Merge pull request #1086 from robertovargas-arm/dead_loop
juno: Fix bug in plat_get_my_entrypoint
diff --git a/docs/plat/hikey.rst b/docs/plat/hikey.rst
index 125941f..e194ede 100644
--- a/docs/plat/hikey.rst
+++ b/docs/plat/hikey.rst
@@ -126,7 +126,7 @@
And you could open the console remotely, too.
-Flush images in recovery mode
+Flash images in recovery mode
-----------------------------
- Make sure Pin3-Pin4 on J15 are connected for recovery mode. Then power on HiKey.
diff --git a/docs/user-guide.rst b/docs/user-guide.rst
index 043af63..1181495 100644
--- a/docs/user-guide.rst
+++ b/docs/user-guide.rst
@@ -405,6 +405,13 @@
AArch64 and facilitates the loading of ``SP_MIN`` and BL33 as AArch32 executable
images.
+- ``KEY_ALG``: This build flag enables the user to select the algorithm to be
+ used for generating the PKCS keys and subsequent signing of the certificate.
+ It accepts 3 values viz ``rsa``, ``rsa_1_5``, ``ecdsa``. The ``rsa_1_5`` is
+ the legacy PKCS#1 RSA 1.5 algorithm which is not TBBR compliant and is
+ retained only for compatibility. The default value of this flag is ``rsa``
+ which is the TBBR compliant PKCS#1 RSA 2.1 scheme.
+
- ``LDFLAGS``: Extra user options appended to the linkers' command line in
addition to the one set by the build system.
diff --git a/drivers/auth/mbedtls/mbedtls_crypto.mk b/drivers/auth/mbedtls/mbedtls_crypto.mk
index cb81d4d..21b857b 100644
--- a/drivers/auth/mbedtls/mbedtls_crypto.mk
+++ b/drivers/auth/mbedtls/mbedtls_crypto.mk
@@ -7,9 +7,15 @@
include drivers/auth/mbedtls/mbedtls_common.mk
# The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key
-# algorithm to use. Default algorithm is RSA.
+# algorithm to use. If the variable is not defined, select it based on algorithm
+# used for key generation `KEY_ALG`. If `KEY_ALG` is not defined or is
+# defined to `rsa`/`rsa_1_5`, then set the variable to `rsa`.
ifeq (${TF_MBEDTLS_KEY_ALG},)
- TF_MBEDTLS_KEY_ALG := rsa
+ ifeq (${KEY_ALG}, ecdsa)
+ TF_MBEDTLS_KEY_ALG := ecdsa
+ else
+ TF_MBEDTLS_KEY_ALG := rsa
+ endif
endif
# If MBEDTLS_KEY_ALG build flag is defined use it to set TF_MBEDTLS_KEY_ALG for
diff --git a/include/common/aarch32/asm_macros.S b/include/common/aarch32/asm_macros.S
index 3adcbf5..f573744 100644
--- a/include/common/aarch32/asm_macros.S
+++ b/include/common/aarch32/asm_macros.S
@@ -80,6 +80,19 @@
.endm
/*
+ * Helper macro to generate the best mov/movw/movt combinations
+ * according to the value to be moved.
+ */
+ .macro mov_imm _reg, _val
+ .if ((\_val) & 0xffff0000) == 0
+ mov \_reg, #(\_val)
+ .else
+ movw \_reg, #((\_val) & 0xffff)
+ movt \_reg, #((\_val) >> 16)
+ .endif
+ .endm
+
+ /*
* Macro to mark instances where we're jumping to a function and don't
* expect a return. To provide the function being jumped to with
* additional information, we use 'bl' instruction to jump rather than
diff --git a/include/common/aarch64/asm_macros.S b/include/common/aarch64/asm_macros.S
index 528e29e..6d6989c 100644
--- a/include/common/aarch64/asm_macros.S
+++ b/include/common/aarch64/asm_macros.S
@@ -65,8 +65,12 @@
* security, robustness and potentially facilitates debugging.
*/
.macro vector_entry label
+ .cfi_sections .debug_frame
.section .vectors, "ax"
.align 7, 0
+ .type \label, %function
+ .func \label
+ .cfi_startproc
\label:
.endm
@@ -77,6 +81,8 @@
* vector entry as the parameter
*/
.macro check_vector_size since
+ .endfunc
+ .cfi_endproc
.if (. - \since) > (32 * 4)
.error "Vector exceeds 32 instructions"
.endif
diff --git a/include/common/asm_macros_common.S b/include/common/asm_macros_common.S
index dbc9e2d..6a02e18 100644
--- a/include/common/asm_macros_common.S
+++ b/include/common/asm_macros_common.S
@@ -12,11 +12,12 @@
* to enable elimination of unused code during linking. It also adds
* basic debug information to enable call stack printing most of the
* time. The optional _align parameter can be used to force a
- * non-standard alignment (indicated in powers of 2). Do *not* try to
- * use a raw .align directive. Since func switches to a new section,
- * this would not have the desired effect.
+ * non-standard alignment (indicated in powers of 2). The default is
+ * _align=2 because both Aarch32 and Aarch64 instructions must be
+ * word aligned. Do *not* try to use a raw .align directive. Since func
+ * switches to a new section, this would not have the desired effect.
*/
- .macro func _name, _align=-1
+ .macro func _name, _align=2
/*
* Add Call Frame Information entry in the .debug_frame section for
* debugger consumption. This enables callstack printing in debuggers.
@@ -36,9 +37,7 @@
* .debug_frame
*/
.cfi_startproc
- .if (\_align) != -1
- .align \_align
- .endif
+ .align \_align
\_name:
.endm
diff --git a/include/lib/el3_runtime/cpu_data.h b/include/lib/el3_runtime/cpu_data.h
index 1e8bfa7..c0c3a19 100644
--- a/include/lib/el3_runtime/cpu_data.h
+++ b/include/lib/el3_runtime/cpu_data.h
@@ -7,12 +7,15 @@
#ifndef __CPU_DATA_H__
#define __CPU_DATA_H__
+#include <platform_def.h> /* CACHE_WRITEBACK_GRANULE required */
+
#ifdef AARCH32
#if CRASH_REPORTING
#error "Crash reporting is not supported in AArch32"
#endif
#define CPU_DATA_CPU_OPS_PTR 0x0
+#define CPU_DATA_CRASH_BUF_OFFSET 0x4
#else /* AARCH32 */
@@ -25,14 +28,18 @@
#endif /* AARCH32 */
#if CRASH_REPORTING
-#define CPU_DATA_LOG2SIZE 7
#define CPU_DATA_CRASH_BUF_END (CPU_DATA_CRASH_BUF_OFFSET + \
CPU_DATA_CRASH_BUF_SIZE)
#else
-#define CPU_DATA_LOG2SIZE 6
#define CPU_DATA_CRASH_BUF_END CPU_DATA_CRASH_BUF_OFFSET
#endif
+/* cpu_data size is the data size rounded up to the platform cache line size */
+#define CPU_DATA_SIZE (((CPU_DATA_CRASH_BUF_END + \
+ CACHE_WRITEBACK_GRANULE - 1) / \
+ CACHE_WRITEBACK_GRANULE) * \
+ CACHE_WRITEBACK_GRANULE)
+
#if ENABLE_RUNTIME_INSTRUMENTATION
/* Temporary space to store PMF timestamps from assembly code */
#define CPU_DATA_PMF_TS_COUNT 1
@@ -98,8 +105,8 @@
assert_cpu_data_crash_stack_offset_mismatch);
#endif
-CASSERT((1 << CPU_DATA_LOG2SIZE) == sizeof(cpu_data_t),
- assert_cpu_data_log2size_mismatch);
+CASSERT(CPU_DATA_SIZE == sizeof(cpu_data_t),
+ assert_cpu_data_size_mismatch);
CASSERT(CPU_DATA_CPU_OPS_PTR == __builtin_offsetof
(cpu_data_t, cpu_ops_ptr),
diff --git a/lib/el3_runtime/aarch32/cpu_data.S b/lib/el3_runtime/aarch32/cpu_data.S
index 3d6b806..68d6415 100644
--- a/lib/el3_runtime/aarch32/cpu_data.S
+++ b/lib/el3_runtime/aarch32/cpu_data.S
@@ -34,7 +34,9 @@
* -----------------------------------------------------------------
*/
func _cpu_data_by_index
+ mov_imm r1, CPU_DATA_SIZE
+ mul r0, r0, r1
ldr r1, =percpu_data
- add r0, r1, r0, LSL #CPU_DATA_LOG2SIZE
+ add r0, r0, r1
bx lr
endfunc _cpu_data_by_index
diff --git a/lib/el3_runtime/aarch64/cpu_data.S b/lib/el3_runtime/aarch64/cpu_data.S
index de48816..96be081 100644
--- a/lib/el3_runtime/aarch64/cpu_data.S
+++ b/lib/el3_runtime/aarch64/cpu_data.S
@@ -39,7 +39,9 @@
* -----------------------------------------------------------------
*/
func _cpu_data_by_index
+ mov_imm x1, CPU_DATA_SIZE
+ mul x0, x0, x1
adr x1, percpu_data
- add x0, x1, x0, LSL #CPU_DATA_LOG2SIZE
+ add x0, x0, x1
ret
endfunc _cpu_data_by_index
diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index 302d937..8601046 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@@ -81,6 +81,9 @@
# operations.
HW_ASSISTED_COHERENCY := 0
+# Set the default algorithm for the generation of Trusted Board Boot keys
+KEY_ALG := rsa
+
# Flag to enable new version of image loading
LOAD_IMAGE_V2 := 0
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index 20372c2..af94ac2 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -174,9 +174,6 @@
ifneq (${TRUSTED_BOARD_BOOT},0)
- # By default, ARM platforms use RSA keys
- KEY_ALG := rsa
-
# Include common TBB sources
AUTH_SOURCES := drivers/auth/auth_mod.c \
drivers/auth/crypto_mod.c \
@@ -195,8 +192,6 @@
$(eval $(call FWU_FIP_ADD_IMG,NS_BL2U,--fwu))
- TF_MBEDTLS_KEY_ALG := ${KEY_ALG}
-
# We expect to locate the *.mk files under the directories specified below
ifeq (${ARM_CRYPTOCELL_INTEG},0)
CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
diff --git a/plat/hisilicon/hikey/aarch64/hikey_common.c b/plat/hisilicon/hikey/aarch64/hikey_common.c
index 20a95bf..02a00ac 100644
--- a/plat/hisilicon/hikey/aarch64/hikey_common.c
+++ b/plat/hisilicon/hikey/aarch64/hikey_common.c
@@ -28,6 +28,15 @@
TSP_SEC_MEM_SIZE, \
MT_MEMORY | MT_RW | MT_SECURE)
+#if LOAD_IMAGE_V2
+#ifdef SPD_opteed
+#define MAP_OPTEE_PAGEABLE MAP_REGION_FLAT( \
+ HIKEY_OPTEE_PAGEABLE_LOAD_BASE, \
+ HIKEY_OPTEE_PAGEABLE_LOAD_SIZE, \
+ MT_MEMORY | MT_RW | MT_SECURE)
+#endif
+#endif
+
#define MAP_ROM_PARAM MAP_REGION_FLAT(XG2RAM0_BASE, \
BL1_XG2RAM0_OFFSET, \
MT_DEVICE | MT_RO | MT_SECURE)
@@ -64,6 +73,11 @@
MAP_DDR,
MAP_DEVICE,
MAP_TSP_MEM,
+#if LOAD_IMAGE_V2
+#ifdef SPD_opteed
+ MAP_OPTEE_PAGEABLE,
+#endif
+#endif
{0}
};
#endif
diff --git a/plat/hisilicon/hikey/hikey_bl1_setup.c b/plat/hisilicon/hikey/hikey_bl1_setup.c
index 05e2e35..f59a545 100644
--- a/plat/hisilicon/hikey/hikey_bl1_setup.c
+++ b/plat/hisilicon/hikey/hikey_bl1_setup.c
@@ -58,13 +58,35 @@
return &bl1_tzram_layout;
}
+#if LOAD_IMAGE_V2
+/*******************************************************************************
+ * Function that takes a memory layout into which BL2 has been loaded and
+ * populates a new memory layout for BL2 that ensures that BL1's data sections
+ * resident in secure RAM are not visible to BL2.
+ ******************************************************************************/
+void bl1_init_bl2_mem_layout(const meminfo_t *bl1_mem_layout,
+ meminfo_t *bl2_mem_layout)
+{
+
+ assert(bl1_mem_layout != NULL);
+ assert(bl2_mem_layout != NULL);
+
+ /*
+ * Cannot remove BL1 RW data from the scope of memory visible to BL2
+ * like arm platforms because they overlap in hikey
+ */
+ bl2_mem_layout->total_base = BL2_BASE;
+ bl2_mem_layout->total_size = BL32_SRAM_LIMIT - BL2_BASE;
+
+ flush_dcache_range((unsigned long)bl2_mem_layout, sizeof(meminfo_t));
+}
+#endif /* LOAD_IMAGE_V2 */
+
/*
* Perform any BL1 specific platform actions.
*/
void bl1_early_platform_setup(void)
{
- const size_t bl1_size = BL1_RAM_LIMIT - BL1_RAM_BASE;
-
/* Initialize the console to provide early debug support */
console_init(CONSOLE_BASE, PL011_UART_CLK_IN_HZ, PL011_BAUDRATE);
@@ -72,16 +94,18 @@
bl1_tzram_layout.total_base = BL1_RW_BASE;
bl1_tzram_layout.total_size = BL1_RW_SIZE;
+#if !LOAD_IMAGE_V2
/* Calculate how much RAM BL1 is using and how much remains free */
bl1_tzram_layout.free_base = BL1_RW_BASE;
bl1_tzram_layout.free_size = BL1_RW_SIZE;
reserve_mem(&bl1_tzram_layout.free_base,
&bl1_tzram_layout.free_size,
BL1_RAM_BASE,
- bl1_size);
+ BL1_RAM_LIMIT - BL1_RAM_BASE); /* bl1_size */
+#endif
INFO("BL1: 0x%lx - 0x%lx [size = %lu]\n", BL1_RAM_BASE, BL1_RAM_LIMIT,
- bl1_size);
+ BL1_RAM_LIMIT - BL1_RAM_BASE); /* bl1_size */
}
/*
diff --git a/plat/hisilicon/hikey/hikey_bl2_mem_params_desc.c b/plat/hisilicon/hikey/hikey_bl2_mem_params_desc.c
new file mode 100644
index 0000000..50ca015
--- /dev/null
+++ b/plat/hisilicon/hikey/hikey_bl2_mem_params_desc.c
@@ -0,0 +1,165 @@
+/*
+ * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <bl_common.h>
+#include <desc_image_load.h>
+#include <platform.h>
+#include <platform_def.h>
+
+
+/*******************************************************************************
+ * Following descriptor provides BL image/ep information that gets used
+ * by BL2 to load the images and also subset of this information is
+ * passed to next BL image. The image loading sequence is managed by
+ * populating the images in required loading order. The image execution
+ * sequence is managed by populating the `next_handoff_image_id` with
+ * the next executable image id.
+ ******************************************************************************/
+static bl_mem_params_node_t bl2_mem_params_descs[] = {
+#ifdef SCP_BL2_BASE
+ /* Fill SCP_BL2 related information if it exists */
+ {
+ .image_id = SCP_BL2_IMAGE_ID,
+
+ SET_STATIC_PARAM_HEAD(ep_info, PARAM_IMAGE_BINARY,
+ VERSION_2, entry_point_info_t, SECURE | NON_EXECUTABLE),
+
+ SET_STATIC_PARAM_HEAD(image_info, PARAM_IMAGE_BINARY,
+ VERSION_2, image_info_t, 0),
+ .image_info.image_base = SCP_BL2_BASE,
+ .image_info.image_max_size = SCP_BL2_SIZE,
+
+ .next_handoff_image_id = INVALID_IMAGE_ID,
+ },
+#endif /* SCP_BL2_BASE */
+
+#ifdef EL3_PAYLOAD_BASE
+ /* Fill EL3 payload related information (BL31 is EL3 payload)*/
+ {
+ .image_id = BL31_IMAGE_ID,
+
+ SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP,
+ VERSION_2, entry_point_info_t,
+ SECURE | EXECUTABLE | EP_FIRST_EXE),
+ .ep_info.pc = EL3_PAYLOAD_BASE,
+ .ep_info.spsr = SPSR_64(MODE_EL3, MODE_SP_ELX,
+ DISABLE_ALL_EXCEPTIONS),
+
+ SET_STATIC_PARAM_HEAD(image_info, PARAM_EP,
+ VERSION_2, image_info_t,
+ IMAGE_ATTRIB_PLAT_SETUP | IMAGE_ATTRIB_SKIP_LOADING),
+
+ .next_handoff_image_id = INVALID_IMAGE_ID,
+ },
+
+#else /* EL3_PAYLOAD_BASE */
+
+ /* Fill BL31 related information */
+ {
+ .image_id = BL31_IMAGE_ID,
+
+ SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP,
+ VERSION_2, entry_point_info_t,
+ SECURE | EXECUTABLE | EP_FIRST_EXE),
+ .ep_info.pc = BL31_BASE,
+ .ep_info.spsr = SPSR_64(MODE_EL3, MODE_SP_ELX,
+ DISABLE_ALL_EXCEPTIONS),
+#if DEBUG
+ .ep_info.args.arg1 = HIKEY_BL31_PLAT_PARAM_VAL,
+#endif
+
+ SET_STATIC_PARAM_HEAD(image_info, PARAM_EP,
+ VERSION_2, image_info_t, IMAGE_ATTRIB_PLAT_SETUP),
+ .image_info.image_base = BL31_BASE,
+ .image_info.image_max_size = BL31_LIMIT - BL31_BASE,
+
+# ifdef BL32_BASE
+ .next_handoff_image_id = BL32_IMAGE_ID,
+# else
+ .next_handoff_image_id = BL33_IMAGE_ID,
+# endif
+ },
+
+# ifdef BL32_BASE
+ /* Fill BL32 related information */
+ {
+ .image_id = BL32_IMAGE_ID,
+
+ SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP,
+ VERSION_2, entry_point_info_t, SECURE | EXECUTABLE),
+ .ep_info.pc = BL32_BASE,
+
+ SET_STATIC_PARAM_HEAD(image_info, PARAM_EP,
+ VERSION_2, image_info_t, 0),
+ .image_info.image_base = BL32_BASE,
+ .image_info.image_max_size = BL32_LIMIT - BL32_BASE,
+
+ .next_handoff_image_id = BL33_IMAGE_ID,
+ },
+
+ /*
+ * Fill BL32 external 1 related information.
+ * A typical use for extra1 image is with OP-TEE where it is the pager image.
+ */
+ {
+ .image_id = BL32_EXTRA1_IMAGE_ID,
+
+ SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP,
+ VERSION_2, entry_point_info_t, SECURE | NON_EXECUTABLE),
+
+ SET_STATIC_PARAM_HEAD(image_info, PARAM_EP,
+ VERSION_2, image_info_t, IMAGE_ATTRIB_SKIP_LOADING),
+ .image_info.image_base = BL32_BASE,
+ .image_info.image_max_size = BL32_LIMIT - BL32_BASE,
+
+ .next_handoff_image_id = INVALID_IMAGE_ID,
+ },
+
+ /*
+ * Fill BL32 external 2 related information.
+ * A typical use for extra2 image is with OP-TEE where it is the paged image.
+ */
+ {
+ .image_id = BL32_EXTRA2_IMAGE_ID,
+
+ SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP,
+ VERSION_2, entry_point_info_t, SECURE | NON_EXECUTABLE),
+
+ SET_STATIC_PARAM_HEAD(image_info, PARAM_EP,
+ VERSION_2, image_info_t, IMAGE_ATTRIB_SKIP_LOADING),
+#ifdef SPD_opteed
+ .image_info.image_base = HIKEY_OPTEE_PAGEABLE_LOAD_BASE,
+ .image_info.image_max_size = HIKEY_OPTEE_PAGEABLE_LOAD_SIZE,
+#endif
+ .next_handoff_image_id = INVALID_IMAGE_ID,
+ },
+# endif /* BL32_BASE */
+
+ /* Fill BL33 related information */
+ {
+ .image_id = BL33_IMAGE_ID,
+ SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP,
+ VERSION_2, entry_point_info_t, NON_SECURE | EXECUTABLE),
+# ifdef PRELOADED_BL33_BASE
+ .ep_info.pc = PRELOADED_BL33_BASE,
+
+ SET_STATIC_PARAM_HEAD(image_info, PARAM_EP,
+ VERSION_2, image_info_t, IMAGE_ATTRIB_SKIP_LOADING),
+# else
+ .ep_info.pc = HIKEY_NS_IMAGE_OFFSET,
+
+ SET_STATIC_PARAM_HEAD(image_info, PARAM_EP,
+ VERSION_2, image_info_t, 0),
+ .image_info.image_base = HIKEY_NS_IMAGE_OFFSET,
+ .image_info.image_max_size = 0x200000 /* 2MB */,
+# endif /* PRELOADED_BL33_BASE */
+
+ .next_handoff_image_id = INVALID_IMAGE_ID,
+ }
+#endif /* EL3_PAYLOAD_BASE */
+};
+
+REGISTER_BL_IMAGE_DESCS(bl2_mem_params_descs)
diff --git a/plat/hisilicon/hikey/hikey_bl2_setup.c b/plat/hisilicon/hikey/hikey_bl2_setup.c
index 13dc6c9..968da9b 100644
--- a/plat/hisilicon/hikey/hikey_bl2_setup.c
+++ b/plat/hisilicon/hikey/hikey_bl2_setup.c
@@ -9,6 +9,7 @@
#include <bl_common.h>
#include <console.h>
#include <debug.h>
+#include <desc_image_load.h>
#include <dw_mmc.h>
#include <emmc.h>
#include <errno.h>
@@ -16,6 +17,11 @@
#include <hisi_mcu.h>
#include <hisi_sram_map.h>
#include <mmio.h>
+#if LOAD_IMAGE_V2
+#ifdef SPD_opteed
+#include <optee_utils.h>
+#endif
+#endif
#include <platform_def.h>
#include <sp804_delay_timer.h>
#include <string.h>
@@ -44,6 +50,13 @@
static meminfo_t bl2_tzram_layout __aligned(CACHE_WRITEBACK_GRANULE);
+#if !LOAD_IMAGE_V2
+
+/*******************************************************************************
+ * This structure represents the superset of information that is passed to
+ * BL31, e.g. while passing control to it from BL2, bl31_params
+ * and other platform specific params
+ ******************************************************************************/
typedef struct bl2_to_bl31_params_mem {
bl31_params_t bl31_params;
image_info_t bl31_image_info;
@@ -68,8 +81,17 @@
scp_bl2_meminfo->free_base = SCP_BL2_BASE;
scp_bl2_meminfo->free_size = SCP_BL2_SIZE;
}
+#endif /* LOAD_IMAGE_V2 */
+/*******************************************************************************
+ * Transfer SCP_BL2 from Trusted RAM using the SCP Download protocol.
+ * Return 0 on success, -1 otherwise.
+ ******************************************************************************/
+#if LOAD_IMAGE_V2
+int plat_hikey_bl2_handle_scp_bl2(image_info_t *scp_bl2_image_info)
+#else
int bl2_plat_handle_scp_bl2(struct image_info *scp_bl2_image_info)
+#endif
{
/* Enable MCU SRAM */
hisi_mcu_enable_sram();
@@ -86,6 +108,121 @@
__func__, mmio_read_32(AO_SC_PERIPH_CLKSTAT4));
return 0;
}
+
+/*******************************************************************************
+ * Gets SPSR for BL32 entry
+ ******************************************************************************/
+uint32_t hikey_get_spsr_for_bl32_entry(void)
+{
+ /*
+ * The Secure Payload Dispatcher service is responsible for
+ * setting the SPSR prior to entry into the BL3-2 image.
+ */
+ return 0;
+}
+
+/*******************************************************************************
+ * Gets SPSR for BL33 entry
+ ******************************************************************************/
+#ifndef AARCH32
+uint32_t hikey_get_spsr_for_bl33_entry(void)
+{
+ unsigned int mode;
+ uint32_t spsr;
+
+ /* Figure out what mode we enter the non-secure world in */
+ mode = EL_IMPLEMENTED(2) ? MODE_EL2 : MODE_EL1;
+
+ /*
+ * TODO: Consider the possibility of specifying the SPSR in
+ * the FIP ToC and allowing the platform to have a say as
+ * well.
+ */
+ spsr = SPSR_64(mode, MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS);
+ return spsr;
+}
+#else
+uint32_t hikey_get_spsr_for_bl33_entry(void)
+{
+ unsigned int hyp_status, mode, spsr;
+
+ hyp_status = GET_VIRT_EXT(read_id_pfr1());
+
+ mode = (hyp_status) ? MODE32_hyp : MODE32_svc;
+
+ /*
+ * TODO: Consider the possibility of specifying the SPSR in
+ * the FIP ToC and allowing the platform to have a say as
+ * well.
+ */
+ spsr = SPSR_MODE32(mode, plat_get_ns_image_entrypoint() & 0x1,
+ SPSR_E_LITTLE, DISABLE_ALL_EXCEPTIONS);
+ return spsr;
+}
+#endif /* AARCH32 */
+
+#if LOAD_IMAGE_V2
+int hikey_bl2_handle_post_image_load(unsigned int image_id)
+{
+ int err = 0;
+ bl_mem_params_node_t *bl_mem_params = get_bl_mem_params_node(image_id);
+#ifdef SPD_opteed
+ bl_mem_params_node_t *pager_mem_params = NULL;
+ bl_mem_params_node_t *paged_mem_params = NULL;
+#endif
+ assert(bl_mem_params);
+
+ switch (image_id) {
+#ifdef AARCH64
+ case BL32_IMAGE_ID:
+#ifdef SPD_opteed
+ pager_mem_params = get_bl_mem_params_node(BL32_EXTRA1_IMAGE_ID);
+ assert(pager_mem_params);
+
+ paged_mem_params = get_bl_mem_params_node(BL32_EXTRA2_IMAGE_ID);
+ assert(paged_mem_params);
+
+ err = parse_optee_header(&bl_mem_params->ep_info,
+ &pager_mem_params->image_info,
+ &paged_mem_params->image_info);
+ if (err != 0) {
+ WARN("OPTEE header parse error.\n");
+ }
+#endif
+ bl_mem_params->ep_info.spsr = hikey_get_spsr_for_bl32_entry();
+ break;
+#endif
+
+ case BL33_IMAGE_ID:
+ /* BL33 expects to receive the primary CPU MPID (through r0) */
+ bl_mem_params->ep_info.args.arg0 = 0xffff & read_mpidr();
+ bl_mem_params->ep_info.spsr = hikey_get_spsr_for_bl33_entry();
+ break;
+
+#ifdef SCP_BL2_BASE
+ case SCP_BL2_IMAGE_ID:
+ /* The subsequent handling of SCP_BL2 is platform specific */
+ err = plat_hikey_bl2_handle_scp_bl2(&bl_mem_params->image_info);
+ if (err) {
+ WARN("Failure in platform-specific handling of SCP_BL2 image.\n");
+ }
+ break;
+#endif
+ }
+
+ return err;
+}
+
+/*******************************************************************************
+ * This function can be used by the platforms to update/use image
+ * information for given `image_id`.
+ ******************************************************************************/
+int bl2_plat_handle_post_image_load(unsigned int image_id)
+{
+ return hikey_bl2_handle_post_image_load(image_id);
+}
+
+#else /* LOAD_IMAGE_V2 */
bl31_params_t *bl2_plat_get_bl31_params(void)
{
@@ -133,6 +270,10 @@
struct entry_point_info *bl2_plat_get_bl31_ep_info(void)
{
+#if DEBUG
+ bl31_params_mem.bl31_ep_info.args.arg1 = HIKEY_BL31_PLAT_PARAM_VAL;
+#endif
+
return &bl31_params_mem.bl31_ep_info;
}
@@ -217,6 +358,7 @@
bl33_meminfo->free_base = DDR_BASE;
bl33_meminfo->free_size = DDR_SIZE;
}
+#endif /* LOAD_IMAGE_V2 */
static void reset_dwmmc_clk(void)
{
diff --git a/plat/hisilicon/hikey/hikey_bl31_setup.c b/plat/hisilicon/hikey/hikey_bl31_setup.c
index 82bd97e..c592fc7 100644
--- a/plat/hisilicon/hikey/hikey_bl31_setup.c
+++ b/plat/hisilicon/hikey/hikey_bl31_setup.c
@@ -69,7 +69,7 @@
CCI400_SL_IFACE4_CLUSTER_IX
};
-entry_point_info_t *bl31_plat_get_next_image_ep_info(unsigned int type)
+entry_point_info_t *bl31_plat_get_next_image_ep_info(uint32_t type)
{
entry_point_info_t *next_image_info;
@@ -81,8 +81,13 @@
return NULL;
}
+#if LOAD_IMAGE_V2
+void bl31_early_platform_setup(void *from_bl2,
+ void *plat_params_from_bl2)
+#else
void bl31_early_platform_setup(bl31_params_t *from_bl2,
void *plat_params_from_bl2)
+#endif
{
/* Initialize the console to provide early debug support */
console_init(CONSOLE_BASE, PL011_UART_CLK_IN_HZ, PL011_BAUDRATE);
@@ -91,12 +96,50 @@
cci_init(CCI400_BASE, cci_map, ARRAY_SIZE(cci_map));
cci_enable_snoop_dvm_reqs(MPIDR_AFFLVL1_VAL(read_mpidr_el1()));
+#if LOAD_IMAGE_V2
+ /*
+ * Check params passed from BL2 should not be NULL,
+ */
+ bl_params_t *params_from_bl2 = (bl_params_t *)from_bl2;
+ assert(params_from_bl2 != NULL);
+ assert(params_from_bl2->h.type == PARAM_BL_PARAMS);
+ assert(params_from_bl2->h.version >= VERSION_2);
+
+ bl_params_node_t *bl_params = params_from_bl2->head;
+
+ /*
+ * Copy BL33 and BL32 (if present), entry point information.
+ * They are stored in Secure RAM, in BL2's address space.
+ */
+ while (bl_params) {
+ if (bl_params->image_id == BL32_IMAGE_ID)
+ bl32_ep_info = *bl_params->ep_info;
+
+ if (bl_params->image_id == BL33_IMAGE_ID)
+ bl33_ep_info = *bl_params->ep_info;
+
+ bl_params = bl_params->next_params_info;
+ }
+
+ if (bl33_ep_info.pc == 0)
+ panic();
+
+#else /* LOAD_IMAGE_V2 */
+
+ /*
+ * Check params passed from BL2 should not be NULL,
+ */
+ assert(from_bl2 != NULL);
+ assert(from_bl2->h.type == PARAM_BL31);
+ assert(from_bl2->h.version >= VERSION_1);
+
/*
* Copy BL3-2 and BL3-3 entry point information.
* They are stored in Secure RAM, in BL2's address space.
*/
bl32_ep_info = *from_bl2->bl32_ep_info;
bl33_ep_info = *from_bl2->bl33_ep_info;
+#endif /* LOAD_IMAGE_V2 */
}
void bl31_plat_arch_setup(void)
diff --git a/plat/hisilicon/hikey/hikey_def.h b/plat/hisilicon/hikey/hikey_def.h
index bbad10f..668b459 100644
--- a/plat/hisilicon/hikey/hikey_def.h
+++ b/plat/hisilicon/hikey/hikey_def.h
@@ -33,7 +33,7 @@
* - Non-secure DDR (8MB) reserved for OP-TEE's future use
*/
#define DDR_SEC_SIZE 0x01000000
-#define DDR_SEC_BASE (DDR_BASE + DDR_SIZE - DDR_SEC_SIZE)
+#define DDR_SEC_BASE (DDR_BASE + DDR_SIZE - DDR_SEC_SIZE) /* 0x3F000000 */
#define DDR_SDP_SIZE 0x00400000
#define DDR_SDP_BASE (DDR_SEC_BASE - 0x400000 /* align */ - \
diff --git a/plat/hisilicon/hikey/hikey_image_load.c b/plat/hisilicon/hikey/hikey_image_load.c
new file mode 100644
index 0000000..32ca36d
--- /dev/null
+++ b/plat/hisilicon/hikey/hikey_image_load.c
@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <bl_common.h>
+#include <desc_image_load.h>
+#include <platform.h>
+
+/*******************************************************************************
+ * This function flushes the data structures so that they are visible
+ * in memory for the next BL image.
+ ******************************************************************************/
+void plat_flush_next_bl_params(void)
+{
+ flush_bl_params_desc();
+}
+
+/*******************************************************************************
+ * This function returns the list of loadable images.
+ ******************************************************************************/
+bl_load_info_t *plat_get_bl_image_load_info(void)
+{
+ return get_bl_load_info_from_mem_params_desc();
+}
+
+/*******************************************************************************
+ * This function returns the list of executable images.
+ ******************************************************************************/
+bl_params_t *plat_get_next_bl_params(void)
+{
+ return get_next_bl_params_from_mem_params_desc();
+}
diff --git a/plat/hisilicon/hikey/hikey_io_storage.c b/plat/hisilicon/hikey/hikey_io_storage.c
index c61ec2c..60ec42b 100644
--- a/plat/hisilicon/hikey/hikey_io_storage.c
+++ b/plat/hisilicon/hikey/hikey_io_storage.c
@@ -77,6 +77,14 @@
.uuid = UUID_SECURE_PAYLOAD_BL32,
};
+static const io_uuid_spec_t bl32_extra1_uuid_spec = {
+ .uuid = UUID_SECURE_PAYLOAD_BL32_EXTRA1,
+};
+
+static const io_uuid_spec_t bl32_extra2_uuid_spec = {
+ .uuid = UUID_SECURE_PAYLOAD_BL32_EXTRA2,
+};
+
static const io_uuid_spec_t bl33_uuid_spec = {
.uuid = UUID_NON_TRUSTED_FIRMWARE_BL33,
};
@@ -111,6 +119,16 @@
(uintptr_t)&bl32_uuid_spec,
check_fip
},
+ [BL32_EXTRA1_IMAGE_ID] = {
+ &fip_dev_handle,
+ (uintptr_t)&bl32_extra1_uuid_spec,
+ check_fip
+ },
+ [BL32_EXTRA2_IMAGE_ID] = {
+ &fip_dev_handle,
+ (uintptr_t)&bl32_extra2_uuid_spec,
+ check_fip
+ },
[BL33_IMAGE_ID] = {
&fip_dev_handle,
(uintptr_t)&bl33_uuid_spec,
diff --git a/plat/hisilicon/hikey/include/platform_def.h b/plat/hisilicon/hikey/include/platform_def.h
index af15232..0c736ab 100644
--- a/plat/hisilicon/hikey/include/platform_def.h
+++ b/plat/hisilicon/hikey/include/platform_def.h
@@ -10,6 +10,9 @@
#include <arch.h>
#include "../hikey_def.h"
+/* Special value used to verify platform parameters from BL2 to BL3-1 */
+#define HIKEY_BL31_PLAT_PARAM_VAL 0x0f1e2d3c4b5a6978ULL
+
/*
* Generic platform constants
*/
@@ -94,7 +97,7 @@
/*
* BL31 specific defines.
*/
-#define BL31_BASE BL2_LIMIT
+#define BL31_BASE BL2_LIMIT /* 0xf985_8000 */
#define BL31_LIMIT 0xF9898000
/*
@@ -110,6 +113,14 @@
#define BL32_DRAM_BASE DDR_SEC_BASE
#define BL32_DRAM_LIMIT (DDR_SEC_BASE+DDR_SEC_SIZE)
+#if LOAD_IMAGE_V2
+#ifdef SPD_opteed
+/* Load pageable part of OP-TEE at end of allocated DRAM space for BL32 */
+#define HIKEY_OPTEE_PAGEABLE_LOAD_BASE (BL32_DRAM_LIMIT - HIKEY_OPTEE_PAGEABLE_LOAD_SIZE) /* 0x3FC0_0000 */
+#define HIKEY_OPTEE_PAGEABLE_LOAD_SIZE 0x400000 /* 4MB */
+#endif
+#endif
+
#if (HIKEY_TSP_RAM_LOCATION_ID == HIKEY_DRAM_ID)
#define TSP_SEC_MEM_BASE BL32_DRAM_BASE
#define TSP_SEC_MEM_SIZE (BL32_DRAM_LIMIT - BL32_DRAM_BASE)
@@ -133,7 +144,7 @@
*/
#define ADDR_SPACE_SIZE (1ull << 32)
-#if IMAGE_BL1 || IMAGE_BL2 || IMAGE_BL32
+#if IMAGE_BL1 || IMAGE_BL32
#define MAX_XLAT_TABLES 3
#endif
@@ -141,6 +152,18 @@
#define MAX_XLAT_TABLES 4
#endif
+#if IMAGE_BL2
+#if LOAD_IMAGE_V2
+#ifdef SPD_opteed
+#define MAX_XLAT_TABLES 4
+#else
+#define MAX_XLAT_TABLES 3
+#endif
+#else
+#define MAX_XLAT_TABLES 3
+#endif
+#endif
+
#define MAX_MMAP_REGIONS 16
#define HIKEY_NS_IMAGE_OFFSET (DDR_BASE + 0x35000000)
diff --git a/plat/hisilicon/hikey/platform.mk b/plat/hisilicon/hikey/platform.mk
index 8da3998..26218a4 100644
--- a/plat/hisilicon/hikey/platform.mk
+++ b/plat/hisilicon/hikey/platform.mk
@@ -4,6 +4,9 @@
# SPDX-License-Identifier: BSD-3-Clause
#
+# Enable version2 of image loading
+LOAD_IMAGE_V2 := 1
+
# On Hikey, the TSP can execute from TZC secure area in DRAM (default)
# or SRAM.
HIKEY_TSP_RAM_LOCATION := dram
@@ -29,6 +32,15 @@
$(eval $(call add_define,PLAT_PL061_MAX_GPIOS))
$(eval $(call add_define,PLAT_PARTITION_MAX_ENTRIES))
+# Add the build options to pack Trusted OS Extra1 and Trusted OS Extra2 images
+# in the FIP if the platform requires.
+ifneq ($(BL32_EXTRA1),)
+$(eval $(call FIP_ADD_IMG,BL32_EXTRA1,--tos-fw-extra1))
+endif
+ifneq ($(BL32_EXTRA2),)
+$(eval $(call FIP_ADD_IMG,BL32_EXTRA2,--tos-fw-extra2))
+endif
+
ENABLE_PLAT_COMPAT := 0
USE_COHERENT_MEM := 1
@@ -70,6 +82,16 @@
plat/hisilicon/hikey/hisi_dvfs.c \
plat/hisilicon/hikey/hisi_mcu.c
+ifeq (${LOAD_IMAGE_V2},1)
+BL2_SOURCES += plat/hisilicon/hikey/hikey_bl2_mem_params_desc.c \
+ plat/hisilicon/hikey/hikey_image_load.c \
+ common/desc_image_load.c
+
+ifeq (${SPD},opteed)
+BL2_SOURCES += lib/optee/optee_utils.c
+endif
+endif
+
HIKEY_GIC_SOURCES := drivers/arm/gic/common/gic_common.c \
drivers/arm/gic/v2/gicv2_main.c \
drivers/arm/gic/v2/gicv2_helpers.c \
diff --git a/plat/hisilicon/hikey960/aarch64/hikey960_common.c b/plat/hisilicon/hikey960/aarch64/hikey960_common.c
index 7068fb6..bce0c96 100644
--- a/plat/hisilicon/hikey960/aarch64/hikey960_common.c
+++ b/plat/hisilicon/hikey960/aarch64/hikey960_common.c
@@ -41,6 +41,15 @@
TSP_SEC_MEM_SIZE, \
MT_MEMORY | MT_RW | MT_SECURE)
+#if LOAD_IMAGE_V2
+#ifdef SPD_opteed
+#define MAP_OPTEE_PAGEABLE MAP_REGION_FLAT( \
+ HIKEY960_OPTEE_PAGEABLE_LOAD_BASE, \
+ HIKEY960_OPTEE_PAGEABLE_LOAD_SIZE, \
+ MT_MEMORY | MT_RW | MT_SECURE)
+#endif
+#endif
+
/*
* Table of regions for different BL stages to map using the MMU.
* This doesn't include Trusted RAM as the 'mem_layout' argument passed to
@@ -61,6 +70,11 @@
MAP_DDR,
MAP_DEVICE,
MAP_TSP_MEM,
+#if LOAD_IMAGE_V2
+#ifdef SPD_opteed
+ MAP_OPTEE_PAGEABLE,
+#endif
+#endif
{0}
};
#endif
diff --git a/plat/hisilicon/hikey960/hikey960_bl1_setup.c b/plat/hisilicon/hikey960/hikey960_bl1_setup.c
index 54e7347..6dfada7 100644
--- a/plat/hisilicon/hikey960/hikey960_bl1_setup.c
+++ b/plat/hisilicon/hikey960/hikey960_bl1_setup.c
@@ -74,12 +74,35 @@
return &bl1_tzram_layout;
}
+#if LOAD_IMAGE_V2
+/*******************************************************************************
+ * Function that takes a memory layout into which BL2 has been loaded and
+ * populates a new memory layout for BL2 that ensures that BL1's data sections
+ * resident in secure RAM are not visible to BL2.
+ ******************************************************************************/
+void bl1_init_bl2_mem_layout(const meminfo_t *bl1_mem_layout,
+ meminfo_t *bl2_mem_layout)
+{
+
+ assert(bl1_mem_layout != NULL);
+ assert(bl2_mem_layout != NULL);
+
+ /*
+ * Cannot remove BL1 RW data from the scope of memory visible to BL2
+ * like arm platforms because they overlap in hikey960
+ */
+ bl2_mem_layout->total_base = BL2_BASE;
+ bl2_mem_layout->total_size = NS_BL1U_LIMIT - BL2_BASE;
+
+ flush_dcache_range((unsigned long)bl2_mem_layout, sizeof(meminfo_t));
+}
+#endif /* LOAD_IMAGE_V2 */
+
/*
* Perform any BL1 specific platform actions.
*/
void bl1_early_platform_setup(void)
{
- const size_t bl1_size = BL1_RAM_LIMIT - BL1_RAM_BASE;
unsigned int id, uart_base;
generic_delay_timer_init();
@@ -95,16 +118,18 @@
bl1_tzram_layout.total_base = BL1_RW_BASE;
bl1_tzram_layout.total_size = BL1_RW_SIZE;
+#if !LOAD_IMAGE_V2
/* Calculate how much RAM BL1 is using and how much remains free */
bl1_tzram_layout.free_base = BL1_RW_BASE;
bl1_tzram_layout.free_size = BL1_RW_SIZE;
reserve_mem(&bl1_tzram_layout.free_base,
&bl1_tzram_layout.free_size,
BL1_RAM_BASE,
- bl1_size);
+ BL1_RAM_LIMIT - BL1_RAM_BASE); /* bl1_size */
+#endif /* LOAD_IMAGE_V2 */
INFO("BL1: 0x%lx - 0x%lx [size = %lu]\n", BL1_RAM_BASE, BL1_RAM_LIMIT,
- bl1_size);
+ BL1_RAM_LIMIT - BL1_RAM_BASE); /* bl1_size */
}
/*
diff --git a/plat/hisilicon/hikey960/hikey960_bl2_mem_params_desc.c b/plat/hisilicon/hikey960/hikey960_bl2_mem_params_desc.c
new file mode 100644
index 0000000..b59f897
--- /dev/null
+++ b/plat/hisilicon/hikey960/hikey960_bl2_mem_params_desc.c
@@ -0,0 +1,165 @@
+/*
+ * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <bl_common.h>
+#include <desc_image_load.h>
+#include <platform.h>
+#include <platform_def.h>
+
+
+/*******************************************************************************
+ * Following descriptor provides BL image/ep information that gets used
+ * by BL2 to load the images and also subset of this information is
+ * passed to next BL image. The image loading sequence is managed by
+ * populating the images in required loading order. The image execution
+ * sequence is managed by populating the `next_handoff_image_id` with
+ * the next executable image id.
+ ******************************************************************************/
+static bl_mem_params_node_t bl2_mem_params_descs[] = {
+#ifdef SCP_BL2_BASE
+ /* Fill SCP_BL2 related information if it exists */
+ {
+ .image_id = SCP_BL2_IMAGE_ID,
+
+ SET_STATIC_PARAM_HEAD(ep_info, PARAM_IMAGE_BINARY,
+ VERSION_2, entry_point_info_t, SECURE | NON_EXECUTABLE),
+
+ SET_STATIC_PARAM_HEAD(image_info, PARAM_IMAGE_BINARY,
+ VERSION_2, image_info_t, 0),
+ .image_info.image_base = SCP_BL2_BASE,
+ .image_info.image_max_size = SCP_BL2_SIZE,
+
+ .next_handoff_image_id = INVALID_IMAGE_ID,
+ },
+#endif /* SCP_BL2_BASE */
+
+#ifdef EL3_PAYLOAD_BASE
+ /* Fill EL3 payload related information (BL31 is EL3 payload)*/
+ {
+ .image_id = BL31_IMAGE_ID,
+
+ SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP,
+ VERSION_2, entry_point_info_t,
+ SECURE | EXECUTABLE | EP_FIRST_EXE),
+ .ep_info.pc = EL3_PAYLOAD_BASE,
+ .ep_info.spsr = SPSR_64(MODE_EL3, MODE_SP_ELX,
+ DISABLE_ALL_EXCEPTIONS),
+
+ SET_STATIC_PARAM_HEAD(image_info, PARAM_EP,
+ VERSION_2, image_info_t,
+ IMAGE_ATTRIB_PLAT_SETUP | IMAGE_ATTRIB_SKIP_LOADING),
+
+ .next_handoff_image_id = INVALID_IMAGE_ID,
+ },
+
+#else /* EL3_PAYLOAD_BASE */
+
+ /* Fill BL31 related information */
+ {
+ .image_id = BL31_IMAGE_ID,
+
+ SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP,
+ VERSION_2, entry_point_info_t,
+ SECURE | EXECUTABLE | EP_FIRST_EXE),
+ .ep_info.pc = BL31_BASE,
+ .ep_info.spsr = SPSR_64(MODE_EL3, MODE_SP_ELX,
+ DISABLE_ALL_EXCEPTIONS),
+#if DEBUG
+ .ep_info.args.arg1 = HIKEY960_BL31_PLAT_PARAM_VAL,
+#endif
+
+ SET_STATIC_PARAM_HEAD(image_info, PARAM_EP,
+ VERSION_2, image_info_t, IMAGE_ATTRIB_PLAT_SETUP),
+ .image_info.image_base = BL31_BASE,
+ .image_info.image_max_size = BL31_LIMIT - BL31_BASE,
+
+# ifdef BL32_BASE
+ .next_handoff_image_id = BL32_IMAGE_ID,
+# else
+ .next_handoff_image_id = BL33_IMAGE_ID,
+# endif
+ },
+
+# ifdef BL32_BASE
+ /* Fill BL32 related information */
+ {
+ .image_id = BL32_IMAGE_ID,
+
+ SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP,
+ VERSION_2, entry_point_info_t, SECURE | EXECUTABLE),
+ .ep_info.pc = BL32_BASE,
+
+ SET_STATIC_PARAM_HEAD(image_info, PARAM_EP,
+ VERSION_2, image_info_t, 0),
+ .image_info.image_base = BL32_BASE,
+ .image_info.image_max_size = BL32_LIMIT - BL32_BASE,
+
+ .next_handoff_image_id = BL33_IMAGE_ID,
+ },
+
+ /*
+ * Fill BL32 external 1 related information.
+ * A typical use for extra1 image is with OP-TEE where it is the pager image.
+ */
+ {
+ .image_id = BL32_EXTRA1_IMAGE_ID,
+
+ SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP,
+ VERSION_2, entry_point_info_t, SECURE | NON_EXECUTABLE),
+
+ SET_STATIC_PARAM_HEAD(image_info, PARAM_EP,
+ VERSION_2, image_info_t, IMAGE_ATTRIB_SKIP_LOADING),
+ .image_info.image_base = BL32_BASE,
+ .image_info.image_max_size = BL32_LIMIT - BL32_BASE,
+
+ .next_handoff_image_id = INVALID_IMAGE_ID,
+ },
+
+ /*
+ * Fill BL32 external 2 related information.
+ * A typical use for extra2 image is with OP-TEE where it is the paged image.
+ */
+ {
+ .image_id = BL32_EXTRA2_IMAGE_ID,
+
+ SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP,
+ VERSION_2, entry_point_info_t, SECURE | NON_EXECUTABLE),
+
+ SET_STATIC_PARAM_HEAD(image_info, PARAM_EP,
+ VERSION_2, image_info_t, IMAGE_ATTRIB_SKIP_LOADING),
+#ifdef SPD_opteed
+ .image_info.image_base = HIKEY960_OPTEE_PAGEABLE_LOAD_BASE,
+ .image_info.image_max_size = HIKEY960_OPTEE_PAGEABLE_LOAD_SIZE,
+#endif
+ .next_handoff_image_id = INVALID_IMAGE_ID,
+ },
+# endif /* BL32_BASE */
+
+ /* Fill BL33 related information */
+ {
+ .image_id = BL33_IMAGE_ID,
+ SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP,
+ VERSION_2, entry_point_info_t, NON_SECURE | EXECUTABLE),
+# ifdef PRELOADED_BL33_BASE
+ .ep_info.pc = PRELOADED_BL33_BASE,
+
+ SET_STATIC_PARAM_HEAD(image_info, PARAM_EP,
+ VERSION_2, image_info_t, IMAGE_ATTRIB_SKIP_LOADING),
+# else
+ .ep_info.pc = NS_BL1U_BASE,
+
+ SET_STATIC_PARAM_HEAD(image_info, PARAM_EP,
+ VERSION_2, image_info_t, 0),
+ .image_info.image_base = NS_BL1U_BASE,
+ .image_info.image_max_size = 0x200000 /* 2MB */,
+# endif /* PRELOADED_BL33_BASE */
+
+ .next_handoff_image_id = INVALID_IMAGE_ID,
+ }
+#endif /* EL3_PAYLOAD_BASE */
+};
+
+REGISTER_BL_IMAGE_DESCS(bl2_mem_params_descs)
diff --git a/plat/hisilicon/hikey960/hikey960_bl2_setup.c b/plat/hisilicon/hikey960/hikey960_bl2_setup.c
index de676a7..b8d7f9e 100644
--- a/plat/hisilicon/hikey960/hikey960_bl2_setup.c
+++ b/plat/hisilicon/hikey960/hikey960_bl2_setup.c
@@ -9,10 +9,16 @@
#include <bl_common.h>
#include <console.h>
#include <debug.h>
+#include <desc_image_load.h>
#include <errno.h>
#include <generic_delay_timer.h>
#include <hi3660.h>
#include <mmio.h>
+#if LOAD_IMAGE_V2
+#ifdef SPD_opteed
+#include <optee_utils.h>
+#endif
+#endif
#include <platform_def.h>
#include <string.h>
#include <ufs.h>
@@ -41,6 +47,13 @@
static meminfo_t bl2_tzram_layout __aligned(CACHE_WRITEBACK_GRANULE);
+#if !LOAD_IMAGE_V2
+
+/*******************************************************************************
+ * This structure represents the superset of information that is passed to
+ * BL31, e.g. while passing control to it from BL2, bl31_params
+ * and other platform specific params
+ ******************************************************************************/
typedef struct bl2_to_bl31_params_mem {
bl31_params_t bl31_params;
image_info_t bl31_image_info;
@@ -108,28 +121,29 @@
******************************************************************************/
void bl2_plat_get_scp_bl2_meminfo(meminfo_t *scp_bl2_meminfo)
{
- ufs_params_t ufs_params;
-
- memset(&ufs_params, 0, sizeof(ufs_params_t));
- ufs_params.reg_base = UFS_REG_BASE;
- ufs_params.desc_base = HIKEY960_UFS_DESC_BASE;
- ufs_params.desc_size = HIKEY960_UFS_DESC_SIZE;
- ufs_params.flags = UFS_FLAGS_SKIPINIT;
- ufs_init(NULL, &ufs_params);
-
+ hikey960_init_ufs();
hikey960_io_setup();
*scp_bl2_meminfo = bl2_tzram_layout;
}
+#endif /* LOAD_IMAGE_V2 */
extern int load_lpm3(void);
+/*******************************************************************************
+ * Transfer SCP_BL2 from Trusted RAM using the SCP Download protocol.
+ * Return 0 on success, -1 otherwise.
+ ******************************************************************************/
+#if LOAD_IMAGE_V2
+int plat_hikey960_bl2_handle_scp_bl2(image_info_t *scp_bl2_image_info)
+#else
int bl2_plat_handle_scp_bl2(image_info_t *scp_bl2_image_info)
+#endif
{
int i;
int *buf;
- assert(scp_bl2_image_info->image_size < SCP_MEM_SIZE);
+ assert(scp_bl2_image_info->image_size < SCP_BL2_SIZE);
INFO("BL2: Initiating SCP_BL2 transfer to SCP\n");
@@ -152,20 +166,147 @@
INFO("BL2: SCP_BL2 0x%x 0x%x 0x%x 0x%x\n",
buf[i], buf[i+1], buf[i+2], buf[i+3]);
- memcpy((void *)SCP_MEM_BASE,
- (void *)scp_bl2_image_info->image_base,
- scp_bl2_image_info->image_size);
-
INFO("BL2: SCP_BL2 transferred to SCP\n");
load_lpm3();
(void)buf;
+ return 0;
+}
+
+void hikey960_init_ufs(void)
+{
+ ufs_params_t ufs_params;
+
+ memset(&ufs_params, 0, sizeof(ufs_params_t));
+ ufs_params.reg_base = UFS_REG_BASE;
+ ufs_params.desc_base = HIKEY960_UFS_DESC_BASE;
+ ufs_params.desc_size = HIKEY960_UFS_DESC_SIZE;
+ ufs_params.flags = UFS_FLAGS_SKIPINIT;
+ ufs_init(NULL, &ufs_params);
+}
+
+/*******************************************************************************
+ * Gets SPSR for BL32 entry
+ ******************************************************************************/
+uint32_t hikey960_get_spsr_for_bl32_entry(void)
+{
+ /*
+ * The Secure Payload Dispatcher service is responsible for
+ * setting the SPSR prior to entry into the BL3-2 image.
+ */
return 0;
}
+/*******************************************************************************
+ * Gets SPSR for BL33 entry
+ ******************************************************************************/
+#ifndef AARCH32
+uint32_t hikey960_get_spsr_for_bl33_entry(void)
+{
+ unsigned int mode;
+ uint32_t spsr;
+
+ /* Figure out what mode we enter the non-secure world in */
+ mode = EL_IMPLEMENTED(2) ? MODE_EL2 : MODE_EL1;
+
+ /*
+ * TODO: Consider the possibility of specifying the SPSR in
+ * the FIP ToC and allowing the platform to have a say as
+ * well.
+ */
+ spsr = SPSR_64(mode, MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS);
+ return spsr;
+}
+#else
+uint32_t hikey960_get_spsr_for_bl33_entry(void)
+{
+ unsigned int hyp_status, mode, spsr;
+
+ hyp_status = GET_VIRT_EXT(read_id_pfr1());
+
+ mode = (hyp_status) ? MODE32_hyp : MODE32_svc;
+
+ /*
+ * TODO: Consider the possibility of specifying the SPSR in
+ * the FIP ToC and allowing the platform to have a say as
+ * well.
+ */
+ spsr = SPSR_MODE32(mode, plat_get_ns_image_entrypoint() & 0x1,
+ SPSR_E_LITTLE, DISABLE_ALL_EXCEPTIONS);
+ return spsr;
+}
+#endif /* AARCH32 */
+
+#if LOAD_IMAGE_V2
+int hikey960_bl2_handle_post_image_load(unsigned int image_id)
+{
+ int err = 0;
+ bl_mem_params_node_t *bl_mem_params = get_bl_mem_params_node(image_id);
+#ifdef SPD_opteed
+ bl_mem_params_node_t *pager_mem_params = NULL;
+ bl_mem_params_node_t *paged_mem_params = NULL;
+#endif
+ assert(bl_mem_params);
+
+ switch (image_id) {
+#ifdef AARCH64
+ case BL32_IMAGE_ID:
+#ifdef SPD_opteed
+ pager_mem_params = get_bl_mem_params_node(BL32_EXTRA1_IMAGE_ID);
+ assert(pager_mem_params);
+
+ paged_mem_params = get_bl_mem_params_node(BL32_EXTRA2_IMAGE_ID);
+ assert(paged_mem_params);
+
+ err = parse_optee_header(&bl_mem_params->ep_info,
+ &pager_mem_params->image_info,
+ &paged_mem_params->image_info);
+ if (err != 0) {
+ WARN("OPTEE header parse error.\n");
+ }
+#endif
+ bl_mem_params->ep_info.spsr = hikey960_get_spsr_for_bl32_entry();
+ break;
+#endif
+
+ case BL33_IMAGE_ID:
+ /* BL33 expects to receive the primary CPU MPID (through r0) */
+ bl_mem_params->ep_info.args.arg0 = 0xffff & read_mpidr();
+ bl_mem_params->ep_info.spsr = hikey960_get_spsr_for_bl33_entry();
+ break;
+
+#ifdef SCP_BL2_BASE
+ case SCP_BL2_IMAGE_ID:
+ /* The subsequent handling of SCP_BL2 is platform specific */
+ err = plat_hikey960_bl2_handle_scp_bl2(&bl_mem_params->image_info);
+ if (err) {
+ WARN("Failure in platform-specific handling of SCP_BL2 image.\n");
+ }
+ break;
+#endif
+ }
+
+ return err;
+}
+
+/*******************************************************************************
+ * This function can be used by the platforms to update/use image
+ * information for given `image_id`.
+ ******************************************************************************/
+int bl2_plat_handle_post_image_load(unsigned int image_id)
+{
+ return hikey960_bl2_handle_post_image_load(image_id);
+}
+
+#else /* LOAD_IMAGE_V2 */
+
struct entry_point_info *bl2_plat_get_bl31_ep_info(void)
{
+#if DEBUG
+ bl31_params_mem.bl31_ep_info.args.arg1 = HIKEY960_BL31_PLAT_PARAM_VAL;
+#endif
+
return &bl31_params_mem.bl31_ep_info;
}
@@ -250,6 +391,7 @@
bl33_meminfo->free_base = DDR_BASE;
bl33_meminfo->free_size = DDR_SIZE;
}
+#endif /* LOAD_IMAGE_V2 */
void bl2_early_platform_setup(meminfo_t *mem_layout)
{
diff --git a/plat/hisilicon/hikey960/hikey960_bl31_setup.c b/plat/hisilicon/hikey960/hikey960_bl31_setup.c
index 41c591b..f685f9c 100644
--- a/plat/hisilicon/hikey960/hikey960_bl31_setup.c
+++ b/plat/hisilicon/hikey960/hikey960_bl31_setup.c
@@ -64,7 +64,7 @@
CCI400_SL_IFACE4_CLUSTER_IX
};
-entry_point_info_t *bl31_plat_get_next_image_ep_info(unsigned int type)
+entry_point_info_t *bl31_plat_get_next_image_ep_info(uint32_t type)
{
entry_point_info_t *next_image_info;
@@ -76,8 +76,13 @@
return NULL;
}
+#if LOAD_IMAGE_V2
+void bl31_early_platform_setup(void *from_bl2,
+ void *plat_params_from_bl2)
+#else
void bl31_early_platform_setup(bl31_params_t *from_bl2,
void *plat_params_from_bl2)
+#endif
{
unsigned int id, uart_base;
@@ -95,12 +100,50 @@
cci_init(CCI400_REG_BASE, cci_map, ARRAY_SIZE(cci_map));
cci_enable_snoop_dvm_reqs(MPIDR_AFFLVL1_VAL(read_mpidr_el1()));
+#if LOAD_IMAGE_V2
+ /*
+ * Check params passed from BL2 should not be NULL,
+ */
+ bl_params_t *params_from_bl2 = (bl_params_t *)from_bl2;
+ assert(params_from_bl2 != NULL);
+ assert(params_from_bl2->h.type == PARAM_BL_PARAMS);
+ assert(params_from_bl2->h.version >= VERSION_2);
+
+ bl_params_node_t *bl_params = params_from_bl2->head;
+
+ /*
+ * Copy BL33 and BL32 (if present), entry point information.
+ * They are stored in Secure RAM, in BL2's address space.
+ */
+ while (bl_params) {
+ if (bl_params->image_id == BL32_IMAGE_ID)
+ bl32_ep_info = *bl_params->ep_info;
+
+ if (bl_params->image_id == BL33_IMAGE_ID)
+ bl33_ep_info = *bl_params->ep_info;
+
+ bl_params = bl_params->next_params_info;
+ }
+
+ if (bl33_ep_info.pc == 0)
+ panic();
+
+#else /* LOAD_IMAGE_V2 */
+
+ /*
+ * Check params passed from BL2 should not be NULL,
+ */
+ assert(from_bl2 != NULL);
+ assert(from_bl2->h.type == PARAM_BL31);
+ assert(from_bl2->h.version >= VERSION_1);
+
/*
* Copy BL3-2 and BL3-3 entry point information.
* They are stored in Secure RAM, in BL2's address space.
*/
bl32_ep_info = *from_bl2->bl32_ep_info;
bl33_ep_info = *from_bl2->bl33_ep_info;
+#endif /* LOAD_IMAGE_V2 */
}
void bl31_plat_arch_setup(void)
diff --git a/plat/hisilicon/hikey960/hikey960_image_load.c b/plat/hisilicon/hikey960/hikey960_image_load.c
new file mode 100644
index 0000000..8e91adb
--- /dev/null
+++ b/plat/hisilicon/hikey960/hikey960_image_load.c
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <bl_common.h>
+#include <desc_image_load.h>
+#include <platform.h>
+
+#include "hikey960_private.h"
+
+/*******************************************************************************
+ * This function flushes the data structures so that they are visible
+ * in memory for the next BL image.
+ ******************************************************************************/
+void plat_flush_next_bl_params(void)
+{
+ flush_bl_params_desc();
+}
+
+/*******************************************************************************
+ * This function returns the list of loadable images.
+ ******************************************************************************/
+bl_load_info_t *plat_get_bl_image_load_info(void)
+{
+ /* Required before loading scp_bl2 */
+ hikey960_init_ufs();
+ hikey960_io_setup();
+
+ return get_bl_load_info_from_mem_params_desc();
+}
+
+/*******************************************************************************
+ * This function returns the list of executable images.
+ ******************************************************************************/
+bl_params_t *plat_get_next_bl_params(void)
+{
+ return get_next_bl_params_from_mem_params_desc();
+}
diff --git a/plat/hisilicon/hikey960/hikey960_io_storage.c b/plat/hisilicon/hikey960/hikey960_io_storage.c
index 57d97e5..1a1d846 100644
--- a/plat/hisilicon/hikey960/hikey960_io_storage.c
+++ b/plat/hisilicon/hikey960/hikey960_io_storage.c
@@ -73,6 +73,14 @@
.uuid = UUID_SECURE_PAYLOAD_BL32,
};
+static const io_uuid_spec_t bl32_extra1_uuid_spec = {
+ .uuid = UUID_SECURE_PAYLOAD_BL32_EXTRA1,
+};
+
+static const io_uuid_spec_t bl32_extra2_uuid_spec = {
+ .uuid = UUID_SECURE_PAYLOAD_BL32_EXTRA2,
+};
+
static const io_uuid_spec_t bl33_uuid_spec = {
.uuid = UUID_NON_TRUSTED_FIRMWARE_BL33,
};
@@ -103,6 +111,16 @@
(uintptr_t)&bl32_uuid_spec,
check_fip
},
+ [BL32_EXTRA1_IMAGE_ID] = {
+ &fip_dev_handle,
+ (uintptr_t)&bl32_extra1_uuid_spec,
+ check_fip
+ },
+ [BL32_EXTRA2_IMAGE_ID] = {
+ &fip_dev_handle,
+ (uintptr_t)&bl32_extra2_uuid_spec,
+ check_fip
+ },
[BL33_IMAGE_ID] = {
&fip_dev_handle,
(uintptr_t)&bl33_uuid_spec,
diff --git a/plat/hisilicon/hikey960/hikey960_private.h b/plat/hisilicon/hikey960/hikey960_private.h
index 8f2a842..e3c9d21 100644
--- a/plat/hisilicon/hikey960/hikey960_private.h
+++ b/plat/hisilicon/hikey960/hikey960_private.h
@@ -24,6 +24,7 @@
unsigned long ro_limit,
unsigned long coh_start,
unsigned long coh_limit);
+void hikey960_init_ufs(void);
void hikey960_io_setup(void);
int hikey960_read_boardid(unsigned int *id);
void set_retention_ticks(unsigned int val);
diff --git a/plat/hisilicon/hikey960/include/platform_def.h b/plat/hisilicon/hikey960/include/platform_def.h
index 8bf32c3..2fae666 100644
--- a/plat/hisilicon/hikey960/include/platform_def.h
+++ b/plat/hisilicon/hikey960/include/platform_def.h
@@ -10,6 +10,8 @@
#include <arch.h>
#include "../hikey960_def.h"
+/* Special value used to verify platform parameters from BL2 to BL3-1 */
+#define HIKEY960_BL31_PLAT_PARAM_VAL 0x0f1e2d3c4b5a6978ULL
/*
* Generic platform constants
@@ -73,6 +75,14 @@
#define BL32_DRAM_BASE DDR_SEC_BASE
#define BL32_DRAM_LIMIT (DDR_SEC_BASE+DDR_SEC_SIZE)
+#if LOAD_IMAGE_V2
+#ifdef SPD_opteed
+/* Load pageable part of OP-TEE at end of allocated DRAM space for BL32 */
+#define HIKEY960_OPTEE_PAGEABLE_LOAD_BASE (BL32_DRAM_LIMIT - HIKEY960_OPTEE_PAGEABLE_LOAD_SIZE) /* 0x3FC0_0000 */
+#define HIKEY960_OPTEE_PAGEABLE_LOAD_SIZE 0x400000 /* 4MB */
+#endif
+#endif
+
#if (HIKEY960_TSP_RAM_LOCATION_ID == HIKEY960_DRAM_ID)
#define TSP_SEC_MEM_BASE BL32_DRAM_BASE
#define TSP_SEC_MEM_SIZE (BL32_DRAM_LIMIT - BL32_DRAM_BASE)
@@ -91,19 +101,29 @@
#define HIKEY960_NS_IMAGE_OFFSET (0x1AC18000) /* offset in l-loader */
#define HIKEY960_NS_TMP_OFFSET (0x1AE00000)
-#define SCP_BL2_BASE BL31_BASE /* 1AC5_8000 */
-
-#define SCP_MEM_BASE (0x89C80000)
-#define SCP_MEM_SIZE (0x00040000)
+#define SCP_BL2_BASE (0x89C80000)
+#define SCP_BL2_SIZE (0x00040000)
/*
* Platform specific page table and MMU setup constants
*/
#define ADDR_SPACE_SIZE (1ull << 32)
+#if IMAGE_BL1 || IMAGE_BL31 || IMAGE_BL32
+#define MAX_XLAT_TABLES 3
+#endif
+
-#if IMAGE_BL1 || IMAGE_BL2 || IMAGE_BL31 || IMAGE_BL32
+#if IMAGE_BL2
+#if LOAD_IMAGE_V2
+#ifdef SPD_opteed
+#define MAX_XLAT_TABLES 4
+#else
+#define MAX_XLAT_TABLES 3
+#endif
+#else
#define MAX_XLAT_TABLES 3
#endif
+#endif
#define MAX_MMAP_REGIONS 16
diff --git a/plat/hisilicon/hikey960/platform.mk b/plat/hisilicon/hikey960/platform.mk
index edbce63..da7bb82 100644
--- a/plat/hisilicon/hikey960/platform.mk
+++ b/plat/hisilicon/hikey960/platform.mk
@@ -4,6 +4,9 @@
# SPDX-License-Identifier: BSD-3-Clause
#
+# Enable version2 of image loading
+LOAD_IMAGE_V2 := 1
+
# On Hikey960, the TSP can execute from TZC secure area in DRAM.
HIKEY960_TSP_RAM_LOCATION := dram
ifeq (${HIKEY960_TSP_RAM_LOCATION}, dram)
@@ -22,6 +25,15 @@
$(eval $(call add_define,HIKEY960_TSP_RAM_LOCATION_ID))
$(eval $(call add_define,CRASH_CONSOLE_BASE))
+# Add the build options to pack Trusted OS Extra1 and Trusted OS Extra2 images
+# in the FIP if the platform requires.
+ifneq ($(BL32_EXTRA1),)
+$(eval $(call FIP_ADD_IMG,BL32_EXTRA1,--tos-fw-extra1))
+endif
+ifneq ($(BL32_EXTRA2),)
+$(eval $(call FIP_ADD_IMG,BL32_EXTRA2,--tos-fw-extra2))
+endif
+
ENABLE_PLAT_COMPAT := 0
USE_COHERENT_MEM := 1
@@ -61,6 +73,16 @@
plat/hisilicon/hikey960/hikey960_io_storage.c \
plat/hisilicon/hikey960/hikey960_mcu_load.c
+ifeq (${LOAD_IMAGE_V2},1)
+BL2_SOURCES += plat/hisilicon/hikey960/hikey960_bl2_mem_params_desc.c \
+ plat/hisilicon/hikey960/hikey960_image_load.c \
+ common/desc_image_load.c
+
+ifeq (${SPD},opteed)
+BL2_SOURCES += lib/optee/optee_utils.c
+endif
+endif
+
BL31_SOURCES += drivers/arm/cci/cci.c \
lib/cpus/aarch64/cortex_a53.S \
lib/cpus/aarch64/cortex_a72.S \
diff --git a/tools/cert_create/include/cert.h b/tools/cert_create/include/cert.h
index 543f122..256e7af 100644
--- a/tools/cert_create/include/cert.h
+++ b/tools/cert_create/include/cert.h
@@ -48,7 +48,7 @@
int cert_init(void);
cert_t *cert_get_by_opt(const char *opt);
int cert_add_ext(X509 *issuer, X509 *subject, int nid, char *value);
-int cert_new(cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSION) * sk);
+int cert_new(int key_alg, cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSION) * sk);
/* Macro to register the certificates used in the CoT */
#define REGISTER_COT(_certs) \
diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h
index 4b9e882..304fa61 100644
--- a/tools/cert_create/include/key.h
+++ b/tools/cert_create/include/key.h
@@ -22,7 +22,8 @@
/* Supported key algorithms */
enum {
- KEY_ALG_RSA,
+ KEY_ALG_RSA, /* RSA PSS as defined by PKCS#1 v2.1 (default) */
+ KEY_ALG_RSA_1_5, /* RSA as defined by PKCS#1 v1.5 */
#ifndef OPENSSL_NO_EC
KEY_ALG_ECDSA,
#endif /* OPENSSL_NO_EC */
diff --git a/tools/cert_create/src/cert.c b/tools/cert_create/src/cert.c
index 9775664..1b84e36 100644
--- a/tools/cert_create/src/cert.c
+++ b/tools/cert_create/src/cert.c
@@ -79,7 +79,7 @@
return 1;
}
-int cert_new(cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSION) * sk)
+int cert_new(int key_alg, cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSION) * sk)
{
EVP_PKEY *pkey = keys[cert->key].key;
cert_t *issuer_cert = &certs[cert->issuer];
@@ -90,7 +90,7 @@
X509_NAME *name;
ASN1_INTEGER *sno;
int i, num, rc = 0;
- EVP_MD_CTX mdCtx;
+ EVP_MD_CTX mdCtx;
EVP_PKEY_CTX *pKeyCtx = NULL;
/* Create the certificate structure */
@@ -112,24 +112,32 @@
}
EVP_MD_CTX_init(&mdCtx);
+
+ /* Sign the certificate with the issuer key */
if (!EVP_DigestSignInit(&mdCtx, &pKeyCtx, EVP_sha256(), NULL, ikey)) {
ERR_print_errors_fp(stdout);
goto END;
}
- if (!EVP_PKEY_CTX_set_rsa_padding(pKeyCtx, RSA_PKCS1_PSS_PADDING)) {
- ERR_print_errors_fp(stdout);
- goto END;
- }
+ /*
+ * Set additional parameters if algorithm is RSA PSS. This is not
+ * required for RSA 1.5 or ECDSA.
+ */
+ if (key_alg == KEY_ALG_RSA) {
+ if (!EVP_PKEY_CTX_set_rsa_padding(pKeyCtx, RSA_PKCS1_PSS_PADDING)) {
+ ERR_print_errors_fp(stdout);
+ goto END;
+ }
- if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pKeyCtx, RSA_SALT_LEN)) {
- ERR_print_errors_fp(stdout);
- goto END;
- }
+ if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pKeyCtx, RSA_SALT_LEN)) {
+ ERR_print_errors_fp(stdout);
+ goto END;
+ }
- if (!EVP_PKEY_CTX_set_rsa_mgf1_md(pKeyCtx, EVP_sha256())) {
- ERR_print_errors_fp(stdout);
- goto END;
+ if (!EVP_PKEY_CTX_set_rsa_mgf1_md(pKeyCtx, EVP_sha256())) {
+ ERR_print_errors_fp(stdout);
+ goto END;
+ }
}
/* x509.v3 */
diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c
index f14601c..df59961 100644
--- a/tools/cert_create/src/main.c
+++ b/tools/cert_create/src/main.c
@@ -89,6 +89,7 @@
static const char *key_algs_str[] = {
[KEY_ALG_RSA] = "rsa",
+ [KEY_ALG_RSA_1_5] = "rsa_1_5",
#ifndef OPENSSL_NO_EC
[KEY_ALG_ECDSA] = "ecdsa"
#endif /* OPENSSL_NO_EC */
@@ -223,7 +224,8 @@
},
{
{ "key-alg", required_argument, NULL, 'a' },
- "Key algorithm: 'rsa' (default), 'ecdsa'"
+ "Key algorithm: 'rsa' (default) - RSAPSS scheme as per \
+PKCS#1 v2.1, 'rsa_1_5' - RSA PKCS#1 v1.5, 'ecdsa'"
},
{
{ "save-keys", no_argument, NULL, 'k' },
@@ -450,8 +452,8 @@
sk_X509_EXTENSION_push(sk, cert_ext);
}
- /* Create certificate. Signed with ROT key */
- if (cert->fn && !cert_new(cert, VAL_DAYS, 0, sk)) {
+ /* Create certificate. Signed with corresponding key */
+ if (cert->fn && !cert_new(key_alg, cert, VAL_DAYS, 0, sk)) {
ERROR("Cannot create %s\n", cert->cn);
exit(1);
}