diff options
| -rw-r--r-- | include/lib/optee_utils.h | 15 | ||||
| -rw-r--r-- | include/plat/arm/common/arm_def.h | 17 | ||||
| -rw-r--r-- | lib/optee/optee_utils.c | 217 | ||||
| -rw-r--r-- | plat/arm/board/common/board_css_common.c | 6 | ||||
| -rw-r--r-- | plat/arm/board/juno/include/platform_def.h | 5 | ||||
| -rw-r--r-- | plat/arm/common/aarch64/arm_bl2_mem_params_desc.c | 39 | ||||
| -rw-r--r-- | plat/arm/common/arm_bl2_setup.c | 21 | ||||
| -rw-r--r-- | plat/arm/common/arm_common.mk | 3 |
8 files changed, 320 insertions, 3 deletions
diff --git a/include/lib/optee_utils.h b/include/lib/optee_utils.h new file mode 100644 index 000000000..3d35b190d --- /dev/null +++ b/include/lib/optee_utils.h @@ -0,0 +1,15 @@ +/* + * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ +#ifndef __OPTEE_UTILS_H__ +#define __OPTEE_UTILS_H__ + +#include <bl_common.h> + +int parse_optee_header(entry_point_info_t *header_ep, + image_info_t *pager_image_info, + image_info_t *paged_image_info); + +#endif /* __OPTEE_UTILS_H__ */ diff --git a/include/plat/arm/common/arm_def.h b/include/plat/arm/common/arm_def.h index 5dae30ec7..55747bf4a 100644 --- a/include/plat/arm/common/arm_def.h +++ b/include/plat/arm/common/arm_def.h @@ -95,6 +95,23 @@ #define ARM_TZC_NS_DRAM_S_ACCESS TZC_REGION_S_NONE #endif +#ifdef SPD_opteed +/* + * BL2 needs to map 3.5MB from 512KB offset in TZC_DRAM1 in order to + * load/authenticate the trusted os extra image. The first 512KB of TZC_DRAM1 + * are reserved for trusted os (OPTEE). The extra image loading for OPTEE is + * paged image which only include the paging part using virtual memory but + * without "init" data. OPTEE will copy the "init" data (from pager image) to + * the first 512KB of TZC_DRAM, and then copy the extra image behind the "init" + * data. + */ +#define ARM_OPTEE_PAGEABLE_LOAD_BASE (ARM_AP_TZC_DRAM1_BASE + 0x80000) +#define ARM_OPTEE_PAGEABLE_LOAD_SIZE 0x380000 +#define ARM_OPTEE_PAGEABLE_LOAD_MEM MAP_REGION_FLAT( \ + ARM_OPTEE_PAGEABLE_LOAD_BASE, \ + ARM_OPTEE_PAGEABLE_LOAD_SIZE, \ + MT_MEMORY | MT_RW | MT_SECURE) +#endif /* SPD_opteed */ #define ARM_NS_DRAM1_BASE ARM_DRAM1_BASE #define ARM_NS_DRAM1_SIZE (ARM_DRAM1_SIZE - \ diff --git a/lib/optee/optee_utils.c b/lib/optee/optee_utils.c new file mode 100644 index 000000000..deb948c25 --- /dev/null +++ b/lib/optee/optee_utils.c @@ -0,0 +1,217 @@ +/* + * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <arch_helpers.h> +#include <assert.h> +#include <debug.h> +#include <desc_image_load.h> +#include <errno.h> +#include <optee_utils.h> + +/* + * load_addr_hi and load_addr_lo: image load address. + * image_id: 0 - pager, 1 - paged + * size: image size in bytes. + */ +typedef struct optee_image { + uint32_t load_addr_hi; + uint32_t load_addr_lo; + uint32_t image_id; + uint32_t size; +} optee_image_t; + +#define OPTEE_PAGER_IMAGE_ID 0 +#define OPTEE_PAGED_IMAGE_ID 1 +#define OPTEE_MAX_IMAGE_NUM 2 + +#define TEE_MAGIC_NUM_OPTEE 0x4554504f +/* + * magic: header magic number. + * version: OPTEE header version: + * 1 - not supported + * 2 - supported + * arch: OPTEE os architecture type: 0 - AARCH32, 1 - AARCH64. + * flags: unused currently. + * nb_images: number of images. + */ +typedef struct optee_header { + uint32_t magic; + uint8_t version; + uint8_t arch; + uint16_t flags; + uint32_t nb_images; + optee_image_t optee_image[]; +} optee_header_t; + +/******************************************************************************* + * Check if it is a valid tee header + * Return 1 if valid + * Return 0 if invalid + ******************************************************************************/ +static inline int tee_validate_header(optee_header_t *optee_header) +{ + if ((optee_header->magic == TEE_MAGIC_NUM_OPTEE) && + (optee_header->version == 2) && + (optee_header->nb_images <= OPTEE_MAX_IMAGE_NUM)) { + return 1; + } + + WARN("Not a known TEE, use default loading options.\n"); + return 0; +} + +/******************************************************************************* + * Parse the OPTEE image + * Return 0 on success or a negative error code otherwise. + ******************************************************************************/ +static int parse_optee_image(image_info_t *image_info, + optee_image_t *optee_image) +{ + uintptr_t init_load_addr, free_end, requested_end; + size_t init_size; + + init_load_addr = ((uint64_t)optee_image->load_addr_hi << 32) | + optee_image->load_addr_lo; + init_size = optee_image->size; + + /* + * -1 indicates loader decided address; take our pre-mapped area + * for current image since arm-tf could not allocate memory dynamically + */ + if (init_load_addr == -1) + init_load_addr = image_info->image_base; + + /* Check that the default end address doesn't overflow */ + if (check_uptr_overflow(image_info->image_base, + image_info->image_max_size - 1)) + return -1; + free_end = image_info->image_base + (image_info->image_max_size - 1); + + /* Check that the image end address doesn't overflow */ + if (check_uptr_overflow(init_load_addr, init_size - 1)) + return -1; + requested_end = init_load_addr + (init_size - 1); + /* + * Check that the requested RAM location is within reserved + * space for OPTEE. + */ + if (!((init_load_addr >= image_info->image_base) && + (requested_end <= free_end))) { + WARN("The load address in optee header %p - %p is not in reserved area: %p - %p.\n", + (void *)init_load_addr, + (void *)(init_load_addr + init_size), + (void *)image_info->image_base, + (void *)(image_info->image_base + + image_info->image_max_size)); + return -1; + } + + /* + * Remove the skip attr from image_info, the image will be loaded. + * The default attr in image_info is "IMAGE_ATTRIB_SKIP_LOADING", which + * mean the image will not be loaded. Here, we parse the header image to + * know that the extra image need to be loaded, so remove the skip attr. + */ + image_info->h.attr &= ~IMAGE_ATTRIB_SKIP_LOADING; + + /* Update image base and size of image_info */ + image_info->image_base = init_load_addr; + image_info->image_size = init_size; + + return 0; +} + +/******************************************************************************* + * Parse the OPTEE header + * Return 0 on success or a negative error code otherwise. + ******************************************************************************/ +int parse_optee_header(entry_point_info_t *header_ep, + image_info_t *pager_image_info, + image_info_t *paged_image_info) + +{ + optee_header_t *optee_header; + int num, ret; + + assert(header_ep); + optee_header = (optee_header_t *)header_ep->pc; + assert(optee_header); + + /* + * OPTEE image has 3 types: + * + * 1. Plain OPTEE bin without header. + * Original bin without header, return directly, + * BL32_EXTRA1_IMAGE_ID and BL32_EXTRA2_IMAGE_ID will be skipped. + * + * 2. OPTEE bin with header bin, but no paging. + * Header available and nb_images = 1, remove skip attr for + * BL32_EXTRA1_IMAGE_ID. BL32_EXTRA1_IMAGE_ID will be loaded, + * and BL32_EXTRA2_IMAGE_ID be skipped. + * + * 3. OPTEE image with paging support. + * Header available and nb_images = 2, there are 3 bins: header, + * pager and pageable. Remove skip attr for BL32_EXTRA1_IMAGE_ID + * and BL32_EXTRA2_IMAGE_ID to load pager and paged bin. + */ + if (!tee_validate_header(optee_header)) { + INFO("Invalid OPTEE header, legacy mode.\n"); + /* Set legacy OPTEE runtime arch - aarch64 */ + header_ep->args.arg0 = MODE_RW_64; + return 0; + } + + /* Print the OPTEE header information */ + INFO("OPTEE ep=0x%x\n", (unsigned int)header_ep->pc); + INFO("OPTEE header info:\n"); + INFO(" magic=0x%x\n", optee_header->magic); + INFO(" version=0x%x\n", optee_header->version); + INFO(" arch=0x%x\n", optee_header->arch); + INFO(" flags=0x%x\n", optee_header->flags); + INFO(" nb_images=0x%x\n", optee_header->nb_images); + + /* Parse OPTEE image */ + for (num = 0; num < optee_header->nb_images; num++) { + if (optee_header->optee_image[num].image_id == + OPTEE_PAGER_IMAGE_ID) { + ret = parse_optee_image(pager_image_info, + &optee_header->optee_image[num]); + } else if (optee_header->optee_image[num].image_id == + OPTEE_PAGED_IMAGE_ID) { + ret = parse_optee_image(paged_image_info, + &optee_header->optee_image[num]); + } else { + ERROR("Parse optee image failed.\n"); + return -1; + } + + if (ret != 0) + return -1; + } + + /* + * Update "pc" value which should comes from pager image. After the + * header image is parsed, it will be unuseful, and the actual + * execution image after BL31 is pager image. + */ + header_ep->pc = pager_image_info->image_base; + + /* + * The paged load address and size are populated in + * header image arguments so that can be read by the + * BL32 SPD. + */ + header_ep->args.arg1 = paged_image_info->image_base; + header_ep->args.arg2 = paged_image_info->image_size; + + /* Set OPTEE runtime arch - aarch32/aarch64 */ + if (optee_header->arch == 0) + header_ep->args.arg0 = MODE_RW_32; + else + header_ep->args.arg0 = MODE_RW_64; + + return 0; +} diff --git a/plat/arm/board/common/board_css_common.c b/plat/arm/board/common/board_css_common.c index f6a554f32..139a3af84 100644 --- a/plat/arm/board/common/board_css_common.c +++ b/plat/arm/board/common/board_css_common.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2016, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -34,6 +34,9 @@ const mmap_region_t plat_arm_mmap[] = { SOC_CSS_MAP_DEVICE, ARM_MAP_NS_DRAM1, ARM_MAP_TSP_SEC_MEM, +#ifdef SPD_opteed + ARM_OPTEE_PAGEABLE_LOAD_MEM, +#endif {0} }; #endif @@ -76,4 +79,3 @@ const mmap_region_t plat_arm_mmap[] = { #endif ARM_CASSERT_MMAP - diff --git a/plat/arm/board/juno/include/platform_def.h b/plat/arm/board/juno/include/platform_def.h index 46afb71e5..9452883e7 100644 --- a/plat/arm/board/juno/include/platform_def.h +++ b/plat/arm/board/juno/include/platform_def.h @@ -67,9 +67,14 @@ #endif #ifdef IMAGE_BL2 +#ifdef SPD_opteed +# define PLAT_ARM_MMAP_ENTRIES 9 +# define MAX_XLAT_TABLES 4 +#else # define PLAT_ARM_MMAP_ENTRIES 8 # define MAX_XLAT_TABLES 3 #endif +#endif #ifdef IMAGE_BL2U # define PLAT_ARM_MMAP_ENTRIES 4 diff --git a/plat/arm/common/aarch64/arm_bl2_mem_params_desc.c b/plat/arm/common/aarch64/arm_bl2_mem_params_desc.c index a60d53336..4376119ad 100644 --- a/plat/arm/common/aarch64/arm_bl2_mem_params_desc.c +++ b/plat/arm/common/aarch64/arm_bl2_mem_params_desc.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -99,6 +99,43 @@ static bl_mem_params_node_t bl2_mem_params_descs[] = { .next_handoff_image_id = BL33_IMAGE_ID, }, + + /* + * Fill BL32 external 1 related information. + * A typical use for extra1 image is with OP-TEE where it is the pager image. + */ + { + .image_id = BL32_EXTRA1_IMAGE_ID, + + SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP, + VERSION_2, entry_point_info_t, SECURE | NON_EXECUTABLE), + + SET_STATIC_PARAM_HEAD(image_info, PARAM_EP, + VERSION_2, image_info_t, IMAGE_ATTRIB_SKIP_LOADING), + .image_info.image_base = BL32_BASE, + .image_info.image_max_size = BL32_LIMIT - BL32_BASE, + + .next_handoff_image_id = INVALID_IMAGE_ID, + }, + + /* + * Fill BL32 external 2 related information. + * A typical use for extra2 image is with OP-TEE where it is the paged image. + */ + { + .image_id = BL32_EXTRA2_IMAGE_ID, + + SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP, + VERSION_2, entry_point_info_t, SECURE | NON_EXECUTABLE), + + SET_STATIC_PARAM_HEAD(image_info, PARAM_EP, + VERSION_2, image_info_t, IMAGE_ATTRIB_SKIP_LOADING), +#ifdef SPD_opteed + .image_info.image_base = ARM_OPTEE_PAGEABLE_LOAD_BASE, + .image_info.image_max_size = ARM_OPTEE_PAGEABLE_LOAD_SIZE, +#endif + .next_handoff_image_id = INVALID_IMAGE_ID, + }, # endif /* BL32_BASE */ /* Fill BL33 related information */ diff --git a/plat/arm/common/arm_bl2_setup.c b/plat/arm/common/arm_bl2_setup.c index b7621b853..9182bd128 100644 --- a/plat/arm/common/arm_bl2_setup.c +++ b/plat/arm/common/arm_bl2_setup.c @@ -11,6 +11,9 @@ #include <console.h> #include <debug.h> #include <desc_image_load.h> +#ifdef SPD_opteed +#include <optee_utils.h> +#endif #include <plat_arm.h> #include <platform.h> #include <platform_def.h> @@ -230,11 +233,29 @@ int arm_bl2_handle_post_image_load(unsigned int image_id) { int err = 0; bl_mem_params_node_t *bl_mem_params = get_bl_mem_params_node(image_id); +#ifdef SPD_opteed + bl_mem_params_node_t *pager_mem_params = NULL; + bl_mem_params_node_t *paged_mem_params = NULL; +#endif assert(bl_mem_params); switch (image_id) { #ifdef AARCH64 case BL32_IMAGE_ID: +#ifdef SPD_opteed + pager_mem_params = get_bl_mem_params_node(BL32_EXTRA1_IMAGE_ID); + assert(pager_mem_params); + + paged_mem_params = get_bl_mem_params_node(BL32_EXTRA2_IMAGE_ID); + assert(paged_mem_params); + + err = parse_optee_header(&bl_mem_params->ep_info, + &pager_mem_params->image_info, + &paged_mem_params->image_info); + if (err != 0) { + WARN("OPTEE header parse error.\n"); + } +#endif bl_mem_params->ep_info.spsr = arm_get_spsr_for_bl32_entry(); break; #endif diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk index 807a1f832..20372c203 100644 --- a/plat/arm/common/arm_common.mk +++ b/plat/arm/common/arm_common.mk @@ -154,6 +154,9 @@ BL2_SOURCES += plat/arm/common/${ARCH}/arm_bl2_mem_params_desc.c endif BL2_SOURCES += plat/arm/common/arm_image_load.c \ common/desc_image_load.c +ifeq (${SPD},opteed) +BL2_SOURCES += lib/optee/optee_utils.c +endif endif BL2U_SOURCES += plat/arm/common/arm_bl2u_setup.c |