fvp: add support for Secure Partitions in the FIP
This commit introduces a new packaging option for Secure Partitions.
Instead of embedding the images into the OP-TEE binary, TF-A offers a
mechanism to encapsulate an SP image and its manifest into an SP package
and add that to the FIP [1].
TF-A needs two config options to enable this:
- SP_LAYOUT_FILE: This json file contains the path of the SP images and
their corresponding manifests. It's generated by Trusted Services.
- ARM_BL2_SP_LIST_DTS: This dts snippet describes where each SP package
should be loaded by BL2.
Link: [1] https://trustedfirmware-a.readthedocs.io/en/v2.6/components/secure-partition-manager.html#secure-partition-packages
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
diff --git a/fvp/spmc_manifest.dts b/fvp/spmc_manifest.dts
index 4bd1ee6..1346c39 100644
--- a/fvp/spmc_manifest.dts
+++ b/fvp/spmc_manifest.dts
@@ -32,4 +32,37 @@
tpm_event_log_size = <0x0>;
};
#endif
+
+/* If the ARM_BL2_SP_LIST_DTS is defined, SPs should be loaded from FIP */
+#ifdef ARM_BL2_SP_LIST_DTS
+ sp_packages {
+ compatible = "arm,sp_pkg";
+ internal_trusted_storage {
+ uuid = <0x48ef1edc 0xcf4c7ab1 0xcfdf8bac 0x141b71f7>;
+ load-address = <0x0 0x7a00000>;
+ };
+
+ protected_storage_sp {
+ uuid = <0x01f81b75 0x6847de3d 0x100f14a5 0x9017edae>;
+ load-address = <0x0 0x7b00000>;
+ };
+
+ crypto_sp {
+ uuid = <0xd552dfd9 0xb24ba216 0x6dd2a49a 0xc0e8843b>;
+ load-address = <0x0 0x7c00000>;
+ };
+
+#if MEASURED_BOOT
+ initial_attestation_sp {
+ uuid = <0x55f1baa1 0x95467688 0x95547c8f 0x74b98d5e>;
+ load-address = <0x0 0x7d00000>;
+ };
+#endif
+
+ smm_gateway {
+ uuid = <0x33d532ed 0x0942e699 0x722dc09c 0xa798d9cd>;
+ load-address = <0x0 0x7e00000>;
+ };
+ };
+#endif
};