1 /*
2 * Copyright (c) 2024-2025, Arm Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <stdint.h>
8
9 #include <common/debug.h>
10 #include <drivers/measured_boot/metadata.h>
11 #include <drivers/measured_boot/rse/dice_prot_env.h>
12 #include <plat/arm/common/plat_arm.h>
13 #include <plat/common/platform.h>
14 #include <platform_def.h>
15 #include <tools_share/tbbr_oid.h>
16
17 #include "tc_dpe.h"
18 #include <tc_rse_comms.h>
19
20 /*
21 * The content and the values of this array depends on:
22 * - build config: Which components are loaded: SPMD, TOS, SPx, etc ?
23 * - boot order: the last element in a layer should be treated differently.
24 */
25
26 /*
27 * TODO:
28 * - The content of the array must be tailored according to the build
29 * config (TOS, SPMD, etc). All loaded components (executables and
30 * config blobs) must be present in this array.
31 * - Current content is according to the Trusty build config.
32 */
33 struct dpe_metadata tc_dpe_metadata[] = {
34 {
35 .id = BL31_IMAGE_ID,
36 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
37 .signer_id_size = SIGNER_ID_MIN_SIZE,
38 .sw_type = MBOOT_BL31_IMAGE_STRING,
39 .allow_new_context_to_derive = false,
40 .retain_parent_context = true,
41 .create_certificate = false,
42 .target_locality = LOCALITY_NONE, /* won't derive don't care */
43 .pk_oid = BL31_IMAGE_KEY_OID },
44 {
45 .id = BL32_IMAGE_ID,
46 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
47 .signer_id_size = SIGNER_ID_MIN_SIZE,
48 .sw_type = MBOOT_BL32_IMAGE_STRING,
49 .allow_new_context_to_derive = false,
50 .retain_parent_context = true,
51 .create_certificate = false,
52 .target_locality = LOCALITY_NONE, /* won't derive don't care */
53 .pk_oid = BL32_IMAGE_KEY_OID },
54 {
55 .id = BL33_IMAGE_ID,
56 .cert_id = DPE_HYPERVISOR_CERT_ID,
57 .signer_id_size = SIGNER_ID_MIN_SIZE,
58 .sw_type = MBOOT_BL33_IMAGE_STRING,
59 .allow_new_context_to_derive = true,
60 .retain_parent_context = true,
61 .create_certificate = false,
62 .target_locality = LOCALITY_AP_NS,
63 .pk_oid = BL33_IMAGE_KEY_OID },
64
65 {
66 .id = HW_CONFIG_ID,
67 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
68 .signer_id_size = SIGNER_ID_MIN_SIZE,
69 .sw_type = MBOOT_HW_CONFIG_STRING,
70 .allow_new_context_to_derive = false,
71 .retain_parent_context = true,
72 .create_certificate = false,
73 .target_locality = LOCALITY_NONE, /* won't derive don't care */
74 .pk_oid = HW_CONFIG_KEY_OID },
75 {
76 .id = NT_FW_CONFIG_ID,
77 .cert_id = DPE_HYPERVISOR_CERT_ID,
78 .signer_id_size = SIGNER_ID_MIN_SIZE,
79 .sw_type = MBOOT_NT_FW_CONFIG_STRING,
80 .allow_new_context_to_derive = false,
81 .retain_parent_context = true,
82 .create_certificate = false,
83 .target_locality = LOCALITY_NONE, /* won't derive don't care */
84 .pk_oid = NT_FW_CONFIG_KEY_OID },
85 {
86 .id = SCP_BL2_IMAGE_ID,
87 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
88 .signer_id_size = SIGNER_ID_MIN_SIZE,
89 .sw_type = MBOOT_SCP_BL2_IMAGE_STRING,
90 .allow_new_context_to_derive = false,
91 .retain_parent_context = true,
92 .create_certificate = false,
93 .target_locality = LOCALITY_NONE, /* won't derive don't care */
94 .pk_oid = SCP_BL2_IMAGE_KEY_OID },
95 {
96 .id = SOC_FW_CONFIG_ID,
97 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
98 .signer_id_size = SIGNER_ID_MIN_SIZE,
99 .sw_type = MBOOT_SOC_FW_CONFIG_STRING,
100 .allow_new_context_to_derive = false,
101 .retain_parent_context = true,
102 .create_certificate = false,
103 .target_locality = LOCALITY_NONE, /* won't derive don't care */
104 .pk_oid = SOC_FW_CONFIG_KEY_OID },
105 {
106 .id = TOS_FW_CONFIG_ID,
107 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
108 .signer_id_size = SIGNER_ID_MIN_SIZE,
109 .sw_type = MBOOT_TOS_FW_CONFIG_STRING,
110 .allow_new_context_to_derive = false,
111 .retain_parent_context = true,
112 .create_certificate = false,
113 .target_locality = LOCALITY_NONE, /* won't derive don't care */
114 .pk_oid = TOS_FW_CONFIG_KEY_OID },
115 #if defined(SPD_spmd)
116 {
117 .id = SP_PKG1_ID,
118 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
119 .signer_id_size = SIGNER_ID_MIN_SIZE,
120 .sw_type = MBOOT_SP1_STRING,
121 .allow_new_context_to_derive = false,
122 .retain_parent_context = true,
123 .create_certificate = false,
124 .target_locality = LOCALITY_NONE, /* won't derive don't care */
125 .pk_oid = NULL },
126 {
127 .id = SP_PKG2_ID,
128 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
129 .signer_id_size = SIGNER_ID_MIN_SIZE,
130 .sw_type = MBOOT_SP2_STRING,
131 .allow_new_context_to_derive = false,
132 .retain_parent_context = true,
133 .create_certificate = false,
134 .target_locality = LOCALITY_NONE, /* won't derive don't care */
135 .pk_oid = NULL },
136 {
137 .id = SP_PKG3_ID,
138 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
139 .signer_id_size = SIGNER_ID_MIN_SIZE,
140 .sw_type = MBOOT_SP3_STRING,
141 .allow_new_context_to_derive = false,
142 .retain_parent_context = true,
143 .create_certificate = false,
144 .target_locality = LOCALITY_NONE, /* won't derive don't care */
145 .pk_oid = NULL },
146 {
147 .id = SP_PKG4_ID,
148 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
149 .signer_id_size = SIGNER_ID_MIN_SIZE,
150 .sw_type = MBOOT_SP4_STRING,
151 .allow_new_context_to_derive = false,
152 .retain_parent_context = true,
153 .create_certificate = false,
154 .target_locality = LOCALITY_NONE, /* won't derive don't care */
155 .pk_oid = NULL },
156 {
157 .id = SP_PKG5_ID,
158 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
159 .signer_id_size = SIGNER_ID_MIN_SIZE,
160 .sw_type = MBOOT_SP5_STRING,
161 .allow_new_context_to_derive = false,
162 .retain_parent_context = true,
163 .create_certificate = false,
164 .target_locality = LOCALITY_NONE, /* won't derive don't care */
165 .pk_oid = NULL },
166 {
167 .id = SP_PKG6_ID,
168 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
169 .signer_id_size = SIGNER_ID_MIN_SIZE,
170 .sw_type = MBOOT_SP6_STRING,
171 .allow_new_context_to_derive = false,
172 .retain_parent_context = true,
173 .create_certificate = false,
174 .target_locality = LOCALITY_NONE, /* won't derive don't care */
175 .pk_oid = NULL },
176 {
177 .id = SP_PKG7_ID,
178 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
179 .signer_id_size = SIGNER_ID_MIN_SIZE,
180 .sw_type = MBOOT_SP7_STRING,
181 .allow_new_context_to_derive = false,
182 .retain_parent_context = true,
183 .create_certificate = false,
184 .target_locality = LOCALITY_NONE, /* won't derive don't care */
185 .pk_oid = NULL },
186 {
187 .id = SP_PKG8_ID,
188 .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */
189 .signer_id_size = SIGNER_ID_MIN_SIZE,
190 .sw_type = MBOOT_SP8_STRING,
191 .allow_new_context_to_derive = false,
192 .retain_parent_context = true,
193 .create_certificate = false,
194 .target_locality = LOCALITY_NONE, /* won't derive don't care */
195 .pk_oid = NULL },
196
197 #endif
198 {
199 .id = DPE_INVALID_ID }
200 };
201
202 /* Context handle is meant to be used by BL33. Sharing it via NT_FW_CONFIG */
203 static int new_ctx_handle;
204
plat_dpe_share_context_handle(int * ctx_handle,int * parent_ctx_handle)205 void plat_dpe_share_context_handle(int *ctx_handle, int *parent_ctx_handle)
206 {
207 new_ctx_handle = *ctx_handle;
208
209 /* Irrelevant in BL2 because cold restart resumes CPU in BL1 */
210 (void)parent_ctx_handle;
211 }
212
plat_dpe_get_context_handle(int * ctx_handle)213 void plat_dpe_get_context_handle(int *ctx_handle)
214 {
215 int rc;
216
217 rc = arm_get_tb_fw_info(ctx_handle);
218 if (rc != 0) {
219 ERROR("Unable to get DPE context handle from TB_FW_CONFIG\n");
220 /*
221 * It is a fatal error because on FVP platform, BL2 software
222 * assumes that a valid DPE context_handle is passed through
223 * the DTB object by BL1.
224 */
225 plat_panic_handler();
226 }
227
228 VERBOSE("Received DPE context handle: 0x%x\n", *ctx_handle);
229 }
230
bl2_plat_mboot_init(void)231 void bl2_plat_mboot_init(void)
232 {
233 #if defined(SPD_spmd)
234 size_t i;
235 const size_t array_size = ARRAY_SIZE(tc_dpe_metadata);
236
237 for (i = 0U; i < array_size; i++) {
238 if (tc_dpe_metadata[i].id != SP_PKG1_ID) {
239 continue;
240 }
241
242 if ((i + NUM_SP > array_size) || (i - 1 + NUM_SP < 0)) {
243 ERROR("Secure partition number is out-of-range\n");
244 ERROR(" Non-Secure partition number: %ld\n", i);
245 ERROR(" Secure partition number: %d\n", NUM_SP);
246 ERROR(" Metadata array size: %ld\n", array_size);
247 panic();
248 }
249
250 /* Finalize the certificate on the last secure partition */
251 tc_dpe_metadata[i - 1 + NUM_SP].create_certificate = true;
252 break;
253 }
254 #endif
255
256 /* Initialize the communication channel between AP and RSE */
257 (void)plat_rse_comms_init();
258
259 dpe_init(tc_dpe_metadata);
260 }
261
bl2_plat_mboot_finish(void)262 void bl2_plat_mboot_finish(void)
263 {
264 int rc;
265
266 VERBOSE("Share DPE context handle with BL33: 0x%x\n", new_ctx_handle);
267 rc = arm_set_nt_fw_info(&new_ctx_handle);
268 if (rc != 0) {
269 ERROR("Unable to set DPE context handle in NT_FW_CONFIG\n");
270 /*
271 * It is a fatal error because on TC platform, BL33 software
272 * assumes that a valid DPE context_handle is passed through
273 * the DTB object by BL2.
274 */
275 plat_panic_handler();
276 }
277 }
278