Support shared Mbed TLS heap for FVP

This patch introduces the shared Mbed TLS heap optimisation for Arm
platforms. The objective is the Mbed TLS heap to be shared between BL1
and BL2 so as to not allocate the heap memory twice. To achieve that,
the patch introduces all the necessary helpers for implementing this
optimisation. It also applies it for FVP.

Change-Id: I6d85eaa1361517b7490956b2ac50f5fa0d0bb008
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

docs/porting-guide.rst

@@ -1075,21 +1075,22 @@ Function : plat\_get\_mbedtls\_heap()
 ::
 
     Arguments : void **heap_addr, size_t *heap_size
-    Return   : int
+    Return    : int
 
 This function is invoked during Mbed TLS library initialisation to get
 a heap, by means of a starting address and a size. This heap will then be used
-internally by the Mbed TLS library. The heap is requested from the current
-BL stage, i.e. the current BL image inside which Mbed TLS is used.
+internally by the Mbed TLS library. The heap is requested from the current BL
+stage, i.e. the current BL image inside which Mbed TLS is used.
 
-The default implementation allocates a new heap every time Mbed TLS gets
-initialised. This means that a new heap is statically allocated inside
-every image (i.e. every BL stage) that utilises Mbed TLS. In the default
-implementation, this function returns the address and size of this default
-heap. However, by overriding the default implementation, platforms have the ability
-to optimise memory usage.
+In the default implementation a heap is statically allocated inside every image
+(i.e. every BL stage) that utilises Mbed TLS. So, in this case, the function
+simply returns the address and size of this "pre-allocated" heap. However, by
+overriding the default implementation, platforms have the potential to optimise
+memory usage. For example, on some Arm platforms, the Mbed TLS heap is shared
+between BL1 and BL2 stages and, thus, the necessary space is not reserved
+twice.
 
-On success it returns 0 and a negative error code otherwise.
+On success the function should return 0 and a negative error code otherwise.
 
 Modifications specific to a Boot Loader stage
 ---------------------------------------------

include/plat/arm/common/arm_def.h

@@ -241,6 +241,17 @@
 						ARM_EL3_TZC_DRAM1_SIZE,	\
 						MT_MEMORY | MT_RW | MT_SECURE)
 
+/*
+ * Mapping for the BL1 RW region. This mapping is needed by BL2 in order to
+ * share the Mbed TLS heap. Since the heap is allocated inside BL1, it resides
+ * in the BL1 RW region. Hence, BL2 needs access to the BL1 RW region in order
+ * to be able to access the heap.
+ */
+#define ARM_MAP_BL1_RW		MAP_REGION_FLAT(	\
+					BL1_RW_BASE,	\
+					BL1_RW_LIMIT - BL1_RW_BASE, \
+					MT_MEMORY | MT_RW | MT_SECURE)
+
 /*
  * If SEPARATE_CODE_AND_RODATA=1 we define a region for each section
  * otherwise one region is defined containing both.

include/plat/arm/common/arm_dyn_cfg_helpers.h

@@ -6,12 +6,17 @@
 #ifndef __ARM_DYN_CFG_HELPERS_H__
 #define __ARM_DYN_CFG_HELPERS_H__
 
+#include <stddef.h>
 #include <stdint.h>
 
-/* Function declaration */
+/* Function declarations */
 int arm_dyn_get_config_load_info(void *dtb, int node, unsigned int config_id,
 		uint64_t *config_addr, uint32_t *config_size);
 int arm_dyn_tb_fw_cfg_init(void *dtb, int *node);
 int arm_dyn_get_disable_auth(void *dtb, int node, uint32_t *disable_auth);
+int arm_get_dtb_mbedtls_heap_info(void *dtb, void **heap_addr,
+	size_t *heap_size);
+int arm_set_dtb_mbedtls_heap_info(void *dtb, void *heap_addr,
+	size_t heap_size);
 
 #endif /* __ARM_DYN_CFG_HELPERS_H__ */

include/plat/arm/common/plat_arm.h

@@ -223,6 +223,8 @@ int arm_io_is_toc_valid(void);
 void arm_load_tb_fw_config(void);
 void arm_bl2_set_tb_cfg_addr(void *dtb);
 void arm_bl2_dyn_cfg_init(void);
+void arm_bl1_set_mbedtls_heap(void);
+int arm_get_mbedtls_heap(void **heap_addr, size_t *heap_size);
 
 /*
  * Mandatory functions required in ARM standard platforms

plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts

@@ -26,5 +26,16 @@
 		tos_fw_config_max_size = <0x200>;
 		nt_fw_config_addr = <0x0 0x80000000>;
 		nt_fw_config_max_size = <0x200>;
+		/*
+		 * The following two entries are placeholders for Mbed TLS
+		 * heap information. The default values don't matter since
+		 * they will be overwritten by BL1.
+		 * In case of having shared Mbed TLS heap between BL1 and BL2,
+		 * BL1 will populate these two properties with the respective
+		 * info about the shared heap. This info will be available for
+		 * BL2 in order to locate and re-use the heap.
+		 */
+		mbedtls_heap_addr = <0x0 0x0>;
+		mbedtls_heap_size = <0x0>;
 	};
 };

plat/arm/board/fvp/fvp_common.c

@@ -15,6 +15,7 @@
 #include <gicv2.h>
 #include <mmio.h>
 #include <plat_arm.h>
+#include <platform.h>
 #include <secure_partition.h>
 #include <v2m_def.h>
 #include "../fvp_def.h"
@@ -50,7 +51,6 @@ arm_config_t arm_config;
 					DEVICE2_SIZE,			\
 					MT_DEVICE | MT_RW | MT_SECURE)
 
-
 /*
  * Table of memory regions for various BL stages to map using the MMU.
  * This doesn't include Trusted SRAM as arm_setup_page_tables() already
@@ -92,7 +92,10 @@ const mmap_region_t plat_arm_mmap[] = {
 #if TRUSTED_BOARD_BOOT
 	/* To access the Root of Trust Public Key registers. */
 	MAP_DEVICE2,
-#endif
+#if LOAD_IMAGE_V2 && !BL2_AT_EL3
+	ARM_MAP_BL1_RW,
+#endif /* LOAD_IMAGE_V2 && !BL2_AT_EL3 */
+#endif /* TRUSTED_BOARD_BOOT */
 #if ENABLE_SPM
 	ARM_SP_IMAGE_MMAP,
 #endif
@@ -395,3 +398,13 @@ void fvp_interconnect_disable(void)
 	}
 #endif
 }
+
+#if TRUSTED_BOARD_BOOT && LOAD_IMAGE_V2
+int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size)
+{
+	assert(heap_addr != NULL);
+	assert(heap_size != NULL);
+
+	return arm_get_mbedtls_heap(heap_addr, heap_size);
+}
+#endif

plat/arm/common/arm_bl1_setup.c

@@ -149,7 +149,11 @@ void arm_bl1_platform_setup(void)
 	plat_arm_io_setup();
 #if LOAD_IMAGE_V2
 	arm_load_tb_fw_config();
-#endif
+#if TRUSTED_BOARD_BOOT
+	/* Share the Mbed TLS heap info with other images */
+	arm_bl1_set_mbedtls_heap();
+#endif /* TRUSTED_BOARD_BOOT */
+#endif /* LOAD_IMAGE_V2 */
 	/*
 	 * Allow access to the System counter timer module and program
 	 * counter frequency for non secure images during FWU

plat/arm/common/arm_dyn_cfg.c

@@ -8,6 +8,9 @@
 #include <assert.h>
 #include <debug.h>
 #include <desc_image_load.h>
+#if TRUSTED_BOARD_BOOT
+#include <mbedtls_config.h>
+#endif
 #include <plat_arm.h>
 #include <platform.h>
 #include <platform_def.h>
@@ -16,9 +19,94 @@
 
 #if LOAD_IMAGE_V2
 
-/* Variable to store the address to TB_FW_CONFIG passed from BL1 */
+/* Variable to store the address of TB_FW_CONFIG file */
 static void *tb_fw_cfg_dtb;
 
+
+#if TRUSTED_BOARD_BOOT
+
+static void *mbedtls_heap_addr;
+static size_t mbedtls_heap_size;
+
+/*
+ * This function is the implementation of the shared Mbed TLS heap between
+ * BL1 and BL2 for Arm platforms. The shared heap address is passed from BL1
+ * to BL2 with a pointer. This pointer resides inside the TB_FW_CONFIG file
+ * which is a DTB.
+ *
+ * This function is placed inside an #if directive for the below reasons:
+ *   - To allocate space for the Mbed TLS heap --only if-- Trusted Board Boot
+ *     is enabled.
+ *   - This implementation requires the DTB to be present so that BL1 has a
+ *     mechanism to pass the pointer to BL2. If LOAD_IMAGE_V2=0 then
+ *     TB_FW_CONFIG is not present, which means that this implementation
+ *     cannot be applied.
+ */
+int arm_get_mbedtls_heap(void **heap_addr, size_t *heap_size)
+{
+	assert(heap_addr != NULL);
+	assert(heap_size != NULL);
+
+#if defined(IMAGE_BL1) || BL2_AT_EL3
+
+	/* If in BL1 or BL2_AT_EL3 define a heap */
+	static unsigned char heap[TF_MBEDTLS_HEAP_SIZE];
+
+	*heap_addr = heap;
+	*heap_size = sizeof(heap);
+	mbedtls_heap_addr = heap;
+	mbedtls_heap_size = sizeof(heap);
+
+#elif defined(IMAGE_BL2)
+
+	int err;
+
+	/* If in BL2, retrieve the already allocated heap's info from DTB */
+	err = arm_get_dtb_mbedtls_heap_info(tb_fw_cfg_dtb, heap_addr,
+		heap_size);
+	if (err < 0) {
+		ERROR("BL2: unable to retrieve shared Mbed TLS heap "
+			"information from DTB\n");
+		panic();
+	}
+#endif
+
+	return 0;
+}
+
+/*
+ * Puts the shared Mbed TLS heap information to the DTB.
+ * Executed only from BL1.
+ */
+void arm_bl1_set_mbedtls_heap(void)
+{
+	int err;
+
+	/*
+	 * If tb_fw_cfg_dtb==NULL then DTB is not present for the current
+	 * platform. As such, we don't attempt to write to the DTB at all.
+	 *
+	 * If mbedtls_heap_addr==NULL, then it means we are using the default
+	 * heap implementation. As such, BL2 will have its own heap for sure
+	 * and hence there is no need to pass any information to the DTB.
+	 *
+	 * In the latter case, if we still wanted to write in the DTB the heap
+	 * information, we would need to call plat_get_mbedtls_heap to retrieve
+	 * the default heap's address and size.
+	 */
+	if ((tb_fw_cfg_dtb != NULL) && (mbedtls_heap_addr != NULL)) {
+		err = arm_set_dtb_mbedtls_heap_info(tb_fw_cfg_dtb,
+			mbedtls_heap_addr, mbedtls_heap_size);
+		if (err < 0) {
+			ERROR("BL1: unable to write shared Mbed TLS heap "
+				"information to DTB\n");
+			panic();
+		}
+	}
+}
+
+#endif /* TRUSTED_BOARD_BOOT */
+
 /*
  * Helper function to load TB_FW_CONFIG and populate the load information to
  * arg0 of BL2 entrypoint info.
@@ -45,7 +133,9 @@ void arm_load_tb_fw_config(void)
 		return;
 	}
 
+	/* At this point we know that a DTB is indeed available */
 	config_base = arm_tb_fw_info.image_info.image_base;
+	tb_fw_cfg_dtb = (void *)config_base;
 
 	/* The BL2 ep_info arg0 is modified to point to TB_FW_CONFIG */
 	image_desc = bl1_plat_get_image_desc(BL2_IMAGE_ID);

plat/arm/common/arm_dyn_cfg_helpers.c

@@ -11,6 +11,8 @@
 #include <libfdt.h>
 #include <plat_arm.h>
 
+#define DTB_PROP_MBEDTLS_HEAP_ADDR "mbedtls_heap_addr"
+#define DTB_PROP_MBEDTLS_HEAP_SIZE "mbedtls_heap_size"
 
 typedef struct config_load_info_prop {
 	unsigned int config_id;
@@ -164,3 +166,102 @@ int arm_dyn_tb_fw_cfg_init(void *dtb, int *node)
 	VERBOSE("Dyn cfg: Found \"arm,tb_fw\" in the config\n");
 	return 0;
 }
+
+
+#if TRUSTED_BOARD_BOOT && LOAD_IMAGE_V2
+/*
+ * Reads and returns the Mbed TLS shared heap information from the DTB.
+ * This function is supposed to be called *only* when a DTB is present.
+ * This function is supposed to be called only by BL2.
+ *
+ * Returns:
+ *	0 = success
+ *	-1 = error. In this case the values of heap_addr, heap_size should be
+ *	    considered as garbage by the caller.
+ */
+int arm_get_dtb_mbedtls_heap_info(void *dtb, void **heap_addr,
+	size_t *heap_size)
+{
+	int err, dtb_root;
+
+	/* Verify the DTB is valid and get the root node */
+	err = arm_dyn_tb_fw_cfg_init(dtb, &dtb_root);
+	if (err < 0) {
+		ERROR("%s: Invalid TB_FW_CONFIG. Cannot retrieve Mbed TLS "
+			"heap information from DTB\n", __func__);
+		return -1;
+	}
+
+	/* Retrieve the Mbed TLS heap details from the DTB */
+	err = fdtw_read_cells(dtb, dtb_root,
+		DTB_PROP_MBEDTLS_HEAP_ADDR, 2, heap_addr);
+	if (err < 0) {
+		ERROR("%s: error while reading %s from DTB\n", __func__,
+			DTB_PROP_MBEDTLS_HEAP_ADDR);
+		return -1;
+	}
+	err = fdtw_read_cells(dtb, dtb_root,
+		DTB_PROP_MBEDTLS_HEAP_SIZE, 1, heap_size);
+	if (err < 0) {
+		ERROR("%s: error while reading %s from DTB\n", __func__,
+			DTB_PROP_MBEDTLS_HEAP_SIZE);
+		return -1;
+	}
+	return 0;
+}
+
+
+/*
+ * This function writes the Mbed TLS heap address and size in the DTB. When it
+ * is called, it is guaranteed that a DTB is available. However it is not
+ * guaranteed that the shared Mbed TLS heap implementation is used. Thus we
+ * return error code from here and it's the responsibility of the caller to
+ * determine the action upon error.
+ *
+ * This function is supposed to be called only by BL1.
+ *
+ * Returns:
+ *	0 = success
+ *	1 = error
+ */
+int arm_set_dtb_mbedtls_heap_info(void *dtb, void *heap_addr, size_t heap_size)
+{
+	int err, dtb_root;
+
+	/*
+	 * Verify that the DTB is valid, before attempting to write to it,
+	 * and get the DTB root node.
+	 */
+	err = arm_dyn_tb_fw_cfg_init(dtb, &dtb_root);
+	if (err < 0) {
+		ERROR("%s: Invalid TB_FW_CONFIG loaded. Unable to get "
+			"root node\n", __func__);
+		return -1;
+	}
+
+	/*
+	 * Write the heap address and size in the DTB.
+	 *
+	 * NOTE: The variables heap_addr and heap_size are corrupted
+	 * by the "fdtw_write_inplace_cells" function. After the
+	 * function calls they must NOT be reused.
+	 */
+	err = fdtw_write_inplace_cells(dtb, dtb_root,
+		DTB_PROP_MBEDTLS_HEAP_ADDR, 2, &heap_addr);
+	if (err < 0) {
+		ERROR("%s: unable to write DTB property %s\n",
+			__func__, DTB_PROP_MBEDTLS_HEAP_ADDR);
+		return -1;
+	}
+
+	err = fdtw_write_inplace_cells(dtb, dtb_root,
+		DTB_PROP_MBEDTLS_HEAP_SIZE, 1, &heap_size);
+	if (err < 0) {
+		ERROR("%s: unable to write DTB property %s\n",
+			__func__, DTB_PROP_MBEDTLS_HEAP_SIZE);
+		return -1;
+	}
+
+	return 0;
+}
+#endif /* TRUSTED_BOARD_BOOT && LOAD_IMAGE_V2 */