Prepare Mbed TLS drivers for shared heap

The Mbed TLS drivers, in order to work, need a heap for internal usage. This heap, instead of being directly referenced by the drivers, now it is being accessed indirectly through a pointer. Also, the heap, instead of being part of the drivers, now it is being received through the plat_get_mbedtls_heap() function. This function requests a heap from the current BL image which utilises the Mbed TLS drivers. Those changes create the opportunity for the Mbed TLS heap to be shared among different images, thus saving memory. A default heap implementation is provided but it can be overridden by a platform specific, optimised implemenetation. Change-Id: I286a1f10097a9cdcbcd312201eea576c18d157fa Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
2025-04-15 00:54:22 +00:00 · 2018-06-07 16:31:34 +01:00 · 2018-06-07 16:31:34 +01:00 · 6d01a46334
commit 6d01a46334
parent 708531cf05
5 changed files with 78 additions and 19 deletions
--- a/docs/porting-guide.rst
+++ b/docs/porting-guide.rst
@ -1055,7 +1055,7 @@ next image. This function is currently invoked in BL2 to flush this information
 to the next BL image, when LOAD\_IMAGE\_V2 is enabled.

 Function : plat\_log\_get\_prefix()
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 ::

@ -1066,9 +1066,31 @@ This function defines the prefix string corresponding to the `log_level` to be
 prepended to all the log output from TF-A. The `log_level` (argument) will
 correspond to one of the standard log levels defined in debug.h. The platform
 can override the common implementation to define a different prefix string for
-the log output.  The implementation should be robust to future changes that
+the log output. The implementation should be robust to future changes that
 increase the number of log levels.

+Function : plat\_get\_mbedtls\_heap()
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+::
+
+    Arguments : void **heap_addr, size_t *heap_size
+    Return   : int
+
+This function is invoked during Mbed TLS library initialisation to get
+a heap, by means of a starting address and a size. This heap will then be used
+internally by the Mbed TLS library. The heap is requested from the current
+BL stage, i.e. the current BL image inside which Mbed TLS is used.
+
+The default implementation allocates a new heap every time Mbed TLS gets
+initialised. This means that a new heap is statically allocated inside
+every image (i.e. every BL stage) that utilises Mbed TLS. In the default
+implementation, this function returns the address and size of this default
+heap. However, by overriding the default implementation, platforms have the ability
+to optimise memory usage.
+
+On success it returns 0 and a negative error code otherwise.
+
 Modifications specific to a Boot Loader stage
 ---------------------------------------------

--- a/drivers/auth/mbedtls/mbedtls_common.c
+++ b/drivers/auth/mbedtls/mbedtls_common.c
@ -4,26 +4,15 @@
 * SPDX-License-Identifier: BSD-3-Clause
 */

+#include <assert.h>
 #include <debug.h>
-#include <stdlib.h>
-#include <stdio.h>
-
 /* mbed TLS headers */
 #include <mbedtls/memory_buffer_alloc.h>
 #include <mbedtls/platform.h>
-#include <mbedtls_config.h>
 #include <mbedtls_common.h>
-
-/*
- * mbed TLS heap
- */
-#if (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA) \
-	|| (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA)
-#define MBEDTLS_HEAP_SIZE		(13*1024)
-#elif (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA)
-#define MBEDTLS_HEAP_SIZE		(7*1024)
-#endif
-static unsigned char heap[MBEDTLS_HEAP_SIZE];
+#include <mbedtls_config.h>
+#include <platform.h>
+#include <stddef.h>

 static void cleanup(void)
 {
@ -37,13 +26,25 @@ static void cleanup(void)
 void mbedtls_init(void)
 {
 	static int ready;
+	void *heap_addr;
+	size_t heap_size = 0;
+	int err;

 	if (!ready) {
 		if (atexit(cleanup))
 			panic();

+		err = plat_get_mbedtls_heap(&heap_addr, &heap_size);
+
+		/* Ensure heap setup is proper */
+		if (err < 0) {
+			ERROR("Mbed TLS failed to get a heap\n");
+			panic();
+		}
+		assert(heap_size >= TF_MBEDTLS_HEAP_SIZE);
+
 		/* Initialize the mbed TLS heap */
-		mbedtls_memory_buffer_alloc_init(heap, MBEDTLS_HEAP_SIZE);
+		mbedtls_memory_buffer_alloc_init(heap_addr, heap_size);

 #ifdef MBEDTLS_PLATFORM_SNPRINTF_ALT
 		mbedtls_platform_set_snprintf(snprintf);
--- a/include/drivers/auth/mbedtls/mbedtls_config.h
+++ b/include/drivers/auth/mbedtls/mbedtls_config.h
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -95,4 +95,16 @@
 #include "mbedtls/check_config.h"
 #endif

+/*
+ * Determine Mbed TLS heap size
+ * 13312 = 13*1024
+ * 7168 = 7*1024
+ */
+#if (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA) \
+	|| (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA)
+#define TF_MBEDTLS_HEAP_SIZE		U(13312)
+#elif (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA)
+#define TF_MBEDTLS_HEAP_SIZE		U(7168)
+#endif
+
 #endif /* __MBEDTLS_CONFIG_H__ */
--- a/include/plat/common/platform.h
+++ b/include/plat/common/platform.h
@ -103,6 +103,7 @@ void plat_panic_handler(void) __dead2;
 const char *plat_log_get_prefix(unsigned int log_level);
 void bl2_plat_preload_setup(void);
 int plat_try_next_boot_source(void);
+int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size);

 /*******************************************************************************
 * Mandatory BL1 functions
--- a/plat/common/plat_bl_common.c
+++ b/plat/common/plat_bl_common.c
@ -9,6 +9,9 @@
 #include <bl_common.h>
 #include <debug.h>
 #include <errno.h>
+#if TRUSTED_BOARD_BOOT
+#include <mbedtls_config.h>
+#endif
 #include <platform.h>

 /*
@ -21,6 +24,7 @@
 #pragma weak bl2_plat_handle_pre_image_load
 #pragma weak bl2_plat_handle_post_image_load
 #pragma weak plat_try_next_boot_source
+#pragma weak plat_get_mbedtls_heap

 void bl2_el3_plat_prepare_exit(void)
 {
@ -66,3 +70,22 @@ void bl2_early_platform_setup2(u_register_t arg0, u_register_t arg1,
 	bl2_early_platform_setup((void *)arg1);
 }
 #endif
+
+
+#if TRUSTED_BOARD_BOOT
+/*
+ * The following default implementation of the function simply returns the
+ * by-default allocated heap.
+ */
+int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size)
+{
+	static unsigned char heap[TF_MBEDTLS_HEAP_SIZE];
+
+	assert(heap_addr != NULL);
+	assert(heap_size != NULL);
+
+	*heap_addr = heap;
+	*heap_size = sizeof(heap);
+	return 0;
+}
+#endif /* TRUSTED_BOARD_BOOT */