refactor(fvp): avoid Measured-Boot dependency on Trusted-Boot
As Measured-Boot and Trusted-Boot are orthogonal, removed
Trusted-Boot's dependency on Measured-Boot by allowing them
to apply the Crypto module changes independently using the
CRYPTO_SUPPORT build flag.
Change-Id: I5a420e5d84f3fefe0c0092d822dab981e6390bbf
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
diff --git a/plat/arm/board/fvp/fvp_bl2_measured_boot.c b/plat/arm/board/fvp/fvp_bl2_measured_boot.c
index 4943e58..af43065 100644
--- a/plat/arm/board/fvp/fvp_bl2_measured_boot.c
+++ b/plat/arm/board/fvp/fvp_bl2_measured_boot.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -87,6 +87,7 @@
return 0;
}
+#if TRUSTED_BOARD_BOOT
static int fvp_populate_critical_data(struct fvp_critical_data *critical_data)
{
char *nv_ctr_oids[MAX_NV_CTR_IDS] = {
@@ -104,17 +105,26 @@
return 0;
}
+#endif /* TRUSTED_BOARD_BOOT */
static int fvp_populate_and_measure_critical_data(void)
{
+ int rc = 0;
+
+/*
+ * FVP platform only measures 'platform NV-counter' and hence its
+ * measurement makes sense during Trusted-Boot flow only.
+ */
+#if TRUSTED_BOARD_BOOT
struct fvp_critical_data populate_critical_data;
- int rc = fvp_populate_critical_data(&populate_critical_data);
+ rc = fvp_populate_critical_data(&populate_critical_data);
if (rc == 0) {
rc = plat_mboot_measure_critical_data(CRITICAL_DATA_ID,
&populate_critical_data,
sizeof(populate_critical_data));
}
+#endif /* TRUSTED_BOARD_BOOT */
return rc;
}
diff --git a/plat/arm/board/fvp/fvp_common.c b/plat/arm/board/fvp/fvp_common.c
index e7a28ac..d8d19de 100644
--- a/plat/arm/board/fvp/fvp_common.c
+++ b/plat/arm/board/fvp/fvp_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -117,10 +117,15 @@
#if TRUSTED_BOARD_BOOT
/* To access the Root of Trust Public Key registers. */
MAP_DEVICE2,
-#if !BL2_AT_EL3
- ARM_MAP_BL1_RW,
-#endif
#endif /* TRUSTED_BOARD_BOOT */
+
+#if CRYPTO_SUPPORT && !BL2_AT_EL3
+ /*
+ * To access shared the Mbed TLS heap while booting the
+ * system with Crypto support
+ */
+ ARM_MAP_BL1_RW,
+#endif /* CRYPTO_SUPPORT && !BL2_AT_EL3 */
#if SPM_MM
ARM_SP_IMAGE_MMAP,
#endif
@@ -444,7 +449,7 @@
#endif
}
-#if TRUSTED_BOARD_BOOT
+#if CRYPTO_SUPPORT
int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size)
{
assert(heap_addr != NULL);
@@ -452,7 +457,7 @@
return arm_get_mbedtls_heap(heap_addr, heap_size);
}
-#endif
+#endif /* CRYPTO_SUPPORT */
void fvp_timer_init(void)
{
diff --git a/plat/arm/board/fvp/include/platform_def.h b/plat/arm/board/fvp/include/platform_def.h
index d89e122..fcc4a0a 100644
--- a/plat/arm/board/fvp/include/platform_def.h
+++ b/plat/arm/board/fvp/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2022, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -144,12 +144,10 @@
* PLAT_ARM_MAX_BL2_SIZE is calculated using the current BL2 debug size plus a
* little space for growth.
*/
-#if TRUSTED_BOARD_BOOT
-#if COT_DESC_IN_DTB
+#if TRUSTED_BOARD_BOOT && COT_DESC_IN_DTB
# define PLAT_ARM_MAX_BL2_SIZE (UL(0x1E000) - FVP_BL2_ROMLIB_OPTIMIZATION)
-#else
+#elif CRYPTO_SUPPORT
# define PLAT_ARM_MAX_BL2_SIZE (UL(0x1D000) - FVP_BL2_ROMLIB_OPTIMIZATION)
-#endif
#else
# define PLAT_ARM_MAX_BL2_SIZE (UL(0x13000) - FVP_BL2_ROMLIB_OPTIMIZATION)
#endif
@@ -187,17 +185,17 @@
* Size of cacheable stacks
*/
#if defined(IMAGE_BL1)
-# if TRUSTED_BOARD_BOOT
+# if CRYPTO_SUPPORT
# define PLATFORM_STACK_SIZE UL(0x1000)
# else
# define PLATFORM_STACK_SIZE UL(0x500)
-# endif
+# endif /* CRYPTO_SUPPORT */
#elif defined(IMAGE_BL2)
-# if TRUSTED_BOARD_BOOT
+# if CRYPTO_SUPPORT
# define PLATFORM_STACK_SIZE UL(0x1000)
# else
# define PLATFORM_STACK_SIZE UL(0x600)
-# endif
+# endif /* CRYPTO_SUPPORT */
#elif defined(IMAGE_BL2U)
# define PLATFORM_STACK_SIZE UL(0x400)
#elif defined(IMAGE_BL31)
diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk
index b7f9c61..e184c3f 100644
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2021, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -376,10 +376,6 @@
include plat/arm/board/common/board_common.mk
include plat/arm/common/arm_common.mk
-ifeq (${TRUSTED_BOARD_BOOT}, 1)
-BL1_SOURCES += plat/arm/board/fvp/fvp_trusted_boot.c
-BL2_SOURCES += plat/arm/board/fvp/fvp_trusted_boot.c
-
ifeq (${MEASURED_BOOT},1)
BL1_SOURCES += plat/arm/board/fvp/fvp_common_measured_boot.c \
plat/arm/board/fvp/fvp_bl1_measured_boot.c
@@ -387,6 +383,10 @@
plat/arm/board/fvp/fvp_bl2_measured_boot.c
endif
+ifeq (${TRUSTED_BOARD_BOOT}, 1)
+BL1_SOURCES += plat/arm/board/fvp/fvp_trusted_boot.c
+BL2_SOURCES += plat/arm/board/fvp/fvp_trusted_boot.c
+
# FVP being a development platform, enable capability to disable Authentication
# dynamically if TRUSTED_BOARD_BOOT is set.
DYN_DISABLE_AUTH := 1
diff --git a/plat/arm/common/arm_bl1_setup.c b/plat/arm/common/arm_bl1_setup.c
index 320bb82..73338cb 100644
--- a/plat/arm/common/arm_bl1_setup.c
+++ b/plat/arm/common/arm_bl1_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -202,10 +202,10 @@
assert(desc != NULL);
desc->ep_info.args.arg0 = fw_config_info->config_addr;
-#if TRUSTED_BOARD_BOOT
+#if CRYPTO_SUPPORT
/* Share the Mbed TLS heap info with other images */
arm_bl1_set_mbedtls_heap();
-#endif /* TRUSTED_BOARD_BOOT */
+#endif /* CRYPTO_SUPPORT */
/*
* Allow access to the System counter timer module and program
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index 064ed57..711ed03 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -358,10 +358,8 @@
ifneq (${TRUSTED_BOARD_BOOT},0)
# Include common TBB sources
- AUTH_SOURCES := drivers/auth/auth_mod.c \
- drivers/auth/crypto_mod.c \
- drivers/auth/img_parser_mod.c \
- lib/fconf/fconf_tbbr_getter.c
+ AUTH_SOURCES := drivers/auth/auth_mod.c \
+ drivers/auth/img_parser_mod.c
# Include the selected chain of trust sources.
ifeq (${COT},tbbr)
@@ -389,6 +387,12 @@
$(eval $(call TOOL_ADD_IMG,ns_bl2u,--fwu,FWU_))
+ IMG_PARSER_LIB_MK := drivers/auth/mbedtls/mbedtls_x509.mk
+
+ $(info Including ${IMG_PARSER_LIB_MK})
+ include ${IMG_PARSER_LIB_MK}
+endif
+
# Include Measured Boot makefile before any Crypto library makefile.
# Crypto library makefile may need default definitions of Measured Boot build
# flags present in Measured Boot makefile.
@@ -398,20 +402,21 @@
include ${MEASURED_BOOT_MK}
endif
+ifneq ($(filter 1,${MEASURED_BOOT} ${TRUSTED_BOARD_BOOT}),)
+ CRYPTO_SOURCES := drivers/auth/crypto_mod.c \
+ lib/fconf/fconf_tbbr_getter.c
+ BL1_SOURCES += ${CRYPTO_SOURCES}
+ BL2_SOURCES += ${CRYPTO_SOURCES}
+
# We expect to locate the *.mk files under the directories specified below
-ifeq (${ARM_CRYPTOCELL_INTEG},0)
- CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
-else
- CRYPTO_LIB_MK := drivers/auth/cryptocell/cryptocell_crypto.mk
-endif
- IMG_PARSER_LIB_MK := drivers/auth/mbedtls/mbedtls_x509.mk
+ ifeq (${ARM_CRYPTOCELL_INTEG},0)
+ CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
+ else
+ CRYPTO_LIB_MK := drivers/auth/cryptocell/cryptocell_crypto.mk
+ endif
$(info Including ${CRYPTO_LIB_MK})
include ${CRYPTO_LIB_MK}
-
- $(info Including ${IMG_PARSER_LIB_MK})
- include ${IMG_PARSER_LIB_MK}
-
endif
ifeq (${RECLAIM_INIT_CODE}, 1)
@@ -419,4 +424,3 @@
$(error "To reclaim init code xlat tables v2 must be used")
endif
endif
-
diff --git a/plat/arm/common/arm_dyn_cfg.c b/plat/arm/common/arm_dyn_cfg.c
index 6aae9ae..7abd1cd 100644
--- a/plat/arm/common/arm_dyn_cfg.c
+++ b/plat/arm/common/arm_dyn_cfg.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2021, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2022, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,9 +13,9 @@
#include <common/debug.h>
#include <common/desc_image_load.h>
#include <common/tbbr/tbbr_img_def.h>
-#if TRUSTED_BOARD_BOOT
+#if CRYPTO_SUPPORT
#include <drivers/auth/mbedtls/mbedtls_config.h>
-#endif
+#endif /* CRYPTO_SUPPORT */
#include <lib/fconf/fconf.h>
#include <lib/fconf/fconf_dyn_cfg_getter.h>
#include <lib/fconf/fconf_tbbr_getter.h>
@@ -23,7 +23,7 @@
#include <plat/arm/common/arm_dyn_cfg_helpers.h>
#include <plat/arm/common/plat_arm.h>
-#if TRUSTED_BOARD_BOOT
+#if CRYPTO_SUPPORT
static void *mbedtls_heap_addr;
static size_t mbedtls_heap_size;
@@ -118,7 +118,7 @@
#endif /* !MEASURED_BOOT */
}
}
-#endif /* TRUSTED_BOARD_BOOT */
+#endif /* CRYPTO_SUPPORT */
/*
* BL2 utility function to initialize dynamic configuration specified by