xref: /rk3399_ARM-atf/bl2/bl2_main.c (revision 9f64f7a4f708549ed69d9c26b92abf00b5272934) 
1 /*
2  * Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions are met:
6  *
7  * Redistributions of source code must retain the above copyright notice, this
8  * list of conditions and the following disclaimer.
9  *
10  * Redistributions in binary form must reproduce the above copyright notice,
11  * this list of conditions and the following disclaimer in the documentation
12  * and/or other materials provided with the distribution.
13  *
14  * Neither the name of ARM nor the names of its contributors may be used
15  * to endorse or promote products derived from this software without specific
16  * prior written permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
22  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28  * POSSIBILITY OF SUCH DAMAGE.
29  */
30 
31 #include <arch.h>
32 #include <arch_helpers.h>
33 #include <assert.h>
34 #include <auth.h>
35 #include <bl_common.h>
36 #include <debug.h>
37 #include <platform.h>
38 #include <platform_def.h>
39 #include "bl2_private.h"
40 
41 #if TRUSTED_BOARD_BOOT
42 
43 #ifdef BL32_BASE
44 static int bl32_cert_error;
45 #endif
46 
47 /*
48  * Load and authenticate the key and content certificates for a BL3-x image
49  *
50  * Parameters:
51  *   key_cert_blob: key certificate blob id (see auth.h)
52  *   key_cert_name: key certificate filename
53  *   cont_cert_blob: content certificate blob id (see auth.h)
54  *   cont_cert_name: content certificate filename
55  *   mem_layout: Trusted SRAM memory layout
56  *   load_addr: load the certificates at this address
57  *
58  * Return: 0 = success, Otherwise = error
59  */
60 static int load_cert_bl3x(int key_cert_blob, const char *key_cert_name,
61 			  int cont_cert_blob, const char *cont_cert_name,
62 			  meminfo_t *mem_layout, uint64_t load_addr)
63 {
64 	image_info_t image_info;
65 	int err;
66 
67 	/* Load Key certificate */
68 	image_info.h.version = VERSION_1;
69 	err = load_image(mem_layout, key_cert_name, load_addr, &image_info, NULL);
70 	if (err) {
71 		ERROR("Cannot load %s.\n", key_cert_name);
72 		return err;
73 	}
74 
75 	err = auth_verify_obj(key_cert_blob, image_info.image_base,
76 			image_info.image_size);
77 	if (err) {
78 		ERROR("Invalid key certificate %s.\n", key_cert_name);
79 		return err;
80 	}
81 
82 	/* Load Content certificate */
83 	image_info.h.version = VERSION_1;
84 	err = load_image(mem_layout, cont_cert_name, load_addr, &image_info, NULL);
85 	if (err) {
86 		ERROR("Cannot load %s.\n", cont_cert_name);
87 		return err;
88 	}
89 
90 	err = auth_verify_obj(cont_cert_blob, image_info.image_base,
91 			image_info.image_size);
92 	if (err) {
93 		ERROR("Invalid content certificate %s.\n", cont_cert_name);
94 		return err;
95 	}
96 
97 	return 0;
98 }
99 
100 /*
101  * Load and authenticate the Trusted Key certificate the key and content
102  * certificates for each of the BL3-x images.
103  *
104  * Return: 0 = success, Otherwise = error
105  */
106 static int load_certs(void)
107 {
108 	const uint64_t load_addr = BL31_BASE;
109 	image_info_t image_info;
110 	meminfo_t *mem_layout;
111 	int err;
112 
113 	/* Find out how much free trusted ram remains after BL2 load */
114 	mem_layout = bl2_plat_sec_mem_layout();
115 
116 	/* Load the Trusted Key certificate in the BL31 region */
117 	image_info.h.version = VERSION_1;
118 	err = load_image(mem_layout, TRUSTED_KEY_CERT_NAME, load_addr,
119 			 &image_info, NULL);
120 	if (err) {
121 		ERROR("Failed to load Trusted Key certificate.\n");
122 		return err;
123 	}
124 
125 	/* Validate the certificate */
126 	err = auth_verify_obj(AUTH_TRUSTED_KEY_CERT, image_info.image_base,
127 			image_info.image_size);
128 	if (err) {
129 		ERROR("Invalid Trusted Key certificate.\n");
130 		return err;
131 	}
132 
133 	/* Load and validate Key and Content certificates for BL3-x images */
134 #ifdef BL30_BASE
135 	err = load_cert_bl3x(AUTH_BL30_KEY_CERT, BL30_KEY_CERT_NAME,
136 			     AUTH_BL30_IMG_CERT, BL30_CERT_NAME,
137 			     mem_layout, load_addr);
138 	if (err) {
139 		ERROR("Failed to verify BL3-0 authenticity\n");
140 		return err;
141 	}
142 #endif /* BL30_BASE */
143 
144 	err = load_cert_bl3x(AUTH_BL31_KEY_CERT, BL31_KEY_CERT_NAME,
145 			     AUTH_BL31_IMG_CERT, BL31_CERT_NAME,
146 			     mem_layout, load_addr);
147 	if (err) {
148 		ERROR("Failed to verify BL3-1 authenticity\n");
149 		return err;
150 	}
151 
152 #ifdef BL32_BASE
153 	/* BL3-2 image is optional, but keep the return value in case the
154 	 * image is present but the certificate is missing */
155 	err = load_cert_bl3x(AUTH_BL32_KEY_CERT, BL32_KEY_CERT_NAME,
156 			     AUTH_BL32_IMG_CERT, BL32_CERT_NAME,
157 			     mem_layout, load_addr);
158 	if (err) {
159 		WARN("Failed to verify BL3-2 authenticity\n");
160 	}
161 	bl32_cert_error = err;
162 #endif /* BL32_BASE */
163 
164 	err = load_cert_bl3x(AUTH_BL33_KEY_CERT, BL33_KEY_CERT_NAME,
165 			     AUTH_BL33_IMG_CERT, BL33_CERT_NAME,
166 			     mem_layout, load_addr);
167 	if (err) {
168 		ERROR("Failed to verify BL3-3 authenticity\n");
169 		return err;
170 	}
171 
172 	return 0;
173 }
174 
175 #endif /* TRUSTED_BOARD_BOOT */
176 
177 /*******************************************************************************
178  * Load the BL3-0 image if there's one.
179  * If a platform does not want to attempt to load BL3-0 image it must leave
180  * BL30_BASE undefined.
181  * Return 0 on success or if there's no BL3-0 image to load, a negative error
182  * code otherwise.
183  ******************************************************************************/
184 static int load_bl30(void)
185 {
186 	int e = 0;
187 #ifdef BL30_BASE
188 	meminfo_t bl30_mem_info;
189 	image_info_t bl30_image_info;
190 
191 	/*
192 	 * It is up to the platform to specify where BL3-0 should be loaded if
193 	 * it exists. It could create space in the secure sram or point to a
194 	 * completely different memory.
195 	 *
196 	 * The entry point information is not relevant in this case as the AP
197 	 * won't execute the BL3-0 image.
198 	 */
199 	INFO("BL2: Loading BL3-0\n");
200 	bl2_plat_get_bl30_meminfo(&bl30_mem_info);
201 	bl30_image_info.h.version = VERSION_1;
202 	e = load_image(&bl30_mem_info,
203 		       BL30_IMAGE_NAME,
204 		       BL30_BASE,
205 		       &bl30_image_info,
206 		       NULL);
207 
208 	if (e)
209 		return e;
210 
211 #if TRUSTED_BOARD_BOOT
212 	e = auth_verify_obj(AUTH_BL30_IMG,
213 			bl30_image_info.image_base,
214 			bl30_image_info.image_size);
215 	if (e) {
216 		ERROR("Failed to authenticate BL3-0 image.\n");
217 		return e;
218 	}
219 
220 	/* After working with data, invalidate the data cache */
221 	inv_dcache_range(bl30_image_info.image_base,
222 			(size_t)bl30_image_info.image_size);
223 #endif /* TRUSTED_BOARD_BOOT */
224 
225 	/* The subsequent handling of BL3-0 is platform specific */
226 	e = bl2_plat_handle_bl30(&bl30_image_info);
227 	if (e) {
228 		ERROR("Failure in platform-specific handling of BL3-0 image.\n");
229 		return e;
230 	}
231 #endif /* BL30_BASE */
232 
233 	return e;
234 }
235 
236 /*******************************************************************************
237  * Load the BL3-1 image.
238  * The bl2_to_bl31_params and bl31_ep_info params will be updated with the
239  * relevant BL3-1 information.
240  * Return 0 on success, a negative error code otherwise.
241  ******************************************************************************/
242 static int load_bl31(bl31_params_t *bl2_to_bl31_params,
243 		     entry_point_info_t *bl31_ep_info)
244 {
245 	meminfo_t *bl2_tzram_layout;
246 	int e;
247 
248 	INFO("BL2: Loading BL3-1\n");
249 	assert(bl2_to_bl31_params != NULL);
250 	assert(bl31_ep_info != NULL);
251 
252 	/* Find out how much free trusted ram remains after BL2 load */
253 	bl2_tzram_layout = bl2_plat_sec_mem_layout();
254 
255 	/* Set the X0 parameter to BL3-1 */
256 	bl31_ep_info->args.arg0 = (unsigned long)bl2_to_bl31_params;
257 
258 	/* Load the BL3-1 image */
259 	e = load_image(bl2_tzram_layout,
260 		       BL31_IMAGE_NAME,
261 		       BL31_BASE,
262 		       bl2_to_bl31_params->bl31_image_info,
263 		       bl31_ep_info);
264 	if (e)
265 		return e;
266 
267 #if TRUSTED_BOARD_BOOT
268 	e = auth_verify_obj(AUTH_BL31_IMG,
269 			    bl2_to_bl31_params->bl31_image_info->image_base,
270 			    bl2_to_bl31_params->bl31_image_info->image_size);
271 	if (e) {
272 		ERROR("Failed to authenticate BL3-1 image.\n");
273 		return e;
274 	}
275 
276 	/* After working with data, invalidate the data cache */
277 	inv_dcache_range(bl2_to_bl31_params->bl31_image_info->image_base,
278 			(size_t)bl2_to_bl31_params->bl31_image_info->image_size);
279 #endif /* TRUSTED_BOARD_BOOT */
280 
281 	bl2_plat_set_bl31_ep_info(bl2_to_bl31_params->bl31_image_info,
282 				  bl31_ep_info);
283 
284 	return e;
285 }
286 
287 /*******************************************************************************
288  * Load the BL3-2 image if there's one.
289  * The bl2_to_bl31_params param will be updated with the relevant BL3-2
290  * information.
291  * If a platform does not want to attempt to load BL3-2 image it must leave
292  * BL32_BASE undefined.
293  * Return 0 on success or if there's no BL3-2 image to load, a negative error
294  * code otherwise.
295  ******************************************************************************/
296 static int load_bl32(bl31_params_t *bl2_to_bl31_params)
297 {
298 	int e = 0;
299 #ifdef BL32_BASE
300 	meminfo_t bl32_mem_info;
301 
302 	INFO("BL2: Loading BL3-2\n");
303 	assert(bl2_to_bl31_params != NULL);
304 
305 	/*
306 	 * It is up to the platform to specify where BL3-2 should be loaded if
307 	 * it exists. It could create space in the secure sram or point to a
308 	 * completely different memory.
309 	 */
310 	bl2_plat_get_bl32_meminfo(&bl32_mem_info);
311 	e = load_image(&bl32_mem_info,
312 		       BL32_IMAGE_NAME,
313 		       BL32_BASE,
314 		       bl2_to_bl31_params->bl32_image_info,
315 		       bl2_to_bl31_params->bl32_ep_info);
316 
317 	if (e)
318 		return e;
319 
320 #if TRUSTED_BOARD_BOOT
321 	/* Image is present. Check if there is a valid certificate */
322 	if (bl32_cert_error) {
323 		ERROR("Failed to authenticate BL3-2 certificates.\n");
324 		return bl32_cert_error;
325 	}
326 
327 	e = auth_verify_obj(AUTH_BL32_IMG,
328 			    bl2_to_bl31_params->bl32_image_info->image_base,
329 			    bl2_to_bl31_params->bl32_image_info->image_size);
330 	if (e) {
331 		ERROR("Failed to authenticate BL3-2 image.\n");
332 		return e;
333 	}
334 	/* After working with data, invalidate the data cache */
335 	inv_dcache_range(bl2_to_bl31_params->bl32_image_info->image_base,
336 			(size_t)bl2_to_bl31_params->bl32_image_info->image_size);
337 #endif /* TRUSTED_BOARD_BOOT */
338 
339 	bl2_plat_set_bl32_ep_info(
340 		bl2_to_bl31_params->bl32_image_info,
341 		bl2_to_bl31_params->bl32_ep_info);
342 #endif /* BL32_BASE */
343 
344 	return e;
345 }
346 
347 /*******************************************************************************
348  * Load the BL3-3 image.
349  * The bl2_to_bl31_params param will be updated with the relevant BL3-3
350  * information.
351  * Return 0 on success, a negative error code otherwise.
352  ******************************************************************************/
353 static int load_bl33(bl31_params_t *bl2_to_bl31_params)
354 {
355 	meminfo_t bl33_mem_info;
356 	int e;
357 
358 	INFO("BL2: Loading BL3-3\n");
359 	assert(bl2_to_bl31_params != NULL);
360 
361 	bl2_plat_get_bl33_meminfo(&bl33_mem_info);
362 
363 	/* Load the BL3-3 image in non-secure memory provided by the platform */
364 	e = load_image(&bl33_mem_info,
365 		       BL33_IMAGE_NAME,
366 		       plat_get_ns_image_entrypoint(),
367 		       bl2_to_bl31_params->bl33_image_info,
368 		       bl2_to_bl31_params->bl33_ep_info);
369 
370 	if (e)
371 		return e;
372 
373 #if TRUSTED_BOARD_BOOT
374 	e = auth_verify_obj(AUTH_BL33_IMG,
375 			    bl2_to_bl31_params->bl33_image_info->image_base,
376 			    bl2_to_bl31_params->bl33_image_info->image_size);
377 	if (e) {
378 		ERROR("Failed to authenticate BL3-3 image.\n");
379 		return e;
380 	}
381 	/* After working with data, invalidate the data cache */
382 	inv_dcache_range(bl2_to_bl31_params->bl33_image_info->image_base,
383 			(size_t)bl2_to_bl31_params->bl33_image_info->image_size);
384 #endif /* TRUSTED_BOARD_BOOT */
385 
386 	bl2_plat_set_bl33_ep_info(bl2_to_bl31_params->bl33_image_info,
387 				  bl2_to_bl31_params->bl33_ep_info);
388 
389 	return e;
390 }
391 
392 /*******************************************************************************
393  * The only thing to do in BL2 is to load further images and pass control to
394  * BL3-1. The memory occupied by BL2 will be reclaimed by BL3-x stages. BL2 runs
395  * entirely in S-EL1.
396  ******************************************************************************/
397 void bl2_main(void)
398 {
399 	bl31_params_t *bl2_to_bl31_params;
400 	entry_point_info_t *bl31_ep_info;
401 	int e;
402 
403 	NOTICE("BL2: %s\n", version_string);
404 	NOTICE("BL2: %s\n", build_message);
405 
406 	/* Perform remaining generic architectural setup in S-EL1 */
407 	bl2_arch_setup();
408 
409 #if TRUSTED_BOARD_BOOT
410 	/* Initialize authentication module */
411 	auth_init();
412 
413 	/* Validate the certificates involved in the Chain of Trust */
414 	e = load_certs();
415 	if (e) {
416 		ERROR("Chain of Trust invalid. Aborting...\n");
417 		panic();
418 	}
419 #endif /* TRUSTED_BOARD_BOOT */
420 
421 	/*
422 	 * Load the subsequent bootloader images
423 	 */
424 	e = load_bl30();
425 	if (e) {
426 		ERROR("Failed to load BL3-0 (%i)\n", e);
427 		panic();
428 	}
429 
430 	/* Perform platform setup in BL2 after loading BL3-0 */
431 	bl2_platform_setup();
432 
433 	/*
434 	 * Get a pointer to the memory the platform has set aside to pass
435 	 * information to BL3-1.
436 	 */
437 	bl2_to_bl31_params = bl2_plat_get_bl31_params();
438 	bl31_ep_info = bl2_plat_get_bl31_ep_info();
439 
440 	e = load_bl31(bl2_to_bl31_params, bl31_ep_info);
441 	if (e) {
442 		ERROR("Failed to load BL3-1 (%i)\n", e);
443 		panic();
444 	}
445 
446 	e = load_bl32(bl2_to_bl31_params);
447 	if (e)
448 		WARN("Failed to load BL3-2 (%i)\n", e);
449 
450 	e = load_bl33(bl2_to_bl31_params);
451 	if (e) {
452 		ERROR("Failed to load BL3-3 (%i)\n", e);
453 		panic();
454 	}
455 
456 	/* Flush the params to be passed to memory */
457 	bl2_plat_flush_bl31_params();
458 
459 	/*
460 	 * Run BL3-1 via an SMC to BL1. Information on how to pass control to
461 	 * the BL3-2 (if present) and BL3-3 software images will be passed to
462 	 * BL3-1 as an argument.
463 	 */
464 	smc(RUN_IMAGE, (unsigned long)bl31_ep_info, 0, 0, 0, 0, 0, 0);
465 }
466