Merge changes from topic "spmd-sel2" into integration
* changes:
SPMD: add command line parameter to run SPM at S-EL2 or S-EL1
SPMD: smc handler qualify secure origin using booleans
SPMD: SPMC init, SMC handler cosmetic changes
SPMD: [tegra] rename el1_sys_regs structure to sys_regs
SPMD: Adds partially supported EL2 registers.
SPMD: save/restore EL2 system registers.
diff --git a/docs/about/maintainers.rst b/docs/about/maintainers.rst
index 802dafc..2bf5eb7 100644
--- a/docs/about/maintainers.rst
+++ b/docs/about/maintainers.rst
@@ -53,7 +53,6 @@
:M: Remi Pommarel <repk@triplefau.lt>
:G: `remi-triplefault`_
:F: docs/plat/meson-gxl.rst
-:F: drivers/amlogic/gxl
:F: plat/amlogic/gxl/
Amlogic Meson S905X2 (G12A) platform port
@@ -61,7 +60,6 @@
:M: Carlo Caione <ccaione@baylibre.com>
:G: `carlocaione`_
:F: docs/plat/meson-g12a.rst
-:F: drivers/amlogic/g12a
:F: plat/amlogic/g12a/
Amlogic Meson A113D (AXG) platform port
@@ -69,7 +67,6 @@
:M: Carlo Caione <ccaione@baylibre.com>
:G: `carlocaione`_
:F: docs/plat/meson-axg.rst
-:F: drivers/amlogic/axg
:F: plat/amlogic/axg/
Armv7-A architecture port
@@ -152,7 +149,7 @@
--------------------------------------
:M: Konstantin Porotchkin <kostap@marvell.com>
:G: `kostapr`_
-:F: docs/marvell/
+:F: docs/plat/marvell/
:F: plat/marvell/
:F: drivers/marvell/
:F: tools/marvell/
@@ -197,14 +194,14 @@
------------------------
:M: Jacky Bai <ping.bai@nxp.com>
:G: `JackyBai`_
-:F: doc/plat/imx8m.rst
+:F: docs/plat/imx8m.rst
:F: plat/imx/imx8m/
OP-TEE dispatcher
-----------------
:M: Jens Wiklander <jens.wiklander@linaro.org>
:G: `jenswi-linaro`_
-:F: docs/spd/optee-dispatcher.rst
+:F: docs/components/spd/optee-dispatcher.rst
:F: services/spd/opteed/
QEMU platform port
@@ -219,7 +216,7 @@
:M: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
:G: `grandpaul`_
:F: docs/plat/rpi3.rst
-:F: plat/rpi3/
+:F: plat/rpi/rpi3/
:F: drivers/rpi3/
:F: include/drivers/rpi3/
@@ -273,8 +270,8 @@
--------------------------
:M: Varun Wadekar <vwadekar@nvidia.com>
:G: `vwadekar`_
-:F: docs/spd/tlk-dispatcher.rst
-:F: docs/spd/trusty-dispatcher.rst
+:F: docs/components/spd/tlk-dispatcher.rst
+:F: docs/components/spd/trusty-dispatcher.rst
:F: include/bl32/payloads/tlk.h
:F: services/spd/tlkd/
:F: services/spd/trusty/
diff --git a/docs/design/auth-framework.rst b/docs/design/auth-framework.rst
index 93f691b..ae77391 100644
--- a/docs/design/auth-framework.rst
+++ b/docs/design/auth-framework.rst
@@ -621,7 +621,7 @@
The CoT can be found in ``drivers/auth/tbbr/tbbr_cot.c``. This CoT consists of
an array of pointers to image descriptors and it is registered in the framework
-using the macro ``REGISTER_COT(cot_desc)``, where 'cot_desc' must be the name
+using the macro ``REGISTER_COT(cot_desc)``, where ``cot_desc`` must be the name
of the array (passing a pointer or any other type of indirection will cause the
registration process to fail).
@@ -870,32 +870,32 @@
Trusted World public key needs to be extracted from the certificate. A new entry
is created in the ``authenticated_data`` array for that purpose. In that entry,
the corresponding parameter descriptor must be specified along with the buffer
-address to store the parameter value. In this case, the ``tz_world_pk`` descriptor
-is used to extract the public key from an x509v3 extension with OID
+address to store the parameter value. In this case, the ``trusted_world_pk``
+descriptor is used to extract the public key from an x509v3 extension with OID
``TRUSTED_WORLD_PK_OID``. The BL31 key certificate will use this descriptor as
parameter in the signature authentication method. The key is stored in the
-``plat_tz_world_pk_buf`` buffer.
+``trusted_world_pk_buf`` buffer.
The **BL31 Key certificate** is authenticated by checking its digital signature
using the Trusted World public key obtained previously from the Trusted Key
certificate. In the image descriptor, we specify a single authentication method
-by signature whose public key is the ``tz_world_pk``. Once this certificate has
-been authenticated, we have to extract the BL31 public key, stored in the
-extension specified by ``bl31_content_pk``. This key will be copied to the
-``plat_content_pk`` buffer.
+by signature whose public key is the ``trusted_world_pk``. Once this certificate
+has been authenticated, we have to extract the BL31 public key, stored in the
+extension specified by ``soc_fw_content_pk``. This key will be copied to the
+``content_pk_buf`` buffer.
The **BL31 certificate** is authenticated by checking its digital signature
using the BL31 public key obtained previously from the BL31 Key certificate.
-We specify the authentication method using ``bl31_content_pk`` as public key.
+We specify the authentication method using ``soc_fw_content_pk`` as public key.
After authentication, we need to extract the BL31 hash, stored in the extension
-specified by ``bl31_hash``. This hash will be copied to the ``plat_bl31_hash_buf``
-buffer.
+specified by ``soc_fw_hash``. This hash will be copied to the
+``soc_fw_hash_buf`` buffer.
The **BL31 image** is authenticated by calculating its hash and matching it
with the hash obtained from the BL31 certificate. The image descriptor contains
a single authentication method by hash. The parameters to the hash method are
-the reference hash, ``bl31_hash``, and the data to be hashed. In this case, it is
-the whole image, so we specify ``raw_data``.
+the reference hash, ``soc_fw_hash``, and the data to be hashed. In this case,
+it is the whole image, so we specify ``raw_data``.
The image parser library
~~~~~~~~~~~~~~~~~~~~~~~~
@@ -965,6 +965,6 @@
--------------
-*Copyright (c) 2017-2019, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2017-2020, Arm Limited and Contributors. All rights reserved.*
.. _TBBR-Client specification: https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a
diff --git a/include/export/common/tbbr/tbbr_img_def_exp.h b/include/export/common/tbbr/tbbr_img_def_exp.h
index ff0d16c..3602554 100644
--- a/include/export/common/tbbr/tbbr_img_def_exp.h
+++ b/include/export/common/tbbr/tbbr_img_def_exp.h
@@ -86,6 +86,11 @@
#define STM32_IMAGE_ID U(29)
/* Define size of the array */
+#if defined(SPD_spmd)
+#define MAX_SP_IDS U(8)
+#define MAX_NUMBER_IDS MAX_SP_IDS + U(30)
+#else
#define MAX_NUMBER_IDS U(30)
+#endif
#endif /* ARM_TRUSTED_FIRMWARE_EXPORT_COMMON_TBBR_TBBR_IMG_DEF_EXP_H */
diff --git a/include/plat/arm/common/fconf_arm_sp_getter.h b/include/plat/arm/common/fconf_arm_sp_getter.h
new file mode 100644
index 0000000..38c30fb
--- /dev/null
+++ b/include/plat/arm/common/fconf_arm_sp_getter.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef FCONF_ARM_SP_GETTER_H
+#define FCONF_ARM_SP_GETTER_H
+
+#include <lib/fconf/fconf.h>
+#include <tools_share/uuid.h>
+
+/* arm_sp getter */
+#define arm__sp_getter(prop) arm_sp.prop
+
+#define ARM_SP_MAX_SIZE U(0x10000)
+
+struct arm_sp_t {
+ unsigned int number_of_sp;
+ union uuid_helper_t uuids[MAX_SP_IDS];
+ uintptr_t load_addr[MAX_SP_IDS];
+};
+
+int fconf_populate_arm_sp(uintptr_t config);
+
+extern struct arm_sp_t arm_sp;
+
+extern bl_mem_params_node_t sp_mem_params_descs[MAX_SP_IDS];
+
+#endif /* FCONF_ARM_SP_GETTER_H */
diff --git a/plat/arm/board/fvp/fdts/fvp_fw_config.dts b/plat/arm/board/fvp/fdts/fvp_fw_config.dts
index d0f6033..9a4a057 100644
--- a/plat/arm/board/fvp/fdts/fvp_fw_config.dts
+++ b/plat/arm/board/fvp/fdts/fvp_fw_config.dts
@@ -69,6 +69,12 @@
mbedtls_heap_size = <0x0>;
};
+ /*
+ * Though TF-A is UUID RFC 4122 compliant meaning fields are stored in
+ * network order (big endian), UUID's mentioned in this file are are
+ * stored in machine order (little endian).
+ * This will be fixed in future.
+ */
arm-io_policies {
fip-handles {
compatible = "arm,io-fip-handle";
@@ -93,4 +99,17 @@
nt_fw_content_cert_uuid = <0xf3c1c48e 0x11e4635d 0xee87a9a7 0xa73fb240>;
};
};
+
+ secure-partitions {
+ compatible = "arm,sp";
+ cactus {
+ uuid = <0x1e67b5b4 0xe14f904a 0x13fb1fb8 0xcbdae1da>;
+ load-address = <0x7000000>;
+ };
+
+ ivy {
+ uuid = <0x092358d1 0xb94723f0 0x64447c82 0xc88f57f5>;
+ load-address = <0x7100000>;
+ };
+ };
};
diff --git a/plat/arm/common/arm_bl2_setup.c b/plat/arm/common/arm_bl2_setup.c
index dd39208..136e65a 100644
--- a/plat/arm/common/arm_bl2_setup.c
+++ b/plat/arm/common/arm_bl2_setup.c
@@ -205,6 +205,13 @@
******************************************************************************/
int arm_bl2_plat_handle_post_image_load(unsigned int image_id)
{
+#if defined(SPD_spmd)
+ /* For Secure Partitions we don't need post processing */
+ if ((image_id >= (MAX_NUMBER_IDS - MAX_SP_IDS)) &&
+ (image_id < MAX_NUMBER_IDS)) {
+ return 0;
+ }
+#endif
return arm_bl2_handle_post_image_load(image_id);
}
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index 17058d1..4fb85fb 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -182,6 +182,9 @@
else
ARM_IO_SOURCES += plat/arm/common/arm_fconf_io_storage.c \
plat/arm/common/fconf/arm_fconf_io.c
+ifeq (${SPD},spmd)
+ARM_IO_SOURCES += plat/arm/common/fconf/arm_fconf_sp.c
+endif
endif
BL1_SOURCES += drivers/io/io_fip.c \
diff --git a/plat/arm/common/arm_image_load.c b/plat/arm/common/arm_image_load.c
index 2faaa76..593199d 100644
--- a/plat/arm/common/arm_image_load.c
+++ b/plat/arm/common/arm_image_load.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2020, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,6 +7,9 @@
#include <assert.h>
#include <common/bl_common.h>
#include <common/desc_image_load.h>
+#if defined(SPD_spmd)
+#include <plat/arm/common/fconf_arm_sp_getter.h>
+#endif
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
@@ -29,12 +32,62 @@
next_bl_params_cpy_ptr);
}
+#if defined(SPD_spmd)
+/*******************************************************************************
+ * This function appends Secure Partitions to list of loadable images.
+ ******************************************************************************/
+void plat_add_sp_images_load_info(struct bl_load_info *load_info)
+{
+ bl_load_info_node_t *node_info = load_info->head;
+ unsigned int index = 0;
+
+ if (sp_mem_params_descs[index].image_id == 0) {
+ ERROR("No Secure Partition Image available\n");
+ return;
+ }
+
+ /* Traverse through the bl images list */
+ do {
+ node_info = node_info->next_load_info;
+ } while (node_info->next_load_info != NULL);
+
+ for (; index < MAX_SP_IDS; index++) {
+ /* Populate the image information */
+ node_info->image_id = sp_mem_params_descs[index].image_id;
+ node_info->image_info = &sp_mem_params_descs[index].image_info;
+
+ if ((index + 1U) == MAX_SP_IDS) {
+ INFO("Reached Max number of SPs\n");
+ return;
+ }
+
+ if (sp_mem_params_descs[index + 1U].image_id == 0) {
+ return;
+ }
+
+ node_info->next_load_info =
+ &sp_mem_params_descs[index + 1U].load_node_mem;
+ node_info = node_info->next_load_info;
+
+ }
+}
+#endif
+
/*******************************************************************************
* This function returns the list of loadable images.
******************************************************************************/
struct bl_load_info *plat_get_bl_image_load_info(void)
{
+#if defined(SPD_spmd)
+ bl_load_info_t *bl_load_info;
+
+ bl_load_info = get_bl_load_info_from_mem_params_desc();
+ plat_add_sp_images_load_info(bl_load_info);
+
+ return bl_load_info;
+#else
return get_bl_load_info_from_mem_params_desc();
+#endif
}
/*******************************************************************************
diff --git a/plat/arm/common/fconf/arm_fconf_sp.c b/plat/arm/common/fconf/arm_fconf_sp.c
new file mode 100644
index 0000000..bb88aff
--- /dev/null
+++ b/plat/arm/common/fconf/arm_fconf_sp.c
@@ -0,0 +1,107 @@
+/*
+ * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+
+#include <common/debug.h>
+#include <common/desc_image_load.h>
+#include <common/fdt_wrappers.h>
+#include <drivers/io/io_storage.h>
+#include <lib/object_pool.h>
+#include <libfdt.h>
+#include <plat/arm/common/arm_fconf_getter.h>
+#include <plat/arm/common/arm_fconf_io_storage.h>
+#include <plat/arm/common/fconf_arm_sp_getter.h>
+#include <platform_def.h>
+#include <tools_share/firmware_image_package.h>
+
+#ifdef IMAGE_BL2
+
+bl_mem_params_node_t sp_mem_params_descs[MAX_SP_IDS];
+
+struct arm_sp_t arm_sp;
+
+int fconf_populate_arm_sp(uintptr_t config)
+{
+ int sp_node, node, err;
+ union uuid_helper_t uuid_helper;
+ unsigned int index = 0;
+ const unsigned int sp_start_index = MAX_NUMBER_IDS - MAX_SP_IDS;
+
+ /* As libfdt use void *, we can't avoid this cast */
+ const void *dtb = (void *)config;
+
+ /* Assert the node offset point to "arm,sp" compatible property */
+ const char *compatible_str = "arm,sp";
+
+ node = fdt_node_offset_by_compatible(dtb, -1, compatible_str);
+ if (node < 0) {
+ ERROR("FCONF: Can't find %s in dtb\n", compatible_str);
+ return node;
+ }
+
+ fdt_for_each_subnode(sp_node, dtb, node) {
+ err = fdtw_read_array(dtb, sp_node, "uuid", 4,
+ &uuid_helper.word);
+ if (err < 0) {
+ ERROR("FCONF: cannot read SP uuid\n");
+ return -1;
+ }
+
+ arm_sp.uuids[index] = uuid_helper;
+
+ err = fdtw_read_cells(dtb, sp_node, "load-address", 1,
+ &arm_sp.load_addr[index]);
+ if (err < 0) {
+ ERROR("FCONF: cannot read SP load address\n");
+ return -1;
+ }
+
+ VERBOSE("FCONF: %s UUID %x-%x-%x-%x load_addr=%lx\n",
+ __func__,
+ uuid_helper.word[0],
+ uuid_helper.word[1],
+ uuid_helper.word[2],
+ uuid_helper.word[3],
+ arm_sp.load_addr[index]);
+
+ /* Add SP information in mem param descriptor */
+ sp_mem_params_descs[index].image_id = sp_start_index + index;
+ SET_PARAM_HEAD(&sp_mem_params_descs[index].image_info,
+ PARAM_IMAGE_BINARY, VERSION_2, 0);
+ sp_mem_params_descs[index].image_info.image_max_size =
+ ARM_SP_MAX_SIZE;
+ sp_mem_params_descs[index].next_handoff_image_id =
+ INVALID_IMAGE_ID;
+ sp_mem_params_descs[index].image_info.image_base =
+ arm_sp.load_addr[index];
+
+ /* Add SP information in IO policies structure */
+ policies[sp_start_index + index].image_spec =
+ (uintptr_t)&arm_sp.uuids[index];
+ policies[sp_start_index + index].dev_handle = &fip_dev_handle;
+ policies[sp_start_index + index].check = open_fip;
+
+ index++;
+
+ if (index >= MAX_SP_IDS) {
+ ERROR("FCONF: reached max number of SPs\n");
+ return -1;
+ }
+ }
+
+ if ((sp_node < 0) && (sp_node != -FDT_ERR_NOTFOUND)) {
+ ERROR("%d: fdt_for_each_subnode(): %d\n", __LINE__, node);
+ return sp_node;
+ }
+
+ arm_sp.number_of_sp = index;
+ return 0;
+}
+
+FCONF_REGISTER_POPULATOR(arm_sp, fconf_populate_arm_sp);
+
+#endif /* IMAGE_BL2 */
diff --git a/plat/imx/common/aarch32/imx_uart_console.S b/plat/imx/common/aarch32/imx_uart_console.S
index 1c729b1..1a1229a 100644
--- a/plat/imx/common/aarch32/imx_uart_console.S
+++ b/plat/imx/common/aarch32/imx_uart_console.S
@@ -20,7 +20,7 @@
mov r4, r3
cmp r4, #0
beq register_fail
- str r0, [r4, #CONSOLE_T_DRVDATA]
+ str r0, [r4, #CONSOLE_T_BASE]
bl console_imx_uart_core_init
cmp r0, #0
@@ -35,16 +35,16 @@
endfunc console_imx_uart_register
func console_imx_uart_putc
- ldr r1, [r1, #CONSOLE_T_DRVDATA]
+ ldr r1, [r1, #CONSOLE_T_BASE]
b console_imx_uart_core_putc
endfunc console_imx_uart_putc
func console_imx_uart_getc
- ldr r0, [r0, #CONSOLE_T_DRVDATA]
+ ldr r0, [r0, #CONSOLE_T_BASE]
b console_imx_uart_core_getc
endfunc console_imx_uart_getc
func console_imx_uart_flush
- ldr r0, [r0, #CONSOLE_T_DRVDATA]
+ ldr r0, [r0, #CONSOLE_T_BASE]
b console_imx_uart_core_flush
endfunc console_imx_uart_flush
diff --git a/plat/imx/common/imx_uart_console.S b/plat/imx/common/imx_uart_console.S
index 3bdeea2..0cb4fb8 100644
--- a/plat/imx/common/imx_uart_console.S
+++ b/plat/imx/common/imx_uart_console.S
@@ -25,7 +25,7 @@
mov x7, x30
mov x6, x3
cbz x6, register_fail
- str x0, [x6, #CONSOLE_T_DRVDATA]
+ str x0, [x6, #CONSOLE_T_BASE]
bl console_imx_uart_init
cbz x0, register_fail
@@ -44,7 +44,7 @@
endfunc console_imx_uart_init
func console_imx_uart_putc
- ldr x1, [x1, #CONSOLE_T_DRVDATA]
+ ldr x1, [x1, #CONSOLE_T_BASE]
cbz x1, putc_error
/* Prepare '\r' to '\n' */
@@ -68,7 +68,7 @@
endfunc console_imx_uart_putc
func console_imx_uart_getc
- ldr x0, [x0, #CONSOLE_T_DRVDATA]
+ ldr x0, [x0, #CONSOLE_T_BASE]
cbz x0, getc_error
1:
ldr w1, [x0, #UTS]
diff --git a/plat/imx/common/lpuart_console.S b/plat/imx/common/lpuart_console.S
index d8dac2c..98b3588 100644
--- a/plat/imx/common/lpuart_console.S
+++ b/plat/imx/common/lpuart_console.S
@@ -20,7 +20,7 @@
mov x7, x30
mov x6, x3
cbz x6, register_fail
- str x0, [x6, #CONSOLE_T_DRVDATA]
+ str x0, [x6, #CONSOLE_T_BASE]
bl console_lpuart_init
cbz x0, register_fail
@@ -39,7 +39,7 @@
endfunc console_lpuart_init
func console_lpuart_putc
- ldr x1, [x1, #CONSOLE_T_DRVDATA]
+ ldr x1, [x1, #CONSOLE_T_BASE]
cbz x1, putc_error
/* Prepare '\r' to '\n' */
cmp w0, #0xA
@@ -62,7 +62,7 @@
endfunc console_lpuart_putc
func console_lpuart_getc
- ldr x0, [x0, #CONSOLE_T_DRVDATA]
+ ldr x0, [x0, #CONSOLE_T_BASE]
cbz x0, getc_error
/* Check if the receive FIFO state */
ret
diff --git a/plat/nvidia/tegra/common/drivers/spe/shared_console.S b/plat/nvidia/tegra/common/drivers/spe/shared_console.S
index c783373..6df73ec 100644
--- a/plat/nvidia/tegra/common/drivers/spe/shared_console.S
+++ b/plat/nvidia/tegra/common/drivers/spe/shared_console.S
@@ -69,7 +69,7 @@
check_if_console_is_ready x0, x1, x2, register_fail
cbz x3, register_fail
- str x0, [x3, #CONSOLE_T_DRVDATA]
+ str x0, [x3, #CONSOLE_T_BASE]
mov x0, x3
finish_console_register spe putc=1, getc=1, flush=1
@@ -132,7 +132,7 @@
* --------------------------------------------------------
*/
func console_spe_putc
- ldr x1, [x1, #CONSOLE_T_DRVDATA]
+ ldr x1, [x1, #CONSOLE_T_BASE]
b console_spe_core_putc
endfunc console_spe_putc
@@ -183,6 +183,6 @@
* ---------------------------------------------
*/
func console_spe_flush
- ldr x0, [x0, #CONSOLE_T_DRVDATA]
+ ldr x0, [x0, #CONSOLE_T_BASE]
b console_spe_core_flush
endfunc console_spe_flush