Merge changes from topic "fw_config_handoff" into integration

* changes:
  doc: Update memory layout for firmware configuration area
  plat/arm: Increase size of firmware configuration area
  plat/arm: Load and populate fw_config and tb_fw_config
  fconf: Handle error from fconf_load_config
  plat/arm: Update the fw_config load call and populate it's information
  fconf: Allow fconf to load additional firmware configuration
  fconf: Clean confused naming between TB_FW and FW_CONFIG
  tbbr/dualroot: Add fw_config image in chain of trust
  cert_tool: Update cert_tool for fw_config image support
  fiptool: Add fw_config in FIP
  plat/arm: Rentroduce tb_fw_config device tree

docs/design/firmware-design.rst

@@ -83,6 +83,10 @@ Each of the Boot Loader stages may be dynamically configured if required by the
 platform. The Boot Loader stage may optionally specify a firmware
 configuration file and/or hardware configuration file as listed below:
 
+-  FW_CONFIG - The firmware configuration file. Holds properties shared across
+   all BLx images.
+   An example is the "dtb-registry" node, which contains the information about
+   the other device tree configurations (load-address, size, image_id).
 -  HW_CONFIG - The hardware configuration file. Can be shared by all Boot Loader
    stages and also by the Normal World Rich OS.
 -  TB_FW_CONFIG - Trusted Boot Firmware configuration file. Shared between BL1
@@ -109,8 +113,8 @@ convention:
    the generic hardware configuration is passed the next available argument.
    For example,
 
-   -  If TB_FW_CONFIG is loaded by BL1, then its address is passed in ``arg0``
-      to BL2.
+   -  FW_CONFIG is loaded by BL1, then its address is passed in ``arg0`` to BL2.
+   -  TB_FW_CONFIG address is retrieved by BL2 from FW_CONFIG device tree.
    -  If HW_CONFIG is loaded by BL1, then its address is passed in ``arg2`` to
       BL2. Note, ``arg1`` is already used for meminfo_t.
    -  If SOC_FW_CONFIG is loaded by BL2, then its address is passed in ``arg1``
@@ -1732,7 +1736,7 @@ CONFIG section in memory layouts shown below contains:
 ``bl2_mem_params_descs`` contains parameters passed from BL2 to next the
 BL image during boot.
 
-``fw_configs`` includes soc_fw_config, tos_fw_config and tb_fw_config.
+``fw_configs`` includes soc_fw_config, tos_fw_config, tb_fw_config and fw_config.
 
 **FVP with TSP in Trusted SRAM with firmware configs :**
 (These diagrams only cover the AArch64 case)
@@ -1757,7 +1761,7 @@ BL image during boot.
                |          |  <<<<<<<<<<<<<  | BL31 PROGBITS  |
                |          |  <<<<<<<<<<<<<  |----------------|
                |          |  <<<<<<<<<<<<<  |     BL32       |
-    0x04002000 +----------+                 +----------------+
+    0x04003000 +----------+                 +----------------+
                |  CONFIG  |
     0x04001000 +----------+
                |  Shared  |
@@ -1794,7 +1798,7 @@ BL image during boot.
                |--------------|  <<<<<<<<<<<<<  |----------------|
                |              |  <<<<<<<<<<<<<  | BL31 PROGBITS  |
                |              |                 +----------------+
-               +--------------+
+    0x04003000 +--------------+
                |    CONFIG    |
     0x04001000 +--------------+
                |    Shared    |
@@ -1828,7 +1832,7 @@ BL image during boot.
                |----------|  <<<<<<<<<<<<<  |----------------|
                |          |  <<<<<<<<<<<<<  | BL31 PROGBITS  |
                |          |                 +----------------+
-    0x04002000 +----------+
+    0x04003000 +----------+
                |  CONFIG  |
     0x04001000 +----------+
                |  Shared  |

drivers/arm/css/scp/css_bom_bootloader.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2020, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -51,13 +51,13 @@ typedef struct {
  * All CSS platforms load SCP_BL2/SCP_BL2U just below BL2 (this is where BL31
  * usually resides except when ARM_BL31_IN_DRAM is
  * set). Ensure that SCP_BL2/SCP_BL2U do not overflow into shared RAM and
- * the tb_fw_config.
+ * the fw_config.
  */
 CASSERT(SCP_BL2_LIMIT <= BL2_BASE, assert_scp_bl2_overwrite_bl2);
 CASSERT(SCP_BL2U_LIMIT <= BL2_BASE, assert_scp_bl2u_overwrite_bl2);
 
-CASSERT(SCP_BL2_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_scp_bl2_overflow);
-CASSERT(SCP_BL2U_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_scp_bl2u_overflow);
+CASSERT(SCP_BL2_BASE >= ARM_FW_CONFIG_LIMIT, assert_scp_bl2_overflow);
+CASSERT(SCP_BL2U_BASE >= ARM_FW_CONFIG_LIMIT, assert_scp_bl2u_overflow);
 
 static void scp_boot_message_start(void)
 {

drivers/auth/dualroot/cot.c

@@ -16,6 +16,7 @@
  * Allocate static buffers to store the authentication parameters extracted from
  * the certificates.
  */
+static unsigned char fw_config_hash_buf[HASH_DER_LEN];
 static unsigned char tb_fw_hash_buf[HASH_DER_LEN];
 static unsigned char tb_fw_config_hash_buf[HASH_DER_LEN];
 static unsigned char hw_config_hash_buf[HASH_DER_LEN];
@@ -58,6 +59,8 @@ static auth_param_type_desc_t tb_fw_config_hash = AUTH_PARAM_TYPE_DESC(
 		AUTH_PARAM_HASH, TRUSTED_BOOT_FW_CONFIG_HASH_OID);
 static auth_param_type_desc_t hw_config_hash = AUTH_PARAM_TYPE_DESC(
 		AUTH_PARAM_HASH, HW_CONFIG_HASH_OID);
+static auth_param_type_desc_t fw_config_hash = AUTH_PARAM_TYPE_DESC(
+		AUTH_PARAM_HASH, FW_CONFIG_HASH_OID);
 #ifdef IMAGE_BL1
 static auth_param_type_desc_t scp_bl2u_hash = AUTH_PARAM_TYPE_DESC(
 		AUTH_PARAM_HASH, SCP_FWU_CFG_HASH_OID);
@@ -165,6 +168,13 @@ static const auth_img_desc_t trusted_boot_fw_cert = {
 				.ptr = (void *)hw_config_hash_buf,
 				.len = (unsigned int)HASH_DER_LEN
 			}
+		},
+		[3] = {
+			.type_desc = &fw_config_hash,
+			.data = {
+				.ptr = (void *)fw_config_hash_buf,
+				.len = (unsigned int)HASH_DER_LEN
+			}
 		}
 	}
 };
@@ -218,6 +228,22 @@ static const auth_img_desc_t tb_fw_config = {
 		}
 	}
 };
+
+static const auth_img_desc_t fw_config = {
+	.img_id = FW_CONFIG_ID,
+	.img_type = IMG_RAW,
+	.parent = &trusted_boot_fw_cert,
+	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
+		[0] = {
+			.type = AUTH_METHOD_HASH,
+			.param.hash = {
+				.data = &raw_data,
+				.hash = &fw_config_hash
+			}
+		}
+	}
+};
+
 #endif /* IMAGE_BL1 */
 
 #ifdef IMAGE_BL2
@@ -860,6 +886,7 @@ static const auth_img_desc_t * const cot_desc[] = {
 	[BL2_IMAGE_ID]				=	&bl2_image,
 	[HW_CONFIG_ID]				=	&hw_config,
 	[TB_FW_CONFIG_ID]			=	&tb_fw_config,
+	[FW_CONFIG_ID]				=	&fw_config,
 	[FWU_CERT_ID]				=	&fwu_cert,
 	[SCP_BL2U_IMAGE_ID]			=	&scp_bl2u_image,
 	[BL2U_IMAGE_ID]				=	&bl2u_image,

drivers/auth/tbbr/tbbr_cot_bl1.c

@@ -150,6 +150,21 @@ static const auth_img_desc_t tb_fw_config = {
 	}
 };
 
+static const auth_img_desc_t fw_config = {
+	.img_id = FW_CONFIG_ID,
+	.img_type = IMG_RAW,
+	.parent = &trusted_boot_fw_cert,
+	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
+		[0] = {
+			.type = AUTH_METHOD_HASH,
+			.param.hash = {
+				.data = &raw_data,
+				.hash = &fw_config_hash
+			}
+		}
+	}
+};
+
 /*
  * TBBR Chain of trust definition
  */
@@ -158,6 +173,7 @@ static const auth_img_desc_t * const cot_desc[] = {
 	[BL2_IMAGE_ID]				=	&bl2_image,
 	[HW_CONFIG_ID]				=	&hw_config,
 	[TB_FW_CONFIG_ID]			=	&tb_fw_config,
+	[FW_CONFIG_ID]				=	&fw_config,
 	[FWU_CERT_ID]				=	&fwu_cert,
 	[SCP_BL2U_IMAGE_ID]			=	&scp_bl2u_image,
 	[BL2U_IMAGE_ID]				=	&bl2u_image,

drivers/auth/tbbr/tbbr_cot_common.c

@@ -23,9 +23,10 @@
  * established, we can reuse some of the buffers on different stages
  */
 
+static unsigned char fw_config_hash_buf[HASH_DER_LEN];
+static unsigned char tb_fw_config_hash_buf[HASH_DER_LEN];
+static unsigned char hw_config_hash_buf[HASH_DER_LEN];
 unsigned char tb_fw_hash_buf[HASH_DER_LEN];
-unsigned char tb_fw_config_hash_buf[HASH_DER_LEN];
-unsigned char hw_config_hash_buf[HASH_DER_LEN];
 unsigned char scp_fw_hash_buf[HASH_DER_LEN];
 unsigned char nt_world_bl_hash_buf[HASH_DER_LEN];
 
@@ -48,7 +49,9 @@ auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC(
 	AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID);
 auth_param_type_desc_t tb_fw_config_hash = AUTH_PARAM_TYPE_DESC(
 	AUTH_PARAM_HASH, TRUSTED_BOOT_FW_CONFIG_HASH_OID);
-auth_param_type_desc_t hw_config_hash = AUTH_PARAM_TYPE_DESC(
+auth_param_type_desc_t fw_config_hash = AUTH_PARAM_TYPE_DESC(
+	AUTH_PARAM_HASH, FW_CONFIG_HASH_OID);
+static auth_param_type_desc_t hw_config_hash = AUTH_PARAM_TYPE_DESC(
 	AUTH_PARAM_HASH, HW_CONFIG_HASH_OID);
 
 /* trusted_boot_fw_cert */
@@ -95,6 +98,13 @@ const auth_img_desc_t trusted_boot_fw_cert = {
 				.ptr = (void *)hw_config_hash_buf,
 				.len = (unsigned int)HASH_DER_LEN
 			}
+		},
+		[3] = {
+			.type_desc = &fw_config_hash,
+			.data = {
+				.ptr = (void *)fw_config_hash_buf,
+				.len = (unsigned int)HASH_DER_LEN
+			}
 		}
 	}
 };

include/drivers/arm/css/css_scp.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2020, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -40,13 +40,13 @@ int css_scp_boot_ready(void);
 /*
  * All CSS platforms load SCP_BL2/SCP_BL2U just below BL2 (this is where BL31
  * usually resides except when ARM_BL31_IN_DRAM is
- * set). Ensure that SCP_BL2/SCP_BL2U do not overflow into tb_fw_config.
+ * set). Ensure that SCP_BL2/SCP_BL2U do not overflow into fw_config.
  */
 CASSERT(SCP_BL2_LIMIT <= BL2_BASE, assert_scp_bl2_overwrite_bl2);
 CASSERT(SCP_BL2U_LIMIT <= BL2_BASE, assert_scp_bl2u_overwrite_bl2);
 
-CASSERT(SCP_BL2_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_scp_bl2_overflow);
-CASSERT(SCP_BL2U_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_scp_bl2u_overflow);
+CASSERT(SCP_BL2_BASE >= ARM_FW_CONFIG_LIMIT, assert_scp_bl2_overflow);
+CASSERT(SCP_BL2U_BASE >= ARM_FW_CONFIG_LIMIT, assert_scp_bl2u_overflow);
 #endif
 
 #endif /* CSS_SCP_H */

include/drivers/auth/tbbr_cot_common.h

@@ -10,8 +10,6 @@
 #include <drivers/auth/auth_mod.h>
 
 extern unsigned char tb_fw_hash_buf[HASH_DER_LEN];
-extern unsigned char tb_fw_config_hash_buf[HASH_DER_LEN];
-extern unsigned char hw_config_hash_buf[HASH_DER_LEN];
 extern unsigned char scp_fw_hash_buf[HASH_DER_LEN];
 extern unsigned char nt_world_bl_hash_buf[HASH_DER_LEN];
 
@@ -23,7 +21,7 @@ extern auth_param_type_desc_t raw_data;
 
 extern auth_param_type_desc_t tb_fw_hash;
 extern auth_param_type_desc_t tb_fw_config_hash;
-extern auth_param_type_desc_t hw_config_hash;
+extern auth_param_type_desc_t fw_config_hash;
 
 extern const auth_img_desc_t trusted_boot_fw_cert;
 extern const auth_img_desc_t hw_config;

include/export/common/tbbr/tbbr_img_def_exp.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2019-2020, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -88,7 +88,10 @@
 /* Encrypted image identifier */
 #define ENC_IMAGE_ID			U(30)
 
+/* FW_CONFIG */
+#define FW_CONFIG_ID			U(31)
+
 /* Max Images */
-#define MAX_IMAGE_IDS			U(31)
+#define MAX_IMAGE_IDS			U(32)
 
 #endif /* ARM_TRUSTED_FIRMWARE_EXPORT_COMMON_TBBR_TBBR_IMG_DEF_EXP_H */

include/lib/fconf/fconf.h

@@ -43,8 +43,8 @@ struct fconf_populator {
 	int (*populate)(uintptr_t config);
 };
 
-/* Load firmware configuration dtb */
-void fconf_load_config(void);
+/* This function supports to load tb_fw_config and fw_config dtb */
+int fconf_load_config(unsigned int image_id);
 
 /* Top level populate function
  *

include/lib/fconf/fconf_dyn_cfg_getter.h

@@ -21,4 +21,7 @@ struct dyn_cfg_dtb_info_t {
 struct dyn_cfg_dtb_info_t *dyn_cfg_dtb_info_getter(unsigned int config_id);
 int fconf_populate_dtb_registry(uintptr_t config);
 
+/* Set fw_config information in global DTB array */
+void set_fw_config_info(uintptr_t config_addr, uint32_t config_max_size);
+
 #endif /* FCONF_DYN_CFG_GETTER_H */

include/plat/arm/common/arm_def.h

@@ -346,24 +346,24 @@
 #define CACHE_WRITEBACK_GRANULE		(U(1) << ARM_CACHE_WRITEBACK_SHIFT)
 
 /*
- * To enable TB_FW_CONFIG to be loaded by BL1, define the corresponding base
+ * To enable FW_CONFIG to be loaded by BL1, define the corresponding base
  * and limit. Leave enough space of BL2 meminfo.
  */
-#define ARM_TB_FW_CONFIG_BASE		(ARM_BL_RAM_BASE + sizeof(meminfo_t))
-#define ARM_TB_FW_CONFIG_LIMIT		(ARM_BL_RAM_BASE + (PAGE_SIZE / 2U))
+#define ARM_FW_CONFIG_BASE		(ARM_BL_RAM_BASE + sizeof(meminfo_t))
+#define ARM_FW_CONFIG_LIMIT		(ARM_BL_RAM_BASE + PAGE_SIZE)
 
 /*
  * Boot parameters passed from BL2 to BL31/BL32 are stored here
  */
-#define ARM_BL2_MEM_DESC_BASE		ARM_TB_FW_CONFIG_LIMIT
+#define ARM_BL2_MEM_DESC_BASE		ARM_FW_CONFIG_LIMIT
 #define ARM_BL2_MEM_DESC_LIMIT		(ARM_BL2_MEM_DESC_BASE +	\
 							(PAGE_SIZE / 2U))
 
 /*
  * Define limit of firmware configuration memory:
- * ARM_TB_FW_CONFIG + ARM_BL2_MEM_DESC memory
+ * ARM_FW_CONFIG + ARM_BL2_MEM_DESC memory
  */
-#define ARM_FW_CONFIG_LIMIT		(ARM_BL_RAM_BASE + PAGE_SIZE)
+#define ARM_FW_CONFIGS_LIMIT		(ARM_BL_RAM_BASE + (PAGE_SIZE * 2))
 
 /*******************************************************************************
  * BL1 specific defines.
@@ -461,7 +461,7 @@
  * SP_MIN is the only BL image in SRAM. Allocate the whole of SRAM (excluding
  * the page reserved for fw_configs) to BL32
  */
-#  define BL32_BASE			ARM_FW_CONFIG_LIMIT
+#  define BL32_BASE			ARM_FW_CONFIGS_LIMIT
 #  define BL32_LIMIT			(ARM_BL_RAM_BASE + ARM_BL_RAM_SIZE)
 # else
 /* Put BL32 below BL2 in the Trusted SRAM.*/
@@ -505,7 +505,7 @@
 #  define TSP_SEC_MEM_BASE		ARM_BL_RAM_BASE
 #  define TSP_SEC_MEM_SIZE		ARM_BL_RAM_SIZE
 #  define TSP_PROGBITS_LIMIT		BL31_BASE
-#  define BL32_BASE			ARM_FW_CONFIG_LIMIT
+#  define BL32_BASE			ARM_FW_CONFIGS_LIMIT
 #  define BL32_LIMIT			BL31_BASE
 # elif ARM_TSP_RAM_LOCATION_ID == ARM_TRUSTED_DRAM_ID
 #  define TSP_SEC_MEM_BASE		PLAT_ARM_TRUSTED_DRAM_BASE

include/plat/arm/common/plat_arm.h

@@ -190,7 +190,7 @@ void arm_bl1_platform_setup(void);
 void arm_bl1_plat_arch_setup(void);
 
 /* BL2 utility functions */
-void arm_bl2_early_platform_setup(uintptr_t tb_fw_config, struct meminfo *mem_layout);
+void arm_bl2_early_platform_setup(uintptr_t fw_config, struct meminfo *mem_layout);
 void arm_bl2_platform_setup(void);
 void arm_bl2_plat_arch_setup(void);
 uint32_t arm_get_spsr_for_bl32_entry(void);

include/tools_share/firmware_image_package.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2020, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -77,6 +77,8 @@
 	{{0x26,  0x25, 0x7c, 0x1a}, {0xdb, 0xc6}, {0x7f, 0x47}, 0x8d, 0x96, {0xc4, 0xc4, 0xb0, 0x24, 0x80, 0x21} }
 #define UUID_NT_FW_CONFIG \
 	{{0x28,  0xda, 0x98, 0x15}, {0x93, 0xe8}, {0x7e, 0x44}, 0xac, 0x66, {0x1a, 0xaf, 0x80, 0x15, 0x50, 0xf9} }
+#define UUID_FW_CONFIG \
+	{{0x58,  0x07, 0xe1, 0x6a}, {0x84, 0x59}, {0x47, 0xbe}, 0x8e, 0xd5, {0x64, 0x8e, 0x8d, 0xdd, 0xab, 0x0e} }
 
 typedef struct fip_toc_header {
 	uint32_t	name;

include/tools_share/tbbr_oid.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -43,6 +43,7 @@
 #define TRUSTED_BOOT_FW_HASH_OID		"1.3.6.1.4.1.4128.2100.201"
 #define TRUSTED_BOOT_FW_CONFIG_HASH_OID		"1.3.6.1.4.1.4128.2100.202"
 #define HW_CONFIG_HASH_OID			"1.3.6.1.4.1.4128.2100.203"
+#define FW_CONFIG_HASH_OID			"1.3.6.1.4.1.4128.2100.204"
 
 /*
  * Trusted Key Certificate

lib/debugfs/devfip.c

@@ -73,6 +73,7 @@ static const struct uuidnames uuidnames[] = {
 	{"soc-fw.cfg",		UUID_SOC_FW_CONFIG},
 	{"tos-fw.cfg",		UUID_TOS_FW_CONFIG},
 	{"nt-fw.cfg",		UUID_NT_FW_CONFIG},
+	{"fw.cfg",		UUID_FW_CONFIG},
 	{"rot-k.crt",		UUID_ROT_KEY_CERT},
 	{"nt-k.crt",		UUID_NON_TRUSTED_WORLD_KEY_CERT},
 	{"sip-sp.crt",		UUID_SIP_SECURE_PARTITION_CONTENT_CERT}

lib/fconf/fconf.c

@@ -9,48 +9,43 @@
 #include <common/debug.h>
 #include <common/fdt_wrappers.h>
 #include <lib/fconf/fconf.h>
+#include <lib/fconf/fconf_dyn_cfg_getter.h>
 #include <libfdt.h>
 #include <plat/common/platform.h>
 #include <platform_def.h>
 
-struct fconf_dtb_info_t fconf_dtb_info;
-
-void fconf_load_config(void)
+int fconf_load_config(unsigned int image_id)
 {
 	int err;
-	/* fconf FW_CONFIG and TB_FW_CONFIG are currently the same DTB */
-	image_info_t arm_tb_fw_info = {
+	const struct dyn_cfg_dtb_info_t *config_info;
+
+	assert((image_id == FW_CONFIG_ID) || (image_id == TB_FW_CONFIG_ID));
+
+	image_info_t config_image_info = {
 		.h.type = (uint8_t)PARAM_IMAGE_BINARY,
 		.h.version = (uint8_t)VERSION_2,
 		.h.size = (uint16_t)sizeof(image_info_t),
-		.h.attr = 0,
-		.image_base = ARM_TB_FW_CONFIG_BASE,
-		.image_max_size = (uint32_t)
-				(ARM_TB_FW_CONFIG_LIMIT - ARM_TB_FW_CONFIG_BASE)
+		.h.attr = 0
 	};
 
-	VERBOSE("FCONF: Loading FW_CONFIG\n");
-	err = load_auth_image(TB_FW_CONFIG_ID, &arm_tb_fw_info);
+	config_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, image_id);
+	assert(config_info != NULL);
+
+	config_image_info.image_base = config_info->config_addr;
+	config_image_info.image_max_size =
+		(uint32_t)config_info->config_max_size;
+
+	VERBOSE("FCONF: Loading config with image ID: %d\n", image_id);
+	err = load_auth_image(image_id, &config_image_info);
 	if (err != 0) {
-		/* Return if FW_CONFIG is not loaded */
-		VERBOSE("FW_CONFIG not loaded, continuing without it\n");
-		return;
+		VERBOSE("Failed to load config %d\n", image_id);
+		return err;
 	}
 
-	/* At this point we know that a DTB is indeed available */
-	fconf_dtb_info.base_addr = arm_tb_fw_info.image_base;
-	fconf_dtb_info.size = (size_t)arm_tb_fw_info.image_size;
+	INFO("FCONF: Config file with image ID:%d loaded at address = 0x%lx\n",
+		image_id, config_image_info.image_base);
 
-#if !BL2_AT_EL3
-	image_desc_t *desc;
-
-	/* The BL2 ep_info arg0 is modified to point to FW_CONFIG */
-	desc = bl1_plat_get_image_desc(BL2_IMAGE_ID);
-	assert(desc != NULL);
-	desc->ep_info.args.arg0 = arm_tb_fw_info.image_base;
-#endif
-
-	INFO("FCONF: FW_CONFIG loaded at address = 0x%lx\n", arm_tb_fw_info.image_base);
+	return 0;
 }
 
 void fconf_populate(const char *config_type, uintptr_t config)
@@ -81,7 +76,4 @@ void fconf_populate(const char *config_type, uintptr_t config)
 			}
 		}
 	}
-
-	/* save local pointer to the config dtb */
-	fconf_dtb_info.base_addr = config;
 }

lib/fconf/fconf.mk

@@ -8,5 +8,5 @@
 FCONF_SOURCES		:=	lib/fconf/fconf.c
 FCONF_DYN_SOURCES	:=	lib/fconf/fconf_dyn_cfg_getter.c
 
-BL1_SOURCES		+=	${FCONF_SOURCES}
+BL1_SOURCES		+=	${FCONF_SOURCES} ${FCONF_DYN_SOURCES}
 BL2_SOURCES		+=	${FCONF_SOURCES} ${FCONF_DYN_SOURCES}

lib/fconf/fconf_dyn_cfg_getter.c

@@ -12,12 +12,27 @@
 #include <lib/object_pool.h>
 #include <libfdt.h>
 
-/* We currently use TB_FW, SOC_FW, TOS_FW, NS_fw and HW configs  */
-#define MAX_DTB_INFO	U(5)
+/* We currently use FW, TB_FW, SOC_FW, TOS_FW, NS_fw and HW configs  */
+#define MAX_DTB_INFO	U(6)
 
 static struct dyn_cfg_dtb_info_t dtb_infos[MAX_DTB_INFO];
 static OBJECT_POOL_ARRAY(dtb_info_pool, dtb_infos);
 
+/*
+ * This function is used to alloc memory for fw config information from
+ * global pool and set fw configuration information.
+ * Specifically used by BL1 to set fw_config information in global array
+ */
+void set_fw_config_info(uintptr_t config_addr, uint32_t config_max_size)
+{
+	struct dyn_cfg_dtb_info_t *dtb_info;
+
+	dtb_info = pool_alloc(&dtb_info_pool);
+	dtb_info->config_addr = config_addr;
+	dtb_info->config_max_size = config_max_size;
+	dtb_info->config_id = FW_CONFIG_ID;
+}
+
 struct dyn_cfg_dtb_info_t *dyn_cfg_dtb_info_getter(unsigned int config_id)
 {
 	unsigned int index;
@@ -48,6 +63,30 @@ int fconf_populate_dtb_registry(uintptr_t config)
 	/* As libfdt use void *, we can't avoid this cast */
 	const void *dtb = (void *)config;
 
+	/*
+	 * Compile time assert if FW_CONFIG_ID is 0 which is more
+	 * unlikely as 0 is a valid image id for FIP as per the current
+	 * code but still to avoid code breakage in case of unlikely
+	 * event when image ids gets changed.
+	 */
+	CASSERT(FW_CONFIG_ID != 0, assert_invalid_fw_config_id);
+
+	/*
+	 * In case of BL1, fw_config dtb information is already
+	 * populated in global dtb_infos array by 'set_fw_config_info'
+	 * function, Below check is present to avoid re-population of
+	 * fw_config information.
+	 *
+	 * Other BLs, satisfy below check and populate fw_config information
+	 * in global dtb_infos array.
+	 */
+	if (dtb_infos[0].config_id == 0) {
+		dtb_info = pool_alloc(&dtb_info_pool);
+		dtb_info->config_addr = config;
+		dtb_info->config_max_size = fdt_totalsize(dtb);
+		dtb_info->config_id = FW_CONFIG_ID;
+	}
+
 	/* Find the node offset point to "fconf,dyn_cfg-dtb_registry" compatible property */
 	const char *compatible_str = "fconf,dyn_cfg-dtb_registry";
 	node = fdt_node_offset_by_compatible(dtb, -1, compatible_str);
@@ -98,4 +137,4 @@ int fconf_populate_dtb_registry(uintptr_t config)
 	return 0;
 }
 
-FCONF_REGISTER_POPULATOR(TB_FW, dyn_cfg, fconf_populate_dtb_registry);
+FCONF_REGISTER_POPULATOR(FW_CONFIG, dyn_cfg, fconf_populate_dtb_registry);

plat/arm/board/a5ds/fdts/a5ds_fw_config.dts

@@ -12,9 +12,8 @@
 	dtb-registry {
 		compatible = "fconf,dyn_cfg-dtb_registry";
 
-		/* tb_fw_config is temporarily contained in this dtb */
 		tb_fw-config {
-			load-address = <0x0 0x2001010>;
+			load-address = <0x0 0x2001300>;
 			max-size = <0x200>;
 			id = <TB_FW_CONFIG_ID>;
 		};
@@ -25,11 +24,4 @@
 			id = <HW_CONFIG_ID>;
 		};
 	};
-
-	tb_fw-config {
-		compatible = "arm,tb_fw";
-
-		/* Disable authentication for development */
-		disable_auth = <0x0>;
-	};
 };

plat/arm/board/a5ds/fdts/a5ds_tb_fw_config.dts

@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/dts-v1/;
+
+/ {
+	tb_fw-config {
+		compatible = "arm,tb_fw";
+
+		/* Disable authentication for development */
+		disable_auth = <0x0>;
+	};
+};

plat/arm/board/a5ds/include/platform_def.h

@@ -188,11 +188,11 @@
 #define CACHE_WRITEBACK_GRANULE		(U(1) << ARM_CACHE_WRITEBACK_SHIFT)
 
 /*
- * To enable TB_FW_CONFIG to be loaded by BL1, define the corresponding base
+ * To enable FW_CONFIG to be loaded by BL1, define the corresponding base
  * and limit. Leave enough space of BL2 meminfo.
  */
-#define ARM_TB_FW_CONFIG_BASE		(ARM_BL_RAM_BASE + sizeof(meminfo_t))
-#define ARM_TB_FW_CONFIG_LIMIT		(ARM_BL_RAM_BASE + PAGE_SIZE)
+#define ARM_FW_CONFIG_BASE		(ARM_BL_RAM_BASE + sizeof(meminfo_t))
+#define ARM_FW_CONFIG_LIMIT		(ARM_BL_RAM_BASE + PAGE_SIZE)
 
 /*******************************************************************************
  * BL1 specific defines.
@@ -220,7 +220,7 @@
 #define BL2_LIMIT			BL1_RW_BASE
 
 /* Put BL32 below BL2 in NS DRAM.*/
-#define ARM_BL2_MEM_DESC_BASE		ARM_TB_FW_CONFIG_LIMIT
+#define ARM_BL2_MEM_DESC_BASE		ARM_FW_CONFIG_LIMIT
 
 #define BL32_BASE			((ARM_BL_RAM_BASE + ARM_BL_RAM_SIZE)\
 						- PLAT_ARM_MAX_BL32_SIZE)

plat/arm/board/a5ds/platform.mk

@@ -72,10 +72,13 @@ BL2_SOURCES		+=	lib/aarch32/arm32_aeabi_divmod.c		\
 # Add the FDT_SOURCES and options for Dynamic Config (only for Unix env)
 ifdef UNIX_MK
 
-FVP_TB_FW_CONFIG	:=	${BUILD_PLAT}/fdts/a5ds_fw_config.dtb
+FW_CONFIG	:=      ${BUILD_PLAT}/fdts/a5ds_fw_config.dtb
+TB_FW_CONFIG	:=	${BUILD_PLAT}/fdts/a5ds_tb_fw_config.dtb
 
 # Add the TB_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FVP_TB_FW_CONFIG},--tb-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
+# Add the FW_CONFIG to FIP and specify the same to certtool
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
 
 $(eval FVP_HW_CONFIG	:=	${BUILD_PLAT}/$(patsubst %.dts,%.dtb, \
 	fdts/$(notdir ${FVP_HW_CONFIG_DTS})))
@@ -83,6 +86,7 @@ $(eval FVP_HW_CONFIG	:=	${BUILD_PLAT}/$(patsubst %.dts,%.dtb, \
 $(eval $(call TOOL_ADD_PAYLOAD,${FVP_HW_CONFIG},--hw-config))
 
 FDT_SOURCES		+=	plat/arm/board/a5ds/fdts/a5ds_fw_config.dts \
+				plat/arm/board/a5ds/fdts/a5ds_tb_fw_config.dts \
 					${FVP_HW_CONFIG_DTS}
 endif
 

plat/arm/board/corstone700/include/platform_def.h

@@ -83,11 +83,11 @@
 #define ARM_CACHE_WRITEBACK_SHIFT	6
 
 /*
- * To enable TB_FW_CONFIG to be loaded by BL1, define the corresponding base
+ * To enable FW_CONFIG to be loaded by BL1, define the corresponding base
  * and limit. Leave enough space for BL2 meminfo.
  */
-#define ARM_TB_FW_CONFIG_BASE		(ARM_BL_RAM_BASE + sizeof(meminfo_t))
-#define ARM_TB_FW_CONFIG_LIMIT		(ARM_BL_RAM_BASE + (PAGE_SIZE / 2U))
+#define ARM_FW_CONFIG_BASE		(ARM_BL_RAM_BASE + sizeof(meminfo_t))
+#define ARM_FW_CONFIG_LIMIT		(ARM_BL_RAM_BASE + (PAGE_SIZE / 2U))
 
 /*
  * The max number of regions like RO(code), coherent and data required by

plat/arm/board/fvp/fdts/fvp_fw_config.dts

@@ -12,9 +12,8 @@
 	dtb-registry {
 		compatible = "fconf,dyn_cfg-dtb_registry";
 
-		/* tb_fw_config is temporarily contained on this dtb */
 		tb_fw-config {
-			load-address = <0x0 0x4001010>;
+			load-address = <0x0 0x4001300>;
 			max-size = <0x200>;
 			id = <TB_FW_CONFIG_ID>;
 		};
@@ -49,83 +48,4 @@
 			id = <NT_FW_CONFIG_ID>;
 		};
 	};
-
-	tb_fw-config {
-		compatible = "arm,tb_fw";
-
-		/* Disable authentication for development */
-		disable_auth = <0x0>;
-
-		/*
-		 * The following two entries are placeholders for Mbed TLS
-		 * heap information. The default values don't matter since
-		 * they will be overwritten by BL1.
-		 * In case of having shared Mbed TLS heap between BL1 and BL2,
-		 * BL1 will populate these two properties with the respective
-		 * info about the shared heap. This info will be available for
-		 * BL2 in order to locate and re-use the heap.
-		 */
-		mbedtls_heap_addr = <0x0 0x0>;
-		mbedtls_heap_size = <0x0>;
-
-#if MEASURED_BOOT
-		/* BL2 image hash calculated by BL1 */
-		bl2_hash_data = [
-			00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-#if BL2_HASH_SIZE > 32
-			00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-#if BL2_HASH_SIZE > 48
-			00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-#endif /* > 48 */
-#endif /* > 32 */
-			00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00];
-#endif /* MEASURED_BOOT */
-	};
-
-	/*
-	 * Though TF-A is UUID RFC 4122 compliant meaning fields are stored in
-	 * network order (big endian), UUID's mentioned in this file are are
-	 * stored in machine order (little endian).
-	 * This will be fixed in future.
-	 */
-#if ARM_IO_IN_DTB
-	arm-io_policies {
-		fip-handles {
-			compatible = "arm,io-fip-handle";
-			scp_bl2_uuid = <0x3dfd6697 0x49e8be89 0xa1785dae 0x13826040>;
-			bl31_uuid = <0x6d08d447 0x4698fe4c 0x5029959b 0x005abdcb>;
-			bl32_uuid = <0x89e1d005 0x4713dc53 0xa502b8d 0x383e7a4b>;
-			bl32_extra1_uuid = <0x9bc2700b 0x40785a2a 0x560a659f 0x88827382>;
-			bl32_extra2_uuid = <0xb17ba88e 0x4d3fa2cf 0xbbe7fd85 0xd92002a5>;
-			bl33_uuid = <0xa7eed0d6 0x4bd5eafc 0x34998297 0xe4b634f2>;
-			hw_cfg_uuid = <0xd9f1b808 0x4993cfc9 0xbc6f62a9 0xcc65726b>;
-			soc_fw_cfg_uuid = <0x4b817999 0x46fb7603 0x268d8e8c 0xe059787f>;
-			tos_fw_cfg_uuid = <0x1a7c2526 0x477fc6db 0xc4c4968d 0x218024b0>;
-			nt_fw_cfg_uuid = <0x1598da28 0x447ee893 0xaf1a66ac 0xf9501580>;
-			t_key_cert_uuid = <0x90e87e82 0x11e460f8 0x7a77b4a1 0x4cf9b421>;
-			scp_fw_key_uuid = <0xa1214202 0x11e460f8 0x3cf39b8d 0x14a0150e>;
-			soc_fw_key_uuid = <0xccbeb88a 0x11e460f9 0x48ebd09a 0xf8dcd822>;
-			tos_fw_key_cert_uuid = <0x3d67794 0x11e460fb 0x10b7dd85 0x4ee8c5b>;
-			nt_fw_key_cert_uuid = <0x2a83d58a 0x11e460fb 0x30dfaf8a 0x5998c4bb>;
-			scp_fw_content_cert_uuid = <0x046fbe44 0x11e4635e 0xd8738bb2 0x5696aeea>;
-			soc_fw_content_cert_uuid = <0x200cb2e2 0x11e4635e 0xccabe89c 0x66b62bf9>;
-			tos_fw_content_cert_uuid = <0x11449fa4 0x11e4635e 0x53f2887 0x3df32a72>;
-			nt_fw_content_cert_uuid = <0xf3c1c48e 0x11e4635d 0xee87a9a7 0xa73fb240>;
-			sp_content_cert_uuid = <0x44fd6d77 0x3b4c9786 0x3ec1eb91 0x6f2a5a02>;
-		};
-	};
-#endif /* ARM_IO_IN_DTB */
-
-	secure-partitions {
-		compatible = "arm,sp";
-		cactus-primary {
-			uuid = <0x1e67b5b4 0xe14f904a 0x13fb1fb8 0xcbdae1da>;
-			load-address = <0x7000000>;
-		};
-
-		cactus-secondary {
-			uuid = <0x092358d1 0xb94723f0 0x64447c82 0xc88f57f5>;
-			load-address = <0x7100000>;
-		};
-	};
 };

plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts

@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2020, ARM Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/dts-v1/;
+
+/ {
+	tb_fw-config {
+		compatible = "arm,tb_fw";
+
+		/* Disable authentication for development */
+		disable_auth = <0x0>;
+
+		/*
+		 * The following two entries are placeholders for Mbed TLS
+		 * heap information. The default values don't matter since
+		 * they will be overwritten by BL1.
+		 * In case of having shared Mbed TLS heap between BL1 and BL2,
+		 * BL1 will populate these two properties with the respective
+		 * info about the shared heap. This info will be available for
+		 * BL2 in order to locate and re-use the heap.
+		 */
+		mbedtls_heap_addr = <0x0 0x0>;
+		mbedtls_heap_size = <0x0>;
+
+#if MEASURED_BOOT
+		/* BL2 image hash calculated by BL1 */
+		bl2_hash_data = [
+			00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+#if BL2_HASH_SIZE > 32
+			00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+#if BL2_HASH_SIZE > 48
+			00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+#endif /* > 48 */
+#endif /* > 32 */
+			00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00];
+#endif /* MEASURED_BOOT */
+	};
+
+	/*
+	 * Though TF-A is UUID RFC 4122 compliant meaning fields are stored in
+	 * network order (big endian), UUID's mentioned in this file are are
+	 * stored in machine order (little endian).
+	 * This will be fixed in future.
+	 */
+#if ARM_IO_IN_DTB
+	arm-io_policies {
+		fip-handles {
+			compatible = "arm,io-fip-handle";
+			scp_bl2_uuid = <0x3dfd6697 0x49e8be89 0xa1785dae 0x13826040>;
+			bl31_uuid = <0x6d08d447 0x4698fe4c 0x5029959b 0x005abdcb>;
+			bl32_uuid = <0x89e1d005 0x4713dc53 0xa502b8d 0x383e7a4b>;
+			bl32_extra1_uuid = <0x9bc2700b 0x40785a2a 0x560a659f 0x88827382>;
+			bl32_extra2_uuid = <0xb17ba88e 0x4d3fa2cf 0xbbe7fd85 0xd92002a5>;
+			bl33_uuid = <0xa7eed0d6 0x4bd5eafc 0x34998297 0xe4b634f2>;
+			hw_cfg_uuid = <0xd9f1b808 0x4993cfc9 0xbc6f62a9 0xcc65726b>;
+			soc_fw_cfg_uuid = <0x4b817999 0x46fb7603 0x268d8e8c 0xe059787f>;
+			tos_fw_cfg_uuid = <0x1a7c2526 0x477fc6db 0xc4c4968d 0x218024b0>;
+			nt_fw_cfg_uuid = <0x1598da28 0x447ee893 0xaf1a66ac 0xf9501580>;
+			t_key_cert_uuid = <0x90e87e82 0x11e460f8 0x7a77b4a1 0x4cf9b421>;
+			scp_fw_key_uuid = <0xa1214202 0x11e460f8 0x3cf39b8d 0x14a0150e>;
+			soc_fw_key_uuid = <0xccbeb88a 0x11e460f9 0x48ebd09a 0xf8dcd822>;
+			tos_fw_key_cert_uuid = <0x3d67794 0x11e460fb 0x10b7dd85 0x4ee8c5b>;
+			nt_fw_key_cert_uuid = <0x2a83d58a 0x11e460fb 0x30dfaf8a 0x5998c4bb>;
+			scp_fw_content_cert_uuid = <0x046fbe44 0x11e4635e 0xd8738bb2 0x5696aeea>;
+			soc_fw_content_cert_uuid = <0x200cb2e2 0x11e4635e 0xccabe89c 0x66b62bf9>;
+			tos_fw_content_cert_uuid = <0x11449fa4 0x11e4635e 0x53f2887 0x3df32a72>;
+			nt_fw_content_cert_uuid = <0xf3c1c48e 0x11e4635d 0xee87a9a7 0xa73fb240>;
+			sp_content_cert_uuid = <0x44fd6d77 0x3b4c9786 0x3ec1eb91 0x6f2a5a02>;
+		};
+	};
+#endif /* ARM_IO_IN_DTB */
+
+	secure-partitions {
+		compatible = "arm,sp";
+		cactus-primary {
+			uuid = <0x1e67b5b4 0xe14f904a 0x13fb1fb8 0xcbdae1da>;
+			load-address = <0x7000000>;
+		};
+
+		cactus-secondary {
+			uuid = <0x092358d1 0xb94723f0 0x64447c82 0xc88f57f5>;
+			load-address = <0x7100000>;
+		};
+	};
+};

plat/arm/board/fvp/include/platform_def.h

@@ -133,7 +133,7 @@
  * calculated using the current BL31 PROGBITS debug size plus the sizes of
  * BL2 and BL1-RW
  */
-#define PLAT_ARM_MAX_BL31_SIZE		UL(0x3E000)
+#define PLAT_ARM_MAX_BL31_SIZE		UL(0x3D000)
 #endif /* RESET_TO_BL31 */
 
 #ifndef __aarch64__

plat/arm/board/fvp/platform.mk

@@ -236,11 +236,13 @@ ifdef UNIX_MK
 FVP_HW_CONFIG_DTS	:=	fdts/${FVP_DT_PREFIX}.dts
 FDT_SOURCES		+=	$(addprefix plat/arm/board/fvp/fdts/,	\
 					${PLAT}_fw_config.dts		\
+					${PLAT}_tb_fw_config.dts	\
 					${PLAT}_soc_fw_config.dts	\
 					${PLAT}_nt_fw_config.dts	\
 				)
 
-FVP_TB_FW_CONFIG	:=	${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb
+FVP_FW_CONFIG		:=	${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb
+FVP_TB_FW_CONFIG	:=	${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
 FVP_SOC_FW_CONFIG	:=	${BUILD_PLAT}/fdts/${PLAT}_soc_fw_config.dtb
 FVP_NT_FW_CONFIG	:=	${BUILD_PLAT}/fdts/${PLAT}_nt_fw_config.dtb
 
@@ -260,6 +262,8 @@ FVP_TOS_FW_CONFIG	:=	${BUILD_PLAT}/fdts/${PLAT}_spmc_manifest.dtb
 $(eval $(call TOOL_ADD_PAYLOAD,${FVP_TOS_FW_CONFIG},--tos-fw-config))
 endif
 
+# Add the FW_CONFIG to FIP and specify the same to certtool
+$(eval $(call TOOL_ADD_PAYLOAD,${FVP_FW_CONFIG},--fw-config))
 # Add the TB_FW_CONFIG to FIP and specify the same to certtool
 $(eval $(call TOOL_ADD_PAYLOAD,${FVP_TB_FW_CONFIG},--tb-fw-config))
 # Add the SOC_FW_CONFIG to FIP and specify the same to certtool

plat/arm/board/fvp_ve/fdts/fvp_ve_fw_config.dts

@@ -12,9 +12,8 @@
 	dtb-registry {
 		compatible = "fconf,dyn_cfg-dtb_registry";
 
-		/* tb_fw_config is temporarily contained on this dtb */
 		tb_fw-config {
-			load-address = <0x0 0x80001010>;
+			load-address = <0x0 0x80001300>;
 			max-size = <0x200>;
 			id = <TB_FW_CONFIG_ID>;
 		};
@@ -25,11 +24,4 @@
 			id = <HW_CONFIG_ID>;
 		};
 	};
-
-	tb_fw-config {
-		compatible = "arm,tb_fw";
-
-		/* Disable authentication for development */
-		disable_auth = <0x0>;
-	};
 };

plat/arm/board/fvp_ve/fdts/fvp_ve_tb_fw_config.dts

@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/dts-v1/;
+
+/ {
+	tb_fw-config {
+		compatible = "arm,tb_fw";
+
+		/* Disable authentication for development */
+		disable_auth = <0x0>;
+	};
+};

plat/arm/board/fvp_ve/include/platform_def.h

@@ -169,11 +169,11 @@
 #define CACHE_WRITEBACK_GRANULE		(U(1) << ARM_CACHE_WRITEBACK_SHIFT)
 
 /*
- * To enable TB_FW_CONFIG to be loaded by BL1, define the corresponding base
+ * To enable FW_CONFIG to be loaded by BL1, define the corresponding base
  * and limit. Leave enough space of BL2 meminfo.
  */
-#define ARM_TB_FW_CONFIG_BASE		(ARM_BL_RAM_BASE + sizeof(meminfo_t))
-#define ARM_TB_FW_CONFIG_LIMIT		(ARM_BL_RAM_BASE + PAGE_SIZE)
+#define ARM_FW_CONFIG_BASE		(ARM_BL_RAM_BASE + sizeof(meminfo_t))
+#define ARM_FW_CONFIG_LIMIT		(ARM_BL_RAM_BASE + PAGE_SIZE)
 
 /*******************************************************************************
  * BL1 specific defines.
@@ -204,7 +204,7 @@
 
 
 /* Put BL32 below BL2 in NS DRAM.*/
-#define ARM_BL2_MEM_DESC_BASE		ARM_TB_FW_CONFIG_LIMIT
+#define ARM_BL2_MEM_DESC_BASE		ARM_FW_CONFIG_LIMIT
 
 #define BL32_BASE			((ARM_BL_RAM_BASE + ARM_BL_RAM_SIZE)\
 						- PLAT_ARM_MAX_BL32_SIZE)

plat/arm/board/fvp_ve/platform.mk

@@ -74,10 +74,14 @@ BL2_SOURCES		+=	plat/arm/board/fvp_ve/fvp_ve_bl2_setup.c		\
 # Add the FDT_SOURCES and options for Dynamic Config (only for Unix env)
 ifdef UNIX_MK
 
-FDT_SOURCES		+=	plat/arm/board/fvp_ve/fdts/fvp_ve_fw_config.dts
+FDT_SOURCES		+=	plat/arm/board/fvp_ve/fdts/fvp_ve_fw_config.dts	\
+				plat/arm/board/fvp_ve/fdts/fvp_ve_tb_fw_config.dts
 
-FVP_TB_FW_CONFIG	:=	${BUILD_PLAT}/fdts/fvp_ve_fw_config.dtb
+FVP_FW_CONFIG		:=	${BUILD_PLAT}/fdts/fvp_ve_fw_config.dtb
+FVP_TB_FW_CONFIG	:=	${BUILD_PLAT}/fdts/fvp_ve_tb_fw_config.dtb
 
+# Add the FW_CONFIG to FIP and specify the same to certtool
+$(eval $(call TOOL_ADD_PAYLOAD,${FVP_FW_CONFIG},--fw-config))
 # Add the TB_FW_CONFIG to FIP and specify the same to certtool
 $(eval $(call TOOL_ADD_PAYLOAD,${FVP_TB_FW_CONFIG},--tb-fw-config))
 

plat/arm/board/juno/fdts/juno_fw_config.dts

@@ -12,29 +12,10 @@
 	dtb-registry {
 		compatible = "fconf,dyn_cfg-dtb_registry";
 
-		/* tb_fw_config is temporarily contained on this dtb */
 		tb_fw-config {
-			load-address = <0x0 0x4001010>;
+			load-address = <0x0 0x4001300>;
 			max-size = <0x200>;
 			id = <TB_FW_CONFIG_ID>;
 		};
 	};
-
-	tb_fw-config {
-		/* Platform Config */
-		compatible = "arm,tb_fw";
-		/* Disable authentication for development */
-		disable_auth = <0x0>;
-		/*
-		 * The following two entries are placeholders for Mbed TLS
-		 * heap information. The default values don't matter since
-		 * they will be overwritten by BL1.
-		 * In case of having shared Mbed TLS heap between BL1 and BL2,
-		 * BL1 will populate these two properties with the respective
-		 * info about the shared heap. This info will be available for
-		 * BL2 in order to locate and re-use the heap.
-		 */
-		mbedtls_heap_addr = <0x0 0x0>;
-		mbedtls_heap_size = <0x0>;
-	};
 };

plat/arm/board/juno/fdts/juno_tb_fw_config.dts

@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2020, ARM Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/dts-v1/;
+
+/ {
+	tb_fw-config {
+		compatible = "arm,tb_fw";
+		/* Disable authentication for development */
+		disable_auth = <0x0>;
+		/*
+		 * The following two entries are placeholders for Mbed TLS
+		 * heap information. The default values don't matter since
+		 * they will be overwritten by BL1.
+		 * In case of having shared Mbed TLS heap between BL1 and BL2,
+		 * BL1 will populate these two properties with the respective
+		 * info about the shared heap. This info will be available for
+		 * BL2 in order to locate and re-use the heap.
+		 */
+		mbedtls_heap_addr = <0x0 0x0>;
+		mbedtls_heap_size = <0x0>;
+	};
+};

plat/arm/board/juno/include/platform_def.h

@@ -139,7 +139,7 @@
 # define PLAT_ARM_MAX_BL2_SIZE	(UL(0x1D000) - JUNO_BL2_ROMLIB_OPTIMIZATION)
 #endif
 #else
-# define PLAT_ARM_MAX_BL2_SIZE	(UL(0x11000) - JUNO_BL2_ROMLIB_OPTIMIZATION)
+# define PLAT_ARM_MAX_BL2_SIZE	(UL(0x13000) - JUNO_BL2_ROMLIB_OPTIMIZATION)
 #endif
 
 /*
@@ -148,7 +148,7 @@
  * BL2 and BL1-RW.  SCP_BL2 image is loaded into the space BL31 -> BL2_BASE.
  * Hence the BL31 PROGBITS size should be >= PLAT_CSS_MAX_SCP_BL2_SIZE.
  */
-#define PLAT_ARM_MAX_BL31_SIZE		UL(0x3E000)
+#define PLAT_ARM_MAX_BL31_SIZE		UL(0x3D000)
 
 #if JUNO_AARCH32_EL3_RUNTIME
 /*
@@ -157,7 +157,7 @@
  * BL2 and BL1-RW.  SCP_BL2 image is loaded into the space BL32 -> BL2_BASE.
  * Hence the BL32 PROGBITS size should be >= PLAT_CSS_MAX_SCP_BL2_SIZE.
  */
-#define PLAT_ARM_MAX_BL32_SIZE		UL(0x3E000)
+#define PLAT_ARM_MAX_BL32_SIZE		UL(0x3D000)
 #endif
 
 /*
@@ -254,7 +254,7 @@
  * BL31 is loaded over the top.
  */
 #define PLAT_CSS_MAX_SCP_BL2_SIZE \
-	((SCP_BL2_LIMIT - ARM_TB_FW_CONFIG_LIMIT) & ~PAGE_SIZE_MASK)
+	((SCP_BL2_LIMIT - ARM_FW_CONFIG_LIMIT) & ~PAGE_SIZE_MASK)
 
 #define PLAT_CSS_MAX_SCP_BL2U_SIZE	PLAT_CSS_MAX_SCP_BL2_SIZE
 

plat/arm/board/juno/platform.mk

@@ -164,9 +164,14 @@ ifeq (${ALLOW_RO_XLAT_TABLES}, 1)
 endif
 
 # Add the FDT_SOURCES and options for Dynamic Config
-FDT_SOURCES		+=	plat/arm/board/juno/fdts/${PLAT}_fw_config.dts
-TB_FW_CONFIG		:=	${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb
+FDT_SOURCES		+=	plat/arm/board/juno/fdts/${PLAT}_fw_config.dts	\
+				plat/arm/board/juno/fdts/${PLAT}_tb_fw_config.dts
 
+FW_CONFIG		:=	${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb
+TB_FW_CONFIG		:=	${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
+
+# Add the FW_CONFIG to FIP and specify the same to certtool
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
 # Add the TB_FW_CONFIG to FIP and specify the same to certtool
 $(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
 

plat/arm/board/rddaniel/fdts/rddaniel_fw_config.dts

@@ -12,9 +12,8 @@
 	dtb-registry {
 		compatible = "fconf,dyn_cfg-dtb_registry";
 
-		/* tb_fw_config is temporarily contained on this dtb */
 		tb_fw-config {
-			load-address = <0x0 0x4001010>;
+			load-address = <0x0 0x4001300>;
 			max-size = <0x200>;
 			id = <TB_FW_CONFIG_ID>;
 		};
@@ -25,23 +24,4 @@
 			id = <NT_FW_CONFIG_ID>;
 		};
 	};
-
-	tb_fw-config {
-		compatible = "arm,tb_fw";
-
-		/* Disable authentication for development */
-		disable_auth = <0x0>;
-
-		/*
-		 * The following two entries are placeholders for Mbed TLS
-		 * heap information. The default values don't matter since
-		 * they will be overwritten by BL1.
-		 * In case of having shared Mbed TLS heap between BL1 and BL2,
-		 * BL1 will populate these two properties with the respective
-		 * info about the shared heap. This info will be available for
-		 * BL2 in order to locate and re-use the heap.
-		 */
-		mbedtls_heap_addr = <0x0 0x0>;
-		mbedtls_heap_size = <0x0>;
-	};
 };

plat/arm/board/rddaniel/fdts/rddaniel_tb_fw_config.dts

@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/dts-v1/;
+
+/ {
+	tb_fw-config {
+		compatible = "arm,tb_fw";
+
+		/* Disable authentication for development */
+		disable_auth = <0x0>;
+
+		/*
+		 * The following two entries are placeholders for Mbed TLS
+		 * heap information. The default values don't matter since
+		 * they will be overwritten by BL1.
+		 * In case of having shared Mbed TLS heap between BL1 and BL2,
+		 * BL1 will populate these two properties with the respective
+		 * info about the shared heap. This info will be available for
+		 * BL2 in order to locate and re-use the heap.
+		 */
+		mbedtls_heap_addr = <0x0 0x0>;
+		mbedtls_heap_size = <0x0>;
+	};
+};

plat/arm/board/rddaniel/platform.mk

@@ -33,9 +33,13 @@ BL31_SOURCES		+=	${SGI_CPU_SOURCES}			\
 				plat/arm/common/arm_nor_psci_mem_protect.c
 
 # Add the FDT_SOURCES and options for Dynamic Config
-FDT_SOURCES		+=	${RDDANIEL_BASE}/fdts/${PLAT}_fw_config.dts
-TB_FW_CONFIG		:=	${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb
+FDT_SOURCES		+=	${RDDANIEL_BASE}/fdts/${PLAT}_fw_config.dts	\
+				${RDDANIEL_BASE}/fdts/${PLAT}_tb_fw_config.dts
+FW_CONFIG		:=	${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb
+TB_FW_CONFIG		:=	${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
 
+# Add the FW_CONFIG to FIP and specify the same to certtool
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
 # Add the TB_FW_CONFIG to FIP and specify the same to certtool
 $(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
 

plat/arm/board/rddanielxlr/fdts/rddanielxlr_fw_config.dts

@@ -12,9 +12,8 @@
 	dtb-registry {
 		compatible = "fconf,dyn_cfg-dtb_registry";
 
-		/* tb_fw_config is temporarily contained on this dtb */
 		tb_fw-config {
-			load-address = <0x0 0x4001010>;
+			load-address = <0x0 0x4001300>;
 			max-size = <0x200>;
 			id = <TB_FW_CONFIG_ID>;
 		};
@@ -25,23 +24,4 @@
 			id = <NT_FW_CONFIG_ID>;
 		};
 	};
-
-	tb_fw-config {
-		compatible = "arm,tb_fw";
-
-		/* Disable authentication for development */
-		disable_auth = <0x0>;
-
-		/*
-		 * The following two entries are placeholders for Mbed TLS
-		 * heap information. The default values don't matter since
-		 * they will be overwritten by BL1.
-		 * In case of having shared Mbed TLS heap between BL1 and BL2,
-		 * BL1 will populate these two properties with the respective
-		 * info about the shared heap. This info will be available for
-		 * BL2 in order to locate and re-use the heap.
-		 */
-		mbedtls_heap_addr = <0x0 0x0>;
-		mbedtls_heap_size = <0x0>;
-	};
 };

plat/arm/board/rddanielxlr/fdts/rddanielxlr_tb_fw_config.dts

@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/dts-v1/;
+
+/ {
+	tb_fw-config {
+		compatible = "arm,tb_fw";
+
+		/* Disable authentication for development */
+		disable_auth = <0x0>;
+
+		/*
+		 * The following two entries are placeholders for Mbed TLS
+		 * heap information. The default values don't matter since
+		 * they will be overwritten by BL1.
+		 * In case of having shared Mbed TLS heap between BL1 and BL2,
+		 * BL1 will populate these two properties with the respective
+		 * info about the shared heap. This info will be available for
+		 * BL2 in order to locate and re-use the heap.
+		 */
+		mbedtls_heap_addr = <0x0 0x0>;
+		mbedtls_heap_size = <0x0>;
+	};
+};

plat/arm/board/rddanielxlr/platform.mk

@@ -36,9 +36,13 @@ BL31_SOURCES		+=	${SGI_CPU_SOURCES}			\
 BL31_CFLAGS		+=	-DPLAT_XLAT_TABLES_DYNAMIC
 
 # Add the FDT_SOURCES and options for Dynamic Config
-FDT_SOURCES		+=	${RDDANIELXLR_BASE}/fdts/${PLAT}_fw_config.dts
-TB_FW_CONFIG		:=	${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb
+FDT_SOURCES		+=	${RDDANIELXLR_BASE}/fdts/${PLAT}_fw_config.dts	\
+				${RDDANIELXLR_BASE}/fdts/${PLAT}_tb_fw_config.dts
+FW_CONFIG		:=	${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb
+TB_FW_CONFIG		:=	${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
 
+# Add the FW_CONFIG to FIP and specify the same to certtool
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
 # Add the TB_FW_CONFIG to FIP and specify the same to certtool
 $(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
 

plat/arm/board/rde1edge/fdts/rde1edge_fw_config.dts

@@ -12,9 +12,8 @@
 	dtb-registry {
 		compatible = "fconf,dyn_cfg-dtb_registry";
 
-		/* tb_fw_config is temporarily contained on this dtb */
 		tb_fw-config {
-			load-address = <0x0 0x4001010>;
+			load-address = <0x0 0x4001300>;
 			max-size = <0x200>;
 			id = <TB_FW_CONFIG_ID>;
 		};
@@ -25,23 +24,4 @@
 			id = <NT_FW_CONFIG_ID>;
 		};
 	};
-
-	tb_fw-config {
-		compatible = "arm,tb_fw";
-
-		/* Disable authentication for development */
-		disable_auth = <0x0>;
-
-		/*
-		 * The following two entries are placeholders for Mbed TLS
-		 * heap information. The default values don't matter since
-		 * they will be overwritten by BL1.
-		 * In case of having shared Mbed TLS heap between BL1 and BL2,
-		 * BL1 will populate these two properties with the respective
-		 * info about the shared heap. This info will be available for
-		 * BL2 in order to locate and re-use the heap.
-		 */
-		mbedtls_heap_addr = <0x0 0x0>;
-		mbedtls_heap_size = <0x0>;
-	};
 };

plat/arm/board/rde1edge/fdts/rde1edge_tb_fw_config.dts

@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2020, ARM Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/dts-v1/;
+
+/ {
+	tb_fw-config {
+		compatible = "arm,tb_fw";
+
+		/* Disable authentication for development */
+		disable_auth = <0x0>;
+
+		/*
+		 * The following two entries are placeholders for Mbed TLS
+		 * heap information. The default values don't matter since
+		 * they will be overwritten by BL1.
+		 * In case of having shared Mbed TLS heap between BL1 and BL2,
+		 * BL1 will populate these two properties with the respective
+		 * info about the shared heap. This info will be available for
+		 * BL2 in order to locate and re-use the heap.
+		 */
+		mbedtls_heap_addr = <0x0 0x0>;
+		mbedtls_heap_size = <0x0>;
+	};
+};

plat/arm/board/rde1edge/platform.mk

@@ -35,9 +35,13 @@ BL2_SOURCES		+=	${RDE1EDGE_BASE}/rde1edge_trusted_boot.c
 endif
 
 # Add the FDT_SOURCES and options for Dynamic Config
-FDT_SOURCES		+=	${RDE1EDGE_BASE}/fdts/${PLAT}_fw_config.dts
-TB_FW_CONFIG		:=	${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb
+FDT_SOURCES		+=	${RDE1EDGE_BASE}/fdts/${PLAT}_fw_config.dts	\
+				${RDE1EDGE_BASE}/fdts/${PLAT}_tb_fw_config.dts
+FW_CONFIG		:=	${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb
+TB_FW_CONFIG		:=	${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
 
+# Add the FW_CONFIG to FIP and specify the same to certtool
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
 # Add the TB_FW_CONFIG to FIP and specify the same to certtool
 $(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
 

plat/arm/board/rdn1edge/fdts/rdn1edge_fw_config.dts

@@ -11,9 +11,8 @@
 	dtb-registry {
 		compatible = "fconf,dyn_cfg-dtb_registry";
 
-		/* tb_fw_config is temporarily contained on this dtb */
 		tb_fw-config {
-			load-address = <0x0 0x4001010>;
+			load-address = <0x0 0x4001300>;
 			max-size = <0x200>;
 			id = <TB_FW_CONFIG_ID>;
 		};
@@ -24,24 +23,5 @@
 			id = <NT_FW_CONFIG_ID>;
 		};
 	};
-
-	tb_fw-config {
-		compatible = "arm,tb_fw";
-
-		/* Disable authentication for development */
-		disable_auth = <0x0>;
-
-		/*
-		 * The following two entries are placeholders for Mbed TLS
-		 * heap information. The default values don't matter since
-		 * they will be overwritten by BL1.
-		 * In case of having shared Mbed TLS heap between BL1 and BL2,
-		 * BL1 will populate these two properties with the respective
-		 * info about the shared heap. This info will be available for
-		 * BL2 in order to locate and re-use the heap.
-		 */
-		mbedtls_heap_addr = <0x0 0x0>;
-		mbedtls_heap_size = <0x0>;
-	};
 };
 

plat/arm/board/rdn1edge/fdts/rdn1edge_tb_fw_config.dts

@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/dts-v1/;
+/ {
+	tb_fw-config {
+		compatible = "arm,tb_fw";
+
+		/* Disable authentication for development */
+		disable_auth = <0x0>;
+
+		/*
+		 * The following two entries are placeholders for Mbed TLS
+		 * heap information. The default values don't matter since
+		 * they will be overwritten by BL1.
+		 * In case of having shared Mbed TLS heap between BL1 and BL2,
+		 * BL1 will populate these two properties with the respective
+		 * info about the shared heap. This info will be available for
+		 * BL2 in order to locate and re-use the heap.
+		 */
+		mbedtls_heap_addr = <0x0 0x0>;
+		mbedtls_heap_size = <0x0>;
+	};
+};

plat/arm/board/rdn1edge/platform.mk

@@ -41,9 +41,13 @@ endif
 BL31_CPPFLAGS		+=	-DPLAT_XLAT_TABLES_DYNAMIC
 
 # Add the FDT_SOURCES and options for Dynamic Config
-FDT_SOURCES		+=	${RDN1EDGE_BASE}/fdts/${PLAT}_fw_config.dts
-TB_FW_CONFIG		:=	${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb
+FDT_SOURCES		+=	${RDN1EDGE_BASE}/fdts/${PLAT}_fw_config.dts	\
+				${RDN1EDGE_BASE}/fdts/${PLAT}_tb_fw_config.dts
+FW_CONFIG		:=	${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb
+TB_FW_CONFIG		:=	${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
 
+# Add the FW_CONFIG to FIP and specify the same to certtool
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
 # Add the TB_FW_CONFIG to FIP and specify the same to certtool
 $(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
 

plat/arm/board/sgi575/fdts/sgi575_fw_config.dts

@@ -12,9 +12,8 @@
 	dtb-registry {
 		compatible = "fconf,dyn_cfg-dtb_registry";
 
-		/* tb_fw_config is temporarily contained on this dtb */
 		tb_fw-config {
-			load-address = <0x0 0x4001010>;
+			load-address = <0x0 0x4001300>;
 			max-size = <0x200>;
 			id = <TB_FW_CONFIG_ID>;
 		};
@@ -25,23 +24,4 @@
 			id = <NT_FW_CONFIG_ID>;
 		};
 	};
-
-	tb_fw-config {
-		compatible = "arm,tb_fw";
-
-		/* Disable authentication for development */
-		disable_auth = <0x0>;
-
-		/*
-		 * The following two entries are placeholders for Mbed TLS
-		 * heap information. The default values don't matter since
-		 * they will be overwritten by BL1.
-		 * In case of having shared Mbed TLS heap between BL1 and BL2,
-		 * BL1 will populate these two properties with the respective
-		 * info about the shared heap. This info will be available for
-		 * BL2 in order to locate and re-use the heap.
-		 */
-		mbedtls_heap_addr = <0x0 0x0>;
-		mbedtls_heap_size = <0x0>;
-	};
 };

plat/arm/board/sgi575/fdts/sgi575_tb_fw_config.dts

@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/dts-v1/;
+
+/ {
+	tb_fw-config {
+		compatible = "arm,tb_fw";
+
+		/* Disable authentication for development */
+		disable_auth = <0x0>;
+
+		/*
+		 * The following two entries are placeholders for Mbed TLS
+		 * heap information. The default values don't matter since
+		 * they will be overwritten by BL1.
+		 * In case of having shared Mbed TLS heap between BL1 and BL2,
+		 * BL1 will populate these two properties with the respective
+		 * info about the shared heap. This info will be available for
+		 * BL2 in order to locate and re-use the heap.
+		 */
+		mbedtls_heap_addr = <0x0 0x0>;
+		mbedtls_heap_size = <0x0>;
+	};
+};

plat/arm/board/sgi575/platform.mk

@@ -35,9 +35,14 @@ BL2_SOURCES		+=	${SGI575_BASE}/sgi575_trusted_boot.c
 endif
 
 # Add the FDT_SOURCES and options for Dynamic Config
-FDT_SOURCES		+=	${SGI575_BASE}/fdts/${PLAT}_fw_config.dts
-TB_FW_CONFIG		:=	${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb
+FDT_SOURCES		+=	${SGI575_BASE}/fdts/${PLAT}_fw_config.dts	\
+				${SGI575_BASE}/fdts/${PLAT}_tb_fw_config.dts
 
+FW_CONFIG		:=	${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb
+TB_FW_CONFIG		:=	${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
+
+# Add the FW_CONFIG to FIP and specify the same to certtool
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
 # Add the TB_FW_CONFIG to FIP and specify the same to certtool
 $(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
 

plat/arm/board/sgm775/fdts/sgm775_fw_config.dts

@@ -12,30 +12,10 @@
 	dtb-registry {
 		compatible = "fconf,dyn_cfg-dtb_registry";
 
-		/* tb_fw_config is temporarily contained on this dtb */
 		tb_fw-config {
-			load-address = <0x0 0x4001010>;
+			load-address = <0x0 0x4001300>;
 			max-size = <0x200>;
 			id = <TB_FW_CONFIG_ID>;
 		};
 	};
-
-	tb_fw-config {
-		compatible = "arm,tb_fw";
-
-		/* Disable authentication for development */
-		disable_auth = <0x0>;
-
-		/*
-		 * The following two entries are placeholders for Mbed TLS
-		 * heap information. The default values don't matter since
-		 * they will be overwritten by BL1.
-		 * In case of having shared Mbed TLS heap between BL1 and BL2,
-		 * BL1 will populate these two properties with the respective
-		 * info about the shared heap. This info will be available for
-		 * BL2 in order to locate and re-use the heap.
-		 */
-		mbedtls_heap_addr = <0x0 0x0>;
-		mbedtls_heap_size = <0x0>;
-	};
 };

plat/arm/board/sgm775/fdts/sgm775_tb_fw_config.dts

@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/dts-v1/;
+
+/ {
+	tb_fw-config {
+		compatible = "arm,tb_fw";
+
+		/* Disable authentication for development */
+		disable_auth = <0x0>;
+
+		/*
+		 * The following two entries are placeholders for Mbed TLS
+		 * heap information. The default values don't matter since
+		 * they will be overwritten by BL1.
+		 * In case of having shared Mbed TLS heap between BL1 and BL2,
+		 * BL1 will populate these two properties with the respective
+		 * info about the shared heap. This info will be available for
+		 * BL2 in order to locate and re-use the heap.
+		 */
+		mbedtls_heap_addr = <0x0 0x0>;
+		mbedtls_heap_size = <0x0>;
+	};
+};

plat/arm/board/sgm775/platform.mk

@@ -9,9 +9,13 @@ include plat/arm/css/sgm/sgm-common.mk
 SGM775_BASE= plat/arm/board/sgm775
 
 # Add the FDT_SOURCES and options for Dynamic Config
-FDT_SOURCES            +=      ${SGM775_BASE}/fdts/${PLAT}_fw_config.dts
-TB_FW_CONFIG           :=      ${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb
+FDT_SOURCES		+=      ${SGM775_BASE}/fdts/${PLAT}_fw_config.dts	\
+				${SGM775_BASE}/fdts/${PLAT}_tb_fw_config.dts
+FW_CONFIG		:=      ${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb
+TB_FW_CONFIG		:=      ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
 
+# Add the FW_CONFIG to FIP and specify the same to certtool
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
 # Add the TB_FW_CONFIG to FIP and specify the same to certtool
 $(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
 

plat/arm/board/tc0/fdts/tc0_fw_config.dts

@@ -12,9 +12,8 @@
 	dtb-registry {
 		compatible = "fconf,dyn_cfg-dtb_registry";
 
-		/* tb_fw_config is temporarily contained in this dtb */
 		tb_fw-config {
-			load-address = <0x0 0x4001010>;
+			load-address = <0x0 0x4001300>;
 			max-size = <0x200>;
 			id = <TB_FW_CONFIG_ID>;
 		};
@@ -25,22 +24,4 @@
 			id = <HW_CONFIG_ID>;
 		};
 	};
-
-	tb_fw-config {
-		compatible = "arm,tb_fw";
-
-		/* Disable authentication for development */
-		disable_auth = <0x0>;
-		/*
-		 * The following two entries are placeholders for Mbed TLS
-		 * heap information. The default values don't matter since
-		 * they will be overwritten by BL1.
-		 * In case of having shared Mbed TLS heap between BL1 and BL2,
-		 * BL1 will populate these two properties with the respective
-		 * info about the shared heap. This info will be available for
-		 * BL2 in order to locate and re-use the heap.
-		 */
-		mbedtls_heap_addr = <0x0 0x0>;
-		mbedtls_heap_size = <0x0>;
-	};
 };

plat/arm/board/tc0/fdts/tc0_tb_fw_config.dts

@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/dts-v1/;
+
+/ {
+	tb_fw-config {
+		compatible = "arm,tb_fw";
+
+		/* Disable authentication for development */
+		disable_auth = <0x0>;
+		/*
+		 * The following two entries are placeholders for Mbed TLS
+		 * heap information. The default values don't matter since
+		 * they will be overwritten by BL1.
+		 * In case of having shared Mbed TLS heap between BL1 and BL2,
+		 * BL1 will populate these two properties with the respective
+		 * info about the shared heap. This info will be available for
+		 * BL2 in order to locate and re-use the heap.
+		 */
+		mbedtls_heap_addr = <0x0 0x0>;
+		mbedtls_heap_size = <0x0>;
+	};
+};

plat/arm/board/tc0/platform.mk

@@ -73,9 +73,13 @@ BL31_SOURCES		+=	${INTERCONNECT_SOURCES}	\
 				plat/arm/common/arm_nor_psci_mem_protect.c
 
 # Add the FDT_SOURCES and options for Dynamic Config
-FDT_SOURCES		+=	${TC0_BASE}/fdts/${PLAT}_fw_config.dts
-TB_FW_CONFIG		:=	${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb
+FDT_SOURCES		+=	${TC0_BASE}/fdts/${PLAT}_fw_config.dts	\
+				${TC0_BASE}/fdts/${PLAT}_tb_fw_config.dts
+FW_CONFIG		:=	${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb
+TB_FW_CONFIG		:=	${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
 
+# Add the FW_CONFIG to FIP and specify the same to certtool
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
 # Add the TB_FW_CONFIG to FIP and specify the same to certtool
 $(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
 

plat/arm/common/arm_bl1_setup.c

@@ -12,6 +12,7 @@
 #include <bl1/bl1.h>
 #include <common/bl_common.h>
 #include <lib/fconf/fconf.h>
+#include <lib/fconf/fconf_dyn_cfg_getter.h>
 #include <lib/utils.h>
 #include <lib/xlat_tables/xlat_tables_compat.h>
 #include <plat/arm/common/plat_arm.h>
@@ -142,11 +143,58 @@ void bl1_plat_arch_setup(void)
  */
 void arm_bl1_platform_setup(void)
 {
+	const struct dyn_cfg_dtb_info_t *fw_config_info;
+	image_desc_t *desc;
+	uint32_t fw_config_max_size;
+	int err = -1;
+
 	/* Initialise the IO layer and register platform IO devices */
 	plat_arm_io_setup();
 
-	/* Load fw config */
-	fconf_load_config();
+	/* Check if we need FWU before further processing */
+	err = plat_arm_bl1_fwu_needed();
+	if (err) {
+		ERROR("Skip platform setup as FWU detected\n");
+		return;
+	}
+
+	/* Set global DTB info for fixed fw_config information */
+	fw_config_max_size = ARM_FW_CONFIG_LIMIT - ARM_FW_CONFIG_BASE;
+	set_fw_config_info(ARM_FW_CONFIG_BASE, fw_config_max_size);
+
+	/* Fill the device tree information struct with the info from the config dtb */
+	err = fconf_load_config(FW_CONFIG_ID);
+	if (err < 0) {
+		ERROR("Loading of FW_CONFIG failed %d\n", err);
+		plat_error_handler(err);
+	}
+
+	/*
+	 * FW_CONFIG loaded successfully. If FW_CONFIG device tree parsing
+	 * is successful then load TB_FW_CONFIG device tree.
+	 */
+	fw_config_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, FW_CONFIG_ID);
+	if (fw_config_info != NULL) {
+		err = fconf_populate_dtb_registry(fw_config_info->config_addr);
+		if (err < 0) {
+			ERROR("Parsing of FW_CONFIG failed %d\n", err);
+			plat_error_handler(err);
+		}
+		/* load TB_FW_CONFIG */
+		err = fconf_load_config(TB_FW_CONFIG_ID);
+		if (err < 0) {
+			ERROR("Loading of TB_FW_CONFIG failed %d\n", err);
+			plat_error_handler(err);
+		}
+	} else {
+		ERROR("Invalid FW_CONFIG address\n");
+		plat_error_handler(err);
+	}
+
+	/* The BL2 ep_info arg0 is modified to point to FW_CONFIG */
+	desc = bl1_plat_get_image_desc(BL2_IMAGE_ID);
+	assert(desc != NULL);
+	desc->ep_info.args.arg0 = fw_config_info->config_addr;
 
 #if TRUSTED_BOARD_BOOT
 	/* Share the Mbed TLS heap info with other images */

plat/arm/common/arm_bl2_setup.c

@@ -15,6 +15,7 @@
 #include <common/desc_image_load.h>
 #include <drivers/generic_delay_timer.h>
 #include <lib/fconf/fconf.h>
+#include <lib/fconf/fconf_dyn_cfg_getter.h>
 #ifdef SPD_opteed
 #include <lib/optee_utils.h>
 #endif
@@ -26,10 +27,10 @@
 static meminfo_t bl2_tzram_layout __aligned(CACHE_WRITEBACK_GRANULE);
 
 /*
- * Check that BL2_BASE is above ARM_TB_FW_CONFIG_LIMIT. This reserved page is
+ * Check that BL2_BASE is above ARM_FW_CONFIG_LIMIT. This reserved page is
  * for `meminfo_t` data structure and fw_configs passed from BL1.
  */
-CASSERT(BL2_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_bl2_base_overflows);
+CASSERT(BL2_BASE >= ARM_FW_CONFIG_LIMIT, assert_bl2_base_overflows);
 
 /* Weak definitions may be overridden in specific ARM standard platform */
 #pragma weak bl2_early_platform_setup2
@@ -50,9 +51,10 @@ CASSERT(BL2_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_bl2_base_overflows);
  * in x0. This memory layout is sitting at the base of the free trusted SRAM.
  * Copy it to a safe location before its reclaimed by later BL2 functionality.
  ******************************************************************************/
-void arm_bl2_early_platform_setup(uintptr_t tb_fw_config,
+void arm_bl2_early_platform_setup(uintptr_t fw_config,
 				  struct meminfo *mem_layout)
 {
+	const struct dyn_cfg_dtb_info_t *tb_fw_config_info;
 	/* Initialize the console to provide early debug support */
 	arm_console_boot_init();
 
@@ -60,8 +62,14 @@ void arm_bl2_early_platform_setup(uintptr_t tb_fw_config,
 	bl2_tzram_layout = *mem_layout;
 
 	/* Fill the properties struct with the info from the config dtb */
-	if (tb_fw_config != 0U) {
-		fconf_populate("TB_FW", tb_fw_config);
+	if (fw_config != 0U) {
+		fconf_populate("FW_CONFIG", fw_config);
+	}
+
+	/* TB_FW_CONFIG was also loaded by BL1 */
+	tb_fw_config_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, TB_FW_CONFIG_ID);
+	if (tb_fw_config_info != NULL) {
+		fconf_populate("TB_FW", tb_fw_config_info->config_addr);
 	}
 
 	/* Initialise the IO layer and register platform IO devices */

plat/arm/common/arm_bl31_setup.c

@@ -28,10 +28,10 @@ static entry_point_info_t bl33_image_ep_info;
 
 #if !RESET_TO_BL31
 /*
- * Check that BL31_BASE is above ARM_TB_FW_CONFIG_LIMIT. The reserved page
+ * Check that BL31_BASE is above ARM_FW_CONFIG_LIMIT. The reserved page
  * is required for SOC_FW_CONFIG/TOS_FW_CONFIG passed from BL2.
  */
-CASSERT(BL31_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_bl31_base_overflows);
+CASSERT(BL31_BASE >= ARM_FW_CONFIG_LIMIT, assert_bl31_base_overflows);
 #endif
 
 /* Weak definitions may be overridden in specific ARM standard platform */

plat/arm/common/arm_dyn_cfg.c

@@ -77,6 +77,7 @@ void arm_bl1_set_mbedtls_heap(void)
 {
 	int err;
 	uintptr_t tb_fw_cfg_dtb;
+	const struct dyn_cfg_dtb_info_t *tb_fw_config_info;
 
 	/*
 	 * If tb_fw_cfg_dtb==NULL then DTB is not present for the current
@@ -91,8 +92,8 @@ void arm_bl1_set_mbedtls_heap(void)
 	 * the default heap's address and size.
 	 */
 
-	/* fconf FW_CONFIG and TB_FW_CONFIG are currently the same DTB */
-	tb_fw_cfg_dtb = FCONF_GET_PROPERTY(fconf, dtb, base_addr);
+	tb_fw_config_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, TB_FW_CONFIG_ID);
+	tb_fw_cfg_dtb = tb_fw_config_info->config_addr;
 
 	if ((tb_fw_cfg_dtb != 0UL) && (mbedtls_heap_addr != NULL)) {
 		/* As libfdt use void *, we can't avoid this cast */
@@ -130,9 +131,10 @@ void arm_bl1_set_bl2_hash(image_desc_t *image_desc)
 	image_info_t image_info = image_desc->image_info;
 	uintptr_t tb_fw_cfg_dtb;
 	int err;
+	const struct dyn_cfg_dtb_info_t *tb_fw_config_info;
 
-	/* fconf FW_CONFIG and TB_FW_CONFIG are currently the same DTB */
-	tb_fw_cfg_dtb = FCONF_GET_PROPERTY(fconf, dtb, base_addr);
+	tb_fw_config_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, TB_FW_CONFIG_ID);
+	tb_fw_cfg_dtb = tb_fw_config_info->config_addr;
 
 	/*
 	 * If tb_fw_cfg_dtb==NULL then DTB is not present for the current
@@ -170,8 +172,8 @@ void arm_bl1_set_bl2_hash(image_desc_t *image_desc)
 
 /*
  * BL2 utility function to initialize dynamic configuration specified by
- * TB_FW_CONFIG. Populate the bl_mem_params_node_t of other FW_CONFIGs if
- * specified in TB_FW_CONFIG.
+ * FW_CONFIG. Populate the bl_mem_params_node_t of other FW_CONFIGs if
+ * specified in FW_CONFIG.
  */
 void arm_bl2_dyn_cfg_init(void)
 {

plat/arm/common/fconf/arm_fconf_io.c

@@ -25,6 +25,7 @@ const io_block_spec_t fip_block_spec = {
 const io_uuid_spec_t arm_uuid_spec[MAX_NUMBER_IDS] = {
 	[BL2_IMAGE_ID] = {UUID_TRUSTED_BOOT_FIRMWARE_BL2},
 	[TB_FW_CONFIG_ID] = {UUID_TB_FW_CONFIG},
+	[FW_CONFIG_ID] = {UUID_FW_CONFIG},
 #if !ARM_IO_IN_DTB
 	[SCP_BL2_IMAGE_ID] = {UUID_SCP_FIRMWARE_SCP_BL2},
 	[BL31_IMAGE_ID] = {UUID_EL3_RUNTIME_FIRMWARE_BL31},
@@ -73,6 +74,11 @@ struct plat_io_policy policies[MAX_NUMBER_IDS] = {
 		(uintptr_t)&arm_uuid_spec[TB_FW_CONFIG_ID],
 		open_fip
 	},
+	[FW_CONFIG_ID] = {
+		&fip_dev_handle,
+		(uintptr_t)&arm_uuid_spec[FW_CONFIG_ID],
+		open_fip
+	},
 #if !ARM_IO_IN_DTB
 	[SCP_BL2_IMAGE_ID] = {
 		&fip_dev_handle,

plat/arm/common/sp_min/arm_sp_min_setup.c

@@ -29,10 +29,10 @@ static entry_point_info_t bl33_image_ep_info;
 					MT_MEMORY | MT_RW | MT_SECURE)
 
 /*
- * Check that BL32_BASE is above ARM_TB_FW_CONFIG_LIMIT. The reserved page
+ * Check that BL32_BASE is above ARM_FW_CONFIG_LIMIT. The reserved page
  * is required for SOC_FW_CONFIG/TOS_FW_CONFIG passed from BL2.
  */
-CASSERT(BL32_BASE >= ARM_TB_FW_CONFIG_LIMIT, assert_bl32_base_overflows);
+CASSERT(BL32_BASE >= ARM_FW_CONFIG_LIMIT, assert_bl32_base_overflows);
 
 /*******************************************************************************
  * Return a pointer to the 'entry_point_info' structure of the next image for the

plat/arm/css/sgm/fdts/sgm_tb_fw_config.dts

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */

plat/arm/css/sgm/include/sgm_base_platform_def.h

@@ -138,7 +138,7 @@
  * BL31 is loaded over the top.
  */
 #define PLAT_CSS_MAX_SCP_BL2_SIZE \
-	((SCP_BL2_LIMIT - ARM_TB_FW_CONFIG_LIMIT) & ~PAGE_SIZE_MASK)
+	((SCP_BL2_LIMIT - ARM_FW_CONFIG_LIMIT) & ~PAGE_SIZE_MASK)
 
 #define PLAT_CSS_MAX_SCP_BL2U_SIZE	PLAT_CSS_MAX_SCP_BL2_SIZE
 

tools/cert_create/include/dualroot/cot.h

@@ -32,6 +32,7 @@ enum {
 	TRUSTED_BOOT_FW_HASH_EXT,
 	TRUSTED_BOOT_FW_CONFIG_HASH_EXT,
 	HW_CONFIG_HASH_EXT,
+	FW_CONFIG_HASH_EXT,
 	TRUSTED_WORLD_PK_EXT,
 	SCP_FW_CONTENT_CERT_PK_EXT,
 	SCP_FW_HASH_EXT,

tools/cert_create/include/tbbr/tbb_ext.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -15,6 +15,7 @@ enum {
 	TRUSTED_BOOT_FW_HASH_EXT,
 	TRUSTED_BOOT_FW_CONFIG_HASH_EXT,
 	HW_CONFIG_HASH_EXT,
+	FW_CONFIG_HASH_EXT,
 	TRUSTED_WORLD_PK_EXT,
 	NON_TRUSTED_WORLD_PK_EXT,
 	SCP_FW_CONTENT_CERT_PK_EXT,

tools/cert_create/src/dualroot/cot.c

@@ -30,9 +30,10 @@ static cert_t cot_certs[] = {
 			TRUSTED_FW_NVCOUNTER_EXT,
 			TRUSTED_BOOT_FW_HASH_EXT,
 			TRUSTED_BOOT_FW_CONFIG_HASH_EXT,
-			HW_CONFIG_HASH_EXT
+			HW_CONFIG_HASH_EXT,
+			FW_CONFIG_HASH_EXT
 		},
-		.num_ext = 4
+		.num_ext = 5
 	},
 
 	[TRUSTED_KEY_CERT] = {
@@ -239,6 +240,17 @@ static ext_t cot_ext[] = {
 		.optional = 1
 	},
 
+	[FW_CONFIG_HASH_EXT] = {
+		.oid = FW_CONFIG_HASH_OID,
+		.opt = "fw-config",
+		.help_msg = "Firmware Config file",
+		.sn = "FirmwareConfigHash",
+		.ln = "Firmware Config hash",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH,
+		.optional = 1
+	},
+
 	[TRUSTED_WORLD_PK_EXT] = {
 		.oid = TRUSTED_WORLD_PK_OID,
 		.sn = "TrustedWorldPublicKey",

tools/cert_create/src/tbbr/tbb_cert.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -28,9 +28,10 @@ static cert_t tbb_certs[] = {
 			TRUSTED_FW_NVCOUNTER_EXT,
 			TRUSTED_BOOT_FW_HASH_EXT,
 			TRUSTED_BOOT_FW_CONFIG_HASH_EXT,
-			HW_CONFIG_HASH_EXT
+			HW_CONFIG_HASH_EXT,
+			FW_CONFIG_HASH_EXT
 		},
-		.num_ext = 4
+		.num_ext = 5
 	},
 	[TRUSTED_KEY_CERT] = {
 		.id = TRUSTED_KEY_CERT,

tools/cert_create/src/tbbr/tbb_ext.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -69,6 +69,16 @@ static ext_t tbb_ext[] = {
 		.type = EXT_TYPE_HASH,
 		.optional = 1
 	},
+	[FW_CONFIG_HASH_EXT] = {
+		.oid = FW_CONFIG_HASH_OID,
+		.opt = "fw-config",
+		.help_msg = "Firmware Config file",
+		.sn = "FirmwareConfigHash",
+		.ln = "Firmware Config hash",
+		.asn1_type = V_ASN1_OCTET_STRING,
+		.type = EXT_TYPE_HASH,
+		.optional = 1
+	},
 	[TRUSTED_WORLD_PK_EXT] = {
 		.oid = TRUSTED_WORLD_PK_OID,
 		.sn = "TrustedWorldPublicKey",

tools/fiptool/tbbr_config.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2020, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -68,6 +68,11 @@ toc_entry_t toc_entries[] = {
 		.cmdline_name = "nt-fw"
 	},
 	/* Dynamic Configs */
+	{
+		.name = "FW_CONFIG",
+		.uuid = UUID_FW_CONFIG,
+		.cmdline_name = "fw-config"
+	},
 	{
 		.name = "HW_CONFIG",
 		.uuid = UUID_HW_CONFIG,