aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPankaj Gupta <pankaj.gupta@nxp.com>2020-12-09 14:02:40 +0530
committerPankaj Gupta <pankaj.gupta@nxp.com>2021-03-24 09:49:32 +0530
commit6df5c0c9f34c2f03e9ef0db475faed07c387baf8 (patch)
treedd21a1ded41213b23fbfa93a645789175c8d8c33
parent34d483565078e28b5a31995d9030787b14ad3801 (diff)
downloadtrusted-firmware-a-6df5c0c9f34c2f03e9ef0db475faed07c387baf8.tar.gz
nxp: fip-handler for additional fip_fuse.bin
All of the NXP SoC, needs fip_fuse image to be loaded additionally as part of preparation for Trusted board boot - fip_fuse.bin contains an image for auto fuse provisioning. - Auto fuse provisioning is based on the input file with values for: -- SRK Hash -- OTPMK -- misc. refer board manual for more details. Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com> Change-Id: I26d4024fefe352d967ca120191f784f1f47aa9d1
-rw-r--r--plat/nxp/common/fip_handler/fuse_fip/fuse.mk100
-rw-r--r--plat/nxp/common/fip_handler/fuse_fip/fuse_io.h27
-rw-r--r--plat/nxp/common/fip_handler/fuse_fip/fuse_io_storage.c223
3 files changed, 350 insertions, 0 deletions
diff --git a/plat/nxp/common/fip_handler/fuse_fip/fuse.mk b/plat/nxp/common/fip_handler/fuse_fip/fuse.mk
new file mode 100644
index 0000000000..d8f5ae6ad9
--- /dev/null
+++ b/plat/nxp/common/fip_handler/fuse_fip/fuse.mk
@@ -0,0 +1,100 @@
+#
+# Copyright 2018-2020 NXP
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#
+
+NEED_FUSE := yes
+
+$(eval $(call add_define, PLAT_DEF_FIP_UUID))
+$(eval $(call add_define, POLICY_FUSE_PROVISION))
+$(eval $(call add_define, PLAT_TBBR_IMG_DEF))
+
+$(eval $(call SET_NXP_MAKE_FLAG,IMG_LOADR_NEEDED,BL2))
+$(eval $(call SET_NXP_MAKE_FLAG,SFP_NEEDED,BL2))
+$(eval $(call SET_NXP_MAKE_FLAG,GPIO_NEEDED,BL2))
+
+FIP_HANDLER_PATH := ${PLAT_COMMON_PATH}/fip_handler
+FIP_HANDLER_COMMON_PATH := ${FIP_HANDLER_PATH}/common
+
+FUSE_SOURCES := ${FIP_HANDLER_PATH}/fuse_fip/fuse_io_storage.c
+
+PLAT_INCLUDES += -I${FIP_HANDLER_COMMON_PATH}\
+ -I${FIP_HANDLER_PATH}/fuse_fip
+
+FUSE_FIP_NAME := fuse_fip.bin
+
+fip_fuse: ${BUILD_PLAT}/${FUSE_FIP_NAME}
+
+ifeq (${FUSE_PROV_FILE},)
+
+$(shell cp tools/nxp/plat_fiptool/plat_fiptool.mk ${PLAT_DIR})
+
+else
+ifeq (${TRUSTED_BOARD_BOOT},1)
+FUSE_PROV_FILE_SB = $(notdir ${FUSE_PROV_FILE})_prov.sb
+FUSE_FIP_ARGS += --fuse-prov ${BUILD_PLAT}/${FUSE_PROV_FILE_SB}
+FUSE_FIP_DEPS += ${BUILD_PLAT}/${FUSE_PROV_FILE_SB}
+else
+FUSE_FIP_ARGS += --fuse-prov ${FUSE_PROV_FILE}
+FUSE_FIP_DEPS += ${FUSE_PROV_FILE}
+endif
+endif
+
+ifeq (${FUSE_UP_FILE},)
+else
+ifeq (${TRUSTED_BOARD_BOOT},1)
+FUSE_UP_FILE_SB = $(notdir ${FUSE_UP_FILE})_up.sb
+FUSE_FIP_ARGS += --fuse-up ${BUILD_PLAT}/${FUSE_UP_FILE_SB}
+FUSE_FIP_DEPS += ${BUILD_PLAT}/${FUSE_UP_FILE_SB}
+else
+FUSE_FIP_ARGS += --fuse-up ${FUSE_UP_FILE}
+FUSE_FIP_DEPS += ${FUSE_UP_FILE}
+endif
+endif
+
+ifeq (${TRUSTED_BOARD_BOOT},1)
+
+ifeq (${MBEDTLS_DIR},)
+else
+ $(error Error: Trusted Board Boot with X509 certificates not supported with FUSE_PROG build option)
+endif
+
+# Path to CST directory is required to generate the CSF header
+# and prepend it to image before fip image gets generated
+ifeq (${CST_DIR},)
+ $(error Error: CST_DIR not set)
+endif
+
+ifeq (${FUSE_INPUT_FILE},)
+FUSE_INPUT_FILE := $(PLAT_DRIVERS_PATH)/auth/csf_hdr_parser/${CSF_FILE}
+endif
+
+ifeq (${FUSE_PROV_FILE},)
+else
+${BUILD_PLAT}/${FUSE_PROV_FILE_SB}: ${FUSE_PROV_FILE}
+ @echo " Generating CSF Header for $@ $<"
+ $(CST_DIR)/create_hdr_esbc --in $< --out $@ --app_off ${CSF_HDR_SZ} \
+ --app $< ${FUSE_INPUT_FILE}
+endif
+
+ifeq (${FUSE_UP_FILE},)
+else
+${BUILD_PLAT}/${FUSE_UP_FILE_SB}: ${FUSE_UP_FILE}
+ @echo " Generating CSF Header for $@ $<"
+ $(CST_DIR)/create_hdr_esbc --in $< --out $@ --app_off ${CSF_HDR_SZ} \
+ --app $< ${FUSE_INPUT_FILE}
+endif
+
+endif
+
+${BUILD_PLAT}/${FUSE_FIP_NAME}: fiptool ${FUSE_FIP_DEPS}
+ifeq (${FUSE_FIP_DEPS},)
+ $(error "Error: FUSE_PROV_FILE or/and FUSE_UP_FILE needs to point to the right file")
+endif
+ ${FIPTOOL} create ${FUSE_FIP_ARGS} $@
+ ${FIPTOOL} info $@
+ @${ECHO_BLANK_LINE}
+ @echo "Built $@ successfully"
+ @${ECHO_BLANK_LINE}
diff --git a/plat/nxp/common/fip_handler/fuse_fip/fuse_io.h b/plat/nxp/common/fip_handler/fuse_fip/fuse_io.h
new file mode 100644
index 0000000000..e8775d059c
--- /dev/null
+++ b/plat/nxp/common/fip_handler/fuse_fip/fuse_io.h
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2018-2020 NXP
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+#ifndef FUSE_IO_H
+#define FUSE_IO_H
+
+#include <drivers/io/io_driver.h>
+
+/* Can be overridden from platform_def.h file.
+ */
+#ifndef PLAT_FUSE_FIP_OFFSET
+#define PLAT_FUSE_FIP_OFFSET 0x880000
+#endif
+#ifndef PLAT_FUSE_FIP_MAX_SIZE
+#define PLAT_FUSE_FIP_MAX_SIZE 0x80000
+#endif
+
+int fip_fuse_provisioning(uintptr_t image_buf, uint32_t size);
+int fuse_fip_setup(const io_dev_connector_t *fip_dev_con, unsigned int boot_dev);
+int plat_get_fuse_image_source(unsigned int image_id,
+ uintptr_t *dev_handle,
+ uintptr_t *image_spec,
+ int (*check)(const uintptr_t spec));
+#endif /* FUSE_IO_H */
diff --git a/plat/nxp/common/fip_handler/fuse_fip/fuse_io_storage.c b/plat/nxp/common/fip_handler/fuse_fip/fuse_io_storage.c
new file mode 100644
index 0000000000..017ffcfa98
--- /dev/null
+++ b/plat/nxp/common/fip_handler/fuse_fip/fuse_io_storage.c
@@ -0,0 +1,223 @@
+/*
+ * Copyright 2021 NXP
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <assert.h>
+#include <string.h>
+
+#include <common/debug.h>
+#include <dcfg.h>
+#include <drivers/delay_timer.h>
+#include <fuse_prov.h>
+#include <io_block.h>
+#include <io_driver.h>
+#include <io_fip.h>
+#include <io_memmap.h>
+#include <io_storage.h>
+#include <lib/utils.h>
+#include <nxp_gpio.h>
+#include <sfp.h>
+#include <sfp_error_codes.h>
+#include <tools_share/firmware_image_package.h>
+
+#include "fuse_io.h"
+#include <load_img.h>
+#include <plat/common/platform.h>
+#include "plat_common.h"
+#include "platform_def.h"
+
+extern uintptr_t backend_dev_handle;
+
+static uint32_t fuse_fip;
+
+static uintptr_t fuse_fip_dev_handle;
+
+static io_block_spec_t fuse_fip_block_spec = {
+ .offset = PLAT_FUSE_FIP_OFFSET,
+ .length = PLAT_FUSE_FIP_MAX_SIZE
+};
+
+static const io_uuid_spec_t fuse_prov_uuid_spec = {
+ .uuid = UUID_FUSE_PROV,
+};
+
+static const io_uuid_spec_t fuse_up_uuid_spec = {
+ .uuid = UUID_FUSE_UP,
+};
+
+static int open_fuse_fip(const uintptr_t spec);
+
+struct plat_io_policy {
+ uintptr_t *dev_handle;
+ uintptr_t image_spec;
+ int (*check)(const uintptr_t spec);
+};
+
+/* By default, ARM platforms load images from the FIP */
+static const struct plat_io_policy fuse_policies[] = {
+ [FUSE_FIP_IMAGE_ID - FUSE_FIP_IMAGE_ID] = {
+ &backend_dev_handle,
+ (uintptr_t)&fuse_fip_block_spec,
+ NULL
+ },
+ [FUSE_PROV_IMAGE_ID - FUSE_FIP_IMAGE_ID] = {
+ &fuse_fip_dev_handle,
+ (uintptr_t)&fuse_prov_uuid_spec,
+ open_fuse_fip
+ },
+ [FUSE_UP_IMAGE_ID - FUSE_FIP_IMAGE_ID] = {
+ &fuse_fip_dev_handle,
+ (uintptr_t)&fuse_up_uuid_spec,
+ open_fuse_fip
+ }
+};
+
+static int open_fuse_fip(const uintptr_t spec)
+{
+ int result;
+ uintptr_t local_image_handle;
+
+ /* See if a Firmware Image Package is available */
+ result = io_dev_init(fuse_fip_dev_handle, (uintptr_t)FUSE_FIP_IMAGE_ID);
+ if (result == 0) {
+ result = io_open(fuse_fip_dev_handle,
+ spec,
+ &local_image_handle);
+ if (result == 0) {
+ VERBOSE("Using FIP\n");
+ io_close(local_image_handle);
+ }
+ }
+ return result;
+}
+
+/* The image can be one of the DDR PHY images, which can be sleected via DDR
+ * policies
+ */
+int plat_get_fuse_image_source(unsigned int image_id,
+ uintptr_t *dev_handle,
+ uintptr_t *image_spec,
+ int (*check)(const uintptr_t spec))
+{
+ int result;
+ const struct plat_io_policy *policy;
+
+ assert(image_id < (FUSE_FIP_IMAGE_ID + ARRAY_SIZE(fuse_policies)));
+
+ policy = &fuse_policies[image_id - FUSE_FIP_IMAGE_ID];
+
+ if (image_id == FUSE_FIP_IMAGE_ID) {
+ result = check(policy->image_spec);
+ } else {
+ result = policy->check(policy->image_spec);
+ }
+
+ if (result == 0) {
+ *image_spec = policy->image_spec;
+ *dev_handle = *(policy->dev_handle);
+ }
+ return result;
+}
+
+int fuse_fip_setup(const io_dev_connector_t *fip_dev_con, unsigned int boot_dev)
+{
+ int io_result;
+ size_t fuse_fip_offset = PLAT_FUSE_FIP_OFFSET;
+
+ /* Open connections to fuse fip and cache the handles */
+ io_result = io_dev_open(fip_dev_con, (uintptr_t)&fuse_fip,
+ &fuse_fip_dev_handle);
+
+ assert(io_result == 0);
+
+ switch (boot_dev) {
+#if QSPI_BOOT
+ case BOOT_DEVICE_QSPI:
+ fuse_fip_offset += NXP_QSPI_FLASH_ADDR;
+ break;
+#endif
+#if NOR_BOOT
+ case BOOT_DEVICE_IFC_NOR:
+ fuse_fip_offset += NXP_NOR_FLASH_ADDR;
+ break;
+#endif
+#if FLEXSPI_NOR_BOOT
+ case BOOT_DEVICE_FLEXSPI_NOR:
+ fuse_fip_offset += NXP_FLEXSPI_FLASH_ADDR;
+ break;
+#endif
+ default:
+ break;
+ }
+
+ fuse_fip_block_spec.offset = fuse_fip_offset;
+
+ return io_result;
+}
+
+int fip_fuse_provisioning(uintptr_t image_buf, uint32_t size)
+{
+ uint32_t bit_num;
+ uint32_t *gpio_base_addr = NULL;
+ struct fuse_hdr_t *fuse_hdr = NULL;
+ uint8_t barker[] = {0x68U, 0x39U, 0x27U, 0x81U};
+ int ret = -1;
+
+ if (sfp_check_oem_wp() == 0) {
+ ret = load_img(FUSE_PROV_IMAGE_ID, &image_buf, &size);
+ if (ret != 0) {
+ ERROR("Failed to load FUSE PRIV image\n");
+ assert(ret == 0);
+ }
+ fuse_hdr = (struct fuse_hdr_t *)image_buf;
+
+ /* Check barker code */
+ if (memcmp(fuse_hdr->barker, barker, sizeof(barker)) != 0) {
+ ERROR("FUSE Barker code mismatch.\n");
+ error_handler(ERROR_FUSE_BARKER);
+ return 1;
+ }
+
+ /* Check if GPIO pin to be set for POVDD */
+ if (((fuse_hdr->flags >> FLAG_POVDD_SHIFT) & 0x1) != 0) {
+ gpio_base_addr =
+ select_gpio_n_bitnum(fuse_hdr->povdd_gpio,
+ &bit_num);
+ /*
+ * Add delay so that Efuse gets the power
+ * when GPIO is enabled.
+ */
+ ret = set_gpio_bit(gpio_base_addr, bit_num);
+ mdelay(EFUSE_POWERUP_DELAY_mSec);
+ } else {
+ ret = (board_enable_povdd() == true) ? 0 : PLAT_ERROR_ENABLE_POVDD;
+ }
+ if (ret != 0) {
+ ERROR("Error enabling board POVDD: %d\n", ret);
+ ERROR("Only SFP mirror register will be set.\n");
+ }
+
+ provision_fuses(image_buf, ret == 0);
+
+ /* Check if GPIO pin to be reset for POVDD */
+ if (((fuse_hdr->flags >> FLAG_POVDD_SHIFT) & 0x1) != 0) {
+ if (gpio_base_addr == NULL) {
+ gpio_base_addr =
+ select_gpio_n_bitnum(
+ fuse_hdr->povdd_gpio,
+ &bit_num);
+ }
+ ret = clr_gpio_bit(gpio_base_addr, bit_num);
+ } else {
+ ret = board_disable_povdd() ? 0 : PLAT_ERROR_DISABLE_POVDD;
+ }
+
+ if (ret != 0) {
+ ERROR("Error disabling board POVDD: %d\n", ret);
+ }
+ }
+ return 0;
+}