| /* |
| * Copyright (c) 2024, Arm Limited. All rights reserved. |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| |
| #include <stdint.h> |
| |
| #include <common/debug.h> |
| #include <drivers/arm/rse_comms.h> |
| #include <drivers/measured_boot/metadata.h> |
| #include <drivers/measured_boot/rse/dice_prot_env.h> |
| #include <plat/arm/common/plat_arm.h> |
| #include <plat/common/platform.h> |
| #include <platform_def.h> |
| #include <tools_share/tbbr_oid.h> |
| |
| #include "tc_dpe_cert.h" |
| |
| /* |
| * The content and the values of this array depends on: |
| * - build config: Which components are loaded: SPMD, TOS, SPx, etc ? |
| * - boot order: the last element in a layer should be treated differently. |
| */ |
| |
| /* |
| * TODO: |
| * - The content of the array must be tailored according to the build |
| * config (TOS, SPMD, etc). All loaded components (executables and |
| * config blobs) must be present in this array. |
| * - Current content is according to the Trusty build config. |
| */ |
| struct dpe_metadata tc_dpe_metadata[] = { |
| { |
| .id = BL31_IMAGE_ID, |
| .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ |
| .signer_id_size = SIGNER_ID_MIN_SIZE, |
| .sw_type = MBOOT_BL31_IMAGE_STRING, |
| .allow_new_context_to_derive = false, |
| .retain_parent_context = true, |
| .create_certificate = false, |
| .pk_oid = BL31_IMAGE_KEY_OID }, |
| { |
| .id = BL32_IMAGE_ID, |
| .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ |
| .signer_id_size = SIGNER_ID_MIN_SIZE, |
| .sw_type = MBOOT_BL32_IMAGE_STRING, |
| .allow_new_context_to_derive = false, |
| .retain_parent_context = true, |
| .create_certificate = false, |
| .pk_oid = BL32_IMAGE_KEY_OID }, |
| { |
| .id = BL33_IMAGE_ID, |
| .cert_id = DPE_HYPERVISOR_CERT_ID, |
| .signer_id_size = SIGNER_ID_MIN_SIZE, |
| .sw_type = MBOOT_BL33_IMAGE_STRING, |
| .allow_new_context_to_derive = true, |
| .retain_parent_context = true, |
| .create_certificate = false, |
| .pk_oid = BL33_IMAGE_KEY_OID }, |
| |
| { |
| .id = HW_CONFIG_ID, |
| .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ |
| .signer_id_size = SIGNER_ID_MIN_SIZE, |
| .sw_type = MBOOT_HW_CONFIG_STRING, |
| .allow_new_context_to_derive = false, |
| .retain_parent_context = true, |
| .create_certificate = false, |
| .pk_oid = HW_CONFIG_KEY_OID }, |
| { |
| .id = NT_FW_CONFIG_ID, |
| .cert_id = DPE_HYPERVISOR_CERT_ID, |
| .signer_id_size = SIGNER_ID_MIN_SIZE, |
| .sw_type = MBOOT_NT_FW_CONFIG_STRING, |
| .allow_new_context_to_derive = false, |
| .retain_parent_context = true, |
| .create_certificate = false, |
| .pk_oid = NT_FW_CONFIG_KEY_OID }, |
| { |
| .id = SCP_BL2_IMAGE_ID, |
| .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ |
| .signer_id_size = SIGNER_ID_MIN_SIZE, |
| .sw_type = MBOOT_SCP_BL2_IMAGE_STRING, |
| .allow_new_context_to_derive = false, |
| .retain_parent_context = true, |
| .create_certificate = false, |
| .pk_oid = SCP_BL2_IMAGE_KEY_OID }, |
| { |
| .id = SOC_FW_CONFIG_ID, |
| .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ |
| .signer_id_size = SIGNER_ID_MIN_SIZE, |
| .sw_type = MBOOT_SOC_FW_CONFIG_STRING, |
| .allow_new_context_to_derive = false, |
| .retain_parent_context = true, |
| .create_certificate = false, |
| .pk_oid = SOC_FW_CONFIG_KEY_OID }, |
| { |
| .id = TOS_FW_CONFIG_ID, |
| .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ |
| .signer_id_size = SIGNER_ID_MIN_SIZE, |
| .sw_type = MBOOT_TOS_FW_CONFIG_STRING, |
| .allow_new_context_to_derive = false, |
| .retain_parent_context = true, |
| .create_certificate = false, |
| .pk_oid = TOS_FW_CONFIG_KEY_OID }, |
| #if defined(SPD_spmd) |
| { |
| .id = SP_PKG1_ID, |
| .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ |
| .signer_id_size = SIGNER_ID_MIN_SIZE, |
| .sw_type = MBOOT_SP1_STRING, |
| .allow_new_context_to_derive = false, |
| .retain_parent_context = true, |
| .create_certificate = true, /* With Trusty only one SP is loaded */ |
| .pk_oid = NULL }, |
| { |
| .id = SP_PKG2_ID, |
| .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ |
| .signer_id_size = SIGNER_ID_MIN_SIZE, |
| .sw_type = MBOOT_SP2_STRING, |
| .allow_new_context_to_derive = false, |
| .retain_parent_context = true, |
| .create_certificate = false, |
| .pk_oid = NULL }, |
| { |
| .id = SP_PKG3_ID, |
| .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ |
| .signer_id_size = SIGNER_ID_MIN_SIZE, |
| .sw_type = MBOOT_SP3_STRING, |
| .allow_new_context_to_derive = false, |
| .retain_parent_context = true, |
| .create_certificate = false, |
| .pk_oid = NULL }, |
| { |
| .id = SP_PKG4_ID, |
| .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ |
| .signer_id_size = SIGNER_ID_MIN_SIZE, |
| .sw_type = MBOOT_SP4_STRING, |
| .allow_new_context_to_derive = false, |
| .retain_parent_context = true, |
| .create_certificate = false, |
| .pk_oid = NULL }, |
| { |
| .id = SP_PKG5_ID, |
| .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ |
| .signer_id_size = SIGNER_ID_MIN_SIZE, |
| .sw_type = MBOOT_SP5_STRING, |
| .allow_new_context_to_derive = false, |
| .retain_parent_context = true, |
| .create_certificate = false, |
| .pk_oid = NULL }, |
| { |
| .id = SP_PKG6_ID, |
| .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ |
| .signer_id_size = SIGNER_ID_MIN_SIZE, |
| .sw_type = MBOOT_SP6_STRING, |
| .allow_new_context_to_derive = false, |
| .retain_parent_context = true, |
| .create_certificate = false, |
| .pk_oid = NULL }, |
| { |
| .id = SP_PKG7_ID, |
| .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ |
| .signer_id_size = SIGNER_ID_MIN_SIZE, |
| .sw_type = MBOOT_SP7_STRING, |
| .allow_new_context_to_derive = false, |
| .retain_parent_context = true, |
| .create_certificate = false, |
| .pk_oid = NULL }, |
| { |
| .id = SP_PKG8_ID, |
| .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ |
| .signer_id_size = SIGNER_ID_MIN_SIZE, |
| .sw_type = MBOOT_SP8_STRING, |
| .allow_new_context_to_derive = false, |
| .retain_parent_context = true, |
| .create_certificate = false, |
| .pk_oid = NULL }, |
| |
| #endif |
| { |
| .id = DPE_INVALID_ID } |
| }; |
| |
| /* Context handle is meant to be used by BL33. Sharing it via NT_FW_CONFIG */ |
| static int new_ctx_handle; |
| |
| void plat_dpe_share_context_handle(int *ctx_handle) |
| { |
| new_ctx_handle = *ctx_handle; |
| } |
| |
| void plat_dpe_get_context_handle(int *ctx_handle) |
| { |
| int rc; |
| |
| rc = arm_get_tb_fw_info(ctx_handle); |
| if (rc != 0) { |
| ERROR("Unable to get DPE context handle from TB_FW_CONFIG\n"); |
| /* |
| * It is a fatal error because on FVP platform, BL2 software |
| * assumes that a valid DPE context_handle is passed through |
| * the DTB object by BL1. |
| */ |
| plat_panic_handler(); |
| } |
| |
| VERBOSE("Received DPE context handle: 0x%x\n", *ctx_handle); |
| } |
| |
| void bl2_plat_mboot_init(void) |
| { |
| /* Initialize the communication channel between AP and RSE */ |
| (void)rse_comms_init(PLAT_RSE_AP_SND_MHU_BASE, |
| PLAT_RSE_AP_RCV_MHU_BASE); |
| |
| dpe_init(tc_dpe_metadata); |
| } |
| |
| void bl2_plat_mboot_finish(void) |
| { |
| int rc; |
| |
| VERBOSE("Share DPE context handle with BL33: 0x%x\n", new_ctx_handle); |
| rc = arm_set_nt_fw_info(&new_ctx_handle); |
| if (rc != 0) { |
| ERROR("Unable to set DPE context handle in NT_FW_CONFIG\n"); |
| /* |
| * It is a fatal error because on TC platform, BL33 software |
| * assumes that a valid DPE context_handle is passed through |
| * the DTB object by BL2. |
| */ |
| plat_panic_handler(); |
| } |
| } |