Enable TRUSTED_BOARD_BOOT support for LOAD_IMAGE_V2=1

This patch enables TRUSTED_BOARD_BOOT (Authentication and FWU)
support, for AArch64, when LOAD_IMAGE_V2 is enabled.

This patch also enables LOAD_IMAGE_V2 for ARM platforms.

Change-Id: I294a2eebce7a30b6784c80c9d4ac7752808ee3ad
Signed-off-by: Yatharth Kochar <yatharth.kochar@arm.com>

6 files changed, 33 insertions, 16 deletions

diff --git a/Makefile b/Makefile
index 4fbb9140..e8716e56 100644
--- a/Makefile
+++ b/Makefile
@@ -122,10 +122,6 @@ ifneq (${GENERATE_COT},0)
         FWU_FIP_DEPS += fwu_certificates
 endif
 
-# For AArch32, enable new version of image loading.
-ifeq (${ARCH},aarch32)
-        LOAD_IMAGE_V2	:=	1
-endif
 
 ################################################################################
 # Toolchain
@@ -294,19 +290,15 @@ ifeq (${NEED_BL33},yes)
         endif
 endif
 
-# TRUSTED_BOARD_BOOT is currently not supported when LOAD_IMAGE_V2 is enabled.
-ifeq (${LOAD_IMAGE_V2},1)
-        ifeq (${TRUSTED_BOARD_BOOT},1)
-                $(error "TRUSTED_BOARD_BOOT is currently not supported	\
-                for LOAD_IMAGE_V2=1")
-        endif
-endif
-
-# For AArch32, LOAD_IMAGE_V2 must be enabled.
 ifeq (${ARCH},aarch32)
+    # For AArch32, LOAD_IMAGE_V2 must be enabled.
     ifeq (${LOAD_IMAGE_V2}, 0)
         $(error "For AArch32, LOAD_IMAGE_V2 must be enabled.")
     endif
+    # TRUSTED_BOARD_BOOT is currently not supported for AArch32.
+    ifeq (${TRUSTED_BOARD_BOOT},1)
+        $(error "TRUSTED_BOARD_BOOT is currently not supported for AArch32")
+    endif
 endif
 
 
diff --git a/bl1/bl1_fwu.c b/bl1/bl1_fwu.c
index f3338051..61f2adb0 100644
--- a/bl1/bl1_fwu.c
+++ b/bl1/bl1_fwu.c
@@ -121,7 +121,6 @@ static int bl1_fwu_image_copy(unsigned int image_id,
 			unsigned int flags)
 {
 	uintptr_t base_addr;
-	meminfo_t *mem_layout;
 
 	/* Get the image descriptor. */
 	image_desc_t *image_desc = bl1_plat_get_image_desc(image_id);
@@ -208,15 +207,22 @@ static int bl1_fwu_image_copy(unsigned int image_id,
 			WARN("BL1-FWU: Copy arguments source/size not mapped\n");
 			return -ENOMEM;
 		}
-
+#if LOAD_IMAGE_V2
+		/* Check that the image size to load is within limit */
+		if (image_size > image_desc->image_info.image_max_size) {
+			WARN("BL1-FWU: Image size out of bounds\n");
+			return -ENOMEM;
+		}
+#else
 		/* Find out how much free trusted ram remains after BL1 load */
-		mem_layout = bl1_plat_sec_mem_layout();
+		meminfo_t *mem_layout = bl1_plat_sec_mem_layout();
 		if ((image_desc->image_info.image_base < mem_layout->free_base) ||
 			 (image_desc->image_info.image_base + image_size >
 			  mem_layout->free_base + mem_layout->free_size)) {
 			WARN("BL1-FWU: Memory not available to copy\n");
 			return -ENOMEM;
 		}
+#endif
 
 		/* Update the image size. */
 		image_desc->image_info.image_size = image_size;
diff --git a/bl1/tbbr/tbbr_img_desc.c b/bl1/tbbr/tbbr_img_desc.c
index 7651f1c0..e3bd574d 100644
--- a/bl1/tbbr/tbbr_img_desc.c
+++ b/bl1/tbbr/tbbr_img_desc.c
@@ -38,6 +38,9 @@ image_desc_t bl1_tbbr_image_descs[] = {
 	    SET_STATIC_PARAM_HEAD(image_info, PARAM_IMAGE_BINARY,
 		    VERSION_1, image_info_t, 0),
 	    .image_info.image_base = BL2_BASE,
+#if LOAD_IMAGE_V2
+	    .image_info.image_max_size = BL2_LIMIT - BL2_BASE,
+#endif
 	    SET_STATIC_PARAM_HEAD(ep_info, PARAM_IMAGE_BINARY,
 		    VERSION_1, entry_point_info_t, SECURE),
     },
@@ -55,6 +58,9 @@ image_desc_t bl1_tbbr_image_descs[] = {
 	    SET_STATIC_PARAM_HEAD(image_info, PARAM_IMAGE_BINARY,
 		    VERSION_1, image_info_t, 0),
 	    .image_info.image_base = SCP_BL2U_BASE,
+#if LOAD_IMAGE_V2
+	    .image_info.image_max_size = SCP_BL2U_LIMIT - SCP_BL2U_BASE,
+#endif
 	    SET_STATIC_PARAM_HEAD(ep_info, PARAM_IMAGE_BINARY,
 		    VERSION_1, entry_point_info_t, SECURE),
     },
@@ -65,6 +71,9 @@ image_desc_t bl1_tbbr_image_descs[] = {
 	    SET_STATIC_PARAM_HEAD(image_info, PARAM_EP,
 		    VERSION_1, image_info_t, 0),
 	    .image_info.image_base = BL2U_BASE,
+#if LOAD_IMAGE_V2
+	    .image_info.image_max_size = BL2U_LIMIT - BL2U_BASE,
+#endif
 	    SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP,
 		    VERSION_1, entry_point_info_t, SECURE | EXECUTABLE),
 	    .ep_info.pc = BL2U_BASE,
diff --git a/include/plat/arm/css/common/css_def.h b/include/plat/arm/css/common/css_def.h
index 173de1b4..a2fe0d58 100644
--- a/include/plat/arm/css/common/css_def.h
+++ b/include/plat/arm/css/common/css_def.h
@@ -135,8 +135,10 @@
  * SCP, it is discarded and BL31 is loaded over the top.
  */
 #define SCP_BL2_BASE			BL31_BASE
+#define SCP_BL2_LIMIT			(SCP_BL2_BASE + PLAT_CSS_MAX_SCP_BL2_SIZE)
 
 #define SCP_BL2U_BASE			BL31_BASE
+#define SCP_BL2U_LIMIT			(SCP_BL2U_BASE + PLAT_CSS_MAX_SCP_BL2U_SIZE)
 #endif /* CSS_LOAD_SCP_IMAGES */
 
 /* Load address of Non-Secure Image for CSS platform ports */
diff --git a/plat/arm/board/juno/include/platform_def.h b/plat/arm/board/juno/include/platform_def.h
index 691e2f77..adc4704d 100644
--- a/plat/arm/board/juno/include/platform_def.h
+++ b/plat/arm/board/juno/include/platform_def.h
@@ -191,6 +191,12 @@
 #define PLAT_CSS_MAX_SCP_BL2_SIZE	0x1D000
 
 /*
+ * PLAT_CSS_MAX_SCP_BL2U_SIZE is calculated using the current
+ * SCP_BL2U size plus a little space for growth.
+ */
+#define PLAT_CSS_MAX_SCP_BL2U_SIZE	0x1D000
+
+/*
  * Define a list of Group 1 Secure and Group 0 interrupts as per GICv3
  * terminology. On a GICv2 system or mode, the lists will be merged and treated
  * as Group 0 interrupts.
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index 626b443e..d0940b8e 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -97,6 +97,8 @@ ENABLE_PSCI_STAT		:=	1
 # mapping the former as executable and the latter as execute-never.
 SEPARATE_CODE_AND_RODATA	:=	1
 
+# Enable new version of image loading on ARM platforms
+LOAD_IMAGE_V2			:=	1
 
 PLAT_INCLUDES		+=	-Iinclude/common/tbbr				\
 				-Iinclude/plat/arm/common