cot-desc: optimise memory further
authorJoel Hutton <Joel.Hutton@Arm.com>
Mon, 11 Mar 2019 11:37:38 +0000 (11:37 +0000)
committerJoel Hutton <Joel.Hutton@Arm.com>
Mon, 8 Apr 2019 13:24:21 +0000 (14:24 +0100)
This changes the auth_img_desc_t struct to have pointers to struct
arrays instead of struct arrays. This saves memory as many of these
were never used, and can be NULL pointers. Note the memory savings are
only when these arrays are not initialised, as it is assumed these
arrays are fixed length. A possible future optimisation could allow for
variable length.

memory diff:
bl1:        bl2:
    text        text
      -12         -12
    bss         bss
      -1463       0
    data        data
      -56         -48
    rodata      rodata
      -5688       -2592
    total       total
      -7419       -2652

Change-Id: I8f9bdedf75048b8867f40c56381e3a6dc6402bcc
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
drivers/auth/auth_mod.c
drivers/auth/tbbr/tbbr_cot.c
include/drivers/auth/auth_mod.h

index d66e5dd1d1b58c30c088bef457ca5affdb640791..1aca1ccc850eeef38cc787878556258169899127 100644 (file)
@@ -53,6 +53,9 @@ static int auth_get_param(const auth_param_type_desc_t *param_type_desc,
 {
        int i;
 
+       if (img_desc->authenticated_data == NULL)
+               return 1;
+
        for (i = 0 ; i < COT_MAX_VERIFIED_PARAMS ; i++) {
                if (0 == cmp_auth_param_type_desc(param_type_desc,
                                img_desc->authenticated_data[i].type_desc)) {
@@ -361,6 +364,8 @@ int auth_mod_verify_img(unsigned int img_id,
 
        /* Authenticate the image using the methods indicated in the image
         * descriptor. */
+       if(img_desc->img_auth_methods == NULL)
+               return 1;
        for (i = 0 ; i < AUTH_METHOD_NUM ; i++) {
                auth_method = &img_desc->img_auth_methods[i];
                switch (auth_method->type) {
@@ -389,25 +394,27 @@ int auth_mod_verify_img(unsigned int img_id,
 
        /* Extract the parameters indicated in the image descriptor to
         * authenticate the children images. */
-       for (i = 0 ; i < COT_MAX_VERIFIED_PARAMS ; i++) {
-               if (img_desc->authenticated_data[i].type_desc == NULL) {
-                       continue;
-               }
-
-               /* Get the parameter from the image parser module */
-               rc = img_parser_get_auth_param(img_desc->img_type,
-                               img_desc->authenticated_data[i].type_desc,
-                               img_ptr, img_len, &param_ptr, &param_len);
-               return_if_error(rc);
-
-               /* Check parameter size */
-               if (param_len > img_desc->authenticated_data[i].data.len) {
-                       return 1;
+       if (img_desc->authenticated_data != NULL) {
+               for (i = 0 ; i < COT_MAX_VERIFIED_PARAMS ; i++) {
+                       if (img_desc->authenticated_data[i].type_desc == NULL) {
+                               continue;
+                       }
+
+                       /* Get the parameter from the image parser module */
+                       rc = img_parser_get_auth_param(img_desc->img_type,
+                                       img_desc->authenticated_data[i].type_desc,
+                                       img_ptr, img_len, &param_ptr, &param_len);
+                       return_if_error(rc);
+
+                       /* Check parameter size */
+                       if (param_len > img_desc->authenticated_data[i].data.len) {
+                               return 1;
+                       }
+
+                       /* Copy the parameter for later use */
+                       memcpy((void *)img_desc->authenticated_data[i].data.ptr,
+                                       (void *)param_ptr, param_len);
                }
-
-               /* Copy the parameter for later use */
-               memcpy((void *)img_desc->authenticated_data[i].data.ptr,
-                               (void *)param_ptr, param_len);
        }
 
        /* Mark image as authenticated */
index 1c962596c4b9a0ba0f93f2478b0b448721b60335..da3631bbf9cb59fec565f56bce4c7cab1fdb2451 100644 (file)
@@ -122,7 +122,7 @@ static const auth_img_desc_t trusted_boot_fw_cert = {
        .img_id = TRUSTED_BOOT_FW_CERT_ID,
        .img_type = IMG_CERT,
        .parent = NULL,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_SIG,
                        .param.sig = {
@@ -140,7 +140,7 @@ static const auth_img_desc_t trusted_boot_fw_cert = {
                        }
                }
        },
-       .authenticated_data = {
+       .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
                [0] = {
                        .type_desc = &tb_fw_hash,
                        .data = {
@@ -169,7 +169,7 @@ static const auth_img_desc_t bl2_image = {
        .img_id = BL2_IMAGE_ID,
        .img_type = IMG_RAW,
        .parent = &trusted_boot_fw_cert,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_HASH,
                        .param.hash = {
@@ -185,7 +185,7 @@ static const auth_img_desc_t hw_config = {
        .img_id = HW_CONFIG_ID,
        .img_type = IMG_RAW,
        .parent = &trusted_boot_fw_cert,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_HASH,
                        .param.hash = {
@@ -201,7 +201,7 @@ static const auth_img_desc_t tb_fw_config = {
        .img_id = TB_FW_CONFIG_ID,
        .img_type = IMG_RAW,
        .parent = &trusted_boot_fw_cert,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_HASH,
                        .param.hash = {
@@ -220,7 +220,7 @@ static const auth_img_desc_t trusted_key_cert = {
        .img_id = TRUSTED_KEY_CERT_ID,
        .img_type = IMG_CERT,
        .parent = NULL,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_SIG,
                        .param.sig = {
@@ -238,7 +238,7 @@ static const auth_img_desc_t trusted_key_cert = {
                        }
                }
        },
-       .authenticated_data = {
+       .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
                [0] = {
                        .type_desc = &trusted_world_pk,
                        .data = {
@@ -262,7 +262,7 @@ static const auth_img_desc_t scp_fw_key_cert = {
        .img_id = SCP_FW_KEY_CERT_ID,
        .img_type = IMG_CERT,
        .parent = &trusted_key_cert,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_SIG,
                        .param.sig = {
@@ -280,7 +280,7 @@ static const auth_img_desc_t scp_fw_key_cert = {
                        }
                }
        },
-       .authenticated_data = {
+       .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
                [0] = {
                        .type_desc = &scp_fw_content_pk,
                        .data = {
@@ -294,7 +294,7 @@ static const auth_img_desc_t scp_fw_content_cert = {
        .img_id = SCP_FW_CONTENT_CERT_ID,
        .img_type = IMG_CERT,
        .parent = &scp_fw_key_cert,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_SIG,
                        .param.sig = {
@@ -312,7 +312,7 @@ static const auth_img_desc_t scp_fw_content_cert = {
                        }
                }
        },
-       .authenticated_data = {
+       .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
                [0] = {
                        .type_desc = &scp_fw_hash,
                        .data = {
@@ -326,7 +326,7 @@ static const auth_img_desc_t scp_bl2_image = {
        .img_id = SCP_BL2_IMAGE_ID,
        .img_type = IMG_RAW,
        .parent = &scp_fw_content_cert,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_HASH,
                        .param.hash = {
@@ -343,7 +343,7 @@ static const auth_img_desc_t soc_fw_key_cert = {
        .img_id = SOC_FW_KEY_CERT_ID,
        .img_type = IMG_CERT,
        .parent = &trusted_key_cert,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_SIG,
                        .param.sig = {
@@ -361,7 +361,7 @@ static const auth_img_desc_t soc_fw_key_cert = {
                        }
                }
        },
-       .authenticated_data = {
+       .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
                [0] = {
                        .type_desc = &soc_fw_content_pk,
                        .data = {
@@ -375,7 +375,7 @@ static const auth_img_desc_t soc_fw_content_cert = {
        .img_id = SOC_FW_CONTENT_CERT_ID,
        .img_type = IMG_CERT,
        .parent = &soc_fw_key_cert,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_SIG,
                        .param.sig = {
@@ -393,7 +393,7 @@ static const auth_img_desc_t soc_fw_content_cert = {
                        }
                }
        },
-       .authenticated_data = {
+       .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
                [0] = {
                        .type_desc = &soc_fw_hash,
                        .data = {
@@ -414,7 +414,7 @@ static const auth_img_desc_t bl31_image = {
        .img_id = BL31_IMAGE_ID,
        .img_type = IMG_RAW,
        .parent = &soc_fw_content_cert,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_HASH,
                        .param.hash = {
@@ -429,7 +429,7 @@ static const auth_img_desc_t soc_fw_config = {
        .img_id = SOC_FW_CONFIG_ID,
        .img_type = IMG_RAW,
        .parent = &soc_fw_content_cert,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_HASH,
                        .param.hash = {
@@ -446,7 +446,7 @@ static const auth_img_desc_t trusted_os_fw_key_cert = {
        .img_id = TRUSTED_OS_FW_KEY_CERT_ID,
        .img_type = IMG_CERT,
        .parent = &trusted_key_cert,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_SIG,
                        .param.sig = {
@@ -464,7 +464,7 @@ static const auth_img_desc_t trusted_os_fw_key_cert = {
                        }
                }
        },
-       .authenticated_data = {
+       .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
                [0] = {
                        .type_desc = &tos_fw_content_pk,
                        .data = {
@@ -478,7 +478,7 @@ static const auth_img_desc_t trusted_os_fw_content_cert = {
        .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
        .img_type = IMG_CERT,
        .parent = &trusted_os_fw_key_cert,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_SIG,
                        .param.sig = {
@@ -496,7 +496,7 @@ static const auth_img_desc_t trusted_os_fw_content_cert = {
                        }
                }
        },
-       .authenticated_data = {
+       .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
                [0] = {
                        .type_desc = &tos_fw_hash,
                        .data = {
@@ -531,7 +531,7 @@ static const auth_img_desc_t bl32_image = {
        .img_id = BL32_IMAGE_ID,
        .img_type = IMG_RAW,
        .parent = &trusted_os_fw_content_cert,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_HASH,
                        .param.hash = {
@@ -545,7 +545,7 @@ static const auth_img_desc_t bl32_extra1_image = {
        .img_id = BL32_EXTRA1_IMAGE_ID,
        .img_type = IMG_RAW,
        .parent = &trusted_os_fw_content_cert,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_HASH,
                        .param.hash = {
@@ -559,7 +559,7 @@ static const auth_img_desc_t bl32_extra2_image = {
        .img_id = BL32_EXTRA2_IMAGE_ID,
        .img_type = IMG_RAW,
        .parent = &trusted_os_fw_content_cert,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_HASH,
                        .param.hash = {
@@ -574,7 +574,7 @@ static const auth_img_desc_t tos_fw_config = {
        .img_id = TOS_FW_CONFIG_ID,
        .img_type = IMG_RAW,
        .parent = &trusted_os_fw_content_cert,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_HASH,
                        .param.hash = {
@@ -591,7 +591,7 @@ static const auth_img_desc_t non_trusted_fw_key_cert = {
        .img_id = NON_TRUSTED_FW_KEY_CERT_ID,
        .img_type = IMG_CERT,
        .parent = &trusted_key_cert,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_SIG,
                        .param.sig = {
@@ -609,7 +609,7 @@ static const auth_img_desc_t non_trusted_fw_key_cert = {
                        }
                }
        },
-       .authenticated_data = {
+       .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
                [0] = {
                        .type_desc = &nt_fw_content_pk,
                        .data = {
@@ -623,7 +623,7 @@ static const auth_img_desc_t non_trusted_fw_content_cert = {
        .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
        .img_type = IMG_CERT,
        .parent = &non_trusted_fw_key_cert,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_SIG,
                        .param.sig = {
@@ -641,7 +641,7 @@ static const auth_img_desc_t non_trusted_fw_content_cert = {
                        }
                }
        },
-       .authenticated_data = {
+       .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
                [0] = {
                        .type_desc = &nt_world_bl_hash,
                        .data = {
@@ -662,7 +662,7 @@ static const auth_img_desc_t bl33_image = {
        .img_id = BL33_IMAGE_ID,
        .img_type = IMG_RAW,
        .parent = &non_trusted_fw_content_cert,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_HASH,
                        .param.hash = {
@@ -677,7 +677,7 @@ static const auth_img_desc_t nt_fw_config = {
        .img_id = NT_FW_CONFIG_ID,
        .img_type = IMG_RAW,
        .parent = &non_trusted_fw_content_cert,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_HASH,
                        .param.hash = {
@@ -695,7 +695,7 @@ static const auth_img_desc_t fwu_cert = {
        .img_id = FWU_CERT_ID,
        .img_type = IMG_CERT,
        .parent = NULL,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_SIG,
                        .param.sig = {
@@ -706,7 +706,7 @@ static const auth_img_desc_t fwu_cert = {
                        }
                }
        },
-       .authenticated_data = {
+       .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
                [0] = {
                        .type_desc = &scp_bl2u_hash,
                        .data = {
@@ -737,7 +737,7 @@ static const auth_img_desc_t scp_bl2u_image = {
        .img_id = SCP_BL2U_IMAGE_ID,
        .img_type = IMG_RAW,
        .parent = &fwu_cert,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_HASH,
                        .param.hash = {
@@ -754,7 +754,7 @@ static const auth_img_desc_t bl2u_image = {
        .img_id = BL2U_IMAGE_ID,
        .img_type = IMG_RAW,
        .parent = &fwu_cert,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_HASH,
                        .param.hash = {
@@ -771,7 +771,7 @@ static const auth_img_desc_t ns_bl2u_image = {
        .img_id = NS_BL2U_IMAGE_ID,
        .img_type = IMG_RAW,
        .parent = &fwu_cert,
-       .img_auth_methods = {
+       .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
                [0] = {
                        .type = AUTH_METHOD_HASH,
                        .param.hash = {
index 0119ed2e03171b79487667d1cc0f6e5126b20477..39f5372e51256b81a6fef0ae5fa56034b87211f8 100644 (file)
@@ -27,8 +27,8 @@ typedef struct auth_img_desc_s {
        unsigned int img_id;
        img_type_t img_type;
        const struct auth_img_desc_s *parent;
-       auth_method_desc_t img_auth_methods[AUTH_METHOD_NUM];
-       auth_param_desc_t authenticated_data[COT_MAX_VERIFIED_PARAMS];
+       const auth_method_desc_t *const img_auth_methods;
+       const auth_param_desc_t *const authenticated_data;
 } auth_img_desc_t;
 
 /* Public functions */