From patchwork Sun Oct 6 18:10:21 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Heiko Stuebner X-Patchwork-Id: 1172566 X-Patchwork-Delegate: ykai007@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=sntech.de Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 46mWrc0zHTz9sPW for ; Mon, 7 Oct 2019 05:11:11 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id B7DDDC21F19; Sun, 6 Oct 2019 18:10:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id EF5EAC21ECC; Sun, 6 Oct 2019 18:10:37 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 40BAFC21C27; Sun, 6 Oct 2019 18:10:36 +0000 (UTC) Received: from gloria.sntech.de (gloria.sntech.de [185.11.138.130]) by lists.denx.de (Postfix) with ESMTPS id CF3A1C21C27 for ; Sun, 6 Oct 2019 18:10:35 +0000 (UTC) Received: from p57b777a5.dip0.t-ipconnect.de ([87.183.119.165] helo=phil.fritz.box) by gloria.sntech.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iHAzH-0007Hn-0G; Sun, 06 Oct 2019 20:10:31 +0200 From: Heiko Stuebner To: u-boot@lists.denx.de Date: Sun, 6 Oct 2019 20:10:21 +0200 Message-Id: <20191006181022.2513-1-heiko@sntech.de> X-Mailer: git-send-email 2.23.0 MIME-Version: 1.0 Cc: christoph.muellner@theobroma-systems.com Subject: [U-Boot] [PATCH v2 1/2] rockchip: make_fit_atf.py: allow inclusion of a tee binary X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" A trusted execution environment should also get loaded as loadable from a fit image, so add the possibility to present a tee.elf to make_fit_atf.py that then gets included as additional loadable into the generated its. For ease of integration the additional loadable is created as atf_(x+1) after all others to re-use core generation loops. Tested against the combinations of 1-part-atf and multi-part-atf each time with and without a tee binary present. Signed-off-by: Heiko Stuebner Reviewed-by: Kever Yang --- changes in v2: none arch/arm/mach-rockchip/make_fit_atf.py | 52 +++++++++++++++++++++++--- 1 file changed, 46 insertions(+), 6 deletions(-) diff --git a/arch/arm/mach-rockchip/make_fit_atf.py b/arch/arm/mach-rockchip/make_fit_atf.py index 585edcf9d5..3c045a5e17 100755 --- a/arch/arm/mach-rockchip/make_fit_atf.py +++ b/arch/arm/mach-rockchip/make_fit_atf.py @@ -63,6 +63,21 @@ def append_bl31_node(file, atf_index, phy_addr, elf_entry): file.write('\t\t};\n') file.write('\n') +def append_tee_node(file, atf_index, phy_addr, elf_entry): + # Append TEE DT node to input FIT dts file. + data = 'tee_0x%08x.bin' % phy_addr + file.write('\t\tatf_%d {\n' % atf_index) + file.write('\t\t\tdescription = \"TEE\";\n') + file.write('\t\t\tdata = /incbin/("%s");\n' % data) + file.write('\t\t\ttype = "tee";\n') + file.write('\t\t\tarch = "arm64";\n') + file.write('\t\t\tos = "tee";\n') + file.write('\t\t\tcompression = "none";\n') + file.write('\t\t\tload = <0x%08x>;\n' % phy_addr) + file.write('\t\t\tentry = <0x%08x>;\n' % elf_entry) + file.write('\t\t};\n') + file.write('\n') + def append_fdt_node(file, dtbs): # Append FDT nodes. cnt = 1 @@ -115,15 +130,23 @@ def generate_atf_fit_dts_uboot(fit_file, uboot_file_name): index, entry, p_paddr, data = segments[0] fit_file.write(DT_UBOOT % p_paddr) -def generate_atf_fit_dts_bl31(fit_file, bl31_file_name, dtbs_file_name): +def generate_atf_fit_dts_bl31(fit_file, bl31_file_name, tee_file_name, dtbs_file_name): segments = unpack_elf(bl31_file_name) for index, entry, paddr, data in segments: append_bl31_node(fit_file, index + 1, paddr, entry) + num_segments = len(segments) + + if tee_file_name: + tee_segments = unpack_elf(tee_file_name) + for index, entry, paddr, data in tee_segments: + append_tee_node(fit_file, num_segments + index + 1, paddr, entry) + num_segments = num_segments + len(tee_segments) + append_fdt_node(fit_file, dtbs_file_name) fit_file.write(DT_IMAGES_NODE_END) - append_conf_node(fit_file, dtbs_file_name, len(segments)) + append_conf_node(fit_file, dtbs_file_name, num_segments) -def generate_atf_fit_dts(fit_file_name, bl31_file_name, uboot_file_name, dtbs_file_name): +def generate_atf_fit_dts(fit_file_name, bl31_file_name, tee_file_name, uboot_file_name, dtbs_file_name): # Generate FIT script for ATF image. if fit_file_name != sys.stdout: fit_file = open(fit_file_name, "wb") @@ -132,7 +155,7 @@ def generate_atf_fit_dts(fit_file_name, bl31_file_name, uboot_file_name, dtbs_fi fit_file.write(DT_HEADER) generate_atf_fit_dts_uboot(fit_file, uboot_file_name) - generate_atf_fit_dts_bl31(fit_file, bl31_file_name, dtbs_file_name) + generate_atf_fit_dts_bl31(fit_file, bl31_file_name, tee_file_name, dtbs_file_name) fit_file.write(DT_END) if fit_file_name != sys.stdout: @@ -144,6 +167,13 @@ def generate_atf_binary(bl31_file_name): with open(file_name, "wb") as atf: atf.write(data) +def generate_tee_binary(tee_file_name): + if tee_file_name: + for index, entry, paddr, data in unpack_elf(tee_file_name): + file_name = 'tee_0x%08x.bin' % paddr + with open(file_name, "wb") as atf: + atf.write(data) + def unpack_elf(filename): with open(filename, 'rb') as file: elf = file.read() @@ -178,7 +208,14 @@ def main(): logging.warning(' BL31 file bl31.elf NOT found, resulting binary is non-functional') logging.warning(' Please read Building section in doc/README.rockchip') - opts, args = getopt.getopt(sys.argv[1:], "o:u:b:h") + if "TEE" in os.environ: + tee_elf = os.getenv("TEE") + elif os.path.isfile("./tee.elf"): + tee_elf = "./tee.elf" + else: + tee_elf = "" + + opts, args = getopt.getopt(sys.argv[1:], "o:u:b:t:h") for opt, val in opts: if opt == "-o": fit_its = val @@ -186,14 +223,17 @@ def main(): uboot_elf = val elif opt == "-b": bl31_elf = val + elif opt == "-t": + tee_elf = val elif opt == "-h": print(__doc__) sys.exit(2) dtbs = args - generate_atf_fit_dts(fit_its, bl31_elf, uboot_elf, dtbs) + generate_atf_fit_dts(fit_its, bl31_elf, tee_elf, uboot_elf, dtbs) generate_atf_binary(bl31_elf) + generate_tee_binary(tee_elf) if __name__ == "__main__": main() From patchwork Sun Oct 6 18:10:22 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Heiko Stuebner X-Patchwork-Id: 1172565 X-Patchwork-Delegate: ykai007@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=sntech.de Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 46mWr41DdCz9sPd for ; Mon, 7 Oct 2019 05:10:42 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 6C7EDC21F01; Sun, 6 Oct 2019 18:10:39 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 625D0C21D56; Sun, 6 Oct 2019 18:10:37 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 367F4C21DD7; Sun, 6 Oct 2019 18:10:36 +0000 (UTC) Received: from gloria.sntech.de (gloria.sntech.de [185.11.138.130]) by lists.denx.de (Postfix) with ESMTPS id D1EACC21D56 for ; Sun, 6 Oct 2019 18:10:35 +0000 (UTC) Received: from p57b777a5.dip0.t-ipconnect.de ([87.183.119.165] helo=phil.fritz.box) by gloria.sntech.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iHAzH-0007Hn-9r; Sun, 06 Oct 2019 20:10:31 +0200 From: Heiko Stuebner To: u-boot@lists.denx.de Date: Sun, 6 Oct 2019 20:10:22 +0200 Message-Id: <20191006181022.2513-2-heiko@sntech.de> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191006181022.2513-1-heiko@sntech.de> References: <20191006181022.2513-1-heiko@sntech.de> MIME-Version: 1.0 Cc: christoph.muellner@theobroma-systems.com, Joseph Chen Subject: [U-Boot] [PATCH v2 2/2] common: spl: atf: support booting bl32 image X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" From: Joseph Chen Trusted-Firmware can also initialize a secure payload to use as a trusted execution environment. In general for the arm64 case this is provided as separate image and uboot is supposed to also place it in a predetermined location in memory and add the necessary parameters to the ATF boot params. So add the possibility to get this tee payload from the provided FIT image and setup things as necessary. Tested on a Rockchip PX30 with mainline TF-A, mainline OP-Tee (with pending PX30 support) and mainline 5.4-rc1 Linux kernel. Signed-off-by: Joseph Chen Signed-off-by: Heiko Stuebner Reviewed-by: Kever Yang --- changes in v2: set fdt address as param for tee common/spl/spl_atf.c | 49 +++++++++++++++++++++++++++++++------------- 1 file changed, 35 insertions(+), 14 deletions(-) diff --git a/common/spl/spl_atf.c b/common/spl/spl_atf.c index 4715f9d371..7a46ed6e6d 100644 --- a/common/spl/spl_atf.c +++ b/common/spl/spl_atf.c @@ -30,8 +30,11 @@ static struct bl31_params *bl2_to_bl31_params; * * @return bl31 params structure pointer */ -static struct bl31_params *bl2_plat_get_bl31_params(uintptr_t bl33_entry) +static struct bl31_params *bl2_plat_get_bl31_params(uintptr_t bl32_entry, + uintptr_t bl33_entry, + uintptr_t fdt_addr) { + struct entry_point_info *bl32_ep_info; struct entry_point_info *bl33_ep_info; /* @@ -49,16 +52,22 @@ static struct bl31_params *bl2_plat_get_bl31_params(uintptr_t bl33_entry) SET_PARAM_HEAD(bl2_to_bl31_params->bl31_image_info, ATF_PARAM_IMAGE_BINARY, ATF_VERSION_1, 0); - /* Fill BL32 related information if it exists */ + + /* Fill BL32 related information */ bl2_to_bl31_params->bl32_ep_info = &bl31_params_mem.bl32_ep_info; - SET_PARAM_HEAD(bl2_to_bl31_params->bl32_ep_info, ATF_PARAM_EP, - ATF_VERSION_1, 0); + bl32_ep_info = &bl31_params_mem.bl32_ep_info; + SET_PARAM_HEAD(bl32_ep_info, ATF_PARAM_EP, ATF_VERSION_1, + ATF_EP_SECURE); + + /* secure payload is optional, so set pc to 0 if absent */ + bl32_ep_info->args.arg3 = fdt_addr; + bl32_ep_info->pc = bl32_entry ? bl32_entry : 0; + bl32_ep_info->spsr = SPSR_64(MODE_EL1, MODE_SP_ELX, + DISABLE_ALL_EXECPTIONS); + bl2_to_bl31_params->bl32_image_info = &bl31_params_mem.bl32_image_info; SET_PARAM_HEAD(bl2_to_bl31_params->bl32_image_info, ATF_PARAM_IMAGE_BINARY, ATF_VERSION_1, 0); -#ifndef BL32_BASE - bl2_to_bl31_params->bl32_ep_info->pc = 0; -#endif /* BL32_BASE */ /* Fill BL33 related information */ bl2_to_bl31_params->bl33_ep_info = &bl31_params_mem.bl33_ep_info; @@ -86,13 +95,14 @@ static inline void raw_write_daif(unsigned int daif) typedef void (*atf_entry_t)(struct bl31_params *params, void *plat_params); -static void bl31_entry(uintptr_t bl31_entry, uintptr_t bl33_entry, - uintptr_t fdt_addr) +static void bl31_entry(uintptr_t bl31_entry, uintptr_t bl32_entry, + uintptr_t bl33_entry, uintptr_t fdt_addr) { struct bl31_params *bl31_params; atf_entry_t atf_entry = (atf_entry_t)bl31_entry; - bl31_params = bl2_plat_get_bl31_params(bl33_entry); + bl31_params = bl2_plat_get_bl31_params(bl32_entry, bl33_entry, + fdt_addr); raw_write_daif(SPSR_EXCEPTION_MASK); dcache_disable(); @@ -100,7 +110,7 @@ static void bl31_entry(uintptr_t bl31_entry, uintptr_t bl33_entry, atf_entry((void *)bl31_params, (void *)fdt_addr); } -static int spl_fit_images_find_uboot(void *blob) +static int spl_fit_images_find(void *blob, int os) { int parent, node, ndepth; const void *data; @@ -122,7 +132,7 @@ static int spl_fit_images_find_uboot(void *blob) if (!data) continue; - if (genimg_get_os_id(data) == IH_OS_U_BOOT) + if (genimg_get_os_id(data) == os) return node; }; @@ -143,11 +153,21 @@ uintptr_t spl_fit_images_get_entry(void *blob, int node) void spl_invoke_atf(struct spl_image_info *spl_image) { + uintptr_t bl32_entry = 0; uintptr_t bl33_entry = CONFIG_SYS_TEXT_BASE; void *blob = spl_image->fdt_addr; uintptr_t platform_param = (uintptr_t)blob; int node; + /* + * Find the OP-TEE binary (in /fit-images) load address or + * entry point (if different) and pass it as the BL3-2 entry + * point, this is optional. + */ + node = spl_fit_images_find(blob, IH_OS_TEE); + if (node >= 0) + bl32_entry = spl_fit_images_get_entry(blob, node); + /* * Find the U-Boot binary (in /fit-images) load addreess or * entry point (if different) and pass it as the BL3-3 entry @@ -155,7 +175,7 @@ void spl_invoke_atf(struct spl_image_info *spl_image) * This will need to be extended to support Falcon mode. */ - node = spl_fit_images_find_uboot(blob); + node = spl_fit_images_find(blob, IH_OS_U_BOOT); if (node >= 0) bl33_entry = spl_fit_images_get_entry(blob, node); @@ -172,5 +192,6 @@ void spl_invoke_atf(struct spl_image_info *spl_image) * We don't provide a BL3-2 entry yet, but this will be possible * using similar logic. */ - bl31_entry(spl_image->entry_point, bl33_entry, platform_param); + bl31_entry(spl_image->entry_point, bl32_entry, + bl33_entry, platform_param); }