]> git.dujemihanovic.xyz Git - u-boot.git/commitdiff
armv8: sec_firmware: Add support for multiple loadables
authorSumit Garg <sumit.garg@nxp.com>
Mon, 23 Apr 2018 21:53:28 +0000 (03:23 +0530)
committerYork Sun <york.sun@nxp.com>
Wed, 9 May 2018 14:17:51 +0000 (09:17 -0500)
Enable support for multiple loadable images in SEC firmware FIT image.
Also add example "sec_firmware_ppa.its" file.

Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
arch/arm/cpu/armv8/sec_firmware.c
doc/uImage.FIT/sec_firmware_ppa.its [new file with mode: 0644]

index 5d2d839feaa108f179cd5b9c434166b833a92522..a13c92e246a8a22c0ea6a12e91ee92756acd93b8 100644 (file)
@@ -115,25 +115,48 @@ static int sec_firmware_check_copy_loadable(const void *sec_firmware_img,
                                            u32 *loadable_l, u32 *loadable_h)
 {
        phys_addr_t sec_firmware_loadable_addr = 0;
-       int conf_node_off, ld_node_off;
+       int conf_node_off, ld_node_off, images;
        char *conf_node_name = NULL;
        const void *data;
        size_t size;
        ulong load;
+       const char *name, *str, *type;
+       int len;
 
        conf_node_name = SEC_FIRMEWARE_FIT_CNF_NAME;
 
        conf_node_off = fit_conf_get_node(sec_firmware_img, conf_node_name);
        if (conf_node_off < 0) {
                printf("SEC Firmware: %s: no such config\n", conf_node_name);
-       return -ENOENT;
+               return -ENOENT;
+       }
+
+       /* find the node holding the images information */
+       images = fdt_path_offset(sec_firmware_img, FIT_IMAGES_PATH);
+       if (images < 0) {
+               printf("%s: Cannot find /images node: %d\n", __func__, images);
+               return -1;
+       }
+
+       type = FIT_LOADABLE_PROP;
+
+       name = fdt_getprop(sec_firmware_img, conf_node_off, type, &len);
+       if (!name) {
+               /* Loadables not present */
+               return 0;
        }
 
-       ld_node_off = fit_conf_get_prop_node(sec_firmware_img, conf_node_off,
-                                            FIT_LOADABLE_PROP);
-       if (ld_node_off >= 0) {
-               printf("SEC Firmware: '%s' present in config\n",
-                      FIT_LOADABLE_PROP);
+       printf("SEC Firmware: '%s' present in config\n", type);
+
+       for (str = name; str && ((str - name) < len);
+            str = strchr(str, '\0') + 1) {
+               printf("%s: '%s'\n", type, str);
+               ld_node_off = fdt_subnode_offset(sec_firmware_img, images, str);
+               if (ld_node_off < 0) {
+                       printf("cannot find image node '%s': %d\n", str,
+                              ld_node_off);
+                       return -EINVAL;
+               }
 
                /* Verify secure firmware image */
                if (!(fit_image_verify(sec_firmware_img, ld_node_off))) {
@@ -163,11 +186,19 @@ static int sec_firmware_check_copy_loadable(const void *sec_firmware_img,
                memcpy((void *)sec_firmware_loadable_addr, data, size);
                flush_dcache_range(sec_firmware_loadable_addr,
                                   sec_firmware_loadable_addr + size);
-       }
 
-       /* Populate address ptrs for loadable image with loadbale addr */
-       out_le32(loadable_l, (sec_firmware_loadable_addr & WORD_MASK));
-       out_le32(loadable_h, (sec_firmware_loadable_addr >> WORD_SHIFT));
+               /* Populate loadable address only for Trusted OS */
+               if (!strcmp(str, "trustedOS@1")) {
+                       /*
+                        * Populate address ptrs for loadable image with
+                        * loadbale addr
+                        */
+                       out_le32(loadable_l, (sec_firmware_loadable_addr &
+                                             WORD_MASK));
+                       out_le32(loadable_h, (sec_firmware_loadable_addr >>
+                                             WORD_SHIFT));
+               }
+       }
 
        return 0;
 }
diff --git a/doc/uImage.FIT/sec_firmware_ppa.its b/doc/uImage.FIT/sec_firmware_ppa.its
new file mode 100644 (file)
index 0000000..a7acde1
--- /dev/null
@@ -0,0 +1,49 @@
+/dts-v1/;
+
+/*
+ * Example FIT image description file demonstrating the usage
+ * of SEC Firmware and multiple loadable images loaded by the u-boot.
+ * For booting PPA (SEC Firmware), "firmware" is searched and loaded.
+ *
+ * Multiple binaries will be loaded as "loadables" (if present) at their
+ * respective load offsets from firmware image address.
+ */
+
+/{
+       description = "PPA Firmware";
+       #address-cells = <1>;
+       images {
+               firmware@1 {
+                       description = "PPA Firmware: <version>";
+                       data = /incbin/("../obj/monitor.bin");
+                       type = "firmware";
+                       arch = "arm64";
+                       compression = "none";
+               };
+               trustedOS@1 {
+                       description = "Trusted OS";
+                       data = /incbin/("../../tee.bin");
+                       type = "OS";
+                       arch = "arm64";
+                       compression = "none";
+                       load = <0x00200000>;
+               };
+               fuse_scr {
+                       description = "Fuse Script";
+                       data = /incbin/("../../fuse_scr.bin");
+                       type = "firmware";
+                       arch = "arm64";
+                       compression = "none";
+                       load = <0x00180000>;
+               };
+       };
+
+       configurations {
+               default = "config-1";
+               config-1 {
+                       description = "PPA Secure firmware";
+                       firmware = "firmware@1";
+                       loadables = "trustedOS@1", "fuse_scr";
+               };
+       };
+};