9 +31,9 @@
#ifndef __CM_H__
#define __CM_H__
#include <arch.h>
#include <bl_common.h>
#include <common_def.h>
#include <cpu_data.h>
#include <stdint.h>
/*******************************************************************************
* Forward declarations
@ -46,7 +46,6 @@ struct entry_point_info;
void cm_init(void);
void *cm_get_context_by_mpidr(uint64_t mpidr,
uint32_t security_state) __warn_deprecated;
static inline void *cm_get_context(uint32_t security_state);
void cm_set_context_by_mpidr(uint64_t mpidr,
void *context,
uint32_t security_state) __warn_deprecated;
@ -55,7 +54,9 @@ void *cm_get_context_by_index(unsigned int cpu_idx,
void cm_set_context_by_index(unsigned int cpu_idx,
void *context,
unsigned int security_state);
static inline void cm_set_context(void *context, uint32_t security_state);
void *cm_get_context(uint32_t security_state);
void cm_set_context(void *context, uint32_t security_state);
inline void cm_set_next_context(void *context);
void cm_init_context(uint64_t mpidr,
const struct entry_point_info *ep) __warn_deprecated;
void cm_init_my_context(const struct entry_point_info *ep);
@ -76,27 +77,28 @@ uint32_t cm_get_scr_el3(uint32_t security_state);
/* Inline definitions */
/*******************************************************************************
* This function returns a pointer to the most recent 'cpu_context' structure
* for the calling CPU that was set as the context for the specified security
* state. NULL is returned if no such structure has been specified.
* This function is used to program the context that's used for exception
* return. This initializes the SP_EL3 to a pointer to a 'cpu_context' set for
* the required security state
******************************************************************************/
void *cm_get_context(uint32_t security_state)
inline void cm_set_next_context(void *context)
{
assert(security_state <= NON_SECURE);
#if DEBUG
uint64_t sp_mode;
return get_cpu_data(cpu_context[security_state]);
/*
* Check that this function is called with SP_EL0 as the stack
* pointer
*/
__asm__ volatile("mrs %0, SPSel\n"
: "=r" (sp_mode));
assert(sp_mode == MODE_SP_EL0);
#endif
__asm__ volatile("msr spsel, #1\n"
"mov sp, %0\n"
"msr spsel, #0\n"
: : "r" (context));
}
/*******************************************************************************
* This function sets the pointer to the current 'cpu_context' structure for the
* specified security state for the calling CPU
******************************************************************************/
void cm_set_context(void *context, uint32_t security_state)
{
assert(security_state <= NON_SECURE);
set_cpu_data(cpu_context[security_state], context);
}
#endif /* __CM_H__ */

2
include/common/el3_common_macros.S
View File

@ -247,13 +247,11 @@
#endif
.endif /* _init_c_runtime */
#if IMAGE_BL31
/* ---------------------------------------------------------------------
* Use SP_EL0 for the C runtime stack.
* ---------------------------------------------------------------------
*/
msr spsel, #0
#endif /* IMAGE_BL31 */
/* ---------------------------------------------------------------------
* Allocate a stack whose memory will be marked as Normal-IS-WBWA when

10
include/common/firmware_image_package.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2014, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@ -39,6 +39,14 @@
/* ToC Entry UUIDs */
#define UUID_TRUSTED_UPDATE_FIRMWARE_SCP_BL2U \
{0x03279265, 0x742f, 0x44e6, 0x8d, 0xff, {0x57, 0x9a, 0xc1, 0xff, 0x06, 0x10} }
#define UUID_TRUSTED_UPDATE_FIRMWARE_BL2U \
{0x37ebb360, 0xe5c1, 0x41ea, 0x9d, 0xf3, {0x19, 0xed, 0xa1, 0x1f, 0x68, 0x01} }
#define UUID_TRUSTED_UPDATE_FIRMWARE_NS_BL2U \
{0x111d514f, 0xe52b, 0x494e, 0xb4, 0xc5, {0x83, 0xc2, 0xf7, 0x15, 0x84, 0x0a} }
#define UUID_TRUSTED_FWU_CERT \
{0xb28a4071, 0xd618, 0x4c87, 0x8b, 0x2e, {0xc6, 0xdc, 0xcd, 0x50, 0xf0, 0x96} }
#define UUID_TRUSTED_BOOT_FIRMWARE_BL2 \
{0x0becf95f, 0x224d, 0x4d3e, 0xa5, 0x44, {0xc3, 0x9d, 0x81, 0xc7, 0x3f, 0x0a} }
#define UUID_SCP_FIRMWARE_BL30 \

165
include/common/smcc_helpers.h Normal file
View File

@ -0,0 +1,165 @@
/*
* Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of ARM nor the names of its contributors may be used
* to endorse or promote products derived from this software without specific
* prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef __SMCC_HELPERS_H__
#define __SMCC_HELPERS_H__
/*******************************************************************************
* Bit definitions inside the function id as per the SMC calling convention
******************************************************************************/
#define FUNCID_TYPE_SHIFT 31
#define FUNCID_CC_SHIFT 30
#define FUNCID_OEN_SHIFT 24
#define FUNCID_NUM_SHIFT 0
#define FUNCID_TYPE_MASK 0x1
#define FUNCID_CC_MASK 0x1
#define FUNCID_OEN_MASK 0x3f
#define FUNCID_NUM_MASK 0xffff
#define FUNCID_TYPE_WIDTH 1
#define FUNCID_CC_WIDTH 1
#define FUNCID_OEN_WIDTH 6
#define FUNCID_NUM_WIDTH 16
#define GET_SMC_CC(id) ((id >> FUNCID_CC_SHIFT) & \
FUNCID_CC_MASK)
#define GET_SMC_TYPE(id) ((id >> FUNCID_TYPE_SHIFT) & \
FUNCID_TYPE_MASK)
#define SMC_64 1
#define SMC_32 0
#define SMC_UNK 0xffffffff
#define SMC_TYPE_FAST 1
#define SMC_TYPE_STD 0
#define SMC_PREEMPTED 0xfffffffe
/*******************************************************************************
* Owning entity number definitions inside the function id as per the SMC
* calling convention
******************************************************************************/
#define OEN_ARM_START 0
#define OEN_ARM_END 0
#define OEN_CPU_START 1
#define OEN_CPU_END 1
#define OEN_SIP_START 2
#define OEN_SIP_END 2
#define OEN_OEM_START 3
#define OEN_OEM_END 3
#define OEN_STD_START 4 /* Standard Calls */
#define OEN_STD_END 4
#define OEN_TAP_START 48 /* Trusted Applications */
#define OEN_TAP_END 49
#define OEN_TOS_START 50 /* Trusted OS */
#define OEN_TOS_END 63
#define OEN_LIMIT 64
#ifndef __ASSEMBLY__
#include <cassert.h>
#include <context.h>
#include <stdint.h>
/* Various flags passed to SMC handlers */
#define SMC_FROM_SECURE (0 << 0)
#define SMC_FROM_NON_SECURE (1 << 0)
#define is_caller_non_secure(_f) (!!(_f & SMC_FROM_NON_SECURE))
#define is_caller_secure(_f) (!(is_caller_non_secure(_f)))
/* Convenience macros to return from SMC handler */
#define SMC_RET0(_h) { \
return (uint64_t) (_h); \
}
#define SMC_RET1(_h, _x0) { \
write_ctx_reg(get_gpregs_ctx(_h), CTX_GPREG_X0, (_x0)); \
SMC_RET0(_h); \
}
#define SMC_RET2(_h, _x0, _x1) { \
write_ctx_reg(get_gpregs_ctx(_h), CTX_GPREG_X1, (_x1)); \
SMC_RET1(_h, (_x0)); \
}
#define SMC_RET3(_h, _x0, _x1, _x2) { \
write_ctx_reg(get_gpregs_ctx(_h), CTX_GPREG_X2, (_x2)); \
SMC_RET2(_h, (_x0), (_x1)); \
}
#define SMC_RET4(_h, _x0, _x1, _x2, _x3) { \
write_ctx_reg(get_gpregs_ctx(_h), CTX_GPREG_X3, (_x3)); \
SMC_RET3(_h, (_x0), (_x1), (_x2)); \
}
/*
* Convenience macros to access general purpose registers using handle provided
* to SMC handler. These takes the offset values defined in context.h
*/
#define SMC_GET_GP(_h, _g) \
read_ctx_reg(get_gpregs_ctx(_h), (_g));
#define SMC_SET_GP(_h, _g, _v) \
write_ctx_reg(get_gpregs_ctx(_h), (_g), (_v));
/*
* Convenience macros to access EL3 context registers using handle provided to
* SMC handler. These takes the offset values defined in context.h
*/
#define SMC_GET_EL3(_h, _e) \
read_ctx_reg(get_el3state_ctx(_h), (_e));
#define SMC_SET_EL3(_h, _e, _v) \
write_ctx_reg(get_el3state_ctx(_h), (_e), (_v));
/* The macro below is used to identify a Standard Service SMC call */
#define is_std_svc_call(_fid) ((((_fid) >> FUNCID_OEN_SHIFT) & \
FUNCID_OEN_MASK) == OEN_STD_START)
/* The macro below is used to identify a valid Fast SMC call */
#define is_valid_fast_smc(_fid) ((!(((_fid) >> 16) & 0xff)) && \
(GET_SMC_TYPE(_fid) == SMC_TYPE_FAST))
/*
* Macro to define UUID for services. Apart from defining and initializing a
* uuid_t structure, this macro verifies that the first word of the defined UUID
* does not equal SMC_UNK. This is to ensure that the caller won't mistake the
* returned UUID in x0 for an invalid SMC error return
*/
#define DEFINE_SVC_UUID(_name, _tl, _tm, _th, _cl, _ch, \
_n0, _n1, _n2, _n3, _n4, _n5) \
CASSERT(_tl != SMC_UNK, invalid_svc_uuid);\
static const uuid_t _name = { \
_tl, _tm, _th, _cl, _ch, \
{ _n0, _n1, _n2, _n3, _n4, _n5 } \
}
/* Return a UUID in the SMC return registers */
#define SMC_UUID_RET(_h, _uuid) \
SMC_RET4(handle, ((const uint32_t *) &(_uuid))[0], \
((const uint32_t *) &(_uuid))[1], \
((const uint32_t *) &(_uuid))[2], \
((const uint32_t *) &(_uuid))[3])
#endif /*__ASSEMBLY__*/
#endif /* __SMCC_HELPERS_H__ */

15
include/common/tbbr/tbbr_img_def.h
View File

@ -63,4 +63,19 @@
#define BL32_CERT_ID 14
#define BL33_CERT_ID 15
/* Non-Trusted ROM Firmware NS_BL1U */
#define NS_BL1U_IMAGE_ID 16
/* Trusted FWU Certificate */
#define FWU_CERT_ID 17
/* Trusted FWU SCP Firmware SCP_BL2U */
#define SCP_BL2U_IMAGE_ID 18
/* Trusted FWU Boot Firmware BL2U */
#define BL2U_IMAGE_ID 19
/* Non-Trusted FWU Firmware NS_BL2U */
#define NS_BL2U_IMAGE_ID 20
#endif /* __TBBR_IMG_DEF_H__ */

41
include/plat/arm/board/common/board_arm_def.h
View File

@ -53,6 +53,8 @@
# else
# define PLATFORM_STACK_SIZE 0x400
# endif
#elif IMAGE_BL2U
# define PLATFORM_STACK_SIZE 0x200
#elif IMAGE_BL31
# define PLATFORM_STACK_SIZE 0x400
#elif IMAGE_BL32
@ -65,10 +67,18 @@
*/
#if IMAGE_BL1
# if PLAT_fvp
# define PLAT_ARM_MMAP_ENTRIES 7
# if TRUSTED_BOARD_BOOT
# define PLAT_ARM_MMAP_ENTRIES 8
# else
# define PLAT_ARM_MMAP_ENTRIES 7
# endif /* TRUSTED_BOARD_BOOT */
# else
# define PLAT_ARM_MMAP_ENTRIES 6
# endif
# if TRUSTED_BOARD_BOOT
# define PLAT_ARM_MMAP_ENTRIES 7
# else
# define PLAT_ARM_MMAP_ENTRIES 6
# endif /* TRUSTED_BOARD_BOOT */
# endif /* PLAT_ */
#endif
#if IMAGE_BL2
# if PLAT_fvp
@ -77,6 +87,13 @@
# define PLAT_ARM_MMAP_ENTRIES 8
# endif
#endif
#if IMAGE_BL2U
# if PLAT_fvp
# define PLAT_ARM_MMAP_ENTRIES 3
# else
# define PLAT_ARM_MMAP_ENTRIES 4
#endif
#endif
#if IMAGE_BL31
#define PLAT_ARM_MMAP_ENTRIES 5
#endif
@ -88,17 +105,27 @@
* Platform specific page table and MMU setup constants
*/
#if IMAGE_BL1
# if PLAT_juno
# define MAX_XLAT_TABLES 2
# if TRUSTED_BOARD_BOOT
# define MAX_XLAT_TABLES 4
# else
# define MAX_XLAT_TABLES 3
# endif /* PLAT_ */
# if PLAT_juno
# define MAX_XLAT_TABLES 2
# else
# define MAX_XLAT_TABLES 3
# endif /* PLAT_ */
# endif /* TRUSTED_BOARD_BOOT */
#elif IMAGE_BL2
# if PLAT_juno
# define MAX_XLAT_TABLES 3
# else
# define MAX_XLAT_TABLES 4
# endif /* PLAT_ */
#elif IMAGE_BL2U
# if PLAT_juno
# define MAX_XLAT_TABLES 3
# else
# define MAX_XLAT_TABLES 4
# endif /* PLAT_ */
#elif IMAGE_BL31
# define MAX_XLAT_TABLES 2
#elif IMAGE_BL32

8
include/plat/arm/common/arm_def.h
View File

@ -310,6 +310,14 @@
# error "Unsupported ARM_TSP_RAM_LOCATION_ID value"
#endif
/*******************************************************************************
* FWU Images: NS_BL1U, BL2U & NS_BL2U defines.
******************************************************************************/
#define BL2U_BASE BL2_BASE
#define BL2U_LIMIT BL31_BASE
#define NS_BL2U_BASE ARM_NS_DRAM1_BASE
#define NS_BL1U_BASE (V2M_FLASH0_BASE + 0x03EB8000)
/*
* ID of the secure physical generic timer interrupt used by the TSP.
*/

8
include/plat/arm/common/plat_arm.h
View File

@ -165,6 +165,12 @@ void arm_bl2_plat_arch_setup(void);
uint32_t arm_get_spsr_for_bl32_entry(void);
uint32_t arm_get_spsr_for_bl33_entry(void);
/* BL2U utility functions */
void arm_bl2u_early_platform_setup(struct meminfo *mem_layout,
void *plat_info);
void arm_bl2u_platform_setup(void);
void arm_bl2u_plat_arch_setup(void);
/* BL3-1 utility functions */
void arm_bl31_early_platform_setup(bl31_params_t *from_bl2,
void *plat_params_from_bl2);
@ -174,6 +180,8 @@ void arm_bl31_plat_arch_setup(void);
/* TSP utility functions */
void arm_tsp_early_platform_setup(void);
/* FIP TOC validity check */
int arm_io_is_toc_valid(void);
/*
* Mandatory functions required in ARM standard platforms

6
include/plat/arm/css/common/css_def.h
View File

@ -50,6 +50,10 @@
#define NSRAM_BASE 0x2e000000
#define NSRAM_SIZE 0x00008000
/* System Security Control Registers */
#define SSC_REG_BASE 0x2a420000
#define SSC_GPRETN (SSC_REG_BASE + 0x030)
/* The slave_bootsecure controls access to GPU, DMC and CS. */
#define CSS_NIC400_SLAVE_BOOTSECURE 8
@ -112,6 +116,8 @@
*/
#define BL30_BASE BL31_BASE
#define SCP_BL2U_BASE BL31_BASE
#define PLAT_ARM_SHARED_RAM_CACHED MHU_PAYLOAD_CACHED
/* Load address of Non-Secure Image for CSS platform ports */

12
include/plat/common/common_def.h
View File

@ -30,6 +30,9 @@
#ifndef __COMMON_DEF_H__
#define __COMMON_DEF_H__
#include <bl_common.h>
#include <platform_def.h>
/******************************************************************************
* Required platform porting definitions that are expected to be common to
* all platforms
@ -74,5 +77,14 @@
*/
#define __warn_deprecated __attribute__ ((deprecated))
#define BL2_IMAGE_DESC { \
.image_id = BL2_IMAGE_ID, \
.image_info.h.version = VERSION_1, \
.image_info.h.attr = SET_EXEC_STATE(EXECUTABLE),\
.image_info.image_base = BL2_BASE, \
.ep_info.h.attr = SET_SEC_STATE(SECURE), \
.ep_info.pc = BL2_BASE \
}
#endif /* __COMMON_DEF_H__ */

45
include/plat/common/platform.h
View File

@ -43,6 +43,7 @@ struct meminfo;
struct image_info;
struct entry_point_info;
struct bl31_params;
struct image_desc;
/*******************************************************************************
* plat_get_rotpk_info() flags
@ -92,11 +93,11 @@ void bl1_platform_setup(void);
struct meminfo *bl1_plat_sec_mem_layout(void);
/*
* This function allows the platform to change the entrypoint information for
* BL2, after BL1 has loaded BL2 into memory but before BL2 is executed.
* The following function is mandatory when the
* firmware update feature is used.
*/
void bl1_plat_set_bl2_ep_info(struct image_info *image,
struct entry_point_info *ep);
int bl1_plat_mem_check(uintptr_t mem_base, unsigned int mem_size,
unsigned int flags);
/*******************************************************************************
* Optional BL1 functions (may be overridden)
@ -104,6 +105,25 @@ void bl1_plat_set_bl2_ep_info(struct image_info *image,
void bl1_init_bl2_mem_layout(const struct meminfo *bl1_mem_layout,
struct meminfo *bl2_mem_layout);
/*
* The following functions are used for image loading process in BL1.
*/
void bl1_plat_set_ep_info(unsigned int image_id,
struct entry_point_info *ep_info);
/*
* The following functions are mandatory when firmware update
* feature is used and optional otherwise.
*/
unsigned int bl1_plat_get_next_image_id(void);
struct image_desc *bl1_plat_get_image_desc(unsigned int image_id);
/*
* The following functions are used by firmware update
* feature and may optionally be overridden.
*/
__dead2 void bl1_plat_fwu_done(void *cookie, void *reserved);
/*******************************************************************************
* Mandatory BL2 functions
******************************************************************************/
@ -172,6 +192,23 @@ void bl2_plat_get_bl32_meminfo(struct meminfo *mem_info);
* Optional BL2 functions (may be overridden)
******************************************************************************/
/*******************************************************************************
* Mandatory BL2U functions.
******************************************************************************/
void bl2u_early_platform_setup(struct meminfo *mem_layout,
void *plat_info);
void bl2u_plat_arch_setup(void);
void bl2u_platform_setup(void);
/*******************************************************************************
* Conditionally mandatory BL2U functions for CSS platforms.
******************************************************************************/
/*
* This function is used to perform any platform-specific actions required to
* handle the BL2U_SCP firmware.
*/
int bl2u_plat_handle_scp_bl2u(void);
/*******************************************************************************
* Mandatory BL3-1 functions
******************************************************************************/

70
make_helpers/build_macros.mk
View File

@ -28,6 +28,22 @@
# POSSIBILITY OF SUCH DAMAGE.
#
# This table is used in converting lower case to upper case.
uppercase_table:=a,A b,B c,C d,D e,E f,F g,G h,H i,I j,J k,K l,L m,M n,N o,O p,P q,Q r,R s,S t,T u,U v,V w,W x,X y,Y z,Z
# Internal macro used for converting lower case to upper case.
# $(1) = upper case table
# $(2) = String to convert
define uppercase_internal
$(if $(1),$$(subst $(firstword $(1)),$(call uppercase_internal,$(wordlist 2,$(words $(1)),$(1)),$(2))),$(2))
endef
# A macro for converting a string to upper case
# $(1) = String to convert
define uppercase
$(eval uppercase_result:=$(call uppercase_internal,$(uppercase_table),$(1)))$(uppercase_result)
endef
# Convenience function for adding build definitions
# $(eval $(call add_define,FOO)) will have:
# -DFOO if $(FOO) is empty; -DFOO=$(FOO) otherwise
@ -82,7 +98,7 @@ define FIP_ADD_PAYLOAD
$(eval $(if $(3),FIP_DEPS += $(3)))
endef
# CERT_ADD_CMD_OPT adds a new command line option to the cert_create invokation
# CERT_ADD_CMD_OPT adds a new command line option to the cert_create invocation
# $(1) = parameter filename
# $(2) = cert_create command line option for the specified parameter
# $(3) = input parameter (false if empty)
@ -107,6 +123,38 @@ check_$(1):
$$(if $(value $(1)),,$$(error "Platform '${PLAT}' requires $(1). Please set $(1) to point to the right file"))
endef
# FWU_FIP_ADD_PAYLOAD appends the command line arguments required by the FIP tool
# to package a new FWU payload. Optionally, it adds the dependency on this payload
# $(1) = payload filename (e.g. ns_bl2u.bin)
# $(2) = command line option for the specified payload (e.g. --ns_bl2u)
# $(3) = fip target dependency (optional) (e.g. ns_bl2u)
define FWU_FIP_ADD_PAYLOAD
$(eval $(if $(3),FWU_FIP_DEPS += $(3)))
$(eval FWU_FIP_ARGS += $(2) $(1))
endef
# FWU_CERT_ADD_CMD_OPT adds a new command line option to the cert_create invocation
# $(1) = parameter filename
# $(2) = cert_create command line option for the specified parameter
# $(3) = input parameter (false if empty)
define FWU_CERT_ADD_CMD_OPT
$(eval $(if $(3),FWU_CRT_DEPS += $(1)))
$(eval FWU_CRT_ARGS += $(2) $(1))
endef
# FWU_FIP_ADD_IMG allows the platform to pack a binary image in the FWU FIP
# $(1) build option to specify the image filename (BL2U, NS_BL2U, etc)
# $(2) command line option for the fip_create tool (bl2u, ns_bl2u, etc)
# Example:
# $(eval $(call FWU_FIP_ADD_IMG,BL2U,--bl2u))
define FWU_FIP_ADD_IMG
FWU_CRT_DEPS += check_$(1)
FWU_FIP_DEPS += check_$(1)
$(call FWU_FIP_ADD_PAYLOAD,$(value $(1)),$(2))
check_$(1):
$$(if $(value $(1)),,$$(error "Platform '${PLAT}' requires $(1). Please set $(1) to point to the right file"))
endef
################################################################################
# Auxiliary macros to build TF images from sources
@ -123,7 +171,7 @@ $(strip $(foreach goal,$(1),$(filter $(goal),$(MAKECMDGOALS))))
endef
# List of rules that involve building things
BUILD_TARGETS := all bl1 bl2 bl31 bl32 certificates fip
BUILD_TARGETS := all bl1 bl2 bl2u bl31 bl32 certificates fip
# Does the list of goals specified on the command line include a build target?
ifneq ($(call match_goals,${BUILD_TARGETS}),)
@ -134,15 +182,16 @@ endif
# MAKE_C builds a C source file and generates the dependency file
# $(1) = output directory
# $(2) = source file (%.c)
# $(3) = BL stage (2, 30, 31, 32, 33)
# $(3) = BL stage (2, 2u, 30, 31, 32, 33)
define MAKE_C
$(eval OBJ := $(1)/$(patsubst %.c,%.o,$(notdir $(2))))
$(eval PREREQUISITES := $(patsubst %.o,%.d,$(OBJ)))
$(eval IMAGE := IMAGE_BL$(call uppercase,$(3)))
$(OBJ): $(2)
@echo " CC $$<"
$$(Q)$$(CC) $$(CFLAGS) -DIMAGE_BL$(3) -c $$< -o $$@
$$(Q)$$(CC) $$(CFLAGS) -D$(IMAGE) -c $$< -o $$@
$(PREREQUISITES): $(2)
@ -160,15 +209,16 @@ endef
# MAKE_S builds an assembly source file and generates the dependency file
# $(1) = output directory
# $(2) = assembly file (%.S)
# $(3) = BL stage (2, 30, 31, 32, 33)
# $(3) = BL stage (2, 2u, 30, 31, 32, 33)
define MAKE_S
$(eval OBJ := $(1)/$(patsubst %.S,%.o,$(notdir $(2))))
$(eval PREREQUISITES := $(patsubst %.o,%.d,$(OBJ)))
$(eval IMAGE := IMAGE_BL$(call uppercase,$(3)))
$(OBJ): $(2)
@echo " AS $$<"
$$(Q)$$(AS) $$(ASFLAGS) -DIMAGE_BL$(3) -c $$< -o $$@
$$(Q)$$(AS) $$(ASFLAGS) -D$(IMAGE) -c $$< -o $$@
$(PREREQUISITES): $(2)
@echo " DEPS $$@"
@ -243,20 +293,22 @@ endef
# MAKE_BL macro defines the targets and options to build each BL image.
# Arguments:
# $(1) = BL stage (2, 30, 31, 32, 33)
# $(1) = BL stage (2, 2u, 30, 31, 32, 33)
# $(2) = In FIP (false if empty)
define MAKE_BL
$(eval BUILD_DIR := ${BUILD_PLAT}/bl$(1))
$(eval SOURCES := $(BL$(1)_SOURCES) $(BL_COMMON_SOURCES) $(PLAT_BL_COMMON_SOURCES))
$(eval BL_SOURCES := $(BL$(call uppercase,$(1))_SOURCES))
$(eval SOURCES := $(BL_SOURCES) $(BL_COMMON_SOURCES) $(PLAT_BL_COMMON_SOURCES))
$(eval OBJS := $(addprefix $(BUILD_DIR)/,$(call SOURCES_TO_OBJS,$(SOURCES))))
$(eval LINKERFILE := $(call IMG_LINKERFILE,$(1)))
$(eval MAPFILE := $(call IMG_MAPFILE,$(1)))
$(eval ELF := $(call IMG_ELF,$(1)))
$(eval DUMP := $(call IMG_DUMP,$(1)))
$(eval BIN := $(call IMG_BIN,$(1)))
$(eval BL_LINKERFILE := $(BL$(call uppercase,$(1))_LINKERFILE))
$(eval $(call MAKE_OBJS,$(BUILD_DIR),$(SOURCES),$(1)))
$(eval $(call MAKE_LD,$(LINKERFILE),$(BL$(1)_LINKERFILE)))
$(eval $(call MAKE_LD,$(LINKERFILE),$(BL_LINKERFILE)))
$(BUILD_DIR):
$$(Q)mkdir -p "$$@"

20
make_helpers/tbbr/tbbr_tools.mk
View File

@ -56,16 +56,22 @@
# Certificate generation tool default parameters
TRUSTED_KEY_CERT := ${BUILD_PLAT}/trusted_key.crt
FWU_CERT := ${BUILD_PLAT}/fwu_cert.crt
# Add Trusted Key certificate to the fip_create and cert_create command line options
$(eval $(call FIP_ADD_PAYLOAD,${TRUSTED_KEY_CERT},--trusted-key-cert))
$(eval $(call CERT_ADD_CMD_OPT,${TRUSTED_KEY_CERT},--trusted-key-cert))
# Add fwu certificate to the fip_create and cert_create command line options
$(eval $(call FWU_FIP_ADD_PAYLOAD,${FWU_CERT},--fwu-cert))
$(eval $(call FWU_CERT_ADD_CMD_OPT,${FWU_CERT},--fwu-cert))
# Add the keys to the cert_create command line options (private keys are NOT
# packed in the FIP). Developers can use their own keys by specifying the proper
# build option in the command line when building the Trusted Firmware
$(if ${KEY_ALG},$(eval $(call CERT_ADD_CMD_OPT,${KEY_ALG},--key-alg)))
$(if ${ROT_KEY},$(eval $(call CERT_ADD_CMD_OPT,${ROT_KEY},--rot-key)))
$(if ${ROT_KEY},$(eval $(call FWU_CERT_ADD_CMD_OPT,${ROT_KEY},--rot-key)))
$(if ${TRUSTED_WORLD_KEY},$(eval $(call CERT_ADD_CMD_OPT,${TRUSTED_WORLD_KEY},--trusted-world-key)))
$(if ${NON_TRUSTED_WORLD_KEY},$(eval $(call CERT_ADD_CMD_OPT,${NON_TRUSTED_WORLD_KEY},--non-trusted-world-key)))
@ -114,3 +120,17 @@ ifneq (${BL33},)
$(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/bl33.crt,--bl33-cert))
$(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/bl33_key.crt,--bl33-key-cert))
endif
# Add the BL2U image
$(if ${BL2U},$(eval $(call FWU_CERT_ADD_CMD_OPT,${BL2U},--bl2u,true)),\
$(eval $(call FWU_CERT_ADD_CMD_OPT,$(call IMG_BIN,2u),--bl2u,true)))
# Add the SCP_BL2U image
ifneq (${SCP_BL2U},)
$(eval $(call FWU_CERT_ADD_CMD_OPT,${SCP_BL2U},--scp_bl2u,true))
endif
# Add the NS_BL2U image
ifneq (${NS_BL2U},)
$(eval $(call FWU_CERT_ADD_CMD_OPT,${NS_BL2U},--ns_bl2u,true))
endif

11
plat/arm/board/common/board_css_common.c
View File

@ -42,6 +42,9 @@ const mmap_region_t plat_arm_mmap[] = {
V2M_MAP_IOFPGA,
CSS_MAP_DEVICE,
SOC_CSS_MAP_DEVICE,
#if TRUSTED_BOARD_BOOT
ARM_MAP_NS_DRAM1,
#endif
{0}
};
#endif
@ -57,6 +60,14 @@ const mmap_region_t plat_arm_mmap[] = {
{0}
};
#endif
#if IMAGE_BL2U
const mmap_region_t plat_arm_mmap[] = {
ARM_MAP_SHARED_RAM,
CSS_MAP_DEVICE,
SOC_CSS_MAP_DEVICE,
{0}
};
#endif
#if IMAGE_BL31
const mmap_region_t plat_arm_mmap[] = {
ARM_MAP_SHARED_RAM,

10
plat/arm/board/fvp/aarch64/fvp_common.c
View File

@ -82,6 +82,9 @@ const mmap_region_t plat_arm_mmap[] = {
MAP_DEVICE0,
MAP_DEVICE1,
MAP_DEVICE2,
#if TRUSTED_BOARD_BOOT
ARM_MAP_NS_DRAM1,
#endif
{0}
};
#endif
@ -98,6 +101,13 @@ const mmap_region_t plat_arm_mmap[] = {
{0}
};
#endif
#if IMAGE_BL2U
const mmap_region_t plat_arm_mmap[] = {
MAP_DEVICE0,
V2M_MAP_IOFPGA,
{0}
};
#endif
#if IMAGE_BL31
const mmap_region_t plat_arm_mmap[] = {
ARM_MAP_SHARED_RAM,

14
plat/arm/board/fvp/fvp_bl1_setup.c
View File

@ -29,6 +29,7 @@
*/
#include <plat_arm.h>
#include <tbbr_img_def.h>
#include "fvp_private.h"
@ -52,3 +53,16 @@ void bl1_early_platform_setup(void)
*/
fvp_cci_enable();
}
/*******************************************************************************
* The following function checks if Firmware update is needed,
* by checking if TOC in FIP image is valid or not.
******************************************************************************/
unsigned int bl1_plat_get_next_image_id(void)
{
if (!arm_io_is_toc_valid())
return NS_BL1U_IMAGE_ID;
return BL2_IMAGE_ID;
}

41
plat/arm/board/fvp/fvp_bl2u_setup.c Normal file
View File

@ -0,0 +1,41 @@
/*
* Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of ARM nor the names of its contributors may be used
* to endorse or promote products derived from this software without specific
* prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <plat_arm.h>
#include "fvp_def.h"
#include "fvp_private.h"
void bl2u_early_platform_setup(meminfo_t *mem_layout, void *plat_info)
{
arm_bl2u_early_platform_setup(mem_layout, plat_info);
/* Initialize the platform config for future decision making */
fvp_config_setup();
}

3
plat/arm/board/fvp/platform.mk
View File

@ -83,6 +83,9 @@ BL2_SOURCES += drivers/arm/sp804/sp804_delay_timer.c \
plat/arm/board/fvp/fvp_io_storage.c \
plat/arm/board/fvp/fvp_security.c
BL2U_SOURCES += plat/arm/board/fvp/fvp_bl2u_setup.c \
plat/arm/board/fvp/fvp_security.c
BL31_SOURCES += lib/cpus/aarch64/aem_generic.S \
lib/cpus/aarch64/cortex_a53.S \
lib/cpus/aarch64/cortex_a57.S \

87
plat/arm/board/juno/juno_bl1_setup.c Normal file
View File

@ -0,0 +1,87 @@
/*
* Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of ARM nor the names of its contributors may be used
* to endorse or promote products derived from this software without specific
* prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <bl_common.h>
#include <errno.h>
#include <platform.h>
#include <plat_arm.h>
#include <tbbr_img_def.h>
#include <v2m_def.h>
#define RESET_REASON_WDOG_RESET (0x2)
/*******************************************************************************
* The following function checks if Firmware update is needed,
* by checking if TOC in FIP image is valid or watchdog reset happened.
******************************************************************************/
unsigned int bl1_plat_get_next_image_id(void)
{
unsigned int *reset_flags_ptr = (unsigned int *)SSC_GPRETN;
unsigned int *nv_flags_ptr = (unsigned int *)
(V2M_SYSREGS_BASE + V2M_SYS_NVFLAGS);
/*
* Check if TOC is invalid or watchdog reset happened.
*/
if ((arm_io_is_toc_valid() != 1) ||
((*reset_flags_ptr & RESET_REASON_WDOG_RESET) &&
((*nv_flags_ptr == -EAUTH) || (*nv_flags_ptr == -ENOENT))))
return NS_BL1U_IMAGE_ID;
return BL2_IMAGE_ID;
}
/*******************************************************************************
* On JUNO update the arg2 with address of SCP_BL2U image info.
******************************************************************************/
void bl1_plat_set_ep_info(unsigned int image_id,
entry_point_info_t *ep_info)
{
if (image_id == BL2U_IMAGE_ID) {
image_desc_t *image_desc = bl1_plat_get_image_desc(SCP_BL2U_IMAGE_ID);
ep_info->args.arg2 = (unsigned long)&image_desc->image_info;
}
}
/*******************************************************************************
* On Juno clear SYS_NVFLAGS and wait for watchdog reset.
******************************************************************************/
__dead2 void bl1_plat_fwu_done(void *cookie, void *rsvd_ptr)
{
unsigned int *nv_flags_clr = (unsigned int *)
(V2M_SYSREGS_BASE + V2M_SYS_NVFLAGSCLR);
unsigned int *nv_flags_ptr = (unsigned int *)
(V2M_SYSREGS_BASE + V2M_SYS_NVFLAGS);
/* Clear the NV flags register. */
*nv_flags_clr = *nv_flags_ptr;
while (1)
wfi();
}

3
plat/arm/board/juno/platform.mk
View File

@ -41,11 +41,14 @@ PLAT_BL_COMMON_SOURCES := plat/arm/board/juno/aarch64/juno_helpers.S
BL1_SOURCES += lib/cpus/aarch64/cortex_a53.S \
lib/cpus/aarch64/cortex_a57.S \
lib/cpus/aarch64/cortex_a72.S \
plat/arm/board/juno/juno_bl1_setup.c \
plat/arm/board/juno/juno_err.c
BL2_SOURCES += plat/arm/board/juno/juno_security.c \
plat/arm/board/juno/juno_err.c
BL2U_SOURCES += plat/arm/board/juno/juno_security.c
BL31_SOURCES += lib/cpus/aarch64/cortex_a53.S \
lib/cpus/aarch64/cortex_a57.S \
lib/cpus/aarch64/cortex_a72.S \

114
plat/arm/common/arm_bl1_fwu.c Normal file
View File

@ -0,0 +1,114 @@
/*
* Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of ARM nor the names of its contributors may be used
* to endorse or promote products derived from this software without specific
* prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <assert.h>
#include <bl_common.h>
#include <debug.h>
#include <errno.h>
#include <plat_arm.h>
#include <tbbr_img_desc.h>
/* Struct to keep track of usable memory */
typedef struct bl1_mem_info{
uintptr_t mem_base;
unsigned int mem_size;
} bl1_mem_info_t;
bl1_mem_info_t fwu_addr_map_secure[] = {
{
.mem_base = ARM_SHARED_RAM_BASE,
.mem_size = ARM_SHARED_RAM_SIZE
},
{
.mem_size = 0
}
};
bl1_mem_info_t fwu_addr_map_non_secure[] = {
{
.mem_base = ARM_NS_DRAM1_BASE,
.mem_size = ARM_NS_DRAM1_SIZE
},
{
.mem_base = V2M_FLASH0_BASE,
.mem_size = V2M_FLASH0_SIZE
},
{
.mem_size = 0
}
};
int bl1_plat_mem_check(uintptr_t mem_base,
unsigned int mem_size,
unsigned int flags)
{
unsigned int index = 0;
bl1_mem_info_t *mmap;
assert(mem_base);
assert(mem_size);
/*
* Check the given image source and size.
*/
if (GET_SEC_STATE(flags) == SECURE)
mmap = fwu_addr_map_secure;
else
mmap = fwu_addr_map_non_secure;
while (mmap[index].mem_size) {
if ((mem_base >= mmap[index].mem_base) &&
((mem_base + mem_size)
<= (mmap[index].mem_base +
mmap[index].mem_size)))
return 0;
index++;
}
return -ENOMEM;
}
/*******************************************************************************
* This function does linear search for image_id and returns image_desc.
******************************************************************************/
image_desc_t *bl1_plat_get_image_desc(unsigned int image_id)
{
unsigned int index = 0;
while (bl1_tbbr_image_descs[index].image_id != INVALID_IMAGE_ID) {
if (bl1_tbbr_image_descs[index].image_id == image_id)
return &bl1_tbbr_image_descs[index];
index++;
}
return NULL;
}

14
plat/arm/common/arm_bl1_setup.c
View File

@ -57,7 +57,6 @@
#pragma weak bl1_plat_arch_setup
#pragma weak bl1_platform_setup
#pragma weak bl1_plat_sec_mem_layout
#pragma weak bl1_plat_set_bl2_ep_info
/* Data structure which holds the extents of the trusted SRAM for BL1*/
@ -169,16 +168,3 @@ void bl1_plat_prepare_exit(entry_point_info_t *ep_info)
sev();
#endif
}
/*******************************************************************************
* Before calling this function BL2 is loaded in memory and its entrypoint
* is set by load_image. This is a placeholder for the platform to change
* the entrypoint of BL2 and set SPSR and security state.
* On ARM standard platforms we only set the security state of the entrypoint
******************************************************************************/
void bl1_plat_set_bl2_ep_info(image_info_t *bl2_image,
entry_point_info_t *bl2_ep)
{
SET_SECURITY_STATE(bl2_ep->h.attr, SECURE);
bl2_ep->spsr = SPSR_64(MODE_EL1, MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS);
}

120
plat/arm/common/arm_bl2u_setup.c Normal file
View File

@ -0,0 +1,120 @@
/*
* Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of ARM nor the names of its contributors may be used
* to endorse or promote products derived from this software without specific
* prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <arch_helpers.h>
#include <arm_def.h>
#include <bl_common.h>
#include <console.h>
#include <platform_def.h>
#include <plat_arm.h>
#include <string.h>
/*
* The next 2 constants identify the extents of the code & RO data region.
* These addresses are used by the MMU setup code and therefore they must be
* page-aligned. It is the responsibility of the linker script to ensure that
* __RO_START__ and __RO_END__ linker symbols refer to page-aligned addresses.
*/
#define BL2U_RO_BASE (unsigned long)(&__RO_START__)
#define BL2U_RO_LIMIT (unsigned long)(&__RO_END__)
#if USE_COHERENT_MEM
/*
* The next 2 constants identify the extents of the coherent memory region.
* These addresses are used by the MMU setup code and therefore they must be
* page-aligned. It is the responsibility of the linker script to ensure that
* __COHERENT_RAM_START__ and __COHERENT_RAM_END__ linker symbols refer to
* page-aligned addresses.
*/
#define BL2U_COHERENT_RAM_BASE (unsigned long)(&__COHERENT_RAM_START__)
#define BL2U_COHERENT_RAM_LIMIT (unsigned long)(&__COHERENT_RAM_END__)
#endif
/* Weak definitions may be overridden in specific ARM standard platform */
#pragma weak bl2u_platform_setup
#pragma weak bl2u_early_platform_setup
#pragma weak bl2u_plat_arch_setup
/*
* Perform ARM standard platform setup for BL2U
*/
void arm_bl2u_platform_setup(void)
{
/* Initialize the secure environment */
plat_arm_security_setup();
}
void bl2u_platform_setup(void)
{
arm_bl2u_platform_setup();
}
void arm_bl2u_early_platform_setup(meminfo_t *mem_layout, void *plat_info)
{
/* Initialize the console to provide early debug support */
console_init(PLAT_ARM_BOOT_UART_BASE, PLAT_ARM_BOOT_UART_CLK_IN_HZ,
ARM_CONSOLE_BAUDRATE);
}
/*******************************************************************************
* BL1 can pass platform dependent information to BL2U in x1.
* In case of ARM CSS platforms x1 contains SCP_BL2U image info.
* In case of ARM FVP platforms x1 is not used.
* In both cases, x0 contains the extents of the memory available to BL2U
******************************************************************************/
void bl2u_early_platform_setup(meminfo_t *mem_layout, void *plat_info)
{
arm_bl2u_early_platform_setup(mem_layout, plat_info);
}
/*******************************************************************************
* Perform the very early platform specific architectural setup here. At the
* moment this is only initializes the mmu in a quick and dirty way.
* The memory that is used by BL2U is only mapped.
******************************************************************************/
void arm_bl2u_plat_arch_setup(void)
{
arm_configure_mmu_el1(BL2U_RO_LIMIT,
BL31_LIMIT,
BL2U_RO_BASE,
BL2U_RO_LIMIT
#if USE_COHERENT_MEM
,
BL2U_COHERENT_RAM_BASE,
BL2U_COHERENT_RAM_LIMIT
#endif
);
}
void bl2u_plat_arch_setup(void)
{
arm_bl2u_plat_arch_setup();
}

14
plat/arm/common/arm_common.mk
View File

@ -106,6 +106,11 @@ BL2_SOURCES += drivers/arm/tzc400/tzc400.c \
plat/arm/common/arm_security.c \
plat/common/aarch64/platform_up_stack.S
BL2U_SOURCES += drivers/arm/tzc400/tzc400.c \
plat/arm/common/arm_bl2u_setup.c \
plat/arm/common/arm_security.c \
plat/common/aarch64/platform_up_stack.S
BL31_SOURCES += drivers/arm/cci/cci.c \
drivers/arm/ccn/ccn.c \
drivers/arm/tzc400/tzc400.c \
@ -127,9 +132,16 @@ ifneq (${TRUSTED_BOARD_BOOT},0)
drivers/auth/img_parser_mod.c \
drivers/auth/tbbr/tbbr_cot.c \
BL1_SOURCES += ${AUTH_SOURCES}
PLAT_INCLUDES += -Iinclude/bl1/tbbr
BL1_SOURCES += ${AUTH_SOURCES} \
bl1/tbbr/tbbr_img_desc.c \
plat/arm/common/arm_bl1_fwu.c
BL2_SOURCES += ${AUTH_SOURCES}
$(eval $(call FWU_FIP_ADD_IMG,NS_BL2U,--ns_bl2u))
MBEDTLS_KEY_ALG := ${KEY_ALG}
# We expect to locate the *.mk files under the directories specified below

14
plat/arm/common/arm_io_storage.c
View File

@ -308,3 +308,17 @@ int plat_get_image_source(unsigned int image_id, uintptr_t *dev_handle,
return result;
}
/*
* See if a Firmware Image Package is available,
* by checking if TOC is valid or not.
*/
int arm_io_is_toc_valid(void)
{
int result;
result = io_dev_init(fip_dev_handle, (uintptr_t)FIP_IMAGE_ID);
return (result == 0);
}

45
plat/arm/css/common/css_bl1_setup.c Normal file
View File

@ -0,0 +1,45 @@
/*
* Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of ARM nor the names of its contributors may be used
* to endorse or promote products derived from this software without specific
* prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <bl_common.h>
#include <debug.h>
#include <plat_arm.h>
#include <soc_css.h>
void bl1_platform_setup(void)
{
arm_bl1_platform_setup();
/*
* Do ARM CSS SoC security setup.
* BL1 needs to enable normal world access to memory.
*/
soc_css_security_setup();
}

76
plat/arm/css/common/css_bl2u_setup.c Normal file
View File

@ -0,0 +1,76 @@
/*
* Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of ARM nor the names of its contributors may be used
* to endorse or promote products derived from this software without specific
* prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <bl_common.h>
#include <debug.h>
#include <plat_arm.h>
#include "css_scp_bootloader.h"
/* Weak definition may be overridden in specific CSS based platform */
#pragma weak bl2u_plat_handle_scp_bl2u
/* Data structure which holds the SCP_BL2U image info for BL2U */
static image_info_t scp_bl2u_image_info;
/*******************************************************************************
* BL1 can pass platform dependent information to BL2U in x1.
* In case of ARM CSS platforms x1 contains SCP_BL2U image info.
* In case of ARM FVP platforms x1 is not used.
* In both cases, x0 contains the extents of the memory available to BL2U
******************************************************************************/
void bl2u_early_platform_setup(meminfo_t *mem_layout, void *plat_info)
{
if (!plat_info)
panic();
arm_bl2u_early_platform_setup(mem_layout, plat_info);
scp_bl2u_image_info = *(image_info_t *)plat_info;
}
/*******************************************************************************
* Transfer SCP_BL2U from Trusted RAM using the SCP Download protocol.
******************************************************************************/
int bl2u_plat_handle_scp_bl2u(void)
{
int ret;
INFO("BL2U: Initiating SCP_BL2U transfer to SCP\n");
ret = scp_bootloader_transfer((void *)scp_bl2u_image_info.image_base,
scp_bl2u_image_info.image_size);
if (ret == 0)
INFO("BL2U: SCP_BL2U transferred to SCP\n");
else
ERROR("BL2U: SCP_BL2U transfer failure\n");
return ret;
}

10
plat/arm/css/common/css_common.mk
View File

@ -34,18 +34,26 @@ PLAT_INCLUDES += -Iinclude/plat/arm/css/common \
PLAT_BL_COMMON_SOURCES += plat/arm/css/common/aarch64/css_helpers.S
#BL1_SOURCES +=
BL1_SOURCES += plat/arm/css/common/css_bl1_setup.c
BL2_SOURCES += plat/arm/css/common/css_bl2_setup.c \
plat/arm/css/common/css_mhu.c \
plat/arm/css/common/css_scp_bootloader.c \
plat/arm/css/common/css_scpi.c
BL2U_SOURCES += plat/arm/css/common/css_bl2u_setup.c \
plat/arm/css/common/css_mhu.c \
plat/arm/css/common/css_scp_bootloader.c \
plat/arm/css/common/css_scpi.c
BL31_SOURCES += plat/arm/css/common/css_mhu.c \
plat/arm/css/common/css_pm.c \
plat/arm/css/common/css_scpi.c \
plat/arm/css/common/css_topology.c
ifneq (${TRUSTED_BOARD_BOOT},0)
$(eval $(call FWU_FIP_ADD_IMG,SCP_BL2U,--scp_bl2u))
endif
ifneq (${RESET_TO_BL31},0)
$(error "Using BL3-1 as the reset vector is not supported on CSS platforms. \

5
plat/arm/soc/common/soc_css.mk
View File

@ -32,9 +32,10 @@ PLAT_INCLUDES += -Iinclude/plat/arm/soc/common/
#PLAT_BL_COMMON_SOURCES +=
#BL1_SOURCES +=
BL1_SOURCES += plat/arm/soc/common/soc_css_security.c
BL2_SOURCES += plat/arm/soc/common/soc_css_security.c
BL2U_SOURCES += plat/arm/soc/common/soc_css_security.c
BL31_SOURCES += plat/arm/soc/common/soc_css_security.c

88
plat/common/plat_bl1_common.c Normal file
View File

@ -0,0 +1,88 @@
/*
* Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of ARM nor the names of its contributors may be used
* to endorse or promote products derived from this software without specific
* prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <arch_helpers.h>
#include <assert.h>
#include <bl_common.h>
#include <debug.h>
#include <errno.h>
#include <platform_def.h>
/*
* The following platform functions are weakly defined. They
* are default implementations that allow BL1 to compile in
* absence of real definitions. The Platforms may override
* with more complex definitions.
*/
#pragma weak bl1_plat_get_next_image_id
#pragma weak bl1_plat_set_ep_info
#pragma weak bl1_plat_get_image_desc
#pragma weak bl1_plat_fwu_done
unsigned int bl1_plat_get_next_image_id(void)
{
/* BL2 load will be done by default. */
return BL2_IMAGE_ID;
}
void bl1_plat_set_ep_info(unsigned int image_id,
entry_point_info_t *ep_info)
{
}
/*
* Following is the default definition that always
* returns BL2 image details.
*/
image_desc_t *bl1_plat_get_image_desc(unsigned int image_id)
{
static image_desc_t bl2_img_desc = BL2_IMAGE_DESC;
return &bl2_img_desc;
}
__dead2 void bl1_plat_fwu_done(void *cookie, void *rsvd_ptr)
{
while (1)
wfi();
}
/*
* The Platforms must override with real definition.
*/
#pragma weak bl1_plat_mem_check
int bl1_plat_mem_check(uintptr_t mem_base, unsigned int mem_size,
unsigned int flags)
{
assert(0);
return -ENOMEM;
}

2
tools/cert_create/include/ext.h
View File

@ -72,6 +72,8 @@ typedef struct ext_s {
X509V3_EXT_METHOD method; /* This field may be used to define a custom
* function to print the contents of the
* extension */
int optional; /* This field may be used optionally to exclude an image */
} ext_t;
enum {

3
tools/cert_create/include/tbbr/tbb_cert.h
View File

@ -46,7 +46,8 @@ enum {
BL32_KEY_CERT,
BL32_CERT,
BL33_KEY_CERT,
BL33_CERT
BL33_CERT,
FWU_CERT
};
#endif /* TBB_CERT_H_ */

5
tools/cert_create/include/tbbr/tbb_ext.h
View File

@ -46,7 +46,10 @@ enum {
BL32_CONTENT_CERT_PK_EXT,
BL32_HASH_EXT,
BL33_CONTENT_CERT_PK_EXT,
BL33_HASH_EXT
BL33_HASH_EXT,
SCP_BL2U_HASH_EXT,
BL2U_HASH_EXT,
NS_BL2U_HASH_EXT
};
#endif /* TBB_EXT_H_ */

27
tools/cert_create/src/main.c
View File

@ -217,8 +217,11 @@ static void check_cmd_params(void)
}
break;
case EXT_TYPE_HASH:
/* Binary image must be specified */
if (ext->data.fn == NULL) {
/*
* Binary image must be specified
* unless it is explicitly made optional.
*/
if ((!ext->optional) && (ext->data.fn == NULL)) {
ERROR("Image for '%s' not specified\n",
ext->ln);
exit(1);
@ -410,12 +413,20 @@ int main(int argc, char *argv[])
break;
case EXT_TYPE_HASH:
if (ext->data.fn == NULL) {
break;
}
if (!sha_file(ext->data.fn, md)) {
ERROR("Cannot calculate hash of %s\n",
ext->data.fn);
exit(1);
if (ext->optional) {
/* Include a hash filled with zeros */
memset(md, 0x0, SHA256_DIGEST_LENGTH);
} else {
/* Do not include this hash in the certificate */
break;
}
} else {
/* Calculate the hash of the file */
if (!sha_file(ext->data.fn, md)) {
ERROR("Cannot calculate hash of %s\n",
ext->data.fn);
exit(1);
}
}
CHECK_NULL(cert_ext, ext_new_hash(ext_nid,
EXT_CRIT, md_info, md,

14
tools/cert_create/src/tbbr/tbb_cert.c
View File

@ -160,6 +160,20 @@ static cert_t tbb_certs[] = {
BL33_HASH_EXT
},
.num_ext = 1
},
[FWU_CERT] = {
.id = FWU_CERT,
.opt = "fwu-cert",
.fn = NULL,
.cn = "FWU Certificate",
.key = ROT_KEY,
.issuer = FWU_CERT,
.ext = {
SCP_BL2U_HASH_EXT,
BL2U_HASH_EXT,
NS_BL2U_HASH_EXT
},
.num_ext = 3
}
};

27
tools/cert_create/src/tbbr/tbb_ext.c
View File

@ -145,6 +145,33 @@ static ext_t tbb_ext[] = {
.ln = "Non-Trusted World (BL33) hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_HASH
},
[SCP_BL2U_HASH_EXT] = {
.oid = SCP_BL2U_HASH_OID,
.opt = "scp_bl2u",
.sn = "SCPFWUpdateConfig",
.ln = "SCP Firmware Update Config (SCP_BL2U) hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_HASH,
.optional = 1
},
[BL2U_HASH_EXT] = {
.oid = BL2U_HASH_OID,
.opt = "bl2u",
.sn = "APFWUpdateConfig",
.ln = "AP Firmware Update Config (BL2U) hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_HASH,
.optional = 1
},
[NS_BL2U_HASH_EXT] = {
.oid = NS_BL2U_HASH_OID,
.opt = "ns_bl2u",
.sn = "FWUpdaterHash",
.ln = "Firmware Updater (NS_BL2U) hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_HASH,
.optional = 1
}
};

10
tools/fip_create/fip_create.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2014, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@ -55,6 +55,14 @@ uuid_t uuid_null = {0};
/* The images used depends on the platform. */
static entry_lookup_list_t toc_entry_lookup_list[] = {
{ "SCP Firmware Updater Configuration FWU SCP_BL2U", UUID_TRUSTED_UPDATE_FIRMWARE_SCP_BL2U,
"scp_bl2u", NULL, FLAG_FILENAME },
{ "AP Firmware Updater Configuration BL2U", UUID_TRUSTED_UPDATE_FIRMWARE_BL2U,
"bl2u", NULL, FLAG_FILENAME },
{ "Firmware Updater NS_BL2U", UUID_TRUSTED_UPDATE_FIRMWARE_NS_BL2U,
"ns_bl2u", NULL, FLAG_FILENAME },
{ "Non-Trusted Firmware Updater certificate", UUID_TRUSTED_FWU_CERT,
"fwu-cert", NULL, FLAG_FILENAME},
{ "Trusted Boot Firmware BL2", UUID_TRUSTED_BOOT_FIRMWARE_BL2,
"bl2", NULL, FLAG_FILENAME },
{ "SCP Firmware BL3-0", UUID_SCP_FIRMWARE_BL30,