1 /* 2 * Copyright (c) 2019-2023, ARM Limited. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <assert.h> 8 9 #include <common/debug.h> 10 #include <common/fdt_wrappers.h> 11 #include <drivers/io/io_storage.h> 12 #include <drivers/partition/partition.h> 13 #include <lib/object_pool.h> 14 #include <libfdt.h> 15 #include <tools_share/firmware_image_package.h> 16 17 #include <plat/arm/common/arm_fconf_getter.h> 18 #include <plat/arm/common/arm_fconf_io_storage.h> 19 #include <platform_def.h> 20 21 #if PSA_FWU_SUPPORT 22 /* metadata entry details */ 23 static io_block_spec_t fwu_metadata_spec; 24 #endif /* PSA_FWU_SUPPORT */ 25 26 io_block_spec_t fip_block_spec = { 27 /* 28 * This is fixed FIP address used by BL1, BL2 loads partition table 29 * to get FIP address. 30 */ 31 #if ARM_GPT_SUPPORT 32 .offset = PLAT_ARM_FLASH_IMAGE_BASE + PLAT_ARM_FIP_OFFSET_IN_GPT, 33 #else 34 .offset = PLAT_ARM_FLASH_IMAGE_BASE, 35 #endif /* ARM_GPT_SUPPORT */ 36 .length = PLAT_ARM_FLASH_IMAGE_MAX_SIZE 37 }; 38 39 #if ARM_GPT_SUPPORT 40 static const io_block_spec_t gpt_spec = { 41 .offset = PLAT_ARM_FLASH_IMAGE_BASE, 42 /* 43 * PLAT_PARTITION_BLOCK_SIZE = 512 44 * PLAT_PARTITION_MAX_ENTRIES = 128 45 * each sector has 4 partition entries, and there are 46 * 2 reserved sectors i.e. protective MBR and primary 47 * GPT header hence length gets calculated as, 48 * length = 512 * (128/4 + 2) 49 */ 50 .length = PLAT_PARTITION_BLOCK_SIZE * 51 (PLAT_PARTITION_MAX_ENTRIES / 4 + 2), 52 }; 53 #endif /* ARM_GPT_SUPPORT */ 54 55 const io_uuid_spec_t arm_uuid_spec[MAX_NUMBER_IDS] = { 56 [BL2_IMAGE_ID] = {UUID_TRUSTED_BOOT_FIRMWARE_BL2}, 57 [TB_FW_CONFIG_ID] = {UUID_TB_FW_CONFIG}, 58 [FW_CONFIG_ID] = {UUID_FW_CONFIG}, 59 #if !ARM_IO_IN_DTB 60 [SCP_BL2_IMAGE_ID] = {UUID_SCP_FIRMWARE_SCP_BL2}, 61 [BL31_IMAGE_ID] = {UUID_EL3_RUNTIME_FIRMWARE_BL31}, 62 [BL32_IMAGE_ID] = {UUID_SECURE_PAYLOAD_BL32}, 63 [BL32_EXTRA1_IMAGE_ID] = {UUID_SECURE_PAYLOAD_BL32_EXTRA1}, 64 [BL32_EXTRA2_IMAGE_ID] = {UUID_SECURE_PAYLOAD_BL32_EXTRA2}, 65 [BL33_IMAGE_ID] = {UUID_NON_TRUSTED_FIRMWARE_BL33}, 66 [HW_CONFIG_ID] = {UUID_HW_CONFIG}, 67 [SOC_FW_CONFIG_ID] = {UUID_SOC_FW_CONFIG}, 68 [TOS_FW_CONFIG_ID] = {UUID_TOS_FW_CONFIG}, 69 [NT_FW_CONFIG_ID] = {UUID_NT_FW_CONFIG}, 70 [RMM_IMAGE_ID] = {UUID_REALM_MONITOR_MGMT_FIRMWARE}, 71 #if ARM_ETHOSN_NPU_TZMP1 72 [ARM_ETHOSN_NPU_FW_IMAGE_ID] = {UUID_ETHOSN_FW}, 73 #endif /* ARM_ETHOSN_NPU_TZMP1 */ 74 #endif /* ARM_IO_IN_DTB */ 75 #if TRUSTED_BOARD_BOOT 76 [TRUSTED_BOOT_FW_CERT_ID] = {UUID_TRUSTED_BOOT_FW_CERT}, 77 #if !ARM_IO_IN_DTB 78 [CCA_CONTENT_CERT_ID] = {UUID_CCA_CONTENT_CERT}, 79 [CORE_SWD_KEY_CERT_ID] = {UUID_CORE_SWD_KEY_CERT}, 80 [PLAT_KEY_CERT_ID] = {UUID_PLAT_KEY_CERT}, 81 [TRUSTED_KEY_CERT_ID] = {UUID_TRUSTED_KEY_CERT}, 82 [SCP_FW_KEY_CERT_ID] = {UUID_SCP_FW_KEY_CERT}, 83 [SOC_FW_KEY_CERT_ID] = {UUID_SOC_FW_KEY_CERT}, 84 [TRUSTED_OS_FW_KEY_CERT_ID] = {UUID_TRUSTED_OS_FW_KEY_CERT}, 85 [NON_TRUSTED_FW_KEY_CERT_ID] = {UUID_NON_TRUSTED_FW_KEY_CERT}, 86 [SCP_FW_CONTENT_CERT_ID] = {UUID_SCP_FW_CONTENT_CERT}, 87 [SOC_FW_CONTENT_CERT_ID] = {UUID_SOC_FW_CONTENT_CERT}, 88 [TRUSTED_OS_FW_CONTENT_CERT_ID] = {UUID_TRUSTED_OS_FW_CONTENT_CERT}, 89 [NON_TRUSTED_FW_CONTENT_CERT_ID] = {UUID_NON_TRUSTED_FW_CONTENT_CERT}, 90 #if defined(SPD_spmd) 91 [SIP_SP_CONTENT_CERT_ID] = {UUID_SIP_SECURE_PARTITION_CONTENT_CERT}, 92 [PLAT_SP_CONTENT_CERT_ID] = {UUID_PLAT_SECURE_PARTITION_CONTENT_CERT}, 93 #endif 94 #if ARM_ETHOSN_NPU_TZMP1 95 [ARM_ETHOSN_NPU_FW_KEY_CERT_ID] = {UUID_ETHOSN_FW_KEY_CERTIFICATE}, 96 [ARM_ETHOSN_NPU_FW_CONTENT_CERT_ID] = {UUID_ETHOSN_FW_CONTENT_CERTIFICATE}, 97 #endif /* ARM_ETHOSN_NPU_TZMP1 */ 98 #endif /* ARM_IO_IN_DTB */ 99 #endif /* TRUSTED_BOARD_BOOT */ 100 }; 101 102 /* By default, ARM platforms load images from the FIP */ 103 struct plat_io_policy policies[MAX_NUMBER_IDS] = { 104 #if ARM_GPT_SUPPORT 105 [GPT_IMAGE_ID] = { 106 &memmap_dev_handle, 107 (uintptr_t)&gpt_spec, 108 open_memmap 109 }, 110 #endif /* ARM_GPT_SUPPORT */ 111 #if PSA_FWU_SUPPORT 112 [FWU_METADATA_IMAGE_ID] = { 113 &memmap_dev_handle, 114 /* filled runtime from partition information */ 115 (uintptr_t)&fwu_metadata_spec, 116 open_memmap 117 }, 118 [BKUP_FWU_METADATA_IMAGE_ID] = { 119 &memmap_dev_handle, 120 /* filled runtime from partition information */ 121 (uintptr_t)&fwu_metadata_spec, 122 open_memmap 123 }, 124 #endif /* PSA_FWU_SUPPORT */ 125 [FIP_IMAGE_ID] = { 126 &memmap_dev_handle, 127 (uintptr_t)&fip_block_spec, 128 open_memmap 129 }, 130 [BL2_IMAGE_ID] = { 131 &fip_dev_handle, 132 (uintptr_t)&arm_uuid_spec[BL2_IMAGE_ID], 133 open_fip 134 }, 135 [TB_FW_CONFIG_ID] = { 136 &fip_dev_handle, 137 (uintptr_t)&arm_uuid_spec[TB_FW_CONFIG_ID], 138 open_fip 139 }, 140 [FW_CONFIG_ID] = { 141 &fip_dev_handle, 142 (uintptr_t)&arm_uuid_spec[FW_CONFIG_ID], 143 open_fip 144 }, 145 #if !ARM_IO_IN_DTB 146 [SCP_BL2_IMAGE_ID] = { 147 &fip_dev_handle, 148 (uintptr_t)&arm_uuid_spec[SCP_BL2_IMAGE_ID], 149 open_fip 150 }, 151 [BL31_IMAGE_ID] = { 152 &fip_dev_handle, 153 (uintptr_t)&arm_uuid_spec[BL31_IMAGE_ID], 154 open_fip 155 }, 156 [BL32_IMAGE_ID] = { 157 &fip_dev_handle, 158 (uintptr_t)&arm_uuid_spec[BL32_IMAGE_ID], 159 open_fip 160 }, 161 [BL32_EXTRA1_IMAGE_ID] = { 162 &fip_dev_handle, 163 (uintptr_t)&arm_uuid_spec[BL32_EXTRA1_IMAGE_ID], 164 open_fip 165 }, 166 [BL32_EXTRA2_IMAGE_ID] = { 167 &fip_dev_handle, 168 (uintptr_t)&arm_uuid_spec[BL32_EXTRA2_IMAGE_ID], 169 open_fip 170 }, 171 [BL33_IMAGE_ID] = { 172 &fip_dev_handle, 173 (uintptr_t)&arm_uuid_spec[BL33_IMAGE_ID], 174 open_fip 175 }, 176 [RMM_IMAGE_ID] = { 177 &fip_dev_handle, 178 (uintptr_t)&arm_uuid_spec[RMM_IMAGE_ID], 179 open_fip 180 }, 181 [HW_CONFIG_ID] = { 182 &fip_dev_handle, 183 (uintptr_t)&arm_uuid_spec[HW_CONFIG_ID], 184 open_fip 185 }, 186 [SOC_FW_CONFIG_ID] = { 187 &fip_dev_handle, 188 (uintptr_t)&arm_uuid_spec[SOC_FW_CONFIG_ID], 189 open_fip 190 }, 191 [TOS_FW_CONFIG_ID] = { 192 &fip_dev_handle, 193 (uintptr_t)&arm_uuid_spec[TOS_FW_CONFIG_ID], 194 open_fip 195 }, 196 [NT_FW_CONFIG_ID] = { 197 &fip_dev_handle, 198 (uintptr_t)&arm_uuid_spec[NT_FW_CONFIG_ID], 199 open_fip 200 }, 201 #if ARM_ETHOSN_NPU_TZMP1 202 [ARM_ETHOSN_NPU_FW_IMAGE_ID] = { 203 &fip_dev_handle, 204 (uintptr_t)&arm_uuid_spec[ARM_ETHOSN_NPU_FW_IMAGE_ID], 205 open_fip 206 }, 207 #endif /* ARM_ETHOSN_NPU_TZMP1 */ 208 #endif /* ARM_IO_IN_DTB */ 209 #if TRUSTED_BOARD_BOOT 210 [TRUSTED_BOOT_FW_CERT_ID] = { 211 &fip_dev_handle, 212 (uintptr_t)&arm_uuid_spec[TRUSTED_BOOT_FW_CERT_ID], 213 open_fip 214 }, 215 #if !ARM_IO_IN_DTB 216 [CCA_CONTENT_CERT_ID] = { 217 &fip_dev_handle, 218 (uintptr_t)&arm_uuid_spec[CCA_CONTENT_CERT_ID], 219 open_fip 220 }, 221 [CORE_SWD_KEY_CERT_ID] = { 222 &fip_dev_handle, 223 (uintptr_t)&arm_uuid_spec[CORE_SWD_KEY_CERT_ID], 224 open_fip 225 }, 226 [PLAT_KEY_CERT_ID] = { 227 &fip_dev_handle, 228 (uintptr_t)&arm_uuid_spec[PLAT_KEY_CERT_ID], 229 open_fip 230 }, 231 [TRUSTED_KEY_CERT_ID] = { 232 &fip_dev_handle, 233 (uintptr_t)&arm_uuid_spec[TRUSTED_KEY_CERT_ID], 234 open_fip 235 }, 236 [SCP_FW_KEY_CERT_ID] = { 237 &fip_dev_handle, 238 (uintptr_t)&arm_uuid_spec[SCP_FW_KEY_CERT_ID], 239 open_fip 240 }, 241 [SOC_FW_KEY_CERT_ID] = { 242 &fip_dev_handle, 243 (uintptr_t)&arm_uuid_spec[SOC_FW_KEY_CERT_ID], 244 open_fip 245 }, 246 [TRUSTED_OS_FW_KEY_CERT_ID] = { 247 &fip_dev_handle, 248 (uintptr_t)&arm_uuid_spec[TRUSTED_OS_FW_KEY_CERT_ID], 249 open_fip 250 }, 251 [NON_TRUSTED_FW_KEY_CERT_ID] = { 252 &fip_dev_handle, 253 (uintptr_t)&arm_uuid_spec[NON_TRUSTED_FW_KEY_CERT_ID], 254 open_fip 255 }, 256 [SCP_FW_CONTENT_CERT_ID] = { 257 &fip_dev_handle, 258 (uintptr_t)&arm_uuid_spec[SCP_FW_CONTENT_CERT_ID], 259 open_fip 260 }, 261 [SOC_FW_CONTENT_CERT_ID] = { 262 &fip_dev_handle, 263 (uintptr_t)&arm_uuid_spec[SOC_FW_CONTENT_CERT_ID], 264 open_fip 265 }, 266 [TRUSTED_OS_FW_CONTENT_CERT_ID] = { 267 &fip_dev_handle, 268 (uintptr_t)&arm_uuid_spec[TRUSTED_OS_FW_CONTENT_CERT_ID], 269 open_fip 270 }, 271 [NON_TRUSTED_FW_CONTENT_CERT_ID] = { 272 &fip_dev_handle, 273 (uintptr_t)&arm_uuid_spec[NON_TRUSTED_FW_CONTENT_CERT_ID], 274 open_fip 275 }, 276 #if defined(SPD_spmd) 277 [SIP_SP_CONTENT_CERT_ID] = { 278 &fip_dev_handle, 279 (uintptr_t)&arm_uuid_spec[SIP_SP_CONTENT_CERT_ID], 280 open_fip 281 }, 282 [PLAT_SP_CONTENT_CERT_ID] = { 283 &fip_dev_handle, 284 (uintptr_t)&arm_uuid_spec[PLAT_SP_CONTENT_CERT_ID], 285 open_fip 286 }, 287 #endif 288 #if ARM_ETHOSN_NPU_TZMP1 289 [ARM_ETHOSN_NPU_FW_KEY_CERT_ID] = { 290 &fip_dev_handle, 291 (uintptr_t)&arm_uuid_spec[ARM_ETHOSN_NPU_FW_KEY_CERT_ID], 292 open_fip 293 }, 294 [ARM_ETHOSN_NPU_FW_CONTENT_CERT_ID] = { 295 &fip_dev_handle, 296 (uintptr_t)&arm_uuid_spec[ARM_ETHOSN_NPU_FW_CONTENT_CERT_ID], 297 open_fip 298 }, 299 #endif /* ARM_ETHOSN_NPU_TZMP1 */ 300 #endif /* ARM_IO_IN_DTB */ 301 #endif /* TRUSTED_BOARD_BOOT */ 302 }; 303 304 #ifdef IMAGE_BL2 305 306 #define FCONF_ARM_IO_UUID_NUM_BASE U(10) 307 308 #if ARM_ETHOSN_NPU_TZMP1 309 #define FCONF_ARM_IO_UUID_NUM_NPU U(1) 310 #else 311 #define FCONF_ARM_IO_UUID_NUM_NPU U(0) 312 #endif 313 314 #if TRUSTED_BOARD_BOOT 315 #define FCONF_ARM_IO_UUID_NUM_TBB U(12) 316 #else 317 #define FCONF_ARM_IO_UUID_NUM_TBB U(0) 318 #endif /* TRUSTED_BOARD_BOOT */ 319 320 #if TRUSTED_BOARD_BOOT && defined(SPD_spmd) 321 #define FCONF_ARM_IO_UUID_NUM_SPD U(2) 322 #else 323 #define FCONF_ARM_IO_UUID_NUM_SPD U(0) 324 #endif /* TRUSTED_BOARD_BOOT && defined(SPD_spmd) */ 325 326 #if TRUSTED_BOARD_BOOT && ARM_ETHOSN_NPU_TZMP1 327 #define FCONF_ARM_IO_UUID_NUM_NPU_TBB U(2) 328 #else 329 #define FCONF_ARM_IO_UUID_NUM_NPU_TBB U(0) 330 #endif /* TRUSTED_BOARD_BOOT && ARM_ETHOSN_NPU_TZMP1 */ 331 332 #define FCONF_ARM_IO_UUID_NUMBER FCONF_ARM_IO_UUID_NUM_BASE + \ 333 FCONF_ARM_IO_UUID_NUM_NPU + \ 334 FCONF_ARM_IO_UUID_NUM_TBB + \ 335 FCONF_ARM_IO_UUID_NUM_SPD + \ 336 FCONF_ARM_IO_UUID_NUM_NPU_TBB 337 338 static io_uuid_spec_t fconf_arm_uuids[FCONF_ARM_IO_UUID_NUMBER]; 339 static OBJECT_POOL_ARRAY(fconf_arm_uuids_pool, fconf_arm_uuids); 340 341 struct policies_load_info { 342 unsigned int image_id; 343 const char *name; 344 }; 345 346 /* image id to property name table */ 347 static const struct policies_load_info load_info[FCONF_ARM_IO_UUID_NUMBER] = { 348 {SCP_BL2_IMAGE_ID, "scp_bl2_uuid"}, 349 {BL31_IMAGE_ID, "bl31_uuid"}, 350 {BL32_IMAGE_ID, "bl32_uuid"}, 351 {BL32_EXTRA1_IMAGE_ID, "bl32_extra1_uuid"}, 352 {BL32_EXTRA2_IMAGE_ID, "bl32_extra2_uuid"}, 353 {BL33_IMAGE_ID, "bl33_uuid"}, 354 {HW_CONFIG_ID, "hw_cfg_uuid"}, 355 {SOC_FW_CONFIG_ID, "soc_fw_cfg_uuid"}, 356 {TOS_FW_CONFIG_ID, "tos_fw_cfg_uuid"}, 357 {NT_FW_CONFIG_ID, "nt_fw_cfg_uuid"}, 358 #if ARM_ETHOSN_NPU_TZMP1 359 {ARM_ETHOSN_NPU_FW_IMAGE_ID, "arm_ethosn_npu_fw_uuid"}, 360 #endif /* ARM_ETHOSN_NPU_TZMP1 */ 361 #if TRUSTED_BOARD_BOOT 362 {CCA_CONTENT_CERT_ID, "cca_cert_uuid"}, 363 {CORE_SWD_KEY_CERT_ID, "core_swd_cert_uuid"}, 364 {PLAT_KEY_CERT_ID, "plat_cert_uuid"}, 365 {TRUSTED_KEY_CERT_ID, "t_key_cert_uuid"}, 366 {SCP_FW_KEY_CERT_ID, "scp_fw_key_uuid"}, 367 {SOC_FW_KEY_CERT_ID, "soc_fw_key_uuid"}, 368 {TRUSTED_OS_FW_KEY_CERT_ID, "tos_fw_key_cert_uuid"}, 369 {NON_TRUSTED_FW_KEY_CERT_ID, "nt_fw_key_cert_uuid"}, 370 {SCP_FW_CONTENT_CERT_ID, "scp_fw_content_cert_uuid"}, 371 {SOC_FW_CONTENT_CERT_ID, "soc_fw_content_cert_uuid"}, 372 {TRUSTED_OS_FW_CONTENT_CERT_ID, "tos_fw_content_cert_uuid"}, 373 {NON_TRUSTED_FW_CONTENT_CERT_ID, "nt_fw_content_cert_uuid"}, 374 #if defined(SPD_spmd) 375 {SIP_SP_CONTENT_CERT_ID, "sip_sp_content_cert_uuid"}, 376 {PLAT_SP_CONTENT_CERT_ID, "plat_sp_content_cert_uuid"}, 377 #endif 378 #if ARM_ETHOSN_NPU_TZMP1 379 {ARM_ETHOSN_NPU_FW_KEY_CERT_ID, "arm_ethosn_npu_fw_key_cert_uuid"}, 380 {ARM_ETHOSN_NPU_FW_CONTENT_CERT_ID, "arm_ethosn_npu_fw_content_cert_uuid"}, 381 #endif /* ARM_ETHOSN_NPU_TZMP1 */ 382 #endif /* TRUSTED_BOARD_BOOT */ 383 }; 384 385 int fconf_populate_arm_io_policies(uintptr_t config) 386 { 387 int err, node; 388 unsigned int i; 389 390 union uuid_helper_t uuid_helper; 391 io_uuid_spec_t *uuid_ptr; 392 393 /* As libfdt uses void *, we can't avoid this cast */ 394 const void *dtb = (void *)config; 395 396 /* Assert the node offset point to "arm,io-fip-handle" compatible property */ 397 const char *compatible_str = "arm,io-fip-handle"; 398 node = fdt_node_offset_by_compatible(dtb, -1, compatible_str); 399 if (node < 0) { 400 ERROR("FCONF: Can't find %s compatible in dtb\n", compatible_str); 401 return node; 402 } 403 404 /* Locate the uuid cells and read the value for all the load info uuid */ 405 for (i = 0; i < FCONF_ARM_IO_UUID_NUMBER; i++) { 406 uuid_ptr = pool_alloc(&fconf_arm_uuids_pool); 407 err = fdtw_read_uuid(dtb, node, load_info[i].name, 16, 408 (uint8_t *)&uuid_helper); 409 if (err < 0) { 410 WARN("FCONF: Read cell failed for %s\n", load_info[i].name); 411 return err; 412 } 413 414 VERBOSE("FCONF: arm-io_policies.%s cell found with value = " 415 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n", 416 load_info[i].name, 417 uuid_helper.uuid_struct.time_low[0], uuid_helper.uuid_struct.time_low[1], 418 uuid_helper.uuid_struct.time_low[2], uuid_helper.uuid_struct.time_low[3], 419 uuid_helper.uuid_struct.time_mid[0], uuid_helper.uuid_struct.time_mid[1], 420 uuid_helper.uuid_struct.time_hi_and_version[0], 421 uuid_helper.uuid_struct.time_hi_and_version[1], 422 uuid_helper.uuid_struct.clock_seq_hi_and_reserved, 423 uuid_helper.uuid_struct.clock_seq_low, 424 uuid_helper.uuid_struct.node[0], uuid_helper.uuid_struct.node[1], 425 uuid_helper.uuid_struct.node[2], uuid_helper.uuid_struct.node[3], 426 uuid_helper.uuid_struct.node[4], uuid_helper.uuid_struct.node[5]); 427 428 uuid_ptr->uuid = uuid_helper.uuid_struct; 429 policies[load_info[i].image_id].image_spec = (uintptr_t)uuid_ptr; 430 policies[load_info[i].image_id].dev_handle = &fip_dev_handle; 431 policies[load_info[i].image_id].check = open_fip; 432 } 433 return 0; 434 } 435 436 #if ARM_IO_IN_DTB 437 FCONF_REGISTER_POPULATOR(TB_FW, arm_io, fconf_populate_arm_io_policies); 438 #endif /* ARM_IO_IN_DTB */ 439 440 #endif /* IMAGE_BL2 */ 441