Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 2ea0584e81d9a64583f0da98ea752a613a332248 / . / plat / arm / board / tc / tc_bl2_dpe.c
blob: e50508f7e472acb5cb8add6ec1a02ef19cf37be9 [file] [log] [blame]
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]1/*
2 * Copyright (c) 2024, Arm Limited. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7#include <stdint.h>
8
Tamas Ban0fbe8622023-06-12 11:33:47 +0200[diff] [blame]9#include <common/debug.h>
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]10#include <drivers/arm/rss_comms.h>
11#include <drivers/measured_boot/metadata.h>
12#include <drivers/measured_boot/rss/dice_prot_env.h>
13#include <plat/arm/common/plat_arm.h>
14#include <plat/common/platform.h>
15#include <platform_def.h>
Tamas Ban0fbe8622023-06-12 11:33:47 +0200[diff] [blame]16#include <tools_share/tbbr_oid.h>
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]17
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]18#include "tc_dpe_cert.h"
19
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]20/*
21 * The content and the values of this array depends on:
22 * - build config: Which components are loaded: SPMD, TOS, SPx, etc ?
23 * - boot order: the last element in a layer should be treated differently.
24 */
25
26/*
27 * TODO:
28 * - The content of the array must be tailored according to the build
29 * config (TOS, SPMD, etc). All loaded components (executables and
30 * config blobs) must be present in this array.
31 * - Current content is according to the Trusty build config.
32 */
33struct dpe_metadata tc_dpe_metadata[] = {
34 {
35 .id = BL31_IMAGE_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]36 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]37 .signer_id_size = SIGNER_ID_MIN_SIZE,
38 .sw_type = MBOOT_BL31_IMAGE_STRING,
39 .allow_new_context_to_derive = false,
40 .retain_parent_context = true,
41 .create_certificate = false,
42 .pk_oid = BL31_IMAGE_KEY_OID },
43 {
44 .id = BL32_IMAGE_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]45 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]46 .signer_id_size = SIGNER_ID_MIN_SIZE,
47 .sw_type = MBOOT_BL32_IMAGE_STRING,
48 .allow_new_context_to_derive = false,
49 .retain_parent_context = true,
50 .create_certificate = false,
51 .pk_oid = BL32_IMAGE_KEY_OID },
52 {
53 .id = BL33_IMAGE_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]54 .cert_id = DPE_HYPERVISOR_CERT_ID,
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]55 .signer_id_size = SIGNER_ID_MIN_SIZE,
56 .sw_type = MBOOT_BL33_IMAGE_STRING,
57 .allow_new_context_to_derive = true,
58 .retain_parent_context = true,
59 .create_certificate = false,
60 .pk_oid = BL33_IMAGE_KEY_OID },
61
62 {
63 .id = HW_CONFIG_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]64 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]65 .signer_id_size = SIGNER_ID_MIN_SIZE,
66 .sw_type = MBOOT_HW_CONFIG_STRING,
67 .allow_new_context_to_derive = false,
68 .retain_parent_context = true,
69 .create_certificate = false,
70 .pk_oid = HW_CONFIG_KEY_OID },
71 {
72 .id = NT_FW_CONFIG_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]73 .cert_id = DPE_HYPERVISOR_CERT_ID,
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]74 .signer_id_size = SIGNER_ID_MIN_SIZE,
75 .sw_type = MBOOT_NT_FW_CONFIG_STRING,
76 .allow_new_context_to_derive = false,
77 .retain_parent_context = true,
78 .create_certificate = false,
79 .pk_oid = NT_FW_CONFIG_KEY_OID },
80 {
81 .id = SCP_BL2_IMAGE_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]82 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]83 .signer_id_size = SIGNER_ID_MIN_SIZE,
84 .sw_type = MBOOT_SCP_BL2_IMAGE_STRING,
85 .allow_new_context_to_derive = false,
86 .retain_parent_context = true,
87 .create_certificate = false,
88 .pk_oid = SCP_BL2_IMAGE_KEY_OID },
89 {
90 .id = SOC_FW_CONFIG_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]91 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]92 .signer_id_size = SIGNER_ID_MIN_SIZE,
93 .sw_type = MBOOT_SOC_FW_CONFIG_STRING,
94 .allow_new_context_to_derive = false,
95 .retain_parent_context = true,
96 .create_certificate = false,
97 .pk_oid = SOC_FW_CONFIG_KEY_OID },
98 {
99 .id = TOS_FW_CONFIG_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]100 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]101 .signer_id_size = SIGNER_ID_MIN_SIZE,
102 .sw_type = MBOOT_TOS_FW_CONFIG_STRING,
103 .allow_new_context_to_derive = false,
104 .retain_parent_context = true,
105 .create_certificate = false,
106 .pk_oid = TOS_FW_CONFIG_KEY_OID },
107#if defined(SPD_spmd)
108 {
109 .id = SP_PKG1_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]110 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]111 .signer_id_size = SIGNER_ID_MIN_SIZE,
112 .sw_type = MBOOT_SP1_STRING,
113 .allow_new_context_to_derive = false,
114 .retain_parent_context = true,
115 .create_certificate = true, /* With Trusty only one SP is loaded */
116 .pk_oid = NULL },
117 {
118 .id = SP_PKG2_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]119 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]120 .signer_id_size = SIGNER_ID_MIN_SIZE,
121 .sw_type = MBOOT_SP2_STRING,
122 .allow_new_context_to_derive = false,
123 .retain_parent_context = true,
124 .create_certificate = false,
125 .pk_oid = NULL },
126 {
127 .id = SP_PKG3_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]128 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]129 .signer_id_size = SIGNER_ID_MIN_SIZE,
130 .sw_type = MBOOT_SP3_STRING,
131 .allow_new_context_to_derive = false,
132 .retain_parent_context = true,
133 .create_certificate = false,
134 .pk_oid = NULL },
135 {
136 .id = SP_PKG4_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]137 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]138 .signer_id_size = SIGNER_ID_MIN_SIZE,
139 .sw_type = MBOOT_SP4_STRING,
140 .allow_new_context_to_derive = false,
141 .retain_parent_context = true,
142 .create_certificate = false,
143 .pk_oid = NULL },
144 {
145 .id = SP_PKG5_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]146 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]147 .signer_id_size = SIGNER_ID_MIN_SIZE,
148 .sw_type = MBOOT_SP5_STRING,
149 .allow_new_context_to_derive = false,
150 .retain_parent_context = true,
151 .create_certificate = false,
152 .pk_oid = NULL },
153 {
154 .id = SP_PKG6_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]155 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]156 .signer_id_size = SIGNER_ID_MIN_SIZE,
157 .sw_type = MBOOT_SP6_STRING,
158 .allow_new_context_to_derive = false,
159 .retain_parent_context = true,
160 .create_certificate = false,
161 .pk_oid = NULL },
162 {
163 .id = SP_PKG7_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]164 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]165 .signer_id_size = SIGNER_ID_MIN_SIZE,
166 .sw_type = MBOOT_SP7_STRING,
167 .allow_new_context_to_derive = false,
168 .retain_parent_context = true,
169 .create_certificate = false,
170 .pk_oid = NULL },
171 {
172 .id = SP_PKG8_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]173 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]174 .signer_id_size = SIGNER_ID_MIN_SIZE,
175 .sw_type = MBOOT_SP8_STRING,
176 .allow_new_context_to_derive = false,
177 .retain_parent_context = true,
178 .create_certificate = false,
179 .pk_oid = NULL },
180
181#endif
182 {
183 .id = DPE_INVALID_ID }
184};
185
Tamas Ban0fbe8622023-06-12 11:33:47 +0200[diff] [blame]186/* Context handle is meant to be used by BL33. Sharing it via NT_FW_CONFIG */
187static int new_ctx_handle;
188
189void plat_dpe_share_context_handle(int *ctx_handle)
190{
191 new_ctx_handle = *ctx_handle;
192}
193
Tamas Banae33fa92023-06-07 14:18:46 +0200[diff] [blame]194void plat_dpe_get_context_handle(int *ctx_handle)
195{
196 int rc;
197
198 rc = arm_get_tb_fw_info(ctx_handle);
199 if (rc != 0) {
200 ERROR("Unable to get DPE context handle from TB_FW_CONFIG\n");
201 /*
202 * It is a fatal error because on FVP platform, BL2 software
203 * assumes that a valid DPE context_handle is passed through
204 * the DTB object by BL1.
205 */
206 plat_panic_handler();
207 }
208
209 VERBOSE("Received DPE context handle: 0x%x\n", *ctx_handle);
210}
211
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]212void bl2_plat_mboot_init(void)
213{
214 /* Initialize the communication channel between AP and RSS */
215 (void)rss_comms_init(PLAT_RSS_AP_SND_MHU_BASE,
216 PLAT_RSS_AP_RCV_MHU_BASE);
217
218 dpe_init(tc_dpe_metadata);
219}
220
221void bl2_plat_mboot_finish(void)
222{
Tamas Ban0fbe8622023-06-12 11:33:47 +0200[diff] [blame]223 int rc;
224
225 VERBOSE("Share DPE context handle with BL33: 0x%x\n", new_ctx_handle);
226 rc = arm_set_nt_fw_info(&new_ctx_handle);
227 if (rc != 0) {
228 ERROR("Unable to set DPE context handle in NT_FW_CONFIG\n");
229 /*
230 * It is a fatal error because on TC platform, BL33 software
231 * assumes that a valid DPE context_handle is passed through
232 * the DTB object by BL2.
233 */
234 plat_panic_handler();
235 }
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]236}