TBB: add platform API to read the ROTPK information
This patch extends the platform port by adding an API that returns
either the Root of Trust public key (ROTPK) or its hash. This is
usually stored in ROM or eFUSE memory. The ROTPK returned must be
encoded in DER format according to the following ASN.1 structure:
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING
}
In case the platform returns a hash of the key:
DigestInfo ::= SEQUENCE {
digestAlgorithm AlgorithmIdentifier,
keyDigest OCTET STRING
}
An implementation for ARM development platforms is provided in this
patch. When TBB is enabled, the ROTPK hash location must be specified
using the build option 'ARM_ROTPK_LOCATION'. Available options are:
- 'regs' : return the ROTPK hash stored in the Trusted
root-key storage registers.
- 'devel_rsa' : return a ROTPK hash embedded in the BL1 and
BL2 binaries. This hash has been obtained from the development
RSA public key located in 'plat/arm/board/common/rotpk'.
On FVP, the number of MMU tables has been increased to map and
access the ROTPK registers.
A new file 'board_common.mk' has been added to improve code sharing
in the ARM develelopment platforms.
Change-Id: Ib25862e5507d1438da10773e62bd338da8f360bf
diff --git a/plat/arm/board/fvp/aarch64/fvp_common.c b/plat/arm/board/fvp/aarch64/fvp_common.c
index a876313..c46bdb6 100644
--- a/plat/arm/board/fvp/aarch64/fvp_common.c
+++ b/plat/arm/board/fvp/aarch64/fvp_common.c
@@ -55,6 +55,11 @@
DEVICE1_SIZE, \
MT_DEVICE | MT_RW | MT_SECURE)
+#define MAP_DEVICE2 MAP_REGION_FLAT(DEVICE2_BASE, \
+ DEVICE2_SIZE, \
+ MT_DEVICE | MT_RO | MT_SECURE)
+
+
/*
* Table of regions for various BL stages to map using the MMU.
* This doesn't include TZRAM as the 'mem_layout' argument passed to
@@ -67,6 +72,7 @@
V2M_MAP_IOFPGA,
MAP_DEVICE0,
MAP_DEVICE1,
+ MAP_DEVICE2,
{0}
};
#endif
@@ -77,6 +83,7 @@
V2M_MAP_IOFPGA,
MAP_DEVICE0,
MAP_DEVICE1,
+ MAP_DEVICE2,
ARM_MAP_NS_DRAM1,
ARM_MAP_TSP_SEC_MEM,
{0}
diff --git a/plat/arm/board/fvp/fvp_def.h b/plat/arm/board/fvp/fvp_def.h
index 68ef297..842a287 100644
--- a/plat/arm/board/fvp/fvp_def.h
+++ b/plat/arm/board/fvp/fvp_def.h
@@ -58,13 +58,25 @@
#define DEVICE1_BASE 0x2f000000
#define DEVICE1_SIZE 0x200000
+/* Devices in the second GB */
+#define DEVICE2_BASE 0x7fe00000
+#define DEVICE2_SIZE 0x00200000
+
#define NSRAM_BASE 0x2e000000
#define NSRAM_SIZE 0x10000
#define PCIE_EXP_BASE 0x40000000
#define TZRNG_BASE 0x7fe60000
#define TZNVCTR_BASE 0x7fe70000
-#define TZROOTKEY_BASE 0x7fe80000
+
+/* Keys */
+#define SOC_KEYS_BASE 0x7fe80000
+#define TZ_PUB_KEY_HASH_BASE (SOC_KEYS_BASE + 0x0000)
+#define TZ_PUB_KEY_HASH_SIZE 32
+#define HU_KEY_BASE (SOC_KEYS_BASE + 0x0020)
+#define HU_KEY_SIZE 16
+#define END_KEY_BASE (SOC_KEYS_BASE + 0x0044)
+#define END_KEY_SIZE 32
/* Constants to distinguish FVP type */
#define HBI_BASE_FVP 0x020
diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk
index 949e6ad..a1a0971 100644
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@@ -29,12 +29,10 @@
#
-PLAT_INCLUDES := -Iinclude/plat/arm/board/common \
- -Iplat/arm/board/fvp/include
+PLAT_INCLUDES := -Iplat/arm/board/fvp/include
-PLAT_BL_COMMON_SOURCES := drivers/arm/pl011/pl011_console.S \
- plat/arm/board/fvp/aarch64/fvp_common.c
+PLAT_BL_COMMON_SOURCES := plat/arm/board/fvp/aarch64/fvp_common.c
BL1_SOURCES += drivers/io/io_semihosting.c \
lib/cpus/aarch64/aem_generic.S \
@@ -65,10 +63,5 @@
plat/arm/board/fvp/aarch64/fvp_helpers.S \
plat/arm/board/fvp/drivers/pwrc/fvp_pwrc.c
-ifneq (${TRUSTED_BOARD_BOOT},0)
- BL1_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c
- BL2_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c
-endif
-
-
+include plat/arm/board/common/board_common.mk
include plat/arm/common/arm_common.mk