commit d812540c68b379e1671c7f12b58f94c657a05415
author Divin Raj <divin.raj@arm.com> Mon Jul 29 18:54:52 2024 +0100
committer Divin Raj <divin.raj@arm.com> Fri Sep 27 15:00:38 2024 +0100
tree 99c677d6e48676ce1e37e1105a47af6d3d3f6208
parent ebd9f463dba1f5729ed7cdf09a75279dfef02204

feat(rd1ae): enabling Trusted Board Boot(TBB) for RD-1 AE

In this commit, Trusted Board Boot has been enabled for the RD-1 AE
platform, and the non-volatile counter remains at the default
values since the non-volatile counter is read-only for Arm
development platforms.

Signed-off-by: Divin Raj <divin.raj@arm.com>
Change-Id: I2e1072101e56da0e474d2a3e9802e5d65a77fd55

plat/arm/board/automotive_rd/platform/rd1ae/include/platform_def.h

diff --git a/plat/arm/board/automotive_rd/platform/rd1ae/include/platform_def.h b/plat/arm/board/automotive_rd/platform/rd1ae/include/platform_def.h
index ca52957..44c8ee3 100644
--- a/plat/arm/board/automotive_rd/platform/rd1ae/include/platform_def.h
+++ b/plat/arm/board/automotive_rd/platform/rd1ae/include/platform_def.h
@@ -126,6 +126,22 @@
 						MT_DEVICE | MT_RW | \
 						MT_SECURE)
 
+#define SOC_PLATFORM_PERIPH_BASE	UL(0x0E000000)
+#define SOC_PLATFORM_PERIPH_SIZE	UL(0x02000000)
+#define SOC_PLATFORM_PERIPH_MAP_DEVICE	MAP_REGION_FLAT(SOC_PLATFORM_PERIPH_BASE, \
+							SOC_PLATFORM_PERIPH_SIZE, \
+							MT_DEVICE | MT_RW | MT_SECURE)
+
+/* Non-volatile counters */
+#define TRUSTED_NVCTR_BASE_OFFSET	UL(0x00E70000)
+#define TFW_NVCTR_BASE_OFFSET		0x0000
+#define NTFW_CTR_BASE_OFFSET		0x0004
+#define SOC_TRUSTED_NVCTR_BASE		(SOC_PLATFORM_PERIPH_BASE + TRUSTED_NVCTR_BASE_OFFSET)
+#define TFW_NVCTR_BASE			(SOC_TRUSTED_NVCTR_BASE + TFW_NVCTR_BASE_OFFSET)
+#define TFW_NVCTR_SIZE			U(4)
+#define NTFW_CTR_BASE			(SOC_TRUSTED_NVCTR_BASE + NTFW_CTR_BASE_OFFSET)
+#define NTFW_CTR_SIZE			U(4)
+
 /*******************************************************************************
  * Memprotect definitions
  ******************************************************************************/

plat/arm/board/automotive_rd/platform/rd1ae/platform.mk

diff --git a/plat/arm/board/automotive_rd/platform/rd1ae/platform.mk b/plat/arm/board/automotive_rd/platform/rd1ae/platform.mk
index 7b7c97e..35cd8a1 100644
--- a/plat/arm/board/automotive_rd/platform/rd1ae/platform.mk
+++ b/plat/arm/board/automotive_rd/platform/rd1ae/platform.mk
@@ -62,6 +62,10 @@
 			lib/utils/mem_region.c	\
 			plat/arm/common/arm_nor_psci_mem_protect.c
 
+ifeq (${TRUSTED_BOARD_BOOT},1)
+BL2_SOURCES	+=	${RD1AE_BASE}/rd1ae_tbb.c
+endif
+
 # Add the FDT_SOURCES and options for Dynamic Config
 FDT_SOURCES	+=	${RD1AE_BASE}/fdts/${PLAT}_fw_config.dts	\
 			fdts/${PLAT}.dts
@@ -74,6 +78,11 @@
 # Add the HW_CONFIG to FIP and specify the same to certtool
 $(eval $(call TOOL_ADD_PAYLOAD,${HW_CONFIG},--hw-config,${HW_CONFIG}))
 
+ifeq (${TRUSTED_BOARD_BOOT},1)
+FIP_BL2_ARGS	:=	tb-fw
+$(eval $(call TOOL_ADD_PAYLOAD,${BUILD_PLAT}/tb_fw.crt,--tb-fw-cert))
+endif
+
 include plat/arm/common/arm_common.mk
 include plat/arm/css/common/css_common.mk
 include plat/arm/board/common/board_common.mk

plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_plat.c

diff --git a/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_plat.c b/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_plat.c
index 52d9c1f..e917330 100644
--- a/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_plat.c
+++ b/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_plat.c
@@ -15,6 +15,7 @@
 	ARM_MAP_SHARED_RAM,
 	RD1AE_MAP_DEVICE,
 	RD1AE_EXTERNAL_FLASH,
+	SOC_PLATFORM_PERIPH_MAP_DEVICE,
 #if IMAGE_BL2
 	RD1AE_MAP_NS_DRAM1,
 #endif

plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_tbb.c

diff --git a/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_tbb.c b/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_tbb.c
new file mode 100644
index 0000000..01fbcce
--- /dev/null
+++ b/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_tbb.c
@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2024, ARM Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <plat/arm/common/plat_arm.h>
+
+int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size)
+{
+	assert(heap_addr != NULL);
+	assert(heap_size != NULL);
+
+	return arm_get_mbedtls_heap(heap_addr, heap_size);
+}
+
+/*
+ * Return the ROTPK hash in the following ASN.1 structure in DER format:
+ *
+ * AlgorithmIdentifier  ::=  SEQUENCE  {
+ *     algorithm       OBJECT IDENTIFIER,
+ *     parameters      ANY DEFINED BY algorithm OPTIONAL
+ * }
+ *
+ * DigestInfo ::= SEQUENCE {
+ *     digestAlgorithm AlgorithmIdentifier,
+ *     digest          OCTET STRING
+ * }
+ */
+int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len,
+			unsigned int *flags)
+{
+	return arm_get_rotpk_info(cookie, key_ptr, key_len, flags);
+}