- 09 Jun, 2020 1 commit
-
-
Manish Pandey authored
A new certificate "sip-sp-cert" has been added for Silicon Provider(SiP) owned Secure Partitions(SP). A similar support for Platform owned SP can be added in future. The certificate is also protected against anti- rollback using the trusted Non-Volatile counter. To avoid deviating from TBBR spec, support for SP CoT is only provided in dualroot. Secure Partition content certificate is assigned image ID 31 and SP images follows after it. The CoT for secure partition look like below. +------------------+ +-------------------+ | ROTPK/ROTPK Hash |------>| Trusted Key | +------------------+ | Certificate | | (Auth Image) | /+-------------------+ / | / | / | / | L v +------------------+ +-------------------+ | Trusted World |------>| SiP owned SPs | | Public Key | | Content Cert | +------------------+ | (Auth Image) | / +-------------------+ / | / v| +------------------+ L +-------------------+ | SP_PKG1 Hash |------>| SP_PKG1 | | | | (Data Image) | +------------------+ +-------------------+ . . . . . . +------------------+ +-------------------+ | SP_PKG8 Hash |------>| SP_PKG8 | | | | (Data Image) | +------------------+ +-------------------+ Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ia31546bac1327a3e0b5d37e8b99c808442d5e53f
-
- 29 Apr, 2020 1 commit
-
-
Andre Przywara authored
Our fdtw_read_cells() implementation goes to great lengths to sanity-check every parameter and result, but leaves a big hole open: The size of the storage the value pointer points at needs to match the number of cells given. This can't be easily checked at compile time, since we lose the size information by using a void pointer. Regardless the current usage of this function is somewhat wrong anyways, since we use it on single-element, fixed-length properties only, for which the DT binding specifies the size. Typically we use those functions dealing with a number of cells in DT context to deal with *dynamically* sized properties, which depend on other properties (#size-cells, #clock-cells, ...), to specify the number of cells needed. Another problem with the current implementation is the use of ambiguously sized types (uintptr_t, size_t) together with a certain expectation about their size. In general there is no relation between the length of a DT property and the bitness of the code that parses the DTB: AArch64 code could encounter 32-bit addresses (where the physical address space is limited to 4GB [1]), while AArch32 code could read 64-bit sized properties (/memory nodes on LPAE systems, [2]). To make this more clear, fix the potential issues and also align more with other DT users (Linux and U-Boot), introduce functions to explicitly read uint32 and uint64 properties. As the other DT consumers, we do this based on the generic "read array" function. Convert all users to use either of those two new functions, and make sure we never use a pointer to anything other than uint32_t or uint64_t variables directly. This reveals (and fixes) a bug in plat_spmd_manifest.c, where we write 4 bytes into a uint16_t variable (passed via a void pointer). Also we change the implementation of the function to better align with other libfdt users, by using the right types (fdt32_t) and common variable names (*prop, prop_names). [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi#n874 [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm/boot/dts/ecx-2000.dts Change-Id: I718de960515117ac7a3331a1b177d2ec224a3890 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
- 28 Apr, 2020 1 commit
-
-
Andre Przywara authored
Currently our fdtw_read_array() implementation requires the length of the property to exactly match the requested size, which makes it less flexible for parsing generic device trees. Also the name is slightly misleading, since we treat the cells of the array as 32 bit unsigned integers, performing the endianess conversion. To fix those issues and align the code more with other DT users (Linux kernel or U-Boot), rename the function to "fdt_read_uint32_array", and relax the length check to only check if the property covers at least the number of cells we request. This also changes the variable names to be more in-line with other DT users, and switches to the proper data types. This makes this function more useful in later patches. Change-Id: Id86f4f588ffcb5106d4476763ecdfe35a735fa6c Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
- 11 Mar, 2020 1 commit
-
-
Madhukar Pappireddy authored
A populate() function essentially captures the value of a property, defined by a platform, into a fconf related c structure. Such a callback is usually platform specific and is associated to a specific configuration source. For example, a populate() function which captures the hardware topology of the platform can only parse HW_CONFIG DTB. Hence each populator function must be registered with a specific 'config_type' identifier. It broadly represents a logical grouping of configuration properties which is usually a device tree source file. Example: > TB_FW: properties related to trusted firmware such as IO policies, base address of other DTBs, mbedtls heap info etc. > HW_CONFIG: properties related to hardware configuration of the SoC such as topology, GIC controller, PSCI hooks, CPU ID etc. This patch modifies FCONF_REGISTER_POPULATOR macro and fconf_populate() to register and invoke the appropriate callbacks selectively based on configuration type. Change-Id: I6f63b1fd7a8729c6c9137d5b63270af1857bb44a Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 04 Mar, 2020 1 commit
-
-
Manish Pandey authored
This patch implements loading of Secure Partition packages using existing framework of loading other bl images. The current framework uses a statically defined array to store all the possible image types and at run time generates a link list and traverse through it to load different images. To load SPs, a new array of fixed size is introduced which will be dynamically populated based on number of SPs available in the system and it will be appended to the loadable images list. Change-Id: I8309f63595f2a71b28a73b922d20ccba9c4f6ae4 Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
-
- 03 Mar, 2020 1 commit
-
-
Olivier Deprez authored
Use the firmware configuration framework to retrieve information about Secure Partitions to facilitate loading them into memory. To load a SP image we need UUID look-up into FIP and the load address where it needs to be loaded in memory. This patch introduces a SP populator function which gets UUID and load address from firmware config device tree and updates its C data structure. Change-Id: I17faec41803df9a76712dcc8b67cadb1c9daf8cd Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
-