diff --git a/Makefile b/Makefile index 547b584..11b0753 100644 --- a/Makefile +++ b/Makefile @@ -701,6 +701,7 @@ # Variables for use with sptool SPTOOLPATH ?= tools/sptool SPTOOL ?= ${SPTOOLPATH}/sptool${BIN_EXT} +SP_MK_GEN ?= ${SPTOOLPATH}/sp_mk_generator.py # Variables for use with ROMLIB ROMLIBPATH ?= lib/romlib @@ -889,11 +890,22 @@ $(eval $(call add_define,USE_ARM_LINK)) endif +# Generate and include sp_gen.mk if SPD is spmd and SP_LAYOUT_FILE is defined +ifdef SP_LAYOUT_FILE +ifeq (${SPD},spmd) + -include $(BUILD_PLAT)/sp_gen.mk + FIP_DEPS += sp + NEED_SP_PKG := yes +else + $(error "SP_LAYOUT_FILE will be used only if SPD=spmd") +endif +endif + ################################################################################ # Build targets ################################################################################ -.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip fwu_fip certtool dtbs memmap doc +.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip sp fwu_fip certtool dtbs memmap doc .SUFFIXES: all: msg_start @@ -971,6 +983,17 @@ $(eval $(call MAKE_DTBS,$(BUILD_PLAT)/fdts,$(FDT_SOURCES))) endif +# Add Secure Partition packages +ifeq (${NEED_SP_PKG},yes) +$(BUILD_PLAT)/sp_gen.mk: ${SP_MK_GEN} ${SP_LAYOUT_FILE} | ${BUILD_PLAT} + ${Q}${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT) +sp: $(SPTOOL) $(DTBS) $(BUILD_PLAT)/sp_gen.mk + ${Q}$(SPTOOL) $(SPTOOL_ARGS) + @${ECHO_BLANK_LINE} + @echo "Built SP Images successfully" + @${ECHO_BLANK_LINE} +endif + locate-checkpatch: ifndef CHECKPATCH $(error "Please set CHECKPATCH to point to the Linux checkpatch.pl file, eg: CHECKPATCH=../linux/scripts/checkpatch.pl") @@ -1132,6 +1155,7 @@ @echo " distclean Remove all build artifacts for all platforms" @echo " certtool Build the Certificate generation tool" @echo " fiptool Build the Firmware Image Package (FIP) creation tool" + @echo " sp Build the Secure Partition Packages" @echo " sptool Build the Secure Partition Package creation tool" @echo " dtbs Build the Device Tree Blobs (if required for the platform)" @echo " memmap Print the memory map of the built binaries" diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst index 8854a79..7ee34c9 100644 --- a/docs/getting_started/build-options.rst +++ b/docs/getting_started/build-options.rst @@ -522,6 +522,11 @@ - ``SPM_MM`` : Boolean option to enable the Management Mode (MM)-based Secure Partition Manager (SPM) implementation. The default value is ``0``. +- ``SP_LAYOUT_FILE``: Platform provided path to JSON file containing the + description of secure partitions. Build system will parse this file and + package all secure partition blobs in FIP. This file not necessarily be + part of TF-A tree. Only avaialbe when ``SPD=spmd``. + - ``SP_MIN_WITH_SECURE_FIQ``: Boolean flag to indicate the SP_MIN handles secure interrupts (caught through the FIQ line). Platforms can enable this directive if they need to handle such interruption. When enabled, diff --git a/tools/sptool/sp_mk_generator.py b/tools/sptool/sp_mk_generator.py new file mode 100755 index 0000000..6b6fa19 --- /dev/null +++ b/tools/sptool/sp_mk_generator.py @@ -0,0 +1,100 @@ +#!/usr/bin/python3 +# Copyright (c) 2020, Arm Limited. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause + +""" +This script is invoked by Make system and generates secure partition makefile. +It expects platform provided secure partition layout file which contains list +of Secure Partition Images and Partition manifests(PM). +Layout file can exist outside of TF-A tree and the paths of Image and PM files +must be relative to it. + +This script parses the layout file and generates a make file which updates +FDT_SOURCES, FIP_ARGS and SPTOOL_ARGS which are used in later build steps. +This script also gets SP "uuid" from parsing its PM and converting it to a +standard format. + +param1: Generated mk file "sp_gen.mk" +param2: "SP_LAYOUT_FILE", json file containing platform provided information +param3: plat out directory + +Generated "sp_gen.mk" file contains triplet of following information for each +Secure Partition entry + FDT_SOURCES += sp1.dts + SPTOOL_ARGS += -i sp1.bin:sp1.dtb -o sp1.pkg + FIP_ARGS += --blob uuid=XXXXX-XXX...,file=sp1.pkg + +A typical SP_LAYOUT_FILE file will look like +{ + "SP1" : { + "image": "sp1.bin", + "pm": "test/sp1.dts" + }, + + "SP2" : { + "image": "sp2.bin", + "pm": "test/sp2.dts" + } + + ... +} + +""" + +import getopt +import json +import os +import re +import sys +import uuid + +with open(sys.argv[2],'r') as in_file: + data = json.load(in_file) +json_file = os.path.abspath(sys.argv[2]) +json_dir = os.path.dirname(json_file) +gen_file = sys.argv[1] +out_dir = sys.argv[3][2:] +dtb_dir = out_dir + "/fdts/" +print(dtb_dir) + +with open(gen_file, 'w') as out_file: + for key in data.keys(): + + """ + Append FDT_SOURCES + """ + dts = os.path.join(json_dir, data[key]['pm']) + dtb = dtb_dir + os.path.basename(data[key]['pm'][:-1] + "b") + out_file.write("FDT_SOURCES += " + dts + "\n") + + """ + Update SPTOOL_ARGS + """ + dst = out_dir + "/" + key + ".pkg" + src = [ json_dir + "/" + data[key]['image'] , dtb ] + out_file.write("SPTOOL_ARGS += -i " + ":".join(src) + " -o " + dst + "\n") + + """ + Extract uuid from partition manifest + """ + pm_file = open(dts) + key = "uuid" + + for line in pm_file: + if key in line: + uuid_hex = re.findall(r'\<(.+?)\>', line)[0]; + + # PM has uuid in format 0xABC... 0x... 0x... 0x... + # Get rid of '0x' and spaces and convert to string of hex digits + uuid_hex = uuid_hex.replace('0x','').replace(' ','') + # make UUID from a string of hex digits + uuid_std = uuid.UUID(uuid_hex) + # convert UUID to a string of hex digits in standard form + uuid_std = str(uuid_std) + + """ + Append FIP_ARGS + """ + out_file.write("FIP_ARGS += --blob uuid=" + uuid_std + ",file=" + dst + "\n") + out_file.write("\n")