diff --git a/arch/arm/cpu/armv8/sec_firmware.c b/arch/arm/cpu/armv8/sec_firmware.c index 5d2d839..a13c92e 100644 --- a/arch/arm/cpu/armv8/sec_firmware.c +++ b/arch/arm/cpu/armv8/sec_firmware.c @@ -115,25 +115,48 @@ static int sec_firmware_check_copy_loadable(const void *sec_firmware_img, u32 *loadable_l, u32 *loadable_h) { phys_addr_t sec_firmware_loadable_addr = 0; - int conf_node_off, ld_node_off; + int conf_node_off, ld_node_off, images; char *conf_node_name = NULL; const void *data; size_t size; ulong load; + const char *name, *str, *type; + int len; conf_node_name = SEC_FIRMEWARE_FIT_CNF_NAME; conf_node_off = fit_conf_get_node(sec_firmware_img, conf_node_name); if (conf_node_off < 0) { printf("SEC Firmware: %s: no such config\n", conf_node_name); - return -ENOENT; + return -ENOENT; + } + + /* find the node holding the images information */ + images = fdt_path_offset(sec_firmware_img, FIT_IMAGES_PATH); + if (images < 0) { + printf("%s: Cannot find /images node: %d\n", __func__, images); + return -1; + } + + type = FIT_LOADABLE_PROP; + + name = fdt_getprop(sec_firmware_img, conf_node_off, type, &len); + if (!name) { + /* Loadables not present */ + return 0; } - ld_node_off = fit_conf_get_prop_node(sec_firmware_img, conf_node_off, - FIT_LOADABLE_PROP); - if (ld_node_off >= 0) { - printf("SEC Firmware: '%s' present in config\n", - FIT_LOADABLE_PROP); + printf("SEC Firmware: '%s' present in config\n", type); + + for (str = name; str && ((str - name) < len); + str = strchr(str, '\0') + 1) { + printf("%s: '%s'\n", type, str); + ld_node_off = fdt_subnode_offset(sec_firmware_img, images, str); + if (ld_node_off < 0) { + printf("cannot find image node '%s': %d\n", str, + ld_node_off); + return -EINVAL; + } /* Verify secure firmware image */ if (!(fit_image_verify(sec_firmware_img, ld_node_off))) { @@ -163,11 +186,19 @@ static int sec_firmware_check_copy_loadable(const void *sec_firmware_img, memcpy((void *)sec_firmware_loadable_addr, data, size); flush_dcache_range(sec_firmware_loadable_addr, sec_firmware_loadable_addr + size); - } - /* Populate address ptrs for loadable image with loadbale addr */ - out_le32(loadable_l, (sec_firmware_loadable_addr & WORD_MASK)); - out_le32(loadable_h, (sec_firmware_loadable_addr >> WORD_SHIFT)); + /* Populate loadable address only for Trusted OS */ + if (!strcmp(str, "trustedOS@1")) { + /* + * Populate address ptrs for loadable image with + * loadbale addr + */ + out_le32(loadable_l, (sec_firmware_loadable_addr & + WORD_MASK)); + out_le32(loadable_h, (sec_firmware_loadable_addr >> + WORD_SHIFT)); + } + } return 0; } diff --git a/doc/uImage.FIT/sec_firmware_ppa.its b/doc/uImage.FIT/sec_firmware_ppa.its new file mode 100644 index 0000000..a7acde1 --- /dev/null +++ b/doc/uImage.FIT/sec_firmware_ppa.its @@ -0,0 +1,49 @@ +/dts-v1/; + +/* + * Example FIT image description file demonstrating the usage + * of SEC Firmware and multiple loadable images loaded by the u-boot. + * For booting PPA (SEC Firmware), "firmware" is searched and loaded. + * + * Multiple binaries will be loaded as "loadables" (if present) at their + * respective load offsets from firmware image address. + */ + +/{ + description = "PPA Firmware"; + #address-cells = <1>; + images { + firmware@1 { + description = "PPA Firmware: "; + data = /incbin/("../obj/monitor.bin"); + type = "firmware"; + arch = "arm64"; + compression = "none"; + }; + trustedOS@1 { + description = "Trusted OS"; + data = /incbin/("../../tee.bin"); + type = "OS"; + arch = "arm64"; + compression = "none"; + load = <0x00200000>; + }; + fuse_scr { + description = "Fuse Script"; + data = /incbin/("../../fuse_scr.bin"); + type = "firmware"; + arch = "arm64"; + compression = "none"; + load = <0x00180000>; + }; + }; + + configurations { + default = "config-1"; + config-1 { + description = "PPA Secure firmware"; + firmware = "firmware@1"; + loadables = "trustedOS@1", "fuse_scr"; + }; + }; +};