refactor(fvp): avoid Measured-Boot dependency on Trusted-Boot

As Measured-Boot and Trusted-Boot are orthogonal, removed Trusted-Boot's dependency on Measured-Boot by allowing them to apply the Crypto module changes independently using the CRYPTO_SUPPORT build flag. Change-Id: I5a420e5d84f3fefe0c0092d822dab981e6390bbf Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2025-04-18 02:24:18 +00:00 · 2022-01-08 23:08:02 +00:00 · 2022-01-08 23:08:02 +00:00 · 88c51c3f20
commit 88c51c3f20
parent 0aa0b3afd6
7 changed files with 63 additions and 46 deletions
--- a/plat/arm/board/fvp/fvp_bl2_measured_boot.c
+++ b/plat/arm/board/fvp/fvp_bl2_measured_boot.c
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -87,6 +87,7 @@ int plat_mboot_measure_critical_data(unsigned int critical_data_id,
 	return 0;
 }

+#if TRUSTED_BOARD_BOOT
 static int fvp_populate_critical_data(struct fvp_critical_data *critical_data)
 {
 	char *nv_ctr_oids[MAX_NV_CTR_IDS] = {
@ -104,17 +105,26 @@ static int fvp_populate_critical_data(struct fvp_critical_data *critical_data)

 	return 0;
 }
+#endif /* TRUSTED_BOARD_BOOT */

 static int fvp_populate_and_measure_critical_data(void)
 {
+	int rc = 0;
+
+/*
+ * FVP platform only measures 'platform NV-counter' and hence its
+ * measurement makes sense during Trusted-Boot flow only.
+ */
+#if TRUSTED_BOARD_BOOT
 	struct fvp_critical_data populate_critical_data;

-	int rc = fvp_populate_critical_data(&populate_critical_data);
+	rc = fvp_populate_critical_data(&populate_critical_data);
 	if (rc == 0) {
 		rc = plat_mboot_measure_critical_data(CRITICAL_DATA_ID,
 						&populate_critical_data,
 						sizeof(populate_critical_data));
 	}
+#endif /* TRUSTED_BOARD_BOOT */

 	return rc;
 }
--- a/plat/arm/board/fvp/fvp_common.c
+++ b/plat/arm/board/fvp/fvp_common.c
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -117,10 +117,15 @@ const mmap_region_t plat_arm_mmap[] = {
 #if TRUSTED_BOARD_BOOT
 	/* To access the Root of Trust Public Key registers. */
 	MAP_DEVICE2,
-#if !BL2_AT_EL3
-	ARM_MAP_BL1_RW,
-#endif
 #endif /* TRUSTED_BOARD_BOOT */
+
+#if CRYPTO_SUPPORT && !BL2_AT_EL3
+	/*
+	 * To access shared the Mbed TLS heap while booting the
+	 * system with Crypto support
+	 */
+	ARM_MAP_BL1_RW,
+#endif /* CRYPTO_SUPPORT && !BL2_AT_EL3 */
 #if SPM_MM
 	ARM_SP_IMAGE_MMAP,
 #endif
@ -444,7 +449,7 @@ void fvp_interconnect_disable(void)
 #endif
 }

-#if TRUSTED_BOARD_BOOT
+#if CRYPTO_SUPPORT
 int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size)
 {
 	assert(heap_addr != NULL);
@ -452,7 +457,7 @@ int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size)

 	return arm_get_mbedtls_heap(heap_addr, heap_size);
 }
-#endif
+#endif /* CRYPTO_SUPPORT */

 void fvp_timer_init(void)
 {
--- a/plat/arm/board/fvp/include/platform_def.h
+++ b/plat/arm/board/fvp/include/platform_def.h
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2022, Arm Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -144,12 +144,10 @@
 * PLAT_ARM_MAX_BL2_SIZE is calculated using the current BL2 debug size plus a
 * little space for growth.
 */
-#if TRUSTED_BOARD_BOOT
-#if COT_DESC_IN_DTB
+#if TRUSTED_BOARD_BOOT && COT_DESC_IN_DTB
 # define PLAT_ARM_MAX_BL2_SIZE	(UL(0x1E000) - FVP_BL2_ROMLIB_OPTIMIZATION)
-#else
+#elif CRYPTO_SUPPORT
 # define PLAT_ARM_MAX_BL2_SIZE	(UL(0x1D000) - FVP_BL2_ROMLIB_OPTIMIZATION)
-#endif
 #else
 # define PLAT_ARM_MAX_BL2_SIZE	(UL(0x13000) - FVP_BL2_ROMLIB_OPTIMIZATION)
 #endif
@ -187,17 +185,17 @@
 * Size of cacheable stacks
 */
 #if defined(IMAGE_BL1)
-# if TRUSTED_BOARD_BOOT
+# if CRYPTO_SUPPORT
 #  define PLATFORM_STACK_SIZE		UL(0x1000)
 # else
 #  define PLATFORM_STACK_SIZE		UL(0x500)
-# endif
+# endif /* CRYPTO_SUPPORT */
 #elif defined(IMAGE_BL2)
-# if TRUSTED_BOARD_BOOT
+# if CRYPTO_SUPPORT
 #  define PLATFORM_STACK_SIZE		UL(0x1000)
 # else
 #  define PLATFORM_STACK_SIZE		UL(0x600)
-# endif
+# endif /* CRYPTO_SUPPORT */
 #elif defined(IMAGE_BL2U)
 # define PLATFORM_STACK_SIZE		UL(0x400)
 #elif defined(IMAGE_BL31)
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@ -1,5 +1,5 @@
 #
-# Copyright (c) 2013-2021, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@ -376,10 +376,6 @@ endif
 include plat/arm/board/common/board_common.mk
 include plat/arm/common/arm_common.mk

-ifeq (${TRUSTED_BOARD_BOOT}, 1)
-BL1_SOURCES		+=	plat/arm/board/fvp/fvp_trusted_boot.c
-BL2_SOURCES		+=	plat/arm/board/fvp/fvp_trusted_boot.c
-
 ifeq (${MEASURED_BOOT},1)
 BL1_SOURCES		+=	plat/arm/board/fvp/fvp_common_measured_boot.c	\
 				plat/arm/board/fvp/fvp_bl1_measured_boot.c
@ -387,6 +383,10 @@ BL2_SOURCES		+=	plat/arm/board/fvp/fvp_common_measured_boot.c	\
 				plat/arm/board/fvp/fvp_bl2_measured_boot.c
 endif

+ifeq (${TRUSTED_BOARD_BOOT}, 1)
+BL1_SOURCES		+=	plat/arm/board/fvp/fvp_trusted_boot.c
+BL2_SOURCES		+=	plat/arm/board/fvp/fvp_trusted_boot.c
+
 # FVP being a development platform, enable capability to disable Authentication
 # dynamically if TRUSTED_BOARD_BOOT is set.
 DYN_DISABLE_AUTH	:=	1
--- a/plat/arm/common/arm_bl1_setup.c
+++ b/plat/arm/common/arm_bl1_setup.c
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -202,10 +202,10 @@ void arm_bl1_platform_setup(void)
 	assert(desc != NULL);
 	desc->ep_info.args.arg0 = fw_config_info->config_addr;

-#if TRUSTED_BOARD_BOOT
+#if CRYPTO_SUPPORT
 	/* Share the Mbed TLS heap info with other images */
 	arm_bl1_set_mbedtls_heap();
-#endif /* TRUSTED_BOARD_BOOT */
+#endif /* CRYPTO_SUPPORT */

 	/*
 	 * Allow access to the System counter timer module and program
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@ -1,5 +1,5 @@
 #
-# Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@ -358,10 +358,8 @@ endif
 ifneq (${TRUSTED_BOARD_BOOT},0)

    # Include common TBB sources
-    AUTH_SOURCES	:=	drivers/auth/auth_mod.c				\
-				drivers/auth/crypto_mod.c			\
-				drivers/auth/img_parser_mod.c			\
-				lib/fconf/fconf_tbbr_getter.c
+    AUTH_SOURCES 	:= 	drivers/auth/auth_mod.c	\
+				drivers/auth/img_parser_mod.c

    # Include the selected chain of trust sources.
    ifeq (${COT},tbbr)
@ -389,6 +387,12 @@ ifneq (${TRUSTED_BOARD_BOOT},0)

    $(eval $(call TOOL_ADD_IMG,ns_bl2u,--fwu,FWU_))

+    IMG_PARSER_LIB_MK := drivers/auth/mbedtls/mbedtls_x509.mk
+
+    $(info Including ${IMG_PARSER_LIB_MK})
+    include ${IMG_PARSER_LIB_MK}
+endif
+
 # Include Measured Boot makefile before any Crypto library makefile.
 # Crypto library makefile may need default definitions of Measured Boot build
 # flags present in Measured Boot makefile.
@ -398,20 +402,21 @@ ifeq (${MEASURED_BOOT},1)
    include ${MEASURED_BOOT_MK}
 endif

+ifneq ($(filter 1,${MEASURED_BOOT} ${TRUSTED_BOARD_BOOT}),)
+    CRYPTO_SOURCES	:=	drivers/auth/crypto_mod.c 	\
+				lib/fconf/fconf_tbbr_getter.c
+    BL1_SOURCES		+=	${CRYPTO_SOURCES}
+    BL2_SOURCES		+=	${CRYPTO_SOURCES}
+
    # We expect to locate the *.mk files under the directories specified below
-ifeq (${ARM_CRYPTOCELL_INTEG},0)
-    CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
-else
-    CRYPTO_LIB_MK := drivers/auth/cryptocell/cryptocell_crypto.mk
-endif
-    IMG_PARSER_LIB_MK := drivers/auth/mbedtls/mbedtls_x509.mk
+    ifeq (${ARM_CRYPTOCELL_INTEG},0)
+        CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
+    else
+        CRYPTO_LIB_MK := drivers/auth/cryptocell/cryptocell_crypto.mk
+    endif

    $(info Including ${CRYPTO_LIB_MK})
    include ${CRYPTO_LIB_MK}
-
-    $(info Including ${IMG_PARSER_LIB_MK})
-    include ${IMG_PARSER_LIB_MK}
-
 endif

 ifeq (${RECLAIM_INIT_CODE}, 1)
@ -419,4 +424,3 @@ ifeq (${RECLAIM_INIT_CODE}, 1)
        $(error "To reclaim init code xlat tables v2 must be used")
    endif
 endif
-
--- a/plat/arm/common/arm_dyn_cfg.c
+++ b/plat/arm/common/arm_dyn_cfg.c
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018-2021, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2022, Arm Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -13,9 +13,9 @@
 #include <common/debug.h>
 #include <common/desc_image_load.h>
 #include <common/tbbr/tbbr_img_def.h>
-#if TRUSTED_BOARD_BOOT
+#if CRYPTO_SUPPORT
 #include <drivers/auth/mbedtls/mbedtls_config.h>
-#endif
+#endif /* CRYPTO_SUPPORT */
 #include <lib/fconf/fconf.h>
 #include <lib/fconf/fconf_dyn_cfg_getter.h>
 #include <lib/fconf/fconf_tbbr_getter.h>
@ -23,7 +23,7 @@
 #include <plat/arm/common/arm_dyn_cfg_helpers.h>
 #include <plat/arm/common/plat_arm.h>

-#if TRUSTED_BOARD_BOOT
+#if CRYPTO_SUPPORT

 static void *mbedtls_heap_addr;
 static size_t mbedtls_heap_size;
@ -118,7 +118,7 @@ void arm_bl1_set_mbedtls_heap(void)
 #endif /* !MEASURED_BOOT */
 	}
 }
-#endif /* TRUSTED_BOARD_BOOT */
+#endif /* CRYPTO_SUPPORT */

 /*
 * BL2 utility function to initialize dynamic configuration specified by