Commit ce2b1ec6 authored by Manish Pandey's avatar Manish Pandey
Browse files

SPMD: generate and add Secure Partition blobs into FIP



Till now TF-A allows limited number of external images to be made part
of FIP. With SPM coming along, there may exist multiple SP packages
which need to be inserted into FIP. To achieve this we need a more
scalable approach to feed SP packages to FIP.

This patch introduces changes in build system to generate and add SP
packages into FIP based on information provided by platform.
Platform provides information in form of JSON which contains layout
description of available Secure Partitions.
JSON parser script is invoked by build system early on and generates
a makefile which updates FIP, SPTOOL and FDT arguments which will be
used by build system later on for final packaging.

"SP_LAYOUT_FILE" passed as a build argument and can be outside of TF-A
tree. This option will be used only when SPD=spmd.

For each SP, generated makefile will have following entries
     - FDT_SOURCES	+=	sp1.dts
     - SPTOOL_ARGS	+= 	-i sp1.img:sp1.dtb -o sp1.pkg
     - FIP_ARGS		+=	--blob uuid=XXXX-XXX...,file=SP1.pkg
Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
Change-Id: Ib6a9c064400caa3cd825d9886008a3af67741af7
parent 9c87e59e
...@@ -701,6 +701,7 @@ FIPTOOL ?= ${FIPTOOLPATH}/fiptool${BIN_EXT} ...@@ -701,6 +701,7 @@ FIPTOOL ?= ${FIPTOOLPATH}/fiptool${BIN_EXT}
# Variables for use with sptool # Variables for use with sptool
SPTOOLPATH ?= tools/sptool SPTOOLPATH ?= tools/sptool
SPTOOL ?= ${SPTOOLPATH}/sptool${BIN_EXT} SPTOOL ?= ${SPTOOLPATH}/sptool${BIN_EXT}
SP_MK_GEN ?= ${SPTOOLPATH}/sp_mk_generator.py
# Variables for use with ROMLIB # Variables for use with ROMLIB
ROMLIBPATH ?= lib/romlib ROMLIBPATH ?= lib/romlib
...@@ -889,11 +890,22 @@ ifneq ($(findstring armlink,$(notdir $(LD))),) ...@@ -889,11 +890,22 @@ ifneq ($(findstring armlink,$(notdir $(LD))),)
$(eval $(call add_define,USE_ARM_LINK)) $(eval $(call add_define,USE_ARM_LINK))
endif endif
# Generate and include sp_gen.mk if SPD is spmd and SP_LAYOUT_FILE is defined
ifdef SP_LAYOUT_FILE
ifeq (${SPD},spmd)
-include $(BUILD_PLAT)/sp_gen.mk
FIP_DEPS += sp
NEED_SP_PKG := yes
else
$(error "SP_LAYOUT_FILE will be used only if SPD=spmd")
endif
endif
################################################################################ ################################################################################
# Build targets # Build targets
################################################################################ ################################################################################
.PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip fwu_fip certtool dtbs memmap doc .PHONY: all msg_start clean realclean distclean cscope locate-checkpatch checkcodebase checkpatch fiptool sptool fip sp fwu_fip certtool dtbs memmap doc
.SUFFIXES: .SUFFIXES:
all: msg_start all: msg_start
...@@ -971,6 +983,17 @@ ifeq (${NEED_FDT},yes) ...@@ -971,6 +983,17 @@ ifeq (${NEED_FDT},yes)
$(eval $(call MAKE_DTBS,$(BUILD_PLAT)/fdts,$(FDT_SOURCES))) $(eval $(call MAKE_DTBS,$(BUILD_PLAT)/fdts,$(FDT_SOURCES)))
endif endif
# Add Secure Partition packages
ifeq (${NEED_SP_PKG},yes)
$(BUILD_PLAT)/sp_gen.mk: ${SP_MK_GEN} ${SP_LAYOUT_FILE} | ${BUILD_PLAT}
${Q}${PYTHON} "$<" "$@" $(filter-out $<,$^) $(BUILD_PLAT)
sp: $(SPTOOL) $(DTBS) $(BUILD_PLAT)/sp_gen.mk
${Q}$(SPTOOL) $(SPTOOL_ARGS)
@${ECHO_BLANK_LINE}
@echo "Built SP Images successfully"
@${ECHO_BLANK_LINE}
endif
locate-checkpatch: locate-checkpatch:
ifndef CHECKPATCH ifndef CHECKPATCH
$(error "Please set CHECKPATCH to point to the Linux checkpatch.pl file, eg: CHECKPATCH=../linux/scripts/checkpatch.pl") $(error "Please set CHECKPATCH to point to the Linux checkpatch.pl file, eg: CHECKPATCH=../linux/scripts/checkpatch.pl")
...@@ -1132,6 +1155,7 @@ help: ...@@ -1132,6 +1155,7 @@ help:
@echo " distclean Remove all build artifacts for all platforms" @echo " distclean Remove all build artifacts for all platforms"
@echo " certtool Build the Certificate generation tool" @echo " certtool Build the Certificate generation tool"
@echo " fiptool Build the Firmware Image Package (FIP) creation tool" @echo " fiptool Build the Firmware Image Package (FIP) creation tool"
@echo " sp Build the Secure Partition Packages"
@echo " sptool Build the Secure Partition Package creation tool" @echo " sptool Build the Secure Partition Package creation tool"
@echo " dtbs Build the Device Tree Blobs (if required for the platform)" @echo " dtbs Build the Device Tree Blobs (if required for the platform)"
@echo " memmap Print the memory map of the built binaries" @echo " memmap Print the memory map of the built binaries"
......
...@@ -522,6 +522,11 @@ Common build options ...@@ -522,6 +522,11 @@ Common build options
- ``SPM_MM`` : Boolean option to enable the Management Mode (MM)-based Secure - ``SPM_MM`` : Boolean option to enable the Management Mode (MM)-based Secure
Partition Manager (SPM) implementation. The default value is ``0``. Partition Manager (SPM) implementation. The default value is ``0``.
- ``SP_LAYOUT_FILE``: Platform provided path to JSON file containing the
description of secure partitions. Build system will parse this file and
package all secure partition blobs in FIP. This file not necessarily be
part of TF-A tree. Only avaialbe when ``SPD=spmd``.
- ``SP_MIN_WITH_SECURE_FIQ``: Boolean flag to indicate the SP_MIN handles - ``SP_MIN_WITH_SECURE_FIQ``: Boolean flag to indicate the SP_MIN handles
secure interrupts (caught through the FIQ line). Platforms can enable secure interrupts (caught through the FIQ line). Platforms can enable
this directive if they need to handle such interruption. When enabled, this directive if they need to handle such interruption. When enabled,
......
#!/usr/bin/python3
# Copyright (c) 2020, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
"""
This script is invoked by Make system and generates secure partition makefile.
It expects platform provided secure partition layout file which contains list
of Secure Partition Images and Partition manifests(PM).
Layout file can exist outside of TF-A tree and the paths of Image and PM files
must be relative to it.
This script parses the layout file and generates a make file which updates
FDT_SOURCES, FIP_ARGS and SPTOOL_ARGS which are used in later build steps.
This script also gets SP "uuid" from parsing its PM and converting it to a
standard format.
param1: Generated mk file "sp_gen.mk"
param2: "SP_LAYOUT_FILE", json file containing platform provided information
param3: plat out directory
Generated "sp_gen.mk" file contains triplet of following information for each
Secure Partition entry
FDT_SOURCES += sp1.dts
SPTOOL_ARGS += -i sp1.bin:sp1.dtb -o sp1.pkg
FIP_ARGS += --blob uuid=XXXXX-XXX...,file=sp1.pkg
A typical SP_LAYOUT_FILE file will look like
{
"SP1" : {
"image": "sp1.bin",
"pm": "test/sp1.dts"
},
"SP2" : {
"image": "sp2.bin",
"pm": "test/sp2.dts"
}
...
}
"""
import getopt
import json
import os
import re
import sys
import uuid
with open(sys.argv[2],'r') as in_file:
data = json.load(in_file)
json_file = os.path.abspath(sys.argv[2])
json_dir = os.path.dirname(json_file)
gen_file = sys.argv[1]
out_dir = sys.argv[3][2:]
dtb_dir = out_dir + "/fdts/"
print(dtb_dir)
with open(gen_file, 'w') as out_file:
for key in data.keys():
"""
Append FDT_SOURCES
"""
dts = os.path.join(json_dir, data[key]['pm'])
dtb = dtb_dir + os.path.basename(data[key]['pm'][:-1] + "b")
out_file.write("FDT_SOURCES += " + dts + "\n")
"""
Update SPTOOL_ARGS
"""
dst = out_dir + "/" + key + ".pkg"
src = [ json_dir + "/" + data[key]['image'] , dtb ]
out_file.write("SPTOOL_ARGS += -i " + ":".join(src) + " -o " + dst + "\n")
"""
Extract uuid from partition manifest
"""
pm_file = open(dts)
key = "uuid"
for line in pm_file:
if key in line:
uuid_hex = re.findall(r'\<(.+?)\>', line)[0];
# PM has uuid in format 0xABC... 0x... 0x... 0x...
# Get rid of '0x' and spaces and convert to string of hex digits
uuid_hex = uuid_hex.replace('0x','').replace(' ','')
# make UUID from a string of hex digits
uuid_std = uuid.UUID(uuid_hex)
# convert UUID to a string of hex digits in standard form
uuid_std = str(uuid_std)
"""
Append FIP_ARGS
"""
out_file.write("FIP_ARGS += --blob uuid=" + uuid_std + ",file=" + dst + "\n")
out_file.write("\n")
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment