FWU: Add Firmware Update support in BL1 for ARM platforms
This patch adds Firmware Update support for ARM platforms.
New files arm_bl1_fwu.c and juno_bl1_setup.c were added to provide
platform specific Firmware update code.
BL1 now includes mmap entry for `ARM_MAP_NS_DRAM1` to map DRAM for
authenticating NS_BL2U image(For both FVP and JUNO platform).
Change-Id: Ie116cd83f5dc00aa53d904c2f1beb23d58926555
diff --git a/include/plat/arm/board/common/board_arm_def.h b/include/plat/arm/board/common/board_arm_def.h
index 3abf235..dae5418 100644
--- a/include/plat/arm/board/common/board_arm_def.h
+++ b/include/plat/arm/board/common/board_arm_def.h
@@ -65,10 +65,18 @@
*/
#if IMAGE_BL1
# if PLAT_fvp
-# define PLAT_ARM_MMAP_ENTRIES 7
+# if TRUSTED_BOARD_BOOT
+# define PLAT_ARM_MMAP_ENTRIES 8
+# else
+# define PLAT_ARM_MMAP_ENTRIES 7
+# endif /* TRUSTED_BOARD_BOOT */
# else
-# define PLAT_ARM_MMAP_ENTRIES 6
-# endif
+# if TRUSTED_BOARD_BOOT
+# define PLAT_ARM_MMAP_ENTRIES 7
+# else
+# define PLAT_ARM_MMAP_ENTRIES 6
+# endif /* TRUSTED_BOARD_BOOT */
+# endif /* PLAT_ */
#endif
#if IMAGE_BL2
# if PLAT_fvp
@@ -88,11 +96,15 @@
* Platform specific page table and MMU setup constants
*/
#if IMAGE_BL1
-# if PLAT_juno
-# define MAX_XLAT_TABLES 2
+# if TRUSTED_BOARD_BOOT
+# define MAX_XLAT_TABLES 4
# else
-# define MAX_XLAT_TABLES 3
-# endif /* PLAT_ */
+# if PLAT_juno
+# define MAX_XLAT_TABLES 2
+# else
+# define MAX_XLAT_TABLES 3
+# endif /* PLAT_ */
+# endif /* TRUSTED_BOARD_BOOT */
#elif IMAGE_BL2
# if PLAT_juno
# define MAX_XLAT_TABLES 3
diff --git a/include/plat/arm/common/arm_def.h b/include/plat/arm/common/arm_def.h
index 5c03feb..4a50c1c 100644
--- a/include/plat/arm/common/arm_def.h
+++ b/include/plat/arm/common/arm_def.h
@@ -310,6 +310,14 @@
# error "Unsupported ARM_TSP_RAM_LOCATION_ID value"
#endif
+/*******************************************************************************
+ * FWU Images: NS_BL1U, BL2U & NS_BL2U defines.
+ ******************************************************************************/
+#define BL2U_BASE BL2_BASE
+#define BL2U_LIMIT BL31_BASE
+#define NS_BL2U_BASE ARM_NS_DRAM1_BASE
+#define NS_BL1U_BASE (V2M_FLASH0_BASE + 0x03EB8000)
+
/*
* ID of the secure physical generic timer interrupt used by the TSP.
*/
diff --git a/include/plat/arm/common/plat_arm.h b/include/plat/arm/common/plat_arm.h
index f0b3ff6..f8541c7 100644
--- a/include/plat/arm/common/plat_arm.h
+++ b/include/plat/arm/common/plat_arm.h
@@ -174,6 +174,8 @@
/* TSP utility functions */
void arm_tsp_early_platform_setup(void);
+/* FIP TOC validity check */
+int arm_io_is_toc_valid(void);
/*
* Mandatory functions required in ARM standard platforms
diff --git a/include/plat/arm/css/common/css_def.h b/include/plat/arm/css/common/css_def.h
index 99491f8..3fa4c15 100644
--- a/include/plat/arm/css/common/css_def.h
+++ b/include/plat/arm/css/common/css_def.h
@@ -50,6 +50,10 @@
#define NSRAM_BASE 0x2e000000
#define NSRAM_SIZE 0x00008000
+/* System Security Control Registers */
+#define SSC_REG_BASE 0x2a420000
+#define SSC_GPRETN (SSC_REG_BASE + 0x030)
+
/* The slave_bootsecure controls access to GPU, DMC and CS. */
#define CSS_NIC400_SLAVE_BOOTSECURE 8
@@ -112,6 +116,8 @@
*/
#define BL30_BASE BL31_BASE
+#define SCP_BL2U_BASE BL31_BASE
+
#define PLAT_ARM_SHARED_RAM_CACHED MHU_PAYLOAD_CACHED
/* Load address of Non-Secure Image for CSS platform ports */
diff --git a/plat/arm/board/common/board_css_common.c b/plat/arm/board/common/board_css_common.c
index 7bf0273..9af73f2 100644
--- a/plat/arm/board/common/board_css_common.c
+++ b/plat/arm/board/common/board_css_common.c
@@ -42,6 +42,9 @@
V2M_MAP_IOFPGA,
CSS_MAP_DEVICE,
SOC_CSS_MAP_DEVICE,
+#if TRUSTED_BOARD_BOOT
+ ARM_MAP_NS_DRAM1,
+#endif
{0}
};
#endif
diff --git a/plat/arm/board/fvp/aarch64/fvp_common.c b/plat/arm/board/fvp/aarch64/fvp_common.c
index e089405..42a9034 100644
--- a/plat/arm/board/fvp/aarch64/fvp_common.c
+++ b/plat/arm/board/fvp/aarch64/fvp_common.c
@@ -82,6 +82,9 @@
MAP_DEVICE0,
MAP_DEVICE1,
MAP_DEVICE2,
+#if TRUSTED_BOARD_BOOT
+ ARM_MAP_NS_DRAM1,
+#endif
{0}
};
#endif
diff --git a/plat/arm/board/fvp/fvp_bl1_setup.c b/plat/arm/board/fvp/fvp_bl1_setup.c
index 33712d1..91bc9c4 100644
--- a/plat/arm/board/fvp/fvp_bl1_setup.c
+++ b/plat/arm/board/fvp/fvp_bl1_setup.c
@@ -29,6 +29,7 @@
*/
#include <plat_arm.h>
+#include <tbbr_img_def.h>
#include "fvp_private.h"
@@ -52,3 +53,16 @@
*/
fvp_cci_enable();
}
+
+/*******************************************************************************
+ * The following function checks if Firmware update is needed,
+ * by checking if TOC in FIP image is valid or not.
+ ******************************************************************************/
+unsigned int bl1_plat_get_next_image_id(void)
+{
+ if (!arm_io_is_toc_valid())
+ return NS_BL1U_IMAGE_ID;
+
+ return BL2_IMAGE_ID;
+}
+
diff --git a/plat/arm/board/juno/juno_bl1_setup.c b/plat/arm/board/juno/juno_bl1_setup.c
new file mode 100644
index 0000000..61a5738
--- /dev/null
+++ b/plat/arm/board/juno/juno_bl1_setup.c
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <bl_common.h>
+#include <errno.h>
+#include <platform.h>
+#include <plat_arm.h>
+#include <tbbr_img_def.h>
+#include <v2m_def.h>
+
+#define RESET_REASON_WDOG_RESET (0x2)
+
+/*******************************************************************************
+ * The following function checks if Firmware update is needed,
+ * by checking if TOC in FIP image is valid or watchdog reset happened.
+ ******************************************************************************/
+unsigned int bl1_plat_get_next_image_id(void)
+{
+ unsigned int *reset_flags_ptr = (unsigned int *)SSC_GPRETN;
+ unsigned int *nv_flags_ptr = (unsigned int *)
+ (V2M_SYSREGS_BASE + V2M_SYS_NVFLAGS);
+ /*
+ * Check if TOC is invalid or watchdog reset happened.
+ */
+ if ((arm_io_is_toc_valid() != 1) ||
+ ((*reset_flags_ptr & RESET_REASON_WDOG_RESET) &&
+ ((*nv_flags_ptr == -EAUTH) || (*nv_flags_ptr == -ENOENT))))
+ return NS_BL1U_IMAGE_ID;
+
+ return BL2_IMAGE_ID;
+}
+
+/*******************************************************************************
+ * On JUNO update the arg2 with address of SCP_BL2U image info.
+ ******************************************************************************/
+void bl1_plat_set_ep_info(unsigned int image_id,
+ entry_point_info_t *ep_info)
+{
+ if (image_id == BL2U_IMAGE_ID) {
+ image_desc_t *image_desc = bl1_plat_get_image_desc(SCP_BL2U_IMAGE_ID);
+ ep_info->args.arg2 = (unsigned long)&image_desc->image_info;
+ }
+}
+
+/*******************************************************************************
+ * On Juno clear SYS_NVFLAGS and wait for watchdog reset.
+ ******************************************************************************/
+__dead2 void bl1_plat_fwu_done(void *cookie, void *rsvd_ptr)
+{
+ unsigned int *nv_flags_clr = (unsigned int *)
+ (V2M_SYSREGS_BASE + V2M_SYS_NVFLAGSCLR);
+ unsigned int *nv_flags_ptr = (unsigned int *)
+ (V2M_SYSREGS_BASE + V2M_SYS_NVFLAGS);
+
+ /* Clear the NV flags register. */
+ *nv_flags_clr = *nv_flags_ptr;
+
+ while (1)
+ wfi();
+}
diff --git a/plat/arm/board/juno/platform.mk b/plat/arm/board/juno/platform.mk
index 0212fdd..152bd01 100644
--- a/plat/arm/board/juno/platform.mk
+++ b/plat/arm/board/juno/platform.mk
@@ -41,6 +41,7 @@
BL1_SOURCES += lib/cpus/aarch64/cortex_a53.S \
lib/cpus/aarch64/cortex_a57.S \
lib/cpus/aarch64/cortex_a72.S \
+ plat/arm/board/juno/juno_bl1_setup.c \
plat/arm/board/juno/juno_err.c
BL2_SOURCES += plat/arm/board/juno/juno_security.c \
diff --git a/plat/arm/common/arm_bl1_fwu.c b/plat/arm/common/arm_bl1_fwu.c
new file mode 100644
index 0000000..9a0d93a
--- /dev/null
+++ b/plat/arm/common/arm_bl1_fwu.c
@@ -0,0 +1,114 @@
+/*
+ * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <assert.h>
+#include <bl_common.h>
+#include <debug.h>
+#include <errno.h>
+#include <plat_arm.h>
+#include <tbbr_img_desc.h>
+
+
+/* Struct to keep track of usable memory */
+typedef struct bl1_mem_info{
+ uintptr_t mem_base;
+ unsigned int mem_size;
+} bl1_mem_info_t;
+
+bl1_mem_info_t fwu_addr_map_secure[] = {
+ {
+ .mem_base = ARM_SHARED_RAM_BASE,
+ .mem_size = ARM_SHARED_RAM_SIZE
+ },
+ {
+ .mem_size = 0
+ }
+};
+
+bl1_mem_info_t fwu_addr_map_non_secure[] = {
+ {
+ .mem_base = ARM_NS_DRAM1_BASE,
+ .mem_size = ARM_NS_DRAM1_SIZE
+ },
+ {
+ .mem_base = V2M_FLASH0_BASE,
+ .mem_size = V2M_FLASH0_SIZE
+ },
+ {
+ .mem_size = 0
+ }
+};
+
+int bl1_plat_mem_check(uintptr_t mem_base,
+ unsigned int mem_size,
+ unsigned int flags)
+{
+ unsigned int index = 0;
+ bl1_mem_info_t *mmap;
+
+ assert(mem_base);
+ assert(mem_size);
+
+ /*
+ * Check the given image source and size.
+ */
+ if (GET_SEC_STATE(flags) == SECURE)
+ mmap = fwu_addr_map_secure;
+ else
+ mmap = fwu_addr_map_non_secure;
+
+ while (mmap[index].mem_size) {
+ if ((mem_base >= mmap[index].mem_base) &&
+ ((mem_base + mem_size)
+ <= (mmap[index].mem_base +
+ mmap[index].mem_size)))
+ return 0;
+
+ index++;
+ }
+
+ return -ENOMEM;
+}
+
+/*******************************************************************************
+ * This function does linear search for image_id and returns image_desc.
+ ******************************************************************************/
+image_desc_t *bl1_plat_get_image_desc(unsigned int image_id)
+{
+ unsigned int index = 0;
+
+ while (bl1_tbbr_image_descs[index].image_id != INVALID_IMAGE_ID) {
+ if (bl1_tbbr_image_descs[index].image_id == image_id)
+ return &bl1_tbbr_image_descs[index];
+ index++;
+ }
+
+ return NULL;
+}
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index 1336e23..37dfb7e 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -127,7 +127,12 @@
drivers/auth/img_parser_mod.c \
drivers/auth/tbbr/tbbr_cot.c \
- BL1_SOURCES += ${AUTH_SOURCES}
+ PLAT_INCLUDES += -Iinclude/bl1/tbbr
+
+ BL1_SOURCES += ${AUTH_SOURCES} \
+ bl1/tbbr/tbbr_img_desc.c \
+ plat/arm/common/arm_bl1_fwu.c
+
BL2_SOURCES += ${AUTH_SOURCES}
MBEDTLS_KEY_ALG := ${KEY_ALG}
diff --git a/plat/arm/common/arm_io_storage.c b/plat/arm/common/arm_io_storage.c
index ae67cde..f7e99e9 100644
--- a/plat/arm/common/arm_io_storage.c
+++ b/plat/arm/common/arm_io_storage.c
@@ -308,3 +308,17 @@
return result;
}
+
+/*
+ * See if a Firmware Image Package is available,
+ * by checking if TOC is valid or not.
+ */
+int arm_io_is_toc_valid(void)
+{
+ int result;
+
+ result = io_dev_init(fip_dev_handle, (uintptr_t)FIP_IMAGE_ID);
+
+ return (result == 0);
+}
+