[U-Boot] [PATCH v2] armv8: sec_firmware: Add support for multiple loadables

Sumit Garg sumit.garg at nxp.com
Mon Apr 23 21:53:28 UTC 2018


Enable support for multiple loadable images in SEC firmware FIT image.
Also add example "sec_firmware_ppa.its" file.

Signed-off-by: Sumit Garg <sumit.garg at nxp.com>
---

Changes in v2:
Added example "sec_firmware_ppa.its" file. Also added printf instead of
debug in case of error scenario.

 arch/arm/cpu/armv8/sec_firmware.c   | 53 +++++++++++++++++++++++++++++--------
 doc/uImage.FIT/sec_firmware_ppa.its | 49 ++++++++++++++++++++++++++++++++++
 2 files changed, 91 insertions(+), 11 deletions(-)
 create mode 100644 doc/uImage.FIT/sec_firmware_ppa.its

diff --git a/arch/arm/cpu/armv8/sec_firmware.c b/arch/arm/cpu/armv8/sec_firmware.c
index b56ea78..040bf88 100644
--- a/arch/arm/cpu/armv8/sec_firmware.c
+++ b/arch/arm/cpu/armv8/sec_firmware.c
@@ -116,25 +116,48 @@ static int sec_firmware_check_copy_loadable(const void *sec_firmware_img,
 					    u32 *loadable_l, u32 *loadable_h)
 {
 	phys_addr_t sec_firmware_loadable_addr = 0;
-	int conf_node_off, ld_node_off;
+	int conf_node_off, ld_node_off, images;
 	char *conf_node_name = NULL;
 	const void *data;
 	size_t size;
 	ulong load;
+	const char *name, *str, *type;
+	int len;
 
 	conf_node_name = SEC_FIRMEWARE_FIT_CNF_NAME;
 
 	conf_node_off = fit_conf_get_node(sec_firmware_img, conf_node_name);
 	if (conf_node_off < 0) {
 		printf("SEC Firmware: %s: no such config\n", conf_node_name);
-	return -ENOENT;
+		return -ENOENT;
+	}
+
+	/* find the node holding the images information */
+	images = fdt_path_offset(sec_firmware_img, FIT_IMAGES_PATH);
+	if (images < 0) {
+		printf("%s: Cannot find /images node: %d\n", __func__, images);
+		return -1;
+	}
+
+	type = FIT_LOADABLE_PROP;
+
+	name = fdt_getprop(sec_firmware_img, conf_node_off, type, &len);
+	if (!name) {
+		/* Loadables not present */
+		return 0;
 	}
 
-	ld_node_off = fit_conf_get_prop_node(sec_firmware_img, conf_node_off,
-					     FIT_LOADABLE_PROP);
-	if (ld_node_off >= 0) {
-		printf("SEC Firmware: '%s' present in config\n",
-		       FIT_LOADABLE_PROP);
+	printf("SEC Firmware: '%s' present in config\n", type);
+
+	for (str = name; str && ((str - name) < len);
+	     str = strchr(str, '\0') + 1) {
+		printf("%s: '%s'\n", type, str);
+		ld_node_off = fdt_subnode_offset(sec_firmware_img, images, str);
+		if (ld_node_off < 0) {
+			printf("cannot find image node '%s': %d\n", str,
+			       ld_node_off);
+			return -EINVAL;
+		}
 
 		/* Verify secure firmware image */
 		if (!(fit_image_verify(sec_firmware_img, ld_node_off))) {
@@ -164,11 +187,19 @@ static int sec_firmware_check_copy_loadable(const void *sec_firmware_img,
 		memcpy((void *)sec_firmware_loadable_addr, data, size);
 		flush_dcache_range(sec_firmware_loadable_addr,
 				   sec_firmware_loadable_addr + size);
-	}
 
-	/* Populate address ptrs for loadable image with loadbale addr */
-	out_le32(loadable_l, (sec_firmware_loadable_addr & WORD_MASK));
-	out_le32(loadable_h, (sec_firmware_loadable_addr >> WORD_SHIFT));
+		/* Populate loadable address only for Trusted OS */
+		if (!strcmp(str, "trustedOS at 1")) {
+			/*
+			 * Populate address ptrs for loadable image with
+			 * loadbale addr
+			 */
+			out_le32(loadable_l, (sec_firmware_loadable_addr &
+					      WORD_MASK));
+			out_le32(loadable_h, (sec_firmware_loadable_addr >>
+					      WORD_SHIFT));
+		}
+	}
 
 	return 0;
 }
diff --git a/doc/uImage.FIT/sec_firmware_ppa.its b/doc/uImage.FIT/sec_firmware_ppa.its
new file mode 100644
index 0000000..a7acde1
--- /dev/null
+++ b/doc/uImage.FIT/sec_firmware_ppa.its
@@ -0,0 +1,49 @@
+/dts-v1/;
+
+/*
+ * Example FIT image description file demonstrating the usage
+ * of SEC Firmware and multiple loadable images loaded by the u-boot.
+ * For booting PPA (SEC Firmware), "firmware" is searched and loaded.
+ *
+ * Multiple binaries will be loaded as "loadables" (if present) at their
+ * respective load offsets from firmware image address.
+ */
+
+/{
+	description = "PPA Firmware";
+	#address-cells = <1>;
+	images {
+		firmware at 1 {
+			description = "PPA Firmware: <version>";
+			data = /incbin/("../obj/monitor.bin");
+			type = "firmware";
+			arch = "arm64";
+			compression = "none";
+		};
+		trustedOS at 1 {
+			description = "Trusted OS";
+			data = /incbin/("../../tee.bin");
+			type = "OS";
+			arch = "arm64";
+			compression = "none";
+			load = <0x00200000>;
+		};
+		fuse_scr {
+			description = "Fuse Script";
+			data = /incbin/("../../fuse_scr.bin");
+			type = "firmware";
+			arch = "arm64";
+			compression = "none";
+			load = <0x00180000>;
+		};
+	};
+
+	configurations {
+		default = "config-1";
+		config-1 {
+			description = "PPA Secure firmware";
+			firmware = "firmware at 1";
+			loadables = "trustedOS at 1", "fuse_scr";
+		};
+	};
+};
-- 
1.9.1



More information about the U-Boot mailing list