From 30070427e3ed30721074465f97ffb68390ee688c Mon Sep 17 00:00:00 2001
From: Joel Hutton <Joel.Hutton@Arm.com>
Date: Mon, 11 Mar 2019 11:37:38 +0000
Subject: [PATCH] cot-desc: optimise memory further
This changes the auth_img_desc_t struct to have pointers to struct
arrays instead of struct arrays. This saves memory as many of these
were never used, and can be NULL pointers. Note the memory savings are
only when these arrays are not initialised, as it is assumed these
arrays are fixed length. A possible future optimisation could allow for
variable length.
memory diff:
bl1: bl2:
text text
-12 -12
bss bss
-1463 0
data data
-56 -48
rodata rodata
-5688 -2592
total total
-7419 -2652
Change-Id: I8f9bdedf75048b8867f40c56381e3a6dc6402bcc
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
---
drivers/auth/auth_mod.c | 43 +++++++++++--------
drivers/auth/tbbr/tbbr_cot.c | 74 ++++++++++++++++-----------------
include/drivers/auth/auth_mod.h | 4 +-
3 files changed, 64 insertions(+), 57 deletions(-)
diff --git a/drivers/auth/auth_mod.c b/drivers/auth/auth_mod.c
index d66e5dd1d..1aca1ccc8 100644
--- a/drivers/auth/auth_mod.c
+++ b/drivers/auth/auth_mod.c
@@ -53,6 +53,9 @@ static int auth_get_param(const auth_param_type_desc_t *param_type_desc,
{
int i;
+ if (img_desc->authenticated_data == NULL)
+ return 1;
+
for (i = 0 ; i < COT_MAX_VERIFIED_PARAMS ; i++) {
if (0 == cmp_auth_param_type_desc(param_type_desc,
img_desc->authenticated_data[i].type_desc)) {
@@ -361,6 +364,8 @@ int auth_mod_verify_img(unsigned int img_id,
/* Authenticate the image using the methods indicated in the image
* descriptor. */
+ if(img_desc->img_auth_methods == NULL)
+ return 1;
for (i = 0 ; i < AUTH_METHOD_NUM ; i++) {
auth_method = &img_desc->img_auth_methods[i];
switch (auth_method->type) {
@@ -389,25 +394,27 @@ int auth_mod_verify_img(unsigned int img_id,
/* Extract the parameters indicated in the image descriptor to
* authenticate the children images. */
- for (i = 0 ; i < COT_MAX_VERIFIED_PARAMS ; i++) {
- if (img_desc->authenticated_data[i].type_desc == NULL) {
- continue;
- }
-
- /* Get the parameter from the image parser module */
- rc = img_parser_get_auth_param(img_desc->img_type,
- img_desc->authenticated_data[i].type_desc,
- img_ptr, img_len, ¶m_ptr, ¶m_len);
- return_if_error(rc);
-
- /* Check parameter size */
- if (param_len > img_desc->authenticated_data[i].data.len) {
- return 1;
+ if (img_desc->authenticated_data != NULL) {
+ for (i = 0 ; i < COT_MAX_VERIFIED_PARAMS ; i++) {
+ if (img_desc->authenticated_data[i].type_desc == NULL) {
+ continue;
+ }
+
+ /* Get the parameter from the image parser module */
+ rc = img_parser_get_auth_param(img_desc->img_type,
+ img_desc->authenticated_data[i].type_desc,
+ img_ptr, img_len, ¶m_ptr, ¶m_len);
+ return_if_error(rc);
+
+ /* Check parameter size */
+ if (param_len > img_desc->authenticated_data[i].data.len) {
+ return 1;
+ }
+
+ /* Copy the parameter for later use */
+ memcpy((void *)img_desc->authenticated_data[i].data.ptr,
+ (void *)param_ptr, param_len);
}
-
- /* Copy the parameter for later use */
- memcpy((void *)img_desc->authenticated_data[i].data.ptr,
- (void *)param_ptr, param_len);
}
/* Mark image as authenticated */
diff --git a/drivers/auth/tbbr/tbbr_cot.c b/drivers/auth/tbbr/tbbr_cot.c
index 1c962596c..da3631bbf 100644
--- a/drivers/auth/tbbr/tbbr_cot.c
+++ b/drivers/auth/tbbr/tbbr_cot.c
@@ -122,7 +122,7 @@ static const auth_img_desc_t trusted_boot_fw_cert = {
.img_id = TRUSTED_BOOT_FW_CERT_ID,
.img_type = IMG_CERT,
.parent = NULL,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_SIG,
.param.sig = {
@@ -140,7 +140,7 @@ static const auth_img_desc_t trusted_boot_fw_cert = {
}
}
},
- .authenticated_data = {
+ .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
[0] = {
.type_desc = &tb_fw_hash,
.data = {
@@ -169,7 +169,7 @@ static const auth_img_desc_t bl2_image = {
.img_id = BL2_IMAGE_ID,
.img_type = IMG_RAW,
.parent = &trusted_boot_fw_cert,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_HASH,
.param.hash = {
@@ -185,7 +185,7 @@ static const auth_img_desc_t hw_config = {
.img_id = HW_CONFIG_ID,
.img_type = IMG_RAW,
.parent = &trusted_boot_fw_cert,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_HASH,
.param.hash = {
@@ -201,7 +201,7 @@ static const auth_img_desc_t tb_fw_config = {
.img_id = TB_FW_CONFIG_ID,
.img_type = IMG_RAW,
.parent = &trusted_boot_fw_cert,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_HASH,
.param.hash = {
@@ -220,7 +220,7 @@ static const auth_img_desc_t trusted_key_cert = {
.img_id = TRUSTED_KEY_CERT_ID,
.img_type = IMG_CERT,
.parent = NULL,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_SIG,
.param.sig = {
@@ -238,7 +238,7 @@ static const auth_img_desc_t trusted_key_cert = {
}
}
},
- .authenticated_data = {
+ .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
[0] = {
.type_desc = &trusted_world_pk,
.data = {
@@ -262,7 +262,7 @@ static const auth_img_desc_t scp_fw_key_cert = {
.img_id = SCP_FW_KEY_CERT_ID,
.img_type = IMG_CERT,
.parent = &trusted_key_cert,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_SIG,
.param.sig = {
@@ -280,7 +280,7 @@ static const auth_img_desc_t scp_fw_key_cert = {
}
}
},
- .authenticated_data = {
+ .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
[0] = {
.type_desc = &scp_fw_content_pk,
.data = {
@@ -294,7 +294,7 @@ static const auth_img_desc_t scp_fw_content_cert = {
.img_id = SCP_FW_CONTENT_CERT_ID,
.img_type = IMG_CERT,
.parent = &scp_fw_key_cert,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_SIG,
.param.sig = {
@@ -312,7 +312,7 @@ static const auth_img_desc_t scp_fw_content_cert = {
}
}
},
- .authenticated_data = {
+ .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
[0] = {
.type_desc = &scp_fw_hash,
.data = {
@@ -326,7 +326,7 @@ static const auth_img_desc_t scp_bl2_image = {
.img_id = SCP_BL2_IMAGE_ID,
.img_type = IMG_RAW,
.parent = &scp_fw_content_cert,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_HASH,
.param.hash = {
@@ -343,7 +343,7 @@ static const auth_img_desc_t soc_fw_key_cert = {
.img_id = SOC_FW_KEY_CERT_ID,
.img_type = IMG_CERT,
.parent = &trusted_key_cert,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_SIG,
.param.sig = {
@@ -361,7 +361,7 @@ static const auth_img_desc_t soc_fw_key_cert = {
}
}
},
- .authenticated_data = {
+ .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
[0] = {
.type_desc = &soc_fw_content_pk,
.data = {
@@ -375,7 +375,7 @@ static const auth_img_desc_t soc_fw_content_cert = {
.img_id = SOC_FW_CONTENT_CERT_ID,
.img_type = IMG_CERT,
.parent = &soc_fw_key_cert,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_SIG,
.param.sig = {
@@ -393,7 +393,7 @@ static const auth_img_desc_t soc_fw_content_cert = {
}
}
},
- .authenticated_data = {
+ .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
[0] = {
.type_desc = &soc_fw_hash,
.data = {
@@ -414,7 +414,7 @@ static const auth_img_desc_t bl31_image = {
.img_id = BL31_IMAGE_ID,
.img_type = IMG_RAW,
.parent = &soc_fw_content_cert,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_HASH,
.param.hash = {
@@ -429,7 +429,7 @@ static const auth_img_desc_t soc_fw_config = {
.img_id = SOC_FW_CONFIG_ID,
.img_type = IMG_RAW,
.parent = &soc_fw_content_cert,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_HASH,
.param.hash = {
@@ -446,7 +446,7 @@ static const auth_img_desc_t trusted_os_fw_key_cert = {
.img_id = TRUSTED_OS_FW_KEY_CERT_ID,
.img_type = IMG_CERT,
.parent = &trusted_key_cert,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_SIG,
.param.sig = {
@@ -464,7 +464,7 @@ static const auth_img_desc_t trusted_os_fw_key_cert = {
}
}
},
- .authenticated_data = {
+ .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
[0] = {
.type_desc = &tos_fw_content_pk,
.data = {
@@ -478,7 +478,7 @@ static const auth_img_desc_t trusted_os_fw_content_cert = {
.img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
.img_type = IMG_CERT,
.parent = &trusted_os_fw_key_cert,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_SIG,
.param.sig = {
@@ -496,7 +496,7 @@ static const auth_img_desc_t trusted_os_fw_content_cert = {
}
}
},
- .authenticated_data = {
+ .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
[0] = {
.type_desc = &tos_fw_hash,
.data = {
@@ -531,7 +531,7 @@ static const auth_img_desc_t bl32_image = {
.img_id = BL32_IMAGE_ID,
.img_type = IMG_RAW,
.parent = &trusted_os_fw_content_cert,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_HASH,
.param.hash = {
@@ -545,7 +545,7 @@ static const auth_img_desc_t bl32_extra1_image = {
.img_id = BL32_EXTRA1_IMAGE_ID,
.img_type = IMG_RAW,
.parent = &trusted_os_fw_content_cert,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_HASH,
.param.hash = {
@@ -559,7 +559,7 @@ static const auth_img_desc_t bl32_extra2_image = {
.img_id = BL32_EXTRA2_IMAGE_ID,
.img_type = IMG_RAW,
.parent = &trusted_os_fw_content_cert,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_HASH,
.param.hash = {
@@ -574,7 +574,7 @@ static const auth_img_desc_t tos_fw_config = {
.img_id = TOS_FW_CONFIG_ID,
.img_type = IMG_RAW,
.parent = &trusted_os_fw_content_cert,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_HASH,
.param.hash = {
@@ -591,7 +591,7 @@ static const auth_img_desc_t non_trusted_fw_key_cert = {
.img_id = NON_TRUSTED_FW_KEY_CERT_ID,
.img_type = IMG_CERT,
.parent = &trusted_key_cert,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_SIG,
.param.sig = {
@@ -609,7 +609,7 @@ static const auth_img_desc_t non_trusted_fw_key_cert = {
}
}
},
- .authenticated_data = {
+ .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
[0] = {
.type_desc = &nt_fw_content_pk,
.data = {
@@ -623,7 +623,7 @@ static const auth_img_desc_t non_trusted_fw_content_cert = {
.img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
.img_type = IMG_CERT,
.parent = &non_trusted_fw_key_cert,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_SIG,
.param.sig = {
@@ -641,7 +641,7 @@ static const auth_img_desc_t non_trusted_fw_content_cert = {
}
}
},
- .authenticated_data = {
+ .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
[0] = {
.type_desc = &nt_world_bl_hash,
.data = {
@@ -662,7 +662,7 @@ static const auth_img_desc_t bl33_image = {
.img_id = BL33_IMAGE_ID,
.img_type = IMG_RAW,
.parent = &non_trusted_fw_content_cert,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_HASH,
.param.hash = {
@@ -677,7 +677,7 @@ static const auth_img_desc_t nt_fw_config = {
.img_id = NT_FW_CONFIG_ID,
.img_type = IMG_RAW,
.parent = &non_trusted_fw_content_cert,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_HASH,
.param.hash = {
@@ -695,7 +695,7 @@ static const auth_img_desc_t fwu_cert = {
.img_id = FWU_CERT_ID,
.img_type = IMG_CERT,
.parent = NULL,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_SIG,
.param.sig = {
@@ -706,7 +706,7 @@ static const auth_img_desc_t fwu_cert = {
}
}
},
- .authenticated_data = {
+ .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
[0] = {
.type_desc = &scp_bl2u_hash,
.data = {
@@ -737,7 +737,7 @@ static const auth_img_desc_t scp_bl2u_image = {
.img_id = SCP_BL2U_IMAGE_ID,
.img_type = IMG_RAW,
.parent = &fwu_cert,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_HASH,
.param.hash = {
@@ -754,7 +754,7 @@ static const auth_img_desc_t bl2u_image = {
.img_id = BL2U_IMAGE_ID,
.img_type = IMG_RAW,
.parent = &fwu_cert,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_HASH,
.param.hash = {
@@ -771,7 +771,7 @@ static const auth_img_desc_t ns_bl2u_image = {
.img_id = NS_BL2U_IMAGE_ID,
.img_type = IMG_RAW,
.parent = &fwu_cert,
- .img_auth_methods = {
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
[0] = {
.type = AUTH_METHOD_HASH,
.param.hash = {
diff --git a/include/drivers/auth/auth_mod.h b/include/drivers/auth/auth_mod.h
index 0119ed2e0..39f5372e5 100644
--- a/include/drivers/auth/auth_mod.h
+++ b/include/drivers/auth/auth_mod.h
@@ -27,8 +27,8 @@ typedef struct auth_img_desc_s {
unsigned int img_id;
img_type_t img_type;
const struct auth_img_desc_s *parent;
- auth_method_desc_t img_auth_methods[AUTH_METHOD_NUM];
- auth_param_desc_t authenticated_data[COT_MAX_VERIFIED_PARAMS];
+ const auth_method_desc_t *const img_auth_methods;
+ const auth_param_desc_t *const authenticated_data;
} auth_img_desc_t;
/* Public functions */
--
GitLab