FVP: Enable capability to disable auth via dynamic config

This patch adds capability to FVP to disable authentication dynamically
via the `disable_auth` property in TB_FW_CONFIG. Both BL1 and BL2 parses
the TB_FW_CONFIG for the `disable_auth` property and invokes the
`load_dyn_disable_auth()` API to disable authentication if the
property is set to 1. The DYN_DISABLE_AUTH is enabled by default for
FVP as it is a development platform. Note that the TB_FW_CONFIG has to
be authenticated by BL1 irrespective of these settings.

The arm_bl2_dyn_cfg_init() is now earlier in bl2_plat_preload_setup()
rather than in bl2_platform_setup() as we need to get the value of
`disable_auth` property prior to authentication of any image by BL2.

Change-Id: I734acd59572849793e5020ec44c6ac51f654a4d1
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

include/plat/arm/common/arm_dyn_cfg_helpers.h

@@ -12,5 +12,6 @@
 int arm_dyn_get_hwconfig_info(void *dtb, int node,
 		uint64_t *hw_config_addr, uint32_t *hw_config_size);
 int arm_dyn_tb_fw_cfg_init(void *dtb, int *node);
+int arm_dyn_get_disable_auth(void *dtb, int node, uint32_t *disable_auth);
 
 #endif /* __ARM_DYN_CFG_HELPERS_H__ */

plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts

@@ -12,5 +12,7 @@
 		compatible = "arm,tb_fw";
 		hw_config_addr = <0x0 0x82000000>;
 		hw_config_max_size = <0x01000000>;
+		/* Disable authentication for development */
+		disable_auth = <0x0>;
 	};
 };

plat/arm/board/fvp/platform.mk

@@ -208,3 +208,11 @@ endif
 
 include plat/arm/board/common/board_common.mk
 include plat/arm/common/arm_common.mk
+
+# FVP being a development platform, enable capability to disable Authentication
+# dynamically if TRUSTED_BOARD_BOOT and LOAD_IMAGE_V2 is set.
+ifeq (${TRUSTED_BOARD_BOOT}, 1)
+    ifeq (${LOAD_IMAGE_V2}, 1)
+        DYN_DISABLE_AUTH	:=	1
+    endif
+endif

plat/arm/common/arm_bl2_setup.c

@@ -207,14 +207,21 @@ void bl2_early_platform_setup2(u_register_t arg0, u_register_t arg1, u_register_
 }
 
 /*
- * Perform ARM standard platform setup.
+ * Perform  BL2 preload setup. Currently we initialise the dynamic
+ * configuration here.
  */
-void arm_bl2_platform_setup(void)
+void bl2_plat_preload_setup(void)
 {
 #if LOAD_IMAGE_V2
 	arm_bl2_dyn_cfg_init();
 #endif
+}
 
+/*
+ * Perform ARM standard platform setup.
+ */
+void arm_bl2_platform_setup(void)
+{
 	/* Initialize the secure environment */
 	plat_arm_security_setup();
 

plat/arm/common/arm_common.mk

@@ -157,7 +157,6 @@ BL1_SOURCES		+=	drivers/arm/sp805/sp805.c			\
 				drivers/io/io_memmap.c				\
 				drivers/io/io_storage.c				\
 				plat/arm/common/arm_bl1_setup.c			\
-				plat/arm/common/arm_dyn_cfg.c			\
 				plat/arm/common/arm_err.c			\
 				plat/arm/common/arm_io_storage.c
 ifdef EL3_PAYLOAD_BASE
@@ -177,11 +176,15 @@ BL2_SOURCES		+=	drivers/delay_timer/delay_timer.c		\
 
 # Add `libfdt` and Arm common helpers required for Dynamic Config
 include lib/libfdt/libfdt.mk
-BL2_SOURCES		+=	plat/arm/common/arm_dyn_cfg.c		\
+
+DYN_CFG_SOURCES		+=	plat/arm/common/arm_dyn_cfg.c		\
 				plat/arm/common/arm_dyn_cfg_helpers.c	\
 				common/fdt_wrappers.c			\
 				${LIBFDT_SRCS}
 
+BL1_SOURCES		+=	${DYN_CFG_SOURCES}
+BL2_SOURCES		+=	${DYN_CFG_SOURCES}
+
 ifeq (${BL2_AT_EL3},1)
 BL2_SOURCES		+=	plat/arm/common/arm_bl2_el3_setup.c
 endif

plat/arm/common/arm_dyn_cfg.c

@@ -54,6 +54,24 @@ void arm_load_tb_fw_config(void)
 
 	INFO("BL1: TB_FW_CONFIG loaded at address = %p\n",
 			(void *) config_base);
+
+#if TRUSTED_BOARD_BOOT && defined(DYN_DISABLE_AUTH)
+	int tb_fw_node;
+	uint32_t disable_auth = 0;
+
+	err = arm_dyn_tb_fw_cfg_init((void *)config_base, &tb_fw_node);
+	if (err < 0) {
+		WARN("Invalid TB_FW_CONFIG loaded\n");
+		return;
+	}
+
+	err = arm_dyn_get_disable_auth((void *)config_base, tb_fw_node, &disable_auth);
+	if (err < 0)
+		return;
+
+	if (disable_auth == 1)
+		dyn_disable_auth();
+#endif
 }
 
 /*
@@ -104,6 +122,18 @@ void arm_bl2_dyn_cfg_init(void)
 
 	/* Remove the IMAGE_ATTRIB_SKIP_LOADING attribute from HW_CONFIG node */
 	hw_cfg_mem_params->image_info.h.attr &= ~IMAGE_ATTRIB_SKIP_LOADING;
+
+#if TRUSTED_BOARD_BOOT && defined(DYN_DISABLE_AUTH)
+	uint32_t disable_auth = 0;
+
+	err = arm_dyn_get_disable_auth((void *)tb_fw_cfg_dtb, tb_fw_node,
+					&disable_auth);
+	if (err < 0)
+		return;
+
+	if (disable_auth == 1)
+		dyn_disable_auth();
+#endif
 }
 
 #endif /* LOAD_IMAGE_V2 */

plat/arm/common/arm_dyn_cfg_helpers.c

@@ -63,6 +63,51 @@ int arm_dyn_get_hwconfig_info(void *dtb, int node,
 	return 0;
 }
 
+/*******************************************************************************
+ * Helper to read the `disable_auth` property in config DTB. This function
+ * expects the following properties to be present in the config DTB.
+ *	name : disable_auth		size : 1 cell
+ *
+ * Arguments:
+ *	void *dtb		 - pointer to the TB_FW_CONFIG in memory
+ *	int node		 - The node offset to appropriate node in the
+ *				   DTB.
+ *	uint64_t *disable_auth	 - The value of `disable_auth` property on
+ *				   successful read. Must be 0 or 1.
+ *
+ * Returns 0 on success and -1 on error.
+ ******************************************************************************/
+int arm_dyn_get_disable_auth(void *dtb, int node, uint32_t *disable_auth)
+{
+	int err;
+
+	assert(dtb != NULL);
+	assert(disable_auth != NULL);
+
+	/* Check if the pointer to DT is correct */
+	assert(fdt_check_header(dtb) == 0);
+
+	/* Assert the node offset point to "arm,tb_fw" compatible property */
+	assert(node == fdt_node_offset_by_compatible(dtb, -1, "arm,tb_fw"));
+
+	/* Locate the disable_auth cell and read the value */
+	err = fdtw_read_cells(dtb, node, "disable_auth", 1, disable_auth);
+	if (err < 0) {
+		WARN("Read cell failed for `disable_auth`\n");
+		return -1;
+	}
+
+	/* Check if the value is boolean */
+	if (*disable_auth != 0 && *disable_auth != 1) {
+		WARN("Invalid value for `disable_auth` cell %d\n", *disable_auth);
+		return -1;
+	}
+
+	VERBOSE("Dyn cfg: `disable_auth` cell found with value = %d\n",
+					*disable_auth);
+	return 0;
+}
+
 /*******************************************************************************
  * Validate the tb_fw_config is a valid DTB file and returns the node offset
  * to "arm,tb_fw" property.