1 /*
2 * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8 #include <string.h>
9
10 #include <platform_def.h>
11
12 #include <common/bl_common.h>
13 #include <common/debug.h>
14 #include <common/desc_image_load.h>
15 #include <common/uuid.h>
16 #include <drivers/io/io_driver.h>
17 #include <drivers/io/io_encrypted.h>
18 #include <drivers/io/io_fip.h>
19 #include <drivers/io/io_memmap.h>
20 #include <drivers/io/io_semihosting.h>
21 #include <drivers/io/io_storage.h>
22 #include <lib/semihosting.h>
23 #include <tools_share/firmware_image_package.h>
24
25 #include "qemu_private.h"
26
27 /* Semihosting filenames */
28 #define BL2_IMAGE_NAME "bl2.bin"
29 #define BL31_IMAGE_NAME "bl31.bin"
30 #define BL32_IMAGE_NAME "bl32.bin"
31 #define TB_FW_CONFIG_NAME "tb_fw_config.dtb"
32 #define TOS_FW_CONFIG_NAME "tos_fw_config.dtb"
33 #define BL32_EXTRA1_IMAGE_NAME "bl32_extra1.bin"
34 #define BL32_EXTRA2_IMAGE_NAME "bl32_extra2.bin"
35 #define BL33_IMAGE_NAME "bl33.bin"
36 #define RMM_IMAGE_NAME "rmm.bin"
37
38 #if TRUSTED_BOARD_BOOT
39 #define TRUSTED_BOOT_FW_CERT_NAME "tb_fw.crt"
40 #define TRUSTED_KEY_CERT_NAME "trusted_key.crt"
41 #define SOC_FW_KEY_CERT_NAME "soc_fw_key.crt"
42 #define TOS_FW_KEY_CERT_NAME "tos_fw_key.crt"
43 #define NT_FW_KEY_CERT_NAME "nt_fw_key.crt"
44 #define SOC_FW_CONTENT_CERT_NAME "soc_fw_content.crt"
45 #define TOS_FW_CONTENT_CERT_NAME "tos_fw_content.crt"
46 #define NT_FW_CONTENT_CERT_NAME "nt_fw_content.crt"
47 #endif /* TRUSTED_BOARD_BOOT */
48
49
50
51 /* IO devices */
52 static const io_dev_connector_t *fip_dev_con;
53 static uintptr_t fip_dev_handle;
54 static const io_dev_connector_t *memmap_dev_con;
55 static uintptr_t memmap_dev_handle;
56 static const io_dev_connector_t *sh_dev_con;
57 static uintptr_t sh_dev_handle;
58 #ifndef DECRYPTION_SUPPORT_none
59 static const io_dev_connector_t *enc_dev_con;
60 static uintptr_t enc_dev_handle;
61 #endif
62
63 static const io_block_spec_t fip_block_spec = {
64 .offset = PLAT_QEMU_FIP_BASE,
65 .length = PLAT_QEMU_FIP_MAX_SIZE
66 };
67
68 static const io_uuid_spec_t bl2_uuid_spec = {
69 .uuid = UUID_TRUSTED_BOOT_FIRMWARE_BL2,
70 };
71
72 static const io_uuid_spec_t bl31_uuid_spec = {
73 .uuid = UUID_EL3_RUNTIME_FIRMWARE_BL31,
74 };
75
76 static const io_uuid_spec_t bl32_uuid_spec = {
77 .uuid = UUID_SECURE_PAYLOAD_BL32,
78 };
79
80 static const io_uuid_spec_t bl32_extra1_uuid_spec = {
81 .uuid = UUID_SECURE_PAYLOAD_BL32_EXTRA1,
82 };
83
84 static const io_uuid_spec_t bl32_extra2_uuid_spec = {
85 .uuid = UUID_SECURE_PAYLOAD_BL32_EXTRA2,
86 };
87
88 static const io_uuid_spec_t tb_fw_config_uuid_spec = {
89 .uuid = UUID_TB_FW_CONFIG,
90 };
91
92 static const io_uuid_spec_t tos_fw_config_uuid_spec = {
93 .uuid = UUID_TOS_FW_CONFIG,
94 };
95
96 static const io_uuid_spec_t bl33_uuid_spec = {
97 .uuid = UUID_NON_TRUSTED_FIRMWARE_BL33,
98 };
99
100 static const io_uuid_spec_t rmm_uuid_spec = {
101 .uuid = UUID_REALM_MONITOR_MGMT_FIRMWARE,
102 };
103
104 #if TRUSTED_BOARD_BOOT
105 static const io_uuid_spec_t tb_fw_cert_uuid_spec = {
106 .uuid = UUID_TRUSTED_BOOT_FW_CERT,
107 };
108
109 static const io_uuid_spec_t trusted_key_cert_uuid_spec = {
110 .uuid = UUID_TRUSTED_KEY_CERT,
111 };
112
113 static const io_uuid_spec_t soc_fw_key_cert_uuid_spec = {
114 .uuid = UUID_SOC_FW_KEY_CERT,
115 };
116
117 static const io_uuid_spec_t tos_fw_key_cert_uuid_spec = {
118 .uuid = UUID_TRUSTED_OS_FW_KEY_CERT,
119 };
120
121 static const io_uuid_spec_t nt_fw_key_cert_uuid_spec = {
122 .uuid = UUID_NON_TRUSTED_FW_KEY_CERT,
123 };
124
125 static const io_uuid_spec_t soc_fw_cert_uuid_spec = {
126 .uuid = UUID_SOC_FW_CONTENT_CERT,
127 };
128
129 static const io_uuid_spec_t tos_fw_cert_uuid_spec = {
130 .uuid = UUID_TRUSTED_OS_FW_CONTENT_CERT,
131 };
132
133 static const io_uuid_spec_t nt_fw_cert_uuid_spec = {
134 .uuid = UUID_NON_TRUSTED_FW_CONTENT_CERT,
135 };
136 #endif /* TRUSTED_BOARD_BOOT */
137
138 static const io_file_spec_t sh_file_spec[] = {
139 [BL2_IMAGE_ID] = {
140 .path = BL2_IMAGE_NAME,
141 .mode = FOPEN_MODE_RB
142 },
143 [BL31_IMAGE_ID] = {
144 .path = BL31_IMAGE_NAME,
145 .mode = FOPEN_MODE_RB
146 },
147 [BL32_IMAGE_ID] = {
148 .path = BL32_IMAGE_NAME,
149 .mode = FOPEN_MODE_RB
150 },
151 [BL32_EXTRA1_IMAGE_ID] = {
152 .path = BL32_EXTRA1_IMAGE_NAME,
153 .mode = FOPEN_MODE_RB
154 },
155 [BL32_EXTRA2_IMAGE_ID] = {
156 .path = BL32_EXTRA2_IMAGE_NAME,
157 .mode = FOPEN_MODE_RB
158 },
159 [TB_FW_CONFIG_ID] = {
160 .path = TB_FW_CONFIG_NAME,
161 .mode = FOPEN_MODE_RB
162 },
163 [TOS_FW_CONFIG_ID] = {
164 .path = TOS_FW_CONFIG_NAME,
165 .mode = FOPEN_MODE_RB
166 },
167 [BL33_IMAGE_ID] = {
168 .path = BL33_IMAGE_NAME,
169 .mode = FOPEN_MODE_RB
170 },
171 [RMM_IMAGE_ID] = {
172 .path = RMM_IMAGE_NAME,
173 .mode = FOPEN_MODE_RB
174 },
175 #if TRUSTED_BOARD_BOOT
176 [TRUSTED_BOOT_FW_CERT_ID] = {
177 .path = TRUSTED_BOOT_FW_CERT_NAME,
178 .mode = FOPEN_MODE_RB
179 },
180 [TRUSTED_KEY_CERT_ID] = {
181 .path = TRUSTED_KEY_CERT_NAME,
182 .mode = FOPEN_MODE_RB
183 },
184 [SOC_FW_KEY_CERT_ID] = {
185 .path = SOC_FW_KEY_CERT_NAME,
186 .mode = FOPEN_MODE_RB
187 },
188 [TRUSTED_OS_FW_KEY_CERT_ID] = {
189 .path = TOS_FW_KEY_CERT_NAME,
190 .mode = FOPEN_MODE_RB
191 },
192 [NON_TRUSTED_FW_KEY_CERT_ID] = {
193 .path = NT_FW_KEY_CERT_NAME,
194 .mode = FOPEN_MODE_RB
195 },
196 [SOC_FW_CONTENT_CERT_ID] = {
197 .path = SOC_FW_CONTENT_CERT_NAME,
198 .mode = FOPEN_MODE_RB
199 },
200 [TRUSTED_OS_FW_CONTENT_CERT_ID] = {
201 .path = TOS_FW_CONTENT_CERT_NAME,
202 .mode = FOPEN_MODE_RB
203 },
204 [NON_TRUSTED_FW_CONTENT_CERT_ID] = {
205 .path = NT_FW_CONTENT_CERT_NAME,
206 .mode = FOPEN_MODE_RB
207 },
208 #endif /* TRUSTED_BOARD_BOOT */
209 };
210
211 static int open_fip(const uintptr_t spec);
212 static int open_memmap(const uintptr_t spec);
213 #ifndef DECRYPTION_SUPPORT_none
214 static int open_enc_fip(const uintptr_t spec);
215 #endif
216
217 struct plat_io_policy {
218 uintptr_t *dev_handle;
219 uintptr_t image_spec;
220 int (*check)(const uintptr_t spec);
221 };
222
223 /* By default, ARM platforms load images from the FIP */
224 static const struct plat_io_policy policies[] = {
225 [FIP_IMAGE_ID] = {
226 &memmap_dev_handle,
227 (uintptr_t)&fip_block_spec,
228 open_memmap
229 },
230 [ENC_IMAGE_ID] = {
231 &fip_dev_handle,
232 (uintptr_t)NULL,
233 open_fip
234 },
235 [BL2_IMAGE_ID] = {
236 &fip_dev_handle,
237 (uintptr_t)&bl2_uuid_spec,
238 open_fip
239 },
240 #if ENCRYPT_BL31 && !defined(DECRYPTION_SUPPORT_none)
241 [BL31_IMAGE_ID] = {
242 &enc_dev_handle,
243 (uintptr_t)&bl31_uuid_spec,
244 open_enc_fip
245 },
246 #else
247 [BL31_IMAGE_ID] = {
248 &fip_dev_handle,
249 (uintptr_t)&bl31_uuid_spec,
250 open_fip
251 },
252 #endif
253 #if ENCRYPT_BL32 && !defined(DECRYPTION_SUPPORT_none)
254 [BL32_IMAGE_ID] = {
255 &enc_dev_handle,
256 (uintptr_t)&bl32_uuid_spec,
257 open_enc_fip
258 },
259 [BL32_EXTRA1_IMAGE_ID] = {
260 &enc_dev_handle,
261 (uintptr_t)&bl32_extra1_uuid_spec,
262 open_enc_fip
263 },
264 [BL32_EXTRA2_IMAGE_ID] = {
265 &enc_dev_handle,
266 (uintptr_t)&bl32_extra2_uuid_spec,
267 open_enc_fip
268 },
269 #else
270 [BL32_IMAGE_ID] = {
271 &fip_dev_handle,
272 (uintptr_t)&bl32_uuid_spec,
273 open_fip
274 },
275 [BL32_EXTRA1_IMAGE_ID] = {
276 &fip_dev_handle,
277 (uintptr_t)&bl32_extra1_uuid_spec,
278 open_fip
279 },
280 [BL32_EXTRA2_IMAGE_ID] = {
281 &fip_dev_handle,
282 (uintptr_t)&bl32_extra2_uuid_spec,
283 open_fip
284 },
285 #endif
286 [TB_FW_CONFIG_ID] = {
287 &fip_dev_handle,
288 (uintptr_t)&tb_fw_config_uuid_spec,
289 open_fip
290 },
291 [TOS_FW_CONFIG_ID] = {
292 &fip_dev_handle,
293 (uintptr_t)&tos_fw_config_uuid_spec,
294 open_fip
295 },
296 [BL33_IMAGE_ID] = {
297 &fip_dev_handle,
298 (uintptr_t)&bl33_uuid_spec,
299 open_fip
300 },
301 [RMM_IMAGE_ID] = {
302 &fip_dev_handle,
303 (uintptr_t)&rmm_uuid_spec,
304 open_fip
305 },
306
307 #if TRUSTED_BOARD_BOOT
308 [TRUSTED_BOOT_FW_CERT_ID] = {
309 &fip_dev_handle,
310 (uintptr_t)&tb_fw_cert_uuid_spec,
311 open_fip
312 },
313 [TRUSTED_KEY_CERT_ID] = {
314 &fip_dev_handle,
315 (uintptr_t)&trusted_key_cert_uuid_spec,
316 open_fip
317 },
318 [SOC_FW_KEY_CERT_ID] = {
319 &fip_dev_handle,
320 (uintptr_t)&soc_fw_key_cert_uuid_spec,
321 open_fip
322 },
323 [TRUSTED_OS_FW_KEY_CERT_ID] = {
324 &fip_dev_handle,
325 (uintptr_t)&tos_fw_key_cert_uuid_spec,
326 open_fip
327 },
328 [NON_TRUSTED_FW_KEY_CERT_ID] = {
329 &fip_dev_handle,
330 (uintptr_t)&nt_fw_key_cert_uuid_spec,
331 open_fip
332 },
333 [SOC_FW_CONTENT_CERT_ID] = {
334 &fip_dev_handle,
335 (uintptr_t)&soc_fw_cert_uuid_spec,
336 open_fip
337 },
338 [TRUSTED_OS_FW_CONTENT_CERT_ID] = {
339 &fip_dev_handle,
340 (uintptr_t)&tos_fw_cert_uuid_spec,
341 open_fip
342 },
343 [NON_TRUSTED_FW_CONTENT_CERT_ID] = {
344 &fip_dev_handle,
345 (uintptr_t)&nt_fw_cert_uuid_spec,
346 open_fip
347 },
348 #endif /* TRUSTED_BOARD_BOOT */
349 };
350
351 #if defined(SPD_spmd)
352 static struct sp_pkg {
353 struct plat_io_policy policy;
354 io_file_spec_t sh_file_spec;
355 uint8_t uuid[UUID_BYTES_LENGTH];
356 char path[80];
357 } sp_pkgs[MAX_SP_IDS];
358 static unsigned int sp_pkg_count;
359
qemu_io_register_sp_pkg(const char * name,const char * uuid,uintptr_t load_addr)360 int qemu_io_register_sp_pkg(const char *name, const char *uuid,
361 uintptr_t load_addr)
362 {
363 struct sp_pkg *pkg;
364 bl_mem_params_node_t *mem_params;
365
366 if (sp_pkg_count == MAX_SP_IDS) {
367 INFO("Reached Max number of SPs\n");
368 return -1;
369 }
370 mem_params = get_bl_mem_params_node(SP_PKG1_ID + sp_pkg_count);
371 if (mem_params == NULL) {
372 ERROR("Can't find SP_PKG ID %u (SP_PKG%u_ID)\n",
373 SP_PKG1_ID + sp_pkg_count, sp_pkg_count);
374 return -1;
375 }
376 pkg = sp_pkgs + sp_pkg_count;
377
378 if (read_uuid(pkg->uuid, (char *)uuid)) {
379 return -1;
380 }
381
382 strlcpy(pkg->path, name, sizeof(pkg->path));
383 strlcat(pkg->path, ".pkg", sizeof(pkg->path));
384
385 pkg->policy.dev_handle = &fip_dev_handle;
386 pkg->policy.image_spec = (uintptr_t)&pkg->uuid;
387 pkg->policy.check = open_fip;
388 pkg->sh_file_spec.path = pkg->path;
389 pkg->sh_file_spec.mode = FOPEN_MODE_RB;
390
391 mem_params->image_info.image_base = load_addr;
392 mem_params->image_info.image_max_size = SZ_128M;
393 mem_params->image_info.h.attr &= ~IMAGE_ATTRIB_SKIP_LOADING;
394
395 sp_pkg_count++;
396
397 return 0;
398 }
399 #endif /*SPD_spmd*/
400
get_io_file_spec(unsigned int image_id)401 static const io_file_spec_t *get_io_file_spec(unsigned int image_id)
402 {
403 #if defined(SPD_spmd)
404 if (image_id >= SP_PKG1_ID && image_id <= SP_PKG8_ID) {
405 return &sp_pkgs[image_id - SP_PKG1_ID].sh_file_spec;
406 }
407 #endif
408
409 assert(image_id < ARRAY_SIZE(sh_file_spec));
410 return &sh_file_spec[image_id];
411 }
412
get_io_policy(unsigned int image_id)413 static const struct plat_io_policy *get_io_policy(unsigned int image_id)
414 {
415 #if defined(SPD_spmd)
416 if (image_id >= SP_PKG1_ID && image_id <= SP_PKG8_ID) {
417 return &sp_pkgs[image_id - SP_PKG1_ID].policy;
418 }
419 #endif
420
421 assert(image_id < ARRAY_SIZE(policies));
422 return &policies[image_id];
423 }
424
open_fip(const uintptr_t spec)425 static int open_fip(const uintptr_t spec)
426 {
427 int result;
428 uintptr_t local_image_handle;
429
430 /* See if a Firmware Image Package is available */
431 result = io_dev_init(fip_dev_handle, (uintptr_t)FIP_IMAGE_ID);
432 if (result == 0 && spec != (uintptr_t)NULL) {
433 result = io_open(fip_dev_handle, spec, &local_image_handle);
434 if (result == 0) {
435 VERBOSE("Using FIP\n");
436 io_close(local_image_handle);
437 }
438 }
439 return result;
440 }
441
442 #ifndef DECRYPTION_SUPPORT_none
open_enc_fip(const uintptr_t spec)443 static int open_enc_fip(const uintptr_t spec)
444 {
445 int result;
446 uintptr_t local_image_handle;
447
448 /* See if an encrypted FIP is available */
449 result = io_dev_init(enc_dev_handle, (uintptr_t)ENC_IMAGE_ID);
450 if (result == 0) {
451 result = io_open(enc_dev_handle, spec, &local_image_handle);
452 if (result == 0) {
453 VERBOSE("Using encrypted FIP\n");
454 io_close(local_image_handle);
455 }
456 }
457 return result;
458 }
459 #endif
460
open_memmap(const uintptr_t spec)461 static int open_memmap(const uintptr_t spec)
462 {
463 int result;
464 uintptr_t local_image_handle;
465
466 result = io_dev_init(memmap_dev_handle, (uintptr_t)NULL);
467 if (result == 0) {
468 result = io_open(memmap_dev_handle, spec, &local_image_handle);
469 if (result == 0) {
470 VERBOSE("Using Memmap\n");
471 io_close(local_image_handle);
472 }
473 }
474 return result;
475 }
476
open_semihosting(const uintptr_t spec)477 static int open_semihosting(const uintptr_t spec)
478 {
479 int result;
480 uintptr_t local_image_handle;
481
482 /* See if the file exists on semi-hosting.*/
483 result = io_dev_init(sh_dev_handle, (uintptr_t)NULL);
484 if (result == 0) {
485 result = io_open(sh_dev_handle, spec, &local_image_handle);
486 if (result == 0) {
487 VERBOSE("Using Semi-hosting IO\n");
488 io_close(local_image_handle);
489 }
490 }
491 return result;
492 }
493
plat_qemu_io_setup(void)494 void plat_qemu_io_setup(void)
495 {
496 int io_result;
497
498 io_result = register_io_dev_fip(&fip_dev_con);
499 assert(io_result == 0);
500
501 io_result = register_io_dev_memmap(&memmap_dev_con);
502 assert(io_result == 0);
503
504 /* Open connections to devices and cache the handles */
505 io_result = io_dev_open(fip_dev_con, (uintptr_t)NULL,
506 &fip_dev_handle);
507 assert(io_result == 0);
508
509 io_result = io_dev_open(memmap_dev_con, (uintptr_t)NULL,
510 &memmap_dev_handle);
511 assert(io_result == 0);
512
513 #ifndef DECRYPTION_SUPPORT_none
514 io_result = register_io_dev_enc(&enc_dev_con);
515 assert(io_result == 0);
516
517 io_result = io_dev_open(enc_dev_con, (uintptr_t)NULL,
518 &enc_dev_handle);
519 assert(io_result == 0);
520 #endif
521
522 /* Register the additional IO devices on this platform */
523 io_result = register_io_dev_sh(&sh_dev_con);
524 assert(io_result == 0);
525
526 /* Open connections to devices and cache the handles */
527 io_result = io_dev_open(sh_dev_con, (uintptr_t)NULL, &sh_dev_handle);
528 assert(io_result == 0);
529
530 /* Ignore improbable errors in release builds */
531 (void)io_result;
532 }
533
get_alt_image_source(unsigned int image_id,uintptr_t * dev_handle,uintptr_t * image_spec)534 static int get_alt_image_source(unsigned int image_id, uintptr_t *dev_handle,
535 uintptr_t *image_spec)
536 {
537 const io_file_spec_t *spec = get_io_file_spec(image_id);
538 int result;
539
540 result = open_semihosting((const uintptr_t)spec);
541 if (result == 0) {
542 *dev_handle = sh_dev_handle;
543 *image_spec = (uintptr_t)spec;
544 }
545
546 return result;
547 }
548
549 /*
550 * Return an IO device handle and specification which can be used to access
551 * an image. Use this to enforce platform load policy
552 */
plat_get_image_source(unsigned int image_id,uintptr_t * dev_handle,uintptr_t * image_spec)553 int plat_get_image_source(unsigned int image_id, uintptr_t *dev_handle,
554 uintptr_t *image_spec)
555 {
556 const struct plat_io_policy *policy = get_io_policy(image_id);
557 int result;
558
559 result = policy->check(policy->image_spec);
560 if (result == 0) {
561 *image_spec = policy->image_spec;
562 *dev_handle = *(policy->dev_handle);
563 } else {
564 VERBOSE("Trying alternative IO\n");
565 result = get_alt_image_source(image_id, dev_handle, image_spec);
566 }
567
568 return result;
569 }
570