chore(auth)!: remove CryptoCell-712/713 support
CryptoCell-712 and CryptoCell-713 drivers have been deprecated since
TF-A v2.9 and their removal was announced for TF-A v2.10 release.
See [1].
As the release is approaching, this patch deletes these drivers' code as
well as all references to them in the documentation and Arm platforms
code (Nuvoton platform is taken care in a subsequent patch). Associated
build options (ARM_CRYPTOCELL_INTEG and PLAT_CRYPTOCELL_BASE) have also
been removed and thus will have no effect if defined.
This is a breaking change for downstream platforms which use these
drivers.
[1] https://trustedfirmware-a.readthedocs.io/en/v2.9/about/release-information.html#removal-of-deprecated-drivers
Note that TF-A v3.0 release later got renumbered into v2.10.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Idabbc9115f6732ac1a0e52b273d3380677a39813
diff --git a/plat/arm/board/common/board_arm_trusted_boot.c b/plat/arm/board/common/board_arm_trusted_boot.c
index c4f15dd..655a4d2 100644
--- a/plat/arm/board/common/board_arm_trusted_boot.c
+++ b/plat/arm/board/common/board_arm_trusted_boot.c
@@ -9,7 +9,6 @@
#include <string.h>
#include <common/debug.h>
-#include <drivers/arm/cryptocell/cc_rotpk.h>
#include <drivers/delay_timer.h>
#include <lib/cassert.h>
#include <lib/fconf/fconf.h>
@@ -27,11 +26,9 @@
#include <plat/arm/common/plat_arm.h>
#include <platform_def.h>
-#if !ARM_CRYPTOCELL_INTEG
#if !ARM_ROTPK_LOCATION_ID
#error "ARM_ROTPK_LOCATION_ID not defined"
#endif
-#endif
#if COT_DESC_IN_DTB && defined(IMAGE_BL2)
uintptr_t nv_cntr_base_addr[MAX_NV_CTR_IDS];
@@ -50,7 +47,7 @@
extern unsigned char arm_rotpk_header[], arm_rotpk_key[], arm_rotpk_hash_end[],
arm_rotpk_key_end[];
-#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID) || ARM_CRYPTOCELL_INTEG
+#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID)
static unsigned char rotpk_hash_der[ARM_ROTPK_HEADER_LEN + ARM_ROTPK_HASH_LEN];
#endif
@@ -117,38 +114,12 @@
}
#endif
-#if ARM_CRYPTOCELL_INTEG
-/*
- * Return ROTPK hash from CryptoCell.
- */
-int arm_get_rotpk_info_cc(void **key_ptr, unsigned int *key_len,
- unsigned int *flags)
-{
- unsigned char *dst;
-
- assert(key_ptr != NULL);
- assert(key_len != NULL);
- assert(flags != NULL);
-
- /* Copy the DER header */
- memcpy(rotpk_hash_der, arm_rotpk_header, ARM_ROTPK_HEADER_LEN);
- dst = &rotpk_hash_der[ARM_ROTPK_HEADER_LEN];
- *key_ptr = rotpk_hash_der;
- *key_len = sizeof(rotpk_hash_der);
- return cc_get_rotpk_hash(dst, ARM_ROTPK_HASH_LEN, flags);
-}
-#endif
-
/*
* Wrapper function for most Arm platforms to get ROTPK info.
*/
static int get_rotpk_info(void **key_ptr, unsigned int *key_len,
unsigned int *flags)
{
-#if ARM_CRYPTOCELL_INTEG
- return arm_get_rotpk_info_cc(key_ptr, key_len, flags);
-#else
-
#if ARM_USE_DEVEL_ROTPK
return arm_get_rotpk_info_dev(key_ptr, key_len, flags);
#elif (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID)
@@ -156,7 +127,6 @@
#else
return 1;
#endif
-#endif /* ARM_CRYPTOCELL_INTEG */
}
#if defined(ARM_COT_tbbr)
diff --git a/plat/arm/board/common/board_common.mk b/plat/arm/board/common/board_common.mk
index cbdbf70..365a960 100644
--- a/plat/arm/board/common/board_common.mk
+++ b/plat/arm/board/common/board_common.mk
@@ -13,7 +13,7 @@
ifneq (${TRUSTED_BOARD_BOOT},0)
ARM_ROTPK_S = plat/arm/board/common/rotpk/arm_dev_rotpk.S
-ifneq (${ARM_CRYPTOCELL_INTEG}, 1)
+
# ROTPK hash location
ifeq (${ARM_ROTPK_LOCATION}, regs)
ARM_ROTPK_LOCATION_ID = ARM_ROTPK_REGS_ID
@@ -79,13 +79,7 @@
# On others, we mock it by aliasing it to the Trusted Firmware Non-Volatile counter,
# hence we set both counters to the same default value.
CCAFW_NVCTR_VAL ?= 31
-else
-# Certificate NV-Counters when CryptoCell is integrated. For development
-# platforms we set the counter to first valid value.
-TFW_NVCTR_VAL ?= 0
-NTFW_NVCTR_VAL ?= 0
-CCAFW_NVCTR_VAL ?= 0
-endif
+
BL1_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \
${ARM_ROTPK_S}
BL2_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \
diff --git a/plat/arm/board/fvp_r/fvp_r_bl1_setup.c b/plat/arm/board/fvp_r/fvp_r_bl1_setup.c
index a642929..6a7c0c8 100644
--- a/plat/arm/board/fvp_r/fvp_r_bl1_setup.c
+++ b/plat/arm/board/fvp_r/fvp_r_bl1_setup.c
@@ -105,9 +105,6 @@
ARM_MAP_ROMLIB_CODE,
ARM_MAP_ROMLIB_DATA,
#endif
-#if ARM_CRYPTOCELL_INTEG
- ARM_MAP_BL_COHERENT_RAM,
-#endif
/* DRAM1_region: */
MAP_REGION_FLAT(
PLAT_ARM_DRAM1_BASE,
diff --git a/plat/arm/board/juno/include/platform_def.h b/plat/arm/board/juno/include/platform_def.h
index aa96038..5c9a7a3 100644
--- a/plat/arm/board/juno/include/platform_def.h
+++ b/plat/arm/board/juno/include/platform_def.h
@@ -32,9 +32,6 @@
#define PLATFORM_CORE_COUNT (JUNO_CLUSTER0_CORE_COUNT + \
JUNO_CLUSTER1_CORE_COUNT)
-/* Cryptocell HW Base address */
-#define PLAT_CRYPTOCELL_BASE UL(0x60050000)
-
/*
* Other platform porting definitions are provided by included headers
*/
diff --git a/plat/arm/board/juno/juno_trusted_boot.c b/plat/arm/board/juno/juno_trusted_boot.c
index 25a7470..c730406 100644
--- a/plat/arm/board/juno/juno_trusted_boot.c
+++ b/plat/arm/board/juno/juno_trusted_boot.c
@@ -8,7 +8,6 @@
#include <stdint.h>
#include <string.h>
-#include <drivers/arm/cryptocell/cc_rotpk.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/common_def.h>
#include <plat/common/platform.h>
@@ -109,10 +108,6 @@
int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len,
unsigned int *flags)
{
-#if ARM_CRYPTOCELL_INTEG
- return arm_get_rotpk_info_cc(key_ptr, key_len, flags);
-#else
-
#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_RSA_ID) || \
(ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_ECDSA_ID)
return arm_get_rotpk_info_dev(key_ptr, key_len, flags);
@@ -121,6 +116,4 @@
#else
return 1;
#endif
-
-#endif /* ARM_CRYPTOCELL_INTEG */
}
diff --git a/plat/arm/common/aarch64/arm_helpers.S b/plat/arm/common/aarch64/arm_helpers.S
index ed85ea1..3e56691 100644
--- a/plat/arm/common/aarch64/arm_helpers.S
+++ b/plat/arm/common/aarch64/arm_helpers.S
@@ -86,51 +86,3 @@
func platform_mem_init
ret
endfunc platform_mem_init
-
-/*
- * Need to use coherent stack when ARM Cryptocell is used to autheticate images
- * since Cryptocell uses DMA to transfer data and it is not coherent with the
- * AP CPU.
- */
-#if ARM_CRYPTOCELL_INTEG
-#if defined(IMAGE_BL1) || defined(IMAGE_BL2)
- .globl plat_get_my_stack
- .globl plat_set_my_stack
- .local platform_coherent_stacks
-
- /* -------------------------------------------------------
- * uintptr_t plat_get_my_stack ()
- *
- * For cold-boot BL images, only the primary CPU needs a
- * stack. This function returns the stack pointer for a
- * stack allocated in coherent memory.
- * -------------------------------------------------------
- */
-func plat_get_my_stack
- get_up_stack platform_coherent_stacks, PLATFORM_STACK_SIZE
- ret
-endfunc plat_get_my_stack
-
- /* -------------------------------------------------------
- * void plat_set_my_stack ()
- *
- * For cold-boot BL images, only the primary CPU needs a
- * stack. This function sets the stack pointer to a stack
- * allocated in coherent memory.
- * -------------------------------------------------------
- */
-func plat_set_my_stack
- get_up_stack platform_coherent_stacks, PLATFORM_STACK_SIZE
- mov sp, x0
- ret
-endfunc plat_set_my_stack
-
- /* ----------------------------------------------------
- * Single cpu stack in coherent memory.
- * ----------------------------------------------------
- */
-declare_stack platform_coherent_stacks, .tzfw_coherent_mem, \
- PLATFORM_STACK_SIZE, 1, CACHE_WRITEBACK_GRANULE
-
-#endif /* defined(IMAGE_BL1) || defined(IMAGE_BL2) */
-#endif /* ARM_CRYPTOCELL_INTEG */
diff --git a/plat/arm/common/arm_bl1_setup.c b/plat/arm/common/arm_bl1_setup.c
index 7000236..feff691 100644
--- a/plat/arm/common/arm_bl1_setup.c
+++ b/plat/arm/common/arm_bl1_setup.c
@@ -108,11 +108,8 @@
*****************************************************************************/
void arm_bl1_plat_arch_setup(void)
{
-#if USE_COHERENT_MEM && !ARM_CRYPTOCELL_INTEG
- /*
- * Ensure ARM platforms don't use coherent memory in BL1 unless
- * cryptocell integration is enabled.
- */
+#if USE_COHERENT_MEM
+ /* Ensure ARM platforms don't use coherent memory in BL1. */
assert((BL_COHERENT_RAM_END - BL_COHERENT_RAM_BASE) == 0U);
#endif
@@ -123,9 +120,6 @@
ARM_MAP_ROMLIB_CODE,
ARM_MAP_ROMLIB_DATA,
#endif
-#if ARM_CRYPTOCELL_INTEG
- ARM_MAP_BL_COHERENT_RAM,
-#endif
{0}
};
diff --git a/plat/arm/common/arm_bl2_setup.c b/plat/arm/common/arm_bl2_setup.c
index e15bf0f..3e8109e 100644
--- a/plat/arm/common/arm_bl2_setup.c
+++ b/plat/arm/common/arm_bl2_setup.c
@@ -184,11 +184,8 @@
******************************************************************************/
void arm_bl2_plat_arch_setup(void)
{
-#if USE_COHERENT_MEM && !ARM_CRYPTOCELL_INTEG
- /*
- * Ensure ARM platforms don't use coherent memory in BL2 unless
- * cryptocell integration is enabled.
- */
+#if USE_COHERENT_MEM
+ /* Ensure ARM platforms don't use coherent memory in BL2. */
assert((BL_COHERENT_RAM_END - BL_COHERENT_RAM_BASE) == 0U);
#endif
@@ -199,9 +196,6 @@
ARM_MAP_ROMLIB_CODE,
ARM_MAP_ROMLIB_DATA,
#endif
-#if ARM_CRYPTOCELL_INTEG
- ARM_MAP_BL_COHERENT_RAM,
-#endif
ARM_MAP_BL_CONFIG_REGION,
#if ENABLE_RME
ARM_MAP_L0_GPT_REGION,
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index bbb39d5..ae0d85d 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -164,24 +164,11 @@
endif
endif
-# Disable ARM Cryptocell by default
-ARM_CRYPTOCELL_INTEG := 0
-$(eval $(call assert_boolean,ARM_CRYPTOCELL_INTEG))
-$(eval $(call add_define,ARM_CRYPTOCELL_INTEG))
-
# Enable PIE support for RESET_TO_BL31/RESET_TO_SP_MIN case
ifneq ($(filter 1,${RESET_TO_BL31} ${RESET_TO_SP_MIN}),)
ENABLE_PIE := 1
endif
-# CryptoCell integration relies on coherent buffers for passing data from
-# the AP CPU to the CryptoCell
-ifeq (${ARM_CRYPTOCELL_INTEG},1)
- ifeq (${USE_COHERENT_MEM},0)
- $(error "ARM_CRYPTOCELL_INTEG needs USE_COHERENT_MEM to be set.")
- endif
-endif
-
# Disable GPT parser support, use FIP image by default
ARM_GPT_SUPPORT := 0
$(eval $(call assert_boolean,ARM_GPT_SUPPORT))
@@ -447,11 +434,7 @@
BL31_SOURCES += drivers/auth/crypto_mod.c
# We expect to locate the *.mk files under the directories specified below
- ifeq (${ARM_CRYPTOCELL_INTEG},0)
- CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
- else
- CRYPTO_LIB_MK := drivers/auth/cryptocell/cryptocell_crypto.mk
- endif
+ CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
$(info Including ${CRYPTO_LIB_MK})
include ${CRYPTO_LIB_MK}