aboutsummaryrefslogtreecommitdiff
path: root/platform/ext
diff options
context:
space:
mode:
authorSatish Kumar <satish.kumar01@arm.com>2021-05-04 21:47:08 +0100
committerDavid Hu <david.hu@arm.com>2021-10-14 10:14:43 +0200
commit0218c3f799292df645d17e3367c7687d7407b3e4 (patch)
tree78bab10ba5252a356229bfac97fcd78e7796598e /platform/ext
parent08b1da5fac2722db094b172680dbf467b1b214aa (diff)
downloadtrusted-firmware-m-0218c3f799292df645d17e3367c7687d7407b3e4.tar.gz
Diphda: Verify and load host BL2 (TF-A)
Secure enclave's BL2 parses the FIP layout in the flash to extract the address and size information of host's TF-A. Once required information is extracted, the image is verified and loaded to a RAM address from where host starts booting. Change-Id: Ib7fd2f542f726f4daa5f5ac281fab29543dc2b6e Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Diffstat (limited to 'platform/ext')
-rw-r--r--platform/ext/target/arm/diphda/CMSIS_Driver/Driver_Flash.c1
-rw-r--r--platform/ext/target/arm/diphda/CMakeLists.txt5
-rw-r--r--platform/ext/target/arm/diphda/bl2_boot_hal.c30
-rw-r--r--platform/ext/target/arm/diphda/bl2_flash_map.c34
-rw-r--r--platform/ext/target/arm/diphda/config.cmake2
-rw-r--r--platform/ext/target/arm/diphda/fip_parser/external/uuid.h74
-rw-r--r--platform/ext/target/arm/diphda/fip_parser/fip_parser.c61
-rw-r--r--platform/ext/target/arm/diphda/fip_parser/fip_parser.h70
-rw-r--r--platform/ext/target/arm/diphda/partition/flash_layout.h44
9 files changed, 270 insertions, 51 deletions
diff --git a/platform/ext/target/arm/diphda/CMSIS_Driver/Driver_Flash.c b/platform/ext/target/arm/diphda/CMSIS_Driver/Driver_Flash.c
index b55f08c621..4a646d8282 100644
--- a/platform/ext/target/arm/diphda/CMSIS_Driver/Driver_Flash.c
+++ b/platform/ext/target/arm/diphda/CMSIS_Driver/Driver_Flash.c
@@ -109,7 +109,6 @@ static ARM_FLASH_CAPABILITIES N25Q256A_Driver_GetCapabilities(void)
return N25Q256ADriverCapabilities;
}
-
static int32_t N25Q256A_Flash_Initialize(ARM_Flash_SignalEvent_t cb_event)
{
ARG_UNUSED(cb_event);
diff --git a/platform/ext/target/arm/diphda/CMakeLists.txt b/platform/ext/target/arm/diphda/CMakeLists.txt
index fea0e23418..26fe5d2d53 100644
--- a/platform/ext/target/arm/diphda/CMakeLists.txt
+++ b/platform/ext/target/arm/diphda/CMakeLists.txt
@@ -75,6 +75,8 @@ target_link_libraries(platform_s
#========================= Platform BL2 =======================================#
+set(BL2_SOURCE ${CMAKE_SOURCE_DIR}/bl2)
+
target_sources(platform_bl2
PRIVATE
CMSIS_Driver/Driver_Flash.c
@@ -84,6 +86,7 @@ target_sources(platform_bl2
Native_Driver/uart_pl011_drv.c
Native_Driver/xilinx_pg153_axi_qspi_controller_drv.c
Native_Driver/spi_n25q256a_flash_lib.c
+ fip_parser/fip_parser.c
bl2_boot_hal.c
)
@@ -107,8 +110,10 @@ target_include_directories(platform_bl2
CMSIS_Driver/Config
Device/Config
Native_Driver
+ fip_parser
${MCUBOOT_PATH}/boot/bootutil/include # for fault_injection_hardening.h only
${CMAKE_BINARY_DIR}/bl2/ext/mcuboot # for mcuboot_config.h only
+ $<BUILD_INTERFACE:${BL2_SOURCE}/ext/mcuboot/include>
)
#========================= BL1 component =======================================#
diff --git a/platform/ext/target/arm/diphda/bl2_boot_hal.c b/platform/ext/target/arm/diphda/bl2_boot_hal.c
index 029b2e86c8..a0c3ec8979 100644
--- a/platform/ext/target/arm/diphda/bl2_boot_hal.c
+++ b/platform/ext/target/arm/diphda/bl2_boot_hal.c
@@ -12,6 +12,10 @@
#include "Driver_Flash.h"
#include "flash_layout.h"
#include "bootutil/fault_injection_hardening.h"
+#include "bootutil/bootutil_log.h"
+#include "fip_parser.h"
+#include "flash_map/flash_map.h"
+#include <string.h>
#if defined(CRYPTO_HW_ACCELERATOR) || \
defined(CRYPTO_HW_ACCELERATOR_OTP_PROVISIONING)
@@ -43,10 +47,36 @@ __attribute__((naked)) void boot_clear_bl2_ram_area(void)
);
}
+extern struct flash_area flash_map[];
+
+int32_t fill_bl2_flash_map_by_parsing_fips(void)
+{
+ int result;
+ uint32_t tfa_offset = 0;
+ uint32_t tfa_size = 0;
+
+ result = parse_fip_and_extract_tfa_info(FLASH_FIP1_ADDRESS, FLASH_FIP1_SIZE,
+ &tfa_offset, &tfa_size);
+ if (result != FIP_PARSER_SUCCESS) {
+ BOOT_LOG_ERR("parse_fip_and_extract_tfa_info failed");
+ return 1;
+ }
+
+ flash_map[2].fa_off = FLASH_FIP1_OFFSET + tfa_offset;
+ flash_map[2].fa_size = tfa_size;
+
+ return 0;
+}
+
int32_t boot_platform_init(void)
{
int32_t result;
+ result = fill_bl2_flash_map_by_parsing_fips();
+ if (result) {
+ return 1;
+ }
+
result = FLASH_DEV_NAME.Initialize(NULL);
if (result != ARM_DRIVER_OK) {
return 1;
diff --git a/platform/ext/target/arm/diphda/bl2_flash_map.c b/platform/ext/target/arm/diphda/bl2_flash_map.c
index 60b67ccc71..1a42a25cdb 100644
--- a/platform/ext/target/arm/diphda/bl2_flash_map.c
+++ b/platform/ext/target/arm/diphda/bl2_flash_map.c
@@ -14,8 +14,16 @@
extern ARM_DRIVER_FLASH FLASH_DEV_NAME;
#define ARRAY_SIZE(arr) (sizeof(arr)/sizeof((arr)[0]))
-
-const struct flash_area flash_map[] = {
+/*
+ * flash_map[0]: TF-M Primary
+ * flash_map[1]: TF-M Secondary
+ * flash_map[2]: TF-A Primary
+ * flash_map[3]: TF-A Secondaary
+ *
+ * TF-A flash area's fa_off and fa_size are populated
+ * by parsing FIP.
+ */
+struct flash_area flash_map[] = {
{
.fa_id = FLASH_AREA_0_ID,
.fa_device_id = FLASH_DEVICE_ID,
@@ -34,29 +42,15 @@ const struct flash_area flash_map[] = {
.fa_id = FLASH_AREA_2_ID,
.fa_device_id = FLASH_DEVICE_ID,
.fa_driver = &FLASH_DEV_NAME,
- .fa_off = FLASH_AREA_2_OFFSET,
- .fa_size = FLASH_AREA_2_SIZE,
+ .fa_off = FLASH_INVALID_OFFSET,
+ .fa_size = FLASH_INVALID_SIZE,
},
{
.fa_id = FLASH_AREA_3_ID,
.fa_device_id = FLASH_DEVICE_ID,
.fa_driver = &FLASH_DEV_NAME,
- .fa_off = FLASH_AREA_3_OFFSET,
- .fa_size = FLASH_AREA_3_SIZE,
- },
- {
- .fa_id = FLASH_AREA_4_ID,
- .fa_device_id = FLASH_DEVICE_ID,
- .fa_driver = &FLASH_DEV_NAME,
- .fa_off = FLASH_AREA_4_OFFSET,
- .fa_size = FLASH_AREA_4_SIZE,
- },
- {
- .fa_id = FLASH_AREA_5_ID,
- .fa_device_id = FLASH_DEVICE_ID,
- .fa_driver = &FLASH_DEV_NAME,
- .fa_off = FLASH_AREA_5_OFFSET,
- .fa_size = FLASH_AREA_5_SIZE,
+ .fa_off = FLASH_INVALID_OFFSET,
+ .fa_size = FLASH_INVALID_SIZE,
},
};
diff --git a/platform/ext/target/arm/diphda/config.cmake b/platform/ext/target/arm/diphda/config.cmake
index db5ab6639e..1bf74f2748 100644
--- a/platform/ext/target/arm/diphda/config.cmake
+++ b/platform/ext/target/arm/diphda/config.cmake
@@ -10,7 +10,7 @@ set(BL2 ON CACHE BOOL "Whether to bu
set(DEFAULT_MCUBOOT_FLASH_MAP OFF CACHE BOOL "Whether to use the default flash map defined by TF-M project")
set(MCUBOOT_UPGRADE_STRATEGY "RAM_LOAD" CACHE STRING "Upgrade strategy when multiple boot images are loaded [OVERWRITE_ONLY, SWAP, DIRECT_XIP, RAM_LOAD]")
-set(MCUBOOT_IMAGE_NUMBER 3 CACHE STRING "Number of images loaded by mcuboot")
+set(MCUBOOT_IMAGE_NUMBER 2 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each separately")
set(TFM_MULTI_CORE_TOPOLOGY ON CACHE BOOL "Whether to build for a dual-cpu architecture")
set(TFM_PLAT_SPECIFIC_MULTI_CORE_COMM ON CACHE BOOL "Whether to use a platform specific inter core communication instead of mailbox in dual-cpu topology")
set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms")
diff --git a/platform/ext/target/arm/diphda/fip_parser/external/uuid.h b/platform/ext/target/arm/diphda/fip_parser/external/uuid.h
new file mode 100644
index 0000000000..2ced3a3fab
--- /dev/null
+++ b/platform/ext/target/arm/diphda/fip_parser/external/uuid.h
@@ -0,0 +1,74 @@
+/*-
+ * Copyright (c) 2002 Marcel Moolenaar
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+/*
+ * Portions copyright (c) 2014-2020, ARM Limited and Contributors.
+ * All rights reserved.
+ */
+
+#ifndef UUID_H
+#define UUID_H
+
+/* Length of a node address (an IEEE 802 address). */
+#define _UUID_NODE_LEN 6
+
+/* Length of UUID string including dashes. */
+#define _UUID_STR_LEN 36
+
+/*
+ * See also:
+ * http://www.opengroup.org/dce/info/draft-leach-uuids-guids-01.txt
+ * http://www.opengroup.org/onlinepubs/009629399/apdxa.htm
+ *
+ * A DCE 1.1 compatible source representation of UUIDs.
+ */
+struct uuid {
+ uint8_t time_low[4];
+ uint8_t time_mid[2];
+ uint8_t time_hi_and_version[2];
+ uint8_t clock_seq_hi_and_reserved;
+ uint8_t clock_seq_low;
+ uint8_t node[_UUID_NODE_LEN];
+};
+
+struct efi_guid {
+ uint32_t time_low;
+ uint16_t time_mid;
+ uint16_t time_hi_and_version;
+ uint8_t clock_seq_and_node[8];
+};
+
+union uuid_helper_t {
+ struct uuid uuid_struct;
+ struct efi_guid efi_guid;
+};
+
+/* XXX namespace pollution? */
+typedef struct uuid uuid_t;
+
+#endif /* UUID_H */
diff --git a/platform/ext/target/arm/diphda/fip_parser/fip_parser.c b/platform/ext/target/arm/diphda/fip_parser/fip_parser.c
new file mode 100644
index 0000000000..5d264b3a62
--- /dev/null
+++ b/platform/ext/target/arm/diphda/fip_parser/fip_parser.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2021 Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "fip_parser.h"
+#include "bootutil/bootutil_log.h"
+
+#include <region_defs.h>
+#include <string.h>
+
+int parse_fip_and_extract_tfa_info(uint32_t address, uint32_t fip_size,
+ uint32_t *tfa_offset, uint32_t *tfa_size)
+{
+ FIP_TOC_HEADER *toc_header = NULL;
+ FIP_TOC_ENTRY *toc_entry = NULL;
+ uuid_t uuid_null = {0};
+ uuid_t tfa_uuid = UUID_TRUSTED_BOOT_FIRMWARE_BL2;
+ char *iter;
+
+ toc_header = (FIP_TOC_HEADER *) address;
+
+ if (toc_header->name != TOC_HEADER_NAME) {
+ return FIP_PARSER_ERROR;
+ }
+
+ toc_entry = (FIP_TOC_ENTRY *)(toc_header + 1);
+
+ for (iter = (char *)toc_entry;
+ iter <= (char *)toc_header + fip_size;
+ iter = iter + sizeof(FIP_TOC_ENTRY), toc_entry++) {
+
+ if (!memcmp(iter, &uuid_null, sizeof(uuid_t))) {
+ return FIP_PARSER_ERROR;
+ }
+
+ if (!memcmp(iter, &tfa_uuid, sizeof(uuid_t))) {
+ BOOT_LOG_INF("TF-A FIP at : address = 0x%x : size = 0x%x \n\r",
+ toc_entry->address,
+ toc_entry->size);
+ *tfa_offset = toc_entry->address;
+ *tfa_size = toc_entry->size;
+ return FIP_PARSER_SUCCESS;
+ }
+ }
+
+ return FIP_PARSER_ERROR;
+}
diff --git a/platform/ext/target/arm/diphda/fip_parser/fip_parser.h b/platform/ext/target/arm/diphda/fip_parser/fip_parser.h
new file mode 100644
index 0000000000..b01000e00a
--- /dev/null
+++ b/platform/ext/target/arm/diphda/fip_parser/fip_parser.h
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 2019-2021 ARM Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _FIP_PARSER_H_
+#define _FIP_PARSER_H_
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include <stdint.h>
+#include "external/uuid.h"
+
+/* Return code of fip parser APIs */
+#define FIP_PARSER_SUCCESS (0)
+#define FIP_PARSER_ERROR (INT32_MIN + 1)
+
+/* This is used as a signature to validate the blob header */
+#define TOC_HEADER_NAME 0xAA640001
+
+/* ToC Entry UUIDs */
+#define UUID_TRUSTED_BOOT_FIRMWARE_BL2 \
+ {{0x5f, 0xf9, 0xec, 0x0b}, {0x4d, 0x22}, \
+ {0x3e, 0x4d}, 0xa5, 0x44, \
+ {0xc3, 0x9d, 0x81, 0xc7, 0x3f, 0x0a} }
+
+typedef struct _FIP_TOC_HEADER {
+ uint32_t name;
+ uint32_t serial_number;
+ uint64_t flags;
+} FIP_TOC_HEADER;
+
+/*fip tool creates fip table using 64 bit integers because of its
+ basic support for 64 bit Cortex A.Hence need to add 32 bit padding
+ for 32-bit Cortex-M CPUs
+*/
+
+typedef struct _FIP_TOC_ENTRY {
+ uuid_t uuid;
+ uint32_t address;
+ uint32_t pad1;
+ uint32_t size;
+ uint32_t pad2;
+ uint64_t flags;
+} FIP_TOC_ENTRY;
+
+int parse_fip_and_extract_tfa_info(uint32_t address, uint32_t fip_size,
+ uint32_t *tfa_offset, uint32_t *tfa_size);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _FIP_PARSER_H_ */
diff --git a/platform/ext/target/arm/diphda/partition/flash_layout.h b/platform/ext/target/arm/diphda/partition/flash_layout.h
index 65ed9404b9..1b713774dc 100644
--- a/platform/ext/target/arm/diphda/partition/flash_layout.h
+++ b/platform/ext/target/arm/diphda/partition/flash_layout.h
@@ -47,9 +47,10 @@
#define SE_BL2_PARTITION_SIZE (0x10000) /* 64 KiB */
#define TFM_PARTITION_SIZE (0x60000) /* 384 KiB */
-#define OPTEE_PARTITION_SIZE (0x80000) /* 512 KiB */
-#define U_BOOT_PARTITION_SIZE (0x80000) /* 512 KiB */
-#define SPL_PARTITION_SIZE (0x40000) /* 256 KiB */
+#define FIP_MAX_SIZE (0x80000) /* 512 KiB */
+#define FIP1_SIZE (0x151573) /* 1350 KiB */
+#define FIP2_SIZE (0x80000) /* 512 KiB */
+#define FIP_SIGNATURE_AREA_SIZE (0x1000) /* 4 KiB */
/* Secure Enclave internal SRAM */
@@ -113,32 +114,19 @@
#define FLASH_AREA_1_OFFSET (FLASH_AREA_0_OFFSET + FLASH_AREA_0_SIZE)
#define FLASH_AREA_1_SIZE (TFM_PARTITION_SIZE)
-/* OPTEE primary and secondary images */
-#define FLASH_AREA_2_ID (FLASH_AREA_1_ID + 1)
-#define FLASH_AREA_2_OFFSET (FLASH_AREA_1_OFFSET + FLASH_AREA_1_SIZE)
-#define FLASH_AREA_2_SIZE (OPTEE_PARTITION_SIZE)
+/* Host FIPs */
+#define FLASH_FIP1_OFFSET (FLASH_AREA_1_OFFSET + FLASH_AREA_1_SIZE + FIP_SIGNATURE_AREA_SIZE)
+#define FLASH_FIP1_ADDRESS (FLASH_BASE_ADDRESS + FLASH_FIP1_OFFSET)
+#define FLASH_FIP1_SIZE (FIP1_SIZE)
+#define FLASH_FIP2_OFFSET (FLASH_FIP1_OFFSET + FIP_MAX_SIZE)
+#define FLASH_FIP2_ADDRESS (FLASH_BASE_ADDRESS + FLASH_FIP2_OFFSET)
+#define FLASH_FIP2_SIZE (FIP2_SIZE)
+/* Host BL2 (TF-A) primary and secondary image. */
+#define FLASH_AREA_2_ID (FLASH_AREA_1_ID + 1)
#define FLASH_AREA_3_ID (FLASH_AREA_2_ID + 1)
-#define FLASH_AREA_3_OFFSET (FLASH_AREA_2_OFFSET + FLASH_AREA_2_SIZE)
-#define FLASH_AREA_3_SIZE (OPTEE_PARTITION_SIZE)
-
-/* U-boot primary and secondary images */
-#define FLASH_AREA_4_ID (FLASH_AREA_3_ID + 1)
-#define FLASH_AREA_4_OFFSET (FLASH_AREA_3_OFFSET + FLASH_AREA_3_SIZE)
-#define FLASH_AREA_4_SIZE (U_BOOT_PARTITION_SIZE)
-
-#define FLASH_AREA_5_ID (FLASH_AREA_4_ID + 1)
-#define FLASH_AREA_5_OFFSET (FLASH_AREA_4_OFFSET + FLASH_AREA_4_SIZE)
-#define FLASH_AREA_5_SIZE (U_BOOT_PARTITION_SIZE)
-
-/* SPL primary and secondary images */
-#define FLASH_AREA_6_ID (FLASH_AREA_5_ID + 1)
-#define FLASH_AREA_6_OFFSET (FLASH_AREA_5_OFFSET + FLASH_AREA_5_SIZE)
-#define FLASH_AREA_6_SIZE (SPL_PARTITION_SIZE)
-
-#define FLASH_AREA_7_ID (FLASH_AREA_6_ID + 1)
-#define FLASH_AREA_7_OFFSET (FLASH_AREA_6_OFFSET + FLASH_AREA_6_SIZE)
-#define FLASH_AREA_7_SIZE (SPL_PARTITION_SIZE)
+#define FLASH_INVALID_OFFSET (0xFFFFFFFF)
+#define FLASH_INVALID_SIZE (0xFFFFFFFF)
/* Macros needed to imgtool.py, used when creating TF-M signed image */
#define IMAGE_LOAD_ADDRESS (SRAM_BASE)
@@ -149,11 +137,9 @@
#define FLASH_AREA_IMAGE_PRIMARY(x) (((x) == 0) ? FLASH_AREA_0_ID : \
((x) == 1) ? FLASH_AREA_2_ID : \
- ((x) == 2) ? FLASH_AREA_4_ID : \
255 )
#define FLASH_AREA_IMAGE_SECONDARY(x) (((x) == 0) ? FLASH_AREA_1_ID : \
((x) == 1) ? FLASH_AREA_3_ID : \
- ((x) == 2) ? FLASH_AREA_5_ID : \
255 )
#define FLASH_AREA_IMAGE_SCRATCH 255