1 /*
2 * Copyright (c) 2019-2021, ARM Limited. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8
9 #include <common/debug.h>
10 #include <common/fdt_wrappers.h>
11 #include <drivers/io/io_storage.h>
12 #include <drivers/partition/partition.h>
13 #include <lib/object_pool.h>
14 #include <libfdt.h>
15 #include <tools_share/firmware_image_package.h>
16
17 #include <plat/arm/common/arm_fconf_getter.h>
18 #include <plat/arm/common/arm_fconf_io_storage.h>
19 #include <platform_def.h>
20
21 #if PSA_FWU_SUPPORT
22 /* metadata entry details */
23 static io_block_spec_t fwu_metadata_spec;
24 #endif /* PSA_FWU_SUPPORT */
25
26 io_block_spec_t fip_block_spec = {
27 /*
28 * This is fixed FIP address used by BL1, BL2 loads partition table
29 * to get FIP address.
30 */
31 #if ARM_GPT_SUPPORT
32 .offset = PLAT_ARM_FLASH_IMAGE_BASE + PLAT_ARM_FIP_OFFSET_IN_GPT,
33 #else
34 .offset = PLAT_ARM_FLASH_IMAGE_BASE,
35 #endif /* ARM_GPT_SUPPORT */
36 .length = PLAT_ARM_FLASH_IMAGE_MAX_SIZE
37 };
38
39 #if ARM_GPT_SUPPORT
40 static const io_block_spec_t gpt_spec = {
41 .offset = PLAT_ARM_FLASH_IMAGE_BASE,
42 /*
43 * PLAT_PARTITION_BLOCK_SIZE = 512
44 * PLAT_PARTITION_MAX_ENTRIES = 128
45 * each sector has 4 partition entries, and there are
46 * 2 reserved sectors i.e. protective MBR and primary
47 * GPT header hence length gets calculated as,
48 * length = 512 * (128/4 + 2)
49 */
50 .length = PLAT_PARTITION_BLOCK_SIZE *
51 (PLAT_PARTITION_MAX_ENTRIES / 4 + 2),
52 };
53 #endif /* ARM_GPT_SUPPORT */
54
55 const io_uuid_spec_t arm_uuid_spec[MAX_NUMBER_IDS] = {
56 [BL2_IMAGE_ID] = {UUID_TRUSTED_BOOT_FIRMWARE_BL2},
57 [TB_FW_CONFIG_ID] = {UUID_TB_FW_CONFIG},
58 [FW_CONFIG_ID] = {UUID_FW_CONFIG},
59 #if !ARM_IO_IN_DTB
60 [SCP_BL2_IMAGE_ID] = {UUID_SCP_FIRMWARE_SCP_BL2},
61 [BL31_IMAGE_ID] = {UUID_EL3_RUNTIME_FIRMWARE_BL31},
62 [BL32_IMAGE_ID] = {UUID_SECURE_PAYLOAD_BL32},
63 [BL32_EXTRA1_IMAGE_ID] = {UUID_SECURE_PAYLOAD_BL32_EXTRA1},
64 [BL32_EXTRA2_IMAGE_ID] = {UUID_SECURE_PAYLOAD_BL32_EXTRA2},
65 [BL33_IMAGE_ID] = {UUID_NON_TRUSTED_FIRMWARE_BL33},
66 [HW_CONFIG_ID] = {UUID_HW_CONFIG},
67 [SOC_FW_CONFIG_ID] = {UUID_SOC_FW_CONFIG},
68 [TOS_FW_CONFIG_ID] = {UUID_TOS_FW_CONFIG},
69 [NT_FW_CONFIG_ID] = {UUID_NT_FW_CONFIG},
70 #endif /* ARM_IO_IN_DTB */
71 #if TRUSTED_BOARD_BOOT
72 [TRUSTED_BOOT_FW_CERT_ID] = {UUID_TRUSTED_BOOT_FW_CERT},
73 #if !ARM_IO_IN_DTB
74 [TRUSTED_KEY_CERT_ID] = {UUID_TRUSTED_KEY_CERT},
75 [SCP_FW_KEY_CERT_ID] = {UUID_SCP_FW_KEY_CERT},
76 [SOC_FW_KEY_CERT_ID] = {UUID_SOC_FW_KEY_CERT},
77 [TRUSTED_OS_FW_KEY_CERT_ID] = {UUID_TRUSTED_OS_FW_KEY_CERT},
78 [NON_TRUSTED_FW_KEY_CERT_ID] = {UUID_NON_TRUSTED_FW_KEY_CERT},
79 [SCP_FW_CONTENT_CERT_ID] = {UUID_SCP_FW_CONTENT_CERT},
80 [SOC_FW_CONTENT_CERT_ID] = {UUID_SOC_FW_CONTENT_CERT},
81 [TRUSTED_OS_FW_CONTENT_CERT_ID] = {UUID_TRUSTED_OS_FW_CONTENT_CERT},
82 [NON_TRUSTED_FW_CONTENT_CERT_ID] = {UUID_NON_TRUSTED_FW_CONTENT_CERT},
83 #if defined(SPD_spmd)
84 [SIP_SP_CONTENT_CERT_ID] = {UUID_SIP_SECURE_PARTITION_CONTENT_CERT},
85 [PLAT_SP_CONTENT_CERT_ID] = {UUID_PLAT_SECURE_PARTITION_CONTENT_CERT},
86 #endif
87 #endif /* ARM_IO_IN_DTB */
88 #endif /* TRUSTED_BOARD_BOOT */
89 };
90
91 /* By default, ARM platforms load images from the FIP */
92 struct plat_io_policy policies[MAX_NUMBER_IDS] = {
93 #if ARM_GPT_SUPPORT
94 [GPT_IMAGE_ID] = {
95 &memmap_dev_handle,
96 (uintptr_t)&gpt_spec,
97 open_memmap
98 },
99 #endif /* ARM_GPT_SUPPORT */
100 #if PSA_FWU_SUPPORT
101 [FWU_METADATA_IMAGE_ID] = {
102 &memmap_dev_handle,
103 /* filled runtime from partition information */
104 (uintptr_t)&fwu_metadata_spec,
105 open_memmap
106 },
107 [BKUP_FWU_METADATA_IMAGE_ID] = {
108 &memmap_dev_handle,
109 /* filled runtime from partition information */
110 (uintptr_t)&fwu_metadata_spec,
111 open_memmap
112 },
113 #endif /* PSA_FWU_SUPPORT */
114 [FIP_IMAGE_ID] = {
115 &memmap_dev_handle,
116 (uintptr_t)&fip_block_spec,
117 open_memmap
118 },
119 [BL2_IMAGE_ID] = {
120 &fip_dev_handle,
121 (uintptr_t)&arm_uuid_spec[BL2_IMAGE_ID],
122 open_fip
123 },
124 [TB_FW_CONFIG_ID] = {
125 &fip_dev_handle,
126 (uintptr_t)&arm_uuid_spec[TB_FW_CONFIG_ID],
127 open_fip
128 },
129 [FW_CONFIG_ID] = {
130 &fip_dev_handle,
131 (uintptr_t)&arm_uuid_spec[FW_CONFIG_ID],
132 open_fip
133 },
134 #if !ARM_IO_IN_DTB
135 [SCP_BL2_IMAGE_ID] = {
136 &fip_dev_handle,
137 (uintptr_t)&arm_uuid_spec[SCP_BL2_IMAGE_ID],
138 open_fip
139 },
140 [BL31_IMAGE_ID] = {
141 &fip_dev_handle,
142 (uintptr_t)&arm_uuid_spec[BL31_IMAGE_ID],
143 open_fip
144 },
145 [BL32_IMAGE_ID] = {
146 &fip_dev_handle,
147 (uintptr_t)&arm_uuid_spec[BL32_IMAGE_ID],
148 open_fip
149 },
150 [BL32_EXTRA1_IMAGE_ID] = {
151 &fip_dev_handle,
152 (uintptr_t)&arm_uuid_spec[BL32_EXTRA1_IMAGE_ID],
153 open_fip
154 },
155 [BL32_EXTRA2_IMAGE_ID] = {
156 &fip_dev_handle,
157 (uintptr_t)&arm_uuid_spec[BL32_EXTRA2_IMAGE_ID],
158 open_fip
159 },
160 [BL33_IMAGE_ID] = {
161 &fip_dev_handle,
162 (uintptr_t)&arm_uuid_spec[BL33_IMAGE_ID],
163 open_fip
164 },
165 [HW_CONFIG_ID] = {
166 &fip_dev_handle,
167 (uintptr_t)&arm_uuid_spec[HW_CONFIG_ID],
168 open_fip
169 },
170 [SOC_FW_CONFIG_ID] = {
171 &fip_dev_handle,
172 (uintptr_t)&arm_uuid_spec[SOC_FW_CONFIG_ID],
173 open_fip
174 },
175 [TOS_FW_CONFIG_ID] = {
176 &fip_dev_handle,
177 (uintptr_t)&arm_uuid_spec[TOS_FW_CONFIG_ID],
178 open_fip
179 },
180 [NT_FW_CONFIG_ID] = {
181 &fip_dev_handle,
182 (uintptr_t)&arm_uuid_spec[NT_FW_CONFIG_ID],
183 open_fip
184 },
185 #endif /* ARM_IO_IN_DTB */
186 #if TRUSTED_BOARD_BOOT
187 [TRUSTED_BOOT_FW_CERT_ID] = {
188 &fip_dev_handle,
189 (uintptr_t)&arm_uuid_spec[TRUSTED_BOOT_FW_CERT_ID],
190 open_fip
191 },
192 #if !ARM_IO_IN_DTB
193 [TRUSTED_KEY_CERT_ID] = {
194 &fip_dev_handle,
195 (uintptr_t)&arm_uuid_spec[TRUSTED_KEY_CERT_ID],
196 open_fip
197 },
198 [SCP_FW_KEY_CERT_ID] = {
199 &fip_dev_handle,
200 (uintptr_t)&arm_uuid_spec[SCP_FW_KEY_CERT_ID],
201 open_fip
202 },
203 [SOC_FW_KEY_CERT_ID] = {
204 &fip_dev_handle,
205 (uintptr_t)&arm_uuid_spec[SOC_FW_KEY_CERT_ID],
206 open_fip
207 },
208 [TRUSTED_OS_FW_KEY_CERT_ID] = {
209 &fip_dev_handle,
210 (uintptr_t)&arm_uuid_spec[TRUSTED_OS_FW_KEY_CERT_ID],
211 open_fip
212 },
213 [NON_TRUSTED_FW_KEY_CERT_ID] = {
214 &fip_dev_handle,
215 (uintptr_t)&arm_uuid_spec[NON_TRUSTED_FW_KEY_CERT_ID],
216 open_fip
217 },
218 [SCP_FW_CONTENT_CERT_ID] = {
219 &fip_dev_handle,
220 (uintptr_t)&arm_uuid_spec[SCP_FW_CONTENT_CERT_ID],
221 open_fip
222 },
223 [SOC_FW_CONTENT_CERT_ID] = {
224 &fip_dev_handle,
225 (uintptr_t)&arm_uuid_spec[SOC_FW_CONTENT_CERT_ID],
226 open_fip
227 },
228 [TRUSTED_OS_FW_CONTENT_CERT_ID] = {
229 &fip_dev_handle,
230 (uintptr_t)&arm_uuid_spec[TRUSTED_OS_FW_CONTENT_CERT_ID],
231 open_fip
232 },
233 [NON_TRUSTED_FW_CONTENT_CERT_ID] = {
234 &fip_dev_handle,
235 (uintptr_t)&arm_uuid_spec[NON_TRUSTED_FW_CONTENT_CERT_ID],
236 open_fip
237 },
238 #if defined(SPD_spmd)
239 [SIP_SP_CONTENT_CERT_ID] = {
240 &fip_dev_handle,
241 (uintptr_t)&arm_uuid_spec[SIP_SP_CONTENT_CERT_ID],
242 open_fip
243 },
244 [PLAT_SP_CONTENT_CERT_ID] = {
245 &fip_dev_handle,
246 (uintptr_t)&arm_uuid_spec[PLAT_SP_CONTENT_CERT_ID],
247 open_fip
248 },
249 #endif
250 #endif /* ARM_IO_IN_DTB */
251 #endif /* TRUSTED_BOARD_BOOT */
252 };
253
254 #ifdef IMAGE_BL2
255
256 #if TRUSTED_BOARD_BOOT
257 #define FCONF_ARM_IO_UUID_NUMBER U(21)
258 #else
259 #define FCONF_ARM_IO_UUID_NUMBER U(10)
260 #endif
261
262 static io_uuid_spec_t fconf_arm_uuids[FCONF_ARM_IO_UUID_NUMBER];
263 static OBJECT_POOL_ARRAY(fconf_arm_uuids_pool, fconf_arm_uuids);
264
265 struct policies_load_info {
266 unsigned int image_id;
267 const char *name;
268 };
269
270 /* image id to property name table */
271 static const struct policies_load_info load_info[FCONF_ARM_IO_UUID_NUMBER] = {
272 {SCP_BL2_IMAGE_ID, "scp_bl2_uuid"},
273 {BL31_IMAGE_ID, "bl31_uuid"},
274 {BL32_IMAGE_ID, "bl32_uuid"},
275 {BL32_EXTRA1_IMAGE_ID, "bl32_extra1_uuid"},
276 {BL32_EXTRA2_IMAGE_ID, "bl32_extra2_uuid"},
277 {BL33_IMAGE_ID, "bl33_uuid"},
278 {HW_CONFIG_ID, "hw_cfg_uuid"},
279 {SOC_FW_CONFIG_ID, "soc_fw_cfg_uuid"},
280 {TOS_FW_CONFIG_ID, "tos_fw_cfg_uuid"},
281 {NT_FW_CONFIG_ID, "nt_fw_cfg_uuid"},
282 #if TRUSTED_BOARD_BOOT
283 {TRUSTED_KEY_CERT_ID, "t_key_cert_uuid"},
284 {SCP_FW_KEY_CERT_ID, "scp_fw_key_uuid"},
285 {SOC_FW_KEY_CERT_ID, "soc_fw_key_uuid"},
286 {TRUSTED_OS_FW_KEY_CERT_ID, "tos_fw_key_cert_uuid"},
287 {NON_TRUSTED_FW_KEY_CERT_ID, "nt_fw_key_cert_uuid"},
288 {SCP_FW_CONTENT_CERT_ID, "scp_fw_content_cert_uuid"},
289 {SOC_FW_CONTENT_CERT_ID, "soc_fw_content_cert_uuid"},
290 {TRUSTED_OS_FW_CONTENT_CERT_ID, "tos_fw_content_cert_uuid"},
291 {NON_TRUSTED_FW_CONTENT_CERT_ID, "nt_fw_content_cert_uuid"},
292 #if defined(SPD_spmd)
293 {SIP_SP_CONTENT_CERT_ID, "sip_sp_content_cert_uuid"},
294 {PLAT_SP_CONTENT_CERT_ID, "plat_sp_content_cert_uuid"},
295 #endif
296 #endif /* TRUSTED_BOARD_BOOT */
297 };
298
fconf_populate_arm_io_policies(uintptr_t config)299 int fconf_populate_arm_io_policies(uintptr_t config)
300 {
301 int err, node;
302 unsigned int i;
303
304 union uuid_helper_t uuid_helper;
305 io_uuid_spec_t *uuid_ptr;
306
307 /* As libfdt uses void *, we can't avoid this cast */
308 const void *dtb = (void *)config;
309
310 /* Assert the node offset point to "arm,io-fip-handle" compatible property */
311 const char *compatible_str = "arm,io-fip-handle";
312 node = fdt_node_offset_by_compatible(dtb, -1, compatible_str);
313 if (node < 0) {
314 ERROR("FCONF: Can't find %s compatible in dtb\n", compatible_str);
315 return node;
316 }
317
318 /* Locate the uuid cells and read the value for all the load info uuid */
319 for (i = 0; i < FCONF_ARM_IO_UUID_NUMBER; i++) {
320 uuid_ptr = pool_alloc(&fconf_arm_uuids_pool);
321 err = fdtw_read_uuid(dtb, node, load_info[i].name, 16,
322 (uint8_t *)&uuid_helper);
323 if (err < 0) {
324 WARN("FCONF: Read cell failed for %s\n", load_info[i].name);
325 return err;
326 }
327
328 VERBOSE("FCONF: arm-io_policies.%s cell found with value = "
329 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n",
330 load_info[i].name,
331 uuid_helper.uuid_struct.time_low[0], uuid_helper.uuid_struct.time_low[1],
332 uuid_helper.uuid_struct.time_low[2], uuid_helper.uuid_struct.time_low[3],
333 uuid_helper.uuid_struct.time_mid[0], uuid_helper.uuid_struct.time_mid[1],
334 uuid_helper.uuid_struct.time_hi_and_version[0],
335 uuid_helper.uuid_struct.time_hi_and_version[1],
336 uuid_helper.uuid_struct.clock_seq_hi_and_reserved,
337 uuid_helper.uuid_struct.clock_seq_low,
338 uuid_helper.uuid_struct.node[0], uuid_helper.uuid_struct.node[1],
339 uuid_helper.uuid_struct.node[2], uuid_helper.uuid_struct.node[3],
340 uuid_helper.uuid_struct.node[4], uuid_helper.uuid_struct.node[5]);
341
342 uuid_ptr->uuid = uuid_helper.uuid_struct;
343 policies[load_info[i].image_id].image_spec = (uintptr_t)uuid_ptr;
344 policies[load_info[i].image_id].dev_handle = &fip_dev_handle;
345 policies[load_info[i].image_id].check = open_fip;
346 }
347 return 0;
348 }
349
350 #if ARM_IO_IN_DTB
351 FCONF_REGISTER_POPULATOR(TB_FW, arm_io, fconf_populate_arm_io_policies);
352 #endif /* ARM_IO_IN_DTB */
353
354 #endif /* IMAGE_BL2 */
355