[PATCH 0/3] zynqmp: Add support for secure OS loading
Hi,
this series is adding support for working with TEE in much easier and flexible way.
TF-A can be placed to any location. When it is placed to DDR you should enable DT support which reserve location where TF-A is https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/10131
The similar DT support can be added to secure OS but I haven't sent that patches out in OPTEE case yet.
Thanks, Michal
Michal Simek (3): zynqmp: Do not place u-boot to reserved memory location zynqmp: Generate u-boot.its also with TEE dynamically zynqmp: Pass bl32 entry to TF-A via xilinx handoff structure
arch/arm/mach-zynqmp/handoff.c | 19 +++++++++--- arch/arm/mach-zynqmp/mkimage_fit_atf.sh | 41 ++++++++++++++++++++++++- board/xilinx/zynqmp/zynqmp.c | 21 +++++++++++++ 3 files changed, 75 insertions(+), 6 deletions(-)
TF-A and SecureOS can allocate the part of DDR for self but U-Boot is not handling this configuration that the part of memory is reserved and shouldn't be used by U-Boot. That's why read all reserved memory locations and don't use it. The code was taken from commit 4a1b975dac02 ("board: stm32mp1: reserve memory for OP-TEE in device tree") and commit 1419e5b5167e ("stm32mp: update MMU config before the relocation") which is used by stm32 and does the job properly.
Signed-off-by: Michal Simek michal.simek@xilinx.com ---
board/xilinx/zynqmp/zynqmp.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+)
diff --git a/board/xilinx/zynqmp/zynqmp.c b/board/xilinx/zynqmp/zynqmp.c index 46dee80470fa..3fe0b0dc29f6 100644 --- a/board/xilinx/zynqmp/zynqmp.c +++ b/board/xilinx/zynqmp/zynqmp.c @@ -11,6 +11,8 @@ #include <env.h> #include <env_internal.h> #include <init.h> +#include <image.h> +#include <lmb.h> #include <log.h> #include <net.h> #include <sata.h> @@ -442,6 +444,25 @@ int dram_init(void)
return 0; } + +ulong board_get_usable_ram_top(ulong total_size) +{ + phys_size_t size; + phys_addr_t reg; + struct lmb lmb; + + /* found enough not-reserved memory to relocated U-Boot */ + lmb_init(&lmb); + lmb_add(&lmb, gd->ram_base, gd->ram_size); + boot_fdt_add_mem_rsv_regions(&lmb, (void *)gd->fdt_blob); + size = ALIGN(CONFIG_SYS_MALLOC_LEN + total_size, MMU_SECTION_SIZE), + reg = lmb_alloc(&lmb, size, MMU_SECTION_SIZE); + + if (!reg) + reg = gd->ram_top - size; + + return reg + size; +} #else int dram_init_banksize(void) {
The first change is to trying to find out TF-A load address based on reading elf file. Expectation is that bl31.bin is in the same folder as bl31.elf. It brings new flexibility to place TF-A to any address (DDR included).
And also enable TEE generation also with TEE configuration. Expecation is the same as above that tee.bin and tee.elf are in the same folder.
User has to just define link to BL31/BL32 binary files and the rest should be handled by the script.
Signed-off-by: Michal Simek michal.simek@xilinx.com ---
I am using bash that's why not sure if ${BL31%.*} will work on other shells but let's see. --- arch/arm/mach-zynqmp/mkimage_fit_atf.sh | 41 ++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-)
diff --git a/arch/arm/mach-zynqmp/mkimage_fit_atf.sh b/arch/arm/mach-zynqmp/mkimage_fit_atf.sh index 92e31849f88d..700871dbe109 100755 --- a/arch/arm/mach-zynqmp/mkimage_fit_atf.sh +++ b/arch/arm/mach-zynqmp/mkimage_fit_atf.sh @@ -8,9 +8,19 @@
BL33="u-boot-nodtb.bin" [ -z "$BL31" ] && BL31="bl31.bin" -# Can be also done as ${CROSS_COMPILE}readelf -l bl31.elf | awk '/Entry point/ { print $3 }' +BL31_ELF="${BL31%.*}.elf" +[ -f ${BL31_ELF} ] && ATF_LOAD_ADDR=`${CROSS_COMPILE}readelf -l "${BL31_ELF}" | \ +awk '/Entry point/ { print $3 }'` + [ -z "$ATF_LOAD_ADDR" ] && ATF_LOAD_ADDR="0xfffea000"
+[ -z "$BL32" ] && BL32="tee.bin" +BL32_ELF="${BL32%.*}.elf" +[ -f ${BL32_ELF} ] && TEE_LOAD_ADDR=`${CROSS_COMPILE}readelf -l "${BL32_ELF}" | \ +awk '/Entry point/ { print $3 }'` + +[ -z "$TEE_LOAD_ADDR" ] && TEE_LOAD_ADDR="0x60000000" + if [ -z "$BL33_LOAD_ADDR" ];then BL33_LOAD_ADDR=`awk '/CONFIG_SYS_TEXT_BASE/ { print $3 }' include/generated/autoconf.h` fi @@ -75,6 +85,24 @@ cat << __ATF __ATF fi
+if [ -f $BL32 ]; then +cat << __TEE + tee { + description = "TEE firmware"; + data = /incbin/("$BL32"); + type = "firmware"; + os = "tee"; + arch = "arm64"; + compression = "none"; + load = <$TEE_LOAD_ADDR>; + entry = <$TEE_LOAD_ADDR>; + hash { + algo = "md5"; + }; + }; +__TEE +fi + DEFAULT=1 cnt=1 for dtname in $DT @@ -117,6 +145,16 @@ cat << __CONF_SECTION1_EOF }; __CONF_SECTION1_EOF else +if [ -f $BL32 ]; then +cat << __CONF_SECTION1_EOF + config_$cnt { + description = "$(basename $dtname .dtb)"; + firmware = "atf"; + loadables = "uboot", "tee"; + fdt = "fdt_$cnt"; + }; +__CONF_SECTION1_EOF +else cat << __CONF_SECTION1_EOF config_$cnt { description = "$(basename $dtname .dtb)"; @@ -126,6 +164,7 @@ cat << __CONF_SECTION1_EOF }; __CONF_SECTION1_EOF fi +fi
cnt=$((cnt+1)) done
There is need to pass entry about secure OS when bl32_entry is defined. Currently only 64bit support is added but /fit-images node have been extended to also record if this is 32bit or 64bit secure OS. When this is tested the code will be update to support this configuration too.
Signed-off-by: Michal Simek michal.simek@xilinx.com ---
arch/arm/mach-zynqmp/handoff.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/arch/arm/mach-zynqmp/handoff.c b/arch/arm/mach-zynqmp/handoff.c index 7d7ab9da6ec2..31346d9b2e21 100644 --- a/arch/arm/mach-zynqmp/handoff.c +++ b/arch/arm/mach-zynqmp/handoff.c @@ -71,6 +71,7 @@ struct bl31_params *bl2_plat_get_bl31_params(uintptr_t bl32_entry, uintptr_t fdt_addr) { struct xfsbl_atf_handoff_params *atfhandoffparams; + u32 index = 0;
atfhandoffparams = (void *)CONFIG_SPL_TEXT_BASE; atfhandoffparams->magic[0] = 'X'; @@ -78,14 +79,22 @@ struct bl31_params *bl2_plat_get_bl31_params(uintptr_t bl32_entry, atfhandoffparams->magic[2] = 'N'; atfhandoffparams->magic[3] = 'X';
- atfhandoffparams->num_entries = 0; + if (bl32_entry) { + atfhandoffparams->partition[index].entry_point = bl32_entry; + atfhandoffparams->partition[index].flags = FSBL_FLAGS_EL1 << FSBL_FLAGS_EL_SHIFT | + FSBL_FLAGS_SECURE << FSBL_FLAGS_TZ_SHIFT; + index++; + } + if (bl33_entry) { - atfhandoffparams->partition[0].entry_point = bl33_entry; - atfhandoffparams->partition[0].flags = FSBL_FLAGS_EL2 << - FSBL_FLAGS_EL_SHIFT; - atfhandoffparams->num_entries++; + atfhandoffparams->partition[index].entry_point = bl33_entry; + atfhandoffparams->partition[index].flags = FSBL_FLAGS_EL2 << + FSBL_FLAGS_EL_SHIFT; + index++; }
+ atfhandoffparams->num_entries = index; + writel(CONFIG_SPL_TEXT_BASE, &pmu_base->gen_storage6);
return NULL;
po 31. 5. 2021 v 12:14 odesÃlatel Michal Simek michal.simek@xilinx.com napsal:
Hi,
this series is adding support for working with TEE in much easier and flexible way.
TF-A can be placed to any location. When it is placed to DDR you should enable DT support which reserve location where TF-A is https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/10131
The similar DT support can be added to secure OS but I haven't sent that patches out in OPTEE case yet.
Thanks, Michal
Michal Simek (3): zynqmp: Do not place u-boot to reserved memory location zynqmp: Generate u-boot.its also with TEE dynamically zynqmp: Pass bl32 entry to TF-A via xilinx handoff structure
arch/arm/mach-zynqmp/handoff.c | 19 +++++++++--- arch/arm/mach-zynqmp/mkimage_fit_atf.sh | 41 ++++++++++++++++++++++++- board/xilinx/zynqmp/zynqmp.c | 21 +++++++++++++ 3 files changed, 75 insertions(+), 6 deletions(-)
-- 2.31.1
Applied all. M
participants (2)
-
Michal Simek -
Michal Simek