1 /*
2 * Copyright (c) 2014, ARM Limited and Contributors. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
6 *
7 * Redistributions of source code must retain the above copyright notice, this
8 * list of conditions and the following disclaimer.
9 *
10 * Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 *
14 * Neither the name of ARM nor the names of its contributors may be used
15 * to endorse or promote products derived from this software without specific
16 * prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28 * POSSIBILITY OF SUCH DAMAGE.
29 */
30
31 #include <assert.h>
32 #include <bl_common.h>
33 #include <debug.h>
34 #include <errno.h>
35 #include <firmware_image_package.h>
36 #include <io_driver.h>
37 #include <io_fip.h>
38 #include <io_storage.h>
39 #include <platform.h>
40 #include <platform_def.h>
41 #include <stdint.h>
42 #include <string.h>
43 #include <uuid.h>
44
45 /* Useful for printing UUIDs when debugging.*/
46 #define PRINT_UUID2(x) \
47 "%08x-%04hx-%04hx-%02hhx%02hhx-%02hhx%02hhx%02hhx%02hhx%02hhx%02hhx", \
48 x.time_low, x.time_mid, x.time_hi_and_version, \
49 x.clock_seq_hi_and_reserved, x.clock_seq_low, \
50 x.node[0], x.node[1], x.node[2], x.node[3], \
51 x.node[4], x.node[5]
52
53 typedef struct {
54 const char *name;
55 const uuid_t uuid;
56 } plat_fip_name_uuid_t;
57
58 typedef struct {
59 /* Put file_pos above the struct to allow {0} on static init.
60 * It is a workaround for a known bug in GCC
61 * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53119
62 */
63 unsigned int file_pos;
64 fip_toc_entry_t entry;
65 } file_state_t;
66
67 static const plat_fip_name_uuid_t name_uuid[] = {
68 {BL2_IMAGE_NAME, UUID_TRUSTED_BOOT_FIRMWARE_BL2},
69 #ifdef BL30_IMAGE_NAME
70 /* BL3-0 is optional in the platform */
71 {BL30_IMAGE_NAME, UUID_SCP_FIRMWARE_BL30},
72 #endif /* BL30_IMAGE_NAME */
73 {BL31_IMAGE_NAME, UUID_EL3_RUNTIME_FIRMWARE_BL31},
74 #ifdef BL32_IMAGE_NAME
75 /* BL3-2 is optional in the platform */
76 {BL32_IMAGE_NAME, UUID_SECURE_PAYLOAD_BL32},
77 #endif /* BL32_IMAGE_NAME */
78 {BL33_IMAGE_NAME, UUID_NON_TRUSTED_FIRMWARE_BL33},
79 #if TRUSTED_BOARD_BOOT
80 /* Certificates */
81 {BL2_CERT_NAME, UUID_TRUSTED_BOOT_FIRMWARE_BL2_CERT},
82 {TRUSTED_KEY_CERT_NAME, UUID_TRUSTED_KEY_CERT},
83 #ifdef BL30_KEY_CERT_NAME
84 {BL30_KEY_CERT_NAME, UUID_SCP_FIRMWARE_BL30_KEY_CERT},
85 #endif
86 {BL31_KEY_CERT_NAME, UUID_EL3_RUNTIME_FIRMWARE_BL31_KEY_CERT},
87 {BL32_KEY_CERT_NAME, UUID_SECURE_PAYLOAD_BL32_KEY_CERT},
88 {BL33_KEY_CERT_NAME, UUID_NON_TRUSTED_FIRMWARE_BL33_KEY_CERT},
89 #ifdef BL30_CERT_NAME
90 {BL30_CERT_NAME, UUID_SCP_FIRMWARE_BL30_CERT},
91 #endif
92 {BL31_CERT_NAME, UUID_EL3_RUNTIME_FIRMWARE_BL31_CERT},
93 {BL32_CERT_NAME, UUID_SECURE_PAYLOAD_BL32_CERT},
94 {BL33_CERT_NAME, UUID_NON_TRUSTED_FIRMWARE_BL33_CERT},
95 #endif /* TRUSTED_BOARD_BOOT */
96 };
97
98 static const uuid_t uuid_null = {0};
99 static file_state_t current_file = {0};
100 static uintptr_t backend_dev_handle;
101 static uintptr_t backend_image_spec;
102
103
104 /* Firmware Image Package driver functions */
105 static int fip_dev_open(const uintptr_t dev_spec, io_dev_info_t **dev_info);
106 static int fip_file_open(io_dev_info_t *dev_info, const uintptr_t spec,
107 io_entity_t *entity);
108 static int fip_file_len(io_entity_t *entity, size_t *length);
109 static int fip_file_read(io_entity_t *entity, uintptr_t buffer, size_t length,
110 size_t *length_read);
111 static int fip_file_close(io_entity_t *entity);
112 static int fip_dev_init(io_dev_info_t *dev_info, const uintptr_t init_params);
113 static int fip_dev_close(io_dev_info_t *dev_info);
114
115
copy_uuid(uuid_t * dst,const uuid_t * src)116 static inline int copy_uuid(uuid_t *dst, const uuid_t *src)
117 {
118 memcpy(dst, src, sizeof(uuid_t));
119 return 0;
120 }
121
122
123 /* Return 0 for equal uuids. */
compare_uuids(const uuid_t * uuid1,const uuid_t * uuid2)124 static inline int compare_uuids(const uuid_t *uuid1, const uuid_t *uuid2)
125 {
126 return memcmp(uuid1, uuid2, sizeof(uuid_t));
127 }
128
129
130 /* TODO: We could check version numbers or do a package checksum? */
is_valid_header(fip_toc_header_t * header)131 static inline int is_valid_header(fip_toc_header_t *header)
132 {
133 if ((header->name == TOC_HEADER_NAME) && (header->serial_number != 0)) {
134 return 1;
135 } else {
136 return 0;
137 }
138 }
139
140
file_to_uuid(const char * filename,uuid_t * uuid)141 static int file_to_uuid(const char *filename, uuid_t *uuid)
142 {
143 int i;
144 int status = -EINVAL;
145
146 for (i = 0; i < (sizeof(name_uuid) / sizeof(name_uuid[0])); i++) {
147 if (strcmp(filename, name_uuid[i].name) == 0) {
148 copy_uuid(uuid, &name_uuid[i].uuid);
149 status = 0;
150 break;
151 }
152 }
153 return status;
154 }
155
156
157 /* Identify the device type as a virtual driver */
device_type_fip(void)158 io_type_t device_type_fip(void)
159 {
160 return IO_TYPE_FIRMWARE_IMAGE_PACKAGE;
161 }
162
163
164 static const io_dev_connector_t fip_dev_connector = {
165 .dev_open = fip_dev_open
166 };
167
168
169 static const io_dev_funcs_t fip_dev_funcs = {
170 .type = device_type_fip,
171 .open = fip_file_open,
172 .seek = NULL,
173 .size = fip_file_len,
174 .read = fip_file_read,
175 .write = NULL,
176 .close = fip_file_close,
177 .dev_init = fip_dev_init,
178 .dev_close = fip_dev_close,
179 };
180
181
182 /* No state associated with this device so structure can be const */
183 static const io_dev_info_t fip_dev_info = {
184 .funcs = &fip_dev_funcs,
185 .info = (uintptr_t)NULL
186 };
187
188
189 /* Open a connection to the FIP device */
fip_dev_open(const uintptr_t dev_spec,io_dev_info_t ** dev_info)190 static int fip_dev_open(const uintptr_t dev_spec __attribute__((unused)),
191 io_dev_info_t **dev_info)
192 {
193 assert(dev_info != NULL);
194 *dev_info = (io_dev_info_t *)&fip_dev_info; /* cast away const */
195
196 return IO_SUCCESS;
197 }
198
199
200 /* Do some basic package checks. */
fip_dev_init(io_dev_info_t * dev_info,const uintptr_t init_params)201 static int fip_dev_init(io_dev_info_t *dev_info, const uintptr_t init_params)
202 {
203 int result = IO_FAIL;
204 char *image_name = (char *)init_params;
205 uintptr_t backend_handle;
206 fip_toc_header_t header;
207 size_t bytes_read;
208
209 /* Obtain a reference to the image by querying the platform layer */
210 result = plat_get_image_source(image_name, &backend_dev_handle,
211 &backend_image_spec);
212 if (result != IO_SUCCESS) {
213 WARN("Failed to obtain reference to image '%s' (%i)\n",
214 image_name, result);
215 result = IO_FAIL;
216 goto fip_dev_init_exit;
217 }
218
219 /* Attempt to access the FIP image */
220 result = io_open(backend_dev_handle, backend_image_spec,
221 &backend_handle);
222 if (result != IO_SUCCESS) {
223 WARN("Failed to access image '%s' (%i)\n", image_name, result);
224 result = IO_FAIL;
225 goto fip_dev_init_exit;
226 }
227
228 result = io_read(backend_handle, (uintptr_t)&header, sizeof(header),
229 &bytes_read);
230 if (result == IO_SUCCESS) {
231 if (!is_valid_header(&header)) {
232 WARN("Firmware Image Package header check failed.\n");
233 result = IO_FAIL;
234 } else {
235 VERBOSE("FIP header looks OK.\n");
236 }
237 }
238
239 io_close(backend_handle);
240
241 fip_dev_init_exit:
242 return result;
243 }
244
245 /* Close a connection to the FIP device */
fip_dev_close(io_dev_info_t * dev_info)246 static int fip_dev_close(io_dev_info_t *dev_info)
247 {
248 /* TODO: Consider tracking open files and cleaning them up here */
249
250 /* Clear the backend. */
251 backend_dev_handle = (uintptr_t)NULL;
252 backend_image_spec = (uintptr_t)NULL;
253
254 return IO_SUCCESS;
255 }
256
257
258 /* Open a file for access from package. */
fip_file_open(io_dev_info_t * dev_info,const uintptr_t spec,io_entity_t * entity)259 static int fip_file_open(io_dev_info_t *dev_info, const uintptr_t spec,
260 io_entity_t *entity)
261 {
262 int result = IO_FAIL;
263 uintptr_t backend_handle;
264 uuid_t file_uuid;
265 const io_file_spec_t *file_spec = (io_file_spec_t *)spec;
266 size_t bytes_read;
267 int found_file = 0;
268
269 assert(file_spec != NULL);
270 assert(entity != NULL);
271
272 /* Can only have one file open at a time for the moment. We need to
273 * track state like file cursor position. We know the header lives at
274 * offset zero, so this entry should never be zero for an active file.
275 * When the system supports dynamic memory allocation we can allow more
276 * than one open file at a time if needed.
277 */
278 if (current_file.entry.offset_address != 0) {
279 WARN("fip_file_open : Only one open file at a time.\n");
280 return IO_RESOURCES_EXHAUSTED;
281 }
282
283 /* Attempt to access the FIP image */
284 result = io_open(backend_dev_handle, backend_image_spec,
285 &backend_handle);
286 if (result != IO_SUCCESS) {
287 WARN("Failed to open Firmware Image Package (%i)\n", result);
288 result = IO_FAIL;
289 goto fip_file_open_exit;
290 }
291
292 /* Seek past the FIP header into the Table of Contents */
293 result = io_seek(backend_handle, IO_SEEK_SET, sizeof(fip_toc_header_t));
294 if (result != IO_SUCCESS) {
295 WARN("fip_file_open: failed to seek\n");
296 result = IO_FAIL;
297 goto fip_file_open_close;
298 }
299
300 file_to_uuid(file_spec->path, &file_uuid);
301
302 found_file = 0;
303 do {
304 result = io_read(backend_handle,
305 (uintptr_t)¤t_file.entry,
306 sizeof(current_file.entry),
307 &bytes_read);
308 if (result == IO_SUCCESS) {
309 if (compare_uuids(¤t_file.entry.uuid,
310 &file_uuid) == 0) {
311 found_file = 1;
312 break;
313 }
314 } else {
315 WARN("Failed to read FIP (%i)\n", result);
316 goto fip_file_open_close;
317 }
318 } while (compare_uuids(¤t_file.entry.uuid, &uuid_null) != 0);
319
320 if (found_file == 1) {
321 /* All fine. Update entity info with file state and return. Set
322 * the file position to 0. The 'current_file.entry' holds the
323 * base and size of the file.
324 */
325 current_file.file_pos = 0;
326 entity->info = (uintptr_t)¤t_file;
327 } else {
328 /* Did not find the file in the FIP. */
329 current_file.entry.offset_address = 0;
330 result = IO_FAIL;
331 }
332
333 fip_file_open_close:
334 io_close(backend_handle);
335
336 fip_file_open_exit:
337 return result;
338 }
339
340
341 /* Return the size of a file in package */
fip_file_len(io_entity_t * entity,size_t * length)342 static int fip_file_len(io_entity_t *entity, size_t *length)
343 {
344 assert(entity != NULL);
345 assert(length != NULL);
346
347 *length = ((file_state_t *)entity->info)->entry.size;
348
349 return IO_SUCCESS;
350 }
351
352
353 /* Read data from a file in package */
fip_file_read(io_entity_t * entity,uintptr_t buffer,size_t length,size_t * length_read)354 static int fip_file_read(io_entity_t *entity, uintptr_t buffer, size_t length,
355 size_t *length_read)
356 {
357 int result = IO_FAIL;
358 file_state_t *fp;
359 size_t file_offset;
360 size_t bytes_read;
361 uintptr_t backend_handle;
362
363 assert(entity != NULL);
364 assert(buffer != (uintptr_t)NULL);
365 assert(length_read != NULL);
366 assert(entity->info != (uintptr_t)NULL);
367
368 /* Open the backend, attempt to access the blob image */
369 result = io_open(backend_dev_handle, backend_image_spec,
370 &backend_handle);
371 if (result != IO_SUCCESS) {
372 WARN("Failed to open FIP (%i)\n", result);
373 result = IO_FAIL;
374 goto fip_file_read_exit;
375 }
376
377 fp = (file_state_t *)entity->info;
378
379 /* Seek to the position in the FIP where the payload lives */
380 file_offset = fp->entry.offset_address + fp->file_pos;
381 result = io_seek(backend_handle, IO_SEEK_SET, file_offset);
382 if (result != IO_SUCCESS) {
383 WARN("fip_file_read: failed to seek\n");
384 result = IO_FAIL;
385 goto fip_file_read_close;
386 }
387
388 result = io_read(backend_handle, buffer, length, &bytes_read);
389 if (result != IO_SUCCESS) {
390 /* We cannot read our data. Fail. */
391 WARN("Failed to read payload (%i)\n", result);
392 result = IO_FAIL;
393 goto fip_file_read_close;
394 } else {
395 /* Set caller length and new file position. */
396 *length_read = bytes_read;
397 fp->file_pos += bytes_read;
398 }
399
400 /* Close the backend. */
401 fip_file_read_close:
402 io_close(backend_handle);
403
404 fip_file_read_exit:
405 return result;
406 }
407
408
409 /* Close a file in package */
fip_file_close(io_entity_t * entity)410 static int fip_file_close(io_entity_t *entity)
411 {
412 /* Clear our current file pointer.
413 * If we had malloc() we would free() here.
414 */
415 if (current_file.entry.offset_address != 0) {
416 memset(¤t_file, 0, sizeof(current_file));
417 }
418
419 /* Clear the Entity info. */
420 entity->info = 0;
421
422 return IO_SUCCESS;
423 }
424
425 /* Exported functions */
426
427 /* Register the Firmware Image Package driver with the IO abstraction */
register_io_dev_fip(const io_dev_connector_t ** dev_con)428 int register_io_dev_fip(const io_dev_connector_t **dev_con)
429 {
430 int result = IO_FAIL;
431 assert(dev_con != NULL);
432
433 result = io_register_device(&fip_dev_info);
434 if (result == IO_SUCCESS)
435 *dev_con = &fip_dev_connector;
436
437 return result;
438 }
439