Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 56a77c6ef33b7c64b63eff943e151c36980f4211 / . / plat / arm / board / tc / tc_bl2_dpe.c
blob: c56612b4245a8f0e491d94f6fa4dc5151f5374fe [file] [log] [blame]
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]1/*
2 * Copyright (c) 2024, Arm Limited. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7#include <stdint.h>
8
Tamas Ban0fbe8622023-06-12 11:33:47 +0200[diff] [blame]9#include <common/debug.h>
Tamas Bandc15bf42024-02-22 11:35:28 +0100[diff] [blame]10#include <drivers/arm/rse_comms.h>
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]11#include <drivers/measured_boot/metadata.h>
Tamas Bandc15bf42024-02-22 11:35:28 +0100[diff] [blame]12#include <drivers/measured_boot/rse/dice_prot_env.h>
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]13#include <plat/arm/common/plat_arm.h>
14#include <plat/common/platform.h>
15#include <platform_def.h>
Tamas Ban0fbe8622023-06-12 11:33:47 +0200[diff] [blame]16#include <tools_share/tbbr_oid.h>
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]17
Tamas Ban1bac7b02024-06-14 14:24:15 +0200[diff] [blame]18#include "tc_dpe.h"
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]19
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]20/*
21 * The content and the values of this array depends on:
22 * - build config: Which components are loaded: SPMD, TOS, SPx, etc ?
23 * - boot order: the last element in a layer should be treated differently.
24 */
25
26/*
27 * TODO:
28 * - The content of the array must be tailored according to the build
29 * config (TOS, SPMD, etc). All loaded components (executables and
30 * config blobs) must be present in this array.
31 * - Current content is according to the Trusty build config.
32 */
33struct dpe_metadata tc_dpe_metadata[] = {
34 {
35 .id = BL31_IMAGE_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]36 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]37 .signer_id_size = SIGNER_ID_MIN_SIZE,
38 .sw_type = MBOOT_BL31_IMAGE_STRING,
39 .allow_new_context_to_derive = false,
40 .retain_parent_context = true,
41 .create_certificate = false,
Tamas Ban817ede32024-06-14 14:55:31 +0200[diff] [blame]42 .target_locality = LOCALITY_NONE, /* won't derive don't care */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]43 .pk_oid = BL31_IMAGE_KEY_OID },
44 {
45 .id = BL32_IMAGE_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]46 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]47 .signer_id_size = SIGNER_ID_MIN_SIZE,
48 .sw_type = MBOOT_BL32_IMAGE_STRING,
49 .allow_new_context_to_derive = false,
50 .retain_parent_context = true,
51 .create_certificate = false,
Tamas Ban817ede32024-06-14 14:55:31 +0200[diff] [blame]52 .target_locality = LOCALITY_NONE, /* won't derive don't care */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]53 .pk_oid = BL32_IMAGE_KEY_OID },
54 {
55 .id = BL33_IMAGE_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]56 .cert_id = DPE_HYPERVISOR_CERT_ID,
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]57 .signer_id_size = SIGNER_ID_MIN_SIZE,
58 .sw_type = MBOOT_BL33_IMAGE_STRING,
59 .allow_new_context_to_derive = true,
60 .retain_parent_context = true,
61 .create_certificate = false,
Tamas Ban817ede32024-06-14 14:55:31 +0200[diff] [blame]62 .target_locality = LOCALITY_AP_NS,
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]63 .pk_oid = BL33_IMAGE_KEY_OID },
64
65 {
66 .id = HW_CONFIG_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]67 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]68 .signer_id_size = SIGNER_ID_MIN_SIZE,
69 .sw_type = MBOOT_HW_CONFIG_STRING,
70 .allow_new_context_to_derive = false,
71 .retain_parent_context = true,
72 .create_certificate = false,
Tamas Ban817ede32024-06-14 14:55:31 +0200[diff] [blame]73 .target_locality = LOCALITY_NONE, /* won't derive don't care */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]74 .pk_oid = HW_CONFIG_KEY_OID },
75 {
76 .id = NT_FW_CONFIG_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]77 .cert_id = DPE_HYPERVISOR_CERT_ID,
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]78 .signer_id_size = SIGNER_ID_MIN_SIZE,
79 .sw_type = MBOOT_NT_FW_CONFIG_STRING,
80 .allow_new_context_to_derive = false,
81 .retain_parent_context = true,
82 .create_certificate = false,
Tamas Ban817ede32024-06-14 14:55:31 +0200[diff] [blame]83 .target_locality = LOCALITY_NONE, /* won't derive don't care */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]84 .pk_oid = NT_FW_CONFIG_KEY_OID },
85 {
86 .id = SCP_BL2_IMAGE_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]87 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]88 .signer_id_size = SIGNER_ID_MIN_SIZE,
89 .sw_type = MBOOT_SCP_BL2_IMAGE_STRING,
90 .allow_new_context_to_derive = false,
91 .retain_parent_context = true,
92 .create_certificate = false,
Tamas Ban817ede32024-06-14 14:55:31 +0200[diff] [blame]93 .target_locality = LOCALITY_NONE, /* won't derive don't care */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]94 .pk_oid = SCP_BL2_IMAGE_KEY_OID },
95 {
96 .id = SOC_FW_CONFIG_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]97 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]98 .signer_id_size = SIGNER_ID_MIN_SIZE,
99 .sw_type = MBOOT_SOC_FW_CONFIG_STRING,
100 .allow_new_context_to_derive = false,
101 .retain_parent_context = true,
102 .create_certificate = false,
Tamas Ban817ede32024-06-14 14:55:31 +0200[diff] [blame]103 .target_locality = LOCALITY_NONE, /* won't derive don't care */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]104 .pk_oid = SOC_FW_CONFIG_KEY_OID },
105 {
106 .id = TOS_FW_CONFIG_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]107 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]108 .signer_id_size = SIGNER_ID_MIN_SIZE,
109 .sw_type = MBOOT_TOS_FW_CONFIG_STRING,
110 .allow_new_context_to_derive = false,
111 .retain_parent_context = true,
112 .create_certificate = false,
Tamas Ban817ede32024-06-14 14:55:31 +0200[diff] [blame]113 .target_locality = LOCALITY_NONE, /* won't derive don't care */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]114 .pk_oid = TOS_FW_CONFIG_KEY_OID },
115#if defined(SPD_spmd)
116 {
117 .id = SP_PKG1_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]118 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]119 .signer_id_size = SIGNER_ID_MIN_SIZE,
120 .sw_type = MBOOT_SP1_STRING,
121 .allow_new_context_to_derive = false,
122 .retain_parent_context = true,
123 .create_certificate = true, /* With Trusty only one SP is loaded */
Tamas Ban817ede32024-06-14 14:55:31 +0200[diff] [blame]124 .target_locality = LOCALITY_NONE, /* won't derive don't care */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]125 .pk_oid = NULL },
126 {
127 .id = SP_PKG2_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]128 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]129 .signer_id_size = SIGNER_ID_MIN_SIZE,
130 .sw_type = MBOOT_SP2_STRING,
131 .allow_new_context_to_derive = false,
132 .retain_parent_context = true,
133 .create_certificate = false,
Tamas Ban817ede32024-06-14 14:55:31 +0200[diff] [blame]134 .target_locality = LOCALITY_NONE, /* won't derive don't care */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]135 .pk_oid = NULL },
136 {
137 .id = SP_PKG3_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]138 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]139 .signer_id_size = SIGNER_ID_MIN_SIZE,
140 .sw_type = MBOOT_SP3_STRING,
141 .allow_new_context_to_derive = false,
142 .retain_parent_context = true,
143 .create_certificate = false,
Tamas Ban817ede32024-06-14 14:55:31 +0200[diff] [blame]144 .target_locality = LOCALITY_NONE, /* won't derive don't care */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]145 .pk_oid = NULL },
146 {
147 .id = SP_PKG4_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]148 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]149 .signer_id_size = SIGNER_ID_MIN_SIZE,
150 .sw_type = MBOOT_SP4_STRING,
151 .allow_new_context_to_derive = false,
152 .retain_parent_context = true,
153 .create_certificate = false,
Tamas Ban817ede32024-06-14 14:55:31 +0200[diff] [blame]154 .target_locality = LOCALITY_NONE, /* won't derive don't care */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]155 .pk_oid = NULL },
156 {
157 .id = SP_PKG5_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]158 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]159 .signer_id_size = SIGNER_ID_MIN_SIZE,
160 .sw_type = MBOOT_SP5_STRING,
161 .allow_new_context_to_derive = false,
162 .retain_parent_context = true,
163 .create_certificate = false,
Tamas Ban817ede32024-06-14 14:55:31 +0200[diff] [blame]164 .target_locality = LOCALITY_NONE, /* won't derive don't care */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]165 .pk_oid = NULL },
166 {
167 .id = SP_PKG6_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]168 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]169 .signer_id_size = SIGNER_ID_MIN_SIZE,
170 .sw_type = MBOOT_SP6_STRING,
171 .allow_new_context_to_derive = false,
172 .retain_parent_context = true,
173 .create_certificate = false,
Tamas Ban817ede32024-06-14 14:55:31 +0200[diff] [blame]174 .target_locality = LOCALITY_NONE, /* won't derive don't care */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]175 .pk_oid = NULL },
176 {
177 .id = SP_PKG7_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]178 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]179 .signer_id_size = SIGNER_ID_MIN_SIZE,
180 .sw_type = MBOOT_SP7_STRING,
181 .allow_new_context_to_derive = false,
182 .retain_parent_context = true,
183 .create_certificate = false,
Tamas Ban817ede32024-06-14 14:55:31 +0200[diff] [blame]184 .target_locality = LOCALITY_NONE, /* won't derive don't care */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]185 .pk_oid = NULL },
186 {
187 .id = SP_PKG8_ID,
Tamas Bana5d3ca82024-01-30 12:56:38 +0100[diff] [blame]188 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]189 .signer_id_size = SIGNER_ID_MIN_SIZE,
190 .sw_type = MBOOT_SP8_STRING,
191 .allow_new_context_to_derive = false,
192 .retain_parent_context = true,
193 .create_certificate = false,
Tamas Ban817ede32024-06-14 14:55:31 +0200[diff] [blame]194 .target_locality = LOCALITY_NONE, /* won't derive don't care */
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]195 .pk_oid = NULL },
196
197#endif
198 {
199 .id = DPE_INVALID_ID }
200};
201
Tamas Ban0fbe8622023-06-12 11:33:47 +0200[diff] [blame]202/* Context handle is meant to be used by BL33. Sharing it via NT_FW_CONFIG */
203static int new_ctx_handle;
204
Tamas Ban14d82442024-06-03 16:51:49 +0200[diff] [blame]205void plat_dpe_share_context_handle(int *ctx_handle, int *parent_ctx_handle)
Tamas Ban0fbe8622023-06-12 11:33:47 +0200[diff] [blame]206{
207 new_ctx_handle = *ctx_handle;
Tamas Ban14d82442024-06-03 16:51:49 +0200[diff] [blame]208
209 /* Irrelevant in BL2 because cold restart resumes CPU in BL1 */
210 (void)parent_ctx_handle;
Tamas Ban0fbe8622023-06-12 11:33:47 +0200[diff] [blame]211}
212
Tamas Banae33fa92023-06-07 14:18:46 +0200[diff] [blame]213void plat_dpe_get_context_handle(int *ctx_handle)
214{
215 int rc;
216
217 rc = arm_get_tb_fw_info(ctx_handle);
218 if (rc != 0) {
219 ERROR("Unable to get DPE context handle from TB_FW_CONFIG\n");
220 /*
221 * It is a fatal error because on FVP platform, BL2 software
222 * assumes that a valid DPE context_handle is passed through
223 * the DTB object by BL1.
224 */
225 plat_panic_handler();
226 }
227
228 VERBOSE("Received DPE context handle: 0x%x\n", *ctx_handle);
229}
230
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]231void bl2_plat_mboot_init(void)
232{
Tamas Bandc15bf42024-02-22 11:35:28 +0100[diff] [blame]233 /* Initialize the communication channel between AP and RSE */
234 (void)rse_comms_init(PLAT_RSE_AP_SND_MHU_BASE,
235 PLAT_RSE_AP_RCV_MHU_BASE);
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]236
237 dpe_init(tc_dpe_metadata);
238}
239
240void bl2_plat_mboot_finish(void)
241{
Tamas Ban0fbe8622023-06-12 11:33:47 +0200[diff] [blame]242 int rc;
243
244 VERBOSE("Share DPE context handle with BL33: 0x%x\n", new_ctx_handle);
245 rc = arm_set_nt_fw_info(&new_ctx_handle);
246 if (rc != 0) {
247 ERROR("Unable to set DPE context handle in NT_FW_CONFIG\n");
248 /*
249 * It is a fatal error because on TC platform, BL33 software
250 * assumes that a valid DPE context_handle is passed through
251 * the DTB object by BL2.
252 */
253 plat_panic_handler();
254 }
Tamas Bana4260892023-06-07 13:35:04 +0200[diff] [blame]255}