1 /*
2 * Copyright (c) 2019-2022, ARM Limited. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8
9 #include <common/debug.h>
10 #include <common/fdt_wrappers.h>
11 #include <drivers/io/io_storage.h>
12 #include <drivers/partition/partition.h>
13 #include <lib/object_pool.h>
14 #include <libfdt.h>
15 #include <tools_share/firmware_image_package.h>
16
17 #include <plat/arm/common/arm_fconf_getter.h>
18 #include <plat/arm/common/arm_fconf_io_storage.h>
19 #include <platform_def.h>
20
21 #if PSA_FWU_SUPPORT
22 /* metadata entry details */
23 static io_block_spec_t fwu_metadata_spec;
24 #endif /* PSA_FWU_SUPPORT */
25
26 io_block_spec_t fip_block_spec = {
27 /*
28 * This is fixed FIP address used by BL1, BL2 loads partition table
29 * to get FIP address.
30 */
31 #if ARM_GPT_SUPPORT
32 .offset = PLAT_ARM_FLASH_IMAGE_BASE + PLAT_ARM_FIP_OFFSET_IN_GPT,
33 #else
34 .offset = PLAT_ARM_FLASH_IMAGE_BASE,
35 #endif /* ARM_GPT_SUPPORT */
36 .length = PLAT_ARM_FLASH_IMAGE_MAX_SIZE
37 };
38
39 #if ARM_GPT_SUPPORT
40 static const io_block_spec_t gpt_spec = {
41 .offset = PLAT_ARM_FLASH_IMAGE_BASE,
42 /*
43 * PLAT_PARTITION_BLOCK_SIZE = 512
44 * PLAT_PARTITION_MAX_ENTRIES = 128
45 * each sector has 4 partition entries, and there are
46 * 2 reserved sectors i.e. protective MBR and primary
47 * GPT header hence length gets calculated as,
48 * length = 512 * (128/4 + 2)
49 */
50 .length = PLAT_PARTITION_BLOCK_SIZE *
51 (PLAT_PARTITION_MAX_ENTRIES / 4 + 2),
52 };
53 #endif /* ARM_GPT_SUPPORT */
54
55 const io_uuid_spec_t arm_uuid_spec[MAX_NUMBER_IDS] = {
56 [BL2_IMAGE_ID] = {UUID_TRUSTED_BOOT_FIRMWARE_BL2},
57 [TB_FW_CONFIG_ID] = {UUID_TB_FW_CONFIG},
58 [FW_CONFIG_ID] = {UUID_FW_CONFIG},
59 #if !ARM_IO_IN_DTB
60 [SCP_BL2_IMAGE_ID] = {UUID_SCP_FIRMWARE_SCP_BL2},
61 [BL31_IMAGE_ID] = {UUID_EL3_RUNTIME_FIRMWARE_BL31},
62 [BL32_IMAGE_ID] = {UUID_SECURE_PAYLOAD_BL32},
63 [BL32_EXTRA1_IMAGE_ID] = {UUID_SECURE_PAYLOAD_BL32_EXTRA1},
64 [BL32_EXTRA2_IMAGE_ID] = {UUID_SECURE_PAYLOAD_BL32_EXTRA2},
65 [BL33_IMAGE_ID] = {UUID_NON_TRUSTED_FIRMWARE_BL33},
66 [HW_CONFIG_ID] = {UUID_HW_CONFIG},
67 [SOC_FW_CONFIG_ID] = {UUID_SOC_FW_CONFIG},
68 [TOS_FW_CONFIG_ID] = {UUID_TOS_FW_CONFIG},
69 [NT_FW_CONFIG_ID] = {UUID_NT_FW_CONFIG},
70 [RMM_IMAGE_ID] = {UUID_REALM_MONITOR_MGMT_FIRMWARE},
71 #endif /* ARM_IO_IN_DTB */
72 #if TRUSTED_BOARD_BOOT
73 [TRUSTED_BOOT_FW_CERT_ID] = {UUID_TRUSTED_BOOT_FW_CERT},
74 #if !ARM_IO_IN_DTB
75 [CCA_CONTENT_CERT_ID] = {UUID_CCA_CONTENT_CERT},
76 [CORE_SWD_KEY_CERT_ID] = {UUID_CORE_SWD_KEY_CERT},
77 [PLAT_KEY_CERT_ID] = {UUID_PLAT_KEY_CERT},
78 [TRUSTED_KEY_CERT_ID] = {UUID_TRUSTED_KEY_CERT},
79 [SCP_FW_KEY_CERT_ID] = {UUID_SCP_FW_KEY_CERT},
80 [SOC_FW_KEY_CERT_ID] = {UUID_SOC_FW_KEY_CERT},
81 [TRUSTED_OS_FW_KEY_CERT_ID] = {UUID_TRUSTED_OS_FW_KEY_CERT},
82 [NON_TRUSTED_FW_KEY_CERT_ID] = {UUID_NON_TRUSTED_FW_KEY_CERT},
83 [SCP_FW_CONTENT_CERT_ID] = {UUID_SCP_FW_CONTENT_CERT},
84 [SOC_FW_CONTENT_CERT_ID] = {UUID_SOC_FW_CONTENT_CERT},
85 [TRUSTED_OS_FW_CONTENT_CERT_ID] = {UUID_TRUSTED_OS_FW_CONTENT_CERT},
86 [NON_TRUSTED_FW_CONTENT_CERT_ID] = {UUID_NON_TRUSTED_FW_CONTENT_CERT},
87 #if defined(SPD_spmd)
88 [SIP_SP_CONTENT_CERT_ID] = {UUID_SIP_SECURE_PARTITION_CONTENT_CERT},
89 [PLAT_SP_CONTENT_CERT_ID] = {UUID_PLAT_SECURE_PARTITION_CONTENT_CERT},
90 #endif
91 #endif /* ARM_IO_IN_DTB */
92 #endif /* TRUSTED_BOARD_BOOT */
93 };
94
95 /* By default, ARM platforms load images from the FIP */
96 struct plat_io_policy policies[MAX_NUMBER_IDS] = {
97 #if ARM_GPT_SUPPORT
98 [GPT_IMAGE_ID] = {
99 &memmap_dev_handle,
100 (uintptr_t)&gpt_spec,
101 open_memmap
102 },
103 #endif /* ARM_GPT_SUPPORT */
104 #if PSA_FWU_SUPPORT
105 [FWU_METADATA_IMAGE_ID] = {
106 &memmap_dev_handle,
107 /* filled runtime from partition information */
108 (uintptr_t)&fwu_metadata_spec,
109 open_memmap
110 },
111 [BKUP_FWU_METADATA_IMAGE_ID] = {
112 &memmap_dev_handle,
113 /* filled runtime from partition information */
114 (uintptr_t)&fwu_metadata_spec,
115 open_memmap
116 },
117 #endif /* PSA_FWU_SUPPORT */
118 [FIP_IMAGE_ID] = {
119 &memmap_dev_handle,
120 (uintptr_t)&fip_block_spec,
121 open_memmap
122 },
123 [BL2_IMAGE_ID] = {
124 &fip_dev_handle,
125 (uintptr_t)&arm_uuid_spec[BL2_IMAGE_ID],
126 open_fip
127 },
128 [TB_FW_CONFIG_ID] = {
129 &fip_dev_handle,
130 (uintptr_t)&arm_uuid_spec[TB_FW_CONFIG_ID],
131 open_fip
132 },
133 [FW_CONFIG_ID] = {
134 &fip_dev_handle,
135 (uintptr_t)&arm_uuid_spec[FW_CONFIG_ID],
136 open_fip
137 },
138 #if !ARM_IO_IN_DTB
139 [SCP_BL2_IMAGE_ID] = {
140 &fip_dev_handle,
141 (uintptr_t)&arm_uuid_spec[SCP_BL2_IMAGE_ID],
142 open_fip
143 },
144 [BL31_IMAGE_ID] = {
145 &fip_dev_handle,
146 (uintptr_t)&arm_uuid_spec[BL31_IMAGE_ID],
147 open_fip
148 },
149 [BL32_IMAGE_ID] = {
150 &fip_dev_handle,
151 (uintptr_t)&arm_uuid_spec[BL32_IMAGE_ID],
152 open_fip
153 },
154 [BL32_EXTRA1_IMAGE_ID] = {
155 &fip_dev_handle,
156 (uintptr_t)&arm_uuid_spec[BL32_EXTRA1_IMAGE_ID],
157 open_fip
158 },
159 [BL32_EXTRA2_IMAGE_ID] = {
160 &fip_dev_handle,
161 (uintptr_t)&arm_uuid_spec[BL32_EXTRA2_IMAGE_ID],
162 open_fip
163 },
164 [BL33_IMAGE_ID] = {
165 &fip_dev_handle,
166 (uintptr_t)&arm_uuid_spec[BL33_IMAGE_ID],
167 open_fip
168 },
169 [RMM_IMAGE_ID] = {
170 &fip_dev_handle,
171 (uintptr_t)&arm_uuid_spec[RMM_IMAGE_ID],
172 open_fip
173 },
174 [HW_CONFIG_ID] = {
175 &fip_dev_handle,
176 (uintptr_t)&arm_uuid_spec[HW_CONFIG_ID],
177 open_fip
178 },
179 [SOC_FW_CONFIG_ID] = {
180 &fip_dev_handle,
181 (uintptr_t)&arm_uuid_spec[SOC_FW_CONFIG_ID],
182 open_fip
183 },
184 [TOS_FW_CONFIG_ID] = {
185 &fip_dev_handle,
186 (uintptr_t)&arm_uuid_spec[TOS_FW_CONFIG_ID],
187 open_fip
188 },
189 [NT_FW_CONFIG_ID] = {
190 &fip_dev_handle,
191 (uintptr_t)&arm_uuid_spec[NT_FW_CONFIG_ID],
192 open_fip
193 },
194 #endif /* ARM_IO_IN_DTB */
195 #if TRUSTED_BOARD_BOOT
196 [TRUSTED_BOOT_FW_CERT_ID] = {
197 &fip_dev_handle,
198 (uintptr_t)&arm_uuid_spec[TRUSTED_BOOT_FW_CERT_ID],
199 open_fip
200 },
201 #if !ARM_IO_IN_DTB
202 [CCA_CONTENT_CERT_ID] = {
203 &fip_dev_handle,
204 (uintptr_t)&arm_uuid_spec[CCA_CONTENT_CERT_ID],
205 open_fip
206 },
207 [CORE_SWD_KEY_CERT_ID] = {
208 &fip_dev_handle,
209 (uintptr_t)&arm_uuid_spec[CORE_SWD_KEY_CERT_ID],
210 open_fip
211 },
212 [PLAT_KEY_CERT_ID] = {
213 &fip_dev_handle,
214 (uintptr_t)&arm_uuid_spec[PLAT_KEY_CERT_ID],
215 open_fip
216 },
217 [TRUSTED_KEY_CERT_ID] = {
218 &fip_dev_handle,
219 (uintptr_t)&arm_uuid_spec[TRUSTED_KEY_CERT_ID],
220 open_fip
221 },
222 [SCP_FW_KEY_CERT_ID] = {
223 &fip_dev_handle,
224 (uintptr_t)&arm_uuid_spec[SCP_FW_KEY_CERT_ID],
225 open_fip
226 },
227 [SOC_FW_KEY_CERT_ID] = {
228 &fip_dev_handle,
229 (uintptr_t)&arm_uuid_spec[SOC_FW_KEY_CERT_ID],
230 open_fip
231 },
232 [TRUSTED_OS_FW_KEY_CERT_ID] = {
233 &fip_dev_handle,
234 (uintptr_t)&arm_uuid_spec[TRUSTED_OS_FW_KEY_CERT_ID],
235 open_fip
236 },
237 [NON_TRUSTED_FW_KEY_CERT_ID] = {
238 &fip_dev_handle,
239 (uintptr_t)&arm_uuid_spec[NON_TRUSTED_FW_KEY_CERT_ID],
240 open_fip
241 },
242 [SCP_FW_CONTENT_CERT_ID] = {
243 &fip_dev_handle,
244 (uintptr_t)&arm_uuid_spec[SCP_FW_CONTENT_CERT_ID],
245 open_fip
246 },
247 [SOC_FW_CONTENT_CERT_ID] = {
248 &fip_dev_handle,
249 (uintptr_t)&arm_uuid_spec[SOC_FW_CONTENT_CERT_ID],
250 open_fip
251 },
252 [TRUSTED_OS_FW_CONTENT_CERT_ID] = {
253 &fip_dev_handle,
254 (uintptr_t)&arm_uuid_spec[TRUSTED_OS_FW_CONTENT_CERT_ID],
255 open_fip
256 },
257 [NON_TRUSTED_FW_CONTENT_CERT_ID] = {
258 &fip_dev_handle,
259 (uintptr_t)&arm_uuid_spec[NON_TRUSTED_FW_CONTENT_CERT_ID],
260 open_fip
261 },
262 #if defined(SPD_spmd)
263 [SIP_SP_CONTENT_CERT_ID] = {
264 &fip_dev_handle,
265 (uintptr_t)&arm_uuid_spec[SIP_SP_CONTENT_CERT_ID],
266 open_fip
267 },
268 [PLAT_SP_CONTENT_CERT_ID] = {
269 &fip_dev_handle,
270 (uintptr_t)&arm_uuid_spec[PLAT_SP_CONTENT_CERT_ID],
271 open_fip
272 },
273 #endif
274 #endif /* ARM_IO_IN_DTB */
275 #endif /* TRUSTED_BOARD_BOOT */
276 };
277
278 #ifdef IMAGE_BL2
279
280 #if TRUSTED_BOARD_BOOT
281 #define FCONF_ARM_IO_UUID_NUMBER U(24)
282 #else
283 #define FCONF_ARM_IO_UUID_NUMBER U(10)
284 #endif
285
286 static io_uuid_spec_t fconf_arm_uuids[FCONF_ARM_IO_UUID_NUMBER];
287 static OBJECT_POOL_ARRAY(fconf_arm_uuids_pool, fconf_arm_uuids);
288
289 struct policies_load_info {
290 unsigned int image_id;
291 const char *name;
292 };
293
294 /* image id to property name table */
295 static const struct policies_load_info load_info[FCONF_ARM_IO_UUID_NUMBER] = {
296 {SCP_BL2_IMAGE_ID, "scp_bl2_uuid"},
297 {BL31_IMAGE_ID, "bl31_uuid"},
298 {BL32_IMAGE_ID, "bl32_uuid"},
299 {BL32_EXTRA1_IMAGE_ID, "bl32_extra1_uuid"},
300 {BL32_EXTRA2_IMAGE_ID, "bl32_extra2_uuid"},
301 {BL33_IMAGE_ID, "bl33_uuid"},
302 {HW_CONFIG_ID, "hw_cfg_uuid"},
303 {SOC_FW_CONFIG_ID, "soc_fw_cfg_uuid"},
304 {TOS_FW_CONFIG_ID, "tos_fw_cfg_uuid"},
305 {NT_FW_CONFIG_ID, "nt_fw_cfg_uuid"},
306 #if TRUSTED_BOARD_BOOT
307 {CCA_CONTENT_CERT_ID, "cca_cert_uuid"},
308 {CORE_SWD_KEY_CERT_ID, "core_swd_cert_uuid"},
309 {PLAT_KEY_CERT_ID, "plat_cert_uuid"},
310 {TRUSTED_KEY_CERT_ID, "t_key_cert_uuid"},
311 {SCP_FW_KEY_CERT_ID, "scp_fw_key_uuid"},
312 {SOC_FW_KEY_CERT_ID, "soc_fw_key_uuid"},
313 {TRUSTED_OS_FW_KEY_CERT_ID, "tos_fw_key_cert_uuid"},
314 {NON_TRUSTED_FW_KEY_CERT_ID, "nt_fw_key_cert_uuid"},
315 {SCP_FW_CONTENT_CERT_ID, "scp_fw_content_cert_uuid"},
316 {SOC_FW_CONTENT_CERT_ID, "soc_fw_content_cert_uuid"},
317 {TRUSTED_OS_FW_CONTENT_CERT_ID, "tos_fw_content_cert_uuid"},
318 {NON_TRUSTED_FW_CONTENT_CERT_ID, "nt_fw_content_cert_uuid"},
319 #if defined(SPD_spmd)
320 {SIP_SP_CONTENT_CERT_ID, "sip_sp_content_cert_uuid"},
321 {PLAT_SP_CONTENT_CERT_ID, "plat_sp_content_cert_uuid"},
322 #endif
323 #endif /* TRUSTED_BOARD_BOOT */
324 };
325
fconf_populate_arm_io_policies(uintptr_t config)326 int fconf_populate_arm_io_policies(uintptr_t config)
327 {
328 int err, node;
329 unsigned int i;
330
331 union uuid_helper_t uuid_helper;
332 io_uuid_spec_t *uuid_ptr;
333
334 /* As libfdt uses void *, we can't avoid this cast */
335 const void *dtb = (void *)config;
336
337 /* Assert the node offset point to "arm,io-fip-handle" compatible property */
338 const char *compatible_str = "arm,io-fip-handle";
339 node = fdt_node_offset_by_compatible(dtb, -1, compatible_str);
340 if (node < 0) {
341 ERROR("FCONF: Can't find %s compatible in dtb\n", compatible_str);
342 return node;
343 }
344
345 /* Locate the uuid cells and read the value for all the load info uuid */
346 for (i = 0; i < FCONF_ARM_IO_UUID_NUMBER; i++) {
347 uuid_ptr = pool_alloc(&fconf_arm_uuids_pool);
348 err = fdtw_read_uuid(dtb, node, load_info[i].name, 16,
349 (uint8_t *)&uuid_helper);
350 if (err < 0) {
351 WARN("FCONF: Read cell failed for %s\n", load_info[i].name);
352 return err;
353 }
354
355 VERBOSE("FCONF: arm-io_policies.%s cell found with value = "
356 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n",
357 load_info[i].name,
358 uuid_helper.uuid_struct.time_low[0], uuid_helper.uuid_struct.time_low[1],
359 uuid_helper.uuid_struct.time_low[2], uuid_helper.uuid_struct.time_low[3],
360 uuid_helper.uuid_struct.time_mid[0], uuid_helper.uuid_struct.time_mid[1],
361 uuid_helper.uuid_struct.time_hi_and_version[0],
362 uuid_helper.uuid_struct.time_hi_and_version[1],
363 uuid_helper.uuid_struct.clock_seq_hi_and_reserved,
364 uuid_helper.uuid_struct.clock_seq_low,
365 uuid_helper.uuid_struct.node[0], uuid_helper.uuid_struct.node[1],
366 uuid_helper.uuid_struct.node[2], uuid_helper.uuid_struct.node[3],
367 uuid_helper.uuid_struct.node[4], uuid_helper.uuid_struct.node[5]);
368
369 uuid_ptr->uuid = uuid_helper.uuid_struct;
370 policies[load_info[i].image_id].image_spec = (uintptr_t)uuid_ptr;
371 policies[load_info[i].image_id].dev_handle = &fip_dev_handle;
372 policies[load_info[i].image_id].check = open_fip;
373 }
374 return 0;
375 }
376
377 #if ARM_IO_IN_DTB
378 FCONF_REGISTER_POPULATOR(TB_FW, arm_io, fconf_populate_arm_io_policies);
379 #endif /* ARM_IO_IN_DTB */
380
381 #endif /* IMAGE_BL2 */
382