Prepare Mbed TLS drivers for shared heap
The Mbed TLS drivers, in order to work, need a heap for internal usage.
This heap, instead of being directly referenced by the drivers, now it
is being accessed indirectly through a pointer. Also, the heap, instead
of being part of the drivers, now it is being received through the
plat_get_mbedtls_heap() function. This function requests a heap from the
current BL image which utilises the Mbed TLS drivers.
Those changes create the opportunity for the Mbed TLS heap to be shared
among different images, thus saving memory. A default heap
implementation is provided but it can be overridden by a platform
specific, optimised implemenetation.
Change-Id: I286a1f10097a9cdcbcd312201eea576c18d157fa
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
diff --git a/docs/porting-guide.rst b/docs/porting-guide.rst
index de7b5db..83fac28 100644
--- a/docs/porting-guide.rst
+++ b/docs/porting-guide.rst
@@ -1055,7 +1055,7 @@
to the next BL image, when LOAD\_IMAGE\_V2 is enabled.
Function : plat\_log\_get\_prefix()
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
::
@@ -1066,9 +1066,31 @@
prepended to all the log output from TF-A. The `log_level` (argument) will
correspond to one of the standard log levels defined in debug.h. The platform
can override the common implementation to define a different prefix string for
-the log output. The implementation should be robust to future changes that
+the log output. The implementation should be robust to future changes that
increase the number of log levels.
+Function : plat\_get\_mbedtls\_heap()
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+::
+
+ Arguments : void **heap_addr, size_t *heap_size
+ Return : int
+
+This function is invoked during Mbed TLS library initialisation to get
+a heap, by means of a starting address and a size. This heap will then be used
+internally by the Mbed TLS library. The heap is requested from the current
+BL stage, i.e. the current BL image inside which Mbed TLS is used.
+
+The default implementation allocates a new heap every time Mbed TLS gets
+initialised. This means that a new heap is statically allocated inside
+every image (i.e. every BL stage) that utilises Mbed TLS. In the default
+implementation, this function returns the address and size of this default
+heap. However, by overriding the default implementation, platforms have the ability
+to optimise memory usage.
+
+On success it returns 0 and a negative error code otherwise.
+
Modifications specific to a Boot Loader stage
---------------------------------------------
diff --git a/drivers/auth/mbedtls/mbedtls_common.c b/drivers/auth/mbedtls/mbedtls_common.c
index 7095fde..dbf45ba 100644
--- a/drivers/auth/mbedtls/mbedtls_common.c
+++ b/drivers/auth/mbedtls/mbedtls_common.c
@@ -4,26 +4,15 @@
* SPDX-License-Identifier: BSD-3-Clause
*/
+#include <assert.h>
#include <debug.h>
-#include <stdlib.h>
-#include <stdio.h>
-
/* mbed TLS headers */
#include <mbedtls/memory_buffer_alloc.h>
#include <mbedtls/platform.h>
-#include <mbedtls_config.h>
#include <mbedtls_common.h>
-
-/*
- * mbed TLS heap
- */
-#if (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA) \
- || (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA)
-#define MBEDTLS_HEAP_SIZE (13*1024)
-#elif (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA)
-#define MBEDTLS_HEAP_SIZE (7*1024)
-#endif
-static unsigned char heap[MBEDTLS_HEAP_SIZE];
+#include <mbedtls_config.h>
+#include <platform.h>
+#include <stddef.h>
static void cleanup(void)
{
@@ -37,13 +26,25 @@
void mbedtls_init(void)
{
static int ready;
+ void *heap_addr;
+ size_t heap_size = 0;
+ int err;
if (!ready) {
if (atexit(cleanup))
panic();
+
+ err = plat_get_mbedtls_heap(&heap_addr, &heap_size);
+
+ /* Ensure heap setup is proper */
+ if (err < 0) {
+ ERROR("Mbed TLS failed to get a heap\n");
+ panic();
+ }
+ assert(heap_size >= TF_MBEDTLS_HEAP_SIZE);
/* Initialize the mbed TLS heap */
- mbedtls_memory_buffer_alloc_init(heap, MBEDTLS_HEAP_SIZE);
+ mbedtls_memory_buffer_alloc_init(heap_addr, heap_size);
#ifdef MBEDTLS_PLATFORM_SNPRINTF_ALT
mbedtls_platform_set_snprintf(snprintf);
diff --git a/include/drivers/auth/mbedtls/mbedtls_config.h b/include/drivers/auth/mbedtls/mbedtls_config.h
index f8f2608..59aeea9 100644
--- a/include/drivers/auth/mbedtls/mbedtls_config.h
+++ b/include/drivers/auth/mbedtls/mbedtls_config.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -95,4 +95,16 @@
#include "mbedtls/check_config.h"
#endif
+/*
+ * Determine Mbed TLS heap size
+ * 13312 = 13*1024
+ * 7168 = 7*1024
+ */
+#if (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA) \
+ || (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA)
+#define TF_MBEDTLS_HEAP_SIZE U(13312)
+#elif (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA)
+#define TF_MBEDTLS_HEAP_SIZE U(7168)
+#endif
+
#endif /* __MBEDTLS_CONFIG_H__ */
diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h
index dae9589..e0297ae 100644
--- a/include/plat/common/platform.h
+++ b/include/plat/common/platform.h
@@ -103,6 +103,7 @@
const char *plat_log_get_prefix(unsigned int log_level);
void bl2_plat_preload_setup(void);
int plat_try_next_boot_source(void);
+int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size);
/*******************************************************************************
* Mandatory BL1 functions
diff --git a/plat/common/plat_bl_common.c b/plat/common/plat_bl_common.c
index b471a7e..95d73e3 100644
--- a/plat/common/plat_bl_common.c
+++ b/plat/common/plat_bl_common.c
@@ -9,6 +9,9 @@
#include <bl_common.h>
#include <debug.h>
#include <errno.h>
+#if TRUSTED_BOARD_BOOT
+#include <mbedtls_config.h>
+#endif
#include <platform.h>
/*
@@ -21,6 +24,7 @@
#pragma weak bl2_plat_handle_pre_image_load
#pragma weak bl2_plat_handle_post_image_load
#pragma weak plat_try_next_boot_source
+#pragma weak plat_get_mbedtls_heap
void bl2_el3_plat_prepare_exit(void)
{
@@ -66,3 +70,22 @@
bl2_early_platform_setup((void *)arg1);
}
#endif
+
+
+#if TRUSTED_BOARD_BOOT
+/*
+ * The following default implementation of the function simply returns the
+ * by-default allocated heap.
+ */
+int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size)
+{
+ static unsigned char heap[TF_MBEDTLS_HEAP_SIZE];
+
+ assert(heap_addr != NULL);
+ assert(heap_size != NULL);
+
+ *heap_addr = heap;
+ *heap_size = sizeof(heap);
+ return 0;
+}
+#endif /* TRUSTED_BOARD_BOOT */