From 7812abac86bed9bd1b4140b51d9b64207da07e01 Mon Sep 17 00:00:00 2001 From: "Ying-Chun Liu (PaulLiu)" Date: Sun, 10 Jun 2018 02:00:27 +0800 Subject: [PATCH] rpi3: add OPTEE support Support for loading optee images as BL32 secure payload. Signed-off-by: Ying-Chun Liu (PaulLiu) --- plat/rpi3/aarch64/rpi3_bl2_mem_params_desc.c | 4 ++++ plat/rpi3/include/platform_def.h | 7 ++++++ plat/rpi3/platform.mk | 14 ++++++++++++ plat/rpi3/rpi3_bl2_setup.c | 18 +++++++++++++++ plat/rpi3/rpi3_common.c | 20 +++++++++++++++++ plat/rpi3/rpi3_io_storage.c | 23 ++++++++++++++++++++ 6 files changed, 86 insertions(+) diff --git a/plat/rpi3/aarch64/rpi3_bl2_mem_params_desc.c b/plat/rpi3/aarch64/rpi3_bl2_mem_params_desc.c index e3acfe9f..6a3c1d60 100644 --- a/plat/rpi3/aarch64/rpi3_bl2_mem_params_desc.c +++ b/plat/rpi3/aarch64/rpi3_bl2_mem_params_desc.c @@ -99,6 +99,10 @@ static bl_mem_params_node_t bl2_mem_params_descs[] = { SET_STATIC_PARAM_HEAD(image_info, PARAM_EP, VERSION_2, image_info_t, IMAGE_ATTRIB_SKIP_LOADING), +#ifdef SPD_opteed + .image_info.image_base = RPI3_OPTEE_PAGEABLE_LOAD_BASE, + .image_info.image_max_size = RPI3_OPTEE_PAGEABLE_LOAD_SIZE, +#endif .next_handoff_image_id = INVALID_IMAGE_ID, }, # endif /* BL32_BASE */ diff --git a/plat/rpi3/include/platform_def.h b/plat/rpi3/include/platform_def.h index 5e2f1da5..ebd77cd1 100644 --- a/plat/rpi3/include/platform_def.h +++ b/plat/rpi3/include/platform_def.h @@ -181,6 +181,13 @@ #define BL32_DRAM_BASE SEC_DRAM0_BASE #define BL32_DRAM_LIMIT (SEC_DRAM0_BASE + SEC_DRAM0_SIZE) +#ifdef SPD_opteed +/* Load pageable part of OP-TEE at end of allocated DRAM space for BL32 */ +#define RPI3_OPTEE_PAGEABLE_LOAD_SIZE 0x080000 /* 512KB */ +#define RPI3_OPTEE_PAGEABLE_LOAD_BASE (BL32_DRAM_LIMIT - \ + RPI3_OPTEE_PAGEABLE_LOAD_SIZE) +#endif + #define SEC_SRAM_ID 0 #define SEC_DRAM_ID 1 diff --git a/plat/rpi3/platform.mk b/plat/rpi3/platform.mk index 2cb7a152..2aaf4064 100644 --- a/plat/rpi3/platform.mk +++ b/plat/rpi3/platform.mk @@ -120,3 +120,17 @@ endif ifeq (${ARCH},aarch32) $(error Error: AArch32 not supported on rpi3) endif + +ifeq (${SPD},opteed) +BL2_SOURCES += \ + lib/optee/optee_utils.c +endif + +# Add the build options to pack Trusted OS Extra1 and Trusted OS Extra2 images +# in the FIP if the platform requires. +ifneq ($(BL32_EXTRA1),) +$(eval $(call TOOL_ADD_IMG,BL32_EXTRA1,--tos-fw-extra1)) +endif +ifneq ($(BL32_EXTRA2),) +$(eval $(call TOOL_ADD_IMG,BL32_EXTRA2,--tos-fw-extra2)) +endif diff --git a/plat/rpi3/rpi3_bl2_setup.c b/plat/rpi3/rpi3_bl2_setup.c index f286caf0..13e8c015 100644 --- a/plat/rpi3/rpi3_bl2_setup.c +++ b/plat/rpi3/rpi3_bl2_setup.c @@ -9,6 +9,7 @@ #include #include #include +#include #include #include #include @@ -67,11 +68,28 @@ int bl2_plat_handle_post_image_load(unsigned int image_id) { int err = 0; bl_mem_params_node_t *bl_mem_params = get_bl_mem_params_node(image_id); +#ifdef SPD_opteed + bl_mem_params_node_t *pager_mem_params = NULL; + bl_mem_params_node_t *paged_mem_params = NULL; +#endif assert(bl_mem_params != NULL); switch (image_id) { case BL32_IMAGE_ID: +#ifdef SPD_opteed + pager_mem_params = get_bl_mem_params_node(BL32_EXTRA1_IMAGE_ID); + assert(pager_mem_params); + + paged_mem_params = get_bl_mem_params_node(BL32_EXTRA2_IMAGE_ID); + assert(paged_mem_params); + + err = parse_optee_header(&bl_mem_params->ep_info, + &pager_mem_params->image_info, + &paged_mem_params->image_info); + if (err != 0) + WARN("OPTEE header parse error.\n"); +#endif bl_mem_params->ep_info.spsr = rpi3_get_spsr_for_bl32_entry(); break; diff --git a/plat/rpi3/rpi3_common.c b/plat/rpi3/rpi3_common.c index 03914a6d..65f5e7ad 100644 --- a/plat/rpi3/rpi3_common.c +++ b/plat/rpi3/rpi3_common.c @@ -34,6 +34,13 @@ #define MAP_BL32_MEM MAP_REGION_FLAT(BL32_MEM_BASE, BL32_MEM_SIZE, \ MT_MEMORY | MT_RW | MT_SECURE) +#ifdef SPD_opteed +#define MAP_OPTEE_PAGEABLE MAP_REGION_FLAT( \ + RPI3_OPTEE_PAGEABLE_LOAD_BASE, \ + RPI3_OPTEE_PAGEABLE_LOAD_SIZE, \ + MT_MEMORY | MT_RW | MT_SECURE) +#endif + /* * Table of regions for various BL stages to map using the MMU. */ @@ -42,6 +49,9 @@ static const mmap_region_t plat_rpi3_mmap[] = { MAP_SHARED_RAM, MAP_DEVICE0, MAP_FIP, +#ifdef SPD_opteed + MAP_OPTEE_PAGEABLE, +#endif {0} }; #endif @@ -190,3 +200,13 @@ uint32_t plat_ic_get_pending_interrupt_type(void) { return INTR_TYPE_INVAL; } + +uint32_t plat_interrupt_type_to_line(uint32_t type, + uint32_t security_state) +{ + /* It is not expected to receive an interrupt route to EL3. + * Hence panic() to flag error. + */ + ERROR("Interrupt not expected to be routed to EL3"); + panic(); +} diff --git a/plat/rpi3/rpi3_io_storage.c b/plat/rpi3/rpi3_io_storage.c index 7ac45ef6..e090b2b3 100644 --- a/plat/rpi3/rpi3_io_storage.c +++ b/plat/rpi3/rpi3_io_storage.c @@ -54,6 +54,14 @@ static const io_uuid_spec_t bl32_uuid_spec = { .uuid = UUID_SECURE_PAYLOAD_BL32, }; +static const io_uuid_spec_t bl32_extra1_uuid_spec = { + .uuid = UUID_SECURE_PAYLOAD_BL32_EXTRA1, +}; + +static const io_uuid_spec_t bl32_extra2_uuid_spec = { + .uuid = UUID_SECURE_PAYLOAD_BL32_EXTRA2, +}; + static const io_uuid_spec_t bl33_uuid_spec = { .uuid = UUID_NON_TRUSTED_FIRMWARE_BL33, }; @@ -123,6 +131,21 @@ static const struct plat_io_policy policies[] = { (uintptr_t)&bl32_uuid_spec, open_fip }, + [BL32_IMAGE_ID] = { + &fip_dev_handle, + (uintptr_t)&bl32_uuid_spec, + open_fip + }, + [BL32_EXTRA1_IMAGE_ID] = { + &fip_dev_handle, + (uintptr_t)&bl32_extra1_uuid_spec, + open_fip + }, + [BL32_EXTRA2_IMAGE_ID] = { + &fip_dev_handle, + (uintptr_t)&bl32_extra2_uuid_spec, + open_fip + }, [BL33_IMAGE_ID] = { &fip_dev_handle, (uintptr_t)&bl33_uuid_spec, -- 2.30.2