Skip to content

GitLab

Commit 31d5e7f5 authored by danh-arm's avatar danh-arm
Browse files

Merge pull request #467 from jcastillo-arm/jc/tbb_oid 

Apply new image terminology
parents a84deb9c d178637d
Expand all Show whitespace changes
Inline Side-by-side
Makefile
View file @ 31d5e7f5
......@@ -309,7 +309,7 @@ ifeq (${DISABLE_PEDANTIC},0)
CFLAGS += -pedantic
endif
# Using the ARM Trusted Firmware BL2 implies that a BL3-3 image also need to be
# Using the ARM Trusted Firmware BL2 implies that a BL33 image also need to be
# supplied for the FIP and Certificate generation tools. This flag can be
# overridden by the platform.
ifdef BL2_SOURCES
......@@ -589,8 +589,8 @@ help:
@echo " bl1 Build the BL1 binary"
@echo " bl2 Build the BL2 binary"
@echo " bl2u Build the BL2U binary"
@echo " bl31 Build the BL3-1 binary"
@echo " bl32 Build the BL3-2 binary"
@echo " bl31 Build the BL31 binary"
@echo " bl32 Build the BL32 binary"
@echo " certificates Build the certificates (requires 'GENERATE_COT=1')"
@echo " fip Build the Firmware Image Package (FIP)"
@echo " fwu_fip Build the FWU Firmware Image Package (FIP)"
......
bl1/bl1_main.c
View file @ 31d5e7f5
......@@ -216,7 +216,7 @@ void bl1_load_bl2(void)
******************************************************************************/
void bl1_print_bl31_ep_info(const entry_point_info_t *bl31_ep_info)
{
NOTICE("BL1: Booting BL3-1\n");
NOTICE("BL1: Booting BL31\n");
print_entry_point_info(bl31_ep_info);
}
......
bl2/bl2_main.c
View file @ 31d5e7f5
......@@ -41,54 +41,61 @@
#include <stdint.h>
#include "bl2_private.h"
/*
* Check for platforms that use obsolete image terminology
*/
#ifdef BL30_BASE
# error "BL30_BASE platform define no longer used - please use SCP_BL2_BASE"
#endif
/*******************************************************************************
* Load the BL3-0 image if there's one.
* If a platform does not want to attempt to load BL3-0 image it must leave
* BL30_BASE undefined.
* Return 0 on success or if there's no BL3-0 image to load, a negative error
* Load the SCP_BL2 image if there's one.
* If a platform does not want to attempt to load SCP_BL2 image it must leave
* SCP_BL2_BASE undefined.
* Return 0 on success or if there's no SCP_BL2 image to load, a negative error
* code otherwise.
******************************************************************************/
static int load_bl30(void)
static int load_scp_bl2(void)
{
int e = 0;
#ifdef BL30_BASE
meminfo_t bl30_mem_info;
image_info_t bl30_image_info;
#ifdef SCP_BL2_BASE
meminfo_t scp_bl2_mem_info;
image_info_t scp_bl2_image_info;
/*
* It is up to the platform to specify where BL3-0 should be loaded if
* It is up to the platform to specify where SCP_BL2 should be loaded if
* it exists. It could create space in the secure sram or point to a
* completely different memory.
*
* The entry point information is not relevant in this case as the AP
* won't execute the BL3-0 image.
* won't execute the SCP_BL2 image.
*/
INFO("BL2: Loading BL3-0\n");
bl2_plat_get_bl30_meminfo(&bl30_mem_info);
bl30_image_info.h.version = VERSION_1;
e = load_auth_image(&bl30_mem_info,
BL30_IMAGE_ID,
BL30_BASE,
&bl30_image_info,
INFO("BL2: Loading SCP_BL2\n");
bl2_plat_get_scp_bl2_meminfo(&scp_bl2_mem_info);
scp_bl2_image_info.h.version = VERSION_1;
e = load_auth_image(&scp_bl2_mem_info,
SCP_BL2_IMAGE_ID,
SCP_BL2_BASE,
&scp_bl2_image_info,
NULL);
if (e == 0) {
/* The subsequent handling of BL3-0 is platform specific */
e = bl2_plat_handle_bl30(&bl30_image_info);
/* The subsequent handling of SCP_BL2 is platform specific */
e = bl2_plat_handle_scp_bl2(&scp_bl2_image_info);
if (e) {
ERROR("Failure in platform-specific handling of BL3-0 image.\n");
ERROR("Failure in platform-specific handling of SCP_BL2 image.\n");
}
}
#endif /* BL30_BASE */
#endif /* SCP_BL2_BASE */
return e;
}
#ifndef EL3_PAYLOAD_BASE
/*******************************************************************************
* Load the BL3-1 image.
* Load the BL31 image.
* The bl2_to_bl31_params and bl31_ep_info params will be updated with the
* relevant BL3-1 information.
* relevant BL31 information.
* Return 0 on success, a negative error code otherwise.
******************************************************************************/
static int load_bl31(bl31_params_t *bl2_to_bl31_params,
......@@ -97,17 +104,17 @@ static int load_bl31(bl31_params_t *bl2_to_bl31_params,
meminfo_t *bl2_tzram_layout;
int e;
INFO("BL2: Loading BL3-1\n");
INFO("BL2: Loading BL31\n");
assert(bl2_to_bl31_params != NULL);
assert(bl31_ep_info != NULL);
/* Find out how much free trusted ram remains after BL2 load */
bl2_tzram_layout = bl2_plat_sec_mem_layout();
/* Set the X0 parameter to BL3-1 */
/* Set the X0 parameter to BL31 */
bl31_ep_info->args.arg0 = (unsigned long)bl2_to_bl31_params;
/* Load the BL3-1 image */
/* Load the BL31 image */
e = load_auth_image(bl2_tzram_layout,
BL31_IMAGE_ID,
BL31_BASE,
......@@ -123,12 +130,12 @@ static int load_bl31(bl31_params_t *bl2_to_bl31_params,
}
/*******************************************************************************
* Load the BL3-2 image if there's one.
* The bl2_to_bl31_params param will be updated with the relevant BL3-2
* Load the BL32 image if there's one.
* The bl2_to_bl31_params param will be updated with the relevant BL32
* information.
* If a platform does not want to attempt to load BL3-2 image it must leave
* If a platform does not want to attempt to load BL32 image it must leave
* BL32_BASE undefined.
* Return 0 on success or if there's no BL3-2 image to load, a negative error
* Return 0 on success or if there's no BL32 image to load, a negative error
* code otherwise.
******************************************************************************/
static int load_bl32(bl31_params_t *bl2_to_bl31_params)
......@@ -137,11 +144,11 @@ static int load_bl32(bl31_params_t *bl2_to_bl31_params)
#ifdef BL32_BASE
meminfo_t bl32_mem_info;
INFO("BL2: Loading BL3-2\n");
INFO("BL2: Loading BL32\n");
assert(bl2_to_bl31_params != NULL);
/*
* It is up to the platform to specify where BL3-2 should be loaded if
* It is up to the platform to specify where BL32 should be loaded if
* it exists. It could create space in the secure sram or point to a
* completely different memory.
*/
......@@ -163,8 +170,8 @@ static int load_bl32(bl31_params_t *bl2_to_bl31_params)
}
/*******************************************************************************
* Load the BL3-3 image.
* The bl2_to_bl31_params param will be updated with the relevant BL3-3
* Load the BL33 image.
* The bl2_to_bl31_params param will be updated with the relevant BL33
* information.
* Return 0 on success, a negative error code otherwise.
******************************************************************************/
......@@ -173,12 +180,12 @@ static int load_bl33(bl31_params_t *bl2_to_bl31_params)
meminfo_t bl33_mem_info;
int e;
INFO("BL2: Loading BL3-3\n");
INFO("BL2: Loading BL33\n");
assert(bl2_to_bl31_params != NULL);
bl2_plat_get_bl33_meminfo(&bl33_mem_info);
/* Load the BL3-3 image in non-secure memory provided by the platform */
/* Load the BL33 image in non-secure memory provided by the platform */
e = load_auth_image(&bl33_mem_info,
BL33_IMAGE_ID,
plat_get_ns_image_entrypoint(),
......@@ -196,7 +203,7 @@ static int load_bl33(bl31_params_t *bl2_to_bl31_params)
/*******************************************************************************
* The only thing to do in BL2 is to load further images and pass control to
* BL3-1. The memory occupied by BL2 will be reclaimed by BL3-x stages. BL2 runs
* BL31. The memory occupied by BL2 will be reclaimed by BL3x stages. BL2 runs
* entirely in S-EL1.
******************************************************************************/
void bl2_main(void)
......@@ -219,18 +226,18 @@ void bl2_main(void)
/*
* Load the subsequent bootloader images
*/
e = load_bl30();
e = load_scp_bl2();
if (e) {
ERROR("Failed to load BL3-0 (%i)\n", e);
ERROR("Failed to load SCP_BL2 (%i)\n", e);
plat_error_handler(e);
}
/* Perform platform setup in BL2 after loading BL3-0 */
/* Perform platform setup in BL2 after loading SCP_BL2 */
bl2_platform_setup();
/*
* Get a pointer to the memory the platform has set aside to pass
* information to BL3-1.
* information to BL31.
*/
bl2_to_bl31_params = bl2_plat_get_bl31_params();
bl31_ep_info = bl2_plat_get_bl31_ep_info();
......@@ -241,7 +248,7 @@ void bl2_main(void)
* images. Just update the BL31 entrypoint info structure to make BL1
* jump to the EL3 payload.
* The pointer to the memory the platform has set aside to pass
* information to BL3-1 in the normal boot flow is reused here, even
* information to BL31 in the normal boot flow is reused here, even
* though only a fraction of the information contained in the
* bl31_params_t structure makes sense in the context of EL3 payloads.
* This will be refined in the future.
......@@ -253,23 +260,23 @@ void bl2_main(void)
#else
e = load_bl31(bl2_to_bl31_params, bl31_ep_info);
if (e) {
ERROR("Failed to load BL3-1 (%i)\n", e);
ERROR("Failed to load BL31 (%i)\n", e);
plat_error_handler(e);
}
e = load_bl32(bl2_to_bl31_params);
if (e) {
if (e == -EAUTH) {
ERROR("Failed to authenticate BL3-2\n");
ERROR("Failed to authenticate BL32\n");
plat_error_handler(e);
} else {
WARN("Failed to load BL3-2 (%i)\n", e);
WARN("Failed to load BL32 (%i)\n", e);
}
}
e = load_bl33(bl2_to_bl31_params);
if (e) {
ERROR("Failed to load BL3-3 (%i)\n", e);
ERROR("Failed to load BL33 (%i)\n", e);
plat_error_handler(e);
}
#endif /* EL3_PAYLOAD_BASE */
......@@ -278,9 +285,9 @@ void bl2_main(void)
bl2_plat_flush_bl31_params();
/*
* Run BL3-1 via an SMC to BL1. Information on how to pass control to
* the BL3-2 (if present) and BL3-3 software images will be passed to
* BL3-1 as an argument.
* Run BL31 via an SMC to BL1. Information on how to pass control to
* the BL32 (if present) and BL33 software images will be passed to
* BL31 as an argument.
*/
smc(BL1_SMC_RUN_IMAGE, (unsigned long)bl31_ep_info, 0, 0, 0, 0, 0, 0);
}
bl31/aarch64/bl31_entrypoint.S
View file @ 31d5e7f5
......@@ -91,7 +91,7 @@ func bl31_entrypoint
_exception_vectors=runtime_exceptions
/* ---------------------------------------------------------------------
* For RESET_TO_BL31 systems, BL3-1 is the first bootloader to run so
* For RESET_TO_BL31 systems, BL31 is the first bootloader to run so
* there's no argument to relay from a previous bootloader. Zero the
* arguments passed to the platform layer to reflect that.
* ---------------------------------------------------------------------
......
bl31/bl31.ld.S
View file @ 31d5e7f5
......@@ -94,7 +94,7 @@ SECTIONS
} >RAM
#ifdef BL31_PROGBITS_LIMIT
ASSERT(. <= BL31_PROGBITS_LIMIT, "BL3-1 progbits has exceeded its limit.")
ASSERT(. <= BL31_PROGBITS_LIMIT, "BL31 progbits has exceeded its limit.")
#endif
stacks (NOLOAD) : {
......@@ -184,5 +184,5 @@ SECTIONS
__COHERENT_RAM_END_UNALIGNED__ - __COHERENT_RAM_START__;
#endif
ASSERT(. <= BL31_LIMIT, "BL3-1 image has exceeded its limit.")
ASSERT(. <= BL31_LIMIT, "BL31 image has exceeded its limit.")
}
bl31/bl31.mk
View file @ 31d5e7f5
......@@ -62,7 +62,7 @@ endif
BL31_LINKERFILE := bl31/bl31.ld.S
# Flag used to inidicate if Crash reporting via console should be included
# in BL3-1. This defaults to being present in DEBUG builds only
# in BL31. This defaults to being present in DEBUG builds only
ifndef CRASH_REPORTING
CRASH_REPORTING := $(DEBUG)
endif
......
bl31/bl31_main.c
View file @ 31d5e7f5
......@@ -71,8 +71,8 @@ void bl31_lib_init(void)
******************************************************************************/
void bl31_main(void)
{
NOTICE("BL3-1: %s\n", version_string);
NOTICE("BL3-1: %s\n", build_message);
NOTICE("BL31: %s\n", version_string);
NOTICE("BL31: %s\n", build_message);
/* Perform remaining generic architectural setup from EL3 */
bl31_arch_setup();
......@@ -84,7 +84,7 @@ void bl31_main(void)
bl31_lib_init();
/* Initialize the runtime services e.g. psci */
INFO("BL3-1: Initializing runtime services\n");
INFO("BL31: Initializing runtime services\n");
runtime_svc_init();
/*
......@@ -101,7 +101,7 @@ void bl31_main(void)
* If SPD had registerd an init hook, invoke it.
*/
if (bl32_init) {
INFO("BL3-1: Initializing BL3-2\n");
INFO("BL31: Initializing BL32\n");
(*bl32_init)();
}
/*
......@@ -153,7 +153,7 @@ void bl31_prepare_next_image_entry(void)
assert(next_image_info);
assert(image_type == GET_SECURITY_STATE(next_image_info->h.attr));
INFO("BL3-1: Preparing for EL3 exit to %s world\n",
INFO("BL31: Preparing for EL3 exit to %s world\n",
(image_type == SECURE) ? "secure" : "normal");
print_entry_point_info(next_image_info);
cm_init_my_context(next_image_info);
......
bl32/tsp/tsp.ld.S
View file @ 31d5e7f5
......@@ -138,5 +138,5 @@ SECTIONS
__COHERENT_RAM_END_UNALIGNED__ - __COHERENT_RAM_START__;
#endif
ASSERT(. <= BL32_LIMIT, "BL3-2 image has exceeded its limit.")
ASSERT(. <= BL32_LIMIT, "BL32 image has exceeded its limit.")
}
bl32/tsp/tsp.mk
View file @ 31d5e7f5
......@@ -41,8 +41,8 @@ BL32_SOURCES += bl32/tsp/tsp_main.c \
BL32_LINKERFILE := bl32/tsp/tsp.ld.S
# This flag determines if the TSPD initializes BL3-2 in tspd_init() (synchronous
# method) or configures BL3-1 to pass control to BL3-2 instead of BL3-3
# This flag determines if the TSPD initializes BL32 in tspd_init() (synchronous
# method) or configures BL31 to pass control to BL32 instead of BL33
# (asynchronous method).
TSP_INIT_ASYNC := 0
......
common/aarch64/early_exceptions.S
View file @ 31d5e7f5
......@@ -37,7 +37,7 @@
/* -----------------------------------------------------
* Very simple stackless exception handlers used by BL2
* and BL3-1 bootloader stages. BL3-1 uses them before
* and BL31 bootloader stages. BL31 uses them before
* stacks are setup. BL2 uses them throughout.
* -----------------------------------------------------
*/
......
docs/auth-framework.md
View file @ 31d5e7f5
......@@ -83,7 +83,7 @@ behind them. These aspects are key to verify a Chain of Trust.
A CoT is basically a sequence of authentication images which usually starts with
a root of trust and culminates in a single data image. The following diagram
illustrates how this maps to a CoT for the BL3-1 image described in the
illustrates how this maps to a CoT for the BL31 image described in the
TBBR-Client specification.
```
......@@ -98,7 +98,7 @@ TBBR-Client specification.
/ |
L v
+------------------+ +-------------------+
| Trusted World |------>| BL3-1 Key |
| Trusted World |------>| BL31 Key |
| Public Key | | Certificate |
+------------------+ | (Auth Image) |
+-------------------+
......@@ -108,7 +108,7 @@ TBBR-Client specification.
/ |
/ v
+------------------+ L +-------------------+
| BL3-1 Content |------>| BL3-1 Content |
| BL31 Content |------>| BL31 Content |
| Certificate PK | | Certificate |
+------------------+ | (Auth Image) |
+-------------------+
......@@ -118,7 +118,7 @@ TBBR-Client specification.
/ |
/ v
+------------------+ L +-------------------+
| BL3-1 Hash |------>| BL3-1 Image |
| BL31 Hash |------>| BL31 Image |
| | | (Data Image) |
+------------------+ | |
+-------------------+
......@@ -211,14 +211,15 @@ It is responsible for:
3. Tracking which images have been verified. In case an image is a part of
multiple CoTs then it should be verified only once e.g. the Trusted World
Key Certificate in the TBBR-Client spec. contains information to verify
BL3-0, BL3-1, BL3-2 each of which have a separate CoT. (This responsibility
has not been described in this document but should be trivial to implement).
SCP_BL2, BL31, BL32 each of which have a separate CoT. (This
responsibility has not been described in this document but should be
trivial to implement).
4. Reusing memory meant for a data image to verify authentication images e.g.
in the CoT described in Diagram 2, each certificate can be loaded and
verified in the memory reserved by the platform for the BL3-1 image. By the
time BL3-1 (the data image) is loaded, all information to authenticate it
will have been extracted from the parent image i.e. BL3-1 content
verified in the memory reserved by the platform for the BL31 image. By the
time BL31 (the data image) is loaded, all information to authenticate it
will have been extracted from the parent image i.e. BL31 content
certificate. It is assumed that the size of an authentication image will
never exceed the size of a data image. It should be possible to verify this
at build time using asserts.
......@@ -491,7 +492,7 @@ typedef struct auth_param_type_desc_s {
`cookie` is used by the platform to specify additional information to the IPM
which enables it to uniquely identify the parameter that should be extracted
from an image. For example, the hash of a BL3-x image in its corresponding
from an image. For example, the hash of a BL3x image in its corresponding
content certificate is stored in an X509v3 custom extension field. An extension
field can only be identified using an OID. In this case, the `cookie` could
contain the pointer to the OID defined by the platform for the hash extension
......@@ -632,10 +633,10 @@ is, however, a minimum set of images that are mandatory in the Trusted Firmware
and thus all CoTs must present:
* `BL2`
* `BL3-0` (platform specific)
* `BL3-1`
* `BL3-2` (optional)
* `BL3-3`
* `SCP_BL2` (platform specific)
* `BL31`
* `BL32` (optional)
* `BL33`
The TBBR specifies the additional certificates that must accompany these images
for a proper authentication. Details about the TBBR CoT may be found in the
......@@ -704,9 +705,9 @@ process, some of the buffers may be reused at different stages during the boot.
Next in that file, the parameter descriptors are defined. These descriptors will
be used to extract the parameter data from the corresponding image.
#### 4.1.1 Example: the BL3-1 Chain of Trust
#### 4.1.1 Example: the BL31 Chain of Trust
Four image descriptors form the BL3-1 Chain of Trust:
Four image descriptors form the BL31 Chain of Trust:
```
[TRUSTED_KEY_CERT_ID] = {
......@@ -726,30 +727,30 @@ Four image descriptors form the BL3-1 Chain of Trust:
},
.authenticated_data = {
[0] = {
.type_desc = &tz_world_pk,
.type_desc = &trusted_world_pk,
.data = {
.ptr = (void *)plat_tz_world_pk_buf,
.ptr = (void *)trusted_world_pk_buf,
.len = (unsigned int)PK_DER_LEN
}
},
[1] = {
.type_desc = &ntz_world_pk,
.type_desc = &non_trusted_world_pk,
.data = {
.ptr = (void *)plat_ntz_world_pk_buf,
.ptr = (void *)non_trusted_world_pk_buf,
.len = (unsigned int)PK_DER_LEN
}
}
}
},
[BL31_KEY_CERT_ID] = {
.img_id = BL31_KEY_CERT_ID,
[SOC_FW_KEY_CERT_ID] = {
.img_id = SOC_FW_KEY_CERT_ID,
.img_type = IMG_CERT,
.parent = &cot_desc[TRUSTED_KEY_CERT_ID],
.img_auth_methods = {
[0] = {
.type = AUTH_METHOD_SIG,
.param.sig = {
.pk = &tz_world_pk,
.pk = &trusted_world_pk,
.sig = &sig,
.alg = &sig_alg,
.data = &raw_data,
......@@ -758,23 +759,23 @@ Four image descriptors form the BL3-1 Chain of Trust:
},
.authenticated_data = {
[0] = {
.type_desc = &bl31_content_pk,
.type_desc = &soc_fw_content_pk,
.data = {
.ptr = (void *)plat_content_pk,
.ptr = (void *)content_pk_buf,
.len = (unsigned int)PK_DER_LEN
}
}
}
},
[BL31_CERT_ID] = {
.img_id = BL31_CERT_ID,
[SOC_FW_CONTENT_CERT_ID] = {
.img_id = SOC_FW_CONTENT_CERT_ID,
.img_type = IMG_CERT,
.parent = &cot_desc[BL31_KEY_CERT_ID],
.parent = &cot_desc[SOC_FW_KEY_CERT_ID],
.img_auth_methods = {
[0] = {
.type = AUTH_METHOD_SIG,
.param.sig = {
.pk = &bl31_content_pk,
.pk = &soc_fw_content_pk,
.sig = &sig,
.alg = &sig_alg,
.data = &raw_data,
......@@ -783,9 +784,9 @@ Four image descriptors form the BL3-1 Chain of Trust:
},
.authenticated_data = {
[0] = {
.type_desc = &bl31_hash,
.type_desc = &soc_fw_hash,
.data = {
.ptr = (void *)plat_bl31_hash_buf,
.ptr = (void *)soc_fw_hash_buf,
.len = (unsigned int)HASH_DER_LEN
}
}
......@@ -794,13 +795,13 @@ Four image descriptors form the BL3-1 Chain of Trust:
[BL31_IMAGE_ID] = {
.img_id = BL31_IMAGE_ID,
.img_type = IMG_RAW,
.parent = &cot_desc[BL31_CERT_ID],
.parent = &cot_desc[SOC_FW_CONTENT_CERT_ID],
.img_auth_methods = {
[0] = {
.type = AUTH_METHOD_HASH,
.param.hash = {
.data = &raw_data,
.hash = &bl31_hash,
.hash = &soc_fw_hash,
}
}
}
......@@ -835,27 +836,27 @@ is created in the `authenticated_data` array for that purpose. In that entry,
the corresponding parameter descriptor must be specified along with the buffer
address to store the parameter value. In this case, the `tz_world_pk` descriptor
is used to extract the public key from an x509v3 extension with OID
`TZ_WORLD_PK_OID`. The BL3-1 key certificate will use this descriptor as
`TRUSTED_WORLD_PK_OID`. The BL31 key certificate will use this descriptor as
parameter in the signature authentication method. The key is stored in the
`plat_tz_world_pk_buf` buffer.
The **BL3-1 Key certificate** is authenticated by checking its digital signature
The **BL31 Key certificate** is authenticated by checking its digital signature
using the Trusted World public key obtained previously from the Trusted Key
certificate. In the image descriptor, we specify a single authentication method
by signature whose public key is the `tz_world_pk`. Once this certificate has
been authenticated, we have to extract the BL3-1 public key, stored in the
been authenticated, we have to extract the BL31 public key, stored in the
extension specified by `bl31_content_pk`. This key will be copied to the
`plat_content_pk` buffer.
The **BL3-1 certificate** is authenticated by checking its digital signature
using the BL3-1 public key obtained previously from the BL3-1 Key certificate.
The **BL31 certificate** is authenticated by checking its digital signature
using the BL31 public key obtained previously from the BL31 Key certificate.
We specify the authentication method using `bl31_content_pk` as public key.
After authentication, we need to extract the BL3-1 hash, stored in the extension
After authentication, we need to extract the BL31 hash, stored in the extension
specified by `bl31_hash`. This hash will be copied to the `plat_bl31_hash_buf`
buffer.
The **BL3-1 image** is authenticated by calculating its hash and matching it
with the hash obtained from the BL3-1 certificate. The image descriptor contains
The **BL31 image** is authenticated by calculating its hash and matching it
with the hash obtained from the BL31 certificate. The image descriptor contains
a single authentication method by hash. The parameters to the hash method are
the reference hash, `bl31_hash`, and the data to be hashed. In this case, it is
the whole image, so we specify `raw_data`.
......
docs/firmware-design.md
View file @ 31d5e7f5
This diff is collapsed.
docs/platform-migration-guide.md
View file @ 31d5e7f5
......@@ -314,7 +314,7 @@ This function is called with the `SCTLR.M` and `SCTLR.C` bits disabled. The core
is identified by its `MPIDR`, which is passed as the argument. The function is
responsible for distinguishing between a warm and cold reset using platform-
specific means. If it is a warm reset, it returns the entrypoint into the
BL3-1 image that the core must jump to. If it is a cold reset, this function
BL31 image that the core must jump to. If it is a cold reset, this function
must return zero.
This function is also responsible for implementing a platform-specific mechanism
......@@ -387,7 +387,7 @@ provided in [plat/common/aarch64/platform_up_stack.S] and
[plat/common/aarch64/platform_mp_stack.S]
## Modifications for Power State Coordination Interface (in BL3-1)
## Modifications for Power State Coordination Interface (in BL31)
The following functions must be implemented to initialize PSCI functionality in
the ARM Trusted Firmware.
......@@ -448,7 +448,7 @@ called by the primary core.
This function is called by PSCI initialization code. Its purpose is to export
handler routines for platform-specific power management actions by populating
the passed pointer with a pointer to the private `plat_pm_ops` structure of
BL3-1.
BL31.
A description of each member of this structure is given below. A platform port
is expected to implement these handlers if the corresponding PSCI operation
......
docs/porting-guide.md
View file @ 31d5e7f5
This diff is collapsed.
docs/rt-svc-writers-guide.md
View file @ 31d5e7f5
......@@ -19,7 +19,7 @@ Contents
----------------
This document describes how to add a runtime service to the EL3 Runtime
Firmware component of ARM Trusted Firmware (BL3-1).
Firmware component of ARM Trusted Firmware (BL31).
Software executing in the normal world and in the trusted world at exception
levels lower than EL3 will request runtime services using the Secure Monitor
......@@ -30,9 +30,9 @@ results are returned.
SMC Functions are grouped together based on the implementor of the service, for
example a subset of the Function IDs are designated as "OEM Calls" (see [SMCCC]
for full details). The EL3 runtime services framework in BL3-1 enables the
for full details). The EL3 runtime services framework in BL31 enables the
independent implementation of services for each group, which are then compiled
into the BL3-1 image. This simplifies the integration of common software from
into the BL31 image. This simplifies the integration of common software from
ARM to support [PSCI], Secure Monitor for a Trusted OS and SoC specific
software. The common runtime services framework ensures that SMC Functions are
dispatched to their respective service implementation - the [Firmware Design]
......@@ -290,7 +290,7 @@ between the normal and secure worlds, deliver SMC Calls through to Secure-EL1
and generally manage the Secure-EL1 Payload through CPU power-state transitions.
TODO: Provide details of the additional work required to implement a SPD and
the BL3-1 support for these services. Or a reference to the document that will
the BL31 support for these services. Or a reference to the document that will
provide this information....
......
docs/trusted-board-boot.md
View file @ 31d5e7f5
......@@ -66,29 +66,29 @@ The keys used to establish the CoT are:
* **Trusted world key**
The private part is used to sign the key certificates corresponding to the
secure world images (BL3-0, BL3-1 and BL3-2). The public part is stored in
secure world images (SCP_BL2, BL31 and BL32). The public part is stored in
one of the extension fields in the trusted world certificate.
* **Non-trusted world key**
The private part is used to sign the key certificate corresponding to the
non secure world image (BL3-3). The public part is stored in one of the
non secure world image (BL33). The public part is stored in one of the
extension fields in the trusted world certificate.
* **BL3-X keys**
For each of BL3-0, BL3-1, BL3-2 and BL3-3, the private part is used to sign
the content certificate for the BL3-X image. The public part is stored in
one of the extension fields in the corresponding key certificate.
For each of SCP_BL2, BL31, BL32 and BL33, the private part is used to
sign the content certificate for the BL3-X image. The public part is stored
in one of the extension fields in the corresponding key certificate.
The following images are included in the CoT:
* BL1
* BL2
* BL3-0 (optional)
* BL3-1
* BL3-3
* BL3-2 (optional)
* SCP_BL2 (optional)
* BL31
* BL33
* BL32 (optional)
The following certificates are used to authenticate the images.
......@@ -103,44 +103,45 @@ The following certificates are used to authenticate the images.
public part of the trusted world key and the public part of the non-trusted
world key.
* **BL3-0 key certificate**
* **SCP_BL2 key certificate**
It is self-signed with the trusted world key. It contains the public part of
the BL3-0 key.
the SCP_BL2 key.
* **BL3-0 content certificate**
* **SCP_BL2 content certificate**
It is self-signed with the BL3-0 key. It contains a hash of the BL3-0 image.
It is self-signed with the SCP_BL2 key. It contains a hash of the SCP_BL2
image.
* **BL3-1 key certificate**
* **BL31 key certificate**
It is self-signed with the trusted world key. It contains the public part of
the BL3-1 key.
the BL31 key.
* **BL3-1 content certificate**
* **BL31 content certificate**
It is self-signed with the BL3-1 key. It contains a hash of the BL3-1 image.
It is self-signed with the BL31 key. It contains a hash of the BL31 image.
* **BL3-2 key certificate**
* **BL32 key certificate**
It is self-signed with the trusted world key. It contains the public part of
the BL3-2 key.
the BL32 key.
* **BL3-2 content certificate**
* **BL32 content certificate**
It is self-signed with the BL3-2 key. It contains a hash of the BL3-2 image.
It is self-signed with the BL32 key. It contains a hash of the BL32 image.
* **BL3-3 key certificate**
* **BL33 key certificate**
It is self-signed with the non-trusted world key. It contains the public
part of the BL3-3 key.
part of the BL33 key.
* **BL3-3 content certificate**
* **BL33 content certificate**
It is self-signed with the BL3-3 key. It contains a hash of the BL3-3 image.
It is self-signed with the BL33 key. It contains a hash of the BL33 image.
The BL3-0 and BL3-2 certificates are optional, but they must be present if the
corresponding BL3-0 or BL3-2 images are present.
The SCP_BL2 and BL32 certificates are optional, but they must be present if the
corresponding SCP_BL2 or BL32 images are present.
3. Trusted Board Boot Sequence
......@@ -167,27 +168,27 @@ if any of the steps fail.
registers. If the comparison succeeds, BL2 reads and saves the trusted and
non-trusted world public keys from the verified certificate.
The next two steps are executed for each of the BL3-0, BL3-1 & BL3-2 images. The
steps for the optional BL3-0 and BL3-2 images are skipped if these images are
not present.
The next two steps are executed for each of the SCP_BL2, BL31 & BL32 images.
The steps for the optional SCP_BL2 and BL32 images are skipped if these images
are not present.
* BL2 loads and verifies the BL3-x key certificate. The certificate signature
* BL2 loads and verifies the BL3x key certificate. The certificate signature
is verified using the trusted world public key. If the signature
verification succeeds, BL2 reads and saves the BL3-x public key from the
verification succeeds, BL2 reads and saves the BL3x public key from the
certificate.
* BL2 loads and verifies the BL3-x content certificate. The signature is
verified using the BL3-x public key. If the signature verification succeeds,
BL2 reads and saves the BL3-x image hash from the certificate.
* BL2 loads and verifies the BL3x content certificate. The signature is
verified using the BL3x public key. If the signature verification succeeds,
BL2 reads and saves the BL3x image hash from the certificate.
The next two steps are executed only for the BL3-3 image.
The next two steps are executed only for the BL33 image.
* BL2 loads and verifies the BL3-3 key certificate. If the signature
verification succeeds, BL2 reads and saves the BL3-3 public key from the
* BL2 loads and verifies the BL33 key certificate. If the signature
verification succeeds, BL2 reads and saves the BL33 public key from the
certificate.
* BL2 loads and verifies the BL3-3 content certificate. If the signature
verification succeeds, BL2 reads and saves the BL3-3 image hash from the
* BL2 loads and verifies the BL33 content certificate. If the signature
verification succeeds, BL2 reads and saves the BL33 image hash from the
certificate.
The next step is executed for all the boot loader images.
......
docs/user-guide.md
View file @ 31d5e7f5
......@@ -99,7 +99,7 @@ as part of the Linaro release.
To build the Trusted Firmware images, change to the root directory of the
Trusted Firmware source tree and follow these steps:
1. Set the compiler path, specify a Non-trusted Firmware image (BL3-3) and
1. Set the compiler path, specify a Non-trusted Firmware image (BL33) and
a valid platform, and then build:
CROSS_COMPILE=<path-to-aarch64-gcc>/bin/aarch64-linux-gnu- \
......@@ -109,11 +109,11 @@ Trusted Firmware source tree and follow these steps:
If `PLAT` is not specified, `fvp` is assumed by default. See the "Summary of
build options" for more information on available build options.
The BL3-3 image corresponds to the software that is executed after switching
to the non-secure world. UEFI can be used as the BL3-3 image. Refer to the
The BL33 image corresponds to the software that is executed after switching
to the non-secure world. UEFI can be used as the BL33 image. Refer to the
"Building the rest of the software stack" section below.
The TSP (Test Secure Payload), corresponding to the BL3-2 image, is not
The TSP (Test Secure Payload), corresponding to the BL32 image, is not
compiled in by default. Refer to the "Building the Test Secure Payload"
section below.
......@@ -139,11 +139,11 @@ Trusted Firmware source tree and follow these steps:
For more information on FIPs, see the "Firmware Image Package" section in
the [Firmware Design].
2. (Optional) Some platforms may require a BL3-0 image to boot. This image can
2. (Optional) Some platforms may require a SCP_BL2 image to boot. This image can
be included in the FIP when building the Trusted Firmware by specifying the
`BL30` build option:
`SCP_BL2` build option:
BL30=<path-to>/<bl30_image>
SCP_BL2=<path-to>/<scp_bl2_image>
3. Output binary files `bl1.bin` and `fip.bin` are both required to boot the
system. How these files are used is platform specific. Refer to the
......@@ -159,10 +159,10 @@ Trusted Firmware source tree and follow these steps:
make realclean
5. (Optional) Path to binary for certain BL stages (BL2, BL3-1 and BL3-2) can be
5. (Optional) Path to binary for certain BL stages (BL2, BL31 and BL32) can be
provided by specifying the BLx=<path-to>/<blx_image> where BLx is the BL stage.
This will bypass the build of the BL component from source, but will include
the specified binary in the final FIP image. Please note that BL3-2 will be
the specified binary in the final FIP image. Please note that BL32 will be
included in the build, only if the `SPD` build option is specified.
For example, specifying BL2=<path-to>/<bl2_image> in the build option, will
......@@ -180,11 +180,11 @@ performed.
#### Common build options
* `BL30`: Path to BL3-0 image in the host file system. This image is optional.
If a BL3-0 image is present then this option must be passed for the `fip`
* `SCP_BL2`: Path to SCP_BL2 image in the host file system. This image is optional.
If a SCP_BL2 image is present then this option must be passed for the `fip`
target.
* `BL33`: Path to BL3-3 image in the host file system. This is mandatory for
* `BL33`: Path to BL33 image in the host file system. This is mandatory for
`fip` target in case the BL2 from ARM Trusted Firmware is used.
* `BL2`: This is an optional build option which specifies the path to BL2
......@@ -192,11 +192,11 @@ performed.
Firmware will not be built.
* `BL31`: This is an optional build option which specifies the path to
BL3-1 image for the `fip` target. In this case, the BL3-1 in the ARM
BL31 image for the `fip` target. In this case, the BL31 in the ARM
Trusted Firmware will not be built.
* `BL32`: This is an optional build option which specifies the path to
BL3-2 image for the `fip` target. In this case, the BL3-2 in the ARM
BL32 image for the `fip` target. In this case, the BL32 in the ARM
Trusted Firmware will not be built.
* `FIP_NAME`: This is an optional build option which specifies the FIP
......@@ -246,14 +246,14 @@ performed.
is used to determine the number of valid slave interfaces available in the
ARM CCI driver. Default is 400 (that is, CCI-400).
* `RESET_TO_BL31`: Enable BL3-1 entrypoint as the CPU reset vector instead
* `RESET_TO_BL31`: Enable BL31 entrypoint as the CPU reset vector instead
of the BL1 entrypoint. It can take the value 0 (CPU reset to BL1
entrypoint) or 1 (CPU reset to BL3-1 entrypoint).
entrypoint) or 1 (CPU reset to BL31 entrypoint).
The default value is 0.
* `CRASH_REPORTING`: A non-zero value enables a console dump of processor
register state when an unexpected exception occurs during execution of
BL3-1. This option defaults to the value of `DEBUG` - i.e. by default
BL31. This option defaults to the value of `DEBUG` - i.e. by default
this is only enabled for a debug build of the firmware.
* `ASM_ASSERTION`: This flag determines whether the assertion checks within
......@@ -261,10 +261,10 @@ performed.
value of `DEBUG` - that is, by default this is only enabled for a debug
build of the firmware.
* `TSP_INIT_ASYNC`: Choose BL3-2 initialization method as asynchronous or
synchronous, (see "Initializing a BL3-2 Image" section in [Firmware
Design]). It can take the value 0 (BL3-2 is initialized using
synchronous method) or 1 (BL3-2 is initialized using asynchronous method).
* `TSP_INIT_ASYNC`: Choose BL32 initialization method as asynchronous or
synchronous, (see "Initializing a BL32 Image" section in [Firmware
Design]). It can take the value 0 (BL32 is initialized using
synchronous method) or 1 (BL32 is initialized using asynchronous method).
Default is 0.
* `USE_COHERENT_MEM`: This flag determines whether to include the coherent
......@@ -327,20 +327,20 @@ performed.
specifies the file that contains the Non-Trusted World private key in PEM
format. If `SAVE_KEYS=1`, this file name will be used to save the key.
* `BL30_KEY`: This option is used when `GENERATE_COT=1`. It specifies the
file that contains the BL3-0 private key in PEM format. If `SAVE_KEYS=1`,
* `SCP_BL2_KEY`: This option is used when `GENERATE_COT=1`. It specifies the
file that contains the SCP_BL2 private key in PEM format. If `SAVE_KEYS=1`,
this file name will be used to save the key.
* `BL31_KEY`: This option is used when `GENERATE_COT=1`. It specifies the
file that contains the BL3-1 private key in PEM format. If `SAVE_KEYS=1`,
file that contains the BL31 private key in PEM format. If `SAVE_KEYS=1`,
this file name will be used to save the key.
* `BL32_KEY`: This option is used when `GENERATE_COT=1`. It specifies the
file that contains the BL3-2 private key in PEM format. If `SAVE_KEYS=1`,
file that contains the BL32 private key in PEM format. If `SAVE_KEYS=1`,
this file name will be used to save the key.
* `BL33_KEY`: This option is used when `GENERATE_COT=1`. It specifies the
file that contains the BL3-3 private key in PEM format. If `SAVE_KEYS=1`,
file that contains the BL33 private key in PEM format. If `SAVE_KEYS=1`,
this file name will be used to save the key.
* `PROGRAMMABLE_RESET_ADDRESS`: This option indicates whether the reset
......@@ -459,7 +459,7 @@ It is recommended to remove the build artifacts before rebuilding:
make -C tools/fip_create clean
Create a Firmware package that contains existing BL2 and BL3-1 images:
Create a Firmware package that contains existing BL2 and BL31 images:
# fip_create --help to print usage information
# fip_create <fip_name> <images to add> [--dump to show result]
......@@ -470,7 +470,7 @@ Create a Firmware package that contains existing BL2 and BL3-1 images:
---------------------------
- Trusted Boot Firmware BL2: offset=0x88, size=0x81E8
file: 'build/<platform>/debug/bl2.bin'
- EL3 Runtime Firmware BL3-1: offset=0x8270, size=0xC218
- EL3 Runtime Firmware BL31: offset=0x8270, size=0xC218
file: 'build/<platform>/debug/bl31.bin'
---------------------------
Creating "fip.bin"
......@@ -482,7 +482,7 @@ View the contents of an existing Firmware package:
Firmware Image Package ToC:
---------------------------
- Trusted Boot Firmware BL2: offset=0x88, size=0x81E8
- EL3 Runtime Firmware BL3-1: offset=0x8270, size=0xC218
- EL3 Runtime Firmware BL31: offset=0x8270, size=0xC218
---------------------------
Existing package entries can be individially updated:
......@@ -495,7 +495,7 @@ Existing package entries can be individially updated:
---------------------------
- Trusted Boot Firmware BL2: offset=0x88, size=0x7240
file: 'build/<platform>/release/bl2.bin'
- EL3 Runtime Firmware BL3-1: offset=0x72C8, size=0xC218
- EL3 Runtime Firmware BL31: offset=0x72C8, size=0xC218
---------------------------
Updating "fip.bin"
......@@ -550,13 +550,13 @@ commands can be used:
### Building the Test Secure Payload
The TSP is coupled with a companion runtime service in the BL3-1 firmware,
called the TSPD. Therefore, if you intend to use the TSP, the BL3-1 image
The TSP is coupled with a companion runtime service in the BL31 firmware,
called the TSPD. Therefore, if you intend to use the TSP, the BL31 image
must be recompiled as well. For more information on SPs and SPDs, see the
"Secure-EL1 Payloads and Dispatchers" section in the [Firmware Design].
First clean the Trusted Firmware build directory to get rid of any previous
BL3-1 binary. Then to build the TSP image and include it into the FIP use:
BL31 binary. Then to build the TSP image and include it into the FIP use:
CROSS_COMPILE=<path-to-aarch64-gcc>/bin/aarch64-linux-gnu- \
BL33=<path-to>/<bl33_image> \
......@@ -566,19 +566,19 @@ An additional boot loader binary file is created in the `build` directory:
* `build/<platform>/<build-type>/bl32.bin`
The FIP will now contain the additional BL3-2 image. Here is an example
output from an FVP build in release mode including BL3-2 and using
FVP_AARCH64_EFI.fd as BL3-3 image:
The FIP will now contain the additional BL32 image. Here is an example
output from an FVP build in release mode including BL32 and using
FVP_AARCH64_EFI.fd as BL33 image:
Firmware Image Package ToC:
---------------------------
- Trusted Boot Firmware BL2: offset=0xD8, size=0x6000
file: './build/fvp/release/bl2.bin'
- EL3 Runtime Firmware BL3-1: offset=0x60D8, size=0x9000
- EL3 Runtime Firmware BL31: offset=0x60D8, size=0x9000
file: './build/fvp/release/bl31.bin'
- Secure Payload BL3-2 (Trusted OS): offset=0xF0D8, size=0x3000
- Secure Payload BL32 (Trusted OS): offset=0xF0D8, size=0x3000
file: './build/fvp/release/bl32.bin'
- Non-Trusted Firmware BL3-3: offset=0x120D8, size=0x280000
- Non-Trusted Firmware BL33: offset=0x120D8, size=0x280000
file: '../FVP_AARCH64_EFI.fd'
---------------------------
Creating "build/fvp/release/fip.bin"
......@@ -767,7 +767,7 @@ complexity of developing EL3 baremetal code by:
* putting the system into a known architectural state;
* taking care of platform secure world initialization;
* loading the BL30 image if required by the platform.
* loading the SCP_BL2 image if required by the platform.
When booting an EL3 payload on ARM standard platforms, the configuration of the
TrustZone controller is simplified such that only region 0 is enabled and is
......@@ -1002,7 +1002,7 @@ boot Linux with 8 CPUs using the ARM Trusted Firmware.
--data cluster0.cpu0="<path-to>/<kernel-binary>"@0x80080000 \
-C bp.virtioblockdevice.image_path="<path-to>/<file-system-image>"
### Running on the AEMv8 Base FVP with reset to BL3-1 entrypoint
### Running on the AEMv8 Base FVP with reset to BL31 entrypoint
Please read "Notes regarding Base FVP configuration options" section above for
information about some of the options to run the software.
......@@ -1032,7 +1032,7 @@ with 8 CPUs using the ARM Trusted Firmware.
--data cluster0.cpu0="<path-to>/<kernel-binary>"@0x80080000 \
-C bp.virtioblockdevice.image_path="<path-to>/<file-system-image>"
### Running on the Cortex-A57-A53 Base FVP with reset to BL3-1 entrypoint
### Running on the Cortex-A57-A53 Base FVP with reset to BL31 entrypoint
Please read "Notes regarding Base FVP configuration options" section above for
information about some of the options to run the software.
......@@ -1097,7 +1097,7 @@ registers memory map (`0x1c010000`).
This register can be configured as described in the following sections.
NOTE: If the legacy VE GIC memory map is used, then the corresponding FDT and
BL3-3 images should be used.
BL33 images should be used.
#### Configuring AEMv8 Foundation FVP GIC for legacy VE memory map
......@@ -1187,14 +1187,15 @@ deliverables on Juno][Juno Instructions].
### Preparing Trusted Firmware images
The Juno platform requires a BL0 and a BL30 image to boot up. The BL0 image
contains the ROM firmware that runs on the SCP (System Control Processor),
whereas the BL30 image contains the SCP Runtime firmware. Both images are
embedded within the Juno board recovery image, these are the files `bl0.bin`
and `bl30.bin`.
The Juno platform requires a SCP_BL1 and a SCP_BL2 image to boot up. The
SCP_BL1 image contains the ROM firmware that runs on the SCP (System Control
Processor), whereas the SCP_BL2 image contains the SCP Runtime firmware. Both
images are embedded within the Juno board recovery image, these are the files
`bl0.bin` and `bl30.bin`, respectively. Please note that these filenames still
use the old terminology.
The BL30 file must be part of the FIP image. Therefore, its path must be
supplied using the `BL30` variable on the command line when building the
The SCP_BL2 file must be part of the FIP image. Therefore, its path must be
supplied using the `SCP_BL2` variable on the command line when building the
FIP. Please refer to the section "Building the Trusted Firmware".
After building Trusted Firmware, the files `bl1.bin` and `fip.bin` need copying
......
drivers/auth/tbbr/tbbr_cot.c
View file @ 31d5e7f5
......@@ -44,14 +44,14 @@
* extracted from the certificates. In this case, because of the way the CoT is
* established, we can reuse some of the buffers on different stages
*/
static unsigned char plat_bl2_hash_buf[HASH_DER_LEN];
static unsigned char plat_bl30_hash_buf[HASH_DER_LEN];
static unsigned char plat_bl31_hash_buf[HASH_DER_LEN];
static unsigned char plat_bl32_hash_buf[HASH_DER_LEN];
static unsigned char plat_bl33_hash_buf[HASH_DER_LEN];
static unsigned char plat_tz_world_pk_buf[PK_DER_LEN];
static unsigned char plat_ntz_world_pk_buf[PK_DER_LEN];
static unsigned char plat_content_pk[PK_DER_LEN];
static unsigned char tb_fw_hash_buf[HASH_DER_LEN];
static unsigned char scp_fw_hash_buf[HASH_DER_LEN];
static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN];
static unsigned char trusted_world_pk_buf[PK_DER_LEN];
static unsigned char non_trusted_world_pk_buf[PK_DER_LEN];
static unsigned char content_pk_buf[PK_DER_LEN];
/*
* Parameter type descriptors
......@@ -65,36 +65,36 @@ static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC(
static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_RAW_DATA, 0);
static auth_param_type_desc_t tz_world_pk = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_PUB_KEY, TZ_WORLD_PK_OID);
static auth_param_type_desc_t ntz_world_pk = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_PUB_KEY, NTZ_WORLD_PK_OID);
static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID);
static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID);
static auth_param_type_desc_t bl30_content_pk = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_PUB_KEY, BL30_CONTENT_CERT_PK_OID);
static auth_param_type_desc_t bl31_content_pk = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_PUB_KEY, BL31_CONTENT_CERT_PK_OID);
static auth_param_type_desc_t bl32_content_pk = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_PUB_KEY, BL32_CONTENT_CERT_PK_OID);
static auth_param_type_desc_t bl33_content_pk = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_PUB_KEY, BL33_CONTENT_CERT_PK_OID);
static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID);
static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID);
static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID);
static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID);
static auth_param_type_desc_t bl2_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, BL2_HASH_OID);
static auth_param_type_desc_t bl30_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, BL30_HASH_OID);
static auth_param_type_desc_t bl31_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, BL31_HASH_OID);
static auth_param_type_desc_t bl32_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, BL32_HASH_OID);
static auth_param_type_desc_t bl33_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, BL33_HASH_OID);
static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID);
static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, SCP_FW_HASH_OID);
static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
static auth_param_type_desc_t scp_bl2u_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, SCP_BL2U_HASH_OID);
AUTH_PARAM_HASH, SCP_FWU_CFG_HASH_OID);
static auth_param_type_desc_t bl2u_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, BL2U_HASH_OID);
AUTH_PARAM_HASH, AP_FWU_CFG_HASH_OID);
static auth_param_type_desc_t ns_bl2u_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, NS_BL2U_HASH_OID);
AUTH_PARAM_HASH, FWU_HASH_OID);
/*
* TBBR Chain of trust definition
......@@ -103,8 +103,8 @@ static const auth_img_desc_t cot_desc[] = {
/*
* BL2
*/
[BL2_CERT_ID] = {
.img_id = BL2_CERT_ID,
[TRUSTED_BOOT_FW_CERT_ID] = {
.img_id = TRUSTED_BOOT_FW_CERT_ID,
.img_type = IMG_CERT,
.parent = NULL,
.img_auth_methods = {
......@@ -120,9 +120,9 @@ static const auth_img_desc_t cot_desc[] = {
},
.authenticated_data = {
[0] = {
.type_desc = &bl2_hash,
.type_desc = &tb_fw_hash,
.data = {
.ptr = (void *)plat_bl2_hash_buf,
.ptr = (void *)tb_fw_hash_buf,
.len = (unsigned int)HASH_DER_LEN
}
}
......@@ -131,13 +131,13 @@ static const auth_img_desc_t cot_desc[] = {
[BL2_IMAGE_ID] = {
.img_id = BL2_IMAGE_ID,
.img_type = IMG_RAW,
.parent = &cot_desc[BL2_CERT_ID],
.parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
.img_auth_methods = {
[0] = {
.type = AUTH_METHOD_HASH,
.param.hash = {
.data = &raw_data,
.hash = &bl2_hash,
.hash = &tb_fw_hash,
}
}
}
......@@ -162,33 +162,33 @@ static const auth_img_desc_t cot_desc[] = {
},
.authenticated_data = {
[0] = {
.type_desc = &tz_world_pk,
.type_desc = &trusted_world_pk,
.data = {
.ptr = (void *)plat_tz_world_pk_buf,
.ptr = (void *)trusted_world_pk_buf,
.len = (unsigned int)PK_DER_LEN
}
},
[1] = {
.type_desc = &ntz_world_pk,
.type_desc = &non_trusted_world_pk,
.data = {
.ptr = (void *)plat_ntz_world_pk_buf,
.ptr = (void *)non_trusted_world_pk_buf,
.len = (unsigned int)PK_DER_LEN
}
}
}
},
/*
* BL3-0
* SCP Firmware
*/
[BL30_KEY_CERT_ID] = {
.img_id = BL30_KEY_CERT_ID,
[SCP_FW_KEY_CERT_ID] = {
.img_id = SCP_FW_KEY_CERT_ID,
.img_type = IMG_CERT,
.parent = &cot_desc[TRUSTED_KEY_CERT_ID],
.img_auth_methods = {
[0] = {
.type = AUTH_METHOD_SIG,
.param.sig = {
.pk = &tz_world_pk,
.pk = &trusted_world_pk,
.sig = &sig,
.alg = &sig_alg,
.data = &raw_data,
......@@ -197,23 +197,23 @@ static const auth_img_desc_t cot_desc[] = {
},
.authenticated_data = {
[0] = {
.type_desc = &bl30_content_pk,
.type_desc = &scp_fw_content_pk,
.data = {
.ptr = (void *)plat_content_pk,
.ptr = (void *)content_pk_buf,
.len = (unsigned int)PK_DER_LEN
}
}
}
},
[BL30_CERT_ID] = {
.img_id = BL30_CERT_ID,
[SCP_FW_CONTENT_CERT_ID] = {
.img_id = SCP_FW_CONTENT_CERT_ID,
.img_type = IMG_CERT,
.parent = &cot_desc[BL30_KEY_CERT_ID],
.parent = &cot_desc[SCP_FW_KEY_CERT_ID],
.img_auth_methods = {
[0] = {
.type = AUTH_METHOD_SIG,
.param.sig = {
.pk = &bl30_content_pk,
.pk = &scp_fw_content_pk,
.sig = &sig,
.alg = &sig_alg,
.data = &raw_data,
......@@ -222,40 +222,40 @@ static const auth_img_desc_t cot_desc[] = {
},
.authenticated_data = {
[0] = {
.type_desc = &bl30_hash,
.type_desc = &scp_fw_hash,
.data = {
.ptr = (void *)plat_bl30_hash_buf,
.ptr = (void *)scp_fw_hash_buf,
.len = (unsigned int)HASH_DER_LEN
}
}
}
},
[BL30_IMAGE_ID] = {
.img_id = BL30_IMAGE_ID,
[SCP_BL2_IMAGE_ID] = {
.img_id = SCP_BL2_IMAGE_ID,
.img_type = IMG_RAW,
.parent = &cot_desc[BL30_CERT_ID],
.parent = &cot_desc[SCP_FW_CONTENT_CERT_ID],
.img_auth_methods = {
[0] = {
.type = AUTH_METHOD_HASH,
.param.hash = {
.data = &raw_data,
.hash = &bl30_hash,
.hash = &scp_fw_hash,
}
}
}
},
/*
* BL3-1
* SoC Firmware
*/
[BL31_KEY_CERT_ID] = {
.img_id = BL31_KEY_CERT_ID,
[SOC_FW_KEY_CERT_ID] = {
.img_id = SOC_FW_KEY_CERT_ID,
.img_type = IMG_CERT,
.parent = &cot_desc[TRUSTED_KEY_CERT_ID],
.img_auth_methods = {
[0] = {
.type = AUTH_METHOD_SIG,
.param.sig = {
.pk = &tz_world_pk,
.pk = &trusted_world_pk,
.sig = &sig,
.alg = &sig_alg,
.data = &raw_data,
......@@ -264,23 +264,23 @@ static const auth_img_desc_t cot_desc[] = {
},
.authenticated_data = {
[0] = {
.type_desc = &bl31_content_pk,
.type_desc = &soc_fw_content_pk,
.data = {
.ptr = (void *)plat_content_pk,
.ptr = (void *)content_pk_buf,
.len = (unsigned int)PK_DER_LEN
}
}
}
},
[BL31_CERT_ID] = {
.img_id = BL31_CERT_ID,
[SOC_FW_CONTENT_CERT_ID] = {
.img_id = SOC_FW_CONTENT_CERT_ID,
.img_type = IMG_CERT,
.parent = &cot_desc[BL31_KEY_CERT_ID],
.parent = &cot_desc[SOC_FW_KEY_CERT_ID],
.img_auth_methods = {
[0] = {
.type = AUTH_METHOD_SIG,
.param.sig = {
.pk = &bl31_content_pk,
.pk = &soc_fw_content_pk,
.sig = &sig,
.alg = &sig_alg,
.data = &raw_data,
......@@ -289,9 +289,9 @@ static const auth_img_desc_t cot_desc[] = {
},
.authenticated_data = {
[0] = {
.type_desc = &bl31_hash,
.type_desc = &soc_fw_hash,
.data = {
.ptr = (void *)plat_bl31_hash_buf,
.ptr = (void *)soc_fw_hash_buf,
.len = (unsigned int)HASH_DER_LEN
}
}
......@@ -300,29 +300,29 @@ static const auth_img_desc_t cot_desc[] = {
[BL31_IMAGE_ID] = {
.img_id = BL31_IMAGE_ID,
.img_type = IMG_RAW,
.parent = &cot_desc[BL31_CERT_ID],
.parent = &cot_desc[SOC_FW_CONTENT_CERT_ID],
.img_auth_methods = {
[0] = {
.type = AUTH_METHOD_HASH,
.param.hash = {
.data = &raw_data,
.hash = &bl31_hash,
.hash = &soc_fw_hash,
}
}
}
},
/*
* BL3-2
* Trusted OS Firmware
*/
[BL32_KEY_CERT_ID] = {
.img_id = BL32_KEY_CERT_ID,
[TRUSTED_OS_FW_KEY_CERT_ID] = {
.img_id = TRUSTED_OS_FW_KEY_CERT_ID,
.img_type = IMG_CERT,
.parent = &cot_desc[TRUSTED_KEY_CERT_ID],
.img_auth_methods = {
[0] = {
.type = AUTH_METHOD_SIG,
.param.sig = {
.pk = &tz_world_pk,
.pk = &trusted_world_pk,
.sig = &sig,
.alg = &sig_alg,
.data = &raw_data,
......@@ -331,23 +331,23 @@ static const auth_img_desc_t cot_desc[] = {
},
.authenticated_data = {
[0] = {
.type_desc = &bl32_content_pk,
.type_desc = &tos_fw_content_pk,
.data = {
.ptr = (void *)plat_content_pk,
.ptr = (void *)content_pk_buf,
.len = (unsigned int)PK_DER_LEN
}
}
}
},
[BL32_CERT_ID] = {
.img_id = BL32_CERT_ID,
[TRUSTED_OS_FW_CONTENT_CERT_ID] = {
.img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
.img_type = IMG_CERT,
.parent = &cot_desc[BL32_KEY_CERT_ID],
.parent = &cot_desc[TRUSTED_OS_FW_KEY_CERT_ID],
.img_auth_methods = {
[0] = {
.type = AUTH_METHOD_SIG,
.param.sig = {
.pk = &bl32_content_pk,
.pk = &tos_fw_content_pk,
.sig = &sig,
.alg = &sig_alg,
.data = &raw_data,
......@@ -356,9 +356,9 @@ static const auth_img_desc_t cot_desc[] = {
},
.authenticated_data = {
[0] = {
.type_desc = &bl32_hash,
.type_desc = &tos_fw_hash,
.data = {
.ptr = (void *)plat_bl32_hash_buf,
.ptr = (void *)tos_fw_hash_buf,
.len = (unsigned int)HASH_DER_LEN
}
}
......@@ -367,29 +367,29 @@ static const auth_img_desc_t cot_desc[] = {
[BL32_IMAGE_ID] = {
.img_id = BL32_IMAGE_ID,
.img_type = IMG_RAW,
.parent = &cot_desc[BL32_CERT_ID],
.parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
.img_auth_methods = {
[0] = {
.type = AUTH_METHOD_HASH,
.param.hash = {
.data = &raw_data,
.hash = &bl32_hash,
.hash = &tos_fw_hash,
}
}
}
},
/*
* BL3-3
* Non-Trusted Firmware
*/
[BL33_KEY_CERT_ID] = {
.img_id = BL33_KEY_CERT_ID,
[NON_TRUSTED_FW_KEY_CERT_ID] = {
.img_id = NON_TRUSTED_FW_KEY_CERT_ID,
.img_type = IMG_CERT,
.parent = &cot_desc[TRUSTED_KEY_CERT_ID],
.img_auth_methods = {
[0] = {
.type = AUTH_METHOD_SIG,
.param.sig = {
.pk = &ntz_world_pk,
.pk = &non_trusted_world_pk,
.sig = &sig,
.alg = &sig_alg,
.data = &raw_data,
......@@ -398,23 +398,23 @@ static const auth_img_desc_t cot_desc[] = {
},
.authenticated_data = {
[0] = {
.type_desc = &bl33_content_pk,
.type_desc = &nt_fw_content_pk,
.data = {
.ptr = (void *)plat_content_pk,
.ptr = (void *)content_pk_buf,
.len = (unsigned int)PK_DER_LEN
}
}
}
},
[BL33_CERT_ID] = {
.img_id = BL33_CERT_ID,
[NON_TRUSTED_FW_CONTENT_CERT_ID] = {
.img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
.img_type = IMG_CERT,
.parent = &cot_desc[BL33_KEY_CERT_ID],
.parent = &cot_desc[NON_TRUSTED_FW_KEY_CERT_ID],
.img_auth_methods = {
[0] = {
.type = AUTH_METHOD_SIG,
.param.sig = {
.pk = &bl33_content_pk,
.pk = &nt_fw_content_pk,
.sig = &sig,
.alg = &sig_alg,
.data = &raw_data,
......@@ -423,9 +423,9 @@ static const auth_img_desc_t cot_desc[] = {
},
.authenticated_data = {
[0] = {
.type_desc = &bl33_hash,
.type_desc = &nt_world_bl_hash,
.data = {
.ptr = (void *)plat_bl33_hash_buf,
.ptr = (void *)nt_world_bl_hash_buf,
.len = (unsigned int)HASH_DER_LEN
}
}
......@@ -434,13 +434,13 @@ static const auth_img_desc_t cot_desc[] = {
[BL33_IMAGE_ID] = {
.img_id = BL33_IMAGE_ID,
.img_type = IMG_RAW,
.parent = &cot_desc[BL33_CERT_ID],
.parent = &cot_desc[NON_TRUSTED_FW_CONTENT_CERT_ID],
.img_auth_methods = {
[0] = {
.type = AUTH_METHOD_HASH,
.param.hash = {
.data = &raw_data,
.hash = &bl33_hash,
.hash = &nt_world_bl_hash,
}
}
}
......@@ -467,21 +467,21 @@ static const auth_img_desc_t cot_desc[] = {
[0] = {
.type_desc = &scp_bl2u_hash,
.data = {
.ptr = (void *)plat_bl30_hash_buf,
.ptr = (void *)scp_fw_hash_buf,
.len = (unsigned int)HASH_DER_LEN
}
},
[1] = {
.type_desc = &bl2u_hash,
.data = {
.ptr = (void *)plat_bl2_hash_buf,
.ptr = (void *)tb_fw_hash_buf,
.len = (unsigned int)HASH_DER_LEN
}
},
[2] = {
.type_desc = &ns_bl2u_hash,
.data = {
.ptr = (void *)plat_bl33_hash_buf,
.ptr = (void *)nt_world_bl_hash_buf,
.len = (unsigned int)HASH_DER_LEN
}
}
......
include/common/bl_common.h
View file @ 31d5e7f5
......@@ -245,14 +245,14 @@ typedef struct image_desc {
* This structure represents the superset of information that can be passed to
* BL31 e.g. while passing control to it from BL2. The BL32 parameters will be
* populated only if BL2 detects its presence. A pointer to a structure of this
* type should be passed in X0 to BL3-1's cold boot entrypoint.
* type should be passed in X0 to BL31's cold boot entrypoint.
*
* Use of this structure and the X0 parameter is not mandatory: the BL3-1
* Use of this structure and the X0 parameter is not mandatory: the BL31
* platform code can use other mechanisms to provide the necessary information
* about BL3-2 and BL3-3 to the common and SPD code.
* about BL32 and BL33 to the common and SPD code.
*
* BL3-1 image information is mandatory if this structure is used. If either of
* the optional BL3-2 and BL3-3 image information is not provided, this is
* BL31 image information is mandatory if this structure is used. If either of
* the optional BL32 and BL33 image information is not provided, this is
* indicated by the respective image_info pointers being zero.
******************************************************************************/
typedef struct bl31_params {
......
include/common/el3_common_macros.S
View file @ 31d5e7f5
......@@ -104,7 +104,7 @@
/* -----------------------------------------------------------------------------
* This is the super set of actions that need to be performed during a cold boot
* or a warm boot in EL3. This code is shared by BL1 and BL3-1.
* or a warm boot in EL3. This code is shared by BL1 and BL31.
*
* This macro will always perform reset handling, architectural initialisations
* and stack setup. The rest of the actions are optional because they might not
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment