Message ID | 20191006181022.2513-2-heiko@sntech.de |
---|---|
State | Accepted |
Delegated to: | Kever Yang |
Headers | show |
Series | [U-Boot,v2,1/2] rockchip: make_fit_atf.py: allow inclusion of a tee binary | expand |
On 2019/10/7 上午2:10, Heiko Stuebner wrote: > From: Joseph Chen <chenjh@rock-chips.com> > > Trusted-Firmware can also initialize a secure payload to use as a trusted > execution environment. In general for the arm64 case this is provided as > separate image and uboot is supposed to also place it in a predetermined > location in memory and add the necessary parameters to the ATF boot params. > > So add the possibility to get this tee payload from the provided FIT image > and setup things as necessary. > > Tested on a Rockchip PX30 with mainline TF-A, mainline OP-Tee (with pending > PX30 support) and mainline 5.4-rc1 Linux kernel. > > Signed-off-by: Joseph Chen <chenjh@rock-chips.com> > Signed-off-by: Heiko Stuebner <heiko@sntech.de> Reviewed-by: Kever Yang<kever.yang@rock-chips.com> Thanks, - Kever > --- > changes in v2: set fdt address as param for tee > > common/spl/spl_atf.c | 49 +++++++++++++++++++++++++++++++------------- > 1 file changed, 35 insertions(+), 14 deletions(-) > > diff --git a/common/spl/spl_atf.c b/common/spl/spl_atf.c > index 4715f9d371..7a46ed6e6d 100644 > --- a/common/spl/spl_atf.c > +++ b/common/spl/spl_atf.c > @@ -30,8 +30,11 @@ static struct bl31_params *bl2_to_bl31_params; > * > * @return bl31 params structure pointer > */ > -static struct bl31_params *bl2_plat_get_bl31_params(uintptr_t bl33_entry) > +static struct bl31_params *bl2_plat_get_bl31_params(uintptr_t bl32_entry, > + uintptr_t bl33_entry, > + uintptr_t fdt_addr) > { > + struct entry_point_info *bl32_ep_info; > struct entry_point_info *bl33_ep_info; > > /* > @@ -49,16 +52,22 @@ static struct bl31_params *bl2_plat_get_bl31_params(uintptr_t bl33_entry) > SET_PARAM_HEAD(bl2_to_bl31_params->bl31_image_info, > ATF_PARAM_IMAGE_BINARY, ATF_VERSION_1, 0); > > - /* Fill BL32 related information if it exists */ > + > + /* Fill BL32 related information */ > bl2_to_bl31_params->bl32_ep_info = &bl31_params_mem.bl32_ep_info; > - SET_PARAM_HEAD(bl2_to_bl31_params->bl32_ep_info, ATF_PARAM_EP, > - ATF_VERSION_1, 0); > + bl32_ep_info = &bl31_params_mem.bl32_ep_info; > + SET_PARAM_HEAD(bl32_ep_info, ATF_PARAM_EP, ATF_VERSION_1, > + ATF_EP_SECURE); > + > + /* secure payload is optional, so set pc to 0 if absent */ > + bl32_ep_info->args.arg3 = fdt_addr; > + bl32_ep_info->pc = bl32_entry ? bl32_entry : 0; > + bl32_ep_info->spsr = SPSR_64(MODE_EL1, MODE_SP_ELX, > + DISABLE_ALL_EXECPTIONS); > + > bl2_to_bl31_params->bl32_image_info = &bl31_params_mem.bl32_image_info; > SET_PARAM_HEAD(bl2_to_bl31_params->bl32_image_info, > ATF_PARAM_IMAGE_BINARY, ATF_VERSION_1, 0); > -#ifndef BL32_BASE > - bl2_to_bl31_params->bl32_ep_info->pc = 0; > -#endif /* BL32_BASE */ > > /* Fill BL33 related information */ > bl2_to_bl31_params->bl33_ep_info = &bl31_params_mem.bl33_ep_info; > @@ -86,13 +95,14 @@ static inline void raw_write_daif(unsigned int daif) > > typedef void (*atf_entry_t)(struct bl31_params *params, void *plat_params); > > -static void bl31_entry(uintptr_t bl31_entry, uintptr_t bl33_entry, > - uintptr_t fdt_addr) > +static void bl31_entry(uintptr_t bl31_entry, uintptr_t bl32_entry, > + uintptr_t bl33_entry, uintptr_t fdt_addr) > { > struct bl31_params *bl31_params; > atf_entry_t atf_entry = (atf_entry_t)bl31_entry; > > - bl31_params = bl2_plat_get_bl31_params(bl33_entry); > + bl31_params = bl2_plat_get_bl31_params(bl32_entry, bl33_entry, > + fdt_addr); > > raw_write_daif(SPSR_EXCEPTION_MASK); > dcache_disable(); > @@ -100,7 +110,7 @@ static void bl31_entry(uintptr_t bl31_entry, uintptr_t bl33_entry, > atf_entry((void *)bl31_params, (void *)fdt_addr); > } > > -static int spl_fit_images_find_uboot(void *blob) > +static int spl_fit_images_find(void *blob, int os) > { > int parent, node, ndepth; > const void *data; > @@ -122,7 +132,7 @@ static int spl_fit_images_find_uboot(void *blob) > if (!data) > continue; > > - if (genimg_get_os_id(data) == IH_OS_U_BOOT) > + if (genimg_get_os_id(data) == os) > return node; > }; > > @@ -143,11 +153,21 @@ uintptr_t spl_fit_images_get_entry(void *blob, int node) > > void spl_invoke_atf(struct spl_image_info *spl_image) > { > + uintptr_t bl32_entry = 0; > uintptr_t bl33_entry = CONFIG_SYS_TEXT_BASE; > void *blob = spl_image->fdt_addr; > uintptr_t platform_param = (uintptr_t)blob; > int node; > > + /* > + * Find the OP-TEE binary (in /fit-images) load address or > + * entry point (if different) and pass it as the BL3-2 entry > + * point, this is optional. > + */ > + node = spl_fit_images_find(blob, IH_OS_TEE); > + if (node >= 0) > + bl32_entry = spl_fit_images_get_entry(blob, node); > + > /* > * Find the U-Boot binary (in /fit-images) load addreess or > * entry point (if different) and pass it as the BL3-3 entry > @@ -155,7 +175,7 @@ void spl_invoke_atf(struct spl_image_info *spl_image) > * This will need to be extended to support Falcon mode. > */ > > - node = spl_fit_images_find_uboot(blob); > + node = spl_fit_images_find(blob, IH_OS_U_BOOT); > if (node >= 0) > bl33_entry = spl_fit_images_get_entry(blob, node); > > @@ -172,5 +192,6 @@ void spl_invoke_atf(struct spl_image_info *spl_image) > * We don't provide a BL3-2 entry yet, but this will be possible > * using similar logic. > */ > - bl31_entry(spl_image->entry_point, bl33_entry, platform_param); > + bl31_entry(spl_image->entry_point, bl32_entry, > + bl33_entry, platform_param); > }
On 2019/10/14 下午5:07, Kever Yang wrote: > > On 2019/10/7 上午2:10, Heiko Stuebner wrote: >> From: Joseph Chen <chenjh@rock-chips.com> >> >> Trusted-Firmware can also initialize a secure payload to use as a >> trusted >> execution environment. In general for the arm64 case this is provided as >> separate image and uboot is supposed to also place it in a predetermined >> location in memory and add the necessary parameters to the ATF boot >> params. >> >> So add the possibility to get this tee payload from the provided FIT >> image >> and setup things as necessary. >> >> Tested on a Rockchip PX30 with mainline TF-A, mainline OP-Tee (with >> pending >> PX30 support) and mainline 5.4-rc1 Linux kernel. >> >> Signed-off-by: Joseph Chen <chenjh@rock-chips.com> >> Signed-off-by: Heiko Stuebner <heiko@sntech.de> > > Reviewed-by: Kever Yang<kever.yang@rock-chips.com> Applied to u-boot-rockchip master. > > > Thanks, > - Kever >> --- >> changes in v2: set fdt address as param for tee >> >> common/spl/spl_atf.c | 49 +++++++++++++++++++++++++++++++------------- >> 1 file changed, 35 insertions(+), 14 deletions(-) >> >> diff --git a/common/spl/spl_atf.c b/common/spl/spl_atf.c >> index 4715f9d371..7a46ed6e6d 100644 >> --- a/common/spl/spl_atf.c >> +++ b/common/spl/spl_atf.c >> @@ -30,8 +30,11 @@ static struct bl31_params *bl2_to_bl31_params; >> * >> * @return bl31 params structure pointer >> */ >> -static struct bl31_params *bl2_plat_get_bl31_params(uintptr_t >> bl33_entry) >> +static struct bl31_params *bl2_plat_get_bl31_params(uintptr_t >> bl32_entry, >> + uintptr_t bl33_entry, >> + uintptr_t fdt_addr) >> { >> + struct entry_point_info *bl32_ep_info; >> struct entry_point_info *bl33_ep_info; >> /* >> @@ -49,16 +52,22 @@ static struct bl31_params >> *bl2_plat_get_bl31_params(uintptr_t bl33_entry) >> SET_PARAM_HEAD(bl2_to_bl31_params->bl31_image_info, >> ATF_PARAM_IMAGE_BINARY, ATF_VERSION_1, 0); >> - /* Fill BL32 related information if it exists */ >> + >> + /* Fill BL32 related information */ >> bl2_to_bl31_params->bl32_ep_info = &bl31_params_mem.bl32_ep_info; >> - SET_PARAM_HEAD(bl2_to_bl31_params->bl32_ep_info, ATF_PARAM_EP, >> - ATF_VERSION_1, 0); >> + bl32_ep_info = &bl31_params_mem.bl32_ep_info; >> + SET_PARAM_HEAD(bl32_ep_info, ATF_PARAM_EP, ATF_VERSION_1, >> + ATF_EP_SECURE); >> + >> + /* secure payload is optional, so set pc to 0 if absent */ >> + bl32_ep_info->args.arg3 = fdt_addr; >> + bl32_ep_info->pc = bl32_entry ? bl32_entry : 0; >> + bl32_ep_info->spsr = SPSR_64(MODE_EL1, MODE_SP_ELX, >> + DISABLE_ALL_EXECPTIONS); >> + >> bl2_to_bl31_params->bl32_image_info = >> &bl31_params_mem.bl32_image_info; >> SET_PARAM_HEAD(bl2_to_bl31_params->bl32_image_info, >> ATF_PARAM_IMAGE_BINARY, ATF_VERSION_1, 0); >> -#ifndef BL32_BASE >> - bl2_to_bl31_params->bl32_ep_info->pc = 0; >> -#endif /* BL32_BASE */ >> /* Fill BL33 related information */ >> bl2_to_bl31_params->bl33_ep_info = &bl31_params_mem.bl33_ep_info; >> @@ -86,13 +95,14 @@ static inline void raw_write_daif(unsigned int daif) >> typedef void (*atf_entry_t)(struct bl31_params *params, void >> *plat_params); >> -static void bl31_entry(uintptr_t bl31_entry, uintptr_t bl33_entry, >> - uintptr_t fdt_addr) >> +static void bl31_entry(uintptr_t bl31_entry, uintptr_t bl32_entry, >> + uintptr_t bl33_entry, uintptr_t fdt_addr) >> { >> struct bl31_params *bl31_params; >> atf_entry_t atf_entry = (atf_entry_t)bl31_entry; >> - bl31_params = bl2_plat_get_bl31_params(bl33_entry); >> + bl31_params = bl2_plat_get_bl31_params(bl32_entry, bl33_entry, >> + fdt_addr); >> raw_write_daif(SPSR_EXCEPTION_MASK); >> dcache_disable(); >> @@ -100,7 +110,7 @@ static void bl31_entry(uintptr_t bl31_entry, >> uintptr_t bl33_entry, >> atf_entry((void *)bl31_params, (void *)fdt_addr); >> } >> -static int spl_fit_images_find_uboot(void *blob) >> +static int spl_fit_images_find(void *blob, int os) >> { >> int parent, node, ndepth; >> const void *data; >> @@ -122,7 +132,7 @@ static int spl_fit_images_find_uboot(void *blob) >> if (!data) >> continue; >> - if (genimg_get_os_id(data) == IH_OS_U_BOOT) >> + if (genimg_get_os_id(data) == os) >> return node; >> }; >> @@ -143,11 +153,21 @@ uintptr_t spl_fit_images_get_entry(void >> *blob, int node) >> void spl_invoke_atf(struct spl_image_info *spl_image) >> { >> + uintptr_t bl32_entry = 0; >> uintptr_t bl33_entry = CONFIG_SYS_TEXT_BASE; >> void *blob = spl_image->fdt_addr; >> uintptr_t platform_param = (uintptr_t)blob; >> int node; >> + /* >> + * Find the OP-TEE binary (in /fit-images) load address or >> + * entry point (if different) and pass it as the BL3-2 entry >> + * point, this is optional. >> + */ >> + node = spl_fit_images_find(blob, IH_OS_TEE); >> + if (node >= 0) >> + bl32_entry = spl_fit_images_get_entry(blob, node); >> + >> /* >> * Find the U-Boot binary (in /fit-images) load addreess or >> * entry point (if different) and pass it as the BL3-3 entry >> @@ -155,7 +175,7 @@ void spl_invoke_atf(struct spl_image_info >> *spl_image) >> * This will need to be extended to support Falcon mode. >> */ >> - node = spl_fit_images_find_uboot(blob); >> + node = spl_fit_images_find(blob, IH_OS_U_BOOT); >> if (node >= 0) >> bl33_entry = spl_fit_images_get_entry(blob, node); >> @@ -172,5 +192,6 @@ void spl_invoke_atf(struct spl_image_info >> *spl_image) >> * We don't provide a BL3-2 entry yet, but this will be possible >> * using similar logic. >> */ >> - bl31_entry(spl_image->entry_point, bl33_entry, platform_param); >> + bl31_entry(spl_image->entry_point, bl32_entry, >> + bl33_entry, platform_param); >> } > > > _______________________________________________ > U-Boot mailing list > U-Boot@lists.denx.de > https://lists.denx.de/listinfo/u-boot
diff --git a/common/spl/spl_atf.c b/common/spl/spl_atf.c index 4715f9d371..7a46ed6e6d 100644 --- a/common/spl/spl_atf.c +++ b/common/spl/spl_atf.c @@ -30,8 +30,11 @@ static struct bl31_params *bl2_to_bl31_params; * * @return bl31 params structure pointer */ -static struct bl31_params *bl2_plat_get_bl31_params(uintptr_t bl33_entry) +static struct bl31_params *bl2_plat_get_bl31_params(uintptr_t bl32_entry, + uintptr_t bl33_entry, + uintptr_t fdt_addr) { + struct entry_point_info *bl32_ep_info; struct entry_point_info *bl33_ep_info; /* @@ -49,16 +52,22 @@ static struct bl31_params *bl2_plat_get_bl31_params(uintptr_t bl33_entry) SET_PARAM_HEAD(bl2_to_bl31_params->bl31_image_info, ATF_PARAM_IMAGE_BINARY, ATF_VERSION_1, 0); - /* Fill BL32 related information if it exists */ + + /* Fill BL32 related information */ bl2_to_bl31_params->bl32_ep_info = &bl31_params_mem.bl32_ep_info; - SET_PARAM_HEAD(bl2_to_bl31_params->bl32_ep_info, ATF_PARAM_EP, - ATF_VERSION_1, 0); + bl32_ep_info = &bl31_params_mem.bl32_ep_info; + SET_PARAM_HEAD(bl32_ep_info, ATF_PARAM_EP, ATF_VERSION_1, + ATF_EP_SECURE); + + /* secure payload is optional, so set pc to 0 if absent */ + bl32_ep_info->args.arg3 = fdt_addr; + bl32_ep_info->pc = bl32_entry ? bl32_entry : 0; + bl32_ep_info->spsr = SPSR_64(MODE_EL1, MODE_SP_ELX, + DISABLE_ALL_EXECPTIONS); + bl2_to_bl31_params->bl32_image_info = &bl31_params_mem.bl32_image_info; SET_PARAM_HEAD(bl2_to_bl31_params->bl32_image_info, ATF_PARAM_IMAGE_BINARY, ATF_VERSION_1, 0); -#ifndef BL32_BASE - bl2_to_bl31_params->bl32_ep_info->pc = 0; -#endif /* BL32_BASE */ /* Fill BL33 related information */ bl2_to_bl31_params->bl33_ep_info = &bl31_params_mem.bl33_ep_info; @@ -86,13 +95,14 @@ static inline void raw_write_daif(unsigned int daif) typedef void (*atf_entry_t)(struct bl31_params *params, void *plat_params); -static void bl31_entry(uintptr_t bl31_entry, uintptr_t bl33_entry, - uintptr_t fdt_addr) +static void bl31_entry(uintptr_t bl31_entry, uintptr_t bl32_entry, + uintptr_t bl33_entry, uintptr_t fdt_addr) { struct bl31_params *bl31_params; atf_entry_t atf_entry = (atf_entry_t)bl31_entry; - bl31_params = bl2_plat_get_bl31_params(bl33_entry); + bl31_params = bl2_plat_get_bl31_params(bl32_entry, bl33_entry, + fdt_addr); raw_write_daif(SPSR_EXCEPTION_MASK); dcache_disable(); @@ -100,7 +110,7 @@ static void bl31_entry(uintptr_t bl31_entry, uintptr_t bl33_entry, atf_entry((void *)bl31_params, (void *)fdt_addr); } -static int spl_fit_images_find_uboot(void *blob) +static int spl_fit_images_find(void *blob, int os) { int parent, node, ndepth; const void *data; @@ -122,7 +132,7 @@ static int spl_fit_images_find_uboot(void *blob) if (!data) continue; - if (genimg_get_os_id(data) == IH_OS_U_BOOT) + if (genimg_get_os_id(data) == os) return node; }; @@ -143,11 +153,21 @@ uintptr_t spl_fit_images_get_entry(void *blob, int node) void spl_invoke_atf(struct spl_image_info *spl_image) { + uintptr_t bl32_entry = 0; uintptr_t bl33_entry = CONFIG_SYS_TEXT_BASE; void *blob = spl_image->fdt_addr; uintptr_t platform_param = (uintptr_t)blob; int node; + /* + * Find the OP-TEE binary (in /fit-images) load address or + * entry point (if different) and pass it as the BL3-2 entry + * point, this is optional. + */ + node = spl_fit_images_find(blob, IH_OS_TEE); + if (node >= 0) + bl32_entry = spl_fit_images_get_entry(blob, node); + /* * Find the U-Boot binary (in /fit-images) load addreess or * entry point (if different) and pass it as the BL3-3 entry @@ -155,7 +175,7 @@ void spl_invoke_atf(struct spl_image_info *spl_image) * This will need to be extended to support Falcon mode. */ - node = spl_fit_images_find_uboot(blob); + node = spl_fit_images_find(blob, IH_OS_U_BOOT); if (node >= 0) bl33_entry = spl_fit_images_get_entry(blob, node); @@ -172,5 +192,6 @@ void spl_invoke_atf(struct spl_image_info *spl_image) * We don't provide a BL3-2 entry yet, but this will be possible * using similar logic. */ - bl31_entry(spl_image->entry_point, bl33_entry, platform_param); + bl31_entry(spl_image->entry_point, bl32_entry, + bl33_entry, platform_param); }