1e7f1181fSTamas Ban /* 2e7f1181fSTamas Ban * Copyright (c) 2024, Arm Limited. All rights reserved. 3e7f1181fSTamas Ban * 4e7f1181fSTamas Ban * SPDX-License-Identifier: BSD-3-Clause 5e7f1181fSTamas Ban */ 6e7f1181fSTamas Ban 7e7f1181fSTamas Ban #include <stdint.h> 8e7f1181fSTamas Ban 903d388d8STamas Ban #include <common/debug.h> 107f8589cdSTamas Ban #include <drivers/arm/rse_comms.h> 11e7f1181fSTamas Ban #include <drivers/measured_boot/metadata.h> 127f8589cdSTamas Ban #include <drivers/measured_boot/rse/dice_prot_env.h> 13e7f1181fSTamas Ban #include <plat/arm/common/plat_arm.h> 14e7f1181fSTamas Ban #include <plat/common/platform.h> 15e7f1181fSTamas Ban #include <platform_def.h> 1603d388d8STamas Ban #include <tools_share/tbbr_oid.h> 17e7f1181fSTamas Ban 184f5beb56STamas Ban #include "tc_dpe.h" 196df8d764STamas Ban 20e7f1181fSTamas Ban /* 21e7f1181fSTamas Ban * The content and the values of this array depends on: 22e7f1181fSTamas Ban * - build config: Which components are loaded: SPMD, TOS, SPx, etc ? 23e7f1181fSTamas Ban * - boot order: the last element in a layer should be treated differently. 24e7f1181fSTamas Ban */ 25e7f1181fSTamas Ban 26e7f1181fSTamas Ban /* 27e7f1181fSTamas Ban * TODO: 28e7f1181fSTamas Ban * - The content of the array must be tailored according to the build 29e7f1181fSTamas Ban * config (TOS, SPMD, etc). All loaded components (executables and 30e7f1181fSTamas Ban * config blobs) must be present in this array. 31e7f1181fSTamas Ban * - Current content is according to the Trusty build config. 32e7f1181fSTamas Ban */ 33e7f1181fSTamas Ban struct dpe_metadata tc_dpe_metadata[] = { 34e7f1181fSTamas Ban { 35e7f1181fSTamas Ban .id = BL31_IMAGE_ID, 366df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 37e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 38e7f1181fSTamas Ban .sw_type = MBOOT_BL31_IMAGE_STRING, 39e7f1181fSTamas Ban .allow_new_context_to_derive = false, 40e7f1181fSTamas Ban .retain_parent_context = true, 41e7f1181fSTamas Ban .create_certificate = false, 42*3201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 43e7f1181fSTamas Ban .pk_oid = BL31_IMAGE_KEY_OID }, 44e7f1181fSTamas Ban { 45e7f1181fSTamas Ban .id = BL32_IMAGE_ID, 466df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 47e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 48e7f1181fSTamas Ban .sw_type = MBOOT_BL32_IMAGE_STRING, 49e7f1181fSTamas Ban .allow_new_context_to_derive = false, 50e7f1181fSTamas Ban .retain_parent_context = true, 51e7f1181fSTamas Ban .create_certificate = false, 52*3201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 53e7f1181fSTamas Ban .pk_oid = BL32_IMAGE_KEY_OID }, 54e7f1181fSTamas Ban { 55e7f1181fSTamas Ban .id = BL33_IMAGE_ID, 566df8d764STamas Ban .cert_id = DPE_HYPERVISOR_CERT_ID, 57e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 58e7f1181fSTamas Ban .sw_type = MBOOT_BL33_IMAGE_STRING, 59e7f1181fSTamas Ban .allow_new_context_to_derive = true, 60e7f1181fSTamas Ban .retain_parent_context = true, 61e7f1181fSTamas Ban .create_certificate = false, 62*3201faf3STamas Ban .target_locality = LOCALITY_AP_NS, 63e7f1181fSTamas Ban .pk_oid = BL33_IMAGE_KEY_OID }, 64e7f1181fSTamas Ban 65e7f1181fSTamas Ban { 66e7f1181fSTamas Ban .id = HW_CONFIG_ID, 676df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 68e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 69e7f1181fSTamas Ban .sw_type = MBOOT_HW_CONFIG_STRING, 70e7f1181fSTamas Ban .allow_new_context_to_derive = false, 71e7f1181fSTamas Ban .retain_parent_context = true, 72e7f1181fSTamas Ban .create_certificate = false, 73*3201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 74e7f1181fSTamas Ban .pk_oid = HW_CONFIG_KEY_OID }, 75e7f1181fSTamas Ban { 76e7f1181fSTamas Ban .id = NT_FW_CONFIG_ID, 776df8d764STamas Ban .cert_id = DPE_HYPERVISOR_CERT_ID, 78e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 79e7f1181fSTamas Ban .sw_type = MBOOT_NT_FW_CONFIG_STRING, 80e7f1181fSTamas Ban .allow_new_context_to_derive = false, 81e7f1181fSTamas Ban .retain_parent_context = true, 82e7f1181fSTamas Ban .create_certificate = false, 83*3201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 84e7f1181fSTamas Ban .pk_oid = NT_FW_CONFIG_KEY_OID }, 85e7f1181fSTamas Ban { 86e7f1181fSTamas Ban .id = SCP_BL2_IMAGE_ID, 876df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 88e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 89e7f1181fSTamas Ban .sw_type = MBOOT_SCP_BL2_IMAGE_STRING, 90e7f1181fSTamas Ban .allow_new_context_to_derive = false, 91e7f1181fSTamas Ban .retain_parent_context = true, 92e7f1181fSTamas Ban .create_certificate = false, 93*3201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 94e7f1181fSTamas Ban .pk_oid = SCP_BL2_IMAGE_KEY_OID }, 95e7f1181fSTamas Ban { 96e7f1181fSTamas Ban .id = SOC_FW_CONFIG_ID, 976df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 98e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 99e7f1181fSTamas Ban .sw_type = MBOOT_SOC_FW_CONFIG_STRING, 100e7f1181fSTamas Ban .allow_new_context_to_derive = false, 101e7f1181fSTamas Ban .retain_parent_context = true, 102e7f1181fSTamas Ban .create_certificate = false, 103*3201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 104e7f1181fSTamas Ban .pk_oid = SOC_FW_CONFIG_KEY_OID }, 105e7f1181fSTamas Ban { 106e7f1181fSTamas Ban .id = TOS_FW_CONFIG_ID, 1076df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 108e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 109e7f1181fSTamas Ban .sw_type = MBOOT_TOS_FW_CONFIG_STRING, 110e7f1181fSTamas Ban .allow_new_context_to_derive = false, 111e7f1181fSTamas Ban .retain_parent_context = true, 112e7f1181fSTamas Ban .create_certificate = false, 113*3201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 114e7f1181fSTamas Ban .pk_oid = TOS_FW_CONFIG_KEY_OID }, 115e7f1181fSTamas Ban #if defined(SPD_spmd) 116e7f1181fSTamas Ban { 117e7f1181fSTamas Ban .id = SP_PKG1_ID, 1186df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 119e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 120e7f1181fSTamas Ban .sw_type = MBOOT_SP1_STRING, 121e7f1181fSTamas Ban .allow_new_context_to_derive = false, 122e7f1181fSTamas Ban .retain_parent_context = true, 123e7f1181fSTamas Ban .create_certificate = true, /* With Trusty only one SP is loaded */ 124*3201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 125e7f1181fSTamas Ban .pk_oid = NULL }, 126e7f1181fSTamas Ban { 127e7f1181fSTamas Ban .id = SP_PKG2_ID, 1286df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 129e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 130e7f1181fSTamas Ban .sw_type = MBOOT_SP2_STRING, 131e7f1181fSTamas Ban .allow_new_context_to_derive = false, 132e7f1181fSTamas Ban .retain_parent_context = true, 133e7f1181fSTamas Ban .create_certificate = false, 134*3201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 135e7f1181fSTamas Ban .pk_oid = NULL }, 136e7f1181fSTamas Ban { 137e7f1181fSTamas Ban .id = SP_PKG3_ID, 1386df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 139e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 140e7f1181fSTamas Ban .sw_type = MBOOT_SP3_STRING, 141e7f1181fSTamas Ban .allow_new_context_to_derive = false, 142e7f1181fSTamas Ban .retain_parent_context = true, 143e7f1181fSTamas Ban .create_certificate = false, 144*3201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 145e7f1181fSTamas Ban .pk_oid = NULL }, 146e7f1181fSTamas Ban { 147e7f1181fSTamas Ban .id = SP_PKG4_ID, 1486df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 149e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 150e7f1181fSTamas Ban .sw_type = MBOOT_SP4_STRING, 151e7f1181fSTamas Ban .allow_new_context_to_derive = false, 152e7f1181fSTamas Ban .retain_parent_context = true, 153e7f1181fSTamas Ban .create_certificate = false, 154*3201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 155e7f1181fSTamas Ban .pk_oid = NULL }, 156e7f1181fSTamas Ban { 157e7f1181fSTamas Ban .id = SP_PKG5_ID, 1586df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 159e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 160e7f1181fSTamas Ban .sw_type = MBOOT_SP5_STRING, 161e7f1181fSTamas Ban .allow_new_context_to_derive = false, 162e7f1181fSTamas Ban .retain_parent_context = true, 163e7f1181fSTamas Ban .create_certificate = false, 164*3201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 165e7f1181fSTamas Ban .pk_oid = NULL }, 166e7f1181fSTamas Ban { 167e7f1181fSTamas Ban .id = SP_PKG6_ID, 1686df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 169e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 170e7f1181fSTamas Ban .sw_type = MBOOT_SP6_STRING, 171e7f1181fSTamas Ban .allow_new_context_to_derive = false, 172e7f1181fSTamas Ban .retain_parent_context = true, 173e7f1181fSTamas Ban .create_certificate = false, 174*3201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 175e7f1181fSTamas Ban .pk_oid = NULL }, 176e7f1181fSTamas Ban { 177e7f1181fSTamas Ban .id = SP_PKG7_ID, 1786df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 179e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 180e7f1181fSTamas Ban .sw_type = MBOOT_SP7_STRING, 181e7f1181fSTamas Ban .allow_new_context_to_derive = false, 182e7f1181fSTamas Ban .retain_parent_context = true, 183e7f1181fSTamas Ban .create_certificate = false, 184*3201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 185e7f1181fSTamas Ban .pk_oid = NULL }, 186e7f1181fSTamas Ban { 187e7f1181fSTamas Ban .id = SP_PKG8_ID, 1886df8d764STamas Ban .cert_id = DPE_CERT_ID_SAME_AS_PARENT, /* AP_BL2: DPE_AP_FW_CERT_ID */ 189e7f1181fSTamas Ban .signer_id_size = SIGNER_ID_MIN_SIZE, 190e7f1181fSTamas Ban .sw_type = MBOOT_SP8_STRING, 191e7f1181fSTamas Ban .allow_new_context_to_derive = false, 192e7f1181fSTamas Ban .retain_parent_context = true, 193e7f1181fSTamas Ban .create_certificate = false, 194*3201faf3STamas Ban .target_locality = LOCALITY_NONE, /* won't derive don't care */ 195e7f1181fSTamas Ban .pk_oid = NULL }, 196e7f1181fSTamas Ban 197e7f1181fSTamas Ban #endif 198e7f1181fSTamas Ban { 199e7f1181fSTamas Ban .id = DPE_INVALID_ID } 200e7f1181fSTamas Ban }; 201e7f1181fSTamas Ban 20203d388d8STamas Ban /* Context handle is meant to be used by BL33. Sharing it via NT_FW_CONFIG */ 20303d388d8STamas Ban static int new_ctx_handle; 20403d388d8STamas Ban 2058e0fd0bfSTamas Ban void plat_dpe_share_context_handle(int *ctx_handle, int *parent_ctx_handle) 20603d388d8STamas Ban { 20703d388d8STamas Ban new_ctx_handle = *ctx_handle; 2088e0fd0bfSTamas Ban 2098e0fd0bfSTamas Ban /* Irrelevant in BL2 because cold restart resumes CPU in BL1 */ 2108e0fd0bfSTamas Ban (void)parent_ctx_handle; 21103d388d8STamas Ban } 21203d388d8STamas Ban 213467bdf26STamas Ban void plat_dpe_get_context_handle(int *ctx_handle) 214467bdf26STamas Ban { 215467bdf26STamas Ban int rc; 216467bdf26STamas Ban 217467bdf26STamas Ban rc = arm_get_tb_fw_info(ctx_handle); 218467bdf26STamas Ban if (rc != 0) { 219467bdf26STamas Ban ERROR("Unable to get DPE context handle from TB_FW_CONFIG\n"); 220467bdf26STamas Ban /* 221467bdf26STamas Ban * It is a fatal error because on FVP platform, BL2 software 222467bdf26STamas Ban * assumes that a valid DPE context_handle is passed through 223467bdf26STamas Ban * the DTB object by BL1. 224467bdf26STamas Ban */ 225467bdf26STamas Ban plat_panic_handler(); 226467bdf26STamas Ban } 227467bdf26STamas Ban 228467bdf26STamas Ban VERBOSE("Received DPE context handle: 0x%x\n", *ctx_handle); 229467bdf26STamas Ban } 230467bdf26STamas Ban 231e7f1181fSTamas Ban void bl2_plat_mboot_init(void) 232e7f1181fSTamas Ban { 2337f8589cdSTamas Ban /* Initialize the communication channel between AP and RSE */ 2347f8589cdSTamas Ban (void)rse_comms_init(PLAT_RSE_AP_SND_MHU_BASE, 2357f8589cdSTamas Ban PLAT_RSE_AP_RCV_MHU_BASE); 236e7f1181fSTamas Ban 237e7f1181fSTamas Ban dpe_init(tc_dpe_metadata); 238e7f1181fSTamas Ban } 239e7f1181fSTamas Ban 240e7f1181fSTamas Ban void bl2_plat_mboot_finish(void) 241e7f1181fSTamas Ban { 24203d388d8STamas Ban int rc; 24303d388d8STamas Ban 24403d388d8STamas Ban VERBOSE("Share DPE context handle with BL33: 0x%x\n", new_ctx_handle); 24503d388d8STamas Ban rc = arm_set_nt_fw_info(&new_ctx_handle); 24603d388d8STamas Ban if (rc != 0) { 24703d388d8STamas Ban ERROR("Unable to set DPE context handle in NT_FW_CONFIG\n"); 24803d388d8STamas Ban /* 24903d388d8STamas Ban * It is a fatal error because on TC platform, BL33 software 25003d388d8STamas Ban * assumes that a valid DPE context_handle is passed through 25103d388d8STamas Ban * the DTB object by BL2. 25203d388d8STamas Ban */ 25303d388d8STamas Ban plat_panic_handler(); 25403d388d8STamas Ban } 255e7f1181fSTamas Ban } 256