From 58f34350427568a0a79cbbd0b1cfd4990678fd92 Mon Sep 17 00:00:00 2001 From: Sandrine Bailleux Date: Wed, 7 May 2014 10:51:34 +0100 Subject: [PATCH 1/3] TSP: Let the platform decide which secure memory to use The TSP's linker script used to assume that the TSP would execute from secure DRAM. Although it is currently the case on FVPs, platforms are free to use any secure memory they wish. This patch introduces the flexibility to load the TSP into any secure memory. The platform code gets to specify the extents of this memory in the platform header file, as well as the BL3-2 image limit address. The latter definition allows to check in a generic way that the BL3-2 image fits in its bounds. Change-Id: I9450f2d8b32d74bd00b6ce57a0a1542716ab449c --- bl32/tsp/tsp.ld.S | 4 ++-- docs/porting-guide.md | 26 ++++++++++++++++++++++++++ plat/fvp/bl2_plat_setup.c | 4 ++-- plat/fvp/platform.h | 3 +++ 4 files changed, 33 insertions(+), 4 deletions(-) diff --git a/bl32/tsp/tsp.ld.S b/bl32/tsp/tsp.ld.S index 53bce7d5a..797d8d7c1 100644 --- a/bl32/tsp/tsp.ld.S +++ b/bl32/tsp/tsp.ld.S @@ -36,7 +36,7 @@ ENTRY(tsp_entrypoint) MEMORY { - RAM (rwx): ORIGIN = TZDRAM_BASE, LENGTH = TZDRAM_SIZE + RAM (rwx): ORIGIN = TSP_SEC_MEM_BASE, LENGTH = TSP_SEC_MEM_SIZE } @@ -119,5 +119,5 @@ SECTIONS __COHERENT_RAM_UNALIGNED_SIZE__ = __COHERENT_RAM_END_UNALIGNED__ - __COHERENT_RAM_START__; - ASSERT(. <= TZDRAM_BASE + (1 << 21), "BL32 image does not fit in the first 2MB of Trusted DRAM.") + ASSERT(. <= BL32_LIMIT, "BL3-2 image does not fit.") } diff --git a/docs/porting-guide.md b/docs/porting-guide.md index e967b0e45..5d9d72728 100644 --- a/docs/porting-guide.md +++ b/docs/porting-guide.md @@ -191,9 +191,35 @@ constants defined. In the ARM FVP port, this file is found in image. Must be aligned on a page-size boundary. * **#define : NS_IMAGE_OFFSET** + Defines the base address in non-secure DRAM where BL2 loads the BL3-3 binary image. Must be aligned on a page-size boundary. +If the BL3-2 image is supported by the platform, the following constants must +be defined as well: + +* **#define : TSP_SEC_MEM_BASE** + + Defines the base address of the secure memory used by the BL3-2 image on the + platform. + +* **#define : TSP_SEC_MEM_SIZE** + + Defines the size of the secure memory used by the BL3-2 image on the + platform. + +* **#define : BL32_BASE** + + Defines the base address in secure memory where BL2 loads the BL3-2 binary + image. Must be inside the secure memory identified by `TSP_SEC_MEM_BASE` and + `TSP_SEC_MEM_SIZE` constants. Must also be aligned on a page-size boundary. + +* **#define : BL32_LIMIT** + + Defines the maximum address that the BL3-2 image can occupy. Must be inside + the secure memory identified by `TSP_SEC_MEM_BASE` and `TSP_SEC_MEM_SIZE` + constants. + ### Other mandatory modifications diff --git a/plat/fvp/bl2_plat_setup.c b/plat/fvp/bl2_plat_setup.c index 80bb52e5a..9d2916083 100644 --- a/plat/fvp/bl2_plat_setup.c +++ b/plat/fvp/bl2_plat_setup.c @@ -158,9 +158,9 @@ void bl2_platform_setup() bl2_to_bl31_args->bl32_meminfo.free_base = BL32_BASE; bl2_to_bl31_args->bl32_meminfo.total_size = - (TZDRAM_BASE + TZDRAM_SIZE) - BL32_BASE; + (TSP_SEC_MEM_BASE + TSP_SEC_MEM_SIZE) - BL32_BASE; bl2_to_bl31_args->bl32_meminfo.free_size = - (TZDRAM_BASE + TZDRAM_SIZE) - BL32_BASE; + (TSP_SEC_MEM_BASE + TSP_SEC_MEM_SIZE) - BL32_BASE; bl2_to_bl31_args->bl32_meminfo.attr = BOT_LOAD; bl2_to_bl31_args->bl32_meminfo.next = 0; diff --git a/plat/fvp/platform.h b/plat/fvp/platform.h index 40f780eff..1e6da8564 100644 --- a/plat/fvp/platform.h +++ b/plat/fvp/platform.h @@ -243,7 +243,10 @@ /******************************************************************************* * BL32 specific defines. ******************************************************************************/ +#define TSP_SEC_MEM_BASE TZDRAM_BASE +#define TSP_SEC_MEM_SIZE TZDRAM_SIZE #define BL32_BASE (TZDRAM_BASE + 0x2000) +#define BL32_LIMIT (TZDRAM_BASE + (1 << 21)) /******************************************************************************* * Platform specific page table and MMU setup constants From e11fff72e6631a98b09371c40fdc35ed8d7e67dc Mon Sep 17 00:00:00 2001 From: Sandrine Bailleux Date: Tue, 20 May 2014 10:54:10 +0100 Subject: [PATCH 2/3] fvp: Move TSP from Secure DRAM to Secure SRAM The TSP used to execute from secure DRAM on the FVPs because there was not enough space in Trusted SRAM to fit it in. Thanks to recent RAM usage enhancements being implemented, we have made enough savings for the TSP to execute in SRAM. However, there is no contiguous free chunk of SRAM big enough to hold the TSP. Therefore, the different bootloader images need to be moved around to reduce memory fragmentation. This patch keeps the overall memory layout (i.e. keeping BL1 R/W at the bottom, BL2 at the top and BL3-1 in between) but moves the base addresses of all the bootloader images in such a way that: - memory fragmentation is reduced enough to fit BL3-2 in; - new base addresses are suitable for release builds as well as debug ones; - each image has a few extra kilobytes for future growth. BL3-1 and BL3-2 are the images which received the biggest slice of the cake since they will most probably grow the most. A few useful numbers for reference (valid at the time of this patch): |-----------------------|------------------------------- | image size (debug) | extra space for the future --------|-----------------------|------------------------------- BL1 R/W | 20 KB | 4 KB BL2 | 44 KB | 4 KB BL3-1 | 108 KB | 12 KB BL3-2 | 56 KB | 8 KB --------|-----------------------|------------------------------- Total | 228 KB | 28 KB = 256 KB --------|-----------------------|------------------------------- Although on FVPs the TSP now executes from Trusted SRAM by default, this patch keeps the option to execute it from Trusted DRAM. This is controlled by the build configuration 'TSP_RAM_LOCATION'. Fixes ARM-Software/tf-issues#81 Change-Id: Ifb9ef2befa9a2d5ac0813f7f79834df7af992b94 --- plat/fvp/bl2_plat_setup.c | 4 +++- plat/fvp/platform.h | 27 +++++++++++++++++++++------ plat/fvp/platform.mk | 15 +++++++++++++++ 3 files changed, 39 insertions(+), 7 deletions(-) diff --git a/plat/fvp/bl2_plat_setup.c b/plat/fvp/bl2_plat_setup.c index 9d2916083..8cdcd5c76 100644 --- a/plat/fvp/bl2_plat_setup.c +++ b/plat/fvp/bl2_plat_setup.c @@ -132,11 +132,13 @@ void bl2_platform_setup() /* Initialise the IO layer and register platform IO devices */ io_setup(); +#if TSP_RAM_LOCATION_ID == TSP_IN_TZDRAM /* * Ensure that the secure DRAM memory used for passing BL31 arguments * does not overlap with the BL32_BASE. */ - assert (BL32_BASE > TZDRAM_BASE + sizeof(bl31_args_t)); + assert(BL32_BASE > TZDRAM_BASE + sizeof(bl31_args_t)); +#endif /* Use the Trusted DRAM for passing args to BL31 */ bl2_to_bl31_args = (bl31_args_t *) TZDRAM_BASE; diff --git a/plat/fvp/platform.h b/plat/fvp/platform.h index 1e6da8564..ce1c604d7 100644 --- a/plat/fvp/platform.h +++ b/plat/fvp/platform.h @@ -233,20 +233,35 @@ /******************************************************************************* * BL2 specific defines. ******************************************************************************/ -#define BL2_BASE 0x0402D000 +#define BL2_BASE (TZRAM_BASE + TZRAM_SIZE - 0xc000) /******************************************************************************* * BL31 specific defines. ******************************************************************************/ -#define BL31_BASE 0x0400C000 +#define BL31_BASE (TZRAM_BASE + 0x6000) /******************************************************************************* * BL32 specific defines. ******************************************************************************/ -#define TSP_SEC_MEM_BASE TZDRAM_BASE -#define TSP_SEC_MEM_SIZE TZDRAM_SIZE -#define BL32_BASE (TZDRAM_BASE + 0x2000) -#define BL32_LIMIT (TZDRAM_BASE + (1 << 21)) +/* + * On FVP, the TSP can execute either from Trusted SRAM or Trusted DRAM. + */ +#define TSP_IN_TZRAM 0 +#define TSP_IN_TZDRAM 1 + +#if TSP_RAM_LOCATION_ID == TSP_IN_TZRAM +# define TSP_SEC_MEM_BASE TZRAM_BASE +# define TSP_SEC_MEM_SIZE TZRAM_SIZE +# define BL32_BASE (TZRAM_BASE + TZRAM_SIZE - 0x1c000) +# define BL32_LIMIT BL2_BASE +#elif TSP_RAM_LOCATION_ID == TSP_IN_TZDRAM +# define TSP_SEC_MEM_BASE TZDRAM_BASE +# define TSP_SEC_MEM_SIZE TZDRAM_SIZE +# define BL32_BASE (TZDRAM_BASE + 0x2000) +# define BL32_LIMIT (TZDRAM_BASE + (1 << 21)) +#else +# error "Unsupported TSP_RAM_LOCATION_ID value" +#endif /******************************************************************************* * Platform specific page table and MMU setup constants diff --git a/plat/fvp/platform.mk b/plat/fvp/platform.mk index ea72a3164..721c79dc3 100644 --- a/plat/fvp/platform.mk +++ b/plat/fvp/platform.mk @@ -28,6 +28,21 @@ # POSSIBILITY OF SUCH DAMAGE. # +# On FVP, the TSP can execute either from Trusted SRAM or Trusted DRAM. +# Trusted SRAM is the default. +TSP_RAM_LOCATION := tsram + +ifeq (${TSP_RAM_LOCATION}, tsram) + TSP_RAM_LOCATION_ID := TSP_IN_TZRAM +else ifeq (${TSP_RAM_LOCATION}, tdram) + TSP_RAM_LOCATION_ID := TSP_IN_TZDRAM +else + $(error "Unsupported TSP_RAM_LOCATION value") +endif + +# Process TSP_RAM_LOCATION_ID flag +$(eval $(call add_define,TSP_RAM_LOCATION_ID)) + # # No additional platform system include directories required # From 594020f2841a853b678678cc4016fcf2cbc4adee Mon Sep 17 00:00:00 2001 From: Sandrine Bailleux Date: Wed, 14 May 2014 16:45:27 +0100 Subject: [PATCH 3/3] Doc: Add the "Building the Test Secure Payload" section Add a section in the user guide explaining how to compile the TSP image and include it into the FIP. This includes instructions to make the TSP run from Trusted DRAM (rather than Trusted SRAM) on FVP. Change-Id: I04780757a149eeb5482a12a61e821be947b882c0 --- docs/user-guide.md | 45 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/docs/user-guide.md b/docs/user-guide.md index e7f0df54c..a6256efad 100644 --- a/docs/user-guide.md +++ b/docs/user-guide.md @@ -89,7 +89,8 @@ To build the software for the FVPs, follow these steps: By default this produces a release version of the build. To produce a debug version instead, refer to the "Debugging options" section below. UEFI can be used as the BL3-3 image, refer to the "Obtaining the normal world software" - section below. + section below. By default this won't compile the TSP in, refer to the + "Building the Test Secure Payload" section below. The build process creates products in a `build` directory tree, building the objects and binaries for each boot loader stage in separate @@ -243,6 +244,48 @@ Extra debug options can be passed to the build system by setting `CFLAGS`: NOTE: The Foundation FVP does not provide a debugger interface. +### Building the Test Secure Payload + +The TSP is coupled with a companion runtime service in the BL3-1 firmware, +called the TSPD. Therefore, if you intend to use the TSP, the BL3-1 image +must be recompiled as well. For more information on SPs and SPDs, see the +"Secure-EL1 Payloads and Dispatchers" section in the [Firmware Design]. + +First clean the Trusted Firmware build directory to get rid of any previous +BL3-1 binary. Then to build the TSP image and include it into the FIP use: + + CROSS_COMPILE=/bin/aarch64-none-elf- \ + BL33=/ \ + make PLAT=fvp SPD=tspd all fip + +An additional boot loader binary file is created in the `build` directory: + + * `build///bl32.bin` + +The Firmware Package contains this new image: + + Firmware Image Package ToC: + --------------------------- + - Trusted Boot Firmware BL2: offset=0xD8, size=0x6000 + file: './build/fvp/release/bl2.bin' + - EL3 Runtime Firmware BL3-1: offset=0x60D8, size=0x9000 + file: './build/fvp/release/bl31.bin' + - Secure Payload BL3-2 (Trusted OS): offset=0xF0D8, size=0x3000 + file: './build/fvp/release/bl32.bin' + - Non-Trusted Firmware BL3-3: offset=0x120D8, size=0x280000 + file: '../FVP_AARCH64_EFI.fd' + --------------------------- + Creating "build/fvp/release/fip.bin" + +On FVP, the TSP binary runs from Trusted SRAM by default. It is also possible +to run it from Trusted DRAM. This is controlled by the build configuration +`TSP_RAM_LOCATION`: + + CROSS_COMPILE=/bin/aarch64-none-elf- \ + BL33=/ \ + make PLAT=fvp SPD=tspd TSP_RAM_LOCATION=tdram all fip + + ### Checking source code style When making changes to the source for submission to the project, the source