From 9b3f40ad092ff2633eefa7e8a4a713f71c9cb8cb Mon Sep 17 00:00:00 2001 From: Sumit Garg Date: Fri, 1 Sep 2017 13:55:01 +0530 Subject: [PATCH] armv8: sec_firmware: Add support for loadables in FIT Enable support for loadables in SEC firmware FIT image. Currently support is added for single loadable image. Brief description of implementation: Add two more address pointers (loadable_h, loadable_l) as arguments to sec_firmware_init() api. Create new api: sec_firmware_checks_copy_loadable() to check if loadables node is present in SEC firmware FIT image. If present, verify loadable image and copies it to secure DDR memory. Populate address pointers with secure DDR memory addresses where loadable is copied. Example use-case could be trusted OS (tee.bin) as loadables node in SEC firmware FIT image. Signed-off-by: Sumit Garg Reviewed-by: York Sun --- arch/arm/cpu/armv8/fsl-layerscape/ppa.c | 16 +++- arch/arm/cpu/armv8/sec_firmware.c | 92 ++++++++++++++++++++++- arch/arm/include/asm/armv8/sec_firmware.h | 4 +- 3 files changed, 104 insertions(+), 8 deletions(-) diff --git a/arch/arm/cpu/armv8/fsl-layerscape/ppa.c b/arch/arm/cpu/armv8/fsl-layerscape/ppa.c index bbf8bba112..cddcee964a 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/ppa.c +++ b/arch/arm/cpu/armv8/fsl-layerscape/ppa.c @@ -35,6 +35,7 @@ int ppa_init(void) unsigned int el = current_el(); void *ppa_fit_addr; u32 *boot_loc_ptr_l, *boot_loc_ptr_h; + u32 *loadable_l, *loadable_h; int ret; #ifdef CONFIG_CHAIN_OF_TRUST @@ -240,9 +241,9 @@ int ppa_init(void) PPA_KEY_HASH, &ppa_img_addr); if (ret != 0) - printf("PPA validation failed\n"); + printf("SEC firmware(s) validation failed\n"); else - printf("PPA validation Successful\n"); + printf("SEC firmware(s) validation Successful\n"); } #if defined(CONFIG_SYS_LS_PPA_FW_IN_MMC) || \ defined(CONFIG_SYS_LS_PPA_FW_IN_NAND) @@ -254,15 +255,24 @@ int ppa_init(void) struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR); boot_loc_ptr_l = &gur->bootlocptrl; boot_loc_ptr_h = &gur->bootlocptrh; + + /* Assign addresses to loadable ptrs */ + loadable_l = &gur->scratchrw[4]; + loadable_h = &gur->scratchrw[5]; #elif defined(CONFIG_FSL_LSCH2) struct ccsr_scfg __iomem *scfg = (void *)(CONFIG_SYS_FSL_SCFG_ADDR); boot_loc_ptr_l = &scfg->scratchrw[1]; boot_loc_ptr_h = &scfg->scratchrw[0]; + + /* Assign addresses to loadable ptrs */ + loadable_l = &scfg->scratchrw[2]; + loadable_h = &scfg->scratchrw[3]; #endif debug("fsl-ppa: boot_loc_ptr_l = 0x%p, boot_loc_ptr_h =0x%p\n", boot_loc_ptr_l, boot_loc_ptr_h); - ret = sec_firmware_init(ppa_fit_addr, boot_loc_ptr_l, boot_loc_ptr_h); + ret = sec_firmware_init(ppa_fit_addr, boot_loc_ptr_l, boot_loc_ptr_h, + loadable_l, loadable_h); #if defined(CONFIG_SYS_LS_PPA_FW_IN_MMC) || \ defined(CONFIG_SYS_LS_PPA_FW_IN_NAND) diff --git a/arch/arm/cpu/armv8/sec_firmware.c b/arch/arm/cpu/armv8/sec_firmware.c index 0e7483437a..927eae4f74 100644 --- a/arch/arm/cpu/armv8/sec_firmware.c +++ b/arch/arm/cpu/armv8/sec_firmware.c @@ -105,6 +105,74 @@ static int sec_firmware_parse_image(const void *sec_firmware_img, return 0; } +/* + * SEC Firmware FIT image parser to check if any loadable is + * present. If present, verify integrity of the loadable and + * copy loadable to address provided in (loadable_h, loadable_l). + * + * Returns 0 on success and a negative errno on error task fail. + */ +static int sec_firmware_check_copy_loadable(const void *sec_firmware_img, + u32 *loadable_l, u32 *loadable_h) +{ + phys_addr_t sec_firmware_loadable_addr = 0; + int conf_node_off, ld_node_off; + char *conf_node_name = NULL; + const void *data; + size_t size; + ulong load; + + conf_node_name = SEC_FIRMEWARE_FIT_CNF_NAME; + + conf_node_off = fit_conf_get_node(sec_firmware_img, conf_node_name); + if (conf_node_off < 0) { + printf("SEC Firmware: %s: no such config\n", conf_node_name); + return -ENOENT; + } + + ld_node_off = fit_conf_get_prop_node(sec_firmware_img, conf_node_off, + FIT_LOADABLE_PROP); + if (ld_node_off >= 0) { + printf("SEC Firmware: '%s' present in config\n", + FIT_LOADABLE_PROP); + + /* Verify secure firmware image */ + if (!(fit_image_verify(sec_firmware_img, ld_node_off))) { + printf("SEC Loadable: Bad loadable image (bad CRC)\n"); + return -EINVAL; + } + + if (fit_image_get_data(sec_firmware_img, ld_node_off, + &data, &size)) { + printf("SEC Loadable: Can't get subimage data/size"); + return -ENOENT; + } + + /* Get load address, treated as load offset to secure memory */ + if (fit_image_get_load(sec_firmware_img, ld_node_off, &load)) { + printf("SEC Loadable: Can't get subimage load"); + return -ENOENT; + } + + /* Compute load address for loadable in secure memory */ + sec_firmware_loadable_addr = (sec_firmware_addr - + gd->arch.tlb_size) + load; + + /* Copy loadable to secure memory and flush dcache */ + debug("%s copied to address 0x%p\n", + FIT_LOADABLE_PROP, (void *)sec_firmware_loadable_addr); + memcpy((void *)sec_firmware_loadable_addr, data, size); + flush_dcache_range(sec_firmware_loadable_addr, + sec_firmware_loadable_addr + size); + } + + /* Populate address ptrs for loadable image with loadbale addr */ + out_le32(loadable_l, (sec_firmware_loadable_addr & WORD_MASK)); + out_le32(loadable_h, (sec_firmware_loadable_addr >> WORD_SHIFT)); + + return 0; +} + static int sec_firmware_copy_image(const char *title, u64 image_addr, u32 image_size, u64 sec_firmware) { @@ -117,9 +185,11 @@ static int sec_firmware_copy_image(const char *title, /* * This function will parse the SEC Firmware image, and then load it - * to secure memory. + * to secure memory. Also load any loadable if present along with SEC + * Firmware image. */ -static int sec_firmware_load_image(const void *sec_firmware_img) +static int sec_firmware_load_image(const void *sec_firmware_img, + u32 *loadable_l, u32 *loadable_h) { const void *raw_image_addr; size_t raw_image_size = 0; @@ -172,6 +242,15 @@ static int sec_firmware_load_image(const void *sec_firmware_img) if (ret) goto out; + /* + * Check if any loadable are present along with firmware image, if + * present load them. + */ + ret = sec_firmware_check_copy_loadable(sec_firmware_img, loadable_l, + loadable_h); + if (ret) + goto out; + sec_firmware_addr |= SEC_FIRMWARE_LOADED; debug("SEC Firmware: Entry point: 0x%llx\n", sec_firmware_addr & SEC_FIRMWARE_ADDR_MASK); @@ -289,17 +368,22 @@ int sec_firmware_get_random(uint8_t *rand, int bytes) * @sec_firmware_img: the SEC Firmware image address * @eret_hold_l: the address to hold exception return address low * @eret_hold_h: the address to hold exception return address high + * @loadable_l: the address to hold loadable address low + * @loadable_h: the address to hold loadable address high */ int sec_firmware_init(const void *sec_firmware_img, u32 *eret_hold_l, - u32 *eret_hold_h) + u32 *eret_hold_h, + u32 *loadable_l, + u32 *loadable_h) { int ret; if (!sec_firmware_is_valid(sec_firmware_img)) return -EINVAL; - ret = sec_firmware_load_image(sec_firmware_img); + ret = sec_firmware_load_image(sec_firmware_img, loadable_l, + loadable_h); if (ret) { printf("SEC Firmware: Failed to load image\n"); return ret; diff --git a/arch/arm/include/asm/armv8/sec_firmware.h b/arch/arm/include/asm/armv8/sec_firmware.h index 6d42a7111f..2ba1847a2e 100644 --- a/arch/arm/include/asm/armv8/sec_firmware.h +++ b/arch/arm/include/asm/armv8/sec_firmware.h @@ -9,8 +9,10 @@ #define PSCI_INVALID_VER 0xffffffff #define SEC_JR3_OFFSET 0x40000 +#define WORD_MASK 0xffffffff +#define WORD_SHIFT 32 -int sec_firmware_init(const void *, u32 *, u32 *); +int sec_firmware_init(const void *, u32 *, u32 *, u32 *, u32 *); int _sec_firmware_entry(const void *, u32 *, u32 *); bool sec_firmware_is_valid(const void *); bool sec_firmware_support_hwrng(void); -- 2.25.1