diff options
| -rw-r--r-- | arch/arm/cpu/armv8/sec_firmware.c | 53 | ||||
| -rw-r--r-- | doc/uImage.FIT/sec_firmware_ppa.its | 49 | 
2 files changed, 91 insertions, 11 deletions
| diff --git a/arch/arm/cpu/armv8/sec_firmware.c b/arch/arm/cpu/armv8/sec_firmware.c index 5d2d839feaa..a13c92e246a 100644 --- a/arch/arm/cpu/armv8/sec_firmware.c +++ b/arch/arm/cpu/armv8/sec_firmware.c @@ -115,25 +115,48 @@ static int sec_firmware_check_copy_loadable(const void *sec_firmware_img,  					    u32 *loadable_l, u32 *loadable_h)  {  	phys_addr_t sec_firmware_loadable_addr = 0; -	int conf_node_off, ld_node_off; +	int conf_node_off, ld_node_off, images;  	char *conf_node_name = NULL;  	const void *data;  	size_t size;  	ulong load; +	const char *name, *str, *type; +	int len;  	conf_node_name = SEC_FIRMEWARE_FIT_CNF_NAME;  	conf_node_off = fit_conf_get_node(sec_firmware_img, conf_node_name);  	if (conf_node_off < 0) {  		printf("SEC Firmware: %s: no such config\n", conf_node_name); -	return -ENOENT; +		return -ENOENT; +	} + +	/* find the node holding the images information */ +	images = fdt_path_offset(sec_firmware_img, FIT_IMAGES_PATH); +	if (images < 0) { +		printf("%s: Cannot find /images node: %d\n", __func__, images); +		return -1; +	} + +	type = FIT_LOADABLE_PROP; + +	name = fdt_getprop(sec_firmware_img, conf_node_off, type, &len); +	if (!name) { +		/* Loadables not present */ +		return 0;  	} -	ld_node_off = fit_conf_get_prop_node(sec_firmware_img, conf_node_off, -					     FIT_LOADABLE_PROP); -	if (ld_node_off >= 0) { -		printf("SEC Firmware: '%s' present in config\n", -		       FIT_LOADABLE_PROP); +	printf("SEC Firmware: '%s' present in config\n", type); + +	for (str = name; str && ((str - name) < len); +	     str = strchr(str, '\0') + 1) { +		printf("%s: '%s'\n", type, str); +		ld_node_off = fdt_subnode_offset(sec_firmware_img, images, str); +		if (ld_node_off < 0) { +			printf("cannot find image node '%s': %d\n", str, +			       ld_node_off); +			return -EINVAL; +		}  		/* Verify secure firmware image */  		if (!(fit_image_verify(sec_firmware_img, ld_node_off))) { @@ -163,11 +186,19 @@ static int sec_firmware_check_copy_loadable(const void *sec_firmware_img,  		memcpy((void *)sec_firmware_loadable_addr, data, size);  		flush_dcache_range(sec_firmware_loadable_addr,  				   sec_firmware_loadable_addr + size); -	} -	/* Populate address ptrs for loadable image with loadbale addr */ -	out_le32(loadable_l, (sec_firmware_loadable_addr & WORD_MASK)); -	out_le32(loadable_h, (sec_firmware_loadable_addr >> WORD_SHIFT)); +		/* Populate loadable address only for Trusted OS */ +		if (!strcmp(str, "trustedOS@1")) { +			/* +			 * Populate address ptrs for loadable image with +			 * loadbale addr +			 */ +			out_le32(loadable_l, (sec_firmware_loadable_addr & +					      WORD_MASK)); +			out_le32(loadable_h, (sec_firmware_loadable_addr >> +					      WORD_SHIFT)); +		} +	}  	return 0;  } diff --git a/doc/uImage.FIT/sec_firmware_ppa.its b/doc/uImage.FIT/sec_firmware_ppa.its new file mode 100644 index 00000000000..a7acde17cf3 --- /dev/null +++ b/doc/uImage.FIT/sec_firmware_ppa.its @@ -0,0 +1,49 @@ +/dts-v1/; + +/* + * Example FIT image description file demonstrating the usage + * of SEC Firmware and multiple loadable images loaded by the u-boot. + * For booting PPA (SEC Firmware), "firmware" is searched and loaded. + * + * Multiple binaries will be loaded as "loadables" (if present) at their + * respective load offsets from firmware image address. + */ + +/{ +	description = "PPA Firmware"; +	#address-cells = <1>; +	images { +		firmware@1 { +			description = "PPA Firmware: <version>"; +			data = /incbin/("../obj/monitor.bin"); +			type = "firmware"; +			arch = "arm64"; +			compression = "none"; +		}; +		trustedOS@1 { +			description = "Trusted OS"; +			data = /incbin/("../../tee.bin"); +			type = "OS"; +			arch = "arm64"; +			compression = "none"; +			load = <0x00200000>; +		}; +		fuse_scr { +			description = "Fuse Script"; +			data = /incbin/("../../fuse_scr.bin"); +			type = "firmware"; +			arch = "arm64"; +			compression = "none"; +			load = <0x00180000>; +		}; +	}; + +	configurations { +		default = "config-1"; +		config-1 { +			description = "PPA Secure firmware"; +			firmware = "firmware@1"; +			loadables = "trustedOS@1", "fuse_scr"; +		}; +	}; +}; | 
