Use numbers to identify images instead of names

The Trusted firmware code identifies BL images by name. The platform port defines a name for each image e.g. the IO framework uses this mechanism in the platform function plat_get_image_source(). For a given image name, it returns the handle to the image file which involves comparing images names. In addition, if the image is packaged in a FIP, a name comparison is required to find the UUID for the image. This method is not optimal. This patch changes the interface between the generic and platform code with regard to identifying images. The platform port must now allocate a unique number (ID) for every image. The generic code will use the image ID instead of the name to access its attributes. As a result, the plat_get_image_source() function now takes an image ID as an input parameter. The organisation of data structures within the IO framework has been rationalised to use an image ID as an index into an array which contains attributes of the image such as UUID and name. This prevents the name comparisons. A new type 'io_uuid_spec_t' has been introduced in the IO framework to specify images identified by UUID (i.e. when the image is contained in a FIP file). There is no longer need to maintain a look-up table [iname_name --> uuid] in the io_fip driver code. Because image names are no longer mandatory in the platform port, the debug messages in the generic code will show the image identifier instead of the file name. The platforms that support semihosting to load images (i.e. FVP) must provide the file names as definitions private to the platform. The ARM platform ports and documentation have been updated accordingly. All ARM platforms reuse the image IDs defined in the platform common code. These IDs will be used to access other attributes of an image in subsequent patches. IMPORTANT: applying this patch breaks compatibility for platforms that use TF BL1 or BL2 images or the image loading code. The platform port must be updated to match the new interface. Change-Id: I9c1b04cb1a0684c6ee65dee66146dd6731751ea5
author: Juan Castillo <juan.castillo@arm.com> 2015-04-13 17:36:19 +0100
committer: Juan Castillo <juan.castillo@arm.com> 2015-06-25 08:53:26 +0100
commit: 16948ae1d9e14190229f0fd8602f8cc0f25d57d2 (patch)
tree: 264ca269eed1b8628622286f2021ac538f3ca4da /bl2
parent: d5e0a933b3e6e0ff43e6d46982b93605a5eadf05 (diff)
1 files changed, 30 insertions, 24 deletions
diff --git a/bl2/bl2_main.c b/bl2/bl2_main.c
index fb79f042..aba0afcf 100644
--- a/bl2/bl2_main.c
+++ b/bl2/bl2_main.c
@@ -36,6 +36,7 @@
 #include <debug.h>
 #include <platform.h>
 #include <platform_def.h>
+#include <stdint.h>
 #include "bl2_private.h"
 
 #if TRUSTED_BOARD_BOOT
@@ -45,20 +46,24 @@ static int bl32_cert_error;
 #endif
 
 /*
- * Load and authenticate the key and content certificates for a BL3-x image
+ * Load and authenticate the key and content certificates for a BL3-x image.
+ * The _blob values identify the authentication objects (an object may be seen
+ * as a single stage in the authentication process). See auth.h for the complete
+ * list of objects. The _id values are passed to the IO framework to identify
+ * the images to load.
  *
  * Parameters:
  *   key_cert_blob: key certificate blob id (see auth.h)
- *   key_cert_name: key certificate filename
+ *   key_cert_id: key certificate image identifier (for IO framework)
  *   cont_cert_blob: content certificate blob id (see auth.h)
- *   cont_cert_name: content certificate filename
+ *   cont_cert_id: content certificate image identifier (for IO framework)
  *   mem_layout: Trusted SRAM memory layout
  *   load_addr: load the certificates at this address
  *
  * Return: 0 = success, Otherwise = error
  */
-static int load_cert_bl3x(int key_cert_blob, const char *key_cert_name,
-			  int cont_cert_blob, const char *cont_cert_name,
+static int load_cert_bl3x(unsigned int key_cert_blob, unsigned int key_cert_id,
+			  unsigned int cont_cert_blob, unsigned int cont_cert_id,
 			  meminfo_t *mem_layout, uint64_t load_addr)
 {
 	image_info_t image_info;
@@ -66,31 +71,32 @@ static int load_cert_bl3x(int key_cert_blob, const char *key_cert_name,
 
 	/* Load Key certificate */
 	image_info.h.version = VERSION_1;
-	err = load_image(mem_layout, key_cert_name, load_addr, &image_info, NULL);
+	err = load_image(mem_layout, key_cert_id, load_addr, &image_info, NULL);
 	if (err) {
-		ERROR("Cannot load %s.\n", key_cert_name);
+		ERROR("Cannot load key certificate id=%u\n", key_cert_id);
 		return err;
 	}
 
 	err = auth_verify_obj(key_cert_blob, image_info.image_base,
 			image_info.image_size);
 	if (err) {
-		ERROR("Invalid key certificate %s.\n", key_cert_name);
+		ERROR("Invalid key certificate id=%u\n", key_cert_id);
 		return err;
 	}
 
 	/* Load Content certificate */
 	image_info.h.version = VERSION_1;
-	err = load_image(mem_layout, cont_cert_name, load_addr, &image_info, NULL);
+	err = load_image(mem_layout, cont_cert_id, load_addr, &image_info, NULL);
 	if (err) {
-		ERROR("Cannot load %s.\n", cont_cert_name);
+		ERROR("Cannot load content certificate id=%u\n",
+				cont_cert_id);
 		return err;
 	}
 
 	err = auth_verify_obj(cont_cert_blob, image_info.image_base,
 			image_info.image_size);
 	if (err) {
-		ERROR("Invalid content certificate %s.\n", cont_cert_name);
+		ERROR("Invalid content certificate id=%u\n", cont_cert_id);
 		return err;
 	}
 
@@ -115,7 +121,7 @@ static int load_certs(void)
 
 	/* Load the Trusted Key certificate in the BL31 region */
 	image_info.h.version = VERSION_1;
-	err = load_image(mem_layout, TRUSTED_KEY_CERT_NAME, load_addr,
+	err = load_image(mem_layout, TRUSTED_KEY_CERT_ID, load_addr,
 			 &image_info, NULL);
 	if (err) {
 		ERROR("Failed to load Trusted Key certificate.\n");
@@ -132,8 +138,8 @@ static int load_certs(void)
 
 	/* Load and validate Key and Content certificates for BL3-x images */
 #ifdef BL30_BASE
-	err = load_cert_bl3x(AUTH_BL30_KEY_CERT, BL30_KEY_CERT_NAME,
-			     AUTH_BL30_IMG_CERT, BL30_CERT_NAME,
+	err = load_cert_bl3x(AUTH_BL30_KEY_CERT, BL30_KEY_CERT_ID,
+			     AUTH_BL30_IMG_CERT, BL30_CERT_ID,
 			     mem_layout, load_addr);
 	if (err) {
 		ERROR("Failed to verify BL3-0 authenticity\n");
@@ -141,8 +147,8 @@ static int load_certs(void)
 	}
 #endif /* BL30_BASE */
 
-	err = load_cert_bl3x(AUTH_BL31_KEY_CERT, BL31_KEY_CERT_NAME,
-			     AUTH_BL31_IMG_CERT, BL31_CERT_NAME,
+	err = load_cert_bl3x(AUTH_BL31_KEY_CERT, BL31_KEY_CERT_ID,
+			     AUTH_BL31_IMG_CERT, BL31_CERT_ID,
 			     mem_layout, load_addr);
 	if (err) {
 		ERROR("Failed to verify BL3-1 authenticity\n");
@@ -152,8 +158,8 @@ static int load_certs(void)
 #ifdef BL32_BASE
 	/* BL3-2 image is optional, but keep the return value in case the
 	 * image is present but the certificate is missing */
-	err = load_cert_bl3x(AUTH_BL32_KEY_CERT, BL32_KEY_CERT_NAME,
-			     AUTH_BL32_IMG_CERT, BL32_CERT_NAME,
+	err = load_cert_bl3x(AUTH_BL32_KEY_CERT, BL32_KEY_CERT_ID,
+			     AUTH_BL32_IMG_CERT, BL32_CERT_ID,
 			     mem_layout, load_addr);
 	if (err) {
 		WARN("Failed to verify BL3-2 authenticity\n");
@@ -161,8 +167,8 @@ static int load_certs(void)
 	bl32_cert_error = err;
 #endif /* BL32_BASE */
 
-	err = load_cert_bl3x(AUTH_BL33_KEY_CERT, BL33_KEY_CERT_NAME,
-			     AUTH_BL33_IMG_CERT, BL33_CERT_NAME,
+	err = load_cert_bl3x(AUTH_BL33_KEY_CERT, BL33_KEY_CERT_ID,
+			     AUTH_BL33_IMG_CERT, BL33_CERT_ID,
 			     mem_layout, load_addr);
 	if (err) {
 		ERROR("Failed to verify BL3-3 authenticity\n");
@@ -200,7 +206,7 @@ static int load_bl30(void)
 	bl2_plat_get_bl30_meminfo(&bl30_mem_info);
 	bl30_image_info.h.version = VERSION_1;
 	e = load_image(&bl30_mem_info,
-		       BL30_IMAGE_NAME,
+		       BL30_IMAGE_ID,
 		       BL30_BASE,
 		       &bl30_image_info,
 		       NULL);
@@ -257,7 +263,7 @@ static int load_bl31(bl31_params_t *bl2_to_bl31_params,
 
 	/* Load the BL3-1 image */
 	e = load_image(bl2_tzram_layout,
-		       BL31_IMAGE_NAME,
+		       BL31_IMAGE_ID,
 		       BL31_BASE,
 		       bl2_to_bl31_params->bl31_image_info,
 		       bl31_ep_info);
@@ -309,7 +315,7 @@ static int load_bl32(bl31_params_t *bl2_to_bl31_params)
 	 */
 	bl2_plat_get_bl32_meminfo(&bl32_mem_info);
 	e = load_image(&bl32_mem_info,
-		       BL32_IMAGE_NAME,
+		       BL32_IMAGE_ID,
 		       BL32_BASE,
 		       bl2_to_bl31_params->bl32_image_info,
 		       bl2_to_bl31_params->bl32_ep_info);
@@ -362,7 +368,7 @@ static int load_bl33(bl31_params_t *bl2_to_bl31_params)
 
 	/* Load the BL3-3 image in non-secure memory provided by the platform */
 	e = load_image(&bl33_mem_info,
-		       BL33_IMAGE_NAME,
+		       BL33_IMAGE_ID,
 		       plat_get_ns_image_entrypoint(),
 		       bl2_to_bl31_params->bl33_image_info,
 		       bl2_to_bl31_params->bl33_ep_info);
author	Juan Castillo <juan.castillo@arm.com>	2015-04-13 17:36:19 +0100
committer	Juan Castillo <juan.castillo@arm.com>	2015-06-25 08:53:26 +0100
commit	16948ae1d9e14190229f0fd8602f8cc0f25d57d2 (patch)
tree	264ca269eed1b8628622286f2021ac538f3ca4da /bl2
parent	d5e0a933b3e6e0ff43e6d46982b93605a5eadf05 (diff)