For the first partition, mark first 2GB as device memory excluding
the Trusted DRAM region reserved for the SPMC.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I3ff110b3facf5b6d41ac2519ff6ca5e30a0a502b
According to [1] and in context of FF-A v1.0 a secure partition must
have either one EC (migratable UP) or a number of ECs equal to the
number of PEs (pinned MP). Adjust the SPMC manifest such that the
number of ECs is equal to the number of PEs.
[1] https://trustedfirmware-a.readthedocs.io/en/latest/components/
secure-partition-manager.html#platform-topology
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ie8c7d96ae7107cb27f5b97882d8f476c18e026d4
UUID's in the device tree files were stored in little endian. So
to keep all entries in these files RFC 4122 compliant, store them in
big endian then convert it to little endian when they are read so they
can be used in the UUID data structure.
Signed-off-by: Ruari Phipps <ruari.phipps@arm.com>
Change-Id: I5674159b82b245104381df10a4e3291160d9b3b5
Add information about the third partition so it can be loaded into SPM
when running the tests
Signed-off-by: Ruari Phipps <ruari.phipps@arm.com>
Change-Id: I5544e88df391ef294ddf6b5750d468d3e74892b1
For supporting dualroot CoT for Secure Partitions a new optional field
"owner" is introduced which will be used to sign the SP with
corresponding signing domain. To demonstrate its usage, this patch adds
owners to cactus Secure Partitions.
Signed-off-by: Ruari Phipps <ruari.phipps@arm.com>
Change-Id: I7b760580355fc92edf5402cecc38c38125dc1cae
Provide manifest and build options to boot OP-TEE as a
guest S-EL1 Secure Partition on top of Hafnium in S-EL2.
Increase ARM_SP_MAX_SIZE to cope with OP-TEE debug build image.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Idd2686fa689a78fe2d05ed92b1d23c65e2edd4cb
This patch adds support for Measured Boot functionality
to FVP platform code. It also defines new properties
in 'tpm_event_log' node to store Event Log address and
it size
'tpm_event_log_sm_addr'
'tpm_event_log_addr'
'tpm_event_log_size'
in 'event_log.dtsi' included in 'fvp_tsp_fw_config.dts'
and 'fvp_nt_fw_config.dts'. The node and its properties
are described in binding document
'docs\components\measured_boot\event_log.rst'.
Change-Id: I087e1423afcb269d6cfe79c1af9c348931991292
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Included cot_descriptors.dtsi in platform device tree
(fvp_tb_fw_config.dts).
Also, updated the maximum size of tb_fw_config to 0x1800
in order to accomodate the device tree for CoT descriptors.
Follow up patch will parse the device tree for these CoT descriptors
and fill the CoT descriptor structures at runtime instead of using
static CoT descriptor structures in the code base.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I90122bc713f6842b82fb019b04caf42629b4f45a
Passed the address of fw_config instead of soc_fw_config
as arg1 to BL31 from BL2 for ARM fvp platform.
BL31 then retrieve load-address of other device trees
from fw_config device tree.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ib7e9581cd765d76111dcc3b7e0dafc12503c83c1
Moved BL2 configuration nodes from fw_config to newly
created tb_fw_config device tree.
fw_config device tree's main usage is to hold properties shared
across all BLx images.
An example is the "dtb-registry" node, which contains the
information about the other device tree configurations
(load-address, size).
Also, Updated load-address of tb_fw_config which is now located
after fw_config in SRAM.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ic398c86a4d822dacd55b5e25fd41d4fe3888d79a
A new certificate "sip-sp-cert" has been added for Silicon Provider(SiP)
owned Secure Partitions(SP). A similar support for Platform owned SP can
be added in future. The certificate is also protected against anti-
rollback using the trusted Non-Volatile counter.
To avoid deviating from TBBR spec, support for SP CoT is only provided
in dualroot.
Secure Partition content certificate is assigned image ID 31 and SP
images follows after it.
The CoT for secure partition look like below.
+------------------+ +-------------------+
| ROTPK/ROTPK Hash |------>| Trusted Key |
+------------------+ | Certificate |
| (Auth Image) |
/+-------------------+
/ |
/ |
/ |
/ |
L v
+------------------+ +-------------------+
| Trusted World |------>| SiP owned SPs |
| Public Key | | Content Cert |
+------------------+ | (Auth Image) |
/ +-------------------+
/ |
/ v|
+------------------+ L +-------------------+
| SP_PKG1 Hash |------>| SP_PKG1 |
| | | (Data Image) |
+------------------+ +-------------------+
. .
. .
. .
+------------------+ +-------------------+
| SP_PKG8 Hash |------>| SP_PKG8 |
| | | (Data Image) |
+------------------+ +-------------------+
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ia31546bac1327a3e0b5d37e8b99c808442d5e53f
As per "include/export/README", TF-A code should never include export
headers directly. Instead, it should include a wrapper header that
ensures the export header is included in the right manner.
"tbbr_img_def_exp.h" is directly included in TF-A code, this patch
replaces it with its wrapper header "tbbr_img_def.h".
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I31c1a42e6a7bcac4c396bb17e8548567ecd8147d
SPCI is renamed as PSA FF-A which stands for Platform Security
Architecture Firmware Framework for A class processors.
This patch replaces the occurrence of SPCI with PSA FF-A(in documents)
or simply FFA(in code).
Change-Id: I4ab10adb9ffeef1ff784641dfafd99f515133760
Signed-off-by: J-Alves <joao.alves@arm.com>
Dynamic configuration properties are fconf properties. Modify the
compatible string from "arm,.." to "fconf,.." to reflect this.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Change-Id: I85eb75cf877c5f4d3feea3936d4c348ca843bc6c
This patch provides support for measured boot by adding calculation
of BL2 image hash in BL1 and writing these data in TB_FW_CONFIG DTB.
Change-Id: Ic074a7ed19b14956719c271c805b35d147b7cec1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
To demonstrate communication between SP's two instances of Cactus at
S-EL1 has been used.
This patch replaces Ivy SP with cactus-secondary SP which aligns with
changes in tf-a-tests repository.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Iee84f1f7f023b7c4f23fbc13682a42614a7f3707
When using the SPM Dispatcher, the SPMC sits as a BL32 component
(BL32_IMAGE_ID). The SPMC manifest is passed as the TOS fw config
component (TOS_FW_CONFIG_ID). It defines platform specific attributes
(memory range and physical CPU layout) as well as the attributes for
each secure partition (mostly load address). This manifest is passed
to the SPMC on boot up. An SP package contains the SP dtb in the SPCI
defined partition manifest format. As the SPMC manifest was enriched
it needs an increase of tos_fw-config max-size in fvp_fw_config dts.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ia1dce00c6c4cbaa118fa56617980d32e2956a94e
Merge the previously introduced arm_fconf_io_storage into arm_io_storage. This
removes the duplicate io_policies and functions definition.
This patch:
- replace arm_io_storage.c with the content of arm_fconf_io_storage.c
- rename the USE_FCONF_BASED_IO option into ARM_IO_IN_DTB.
- use the ARM_IO_IN_DTB option to compile out io_policies moved in dtb.
- propagate DEFINES when parsing dts.
- use ARM_IO_IN_DTB to include or not uuid nodes in fw_config dtb.
- set the ARM_IO_IN_DTB to 0 by default for fvp. This ensure that the behavior
of fvp stays the same as it was before the introduction of fconf.
Change-Id: Ia774a96d1d3a2bccad29f7ce2e2b4c21b26c080e
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
This patch introduces the `SPCI_ID_GET` interface which will return the
ID of the calling SPCI component. Returns 0 for requests from the
non-secure world and the SPCI component ID as specified in the manifest
for secure world requests.
Change-Id: Icf81eb1d0e1d7d5c521571e04972b6e2d356e0d1
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Added SPMD_SPM_AT_SEL2 build command line parameter.
Set to 1 to run SPM at S-EL2.
Set to 0 to run SPM at S-EL1 (pre-v8.4 or S-EL2 is disabled).
Removed runtime EL from SPM core manifest.
Change-Id: Icb4f5ea4c800f266880db1d410d63fe27a1171c0
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Add load address and UUID in fw config dts for Cactus and Ivy which are
example SP's in tf-test repository.
For prototype purpose these information is added manually but later on
it will be updated at compile time from SP layout file and SP manifests
provided by platform.
Change-Id: I41f485e0245d882c7b514bad41fae34036597ce4
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
This patch repurposes the TOS FW configuration file as the manifest for
the SPM core component which will reside at the secure EL adjacent to
EL3. The SPM dispatcher component will use the manifest to determine how
the core component must be initialised. Routines and data structure to
parse the manifest have also been added.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Change-Id: Id94f8ece43b4e05609f0a1d364708a912f6203cb
Use the firmware configuration framework to store the io_policies
information inside the configuration device tree instead of the static
structure in the code base.
The io_policies required by BL1 can't be inside the dtb, as this one is
loaded by BL1, and only available at BL2.
This change currently only applies to FVP platform.
Change-Id: Ic9c1ac3931a4a136aa36f7f58f66d3764c1bfca1
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
This patch introduces a better separation between the trusted-boot
related properties, and the dynamic configuration DTBs loading
information.
The dynamic configuration DTBs properties are moved to a new node:
`dtb-registry`. All the sub-nodes present will be provided to the
dynamic config framework to be loaded. The node currently only contains
the already defined configuration DTBs, but can be extended for future
features if necessary.
The dynamic config framework is modified to use the abstraction provided
by the fconf framework, instead of directly accessing the DTBs.
The trusted-boot properties are kept under the "arm,tb_fw" compatible
string, but in a separate `tb_fw-config` node.
The `tb_fw-config` property of the `dtb-registry` node simply points
to the load address of `fw_config`, as the `tb_fw-config` is currently
part of the same DTB.
Change-Id: Iceb6c4c2cb92b692b6e28dbdc9fb060f1c46de82
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
This patch introduces the shared Mbed TLS heap optimisation for Arm
platforms. The objective is the Mbed TLS heap to be shared between BL1
and BL2 so as to not allocate the heap memory twice. To achieve that,
the patch introduces all the necessary helpers for implementing this
optimisation. It also applies it for FVP.
Change-Id: I6d85eaa1361517b7490956b2ac50f5fa0d0bb008
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
Set the ability to dynamically disable Trusted Boot Board
authentication to be off by default
Change-Id: Ibd2aa179179f7d9b0e7731c6e450f200a8c67529
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
This patch adds soc_fw_config, tos_fw_config and nt_fw_config to the FVP.
The config files are placeholders and do not have any useful bindings
defined. The tos_fw_config is packaged in FIP and loaded by BL2 only
if SPD=tspd. The load address of these configs are specified in tb_fw_config
via new bindings defined for these configs. Currently, in FVP, the
soc_fw_config and tos_fw_config is loaded in the page between BL2_BASE
and ARM_SHARED_RAM. This memory was typically used for BL32 when
ARM_TSP_RAM_LOCATION=tsram but since we cannot fit BL32 in that
space anymore, it should be safe to use this memory for these configs.
There is also a runtime check in arm_bl2_dyn_cfg_init() which ensures
that this overlap doesn't happen.
The previous arm_dyn_get_hwconfig_info() is modified to accept configs
other than hw_config and hence renamed to arm_dyn_get_config_load_info().
The patch also corrects the definition of ARM_TB_FW_CONFIG_LIMIT to be
BL2_BASE.
Change-Id: I03a137d9fa1f92c862c254be808b8330cfd17a5a
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch adds capability to FVP to disable authentication dynamically
via the `disable_auth` property in TB_FW_CONFIG. Both BL1 and BL2 parses
the TB_FW_CONFIG for the `disable_auth` property and invokes the
`load_dyn_disable_auth()` API to disable authentication if the
property is set to 1. The DYN_DISABLE_AUTH is enabled by default for
FVP as it is a development platform. Note that the TB_FW_CONFIG has to
be authenticated by BL1 irrespective of these settings.
The arm_bl2_dyn_cfg_init() is now earlier in bl2_plat_preload_setup()
rather than in bl2_platform_setup() as we need to get the value of
`disable_auth` property prior to authentication of any image by BL2.
Change-Id: I734acd59572849793e5020ec44c6ac51f654a4d1
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch adds TB_FW_CONFIG for FVP and allows FVP
to select the appropriate HW_CONFIG to include in the
fip. The HW_CONFIG for FVP is selected via `FVP_HW_CONFIG_DTS`
build option. The TB_FW_CONFIG specifies the load address of
HW_CONFIG to BL2. Since currently the load address is different
between AARCH32 and AARCH64, 2 separate TB_FW_CONFIGs are
maintained for the 2 modes.
Change-Id: Ide8581e752dfa900087f5895c775073c841c0daf
Signed-Off-By: Soby Mathew <soby.mathew@arm.com>
Olivier Deprez
Manish Pandey
Ruari Phipps
Alexei Fedorov
Manish V Badarkhe
J-Alves
Louis Mayencourt
Mark Dykes
Max Shvetsov
Sandrine Bailleux
Achin Gupta
John Tsichritzis
Daniel Boulby
Soby Mathew