FVP: Enable capability to disable auth via dynamic config
This patch adds capability to FVP to disable authentication dynamically
via the `disable_auth` property in TB_FW_CONFIG. Both BL1 and BL2 parses
the TB_FW_CONFIG for the `disable_auth` property and invokes the
`load_dyn_disable_auth()` API to disable authentication if the
property is set to 1. The DYN_DISABLE_AUTH is enabled by default for
FVP as it is a development platform. Note that the TB_FW_CONFIG has to
be authenticated by BL1 irrespective of these settings.
The arm_bl2_dyn_cfg_init() is now earlier in bl2_plat_preload_setup()
rather than in bl2_platform_setup() as we need to get the value of
`disable_auth` property prior to authentication of any image by BL2.
Change-Id: I734acd59572849793e5020ec44c6ac51f654a4d1
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
diff --git a/plat/arm/common/arm_dyn_cfg.c b/plat/arm/common/arm_dyn_cfg.c
index 02f995f..33dc08b 100644
--- a/plat/arm/common/arm_dyn_cfg.c
+++ b/plat/arm/common/arm_dyn_cfg.c
@@ -54,6 +54,24 @@
INFO("BL1: TB_FW_CONFIG loaded at address = %p\n",
(void *) config_base);
+
+#if TRUSTED_BOARD_BOOT && defined(DYN_DISABLE_AUTH)
+ int tb_fw_node;
+ uint32_t disable_auth = 0;
+
+ err = arm_dyn_tb_fw_cfg_init((void *)config_base, &tb_fw_node);
+ if (err < 0) {
+ WARN("Invalid TB_FW_CONFIG loaded\n");
+ return;
+ }
+
+ err = arm_dyn_get_disable_auth((void *)config_base, tb_fw_node, &disable_auth);
+ if (err < 0)
+ return;
+
+ if (disable_auth == 1)
+ dyn_disable_auth();
+#endif
}
/*
@@ -104,6 +122,18 @@
/* Remove the IMAGE_ATTRIB_SKIP_LOADING attribute from HW_CONFIG node */
hw_cfg_mem_params->image_info.h.attr &= ~IMAGE_ATTRIB_SKIP_LOADING;
+
+#if TRUSTED_BOARD_BOOT && defined(DYN_DISABLE_AUTH)
+ uint32_t disable_auth = 0;
+
+ err = arm_dyn_get_disable_auth((void *)tb_fw_cfg_dtb, tb_fw_node,
+ &disable_auth);
+ if (err < 0)
+ return;
+
+ if (disable_auth == 1)
+ dyn_disable_auth();
+#endif
}
#endif /* LOAD_IMAGE_V2 */