1e7f1181fSTamas Ban /* 2e7f1181fSTamas Ban * Copyright (c) 2024, Arm Limited. All rights reserved. 3e7f1181fSTamas Ban * 4e7f1181fSTamas Ban * SPDX-License-Identifier: BSD-3-Clause 5e7f1181fSTamas Ban */ 6e7f1181fSTamas Ban 7e7f1181fSTamas Ban #include <stdint.h> 8e7f1181fSTamas Ban 903d388d8STamas Ban #include <common/debug.h> 107f8589cdSTamas Ban #include <drivers/arm/rse_comms.h> 11e7f1181fSTamas Ban #include <drivers/measured_boot/metadata.h> 127f8589cdSTamas Ban #include <drivers/measured_boot/rse/dice_prot_env.h> 13e7f1181fSTamas Ban #include <plat/arm/common/plat_arm.h> 14e7f1181fSTamas Ban #include <plat/common/platform.h> 15e7f1181fSTamas Ban #include <platform_def.h> 1603d388d8STamas Ban #include <tools_share/tbbr_oid.h> 17e7f1181fSTamas Ban 184f5beb56STamas Ban #include "tc_dpe.h" 196df8d764STamas Ban 20e7f1181fSTamas Ban /* 21e7f1181fSTamas Ban * The content and the values of this array depends on: 22e7f1181fSTamas Ban * - build config: Which components are loaded: SPMD, TOS, SPx, etc ? 23e7f1181fSTamas Ban * - boot order: the last element in a layer should be treated differently. 24e7f1181fSTamas Ban */ 25e7f1181fSTamas Ban 26e7f1181fSTamas Ban /* 27e7f1181fSTamas Ban * TODO: 28e7f1181fSTamas Ban * - The content of the array must be tailored according to the build 29e7f1181fSTamas Ban * config (TOS, SPMD, etc). All loaded components (executables and 30e7f1181fSTamas Ban * config blobs) must be present in this array. 31e7f1181fSTamas Ban * - Current content is according to the Trusty build config. 32e7f1181fSTamas Ban */ 33e7f1181fSTamas Ban struct dpe_metadata tc_dpe_metadata[] = { 34e7f1181fSTamas Ban { 35e7f1181fSTamas Ban .id = BL31_IMAGE_ID, 366df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 37e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 38e7f1181fSTamas Ban .sw_type = MBOOT_BL31_IMAGE_STRING, 39e7f1181fSTamas Ban .allow_new_context_to_derive = false, 40e7f1181fSTamas Ban .retain_parent_context = true, 41e7f1181fSTamas Ban .create_certificate = false, 423201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 43e7f1181fSTamas Ban .pk_oid = BL31_IMAGE_KEY_OID }, 44e7f1181fSTamas Ban { 45e7f1181fSTamas Ban .id = BL32_IMAGE_ID, 466df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 47e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 48e7f1181fSTamas Ban .sw_type = MBOOT_BL32_IMAGE_STRING, 49e7f1181fSTamas Ban .allow_new_context_to_derive = false, 50e7f1181fSTamas Ban .retain_parent_context = true, 51e7f1181fSTamas Ban .create_certificate = false, 523201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 53e7f1181fSTamas Ban .pk_oid = BL32_IMAGE_KEY_OID }, 54e7f1181fSTamas Ban { 55e7f1181fSTamas Ban .id = BL33_IMAGE_ID, 566df8d764STamas Ban .cert_id = DPE_HYPERVISOR_CERT_ID, 57e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 58e7f1181fSTamas Ban .sw_type = MBOOT_BL33_IMAGE_STRING, 59e7f1181fSTamas Ban .allow_new_context_to_derive = true, 60e7f1181fSTamas Ban .retain_parent_context = true, 61e7f1181fSTamas Ban .create_certificate = false, 623201faf3STamas Ban .target_locality = LOCALITY_AP_NS, 63e7f1181fSTamas Ban .pk_oid = BL33_IMAGE_KEY_OID }, 64e7f1181fSTamas Ban 65e7f1181fSTamas Ban { 66e7f1181fSTamas Ban .id = HW_CONFIG_ID, 676df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 68e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 69e7f1181fSTamas Ban .sw_type = MBOOT_HW_CONFIG_STRING, 70e7f1181fSTamas Ban .allow_new_context_to_derive = false, 71e7f1181fSTamas Ban .retain_parent_context = true, 72e7f1181fSTamas Ban .create_certificate = false, 733201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 74e7f1181fSTamas Ban .pk_oid = HW_CONFIG_KEY_OID }, 75e7f1181fSTamas Ban { 76e7f1181fSTamas Ban .id = NT_FW_CONFIG_ID, 776df8d764STamas Ban .cert_id = DPE_HYPERVISOR_CERT_ID, 78e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 79e7f1181fSTamas Ban .sw_type = MBOOT_NT_FW_CONFIG_STRING, 80e7f1181fSTamas Ban .allow_new_context_to_derive = false, 81e7f1181fSTamas Ban .retain_parent_context = true, 82e7f1181fSTamas Ban .create_certificate = false, 833201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 84e7f1181fSTamas Ban .pk_oid = NT_FW_CONFIG_KEY_OID }, 85e7f1181fSTamas Ban { 86e7f1181fSTamas Ban .id = SCP_BL2_IMAGE_ID, 876df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 88e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 89e7f1181fSTamas Ban .sw_type = MBOOT_SCP_BL2_IMAGE_STRING, 90e7f1181fSTamas Ban .allow_new_context_to_derive = false, 91e7f1181fSTamas Ban .retain_parent_context = true, 92e7f1181fSTamas Ban .create_certificate = false, 933201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 94e7f1181fSTamas Ban .pk_oid = SCP_BL2_IMAGE_KEY_OID }, 95e7f1181fSTamas Ban { 96e7f1181fSTamas Ban .id = SOC_FW_CONFIG_ID, 976df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 98e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 99e7f1181fSTamas Ban .sw_type = MBOOT_SOC_FW_CONFIG_STRING, 100e7f1181fSTamas Ban .allow_new_context_to_derive = false, 101e7f1181fSTamas Ban .retain_parent_context = true, 102e7f1181fSTamas Ban .create_certificate = false, 1033201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 104e7f1181fSTamas Ban .pk_oid = SOC_FW_CONFIG_KEY_OID }, 105e7f1181fSTamas Ban { 106e7f1181fSTamas Ban .id = TOS_FW_CONFIG_ID, 1076df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 108e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 109e7f1181fSTamas Ban .sw_type = MBOOT_TOS_FW_CONFIG_STRING, 110e7f1181fSTamas Ban .allow_new_context_to_derive = false, 111e7f1181fSTamas Ban .retain_parent_context = true, 112e7f1181fSTamas Ban .create_certificate = false, 1133201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 114e7f1181fSTamas Ban .pk_oid = TOS_FW_CONFIG_KEY_OID }, 115e7f1181fSTamas Ban #if defined(SPD_spmd) 116e7f1181fSTamas Ban { 117e7f1181fSTamas Ban .id = SP_PKG1_ID, 1186df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 119e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 120e7f1181fSTamas Ban .sw_type = MBOOT_SP1_STRING, 121e7f1181fSTamas Ban .allow_new_context_to_derive = false, 122e7f1181fSTamas Ban .retain_parent_context = true, 1232e361319SBen Horgan .create_certificate = false, 1243201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 125e7f1181fSTamas Ban .pk_oid = NULL }, 126e7f1181fSTamas Ban { 127e7f1181fSTamas Ban .id = SP_PKG2_ID, 1286df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 129e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 130e7f1181fSTamas Ban .sw_type = MBOOT_SP2_STRING, 131e7f1181fSTamas Ban .allow_new_context_to_derive = false, 132e7f1181fSTamas Ban .retain_parent_context = true, 133e7f1181fSTamas Ban .create_certificate = false, 1343201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 135e7f1181fSTamas Ban .pk_oid = NULL }, 136e7f1181fSTamas Ban { 137e7f1181fSTamas Ban .id = SP_PKG3_ID, 1386df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 139e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 140e7f1181fSTamas Ban .sw_type = MBOOT_SP3_STRING, 141e7f1181fSTamas Ban .allow_new_context_to_derive = false, 142e7f1181fSTamas Ban .retain_parent_context = true, 143e7f1181fSTamas Ban .create_certificate = false, 1443201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 145e7f1181fSTamas Ban .pk_oid = NULL }, 146e7f1181fSTamas Ban { 147e7f1181fSTamas Ban .id = SP_PKG4_ID, 1486df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 149e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 150e7f1181fSTamas Ban .sw_type = MBOOT_SP4_STRING, 151e7f1181fSTamas Ban .allow_new_context_to_derive = false, 152e7f1181fSTamas Ban .retain_parent_context = true, 153e7f1181fSTamas Ban .create_certificate = false, 1543201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 155e7f1181fSTamas Ban .pk_oid = NULL }, 156e7f1181fSTamas Ban { 157e7f1181fSTamas Ban .id = SP_PKG5_ID, 1586df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 159e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 160e7f1181fSTamas Ban .sw_type = MBOOT_SP5_STRING, 161e7f1181fSTamas Ban .allow_new_context_to_derive = false, 162e7f1181fSTamas Ban .retain_parent_context = true, 163e7f1181fSTamas Ban .create_certificate = false, 1643201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 165e7f1181fSTamas Ban .pk_oid = NULL }, 166e7f1181fSTamas Ban { 167e7f1181fSTamas Ban .id = SP_PKG6_ID, 1686df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 169e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 170e7f1181fSTamas Ban .sw_type = MBOOT_SP6_STRING, 171e7f1181fSTamas Ban .allow_new_context_to_derive = false, 172e7f1181fSTamas Ban .retain_parent_context = true, 173e7f1181fSTamas Ban .create_certificate = false, 1743201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 175e7f1181fSTamas Ban .pk_oid = NULL }, 176e7f1181fSTamas Ban { 177e7f1181fSTamas Ban .id = SP_PKG7_ID, 1786df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 179e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 180e7f1181fSTamas Ban .sw_type = MBOOT_SP7_STRING, 181e7f1181fSTamas Ban .allow_new_context_to_derive = false, 182e7f1181fSTamas Ban .retain_parent_context = true, 183e7f1181fSTamas Ban .create_certificate = false, 1843201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 185e7f1181fSTamas Ban .pk_oid = NULL }, 186e7f1181fSTamas Ban { 187e7f1181fSTamas Ban .id = SP_PKG8_ID, 1886df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 189e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 190e7f1181fSTamas Ban .sw_type = MBOOT_SP8_STRING, 191e7f1181fSTamas Ban .allow_new_context_to_derive = false, 192e7f1181fSTamas Ban .retain_parent_context = true, 193e7f1181fSTamas Ban .create_certificate = false, 1943201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 195e7f1181fSTamas Ban .pk_oid = NULL }, 196e7f1181fSTamas Ban 197e7f1181fSTamas Ban #endif 198e7f1181fSTamas Ban { 199e7f1181fSTamas Ban .id = DPE_INVALID_ID } 200e7f1181fSTamas Ban }; 201e7f1181fSTamas Ban 20203d388d8STamas Ban /* Context handle is meant to be used by BL33. Sharing it via NT_FW_CONFIG */ 20303d388d8STamas Ban static int new_ctx_handle; 20403d388d8STamas Ban 2058e0fd0bfSTamas Ban void plat_dpe_share_context_handle(int *ctx_handle, int *parent_ctx_handle) 20603d388d8STamas Ban { 20703d388d8STamas Ban new_ctx_handle = *ctx_handle; 2088e0fd0bfSTamas Ban 2098e0fd0bfSTamas Ban /* Irrelevant in BL2 because cold restart resumes CPU in BL1 */ 2108e0fd0bfSTamas Ban (void)parent_ctx_handle; 21103d388d8STamas Ban } 21203d388d8STamas Ban 213467bdf26STamas Ban void plat_dpe_get_context_handle(int *ctx_handle) 214467bdf26STamas Ban { 215467bdf26STamas Ban int rc; 216467bdf26STamas Ban 217467bdf26STamas Ban rc = arm_get_tb_fw_info(ctx_handle); 218467bdf26STamas Ban if (rc != 0) { 219467bdf26STamas Ban ERROR("Unable to get DPE context handle from TB_FW_CONFIG\n"); 220467bdf26STamas Ban /* 221467bdf26STamas Ban * It is a fatal error because on FVP platform, BL2 software 222467bdf26STamas Ban * assumes that a valid DPE context_handle is passed through 223467bdf26STamas Ban * the DTB object by BL1. 224467bdf26STamas Ban */ 225467bdf26STamas Ban plat_panic_handler(); 226467bdf26STamas Ban } 227467bdf26STamas Ban 228467bdf26STamas Ban VERBOSE("Received DPE context handle: 0x%x\n", *ctx_handle); 229467bdf26STamas Ban } 230467bdf26STamas Ban 231e7f1181fSTamas Ban void bl2_plat_mboot_init(void) 232e7f1181fSTamas Ban { 233*26a520b2SLeo Yan #if defined(SPD_spmd) 2342e361319SBen Horgan size_t i; 2352e361319SBen Horgan const size_t array_size = ARRAY_SIZE(tc_dpe_metadata); 2362e361319SBen Horgan 2372e361319SBen Horgan for (i = 0U; i < array_size; i++) { 2382e361319SBen Horgan if (tc_dpe_metadata[i].id != SP_PKG1_ID) { 2392e361319SBen Horgan continue; 2402e361319SBen Horgan } 2412e361319SBen Horgan 2422e361319SBen Horgan if ((i + NUM_SP > array_size) || (i - 1 + NUM_SP < 0)) { 2432e361319SBen Horgan ERROR("Secure partition number is out-of-range\n"); 2442e361319SBen Horgan ERROR(" Non-Secure partition number: %ld\n", i); 2452e361319SBen Horgan ERROR(" Secure partition number: %d\n", NUM_SP); 2462e361319SBen Horgan ERROR(" Metadata array size: %ld\n", array_size); 2472e361319SBen Horgan panic(); 2482e361319SBen Horgan } 2492e361319SBen Horgan 2502e361319SBen Horgan /* Finalize the certificate on the last secure partition */ 2512e361319SBen Horgan tc_dpe_metadata[i - 1 + NUM_SP].create_certificate = true; 2522e361319SBen Horgan break; 2532e361319SBen Horgan } 2542e361319SBen Horgan #endif 2552e361319SBen Horgan 256*26a520b2SLeo Yan /* Initialize the communication channel between AP and RSE */ 257*26a520b2SLeo Yan (void)rse_comms_init(PLAT_RSE_AP_SND_MHU_BASE, 258*26a520b2SLeo Yan PLAT_RSE_AP_RCV_MHU_BASE); 259*26a520b2SLeo Yan 260e7f1181fSTamas Ban dpe_init(tc_dpe_metadata); 261e7f1181fSTamas Ban } 262e7f1181fSTamas Ban 263e7f1181fSTamas Ban void bl2_plat_mboot_finish(void) 264e7f1181fSTamas Ban { 26503d388d8STamas Ban int rc; 26603d388d8STamas Ban 26703d388d8STamas Ban VERBOSE("Share DPE context handle with BL33: 0x%x\n", new_ctx_handle); 26803d388d8STamas Ban rc = arm_set_nt_fw_info(&new_ctx_handle); 26903d388d8STamas Ban if (rc != 0) { 27003d388d8STamas Ban ERROR("Unable to set DPE context handle in NT_FW_CONFIG\n"); 27103d388d8STamas Ban /* 27203d388d8STamas Ban * It is a fatal error because on TC platform, BL33 software 27303d388d8STamas Ban * assumes that a valid DPE context_handle is passed through 27403d388d8STamas Ban * the DTB object by BL2. 27503d388d8STamas Ban */ 27603d388d8STamas Ban plat_panic_handler(); 27703d388d8STamas Ban } 278e7f1181fSTamas Ban } 279