diff --git a/docs/design/firmware-design.rst b/docs/design/firmware-design.rst index b336b38..891a9a2 100644 --- a/docs/design/firmware-design.rst +++ b/docs/design/firmware-design.rst @@ -83,6 +83,10 @@ platform. The Boot Loader stage may optionally specify a firmware configuration file and/or hardware configuration file as listed below: +- FW_CONFIG - The firmware configuration file. Holds properties shared across + all BLx images. + An example is the "dtb-registry" node, which contains the information about + the other device tree configurations (load-address, size, image_id). - HW_CONFIG - The hardware configuration file. Can be shared by all Boot Loader stages and also by the Normal World Rich OS. - TB_FW_CONFIG - Trusted Boot Firmware configuration file. Shared between BL1 @@ -109,8 +113,8 @@ the generic hardware configuration is passed the next available argument. For example, - - If TB_FW_CONFIG is loaded by BL1, then its address is passed in ``arg0`` - to BL2. + - FW_CONFIG is loaded by BL1, then its address is passed in ``arg0`` to BL2. + - TB_FW_CONFIG address is retrieved by BL2 from FW_CONFIG device tree. - If HW_CONFIG is loaded by BL1, then its address is passed in ``arg2`` to BL2. Note, ``arg1`` is already used for meminfo_t. - If SOC_FW_CONFIG is loaded by BL2, then its address is passed in ``arg1`` @@ -1732,7 +1736,7 @@ ``bl2_mem_params_descs`` contains parameters passed from BL2 to next the BL image during boot. -``fw_configs`` includes soc_fw_config, tos_fw_config and tb_fw_config. +``fw_configs`` includes soc_fw_config, tos_fw_config, tb_fw_config and fw_config. **FVP with TSP in Trusted SRAM with firmware configs :** (These diagrams only cover the AArch64 case) @@ -1757,7 +1761,7 @@ | | <<<<<<<<<<<<< | BL31 PROGBITS | | | <<<<<<<<<<<<< |----------------| | | <<<<<<<<<<<<< | BL32 | - 0x04002000 +----------+ +----------------+ + 0x04003000 +----------+ +----------------+ | CONFIG | 0x04001000 +----------+ | Shared | @@ -1794,7 +1798,7 @@ |--------------| <<<<<<<<<<<<< |----------------| | | <<<<<<<<<<<<< | BL31 PROGBITS | | | +----------------+ - +--------------+ + 0x04003000 +--------------+ | CONFIG | 0x04001000 +--------------+ | Shared | @@ -1828,7 +1832,7 @@ |----------| <<<<<<<<<<<<< |----------------| | | <<<<<<<<<<<<< | BL31 PROGBITS | | | +----------------+ - 0x04002000 +----------+ + 0x04003000 +----------+ | CONFIG | 0x04001000 +----------+ | Shared | diff --git a/drivers/arm/css/scp/css_bom_bootloader.c b/drivers/arm/css/scp/css_bom_bootloader.c index 1fc1270..74121b4 100644 --- a/drivers/arm/css/scp/css_bom_bootloader.c +++ b/drivers/arm/css/scp/css_bom_bootloader.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2014-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -51,13 +51,13 @@ * All CSS platforms load SCP_BL2/SCP_BL2U just below BL2 (this is where BL31 * usually resides except when ARM_BL31_IN_DRAM is * set). Ensure that SCP_BL2/SCP_BL2U do not overflow into shared RAM and - * the tb_fw_config. + * the fw_config. */ CASSERT(SCP_BL2_LIMIT <= BL2_BASE, assert_scp_bl2_overwrite_bl2); CASSERT(SCP_BL2U_LIMIT <= BL2_BASE, assert_scp_bl2u_overwrite_bl2); -CASSERT(SCP_BL2_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_scp_bl2_overflow); -CASSERT(SCP_BL2U_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_scp_bl2u_overflow); +CASSERT(SCP_BL2_BASE >= ARM_FW_CONFIG_LIMIT, assert_scp_bl2_overflow); +CASSERT(SCP_BL2U_BASE >= ARM_FW_CONFIG_LIMIT, assert_scp_bl2u_overflow); static void scp_boot_message_start(void) { diff --git a/drivers/auth/dualroot/cot.c b/drivers/auth/dualroot/cot.c index f28ddaa..31e5d65 100644 --- a/drivers/auth/dualroot/cot.c +++ b/drivers/auth/dualroot/cot.c @@ -16,6 +16,7 @@ * Allocate static buffers to store the authentication parameters extracted from * the certificates. */ +static unsigned char fw_config_hash_buf[HASH_DER_LEN]; static unsigned char tb_fw_hash_buf[HASH_DER_LEN]; static unsigned char tb_fw_config_hash_buf[HASH_DER_LEN]; static unsigned char hw_config_hash_buf[HASH_DER_LEN]; @@ -58,6 +59,8 @@ AUTH_PARAM_HASH, TRUSTED_BOOT_FW_CONFIG_HASH_OID); static auth_param_type_desc_t hw_config_hash = AUTH_PARAM_TYPE_DESC( AUTH_PARAM_HASH, HW_CONFIG_HASH_OID); +static auth_param_type_desc_t fw_config_hash = AUTH_PARAM_TYPE_DESC( + AUTH_PARAM_HASH, FW_CONFIG_HASH_OID); #ifdef IMAGE_BL1 static auth_param_type_desc_t scp_bl2u_hash = AUTH_PARAM_TYPE_DESC( AUTH_PARAM_HASH, SCP_FWU_CFG_HASH_OID); @@ -165,6 +168,13 @@ .ptr = (void *)hw_config_hash_buf, .len = (unsigned int)HASH_DER_LEN } + }, + [3] = { + .type_desc = &fw_config_hash, + .data = { + .ptr = (void *)fw_config_hash_buf, + .len = (unsigned int)HASH_DER_LEN + } } } }; @@ -218,6 +228,22 @@ } } }; + +static const auth_img_desc_t fw_config = { + .img_id = FW_CONFIG_ID, + .img_type = IMG_RAW, + .parent = &trusted_boot_fw_cert, + .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { + [0] = { + .type = AUTH_METHOD_HASH, + .param.hash = { + .data = &raw_data, + .hash = &fw_config_hash + } + } + } +}; + #endif /* IMAGE_BL1 */ #ifdef IMAGE_BL2 @@ -860,6 +886,7 @@ [BL2_IMAGE_ID] = &bl2_image, [HW_CONFIG_ID] = &hw_config, [TB_FW_CONFIG_ID] = &tb_fw_config, + [FW_CONFIG_ID] = &fw_config, [FWU_CERT_ID] = &fwu_cert, [SCP_BL2U_IMAGE_ID] = &scp_bl2u_image, [BL2U_IMAGE_ID] = &bl2u_image, diff --git a/drivers/auth/tbbr/tbbr_cot_bl1.c b/drivers/auth/tbbr/tbbr_cot_bl1.c index f3bb376..e4c9221 100644 --- a/drivers/auth/tbbr/tbbr_cot_bl1.c +++ b/drivers/auth/tbbr/tbbr_cot_bl1.c @@ -150,6 +150,21 @@ } }; +static const auth_img_desc_t fw_config = { + .img_id = FW_CONFIG_ID, + .img_type = IMG_RAW, + .parent = &trusted_boot_fw_cert, + .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { + [0] = { + .type = AUTH_METHOD_HASH, + .param.hash = { + .data = &raw_data, + .hash = &fw_config_hash + } + } + } +}; + /* * TBBR Chain of trust definition */ @@ -158,6 +173,7 @@ [BL2_IMAGE_ID] = &bl2_image, [HW_CONFIG_ID] = &hw_config, [TB_FW_CONFIG_ID] = &tb_fw_config, + [FW_CONFIG_ID] = &fw_config, [FWU_CERT_ID] = &fwu_cert, [SCP_BL2U_IMAGE_ID] = &scp_bl2u_image, [BL2U_IMAGE_ID] = &bl2u_image, diff --git a/drivers/auth/tbbr/tbbr_cot_common.c b/drivers/auth/tbbr/tbbr_cot_common.c index 0a4b75e..ff3f22d 100644 --- a/drivers/auth/tbbr/tbbr_cot_common.c +++ b/drivers/auth/tbbr/tbbr_cot_common.c @@ -23,9 +23,10 @@ * established, we can reuse some of the buffers on different stages */ +static unsigned char fw_config_hash_buf[HASH_DER_LEN]; +static unsigned char tb_fw_config_hash_buf[HASH_DER_LEN]; +static unsigned char hw_config_hash_buf[HASH_DER_LEN]; unsigned char tb_fw_hash_buf[HASH_DER_LEN]; -unsigned char tb_fw_config_hash_buf[HASH_DER_LEN]; -unsigned char hw_config_hash_buf[HASH_DER_LEN]; unsigned char scp_fw_hash_buf[HASH_DER_LEN]; unsigned char nt_world_bl_hash_buf[HASH_DER_LEN]; @@ -48,7 +49,9 @@ AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID); auth_param_type_desc_t tb_fw_config_hash = AUTH_PARAM_TYPE_DESC( AUTH_PARAM_HASH, TRUSTED_BOOT_FW_CONFIG_HASH_OID); -auth_param_type_desc_t hw_config_hash = AUTH_PARAM_TYPE_DESC( +auth_param_type_desc_t fw_config_hash = AUTH_PARAM_TYPE_DESC( + AUTH_PARAM_HASH, FW_CONFIG_HASH_OID); +static auth_param_type_desc_t hw_config_hash = AUTH_PARAM_TYPE_DESC( AUTH_PARAM_HASH, HW_CONFIG_HASH_OID); /* trusted_boot_fw_cert */ @@ -95,6 +98,13 @@ .ptr = (void *)hw_config_hash_buf, .len = (unsigned int)HASH_DER_LEN } + }, + [3] = { + .type_desc = &fw_config_hash, + .data = { + .ptr = (void *)fw_config_hash_buf, + .len = (unsigned int)HASH_DER_LEN + } } } }; diff --git a/include/drivers/arm/css/css_scp.h b/include/drivers/arm/css/css_scp.h index f3c08c5..2b506ea 100644 --- a/include/drivers/arm/css/css_scp.h +++ b/include/drivers/arm/css/css_scp.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -40,13 +40,13 @@ /* * All CSS platforms load SCP_BL2/SCP_BL2U just below BL2 (this is where BL31 * usually resides except when ARM_BL31_IN_DRAM is - * set). Ensure that SCP_BL2/SCP_BL2U do not overflow into tb_fw_config. + * set). Ensure that SCP_BL2/SCP_BL2U do not overflow into fw_config. */ CASSERT(SCP_BL2_LIMIT <= BL2_BASE, assert_scp_bl2_overwrite_bl2); CASSERT(SCP_BL2U_LIMIT <= BL2_BASE, assert_scp_bl2u_overwrite_bl2); -CASSERT(SCP_BL2_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_scp_bl2_overflow); -CASSERT(SCP_BL2U_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_scp_bl2u_overflow); +CASSERT(SCP_BL2_BASE >= ARM_FW_CONFIG_LIMIT, assert_scp_bl2_overflow); +CASSERT(SCP_BL2U_BASE >= ARM_FW_CONFIG_LIMIT, assert_scp_bl2u_overflow); #endif #endif /* CSS_SCP_H */ diff --git a/include/drivers/auth/tbbr_cot_common.h b/include/drivers/auth/tbbr_cot_common.h index 0ea5f65..a51faee 100644 --- a/include/drivers/auth/tbbr_cot_common.h +++ b/include/drivers/auth/tbbr_cot_common.h @@ -10,8 +10,6 @@ #include extern unsigned char tb_fw_hash_buf[HASH_DER_LEN]; -extern unsigned char tb_fw_config_hash_buf[HASH_DER_LEN]; -extern unsigned char hw_config_hash_buf[HASH_DER_LEN]; extern unsigned char scp_fw_hash_buf[HASH_DER_LEN]; extern unsigned char nt_world_bl_hash_buf[HASH_DER_LEN]; @@ -23,7 +21,7 @@ extern auth_param_type_desc_t tb_fw_hash; extern auth_param_type_desc_t tb_fw_config_hash; -extern auth_param_type_desc_t hw_config_hash; +extern auth_param_type_desc_t fw_config_hash; extern const auth_img_desc_t trusted_boot_fw_cert; extern const auth_img_desc_t hw_config; diff --git a/include/export/common/tbbr/tbbr_img_def_exp.h b/include/export/common/tbbr/tbbr_img_def_exp.h index a98c1b4..18f0125 100644 --- a/include/export/common/tbbr/tbbr_img_def_exp.h +++ b/include/export/common/tbbr/tbbr_img_def_exp.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2019-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -88,7 +88,10 @@ /* Encrypted image identifier */ #define ENC_IMAGE_ID U(30) +/* FW_CONFIG */ +#define FW_CONFIG_ID U(31) + /* Max Images */ -#define MAX_IMAGE_IDS U(31) +#define MAX_IMAGE_IDS U(32) #endif /* ARM_TRUSTED_FIRMWARE_EXPORT_COMMON_TBBR_TBBR_IMG_DEF_EXP_H */ diff --git a/include/lib/fconf/fconf.h b/include/lib/fconf/fconf.h index 09d2b59..917e053 100644 --- a/include/lib/fconf/fconf.h +++ b/include/lib/fconf/fconf.h @@ -43,8 +43,8 @@ int (*populate)(uintptr_t config); }; -/* Load firmware configuration dtb */ -void fconf_load_config(void); +/* This function supports to load tb_fw_config and fw_config dtb */ +int fconf_load_config(unsigned int image_id); /* Top level populate function * diff --git a/include/lib/fconf/fconf_dyn_cfg_getter.h b/include/lib/fconf/fconf_dyn_cfg_getter.h index 0fda8c9..9816d6f 100644 --- a/include/lib/fconf/fconf_dyn_cfg_getter.h +++ b/include/lib/fconf/fconf_dyn_cfg_getter.h @@ -21,4 +21,7 @@ struct dyn_cfg_dtb_info_t *dyn_cfg_dtb_info_getter(unsigned int config_id); int fconf_populate_dtb_registry(uintptr_t config); +/* Set fw_config information in global DTB array */ +void set_fw_config_info(uintptr_t config_addr, uint32_t config_max_size); + #endif /* FCONF_DYN_CFG_GETTER_H */ diff --git a/include/plat/arm/common/arm_def.h b/include/plat/arm/common/arm_def.h index 89f7c61..5c11e5f 100644 --- a/include/plat/arm/common/arm_def.h +++ b/include/plat/arm/common/arm_def.h @@ -346,24 +346,24 @@ #define CACHE_WRITEBACK_GRANULE (U(1) << ARM_CACHE_WRITEBACK_SHIFT) /* - * To enable TB_FW_CONFIG to be loaded by BL1, define the corresponding base + * To enable FW_CONFIG to be loaded by BL1, define the corresponding base * and limit. Leave enough space of BL2 meminfo. */ -#define ARM_TB_FW_CONFIG_BASE (ARM_BL_RAM_BASE + sizeof(meminfo_t)) -#define ARM_TB_FW_CONFIG_LIMIT (ARM_BL_RAM_BASE + (PAGE_SIZE / 2U)) +#define ARM_FW_CONFIG_BASE (ARM_BL_RAM_BASE + sizeof(meminfo_t)) +#define ARM_FW_CONFIG_LIMIT (ARM_BL_RAM_BASE + PAGE_SIZE) /* * Boot parameters passed from BL2 to BL31/BL32 are stored here */ -#define ARM_BL2_MEM_DESC_BASE ARM_TB_FW_CONFIG_LIMIT +#define ARM_BL2_MEM_DESC_BASE ARM_FW_CONFIG_LIMIT #define ARM_BL2_MEM_DESC_LIMIT (ARM_BL2_MEM_DESC_BASE + \ (PAGE_SIZE / 2U)) /* * Define limit of firmware configuration memory: - * ARM_TB_FW_CONFIG + ARM_BL2_MEM_DESC memory + * ARM_FW_CONFIG + ARM_BL2_MEM_DESC memory */ -#define ARM_FW_CONFIG_LIMIT (ARM_BL_RAM_BASE + PAGE_SIZE) +#define ARM_FW_CONFIGS_LIMIT (ARM_BL_RAM_BASE + (PAGE_SIZE * 2)) /******************************************************************************* * BL1 specific defines. @@ -461,7 +461,7 @@ * SP_MIN is the only BL image in SRAM. Allocate the whole of SRAM (excluding * the page reserved for fw_configs) to BL32 */ -# define BL32_BASE ARM_FW_CONFIG_LIMIT +# define BL32_BASE ARM_FW_CONFIGS_LIMIT # define BL32_LIMIT (ARM_BL_RAM_BASE + ARM_BL_RAM_SIZE) # else /* Put BL32 below BL2 in the Trusted SRAM.*/ @@ -505,7 +505,7 @@ # define TSP_SEC_MEM_BASE ARM_BL_RAM_BASE # define TSP_SEC_MEM_SIZE ARM_BL_RAM_SIZE # define TSP_PROGBITS_LIMIT BL31_BASE -# define BL32_BASE ARM_FW_CONFIG_LIMIT +# define BL32_BASE ARM_FW_CONFIGS_LIMIT # define BL32_LIMIT BL31_BASE # elif ARM_TSP_RAM_LOCATION_ID == ARM_TRUSTED_DRAM_ID # define TSP_SEC_MEM_BASE PLAT_ARM_TRUSTED_DRAM_BASE diff --git a/include/plat/arm/common/plat_arm.h b/include/plat/arm/common/plat_arm.h index 1b59795..3625530 100644 --- a/include/plat/arm/common/plat_arm.h +++ b/include/plat/arm/common/plat_arm.h @@ -190,7 +190,7 @@ void arm_bl1_plat_arch_setup(void); /* BL2 utility functions */ -void arm_bl2_early_platform_setup(uintptr_t tb_fw_config, struct meminfo *mem_layout); +void arm_bl2_early_platform_setup(uintptr_t fw_config, struct meminfo *mem_layout); void arm_bl2_platform_setup(void); void arm_bl2_plat_arch_setup(void); uint32_t arm_get_spsr_for_bl32_entry(void); diff --git a/include/tools_share/firmware_image_package.h b/include/tools_share/firmware_image_package.h index 75f3cc6..7342c0c 100644 --- a/include/tools_share/firmware_image_package.h +++ b/include/tools_share/firmware_image_package.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2014-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -77,6 +77,8 @@ {{0x26, 0x25, 0x7c, 0x1a}, {0xdb, 0xc6}, {0x7f, 0x47}, 0x8d, 0x96, {0xc4, 0xc4, 0xb0, 0x24, 0x80, 0x21} } #define UUID_NT_FW_CONFIG \ {{0x28, 0xda, 0x98, 0x15}, {0x93, 0xe8}, {0x7e, 0x44}, 0xac, 0x66, {0x1a, 0xaf, 0x80, 0x15, 0x50, 0xf9} } +#define UUID_FW_CONFIG \ + {{0x58, 0x07, 0xe1, 0x6a}, {0x84, 0x59}, {0x47, 0xbe}, 0x8e, 0xd5, {0x64, 0x8e, 0x8d, 0xdd, 0xab, 0x0e} } typedef struct fip_toc_header { uint32_t name; diff --git a/include/tools_share/tbbr_oid.h b/include/tools_share/tbbr_oid.h index 24a8f39..37d87d3 100644 --- a/include/tools_share/tbbr_oid.h +++ b/include/tools_share/tbbr_oid.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -43,6 +43,7 @@ #define TRUSTED_BOOT_FW_HASH_OID "1.3.6.1.4.1.4128.2100.201" #define TRUSTED_BOOT_FW_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.202" #define HW_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.203" +#define FW_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.204" /* * Trusted Key Certificate diff --git a/lib/debugfs/devfip.c b/lib/debugfs/devfip.c index 70ac3bc..b0ee39a 100644 --- a/lib/debugfs/devfip.c +++ b/lib/debugfs/devfip.c @@ -73,6 +73,7 @@ {"soc-fw.cfg", UUID_SOC_FW_CONFIG}, {"tos-fw.cfg", UUID_TOS_FW_CONFIG}, {"nt-fw.cfg", UUID_NT_FW_CONFIG}, + {"fw.cfg", UUID_FW_CONFIG}, {"rot-k.crt", UUID_ROT_KEY_CERT}, {"nt-k.crt", UUID_NON_TRUSTED_WORLD_KEY_CERT}, {"sip-sp.crt", UUID_SIP_SECURE_PARTITION_CONTENT_CERT} diff --git a/lib/fconf/fconf.c b/lib/fconf/fconf.c index a5ec143..bc4fa8e 100644 --- a/lib/fconf/fconf.c +++ b/lib/fconf/fconf.c @@ -9,48 +9,43 @@ #include #include #include +#include #include #include #include -struct fconf_dtb_info_t fconf_dtb_info; - -void fconf_load_config(void) +int fconf_load_config(unsigned int image_id) { int err; - /* fconf FW_CONFIG and TB_FW_CONFIG are currently the same DTB */ - image_info_t arm_tb_fw_info = { + const struct dyn_cfg_dtb_info_t *config_info; + + assert((image_id == FW_CONFIG_ID) || (image_id == TB_FW_CONFIG_ID)); + + image_info_t config_image_info = { .h.type = (uint8_t)PARAM_IMAGE_BINARY, .h.version = (uint8_t)VERSION_2, .h.size = (uint16_t)sizeof(image_info_t), - .h.attr = 0, - .image_base = ARM_TB_FW_CONFIG_BASE, - .image_max_size = (uint32_t) - (ARM_TB_FW_CONFIG_LIMIT - ARM_TB_FW_CONFIG_BASE) + .h.attr = 0 }; - VERBOSE("FCONF: Loading FW_CONFIG\n"); - err = load_auth_image(TB_FW_CONFIG_ID, &arm_tb_fw_info); + config_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, image_id); + assert(config_info != NULL); + + config_image_info.image_base = config_info->config_addr; + config_image_info.image_max_size = + (uint32_t)config_info->config_max_size; + + VERBOSE("FCONF: Loading config with image ID: %d\n", image_id); + err = load_auth_image(image_id, &config_image_info); if (err != 0) { - /* Return if FW_CONFIG is not loaded */ - VERBOSE("FW_CONFIG not loaded, continuing without it\n"); - return; + VERBOSE("Failed to load config %d\n", image_id); + return err; } - /* At this point we know that a DTB is indeed available */ - fconf_dtb_info.base_addr = arm_tb_fw_info.image_base; - fconf_dtb_info.size = (size_t)arm_tb_fw_info.image_size; + INFO("FCONF: Config file with image ID:%d loaded at address = 0x%lx\n", + image_id, config_image_info.image_base); -#if !BL2_AT_EL3 - image_desc_t *desc; - - /* The BL2 ep_info arg0 is modified to point to FW_CONFIG */ - desc = bl1_plat_get_image_desc(BL2_IMAGE_ID); - assert(desc != NULL); - desc->ep_info.args.arg0 = arm_tb_fw_info.image_base; -#endif - - INFO("FCONF: FW_CONFIG loaded at address = 0x%lx\n", arm_tb_fw_info.image_base); + return 0; } void fconf_populate(const char *config_type, uintptr_t config) @@ -81,7 +76,4 @@ } } } - - /* save local pointer to the config dtb */ - fconf_dtb_info.base_addr = config; } diff --git a/lib/fconf/fconf.mk b/lib/fconf/fconf.mk index c087102..b01dc6f 100644 --- a/lib/fconf/fconf.mk +++ b/lib/fconf/fconf.mk @@ -8,5 +8,5 @@ FCONF_SOURCES := lib/fconf/fconf.c FCONF_DYN_SOURCES := lib/fconf/fconf_dyn_cfg_getter.c -BL1_SOURCES += ${FCONF_SOURCES} +BL1_SOURCES += ${FCONF_SOURCES} ${FCONF_DYN_SOURCES} BL2_SOURCES += ${FCONF_SOURCES} ${FCONF_DYN_SOURCES} diff --git a/lib/fconf/fconf_dyn_cfg_getter.c b/lib/fconf/fconf_dyn_cfg_getter.c index 7b5bd6e..902c07d 100644 --- a/lib/fconf/fconf_dyn_cfg_getter.c +++ b/lib/fconf/fconf_dyn_cfg_getter.c @@ -12,12 +12,27 @@ #include #include -/* We currently use TB_FW, SOC_FW, TOS_FW, NS_fw and HW configs */ -#define MAX_DTB_INFO U(5) +/* We currently use FW, TB_FW, SOC_FW, TOS_FW, NS_fw and HW configs */ +#define MAX_DTB_INFO U(6) static struct dyn_cfg_dtb_info_t dtb_infos[MAX_DTB_INFO]; static OBJECT_POOL_ARRAY(dtb_info_pool, dtb_infos); +/* + * This function is used to alloc memory for fw config information from + * global pool and set fw configuration information. + * Specifically used by BL1 to set fw_config information in global array + */ +void set_fw_config_info(uintptr_t config_addr, uint32_t config_max_size) +{ + struct dyn_cfg_dtb_info_t *dtb_info; + + dtb_info = pool_alloc(&dtb_info_pool); + dtb_info->config_addr = config_addr; + dtb_info->config_max_size = config_max_size; + dtb_info->config_id = FW_CONFIG_ID; +} + struct dyn_cfg_dtb_info_t *dyn_cfg_dtb_info_getter(unsigned int config_id) { unsigned int index; @@ -48,6 +63,30 @@ /* As libfdt use void *, we can't avoid this cast */ const void *dtb = (void *)config; + /* + * Compile time assert if FW_CONFIG_ID is 0 which is more + * unlikely as 0 is a valid image id for FIP as per the current + * code but still to avoid code breakage in case of unlikely + * event when image ids gets changed. + */ + CASSERT(FW_CONFIG_ID != 0, assert_invalid_fw_config_id); + + /* + * In case of BL1, fw_config dtb information is already + * populated in global dtb_infos array by 'set_fw_config_info' + * function, Below check is present to avoid re-population of + * fw_config information. + * + * Other BLs, satisfy below check and populate fw_config information + * in global dtb_infos array. + */ + if (dtb_infos[0].config_id == 0) { + dtb_info = pool_alloc(&dtb_info_pool); + dtb_info->config_addr = config; + dtb_info->config_max_size = fdt_totalsize(dtb); + dtb_info->config_id = FW_CONFIG_ID; + } + /* Find the node offset point to "fconf,dyn_cfg-dtb_registry" compatible property */ const char *compatible_str = "fconf,dyn_cfg-dtb_registry"; node = fdt_node_offset_by_compatible(dtb, -1, compatible_str); @@ -98,4 +137,4 @@ return 0; } -FCONF_REGISTER_POPULATOR(TB_FW, dyn_cfg, fconf_populate_dtb_registry); +FCONF_REGISTER_POPULATOR(FW_CONFIG, dyn_cfg, fconf_populate_dtb_registry); diff --git a/plat/arm/board/a5ds/fdts/a5ds_fw_config.dts b/plat/arm/board/a5ds/fdts/a5ds_fw_config.dts index b9d9053..b9ff8bf 100644 --- a/plat/arm/board/a5ds/fdts/a5ds_fw_config.dts +++ b/plat/arm/board/a5ds/fdts/a5ds_fw_config.dts @@ -12,9 +12,8 @@ dtb-registry { compatible = "fconf,dyn_cfg-dtb_registry"; - /* tb_fw_config is temporarily contained in this dtb */ tb_fw-config { - load-address = <0x0 0x2001010>; + load-address = <0x0 0x2001300>; max-size = <0x200>; id = ; }; @@ -25,11 +24,4 @@ id = ; }; }; - - tb_fw-config { - compatible = "arm,tb_fw"; - - /* Disable authentication for development */ - disable_auth = <0x0>; - }; }; diff --git a/plat/arm/board/a5ds/fdts/a5ds_tb_fw_config.dts b/plat/arm/board/a5ds/fdts/a5ds_tb_fw_config.dts new file mode 100644 index 0000000..c66186f --- /dev/null +++ b/plat/arm/board/a5ds/fdts/a5ds_tb_fw_config.dts @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2020, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/dts-v1/; + +/ { + tb_fw-config { + compatible = "arm,tb_fw"; + + /* Disable authentication for development */ + disable_auth = <0x0>; + }; +}; diff --git a/plat/arm/board/a5ds/include/platform_def.h b/plat/arm/board/a5ds/include/platform_def.h index ab0ff58..0745316 100644 --- a/plat/arm/board/a5ds/include/platform_def.h +++ b/plat/arm/board/a5ds/include/platform_def.h @@ -188,11 +188,11 @@ #define CACHE_WRITEBACK_GRANULE (U(1) << ARM_CACHE_WRITEBACK_SHIFT) /* - * To enable TB_FW_CONFIG to be loaded by BL1, define the corresponding base + * To enable FW_CONFIG to be loaded by BL1, define the corresponding base * and limit. Leave enough space of BL2 meminfo. */ -#define ARM_TB_FW_CONFIG_BASE (ARM_BL_RAM_BASE + sizeof(meminfo_t)) -#define ARM_TB_FW_CONFIG_LIMIT (ARM_BL_RAM_BASE + PAGE_SIZE) +#define ARM_FW_CONFIG_BASE (ARM_BL_RAM_BASE + sizeof(meminfo_t)) +#define ARM_FW_CONFIG_LIMIT (ARM_BL_RAM_BASE + PAGE_SIZE) /******************************************************************************* * BL1 specific defines. @@ -220,7 +220,7 @@ #define BL2_LIMIT BL1_RW_BASE /* Put BL32 below BL2 in NS DRAM.*/ -#define ARM_BL2_MEM_DESC_BASE ARM_TB_FW_CONFIG_LIMIT +#define ARM_BL2_MEM_DESC_BASE ARM_FW_CONFIG_LIMIT #define BL32_BASE ((ARM_BL_RAM_BASE + ARM_BL_RAM_SIZE)\ - PLAT_ARM_MAX_BL32_SIZE) diff --git a/plat/arm/board/a5ds/platform.mk b/plat/arm/board/a5ds/platform.mk index 3a4d5e5..7693e46 100644 --- a/plat/arm/board/a5ds/platform.mk +++ b/plat/arm/board/a5ds/platform.mk @@ -72,10 +72,13 @@ # Add the FDT_SOURCES and options for Dynamic Config (only for Unix env) ifdef UNIX_MK -FVP_TB_FW_CONFIG := ${BUILD_PLAT}/fdts/a5ds_fw_config.dtb +FW_CONFIG := ${BUILD_PLAT}/fdts/a5ds_fw_config.dtb +TB_FW_CONFIG := ${BUILD_PLAT}/fdts/a5ds_tb_fw_config.dtb # Add the TB_FW_CONFIG to FIP and specify the same to certtool -$(eval $(call TOOL_ADD_PAYLOAD,${FVP_TB_FW_CONFIG},--tb-fw-config)) +$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config)) +# Add the FW_CONFIG to FIP and specify the same to certtool +$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config)) $(eval FVP_HW_CONFIG := ${BUILD_PLAT}/$(patsubst %.dts,%.dtb, \ fdts/$(notdir ${FVP_HW_CONFIG_DTS}))) @@ -83,6 +86,7 @@ $(eval $(call TOOL_ADD_PAYLOAD,${FVP_HW_CONFIG},--hw-config)) FDT_SOURCES += plat/arm/board/a5ds/fdts/a5ds_fw_config.dts \ + plat/arm/board/a5ds/fdts/a5ds_tb_fw_config.dts \ ${FVP_HW_CONFIG_DTS} endif diff --git a/plat/arm/board/corstone700/include/platform_def.h b/plat/arm/board/corstone700/include/platform_def.h index cc4dc3a..7799cec 100644 --- a/plat/arm/board/corstone700/include/platform_def.h +++ b/plat/arm/board/corstone700/include/platform_def.h @@ -83,11 +83,11 @@ #define ARM_CACHE_WRITEBACK_SHIFT 6 /* - * To enable TB_FW_CONFIG to be loaded by BL1, define the corresponding base + * To enable FW_CONFIG to be loaded by BL1, define the corresponding base * and limit. Leave enough space for BL2 meminfo. */ -#define ARM_TB_FW_CONFIG_BASE (ARM_BL_RAM_BASE + sizeof(meminfo_t)) -#define ARM_TB_FW_CONFIG_LIMIT (ARM_BL_RAM_BASE + (PAGE_SIZE / 2U)) +#define ARM_FW_CONFIG_BASE (ARM_BL_RAM_BASE + sizeof(meminfo_t)) +#define ARM_FW_CONFIG_LIMIT (ARM_BL_RAM_BASE + (PAGE_SIZE / 2U)) /* * The max number of regions like RO(code), coherent and data required by diff --git a/plat/arm/board/fvp/fdts/fvp_fw_config.dts b/plat/arm/board/fvp/fdts/fvp_fw_config.dts index 5f89284..605b70c 100644 --- a/plat/arm/board/fvp/fdts/fvp_fw_config.dts +++ b/plat/arm/board/fvp/fdts/fvp_fw_config.dts @@ -12,9 +12,8 @@ dtb-registry { compatible = "fconf,dyn_cfg-dtb_registry"; - /* tb_fw_config is temporarily contained on this dtb */ tb_fw-config { - load-address = <0x0 0x4001010>; + load-address = <0x0 0x4001300>; max-size = <0x200>; id = ; }; @@ -49,83 +48,4 @@ id = ; }; }; - - tb_fw-config { - compatible = "arm,tb_fw"; - - /* Disable authentication for development */ - disable_auth = <0x0>; - - /* - * The following two entries are placeholders for Mbed TLS - * heap information. The default values don't matter since - * they will be overwritten by BL1. - * In case of having shared Mbed TLS heap between BL1 and BL2, - * BL1 will populate these two properties with the respective - * info about the shared heap. This info will be available for - * BL2 in order to locate and re-use the heap. - */ - mbedtls_heap_addr = <0x0 0x0>; - mbedtls_heap_size = <0x0>; - -#if MEASURED_BOOT - /* BL2 image hash calculated by BL1 */ - bl2_hash_data = [ - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 -#if BL2_HASH_SIZE > 32 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 -#if BL2_HASH_SIZE > 48 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 -#endif /* > 48 */ -#endif /* > 32 */ - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00]; -#endif /* MEASURED_BOOT */ - }; - - /* - * Though TF-A is UUID RFC 4122 compliant meaning fields are stored in - * network order (big endian), UUID's mentioned in this file are are - * stored in machine order (little endian). - * This will be fixed in future. - */ -#if ARM_IO_IN_DTB - arm-io_policies { - fip-handles { - compatible = "arm,io-fip-handle"; - scp_bl2_uuid = <0x3dfd6697 0x49e8be89 0xa1785dae 0x13826040>; - bl31_uuid = <0x6d08d447 0x4698fe4c 0x5029959b 0x005abdcb>; - bl32_uuid = <0x89e1d005 0x4713dc53 0xa502b8d 0x383e7a4b>; - bl32_extra1_uuid = <0x9bc2700b 0x40785a2a 0x560a659f 0x88827382>; - bl32_extra2_uuid = <0xb17ba88e 0x4d3fa2cf 0xbbe7fd85 0xd92002a5>; - bl33_uuid = <0xa7eed0d6 0x4bd5eafc 0x34998297 0xe4b634f2>; - hw_cfg_uuid = <0xd9f1b808 0x4993cfc9 0xbc6f62a9 0xcc65726b>; - soc_fw_cfg_uuid = <0x4b817999 0x46fb7603 0x268d8e8c 0xe059787f>; - tos_fw_cfg_uuid = <0x1a7c2526 0x477fc6db 0xc4c4968d 0x218024b0>; - nt_fw_cfg_uuid = <0x1598da28 0x447ee893 0xaf1a66ac 0xf9501580>; - t_key_cert_uuid = <0x90e87e82 0x11e460f8 0x7a77b4a1 0x4cf9b421>; - scp_fw_key_uuid = <0xa1214202 0x11e460f8 0x3cf39b8d 0x14a0150e>; - soc_fw_key_uuid = <0xccbeb88a 0x11e460f9 0x48ebd09a 0xf8dcd822>; - tos_fw_key_cert_uuid = <0x3d67794 0x11e460fb 0x10b7dd85 0x4ee8c5b>; - nt_fw_key_cert_uuid = <0x2a83d58a 0x11e460fb 0x30dfaf8a 0x5998c4bb>; - scp_fw_content_cert_uuid = <0x046fbe44 0x11e4635e 0xd8738bb2 0x5696aeea>; - soc_fw_content_cert_uuid = <0x200cb2e2 0x11e4635e 0xccabe89c 0x66b62bf9>; - tos_fw_content_cert_uuid = <0x11449fa4 0x11e4635e 0x53f2887 0x3df32a72>; - nt_fw_content_cert_uuid = <0xf3c1c48e 0x11e4635d 0xee87a9a7 0xa73fb240>; - sp_content_cert_uuid = <0x44fd6d77 0x3b4c9786 0x3ec1eb91 0x6f2a5a02>; - }; - }; -#endif /* ARM_IO_IN_DTB */ - - secure-partitions { - compatible = "arm,sp"; - cactus-primary { - uuid = <0x1e67b5b4 0xe14f904a 0x13fb1fb8 0xcbdae1da>; - load-address = <0x7000000>; - }; - - cactus-secondary { - uuid = <0x092358d1 0xb94723f0 0x64447c82 0xc88f57f5>; - load-address = <0x7100000>; - }; - }; }; diff --git a/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts b/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts new file mode 100644 index 0000000..9cffad3 --- /dev/null +++ b/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts @@ -0,0 +1,88 @@ +/* + * Copyright (c) 2020, ARM Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/dts-v1/; + +/ { + tb_fw-config { + compatible = "arm,tb_fw"; + + /* Disable authentication for development */ + disable_auth = <0x0>; + + /* + * The following two entries are placeholders for Mbed TLS + * heap information. The default values don't matter since + * they will be overwritten by BL1. + * In case of having shared Mbed TLS heap between BL1 and BL2, + * BL1 will populate these two properties with the respective + * info about the shared heap. This info will be available for + * BL2 in order to locate and re-use the heap. + */ + mbedtls_heap_addr = <0x0 0x0>; + mbedtls_heap_size = <0x0>; + +#if MEASURED_BOOT + /* BL2 image hash calculated by BL1 */ + bl2_hash_data = [ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +#if BL2_HASH_SIZE > 32 + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +#if BL2_HASH_SIZE > 48 + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +#endif /* > 48 */ +#endif /* > 32 */ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00]; +#endif /* MEASURED_BOOT */ + }; + + /* + * Though TF-A is UUID RFC 4122 compliant meaning fields are stored in + * network order (big endian), UUID's mentioned in this file are are + * stored in machine order (little endian). + * This will be fixed in future. + */ +#if ARM_IO_IN_DTB + arm-io_policies { + fip-handles { + compatible = "arm,io-fip-handle"; + scp_bl2_uuid = <0x3dfd6697 0x49e8be89 0xa1785dae 0x13826040>; + bl31_uuid = <0x6d08d447 0x4698fe4c 0x5029959b 0x005abdcb>; + bl32_uuid = <0x89e1d005 0x4713dc53 0xa502b8d 0x383e7a4b>; + bl32_extra1_uuid = <0x9bc2700b 0x40785a2a 0x560a659f 0x88827382>; + bl32_extra2_uuid = <0xb17ba88e 0x4d3fa2cf 0xbbe7fd85 0xd92002a5>; + bl33_uuid = <0xa7eed0d6 0x4bd5eafc 0x34998297 0xe4b634f2>; + hw_cfg_uuid = <0xd9f1b808 0x4993cfc9 0xbc6f62a9 0xcc65726b>; + soc_fw_cfg_uuid = <0x4b817999 0x46fb7603 0x268d8e8c 0xe059787f>; + tos_fw_cfg_uuid = <0x1a7c2526 0x477fc6db 0xc4c4968d 0x218024b0>; + nt_fw_cfg_uuid = <0x1598da28 0x447ee893 0xaf1a66ac 0xf9501580>; + t_key_cert_uuid = <0x90e87e82 0x11e460f8 0x7a77b4a1 0x4cf9b421>; + scp_fw_key_uuid = <0xa1214202 0x11e460f8 0x3cf39b8d 0x14a0150e>; + soc_fw_key_uuid = <0xccbeb88a 0x11e460f9 0x48ebd09a 0xf8dcd822>; + tos_fw_key_cert_uuid = <0x3d67794 0x11e460fb 0x10b7dd85 0x4ee8c5b>; + nt_fw_key_cert_uuid = <0x2a83d58a 0x11e460fb 0x30dfaf8a 0x5998c4bb>; + scp_fw_content_cert_uuid = <0x046fbe44 0x11e4635e 0xd8738bb2 0x5696aeea>; + soc_fw_content_cert_uuid = <0x200cb2e2 0x11e4635e 0xccabe89c 0x66b62bf9>; + tos_fw_content_cert_uuid = <0x11449fa4 0x11e4635e 0x53f2887 0x3df32a72>; + nt_fw_content_cert_uuid = <0xf3c1c48e 0x11e4635d 0xee87a9a7 0xa73fb240>; + sp_content_cert_uuid = <0x44fd6d77 0x3b4c9786 0x3ec1eb91 0x6f2a5a02>; + }; + }; +#endif /* ARM_IO_IN_DTB */ + + secure-partitions { + compatible = "arm,sp"; + cactus-primary { + uuid = <0x1e67b5b4 0xe14f904a 0x13fb1fb8 0xcbdae1da>; + load-address = <0x7000000>; + }; + + cactus-secondary { + uuid = <0x092358d1 0xb94723f0 0x64447c82 0xc88f57f5>; + load-address = <0x7100000>; + }; + }; +}; diff --git a/plat/arm/board/fvp/include/platform_def.h b/plat/arm/board/fvp/include/platform_def.h index 62ede9a..7222c55 100644 --- a/plat/arm/board/fvp/include/platform_def.h +++ b/plat/arm/board/fvp/include/platform_def.h @@ -133,7 +133,7 @@ * calculated using the current BL31 PROGBITS debug size plus the sizes of * BL2 and BL1-RW */ -#define PLAT_ARM_MAX_BL31_SIZE UL(0x3E000) +#define PLAT_ARM_MAX_BL31_SIZE UL(0x3D000) #endif /* RESET_TO_BL31 */ #ifndef __aarch64__ diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk index 7d670ac..4925865 100644 --- a/plat/arm/board/fvp/platform.mk +++ b/plat/arm/board/fvp/platform.mk @@ -236,11 +236,13 @@ FVP_HW_CONFIG_DTS := fdts/${FVP_DT_PREFIX}.dts FDT_SOURCES += $(addprefix plat/arm/board/fvp/fdts/, \ ${PLAT}_fw_config.dts \ + ${PLAT}_tb_fw_config.dts \ ${PLAT}_soc_fw_config.dts \ ${PLAT}_nt_fw_config.dts \ ) -FVP_TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb +FVP_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb +FVP_TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb FVP_SOC_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_soc_fw_config.dtb FVP_NT_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_nt_fw_config.dtb @@ -260,6 +262,8 @@ $(eval $(call TOOL_ADD_PAYLOAD,${FVP_TOS_FW_CONFIG},--tos-fw-config)) endif +# Add the FW_CONFIG to FIP and specify the same to certtool +$(eval $(call TOOL_ADD_PAYLOAD,${FVP_FW_CONFIG},--fw-config)) # Add the TB_FW_CONFIG to FIP and specify the same to certtool $(eval $(call TOOL_ADD_PAYLOAD,${FVP_TB_FW_CONFIG},--tb-fw-config)) # Add the SOC_FW_CONFIG to FIP and specify the same to certtool diff --git a/plat/arm/board/fvp_ve/fdts/fvp_ve_fw_config.dts b/plat/arm/board/fvp_ve/fdts/fvp_ve_fw_config.dts index d4f98d9..6e5691b 100644 --- a/plat/arm/board/fvp_ve/fdts/fvp_ve_fw_config.dts +++ b/plat/arm/board/fvp_ve/fdts/fvp_ve_fw_config.dts @@ -12,9 +12,8 @@ dtb-registry { compatible = "fconf,dyn_cfg-dtb_registry"; - /* tb_fw_config is temporarily contained on this dtb */ tb_fw-config { - load-address = <0x0 0x80001010>; + load-address = <0x0 0x80001300>; max-size = <0x200>; id = ; }; @@ -25,11 +24,4 @@ id = ; }; }; - - tb_fw-config { - compatible = "arm,tb_fw"; - - /* Disable authentication for development */ - disable_auth = <0x0>; - }; }; diff --git a/plat/arm/board/fvp_ve/fdts/fvp_ve_tb_fw_config.dts b/plat/arm/board/fvp_ve/fdts/fvp_ve_tb_fw_config.dts new file mode 100644 index 0000000..c66186f --- /dev/null +++ b/plat/arm/board/fvp_ve/fdts/fvp_ve_tb_fw_config.dts @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2020, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/dts-v1/; + +/ { + tb_fw-config { + compatible = "arm,tb_fw"; + + /* Disable authentication for development */ + disable_auth = <0x0>; + }; +}; diff --git a/plat/arm/board/fvp_ve/include/platform_def.h b/plat/arm/board/fvp_ve/include/platform_def.h index 70a12ea..3591b4d 100644 --- a/plat/arm/board/fvp_ve/include/platform_def.h +++ b/plat/arm/board/fvp_ve/include/platform_def.h @@ -169,11 +169,11 @@ #define CACHE_WRITEBACK_GRANULE (U(1) << ARM_CACHE_WRITEBACK_SHIFT) /* - * To enable TB_FW_CONFIG to be loaded by BL1, define the corresponding base + * To enable FW_CONFIG to be loaded by BL1, define the corresponding base * and limit. Leave enough space of BL2 meminfo. */ -#define ARM_TB_FW_CONFIG_BASE (ARM_BL_RAM_BASE + sizeof(meminfo_t)) -#define ARM_TB_FW_CONFIG_LIMIT (ARM_BL_RAM_BASE + PAGE_SIZE) +#define ARM_FW_CONFIG_BASE (ARM_BL_RAM_BASE + sizeof(meminfo_t)) +#define ARM_FW_CONFIG_LIMIT (ARM_BL_RAM_BASE + PAGE_SIZE) /******************************************************************************* * BL1 specific defines. @@ -204,7 +204,7 @@ /* Put BL32 below BL2 in NS DRAM.*/ -#define ARM_BL2_MEM_DESC_BASE ARM_TB_FW_CONFIG_LIMIT +#define ARM_BL2_MEM_DESC_BASE ARM_FW_CONFIG_LIMIT #define BL32_BASE ((ARM_BL_RAM_BASE + ARM_BL_RAM_SIZE)\ - PLAT_ARM_MAX_BL32_SIZE) diff --git a/plat/arm/board/fvp_ve/platform.mk b/plat/arm/board/fvp_ve/platform.mk index 9ada86b..62981c5 100644 --- a/plat/arm/board/fvp_ve/platform.mk +++ b/plat/arm/board/fvp_ve/platform.mk @@ -74,10 +74,14 @@ # Add the FDT_SOURCES and options for Dynamic Config (only for Unix env) ifdef UNIX_MK -FDT_SOURCES += plat/arm/board/fvp_ve/fdts/fvp_ve_fw_config.dts +FDT_SOURCES += plat/arm/board/fvp_ve/fdts/fvp_ve_fw_config.dts \ + plat/arm/board/fvp_ve/fdts/fvp_ve_tb_fw_config.dts -FVP_TB_FW_CONFIG := ${BUILD_PLAT}/fdts/fvp_ve_fw_config.dtb +FVP_FW_CONFIG := ${BUILD_PLAT}/fdts/fvp_ve_fw_config.dtb +FVP_TB_FW_CONFIG := ${BUILD_PLAT}/fdts/fvp_ve_tb_fw_config.dtb +# Add the FW_CONFIG to FIP and specify the same to certtool +$(eval $(call TOOL_ADD_PAYLOAD,${FVP_FW_CONFIG},--fw-config)) # Add the TB_FW_CONFIG to FIP and specify the same to certtool $(eval $(call TOOL_ADD_PAYLOAD,${FVP_TB_FW_CONFIG},--tb-fw-config)) diff --git a/plat/arm/board/juno/fdts/juno_fw_config.dts b/plat/arm/board/juno/fdts/juno_fw_config.dts index 60ca60d..c0538f8 100644 --- a/plat/arm/board/juno/fdts/juno_fw_config.dts +++ b/plat/arm/board/juno/fdts/juno_fw_config.dts @@ -12,29 +12,10 @@ dtb-registry { compatible = "fconf,dyn_cfg-dtb_registry"; - /* tb_fw_config is temporarily contained on this dtb */ tb_fw-config { - load-address = <0x0 0x4001010>; + load-address = <0x0 0x4001300>; max-size = <0x200>; id = ; }; }; - - tb_fw-config { - /* Platform Config */ - compatible = "arm,tb_fw"; - /* Disable authentication for development */ - disable_auth = <0x0>; - /* - * The following two entries are placeholders for Mbed TLS - * heap information. The default values don't matter since - * they will be overwritten by BL1. - * In case of having shared Mbed TLS heap between BL1 and BL2, - * BL1 will populate these two properties with the respective - * info about the shared heap. This info will be available for - * BL2 in order to locate and re-use the heap. - */ - mbedtls_heap_addr = <0x0 0x0>; - mbedtls_heap_size = <0x0>; - }; }; diff --git a/plat/arm/board/juno/fdts/juno_tb_fw_config.dts b/plat/arm/board/juno/fdts/juno_tb_fw_config.dts new file mode 100644 index 0000000..80cfa3e --- /dev/null +++ b/plat/arm/board/juno/fdts/juno_tb_fw_config.dts @@ -0,0 +1,26 @@ +/* + * Copyright (c) 2020, ARM Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/dts-v1/; + +/ { + tb_fw-config { + compatible = "arm,tb_fw"; + /* Disable authentication for development */ + disable_auth = <0x0>; + /* + * The following two entries are placeholders for Mbed TLS + * heap information. The default values don't matter since + * they will be overwritten by BL1. + * In case of having shared Mbed TLS heap between BL1 and BL2, + * BL1 will populate these two properties with the respective + * info about the shared heap. This info will be available for + * BL2 in order to locate and re-use the heap. + */ + mbedtls_heap_addr = <0x0 0x0>; + mbedtls_heap_size = <0x0>; + }; +}; diff --git a/plat/arm/board/juno/include/platform_def.h b/plat/arm/board/juno/include/platform_def.h index 67802d4..91c3ae7 100644 --- a/plat/arm/board/juno/include/platform_def.h +++ b/plat/arm/board/juno/include/platform_def.h @@ -139,7 +139,7 @@ # define PLAT_ARM_MAX_BL2_SIZE (UL(0x1D000) - JUNO_BL2_ROMLIB_OPTIMIZATION) #endif #else -# define PLAT_ARM_MAX_BL2_SIZE (UL(0x11000) - JUNO_BL2_ROMLIB_OPTIMIZATION) +# define PLAT_ARM_MAX_BL2_SIZE (UL(0x13000) - JUNO_BL2_ROMLIB_OPTIMIZATION) #endif /* @@ -148,7 +148,7 @@ * BL2 and BL1-RW. SCP_BL2 image is loaded into the space BL31 -> BL2_BASE. * Hence the BL31 PROGBITS size should be >= PLAT_CSS_MAX_SCP_BL2_SIZE. */ -#define PLAT_ARM_MAX_BL31_SIZE UL(0x3E000) +#define PLAT_ARM_MAX_BL31_SIZE UL(0x3D000) #if JUNO_AARCH32_EL3_RUNTIME /* @@ -157,7 +157,7 @@ * BL2 and BL1-RW. SCP_BL2 image is loaded into the space BL32 -> BL2_BASE. * Hence the BL32 PROGBITS size should be >= PLAT_CSS_MAX_SCP_BL2_SIZE. */ -#define PLAT_ARM_MAX_BL32_SIZE UL(0x3E000) +#define PLAT_ARM_MAX_BL32_SIZE UL(0x3D000) #endif /* @@ -254,7 +254,7 @@ * BL31 is loaded over the top. */ #define PLAT_CSS_MAX_SCP_BL2_SIZE \ - ((SCP_BL2_LIMIT - ARM_TB_FW_CONFIG_LIMIT) & ~PAGE_SIZE_MASK) + ((SCP_BL2_LIMIT - ARM_FW_CONFIG_LIMIT) & ~PAGE_SIZE_MASK) #define PLAT_CSS_MAX_SCP_BL2U_SIZE PLAT_CSS_MAX_SCP_BL2_SIZE diff --git a/plat/arm/board/juno/platform.mk b/plat/arm/board/juno/platform.mk index a871e81..8ca7f61 100644 --- a/plat/arm/board/juno/platform.mk +++ b/plat/arm/board/juno/platform.mk @@ -164,9 +164,14 @@ endif # Add the FDT_SOURCES and options for Dynamic Config -FDT_SOURCES += plat/arm/board/juno/fdts/${PLAT}_fw_config.dts -TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb +FDT_SOURCES += plat/arm/board/juno/fdts/${PLAT}_fw_config.dts \ + plat/arm/board/juno/fdts/${PLAT}_tb_fw_config.dts +FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb +TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb + +# Add the FW_CONFIG to FIP and specify the same to certtool +$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config)) # Add the TB_FW_CONFIG to FIP and specify the same to certtool $(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config)) diff --git a/plat/arm/board/rddaniel/fdts/rddaniel_fw_config.dts b/plat/arm/board/rddaniel/fdts/rddaniel_fw_config.dts index b9265ad..9c9cefe 100644 --- a/plat/arm/board/rddaniel/fdts/rddaniel_fw_config.dts +++ b/plat/arm/board/rddaniel/fdts/rddaniel_fw_config.dts @@ -12,9 +12,8 @@ dtb-registry { compatible = "fconf,dyn_cfg-dtb_registry"; - /* tb_fw_config is temporarily contained on this dtb */ tb_fw-config { - load-address = <0x0 0x4001010>; + load-address = <0x0 0x4001300>; max-size = <0x200>; id = ; }; @@ -25,23 +24,4 @@ id = ; }; }; - - tb_fw-config { - compatible = "arm,tb_fw"; - - /* Disable authentication for development */ - disable_auth = <0x0>; - - /* - * The following two entries are placeholders for Mbed TLS - * heap information. The default values don't matter since - * they will be overwritten by BL1. - * In case of having shared Mbed TLS heap between BL1 and BL2, - * BL1 will populate these two properties with the respective - * info about the shared heap. This info will be available for - * BL2 in order to locate and re-use the heap. - */ - mbedtls_heap_addr = <0x0 0x0>; - mbedtls_heap_size = <0x0>; - }; }; diff --git a/plat/arm/board/rddaniel/fdts/rddaniel_tb_fw_config.dts b/plat/arm/board/rddaniel/fdts/rddaniel_tb_fw_config.dts new file mode 100644 index 0000000..49eda27 --- /dev/null +++ b/plat/arm/board/rddaniel/fdts/rddaniel_tb_fw_config.dts @@ -0,0 +1,28 @@ +/* + * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/dts-v1/; + +/ { + tb_fw-config { + compatible = "arm,tb_fw"; + + /* Disable authentication for development */ + disable_auth = <0x0>; + + /* + * The following two entries are placeholders for Mbed TLS + * heap information. The default values don't matter since + * they will be overwritten by BL1. + * In case of having shared Mbed TLS heap between BL1 and BL2, + * BL1 will populate these two properties with the respective + * info about the shared heap. This info will be available for + * BL2 in order to locate and re-use the heap. + */ + mbedtls_heap_addr = <0x0 0x0>; + mbedtls_heap_size = <0x0>; + }; +}; diff --git a/plat/arm/board/rddaniel/platform.mk b/plat/arm/board/rddaniel/platform.mk index 94a3928..bdf20ca 100644 --- a/plat/arm/board/rddaniel/platform.mk +++ b/plat/arm/board/rddaniel/platform.mk @@ -33,9 +33,13 @@ plat/arm/common/arm_nor_psci_mem_protect.c # Add the FDT_SOURCES and options for Dynamic Config -FDT_SOURCES += ${RDDANIEL_BASE}/fdts/${PLAT}_fw_config.dts -TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb +FDT_SOURCES += ${RDDANIEL_BASE}/fdts/${PLAT}_fw_config.dts \ + ${RDDANIEL_BASE}/fdts/${PLAT}_tb_fw_config.dts +FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb +TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb +# Add the FW_CONFIG to FIP and specify the same to certtool +$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config)) # Add the TB_FW_CONFIG to FIP and specify the same to certtool $(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config)) diff --git a/plat/arm/board/rddanielxlr/fdts/rddanielxlr_fw_config.dts b/plat/arm/board/rddanielxlr/fdts/rddanielxlr_fw_config.dts index b9265ad..9c9cefe 100644 --- a/plat/arm/board/rddanielxlr/fdts/rddanielxlr_fw_config.dts +++ b/plat/arm/board/rddanielxlr/fdts/rddanielxlr_fw_config.dts @@ -12,9 +12,8 @@ dtb-registry { compatible = "fconf,dyn_cfg-dtb_registry"; - /* tb_fw_config is temporarily contained on this dtb */ tb_fw-config { - load-address = <0x0 0x4001010>; + load-address = <0x0 0x4001300>; max-size = <0x200>; id = ; }; @@ -25,23 +24,4 @@ id = ; }; }; - - tb_fw-config { - compatible = "arm,tb_fw"; - - /* Disable authentication for development */ - disable_auth = <0x0>; - - /* - * The following two entries are placeholders for Mbed TLS - * heap information. The default values don't matter since - * they will be overwritten by BL1. - * In case of having shared Mbed TLS heap between BL1 and BL2, - * BL1 will populate these two properties with the respective - * info about the shared heap. This info will be available for - * BL2 in order to locate and re-use the heap. - */ - mbedtls_heap_addr = <0x0 0x0>; - mbedtls_heap_size = <0x0>; - }; }; diff --git a/plat/arm/board/rddanielxlr/fdts/rddanielxlr_tb_fw_config.dts b/plat/arm/board/rddanielxlr/fdts/rddanielxlr_tb_fw_config.dts new file mode 100644 index 0000000..49eda27 --- /dev/null +++ b/plat/arm/board/rddanielxlr/fdts/rddanielxlr_tb_fw_config.dts @@ -0,0 +1,28 @@ +/* + * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/dts-v1/; + +/ { + tb_fw-config { + compatible = "arm,tb_fw"; + + /* Disable authentication for development */ + disable_auth = <0x0>; + + /* + * The following two entries are placeholders for Mbed TLS + * heap information. The default values don't matter since + * they will be overwritten by BL1. + * In case of having shared Mbed TLS heap between BL1 and BL2, + * BL1 will populate these two properties with the respective + * info about the shared heap. This info will be available for + * BL2 in order to locate and re-use the heap. + */ + mbedtls_heap_addr = <0x0 0x0>; + mbedtls_heap_size = <0x0>; + }; +}; diff --git a/plat/arm/board/rddanielxlr/platform.mk b/plat/arm/board/rddanielxlr/platform.mk index 36a0099..1482c81 100644 --- a/plat/arm/board/rddanielxlr/platform.mk +++ b/plat/arm/board/rddanielxlr/platform.mk @@ -36,9 +36,13 @@ BL31_CFLAGS += -DPLAT_XLAT_TABLES_DYNAMIC # Add the FDT_SOURCES and options for Dynamic Config -FDT_SOURCES += ${RDDANIELXLR_BASE}/fdts/${PLAT}_fw_config.dts -TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb +FDT_SOURCES += ${RDDANIELXLR_BASE}/fdts/${PLAT}_fw_config.dts \ + ${RDDANIELXLR_BASE}/fdts/${PLAT}_tb_fw_config.dts +FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb +TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb +# Add the FW_CONFIG to FIP and specify the same to certtool +$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config)) # Add the TB_FW_CONFIG to FIP and specify the same to certtool $(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config)) diff --git a/plat/arm/board/rde1edge/fdts/rde1edge_fw_config.dts b/plat/arm/board/rde1edge/fdts/rde1edge_fw_config.dts index 09b9867..69fb0d4 100644 --- a/plat/arm/board/rde1edge/fdts/rde1edge_fw_config.dts +++ b/plat/arm/board/rde1edge/fdts/rde1edge_fw_config.dts @@ -12,9 +12,8 @@ dtb-registry { compatible = "fconf,dyn_cfg-dtb_registry"; - /* tb_fw_config is temporarily contained on this dtb */ tb_fw-config { - load-address = <0x0 0x4001010>; + load-address = <0x0 0x4001300>; max-size = <0x200>; id = ; }; @@ -25,23 +24,4 @@ id = ; }; }; - - tb_fw-config { - compatible = "arm,tb_fw"; - - /* Disable authentication for development */ - disable_auth = <0x0>; - - /* - * The following two entries are placeholders for Mbed TLS - * heap information. The default values don't matter since - * they will be overwritten by BL1. - * In case of having shared Mbed TLS heap between BL1 and BL2, - * BL1 will populate these two properties with the respective - * info about the shared heap. This info will be available for - * BL2 in order to locate and re-use the heap. - */ - mbedtls_heap_addr = <0x0 0x0>; - mbedtls_heap_size = <0x0>; - }; }; diff --git a/plat/arm/board/rde1edge/fdts/rde1edge_tb_fw_config.dts b/plat/arm/board/rde1edge/fdts/rde1edge_tb_fw_config.dts new file mode 100644 index 0000000..dba91e5 --- /dev/null +++ b/plat/arm/board/rde1edge/fdts/rde1edge_tb_fw_config.dts @@ -0,0 +1,28 @@ +/* + * Copyright (c) 2020, ARM Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/dts-v1/; + +/ { + tb_fw-config { + compatible = "arm,tb_fw"; + + /* Disable authentication for development */ + disable_auth = <0x0>; + + /* + * The following two entries are placeholders for Mbed TLS + * heap information. The default values don't matter since + * they will be overwritten by BL1. + * In case of having shared Mbed TLS heap between BL1 and BL2, + * BL1 will populate these two properties with the respective + * info about the shared heap. This info will be available for + * BL2 in order to locate and re-use the heap. + */ + mbedtls_heap_addr = <0x0 0x0>; + mbedtls_heap_size = <0x0>; + }; +}; diff --git a/plat/arm/board/rde1edge/platform.mk b/plat/arm/board/rde1edge/platform.mk index 1a4dd17..e09afca 100644 --- a/plat/arm/board/rde1edge/platform.mk +++ b/plat/arm/board/rde1edge/platform.mk @@ -35,9 +35,13 @@ endif # Add the FDT_SOURCES and options for Dynamic Config -FDT_SOURCES += ${RDE1EDGE_BASE}/fdts/${PLAT}_fw_config.dts -TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb +FDT_SOURCES += ${RDE1EDGE_BASE}/fdts/${PLAT}_fw_config.dts \ + ${RDE1EDGE_BASE}/fdts/${PLAT}_tb_fw_config.dts +FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb +TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb +# Add the FW_CONFIG to FIP and specify the same to certtool +$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config)) # Add the TB_FW_CONFIG to FIP and specify the same to certtool $(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config)) diff --git a/plat/arm/board/rdn1edge/fdts/rdn1edge_fw_config.dts b/plat/arm/board/rdn1edge/fdts/rdn1edge_fw_config.dts index c9dee60..d3b7fba 100644 --- a/plat/arm/board/rdn1edge/fdts/rdn1edge_fw_config.dts +++ b/plat/arm/board/rdn1edge/fdts/rdn1edge_fw_config.dts @@ -11,9 +11,8 @@ dtb-registry { compatible = "fconf,dyn_cfg-dtb_registry"; - /* tb_fw_config is temporarily contained on this dtb */ tb_fw-config { - load-address = <0x0 0x4001010>; + load-address = <0x0 0x4001300>; max-size = <0x200>; id = ; }; @@ -24,24 +23,5 @@ id = ; }; }; - - tb_fw-config { - compatible = "arm,tb_fw"; - - /* Disable authentication for development */ - disable_auth = <0x0>; - - /* - * The following two entries are placeholders for Mbed TLS - * heap information. The default values don't matter since - * they will be overwritten by BL1. - * In case of having shared Mbed TLS heap between BL1 and BL2, - * BL1 will populate these two properties with the respective - * info about the shared heap. This info will be available for - * BL2 in order to locate and re-use the heap. - */ - mbedtls_heap_addr = <0x0 0x0>; - mbedtls_heap_size = <0x0>; - }; }; diff --git a/plat/arm/board/rdn1edge/fdts/rdn1edge_tb_fw_config.dts b/plat/arm/board/rdn1edge/fdts/rdn1edge_tb_fw_config.dts new file mode 100644 index 0000000..257ef4a --- /dev/null +++ b/plat/arm/board/rdn1edge/fdts/rdn1edge_tb_fw_config.dts @@ -0,0 +1,27 @@ +/* + * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/dts-v1/; +/ { + tb_fw-config { + compatible = "arm,tb_fw"; + + /* Disable authentication for development */ + disable_auth = <0x0>; + + /* + * The following two entries are placeholders for Mbed TLS + * heap information. The default values don't matter since + * they will be overwritten by BL1. + * In case of having shared Mbed TLS heap between BL1 and BL2, + * BL1 will populate these two properties with the respective + * info about the shared heap. This info will be available for + * BL2 in order to locate and re-use the heap. + */ + mbedtls_heap_addr = <0x0 0x0>; + mbedtls_heap_size = <0x0>; + }; +}; diff --git a/plat/arm/board/rdn1edge/platform.mk b/plat/arm/board/rdn1edge/platform.mk index e436542..3f0cc7f 100644 --- a/plat/arm/board/rdn1edge/platform.mk +++ b/plat/arm/board/rdn1edge/platform.mk @@ -41,9 +41,13 @@ BL31_CPPFLAGS += -DPLAT_XLAT_TABLES_DYNAMIC # Add the FDT_SOURCES and options for Dynamic Config -FDT_SOURCES += ${RDN1EDGE_BASE}/fdts/${PLAT}_fw_config.dts -TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb +FDT_SOURCES += ${RDN1EDGE_BASE}/fdts/${PLAT}_fw_config.dts \ + ${RDN1EDGE_BASE}/fdts/${PLAT}_tb_fw_config.dts +FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb +TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb +# Add the FW_CONFIG to FIP and specify the same to certtool +$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config)) # Add the TB_FW_CONFIG to FIP and specify the same to certtool $(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config)) diff --git a/plat/arm/board/sgi575/fdts/sgi575_fw_config.dts b/plat/arm/board/sgi575/fdts/sgi575_fw_config.dts index 94d0e39..84fc1ad 100644 --- a/plat/arm/board/sgi575/fdts/sgi575_fw_config.dts +++ b/plat/arm/board/sgi575/fdts/sgi575_fw_config.dts @@ -12,9 +12,8 @@ dtb-registry { compatible = "fconf,dyn_cfg-dtb_registry"; - /* tb_fw_config is temporarily contained on this dtb */ tb_fw-config { - load-address = <0x0 0x4001010>; + load-address = <0x0 0x4001300>; max-size = <0x200>; id = ; }; @@ -25,23 +24,4 @@ id = ; }; }; - - tb_fw-config { - compatible = "arm,tb_fw"; - - /* Disable authentication for development */ - disable_auth = <0x0>; - - /* - * The following two entries are placeholders for Mbed TLS - * heap information. The default values don't matter since - * they will be overwritten by BL1. - * In case of having shared Mbed TLS heap between BL1 and BL2, - * BL1 will populate these two properties with the respective - * info about the shared heap. This info will be available for - * BL2 in order to locate and re-use the heap. - */ - mbedtls_heap_addr = <0x0 0x0>; - mbedtls_heap_size = <0x0>; - }; }; diff --git a/plat/arm/board/sgi575/fdts/sgi575_tb_fw_config.dts b/plat/arm/board/sgi575/fdts/sgi575_tb_fw_config.dts new file mode 100644 index 0000000..49eda27 --- /dev/null +++ b/plat/arm/board/sgi575/fdts/sgi575_tb_fw_config.dts @@ -0,0 +1,28 @@ +/* + * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/dts-v1/; + +/ { + tb_fw-config { + compatible = "arm,tb_fw"; + + /* Disable authentication for development */ + disable_auth = <0x0>; + + /* + * The following two entries are placeholders for Mbed TLS + * heap information. The default values don't matter since + * they will be overwritten by BL1. + * In case of having shared Mbed TLS heap between BL1 and BL2, + * BL1 will populate these two properties with the respective + * info about the shared heap. This info will be available for + * BL2 in order to locate and re-use the heap. + */ + mbedtls_heap_addr = <0x0 0x0>; + mbedtls_heap_size = <0x0>; + }; +}; diff --git a/plat/arm/board/sgi575/platform.mk b/plat/arm/board/sgi575/platform.mk index d91f829..f5d547d 100644 --- a/plat/arm/board/sgi575/platform.mk +++ b/plat/arm/board/sgi575/platform.mk @@ -35,9 +35,14 @@ endif # Add the FDT_SOURCES and options for Dynamic Config -FDT_SOURCES += ${SGI575_BASE}/fdts/${PLAT}_fw_config.dts -TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb +FDT_SOURCES += ${SGI575_BASE}/fdts/${PLAT}_fw_config.dts \ + ${SGI575_BASE}/fdts/${PLAT}_tb_fw_config.dts +FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb +TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb + +# Add the FW_CONFIG to FIP and specify the same to certtool +$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config)) # Add the TB_FW_CONFIG to FIP and specify the same to certtool $(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config)) diff --git a/plat/arm/board/sgm775/fdts/sgm775_fw_config.dts b/plat/arm/board/sgm775/fdts/sgm775_fw_config.dts index c92c1d0..5d478e9 100644 --- a/plat/arm/board/sgm775/fdts/sgm775_fw_config.dts +++ b/plat/arm/board/sgm775/fdts/sgm775_fw_config.dts @@ -12,30 +12,10 @@ dtb-registry { compatible = "fconf,dyn_cfg-dtb_registry"; - /* tb_fw_config is temporarily contained on this dtb */ tb_fw-config { - load-address = <0x0 0x4001010>; + load-address = <0x0 0x4001300>; max-size = <0x200>; id = ; }; }; - - tb_fw-config { - compatible = "arm,tb_fw"; - - /* Disable authentication for development */ - disable_auth = <0x0>; - - /* - * The following two entries are placeholders for Mbed TLS - * heap information. The default values don't matter since - * they will be overwritten by BL1. - * In case of having shared Mbed TLS heap between BL1 and BL2, - * BL1 will populate these two properties with the respective - * info about the shared heap. This info will be available for - * BL2 in order to locate and re-use the heap. - */ - mbedtls_heap_addr = <0x0 0x0>; - mbedtls_heap_size = <0x0>; - }; }; diff --git a/plat/arm/board/sgm775/fdts/sgm775_tb_fw_config.dts b/plat/arm/board/sgm775/fdts/sgm775_tb_fw_config.dts new file mode 100644 index 0000000..49eda27 --- /dev/null +++ b/plat/arm/board/sgm775/fdts/sgm775_tb_fw_config.dts @@ -0,0 +1,28 @@ +/* + * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/dts-v1/; + +/ { + tb_fw-config { + compatible = "arm,tb_fw"; + + /* Disable authentication for development */ + disable_auth = <0x0>; + + /* + * The following two entries are placeholders for Mbed TLS + * heap information. The default values don't matter since + * they will be overwritten by BL1. + * In case of having shared Mbed TLS heap between BL1 and BL2, + * BL1 will populate these two properties with the respective + * info about the shared heap. This info will be available for + * BL2 in order to locate and re-use the heap. + */ + mbedtls_heap_addr = <0x0 0x0>; + mbedtls_heap_size = <0x0>; + }; +}; diff --git a/plat/arm/board/sgm775/platform.mk b/plat/arm/board/sgm775/platform.mk index 57edb92..26bc25d 100644 --- a/plat/arm/board/sgm775/platform.mk +++ b/plat/arm/board/sgm775/platform.mk @@ -9,9 +9,13 @@ SGM775_BASE= plat/arm/board/sgm775 # Add the FDT_SOURCES and options for Dynamic Config -FDT_SOURCES += ${SGM775_BASE}/fdts/${PLAT}_fw_config.dts -TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb +FDT_SOURCES += ${SGM775_BASE}/fdts/${PLAT}_fw_config.dts \ + ${SGM775_BASE}/fdts/${PLAT}_tb_fw_config.dts +FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb +TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb +# Add the FW_CONFIG to FIP and specify the same to certtool +$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config)) # Add the TB_FW_CONFIG to FIP and specify the same to certtool $(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config)) diff --git a/plat/arm/board/tc0/fdts/tc0_fw_config.dts b/plat/arm/board/tc0/fdts/tc0_fw_config.dts index 8458e08..381ce1f 100644 --- a/plat/arm/board/tc0/fdts/tc0_fw_config.dts +++ b/plat/arm/board/tc0/fdts/tc0_fw_config.dts @@ -12,9 +12,8 @@ dtb-registry { compatible = "fconf,dyn_cfg-dtb_registry"; - /* tb_fw_config is temporarily contained in this dtb */ tb_fw-config { - load-address = <0x0 0x4001010>; + load-address = <0x0 0x4001300>; max-size = <0x200>; id = ; }; @@ -25,22 +24,4 @@ id = ; }; }; - - tb_fw-config { - compatible = "arm,tb_fw"; - - /* Disable authentication for development */ - disable_auth = <0x0>; - /* - * The following two entries are placeholders for Mbed TLS - * heap information. The default values don't matter since - * they will be overwritten by BL1. - * In case of having shared Mbed TLS heap between BL1 and BL2, - * BL1 will populate these two properties with the respective - * info about the shared heap. This info will be available for - * BL2 in order to locate and re-use the heap. - */ - mbedtls_heap_addr = <0x0 0x0>; - mbedtls_heap_size = <0x0>; - }; }; diff --git a/plat/arm/board/tc0/fdts/tc0_tb_fw_config.dts b/plat/arm/board/tc0/fdts/tc0_tb_fw_config.dts new file mode 100644 index 0000000..2fd25d9 --- /dev/null +++ b/plat/arm/board/tc0/fdts/tc0_tb_fw_config.dts @@ -0,0 +1,27 @@ +/* + * Copyright (c) 2020, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/dts-v1/; + +/ { + tb_fw-config { + compatible = "arm,tb_fw"; + + /* Disable authentication for development */ + disable_auth = <0x0>; + /* + * The following two entries are placeholders for Mbed TLS + * heap information. The default values don't matter since + * they will be overwritten by BL1. + * In case of having shared Mbed TLS heap between BL1 and BL2, + * BL1 will populate these two properties with the respective + * info about the shared heap. This info will be available for + * BL2 in order to locate and re-use the heap. + */ + mbedtls_heap_addr = <0x0 0x0>; + mbedtls_heap_size = <0x0>; + }; +}; diff --git a/plat/arm/board/tc0/platform.mk b/plat/arm/board/tc0/platform.mk index 7f514cc..0bf18e4 100644 --- a/plat/arm/board/tc0/platform.mk +++ b/plat/arm/board/tc0/platform.mk @@ -73,9 +73,13 @@ plat/arm/common/arm_nor_psci_mem_protect.c # Add the FDT_SOURCES and options for Dynamic Config -FDT_SOURCES += ${TC0_BASE}/fdts/${PLAT}_fw_config.dts -TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb +FDT_SOURCES += ${TC0_BASE}/fdts/${PLAT}_fw_config.dts \ + ${TC0_BASE}/fdts/${PLAT}_tb_fw_config.dts +FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb +TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb +# Add the FW_CONFIG to FIP and specify the same to certtool +$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config)) # Add the TB_FW_CONFIG to FIP and specify the same to certtool $(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config)) diff --git a/plat/arm/common/arm_bl1_setup.c b/plat/arm/common/arm_bl1_setup.c index c2f49c2..6b630b9 100644 --- a/plat/arm/common/arm_bl1_setup.c +++ b/plat/arm/common/arm_bl1_setup.c @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include @@ -142,11 +143,58 @@ */ void arm_bl1_platform_setup(void) { + const struct dyn_cfg_dtb_info_t *fw_config_info; + image_desc_t *desc; + uint32_t fw_config_max_size; + int err = -1; + /* Initialise the IO layer and register platform IO devices */ plat_arm_io_setup(); - /* Load fw config */ - fconf_load_config(); + /* Check if we need FWU before further processing */ + err = plat_arm_bl1_fwu_needed(); + if (err) { + ERROR("Skip platform setup as FWU detected\n"); + return; + } + + /* Set global DTB info for fixed fw_config information */ + fw_config_max_size = ARM_FW_CONFIG_LIMIT - ARM_FW_CONFIG_BASE; + set_fw_config_info(ARM_FW_CONFIG_BASE, fw_config_max_size); + + /* Fill the device tree information struct with the info from the config dtb */ + err = fconf_load_config(FW_CONFIG_ID); + if (err < 0) { + ERROR("Loading of FW_CONFIG failed %d\n", err); + plat_error_handler(err); + } + + /* + * FW_CONFIG loaded successfully. If FW_CONFIG device tree parsing + * is successful then load TB_FW_CONFIG device tree. + */ + fw_config_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, FW_CONFIG_ID); + if (fw_config_info != NULL) { + err = fconf_populate_dtb_registry(fw_config_info->config_addr); + if (err < 0) { + ERROR("Parsing of FW_CONFIG failed %d\n", err); + plat_error_handler(err); + } + /* load TB_FW_CONFIG */ + err = fconf_load_config(TB_FW_CONFIG_ID); + if (err < 0) { + ERROR("Loading of TB_FW_CONFIG failed %d\n", err); + plat_error_handler(err); + } + } else { + ERROR("Invalid FW_CONFIG address\n"); + plat_error_handler(err); + } + + /* The BL2 ep_info arg0 is modified to point to FW_CONFIG */ + desc = bl1_plat_get_image_desc(BL2_IMAGE_ID); + assert(desc != NULL); + desc->ep_info.args.arg0 = fw_config_info->config_addr; #if TRUSTED_BOARD_BOOT /* Share the Mbed TLS heap info with other images */ diff --git a/plat/arm/common/arm_bl2_setup.c b/plat/arm/common/arm_bl2_setup.c index 6c3f64f..e4a4f87 100644 --- a/plat/arm/common/arm_bl2_setup.c +++ b/plat/arm/common/arm_bl2_setup.c @@ -15,6 +15,7 @@ #include #include #include +#include #ifdef SPD_opteed #include #endif @@ -26,10 +27,10 @@ static meminfo_t bl2_tzram_layout __aligned(CACHE_WRITEBACK_GRANULE); /* - * Check that BL2_BASE is above ARM_TB_FW_CONFIG_LIMIT. This reserved page is + * Check that BL2_BASE is above ARM_FW_CONFIG_LIMIT. This reserved page is * for `meminfo_t` data structure and fw_configs passed from BL1. */ -CASSERT(BL2_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_bl2_base_overflows); +CASSERT(BL2_BASE >= ARM_FW_CONFIG_LIMIT, assert_bl2_base_overflows); /* Weak definitions may be overridden in specific ARM standard platform */ #pragma weak bl2_early_platform_setup2 @@ -50,9 +51,10 @@ * in x0. This memory layout is sitting at the base of the free trusted SRAM. * Copy it to a safe location before its reclaimed by later BL2 functionality. ******************************************************************************/ -void arm_bl2_early_platform_setup(uintptr_t tb_fw_config, +void arm_bl2_early_platform_setup(uintptr_t fw_config, struct meminfo *mem_layout) { + const struct dyn_cfg_dtb_info_t *tb_fw_config_info; /* Initialize the console to provide early debug support */ arm_console_boot_init(); @@ -60,8 +62,14 @@ bl2_tzram_layout = *mem_layout; /* Fill the properties struct with the info from the config dtb */ - if (tb_fw_config != 0U) { - fconf_populate("TB_FW", tb_fw_config); + if (fw_config != 0U) { + fconf_populate("FW_CONFIG", fw_config); + } + + /* TB_FW_CONFIG was also loaded by BL1 */ + tb_fw_config_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, TB_FW_CONFIG_ID); + if (tb_fw_config_info != NULL) { + fconf_populate("TB_FW", tb_fw_config_info->config_addr); } /* Initialise the IO layer and register platform IO devices */ diff --git a/plat/arm/common/arm_bl31_setup.c b/plat/arm/common/arm_bl31_setup.c index 85535c1..ded8f89 100644 --- a/plat/arm/common/arm_bl31_setup.c +++ b/plat/arm/common/arm_bl31_setup.c @@ -28,10 +28,10 @@ #if !RESET_TO_BL31 /* - * Check that BL31_BASE is above ARM_TB_FW_CONFIG_LIMIT. The reserved page + * Check that BL31_BASE is above ARM_FW_CONFIG_LIMIT. The reserved page * is required for SOC_FW_CONFIG/TOS_FW_CONFIG passed from BL2. */ -CASSERT(BL31_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_bl31_base_overflows); +CASSERT(BL31_BASE >= ARM_FW_CONFIG_LIMIT, assert_bl31_base_overflows); #endif /* Weak definitions may be overridden in specific ARM standard platform */ diff --git a/plat/arm/common/arm_dyn_cfg.c b/plat/arm/common/arm_dyn_cfg.c index ffa2a64..a28e0cc 100644 --- a/plat/arm/common/arm_dyn_cfg.c +++ b/plat/arm/common/arm_dyn_cfg.c @@ -77,6 +77,7 @@ { int err; uintptr_t tb_fw_cfg_dtb; + const struct dyn_cfg_dtb_info_t *tb_fw_config_info; /* * If tb_fw_cfg_dtb==NULL then DTB is not present for the current @@ -91,8 +92,8 @@ * the default heap's address and size. */ - /* fconf FW_CONFIG and TB_FW_CONFIG are currently the same DTB */ - tb_fw_cfg_dtb = FCONF_GET_PROPERTY(fconf, dtb, base_addr); + tb_fw_config_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, TB_FW_CONFIG_ID); + tb_fw_cfg_dtb = tb_fw_config_info->config_addr; if ((tb_fw_cfg_dtb != 0UL) && (mbedtls_heap_addr != NULL)) { /* As libfdt use void *, we can't avoid this cast */ @@ -130,9 +131,10 @@ image_info_t image_info = image_desc->image_info; uintptr_t tb_fw_cfg_dtb; int err; + const struct dyn_cfg_dtb_info_t *tb_fw_config_info; - /* fconf FW_CONFIG and TB_FW_CONFIG are currently the same DTB */ - tb_fw_cfg_dtb = FCONF_GET_PROPERTY(fconf, dtb, base_addr); + tb_fw_config_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, TB_FW_CONFIG_ID); + tb_fw_cfg_dtb = tb_fw_config_info->config_addr; /* * If tb_fw_cfg_dtb==NULL then DTB is not present for the current @@ -170,8 +172,8 @@ /* * BL2 utility function to initialize dynamic configuration specified by - * TB_FW_CONFIG. Populate the bl_mem_params_node_t of other FW_CONFIGs if - * specified in TB_FW_CONFIG. + * FW_CONFIG. Populate the bl_mem_params_node_t of other FW_CONFIGs if + * specified in FW_CONFIG. */ void arm_bl2_dyn_cfg_init(void) { diff --git a/plat/arm/common/fconf/arm_fconf_io.c b/plat/arm/common/fconf/arm_fconf_io.c index 68cd9fb..48cc4fe 100644 --- a/plat/arm/common/fconf/arm_fconf_io.c +++ b/plat/arm/common/fconf/arm_fconf_io.c @@ -25,6 +25,7 @@ const io_uuid_spec_t arm_uuid_spec[MAX_NUMBER_IDS] = { [BL2_IMAGE_ID] = {UUID_TRUSTED_BOOT_FIRMWARE_BL2}, [TB_FW_CONFIG_ID] = {UUID_TB_FW_CONFIG}, + [FW_CONFIG_ID] = {UUID_FW_CONFIG}, #if !ARM_IO_IN_DTB [SCP_BL2_IMAGE_ID] = {UUID_SCP_FIRMWARE_SCP_BL2}, [BL31_IMAGE_ID] = {UUID_EL3_RUNTIME_FIRMWARE_BL31}, @@ -73,6 +74,11 @@ (uintptr_t)&arm_uuid_spec[TB_FW_CONFIG_ID], open_fip }, + [FW_CONFIG_ID] = { + &fip_dev_handle, + (uintptr_t)&arm_uuid_spec[FW_CONFIG_ID], + open_fip + }, #if !ARM_IO_IN_DTB [SCP_BL2_IMAGE_ID] = { &fip_dev_handle, diff --git a/plat/arm/common/sp_min/arm_sp_min_setup.c b/plat/arm/common/sp_min/arm_sp_min_setup.c index 2904ad9..6100b78 100644 --- a/plat/arm/common/sp_min/arm_sp_min_setup.c +++ b/plat/arm/common/sp_min/arm_sp_min_setup.c @@ -29,10 +29,10 @@ MT_MEMORY | MT_RW | MT_SECURE) /* - * Check that BL32_BASE is above ARM_TB_FW_CONFIG_LIMIT. The reserved page + * Check that BL32_BASE is above ARM_FW_CONFIG_LIMIT. The reserved page * is required for SOC_FW_CONFIG/TOS_FW_CONFIG passed from BL2. */ -CASSERT(BL32_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_bl32_base_overflows); +CASSERT(BL32_BASE >= ARM_FW_CONFIG_LIMIT, assert_bl32_base_overflows); /******************************************************************************* * Return a pointer to the 'entry_point_info' structure of the next image for the diff --git a/plat/arm/css/sgm/fdts/sgm_tb_fw_config.dts b/plat/arm/css/sgm/fdts/sgm_tb_fw_config.dts index d481018..e416540 100644 --- a/plat/arm/css/sgm/fdts/sgm_tb_fw_config.dts +++ b/plat/arm/css/sgm/fdts/sgm_tb_fw_config.dts @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ diff --git a/plat/arm/css/sgm/include/sgm_base_platform_def.h b/plat/arm/css/sgm/include/sgm_base_platform_def.h index 8be0b34..2d8e677 100644 --- a/plat/arm/css/sgm/include/sgm_base_platform_def.h +++ b/plat/arm/css/sgm/include/sgm_base_platform_def.h @@ -138,7 +138,7 @@ * BL31 is loaded over the top. */ #define PLAT_CSS_MAX_SCP_BL2_SIZE \ - ((SCP_BL2_LIMIT - ARM_TB_FW_CONFIG_LIMIT) & ~PAGE_SIZE_MASK) + ((SCP_BL2_LIMIT - ARM_FW_CONFIG_LIMIT) & ~PAGE_SIZE_MASK) #define PLAT_CSS_MAX_SCP_BL2U_SIZE PLAT_CSS_MAX_SCP_BL2_SIZE diff --git a/tools/cert_create/include/dualroot/cot.h b/tools/cert_create/include/dualroot/cot.h index 47e371f..1d959d4 100644 --- a/tools/cert_create/include/dualroot/cot.h +++ b/tools/cert_create/include/dualroot/cot.h @@ -32,6 +32,7 @@ TRUSTED_BOOT_FW_HASH_EXT, TRUSTED_BOOT_FW_CONFIG_HASH_EXT, HW_CONFIG_HASH_EXT, + FW_CONFIG_HASH_EXT, TRUSTED_WORLD_PK_EXT, SCP_FW_CONTENT_CERT_PK_EXT, SCP_FW_HASH_EXT, diff --git a/tools/cert_create/include/tbbr/tbb_ext.h b/tools/cert_create/include/tbbr/tbb_ext.h index 7ac97a5..692b2d4 100644 --- a/tools/cert_create/include/tbbr/tbb_ext.h +++ b/tools/cert_create/include/tbbr/tbb_ext.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -15,6 +15,7 @@ TRUSTED_BOOT_FW_HASH_EXT, TRUSTED_BOOT_FW_CONFIG_HASH_EXT, HW_CONFIG_HASH_EXT, + FW_CONFIG_HASH_EXT, TRUSTED_WORLD_PK_EXT, NON_TRUSTED_WORLD_PK_EXT, SCP_FW_CONTENT_CERT_PK_EXT, diff --git a/tools/cert_create/src/dualroot/cot.c b/tools/cert_create/src/dualroot/cot.c index 2965828..a12ea21 100644 --- a/tools/cert_create/src/dualroot/cot.c +++ b/tools/cert_create/src/dualroot/cot.c @@ -30,9 +30,10 @@ TRUSTED_FW_NVCOUNTER_EXT, TRUSTED_BOOT_FW_HASH_EXT, TRUSTED_BOOT_FW_CONFIG_HASH_EXT, - HW_CONFIG_HASH_EXT + HW_CONFIG_HASH_EXT, + FW_CONFIG_HASH_EXT }, - .num_ext = 4 + .num_ext = 5 }, [TRUSTED_KEY_CERT] = { @@ -239,6 +240,17 @@ .optional = 1 }, + [FW_CONFIG_HASH_EXT] = { + .oid = FW_CONFIG_HASH_OID, + .opt = "fw-config", + .help_msg = "Firmware Config file", + .sn = "FirmwareConfigHash", + .ln = "Firmware Config hash", + .asn1_type = V_ASN1_OCTET_STRING, + .type = EXT_TYPE_HASH, + .optional = 1 + }, + [TRUSTED_WORLD_PK_EXT] = { .oid = TRUSTED_WORLD_PK_OID, .sn = "TrustedWorldPublicKey", diff --git a/tools/cert_create/src/tbbr/tbb_cert.c b/tools/cert_create/src/tbbr/tbb_cert.c index b614e2e..f4fe63d 100644 --- a/tools/cert_create/src/tbbr/tbb_cert.c +++ b/tools/cert_create/src/tbbr/tbb_cert.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -28,9 +28,10 @@ TRUSTED_FW_NVCOUNTER_EXT, TRUSTED_BOOT_FW_HASH_EXT, TRUSTED_BOOT_FW_CONFIG_HASH_EXT, - HW_CONFIG_HASH_EXT + HW_CONFIG_HASH_EXT, + FW_CONFIG_HASH_EXT }, - .num_ext = 4 + .num_ext = 5 }, [TRUSTED_KEY_CERT] = { .id = TRUSTED_KEY_CERT, diff --git a/tools/cert_create/src/tbbr/tbb_ext.c b/tools/cert_create/src/tbbr/tbb_ext.c index 0068d3b..60bafb4 100644 --- a/tools/cert_create/src/tbbr/tbb_ext.c +++ b/tools/cert_create/src/tbbr/tbb_ext.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -69,6 +69,16 @@ .type = EXT_TYPE_HASH, .optional = 1 }, + [FW_CONFIG_HASH_EXT] = { + .oid = FW_CONFIG_HASH_OID, + .opt = "fw-config", + .help_msg = "Firmware Config file", + .sn = "FirmwareConfigHash", + .ln = "Firmware Config hash", + .asn1_type = V_ASN1_OCTET_STRING, + .type = EXT_TYPE_HASH, + .optional = 1 + }, [TRUSTED_WORLD_PK_EXT] = { .oid = TRUSTED_WORLD_PK_OID, .sn = "TrustedWorldPublicKey", diff --git a/tools/fiptool/tbbr_config.c b/tools/fiptool/tbbr_config.c index 1c5ef5f..bf721c1 100644 --- a/tools/fiptool/tbbr_config.c +++ b/tools/fiptool/tbbr_config.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2020, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -69,6 +69,11 @@ }, /* Dynamic Configs */ { + .name = "FW_CONFIG", + .uuid = UUID_FW_CONFIG, + .cmdline_name = "fw-config" + }, + { .name = "HW_CONFIG", .uuid = UUID_HW_CONFIG, .cmdline_name = "hw-config"