1 /*
2 * Copyright (c) 2019-2025, Arm Limited. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8
9 #include <common/debug.h>
10 #include <common/fdt_wrappers.h>
11 #include <drivers/io/io_storage.h>
12 #include <drivers/partition/partition.h>
13 #include <lib/object_pool.h>
14 #include <libfdt.h>
15 #include <tools_share/firmware_image_package.h>
16
17 #include <plat/arm/common/arm_fconf_getter.h>
18 #include <plat/arm/common/arm_fconf_io_storage.h>
19 #include <platform_def.h>
20
21 #if PSA_FWU_SUPPORT
22 /* metadata entry details */
23 static io_block_spec_t fwu_metadata_spec;
24 #endif /* PSA_FWU_SUPPORT */
25
26 io_block_spec_t fip_block_spec = {
27 /*
28 * - With ARM_GPT_SUPPORT and BL1: a fixed FIP offset within the GPT image is used.
29 * - With ARM_GPT_SUPPORT and BL2: the FIP offset is derived from
30 * the partition table entries at runtime.
31 * - Without ARM_GPT_SUPPORT: both BL1 and BL2 use the fixed FIP base address.
32 */
33 #if ARM_GPT_SUPPORT
34 #if IMAGE_BL1
35 .offset = PLAT_ARM_FLASH_IMAGE_BASE + PLAT_ARM_FIP_OFFSET_IN_GPT,
36 #endif /* IMAGE_BL1 */
37 #else
38 .offset = PLAT_ARM_FLASH_IMAGE_BASE,
39 #endif /* ARM_GPT_SUPPORT */
40 .length = PLAT_ARM_FLASH_IMAGE_MAX_SIZE
41 };
42
43 #if ARM_GPT_SUPPORT
44 static const io_block_spec_t gpt_spec = {
45 .offset = PLAT_ARM_FLASH_IMAGE_BASE,
46 /*
47 * PLAT_PARTITION_BLOCK_SIZE = 512
48 * PLAT_PARTITION_MAX_ENTRIES = 128
49 * each sector has 4 partition entries, and there are
50 * 2 reserved sectors i.e. protective MBR and primary
51 * GPT header hence length gets calculated as,
52 * length = PLAT_PARTITION_BLOCK_SIZE * (128/4 + 2)
53 */
54 .length = LBA(PLAT_PARTITION_MAX_ENTRIES / 4 + 2),
55 };
56
57 /*
58 * length will be assigned at runtime based on MBR header data.
59 * Backup GPT Header is present in Last LBA-1 and its entries
60 * are last 32 blocks starts at LBA-33, On runtime update these
61 * before device usage. Update offset to beginning LBA-33 and
62 * length to LBA-33.
63 */
64 static io_block_spec_t bkup_gpt_spec = {
65 .offset = PLAT_ARM_FLASH_IMAGE_BASE,
66 .length = 0,
67 };
68 #endif /* ARM_GPT_SUPPORT */
69
70 const io_uuid_spec_t arm_uuid_spec[MAX_NUMBER_IDS] = {
71 [BL2_IMAGE_ID] = {UUID_TRUSTED_BOOT_FIRMWARE_BL2},
72 [TB_FW_CONFIG_ID] = {UUID_TB_FW_CONFIG},
73 [FW_CONFIG_ID] = {UUID_FW_CONFIG},
74 #if !ARM_IO_IN_DTB
75 [SCP_BL2_IMAGE_ID] = {UUID_SCP_FIRMWARE_SCP_BL2},
76 [BL31_IMAGE_ID] = {UUID_EL3_RUNTIME_FIRMWARE_BL31},
77 [BL32_IMAGE_ID] = {UUID_SECURE_PAYLOAD_BL32},
78 [BL32_EXTRA1_IMAGE_ID] = {UUID_SECURE_PAYLOAD_BL32_EXTRA1},
79 [BL32_EXTRA2_IMAGE_ID] = {UUID_SECURE_PAYLOAD_BL32_EXTRA2},
80 [BL33_IMAGE_ID] = {UUID_NON_TRUSTED_FIRMWARE_BL33},
81 [HW_CONFIG_ID] = {UUID_HW_CONFIG},
82 [SOC_FW_CONFIG_ID] = {UUID_SOC_FW_CONFIG},
83 [TOS_FW_CONFIG_ID] = {UUID_TOS_FW_CONFIG},
84 [NT_FW_CONFIG_ID] = {UUID_NT_FW_CONFIG},
85 [RMM_IMAGE_ID] = {UUID_REALM_MONITOR_MGMT_FIRMWARE},
86 #if ETHOSN_NPU_TZMP1
87 [ETHOSN_NPU_FW_IMAGE_ID] = {UUID_ETHOSN_FW},
88 #endif /* ETHOSN_NPU_TZMP1 */
89 #endif /* ARM_IO_IN_DTB */
90 #if TRUSTED_BOARD_BOOT
91 [TRUSTED_BOOT_FW_CERT_ID] = {UUID_TRUSTED_BOOT_FW_CERT},
92 #if !ARM_IO_IN_DTB
93 [CCA_CONTENT_CERT_ID] = {UUID_CCA_CONTENT_CERT},
94 [CORE_SWD_KEY_CERT_ID] = {UUID_CORE_SWD_KEY_CERT},
95 [PLAT_KEY_CERT_ID] = {UUID_PLAT_KEY_CERT},
96 [TRUSTED_KEY_CERT_ID] = {UUID_TRUSTED_KEY_CERT},
97 [SCP_FW_KEY_CERT_ID] = {UUID_SCP_FW_KEY_CERT},
98 [SOC_FW_KEY_CERT_ID] = {UUID_SOC_FW_KEY_CERT},
99 [TRUSTED_OS_FW_KEY_CERT_ID] = {UUID_TRUSTED_OS_FW_KEY_CERT},
100 [NON_TRUSTED_FW_KEY_CERT_ID] = {UUID_NON_TRUSTED_FW_KEY_CERT},
101 [SCP_FW_CONTENT_CERT_ID] = {UUID_SCP_FW_CONTENT_CERT},
102 [SOC_FW_CONTENT_CERT_ID] = {UUID_SOC_FW_CONTENT_CERT},
103 [TRUSTED_OS_FW_CONTENT_CERT_ID] = {UUID_TRUSTED_OS_FW_CONTENT_CERT},
104 [NON_TRUSTED_FW_CONTENT_CERT_ID] = {UUID_NON_TRUSTED_FW_CONTENT_CERT},
105 #if defined(SPD_spmd)
106 [SIP_SP_CONTENT_CERT_ID] = {UUID_SIP_SECURE_PARTITION_CONTENT_CERT},
107 [PLAT_SP_CONTENT_CERT_ID] = {UUID_PLAT_SECURE_PARTITION_CONTENT_CERT},
108 #endif
109 #if ETHOSN_NPU_TZMP1
110 [ETHOSN_NPU_FW_KEY_CERT_ID] = {UUID_ETHOSN_FW_KEY_CERTIFICATE},
111 [ETHOSN_NPU_FW_CONTENT_CERT_ID] = {UUID_ETHOSN_FW_CONTENT_CERTIFICATE},
112 #endif /* ETHOSN_NPU_TZMP1 */
113 #endif /* ARM_IO_IN_DTB */
114 #endif /* TRUSTED_BOARD_BOOT */
115 };
116
117 /* By default, ARM platforms load images from the FIP */
118 struct plat_io_policy policies[MAX_NUMBER_IDS] = {
119 #if ARM_GPT_SUPPORT
120 [GPT_IMAGE_ID] = {
121 &memmap_dev_handle,
122 (uintptr_t)&gpt_spec,
123 open_memmap
124 },
125 [BKUP_GPT_IMAGE_ID] = {
126 &memmap_dev_handle,
127 (uintptr_t)&bkup_gpt_spec,
128 open_memmap
129 },
130 #endif /* ARM_GPT_SUPPORT */
131 #if PSA_FWU_SUPPORT
132 [FWU_METADATA_IMAGE_ID] = {
133 &memmap_dev_handle,
134 /* filled runtime from partition information */
135 (uintptr_t)&fwu_metadata_spec,
136 open_memmap
137 },
138 [BKUP_FWU_METADATA_IMAGE_ID] = {
139 &memmap_dev_handle,
140 /* filled runtime from partition information */
141 (uintptr_t)&fwu_metadata_spec,
142 open_memmap
143 },
144 #endif /* PSA_FWU_SUPPORT */
145 [FIP_IMAGE_ID] = {
146 &memmap_dev_handle,
147 (uintptr_t)&fip_block_spec,
148 open_memmap
149 },
150 [BL2_IMAGE_ID] = {
151 &fip_dev_handle,
152 (uintptr_t)&arm_uuid_spec[BL2_IMAGE_ID],
153 open_fip
154 },
155 [TB_FW_CONFIG_ID] = {
156 &fip_dev_handle,
157 (uintptr_t)&arm_uuid_spec[TB_FW_CONFIG_ID],
158 open_fip
159 },
160 [FW_CONFIG_ID] = {
161 &fip_dev_handle,
162 (uintptr_t)&arm_uuid_spec[FW_CONFIG_ID],
163 open_fip
164 },
165 #if !ARM_IO_IN_DTB
166 [SCP_BL2_IMAGE_ID] = {
167 &fip_dev_handle,
168 (uintptr_t)&arm_uuid_spec[SCP_BL2_IMAGE_ID],
169 open_fip
170 },
171 [BL31_IMAGE_ID] = {
172 &fip_dev_handle,
173 (uintptr_t)&arm_uuid_spec[BL31_IMAGE_ID],
174 open_fip
175 },
176 [BL32_IMAGE_ID] = {
177 &fip_dev_handle,
178 (uintptr_t)&arm_uuid_spec[BL32_IMAGE_ID],
179 open_fip
180 },
181 [BL32_EXTRA1_IMAGE_ID] = {
182 &fip_dev_handle,
183 (uintptr_t)&arm_uuid_spec[BL32_EXTRA1_IMAGE_ID],
184 open_fip
185 },
186 [BL32_EXTRA2_IMAGE_ID] = {
187 &fip_dev_handle,
188 (uintptr_t)&arm_uuid_spec[BL32_EXTRA2_IMAGE_ID],
189 open_fip
190 },
191 [BL33_IMAGE_ID] = {
192 &fip_dev_handle,
193 (uintptr_t)&arm_uuid_spec[BL33_IMAGE_ID],
194 open_fip
195 },
196 [RMM_IMAGE_ID] = {
197 &fip_dev_handle,
198 (uintptr_t)&arm_uuid_spec[RMM_IMAGE_ID],
199 open_fip
200 },
201 [HW_CONFIG_ID] = {
202 &fip_dev_handle,
203 (uintptr_t)&arm_uuid_spec[HW_CONFIG_ID],
204 open_fip
205 },
206 [SOC_FW_CONFIG_ID] = {
207 &fip_dev_handle,
208 (uintptr_t)&arm_uuid_spec[SOC_FW_CONFIG_ID],
209 open_fip
210 },
211 [TOS_FW_CONFIG_ID] = {
212 &fip_dev_handle,
213 (uintptr_t)&arm_uuid_spec[TOS_FW_CONFIG_ID],
214 open_fip
215 },
216 [NT_FW_CONFIG_ID] = {
217 &fip_dev_handle,
218 (uintptr_t)&arm_uuid_spec[NT_FW_CONFIG_ID],
219 open_fip
220 },
221 #if ETHOSN_NPU_TZMP1
222 [ETHOSN_NPU_FW_IMAGE_ID] = {
223 &fip_dev_handle,
224 (uintptr_t)&arm_uuid_spec[ETHOSN_NPU_FW_IMAGE_ID],
225 open_fip
226 },
227 #endif /* ETHOSN_NPU_TZMP1 */
228 #endif /* ARM_IO_IN_DTB */
229 #if TRUSTED_BOARD_BOOT
230 [TRUSTED_BOOT_FW_CERT_ID] = {
231 &fip_dev_handle,
232 (uintptr_t)&arm_uuid_spec[TRUSTED_BOOT_FW_CERT_ID],
233 open_fip
234 },
235 #if !ARM_IO_IN_DTB
236 [CCA_CONTENT_CERT_ID] = {
237 &fip_dev_handle,
238 (uintptr_t)&arm_uuid_spec[CCA_CONTENT_CERT_ID],
239 open_fip
240 },
241 [CORE_SWD_KEY_CERT_ID] = {
242 &fip_dev_handle,
243 (uintptr_t)&arm_uuid_spec[CORE_SWD_KEY_CERT_ID],
244 open_fip
245 },
246 [PLAT_KEY_CERT_ID] = {
247 &fip_dev_handle,
248 (uintptr_t)&arm_uuid_spec[PLAT_KEY_CERT_ID],
249 open_fip
250 },
251 [TRUSTED_KEY_CERT_ID] = {
252 &fip_dev_handle,
253 (uintptr_t)&arm_uuid_spec[TRUSTED_KEY_CERT_ID],
254 open_fip
255 },
256 [SCP_FW_KEY_CERT_ID] = {
257 &fip_dev_handle,
258 (uintptr_t)&arm_uuid_spec[SCP_FW_KEY_CERT_ID],
259 open_fip
260 },
261 [SOC_FW_KEY_CERT_ID] = {
262 &fip_dev_handle,
263 (uintptr_t)&arm_uuid_spec[SOC_FW_KEY_CERT_ID],
264 open_fip
265 },
266 [TRUSTED_OS_FW_KEY_CERT_ID] = {
267 &fip_dev_handle,
268 (uintptr_t)&arm_uuid_spec[TRUSTED_OS_FW_KEY_CERT_ID],
269 open_fip
270 },
271 [NON_TRUSTED_FW_KEY_CERT_ID] = {
272 &fip_dev_handle,
273 (uintptr_t)&arm_uuid_spec[NON_TRUSTED_FW_KEY_CERT_ID],
274 open_fip
275 },
276 [SCP_FW_CONTENT_CERT_ID] = {
277 &fip_dev_handle,
278 (uintptr_t)&arm_uuid_spec[SCP_FW_CONTENT_CERT_ID],
279 open_fip
280 },
281 [SOC_FW_CONTENT_CERT_ID] = {
282 &fip_dev_handle,
283 (uintptr_t)&arm_uuid_spec[SOC_FW_CONTENT_CERT_ID],
284 open_fip
285 },
286 [TRUSTED_OS_FW_CONTENT_CERT_ID] = {
287 &fip_dev_handle,
288 (uintptr_t)&arm_uuid_spec[TRUSTED_OS_FW_CONTENT_CERT_ID],
289 open_fip
290 },
291 [NON_TRUSTED_FW_CONTENT_CERT_ID] = {
292 &fip_dev_handle,
293 (uintptr_t)&arm_uuid_spec[NON_TRUSTED_FW_CONTENT_CERT_ID],
294 open_fip
295 },
296 #if defined(SPD_spmd)
297 [SIP_SP_CONTENT_CERT_ID] = {
298 &fip_dev_handle,
299 (uintptr_t)&arm_uuid_spec[SIP_SP_CONTENT_CERT_ID],
300 open_fip
301 },
302 [PLAT_SP_CONTENT_CERT_ID] = {
303 &fip_dev_handle,
304 (uintptr_t)&arm_uuid_spec[PLAT_SP_CONTENT_CERT_ID],
305 open_fip
306 },
307 #endif
308 #if ETHOSN_NPU_TZMP1
309 [ETHOSN_NPU_FW_KEY_CERT_ID] = {
310 &fip_dev_handle,
311 (uintptr_t)&arm_uuid_spec[ETHOSN_NPU_FW_KEY_CERT_ID],
312 open_fip
313 },
314 [ETHOSN_NPU_FW_CONTENT_CERT_ID] = {
315 &fip_dev_handle,
316 (uintptr_t)&arm_uuid_spec[ETHOSN_NPU_FW_CONTENT_CERT_ID],
317 open_fip
318 },
319 #endif /* ETHOSN_NPU_TZMP1 */
320 #endif /* ARM_IO_IN_DTB */
321 #endif /* TRUSTED_BOARD_BOOT */
322 };
323
324 #ifdef IMAGE_BL2
325
326 #define FCONF_ARM_IO_UUID_NUM_BASE U(10)
327
328 #if ETHOSN_NPU_TZMP1
329 #define FCONF_ARM_IO_UUID_NUM_NPU U(1)
330 #else
331 #define FCONF_ARM_IO_UUID_NUM_NPU U(0)
332 #endif /* ETHOSN_NPU_TZMP1 */
333
334 #if TRUSTED_BOARD_BOOT
335 #define FCONF_ARM_IO_UUID_NUM_TBB U(12)
336 #else
337 #define FCONF_ARM_IO_UUID_NUM_TBB U(0)
338 #endif /* TRUSTED_BOARD_BOOT */
339
340 #if TRUSTED_BOARD_BOOT && defined(SPD_spmd)
341 #define FCONF_ARM_IO_UUID_NUM_SPD U(2)
342 #else
343 #define FCONF_ARM_IO_UUID_NUM_SPD U(0)
344 #endif /* TRUSTED_BOARD_BOOT && defined(SPD_spmd) */
345
346 #if TRUSTED_BOARD_BOOT && ETHOSN_NPU_TZMP1
347 #define FCONF_ARM_IO_UUID_NUM_NPU_TBB U(2)
348 #else
349 #define FCONF_ARM_IO_UUID_NUM_NPU_TBB U(0)
350 #endif /* TRUSTED_BOARD_BOOT && ETHOSN_NPU_TZMP1 */
351
352 #define FCONF_ARM_IO_UUID_NUMBER FCONF_ARM_IO_UUID_NUM_BASE + \
353 FCONF_ARM_IO_UUID_NUM_NPU + \
354 FCONF_ARM_IO_UUID_NUM_TBB + \
355 FCONF_ARM_IO_UUID_NUM_SPD + \
356 FCONF_ARM_IO_UUID_NUM_NPU_TBB
357
358 static io_uuid_spec_t fconf_arm_uuids[FCONF_ARM_IO_UUID_NUMBER];
359 static OBJECT_POOL_ARRAY(fconf_arm_uuids_pool, fconf_arm_uuids);
360
361 struct policies_load_info {
362 unsigned int image_id;
363 const char *name;
364 };
365
366 /* image id to property name table */
367 static const struct policies_load_info load_info[FCONF_ARM_IO_UUID_NUMBER] = {
368 {SCP_BL2_IMAGE_ID, "scp_bl2_uuid"},
369 {BL31_IMAGE_ID, "bl31_uuid"},
370 {BL32_IMAGE_ID, "bl32_uuid"},
371 {BL32_EXTRA1_IMAGE_ID, "bl32_extra1_uuid"},
372 {BL32_EXTRA2_IMAGE_ID, "bl32_extra2_uuid"},
373 {BL33_IMAGE_ID, "bl33_uuid"},
374 {HW_CONFIG_ID, "hw_cfg_uuid"},
375 {SOC_FW_CONFIG_ID, "soc_fw_cfg_uuid"},
376 {TOS_FW_CONFIG_ID, "tos_fw_cfg_uuid"},
377 {NT_FW_CONFIG_ID, "nt_fw_cfg_uuid"},
378 #if ETHOSN_NPU_TZMP1
379 {ETHOSN_NPU_FW_IMAGE_ID, "ethosn_npu_fw_uuid"},
380 #endif /* ETHOSN_NPU_TZMP1 */
381 #if TRUSTED_BOARD_BOOT
382 {CCA_CONTENT_CERT_ID, "cca_cert_uuid"},
383 {CORE_SWD_KEY_CERT_ID, "core_swd_cert_uuid"},
384 {PLAT_KEY_CERT_ID, "plat_cert_uuid"},
385 {TRUSTED_KEY_CERT_ID, "t_key_cert_uuid"},
386 {SCP_FW_KEY_CERT_ID, "scp_fw_key_uuid"},
387 {SOC_FW_KEY_CERT_ID, "soc_fw_key_uuid"},
388 {TRUSTED_OS_FW_KEY_CERT_ID, "tos_fw_key_cert_uuid"},
389 {NON_TRUSTED_FW_KEY_CERT_ID, "nt_fw_key_cert_uuid"},
390 {SCP_FW_CONTENT_CERT_ID, "scp_fw_content_cert_uuid"},
391 {SOC_FW_CONTENT_CERT_ID, "soc_fw_content_cert_uuid"},
392 {TRUSTED_OS_FW_CONTENT_CERT_ID, "tos_fw_content_cert_uuid"},
393 {NON_TRUSTED_FW_CONTENT_CERT_ID, "nt_fw_content_cert_uuid"},
394 #if defined(SPD_spmd)
395 {SIP_SP_CONTENT_CERT_ID, "sip_sp_content_cert_uuid"},
396 {PLAT_SP_CONTENT_CERT_ID, "plat_sp_content_cert_uuid"},
397 #endif
398 #if ETHOSN_NPU_TZMP1
399 {ETHOSN_NPU_FW_KEY_CERT_ID, "ethosn_npu_fw_key_cert_uuid"},
400 {ETHOSN_NPU_FW_CONTENT_CERT_ID, "ethosn_npu_fw_content_cert_uuid"},
401 #endif /* ETHOSN_NPU_TZMP1 */
402 #endif /* TRUSTED_BOARD_BOOT */
403 };
404
fconf_populate_arm_io_policies(uintptr_t config)405 int fconf_populate_arm_io_policies(uintptr_t config)
406 {
407 int err, node;
408 unsigned int i;
409
410 union uuid_helper_t uuid_helper;
411 io_uuid_spec_t *uuid_ptr;
412
413 /* As libfdt uses void *, we can't avoid this cast */
414 const void *dtb = (void *)config;
415
416 /* Assert the node offset point to "arm,io-fip-handle" compatible property */
417 const char *compatible_str = "arm,io-fip-handle";
418 node = fdt_node_offset_by_compatible(dtb, -1, compatible_str);
419 if (node < 0) {
420 ERROR("FCONF: Can't find %s compatible in dtb\n", compatible_str);
421 return node;
422 }
423
424 /* Locate the uuid cells and read the value for all the load info uuid */
425 for (i = 0; i < FCONF_ARM_IO_UUID_NUMBER; i++) {
426 uuid_ptr = pool_alloc(&fconf_arm_uuids_pool);
427 err = fdtw_read_uuid(dtb, node, load_info[i].name, 16,
428 (uint8_t *)&uuid_helper);
429 if (err < 0) {
430 WARN("FCONF: Read cell failed for %s\n", load_info[i].name);
431 return err;
432 }
433
434 VERBOSE("FCONF: arm-io_policies.%s cell found with value = "
435 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n",
436 load_info[i].name,
437 uuid_helper.uuid_struct.time_low[0], uuid_helper.uuid_struct.time_low[1],
438 uuid_helper.uuid_struct.time_low[2], uuid_helper.uuid_struct.time_low[3],
439 uuid_helper.uuid_struct.time_mid[0], uuid_helper.uuid_struct.time_mid[1],
440 uuid_helper.uuid_struct.time_hi_and_version[0],
441 uuid_helper.uuid_struct.time_hi_and_version[1],
442 uuid_helper.uuid_struct.clock_seq_hi_and_reserved,
443 uuid_helper.uuid_struct.clock_seq_low,
444 uuid_helper.uuid_struct.node[0], uuid_helper.uuid_struct.node[1],
445 uuid_helper.uuid_struct.node[2], uuid_helper.uuid_struct.node[3],
446 uuid_helper.uuid_struct.node[4], uuid_helper.uuid_struct.node[5]);
447
448 uuid_ptr->uuid = uuid_helper.uuid_struct;
449 policies[load_info[i].image_id].image_spec = (uintptr_t)uuid_ptr;
450 policies[load_info[i].image_id].dev_handle = &fip_dev_handle;
451 policies[load_info[i].image_id].check = open_fip;
452 }
453 return 0;
454 }
455
456 #if ARM_IO_IN_DTB
457 FCONF_REGISTER_POPULATOR(TB_FW, arm_io, fconf_populate_arm_io_policies);
458 #endif /* ARM_IO_IN_DTB */
459
460 #endif /* IMAGE_BL2 */
461