Merge pull request #1386 from soby-mathew/sm/dyn_bl31

Extend dynamic configuration

plat/arm/common/arm_dyn_cfg_helpers.c

@@ -11,31 +11,57 @@
 #include <libfdt.h>
 #include <plat_arm.h>
 
+
+typedef struct config_load_info_prop {
+	unsigned int config_id;
+	const char *config_addr;
+	const char *config_max_size;
+} config_load_info_prop_t;
+
+static const config_load_info_prop_t prop_names[] = {
+	{HW_CONFIG_ID, "hw_config_addr", "hw_config_max_size"},
+	{SOC_FW_CONFIG_ID, "soc_fw_config_addr", "soc_fw_config_max_size"},
+	{TOS_FW_CONFIG_ID, "tos_fw_config_addr", "tos_fw_config_max_size"},
+	{NT_FW_CONFIG_ID, "nt_fw_config_addr", "nt_fw_config_max_size"}
+};
+
 /*******************************************************************************
- * Helper to read the `hw_config` property in config DTB. This function
- * expects the following properties to be present in the config DTB.
- *	name : hw_config_addr		size : 2 cells
- *	name : hw_config_max_size	size : 1 cell
+ * Helper to read the load information corresponding to the `config_id` in
+ * TB_FW_CONFIG. This function expects the following properties to be defined :
+ *	<config>_addr		size : 2 cells
+ *	<config>_max_size	size : 1 cell
  *
  * Arguments:
  *	void *dtb		 - pointer to the TB_FW_CONFIG in memory
  *	int node		 - The node offset to appropriate node in the
  *					 DTB.
- *	uint64_t *hw_config_addr - Returns the `hw_config` load address if read
+ *	unsigned int config_id	 - The configuration id
+ *	uint64_t *config_addr	 - Returns the `config` load address if read
  *					 is successful.
- *	uint32_t *hw_config_size - Returns the `hw_config` size if read is
+ *	uint32_t *config_size	 - Returns the `config` size if read is
  *					 successful.
  *
  * Returns 0 on success and -1 on error.
  ******************************************************************************/
-int arm_dyn_get_hwconfig_info(void *dtb, int node,
-		uint64_t *hw_config_addr, uint32_t *hw_config_size)
+int arm_dyn_get_config_load_info(void *dtb, int node, unsigned int config_id,
+		uint64_t *config_addr, uint32_t *config_size)
 {
 	int err;
+	unsigned int i;
 
 	assert(dtb != NULL);
-	assert(hw_config_addr != NULL);
-	assert(hw_config_size != NULL);
+	assert(config_addr != NULL);
+	assert(config_size != NULL);
+
+	for (i = 0; i < ARRAY_SIZE(prop_names); i++) {
+		if (prop_names[i].config_id == config_id)
+			break;
+	}
+
+	if (i == ARRAY_SIZE(prop_names)) {
+		WARN("Invalid config id %d\n", config_id);
+		return -1;
+	}
 
 	/* Check if the pointer to DT is correct */
 	assert(fdt_check_header(dtb) == 0);
@@ -43,23 +69,68 @@ int arm_dyn_get_hwconfig_info(void *dtb, int node,
 	/* Assert the node offset point to "arm,tb_fw" compatible property */
 	assert(node == fdt_node_offset_by_compatible(dtb, -1, "arm,tb_fw"));
 
-	err = fdtw_read_cells(dtb, node, "hw_config_addr", 2,
-				(void *) hw_config_addr);
+	err = fdtw_read_cells(dtb, node, prop_names[i].config_addr, 2,
+				(void *) config_addr);
+	if (err < 0) {
+		WARN("Read cell failed for %s\n", prop_names[i].config_addr);
+		return -1;
+	}
+
+	err = fdtw_read_cells(dtb, node, prop_names[i].config_max_size, 1,
+				(void *) config_size);
 	if (err < 0) {
-		WARN("Read cell failed for hw_config_addr\n");
+		WARN("Read cell failed for %s\n", prop_names[i].config_max_size);
 		return -1;
 	}
 
-	err = fdtw_read_cells(dtb, node, "hw_config_max_size", 1,
-				(void *) hw_config_size);
+	VERBOSE("Dyn cfg: Read config_id %d load info from TB_FW_CONFIG 0x%llx 0x%x\n",
+				config_id, (unsigned long long)*config_addr, *config_size);
+
+	return 0;
+}
+
+/*******************************************************************************
+ * Helper to read the `disable_auth` property in config DTB. This function
+ * expects the following properties to be present in the config DTB.
+ *	name : disable_auth		size : 1 cell
+ *
+ * Arguments:
+ *	void *dtb		 - pointer to the TB_FW_CONFIG in memory
+ *	int node		 - The node offset to appropriate node in the
+ *				   DTB.
+ *	uint64_t *disable_auth	 - The value of `disable_auth` property on
+ *				   successful read. Must be 0 or 1.
+ *
+ * Returns 0 on success and -1 on error.
+ ******************************************************************************/
+int arm_dyn_get_disable_auth(void *dtb, int node, uint32_t *disable_auth)
+{
+	int err;
+
+	assert(dtb != NULL);
+	assert(disable_auth != NULL);
+
+	/* Check if the pointer to DT is correct */
+	assert(fdt_check_header(dtb) == 0);
+
+	/* Assert the node offset point to "arm,tb_fw" compatible property */
+	assert(node == fdt_node_offset_by_compatible(dtb, -1, "arm,tb_fw"));
+
+	/* Locate the disable_auth cell and read the value */
+	err = fdtw_read_cells(dtb, node, "disable_auth", 1, disable_auth);
 	if (err < 0) {
-		WARN("Read cell failed for hw_config_max_size\n");
+		WARN("Read cell failed for `disable_auth`\n");
 		return -1;
 	}
 
-	VERBOSE("Dyn cfg: Read hw_config address from TB_FW_CONFIG 0x%p %p\n",
-				hw_config_addr, hw_config_size);
+	/* Check if the value is boolean */
+	if ((*disable_auth != 0U) && (*disable_auth != 1U)) {
+		WARN("Invalid value for `disable_auth` cell %d\n", *disable_auth);
+		return -1;
+	}
 
+	VERBOSE("Dyn cfg: `disable_auth` cell found with value = %d\n",
+					*disable_auth);
 	return 0;
 }
 

plat/arm/common/arm_io_storage.c

@@ -63,6 +63,18 @@ static const io_uuid_spec_t hw_config_uuid_spec = {
 	.uuid = UUID_HW_CONFIG,
 };
 
+static const io_uuid_spec_t soc_fw_config_uuid_spec = {
+	.uuid = UUID_SOC_FW_CONFIG,
+};
+
+static const io_uuid_spec_t tos_fw_config_uuid_spec = {
+	.uuid = UUID_TOS_FW_CONFIG,
+};
+
+static const io_uuid_spec_t nt_fw_config_uuid_spec = {
+	.uuid = UUID_NT_FW_CONFIG,
+};
+
 #if TRUSTED_BOARD_BOOT
 static const io_uuid_spec_t tb_fw_cert_uuid_spec = {
 	.uuid = UUID_TRUSTED_BOOT_FW_CERT,
@@ -167,6 +179,21 @@ static const struct plat_io_policy policies[] = {
 		(uintptr_t)&hw_config_uuid_spec,
 		open_fip
 	},
+	[SOC_FW_CONFIG_ID] = {
+			&fip_dev_handle,
+			(uintptr_t)&soc_fw_config_uuid_spec,
+			open_fip
+	},
+	[TOS_FW_CONFIG_ID] = {
+		&fip_dev_handle,
+		(uintptr_t)&tos_fw_config_uuid_spec,
+		open_fip
+	},
+	[NT_FW_CONFIG_ID] = {
+		&fip_dev_handle,
+		(uintptr_t)&nt_fw_config_uuid_spec,
+		open_fip
+	},
 #if TRUSTED_BOARD_BOOT
 	[TRUSTED_BOOT_FW_CERT_ID] = {
 		&fip_dev_handle,

tools/cert_create/include/cert.h

@@ -12,7 +12,7 @@
 #include "ext.h"
 #include "key.h"
 
-#define CERT_MAX_EXT			4
+#define CERT_MAX_EXT			5
 
 /*
  * This structure contains information related to the generation of the

tools/cert_create/include/tbbr/tbb_ext.h

@@ -21,12 +21,15 @@ enum {
 	SCP_FW_HASH_EXT,
 	SOC_FW_CONTENT_CERT_PK_EXT,
 	SOC_AP_FW_HASH_EXT,
+	SOC_FW_CONFIG_HASH_EXT,
 	TRUSTED_OS_FW_CONTENT_CERT_PK_EXT,
 	TRUSTED_OS_FW_HASH_EXT,
 	TRUSTED_OS_FW_EXTRA1_HASH_EXT,
 	TRUSTED_OS_FW_EXTRA2_HASH_EXT,
+	TRUSTED_OS_FW_CONFIG_HASH_EXT,
 	NON_TRUSTED_FW_CONTENT_CERT_PK_EXT,
 	NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT,
+	NON_TRUSTED_FW_CONFIG_HASH_EXT,
 	SCP_FWU_CFG_HASH_EXT,
 	AP_FWU_CFG_HASH_EXT,
 	FWU_HASH_EXT

tools/cert_create/src/tbbr/tbb_cert.c

@@ -99,9 +99,10 @@ static cert_t tbb_certs[] = {
 		.issuer = SOC_FW_CONTENT_CERT,
 		.ext = {
 			TRUSTED_FW_NVCOUNTER_EXT,
-			SOC_AP_FW_HASH_EXT
+			SOC_AP_FW_HASH_EXT,
+			SOC_FW_CONFIG_HASH_EXT,
 		},
-		.num_ext = 2
+		.num_ext = 3
 	},
 	[TRUSTED_OS_FW_KEY_CERT] = {
 		.id = TRUSTED_OS_FW_KEY_CERT,
@@ -129,9 +130,10 @@ static cert_t tbb_certs[] = {
 			TRUSTED_FW_NVCOUNTER_EXT,
 			TRUSTED_OS_FW_HASH_EXT,
 			TRUSTED_OS_FW_EXTRA1_HASH_EXT,
-			TRUSTED_OS_FW_EXTRA2_HASH_EXT
+			TRUSTED_OS_FW_EXTRA2_HASH_EXT,
+			TRUSTED_OS_FW_CONFIG_HASH_EXT,
 		},
-		.num_ext = 4
+		.num_ext = 5
 	},
 	[NON_TRUSTED_FW_KEY_CERT] = {
 		.id = NON_TRUSTED_FW_KEY_CERT,
@@ -157,9 +159,10 @@ static cert_t tbb_certs[] = {
 		.issuer = NON_TRUSTED_FW_CONTENT_CERT,
 		.ext = {
 			NON_TRUSTED_FW_NVCOUNTER_EXT,
-			NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT
+			NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT,
+			NON_TRUSTED_FW_CONFIG_HASH_EXT,
 		},
-		.num_ext = 2
+		.num_ext = 3
 	},
 	[FWU_CERT] = {
 		.id = FWU_CERT,

tools/cert_create/src/tbbr/tbb_ext.c

@@ -123,6 +123,16 @@ static ext_t tbb_ext[] = {
 		.asn1_type = V_ASN1_OCTET_STRING,
 		.type = EXT_TYPE_HASH
 	},
+	[SOC_FW_CONFIG_HASH_EXT] = {
+		.oid = SOC_FW_CONFIG_HASH_OID,
+		.opt = "soc-fw-config",
+		.help_msg = "SoC Firmware Config file",
+		.sn = "SocFirmwareConfigHash",
+		.ln = "SoC Firmware Config hash",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH,
+		.optional = 1
+	},
 	[TRUSTED_OS_FW_CONTENT_CERT_PK_EXT] = {
 		.oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID,
 		.sn = "TrustedOSFirmwareContentCertPK",
@@ -160,6 +170,16 @@ static ext_t tbb_ext[] = {
 		.type = EXT_TYPE_HASH,
 		.optional = 1
 	},
+	[TRUSTED_OS_FW_CONFIG_HASH_EXT] = {
+		.oid = TRUSTED_OS_FW_CONFIG_HASH_OID,
+		.opt = "tos-fw-config",
+		.help_msg = "Trusted OS Firmware Config file",
+		.sn = "TrustedOSFirmwareConfigHash",
+		.ln = "Trusted OS Firmware Config hash",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH,
+		.optional = 1
+	},
 	[NON_TRUSTED_FW_CONTENT_CERT_PK_EXT] = {
 		.oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID,
 		.sn = "NonTrustedFirmwareContentCertPK",
@@ -177,6 +197,16 @@ static ext_t tbb_ext[] = {
 		.asn1_type = V_ASN1_OCTET_STRING,
 		.type = EXT_TYPE_HASH
 	},
+	[NON_TRUSTED_FW_CONFIG_HASH_EXT] = {
+		.oid = NON_TRUSTED_FW_CONFIG_HASH_OID,
+		.opt = "nt-fw-config",
+		.help_msg = "Non Trusted OS Firmware Config file",
+		.sn = "NonTrustedOSFirmwareConfigHash",
+		.ln = "Non-Trusted OS Firmware Config hash",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH,
+		.optional = 1
+	},
 	[SCP_FWU_CFG_HASH_EXT] = {
 		.oid = SCP_FWU_CFG_HASH_OID,
 		.opt = "scp-fwu-cfg",

tools/fiptool/tbbr_config.c

@@ -78,6 +78,21 @@ toc_entry_t toc_entries[] = {
 		.uuid = UUID_TB_FW_CONFIG,
 		.cmdline_name = "tb-fw-config"
 	},
+	{
+		.name = "SOC_FW_CONFIG",
+		.uuid = UUID_SOC_FW_CONFIG,
+		.cmdline_name = "soc-fw-config"
+	},
+	{
+		.name = "TOS_FW_CONFIG",
+		.uuid = UUID_TOS_FW_CONFIG,
+		.cmdline_name = "tos-fw-config"
+	},
+	{
+		.name = "NT_FW_CONFIG",
+		.uuid = UUID_NT_FW_CONFIG,
+		.cmdline_name = "nt-fw-config"
+	},
 	/* Key Certificates */
 	{
 		.name = "Root Of Trust key certificate",