armv8: sec_firmware: Add support for loadables in FIT
Enable support for loadables in SEC firmware FIT image. Currently
support is added for single loadable image.
Brief description of implementation:
Add two more address pointers (loadable_h, loadable_l) as arguments to
sec_firmware_init() api.
Create new api: sec_firmware_checks_copy_loadable() to check if loadables
node is present in SEC firmware FIT image. If present, verify loadable
image and copies it to secure DDR memory.
Populate address pointers with secure DDR memory addresses where loadable
is copied.
Example use-case could be trusted OS (tee.bin) as loadables node in SEC
firmware FIT image.
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
diff --git a/arch/arm/cpu/armv8/fsl-layerscape/ppa.c b/arch/arm/cpu/armv8/fsl-layerscape/ppa.c
index bbf8bba..cddcee9 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/ppa.c
+++ b/arch/arm/cpu/armv8/fsl-layerscape/ppa.c
@@ -35,6 +35,7 @@
unsigned int el = current_el();
void *ppa_fit_addr;
u32 *boot_loc_ptr_l, *boot_loc_ptr_h;
+ u32 *loadable_l, *loadable_h;
int ret;
#ifdef CONFIG_CHAIN_OF_TRUST
@@ -240,9 +241,9 @@
PPA_KEY_HASH,
&ppa_img_addr);
if (ret != 0)
- printf("PPA validation failed\n");
+ printf("SEC firmware(s) validation failed\n");
else
- printf("PPA validation Successful\n");
+ printf("SEC firmware(s) validation Successful\n");
}
#if defined(CONFIG_SYS_LS_PPA_FW_IN_MMC) || \
defined(CONFIG_SYS_LS_PPA_FW_IN_NAND)
@@ -254,15 +255,24 @@
struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR);
boot_loc_ptr_l = &gur->bootlocptrl;
boot_loc_ptr_h = &gur->bootlocptrh;
+
+ /* Assign addresses to loadable ptrs */
+ loadable_l = &gur->scratchrw[4];
+ loadable_h = &gur->scratchrw[5];
#elif defined(CONFIG_FSL_LSCH2)
struct ccsr_scfg __iomem *scfg = (void *)(CONFIG_SYS_FSL_SCFG_ADDR);
boot_loc_ptr_l = &scfg->scratchrw[1];
boot_loc_ptr_h = &scfg->scratchrw[0];
+
+ /* Assign addresses to loadable ptrs */
+ loadable_l = &scfg->scratchrw[2];
+ loadable_h = &scfg->scratchrw[3];
#endif
debug("fsl-ppa: boot_loc_ptr_l = 0x%p, boot_loc_ptr_h =0x%p\n",
boot_loc_ptr_l, boot_loc_ptr_h);
- ret = sec_firmware_init(ppa_fit_addr, boot_loc_ptr_l, boot_loc_ptr_h);
+ ret = sec_firmware_init(ppa_fit_addr, boot_loc_ptr_l, boot_loc_ptr_h,
+ loadable_l, loadable_h);
#if defined(CONFIG_SYS_LS_PPA_FW_IN_MMC) || \
defined(CONFIG_SYS_LS_PPA_FW_IN_NAND)
diff --git a/arch/arm/cpu/armv8/sec_firmware.c b/arch/arm/cpu/armv8/sec_firmware.c
index 0e74834..927eae4 100644
--- a/arch/arm/cpu/armv8/sec_firmware.c
+++ b/arch/arm/cpu/armv8/sec_firmware.c
@@ -105,6 +105,74 @@
return 0;
}
+/*
+ * SEC Firmware FIT image parser to check if any loadable is
+ * present. If present, verify integrity of the loadable and
+ * copy loadable to address provided in (loadable_h, loadable_l).
+ *
+ * Returns 0 on success and a negative errno on error task fail.
+ */
+static int sec_firmware_check_copy_loadable(const void *sec_firmware_img,
+ u32 *loadable_l, u32 *loadable_h)
+{
+ phys_addr_t sec_firmware_loadable_addr = 0;
+ int conf_node_off, ld_node_off;
+ char *conf_node_name = NULL;
+ const void *data;
+ size_t size;
+ ulong load;
+
+ conf_node_name = SEC_FIRMEWARE_FIT_CNF_NAME;
+
+ conf_node_off = fit_conf_get_node(sec_firmware_img, conf_node_name);
+ if (conf_node_off < 0) {
+ printf("SEC Firmware: %s: no such config\n", conf_node_name);
+ return -ENOENT;
+ }
+
+ ld_node_off = fit_conf_get_prop_node(sec_firmware_img, conf_node_off,
+ FIT_LOADABLE_PROP);
+ if (ld_node_off >= 0) {
+ printf("SEC Firmware: '%s' present in config\n",
+ FIT_LOADABLE_PROP);
+
+ /* Verify secure firmware image */
+ if (!(fit_image_verify(sec_firmware_img, ld_node_off))) {
+ printf("SEC Loadable: Bad loadable image (bad CRC)\n");
+ return -EINVAL;
+ }
+
+ if (fit_image_get_data(sec_firmware_img, ld_node_off,
+ &data, &size)) {
+ printf("SEC Loadable: Can't get subimage data/size");
+ return -ENOENT;
+ }
+
+ /* Get load address, treated as load offset to secure memory */
+ if (fit_image_get_load(sec_firmware_img, ld_node_off, &load)) {
+ printf("SEC Loadable: Can't get subimage load");
+ return -ENOENT;
+ }
+
+ /* Compute load address for loadable in secure memory */
+ sec_firmware_loadable_addr = (sec_firmware_addr -
+ gd->arch.tlb_size) + load;
+
+ /* Copy loadable to secure memory and flush dcache */
+ debug("%s copied to address 0x%p\n",
+ FIT_LOADABLE_PROP, (void *)sec_firmware_loadable_addr);
+ memcpy((void *)sec_firmware_loadable_addr, data, size);
+ flush_dcache_range(sec_firmware_loadable_addr,
+ sec_firmware_loadable_addr + size);
+ }
+
+ /* Populate address ptrs for loadable image with loadbale addr */
+ out_le32(loadable_l, (sec_firmware_loadable_addr & WORD_MASK));
+ out_le32(loadable_h, (sec_firmware_loadable_addr >> WORD_SHIFT));
+
+ return 0;
+}
+
static int sec_firmware_copy_image(const char *title,
u64 image_addr, u32 image_size, u64 sec_firmware)
{
@@ -117,9 +185,11 @@
/*
* This function will parse the SEC Firmware image, and then load it
- * to secure memory.
+ * to secure memory. Also load any loadable if present along with SEC
+ * Firmware image.
*/
-static int sec_firmware_load_image(const void *sec_firmware_img)
+static int sec_firmware_load_image(const void *sec_firmware_img,
+ u32 *loadable_l, u32 *loadable_h)
{
const void *raw_image_addr;
size_t raw_image_size = 0;
@@ -172,6 +242,15 @@
if (ret)
goto out;
+ /*
+ * Check if any loadable are present along with firmware image, if
+ * present load them.
+ */
+ ret = sec_firmware_check_copy_loadable(sec_firmware_img, loadable_l,
+ loadable_h);
+ if (ret)
+ goto out;
+
sec_firmware_addr |= SEC_FIRMWARE_LOADED;
debug("SEC Firmware: Entry point: 0x%llx\n",
sec_firmware_addr & SEC_FIRMWARE_ADDR_MASK);
@@ -289,17 +368,22 @@
* @sec_firmware_img: the SEC Firmware image address
* @eret_hold_l: the address to hold exception return address low
* @eret_hold_h: the address to hold exception return address high
+ * @loadable_l: the address to hold loadable address low
+ * @loadable_h: the address to hold loadable address high
*/
int sec_firmware_init(const void *sec_firmware_img,
u32 *eret_hold_l,
- u32 *eret_hold_h)
+ u32 *eret_hold_h,
+ u32 *loadable_l,
+ u32 *loadable_h)
{
int ret;
if (!sec_firmware_is_valid(sec_firmware_img))
return -EINVAL;
- ret = sec_firmware_load_image(sec_firmware_img);
+ ret = sec_firmware_load_image(sec_firmware_img, loadable_l,
+ loadable_h);
if (ret) {
printf("SEC Firmware: Failed to load image\n");
return ret;