[U-Boot] [PATCH v2] armv8: sec_firmware: Add support for multiple loadables
Sumit Garg
sumit.garg at nxp.com
Mon Apr 23 21:53:28 UTC 2018
Enable support for multiple loadable images in SEC firmware FIT image.
Also add example "sec_firmware_ppa.its" file.
Signed-off-by: Sumit Garg <sumit.garg at nxp.com>
---
Changes in v2:
Added example "sec_firmware_ppa.its" file. Also added printf instead of
debug in case of error scenario.
arch/arm/cpu/armv8/sec_firmware.c | 53 +++++++++++++++++++++++++++++--------
doc/uImage.FIT/sec_firmware_ppa.its | 49 ++++++++++++++++++++++++++++++++++
2 files changed, 91 insertions(+), 11 deletions(-)
create mode 100644 doc/uImage.FIT/sec_firmware_ppa.its
diff --git a/arch/arm/cpu/armv8/sec_firmware.c b/arch/arm/cpu/armv8/sec_firmware.c
index b56ea78..040bf88 100644
--- a/arch/arm/cpu/armv8/sec_firmware.c
+++ b/arch/arm/cpu/armv8/sec_firmware.c
@@ -116,25 +116,48 @@ static int sec_firmware_check_copy_loadable(const void *sec_firmware_img,
u32 *loadable_l, u32 *loadable_h)
{
phys_addr_t sec_firmware_loadable_addr = 0;
- int conf_node_off, ld_node_off;
+ int conf_node_off, ld_node_off, images;
char *conf_node_name = NULL;
const void *data;
size_t size;
ulong load;
+ const char *name, *str, *type;
+ int len;
conf_node_name = SEC_FIRMEWARE_FIT_CNF_NAME;
conf_node_off = fit_conf_get_node(sec_firmware_img, conf_node_name);
if (conf_node_off < 0) {
printf("SEC Firmware: %s: no such config\n", conf_node_name);
- return -ENOENT;
+ return -ENOENT;
+ }
+
+ /* find the node holding the images information */
+ images = fdt_path_offset(sec_firmware_img, FIT_IMAGES_PATH);
+ if (images < 0) {
+ printf("%s: Cannot find /images node: %d\n", __func__, images);
+ return -1;
+ }
+
+ type = FIT_LOADABLE_PROP;
+
+ name = fdt_getprop(sec_firmware_img, conf_node_off, type, &len);
+ if (!name) {
+ /* Loadables not present */
+ return 0;
}
- ld_node_off = fit_conf_get_prop_node(sec_firmware_img, conf_node_off,
- FIT_LOADABLE_PROP);
- if (ld_node_off >= 0) {
- printf("SEC Firmware: '%s' present in config\n",
- FIT_LOADABLE_PROP);
+ printf("SEC Firmware: '%s' present in config\n", type);
+
+ for (str = name; str && ((str - name) < len);
+ str = strchr(str, '\0') + 1) {
+ printf("%s: '%s'\n", type, str);
+ ld_node_off = fdt_subnode_offset(sec_firmware_img, images, str);
+ if (ld_node_off < 0) {
+ printf("cannot find image node '%s': %d\n", str,
+ ld_node_off);
+ return -EINVAL;
+ }
/* Verify secure firmware image */
if (!(fit_image_verify(sec_firmware_img, ld_node_off))) {
@@ -164,11 +187,19 @@ static int sec_firmware_check_copy_loadable(const void *sec_firmware_img,
memcpy((void *)sec_firmware_loadable_addr, data, size);
flush_dcache_range(sec_firmware_loadable_addr,
sec_firmware_loadable_addr + size);
- }
- /* Populate address ptrs for loadable image with loadbale addr */
- out_le32(loadable_l, (sec_firmware_loadable_addr & WORD_MASK));
- out_le32(loadable_h, (sec_firmware_loadable_addr >> WORD_SHIFT));
+ /* Populate loadable address only for Trusted OS */
+ if (!strcmp(str, "trustedOS at 1")) {
+ /*
+ * Populate address ptrs for loadable image with
+ * loadbale addr
+ */
+ out_le32(loadable_l, (sec_firmware_loadable_addr &
+ WORD_MASK));
+ out_le32(loadable_h, (sec_firmware_loadable_addr >>
+ WORD_SHIFT));
+ }
+ }
return 0;
}
diff --git a/doc/uImage.FIT/sec_firmware_ppa.its b/doc/uImage.FIT/sec_firmware_ppa.its
new file mode 100644
index 0000000..a7acde1
--- /dev/null
+++ b/doc/uImage.FIT/sec_firmware_ppa.its
@@ -0,0 +1,49 @@
+/dts-v1/;
+
+/*
+ * Example FIT image description file demonstrating the usage
+ * of SEC Firmware and multiple loadable images loaded by the u-boot.
+ * For booting PPA (SEC Firmware), "firmware" is searched and loaded.
+ *
+ * Multiple binaries will be loaded as "loadables" (if present) at their
+ * respective load offsets from firmware image address.
+ */
+
+/{
+ description = "PPA Firmware";
+ #address-cells = <1>;
+ images {
+ firmware at 1 {
+ description = "PPA Firmware: <version>";
+ data = /incbin/("../obj/monitor.bin");
+ type = "firmware";
+ arch = "arm64";
+ compression = "none";
+ };
+ trustedOS at 1 {
+ description = "Trusted OS";
+ data = /incbin/("../../tee.bin");
+ type = "OS";
+ arch = "arm64";
+ compression = "none";
+ load = <0x00200000>;
+ };
+ fuse_scr {
+ description = "Fuse Script";
+ data = /incbin/("../../fuse_scr.bin");
+ type = "firmware";
+ arch = "arm64";
+ compression = "none";
+ load = <0x00180000>;
+ };
+ };
+
+ configurations {
+ default = "config-1";
+ config-1 {
+ description = "PPA Secure firmware";
+ firmware = "firmware at 1";
+ loadables = "trustedOS at 1", "fuse_scr";
+ };
+ };
+};
--
1.9.1
More information about the U-Boot
mailing list