From 523c78704fabfd5f35f0e6abe6df2192d33a3c95 Mon Sep 17 00:00:00 2001 From: Harrison Mutai Date: Mon, 11 Nov 2024 13:41:05 +0000 Subject: [PATCH 1/8] fix(arm): resolve dangling comments around macros Fix dangling comments around define guards, addressing leftovers from fe94a21a6 ("fix(arm): move HW_CONFIG relocation into BL31") which implicitly removed constraints on using HW_CONFIG with RESET_TO_BL2. Change-Id: I19d61812fed6fa4b668875e5bf4eafd1a8a660f6 Signed-off-by: Harrison Mutai --- plat/arm/common/arm_bl31_setup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plat/arm/common/arm_bl31_setup.c b/plat/arm/common/arm_bl31_setup.c index 0a8dd372d..e84f17760 100644 --- a/plat/arm/common/arm_bl31_setup.c +++ b/plat/arm/common/arm_bl31_setup.c @@ -392,7 +392,7 @@ void arm_bl31_platform_setup(void) te = transfer_list_add(ns_tl, TL_TAG_FDT, te->data_size, transfer_list_entry_data(te)); assert(te != NULL); -#endif /* TRANSFER_LIST */ +#endif /* TRANSFER_LIST && !RESET_TO_BL31 */ /* Initialize the GIC driver, cpu and distributor interfaces */ plat_arm_gic_driver_init(); @@ -447,7 +447,7 @@ void arm_bl31_plat_runtime_setup(void) * they can access the updated data even if caching is not enabled. */ flush_dcache_range((uintptr_t)ns_tl, ns_tl->size); -#endif /* TRANSFER_LIST && !(RESET_TO_BL2 || RESET_TO_BL31) */ +#endif /* TRANSFER_LIST && !RESET_TO_BL31 */ #if RECLAIM_INIT_CODE arm_free_init_memory(); From f1d94593354a948dfc81ca569d4832afb20aaf41 Mon Sep 17 00:00:00 2001 From: Harrison Mutai Date: Wed, 6 Nov 2024 10:03:51 +0000 Subject: [PATCH 2/8] feat(handoff): add func to check and init a tl Add a function to check whether a transfer list has been initialized at the input address. If not, initialize a transfer list at the specified location with the given size. This is to help ensure that we don't accidently overwrite a transfer list that's been passed from a previous stage. Change-Id: Ic5906626df09d3801435488e258490765e8f81eb Signed-off-by: Harrison Mutai --- include/lib/transfer_list.h | 1 + lib/transfer_list/transfer_list.c | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/include/lib/transfer_list.h b/include/lib/transfer_list.h index 1b5ec2d63..047b2d0ad 100644 --- a/include/lib/transfer_list.h +++ b/include/lib/transfer_list.h @@ -110,6 +110,7 @@ struct __attribute__((packed)) transfer_list_entry { CASSERT(sizeof(struct transfer_list_entry) == U(0x8), assert_transfer_list_entry_size); void transfer_list_dump(struct transfer_list_header *tl); +struct transfer_list_header *transfer_list_ensure(void *addr, size_t size); entry_point_info_t * transfer_list_set_handoff_args(struct transfer_list_header *tl, entry_point_info_t *ep_info); diff --git a/lib/transfer_list/transfer_list.c b/lib/transfer_list/transfer_list.c index 8d82d259f..35dc418d5 100644 --- a/lib/transfer_list/transfer_list.c +++ b/lib/transfer_list/transfer_list.c @@ -521,3 +521,22 @@ void *transfer_list_entry_data(struct transfer_list_entry *entry) } return (uint8_t *)entry + entry->hdr_size; } + +/******************************************************************************* + * Verifies that the transfer list has not already been initialized, then + * initializes it at the specified memory location. + * + * Return pointer to the transfer list or NULL on error + * *****************************************************************************/ +struct transfer_list_header *transfer_list_ensure(void *addr, size_t size) +{ + struct transfer_list_header *tl = NULL; + + if (transfer_list_check_header(addr) == TL_OPS_ALL) { + return (struct transfer_list_header *)addr; + } + + tl = transfer_list_init((void *)addr, size); + + return tl; +} From 24e1ae2f0ed3e2c2be680aad6e88313661bf57ee Mon Sep 17 00:00:00 2001 From: Harrison Mutai Date: Thu, 28 Nov 2024 14:31:41 +0000 Subject: [PATCH 3/8] fix(handoff): fix message formatting of hex values Our implementation of printf does not support flag format specifiers. Our previous format specification as a result was causing the integer values to be omitted. This change updates the formatting to ensure accurate and complete error messages are displayed. Change-Id: I80cfb5fd7ff26e44cfad4e06803d9e0912488136 Signed-off-by: Harrison Mutai --- lib/transfer_list/transfer_list.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/lib/transfer_list/transfer_list.c b/lib/transfer_list/transfer_list.c index 35dc418d5..07614a684 100644 --- a/lib/transfer_list/transfer_list.c +++ b/lib/transfer_list/transfer_list.c @@ -168,30 +168,29 @@ transfer_list_check_header(const struct transfer_list_header *tl) } if (tl->signature != TRANSFER_LIST_SIGNATURE) { - ERROR("Bad transfer list signature %#" PRIx32 "\n", - tl->signature); + ERROR("Bad transfer list signature 0x%x\n", tl->signature); return TL_OPS_NON; } if (!tl->max_size) { - ERROR("Bad transfer list max size %#" PRIx32 "\n", + ERROR("Bad transfer list max size 0x%x\n", tl->max_size); return TL_OPS_NON; } if (tl->size > tl->max_size) { - ERROR("Bad transfer list size %#" PRIx32 "\n", tl->size); + ERROR("Bad transfer list size 0x%x\n", tl->size); return TL_OPS_NON; } if (tl->hdr_size != sizeof(struct transfer_list_header)) { - ERROR("Bad transfer list header size %#" PRIx32 "\n", + ERROR("Bad transfer list header size 0x%x\n", tl->hdr_size); return TL_OPS_NON; } if (!transfer_list_verify_checksum(tl)) { - ERROR("Bad transfer list checksum %#" PRIx32 "\n", + ERROR("Bad transfer list checksum 0x%x\n", tl->checksum); return TL_OPS_NON; } From d57057199449595b44a9c2f98c1e4af7fec2b648 Mon Sep 17 00:00:00 2001 From: Harrison Mutai Date: Mon, 23 Sep 2024 11:15:12 +0000 Subject: [PATCH 4/8] refactor(arm): refactor secure TL initialization The initialization logic for the secure transfer list is currently scattered and duplicated across platform setup code. This not only leads to inefficiency but also complicates access to transfer lists from other parts of the code without invoking setup functions. For instance, arm_bl2_setup_next_ep_info acts as a thin wrapper in arm_bl2_setup.c to provide access to the secure transfer list. To streamline the interface, all setup code has been consolidated into a central location. Change-Id: I99d2a567ff39df88baa57e7e08607fccb8af189c Signed-off-by: Harrison Mutai --- include/plat/arm/common/plat_arm.h | 1 + plat/arm/board/fvp/fvp_bl2_setup.c | 2 -- plat/arm/common/arm_bl1_setup.c | 18 +++++++----------- plat/arm/common/arm_bl2_setup.c | 8 +++----- plat/arm/common/arm_bl31_setup.c | 13 ++++++------- plat/arm/common/arm_transfer_list.c | 11 +++++------ 6 files changed, 22 insertions(+), 31 deletions(-) diff --git a/include/plat/arm/common/plat_arm.h b/include/plat/arm/common/plat_arm.h index c3756bf5d..370c2385a 100644 --- a/include/plat/arm/common/plat_arm.h +++ b/include/plat/arm/common/plat_arm.h @@ -427,6 +427,7 @@ void plat_arm_sp_min_early_platform_setup(u_register_t arg0, u_register_t arg1, extern plat_psci_ops_t plat_arm_psci_pm_ops; extern const mmap_region_t plat_arm_mmap[]; extern const unsigned int arm_pm_idle_states[]; +extern struct transfer_list_header *secure_tl; /* secure watchdog */ void plat_arm_secure_wdt_start(void); diff --git a/plat/arm/board/fvp/fvp_bl2_setup.c b/plat/arm/board/fvp/fvp_bl2_setup.c index ebdd80d45..8dcdd62e5 100644 --- a/plat/arm/board/fvp/fvp_bl2_setup.c +++ b/plat/arm/board/fvp/fvp_bl2_setup.c @@ -48,8 +48,6 @@ static const arm_gpt_info_t arm_gpt_info = { void bl2_early_platform_setup2(u_register_t arg0, u_register_t arg1, u_register_t arg2, u_register_t arg3) { - struct transfer_list_entry *te __unused; - #if TRANSFER_LIST arg0 = arg3; #endif diff --git a/plat/arm/common/arm_bl1_setup.c b/plat/arm/common/arm_bl1_setup.c index f043f59dd..6b66be582 100644 --- a/plat/arm/common/arm_bl1_setup.c +++ b/plat/arm/common/arm_bl1_setup.c @@ -64,9 +64,7 @@ static meminfo_t bl1_tzram_layout; /* Boolean variable to hold condition whether firmware update needed or not */ static bool is_fwu_needed; -#if TRANSFER_LIST -static struct transfer_list_header *secure_tl; -#endif +struct transfer_list_header *secure_tl; struct meminfo *bl1_plat_sec_mem_layout(void) { @@ -90,6 +88,12 @@ void arm_bl1_early_platform_setup(void) /* Allow BL1 to see the whole Trusted RAM */ bl1_tzram_layout.total_base = ARM_BL_RAM_BASE; bl1_tzram_layout.total_size = ARM_BL_RAM_SIZE; + +#if TRANSFER_LIST + secure_tl = transfer_list_ensure((void *)PLAT_ARM_EL3_FW_HANDOFF_BASE, + PLAT_ARM_FW_HANDOFF_SIZE); + assert(secure_tl != NULL); +#endif } void bl1_early_platform_setup(void) @@ -171,14 +175,6 @@ void arm_bl1_platform_setup(void) } #if TRANSFER_LIST - secure_tl = transfer_list_init((void *)PLAT_ARM_EL3_FW_HANDOFF_BASE, - PLAT_ARM_FW_HANDOFF_SIZE); - - if (secure_tl == NULL) { - ERROR("Secure transfer list initialisation failed!\n"); - panic(); - } - te = transfer_list_add(secure_tl, TL_TAG_TB_FW_CONFIG, ARM_TB_FW_CONFIG_MAX_SIZE, NULL); assert(te != NULL); diff --git a/plat/arm/common/arm_bl2_setup.c b/plat/arm/common/arm_bl2_setup.c index 90ee70cc0..63bf9577e 100644 --- a/plat/arm/common/arm_bl2_setup.c +++ b/plat/arm/common/arm_bl2_setup.c @@ -66,8 +66,7 @@ CASSERT(BL2_BASE >= ARM_FW_CONFIG_LIMIT, assert_bl2_base_overflows); #pragma weak arm_bl2_plat_handle_post_image_load -static struct transfer_list_header *secure_tl __unused; -static struct transfer_list_header *ns_tl __unused; +struct transfer_list_header *secure_tl __unused; /******************************************************************************* * BL1 has passed the extents of the trusted SRAM that should be visible to BL2 @@ -129,15 +128,14 @@ void bl2_plat_preload_setup(void) #if TRANSFER_LIST /* Assume the secure TL hasn't been initialised if BL2 is running at EL3. */ #if RESET_TO_BL2 - secure_tl = transfer_list_init((void *)PLAT_ARM_EL3_FW_HANDOFF_BASE, - PLAT_ARM_FW_HANDOFF_SIZE); + secure_tl = transfer_list_ensure((void *)PLAT_ARM_EL3_FW_HANDOFF_BASE, + PLAT_ARM_FW_HANDOFF_SIZE); if (secure_tl == NULL) { ERROR("Secure transfer list initialisation failed!\n"); panic(); } #endif - arm_transfer_list_dyn_cfg_init(secure_tl); #else #if ARM_FW_CONFIG_LOAD_ENABLE diff --git a/plat/arm/common/arm_bl31_setup.c b/plat/arm/common/arm_bl31_setup.c index e84f17760..478799512 100644 --- a/plat/arm/common/arm_bl31_setup.c +++ b/plat/arm/common/arm_bl31_setup.c @@ -25,8 +25,8 @@ #include #include -static struct transfer_list_header *secure_tl __unused; -static struct transfer_list_header *ns_tl __unused; +struct transfer_list_header *secure_tl; +struct transfer_list_header *ns_tl __unused; /* * Placeholder variables for copying the arguments that have been passed to @@ -367,14 +367,13 @@ void arm_bl31_platform_setup(void) struct transfer_list_entry *te __unused; #if TRANSFER_LIST && !RESET_TO_BL31 - ns_tl = transfer_list_init((void *)FW_NS_HANDOFF_BASE, - PLAT_ARM_FW_HANDOFF_SIZE); - + ns_tl = transfer_list_ensure((void *)FW_NS_HANDOFF_BASE, + PLAT_ARM_FW_HANDOFF_SIZE); if (ns_tl == NULL) { - ERROR("Non-secure transfer list initialisation failed!"); + ERROR("Non-secure transfer list initialisation failed!\n"); panic(); } - + /* BL31 may modify the HW_CONFIG so defer copying it until later. */ te = transfer_list_find(secure_tl, TL_TAG_FDT); assert(te != NULL); diff --git a/plat/arm/common/arm_transfer_list.c b/plat/arm/common/arm_transfer_list.c index 59fb03984..3f8460da3 100644 --- a/plat/arm/common/arm_transfer_list.c +++ b/plat/arm/common/arm_transfer_list.c @@ -7,7 +7,7 @@ #include #include -void arm_transfer_list_dyn_cfg_init(struct transfer_list_header *secure_tl) +void arm_transfer_list_dyn_cfg_init(struct transfer_list_header *tl) { struct transfer_list_entry *te; bl_mem_params_node_t *next_param_node = @@ -19,8 +19,7 @@ void arm_transfer_list_dyn_cfg_init(struct transfer_list_header *secure_tl) * mechanism. Pre-allocate a TE for the configuration and update the * load information so the configuration is loaded directly into the TE. */ - te = transfer_list_add(secure_tl, TL_TAG_FDT, PLAT_ARM_HW_CONFIG_SIZE, - NULL); + te = transfer_list_add(tl, TL_TAG_FDT, PLAT_ARM_HW_CONFIG_SIZE, NULL); assert(te != NULL); next_param_node->image_info.h.attr &= ~IMAGE_ATTRIB_SKIP_LOADING; @@ -30,7 +29,7 @@ void arm_transfer_list_dyn_cfg_init(struct transfer_list_header *secure_tl) } void arm_transfer_list_populate_ep_info(bl_mem_params_node_t *next_param_node, - struct transfer_list_header *secure_tl) + struct transfer_list_header *tl) { uint32_t next_exe_img_id; entry_point_info_t *ep; @@ -45,7 +44,7 @@ void arm_transfer_list_populate_ep_info(bl_mem_params_node_t *next_param_node, next_exe_img_id)]; assert(next_param_node != NULL); - te = transfer_list_add(secure_tl, TL_TAG_EXEC_EP_INFO64, + te = transfer_list_add(tl, TL_TAG_EXEC_EP_INFO64, sizeof(entry_point_info_t), &next_param_node->ep_info); assert(te != NULL); @@ -72,5 +71,5 @@ void arm_transfer_list_populate_ep_info(bl_mem_params_node_t *next_param_node, next_exe_img_id = next_param_node->next_handoff_image_id; } - flush_dcache_range((uintptr_t)secure_tl, secure_tl->size); + flush_dcache_range((uintptr_t)tl, tl->size); } From 0e932b8563b6e25ae5f233a789cd420e46ae9297 Mon Sep 17 00:00:00 2001 From: Harrison Mutai Date: Wed, 6 Nov 2024 14:21:00 +0000 Subject: [PATCH 5/8] feat(handoff): add Mbed-TLS heap info entry tag Update library to support XFERLIST_MBEDTLS_HEAP_INFO (tag = 0x105). This is an Arm-specific TE type that enables the location and size of the stack-based memory region used by Mbed-TLS as a heap to be passed via a transfer list. [1] https://firmwarehandoff.github.io/firmware_handoff/main/transfer_list.html#mbed-tls-heap-information-xferlist-mbedtls-heap-info Change-Id: I1d27b6b2d5a13101b7680b8a19e833354655cd30 Signed-off-by: Harrison Mutai --- include/lib/transfer_list.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/lib/transfer_list.h b/include/lib/transfer_list.h index 047b2d0ad..7a38e7095 100644 --- a/include/lib/transfer_list.h +++ b/include/lib/transfer_list.h @@ -61,6 +61,7 @@ enum transfer_list_tag_id { TL_TAG_EXEC_EP_INFO64 = 0x102, TL_TAG_TB_FW_CONFIG = 0x103, TL_TAG_SRAM_LAYOUT64 = 0x104, + TL_TAG_MBEDTLS_HEAP_INFO = 0x105, }; enum transfer_list_ops { From 24da55eef7f032a8b4957fd9eb53dc3b87d01997 Mon Sep 17 00:00:00 2001 From: Harrison Mutai Date: Wed, 6 Nov 2024 14:26:44 +0000 Subject: [PATCH 6/8] feat(mbedtls): introduce crypto lib heap info struct Add a struct to store information about the memory location of the heap, intended for use with cryptographic libraries such as Mbed-TLS. Change-Id: I42e6bbdbd3a353e01d70fb09b77edeef9498fd98 Signed-off-by: Harrison Mutai --- include/common/bl_common.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/include/common/bl_common.h b/include/common/bl_common.h index 647ae853b..2f065ec3c 100644 --- a/include/common/bl_common.h +++ b/include/common/bl_common.h @@ -167,6 +167,15 @@ typedef struct meminfo { size_t total_size; } meminfo_t; +/******************************************************************************* + * Structure used for conveying the location and size of the heap allocated for + * use by the cryptography library. + * *****************************************************************************/ +struct crypto_heap_info { + void *addr; + size_t size; +}; + /******************************************************************************* * Function & variable prototypes ******************************************************************************/ From ada4e59d166ab9fe7b039ed0f0b272398f71bdb9 Mon Sep 17 00:00:00 2001 From: Harrison Mutai Date: Tue, 28 May 2024 14:35:41 +0000 Subject: [PATCH 7/8] feat(arm): migrate heap info to fw handoff Mbed-TLS requires platforms to allocate it a heap for it's own internal usage. This heap is typically between shared by BL1 and BL2 to conserve memory.The base address and size of the heap are conveyed from BL1 to BL2 through the config TB_FW_CONFIG. This slightly awkward approach necessitates declaring a placeholder node in the DTS. At runtime, this node is populated with the actual values of the heap information. Instead, since this is dynamic information, and simple to represent through C structures, transmit it to later stages using the firmware handoff framework. With this migration, remove references to TB_FW_CONFIG when firmware handoff is enabled, as it is no longer needed. The setup code now relies solely on TL structures to configure the TB firmware Change-Id: Iff00dc742924a055b8bd304f15eec03ce3c6d1ef Signed-off-by: Harrison Mutai --- include/plat/arm/common/plat_arm.h | 5 ++++ plat/arm/board/fvp/platform.mk | 12 +++------ plat/arm/common/arm_bl1_setup.c | 37 +++++++++++---------------- plat/arm/common/arm_bl2_setup.c | 9 +++---- plat/arm/common/arm_dyn_cfg.c | 4 +-- plat/arm/common/arm_transfer_list.c | 39 +++++++++++++++++++++++++++++ 6 files changed, 69 insertions(+), 37 deletions(-) diff --git a/include/plat/arm/common/plat_arm.h b/include/plat/arm/common/plat_arm.h index 370c2385a..1d7a59df0 100644 --- a/include/plat/arm/common/plat_arm.h +++ b/include/plat/arm/common/plat_arm.h @@ -288,6 +288,11 @@ void arm_bl31_plat_arch_setup(void); void arm_transfer_list_dyn_cfg_init(struct transfer_list_header *secure_tl); void arm_transfer_list_populate_ep_info(bl_mem_params_node_t *next_param_node, struct transfer_list_header *secure_tl); +void arm_transfer_list_copy_hw_config(struct transfer_list_header *secure_tl, + struct transfer_list_header *ns_tl); +struct transfer_list_entry * +arm_transfer_list_set_heap_info(struct transfer_list_header *tl); +void arm_transfer_list_get_heap_info(void **heap_addr, size_t *heap_size); /* TSP utility functions */ void arm_tsp_early_platform_setup(void); diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk index 1340a6561..b673fdfba 100644 --- a/plat/arm/board/fvp/platform.mk +++ b/plat/arm/board/fvp/platform.mk @@ -338,17 +338,12 @@ endif # Add the FDT_SOURCES and options for Dynamic Config (only for Unix env) ifdef UNIX_MK -FVP_TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb FVP_HW_CONFIG_DTS := fdts/${FVP_DT_PREFIX}.dts FDT_SOURCES += ${FVP_HW_CONFIG_DTS} $(eval FVP_HW_CONFIG := ${BUILD_PLAT}/$(patsubst %.dts,%.dtb,$(FVP_HW_CONFIG_DTS))) -ifeq (${TRANSFER_LIST}, 1) -FDT_SOURCES += $(addprefix plat/arm/board/fvp/fdts/, \ - ${PLAT}_tb_fw_config.dts \ - ) -else +ifeq (${TRANSFER_LIST}, 0) FDT_SOURCES += $(addprefix plat/arm/board/fvp/fdts/, \ ${PLAT}_fw_config.dts \ ${PLAT}_tb_fw_config.dts \ @@ -356,6 +351,7 @@ FDT_SOURCES += $(addprefix plat/arm/board/fvp/fdts/, \ ${PLAT}_nt_fw_config.dts \ ) +FVP_TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb FVP_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb FVP_SOC_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_soc_fw_config.dtb FVP_NT_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_nt_fw_config.dtb @@ -387,10 +383,10 @@ $(eval $(call TOOL_ADD_PAYLOAD,${FVP_FW_CONFIG},--fw-config,${FVP_FW_CONFIG})) $(eval $(call TOOL_ADD_PAYLOAD,${FVP_SOC_FW_CONFIG},--soc-fw-config,${FVP_SOC_FW_CONFIG})) # Add the NT_FW_CONFIG to FIP and specify the same to certtool $(eval $(call TOOL_ADD_PAYLOAD,${FVP_NT_FW_CONFIG},--nt-fw-config,${FVP_NT_FW_CONFIG})) -endif - # Add the TB_FW_CONFIG to FIP and specify the same to certtool $(eval $(call TOOL_ADD_PAYLOAD,${FVP_TB_FW_CONFIG},--tb-fw-config,${FVP_TB_FW_CONFIG})) +endif + # Add the HW_CONFIG to FIP and specify the same to certtool $(eval $(call TOOL_ADD_PAYLOAD,${FVP_HW_CONFIG},--hw-config,${FVP_HW_CONFIG})) endif diff --git a/plat/arm/common/arm_bl1_setup.c b/plat/arm/common/arm_bl1_setup.c index 6b66be582..b8e502760 100644 --- a/plat/arm/common/arm_bl1_setup.c +++ b/plat/arm/common/arm_bl1_setup.c @@ -162,7 +162,7 @@ void arm_bl1_platform_setup(void) image_desc_t *desc; - int err = -1; + int err __unused = 1; /* Initialise the IO layer and register platform IO devices */ plat_arm_io_setup(); @@ -175,27 +175,24 @@ void arm_bl1_platform_setup(void) } #if TRANSFER_LIST - te = transfer_list_add(secure_tl, TL_TAG_TB_FW_CONFIG, - ARM_TB_FW_CONFIG_MAX_SIZE, NULL); +#if CRYPTO_SUPPORT + te = transfer_list_add(secure_tl, TL_TAG_MBEDTLS_HEAP_INFO, + sizeof(struct crypto_heap_info), NULL); assert(te != NULL); + struct crypto_heap_info *heap_info = + (struct crypto_heap_info *)transfer_list_entry_data(te); + arm_get_mbedtls_heap(&heap_info->addr, &heap_info->size); +#endif /* CRYPTO_SUPPORT */ + + desc = bl1_plat_get_image_desc(BL2_IMAGE_ID); + /* - * Set the load address of TB_FW_CONFIG in the data section of the TE just - * allocated in the secure transfer list. + * The event log might have been updated prior to this, make sure we have an + * up to date tl before setting the handoff arguments. */ - SET_PARAM_HEAD(&config_image_info, PARAM_IMAGE_BINARY, VERSION_2, 0); - config_image_info.image_base = (uintptr_t)transfer_list_entry_data(te); - config_image_info.image_max_size = te->data_size; - - VERBOSE("FCONF: Loading config with image ID: %u\n", TB_FW_CONFIG_ID); - err = load_auth_image(TB_FW_CONFIG_ID, &config_image_info); - if (err != 0) { - VERBOSE("Failed to load config %u\n", TB_FW_CONFIG_ID); - plat_error_handler(err); - } - transfer_list_update_checksum(secure_tl); - fconf_populate("TB_FW", (uintptr_t)transfer_list_entry_data(te)); + transfer_list_set_handoff_args(secure_tl, &desc->ep_info); #else /* Set global DTB info for fixed fw_config information */ fw_config_max_size = ARM_FW_CONFIG_LIMIT - ARM_FW_CONFIG_BASE; @@ -230,22 +227,18 @@ void arm_bl1_platform_setup(void) ERROR("Invalid FW_CONFIG address\n"); plat_error_handler(err); } -#endif /* TRANSFER_LIST */ desc = bl1_plat_get_image_desc(BL2_IMAGE_ID); -#if TRANSFER_LIST - transfer_list_set_handoff_args(secure_tl, &desc->ep_info); -#else /* The BL2 ep_info arg0 is modified to point to FW_CONFIG */ assert(desc != NULL); desc->ep_info.args.arg0 = config_info->config_addr; -#endif /* TRANSFER_LIST */ #if CRYPTO_SUPPORT /* Share the Mbed TLS heap info with other images */ arm_bl1_set_mbedtls_heap(); #endif /* CRYPTO_SUPPORT */ +#endif /* TRANSFER_LIST */ /* * Allow access to the System counter timer module and program diff --git a/plat/arm/common/arm_bl2_setup.c b/plat/arm/common/arm_bl2_setup.c index 63bf9577e..07b3b6203 100644 --- a/plat/arm/common/arm_bl2_setup.c +++ b/plat/arm/common/arm_bl2_setup.c @@ -230,11 +230,10 @@ void bl2_plat_arch_setup(void) arm_bl2_plat_arch_setup(); #if TRANSFER_LIST - te = transfer_list_find(secure_tl, TL_TAG_TB_FW_CONFIG); - assert(te != NULL); - - fconf_populate("TB_FW", (uintptr_t)transfer_list_entry_data(te)); +#if CRYPTO_SUPPORT + te = arm_transfer_list_set_heap_info(secure_tl); transfer_list_rem(secure_tl, te); +#endif /* CRYPTO_SUPPORT */ #else /* Fill the properties struct with the info from the config dtb */ fconf_populate("FW_CONFIG", config_base); @@ -244,7 +243,7 @@ void bl2_plat_arch_setup(void) assert(tb_fw_config_info != NULL); fconf_populate("TB_FW", tb_fw_config_info->config_addr); -#endif +#endif /* TRANSFER_LIST */ } int arm_bl2_handle_post_image_load(unsigned int image_id) diff --git a/plat/arm/common/arm_dyn_cfg.c b/plat/arm/common/arm_dyn_cfg.c index 18ab5be80..a827f050c 100644 --- a/plat/arm/common/arm_dyn_cfg.c +++ b/plat/arm/common/arm_dyn_cfg.c @@ -23,7 +23,7 @@ #include #include -#if CRYPTO_SUPPORT +#if CRYPTO_SUPPORT && !TRANSFER_LIST static void *mbedtls_heap_addr; static size_t mbedtls_heap_size; @@ -118,7 +118,7 @@ void arm_bl1_set_mbedtls_heap(void) #endif /* !MEASURED_BOOT */ } } -#endif /* CRYPTO_SUPPORT */ +#endif /* CRYPTO_SUPPORT && !TRANSFER_LIST */ #if IMAGE_BL2 /* diff --git a/plat/arm/common/arm_transfer_list.c b/plat/arm/common/arm_transfer_list.c index 3f8460da3..6847591f3 100644 --- a/plat/arm/common/arm_transfer_list.c +++ b/plat/arm/common/arm_transfer_list.c @@ -4,9 +4,48 @@ * SPDX-License-Identifier: BSD-3-Clause */ +#if CRYPTO_SUPPORT +#include +#endif /* CRYPTO_SUPPORT */ + #include #include +#if CRYPTO_SUPPORT +#if defined(IMAGE_BL1) || RESET_TO_BL2 || defined(IMAGE_BL31) +static unsigned char heap[TF_MBEDTLS_HEAP_SIZE]; + +#define MBEDTLS_HEAP_ADDR heap +#define MBEDTLS_HEAP_SIZE sizeof(heap) +#else +static struct crypto_heap_info heap_info; + +#define MBEDTLS_HEAP_ADDR heap_info.addr +#define MBEDTLS_HEAP_SIZE heap_info.size + +struct transfer_list_entry * +arm_transfer_list_set_heap_info(struct transfer_list_header *tl) +{ + struct transfer_list_entry *te = + transfer_list_find(tl, TL_TAG_MBEDTLS_HEAP_INFO); + assert(te != NULL); + + heap_info = *(struct crypto_heap_info *)transfer_list_entry_data(te); + return te; +} +#endif /* defined(IMAGE_BL1) || RESET_TO_BL2 || defined(IMAGE_BL31) */ + +int __init arm_get_mbedtls_heap(void **heap_addr, size_t *heap_size) +{ + assert(heap_addr != NULL); + assert(heap_size != NULL); + *heap_addr = MBEDTLS_HEAP_ADDR; + *heap_size = MBEDTLS_HEAP_SIZE; + + return 0; +} +#endif /* CRYPTO_SUPPORT */ + void arm_transfer_list_dyn_cfg_init(struct transfer_list_header *tl) { struct transfer_list_entry *te; From 18be2dbe001162b424e52072dee74c9b7613a4f2 Mon Sep 17 00:00:00 2001 From: Harrison Mutai Date: Wed, 4 Dec 2024 10:36:29 +0000 Subject: [PATCH 8/8] fix(handoff): remove XFERLIST_TB_FW_CONFIG Remove XFERLIST_TB_FW_CONFIG as the corresponding patch to add it to the specification [1] has been abandoned and there are no plans for it to be merged, with the information it contains being moved to a transfer list instead. [1] https://github.com/FirmwareHandoff/firmware_handoff/pull/37 Change-Id: If4a21d56b87bafc2f4894beefd73ac51e36e6571 Signed-off-by: Harrison Mutai --- include/lib/transfer_list.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/lib/transfer_list.h b/include/lib/transfer_list.h index 7a38e7095..7b66a5e05 100644 --- a/include/lib/transfer_list.h +++ b/include/lib/transfer_list.h @@ -59,7 +59,6 @@ enum transfer_list_tag_id { TL_TAG_OPTEE_PAGABLE_PART = 0x100, TL_TAG_DT_SPMC_MANIFEST = 0x101, TL_TAG_EXEC_EP_INFO64 = 0x102, - TL_TAG_TB_FW_CONFIG = 0x103, TL_TAG_SRAM_LAYOUT64 = 0x104, TL_TAG_MBEDTLS_HEAP_INFO = 0x105, };