andrius
/
arm-trusted-firmware
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fvp_r: load, auth, and transfer from BL1 to BL33 

Adding load, authentication, and transfer functionality from FVP R BL1 to
BL33, which will be the partner runtime code.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I293cad09739dacac0d20dd57c1d98178dbe84d40
This commit is contained in:
laurenw-arm 2021-03-03 14:19:38 -06:00 committed by Manish Pandey
parent 5fb061e761
commit e31fb0fa1b
19 changed files with 491 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

177
drivers/auth/tbbr/tbbr_cot_bl1_r64.c Normal file
View File

@ -0,0 +1,177 @@
/*
* Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <stddef.h>
#include <drivers/auth/auth_mod.h>
#include <drivers/auth/mbedtls/mbedtls_config.h>
#include <drivers/auth/tbbr_cot_common.h>
#if USE_TBBR_DEFS
#include <tools_share/tbbr_oid.h>
#else
#include <platform_oid.h>
#endif
#include <platform_def.h>
static unsigned char trusted_world_pk_buf[PK_DER_LEN];
static unsigned char non_trusted_world_pk_buf[PK_DER_LEN];
static unsigned char content_pk_buf[PK_DER_LEN];
static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN];
static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID);
static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID);
static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID);
static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID);
static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID);
/*
* Trusted key certificate
*/
static const auth_img_desc_t trusted_key_cert = {
.img_id = TRUSTED_KEY_CERT_ID,
.img_type = IMG_CERT,
.parent = NULL,
.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_SIG,
.param.sig = {
.pk = &subject_pk,
.sig = &sig,
.alg = &sig_alg,
.data = &raw_data
}
},
[1] = {
.type = AUTH_METHOD_NV_CTR,
.param.nv_ctr = {
.cert_nv_ctr = &trusted_nv_ctr,
.plat_nv_ctr = &trusted_nv_ctr
}
}
},
.authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
[0] = {
.type_desc = &trusted_world_pk,
.data = {
.ptr = (void *)trusted_world_pk_buf,
.len = (unsigned int)PK_DER_LEN
}
},
[1] = {
.type_desc = &non_trusted_world_pk,
.data = {
.ptr = (void *)non_trusted_world_pk_buf,
.len = (unsigned int)PK_DER_LEN
}
}
}
};
/*
* Non-Trusted Firmware
*/
static const auth_img_desc_t non_trusted_fw_key_cert = {
.img_id = NON_TRUSTED_FW_KEY_CERT_ID,
.img_type = IMG_CERT,
.parent = &trusted_key_cert,
.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_SIG,
.param.sig = {
.pk = &non_trusted_world_pk,
.sig = &sig,
.alg = &sig_alg,
.data = &raw_data
}
},
[1] = {
.type = AUTH_METHOD_NV_CTR,
.param.nv_ctr = {
.cert_nv_ctr = &non_trusted_nv_ctr,
.plat_nv_ctr = &non_trusted_nv_ctr
}
}
},
.authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
[0] = {
.type_desc = &nt_fw_content_pk,
.data = {
.ptr = (void *)content_pk_buf,
.len = (unsigned int)PK_DER_LEN
}
}
}
};
static const auth_img_desc_t non_trusted_fw_content_cert = {
.img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
.img_type = IMG_CERT,
.parent = &non_trusted_fw_key_cert,
.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_SIG,
.param.sig = {
.pk = &nt_fw_content_pk,
.sig = &sig,
.alg = &sig_alg,
.data = &raw_data
}
},
[1] = {
.type = AUTH_METHOD_NV_CTR,
.param.nv_ctr = {
.cert_nv_ctr = &non_trusted_nv_ctr,
.plat_nv_ctr = &non_trusted_nv_ctr
}
}
},
.authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
[0] = {
.type_desc = &nt_world_bl_hash,
.data = {
.ptr = (void *)nt_world_bl_hash_buf,
.len = (unsigned int)HASH_DER_LEN
}
},
[1] = {
.type_desc = &nt_fw_config_hash,
.data = {
.ptr = (void *)nt_fw_config_hash_buf,
.len = (unsigned int)HASH_DER_LEN
}
}
}
};
static const auth_img_desc_t bl33_image = {
.img_id = BL33_IMAGE_ID,
.img_type = IMG_RAW,
.parent = &non_trusted_fw_content_cert,
.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_HASH,
.param.hash = {
.data = &raw_data,
.hash = &nt_world_bl_hash
}
}
}
};
static const auth_img_desc_t * const cot_desc[] = {
[TRUSTED_KEY_CERT_ID] = &trusted_key_cert,
[NON_TRUSTED_FW_KEY_CERT_ID] = &non_trusted_fw_key_cert,
[NON_TRUSTED_FW_CONTENT_CERT_ID] = &non_trusted_fw_content_cert,
[BL33_IMAGE_ID] = &bl33_image,
};
/* Register the CoT in the authentication module */
REGISTER_COT(cot_desc);

2
include/arch/aarch64/arch_helpers.h
View File

@ -233,8 +233,10 @@ void dcsw_op_all(u_register_t op_type);
void disable_mmu_el1(void);
void disable_mmu_el3(void);
void disable_mpu_el2(void);
void disable_mmu_icache_el1(void);
void disable_mmu_icache_el3(void);
void disable_mpu_icache_el2(void);
/*******************************************************************************
* Misc. accessor prototypes

5
lib/xlat_mpu/xlat_mpu.h → include/lib/xlat_mpu/xlat_mpu.h
View File

@ -7,6 +7,10 @@
#ifndef XLAT_MPU_H
#define XLAT_MPU_H
#ifndef __ASSEMBLER__
#include <lib/cassert.h>
#define XLAT_TABLES_LIB_V2 1
void enable_mpu_el2(unsigned int flags);
@ -19,4 +23,5 @@ void enable_mpu_direct_el2(unsigned int flags);
*/
void clear_all_mpu_regions(void);
#endif /* __ASSEMBLER__ */
#endif /* XLAT_MPU_H */

13
include/plat/arm/board/fvp_r/fvp_r_bl1.h Normal file
View File

@ -0,0 +1,13 @@
/*
* Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef FVP_R_BL1_H
#define FVP_R_BL1_H
void bl1_load_bl33(void);
void bl1_transfer_bl33(void);
#endif /* FVP_R_BL1_H */

17
include/plat/arm/common/arm_def.h
View File

@ -321,31 +321,31 @@
/* Memory mapped Generic timer interfaces */
#ifdef PLAT_ARM_SYS_CNTCTL_BASE
#define ARM_SYS_CNTCTL_BASE PLAT_ARM_SYS_CNTCTL_BASE
#define ARM_SYS_CNTCTL_BASE PLAT_ARM_SYS_CNTCTL_BASE
#else
#define ARM_SYS_CNTCTL_BASE UL(0x2a430000)
#endif
#ifdef PLAT_ARM_SYS_CNTREAD_BASE
#define ARM_SYS_CNTREAD_BASE PLAT_ARM_SYS_CNTREAD_BASE
#define ARM_SYS_CNTREAD_BASE PLAT_ARM_SYS_CNTREAD_BASE
#else
#define ARM_SYS_CNTREAD_BASE UL(0x2a800000)
#endif
#ifdef PLAT_ARM_SYS_TIMCTL_BASE
#define ARM_SYS_TIMCTL_BASE PLAT_ARM_SYS_TIMCTL_BASE
#define ARM_SYS_TIMCTL_BASE PLAT_ARM_SYS_TIMCTL_BASE
#else
#define ARM_SYS_TIMCTL_BASE UL(0x2a810000)
#endif
#ifdef PLAT_ARM_SYS_CNT_BASE_S
#define ARM_SYS_CNT_BASE_S PLAT_ARM_SYS_CNT_BASE_S
#define ARM_SYS_CNT_BASE_S PLAT_ARM_SYS_CNT_BASE_S
#else
#define ARM_SYS_CNT_BASE_S UL(0x2a820000)
#endif
#ifdef PLAT_ARM_SYS_CNT_BASE_NS
#define ARM_SYS_CNT_BASE_NS PLAT_ARM_SYS_CNT_BASE_NS
#define ARM_SYS_CNT_BASE_NS PLAT_ARM_SYS_CNT_BASE_NS
#else
#define ARM_SYS_CNT_BASE_NS UL(0x2a830000)
#endif
@ -354,7 +354,7 @@
/* Trusted Watchdog constants */
#ifdef PLAT_ARM_SP805_TWDG_BASE
#define ARM_SP805_TWDG_BASE PLAT_ARM_SP805_TWDG_BASE
#define ARM_SP805_TWDG_BASE PLAT_ARM_SP805_TWDG_BASE
#else
#define ARM_SP805_TWDG_BASE UL(0x2a490000)
#endif
@ -415,9 +415,14 @@
* addresses.
******************************************************************************/
#define BL1_RO_BASE PLAT_ARM_TRUSTED_ROM_BASE
#ifdef PLAT_BL1_RO_LIMIT
#define BL1_RO_LIMIT PLAT_BL1_RO_LIMIT
#else
#define BL1_RO_LIMIT (PLAT_ARM_TRUSTED_ROM_BASE \
+ (PLAT_ARM_TRUSTED_ROM_SIZE - \
PLAT_ARM_MAX_ROMLIB_RO_SIZE))
#endif
/*
* Put BL1 RW at the top of the Trusted SRAM.
*/

2
lib/xlat_mpu/xlat_mpu_context.c
View File

@ -8,9 +8,9 @@
#include <common/debug.h>
#include "lib/xlat_mpu/xlat_mpu.h"
#include <lib/xlat_tables/xlat_tables_defs.h>
#include <lib/xlat_tables/xlat_tables_v2.h>
#include "xlat_mpu.h"
#include "xlat_mpu_private.h"
#include <fvp_r_arch_helpers.h>

2
make_helpers/tbbr/tbbr_tools.mk
View File

@ -68,8 +68,10 @@ $(if ${NON_TRUSTED_WORLD_KEY},$(eval $(call CERT_ADD_CMD_OPT,${NON_TRUSTED_WORLD
# Add the BL2 CoT (image cert)
ifeq (${BL2_AT_EL3}, 0)
ifneq (${PLAT},fvp_r)
$(eval $(call TOOL_ADD_PAYLOAD,${BUILD_PLAT}/tb_fw.crt,--tb-fw-cert))
endif
endif
# Add the SCP_BL2 CoT (key cert + img cert)
ifneq (${SCP_BL2},)

8
plat/arm/board/fvp_r/fvp_r_bl1_context_mgmt.c
View File

@ -75,20 +75,12 @@ void bl1_prepare_next_image(unsigned int image_id)
cm_set_context(&bl1_cpu_context[security_state], security_state);
}
/* Prepare the SPSR for the next BL image. */
if ((security_state != SECURE) && (el_implemented(2) != EL_IMPL_NONE)) {
mode = MODE_EL2;
}
next_bl_ep->spsr = (uint32_t)SPSR_64((uint64_t) mode,
(uint64_t)MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS);
/* Allow platform to make change */
bl1_plat_set_ep_info(image_id, next_bl_ep);
/* Prepare the context for the next BL image. */
cm_init_my_context(next_bl_ep);
cm_prepare_el2_exit(security_state);
/* Indicate that image is in execution state. */
desc->state = IMAGE_STATE_EXECUTED;

50
plat/arm/board/fvp_r/fvp_r_bl1_entrypoint.S
View File

@ -5,9 +5,13 @@
*/
#include <arch.h>
#include <asm_macros.S>
#include <common/bl_common.h>
#include <el2_common_macros.S>
#include <lib/xlat_mpu/xlat_mpu.h>
.globl bl1_entrypoint
.globl bl1_run_next_image
/* -----------------------------------------------------
@ -54,10 +58,38 @@ func bl1_entrypoint
*/
bl bl1_main
/* ---------------------------------------------
* Should never reach this point.
* ---------------------------------------------
*/
no_ret plat_panic_handler
endfunc bl1_entrypoint
func bl1_run_next_image
mov x20,x0
/* ---------------------------------------------
* MPU needs to be disabled because both BL1 and BL33 execute
* in EL2, and therefore share the same address space.
* BL33 will initialize the address space according to its
* own requirement.
* ---------------------------------------------
*/
bl disable_mpu_icache_el2
/* ---------------------------------------------
* Wipe clean and disable all MPU regions. This function expects
* that the MPU has already been turned off, and caching concerns
* addressed, but it also explicitly turns off the MPU.
* ---------------------------------------------
*/
bl clear_all_mpu_regions
#if ENABLE_PAUTH
/* --------------------------------------------------------------------
* Disable pointer authentication before jumping to next boot image.
* --------------------------------------------------------------------
/* ---------------------------------------------
* Disable pointer authentication before jumping
* to next boot image.
* ---------------------------------------------
*/
bl pauth_disable_el2
#endif /* ENABLE_PAUTH */
@ -66,5 +98,13 @@ func bl1_entrypoint
* Do the transition to next boot image.
* --------------------------------------------------
*/
b el2_exit
endfunc bl1_entrypoint
ldp x0, x1, [x20, #ENTRY_POINT_INFO_PC_OFFSET]
msr elr_el2, x0
msr spsr_el2, x1
ldp x6, x7, [x20, #(ENTRY_POINT_INFO_ARGS_OFFSET + 0x30)]
ldp x4, x5, [x20, #(ENTRY_POINT_INFO_ARGS_OFFSET + 0x20)]
ldp x2, x3, [x20, #(ENTRY_POINT_INFO_ARGS_OFFSET + 0x10)]
ldp x0, x1, [x20, #(ENTRY_POINT_INFO_ARGS_OFFSET + 0x0)]
exception_return
endfunc bl1_run_next_image

81
plat/arm/board/fvp_r/fvp_r_bl1_main.c
View File

@ -19,11 +19,83 @@
#include <lib/utils.h>
#include <smccc_helpers.h>
#include <tools_share/uuid.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
#include <platform_def.h>
void bl1_run_next_image(const struct entry_point_info *bl_ep_info);
/*******************************************************************************
* Function to perform late architectural and platform specific initialization.
* It also queries the platform to load and run next BL image. Only called
* by the primary cpu after a cold boot.
******************************************************************************/
void bl1_transfer_bl33(void)
{
unsigned int image_id;
/* Get the image id of next image to load and run. */
image_id = bl1_plat_get_next_image_id();
#if ENABLE_PAUTH
/*
* Disable pointer authentication before running next boot image
*/
pauth_disable_el2();
#endif /* ENABLE_PAUTH */
#if !ARM_DISABLE_TRUSTED_WDOG
/* Disable watchdog before leaving BL1 */
plat_arm_secure_wdt_stop();
#endif
bl1_run_next_image(&bl1_plat_get_image_desc(image_id)->ep_info);
}
/*******************************************************************************
* This function locates and loads the BL33 raw binary image in the trusted SRAM.
* Called by the primary cpu after a cold boot.
* TODO: Add support for alternative image load mechanism e.g using virtio/elf
* loader etc.
******************************************************************************/
void bl1_load_bl33(void)
{
image_desc_t *desc;
image_info_t *info;
int err;
/* Get the image descriptor */
desc = bl1_plat_get_image_desc(BL33_IMAGE_ID);
assert(desc != NULL);
/* Get the image info */
info = &desc->image_info;
INFO("BL1: Loading BL33\n");
err = bl1_plat_handle_pre_image_load(BL33_IMAGE_ID);
if (err != 0) {
ERROR("Failure in pre image load handling of BL33 (%d)\n", err);
plat_error_handler(err);
}
err = load_auth_image(BL33_IMAGE_ID, info);
if (err != 0) {
ERROR("Failed to load BL33 firmware.\n");
plat_error_handler(err);
}
/* Allow platform to handle image information. */
err = bl1_plat_handle_post_image_load(BL33_IMAGE_ID);
if (err != 0) {
ERROR("Failure in post image load handling of BL33 (%d)\n", err);
plat_error_handler(err);
}
NOTICE("BL1: Booting BL33\n");
}
static void bl1_load_bl2(void);
#if ENABLE_PAUTH
@ -112,11 +184,11 @@ void bl1_main(void)
if (val != 0) {
assert(SIZE_FROM_LOG2_WORDS(val) == CACHE_WRITEBACK_GRANULE);
} else {
assert(CACHE_WRITEBACK_GRANULE <= MAX_CACHE_LINE_SIZE);
assert(MAX_CACHE_LINE_SIZE >= CACHE_WRITEBACK_GRANULE);
}
#endif /* ENABLE_ASSERTIONS */
/* Perform remaining generic architectural setup from EL2 */
/* Perform remaining generic architectural setup from ELmax */
bl1_arch_setup();
#if TRUSTED_BOARD_BOOT
@ -142,12 +214,17 @@ void bl1_main(void)
*/
if (image_id == BL2_IMAGE_ID) {
bl1_load_bl2();
} else if (image_id == BL33_IMAGE_ID) {
bl1_load_bl33();
} else {
NOTICE("BL1-FWU: *******FWU Process Started*******\n");
}
bl1_prepare_next_image(image_id);
console_flush();
bl1_transfer_bl33();
}
/*******************************************************************************

102
plat/arm/board/fvp_r/fvp_r_bl1_setup.c
View File

@ -13,13 +13,14 @@
#include <bl1/bl1.h>
#include <common/tbbr/tbbr_img_def.h>
#include <drivers/arm/sp805.h>
#include <lib/fconf/fconf.h>
#include <lib/fconf/fconf_dyn_cfg_getter.h>
#include "fvp_r_private.h"
#include <plat/arm/common/arm_config.h>
#include <plat/arm/common/arm_def.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
#include <platform_def.h>
#define MAP_BL1_TOTAL MAP_REGION_FLAT( \
@ -71,6 +72,9 @@ void arm_bl1_early_platform_setup(void)
bl1_tzram_layout.total_size = ARM_BL_RAM_SIZE;
}
/* Boolean variable to hold condition whether firmware update needed or not */
static bool is_fwu_needed;
/*******************************************************************************
* Perform any BL1 specific platform actions.
******************************************************************************/
@ -130,6 +134,44 @@ void plat_arm_secure_wdt_stop(void)
sp805_stop(ARM_SP805_TWDG_BASE);
}
/*
* Perform the platform specific architecture setup shared between
* ARM standard platforms.
*/
void arm_bl1_platform_setup(void)
{
image_desc_t *desc;
uint32_t fw_config_max_size;
/* Initialise the IO layer and register platform IO devices */
plat_arm_io_setup();
/* Check if we need FWU before further processing */
is_fwu_needed = plat_arm_bl1_fwu_needed();
if (is_fwu_needed) {
ERROR("Skip platform setup as FWU detected\n");
return;
}
/* Set global DTB info for fixed fw_config information */
fw_config_max_size = ARM_FW_CONFIG_LIMIT - ARM_FW_CONFIG_BASE;
set_config_info(ARM_FW_CONFIG_BASE, fw_config_max_size, FW_CONFIG_ID);
desc = bl1_plat_get_image_desc(BL33_IMAGE_ID);
assert(desc != NULL);
/*
* Allow access to the System counter timer module and program
* counter frequency for non secure images during FWU
*/
#ifdef ARM_SYS_TIMCTL_BASE
arm_configure_sys_timer();
#endif
#if (ARM_ARCH_MAJOR > 7) || defined(ARMV7_SUPPORTS_GENERIC_TIMER)
write_cntfrq_el0(plat_get_syscnt_freq2());
#endif
}
void bl1_platform_setup(void)
{
arm_bl1_platform_setup();
@ -147,3 +189,61 @@ __dead2 void bl1_plat_fwu_done(void *client_cookie, void *reserved)
wfi();
}
}
unsigned int bl1_plat_get_next_image_id(void)
{
return is_fwu_needed ? NS_BL1U_IMAGE_ID : BL33_IMAGE_ID;
}
/*
* Returns BL33 image details.
*/
struct image_desc *bl1_plat_get_image_desc(unsigned int image_id)
{
static image_desc_t bl33_img_desc = BL33_IMAGE_DESC;
return &bl33_img_desc;
}
/*
* This function populates the default arguments to BL33.
* The BL33 memory layout structure is allocated and the
* calculated layout is populated in arg1 to BL33.
*/
int bl1_plat_handle_post_image_load(unsigned int image_id)
{
meminfo_t *bl33_secram_layout;
meminfo_t *bl1_secram_layout;
image_desc_t *image_desc;
entry_point_info_t *ep_info;
if (image_id != BL33_IMAGE_ID) {
return 0;
}
/* Get the image descriptor */
image_desc = bl1_plat_get_image_desc(BL33_IMAGE_ID);
assert(image_desc != NULL);
/* Get the entry point info */
ep_info = &image_desc->ep_info;
/* Find out how much free trusted ram remains after BL1 load */
bl1_secram_layout = bl1_plat_sec_mem_layout();
/*
* Create a new layout of memory for BL33 as seen by BL1 i.e.
* tell it the amount of total and free memory available.
* This layout is created at the first free address visible
* to BL33. BL33 will read the memory layout before using its
* memory for other purposes.
*/
bl33_secram_layout = (meminfo_t *) bl1_secram_layout->total_base;
bl1_calc_bl2_mem_layout(bl1_secram_layout, bl33_secram_layout);
ep_info->args.arg1 = (uintptr_t)bl33_secram_layout;
VERBOSE("BL1: BL3 memory layout address = %p\n",
(void *) bl33_secram_layout);
return 0;
}

2
plat/arm/board/fvp_r/fvp_r_common.c
View File

@ -73,8 +73,6 @@ const mmap_region_t plat_arm_mmap[] = {
#if TRUSTED_BOARD_BOOT
/* To access the Root of Trust Public Key registers. */
MAP_DEVICE2,
/* Map DRAM to authenticate NS_BL2U image. */
ARM_MAP_NS_DRAM1,
#endif
{0}
};

4
plat/arm/board/fvp_r/fvp_r_err.c
View File

@ -24,8 +24,8 @@ __dead2 void plat_arm_error_handler(int err)
case -EAUTH:
/* Image load or authentication error. Erase the ToC */
INFO("Erasing FIP ToC from flash...\n");
(void)nor_unlock(PLAT_ARM_FIP_BASE);
ret = nor_word_program(PLAT_ARM_FIP_BASE, 0);
(void)nor_unlock(PLAT_ARM_FLASH_IMAGE_BASE);
ret = nor_word_program(PLAT_ARM_FLASH_IMAGE_BASE, 0);
if (ret != 0) {
ERROR("Cannot erase ToC\n");
} else {

16
plat/arm/board/fvp_r/fvp_r_io_storage.c
View File

@ -15,17 +15,11 @@
#include <plat/common/common_def.h>
/* Semihosting filenames */
#define TB_FW_CONFIG_NAME "fvp_tb_fw_config.dtb"
#define HW_CONFIG_NAME "hw_config.dtb"
#define BL33_IMAGE_NAME "bl33.bin"
#if TRUSTED_BOARD_BOOT
#define TRUSTED_BOOT_FW_CERT_NAME "tb_fw.crt"
#define TRUSTED_KEY_CERT_NAME "trusted_key.crt"
#define SOC_FW_KEY_CERT_NAME "soc_fw_key.crt"
#define TOS_FW_KEY_CERT_NAME "tos_fw_key.crt"
#define NT_FW_KEY_CERT_NAME "nt_fw_key.crt"
#define SOC_FW_CONTENT_CERT_NAME "soc_fw_content.crt"
#define TOS_FW_CONTENT_CERT_NAME "tos_fw_content.crt"
#define NT_FW_CONTENT_CERT_NAME "nt_fw_content.crt"
#endif /* TRUSTED_BOARD_BOOT */
@ -34,12 +28,8 @@ static const io_dev_connector_t *sh_dev_con;
static uintptr_t sh_dev_handle;
static const io_file_spec_t sh_file_spec[] = {
[TB_FW_CONFIG_ID] = {
.path = TB_FW_CONFIG_NAME,
.mode = FOPEN_MODE_RB
},
[HW_CONFIG_ID] = {
.path = HW_CONFIG_NAME,
[BL33_IMAGE_ID] = {
.path = BL33_IMAGE_NAME,
.mode = FOPEN_MODE_RB
},
#if TRUSTED_BOARD_BOOT

45
plat/arm/board/fvp_r/include/platform_def.h
View File

@ -9,6 +9,18 @@
#define PLAT_V2M_OFFSET 0x80000000
#define BL33_IMAGE_DESC { \
.image_id = BL33_IMAGE_ID, \
SET_STATIC_PARAM_HEAD(image_info, PARAM_EP, \
VERSION_2, image_info_t, 0), \
.image_info.image_base = PLAT_ARM_DRAM1_BASE + 0x1000, \
.image_info.image_max_size = UL(0x3ffff000), \
SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP, \
VERSION_2, entry_point_info_t, SECURE | EXECUTABLE),\
.ep_info.pc = PLAT_ARM_DRAM1_BASE + 0x1000, \
.ep_info.spsr = SPSR_64(MODE_EL2, MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS), \
}
#include "../fvp_r_def.h"
#include <drivers/arm/tzc400.h>
#include <lib/utils_def.h>
@ -60,12 +72,16 @@
#define PLAT_ARM_TRUSTED_DRAM_SIZE UL(0x02000000) /* 32 MB */
/* These two are defined thus in arm_def.h, but doesn't seem to see it... */
#undef BL1_RO_BASE
#define BL1_RO_BASE PLAT_ARM_TRUSTED_ROM_BASE
#undef BL1_RO_LIMIT
#define BL1_RO_LIMIT (BL1_RO_BASE \
#define PLAT_BL1_RO_LIMIT (BL1_RO_BASE \
+ PLAT_ARM_TRUSTED_ROM_SIZE)
#define PLAT_ARM_SYS_CNTCTL_BASE UL(0xaa430000)
#define PLAT_ARM_SYS_CNTREAD_BASE UL(0xaa800000)
#define PLAT_ARM_SYS_TIMCTL_BASE UL(0xaa810000)
#define PLAT_ARM_SYS_CNT_BASE_S UL(0xaa820000)
#define PLAT_ARM_SYS_CNT_BASE_NS UL(0xaa830000)
#define PLAT_ARM_SP805_TWDG_BASE UL(0xaa490000)
/* virtual address used by dynamic mem_protect for chunk_base */
#define PLAT_ARM_MEM_PROTEC_VA_FRAME UL(0xc0000000)
@ -84,9 +100,10 @@
#define V2M_FVP_R_SYSREGS_BASE UL(0x9c010000)
/*
* Load address of BL33 for this platform port
* Load address of BL33 for this platform port,
* U-Boot specifically must be loaded at a 4K aligned address.
*/
#define PLAT_ARM_NS_IMAGE_BASE (ARM_DRAM1_BASE + UL(0x8000000))
#define PLAT_ARM_NS_IMAGE_BASE (PLAT_ARM_DRAM1_BASE + 0x1000)
/*
* PLAT_ARM_MMAP_ENTRIES depends on the number of entries in the
@ -103,13 +120,6 @@
# define ALL_MPU_EL2_REGIONS_USED 0xffffffff
/* this is the PRENR_EL2 value if all MPU regions are in use */
/*
* These nominally reserve the last block of flash for PSCI MEM PROTECT flag,
* but no PSCI in FVP_R platform, so reserve nothing:
*/
#define PLAT_ARM_FLASH_IMAGE_BASE V2M_FLASH0_BASE
#define PLAT_ARM_FLASH_IMAGE_MAX_SIZE 0
/*
* PLAT_ARM_MAX_BL1_RW_SIZE is calculated using the current BL1 RW debug size
* plus a little space for growth.
@ -165,9 +175,12 @@
#define MAX_IO_DEVICES 3
#define MAX_IO_HANDLES 4
/* Reserve the last block of flash for PSCI MEM PROTECT flag */
#define PLAT_ARM_FIP_BASE V2M_FLASH0_BASE
#define PLAT_ARM_FIP_MAX_SIZE (V2M_FLASH0_SIZE - V2M_FLASH_BLOCK_SIZE)
/*
* These nominally reserve the last block of flash for PSCI MEM PROTECT flag,
* but no PSCI in FVP_R platform, so reserve nothing:
*/
#define PLAT_ARM_FLASH_IMAGE_BASE (PLAT_ARM_DRAM1_BASE + UL(0x40000000))
#define PLAT_ARM_FLASH_IMAGE_MAX_SIZE (PLAT_ARM_DRAM1_SIZE - UL(0x40000000))
#define PLAT_ARM_NVM_BASE V2M_FLASH0_BASE
#define PLAT_ARM_NVM_SIZE (V2M_FLASH0_SIZE - V2M_FLASH_BLOCK_SIZE)

39
plat/arm/board/fvp_r/platform.mk
View File

@ -11,7 +11,8 @@ ARCH := aarch64
override NEED_BL2 := no
override NEED_BL2U := no
override NEED_BL31 := no
override NEED_BL33 := no
override CTX_INCLUDE_AARCH32_REGS := 0
# Default cluster count for FVP_R
FVP_R_CLUSTER_COUNT := 2
@ -25,9 +26,6 @@ FVP_R_MAX_PE_PER_CPU := 1
# Use MPU-based memory management:
XLAT_MPU_LIB_V1 := 1
# Need to revisit this for FVP_R
FVP_R_DT_PREFIX := fvp-base-gicv3-psci
# Pass FVP_R_CLUSTER_COUNT to the build system.
$(eval $(call add_define,FVP_R_CLUSTER_COUNT))
@ -87,7 +85,7 @@ BL1_SOURCES += drivers/arm/sp805/sp805.c \
plat/arm/board/fvp_r/fvp_r_bl1_context_mgmt.c \
plat/arm/board/fvp_r/fvp_r_bl1_entrypoint.S \
plat/arm/board/fvp_r/fvp_r_bl1_exceptions.S \
plat/arm/board/fvp_r/fvp_r_bl1_main.c \
plat/arm/board/fvp_r/fvp_r_bl1_main.c \
plat/arm/board/fvp_r/fvp_r_context.S \
plat/arm/board/fvp_r/fvp_r_debug.S \
plat/arm/board/fvp_r/fvp_r_helpers.S \
@ -115,28 +113,13 @@ ifneq (${BL2_AT_EL3}, 0)
override BL1_SOURCES =
endif
# Add the FDT_SOURCES and options for Dynamic Config (only for Unix env)
ifdef UNIX_MK
FVP_R_HW_CONFIG_DTS := fdts/${FVP_R_DT_PREFIX}.dts
FDT_SOURCES += $(addprefix plat/arm/board/fvp_r/fdts/, \
${PLAT}_fw_config.dts \
${PLAT}_nt_fw_config.dts \
)
FVP_R_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb
FVP_R_NT_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_nt_fw_config.dtb
# Add the FW_CONFIG to FIP and specify the same to certtool
$(eval $(call TOOL_ADD_PAYLOAD,${FVP_R_FW_CONFIG},--fw-config,${FVP_R_FW_CONFIG}))
# Add the NT_FW_CONFIG to FIP and specify the same to certtool
$(eval $(call TOOL_ADD_PAYLOAD,${FVP_R_NT_FW_CONFIG},--nt-fw-config,${FVP_R_NT_FW_CONFIG}))
FDT_SOURCES += ${FVP_R_HW_CONFIG_DTS}
$(eval FVP_R_HW_CONFIG := ${BUILD_PLAT}/$(patsubst %.dts,%.dtb,$(FVP_R_HW_CONFIG_DTS)))
# Add the HW_CONFIG to FIP and specify the same to certtool
$(eval $(call TOOL_ADD_PAYLOAD,${FVP_R_HW_CONFIG},--hw-config,${FVP_R_HW_CONFIG}))
endif
include plat/arm/board/common/board_common.mk
include plat/arm/common/arm_common.mk
ifeq (${TRUSTED_BOARD_BOOT}, 1)
BL1_SOURCES += plat/arm/board/fvp_r/fvp_r_trusted_boot.c
# FVP being a development platform, enable capability to disable Authentication
# dynamically if TRUSTED_BOARD_BOOT is set.
DYN_DISABLE_AUTH := 1
endif

4
plat/arm/common/arm_bl1_fwu.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@ -16,6 +16,8 @@
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
#pragma weak bl1_plat_get_image_desc
/* Struct to keep track of usable memory */
typedef struct bl1_mem_info {
uintptr_t mem_base;

1
plat/arm/common/arm_bl1_setup.c
View File

@ -27,6 +27,7 @@
#pragma weak bl1_plat_get_next_image_id
#pragma weak plat_arm_bl1_fwu_needed
#pragma weak arm_bl1_plat_arch_setup
#pragma weak arm_bl1_platform_setup
#define MAP_BL1_TOTAL MAP_REGION_FLAT( \
bl1_tzram_layout.total_base, \

7
plat/arm/common/arm_common.mk
View File

@ -355,8 +355,13 @@ ifneq (${TRUSTED_BOARD_BOOT},0)
# Include the selected chain of trust sources.
ifeq (${COT},tbbr)
BL1_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c \
ifeq (${PLAT},fvp_r)
BL1_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c \
drivers/auth/tbbr/tbbr_cot_bl1_r64.c
else
BL1_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c \
drivers/auth/tbbr/tbbr_cot_bl1.c
endif
ifneq (${COT_DESC_IN_DTB},0)
BL2_SOURCES += lib/fconf/fconf_cot_getter.c
else