diff options
author | Satish Kumar <satish.kumar01@arm.com> | 2021-05-04 21:47:08 +0100 |
---|---|---|
committer | David Hu <david.hu@arm.com> | 2021-10-14 10:14:43 +0200 |
commit | 0218c3f799292df645d17e3367c7687d7407b3e4 (patch) | |
tree | 78bab10ba5252a356229bfac97fcd78e7796598e /platform/ext | |
parent | 08b1da5fac2722db094b172680dbf467b1b214aa (diff) | |
download | trusted-firmware-m-0218c3f799292df645d17e3367c7687d7407b3e4.tar.gz |
Diphda: Verify and load host BL2 (TF-A)
Secure enclave's BL2 parses the FIP layout in the flash to
extract the address and size information of host's TF-A.
Once required information is extracted, the image is
verified and loaded to a RAM address from where host
starts booting.
Change-Id: Ib7fd2f542f726f4daa5f5ac281fab29543dc2b6e
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Diffstat (limited to 'platform/ext')
9 files changed, 270 insertions, 51 deletions
diff --git a/platform/ext/target/arm/diphda/CMSIS_Driver/Driver_Flash.c b/platform/ext/target/arm/diphda/CMSIS_Driver/Driver_Flash.c index b55f08c621..4a646d8282 100644 --- a/platform/ext/target/arm/diphda/CMSIS_Driver/Driver_Flash.c +++ b/platform/ext/target/arm/diphda/CMSIS_Driver/Driver_Flash.c @@ -109,7 +109,6 @@ static ARM_FLASH_CAPABILITIES N25Q256A_Driver_GetCapabilities(void) return N25Q256ADriverCapabilities; } - static int32_t N25Q256A_Flash_Initialize(ARM_Flash_SignalEvent_t cb_event) { ARG_UNUSED(cb_event); diff --git a/platform/ext/target/arm/diphda/CMakeLists.txt b/platform/ext/target/arm/diphda/CMakeLists.txt index fea0e23418..26fe5d2d53 100644 --- a/platform/ext/target/arm/diphda/CMakeLists.txt +++ b/platform/ext/target/arm/diphda/CMakeLists.txt @@ -75,6 +75,8 @@ target_link_libraries(platform_s #========================= Platform BL2 =======================================# +set(BL2_SOURCE ${CMAKE_SOURCE_DIR}/bl2) + target_sources(platform_bl2 PRIVATE CMSIS_Driver/Driver_Flash.c @@ -84,6 +86,7 @@ target_sources(platform_bl2 Native_Driver/uart_pl011_drv.c Native_Driver/xilinx_pg153_axi_qspi_controller_drv.c Native_Driver/spi_n25q256a_flash_lib.c + fip_parser/fip_parser.c bl2_boot_hal.c ) @@ -107,8 +110,10 @@ target_include_directories(platform_bl2 CMSIS_Driver/Config Device/Config Native_Driver + fip_parser ${MCUBOOT_PATH}/boot/bootutil/include # for fault_injection_hardening.h only ${CMAKE_BINARY_DIR}/bl2/ext/mcuboot # for mcuboot_config.h only + $<BUILD_INTERFACE:${BL2_SOURCE}/ext/mcuboot/include> ) #========================= BL1 component =======================================# diff --git a/platform/ext/target/arm/diphda/bl2_boot_hal.c b/platform/ext/target/arm/diphda/bl2_boot_hal.c index 029b2e86c8..a0c3ec8979 100644 --- a/platform/ext/target/arm/diphda/bl2_boot_hal.c +++ b/platform/ext/target/arm/diphda/bl2_boot_hal.c @@ -12,6 +12,10 @@ #include "Driver_Flash.h" #include "flash_layout.h" #include "bootutil/fault_injection_hardening.h" +#include "bootutil/bootutil_log.h" +#include "fip_parser.h" +#include "flash_map/flash_map.h" +#include <string.h> #if defined(CRYPTO_HW_ACCELERATOR) || \ defined(CRYPTO_HW_ACCELERATOR_OTP_PROVISIONING) @@ -43,10 +47,36 @@ __attribute__((naked)) void boot_clear_bl2_ram_area(void) ); } +extern struct flash_area flash_map[]; + +int32_t fill_bl2_flash_map_by_parsing_fips(void) +{ + int result; + uint32_t tfa_offset = 0; + uint32_t tfa_size = 0; + + result = parse_fip_and_extract_tfa_info(FLASH_FIP1_ADDRESS, FLASH_FIP1_SIZE, + &tfa_offset, &tfa_size); + if (result != FIP_PARSER_SUCCESS) { + BOOT_LOG_ERR("parse_fip_and_extract_tfa_info failed"); + return 1; + } + + flash_map[2].fa_off = FLASH_FIP1_OFFSET + tfa_offset; + flash_map[2].fa_size = tfa_size; + + return 0; +} + int32_t boot_platform_init(void) { int32_t result; + result = fill_bl2_flash_map_by_parsing_fips(); + if (result) { + return 1; + } + result = FLASH_DEV_NAME.Initialize(NULL); if (result != ARM_DRIVER_OK) { return 1; diff --git a/platform/ext/target/arm/diphda/bl2_flash_map.c b/platform/ext/target/arm/diphda/bl2_flash_map.c index 60b67ccc71..1a42a25cdb 100644 --- a/platform/ext/target/arm/diphda/bl2_flash_map.c +++ b/platform/ext/target/arm/diphda/bl2_flash_map.c @@ -14,8 +14,16 @@ extern ARM_DRIVER_FLASH FLASH_DEV_NAME; #define ARRAY_SIZE(arr) (sizeof(arr)/sizeof((arr)[0])) - -const struct flash_area flash_map[] = { +/* + * flash_map[0]: TF-M Primary + * flash_map[1]: TF-M Secondary + * flash_map[2]: TF-A Primary + * flash_map[3]: TF-A Secondaary + * + * TF-A flash area's fa_off and fa_size are populated + * by parsing FIP. + */ +struct flash_area flash_map[] = { { .fa_id = FLASH_AREA_0_ID, .fa_device_id = FLASH_DEVICE_ID, @@ -34,29 +42,15 @@ const struct flash_area flash_map[] = { .fa_id = FLASH_AREA_2_ID, .fa_device_id = FLASH_DEVICE_ID, .fa_driver = &FLASH_DEV_NAME, - .fa_off = FLASH_AREA_2_OFFSET, - .fa_size = FLASH_AREA_2_SIZE, + .fa_off = FLASH_INVALID_OFFSET, + .fa_size = FLASH_INVALID_SIZE, }, { .fa_id = FLASH_AREA_3_ID, .fa_device_id = FLASH_DEVICE_ID, .fa_driver = &FLASH_DEV_NAME, - .fa_off = FLASH_AREA_3_OFFSET, - .fa_size = FLASH_AREA_3_SIZE, - }, - { - .fa_id = FLASH_AREA_4_ID, - .fa_device_id = FLASH_DEVICE_ID, - .fa_driver = &FLASH_DEV_NAME, - .fa_off = FLASH_AREA_4_OFFSET, - .fa_size = FLASH_AREA_4_SIZE, - }, - { - .fa_id = FLASH_AREA_5_ID, - .fa_device_id = FLASH_DEVICE_ID, - .fa_driver = &FLASH_DEV_NAME, - .fa_off = FLASH_AREA_5_OFFSET, - .fa_size = FLASH_AREA_5_SIZE, + .fa_off = FLASH_INVALID_OFFSET, + .fa_size = FLASH_INVALID_SIZE, }, }; diff --git a/platform/ext/target/arm/diphda/config.cmake b/platform/ext/target/arm/diphda/config.cmake index db5ab6639e..1bf74f2748 100644 --- a/platform/ext/target/arm/diphda/config.cmake +++ b/platform/ext/target/arm/diphda/config.cmake @@ -10,7 +10,7 @@ set(BL2 ON CACHE BOOL "Whether to bu set(DEFAULT_MCUBOOT_FLASH_MAP OFF CACHE BOOL "Whether to use the default flash map defined by TF-M project") set(MCUBOOT_UPGRADE_STRATEGY "RAM_LOAD" CACHE STRING "Upgrade strategy when multiple boot images are loaded [OVERWRITE_ONLY, SWAP, DIRECT_XIP, RAM_LOAD]") -set(MCUBOOT_IMAGE_NUMBER 3 CACHE STRING "Number of images loaded by mcuboot") +set(MCUBOOT_IMAGE_NUMBER 2 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each separately") set(TFM_MULTI_CORE_TOPOLOGY ON CACHE BOOL "Whether to build for a dual-cpu architecture") set(TFM_PLAT_SPECIFIC_MULTI_CORE_COMM ON CACHE BOOL "Whether to use a platform specific inter core communication instead of mailbox in dual-cpu topology") set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms") diff --git a/platform/ext/target/arm/diphda/fip_parser/external/uuid.h b/platform/ext/target/arm/diphda/fip_parser/external/uuid.h new file mode 100644 index 0000000000..2ced3a3fab --- /dev/null +++ b/platform/ext/target/arm/diphda/fip_parser/external/uuid.h @@ -0,0 +1,74 @@ +/*- + * Copyright (c) 2002 Marcel Moolenaar + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * $FreeBSD$ + */ + +/* + * Portions copyright (c) 2014-2020, ARM Limited and Contributors. + * All rights reserved. + */ + +#ifndef UUID_H +#define UUID_H + +/* Length of a node address (an IEEE 802 address). */ +#define _UUID_NODE_LEN 6 + +/* Length of UUID string including dashes. */ +#define _UUID_STR_LEN 36 + +/* + * See also: + * http://www.opengroup.org/dce/info/draft-leach-uuids-guids-01.txt + * http://www.opengroup.org/onlinepubs/009629399/apdxa.htm + * + * A DCE 1.1 compatible source representation of UUIDs. + */ +struct uuid { + uint8_t time_low[4]; + uint8_t time_mid[2]; + uint8_t time_hi_and_version[2]; + uint8_t clock_seq_hi_and_reserved; + uint8_t clock_seq_low; + uint8_t node[_UUID_NODE_LEN]; +}; + +struct efi_guid { + uint32_t time_low; + uint16_t time_mid; + uint16_t time_hi_and_version; + uint8_t clock_seq_and_node[8]; +}; + +union uuid_helper_t { + struct uuid uuid_struct; + struct efi_guid efi_guid; +}; + +/* XXX namespace pollution? */ +typedef struct uuid uuid_t; + +#endif /* UUID_H */ diff --git a/platform/ext/target/arm/diphda/fip_parser/fip_parser.c b/platform/ext/target/arm/diphda/fip_parser/fip_parser.c new file mode 100644 index 0000000000..5d264b3a62 --- /dev/null +++ b/platform/ext/target/arm/diphda/fip_parser/fip_parser.c @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2021 Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an AS IS BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "fip_parser.h" +#include "bootutil/bootutil_log.h" + +#include <region_defs.h> +#include <string.h> + +int parse_fip_and_extract_tfa_info(uint32_t address, uint32_t fip_size, + uint32_t *tfa_offset, uint32_t *tfa_size) +{ + FIP_TOC_HEADER *toc_header = NULL; + FIP_TOC_ENTRY *toc_entry = NULL; + uuid_t uuid_null = {0}; + uuid_t tfa_uuid = UUID_TRUSTED_BOOT_FIRMWARE_BL2; + char *iter; + + toc_header = (FIP_TOC_HEADER *) address; + + if (toc_header->name != TOC_HEADER_NAME) { + return FIP_PARSER_ERROR; + } + + toc_entry = (FIP_TOC_ENTRY *)(toc_header + 1); + + for (iter = (char *)toc_entry; + iter <= (char *)toc_header + fip_size; + iter = iter + sizeof(FIP_TOC_ENTRY), toc_entry++) { + + if (!memcmp(iter, &uuid_null, sizeof(uuid_t))) { + return FIP_PARSER_ERROR; + } + + if (!memcmp(iter, &tfa_uuid, sizeof(uuid_t))) { + BOOT_LOG_INF("TF-A FIP at : address = 0x%x : size = 0x%x \n\r", + toc_entry->address, + toc_entry->size); + *tfa_offset = toc_entry->address; + *tfa_size = toc_entry->size; + return FIP_PARSER_SUCCESS; + } + } + + return FIP_PARSER_ERROR; +} diff --git a/platform/ext/target/arm/diphda/fip_parser/fip_parser.h b/platform/ext/target/arm/diphda/fip_parser/fip_parser.h new file mode 100644 index 0000000000..b01000e00a --- /dev/null +++ b/platform/ext/target/arm/diphda/fip_parser/fip_parser.h @@ -0,0 +1,70 @@ +/* + * Copyright (c) 2019-2021 ARM Limited. All rights reserved. + * + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an AS IS BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef _FIP_PARSER_H_ +#define _FIP_PARSER_H_ + +#ifdef __cplusplus +extern "C" +{ +#endif + +#include <stdint.h> +#include "external/uuid.h" + +/* Return code of fip parser APIs */ +#define FIP_PARSER_SUCCESS (0) +#define FIP_PARSER_ERROR (INT32_MIN + 1) + +/* This is used as a signature to validate the blob header */ +#define TOC_HEADER_NAME 0xAA640001 + +/* ToC Entry UUIDs */ +#define UUID_TRUSTED_BOOT_FIRMWARE_BL2 \ + {{0x5f, 0xf9, 0xec, 0x0b}, {0x4d, 0x22}, \ + {0x3e, 0x4d}, 0xa5, 0x44, \ + {0xc3, 0x9d, 0x81, 0xc7, 0x3f, 0x0a} } + +typedef struct _FIP_TOC_HEADER { + uint32_t name; + uint32_t serial_number; + uint64_t flags; +} FIP_TOC_HEADER; + +/*fip tool creates fip table using 64 bit integers because of its + basic support for 64 bit Cortex A.Hence need to add 32 bit padding + for 32-bit Cortex-M CPUs +*/ + +typedef struct _FIP_TOC_ENTRY { + uuid_t uuid; + uint32_t address; + uint32_t pad1; + uint32_t size; + uint32_t pad2; + uint64_t flags; +} FIP_TOC_ENTRY; + +int parse_fip_and_extract_tfa_info(uint32_t address, uint32_t fip_size, + uint32_t *tfa_offset, uint32_t *tfa_size); + +#ifdef __cplusplus +} +#endif + +#endif /* _FIP_PARSER_H_ */ diff --git a/platform/ext/target/arm/diphda/partition/flash_layout.h b/platform/ext/target/arm/diphda/partition/flash_layout.h index 65ed9404b9..1b713774dc 100644 --- a/platform/ext/target/arm/diphda/partition/flash_layout.h +++ b/platform/ext/target/arm/diphda/partition/flash_layout.h @@ -47,9 +47,10 @@ #define SE_BL2_PARTITION_SIZE (0x10000) /* 64 KiB */ #define TFM_PARTITION_SIZE (0x60000) /* 384 KiB */ -#define OPTEE_PARTITION_SIZE (0x80000) /* 512 KiB */ -#define U_BOOT_PARTITION_SIZE (0x80000) /* 512 KiB */ -#define SPL_PARTITION_SIZE (0x40000) /* 256 KiB */ +#define FIP_MAX_SIZE (0x80000) /* 512 KiB */ +#define FIP1_SIZE (0x151573) /* 1350 KiB */ +#define FIP2_SIZE (0x80000) /* 512 KiB */ +#define FIP_SIGNATURE_AREA_SIZE (0x1000) /* 4 KiB */ /* Secure Enclave internal SRAM */ @@ -113,32 +114,19 @@ #define FLASH_AREA_1_OFFSET (FLASH_AREA_0_OFFSET + FLASH_AREA_0_SIZE) #define FLASH_AREA_1_SIZE (TFM_PARTITION_SIZE) -/* OPTEE primary and secondary images */ -#define FLASH_AREA_2_ID (FLASH_AREA_1_ID + 1) -#define FLASH_AREA_2_OFFSET (FLASH_AREA_1_OFFSET + FLASH_AREA_1_SIZE) -#define FLASH_AREA_2_SIZE (OPTEE_PARTITION_SIZE) +/* Host FIPs */ +#define FLASH_FIP1_OFFSET (FLASH_AREA_1_OFFSET + FLASH_AREA_1_SIZE + FIP_SIGNATURE_AREA_SIZE) +#define FLASH_FIP1_ADDRESS (FLASH_BASE_ADDRESS + FLASH_FIP1_OFFSET) +#define FLASH_FIP1_SIZE (FIP1_SIZE) +#define FLASH_FIP2_OFFSET (FLASH_FIP1_OFFSET + FIP_MAX_SIZE) +#define FLASH_FIP2_ADDRESS (FLASH_BASE_ADDRESS + FLASH_FIP2_OFFSET) +#define FLASH_FIP2_SIZE (FIP2_SIZE) +/* Host BL2 (TF-A) primary and secondary image. */ +#define FLASH_AREA_2_ID (FLASH_AREA_1_ID + 1) #define FLASH_AREA_3_ID (FLASH_AREA_2_ID + 1) -#define FLASH_AREA_3_OFFSET (FLASH_AREA_2_OFFSET + FLASH_AREA_2_SIZE) -#define FLASH_AREA_3_SIZE (OPTEE_PARTITION_SIZE) - -/* U-boot primary and secondary images */ -#define FLASH_AREA_4_ID (FLASH_AREA_3_ID + 1) -#define FLASH_AREA_4_OFFSET (FLASH_AREA_3_OFFSET + FLASH_AREA_3_SIZE) -#define FLASH_AREA_4_SIZE (U_BOOT_PARTITION_SIZE) - -#define FLASH_AREA_5_ID (FLASH_AREA_4_ID + 1) -#define FLASH_AREA_5_OFFSET (FLASH_AREA_4_OFFSET + FLASH_AREA_4_SIZE) -#define FLASH_AREA_5_SIZE (U_BOOT_PARTITION_SIZE) - -/* SPL primary and secondary images */ -#define FLASH_AREA_6_ID (FLASH_AREA_5_ID + 1) -#define FLASH_AREA_6_OFFSET (FLASH_AREA_5_OFFSET + FLASH_AREA_5_SIZE) -#define FLASH_AREA_6_SIZE (SPL_PARTITION_SIZE) - -#define FLASH_AREA_7_ID (FLASH_AREA_6_ID + 1) -#define FLASH_AREA_7_OFFSET (FLASH_AREA_6_OFFSET + FLASH_AREA_6_SIZE) -#define FLASH_AREA_7_SIZE (SPL_PARTITION_SIZE) +#define FLASH_INVALID_OFFSET (0xFFFFFFFF) +#define FLASH_INVALID_SIZE (0xFFFFFFFF) /* Macros needed to imgtool.py, used when creating TF-M signed image */ #define IMAGE_LOAD_ADDRESS (SRAM_BASE) @@ -149,11 +137,9 @@ #define FLASH_AREA_IMAGE_PRIMARY(x) (((x) == 0) ? FLASH_AREA_0_ID : \ ((x) == 1) ? FLASH_AREA_2_ID : \ - ((x) == 2) ? FLASH_AREA_4_ID : \ 255 ) #define FLASH_AREA_IMAGE_SECONDARY(x) (((x) == 0) ? FLASH_AREA_1_ID : \ ((x) == 1) ? FLASH_AREA_3_ID : \ - ((x) == 2) ? FLASH_AREA_5_ID : \ 255 ) #define FLASH_AREA_IMAGE_SCRATCH 255 |