blob: e2d4932c0860121aa996b91c2d6d42d43366dce7 [file] [log] [blame]
Jens Wiklander419e0d22015-12-07 14:37:10 +01001/*
Jens Wiklander25ae7ad2022-11-18 15:40:04 +01002 * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
Jens Wiklander419e0d22015-12-07 14:37:10 +01003 *
dp-arm82cb2c12017-05-03 09:38:09 +01004 * SPDX-License-Identifier: BSD-3-Clause
Jens Wiklander419e0d22015-12-07 14:37:10 +01005 */
6
7#include <assert.h>
Jens Wiklander419e0d22015-12-07 14:37:10 +01008#include <string.h>
9
Antonio Nino Diaz09d40e02018-12-14 00:18:21 +000010#include <platform_def.h>
11
12#include <common/bl_common.h>
13#include <common/debug.h>
14#include <drivers/io/io_driver.h>
Sumit Garg51857762019-11-14 17:34:56 +053015#include <drivers/io/io_encrypted.h>
Antonio Nino Diaz09d40e02018-12-14 00:18:21 +000016#include <drivers/io/io_fip.h>
17#include <drivers/io/io_memmap.h>
18#include <drivers/io/io_semihosting.h>
19#include <drivers/io/io_storage.h>
20#include <lib/semihosting.h>
21#include <tools_share/firmware_image_package.h>
22
Jens Wiklander419e0d22015-12-07 14:37:10 +010023/* Semihosting filenames */
24#define BL2_IMAGE_NAME "bl2.bin"
25#define BL31_IMAGE_NAME "bl31.bin"
26#define BL32_IMAGE_NAME "bl32.bin"
Jens Wiklander25ae7ad2022-11-18 15:40:04 +010027#define TOS_FW_CONFIG_NAME "tos_fw_config.dtb"
Jens Wiklandere2af1ca2017-08-24 13:16:26 +020028#define BL32_EXTRA1_IMAGE_NAME "bl32_extra1.bin"
29#define BL32_EXTRA2_IMAGE_NAME "bl32_extra2.bin"
Jens Wiklander419e0d22015-12-07 14:37:10 +010030#define BL33_IMAGE_NAME "bl33.bin"
31
32#if TRUSTED_BOARD_BOOT
Michalis Pappas5cc34b12017-10-18 09:43:37 +080033#define TRUSTED_BOOT_FW_CERT_NAME "tb_fw.crt"
Jens Wiklander419e0d22015-12-07 14:37:10 +010034#define TRUSTED_KEY_CERT_NAME "trusted_key.crt"
Michalis Pappas5cc34b12017-10-18 09:43:37 +080035#define SOC_FW_KEY_CERT_NAME "soc_fw_key.crt"
36#define TOS_FW_KEY_CERT_NAME "tos_fw_key.crt"
37#define NT_FW_KEY_CERT_NAME "nt_fw_key.crt"
38#define SOC_FW_CONTENT_CERT_NAME "soc_fw_content.crt"
39#define TOS_FW_CONTENT_CERT_NAME "tos_fw_content.crt"
40#define NT_FW_CONTENT_CERT_NAME "nt_fw_content.crt"
Jens Wiklander419e0d22015-12-07 14:37:10 +010041#endif /* TRUSTED_BOARD_BOOT */
42
43
44
45/* IO devices */
46static const io_dev_connector_t *fip_dev_con;
47static uintptr_t fip_dev_handle;
48static const io_dev_connector_t *memmap_dev_con;
49static uintptr_t memmap_dev_handle;
50static const io_dev_connector_t *sh_dev_con;
51static uintptr_t sh_dev_handle;
Sumit Garg51857762019-11-14 17:34:56 +053052#ifndef DECRYPTION_SUPPORT_none
53static const io_dev_connector_t *enc_dev_con;
54static uintptr_t enc_dev_handle;
55#endif
Jens Wiklander419e0d22015-12-07 14:37:10 +010056
57static const io_block_spec_t fip_block_spec = {
58 .offset = PLAT_QEMU_FIP_BASE,
59 .length = PLAT_QEMU_FIP_MAX_SIZE
60};
61
62static const io_uuid_spec_t bl2_uuid_spec = {
63 .uuid = UUID_TRUSTED_BOOT_FIRMWARE_BL2,
64};
65
66static const io_uuid_spec_t bl31_uuid_spec = {
67 .uuid = UUID_EL3_RUNTIME_FIRMWARE_BL31,
68};
69
70static const io_uuid_spec_t bl32_uuid_spec = {
71 .uuid = UUID_SECURE_PAYLOAD_BL32,
72};
73
Jens Wiklandere2af1ca2017-08-24 13:16:26 +020074static const io_uuid_spec_t bl32_extra1_uuid_spec = {
75 .uuid = UUID_SECURE_PAYLOAD_BL32_EXTRA1,
76};
77
78static const io_uuid_spec_t bl32_extra2_uuid_spec = {
79 .uuid = UUID_SECURE_PAYLOAD_BL32_EXTRA2,
80};
81
Jens Wiklander25ae7ad2022-11-18 15:40:04 +010082static const io_uuid_spec_t tos_fw_config_uuid_spec = {
83 .uuid = UUID_TOS_FW_CONFIG,
84};
85
Jens Wiklander419e0d22015-12-07 14:37:10 +010086static const io_uuid_spec_t bl33_uuid_spec = {
87 .uuid = UUID_NON_TRUSTED_FIRMWARE_BL33,
88};
89
90#if TRUSTED_BOARD_BOOT
Michalis Pappas5cc34b12017-10-18 09:43:37 +080091static const io_uuid_spec_t tb_fw_cert_uuid_spec = {
92 .uuid = UUID_TRUSTED_BOOT_FW_CERT,
Jens Wiklander419e0d22015-12-07 14:37:10 +010093};
94
95static const io_uuid_spec_t trusted_key_cert_uuid_spec = {
96 .uuid = UUID_TRUSTED_KEY_CERT,
97};
98
Michalis Pappas5cc34b12017-10-18 09:43:37 +080099static const io_uuid_spec_t soc_fw_key_cert_uuid_spec = {
100 .uuid = UUID_SOC_FW_KEY_CERT,
Jens Wiklander419e0d22015-12-07 14:37:10 +0100101};
102
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800103static const io_uuid_spec_t tos_fw_key_cert_uuid_spec = {
104 .uuid = UUID_TRUSTED_OS_FW_KEY_CERT,
Jens Wiklander419e0d22015-12-07 14:37:10 +0100105};
106
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800107static const io_uuid_spec_t nt_fw_key_cert_uuid_spec = {
108 .uuid = UUID_NON_TRUSTED_FW_KEY_CERT,
Jens Wiklander419e0d22015-12-07 14:37:10 +0100109};
110
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800111static const io_uuid_spec_t soc_fw_cert_uuid_spec = {
112 .uuid = UUID_SOC_FW_CONTENT_CERT,
Jens Wiklander419e0d22015-12-07 14:37:10 +0100113};
114
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800115static const io_uuid_spec_t tos_fw_cert_uuid_spec = {
116 .uuid = UUID_TRUSTED_OS_FW_CONTENT_CERT,
Jens Wiklander419e0d22015-12-07 14:37:10 +0100117};
118
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800119static const io_uuid_spec_t nt_fw_cert_uuid_spec = {
120 .uuid = UUID_NON_TRUSTED_FW_CONTENT_CERT,
Jens Wiklander419e0d22015-12-07 14:37:10 +0100121};
122#endif /* TRUSTED_BOARD_BOOT */
123
124static const io_file_spec_t sh_file_spec[] = {
125 [BL2_IMAGE_ID] = {
126 .path = BL2_IMAGE_NAME,
127 .mode = FOPEN_MODE_RB
128 },
129 [BL31_IMAGE_ID] = {
130 .path = BL31_IMAGE_NAME,
131 .mode = FOPEN_MODE_RB
132 },
133 [BL32_IMAGE_ID] = {
134 .path = BL32_IMAGE_NAME,
135 .mode = FOPEN_MODE_RB
136 },
Jens Wiklandere2af1ca2017-08-24 13:16:26 +0200137 [BL32_EXTRA1_IMAGE_ID] = {
138 .path = BL32_EXTRA1_IMAGE_NAME,
139 .mode = FOPEN_MODE_RB
140 },
141 [BL32_EXTRA2_IMAGE_ID] = {
142 .path = BL32_EXTRA2_IMAGE_NAME,
143 .mode = FOPEN_MODE_RB
144 },
Jens Wiklander25ae7ad2022-11-18 15:40:04 +0100145 [TOS_FW_CONFIG_ID] = {
146 .path = TOS_FW_CONFIG_NAME,
147 .mode = FOPEN_MODE_RB
148 },
Jens Wiklander419e0d22015-12-07 14:37:10 +0100149 [BL33_IMAGE_ID] = {
150 .path = BL33_IMAGE_NAME,
151 .mode = FOPEN_MODE_RB
152 },
153#if TRUSTED_BOARD_BOOT
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800154 [TRUSTED_BOOT_FW_CERT_ID] = {
155 .path = TRUSTED_BOOT_FW_CERT_NAME,
Jens Wiklander419e0d22015-12-07 14:37:10 +0100156 .mode = FOPEN_MODE_RB
157 },
158 [TRUSTED_KEY_CERT_ID] = {
159 .path = TRUSTED_KEY_CERT_NAME,
160 .mode = FOPEN_MODE_RB
161 },
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800162 [SOC_FW_KEY_CERT_ID] = {
163 .path = SOC_FW_KEY_CERT_NAME,
Jens Wiklander419e0d22015-12-07 14:37:10 +0100164 .mode = FOPEN_MODE_RB
165 },
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800166 [TRUSTED_OS_FW_KEY_CERT_ID] = {
167 .path = TOS_FW_KEY_CERT_NAME,
Jens Wiklander419e0d22015-12-07 14:37:10 +0100168 .mode = FOPEN_MODE_RB
169 },
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800170 [NON_TRUSTED_FW_KEY_CERT_ID] = {
171 .path = NT_FW_KEY_CERT_NAME,
Jens Wiklander419e0d22015-12-07 14:37:10 +0100172 .mode = FOPEN_MODE_RB
173 },
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800174 [SOC_FW_CONTENT_CERT_ID] = {
175 .path = SOC_FW_CONTENT_CERT_NAME,
Jens Wiklander419e0d22015-12-07 14:37:10 +0100176 .mode = FOPEN_MODE_RB
177 },
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800178 [TRUSTED_OS_FW_CONTENT_CERT_ID] = {
179 .path = TOS_FW_CONTENT_CERT_NAME,
Jens Wiklander419e0d22015-12-07 14:37:10 +0100180 .mode = FOPEN_MODE_RB
181 },
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800182 [NON_TRUSTED_FW_CONTENT_CERT_ID] = {
183 .path = NT_FW_CONTENT_CERT_NAME,
Jens Wiklander419e0d22015-12-07 14:37:10 +0100184 .mode = FOPEN_MODE_RB
185 },
186#endif /* TRUSTED_BOARD_BOOT */
187};
188
Jens Wiklander419e0d22015-12-07 14:37:10 +0100189static int open_fip(const uintptr_t spec);
190static int open_memmap(const uintptr_t spec);
Sumit Garg51857762019-11-14 17:34:56 +0530191#ifndef DECRYPTION_SUPPORT_none
192static int open_enc_fip(const uintptr_t spec);
193#endif
Jens Wiklander419e0d22015-12-07 14:37:10 +0100194
195struct plat_io_policy {
196 uintptr_t *dev_handle;
197 uintptr_t image_spec;
198 int (*check)(const uintptr_t spec);
199};
200
201/* By default, ARM platforms load images from the FIP */
202static const struct plat_io_policy policies[] = {
203 [FIP_IMAGE_ID] = {
204 &memmap_dev_handle,
205 (uintptr_t)&fip_block_spec,
206 open_memmap
207 },
Sumit Garg51857762019-11-14 17:34:56 +0530208 [ENC_IMAGE_ID] = {
209 &fip_dev_handle,
210 (uintptr_t)NULL,
211 open_fip
212 },
Jens Wiklander419e0d22015-12-07 14:37:10 +0100213 [BL2_IMAGE_ID] = {
214 &fip_dev_handle,
215 (uintptr_t)&bl2_uuid_spec,
216 open_fip
217 },
Sumit Garg51857762019-11-14 17:34:56 +0530218#if ENCRYPT_BL31 && !defined(DECRYPTION_SUPPORT_none)
219 [BL31_IMAGE_ID] = {
220 &enc_dev_handle,
221 (uintptr_t)&bl31_uuid_spec,
222 open_enc_fip
223 },
224#else
Jens Wiklander419e0d22015-12-07 14:37:10 +0100225 [BL31_IMAGE_ID] = {
226 &fip_dev_handle,
227 (uintptr_t)&bl31_uuid_spec,
228 open_fip
229 },
Sumit Garg51857762019-11-14 17:34:56 +0530230#endif
231#if ENCRYPT_BL32 && !defined(DECRYPTION_SUPPORT_none)
232 [BL32_IMAGE_ID] = {
233 &enc_dev_handle,
234 (uintptr_t)&bl32_uuid_spec,
235 open_enc_fip
236 },
237 [BL32_EXTRA1_IMAGE_ID] = {
238 &enc_dev_handle,
239 (uintptr_t)&bl32_extra1_uuid_spec,
240 open_enc_fip
241 },
242 [BL32_EXTRA2_IMAGE_ID] = {
243 &enc_dev_handle,
244 (uintptr_t)&bl32_extra2_uuid_spec,
245 open_enc_fip
246 },
247#else
Jens Wiklander419e0d22015-12-07 14:37:10 +0100248 [BL32_IMAGE_ID] = {
249 &fip_dev_handle,
250 (uintptr_t)&bl32_uuid_spec,
251 open_fip
252 },
Jens Wiklandere2af1ca2017-08-24 13:16:26 +0200253 [BL32_EXTRA1_IMAGE_ID] = {
254 &fip_dev_handle,
255 (uintptr_t)&bl32_extra1_uuid_spec,
256 open_fip
257 },
258 [BL32_EXTRA2_IMAGE_ID] = {
259 &fip_dev_handle,
260 (uintptr_t)&bl32_extra2_uuid_spec,
261 open_fip
262 },
Sumit Garg51857762019-11-14 17:34:56 +0530263#endif
Jens Wiklander25ae7ad2022-11-18 15:40:04 +0100264 [TOS_FW_CONFIG_ID] = {
265 &fip_dev_handle,
266 (uintptr_t)&tos_fw_config_uuid_spec,
267 open_fip
268 },
Jens Wiklander419e0d22015-12-07 14:37:10 +0100269 [BL33_IMAGE_ID] = {
270 &fip_dev_handle,
271 (uintptr_t)&bl33_uuid_spec,
272 open_fip
273 },
274#if TRUSTED_BOARD_BOOT
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800275 [TRUSTED_BOOT_FW_CERT_ID] = {
Jens Wiklander419e0d22015-12-07 14:37:10 +0100276 &fip_dev_handle,
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800277 (uintptr_t)&tb_fw_cert_uuid_spec,
Jens Wiklander419e0d22015-12-07 14:37:10 +0100278 open_fip
279 },
280 [TRUSTED_KEY_CERT_ID] = {
281 &fip_dev_handle,
282 (uintptr_t)&trusted_key_cert_uuid_spec,
283 open_fip
284 },
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800285 [SOC_FW_KEY_CERT_ID] = {
Jens Wiklander419e0d22015-12-07 14:37:10 +0100286 &fip_dev_handle,
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800287 (uintptr_t)&soc_fw_key_cert_uuid_spec,
Jens Wiklander419e0d22015-12-07 14:37:10 +0100288 open_fip
289 },
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800290 [TRUSTED_OS_FW_KEY_CERT_ID] = {
Jens Wiklander419e0d22015-12-07 14:37:10 +0100291 &fip_dev_handle,
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800292 (uintptr_t)&tos_fw_key_cert_uuid_spec,
Jens Wiklander419e0d22015-12-07 14:37:10 +0100293 open_fip
294 },
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800295 [NON_TRUSTED_FW_KEY_CERT_ID] = {
Jens Wiklander419e0d22015-12-07 14:37:10 +0100296 &fip_dev_handle,
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800297 (uintptr_t)&nt_fw_key_cert_uuid_spec,
Jens Wiklander419e0d22015-12-07 14:37:10 +0100298 open_fip
299 },
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800300 [SOC_FW_CONTENT_CERT_ID] = {
Jens Wiklander419e0d22015-12-07 14:37:10 +0100301 &fip_dev_handle,
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800302 (uintptr_t)&soc_fw_cert_uuid_spec,
Jens Wiklander419e0d22015-12-07 14:37:10 +0100303 open_fip
304 },
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800305 [TRUSTED_OS_FW_CONTENT_CERT_ID] = {
Jens Wiklander419e0d22015-12-07 14:37:10 +0100306 &fip_dev_handle,
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800307 (uintptr_t)&tos_fw_cert_uuid_spec,
Jens Wiklander419e0d22015-12-07 14:37:10 +0100308 open_fip
309 },
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800310 [NON_TRUSTED_FW_CONTENT_CERT_ID] = {
Jens Wiklander419e0d22015-12-07 14:37:10 +0100311 &fip_dev_handle,
Michalis Pappas5cc34b12017-10-18 09:43:37 +0800312 (uintptr_t)&nt_fw_cert_uuid_spec,
Jens Wiklander419e0d22015-12-07 14:37:10 +0100313 open_fip
314 },
315#endif /* TRUSTED_BOARD_BOOT */
316};
317
318static int open_fip(const uintptr_t spec)
319{
320 int result;
321 uintptr_t local_image_handle;
322
323 /* See if a Firmware Image Package is available */
324 result = io_dev_init(fip_dev_handle, (uintptr_t)FIP_IMAGE_ID);
Sumit Garg51857762019-11-14 17:34:56 +0530325 if (result == 0 && spec != (uintptr_t)NULL) {
Jens Wiklander419e0d22015-12-07 14:37:10 +0100326 result = io_open(fip_dev_handle, spec, &local_image_handle);
327 if (result == 0) {
328 VERBOSE("Using FIP\n");
329 io_close(local_image_handle);
330 }
331 }
332 return result;
333}
334
Sumit Garg51857762019-11-14 17:34:56 +0530335#ifndef DECRYPTION_SUPPORT_none
336static int open_enc_fip(const uintptr_t spec)
337{
338 int result;
339 uintptr_t local_image_handle;
340
341 /* See if an encrypted FIP is available */
342 result = io_dev_init(enc_dev_handle, (uintptr_t)ENC_IMAGE_ID);
343 if (result == 0) {
344 result = io_open(enc_dev_handle, spec, &local_image_handle);
345 if (result == 0) {
346 VERBOSE("Using encrypted FIP\n");
347 io_close(local_image_handle);
348 }
349 }
350 return result;
351}
352#endif
353
Jens Wiklander419e0d22015-12-07 14:37:10 +0100354static int open_memmap(const uintptr_t spec)
355{
356 int result;
357 uintptr_t local_image_handle;
358
359 result = io_dev_init(memmap_dev_handle, (uintptr_t)NULL);
360 if (result == 0) {
361 result = io_open(memmap_dev_handle, spec, &local_image_handle);
362 if (result == 0) {
363 VERBOSE("Using Memmap\n");
364 io_close(local_image_handle);
365 }
366 }
367 return result;
368}
369
370static int open_semihosting(const uintptr_t spec)
371{
372 int result;
373 uintptr_t local_image_handle;
374
375 /* See if the file exists on semi-hosting.*/
376 result = io_dev_init(sh_dev_handle, (uintptr_t)NULL);
377 if (result == 0) {
378 result = io_open(sh_dev_handle, spec, &local_image_handle);
379 if (result == 0) {
380 VERBOSE("Using Semi-hosting IO\n");
381 io_close(local_image_handle);
382 }
383 }
384 return result;
385}
386
387void plat_qemu_io_setup(void)
388{
389 int io_result;
390
391 io_result = register_io_dev_fip(&fip_dev_con);
392 assert(io_result == 0);
393
394 io_result = register_io_dev_memmap(&memmap_dev_con);
395 assert(io_result == 0);
396
397 /* Open connections to devices and cache the handles */
398 io_result = io_dev_open(fip_dev_con, (uintptr_t)NULL,
399 &fip_dev_handle);
400 assert(io_result == 0);
401
402 io_result = io_dev_open(memmap_dev_con, (uintptr_t)NULL,
403 &memmap_dev_handle);
404 assert(io_result == 0);
405
Sumit Garg51857762019-11-14 17:34:56 +0530406#ifndef DECRYPTION_SUPPORT_none
407 io_result = register_io_dev_enc(&enc_dev_con);
408 assert(io_result == 0);
409
410 io_result = io_dev_open(enc_dev_con, (uintptr_t)NULL,
411 &enc_dev_handle);
412 assert(io_result == 0);
413#endif
414
Jens Wiklander419e0d22015-12-07 14:37:10 +0100415 /* Register the additional IO devices on this platform */
416 io_result = register_io_dev_sh(&sh_dev_con);
417 assert(io_result == 0);
418
419 /* Open connections to devices and cache the handles */
420 io_result = io_dev_open(sh_dev_con, (uintptr_t)NULL, &sh_dev_handle);
421 assert(io_result == 0);
422
423 /* Ignore improbable errors in release builds */
424 (void)io_result;
425}
426
427static int get_alt_image_source(unsigned int image_id, uintptr_t *dev_handle,
428 uintptr_t *image_spec)
429{
430 int result = open_semihosting((const uintptr_t)&sh_file_spec[image_id]);
431
432 if (result == 0) {
433 *dev_handle = sh_dev_handle;
434 *image_spec = (uintptr_t)&sh_file_spec[image_id];
435 }
436
437 return result;
438}
439
440/*
441 * Return an IO device handle and specification which can be used to access
442 * an image. Use this to enforce platform load policy
443 */
444int plat_get_image_source(unsigned int image_id, uintptr_t *dev_handle,
445 uintptr_t *image_spec)
446{
447 int result;
448 const struct plat_io_policy *policy;
449
450 assert(image_id < ARRAY_SIZE(policies));
451
452 policy = &policies[image_id];
453 result = policy->check(policy->image_spec);
454 if (result == 0) {
455 *image_spec = policy->image_spec;
456 *dev_handle = *(policy->dev_handle);
457 } else {
458 VERBOSE("Trying alternative IO\n");
459 result = get_alt_image_source(image_id, dev_handle, image_spec);
460 }
461
462 return result;
463}