1 /*
2 * Copyright (c) 2019-2023, ARM Limited. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8
9 #include <common/debug.h>
10 #include <common/fdt_wrappers.h>
11 #include <drivers/io/io_storage.h>
12 #include <drivers/partition/partition.h>
13 #include <lib/object_pool.h>
14 #include <libfdt.h>
15 #include <tools_share/firmware_image_package.h>
16
17 #include <plat/arm/common/arm_fconf_getter.h>
18 #include <plat/arm/common/arm_fconf_io_storage.h>
19 #include <platform_def.h>
20
21 #if PSA_FWU_SUPPORT
22 /* metadata entry details */
23 static io_block_spec_t fwu_metadata_spec;
24 #endif /* PSA_FWU_SUPPORT */
25
26 io_block_spec_t fip_block_spec = {
27 /*
28 * This is fixed FIP address used by BL1, BL2 loads partition table
29 * to get FIP address.
30 */
31 #if ARM_GPT_SUPPORT
32 .offset = PLAT_ARM_FLASH_IMAGE_BASE + PLAT_ARM_FIP_OFFSET_IN_GPT,
33 #else
34 .offset = PLAT_ARM_FLASH_IMAGE_BASE,
35 #endif /* ARM_GPT_SUPPORT */
36 .length = PLAT_ARM_FLASH_IMAGE_MAX_SIZE
37 };
38
39 #if ARM_GPT_SUPPORT
40 static const io_block_spec_t gpt_spec = {
41 .offset = PLAT_ARM_FLASH_IMAGE_BASE,
42 /*
43 * PLAT_PARTITION_BLOCK_SIZE = 512
44 * PLAT_PARTITION_MAX_ENTRIES = 128
45 * each sector has 4 partition entries, and there are
46 * 2 reserved sectors i.e. protective MBR and primary
47 * GPT header hence length gets calculated as,
48 * length = PLAT_PARTITION_BLOCK_SIZE * (128/4 + 2)
49 */
50 .length = LBA(PLAT_PARTITION_MAX_ENTRIES / 4 + 2),
51 };
52
53 /*
54 * length will be assigned at runtime based on MBR header data.
55 * Backup GPT Header is present in Last LBA-1 and its entries
56 * are last 32 blocks starts at LBA-33, On runtime update these
57 * before device usage. Update offset to beginning LBA-33 and
58 * length to LBA-33.
59 */
60 static io_block_spec_t bkup_gpt_spec = {
61 .offset = PLAT_ARM_FLASH_IMAGE_BASE,
62 .length = 0,
63 };
64 #endif /* ARM_GPT_SUPPORT */
65
66 const io_uuid_spec_t arm_uuid_spec[MAX_NUMBER_IDS] = {
67 [BL2_IMAGE_ID] = {UUID_TRUSTED_BOOT_FIRMWARE_BL2},
68 [TB_FW_CONFIG_ID] = {UUID_TB_FW_CONFIG},
69 [FW_CONFIG_ID] = {UUID_FW_CONFIG},
70 #if !ARM_IO_IN_DTB
71 [SCP_BL2_IMAGE_ID] = {UUID_SCP_FIRMWARE_SCP_BL2},
72 [BL31_IMAGE_ID] = {UUID_EL3_RUNTIME_FIRMWARE_BL31},
73 [BL32_IMAGE_ID] = {UUID_SECURE_PAYLOAD_BL32},
74 [BL32_EXTRA1_IMAGE_ID] = {UUID_SECURE_PAYLOAD_BL32_EXTRA1},
75 [BL32_EXTRA2_IMAGE_ID] = {UUID_SECURE_PAYLOAD_BL32_EXTRA2},
76 [BL33_IMAGE_ID] = {UUID_NON_TRUSTED_FIRMWARE_BL33},
77 [HW_CONFIG_ID] = {UUID_HW_CONFIG},
78 [SOC_FW_CONFIG_ID] = {UUID_SOC_FW_CONFIG},
79 [TOS_FW_CONFIG_ID] = {UUID_TOS_FW_CONFIG},
80 [NT_FW_CONFIG_ID] = {UUID_NT_FW_CONFIG},
81 [RMM_IMAGE_ID] = {UUID_REALM_MONITOR_MGMT_FIRMWARE},
82 #if ETHOSN_NPU_TZMP1
83 [ETHOSN_NPU_FW_IMAGE_ID] = {UUID_ETHOSN_FW},
84 #endif /* ETHOSN_NPU_TZMP1 */
85 #endif /* ARM_IO_IN_DTB */
86 #if TRUSTED_BOARD_BOOT
87 [TRUSTED_BOOT_FW_CERT_ID] = {UUID_TRUSTED_BOOT_FW_CERT},
88 #if !ARM_IO_IN_DTB
89 [CCA_CONTENT_CERT_ID] = {UUID_CCA_CONTENT_CERT},
90 [CORE_SWD_KEY_CERT_ID] = {UUID_CORE_SWD_KEY_CERT},
91 [PLAT_KEY_CERT_ID] = {UUID_PLAT_KEY_CERT},
92 [TRUSTED_KEY_CERT_ID] = {UUID_TRUSTED_KEY_CERT},
93 [SCP_FW_KEY_CERT_ID] = {UUID_SCP_FW_KEY_CERT},
94 [SOC_FW_KEY_CERT_ID] = {UUID_SOC_FW_KEY_CERT},
95 [TRUSTED_OS_FW_KEY_CERT_ID] = {UUID_TRUSTED_OS_FW_KEY_CERT},
96 [NON_TRUSTED_FW_KEY_CERT_ID] = {UUID_NON_TRUSTED_FW_KEY_CERT},
97 [SCP_FW_CONTENT_CERT_ID] = {UUID_SCP_FW_CONTENT_CERT},
98 [SOC_FW_CONTENT_CERT_ID] = {UUID_SOC_FW_CONTENT_CERT},
99 [TRUSTED_OS_FW_CONTENT_CERT_ID] = {UUID_TRUSTED_OS_FW_CONTENT_CERT},
100 [NON_TRUSTED_FW_CONTENT_CERT_ID] = {UUID_NON_TRUSTED_FW_CONTENT_CERT},
101 #if defined(SPD_spmd)
102 [SIP_SP_CONTENT_CERT_ID] = {UUID_SIP_SECURE_PARTITION_CONTENT_CERT},
103 [PLAT_SP_CONTENT_CERT_ID] = {UUID_PLAT_SECURE_PARTITION_CONTENT_CERT},
104 #endif
105 #if ETHOSN_NPU_TZMP1
106 [ETHOSN_NPU_FW_KEY_CERT_ID] = {UUID_ETHOSN_FW_KEY_CERTIFICATE},
107 [ETHOSN_NPU_FW_CONTENT_CERT_ID] = {UUID_ETHOSN_FW_CONTENT_CERTIFICATE},
108 #endif /* ETHOSN_NPU_TZMP1 */
109 #endif /* ARM_IO_IN_DTB */
110 #endif /* TRUSTED_BOARD_BOOT */
111 };
112
113 /* By default, ARM platforms load images from the FIP */
114 struct plat_io_policy policies[MAX_NUMBER_IDS] = {
115 #if ARM_GPT_SUPPORT
116 [GPT_IMAGE_ID] = {
117 &memmap_dev_handle,
118 (uintptr_t)&gpt_spec,
119 open_memmap
120 },
121 [BKUP_GPT_IMAGE_ID] = {
122 &memmap_dev_handle,
123 (uintptr_t)&bkup_gpt_spec,
124 open_memmap
125 },
126 #endif /* ARM_GPT_SUPPORT */
127 #if PSA_FWU_SUPPORT
128 [FWU_METADATA_IMAGE_ID] = {
129 &memmap_dev_handle,
130 /* filled runtime from partition information */
131 (uintptr_t)&fwu_metadata_spec,
132 open_memmap
133 },
134 [BKUP_FWU_METADATA_IMAGE_ID] = {
135 &memmap_dev_handle,
136 /* filled runtime from partition information */
137 (uintptr_t)&fwu_metadata_spec,
138 open_memmap
139 },
140 #endif /* PSA_FWU_SUPPORT */
141 [FIP_IMAGE_ID] = {
142 &memmap_dev_handle,
143 (uintptr_t)&fip_block_spec,
144 open_memmap
145 },
146 [BL2_IMAGE_ID] = {
147 &fip_dev_handle,
148 (uintptr_t)&arm_uuid_spec[BL2_IMAGE_ID],
149 open_fip
150 },
151 [TB_FW_CONFIG_ID] = {
152 &fip_dev_handle,
153 (uintptr_t)&arm_uuid_spec[TB_FW_CONFIG_ID],
154 open_fip
155 },
156 [FW_CONFIG_ID] = {
157 &fip_dev_handle,
158 (uintptr_t)&arm_uuid_spec[FW_CONFIG_ID],
159 open_fip
160 },
161 #if !ARM_IO_IN_DTB
162 [SCP_BL2_IMAGE_ID] = {
163 &fip_dev_handle,
164 (uintptr_t)&arm_uuid_spec[SCP_BL2_IMAGE_ID],
165 open_fip
166 },
167 [BL31_IMAGE_ID] = {
168 &fip_dev_handle,
169 (uintptr_t)&arm_uuid_spec[BL31_IMAGE_ID],
170 open_fip
171 },
172 [BL32_IMAGE_ID] = {
173 &fip_dev_handle,
174 (uintptr_t)&arm_uuid_spec[BL32_IMAGE_ID],
175 open_fip
176 },
177 [BL32_EXTRA1_IMAGE_ID] = {
178 &fip_dev_handle,
179 (uintptr_t)&arm_uuid_spec[BL32_EXTRA1_IMAGE_ID],
180 open_fip
181 },
182 [BL32_EXTRA2_IMAGE_ID] = {
183 &fip_dev_handle,
184 (uintptr_t)&arm_uuid_spec[BL32_EXTRA2_IMAGE_ID],
185 open_fip
186 },
187 [BL33_IMAGE_ID] = {
188 &fip_dev_handle,
189 (uintptr_t)&arm_uuid_spec[BL33_IMAGE_ID],
190 open_fip
191 },
192 [RMM_IMAGE_ID] = {
193 &fip_dev_handle,
194 (uintptr_t)&arm_uuid_spec[RMM_IMAGE_ID],
195 open_fip
196 },
197 [HW_CONFIG_ID] = {
198 &fip_dev_handle,
199 (uintptr_t)&arm_uuid_spec[HW_CONFIG_ID],
200 open_fip
201 },
202 [SOC_FW_CONFIG_ID] = {
203 &fip_dev_handle,
204 (uintptr_t)&arm_uuid_spec[SOC_FW_CONFIG_ID],
205 open_fip
206 },
207 [TOS_FW_CONFIG_ID] = {
208 &fip_dev_handle,
209 (uintptr_t)&arm_uuid_spec[TOS_FW_CONFIG_ID],
210 open_fip
211 },
212 [NT_FW_CONFIG_ID] = {
213 &fip_dev_handle,
214 (uintptr_t)&arm_uuid_spec[NT_FW_CONFIG_ID],
215 open_fip
216 },
217 #if ETHOSN_NPU_TZMP1
218 [ETHOSN_NPU_FW_IMAGE_ID] = {
219 &fip_dev_handle,
220 (uintptr_t)&arm_uuid_spec[ETHOSN_NPU_FW_IMAGE_ID],
221 open_fip
222 },
223 #endif /* ETHOSN_NPU_TZMP1 */
224 #endif /* ARM_IO_IN_DTB */
225 #if TRUSTED_BOARD_BOOT
226 [TRUSTED_BOOT_FW_CERT_ID] = {
227 &fip_dev_handle,
228 (uintptr_t)&arm_uuid_spec[TRUSTED_BOOT_FW_CERT_ID],
229 open_fip
230 },
231 #if !ARM_IO_IN_DTB
232 [CCA_CONTENT_CERT_ID] = {
233 &fip_dev_handle,
234 (uintptr_t)&arm_uuid_spec[CCA_CONTENT_CERT_ID],
235 open_fip
236 },
237 [CORE_SWD_KEY_CERT_ID] = {
238 &fip_dev_handle,
239 (uintptr_t)&arm_uuid_spec[CORE_SWD_KEY_CERT_ID],
240 open_fip
241 },
242 [PLAT_KEY_CERT_ID] = {
243 &fip_dev_handle,
244 (uintptr_t)&arm_uuid_spec[PLAT_KEY_CERT_ID],
245 open_fip
246 },
247 [TRUSTED_KEY_CERT_ID] = {
248 &fip_dev_handle,
249 (uintptr_t)&arm_uuid_spec[TRUSTED_KEY_CERT_ID],
250 open_fip
251 },
252 [SCP_FW_KEY_CERT_ID] = {
253 &fip_dev_handle,
254 (uintptr_t)&arm_uuid_spec[SCP_FW_KEY_CERT_ID],
255 open_fip
256 },
257 [SOC_FW_KEY_CERT_ID] = {
258 &fip_dev_handle,
259 (uintptr_t)&arm_uuid_spec[SOC_FW_KEY_CERT_ID],
260 open_fip
261 },
262 [TRUSTED_OS_FW_KEY_CERT_ID] = {
263 &fip_dev_handle,
264 (uintptr_t)&arm_uuid_spec[TRUSTED_OS_FW_KEY_CERT_ID],
265 open_fip
266 },
267 [NON_TRUSTED_FW_KEY_CERT_ID] = {
268 &fip_dev_handle,
269 (uintptr_t)&arm_uuid_spec[NON_TRUSTED_FW_KEY_CERT_ID],
270 open_fip
271 },
272 [SCP_FW_CONTENT_CERT_ID] = {
273 &fip_dev_handle,
274 (uintptr_t)&arm_uuid_spec[SCP_FW_CONTENT_CERT_ID],
275 open_fip
276 },
277 [SOC_FW_CONTENT_CERT_ID] = {
278 &fip_dev_handle,
279 (uintptr_t)&arm_uuid_spec[SOC_FW_CONTENT_CERT_ID],
280 open_fip
281 },
282 [TRUSTED_OS_FW_CONTENT_CERT_ID] = {
283 &fip_dev_handle,
284 (uintptr_t)&arm_uuid_spec[TRUSTED_OS_FW_CONTENT_CERT_ID],
285 open_fip
286 },
287 [NON_TRUSTED_FW_CONTENT_CERT_ID] = {
288 &fip_dev_handle,
289 (uintptr_t)&arm_uuid_spec[NON_TRUSTED_FW_CONTENT_CERT_ID],
290 open_fip
291 },
292 #if defined(SPD_spmd)
293 [SIP_SP_CONTENT_CERT_ID] = {
294 &fip_dev_handle,
295 (uintptr_t)&arm_uuid_spec[SIP_SP_CONTENT_CERT_ID],
296 open_fip
297 },
298 [PLAT_SP_CONTENT_CERT_ID] = {
299 &fip_dev_handle,
300 (uintptr_t)&arm_uuid_spec[PLAT_SP_CONTENT_CERT_ID],
301 open_fip
302 },
303 #endif
304 #if ETHOSN_NPU_TZMP1
305 [ETHOSN_NPU_FW_KEY_CERT_ID] = {
306 &fip_dev_handle,
307 (uintptr_t)&arm_uuid_spec[ETHOSN_NPU_FW_KEY_CERT_ID],
308 open_fip
309 },
310 [ETHOSN_NPU_FW_CONTENT_CERT_ID] = {
311 &fip_dev_handle,
312 (uintptr_t)&arm_uuid_spec[ETHOSN_NPU_FW_CONTENT_CERT_ID],
313 open_fip
314 },
315 #endif /* ETHOSN_NPU_TZMP1 */
316 #endif /* ARM_IO_IN_DTB */
317 #endif /* TRUSTED_BOARD_BOOT */
318 };
319
320 #ifdef IMAGE_BL2
321
322 #define FCONF_ARM_IO_UUID_NUM_BASE U(10)
323
324 #if ETHOSN_NPU_TZMP1
325 #define FCONF_ARM_IO_UUID_NUM_NPU U(1)
326 #else
327 #define FCONF_ARM_IO_UUID_NUM_NPU U(0)
328 #endif /* ETHOSN_NPU_TZMP1 */
329
330 #if TRUSTED_BOARD_BOOT
331 #define FCONF_ARM_IO_UUID_NUM_TBB U(12)
332 #else
333 #define FCONF_ARM_IO_UUID_NUM_TBB U(0)
334 #endif /* TRUSTED_BOARD_BOOT */
335
336 #if TRUSTED_BOARD_BOOT && defined(SPD_spmd)
337 #define FCONF_ARM_IO_UUID_NUM_SPD U(2)
338 #else
339 #define FCONF_ARM_IO_UUID_NUM_SPD U(0)
340 #endif /* TRUSTED_BOARD_BOOT && defined(SPD_spmd) */
341
342 #if TRUSTED_BOARD_BOOT && ETHOSN_NPU_TZMP1
343 #define FCONF_ARM_IO_UUID_NUM_NPU_TBB U(2)
344 #else
345 #define FCONF_ARM_IO_UUID_NUM_NPU_TBB U(0)
346 #endif /* TRUSTED_BOARD_BOOT && ETHOSN_NPU_TZMP1 */
347
348 #define FCONF_ARM_IO_UUID_NUMBER FCONF_ARM_IO_UUID_NUM_BASE + \
349 FCONF_ARM_IO_UUID_NUM_NPU + \
350 FCONF_ARM_IO_UUID_NUM_TBB + \
351 FCONF_ARM_IO_UUID_NUM_SPD + \
352 FCONF_ARM_IO_UUID_NUM_NPU_TBB
353
354 static io_uuid_spec_t fconf_arm_uuids[FCONF_ARM_IO_UUID_NUMBER];
355 static OBJECT_POOL_ARRAY(fconf_arm_uuids_pool, fconf_arm_uuids);
356
357 struct policies_load_info {
358 unsigned int image_id;
359 const char *name;
360 };
361
362 /* image id to property name table */
363 static const struct policies_load_info load_info[FCONF_ARM_IO_UUID_NUMBER] = {
364 {SCP_BL2_IMAGE_ID, "scp_bl2_uuid"},
365 {BL31_IMAGE_ID, "bl31_uuid"},
366 {BL32_IMAGE_ID, "bl32_uuid"},
367 {BL32_EXTRA1_IMAGE_ID, "bl32_extra1_uuid"},
368 {BL32_EXTRA2_IMAGE_ID, "bl32_extra2_uuid"},
369 {BL33_IMAGE_ID, "bl33_uuid"},
370 {HW_CONFIG_ID, "hw_cfg_uuid"},
371 {SOC_FW_CONFIG_ID, "soc_fw_cfg_uuid"},
372 {TOS_FW_CONFIG_ID, "tos_fw_cfg_uuid"},
373 {NT_FW_CONFIG_ID, "nt_fw_cfg_uuid"},
374 #if ETHOSN_NPU_TZMP1
375 {ETHOSN_NPU_FW_IMAGE_ID, "ethosn_npu_fw_uuid"},
376 #endif /* ETHOSN_NPU_TZMP1 */
377 #if TRUSTED_BOARD_BOOT
378 {CCA_CONTENT_CERT_ID, "cca_cert_uuid"},
379 {CORE_SWD_KEY_CERT_ID, "core_swd_cert_uuid"},
380 {PLAT_KEY_CERT_ID, "plat_cert_uuid"},
381 {TRUSTED_KEY_CERT_ID, "t_key_cert_uuid"},
382 {SCP_FW_KEY_CERT_ID, "scp_fw_key_uuid"},
383 {SOC_FW_KEY_CERT_ID, "soc_fw_key_uuid"},
384 {TRUSTED_OS_FW_KEY_CERT_ID, "tos_fw_key_cert_uuid"},
385 {NON_TRUSTED_FW_KEY_CERT_ID, "nt_fw_key_cert_uuid"},
386 {SCP_FW_CONTENT_CERT_ID, "scp_fw_content_cert_uuid"},
387 {SOC_FW_CONTENT_CERT_ID, "soc_fw_content_cert_uuid"},
388 {TRUSTED_OS_FW_CONTENT_CERT_ID, "tos_fw_content_cert_uuid"},
389 {NON_TRUSTED_FW_CONTENT_CERT_ID, "nt_fw_content_cert_uuid"},
390 #if defined(SPD_spmd)
391 {SIP_SP_CONTENT_CERT_ID, "sip_sp_content_cert_uuid"},
392 {PLAT_SP_CONTENT_CERT_ID, "plat_sp_content_cert_uuid"},
393 #endif
394 #if ETHOSN_NPU_TZMP1
395 {ETHOSN_NPU_FW_KEY_CERT_ID, "ethosn_npu_fw_key_cert_uuid"},
396 {ETHOSN_NPU_FW_CONTENT_CERT_ID, "ethosn_npu_fw_content_cert_uuid"},
397 #endif /* ETHOSN_NPU_TZMP1 */
398 #endif /* TRUSTED_BOARD_BOOT */
399 };
400
fconf_populate_arm_io_policies(uintptr_t config)401 int fconf_populate_arm_io_policies(uintptr_t config)
402 {
403 int err, node;
404 unsigned int i;
405
406 union uuid_helper_t uuid_helper;
407 io_uuid_spec_t *uuid_ptr;
408
409 /* As libfdt uses void *, we can't avoid this cast */
410 const void *dtb = (void *)config;
411
412 /* Assert the node offset point to "arm,io-fip-handle" compatible property */
413 const char *compatible_str = "arm,io-fip-handle";
414 node = fdt_node_offset_by_compatible(dtb, -1, compatible_str);
415 if (node < 0) {
416 ERROR("FCONF: Can't find %s compatible in dtb\n", compatible_str);
417 return node;
418 }
419
420 /* Locate the uuid cells and read the value for all the load info uuid */
421 for (i = 0; i < FCONF_ARM_IO_UUID_NUMBER; i++) {
422 uuid_ptr = pool_alloc(&fconf_arm_uuids_pool);
423 err = fdtw_read_uuid(dtb, node, load_info[i].name, 16,
424 (uint8_t *)&uuid_helper);
425 if (err < 0) {
426 WARN("FCONF: Read cell failed for %s\n", load_info[i].name);
427 return err;
428 }
429
430 VERBOSE("FCONF: arm-io_policies.%s cell found with value = "
431 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n",
432 load_info[i].name,
433 uuid_helper.uuid_struct.time_low[0], uuid_helper.uuid_struct.time_low[1],
434 uuid_helper.uuid_struct.time_low[2], uuid_helper.uuid_struct.time_low[3],
435 uuid_helper.uuid_struct.time_mid[0], uuid_helper.uuid_struct.time_mid[1],
436 uuid_helper.uuid_struct.time_hi_and_version[0],
437 uuid_helper.uuid_struct.time_hi_and_version[1],
438 uuid_helper.uuid_struct.clock_seq_hi_and_reserved,
439 uuid_helper.uuid_struct.clock_seq_low,
440 uuid_helper.uuid_struct.node[0], uuid_helper.uuid_struct.node[1],
441 uuid_helper.uuid_struct.node[2], uuid_helper.uuid_struct.node[3],
442 uuid_helper.uuid_struct.node[4], uuid_helper.uuid_struct.node[5]);
443
444 uuid_ptr->uuid = uuid_helper.uuid_struct;
445 policies[load_info[i].image_id].image_spec = (uintptr_t)uuid_ptr;
446 policies[load_info[i].image_id].dev_handle = &fip_dev_handle;
447 policies[load_info[i].image_id].check = open_fip;
448 }
449 return 0;
450 }
451
452 #if ARM_IO_IN_DTB
453 FCONF_REGISTER_POPULATOR(TB_FW, arm_io, fconf_populate_arm_io_policies);
454 #endif /* ARM_IO_IN_DTB */
455
456 #endif /* IMAGE_BL2 */
457
