Merge pull request #485 from jcastillo-arm/jc/max_mmap_reg
Add 'MAX_MMAP_REGIONS' and 'ADDR_SPACE_SIZE' to the Porting Guide
diff --git a/docs/firmware-design.md b/docs/firmware-design.md
index 5b6923a..7ae1de3 100644
--- a/docs/firmware-design.md
+++ b/docs/firmware-design.md
@@ -8,7 +8,7 @@
3. [EL3 runtime services framework](#3--el3-runtime-services-framework)
4. [Power State Coordination Interface](#4--power-state-coordination-interface)
5. [Secure-EL1 Payloads and Dispatchers](#5--secure-el1-payloads-and-dispatchers)
-6. [Crash Reporting in BL31](#6--crash-reporting-in-bl3-1)
+6. [Crash Reporting in BL31](#6--crash-reporting-in-bl31)
7. [Guidelines for Reset Handlers](#7--guidelines-for-reset-handlers)
8. [CPU specific operations framework](#8--cpu-specific-operations-framework)
9. [Memory layout of BL images](#9-memory-layout-of-bl-images)
@@ -988,11 +988,11 @@
`reset_func()`, `core_pwr_dwn()`, `cluster_pwr_dwn()` and `cpu_reg_dump()`.
The CPU specific files in `lib/cpus` export a `cpu_ops` data structure with
-suitable handlers for that CPU. For example, `lib/cpus/cortex_a53.S` exports
-the `cpu_ops` for Cortex-A53 CPU. According to the platform configuration,
-these CPU specific files must must be included in the build by the platform
-makefile. The generic CPU specific operations framework code exists in
-`lib/cpus/aarch64/cpu_helpers.S`.
+suitable handlers for that CPU. For example, `lib/cpus/aarch64/cortex_a53.S`
+exports the `cpu_ops` for Cortex-A53 CPU. According to the platform
+configuration, these CPU specific files must be included in the build by
+the platform makefile. The generic CPU specific operations framework code exists
+in `lib/cpus/aarch64/cpu_helpers.S`.
### CPU specific Reset Handling
@@ -1020,12 +1020,12 @@
retrieved during power down sequences.
The PSCI service, upon receiving a power down request, determines the highest
-affinity level at which to execute power down sequence for a particular CPU and
+power level at which to execute power down sequence for a particular CPU and
invokes the corresponding 'prepare' power down handler in the CPU specific
-operations framework. For example, when a CPU executes a power down for affinity
+operations framework. For example, when a CPU executes a power down for power
level 0, the `prepare_core_pwr_dwn()` retrieves the `cpu_ops` pointer from the
per-CPU data and the corresponding `core_pwr_dwn()` is invoked. Similarly when
-a CPU executes power down at affinity level 1, the `prepare_cluster_pwr_dwn()`
+a CPU executes power down at power level 1, the `prepare_cluster_pwr_dwn()`
retrieves the `cpu_ops` pointer and the corresponding `cluster_pwr_dwn()` is
invoked.
@@ -1454,8 +1454,8 @@
images. The platform policy can be modified to allow additional images.
-11. Use of coherent memory in Trusted Firmware
-----------------------------------------------
+11. Use of coherent memory in Trusted Firmware
+-----------------------------------------------
There might be loss of coherency when physical memory with mismatched
shareability, cacheability and memory attributes is accessed by multiple CPUs
@@ -1739,5 +1739,5 @@
[Porting Guide]: ./porting-guide.md
[Reset Design]: ./reset-design.md
[INTRG]: ./interrupt-framework-design.md
-[CPUBM]: ./cpu-specific-build-macros.md.md
+[CPUBM]: ./cpu-specific-build-macros.md
[Firmware Update]: ./firmware-update.md
diff --git a/docs/firmware-update.md b/docs/firmware-update.md
index 419ac85..97df8cf 100644
--- a/docs/firmware-update.md
+++ b/docs/firmware-update.md
@@ -3,11 +3,11 @@
Contents :
-1. [Introduction](#1-introduction)
-2. [FWU Overview](#2-fwu-overview)
-3. [Image Identification](#3-image-identification)
-4. [FWU State Machine](#4-fwu-state-machine)
-5. [SMC Interface](#5-smc-interface)
+1. [Introduction](#1--introduction)
+2. [FWU Overview](#2--fwu-overview)
+3. [Image Identification](#3--image-identification)
+4. [FWU State Machine](#4--fwu-state-machine)
+5. [BL1 SMC Interface](#5--bl1-smc-interface)
- - - - - - - - - - - - - - - - - -
@@ -35,8 +35,8 @@
the TBBR.
-2. FWU Overview
----------------
+2. FWU Overview
+----------------
The FWU boot flow is primarily mediated by BL1. Since BL1 executes in ROM, and
it is usually desirable to minimize the amount of ROM code, the design allows
@@ -73,8 +73,8 @@
-3. Image Identification
------------------------
+3. Image Identification
+------------------------
Each FWU image and certificate is identified by a unique ID, defined by the
platform, which BL1 uses to fetch an image descriptor (`image_desc_t`) via a
@@ -135,7 +135,7 @@
5. BL1 SMC Interface
------------------
+---------------------
### BL1_SMC_CALL_COUNT
diff --git a/docs/interrupt-framework-design.md b/docs/interrupt-framework-design.md
index 060bbf2..e50d175 100644
--- a/docs/interrupt-framework-design.md
+++ b/docs/interrupt-framework-design.md
@@ -10,7 +10,7 @@
- [Valid Routing Models](#113-valid-routing-models)
+ [Secure-EL1 Interrupts](#1131-secure-el1-interrupts)
+ [Non-secure Interrupts](#1132-non-secure-interrupts)
- + [EL3 interrupts](#1133-el3_interrupts)
+ + [EL3 interrupts](#1133-el3-interrupts)
- [Mapping of Interrupt Type to Signal](#114-mapping-of-interrupt-type-to-signal)
+ [Effect of mapping of several interrupt types to one signal](#1141-effect-of-mapping-of-several-interrupt-types-to-one-signal)
- [Assumptions in Interrupt Management Framework](#12-assumptions-in-interrupt-management-framework)
diff --git a/include/bl31/runtime_svc.h b/include/bl31/runtime_svc.h
index 30ba29f..87f2dd2 100644
--- a/include/bl31/runtime_svc.h
+++ b/include/bl31/runtime_svc.h
@@ -89,12 +89,12 @@
#define DECLARE_RT_SVC(_name, _start, _end, _type, _setup, _smch) \
static const rt_svc_desc_t __svc_desc_ ## _name \
__attribute__ ((section("rt_svc_descs"), used)) = { \
- _start, \
- _end, \
- _type, \
- #_name, \
- _setup, \
- _smch }
+ .start_oen = _start, \
+ .end_oen = _end, \
+ .call_type = _type, \
+ .name = #_name, \
+ .init = _setup, \
+ .handle = _smch }
/*
* Compile time assertions related to the 'rt_svc_desc' structure to:
diff --git a/include/common/bl_common.h b/include/common/bl_common.h
index 0ec7a8d..e5e6717 100644
--- a/include/common/bl_common.h
+++ b/include/common/bl_common.h
@@ -202,8 +202,9 @@
* switching exception levels. The only two mechanisms to do so are
* ERET & SMC. Security state is indicated using bit zero of header
* attribute
- * NOTE: BL1 expects entrypoint followed by spsr while processing
- * SMC to jump to BL31 from the start of entry_point_info
+ * NOTE: BL1 expects entrypoint followed by spsr at an offset from the start
+ * of this structure defined by the macro `ENTRY_POINT_INFO_PC_OFFSET` while
+ * processing SMC to jump to BL31.
*****************************************************************************/
typedef struct entry_point_info {
param_header_t h;
@@ -232,13 +233,13 @@
typedef struct image_desc {
/* Contains unique image id for the image. */
unsigned int image_id;
- image_info_t image_info;
- entry_point_info_t ep_info;
/*
* This member contains Image state information.
* Refer IMAGE_STATE_XXX defined above.
*/
unsigned int state;
+ image_info_t image_info;
+ entry_point_info_t ep_info;
} image_desc_t;
/*******************************************************************************
diff --git a/include/drivers/auth/auth_mod.h b/include/drivers/auth/auth_mod.h
index c00b256..4ed4684 100644
--- a/include/drivers/auth/auth_mod.h
+++ b/include/drivers/auth/auth_mod.h
@@ -48,8 +48,8 @@
*/
typedef struct auth_img_desc_s {
unsigned int img_id;
- const struct auth_img_desc_s *parent;
img_type_t img_type;
+ const struct auth_img_desc_s *parent;
auth_method_desc_t img_auth_methods[AUTH_METHOD_NUM];
auth_param_desc_t authenticated_data[COT_MAX_VERIFIED_PARAMS];
} auth_img_desc_t;
diff --git a/include/lib/cpus/aarch64/cortex_a35.h b/include/lib/cpus/aarch64/cortex_a35.h
new file mode 100644
index 0000000..4288b9f
--- /dev/null
+++ b/include/lib/cpus/aarch64/cortex_a35.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __CORTEX_A35_H__
+#define __CORTEX_A35_H__
+
+/* Cortex-A35 Main ID register for revision 0 */
+#define CORTEX_A35_MIDR 0x410FD040
+
+/*******************************************************************************
+ * CPU Extended Control register specific definitions.
+ * CPUECTLR_EL1 is an implementation-specific register.
+ ******************************************************************************/
+#define CORTEX_A35_CPUECTLR_EL1 S3_1_C15_C2_1
+#define CORTEX_A35_CPUECTLR_SMPEN_BIT (1 << 6)
+
+#endif /* __CORTEX_A35_H__ */
diff --git a/lib/cpus/aarch64/cortex_a35.S b/lib/cpus/aarch64/cortex_a35.S
new file mode 100644
index 0000000..6a447c0
--- /dev/null
+++ b/lib/cpus/aarch64/cortex_a35.S
@@ -0,0 +1,164 @@
+/*
+ * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <arch.h>
+#include <asm_macros.S>
+#include <bl_common.h>
+#include <cortex_a35.h>
+#include <cpu_macros.S>
+#include <plat_macros.S>
+
+ /* ---------------------------------------------
+ * Disable L1 data cache and unified L2 cache
+ * ---------------------------------------------
+ */
+func cortex_a35_disable_dcache
+ mrs x1, sctlr_el3
+ bic x1, x1, #SCTLR_C_BIT
+ msr sctlr_el3, x1
+ isb
+ ret
+endfunc cortex_a35_disable_dcache
+
+ /* ---------------------------------------------
+ * Disable intra-cluster coherency
+ * ---------------------------------------------
+ */
+func cortex_a35_disable_smp
+ mrs x0, CORTEX_A35_CPUECTLR_EL1
+ bic x0, x0, #CORTEX_A35_CPUECTLR_SMPEN_BIT
+ msr CORTEX_A35_CPUECTLR_EL1, x0
+ isb
+ dsb sy
+ ret
+endfunc cortex_a35_disable_smp
+
+ /* -------------------------------------------------
+ * The CPU Ops reset function for Cortex-A35.
+ * Clobbers: x0
+ * -------------------------------------------------
+ */
+func cortex_a35_reset_func
+ /* ---------------------------------------------
+ * As a bare minimum enable the SMP bit if it is
+ * not already set.
+ * ---------------------------------------------
+ */
+ mrs x0, CORTEX_A35_CPUECTLR_EL1
+ tst x0, #CORTEX_A35_CPUECTLR_SMPEN_BIT
+ b.ne skip_smp_setup
+ orr x0, x0, #CORTEX_A35_CPUECTLR_SMPEN_BIT
+ msr CORTEX_A35_CPUECTLR_EL1, x0
+skip_smp_setup:
+ isb
+ ret
+endfunc cortex_a35_reset_func
+
+func cortex_a35_core_pwr_dwn
+ mov x18, x30
+
+ /* ---------------------------------------------
+ * Turn off caches.
+ * ---------------------------------------------
+ */
+ bl cortex_a35_disable_dcache
+
+ /* ---------------------------------------------
+ * Flush L1 caches.
+ * ---------------------------------------------
+ */
+ mov x0, #DCCISW
+ bl dcsw_op_level1
+
+ /* ---------------------------------------------
+ * Come out of intra cluster coherency
+ * ---------------------------------------------
+ */
+ mov x30, x18
+ b cortex_a35_disable_smp
+endfunc cortex_a35_core_pwr_dwn
+
+func cortex_a35_cluster_pwr_dwn
+ mov x18, x30
+
+ /* ---------------------------------------------
+ * Turn off caches.
+ * ---------------------------------------------
+ */
+ bl cortex_a35_disable_dcache
+
+ /* ---------------------------------------------
+ * Flush L1 caches.
+ * ---------------------------------------------
+ */
+ mov x0, #DCCISW
+ bl dcsw_op_level1
+
+ /* ---------------------------------------------
+ * Disable the optional ACP.
+ * ---------------------------------------------
+ */
+ bl plat_disable_acp
+
+ /* ---------------------------------------------
+ * Flush L2 caches.
+ * ---------------------------------------------
+ */
+ mov x0, #DCCISW
+ bl dcsw_op_level2
+
+ /* ---------------------------------------------
+ * Come out of intra cluster coherency
+ * ---------------------------------------------
+ */
+ mov x30, x18
+ b cortex_a35_disable_smp
+endfunc cortex_a35_cluster_pwr_dwn
+
+ /* ---------------------------------------------
+ * This function provides cortex_a35 specific
+ * register information for crash reporting.
+ * It needs to return with x6 pointing to
+ * a list of register names in ascii and
+ * x8 - x15 having values of registers to be
+ * reported.
+ * ---------------------------------------------
+ */
+.section .rodata.cortex_a35_regs, "aS"
+cortex_a35_regs: /* The ascii list of register names to be reported */
+ .asciz "cpuectlr_el1", ""
+
+func cortex_a35_cpu_reg_dump
+ adr x6, cortex_a35_regs
+ mrs x8, CORTEX_A35_CPUECTLR_EL1
+ ret
+endfunc cortex_a35_cpu_reg_dump
+
+declare_cpu_ops cortex_a35, CORTEX_A35_MIDR
diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk
index cb5f5d7..22df6d7 100644
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2016, ARM Limited and Contributors. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
@@ -64,6 +64,7 @@
BL1_SOURCES += drivers/io/io_semihosting.c \
lib/cpus/aarch64/aem_generic.S \
+ lib/cpus/aarch64/cortex_a35.S \
lib/cpus/aarch64/cortex_a53.S \
lib/cpus/aarch64/cortex_a57.S \
lib/semihosting/semihosting.c \
@@ -87,6 +88,7 @@
plat/arm/board/fvp/fvp_security.c
BL31_SOURCES += lib/cpus/aarch64/aem_generic.S \
+ lib/cpus/aarch64/cortex_a35.S \
lib/cpus/aarch64/cortex_a53.S \
lib/cpus/aarch64/cortex_a57.S \
plat/arm/board/fvp/fvp_bl31_setup.c \
diff --git a/tools/cert_create/include/cert.h b/tools/cert_create/include/cert.h
index 8ef9f27..6b1ae95 100644
--- a/tools/cert_create/include/cert.h
+++ b/tools/cert_create/include/cert.h
@@ -57,6 +57,7 @@
const char *opt; /* Command line option to pass filename */
const char *fn; /* Filename to save the certificate */
const char *cn; /* Subject CN (Company Name) */
+ const char *help_msg; /* Help message */
/* These fields must be defined statically */
int key; /* Key to be signed */
diff --git a/tools/cert_create/include/cmd_opt.h b/tools/cert_create/include/cmd_opt.h
index ca48d7c..389aa23 100644
--- a/tools/cert_create/include/cmd_opt.h
+++ b/tools/cert_create/include/cmd_opt.h
@@ -42,9 +42,16 @@
CMD_OPT_EXT
};
+/* Structure to define a command line option */
+typedef struct cmd_opt_s {
+ struct option long_opt;
+ const char *help_msg;
+} cmd_opt_t;
+
/* Exported API*/
-int cmd_opt_add(const char *name, int has_arg, int val);
+void cmd_opt_add(const cmd_opt_t *cmd_opt);
const struct option *cmd_opt_get_array(void);
const char *cmd_opt_get_name(int idx);
+const char *cmd_opt_get_help_msg(int idx);
#endif /* CMD_OPT_H_ */
diff --git a/tools/cert_create/include/ext.h b/tools/cert_create/include/ext.h
index 798bd1b..82a4bcb 100644
--- a/tools/cert_create/include/ext.h
+++ b/tools/cert_create/include/ext.h
@@ -50,6 +50,7 @@
const char *oid; /* OID of the extension */
const char *sn; /* Short name */
const char *ln; /* Long description */
+ const char *help_msg; /* Help message */
int asn1_type; /* OpenSSL ASN1 type of the extension data.
* Supported types are:
* - V_ASN1_INTEGER
diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h
index bd45f13..f60997f 100644
--- a/tools/cert_create/include/key.h
+++ b/tools/cert_create/include/key.h
@@ -64,6 +64,7 @@
typedef struct key_s {
int id; /* Key id */
const char *opt; /* Command line option to specify a key */
+ const char *help_msg; /* Help message */
const char *desc; /* Key description (debug purposes) */
char *fn; /* Filename to load/store the key */
EVP_PKEY *key; /* Key container */
diff --git a/tools/cert_create/src/cert.c b/tools/cert_create/src/cert.c
index bf52645..a559832 100644
--- a/tools/cert_create/src/cert.c
+++ b/tools/cert_create/src/cert.c
@@ -183,19 +183,21 @@
int cert_init(void)
{
+ cmd_opt_t cmd_opt;
cert_t *cert;
- int rc = 0;
unsigned int i;
for (i = 0; i < num_certs; i++) {
cert = &certs[i];
- rc = cmd_opt_add(cert->opt, required_argument, CMD_OPT_CERT);
- if (rc != 0) {
- break;
- }
+ cmd_opt.long_opt.name = cert->opt;
+ cmd_opt.long_opt.has_arg = required_argument;
+ cmd_opt.long_opt.flag = NULL;
+ cmd_opt.long_opt.val = CMD_OPT_CERT;
+ cmd_opt.help_msg = cert->help_msg;
+ cmd_opt_add(&cmd_opt);
}
- return rc;
+ return 0;
}
cert_t *cert_get_by_opt(const char *opt)
diff --git a/tools/cert_create/src/cmd_opt.c b/tools/cert_create/src/cmd_opt.c
index 3847b98..ecf84ab 100644
--- a/tools/cert_create/src/cmd_opt.c
+++ b/tools/cert_create/src/cmd_opt.c
@@ -28,26 +28,35 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
+#include <assert.h>
#include <getopt.h>
#include <stddef.h>
+#include <stdlib.h>
#include <cmd_opt.h>
+#include "debug.h"
/* Command line options */
static struct option long_opt[CMD_OPT_MAX_NUM+1];
+static const char *help_msg[CMD_OPT_MAX_NUM+1];
static int num_reg_opt;
-int cmd_opt_add(const char *name, int has_arg, int val)
+void cmd_opt_add(const cmd_opt_t *cmd_opt)
{
+ assert(cmd_opt != NULL);
+
if (num_reg_opt >= CMD_OPT_MAX_NUM) {
- return -1;
+ ERROR("Out of memory. Please increase CMD_OPT_MAX_NUM\n");
+ exit(1);
}
- long_opt[num_reg_opt].name = name;
- long_opt[num_reg_opt].has_arg = has_arg;
+
+ long_opt[num_reg_opt].name = cmd_opt->long_opt.name;
+ long_opt[num_reg_opt].has_arg = cmd_opt->long_opt.has_arg;
long_opt[num_reg_opt].flag = 0;
- long_opt[num_reg_opt].val = val;
- num_reg_opt++;
+ long_opt[num_reg_opt].val = cmd_opt->long_opt.val;
- return 0;
+ help_msg[num_reg_opt] = cmd_opt->help_msg;
+
+ num_reg_opt++;
}
const struct option *cmd_opt_get_array(void)
@@ -63,3 +72,12 @@
return long_opt[idx].name;
}
+
+const char *cmd_opt_get_help_msg(int idx)
+{
+ if (idx >= num_reg_opt) {
+ return NULL;
+ }
+
+ return help_msg[idx];
+}
diff --git a/tools/cert_create/src/ext.c b/tools/cert_create/src/ext.c
index 14aef66..3f56edb 100644
--- a/tools/cert_create/src/ext.c
+++ b/tools/cert_create/src/ext.c
@@ -69,6 +69,7 @@
*/
int ext_init(void)
{
+ cmd_opt_t cmd_opt;
ext_t *ext;
X509V3_EXT_METHOD *m;
int nid, ret;
@@ -78,10 +79,12 @@
ext = &extensions[i];
/* Register command line option */
if (ext->opt) {
- if (cmd_opt_add(ext->opt, required_argument,
- CMD_OPT_EXT)) {
- return 1;
- }
+ cmd_opt.long_opt.name = ext->opt;
+ cmd_opt.long_opt.has_arg = required_argument;
+ cmd_opt.long_opt.flag = NULL;
+ cmd_opt.long_opt.val = CMD_OPT_EXT;
+ cmd_opt.help_msg = ext->help_msg;
+ cmd_opt_add(&cmd_opt);
}
/* Register the extension OID in OpenSSL */
if (ext->oid == NULL) {
diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c
index 76d528b..a7ee759 100644
--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c
@@ -194,6 +194,7 @@
int key_init(void)
{
+ cmd_opt_t cmd_opt;
key_t *key;
int rc = 0;
unsigned int i;
@@ -201,11 +202,12 @@
for (i = 0; i < num_keys; i++) {
key = &keys[i];
if (key->opt != NULL) {
- rc = cmd_opt_add(key->opt, required_argument,
- CMD_OPT_KEY);
- if (rc != 0) {
- break;
- }
+ cmd_opt.long_opt.name = key->opt;
+ cmd_opt.long_opt.has_arg = required_argument;
+ cmd_opt.long_opt.flag = NULL;
+ cmd_opt.long_opt.val = CMD_OPT_KEY;
+ cmd_opt.help_msg = key->help_msg;
+ cmd_opt_add(&cmd_opt);
}
}
diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c
index 3e4f8c5..3d2b4ba 100644
--- a/tools/cert_create/src/main.c
+++ b/tools/cert_create/src/main.c
@@ -28,6 +28,8 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
+#include <assert.h>
+#include <ctype.h>
#include <getopt.h>
#include <stdio.h>
#include <stdlib.h>
@@ -81,36 +83,7 @@
#define VAL_DAYS 7300
#define ID_TO_BIT_MASK(id) (1 << id)
#define NUM_ELEM(x) ((sizeof(x)) / (sizeof(x[0])))
-
-/* Files */
-enum {
- /* Image file names (inputs) */
- BL2_ID = 0,
- SCP_BL2_ID,
- BL31_ID,
- BL32_ID,
- BL33_ID,
- /* Certificate file names (outputs) */
- TRUSTED_BOOT_FW_CERT_ID,
- TRUSTED_KEY_CERT_ID,
- SCP_FW_KEY_CERT_ID,
- SCP_FW_CONTENT_CERT_ID,
- SOC_FW_KEY_CERT_ID,
- SOC_FW_CONTENT_CERT_ID,
- TRUSTED_OS_FW_KEY_CERT_ID,
- TRUSTED_OS_FW_CONTENT_CERT_ID,
- NON_TRUSTED_FW_KEY_CERT_ID,
- NON_TRUSTED_FW_CONTENT_CERT_ID,
- /* Key file names (input/output) */
- ROT_KEY_ID,
- TRUSTED_WORLD_KEY_ID,
- NON_TRUSTED_WORLD_KEY_ID,
- SCP_BL2_KEY_ID,
- BL31_KEY_ID,
- BL32_KEY_ID,
- BL33_KEY_ID,
- NUM_OPTS
-};
+#define HELP_OPT_MAX_LEN 128
/* Global options */
static int key_alg;
@@ -142,7 +115,14 @@
static void print_help(const char *cmd, const struct option *long_opt)
{
- int i = 0;
+ int rem, i = 0;
+ const struct option *opt;
+ char line[HELP_OPT_MAX_LEN];
+ char *p;
+
+ assert(cmd != NULL);
+ assert(long_opt != NULL);
+
printf("\n\n");
printf("The certificate generation tool loads the binary images and\n"
"optionally the RSA keys, and outputs the key and content\n"
@@ -150,18 +130,28 @@
"If keys are provided, they must be in PEM format.\n"
"Certificates are generated in DER format.\n");
printf("\n");
- printf("Usage:\n\n");
- printf(" %s [-hknp] \\\n", cmd);
- for (i = 0; i < NUM_OPTS; i++) {
- printf(" --%s <file> \\\n", long_opt[i].name);
+ printf("Usage:\n");
+ printf("\t%s [OPTIONS]\n\n", cmd);
+
+ printf("Available options:\n");
+ i = 0;
+ opt = long_opt;
+ while (opt->name) {
+ p = line;
+ rem = HELP_OPT_MAX_LEN;
+ if (isalpha(opt->val)) {
+ /* Short format */
+ sprintf(p, "-%c,", (char)opt->val);
+ p += 3;
+ rem -= 3;
+ }
+ snprintf(p, rem, "--%s %s", opt->name,
+ (opt->has_arg == required_argument) ? "<arg>" : "");
+ printf("\t%-32s %s\n", line, cmd_opt_get_help_msg(i));
+ opt++;
+ i++;
}
printf("\n");
- printf("-a Key algorithm: rsa (default), ecdsa\n");
- printf("-h Print help and exit\n");
- printf("-k Save key pairs into files. Filenames must be provided\n");
- printf("-n Generate new key pairs if no key files are provided\n");
- printf("-p Print the certificates in the standard output\n");
- printf("\n");
exit(0);
}
@@ -237,6 +227,30 @@
}
}
+/* Common command line options */
+static const cmd_opt_t common_cmd_opt[] = {
+ {
+ { "help", no_argument, NULL, 'h' },
+ "Print this message and exit"
+ },
+ {
+ { "key-alg", required_argument, NULL, 'a' },
+ "Key algorithm: 'rsa' (default), 'ecdsa'"
+ },
+ {
+ { "save-keys", no_argument, NULL, 'k' },
+ "Save key pairs into files. Filenames must be provided"
+ },
+ {
+ { "new-keys", no_argument, NULL, 'n' },
+ "Generate new key pairs if no key files are provided"
+ },
+ {
+ { "print-cert", no_argument, NULL, 'p' },
+ "Print the certificates in the standard output"
+ }
+};
+
int main(int argc, char *argv[])
{
STACK_OF(X509_EXTENSION) * sk = NULL;
@@ -260,11 +274,9 @@
key_alg = KEY_ALG_RSA;
/* Add common command line options */
- cmd_opt_add("key-alg", required_argument, 'a');
- cmd_opt_add("help", no_argument, 'h');
- cmd_opt_add("save-keys", no_argument, 'k');
- cmd_opt_add("new-chain", no_argument, 'n');
- cmd_opt_add("print-cert", no_argument, 'p');
+ for (i = 0; i < NUM_ELEM(common_cmd_opt); i++) {
+ cmd_opt_add(&common_cmd_opt[i]);
+ }
/* Initialize the certificates */
if (cert_init() != 0) {
@@ -289,7 +301,7 @@
while (1) {
/* getopt_long stores the option index here. */
- c = getopt_long(argc, argv, "ahknp", cmd_opt, &opt_idx);
+ c = getopt_long(argc, argv, "a:hknp", cmd_opt, &opt_idx);
/* Detect the end of the options. */
if (c == -1) {
@@ -333,7 +345,7 @@
break;
case '?':
default:
- printf("%s\n", optarg);
+ print_help(argv[0], cmd_opt);
exit(1);
}
}
diff --git a/tools/cert_create/src/tbbr/tbb_cert.c b/tools/cert_create/src/tbbr/tbb_cert.c
index 20be59f..7a50ab3 100644
--- a/tools/cert_create/src/tbbr/tbb_cert.c
+++ b/tools/cert_create/src/tbbr/tbb_cert.c
@@ -43,6 +43,7 @@
[TRUSTED_BOOT_FW_CERT] = {
.id = TRUSTED_BOOT_FW_CERT,
.opt = "tb-fw-cert",
+ .help_msg = "Trusted Boot FW Certificate (output file)",
.fn = NULL,
.cn = "Trusted Boot FW Certificate",
.key = ROT_KEY,
@@ -55,6 +56,7 @@
[TRUSTED_KEY_CERT] = {
.id = TRUSTED_KEY_CERT,
.opt = "trusted-key-cert",
+ .help_msg = "Trusted Key Certificate (output file)",
.fn = NULL,
.cn = "Trusted Key Certificate",
.key = ROT_KEY,
@@ -68,6 +70,7 @@
[SCP_FW_KEY_CERT] = {
.id = SCP_FW_KEY_CERT,
.opt = "scp-fw-key-cert",
+ .help_msg = "SCP Firmware Key Certificate (output file)",
.fn = NULL,
.cn = "SCP Firmware Key Certificate",
.key = TRUSTED_WORLD_KEY,
@@ -80,6 +83,7 @@
[SCP_FW_CONTENT_CERT] = {
.id = SCP_FW_CONTENT_CERT,
.opt = "scp-fw-cert",
+ .help_msg = "SCP Firmware Content Certificate (output file)",
.fn = NULL,
.cn = "SCP Firmware Content Certificate",
.key = SCP_FW_CONTENT_CERT_KEY,
@@ -92,6 +96,7 @@
[SOC_FW_KEY_CERT] = {
.id = SOC_FW_KEY_CERT,
.opt = "soc-fw-key-cert",
+ .help_msg = "SoC Firmware Key Certificate (output file)",
.fn = NULL,
.cn = "SoC Firmware Key Certificate",
.key = TRUSTED_WORLD_KEY,
@@ -104,6 +109,7 @@
[SOC_FW_CONTENT_CERT] = {
.id = SOC_FW_CONTENT_CERT,
.opt = "soc-fw-cert",
+ .help_msg = "SoC Firmware Content Certificate (output file)",
.fn = NULL,
.cn = "SoC Firmware Content Certificate",
.key = SOC_FW_CONTENT_CERT_KEY,
@@ -116,6 +122,7 @@
[TRUSTED_OS_FW_KEY_CERT] = {
.id = TRUSTED_OS_FW_KEY_CERT,
.opt = "tos-fw-key-cert",
+ .help_msg = "Trusted OS Firmware Key Certificate (output file)",
.fn = NULL,
.cn = "Trusted OS Firmware Key Certificate",
.key = TRUSTED_WORLD_KEY,
@@ -128,6 +135,7 @@
[TRUSTED_OS_FW_CONTENT_CERT] = {
.id = TRUSTED_OS_FW_CONTENT_CERT,
.opt = "tos-fw-cert",
+ .help_msg = "Trusted OS Firmware Content Certificate (output file)",
.fn = NULL,
.cn = "Trusted OS Firmware Content Certificate",
.key = TRUSTED_OS_FW_CONTENT_CERT_KEY,
@@ -140,6 +148,7 @@
[NON_TRUSTED_FW_KEY_CERT] = {
.id = NON_TRUSTED_FW_KEY_CERT,
.opt = "nt-fw-key-cert",
+ .help_msg = "Non-Trusted Firmware Key Certificate (output file)",
.fn = NULL,
.cn = "Non-Trusted Firmware Key Certificate",
.key = NON_TRUSTED_WORLD_KEY,
@@ -152,6 +161,7 @@
[NON_TRUSTED_FW_CONTENT_CERT] = {
.id = NON_TRUSTED_FW_CONTENT_CERT,
.opt = "nt-fw-cert",
+ .help_msg = "Non-Trusted Firmware Content Certificate (output file)",
.fn = NULL,
.cn = "Non-Trusted Firmware Content Certificate",
.key = NON_TRUSTED_FW_CONTENT_CERT_KEY,
@@ -164,8 +174,9 @@
[FWU_CERT] = {
.id = FWU_CERT,
.opt = "fwu-cert",
+ .help_msg = "Firmware Update Certificate (output file)",
.fn = NULL,
- .cn = "FWU Certificate",
+ .cn = "Firmware Update Certificate",
.key = ROT_KEY,
.issuer = FWU_CERT,
.ext = {
diff --git a/tools/cert_create/src/tbbr/tbb_ext.c b/tools/cert_create/src/tbbr/tbb_ext.c
index 1400fbf..8bcb070 100644
--- a/tools/cert_create/src/tbbr/tbb_ext.c
+++ b/tools/cert_create/src/tbbr/tbb_ext.c
@@ -61,6 +61,7 @@
[TRUSTED_BOOT_FW_HASH_EXT] = {
.oid = TRUSTED_BOOT_FW_HASH_OID,
.opt = "tb-fw",
+ .help_msg = "Trusted Boot Firmware image file",
.sn = "TrustedBootFirmwareHash",
.ln = "Trusted Boot Firmware hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
@@ -93,6 +94,7 @@
[SCP_FW_HASH_EXT] = {
.oid = SCP_FW_HASH_OID,
.opt = "scp-fw",
+ .help_msg = "SCP Firmware image file",
.sn = "SCPFirmwareHash",
.ln = "SCP Firmware hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
@@ -109,6 +111,7 @@
[SOC_AP_FW_HASH_EXT] = {
.oid = SOC_AP_FW_HASH_OID,
.opt = "soc-fw",
+ .help_msg = "SoC AP Firmware image file",
.sn = "SoCAPFirmwareHash",
.ln = "SoC AP Firmware hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
@@ -125,6 +128,7 @@
[TRUSTED_OS_FW_HASH_EXT] = {
.oid = TRUSTED_OS_FW_HASH_OID,
.opt = "tos-fw",
+ .help_msg = "Trusted OS image file",
.sn = "TrustedOSHash",
.ln = "Trusted OS hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
@@ -141,6 +145,7 @@
[NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT] = {
.oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID,
.opt = "nt-fw",
+ .help_msg = "Non-Trusted World Bootloader image file",
.sn = "NonTrustedWorldBootloaderHash",
.ln = "Non-Trusted World hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
@@ -149,6 +154,7 @@
[SCP_FWU_CFG_HASH_EXT] = {
.oid = SCP_FWU_CFG_HASH_OID,
.opt = "scp-fwu-cfg",
+ .help_msg = "SCP Firmware Update Config image file",
.sn = "SCPFWUpdateConfig",
.ln = "SCP Firmware Update Config hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
@@ -158,6 +164,7 @@
[AP_FWU_CFG_HASH_EXT] = {
.oid = AP_FWU_CFG_HASH_OID,
.opt = "ap-fwu-cfg",
+ .help_msg = "AP Firmware Update Config image file",
.sn = "APFWUpdateConfig",
.ln = "AP Firmware Update Config hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
@@ -167,6 +174,7 @@
[FWU_HASH_EXT] = {
.oid = FWU_HASH_OID,
.opt = "fwu",
+ .help_msg = "Firmware Updater image file",
.sn = "FWUpdaterHash",
.ln = "Firmware Updater hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
diff --git a/tools/cert_create/src/tbbr/tbb_key.c b/tools/cert_create/src/tbbr/tbb_key.c
index 089425a..1d2f789 100644
--- a/tools/cert_create/src/tbbr/tbb_key.c
+++ b/tools/cert_create/src/tbbr/tbb_key.c
@@ -39,36 +39,43 @@
[ROT_KEY] = {
.id = ROT_KEY,
.opt = "rot-key",
+ .help_msg = "Root Of Trust key (input/output file)",
.desc = "Root Of Trust key"
},
[TRUSTED_WORLD_KEY] = {
.id = TRUSTED_WORLD_KEY,
.opt = "trusted-world-key",
+ .help_msg = "Trusted World key (input/output file)",
.desc = "Trusted World key"
},
[NON_TRUSTED_WORLD_KEY] = {
.id = NON_TRUSTED_WORLD_KEY,
.opt = "non-trusted-world-key",
+ .help_msg = "Non Trusted World key (input/output file)",
.desc = "Non Trusted World key"
},
[SCP_FW_CONTENT_CERT_KEY] = {
.id = SCP_FW_CONTENT_CERT_KEY,
.opt = "scp-fw-key",
+ .help_msg = "SCP Firmware Content Certificate key (input/output file)",
.desc = "SCP Firmware Content Certificate key"
},
[SOC_FW_CONTENT_CERT_KEY] = {
.id = SOC_FW_CONTENT_CERT_KEY,
.opt = "soc-fw-key",
+ .help_msg = "SoC Firmware Content Certificate key (input/output file)",
.desc = "SoC Firmware Content Certificate key"
},
[TRUSTED_OS_FW_CONTENT_CERT_KEY] = {
.id = TRUSTED_OS_FW_CONTENT_CERT_KEY,
.opt = "tos-fw-key",
+ .help_msg = "Trusted OS Firmware Content Certificate key (input/output file)",
.desc = "Trusted OS Firmware Content Certificate key"
},
[NON_TRUSTED_FW_CONTENT_CERT_KEY] = {
.id = NON_TRUSTED_FW_CONTENT_CERT_KEY,
.opt = "nt-fw-key",
+ .help_msg = "Non Trusted Firmware Content Certificate key (input/output file)",
.desc = "Non Trusted Firmware Content Certificate key"
}
};