feat(fvp): mock support for CCA NV ctr

AEM FVP does not have a third CCA NV counter so the implementation will fake it by returning the Trusted NV counter value when the caller requests the CCA NV counter. This allows us to use the CCA CoT on AEM FVP nonetheless. The FVP platform port now gets its own version of plat_get_nv_ctr() as it now need to diverge from the common implementation provided at the Arm development platforms level. Change-Id: I3258f837249a539d943d6d783406ba222bd4554e Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
2025-04-17 01:54:22 +00:00 · 2023-05-02 14:42:48 -05:00 · 2023-05-02 14:42:48 -05:00 · 02552d45e5
commit 02552d45e5
parent e3b1cc0c51
2 changed files with 46 additions and 3 deletions
--- a/plat/arm/board/common/board_common.mk
+++ b/plat/arm/board/common/board_common.mk
@ -1,5 +1,5 @@
 #
-# Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@ -67,11 +67,16 @@ endif
 # ARM development platforms
 TFW_NVCTR_VAL	?=	31
 NTFW_NVCTR_VAL	?=	223
+# The CCA Non-Volatile Counter only exists on some Arm development platforms.
+# On others, we mock it by aliasing it to the Trusted Firmware Non-Volatile counter,
+# hence we set both counters to the same default value.
+CCAFW_NVCTR_VAL	?=	31
 else
 # Certificate NV-Counters when CryptoCell is integrated. For development
 # platforms we set the counter to first valid value.
 TFW_NVCTR_VAL	?=	0
 NTFW_NVCTR_VAL	?=	0
+CCAFW_NVCTR_VAL	?=	0
 endif
 BL1_SOURCES		+=	plat/arm/board/common/board_arm_trusted_boot.c \
 				${ARM_ROTPK_S}
--- a/plat/arm/board/fvp/fvp_trusted_boot.c
+++ b/plat/arm/board/fvp/fvp_trusted_boot.c
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2023, Arm Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -14,7 +14,7 @@
 #include <plat/arm/common/fconf_nv_cntr_getter.h>
 #include <plat/common/platform.h>
 #include <platform_def.h>
-#include <tools_share/tbbr_oid.h>
+#include <tools_share/cca_oid.h>

 /*
 * Return the ROTPK hash in the following ASN.1 structure in DER format:
@ -57,6 +57,10 @@ int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
 	} else if (strcmp(oid, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
 		nv_ctr_addr = FCONF_GET_PROPERTY(cot, nv_cntr_addr,
 						NON_TRUSTED_NV_CTR_ID);
+	} else if (strcmp(oid, CCA_FW_NVCOUNTER_OID) == 0) {
+		/* FVP does not support the CCA NV Counter so use the Trusted NV */
+		nv_ctr_addr = FCONF_GET_PROPERTY(cot, nv_cntr_addr,
+						TRUSTED_NV_CTR_ID);
 	} else {
 		return 1;
 	}
@ -69,3 +73,37 @@ int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
 	 */
 	return (mmio_read_32(nv_ctr_addr) == nv_ctr) ? 0 : 1;
 }
+
+/*
+ * Return the non-volatile counter value stored in the platform. The cookie
+ * will contain the OID of the counter in the certificate.
+ *
+ * Return: 0 = success, Otherwise = error
+ */
+int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr)
+{
+	const char *oid;
+	uint32_t *nv_ctr_addr;
+
+	assert(cookie != NULL);
+	assert(nv_ctr != NULL);
+
+	oid = (const char *)cookie;
+	if (strcmp(oid, TRUSTED_FW_NVCOUNTER_OID) == 0) {
+		nv_ctr_addr = (uint32_t *)FCONF_GET_PROPERTY(cot, nv_cntr_addr,
+							TRUSTED_NV_CTR_ID);
+	} else if (strcmp(oid, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
+		nv_ctr_addr = (uint32_t *)FCONF_GET_PROPERTY(cot, nv_cntr_addr,
+							NON_TRUSTED_NV_CTR_ID);
+	} else if (strcmp(oid, CCA_FW_NVCOUNTER_OID) == 0) {
+		/* FVP does not support the CCA NV Counter so use the Trusted NV */
+		nv_ctr_addr = (uint32_t *)FCONF_GET_PROPERTY(cot, nv_cntr_addr,
+							TRUSTED_NV_CTR_ID);
+	} else {
+		return 1;
+	}
+
+	*nv_ctr = (unsigned int)(*nv_ctr_addr);
+
+	return 0;
+}