SPMD: generate and add Secure Partition blobs into FIP
Till now TF-A allows limited number of external images to be made part
of FIP. With SPM coming along, there may exist multiple SP packages
which need to be inserted into FIP. To achieve this we need a more
scalable approach to feed SP packages to FIP.
This patch introduces changes in build system to generate and add SP
packages into FIP based on information provided by platform.
Platform provides information in form of JSON which contains layout
description of available Secure Partitions.
JSON parser script is invoked by build system early on and generates
a makefile which updates FIP, SPTOOL and FDT arguments which will be
used by build system later on for final packaging.
"SP_LAYOUT_FILE" passed as a build argument and can be outside of TF-A
tree. This option will be used only when SPD=spmd.
For each SP, generated makefile will have following entries
- FDT_SOURCES += sp1.dts
- SPTOOL_ARGS += -i sp1.img:sp1.dtb -o sp1.pkg
- FIP_ARGS += --blob uuid=XXXX-XXX...,file=SP1.pkg
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib6a9c064400caa3cd825d9886008a3af67741af7
diff --git a/Makefile b/Makefile
index 547b584..11b0753 100644
--- a/Makefile
+++ b/Makefile
@@ -701,6 +701,7 @@
# Variables for use with sptool
SPTOOLPATH ?= tools/sptool
SPTOOL ?= ${SPTOOLPATH}/sptool${BIN_EXT}
+SP_MK_GEN ?= ${SPTOOLPATH}/sp_mk_generator.py
# Variables for use with ROMLIB
ROMLIBPATH ?= lib/romlib
@@ -889,11 +890,22 @@
$(eval $(call add_define,USE_ARM_LINK))
endif
+# Generate and include sp_gen.mk if SPD is spmd and SP_LAYOUT_FILE is defined
+ifdef SP_LAYOUT_FILE
+ifeq (${SPD},spmd)
+ -include $(BUILD_PLAT)/sp_gen.mk
+ FIP_DEPS += sp
+ NEED_SP_PKG := yes
+else
+ $(error "SP_LAYOUT_FILE will be used only if SPD=spmd")
+endif
+endif
+
################################################################################
# Build targets
################################################################################
-.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip fwu_fip certtool dtbs memmap doc
+.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip sp fwu_fip certtool dtbs memmap doc
.SUFFIXES:
all: msg_start
@@ -971,6 +983,17 @@
$(eval $(call MAKE_DTBS,$(BUILD_PLAT)/fdts,$(FDT_SOURCES)))
endif
+# Add Secure Partition packages
+ifeq (${NEED_SP_PKG},yes)
+$(BUILD_PLAT)/sp_gen.mk: ${SP_MK_GEN} ${SP_LAYOUT_FILE} | ${BUILD_PLAT}
+ ${Q}${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT)
+sp: $(SPTOOL) $(DTBS) $(BUILD_PLAT)/sp_gen.mk
+ ${Q}$(SPTOOL) $(SPTOOL_ARGS)
+ @${ECHO_BLANK_LINE}
+ @echo "Built SP Images successfully"
+ @${ECHO_BLANK_LINE}
+endif
+
locate-checkpatch:
ifndef CHECKPATCH
$(error "Please set CHECKPATCH to point to the Linux checkpatch.pl file, eg: CHECKPATCH=../linux/scripts/checkpatch.pl")
@@ -1132,6 +1155,7 @@
@echo " distclean Remove all build artifacts for all platforms"
@echo " certtool Build the Certificate generation tool"
@echo " fiptool Build the Firmware Image Package (FIP) creation tool"
+ @echo " sp Build the Secure Partition Packages"
@echo " sptool Build the Secure Partition Package creation tool"
@echo " dtbs Build the Device Tree Blobs (if required for the platform)"
@echo " memmap Print the memory map of the built binaries"
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 8854a79..7ee34c9 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -522,6 +522,11 @@
- ``SPM_MM`` : Boolean option to enable the Management Mode (MM)-based Secure
Partition Manager (SPM) implementation. The default value is ``0``.
+- ``SP_LAYOUT_FILE``: Platform provided path to JSON file containing the
+ description of secure partitions. Build system will parse this file and
+ package all secure partition blobs in FIP. This file not necessarily be
+ part of TF-A tree. Only avaialbe when ``SPD=spmd``.
+
- ``SP_MIN_WITH_SECURE_FIQ``: Boolean flag to indicate the SP_MIN handles
secure interrupts (caught through the FIQ line). Platforms can enable
this directive if they need to handle such interruption. When enabled,
diff --git a/tools/sptool/sp_mk_generator.py b/tools/sptool/sp_mk_generator.py
new file mode 100755
index 0000000..6b6fa19
--- /dev/null
+++ b/tools/sptool/sp_mk_generator.py
@@ -0,0 +1,100 @@
+#!/usr/bin/python3
+# Copyright (c) 2020, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+
+"""
+This script is invoked by Make system and generates secure partition makefile.
+It expects platform provided secure partition layout file which contains list
+of Secure Partition Images and Partition manifests(PM).
+Layout file can exist outside of TF-A tree and the paths of Image and PM files
+must be relative to it.
+
+This script parses the layout file and generates a make file which updates
+FDT_SOURCES, FIP_ARGS and SPTOOL_ARGS which are used in later build steps.
+This script also gets SP "uuid" from parsing its PM and converting it to a
+standard format.
+
+param1: Generated mk file "sp_gen.mk"
+param2: "SP_LAYOUT_FILE", json file containing platform provided information
+param3: plat out directory
+
+Generated "sp_gen.mk" file contains triplet of following information for each
+Secure Partition entry
+ FDT_SOURCES += sp1.dts
+ SPTOOL_ARGS += -i sp1.bin:sp1.dtb -o sp1.pkg
+ FIP_ARGS += --blob uuid=XXXXX-XXX...,file=sp1.pkg
+
+A typical SP_LAYOUT_FILE file will look like
+{
+ "SP1" : {
+ "image": "sp1.bin",
+ "pm": "test/sp1.dts"
+ },
+
+ "SP2" : {
+ "image": "sp2.bin",
+ "pm": "test/sp2.dts"
+ }
+
+ ...
+}
+
+"""
+
+import getopt
+import json
+import os
+import re
+import sys
+import uuid
+
+with open(sys.argv[2],'r') as in_file:
+ data = json.load(in_file)
+json_file = os.path.abspath(sys.argv[2])
+json_dir = os.path.dirname(json_file)
+gen_file = sys.argv[1]
+out_dir = sys.argv[3][2:]
+dtb_dir = out_dir + "/fdts/"
+print(dtb_dir)
+
+with open(gen_file, 'w') as out_file:
+ for key in data.keys():
+
+ """
+ Append FDT_SOURCES
+ """
+ dts = os.path.join(json_dir, data[key]['pm'])
+ dtb = dtb_dir + os.path.basename(data[key]['pm'][:-1] + "b")
+ out_file.write("FDT_SOURCES += " + dts + "\n")
+
+ """
+ Update SPTOOL_ARGS
+ """
+ dst = out_dir + "/" + key + ".pkg"
+ src = [ json_dir + "/" + data[key]['image'] , dtb ]
+ out_file.write("SPTOOL_ARGS += -i " + ":".join(src) + " -o " + dst + "\n")
+
+ """
+ Extract uuid from partition manifest
+ """
+ pm_file = open(dts)
+ key = "uuid"
+
+ for line in pm_file:
+ if key in line:
+ uuid_hex = re.findall(r'\<(.+?)\>', line)[0];
+
+ # PM has uuid in format 0xABC... 0x... 0x... 0x...
+ # Get rid of '0x' and spaces and convert to string of hex digits
+ uuid_hex = uuid_hex.replace('0x','').replace(' ','')
+ # make UUID from a string of hex digits
+ uuid_std = uuid.UUID(uuid_hex)
+ # convert UUID to a string of hex digits in standard form
+ uuid_std = str(uuid_std)
+
+ """
+ Append FIP_ARGS
+ """
+ out_file.write("FIP_ARGS += --blob uuid=" + uuid_std + ",file=" + dst + "\n")
+ out_file.write("\n")