Mirrors/u-boot
2
0
Fork 0
mirror of https://github.com/AsahiLinux/u-boot synced 2024-11-06 05:04:26 +00:00
Code Issues Projects Releases Packages Wiki Activity
u-boot/arch/arm/cpu/armv8/sec_firmware.c

499 lines
12 KiB
C
Raw Normal View History

SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-06 21:58:06 +00:00
// SPDX-License-Identifier: GPL-2.0+
ARMv8: add the secure monitor firmware framework This framework is introduced for ARMv8 secure monitor mode firmware. The main functions of the framework are, on EL3, verify the firmware, load it to the secure memory and jump into it, and while it returned to U-Boot, do some necessary setups at the 'target exception level' that is determined by the respective secure firmware. So far, the framework support only FIT format image, and need to define the name of which config node should be used in 'configurations' and the name of property for the raw secure firmware image in that config. The FIT image should be stored in Byte accessing memory, such as NOR Flash, or else it should be copied to main memory to use this framework. Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-28 12:18:13 +00:00
/*
* Copyright 2016 NXP Semiconductor, Inc.
*/
#include <common.h>
common: Move ARM cache operations out of common.h These functions are CPU-related and do not use driver model. Move them to cpu_func.h Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com> Reviewed-by: Tom Rini <trini@konsulko.com>
2019-11-14 19:57:39 +00:00
#include <cpu_func.h>
ARMv8: add the secure monitor firmware framework This framework is introduced for ARMv8 secure monitor mode firmware. The main functions of the framework are, on EL3, verify the firmware, load it to the secure memory and jump into it, and while it returned to U-Boot, do some necessary setups at the 'target exception level' that is determined by the respective secure firmware. So far, the framework support only FIT format image, and need to define the name of which config node should be used in 'configurations' and the name of property for the raw secure firmware image in that config. The FIT image should be stored in Byte accessing memory, such as NOR Flash, or else it should be copied to main memory to use this framework. Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-28 12:18:13 +00:00
#include <errno.h>
#include <linux/kernel.h>
#include <asm/io.h>
#include <asm/system.h>
#include <asm/types.h>
#include <asm/macro.h>
#include <asm/armv8/sec_firmware.h>
DECLARE_GLOBAL_DATA_PTR;
extern void c_runtime_cpu_setup(void);
#define SEC_FIRMWARE_LOADED 0x1
#define SEC_FIRMWARE_RUNNING 0x2
#define SEC_FIRMWARE_ADDR_MASK (~0x3)
ARMv8/sec-firmware: fix a compile error When enabled sec firmware framework, but lack of definition of the marco SEC_FIRMWARE_FIT_IMAGE, SEC_FIRMEWARE_FIT_CNF_NAME and SEC_FIRMWARE_TARGET_EL, there will be some build errors, so give a default definition. Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
2016-09-06 06:23:07 +00:00
/*
* Secure firmware load addr
* Flags used: 0x1 secure firmware has been loaded to secure memory
* 0x2 secure firmware is running
*/
phys_addr_t sec_firmware_addr;
#ifndef SEC_FIRMWARE_FIT_IMAGE
#define SEC_FIRMWARE_FIT_IMAGE "firmware"
#endif
Fix typo in macros, "FIRMEWARE" -> "FIRMWARE" Signed-off-by: Thomas Hebb <tommyhebb@gmail.com>
2019-11-10 16:23:15 +00:00
#ifndef SEC_FIRMWARE_FIT_CNF_NAME
#define SEC_FIRMWARE_FIT_CNF_NAME "config-1"
ARMv8/sec-firmware: fix a compile error When enabled sec firmware framework, but lack of definition of the marco SEC_FIRMWARE_FIT_IMAGE, SEC_FIRMEWARE_FIT_CNF_NAME and SEC_FIRMWARE_TARGET_EL, there will be some build errors, so give a default definition. Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
2016-09-06 06:23:07 +00:00
#endif
#ifndef SEC_FIRMWARE_TARGET_EL
#define SEC_FIRMWARE_TARGET_EL 2
#endif
ARMv8: add the secure monitor firmware framework This framework is introduced for ARMv8 secure monitor mode firmware. The main functions of the framework are, on EL3, verify the firmware, load it to the secure memory and jump into it, and while it returned to U-Boot, do some necessary setups at the 'target exception level' that is determined by the respective secure firmware. So far, the framework support only FIT format image, and need to define the name of which config node should be used in 'configurations' and the name of property for the raw secure firmware image in that config. The FIT image should be stored in Byte accessing memory, such as NOR Flash, or else it should be copied to main memory to use this framework. Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-28 12:18:13 +00:00
static int sec_firmware_get_data(const void *sec_firmware_img,
const void **data, size_t *size)
{
int conf_node_off, fw_node_off;
char *conf_node_name = NULL;
char *desc;
int ret;
Fix typo in macros, "FIRMEWARE" -> "FIRMWARE" Signed-off-by: Thomas Hebb <tommyhebb@gmail.com>
2019-11-10 16:23:15 +00:00
conf_node_name = SEC_FIRMWARE_FIT_CNF_NAME;
ARMv8: add the secure monitor firmware framework This framework is introduced for ARMv8 secure monitor mode firmware. The main functions of the framework are, on EL3, verify the firmware, load it to the secure memory and jump into it, and while it returned to U-Boot, do some necessary setups at the 'target exception level' that is determined by the respective secure firmware. So far, the framework support only FIT format image, and need to define the name of which config node should be used in 'configurations' and the name of property for the raw secure firmware image in that config. The FIT image should be stored in Byte accessing memory, such as NOR Flash, or else it should be copied to main memory to use this framework. Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-28 12:18:13 +00:00
conf_node_off = fit_conf_get_node(sec_firmware_img, conf_node_name);
if (conf_node_off < 0) {
printf("SEC Firmware: %s: no such config\n", conf_node_name);
return -ENOENT;
}
fw_node_off = fit_conf_get_prop_node(sec_firmware_img, conf_node_off,
SEC_FIRMWARE_FIT_IMAGE);
if (fw_node_off < 0) {
printf("SEC Firmware: No '%s' in config\n",
SEC_FIRMWARE_FIT_IMAGE);
return -ENOLINK;
}
/* Verify secure firmware image */
if (!(fit_image_verify(sec_firmware_img, fw_node_off))) {
printf("SEC Firmware: Bad firmware image (bad CRC)\n");
return -EINVAL;
}
if (fit_image_get_data(sec_firmware_img, fw_node_off, data, size)) {
printf("SEC Firmware: Can't get %s subimage data/size",
SEC_FIRMWARE_FIT_IMAGE);
return -ENOENT;
}
ret = fit_get_desc(sec_firmware_img, fw_node_off, &desc);
if (ret)
printf("SEC Firmware: Can't get description\n");
else
printf("%s\n", desc);
return ret;
}
/*
* SEC Firmware FIT image parser checks if the image is in FIT
* format, verifies integrity of the image and calculates raw
* image address and size values.
*
* Returns 0 on success and a negative errno on error task fail.
*/
static int sec_firmware_parse_image(const void *sec_firmware_img,
const void **raw_image_addr,
size_t *raw_image_size)
{
int ret;
ret = sec_firmware_get_data(sec_firmware_img, raw_image_addr,
raw_image_size);
if (ret)
return ret;
debug("SEC Firmware: raw_image_addr = 0x%p, raw_image_size = 0x%lx\n",
*raw_image_addr, *raw_image_size);
return 0;
}
armv8: sec_firmware: Add support for loadables in FIT Enable support for loadables in SEC firmware FIT image. Currently support is added for single loadable image. Brief description of implementation: Add two more address pointers (loadable_h, loadable_l) as arguments to sec_firmware_init() api. Create new api: sec_firmware_checks_copy_loadable() to check if loadables node is present in SEC firmware FIT image. If present, verify loadable image and copies it to secure DDR memory. Populate address pointers with secure DDR memory addresses where loadable is copied. Example use-case could be trusted OS (tee.bin) as loadables node in SEC firmware FIT image. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-09-01 08:25:01 +00:00
/*
* SEC Firmware FIT image parser to check if any loadable is
* present. If present, verify integrity of the loadable and
* copy loadable to address provided in (loadable_h, loadable_l).
*
* Returns 0 on success and a negative errno on error task fail.
*/
static int sec_firmware_check_copy_loadable(const void *sec_firmware_img,
u32 *loadable_l, u32 *loadable_h)
{
phys_addr_t sec_firmware_loadable_addr = 0;
armv8: sec_firmware: Add support for multiple loadables Enable support for multiple loadable images in SEC firmware FIT image. Also add example "sec_firmware_ppa.its" file. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2018-04-23 21:53:28 +00:00
int conf_node_off, ld_node_off, images;
armv8: sec_firmware: Add support for loadables in FIT Enable support for loadables in SEC firmware FIT image. Currently support is added for single loadable image. Brief description of implementation: Add two more address pointers (loadable_h, loadable_l) as arguments to sec_firmware_init() api. Create new api: sec_firmware_checks_copy_loadable() to check if loadables node is present in SEC firmware FIT image. If present, verify loadable image and copies it to secure DDR memory. Populate address pointers with secure DDR memory addresses where loadable is copied. Example use-case could be trusted OS (tee.bin) as loadables node in SEC firmware FIT image. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-09-01 08:25:01 +00:00
char *conf_node_name = NULL;
const void *data;
size_t size;
ulong load;
armv8: sec_firmware: Add support for multiple loadables Enable support for multiple loadable images in SEC firmware FIT image. Also add example "sec_firmware_ppa.its" file. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2018-04-23 21:53:28 +00:00
const char *name, *str, *type;
int len;
armv8: sec_firmware: Add support for loadables in FIT Enable support for loadables in SEC firmware FIT image. Currently support is added for single loadable image. Brief description of implementation: Add two more address pointers (loadable_h, loadable_l) as arguments to sec_firmware_init() api. Create new api: sec_firmware_checks_copy_loadable() to check if loadables node is present in SEC firmware FIT image. If present, verify loadable image and copies it to secure DDR memory. Populate address pointers with secure DDR memory addresses where loadable is copied. Example use-case could be trusted OS (tee.bin) as loadables node in SEC firmware FIT image. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-09-01 08:25:01 +00:00
Fix typo in macros, "FIRMEWARE" -> "FIRMWARE" Signed-off-by: Thomas Hebb <tommyhebb@gmail.com>
2019-11-10 16:23:15 +00:00
conf_node_name = SEC_FIRMWARE_FIT_CNF_NAME;
armv8: sec_firmware: Add support for loadables in FIT Enable support for loadables in SEC firmware FIT image. Currently support is added for single loadable image. Brief description of implementation: Add two more address pointers (loadable_h, loadable_l) as arguments to sec_firmware_init() api. Create new api: sec_firmware_checks_copy_loadable() to check if loadables node is present in SEC firmware FIT image. If present, verify loadable image and copies it to secure DDR memory. Populate address pointers with secure DDR memory addresses where loadable is copied. Example use-case could be trusted OS (tee.bin) as loadables node in SEC firmware FIT image. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-09-01 08:25:01 +00:00
conf_node_off = fit_conf_get_node(sec_firmware_img, conf_node_name);
if (conf_node_off < 0) {
printf("SEC Firmware: %s: no such config\n", conf_node_name);
armv8: sec_firmware: Add support for multiple loadables Enable support for multiple loadable images in SEC firmware FIT image. Also add example "sec_firmware_ppa.its" file. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2018-04-23 21:53:28 +00:00
return -ENOENT;
}
/* find the node holding the images information */
images = fdt_path_offset(sec_firmware_img, FIT_IMAGES_PATH);
if (images < 0) {
printf("%s: Cannot find /images node: %d\n", __func__, images);
return -1;
}
type = FIT_LOADABLE_PROP;
name = fdt_getprop(sec_firmware_img, conf_node_off, type, &len);
if (!name) {
/* Loadables not present */
return 0;
armv8: sec_firmware: Add support for loadables in FIT Enable support for loadables in SEC firmware FIT image. Currently support is added for single loadable image. Brief description of implementation: Add two more address pointers (loadable_h, loadable_l) as arguments to sec_firmware_init() api. Create new api: sec_firmware_checks_copy_loadable() to check if loadables node is present in SEC firmware FIT image. If present, verify loadable image and copies it to secure DDR memory. Populate address pointers with secure DDR memory addresses where loadable is copied. Example use-case could be trusted OS (tee.bin) as loadables node in SEC firmware FIT image. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-09-01 08:25:01 +00:00
}
armv8: sec_firmware: Add support for multiple loadables Enable support for multiple loadable images in SEC firmware FIT image. Also add example "sec_firmware_ppa.its" file. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2018-04-23 21:53:28 +00:00
printf("SEC Firmware: '%s' present in config\n", type);
for (str = name; str && ((str - name) < len);
str = strchr(str, '\0') + 1) {
printf("%s: '%s'\n", type, str);
ld_node_off = fdt_subnode_offset(sec_firmware_img, images, str);
if (ld_node_off < 0) {
printf("cannot find image node '%s': %d\n", str,
ld_node_off);
return -EINVAL;
}
armv8: sec_firmware: Add support for loadables in FIT Enable support for loadables in SEC firmware FIT image. Currently support is added for single loadable image. Brief description of implementation: Add two more address pointers (loadable_h, loadable_l) as arguments to sec_firmware_init() api. Create new api: sec_firmware_checks_copy_loadable() to check if loadables node is present in SEC firmware FIT image. If present, verify loadable image and copies it to secure DDR memory. Populate address pointers with secure DDR memory addresses where loadable is copied. Example use-case could be trusted OS (tee.bin) as loadables node in SEC firmware FIT image. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-09-01 08:25:01 +00:00
/* Verify secure firmware image */
if (!(fit_image_verify(sec_firmware_img, ld_node_off))) {
printf("SEC Loadable: Bad loadable image (bad CRC)\n");
return -EINVAL;
}
if (fit_image_get_data(sec_firmware_img, ld_node_off,
&data, &size)) {
printf("SEC Loadable: Can't get subimage data/size");
return -ENOENT;
}
/* Get load address, treated as load offset to secure memory */
if (fit_image_get_load(sec_firmware_img, ld_node_off, &load)) {
printf("SEC Loadable: Can't get subimage load");
return -ENOENT;
}
/* Compute load address for loadable in secure memory */
sec_firmware_loadable_addr = (sec_firmware_addr -
gd->arch.tlb_size) + load;
/* Copy loadable to secure memory and flush dcache */
debug("%s copied to address 0x%p\n",
FIT_LOADABLE_PROP, (void *)sec_firmware_loadable_addr);
memcpy((void *)sec_firmware_loadable_addr, data, size);
flush_dcache_range(sec_firmware_loadable_addr,
sec_firmware_loadable_addr + size);
armv8: sec_firmware: Add support for multiple loadables Enable support for multiple loadable images in SEC firmware FIT image. Also add example "sec_firmware_ppa.its" file. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2018-04-23 21:53:28 +00:00
/* Populate loadable address only for Trusted OS */
if (!strcmp(str, "trustedOS@1")) {
/*
* Populate address ptrs for loadable image with
* loadbale addr
*/
out_le32(loadable_l, (sec_firmware_loadable_addr &
WORD_MASK));
out_le32(loadable_h, (sec_firmware_loadable_addr >>
WORD_SHIFT));
}
}
armv8: sec_firmware: Add support for loadables in FIT Enable support for loadables in SEC firmware FIT image. Currently support is added for single loadable image. Brief description of implementation: Add two more address pointers (loadable_h, loadable_l) as arguments to sec_firmware_init() api. Create new api: sec_firmware_checks_copy_loadable() to check if loadables node is present in SEC firmware FIT image. If present, verify loadable image and copies it to secure DDR memory. Populate address pointers with secure DDR memory addresses where loadable is copied. Example use-case could be trusted OS (tee.bin) as loadables node in SEC firmware FIT image. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-09-01 08:25:01 +00:00
return 0;
}
ARMv8: add the secure monitor firmware framework This framework is introduced for ARMv8 secure monitor mode firmware. The main functions of the framework are, on EL3, verify the firmware, load it to the secure memory and jump into it, and while it returned to U-Boot, do some necessary setups at the 'target exception level' that is determined by the respective secure firmware. So far, the framework support only FIT format image, and need to define the name of which config node should be used in 'configurations' and the name of property for the raw secure firmware image in that config. The FIT image should be stored in Byte accessing memory, such as NOR Flash, or else it should be copied to main memory to use this framework. Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-28 12:18:13 +00:00
static int sec_firmware_copy_image(const char *title,
u64 image_addr, u32 image_size, u64 sec_firmware)
{
debug("%s copied to address 0x%p\n", title, (void *)sec_firmware);
memcpy((void *)sec_firmware, (void *)image_addr, image_size);
flush_dcache_range(sec_firmware, sec_firmware + image_size);
return 0;
}
/*
* This function will parse the SEC Firmware image, and then load it
armv8: sec_firmware: Add support for loadables in FIT Enable support for loadables in SEC firmware FIT image. Currently support is added for single loadable image. Brief description of implementation: Add two more address pointers (loadable_h, loadable_l) as arguments to sec_firmware_init() api. Create new api: sec_firmware_checks_copy_loadable() to check if loadables node is present in SEC firmware FIT image. If present, verify loadable image and copies it to secure DDR memory. Populate address pointers with secure DDR memory addresses where loadable is copied. Example use-case could be trusted OS (tee.bin) as loadables node in SEC firmware FIT image. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-09-01 08:25:01 +00:00
* to secure memory. Also load any loadable if present along with SEC
* Firmware image.
ARMv8: add the secure monitor firmware framework This framework is introduced for ARMv8 secure monitor mode firmware. The main functions of the framework are, on EL3, verify the firmware, load it to the secure memory and jump into it, and while it returned to U-Boot, do some necessary setups at the 'target exception level' that is determined by the respective secure firmware. So far, the framework support only FIT format image, and need to define the name of which config node should be used in 'configurations' and the name of property for the raw secure firmware image in that config. The FIT image should be stored in Byte accessing memory, such as NOR Flash, or else it should be copied to main memory to use this framework. Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-28 12:18:13 +00:00
*/
armv8: sec_firmware: Add support for loadables in FIT Enable support for loadables in SEC firmware FIT image. Currently support is added for single loadable image. Brief description of implementation: Add two more address pointers (loadable_h, loadable_l) as arguments to sec_firmware_init() api. Create new api: sec_firmware_checks_copy_loadable() to check if loadables node is present in SEC firmware FIT image. If present, verify loadable image and copies it to secure DDR memory. Populate address pointers with secure DDR memory addresses where loadable is copied. Example use-case could be trusted OS (tee.bin) as loadables node in SEC firmware FIT image. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-09-01 08:25:01 +00:00
static int sec_firmware_load_image(const void *sec_firmware_img,
u32 *loadable_l, u32 *loadable_h)
ARMv8: add the secure monitor firmware framework This framework is introduced for ARMv8 secure monitor mode firmware. The main functions of the framework are, on EL3, verify the firmware, load it to the secure memory and jump into it, and while it returned to U-Boot, do some necessary setups at the 'target exception level' that is determined by the respective secure firmware. So far, the framework support only FIT format image, and need to define the name of which config node should be used in 'configurations' and the name of property for the raw secure firmware image in that config. The FIT image should be stored in Byte accessing memory, such as NOR Flash, or else it should be copied to main memory to use this framework. Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-28 12:18:13 +00:00
{
const void *raw_image_addr;
size_t raw_image_size = 0;
int ret;
/*
* The Excetpion Level must be EL3 to load and initialize
* the SEC Firmware.
*/
if (current_el() != 3) {
ret = -EACCES;
goto out;
}
#ifdef CONFIG_SYS_MEM_RESERVE_SECURE
/*
* The SEC Firmware must be stored in secure memory.
* Append SEC Firmware to secure mmu table.
*/
if (!(gd->arch.secure_ram & MEM_RESERVE_SECURE_MAINTAINED)) {
ret = -ENXIO;
goto out;
}
sec_firmware_addr = (gd->arch.secure_ram & MEM_RESERVE_SECURE_ADDR_MASK) +
gd->arch.tlb_size;
#else
#error "The CONFIG_SYS_MEM_RESERVE_SECURE must be defined when enabled SEC Firmware support"
#endif
/* Align SEC Firmware base address to 4K */
sec_firmware_addr = (sec_firmware_addr + 0xfff) & ~0xfff;
debug("SEC Firmware: Load address: 0x%llx\n",
sec_firmware_addr & SEC_FIRMWARE_ADDR_MASK);
ret = sec_firmware_parse_image(sec_firmware_img, &raw_image_addr,
&raw_image_size);
if (ret)
goto out;
/* TODO:
* Check if the end addr of SEC Firmware has been extend the secure
* memory.
*/
/* Copy the secure firmware to secure memory */
ret = sec_firmware_copy_image("SEC Firmware", (u64)raw_image_addr,
raw_image_size, sec_firmware_addr &
SEC_FIRMWARE_ADDR_MASK);
if (ret)
goto out;
armv8: sec_firmware: Add support for loadables in FIT Enable support for loadables in SEC firmware FIT image. Currently support is added for single loadable image. Brief description of implementation: Add two more address pointers (loadable_h, loadable_l) as arguments to sec_firmware_init() api. Create new api: sec_firmware_checks_copy_loadable() to check if loadables node is present in SEC firmware FIT image. If present, verify loadable image and copies it to secure DDR memory. Populate address pointers with secure DDR memory addresses where loadable is copied. Example use-case could be trusted OS (tee.bin) as loadables node in SEC firmware FIT image. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-09-01 08:25:01 +00:00
/*
* Check if any loadable are present along with firmware image, if
* present load them.
*/
ret = sec_firmware_check_copy_loadable(sec_firmware_img, loadable_l,
loadable_h);
if (ret)
goto out;
ARMv8: add the secure monitor firmware framework This framework is introduced for ARMv8 secure monitor mode firmware. The main functions of the framework are, on EL3, verify the firmware, load it to the secure memory and jump into it, and while it returned to U-Boot, do some necessary setups at the 'target exception level' that is determined by the respective secure firmware. So far, the framework support only FIT format image, and need to define the name of which config node should be used in 'configurations' and the name of property for the raw secure firmware image in that config. The FIT image should be stored in Byte accessing memory, such as NOR Flash, or else it should be copied to main memory to use this framework. Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-28 12:18:13 +00:00
sec_firmware_addr |= SEC_FIRMWARE_LOADED;
debug("SEC Firmware: Entry point: 0x%llx\n",
sec_firmware_addr & SEC_FIRMWARE_ADDR_MASK);
return 0;
out:
printf("SEC Firmware: error (%d)\n", ret);
sec_firmware_addr = 0;
return ret;
}
static int sec_firmware_entry(u32 *eret_hold_l, u32 *eret_hold_h)
{
const void *entry = (void *)(sec_firmware_addr &
SEC_FIRMWARE_ADDR_MASK);
return _sec_firmware_entry(entry, eret_hold_l, eret_hold_h);
}
/* Check the secure firmware FIT image */
__weak bool sec_firmware_is_valid(const void *sec_firmware_img)
{
if (fdt_check_header(sec_firmware_img)) {
printf("SEC Firmware: Bad firmware image (not a FIT image)\n");
return false;
}
if (!fit_check_format(sec_firmware_img)) {
printf("SEC Firmware: Bad firmware image (bad FIT header)\n");
return false;
}
return true;
}
ARMv8/sec_firmware: relocated and renamed the config FSL_PPA_ARMV8_PSCI Moved the config FSL_PPA_ARMV8_PSCI from fsl-layerscape's Kconfig to Kconfig under armv8 and renamed it to SEC_FIRMWARE_ARMV8_PSCI. Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-01-16 09:31:48 +00:00
#ifdef CONFIG_SEC_FIRMWARE_ARMV8_PSCI
ARMv8: add the secure monitor firmware framework This framework is introduced for ARMv8 secure monitor mode firmware. The main functions of the framework are, on EL3, verify the firmware, load it to the secure memory and jump into it, and while it returned to U-Boot, do some necessary setups at the 'target exception level' that is determined by the respective secure firmware. So far, the framework support only FIT format image, and need to define the name of which config node should be used in 'configurations' and the name of property for the raw secure firmware image in that config. The FIT image should be stored in Byte accessing memory, such as NOR Flash, or else it should be copied to main memory to use this framework. Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-28 12:18:13 +00:00
/*
* The PSCI_VERSION function is added from PSCI v0.2. When the PSCI
* v0.1 received this function, the NOT_SUPPORTED (0xffff_ffff) error
* number will be returned according to SMC Calling Conventions. But
* when getting the NOT_SUPPORTED error number, we cannot ensure if
* the PSCI version is v0.1 or other error occurred. So, PSCI v0.1
* won't be supported by this framework.
* And if the secure firmware isn't running, return NOT_SUPPORTED.
*
* The return value on success is PSCI version in format
* major[31:16]:minor[15:0].
*/
unsigned int sec_firmware_support_psci_version(void)
{
armv8: layerscape: Make U-Boot EL2 safe When U-Boot boots from EL2, skip some lowlevel init code requiring EL3, including CCI-400/CCN-504, trust zone, GIC, etc. These initialization tasks are carried out before U-Boot runs. This applies to the RAM version image used for SPL boot if PPA is loaded first. Signed-off-by: York Sun <york.sun@nxp.com>
2017-05-15 15:51:59 +00:00
if (current_el() == SEC_FIRMWARE_TARGET_EL)
ARMv8: add the secure monitor firmware framework This framework is introduced for ARMv8 secure monitor mode firmware. The main functions of the framework are, on EL3, verify the firmware, load it to the secure memory and jump into it, and while it returned to U-Boot, do some necessary setups at the 'target exception level' that is determined by the respective secure firmware. So far, the framework support only FIT format image, and need to define the name of which config node should be used in 'configurations' and the name of property for the raw secure firmware image in that config. The FIT image should be stored in Byte accessing memory, such as NOR Flash, or else it should be copied to main memory to use this framework. Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-28 12:18:13 +00:00
return _sec_firmware_support_psci_version();
arm: psci: make psci usable on single core socs PSCI can be used on both multiple and single core socs. Current implementation only allows PSCI to work on multiple core socs. This patch removes this restriction so that PSCI can work on single core socs as well. Signed-off-by: Chenhui Zhao <chenhui.zhao@nxp.com> Signed-off-by: Tang Yuantian <andy.tang@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-04-19 05:27:39 +00:00
return PSCI_INVALID_VER;
ARMv8: add the secure monitor firmware framework This framework is introduced for ARMv8 secure monitor mode firmware. The main functions of the framework are, on EL3, verify the firmware, load it to the secure memory and jump into it, and while it returned to U-Boot, do some necessary setups at the 'target exception level' that is determined by the respective secure firmware. So far, the framework support only FIT format image, and need to define the name of which config node should be used in 'configurations' and the name of property for the raw secure firmware image in that config. The FIT image should be stored in Byte accessing memory, such as NOR Flash, or else it should be copied to main memory to use this framework. Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-28 12:18:13 +00:00
}
#endif
ARMv8/sec_firmware : Update chosen/kaslr-seed with random number kASLR support in kernel requires a random number to be passed via chosen/kaslr-seed propert. sec_firmware generates this random seed which can then be passed in the device tree node. sec_firmware reserves JR3 for it's own usage. Node for JR3 is removed from device-tree. Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
2017-08-16 10:28:10 +00:00
/*
* Check with sec_firmware if it supports random number generation
* via HW RNG
*
* The return value will be true if it is supported
*/
bool sec_firmware_support_hwrng(void)
{
armv8: sec_firmware: return job ring status as true in TFABOOT Returns job ring status as true in TFABOOT, as one job ring is always reserved. Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com> Signed-off-by: Pankit Garg <pankit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2018-11-05 18:02:19 +00:00
#ifdef CONFIG_TFABOOT
/* return true as TFA has one job ring reserved */
return true;
#endif
ARMv8/sec_firmware : Update chosen/kaslr-seed with random number kASLR support in kernel requires a random number to be passed via chosen/kaslr-seed propert. sec_firmware generates this random seed which can then be passed in the device tree node. sec_firmware reserves JR3 for it's own usage. Node for JR3 is removed from device-tree. Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
2017-08-16 10:28:10 +00:00
if (sec_firmware_addr & SEC_FIRMWARE_RUNNING) {
cosmetic: Fix spelling and whitespace errors Signed-off-by: Thomas Hebb <tommyhebb@gmail.com>
2019-11-14 02:18:03 +00:00
return true;
ARMv8/sec_firmware : Update chosen/kaslr-seed with random number kASLR support in kernel requires a random number to be passed via chosen/kaslr-seed propert. sec_firmware generates this random seed which can then be passed in the device tree node. sec_firmware reserves JR3 for it's own usage. Node for JR3 is removed from device-tree. Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
2017-08-16 10:28:10 +00:00
}
return false;
}
/*
* sec_firmware_get_random - Get a random number from SEC Firmware
* @rand: random number buffer to be filled
* @bytes: Number of bytes of random number to be supported
* @eret: -1 in case of error, 0 for success
*/
int sec_firmware_get_random(uint8_t *rand, int bytes)
{
unsigned long long num;
struct pt_regs regs;
int param1;
if (!bytes || bytes > 8) {
printf("Max Random bytes genration supported is 8\n");
return -1;
}
#define SIP_RNG_64 0xC200FF11
regs.regs[0] = SIP_RNG_64;
if (bytes <= 4)
param1 = 0;
else
param1 = 1;
regs.regs[1] = param1;
smc_call(&regs);
if (regs.regs[0])
return -1;
num = regs.regs[1];
memcpy(rand, &num, bytes);
return 0;
}
ARMv8: add the secure monitor firmware framework This framework is introduced for ARMv8 secure monitor mode firmware. The main functions of the framework are, on EL3, verify the firmware, load it to the secure memory and jump into it, and while it returned to U-Boot, do some necessary setups at the 'target exception level' that is determined by the respective secure firmware. So far, the framework support only FIT format image, and need to define the name of which config node should be used in 'configurations' and the name of property for the raw secure firmware image in that config. The FIT image should be stored in Byte accessing memory, such as NOR Flash, or else it should be copied to main memory to use this framework. Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-28 12:18:13 +00:00
/*
* sec_firmware_init - Initialize the SEC Firmware
* @sec_firmware_img: the SEC Firmware image address
* @eret_hold_l: the address to hold exception return address low
* @eret_hold_h: the address to hold exception return address high
armv8: sec_firmware: Add support for loadables in FIT Enable support for loadables in SEC firmware FIT image. Currently support is added for single loadable image. Brief description of implementation: Add two more address pointers (loadable_h, loadable_l) as arguments to sec_firmware_init() api. Create new api: sec_firmware_checks_copy_loadable() to check if loadables node is present in SEC firmware FIT image. If present, verify loadable image and copies it to secure DDR memory. Populate address pointers with secure DDR memory addresses where loadable is copied. Example use-case could be trusted OS (tee.bin) as loadables node in SEC firmware FIT image. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-09-01 08:25:01 +00:00
* @loadable_l: the address to hold loadable address low
* @loadable_h: the address to hold loadable address high
ARMv8: add the secure monitor firmware framework This framework is introduced for ARMv8 secure monitor mode firmware. The main functions of the framework are, on EL3, verify the firmware, load it to the secure memory and jump into it, and while it returned to U-Boot, do some necessary setups at the 'target exception level' that is determined by the respective secure firmware. So far, the framework support only FIT format image, and need to define the name of which config node should be used in 'configurations' and the name of property for the raw secure firmware image in that config. The FIT image should be stored in Byte accessing memory, such as NOR Flash, or else it should be copied to main memory to use this framework. Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-28 12:18:13 +00:00
*/
int sec_firmware_init(const void *sec_firmware_img,
u32 *eret_hold_l,
armv8: sec_firmware: Add support for loadables in FIT Enable support for loadables in SEC firmware FIT image. Currently support is added for single loadable image. Brief description of implementation: Add two more address pointers (loadable_h, loadable_l) as arguments to sec_firmware_init() api. Create new api: sec_firmware_checks_copy_loadable() to check if loadables node is present in SEC firmware FIT image. If present, verify loadable image and copies it to secure DDR memory. Populate address pointers with secure DDR memory addresses where loadable is copied. Example use-case could be trusted OS (tee.bin) as loadables node in SEC firmware FIT image. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-09-01 08:25:01 +00:00
u32 *eret_hold_h,
u32 *loadable_l,
u32 *loadable_h)
ARMv8: add the secure monitor firmware framework This framework is introduced for ARMv8 secure monitor mode firmware. The main functions of the framework are, on EL3, verify the firmware, load it to the secure memory and jump into it, and while it returned to U-Boot, do some necessary setups at the 'target exception level' that is determined by the respective secure firmware. So far, the framework support only FIT format image, and need to define the name of which config node should be used in 'configurations' and the name of property for the raw secure firmware image in that config. The FIT image should be stored in Byte accessing memory, such as NOR Flash, or else it should be copied to main memory to use this framework. Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-28 12:18:13 +00:00
{
int ret;
if (!sec_firmware_is_valid(sec_firmware_img))
return -EINVAL;
armv8: sec_firmware: Add support for loadables in FIT Enable support for loadables in SEC firmware FIT image. Currently support is added for single loadable image. Brief description of implementation: Add two more address pointers (loadable_h, loadable_l) as arguments to sec_firmware_init() api. Create new api: sec_firmware_checks_copy_loadable() to check if loadables node is present in SEC firmware FIT image. If present, verify loadable image and copies it to secure DDR memory. Populate address pointers with secure DDR memory addresses where loadable is copied. Example use-case could be trusted OS (tee.bin) as loadables node in SEC firmware FIT image. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-09-01 08:25:01 +00:00
ret = sec_firmware_load_image(sec_firmware_img, loadable_l,
loadable_h);
ARMv8: add the secure monitor firmware framework This framework is introduced for ARMv8 secure monitor mode firmware. The main functions of the framework are, on EL3, verify the firmware, load it to the secure memory and jump into it, and while it returned to U-Boot, do some necessary setups at the 'target exception level' that is determined by the respective secure firmware. So far, the framework support only FIT format image, and need to define the name of which config node should be used in 'configurations' and the name of property for the raw secure firmware image in that config. The FIT image should be stored in Byte accessing memory, such as NOR Flash, or else it should be copied to main memory to use this framework. Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-28 12:18:13 +00:00
if (ret) {
printf("SEC Firmware: Failed to load image\n");
return ret;
} else if (sec_firmware_addr & SEC_FIRMWARE_LOADED) {
ret = sec_firmware_entry(eret_hold_l, eret_hold_h);
if (ret) {
printf("SEC Firmware: Failed to initialize\n");
return ret;
}
}
debug("SEC Firmware: Return from SEC Firmware: current_el = %d\n",
current_el());
/*
* The PE will be turned into target EL when returned from
* SEC Firmware.
*/
if (current_el() != SEC_FIRMWARE_TARGET_EL)
return -EACCES;
sec_firmware_addr |= SEC_FIRMWARE_RUNNING;
/* Set exception table and enable caches if it isn't EL3 */
if (current_el() != 3) {
c_runtime_cpu_setup();
enable_caches();
}
return 0;
}
ARMv8/sec_firmware : Update chosen/kaslr-seed with random number kASLR support in kernel requires a random number to be passed via chosen/kaslr-seed propert. sec_firmware generates this random seed which can then be passed in the device tree node. sec_firmware reserves JR3 for it's own usage. Node for JR3 is removed from device-tree. Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
2017-08-16 10:28:10 +00:00
/*
* fdt_fix_kaslr - Add kalsr-seed node in Device tree
* @fdt: Device tree
* @eret: 0 in case of error, 1 for success
*/
int fdt_fixup_kaslr(void *fdt)
{
int nodeoffset;
int err, ret = 0;
u8 rand[8];
#if defined(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT)
/* Check if random seed generation is supported */
armv8: sec_firmware: Remove JR3 from device tree node in all cases JR3 was getting removed from device tree only if random number generation was successful. However, if SEC firmware is present, JR3 should be removed from device tree node irrespective of the random seed generation as SEC firmware reserves it for it's use. Not removing it in case of random number generation failure causes the kernel to crash. Random number generation was being called twice. This is not required. If SEC firmware is running, SIP call can be made to the SEC firmware to get the random number. This call itself would return failure if function is not supported. Duplicate calling of random number generation function has been removed. Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2018-04-12 10:54:35 +00:00
if (sec_firmware_support_hwrng() == false) {
printf("WARNING: SEC firmware not running, no kaslr-seed\n");
ARMv8/sec_firmware : Update chosen/kaslr-seed with random number kASLR support in kernel requires a random number to be passed via chosen/kaslr-seed propert. sec_firmware generates this random seed which can then be passed in the device tree node. sec_firmware reserves JR3 for it's own usage. Node for JR3 is removed from device-tree. Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
2017-08-16 10:28:10 +00:00
return 0;
armv8: sec_firmware: Remove JR3 from device tree node in all cases JR3 was getting removed from device tree only if random number generation was successful. However, if SEC firmware is present, JR3 should be removed from device tree node irrespective of the random seed generation as SEC firmware reserves it for it's use. Not removing it in case of random number generation failure causes the kernel to crash. Random number generation was being called twice. This is not required. If SEC firmware is running, SIP call can be made to the SEC firmware to get the random number. This call itself would return failure if function is not supported. Duplicate calling of random number generation function has been removed. Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2018-04-12 10:54:35 +00:00
}
ARMv8/sec_firmware : Update chosen/kaslr-seed with random number kASLR support in kernel requires a random number to be passed via chosen/kaslr-seed propert. sec_firmware generates this random seed which can then be passed in the device tree node. sec_firmware reserves JR3 for it's own usage. Node for JR3 is removed from device-tree. Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
2017-08-16 10:28:10 +00:00
ret = sec_firmware_get_random(rand, 8);
if (ret < 0) {
printf("WARNING: No random number to set kaslr-seed\n");
return 0;
}
err = fdt_check_header(fdt);
if (err < 0) {
printf("fdt_chosen: %s\n", fdt_strerror(err));
return 0;
}
/* find or create "/chosen" node. */
nodeoffset = fdt_find_or_add_subnode(fdt, 0, "chosen");
if (nodeoffset < 0)
return 0;
err = fdt_setprop(fdt, nodeoffset, "kaslr-seed", rand,
sizeof(rand));
if (err < 0) {
printf("WARNING: can't set kaslr-seed %s.\n",
fdt_strerror(err));
return 0;
}
ret = 1;
#endif
return ret;
}
Reference in a new issue Copy permalink