Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-26 06:50:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Replace all SCP FW (BL0, BL3-0) references

Browse source 
This patch replaces all references to the SCP Firmware (BL0, BL30,
BL3-0, bl30) with the image terminology detailed in the TF wiki
(https://github.com/ARM-software/arm-trusted-firmware/wiki):

    BL0          -->  SCP_BL1
    BL30, BL3-0  -->  SCP_BL2
    bl30         -->  scp_bl2

This change affects code, documentation, build system, tools and
platform ports that load SCP firmware. ARM plaforms have been
updated to the new porting API.

IMPORTANT: build option to specify the SCP FW image has changed:

    BL30 --> SCP_BL2

IMPORTANT: This patch breaks compatibility for platforms that use BL2
to load SCP firmware. Affected platforms must be updated as follows:

    BL30_IMAGE_ID --> SCP_BL2_IMAGE_ID
    BL30_BASE --> SCP_BL2_BASE
    bl2_plat_get_bl30_meminfo() --> bl2_plat_get_scp_bl2_meminfo()
    bl2_plat_handle_bl30() --> bl2_plat_handle_scp_bl2()

Change-Id: I24c4c1a4f0e4b9f17c9e4929da815c4069549e58
This commit is contained in:
Juan Castillo 2015-12-10 15:49:17 +00:00
parent 516beb585c
commit f59821d512
21 changed files with 154 additions and 144 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

55
bl2/bl2_main.c
View file

@ -41,45 +41,52 @@
#include <stdint.h>
#include "bl2_private.h"
/*
* Check for platforms that use obsolete image terminology
*/
#ifdef BL30_BASE
# error "BL30_BASE platform define no longer used - please use SCP_BL2_BASE"
#endif
/*******************************************************************************
* Load the BL3-0 image if there's one.
* If a platform does not want to attempt to load BL3-0 image it must leave
* BL30_BASE undefined.
* Return 0 on success or if there's no BL3-0 image to load, a negative error
* Load the SCP_BL2 image if there's one.
* If a platform does not want to attempt to load SCP_BL2 image it must leave
* SCP_BL2_BASE undefined.
* Return 0 on success or if there's no SCP_BL2 image to load, a negative error
* code otherwise.
******************************************************************************/
static int load_bl30(void)
static int load_scp_bl2(void)
{
int e = 0;
#ifdef BL30_BASE
meminfo_t bl30_mem_info;
image_info_t bl30_image_info;
#ifdef SCP_BL2_BASE
meminfo_t scp_bl2_mem_info;
image_info_t scp_bl2_image_info;
/*
* It is up to the platform to specify where BL3-0 should be loaded if
* It is up to the platform to specify where SCP_BL2 should be loaded if
* it exists. It could create space in the secure sram or point to a
* completely different memory.
*
* The entry point information is not relevant in this case as the AP
* won't execute the BL3-0 image.
* won't execute the SCP_BL2 image.
*/
INFO("BL2: Loading BL3-0\n");
bl2_plat_get_bl30_meminfo(&bl30_mem_info);
bl30_image_info.h.version = VERSION_1;
e = load_auth_image(&bl30_mem_info,
BL30_IMAGE_ID,
BL30_BASE,
&bl30_image_info,
INFO("BL2: Loading SCP_BL2\n");
bl2_plat_get_scp_bl2_meminfo(&scp_bl2_mem_info);
scp_bl2_image_info.h.version = VERSION_1;
e = load_auth_image(&scp_bl2_mem_info,
SCP_BL2_IMAGE_ID,
SCP_BL2_BASE,
&scp_bl2_image_info,
NULL);
if (e == 0) {
/* The subsequent handling of BL3-0 is platform specific */
e = bl2_plat_handle_bl30(&bl30_image_info);
/* The subsequent handling of SCP_BL2 is platform specific */
e = bl2_plat_handle_scp_bl2(&scp_bl2_image_info);
if (e) {
ERROR("Failure in platform-specific handling of BL3-0 image.\n");
ERROR("Failure in platform-specific handling of SCP_BL2 image.\n");
}
}
#endif /* BL30_BASE */
#endif /* SCP_BL2_BASE */
return e;
}
@ -219,13 +226,13 @@ void bl2_main(void)
/*
* Load the subsequent bootloader images
*/
e = load_bl30();
e = load_scp_bl2();
if (e) {
ERROR("Failed to load BL3-0 (%i)\n", e);
ERROR("Failed to load SCP_BL2 (%i)\n", e);
plat_error_handler(e);
}
/* Perform platform setup in BL2 after loading BL3-0 */
/* Perform platform setup in BL2 after loading SCP_BL2 */
bl2_platform_setup();
/*

7
docs/auth-framework.md
View file

@ -211,8 +211,9 @@ It is responsible for:
3. Tracking which images have been verified. In case an image is a part of
multiple CoTs then it should be verified only once e.g. the Trusted World
Key Certificate in the TBBR-Client spec. contains information to verify
BL3-0, BL3-1, BL3-2 each of which have a separate CoT. (This responsibility
has not been described in this document but should be trivial to implement).
SCP_BL2, BL3-1, BL3-2 each of which have a separate CoT. (This
responsibility has not been described in this document but should be
trivial to implement).
4. Reusing memory meant for a data image to verify authentication images e.g.
in the CoT described in Diagram 2, each certificate can be loaded and
@ -632,7 +633,7 @@ is, however, a minimum set of images that are mandatory in the Trusted Firmware
and thus all CoTs must present:
* `BL2`
* `BL3-0` (platform specific)
* `SCP_BL2` (platform specific)
* `BL3-1`
* `BL3-2` (optional)
* `BL3-3`

24
docs/firmware-design.md
View file

@ -248,16 +248,16 @@ BL2 also initializes a UART (PL011 console), which enables access to the
access to controlled components. The storage abstraction layer is initialized
which is used to load further bootloader images.
#### BL3-0 (System Control Processor Firmware) image load
#### SCP_BL2 (System Control Processor Firmware) image load
Some systems have a separate System Control Processor (SCP) for power, clock,
reset and system control. BL2 loads the optional BL3-0 image from platform
reset and system control. BL2 loads the optional SCP_BL2 image from platform
storage into a platform-specific region of secure memory. The subsequent
handling of BL3-0 is platform specific. For example, on the Juno ARM development
platform port the image is transferred into SCP's internal memory using the Boot
Over MHU (BOM) protocol after being loaded in the trusted SRAM memory. The SCP
executes BL3-0 and signals to the Application Processor (AP) for BL2 execution
to continue.
handling of SCP_BL2 is platform specific. For example, on the Juno ARM
development platform port the image is transferred into SCP's internal memory
using the Boot Over MHU (BOM) protocol after being loaded in the trusted SRAM
memory. The SCP executes SCP_BL2 and signals to the Application Processor (AP)
for BL2 execution to continue.
#### BL3-1 (EL3 Runtime Firmware) image load
@ -1249,7 +1249,7 @@ The following list describes the memory layout on the ARM development platforms:
* BL2 is loaded below BL3-1.
* On Juno, BL3-0 is loaded temporarily into the BL3-1 memory region and
* On Juno, SCP_BL2 is loaded temporarily into the BL3-1 memory region and
transfered to the SCP before being overwritten by BL3-1.
* BL3-2 can be loaded in one of the following locations:
@ -1356,12 +1356,12 @@ layout of the other images in Trusted SRAM.
0x0BEC0000 |----------|
: :
0x08000000 +----------+ BL3-1 is loaded
after BL3-0 has
after SCP_BL2 has
Trusted SRAM been sent to SCP
0x04040000 +----------+ loaded by BL2 ------------------
| BL1 (rw) | <<<<<<<<<<<<< | BL3-1 NOBITS |
|----------| <<<<<<<<<<<<< |----------------|
| BL3-0 | <<<<<<<<<<<<< | BL3-1 PROGBITS |
| SCP_BL2 | <<<<<<<<<<<<< | BL3-1 PROGBITS |
|----------| ------------------
| BL2 | <<<<<<<<<<<<< | BL3-2 NOBITS |
|----------| <<<<<<<<<<<<< |----------------|
@ -1390,12 +1390,12 @@ layout of the other images in Trusted SRAM.
0x0BEC0000 |----------|
: :
0x08000000 +----------+ BL3-1 is loaded
after BL3-0 has
after SCP_BL2 has
Trusted SRAM been sent to SCP
0x04040000 +----------+ loaded by BL2 ------------------
| BL1 (rw) | <<<<<<<<<<<<< | BL3-1 NOBITS |
|----------| <<<<<<<<<<<<< |----------------|
| BL3-0 | <<<<<<<<<<<<< | BL3-1 PROGBITS |
| SCP_BL2 | <<<<<<<<<<<<< | BL3-1 PROGBITS |
|----------| ------------------
| BL2 |
|----------|

48
docs/porting-guide.md
View file

@ -277,23 +277,23 @@ also be defined:
BL3-3 content certificate identifier, used by BL2 to load the BL3-3 content
certificate.
If a BL3-0 image is supported by the platform, the following constants must
If a SCP_BL2 image is supported by the platform, the following constants must
also be defined:
* **#define : BL30_IMAGE_ID**
* **#define : SCP_BL2_IMAGE_ID**
BL3-0 image identifier, used by BL2 to load BL3-0 into secure memory from
platform storage before being transfered to the SCP.
SCP_BL2 image identifier, used by BL2 to load SCP_BL2 into secure memory
from platform storage before being transfered to the SCP.
* **#define : SCP_FW_KEY_CERT_ID**
BL3-0 key certificate identifier, used by BL2 to load the BL3-0 key
SCP_BL2 key certificate identifier, used by BL2 to load the SCP_BL2 key
certificate (mandatory when Trusted Board Boot is enabled).
* **#define : SCP_FW_CONTENT_CERT_ID**
BL3-0 content certificate identifier, used by BL2 to load the BL3-0 content
certificate (mandatory when Trusted Board Boot is enabled).
SCP_BL2 content certificate identifier, used by BL2 to load the SCP_BL2
content certificate (mandatory when Trusted Board Boot is enabled).
If a BL3-2 image is supported by the platform, the following constants must
also be defined:
@ -838,15 +838,15 @@ The BL2 stage is executed only by the primary CPU, which is determined in BL1
using the `platform_is_primary_cpu()` function. BL1 passed control to BL2 at
`BL2_BASE`. BL2 executes in Secure EL1 and is responsible for:
1. (Optional) Loading the BL3-0 binary image (if present) from platform
provided non-volatile storage. To load the BL3-0 image, BL2 makes use of
the `meminfo` returned by the `bl2_plat_get_bl30_meminfo()` function.
The platform also defines the address in memory where BL3-0 is loaded
through the optional constant `BL30_BASE`. BL2 uses this information
to determine if there is enough memory to load the BL3-0 image.
Subsequent handling of the BL3-0 image is platform-specific and is
implemented in the `bl2_plat_handle_bl30()` function.
If `BL30_BASE` is not defined then this step is not performed.
1. (Optional) Loading the SCP_BL2 binary image (if present) from platform
provided non-volatile storage. To load the SCP_BL2 image, BL2 makes use of
the `meminfo` returned by the `bl2_plat_get_scp_bl2_meminfo()` function.
The platform also defines the address in memory where SCP_BL2 is loaded
through the optional constant `SCP_BL2_BASE`. BL2 uses this information
to determine if there is enough memory to load the SCP_BL2 image.
Subsequent handling of the SCP_BL2 image is platform-specific and is
implemented in the `bl2_plat_handle_scp_bl2()` function.
If `SCP_BL2_BASE` is not defined then this step is not performed.
2. Loading the BL3-1 binary image into secure RAM from non-volatile storage. To
load the BL3-1 image, BL2 makes use of the `meminfo` structure passed to it
@ -897,8 +897,8 @@ copied structure is made available to all BL2 code through the
In ARM standard platforms, this function also initializes the storage
abstraction layer used to load further bootloader images. It is necessary to do
this early on platforms with a BL3-0 image, since the later `bl2_platform_setup`
must be done after BL3-0 is loaded.
this early on platforms with a SCP_BL2 image, since the later
`bl2_platform_setup` must be done after SCP_BL2 is loaded.
### Function : bl2_plat_arch_setup() [mandatory]
@ -945,24 +945,24 @@ populated with the extents of secure RAM available for BL2 to use. See
`bl2_early_platform_setup()` above.
### Function : bl2_plat_get_bl30_meminfo() [mandatory]
### Function : bl2_plat_get_scp_bl2_meminfo() [mandatory]
Argument : meminfo *
Return : void
This function is used to get the memory limits where BL2 can load the
BL3-0 image. The meminfo provided by this is used by load_image() to
validate whether the BL3-0 image can be loaded within the given
SCP_BL2 image. The meminfo provided by this is used by load_image() to
validate whether the SCP_BL2 image can be loaded within the given
memory from the given base.
### Function : bl2_plat_handle_bl30() [mandatory]
### Function : bl2_plat_handle_scp_bl2() [mandatory]
Argument : image_info *
Return : int
This function is called after loading BL3-0 image and it is used to perform any
platform-specific actions required to handle the SCP firmware. Typically it
This function is called after loading SCP_BL2 image and it is used to perform
any platform-specific actions required to handle the SCP firmware. Typically it
transfers the image into SCP memory using a platform-specific protocol and waits
until SCP executes it and signals to the Application Processor (AP) for BL2
execution to continue.

29
docs/trusted-board-boot.md
View file

@ -66,7 +66,7 @@ The keys used to establish the CoT are:
* **Trusted world key**
The private part is used to sign the key certificates corresponding to the
secure world images (BL3-0, BL3-1 and BL3-2). The public part is stored in
secure world images (SCP_BL2, BL3-1 and BL3-2). The public part is stored in
one of the extension fields in the trusted world certificate.
* **Non-trusted world key**
@ -77,15 +77,15 @@ The keys used to establish the CoT are:
* **BL3-X keys**
For each of BL3-0, BL3-1, BL3-2 and BL3-3, the private part is used to sign
the content certificate for the BL3-X image. The public part is stored in
one of the extension fields in the corresponding key certificate.
For each of SCP_BL2, BL3-1, BL3-2 and BL3-3, the private part is used to
sign the content certificate for the BL3-X image. The public part is stored
in one of the extension fields in the corresponding key certificate.
The following images are included in the CoT:
* BL1
* BL2
* BL3-0 (optional)
* SCP_BL2 (optional)
* BL3-1
* BL3-3
* BL3-2 (optional)
@ -103,14 +103,15 @@ The following certificates are used to authenticate the images.
public part of the trusted world key and the public part of the non-trusted
world key.
* **BL3-0 key certificate**
* **SCP_BL2 key certificate**
It is self-signed with the trusted world key. It contains the public part of
the BL3-0 key.
the SCP_BL2 key.
* **BL3-0 content certificate**
* **SCP_BL2 content certificate**
It is self-signed with the BL3-0 key. It contains a hash of the BL3-0 image.
It is self-signed with the SCP_BL2 key. It contains a hash of the SCP_BL2
image.
* **BL3-1 key certificate**
@ -139,8 +140,8 @@ The following certificates are used to authenticate the images.
It is self-signed with the BL3-3 key. It contains a hash of the BL3-3 image.
The BL3-0 and BL3-2 certificates are optional, but they must be present if the
corresponding BL3-0 or BL3-2 images are present.
The SCP_BL2 and BL3-2 certificates are optional, but they must be present if the
corresponding SCP_BL2 or BL3-2 images are present.
3. Trusted Board Boot Sequence
@ -167,9 +168,9 @@ if any of the steps fail.
registers. If the comparison succeeds, BL2 reads and saves the trusted and
non-trusted world public keys from the verified certificate.
The next two steps are executed for each of the BL3-0, BL3-1 & BL3-2 images. The
steps for the optional BL3-0 and BL3-2 images are skipped if these images are
not present.
The next two steps are executed for each of the SCP_BL2, BL3-1 & BL3-2 images.
The steps for the optional SCP_BL2 and BL3-2 images are skipped if these images
are not present.
* BL2 loads and verifies the BL3-x key certificate. The certificate signature
is verified using the trusted world public key. If the signature

31
docs/user-guide.md
View file

@ -139,11 +139,11 @@ Trusted Firmware source tree and follow these steps:
For more information on FIPs, see the "Firmware Image Package" section in
the [Firmware Design].
2. (Optional) Some platforms may require a BL3-0 image to boot. This image can
2. (Optional) Some platforms may require a SCP_BL2 image to boot. This image can
be included in the FIP when building the Trusted Firmware by specifying the
`BL30` build option:
`SCP_BL2` build option:
BL30=<path-to>/<bl30_image>
SCP_BL2=<path-to>/<scp_bl2_image>
3. Output binary files `bl1.bin` and `fip.bin` are both required to boot the
system. How these files are used is platform specific. Refer to the
@ -180,8 +180,8 @@ performed.
#### Common build options
* `BL30`: Path to BL3-0 image in the host file system. This image is optional.
If a BL3-0 image is present then this option must be passed for the `fip`
* `SCP_BL2`: Path to SCP_BL2 image in the host file system. This image is optional.
If a SCP_BL2 image is present then this option must be passed for the `fip`
target.
* `BL33`: Path to BL3-3 image in the host file system. This is mandatory for
@ -327,8 +327,8 @@ performed.
specifies the file that contains the Non-Trusted World private key in PEM
format. If `SAVE_KEYS=1`, this file name will be used to save the key.
* `BL30_KEY`: This option is used when `GENERATE_COT=1`. It specifies the
file that contains the BL3-0 private key in PEM format. If `SAVE_KEYS=1`,
* `SCP_BL2_KEY`: This option is used when `GENERATE_COT=1`. It specifies the
file that contains the SCP_BL2 private key in PEM format. If `SAVE_KEYS=1`,
this file name will be used to save the key.
* `BL31_KEY`: This option is used when `GENERATE_COT=1`. It specifies the
@ -767,7 +767,7 @@ complexity of developing EL3 baremetal code by:
* putting the system into a known architectural state;
* taking care of platform secure world initialization;
* loading the BL30 image if required by the platform.
* loading the SCP_BL2 image if required by the platform.
When booting an EL3 payload on ARM standard platforms, the configuration of the
TrustZone controller is simplified such that only region 0 is enabled and is
@ -1187,14 +1187,15 @@ deliverables on Juno][Juno Instructions].
### Preparing Trusted Firmware images
The Juno platform requires a BL0 and a BL30 image to boot up. The BL0 image
contains the ROM firmware that runs on the SCP (System Control Processor),
whereas the BL30 image contains the SCP Runtime firmware. Both images are
embedded within the Juno board recovery image, these are the files `bl0.bin`
and `bl30.bin`.
The Juno platform requires a SCP_BL1 and a SCP_BL2 image to boot up. The
SCP_BL1 image contains the ROM firmware that runs on the SCP (System Control
Processor), whereas the SCP_BL2 image contains the SCP Runtime firmware. Both
images are embedded within the Juno board recovery image, these are the files
`bl0.bin` and `bl30.bin`, respectively. Please note that these filenames still
use the old terminology.
The BL30 file must be part of the FIP image. Therefore, its path must be
supplied using the `BL30` variable on the command line when building the
The SCP_BL2 file must be part of the FIP image. Therefore, its path must be
supplied using the `SCP_BL2` variable on the command line when building the
FIP. Please refer to the section "Building the Trusted Firmware".
After building Trusted Firmware, the files `bl1.bin` and `fip.bin` need copying

4
drivers/auth/tbbr/tbbr_cot.c
View file

@ -230,8 +230,8 @@ static const auth_img_desc_t cot_desc[] = {
}
}
},
[BL30_IMAGE_ID] = {
.img_id = BL30_IMAGE_ID,
[SCP_BL2_IMAGE_ID] = {
.img_id = SCP_BL2_IMAGE_ID,
.img_type = IMG_RAW,
.parent = &cot_desc[SCP_FW_CONTENT_CERT_ID],
.img_auth_methods = {

2
include/common/firmware_image_package.h
View file

@ -49,7 +49,7 @@
{0xb28a4071, 0xd618, 0x4c87, 0x8b, 0x2e, {0xc6, 0xdc, 0xcd, 0x50, 0xf0, 0x96} }
#define UUID_TRUSTED_BOOT_FIRMWARE_BL2 \
{0x0becf95f, 0x224d, 0x4d3e, 0xa5, 0x44, {0xc3, 0x9d, 0x81, 0xc7, 0x3f, 0x0a} }
#define UUID_SCP_FIRMWARE_BL30 \
#define UUID_SCP_FIRMWARE_SCP_BL2 \
{0x3dfd6697, 0xbe89, 0x49e8, 0xae, 0x5d, {0x78, 0xa1, 0x40, 0x60, 0x82, 0x13} }
#define UUID_EL3_RUNTIME_FIRMWARE_BL31 \
{0x6d08d447, 0xfe4c, 0x4698, 0x9b, 0x95, {0x29, 0x50, 0xcb, 0xbd, 0x5a, 0x00} }

4
include/common/tbbr/tbbr_img_def.h
View file

@ -37,8 +37,8 @@
/* Trusted Boot Firmware BL2 */
#define BL2_IMAGE_ID 1
/* SCP Firmware BL3-0 */
#define BL30_IMAGE_ID 2
/* SCP Firmware SCP_BL2 */
#define SCP_BL2_IMAGE_ID 2
/* EL3 Runtime Firmware BL31 */
#define BL31_IMAGE_ID 3

4
include/plat/arm/board/common/board_arm_oid.h
View file

@ -127,9 +127,9 @@
* SCP Firmware Content Certificate
*/
/* SCPFirmwareHash - BL30 */
/* SCPFirmwareHash - SCP_BL2 */
#define SCP_FW_HASH_OID "1.3.6.1.4.1.4128.2100.801"
/* SCPRomPatchHash - BL0_PATCH */
/* SCPRomPatchHash - SCP_BL1_PATCH */
#define SCP_ROM_PATCH_HASH_OID "1.3.6.1.4.1.4128.2100.802"

8
include/plat/arm/css/common/css_def.h
View file

@ -82,7 +82,7 @@
* primary, according to the shift and mask definitions below.
*
* Note that the value stored at this address is only valid at boot time, before
* the BL3-0 image is transferred to SCP.
* the SCP_BL2 image is transferred to SCP.
*/
#define SCP_BOOT_CFG_ADDR (ARM_TRUSTED_SRAM_BASE + 0x80)
#define PRIMARY_CPU_SHIFT 8
@ -110,11 +110,11 @@
************************************************************************/
/*
* Load address of BL3-0 in CSS platform ports
* BL3-0 is loaded to the same place as BL3-1. Once BL3-0 is transferred to the
* Load address of SCP_BL2 in CSS platform ports
* SCP_BL2 is loaded to the same place as BL3-1. Once SCP_BL2 is transferred to the
* SCP, it is discarded and BL3-1 is loaded over the top.
*/
#define BL30_BASE BL31_BASE
#define SCP_BL2_BASE BL31_BASE
#define SCP_BL2U_BASE BL31_BASE

10
include/plat/common/platform.h
View file

@ -166,17 +166,17 @@ void bl2_plat_set_bl33_ep_info(struct image_info *image,
void bl2_plat_get_bl33_meminfo(struct meminfo *mem_info);
/*******************************************************************************
* Conditionally mandatory BL2 functions: must be implemented if BL3-0 image
* Conditionally mandatory BL2 functions: must be implemented if SCP_BL2 image
* is supported
******************************************************************************/
/* Gets the memory layout for BL3-0 */
void bl2_plat_get_bl30_meminfo(struct meminfo *mem_info);
/* Gets the memory layout for SCP_BL2 */
void bl2_plat_get_scp_bl2_meminfo(struct meminfo *mem_info);
/*
* This function is called after loading BL3-0 image and it is used to perform
* This function is called after loading SCP_BL2 image and it is used to perform
* any platform-specific actions required to handle the SCP firmware.
*/
int bl2_plat_handle_bl30(struct image_info *bl30_image_info);
int bl2_plat_handle_scp_bl2(struct image_info *scp_bl2_image_info);
/*******************************************************************************
* Conditionally mandatory BL2 functions: must be implemented if BL3-2 image

4
make_helpers/build_macros.mk
View file

@ -110,8 +110,8 @@ endef
# FIP_ADD_IMG allows the platform to specify an image to be packed in the FIP
# using a build option. It also adds a dependency on the image file, aborting
# the build if the file does not exist.
# $(1) = build option to specify the image filename (BL30, BL33, etc)
# $(2) = command line option for the fip_create tool (bl30, bl33, etc)
# $(1) = build option to specify the image filename (SCP_BL2, BL33, etc)
# $(2) = command line option for the fip_create tool (scp_bl2, bl33, etc)
# Example:
# $(eval $(call FIP_ADD_IMG,BL33,--bl33))
define FIP_ADD_IMG

12
make_helpers/tbbr/tbbr_tools.mk
View file

@ -37,7 +37,7 @@
# BUILD_PLAT: output directory
# NEED_BL32: indicates whether BL3-2 is needed by the platform
# BL2: image filename (optional). Default is IMG_BIN(2) (see macro IMG_BIN)
# BL30: image filename (optional). Default is IMG_BIN(30)
# SCP_BL2: image filename (optional). Default is IMG_BIN(30)
# BL31: image filename (optional). Default is IMG_BIN(31)
# BL32: image filename (optional). Default is IMG_BIN(32)
# BL33: image filename (optional). Default is IMG_BIN(33)
@ -48,7 +48,7 @@
# ROT_KEY
# TRUSTED_WORLD_KEY
# NON_TRUSTED_WORLD_KEY
# BL30_KEY
# SCP_BL2_KEY
# BL31_KEY
# BL32_KEY
# BL33_KEY
@ -81,10 +81,10 @@ $(if ${BL2},$(eval $(call CERT_ADD_CMD_OPT,${BL2},--tb-fw,true)),\
$(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/tb_fw.crt,--tb-fw-cert))
$(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/tb_fw.crt,--tb-fw-cert))
# Add the BL30 CoT (key cert + img cert + image)
ifneq (${BL30},)
$(eval $(call CERT_ADD_CMD_OPT,${BL30},--scp-fw,true))
$(if ${BL30_KEY},$(eval $(call CERT_ADD_CMD_OPT,${BL30_KEY},--scp-fw-key)))
# Add the SCP_BL2 CoT (key cert + img cert + image)
ifneq (${SCP_BL2},)
$(eval $(call CERT_ADD_CMD_OPT,${SCP_BL2},--scp-fw,true))
$(if ${SCP_BL2_KEY},$(eval $(call CERT_ADD_CMD_OPT,${SCP_BL2_KEY},--scp-fw-key)))
$(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/scp_fw_content.crt,--scp-fw-cert))
$(eval $(call CERT_ADD_CMD_OPT,${BUILD_PLAT}/scp_fw_key.crt,--scp-fw-key-cert))
$(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/scp_fw_content.crt,--scp-fw-cert))

8
plat/arm/common/arm_bl2_setup.c
View file

@ -90,7 +90,7 @@ static bl2_to_bl31_params_mem_t bl31_params_mem;
#pragma weak bl2_plat_get_bl31_ep_info
#pragma weak bl2_plat_flush_bl31_params
#pragma weak bl2_plat_set_bl31_ep_info
#pragma weak bl2_plat_get_bl30_meminfo
#pragma weak bl2_plat_get_scp_bl2_meminfo
#pragma weak bl2_plat_get_bl32_meminfo
#pragma weak bl2_plat_set_bl32_ep_info
#pragma weak bl2_plat_get_bl33_meminfo
@ -235,12 +235,12 @@ void bl2_plat_arch_setup(void)
}
/*******************************************************************************
* Populate the extents of memory available for loading BL3-0 (if used),
* Populate the extents of memory available for loading SCP_BL2 (if used),
* i.e. anywhere in trusted RAM as long as it doesn't overwrite BL2.
******************************************************************************/
void bl2_plat_get_bl30_meminfo(meminfo_t *bl30_meminfo)
void bl2_plat_get_scp_bl2_meminfo(meminfo_t *scp_bl2_meminfo)
{
*bl30_meminfo = bl2_tzram_layout;
*scp_bl2_meminfo = bl2_tzram_layout;
}
/*******************************************************************************

8
plat/arm/common/arm_io_storage.c
View file

@ -53,8 +53,8 @@ static const io_uuid_spec_t bl2_uuid_spec = {
.uuid = UUID_TRUSTED_BOOT_FIRMWARE_BL2,
};
static const io_uuid_spec_t bl30_uuid_spec = {
.uuid = UUID_SCP_FIRMWARE_BL30,
static const io_uuid_spec_t scp_bl2_uuid_spec = {
.uuid = UUID_SCP_FIRMWARE_SCP_BL2,
};
static const io_uuid_spec_t bl31_uuid_spec = {
@ -133,9 +133,9 @@ static const struct plat_io_policy policies[] = {
(uintptr_t)&bl2_uuid_spec,
open_fip
},
[BL30_IMAGE_ID] = {
[SCP_BL2_IMAGE_ID] = {
&fip_dev_handle,
(uintptr_t)&bl30_uuid_spec,
(uintptr_t)&scp_bl2_uuid_spec,
open_fip
},
[BL31_IMAGE_ID] = {

18
plat/arm/css/common/css_bl2_setup.c
View file

@ -37,25 +37,25 @@
#include "css_scp_bootloader.h"
/* Weak definition may be overridden in specific CSS based platform */
#pragma weak bl2_plat_handle_bl30
#pragma weak bl2_plat_handle_scp_bl2
/*******************************************************************************
* Transfer BL3-0 from Trusted RAM using the SCP Download protocol.
* Transfer SCP_BL2 from Trusted RAM using the SCP Download protocol.
* Return 0 on success, -1 otherwise.
******************************************************************************/
int bl2_plat_handle_bl30(image_info_t *bl30_image_info)
int bl2_plat_handle_scp_bl2(image_info_t *scp_bl2_image_info)
{
int ret;
INFO("BL2: Initiating BL3-0 transfer to SCP\n");
INFO("BL2: Initiating SCP_BL2 transfer to SCP\n");
ret = scp_bootloader_transfer((void *)bl30_image_info->image_base,
bl30_image_info->image_size);
ret = scp_bootloader_transfer((void *)scp_bl2_image_info->image_base,
scp_bl2_image_info->image_size);
if (ret == 0)
INFO("BL2: BL3-0 transferred to SCP\n");
INFO("BL2: SCP_BL2 transferred to SCP\n");
else
ERROR("BL2: BL3-0 transfer failure\n");
ERROR("BL2: SCP_BL2 transfer failure\n");
return ret;
}
@ -72,7 +72,7 @@ void bl2_early_platform_setup(meminfo_t *mem_layout)
{
arm_bl2_early_platform_setup(mem_layout);
/* Save SCP Boot config before it gets overwritten by BL30 loading */
/* Save SCP Boot config before it gets overwritten by SCP_BL2 loading */
scp_boot_config = mmio_read_32(SCP_BOOT_CFG_ADDR);
VERBOSE("BL2: Saved SCP Boot config = 0x%x\n", scp_boot_config);
}

4
plat/arm/css/common/css_common.mk
View file

@ -60,8 +60,8 @@ ifneq (${RESET_TO_BL31},0)
Please set RESET_TO_BL31 to 0.")
endif
# Subsystems require a BL30 image
$(eval $(call FIP_ADD_IMG,BL30,--bl30))
# Subsystems require a SCP_BL2 image
$(eval $(call FIP_ADD_IMG,SCP_BL2,--scp_bl2))
# Enable option to detect whether the SCP ROM firmware in use predates version
# 1.7.0 and therefore, is incompatible.

10
plat/arm/css/common/css_scp_bootloader.c
View file

@ -118,10 +118,10 @@ int scp_bootloader_transfer(void *image, unsigned int image_size)
cmd_info_payload_t *cmd_info_payload;
cmd_data_payload_t *cmd_data_payload;
assert((uintptr_t) image == BL30_BASE);
assert((uintptr_t) image == SCP_BL2_BASE);
if ((image_size == 0) || (image_size % 4 != 0)) {
ERROR("Invalid size for the BL3-0 image. Must be a multiple of "
ERROR("Invalid size for the SCP_BL2 image. Must be a multiple of "
"4 bytes and not zero (current size = 0x%x)\n",
image_size);
return -1;
@ -134,7 +134,7 @@ int scp_bootloader_transfer(void *image, unsigned int image_size)
mhu_secure_init();
VERBOSE("Send info about the BL3-0 image to be transferred to SCP\n");
VERBOSE("Send info about the SCP_BL2 image to be transferred to SCP\n");
/*
* Send information about the SCP firmware image about to be transferred
@ -174,9 +174,9 @@ int scp_bootloader_transfer(void *image, unsigned int image_size)
return -1;
}
VERBOSE("Transferring BL3-0 image to SCP\n");
VERBOSE("Transferring SCP_BL2 image to SCP\n");
/* Transfer BL3-0 image to SCP */
/* Transfer SCP_BL2 image to SCP */
scp_boot_message_start();
BOM_CMD_HEADER->id = BOOT_CMD_DATA;

4
tools/cert_create/src/main.c
View file

@ -86,7 +86,7 @@
enum {
/* Image file names (inputs) */
BL2_ID = 0,
BL30_ID,
SCP_BL2_ID,
BL31_ID,
BL32_ID,
BL33_ID,
@ -105,7 +105,7 @@ enum {
ROT_KEY_ID,
TRUSTED_WORLD_KEY_ID,
NON_TRUSTED_WORLD_KEY_ID,
BL30_KEY_ID,
SCP_BL2_KEY_ID,
BL31_KEY_ID,
BL32_KEY_ID,
BL33_KEY_ID,

4
tools/fip_create/fip_create.c
View file

@ -65,8 +65,8 @@ static entry_lookup_list_t toc_entry_lookup_list[] = {
"fwu-cert", NULL, FLAG_FILENAME},
{ "Trusted Boot Firmware BL2", UUID_TRUSTED_BOOT_FIRMWARE_BL2,
"bl2", NULL, FLAG_FILENAME },
{ "SCP Firmware BL3-0", UUID_SCP_FIRMWARE_BL30,
"bl30", NULL, FLAG_FILENAME},
{ "SCP Firmware SCP_BL2", UUID_SCP_FIRMWARE_SCP_BL2,
"scp_bl2", NULL, FLAG_FILENAME},
{ "EL3 Runtime Firmware BL3-1", UUID_EL3_RUNTIME_FIRMWARE_BL31,
"bl31", NULL, FLAG_FILENAME},
{ "Secure Payload BL3-2 (Trusted OS)", UUID_SECURE_PAYLOAD_BL32,