xref: /rk3399_ARM-atf/bl2/bl2_main.c (revision 16948ae1d9e14190229f0fd8602f8cc0f25d57d2) 
1 /*
2  * Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions are met:
6  *
7  * Redistributions of source code must retain the above copyright notice, this
8  * list of conditions and the following disclaimer.
9  *
10  * Redistributions in binary form must reproduce the above copyright notice,
11  * this list of conditions and the following disclaimer in the documentation
12  * and/or other materials provided with the distribution.
13  *
14  * Neither the name of ARM nor the names of its contributors may be used
15  * to endorse or promote products derived from this software without specific
16  * prior written permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
22  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28  * POSSIBILITY OF SUCH DAMAGE.
29  */
30 
31 #include <arch.h>
32 #include <arch_helpers.h>
33 #include <assert.h>
34 #include <auth.h>
35 #include <bl_common.h>
36 #include <debug.h>
37 #include <platform.h>
38 #include <platform_def.h>
39 #include <stdint.h>
40 #include "bl2_private.h"
41 
42 #if TRUSTED_BOARD_BOOT
43 
44 #ifdef BL32_BASE
45 static int bl32_cert_error;
46 #endif
47 
48 /*
49  * Load and authenticate the key and content certificates for a BL3-x image.
50  * The _blob values identify the authentication objects (an object may be seen
51  * as a single stage in the authentication process). See auth.h for the complete
52  * list of objects. The _id values are passed to the IO framework to identify
53  * the images to load.
54  *
55  * Parameters:
56  *   key_cert_blob: key certificate blob id (see auth.h)
57  *   key_cert_id: key certificate image identifier (for IO framework)
58  *   cont_cert_blob: content certificate blob id (see auth.h)
59  *   cont_cert_id: content certificate image identifier (for IO framework)
60  *   mem_layout: Trusted SRAM memory layout
61  *   load_addr: load the certificates at this address
62  *
63  * Return: 0 = success, Otherwise = error
64  */
65 static int load_cert_bl3x(unsigned int key_cert_blob, unsigned int key_cert_id,
66 			  unsigned int cont_cert_blob, unsigned int cont_cert_id,
67 			  meminfo_t *mem_layout, uint64_t load_addr)
68 {
69 	image_info_t image_info;
70 	int err;
71 
72 	/* Load Key certificate */
73 	image_info.h.version = VERSION_1;
74 	err = load_image(mem_layout, key_cert_id, load_addr, &image_info, NULL);
75 	if (err) {
76 		ERROR("Cannot load key certificate id=%u\n", key_cert_id);
77 		return err;
78 	}
79 
80 	err = auth_verify_obj(key_cert_blob, image_info.image_base,
81 			image_info.image_size);
82 	if (err) {
83 		ERROR("Invalid key certificate id=%u\n", key_cert_id);
84 		return err;
85 	}
86 
87 	/* Load Content certificate */
88 	image_info.h.version = VERSION_1;
89 	err = load_image(mem_layout, cont_cert_id, load_addr, &image_info, NULL);
90 	if (err) {
91 		ERROR("Cannot load content certificate id=%u\n",
92 				cont_cert_id);
93 		return err;
94 	}
95 
96 	err = auth_verify_obj(cont_cert_blob, image_info.image_base,
97 			image_info.image_size);
98 	if (err) {
99 		ERROR("Invalid content certificate id=%u\n", cont_cert_id);
100 		return err;
101 	}
102 
103 	return 0;
104 }
105 
106 /*
107  * Load and authenticate the Trusted Key certificate the key and content
108  * certificates for each of the BL3-x images.
109  *
110  * Return: 0 = success, Otherwise = error
111  */
112 static int load_certs(void)
113 {
114 	const uint64_t load_addr = BL31_BASE;
115 	image_info_t image_info;
116 	meminfo_t *mem_layout;
117 	int err;
118 
119 	/* Find out how much free trusted ram remains after BL2 load */
120 	mem_layout = bl2_plat_sec_mem_layout();
121 
122 	/* Load the Trusted Key certificate in the BL31 region */
123 	image_info.h.version = VERSION_1;
124 	err = load_image(mem_layout, TRUSTED_KEY_CERT_ID, load_addr,
125 			 &image_info, NULL);
126 	if (err) {
127 		ERROR("Failed to load Trusted Key certificate.\n");
128 		return err;
129 	}
130 
131 	/* Validate the certificate */
132 	err = auth_verify_obj(AUTH_TRUSTED_KEY_CERT, image_info.image_base,
133 			image_info.image_size);
134 	if (err) {
135 		ERROR("Invalid Trusted Key certificate.\n");
136 		return err;
137 	}
138 
139 	/* Load and validate Key and Content certificates for BL3-x images */
140 #ifdef BL30_BASE
141 	err = load_cert_bl3x(AUTH_BL30_KEY_CERT, BL30_KEY_CERT_ID,
142 			     AUTH_BL30_IMG_CERT, BL30_CERT_ID,
143 			     mem_layout, load_addr);
144 	if (err) {
145 		ERROR("Failed to verify BL3-0 authenticity\n");
146 		return err;
147 	}
148 #endif /* BL30_BASE */
149 
150 	err = load_cert_bl3x(AUTH_BL31_KEY_CERT, BL31_KEY_CERT_ID,
151 			     AUTH_BL31_IMG_CERT, BL31_CERT_ID,
152 			     mem_layout, load_addr);
153 	if (err) {
154 		ERROR("Failed to verify BL3-1 authenticity\n");
155 		return err;
156 	}
157 
158 #ifdef BL32_BASE
159 	/* BL3-2 image is optional, but keep the return value in case the
160 	 * image is present but the certificate is missing */
161 	err = load_cert_bl3x(AUTH_BL32_KEY_CERT, BL32_KEY_CERT_ID,
162 			     AUTH_BL32_IMG_CERT, BL32_CERT_ID,
163 			     mem_layout, load_addr);
164 	if (err) {
165 		WARN("Failed to verify BL3-2 authenticity\n");
166 	}
167 	bl32_cert_error = err;
168 #endif /* BL32_BASE */
169 
170 	err = load_cert_bl3x(AUTH_BL33_KEY_CERT, BL33_KEY_CERT_ID,
171 			     AUTH_BL33_IMG_CERT, BL33_CERT_ID,
172 			     mem_layout, load_addr);
173 	if (err) {
174 		ERROR("Failed to verify BL3-3 authenticity\n");
175 		return err;
176 	}
177 
178 	return 0;
179 }
180 
181 #endif /* TRUSTED_BOARD_BOOT */
182 
183 /*******************************************************************************
184  * Load the BL3-0 image if there's one.
185  * If a platform does not want to attempt to load BL3-0 image it must leave
186  * BL30_BASE undefined.
187  * Return 0 on success or if there's no BL3-0 image to load, a negative error
188  * code otherwise.
189  ******************************************************************************/
190 static int load_bl30(void)
191 {
192 	int e = 0;
193 #ifdef BL30_BASE
194 	meminfo_t bl30_mem_info;
195 	image_info_t bl30_image_info;
196 
197 	/*
198 	 * It is up to the platform to specify where BL3-0 should be loaded if
199 	 * it exists. It could create space in the secure sram or point to a
200 	 * completely different memory.
201 	 *
202 	 * The entry point information is not relevant in this case as the AP
203 	 * won't execute the BL3-0 image.
204 	 */
205 	INFO("BL2: Loading BL3-0\n");
206 	bl2_plat_get_bl30_meminfo(&bl30_mem_info);
207 	bl30_image_info.h.version = VERSION_1;
208 	e = load_image(&bl30_mem_info,
209 		       BL30_IMAGE_ID,
210 		       BL30_BASE,
211 		       &bl30_image_info,
212 		       NULL);
213 
214 	if (e)
215 		return e;
216 
217 #if TRUSTED_BOARD_BOOT
218 	e = auth_verify_obj(AUTH_BL30_IMG,
219 			bl30_image_info.image_base,
220 			bl30_image_info.image_size);
221 	if (e) {
222 		ERROR("Failed to authenticate BL3-0 image.\n");
223 		return e;
224 	}
225 
226 	/* After working with data, invalidate the data cache */
227 	inv_dcache_range(bl30_image_info.image_base,
228 			(size_t)bl30_image_info.image_size);
229 #endif /* TRUSTED_BOARD_BOOT */
230 
231 	/* The subsequent handling of BL3-0 is platform specific */
232 	e = bl2_plat_handle_bl30(&bl30_image_info);
233 	if (e) {
234 		ERROR("Failure in platform-specific handling of BL3-0 image.\n");
235 		return e;
236 	}
237 #endif /* BL30_BASE */
238 
239 	return e;
240 }
241 
242 /*******************************************************************************
243  * Load the BL3-1 image.
244  * The bl2_to_bl31_params and bl31_ep_info params will be updated with the
245  * relevant BL3-1 information.
246  * Return 0 on success, a negative error code otherwise.
247  ******************************************************************************/
248 static int load_bl31(bl31_params_t *bl2_to_bl31_params,
249 		     entry_point_info_t *bl31_ep_info)
250 {
251 	meminfo_t *bl2_tzram_layout;
252 	int e;
253 
254 	INFO("BL2: Loading BL3-1\n");
255 	assert(bl2_to_bl31_params != NULL);
256 	assert(bl31_ep_info != NULL);
257 
258 	/* Find out how much free trusted ram remains after BL2 load */
259 	bl2_tzram_layout = bl2_plat_sec_mem_layout();
260 
261 	/* Set the X0 parameter to BL3-1 */
262 	bl31_ep_info->args.arg0 = (unsigned long)bl2_to_bl31_params;
263 
264 	/* Load the BL3-1 image */
265 	e = load_image(bl2_tzram_layout,
266 		       BL31_IMAGE_ID,
267 		       BL31_BASE,
268 		       bl2_to_bl31_params->bl31_image_info,
269 		       bl31_ep_info);
270 	if (e)
271 		return e;
272 
273 #if TRUSTED_BOARD_BOOT
274 	e = auth_verify_obj(AUTH_BL31_IMG,
275 			    bl2_to_bl31_params->bl31_image_info->image_base,
276 			    bl2_to_bl31_params->bl31_image_info->image_size);
277 	if (e) {
278 		ERROR("Failed to authenticate BL3-1 image.\n");
279 		return e;
280 	}
281 
282 	/* After working with data, invalidate the data cache */
283 	inv_dcache_range(bl2_to_bl31_params->bl31_image_info->image_base,
284 			(size_t)bl2_to_bl31_params->bl31_image_info->image_size);
285 #endif /* TRUSTED_BOARD_BOOT */
286 
287 	bl2_plat_set_bl31_ep_info(bl2_to_bl31_params->bl31_image_info,
288 				  bl31_ep_info);
289 
290 	return e;
291 }
292 
293 /*******************************************************************************
294  * Load the BL3-2 image if there's one.
295  * The bl2_to_bl31_params param will be updated with the relevant BL3-2
296  * information.
297  * If a platform does not want to attempt to load BL3-2 image it must leave
298  * BL32_BASE undefined.
299  * Return 0 on success or if there's no BL3-2 image to load, a negative error
300  * code otherwise.
301  ******************************************************************************/
302 static int load_bl32(bl31_params_t *bl2_to_bl31_params)
303 {
304 	int e = 0;
305 #ifdef BL32_BASE
306 	meminfo_t bl32_mem_info;
307 
308 	INFO("BL2: Loading BL3-2\n");
309 	assert(bl2_to_bl31_params != NULL);
310 
311 	/*
312 	 * It is up to the platform to specify where BL3-2 should be loaded if
313 	 * it exists. It could create space in the secure sram or point to a
314 	 * completely different memory.
315 	 */
316 	bl2_plat_get_bl32_meminfo(&bl32_mem_info);
317 	e = load_image(&bl32_mem_info,
318 		       BL32_IMAGE_ID,
319 		       BL32_BASE,
320 		       bl2_to_bl31_params->bl32_image_info,
321 		       bl2_to_bl31_params->bl32_ep_info);
322 
323 	if (e)
324 		return e;
325 
326 #if TRUSTED_BOARD_BOOT
327 	/* Image is present. Check if there is a valid certificate */
328 	if (bl32_cert_error) {
329 		ERROR("Failed to authenticate BL3-2 certificates.\n");
330 		return bl32_cert_error;
331 	}
332 
333 	e = auth_verify_obj(AUTH_BL32_IMG,
334 			    bl2_to_bl31_params->bl32_image_info->image_base,
335 			    bl2_to_bl31_params->bl32_image_info->image_size);
336 	if (e) {
337 		ERROR("Failed to authenticate BL3-2 image.\n");
338 		return e;
339 	}
340 	/* After working with data, invalidate the data cache */
341 	inv_dcache_range(bl2_to_bl31_params->bl32_image_info->image_base,
342 			(size_t)bl2_to_bl31_params->bl32_image_info->image_size);
343 #endif /* TRUSTED_BOARD_BOOT */
344 
345 	bl2_plat_set_bl32_ep_info(
346 		bl2_to_bl31_params->bl32_image_info,
347 		bl2_to_bl31_params->bl32_ep_info);
348 #endif /* BL32_BASE */
349 
350 	return e;
351 }
352 
353 /*******************************************************************************
354  * Load the BL3-3 image.
355  * The bl2_to_bl31_params param will be updated with the relevant BL3-3
356  * information.
357  * Return 0 on success, a negative error code otherwise.
358  ******************************************************************************/
359 static int load_bl33(bl31_params_t *bl2_to_bl31_params)
360 {
361 	meminfo_t bl33_mem_info;
362 	int e;
363 
364 	INFO("BL2: Loading BL3-3\n");
365 	assert(bl2_to_bl31_params != NULL);
366 
367 	bl2_plat_get_bl33_meminfo(&bl33_mem_info);
368 
369 	/* Load the BL3-3 image in non-secure memory provided by the platform */
370 	e = load_image(&bl33_mem_info,
371 		       BL33_IMAGE_ID,
372 		       plat_get_ns_image_entrypoint(),
373 		       bl2_to_bl31_params->bl33_image_info,
374 		       bl2_to_bl31_params->bl33_ep_info);
375 
376 	if (e)
377 		return e;
378 
379 #if TRUSTED_BOARD_BOOT
380 	e = auth_verify_obj(AUTH_BL33_IMG,
381 			    bl2_to_bl31_params->bl33_image_info->image_base,
382 			    bl2_to_bl31_params->bl33_image_info->image_size);
383 	if (e) {
384 		ERROR("Failed to authenticate BL3-3 image.\n");
385 		return e;
386 	}
387 	/* After working with data, invalidate the data cache */
388 	inv_dcache_range(bl2_to_bl31_params->bl33_image_info->image_base,
389 			(size_t)bl2_to_bl31_params->bl33_image_info->image_size);
390 #endif /* TRUSTED_BOARD_BOOT */
391 
392 	bl2_plat_set_bl33_ep_info(bl2_to_bl31_params->bl33_image_info,
393 				  bl2_to_bl31_params->bl33_ep_info);
394 
395 	return e;
396 }
397 
398 /*******************************************************************************
399  * The only thing to do in BL2 is to load further images and pass control to
400  * BL3-1. The memory occupied by BL2 will be reclaimed by BL3-x stages. BL2 runs
401  * entirely in S-EL1.
402  ******************************************************************************/
403 void bl2_main(void)
404 {
405 	bl31_params_t *bl2_to_bl31_params;
406 	entry_point_info_t *bl31_ep_info;
407 	int e;
408 
409 	NOTICE("BL2: %s\n", version_string);
410 	NOTICE("BL2: %s\n", build_message);
411 
412 	/* Perform remaining generic architectural setup in S-EL1 */
413 	bl2_arch_setup();
414 
415 #if TRUSTED_BOARD_BOOT
416 	/* Initialize authentication module */
417 	auth_init();
418 
419 	/* Validate the certificates involved in the Chain of Trust */
420 	e = load_certs();
421 	if (e) {
422 		ERROR("Chain of Trust invalid. Aborting...\n");
423 		panic();
424 	}
425 #endif /* TRUSTED_BOARD_BOOT */
426 
427 	/*
428 	 * Load the subsequent bootloader images
429 	 */
430 	e = load_bl30();
431 	if (e) {
432 		ERROR("Failed to load BL3-0 (%i)\n", e);
433 		panic();
434 	}
435 
436 	/* Perform platform setup in BL2 after loading BL3-0 */
437 	bl2_platform_setup();
438 
439 	/*
440 	 * Get a pointer to the memory the platform has set aside to pass
441 	 * information to BL3-1.
442 	 */
443 	bl2_to_bl31_params = bl2_plat_get_bl31_params();
444 	bl31_ep_info = bl2_plat_get_bl31_ep_info();
445 
446 	e = load_bl31(bl2_to_bl31_params, bl31_ep_info);
447 	if (e) {
448 		ERROR("Failed to load BL3-1 (%i)\n", e);
449 		panic();
450 	}
451 
452 	e = load_bl32(bl2_to_bl31_params);
453 	if (e)
454 		WARN("Failed to load BL3-2 (%i)\n", e);
455 
456 	e = load_bl33(bl2_to_bl31_params);
457 	if (e) {
458 		ERROR("Failed to load BL3-3 (%i)\n", e);
459 		panic();
460 	}
461 
462 	/* Flush the params to be passed to memory */
463 	bl2_plat_flush_bl31_params();
464 
465 	/*
466 	 * Run BL3-1 via an SMC to BL1. Information on how to pass control to
467 	 * the BL3-2 (if present) and BL3-3 software images will be passed to
468 	 * BL3-1 as an argument.
469 	 */
470 	smc(RUN_IMAGE, (unsigned long)bl31_ep_info, 0, 0, 0, 0, 0, 0);
471 }
472