zhao/bl-mt798x
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

atf-20240117-bacca82a8: import new atf (#119)

Browse Source 
* atf-20240117-bacca82a8: import new atf

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

* atf-20240117-bacca82a8: remove Werror

* atf-20240117-bacca82a8: call bromimage-x86_64 for aarch64 host

* atf-20240117-bacca82a8: export ram boot uart option

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

* atf-20240117-bacca82a8: apply openwrt patches

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

* atf-20240117-bacca82a8: port board configs

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

* build.sh: switch to use atf-20240117-bacca82a8

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

* build.sh: support new menuconfig

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

* build.sh: pass u-boot path by variable

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

* atf-20231013-0ea67d76a: drop

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

---------

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Co-authored-by: hanwckf <hanwckf@vip.qq.com>
This commit is contained in:
Tianling Shen
2025-08-19 16:26:53 +08:00
committed by GitHub
parent 475f1640d3
commit 8f5285bfba
4934 changed files with 18904 additions and 9851 deletions
Download Patch File Download Diff File Expand all files Collapse all files

345
atf-20231013-0ea67d76a/config.in
View File

@@ -1,345 +0,0 @@
mainmenu "ATF SDK configuration"
#
# ============================ MENU ==============================
#
menu "Platform"
choice CHIP
bool "Target Platforms"
config PLAT_MT7622
bool "MT7622"
config PLAT_MT7629
bool "MT7629"
config PLAT_MT7981
bool "MT7981"
config PLAT_MT7986
bool "MT7986"
config PLAT_MT7988
bool "MT7988"
endchoice
config FPGA
bool "Build for FPGA emulation"
default n
endmenu
menu "Target"
choice
bool "Target Images"
default TARGET_BL2 if !NEED_SBC
default TARGET_ALL_HAS_SEC_BOOT if NEED_SBC
config TARGET_BL2
bool "BL2"
depends on !NEED_SBC
config TARGET_BL31
bool "BL31"
depends on !NEED_SBC
config TARGET_FIP_NO_SEC_BOOT
bool "BL31 + FIP image without secure boot"
depends on !NEED_SBC
config TARGET_ALL_NO_SEC_BOOT
bool "BL2 + FIP image without secure boot"
depends on !NEED_SBC
config TARGET_ALL_HAS_SEC_BOOT
bool "BL2 + FIP image with secure boot"
depends on NEED_SBC
endchoice
config NEED_SBC
bool "Enable Secure Boot"
default n
choice FLASH_DEVICE
bool "Target Flash Devices"
default FLASH_DEVICE_SNFI_SNAND
config FLASH_DEVICE_SNFI_SNAND
bool "snfi-snand"
depends on MTK_SNFI_SUPPORT
help
spi-nand flash with snfi controller
config FLASH_DEVICE_SNOR
bool "snor"
depends on MTK_SNOR_SUPPORT
help
spi-nor flash with snor controller
config FLASH_DEVICE_SPIM_NAND
bool "spim-snand"
depends on MTK_SPIM_SUPPORT
help
spi-nand flash with spim controller
config FLASH_DEVICE_SPIM_NOR
bool "spim-snor"
depends on MTK_SPIM_SUPPORT
help
spi-nor flash with spim controller
config FLASH_DEVICE_EMMC
bool "emmc"
depends on MTK_SDMMC_SUPPORT
help
emmc device
config FLASH_DEVICE_SDMMC
bool "sdcard"
depends on MTK_SDMMC_SUPPORT
help
sd card device
config FLASH_DEVICE_RAM
bool "ram"
help
ram device
endchoice
config SNFI_SNAND_TYPE
string "nand flash type"
depends on FLASH_DEVICE_SNFI_SNAND
default 'hsm:2k+64'
config NMBM
bool "Enable NAND mapping block management"
depends on FLASH_DEVICE_SNFI_SNAND || FLASH_DEVICE_SPIM_NAND
default y if PLAT_MT7622 || PLAT_MT7629 || \
PLAT_MT7981 || PLAT_MT7986 || PLAT_MT7988
config SPIM_NAND_TYPE
string "nand flash type"
depends on FLASH_DEVICE_SPIM_NAND
default 'spim:2k+64'
endmenu
menu "DRAM"
depends on !FPGA
choice DDR_TYPE
bool "DRAM type"
config DRAM_DDR3
bool "DDR3"
depends on PLAT_MT7622 || \
PLAT_MT7629 || \
PLAT_MT7981 || \
PLAT_MT7986 || \
PLAT_MT7988
config DRAM_DDR4
bool "DDR4"
depends on PLAT_MT7981 || \
PLAT_MT7986 || \
PLAT_MT7988
endchoice
choice BOARD_TYPE
bool "BOARD type"
config QFN
bool "QFN"
depends on PLAT_MT7981 && DRAM_DDR3
config BGA
bool "BGA"
depends on PLAT_MT7981
endchoice
config DRAM_DDR3_FLYBY
bool "Enable Fly-by topology (Uses 2x DDR3 chips)"
default n
depends on PLAT_MT7622
choice DDR_SIZE
bool "DRAM size limitation"
default DRAM_SIZE_AUTO
depends on PLAT_MT7981 || \
PLAT_MT7986 || \
PLAT_MT7988
config DRAM_SIZE_AUTO
bool "Auto detect"
depends on PLAT_MT7981 || \
PLAT_MT7986 || \
PLAT_MT7988
config DRAM_SIZE_256
bool "256MB"
depends on (PLAT_MT7981 && DRAM_DDR3) || \
(PLAT_MT7986 && DRAM_DDR3)
config DRAM_SIZE_512
bool "512MB"
depends on (PLAT_MT7981 && DRAM_DDR3) || \
(PLAT_MT7986 && DRAM_DDR3) || \
(PLAT_MT7981 && DRAM_DDR4) || \
(PLAT_MT7986 && DRAM_DDR4) || \
(PLAT_MT7988 && DRAM_DDR3) || \
(PLAT_MT7988 && DRAM_DDR4)
config DRAM_SIZE_1024
bool "1GB"
depends on (PLAT_MT7981 && DRAM_DDR4) || \
(PLAT_MT7986 && DRAM_DDR4) || \
(PLAT_MT7988 && DRAM_DDR4)
config DRAM_SIZE_2048
bool "2GB"
depends on (PLAT_MT7986 && DRAM_DDR4) || \
(PLAT_MT7988 && DRAM_DDR4)
endchoice
choice DDR3_FREQUENCY
bool "DDR3 frequency"
default DDR3_FREQ_2133
depends on (PLAT_MT7981 && DRAM_DDR3) || \
(PLAT_MT7988 && DRAM_DDR3)
config DDR3_FREQ_2133
bool "DDR3 2133MHz"
depends on (PLAT_MT7981 && DRAM_DDR3) || \
(PLAT_MT7988 && DRAM_DDR3)
config DDR3_FREQ_1866
bool "DDR3 1866MHz"
depends on (PLAT_MT7981 && DRAM_DDR3) || \
(PLAT_MT7988 && DRAM_DDR3)
endchoice
choice DDR4_FREQUENCY
bool "DDR4 frequency"
default DDR4_FREQ_3200
depends on (PLAT_MT7986 && DRAM_DDR4) || \
(PLAT_MT7988 && DRAM_DDR4)
config DDR4_FREQ_3200
bool "DDR4 3200MHz"
depends on (PLAT_MT7986 && DRAM_DDR4) || \
(PLAT_MT7988 && DRAM_DDR4)
config DDR4_FREQ_2666
bool "DDR4 2666MHz"
depends on (PLAT_MT7986 && DRAM_DDR4) || \
(PLAT_MT7988 && DRAM_DDR4)
endchoice
endmenu
menu "Log"
choice LOG_LEVEL
bool "Log level"
default LOG_LEVEL_NOTICE
config LOG_LEVEL_NONE
bool "NONE"
config LOG_LEVEL_ERROR
bool "ERROR"
config LOG_LEVEL_NOTICE
bool "NOTICE"
config LOG_LEVEL_WARNING
bool "WARNING"
config LOG_LEVEL_INFO
bool "INFO"
config LOG_LEVEL_VERBOSE
bool "VERBOSE"
endchoice
config DRAM_DEBUG_LOG
bool "Enable DRAM debug log"
default n
endmenu
#
# ============================ PLATFORM ==============================
#
config PLAT
def_string "mt7622" if PLAT_MT7622
def_string "mt7629" if PLAT_MT7629
def_string "mt7981" if PLAT_MT7981
def_string "mt7986" if PLAT_MT7986
def_string "mt7988" if PLAT_MT7988
config AARCH64
def_bool y if PLAT_MT7622
def_bool n if PLAT_MT7629
def_bool y if PLAT_MT7981
def_bool y if PLAT_MT7986
def_bool y if PLAT_MT7988
config AARCH32
def_bool y if !AARCH64
def_bool n if AARCH64
#
# ============================ TARGET ==============================
#
config NEED_BL2
def_bool y if TARGET_BL2
def_bool y if TARGET_ALL_NO_SEC_BOOT
def_bool y if TARGET_ALL_HAS_SEC_BOOT
config NEED_BL31
def_bool y if TARGET_BL31
def_bool y if TARGET_ALL_NO_SEC_BOOT
def_bool y if TARGET_ALL_HAS_SEC_BOOT
def_bool y if TARGET_FIP_NO_SEC_BOOT
config NEED_BL33
def_bool y if TARGET_ALL_NO_SEC_BOOT
def_bool y if TARGET_ALL_HAS_SEC_BOOT
def_bool y if TARGET_FIP_NO_SEC_BOOT
config NEED_FIP
def_bool y if TARGET_ALL_NO_SEC_BOOT
def_bool y if TARGET_ALL_HAS_SEC_BOOT
def_bool y if TARGET_FIP_NO_SEC_BOOT
config NEED_MBEDTLS
def_bool y if TARGET_ALL_HAS_SEC_BOOT
if NEED_BL33
config BL33
string "Path to BL33 image"
default "./u-boot.bin"
endif
MBEDTLS_FOUND := $(shell, ls | grep mbedtls-mbedtls- && echo -n "" || echo "0")
MBEDTLS_DEFAULT := $(shell, echo $(MBEDTLS_FOUND) | awk '{ print $NF }')
if NEED_MBEDTLS
config MBEDTLS_DIR
string "Path to mbedtls library"
default $(MBEDTLS_DEFAULT) if $(MBEDTLS_FOUND)!=0
endif
if NEED_SBC
config ROT_KEY
string "Path to ROT_KEY"
default "fip_private_key.pem"
config BROM_SIGN_KEY
string "Path to BROM_SIGN_KEY"
default "bl2_private_key.pem"
endif
#
# ============================ TOOLCHAIN ==============================
#
CC_1 := "/mtkoss/aarch64/7.5.0/x86_64/bin/aarch64-linux-gnu-gcc"
TEST_1 := $(shell, test -e $(CC_1) && echo "1" || echo "0")
CC_2 := "/usr/bin/aarch64-linux-gnu-gcc"
TEST_2 := $(shell, test -e $(CC_2) && echo "1" || echo "0")
CC_3 := "/usr/bin/arm-linux-gnueabi-gcc"
TEST_3 := $(shell, test -e $(CC_3) && echo "1" || echo "0")
config CROSS_COMPILER
string "cross compile prefix"
default $(shell, echo $(CC_1) | sed 's/-gcc/-/g') if $(TEST_1)="1" && AARCH64
default $(shell, echo $(CC_2) | sed 's/-gcc/-/g') if $(TEST_2)="1" && AARCH64
default $(shell, echo $(CC_3) | sed 's/-gcc/-/g') if $(TEST_3)="1" && AARCH32
#
# ============================ FLASH ==============================
#
config MTK_SPIM_SUPPORT
def_bool y if PLAT_MT7981
def_bool y if PLAT_MT7986
def_bool y if PLAT_MT7988
config MTK_SNOR_SUPPORT
def_bool y if PLAT_MT7622
def_bool y if PLAT_MT7629
config MTK_SNFI_SUPPORT
def_bool y if PLAT_MT7622
def_bool y if PLAT_MT7629
def_bool y if PLAT_MT7981
def_bool y if PLAT_MT7986
def_bool y if PLAT_MT7988
config MTK_SDMMC_SUPPORT
def_bool y if PLAT_MT7622
def_bool y if PLAT_MT7981
def_bool y if PLAT_MT7986
def_bool y if PLAT_MT7988
config BOOT_DEVICE
def_string "nor" if FLASH_DEVICE_SNOR
def_string "nor" if FLASH_DEVICE_SPIM_NOR
def_string "snand" if FLASH_DEVICE_SNFI_SNAND
def_string "spim-nand" if FLASH_DEVICE_SPIM_NAND
def_string "emmc" if FLASH_DEVICE_EMMC
def_string "sdmmc" if FLASH_DEVICE_SDMMC
def_string "ram" if FLASH_DEVICE_RAM

1
atf-20231013-0ea67d76a/configs
View File

@@ -1 +0,0 @@
../atf-20220606-637ba581b/configs

202
atf-20231013-0ea67d76a/docs/perf/psci-performance-n1sdp.rst
View File

@@ -1,202 +0,0 @@
Runtime Instrumentation Testing - N1SDP
=======================================
For this test we used the N1 System Development Platform (`N1SDP`_), which
contains an SoC consisting of two dual-core Arm N1 clusters.
The following source trees and binaries were used:
- TF-A [`v2.9-rc0-16-g666aec401`_]
- TFTF [`v2.9-rc0`_]
- SCP/MCP `Prebuilt Images`_
Please see the Runtime Instrumentation :ref:`Testing Methodology
<Runtime Instrumentation Methodology>` page for more details.
Procedure
---------
#. Build TFTF with runtime instrumentation enabled:
.. code:: shell
make CROSS_COMPILE=aarch64-none-elf- PLAT=n1sdp \
TESTS=runtime-instrumentation all
#. Build TF-A with the following build options:
.. code:: shell
make CROSS_COMPILE=aarch64-none-elf- PLAT=n1sdp \
ENABLE_RUNTIME_INSTRUMENTATION=1 fiptool all
#. Fetch the SCP firmware images:
.. code:: shell
curl --fail --connect-timeout 5 --retry 5 \
-sLS -o build/n1sdp/release/scp_rom.bin \
https://downloads.trustedfirmware.org/tf-a/css_scp_2.12.0/n1sdp/release/n1sdp-bl1.bin
curl --fail --connect-timeout 5 \
--retry 5 -sLS -o build/n1sdp/release/scp_ram.bin \
https://downloads.trustedfirmware.org/tf-a/css_scp_2.12.0/n1sdp/release/n1sdp-bl2.bin
#. Fetch the MCP firmware images:
.. code:: shell
curl --fail --connect-timeout 5 --retry 5 \
-sLS -o build/n1sdp/release/mcp_rom.bin \
https://downloads.trustedfirmware.org/tf-a/css_scp_2.12.0/n1sdp/release/n1sdp-mcp-bl1.bin
curl --fail --connect-timeout 5 --retry 5 \
-sLS -o build/n1sdp/release/mcp_ram.bin \
https://downloads.trustedfirmware.org/tf-a/css_scp_2.12.0/n1sdp/release/n1sdp-mcp-bl2.bin
#. Using the fiptool, create a new FIP package and append the SCP ram image onto
it.
.. code:: shell
./tools/fiptool/fiptool create --blob \
uuid=cfacc2c4-15e8-4668-82be-430a38fad705,file=build/n1sdp/release/bl1.bin \
--scp-fw build/n1sdp/release/scp_ram.bin build/n1sdp/release/scp_fw.bin
#. Append the MCP image to the FIP.
.. code:: shell
./tools/fiptool/fiptool create \
--blob uuid=54464222-a4cf-4bf8-b1b6-cee7dade539e,file=build/n1sdp/release/mcp_ram.bin \
build/n1sdp/release/mcp_fw.bin
#. Then, add TFTF as the Non-Secure workload in the FIP image:
.. code:: shell
make CROSS_COMPILE=aarch64-none-elf- PLAT=n1sdp \
ENABLE_RUNTIME_INSTRUMENTATION=1 SCP_BL2=/dev/null \
BL33=<path/to/tftf.bin> fip
#. Load the following images onto the development board: ``fip.bin``,
``scp_rom.bin``, ``scp_ram.bin``, ``mcp_rom.bin``, and ``mcp_ram.bin``.
.. note::
These instructions presume you have a complete firmware stack. The N1SDP
`user guide`_ provides a detailed explanation on how to get setup from
scratch.
Results
-------
``CPU_SUSPEND`` to deepest power level
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
parallel
+---------+------+-----------+---------+-------------+
| Cluster | Core | Powerdown | Wakekup | Cache Flush |
+=========+======+===========+=========+=============+
| 0 | 0 | 3.44 | 10.04 | 0.4 |
+---------+------+-----------+---------+-------------+
| 0 | 1 | 4.98 | 12.72 | 0.16 |
+---------+------+-----------+---------+-------------+
| 1 | 0 | 3.58 | 15.42 | 0.2 |
+---------+------+-----------+---------+-------------+
| 1 | 1 | 5.24 | 17.78 | 0.18 |
+---------+------+-----------+---------+-------------+
.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
serial
+---------+------+-----------+---------+-------------+
| Cluster | Core | Powerdown | Wakekup | Cache Flush |
+=========+======+===========+=========+=============+
| 0 | 0 | 1.82 | 9.98 | 0.32 |
+---------+------+-----------+---------+-------------+
| 0 | 1 | 1.96 | 9.96 | 0.18 |
+---------+------+-----------+---------+-------------+
| 1 | 0 | 2.0 | 10.5 | 0.16 |
+---------+------+-----------+---------+-------------+
| 1 | 1 | 2.22 | 10.56 | 0.16 |
+---------+------+-----------+---------+-------------+
``CPU_SUSPEND`` to power level 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in
parallel
+---------+------+-----------+---------+-------------+
| Cluster | Core | Powerdown | Wakekup | Cache Flush |
+=========+======+===========+=========+=============+
| 0 | 0 | 1.52 | 11.84 | 0.34 |
+---------+------+-----------+---------+-------------+
| 0 | 1 | 1.1 | 13.66 | 0.14 |
+---------+------+-----------+---------+-------------+
| 1 | 0 | 2.18 | 9.48 | 0.18 |
+---------+------+-----------+---------+-------------+
| 1 | 1 | 2.06 | 14.4 | 0.16 |
+---------+------+-----------+---------+-------------+
.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in serial
+---------+------+-----------+---------+-------------+
| Cluster | Core | Powerdown | Wakekup | Cache Flush |
+=========+======+===========+=========+=============+
| 0 | 0 | 1.54 | 9.34 | 0.3 |
+---------+------+-----------+---------+-------------+
| 0 | 1 | 1.88 | 9.5 | 0.16 |
+---------+------+-----------+---------+-------------+
| 1 | 0 | 1.86 | 9.86 | 0.2 |
+---------+------+-----------+---------+-------------+
| 1 | 1 | 2.02 | 9.64 | 0.18 |
+---------+------+-----------+---------+-------------+
``CPU_OFF`` on all non-lead CPUs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
``CPU_OFF`` on all non-lead CPUs in sequence then, ``CPU_SUSPEND`` on the lead
core to the deepest power level.
.. table:: ``CPU_OFF`` latencies (µs) on all non-lead CPUs
+---------+------+-----------+---------+-------------+
| Cluster | Core | Powerdown | Wakekup | Cache Flush |
+=========+======+===========+=========+=============+
| 0 | 0 | 1.86 | 9.88 | 0.32 |
+---------+------+-----------+---------+-------------+
| 0 | 1 | 21.1 | 12.44 | 0.42 |
+---------+------+-----------+---------+-------------+
| 1 | 0 | 21.22 | 13.2 | 0.32 |
+---------+------+-----------+---------+-------------+
| 1 | 1 | 21.56 | 13.18 | 0.54 |
+---------+------+-----------+---------+-------------+
``CPU_VERSION`` in parallel
~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. table:: ``CPU_VERSION`` latency (µs) in parallel on all cores
+-------------+--------+--------------+
| Cluster | Core | Latency |
+=============+========+==============+
| 0 | 0 | 0.08 |
+-------------+--------+--------------+
| 0 | 1 | 0.22 |
+-------------+--------+--------------+
| 1 | 0 | 0.28 |
+-------------+--------+--------------+
| 1 | 1 | 0.26 |
+-------------+--------+--------------+
--------------
*Copyright (c) 2023, Arm Limited. All rights reserved.*
.. _v2.9-rc0-16-g666aec401: https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/heads/v2.9-rc0-16-g666aec401
.. _v2.9-rc0: https://review.trustedfirmware.org/plugins/gitiles/TF-A/tf-a-tests/+/refs/tags/v2.9-rc0
.. _user guide: https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-docs/-/blob/master/docs/n1sdp/user-guide.rst
.. _Prebuilt Images: https://downloads.trustedfirmware.org/tf-a/css_scp_2.11.0/n1sdp/release/
.. _N1SDP: https://developer.arm.com/documentation/101489/latest

BIN
atf-20231013-0ea67d76a/docs/resources/diagrams/ffa-ns-interrupt-handling-managed-exit.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 84 KiB

BIN
atf-20231013-0ea67d76a/docs/resources/diagrams/ffa-ns-interrupt-handling-sp-preemption.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 69 KiB

1340
atf-20231013-0ea67d76a/docs/threat_model/threat_model_spm.rst
View File

File diff suppressed because it is too large Load Diff

334
atf-20231013-0ea67d76a/drivers/auth/cryptocell/712/cryptocell_crypto.c
View File

@@ -1,334 +0,0 @@
/*
* Copyright (c) 2017-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <stddef.h>
#include <string.h>
#include <mbedtls/oid.h>
#include <mbedtls/x509.h>
#include <arch_helpers.h>
#include <common/debug.h>
#include <drivers/arm/cryptocell/712/crypto_driver.h>
#include <drivers/arm/cryptocell/712/rsa.h>
#include <drivers/arm/cryptocell/712/sbrom_bsv_api.h>
#include <drivers/arm/cryptocell/712/secureboot_base_func.h>
#include <drivers/arm/cryptocell/712/secureboot_gen_defs.h>
#include <drivers/arm/cryptocell/712/util.h>
#include <drivers/auth/crypto_mod.h>
#include <drivers/auth/mbedtls/mbedtls_common.h>
#include <lib/utils.h>
#include <platform_def.h>
#define LIB_NAME "CryptoCell 712 SBROM"
#define RSA_SALT_LEN 32
#define RSA_EXPONENT 65537
/*
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL
* }
*
* SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING
* }
*
* DigestInfo ::= SEQUENCE {
* digestAlgorithm AlgorithmIdentifier,
* digest OCTET STRING
* }
*
* RSASSA-PSS-params ::= SEQUENCE {
* hashAlgorithm [0] HashAlgorithm,
* maskGenAlgorithm [1] MaskGenAlgorithm,
* saltLength [2] INTEGER,
* trailerField [3] TrailerField DEFAULT trailerFieldBC
* }
*/
/*
* Initialize the library and export the descriptor
*/
static void init(void)
{
CCError_t ret;
uint32_t lcs;
/* Initialize CC SBROM */
ret = CC_BsvSbromInit((uintptr_t)PLAT_CRYPTOCELL_BASE);
if (ret != CC_OK) {
ERROR("CryptoCell CC_BsvSbromInit() error %x\n", ret);
panic();
}
/* Initialize lifecycle state */
ret = CC_BsvLcsGetAndInit((uintptr_t)PLAT_CRYPTOCELL_BASE, &lcs);
if (ret != CC_OK) {
ERROR("CryptoCell CC_BsvLcsGetAndInit() error %x\n", ret);
panic();
}
/* If the lifecyclestate is `SD`, then stop further execution */
if (lcs == CC_BSV_SECURITY_DISABLED_LCS) {
ERROR("CryptoCell LCS is security-disabled\n");
panic();
}
}
/*
* Verify a signature.
*
* Parameters are passed using the DER encoding format following the ASN.1
* structures detailed above.
*/
static int verify_signature(void *data_ptr, unsigned int data_len,
void *sig_ptr, unsigned int sig_len,
void *sig_alg, unsigned int sig_alg_len,
void *pk_ptr, unsigned int pk_len)
{
CCError_t error;
CCSbNParams_t pk;
CCSbSignature_t signature;
int rc, exp, expected_salt_len;
mbedtls_asn1_buf sig_oid, alg_oid, params;
mbedtls_md_type_t md_alg, mgf1_hash_id;
mbedtls_pk_type_t pk_alg;
size_t len;
uint8_t *p, *end;
/* Temp buf to store the public key modulo (N) in LE format */
uint32_t RevN[SB_RSA_MOD_SIZE_IN_WORDS];
/* Verify the signature algorithm */
/* Get pointers to signature OID and parameters */
p = sig_alg;
end = p + sig_alg_len;
rc = mbedtls_asn1_get_alg(&p, end, &sig_oid, &params);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
/* Get the actual signature algorithm (MD + PK) */
rc = mbedtls_oid_get_sig_alg(&sig_oid, &md_alg, &pk_alg);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
/* The CryptoCell only supports RSASSA-PSS signature */
if ((pk_alg != MBEDTLS_PK_RSASSA_PSS) || (md_alg != MBEDTLS_MD_NONE)) {
return CRYPTO_ERR_SIGNATURE;
}
/* Verify the RSASSA-PSS params */
/* The trailer field is verified to be 0xBC internally by this API */
rc = mbedtls_x509_get_rsassa_pss_params(&params, &md_alg,
&mgf1_hash_id,
&expected_salt_len);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
/* The CryptoCell only supports SHA256 as hash algorithm */
if ((md_alg != MBEDTLS_MD_SHA256) || (mgf1_hash_id != MBEDTLS_MD_SHA256)) {
return CRYPTO_ERR_SIGNATURE;
}
if (expected_salt_len != RSA_SALT_LEN) {
return CRYPTO_ERR_SIGNATURE;
}
/* Parse the public key */
p = pk_ptr;
end = p + pk_len;
rc = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
end = p + len;
rc = mbedtls_asn1_get_alg_null(&p, end, &alg_oid);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
if (mbedtls_oid_get_pk_alg(&alg_oid, &pk_alg) != 0) {
return CRYPTO_ERR_SIGNATURE;
}
if (pk_alg != MBEDTLS_PK_RSA) {
return CRYPTO_ERR_SIGNATURE;
}
rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
rc = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
if (*p == 0) {
p++; len--;
}
if (len != RSA_MOD_SIZE_IN_BYTES || ((p + len) > end)) {
return CRYPTO_ERR_SIGNATURE;
}
/*
* The CCSbVerifySignature() API expects N and Np in BE format and
* the signature in LE format. Copy N from certificate.
*/
memcpy(pk.N, p, RSA_MOD_SIZE_IN_BYTES);
/* Verify the RSA exponent */
p += len;
rc = mbedtls_asn1_get_int(&p, end, &exp);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
if (exp != RSA_EXPONENT) {
return CRYPTO_ERR_SIGNATURE;
}
/*
* Calculate the Np (Barrett n' value). The RSA_CalcNp() API expects
* N in LE format. Hence reverse N into a temporary buffer `RevN`.
*/
UTIL_ReverseMemCopy((uint8_t *)RevN, (uint8_t *)pk.N, sizeof(RevN));
RSA_CalcNp((uintptr_t)PLAT_CRYPTOCELL_BASE, RevN, pk.Np);
/* Np is in LE format. Reverse it to BE */
UTIL_ReverseBuff((uint8_t *)pk.Np, sizeof(pk.Np));
/* Get the signature (bitstring) */
p = sig_ptr;
end = p + sig_len;
rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
if (len != RSA_MOD_SIZE_IN_BYTES || ((p + len) > end)) {
return CRYPTO_ERR_SIGNATURE;
}
/*
* The signature is BE format. Convert it to LE before calling
* CCSbVerifySignature().
*/
UTIL_ReverseMemCopy((uint8_t *)signature.sig, p, RSA_MOD_SIZE_IN_BYTES);
/*
* CryptoCell utilises DMA internally to transfer data. Flush the data
* from caches.
*/
flush_dcache_range((uintptr_t)data_ptr, data_len);
/* Verify the signature */
error = CCSbVerifySignature((uintptr_t)PLAT_CRYPTOCELL_BASE,
(uint32_t *)data_ptr, &pk, &signature,
data_len, RSA_PSS);
if (error != CC_OK) {
return CRYPTO_ERR_SIGNATURE;
}
/* Signature verification success */
return CRYPTO_SUCCESS;
}
/*
* Match a hash
*
* Digest info is passed in DER format following the ASN.1 structure detailed
* above.
*/
static int verify_hash(void *data_ptr, unsigned int data_len,
void *digest_info_ptr, unsigned int digest_info_len)
{
mbedtls_asn1_buf hash_oid, params;
mbedtls_md_type_t md_alg;
uint8_t *p, *end, *hash;
CCHashResult_t pubKeyHash;
size_t len;
int rc;
CCError_t error;
/* Digest info should be an MBEDTLS_ASN1_SEQUENCE */
p = digest_info_ptr;
end = p + digest_info_len;
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE);
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
/* Get the hash algorithm */
rc = mbedtls_asn1_get_alg(&p, end, &hash_oid, &params);
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
rc = mbedtls_oid_get_md_alg(&hash_oid, &md_alg);
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
/* Verify that hash algorithm is SHA256 */
if (md_alg != MBEDTLS_MD_SHA256) {
return CRYPTO_ERR_HASH;
}
/* Hash should be octet string type */
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
/* Length of hash must match the algorithm's size */
if (len != HASH_RESULT_SIZE_IN_BYTES) {
return CRYPTO_ERR_HASH;
}
/*
* CryptoCell utilises DMA internally to transfer data. Flush the data
* from caches.
*/
flush_dcache_range((uintptr_t)data_ptr, data_len);
hash = p;
error = SBROM_CryptoHash((uintptr_t)PLAT_CRYPTOCELL_BASE,
(uintptr_t)data_ptr, data_len, pubKeyHash);
if (error != CC_OK) {
return CRYPTO_ERR_HASH;
}
rc = memcmp(pubKeyHash, hash, HASH_RESULT_SIZE_IN_BYTES);
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
return CRYPTO_SUCCESS;
}
/*
* Register crypto library descriptor
*/
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL, NULL);

113
atf-20231013-0ea67d76a/drivers/auth/cryptocell/712/cryptocell_plat_helpers.c
View File

@@ -1,113 +0,0 @@
/*
* Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
#include <stddef.h>
#include <string.h>
#include <platform_def.h>
#include <plat/common/platform.h>
#include <tools_share/tbbr_oid.h>
#include <common/debug.h>
#include <drivers/arm/cryptocell/712/sbrom_bsv_api.h>
#include <drivers/arm/cryptocell/712/nvm.h>
#include <drivers/arm/cryptocell/712/nvm_otp.h>
/*
* Return the ROTPK hash
*
* dst: buffer into which the ROTPK hash will be copied into
* len: length of the provided buffer, which must be at least enough for a
* SHA256 hash
* flags: a pointer to integer that will be set to indicate the ROTPK status
*
* Return: 0 = success, Otherwise = error
*/
int cc_get_rotpk_hash(unsigned char *dst, unsigned int len, unsigned int *flags)
{
CCError_t error;
uint32_t lcs;
assert(dst != NULL);
assert(len >= HASH_RESULT_SIZE_IN_WORDS);
assert(flags != NULL);
error = NVM_GetLCS(PLAT_CRYPTOCELL_BASE, &lcs);
if (error != CC_OK)
return 1;
/* If the lifecycle state is `SD`, return failure */
if (lcs == CC_BSV_SECURITY_DISABLED_LCS)
return 1;
/*
* If the lifecycle state is `CM` or `DM`, ROTPK shouldn't be verified.
* Return success after setting ROTPK_NOT_DEPLOYED flag
*/
if ((lcs == CC_BSV_CHIP_MANUFACTURE_LCS) ||
(lcs == CC_BSV_DEVICE_MANUFACTURE_LCS)) {
*flags = ROTPK_NOT_DEPLOYED;
return 0;
}
/* Copy the DER header */
error = NVM_ReadHASHPubKey(PLAT_CRYPTOCELL_BASE,
CC_SB_HASH_BOOT_KEY_256B,
(uint32_t *)dst, HASH_RESULT_SIZE_IN_WORDS);
if (error != CC_OK)
return 1;
*flags = ROTPK_IS_HASH;
return 0;
}
/*
* Return the non-volatile counter value stored in the platform. The cookie
* specifies the OID of the counter in the certificate.
*
* Return: 0 = success, Otherwise = error
*/
int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr)
{
CCError_t error = CC_FAIL;
if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
error = NVM_GetSwVersion(PLAT_CRYPTOCELL_BASE,
CC_SW_VERSION_COUNTER1, nv_ctr);
} else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
error = NVM_GetSwVersion(PLAT_CRYPTOCELL_BASE,
CC_SW_VERSION_COUNTER2, nv_ctr);
}
return (error != CC_OK);
}
/*
* Store a new non-volatile counter value in the counter specified by the OID
* in the cookie. This function is not expected to be called if the Lifecycle
* state is RMA as the values in the certificate are expected to always match
* the nvcounter values. But if called when the LCS is RMA, the underlying
* helper functions will return success but without updating the counter.
*
* Return: 0 = success, Otherwise = error
*/
int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
{
CCError_t error = CC_FAIL;
if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
error = NVM_SetSwVersion(PLAT_CRYPTOCELL_BASE,
CC_SW_VERSION_COUNTER1, nv_ctr);
} else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
error = NVM_SetSwVersion(PLAT_CRYPTOCELL_BASE,
CC_SW_VERSION_COUNTER2, nv_ctr);
}
return (error != CC_OK);
}

305
atf-20231013-0ea67d76a/drivers/auth/cryptocell/713/cryptocell_crypto.c
View File

@@ -1,305 +0,0 @@
/*
* Copyright (c) 2017-2023 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
#include <stddef.h>
#include <string.h>
#include <mbedtls/oid.h>
#include <mbedtls/x509.h>
#include <drivers/arm/cryptocell/713/bsv_api.h>
#include <drivers/arm/cryptocell/713/bsv_crypto_asym_api.h>
#include <drivers/auth/crypto_mod.h>
#include <platform_def.h>
#define LIB_NAME "CryptoCell 713 SBROM"
#define RSA_SALT_LEN 32
#define RSA_EXPONENT 65537
/*
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL
* }
*
* SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING
* }
*
* DigestInfo ::= SEQUENCE {
* digestAlgorithm AlgorithmIdentifier,
* digest OCTET STRING
* }
*
* RSASSA-PSS-params ::= SEQUENCE {
* hashAlgorithm [0] HashAlgorithm,
* maskGenAlgorithm [1] MaskGenAlgorithm,
* saltLength [2] INTEGER,
* trailerField [3] TrailerField DEFAULT trailerFieldBC
* }
*/
/*
* Initialize the library and export the descriptor
*/
static void init(void)
{
CCError_t ret;
uint32_t lcs;
/* Initialize CC SBROM */
ret = CC_BsvInit((uintptr_t)PLAT_CRYPTOCELL_BASE);
if (ret != CC_OK) {
ERROR("CryptoCell CC_BsvInit() error %x\n", ret);
panic();
}
/* Initialize lifecycle state */
ret = CC_BsvGetAndInitLcs((uintptr_t)PLAT_CRYPTOCELL_BASE, &lcs);
if (ret != CC_OK) {
ERROR("CryptoCell CC_BsvGetAndInitLcs() error %x\n", ret);
panic();
}
}
/*
* Verify a signature.
*
* Parameters are passed using the DER encoding format following the ASN.1
* structures detailed above.
*/
static int verify_signature(void *data_ptr, unsigned int data_len,
void *sig_ptr, unsigned int sig_len,
void *sig_alg, unsigned int sig_alg_len,
void *pk_ptr, unsigned int pk_len)
{
CCError_t error;
CCBsvNBuff_t NBuff;
CCBsvSignature_t signature;
int rc, exp, expected_salt_len;
mbedtls_asn1_buf sig_oid, alg_oid, params;
mbedtls_md_type_t md_alg, mgf1_hash_id;
mbedtls_pk_type_t pk_alg;
size_t len;
uint8_t *p, *end;
CCHashResult_t digest;
CCBool_t is_verified;
/* This is a rather large array, we don't want it on stack */
static uint32_t workspace[BSV_RSA_WORKSPACE_MIN_SIZE];
/* Verify the signature algorithm */
/* Get pointers to signature OID and parameters */
p = sig_alg;
end = p + sig_alg_len;
rc = mbedtls_asn1_get_alg(&p, end, &sig_oid, &params);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
/* Get the actual signature algorithm (MD + PK) */
rc = mbedtls_oid_get_sig_alg(&sig_oid, &md_alg, &pk_alg);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
/* The CryptoCell only supports RSASSA-PSS signature */
if (pk_alg != MBEDTLS_PK_RSASSA_PSS || md_alg != MBEDTLS_MD_NONE) {
return CRYPTO_ERR_SIGNATURE;
}
/* Verify the RSASSA-PSS params */
/* The trailer field is verified to be 0xBC internally by this API */
rc = mbedtls_x509_get_rsassa_pss_params(&params, &md_alg,
&mgf1_hash_id,
&expected_salt_len);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
/* The CryptoCell only supports SHA256 as hash algorithm */
if (md_alg != MBEDTLS_MD_SHA256 ||
mgf1_hash_id != MBEDTLS_MD_SHA256) {
return CRYPTO_ERR_SIGNATURE;
}
if (expected_salt_len != RSA_SALT_LEN) {
return CRYPTO_ERR_SIGNATURE;
}
/* Parse the public key */
p = pk_ptr;
end = p + pk_len;
rc = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
end = p + len;
rc = mbedtls_asn1_get_alg_null(&p, end, &alg_oid);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
if (mbedtls_oid_get_pk_alg(&alg_oid, &pk_alg) != 0) {
return CRYPTO_ERR_SIGNATURE;
}
if (pk_alg != MBEDTLS_PK_RSA) {
return CRYPTO_ERR_SIGNATURE;
}
rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
rc = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
if (*p == 0) {
p++; len--;
}
if (len != BSV_CERT_RSA_KEY_SIZE_IN_BYTES || ((p + len) > end)) {
return CRYPTO_ERR_SIGNATURE;
}
/*
* Copy N from certificate.
*/
memcpy(NBuff, p, BSV_CERT_RSA_KEY_SIZE_IN_BYTES);
/* Verify the RSA exponent */
p += len;
rc = mbedtls_asn1_get_int(&p, end, &exp);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
if (exp != RSA_EXPONENT) {
return CRYPTO_ERR_SIGNATURE;
}
/* Get the signature (bitstring) */
p = sig_ptr;
end = p + sig_len;
rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
if (len != BSV_CERT_RSA_KEY_SIZE_IN_BYTES || ((p + len) > end)) {
return CRYPTO_ERR_SIGNATURE;
}
/*
* Copy the signature (in BE format)
*/
memcpy((uint8_t *)signature, p, BSV_CERT_RSA_KEY_SIZE_IN_BYTES);
error = CC_BsvSha256((uintptr_t)PLAT_CRYPTOCELL_BASE,
data_ptr, data_len, digest);
if (error != CC_OK) {
return CRYPTO_ERR_SIGNATURE;
}
/* Verify the signature */
error = CC_BsvRsaPssVerify((uintptr_t)PLAT_CRYPTOCELL_BASE, NBuff,
NULL, signature, digest, workspace,
BSV_RSA_WORKSPACE_MIN_SIZE, &is_verified);
if ((error != CC_OK) || (is_verified != CC_TRUE)) {
return CRYPTO_ERR_SIGNATURE;
}
/* Signature verification success */
return CRYPTO_SUCCESS;
}
/*
* Match a hash
*
* Digest info is passed in DER format following the ASN.1 structure detailed
* above.
*/
static int verify_hash(void *data_ptr, unsigned int data_len,
void *digest_info_ptr, unsigned int digest_info_len)
{
mbedtls_asn1_buf hash_oid, params;
mbedtls_md_type_t md_alg;
uint8_t *p, *end, *hash;
CCHashResult_t pubKeyHash;
size_t len;
int rc;
CCError_t error;
/* Digest info should be an MBEDTLS_ASN1_SEQUENCE */
p = digest_info_ptr;
end = p + digest_info_len;
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE);
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
/* Get the hash algorithm */
rc = mbedtls_asn1_get_alg(&p, end, &hash_oid, &params);
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
rc = mbedtls_oid_get_md_alg(&hash_oid, &md_alg);
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
/* Verify that hash algorithm is SHA256 */
if (md_alg != MBEDTLS_MD_SHA256) {
return CRYPTO_ERR_HASH;
}
/* Hash should be octet string type */
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
/* Length of hash must match the algorithm's size */
if (len != HASH_RESULT_SIZE_IN_BYTES) {
return CRYPTO_ERR_HASH;
}
hash = p;
error = CC_BsvSha256((uintptr_t)PLAT_CRYPTOCELL_BASE, data_ptr,
data_len, pubKeyHash);
if (error != CC_OK) {
return CRYPTO_ERR_HASH;
}
rc = memcmp(pubKeyHash, hash, HASH_RESULT_SIZE_IN_BYTES);
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
return CRYPTO_SUCCESS;
}
/*
* Register crypto library descriptor
*/
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL, NULL);

109
atf-20231013-0ea67d76a/drivers/auth/cryptocell/713/cryptocell_plat_helpers.c
View File

@@ -1,109 +0,0 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
#include <stddef.h>
#include <string.h>
#include <plat/common/platform.h>
#include <tools_share/tbbr_oid.h>
#include <lib/libc/endian.h>
#include <drivers/arm/cryptocell/713/bsv_api.h>
#include <drivers/arm/cryptocell/713/bsv_error.h>
/*
* Return the ROTPK hash
*
* Return: 0 = success, Otherwise = error
*/
int cc_get_rotpk_hash(unsigned char *dst, unsigned int len, unsigned int *flags)
{
CCError_t error;
uint32_t lcs;
int i;
uint32_t *key = (uint32_t *)dst;
assert(dst != NULL);
assert(len >= HASH_RESULT_SIZE_IN_WORDS);
assert(flags != NULL);
error = CC_BsvLcsGet(PLAT_CRYPTOCELL_BASE, &lcs);
if (error != CC_OK)
return 1;
if ((lcs == CC_BSV_CHIP_MANUFACTURE_LCS) || (lcs == CC_BSV_RMA_LCS)) {
*flags = ROTPK_NOT_DEPLOYED;
return 0;
}
error = CC_BsvPubKeyHashGet(PLAT_CRYPTOCELL_BASE,
CC_SB_HASH_BOOT_KEY_256B,
key, HASH_RESULT_SIZE_IN_WORDS);
if (error == CC_BSV_HASH_NOT_PROGRAMMED_ERR) {
*flags = ROTPK_NOT_DEPLOYED;
return 0;
}
if (error == CC_OK) {
/* Keys are stored in OTP in little-endian format */
for (i = 0; i < HASH_RESULT_SIZE_IN_WORDS; i++)
key[i] = le32toh(key[i]);
*flags = ROTPK_IS_HASH;
return 0;
}
return 1;
}
/*
* Return the non-volatile counter value stored in the platform. The cookie
* specifies the OID of the counter in the certificate.
*
* Return: 0 = success, Otherwise = error
*/
int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr)
{
CCError_t error = CC_FAIL;
if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
error = CC_BsvSwVersionGet(PLAT_CRYPTOCELL_BASE,
CC_SW_VERSION_TRUSTED, nv_ctr);
} else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
error = CC_BsvSwVersionGet(PLAT_CRYPTOCELL_BASE,
CC_SW_VERSION_NON_TRUSTED, nv_ctr);
}
return (error != CC_OK);
}
/*
* Store a new non-volatile counter value in the counter specified by the OID
* in the cookie. This function is not expected to be called if the Lifecycle
* state is RMA as the values in the certificate are expected to always match
* the nvcounter values. But if called when the LCS is RMA, the underlying
* helper functions will return success but without updating the counter.
*
* Return: 0 = success, Otherwise = error
*/
int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
{
CCError_t error = CC_FAIL;
if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
error = CC_BsvSwVersionSet(PLAT_CRYPTOCELL_BASE,
CC_SW_VERSION_TRUSTED, nv_ctr);
} else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
error = CC_BsvSwVersionSet(PLAT_CRYPTOCELL_BASE,
CC_SW_VERSION_NON_TRUSTED, nv_ctr);
}
return (error != CC_OK);
}

40
atf-20231013-0ea67d76a/drivers/auth/cryptocell/cryptocell_crypto.mk
View File

@@ -1,40 +0,0 @@
#
# Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
include drivers/auth/mbedtls/mbedtls_common.mk
# The algorithm is RSA when using Cryptocell crypto driver
TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA
# Needs to be set to drive mbed TLS configuration correctly
$(eval $(call add_define,TF_MBEDTLS_KEY_ALG_ID))
$(eval $(call add_define,KEY_SIZE))
# CCSBROM_LIB_PATH must be set to the Cryptocell SBROM library path
ifeq (${CCSBROM_LIB_PATH},)
$(error Error: CCSBROM_LIB_PATH not set)
endif
CRYPTOCELL_VERSION ?= 712
ifeq (${CRYPTOCELL_VERSION},712)
CCSBROM_LIB_FILENAME := cc_712sbromx509
else ifeq (${CRYPTOCELL_VERSION},713)
CCSBROM_LIB_FILENAME := cc_713bsv
else
$(error Error: CRYPTOCELL_VERSION set to invalid version)
endif
CRYPTOCELL_SRC_DIR := drivers/auth/cryptocell/${CRYPTOCELL_VERSION}/
CRYPTOCELL_SOURCES := ${CRYPTOCELL_SRC_DIR}/cryptocell_crypto.c \
${CRYPTOCELL_SRC_DIR}/cryptocell_plat_helpers.c
TF_LDFLAGS += -L$(CCSBROM_LIB_PATH)
LDLIBS += -l$(CCSBROM_LIB_FILENAME)
BL1_SOURCES += ${CRYPTOCELL_SOURCES}
BL2_SOURCES += ${CRYPTOCELL_SOURCES}

324
atf-20231013-0ea67d76a/drivers/partition/partition.c
View File

@@ -1,324 +0,0 @@
/*
* Copyright (c) 2016-2022, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
#include <inttypes.h>
#include <stdio.h>
#include <string.h>
#include <stdbool.h>
#include <common/debug.h>
#include <common/tf_crc32.h>
#include <drivers/io/io_storage.h>
#include <drivers/partition/efi.h>
#include <drivers/partition/partition.h>
#include <drivers/partition/gpt.h>
#include <drivers/partition/mbr.h>
#include <plat/common/platform.h>
static uint8_t mbr_sector[PLAT_PARTITION_BLOCK_SIZE];
static partition_entry_list_t list;
#if LOG_LEVEL >= LOG_LEVEL_VERBOSE
static void dump_entries(int num)
{
char name[EFI_NAMELEN];
int i, j, len;
VERBOSE("Partition table with %d entries:\n", num);
for (i = 0; i < num; i++) {
len = snprintf(name, EFI_NAMELEN, "%s", list.list[i].name);
for (j = 0; j < EFI_NAMELEN - len - 1; j++) {
name[len + j] = ' ';
}
name[EFI_NAMELEN - 1] = '\0';
VERBOSE("%d: %s %" PRIx64 "-%" PRIx64 "\n", i + 1, name, list.list[i].start,
list.list[i].start + list.list[i].length - 4);
}
}
#else
#define dump_entries(num) ((void)num)
#endif
/*
* Load the first sector that carries MBR header.
* The MBR boot signature should be always valid whether it's MBR or GPT.
*/
static int load_mbr_header(uintptr_t image_handle, mbr_entry_t *mbr_entry)
{
size_t bytes_read;
uintptr_t offset;
int result;
assert(mbr_entry != NULL);
/* MBR partition table is in LBA0. */
result = io_seek(image_handle, IO_SEEK_SET, MBR_OFFSET);
if (result != 0) {
WARN("Failed to seek (%i)\n", result);
return result;
}
result = io_read(image_handle, (uintptr_t)&mbr_sector,
PLAT_PARTITION_BLOCK_SIZE, &bytes_read);
if (result != 0) {
WARN("Failed to read data (%i)\n", result);
return result;
}
/* Check MBR boot signature. */
if ((mbr_sector[LEGACY_PARTITION_BLOCK_SIZE - 2] != MBR_SIGNATURE_FIRST) ||
(mbr_sector[LEGACY_PARTITION_BLOCK_SIZE - 1] != MBR_SIGNATURE_SECOND)) {
return -ENOENT;
}
offset = (uintptr_t)&mbr_sector + MBR_PRIMARY_ENTRY_OFFSET;
memcpy(mbr_entry, (void *)offset, sizeof(mbr_entry_t));
return 0;
}
/*
* Load GPT header and check the GPT signature and header CRC.
* If partition numbers could be found, check & update it.
*/
static int load_gpt_header(uintptr_t image_handle, uint64_t offset)
{
gpt_header_t header;
size_t bytes_read;
int result;
uint32_t header_crc, calc_crc;
result = io_seek(image_handle, IO_SEEK_SET, offset);
if (result != 0) {
return result;
}
result = io_read(image_handle, (uintptr_t)&header,
sizeof(gpt_header_t), &bytes_read);
if ((result != 0) || (sizeof(gpt_header_t) != bytes_read)) {
return result;
}
if (memcmp(header.signature, GPT_SIGNATURE,
sizeof(header.signature)) != 0) {
return -EINVAL;
}
/*
* UEFI Spec 2.8 March 2019 Page 119: HeaderCRC32 value is
* computed by setting this field to 0, and computing the
* 32-bit CRC for HeaderSize bytes.
*/
header_crc = header.header_crc;
header.header_crc = 0U;
calc_crc = tf_crc32(0U, (uint8_t *)&header, DEFAULT_GPT_HEADER_SIZE);
if (header_crc != calc_crc) {
ERROR("Invalid GPT Header CRC: Expected 0x%x but got 0x%x.\n",
header_crc, calc_crc);
return -EINVAL;
}
header.header_crc = header_crc;
/* partition numbers can't exceed PLAT_PARTITION_MAX_ENTRIES */
list.entry_count = header.list_num;
if (list.entry_count > PLAT_PARTITION_MAX_ENTRIES) {
list.entry_count = PLAT_PARTITION_MAX_ENTRIES;
}
return 0;
}
static int load_mbr_entry(uintptr_t image_handle, mbr_entry_t *mbr_entry,
int part_number)
{
size_t bytes_read;
uintptr_t offset;
int result;
assert(mbr_entry != NULL);
/* MBR partition table is in LBA0. */
result = io_seek(image_handle, IO_SEEK_SET, MBR_OFFSET);
if (result != 0) {
WARN("Failed to seek (%i)\n", result);
return result;
}
result = io_read(image_handle, (uintptr_t)&mbr_sector,
PLAT_PARTITION_BLOCK_SIZE, &bytes_read);
if (result != 0) {
WARN("Failed to read data (%i)\n", result);
return result;
}
/* Check MBR boot signature. */
if ((mbr_sector[LEGACY_PARTITION_BLOCK_SIZE - 2] != MBR_SIGNATURE_FIRST) ||
(mbr_sector[LEGACY_PARTITION_BLOCK_SIZE - 1] != MBR_SIGNATURE_SECOND)) {
return -ENOENT;
}
offset = (uintptr_t)&mbr_sector +
MBR_PRIMARY_ENTRY_OFFSET +
MBR_PRIMARY_ENTRY_SIZE * part_number;
memcpy(mbr_entry, (void *)offset, sizeof(mbr_entry_t));
return 0;
}
static int load_mbr_entries(uintptr_t image_handle)
{
mbr_entry_t mbr_entry;
int i;
list.entry_count = MBR_PRIMARY_ENTRY_NUMBER;
for (i = 0; i < list.entry_count; i++) {
load_mbr_entry(image_handle, &mbr_entry, i);
list.list[i].start = mbr_entry.first_lba * 512;
list.list[i].length = mbr_entry.sector_nums * 512;
list.list[i].name[0] = mbr_entry.type;
}
return 0;
}
static int load_gpt_entry(uintptr_t image_handle, gpt_entry_t *entry)
{
size_t bytes_read;
int result;
assert(entry != NULL);
result = io_read(image_handle, (uintptr_t)entry, sizeof(gpt_entry_t),
&bytes_read);
if (sizeof(gpt_entry_t) != bytes_read)
return -EINVAL;
return result;
}
static int verify_partition_gpt(uintptr_t image_handle)
{
gpt_entry_t entry;
int result, i;
for (i = 0; i < list.entry_count; i++) {
result = load_gpt_entry(image_handle, &entry);
assert(result == 0);
result = parse_gpt_entry(&entry, &list.list[i]);
if (result != 0) {
break;
}
}
if (i == 0) {
return -EINVAL;
}
/*
* Only records the valid partition number that is loaded from
* partition table.
*/
list.entry_count = i;
dump_entries(list.entry_count);
return 0;
}
static int load_partition_table_internal(unsigned int image_id,
bool load_secondary_gpt)
{
uintptr_t dev_handle, image_handle, image_spec = 0;
size_t gpt_header_offset, gpt_entry_offset;
mbr_entry_t mbr_entry;
int result;
result = plat_get_image_source(image_id, &dev_handle, &image_spec);
if (result != 0) {
WARN("Failed to obtain reference to image id=%u (%i)\n",
image_id, result);
return result;
}
result = io_open(dev_handle, image_spec, &image_handle);
if (result != 0) {
WARN("Failed to access image id=%u (%i)\n", image_id, result);
return result;
}
if (!load_secondary_gpt) {
result = load_mbr_header(image_handle, &mbr_entry);
if (result != 0) {
WARN("Failed to access image id=%u (%i)\n", image_id, result);
return result;
}
} else {
mbr_entry.type = PARTITION_TYPE_GPT;
}
if (mbr_entry.type == PARTITION_TYPE_GPT) {
if (load_secondary_gpt) {
gpt_header_offset = 32 * PLAT_PARTITION_BLOCK_SIZE;
gpt_entry_offset = 0;
} else {
gpt_header_offset = GPT_HEADER_OFFSET;
gpt_entry_offset = GPT_ENTRY_OFFSET;
}
result = load_gpt_header(image_handle, gpt_header_offset);
assert(result == 0);
result = io_seek(image_handle, IO_SEEK_SET, gpt_entry_offset);
assert(result == 0);
result = verify_partition_gpt(image_handle);
} else {
result = load_mbr_entries(image_handle);
}
io_close(image_handle);
return result;
}
const partition_entry_t *get_partition_entry(const char *name)
{
int i;
for (i = 0; i < list.entry_count; i++) {
if (strcmp(name, list.list[i].name) == 0) {
return &list.list[i];
}
}
return NULL;
}
const partition_entry_t *get_partition_entry_by_type(const uuid_t *type_uuid)
{
int i;
for (i = 0; i < list.entry_count; i++) {
if (guidcmp(type_uuid, &list.list[i].type_guid) == 0) {
return &list.list[i];
}
}
return NULL;
}
const partition_entry_t *get_partition_entry_by_uuid(const uuid_t *part_uuid)
{
int i;
for (i = 0; i < list.entry_count; i++) {
if (guidcmp(part_uuid, &list.list[i].part_guid) == 0) {
return &list.list[i];
}
}
return NULL;
}
const partition_entry_list_t *get_partition_entry_list(void)
{
return &list;
}
void partition_init(unsigned int image_id)
{
load_partition_table_internal(image_id, false);
}
void partition_init_secondary_gpt(unsigned int image_id)
{
load_partition_table_internal(image_id, true);
}

60
atf-20231013-0ea67d76a/fdts/stm32mp15-bl32.dtsi
View File

@@ -1,60 +0,0 @@
// SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause)
/*
* Copyright (c) 2020-2023, STMicroelectronics - All Rights Reserved
*/
/omit-if-no-ref/ &fmc_pins_a;
/omit-if-no-ref/ &i2c2_pins_a;
/omit-if-no-ref/ &i2c4_pins_a;
/omit-if-no-ref/ &i2c6;
/omit-if-no-ref/ &qspi_bk1_pins_a;
/omit-if-no-ref/ &qspi_bk2_pins_a;
/omit-if-no-ref/ &qspi_clk_pins_a;
/omit-if-no-ref/ &sdmmc1_b4_pins_a;
/omit-if-no-ref/ &sdmmc1_dir_pins_a;
/omit-if-no-ref/ &sdmmc1_dir_pins_b;
/omit-if-no-ref/ &sdmmc2_b4_pins_a;
/omit-if-no-ref/ &sdmmc2_b4_pins_b;
/omit-if-no-ref/ &sdmmc2_d47_pins_a;
/omit-if-no-ref/ &sdmmc2_d47_pins_b;
/omit-if-no-ref/ &sdmmc2_d47_pins_c;
/omit-if-no-ref/ &sdmmc2_d47_pins_d;
/omit-if-no-ref/ &spi6;
/omit-if-no-ref/ &uart4_pins_a;
/omit-if-no-ref/ &uart4_pins_b;
/omit-if-no-ref/ &uart7_pins_a;
/omit-if-no-ref/ &uart7_pins_b;
/omit-if-no-ref/ &uart7_pins_c;
/omit-if-no-ref/ &uart8_pins_a;
/omit-if-no-ref/ &usart2_pins_a;
/omit-if-no-ref/ &usart2_pins_b;
/omit-if-no-ref/ &usart2_pins_c;
/omit-if-no-ref/ &usart3_pins_a;
/omit-if-no-ref/ &usart3_pins_b;
/omit-if-no-ref/ &usart3_pins_c;
/omit-if-no-ref/ &usbotg_fs_dp_dm_pins_a;
/omit-if-no-ref/ &usbotg_hs_pins_a;
/ {
aliases {
/delete-property/ mmc0;
/delete-property/ mmc1;
};
cpus {
/delete-node/ cpu@1;
};
/delete-node/ psci;
soc {
/delete-node/ usb-otg@49000000;
/delete-node/ hash@54002000;
/delete-node/ memory-controller@58002000;
/delete-node/ spi@58003000;
/delete-node/ mmc@58005000;
/delete-node/ mmc@58007000;
/delete-node/ usbphyc@5a006000;
/delete-node/ stgen@5c008000;
};
};

34
atf-20231013-0ea67d76a/include/drivers/arm/cryptocell/712/cc_crypto_boot_defs.h
View File

@@ -1,34 +0,0 @@
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _CC_CRYPTO_BOOT_DEFS_H
#define _CC_CRYPTO_BOOT_DEFS_H
/*! @file
@brief This file contains SBROM definitions
*/
/*! Version counters value. */
typedef enum {
CC_SW_VERSION_COUNTER1 = 1, /*!< Counter 1 - trusted version. */
CC_SW_VERSION_COUNTER2, /*!< Counter 2 - non trusted version. */
CC_SW_VERSION_MAX = 0x7FFFFFFF
} CCSbSwVersionId_t;
/* HASH boot key definition */
typedef enum {
CC_SB_HASH_BOOT_KEY_0_128B = 0, /*!< 128-bit truncated SHA256 digest of public key 0. */
CC_SB_HASH_BOOT_KEY_1_128B = 1, /*!< 128-bit truncated SHA256 digest of public key 1. */
CC_SB_HASH_BOOT_KEY_256B = 2, /*!< 256-bit SHA256 digest of public key. */
CC_SB_HASH_BOOT_NOT_USED = 0xFF,
CC_SB_HASH_MAX_NUM = 0x7FFFFFFF, /*!\internal use external 128-bit truncated SHA256 digest */
} CCSbPubKeyIndexType_t;
#endif

33
atf-20231013-0ea67d76a/include/drivers/arm/cryptocell/712/cc_pal_sb_plat.h
View File

@@ -1,33 +0,0 @@
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
/*!
@file
@brief This file contains the platform-dependent definitions that are used in the SBROM code.
*/
#ifndef _CC_PAL_SB_PLAT_H
#define _CC_PAL_SB_PLAT_H
#include "cc_pal_types.h"
#ifdef __cplusplus
extern "C"
{
#endif
/*! Definition of DMA address type, can be 32 bits or 64 bits according to CryptoCell's HW. */
typedef uint64_t CCDmaAddr_t;
/*! Definition of CryptoCell address type, can be 32 bits or 64 bits according to platform. */
typedef uintptr_t CCAddr_t;
#ifdef __cplusplus
}
#endif
#endif

40
atf-20231013-0ea67d76a/include/drivers/arm/cryptocell/712/cc_pal_types.h
View File

@@ -1,40 +0,0 @@
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef CC_PAL_TYPES_H
#define CC_PAL_TYPES_H
/*!
@file
@brief This file contains platform-dependent definitions and types.
*/
#include "cc_pal_types_plat.h"
typedef enum {
CC_FALSE = 0,
CC_TRUE = 1
} CCBool;
#define CC_SUCCESS 0UL
#define CC_FAIL 1UL
#define CC_1K_SIZE_IN_BYTES 1024
#define CC_BITS_IN_BYTE 8
#define CC_BITS_IN_32BIT_WORD 32
#define CC_32BIT_WORD_SIZE (sizeof(uint32_t))
#define CC_OK CC_SUCCESS
#define CC_UNUSED_PARAM(prm) ((void)prm)
#define CC_MAX_UINT32_VAL (0xFFFFFFFF)
#define CALC_FULL_BYTES(numBits) (((numBits) + (CC_BITS_IN_BYTE - 1))/CC_BITS_IN_BYTE)
#define CALC_FULL_32BIT_WORDS(numBits) (((numBits) + (CC_BITS_IN_32BIT_WORD - 1))/CC_BITS_IN_32BIT_WRD)
#define CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) (((sizeBytes) + CC_32BIT_WORD_SIZE - 1)/CC_32BIT_WORD_SIZE)
#endif

25
atf-20231013-0ea67d76a/include/drivers/arm/cryptocell/712/cc_pal_types_plat.h
View File

@@ -1,25 +0,0 @@
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
/*! @file
@brief This file contains basic type definitions that are platform-dependent.
*/
#ifndef _CC_PAL_TYPES_PLAT_H
#define _CC_PAL_TYPES_PLAT_H
/* Host specific types for standard (ISO-C99) compliant platforms */
#include <stddef.h>
#include <stdint.h>
typedef uint32_t CCStatus;
#define CCError_t CCStatus
#define CC_INFINITE 0xFFFFFFFF
#define CEXPORT_C
#define CIMPORT_C
#endif /*_CC_PAL_TYPES_PLAT_H*/

34
atf-20231013-0ea67d76a/include/drivers/arm/cryptocell/712/cc_sec_defs.h
View File

@@ -1,34 +0,0 @@
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _CC_SEC_DEFS_H
#define _CC_SEC_DEFS_H
/*!
@file
@brief This file contains general hash definitions and types.
*/
#ifdef __cplusplus
extern "C"
{
#endif
/*! The hashblock size in words. */
#define HASH_BLOCK_SIZE_IN_WORDS 16
/*! The hash - SHA2 results in words. */
#define HASH_RESULT_SIZE_IN_WORDS 8
#define HASH_RESULT_SIZE_IN_BYTES 32
/*! Definition for hash result array. */
typedef uint32_t CCHashResult_t[HASH_RESULT_SIZE_IN_WORDS];
#ifdef __cplusplus
}
#endif
#endif

35
atf-20231013-0ea67d76a/include/drivers/arm/cryptocell/712/crypto_driver.h
View File

@@ -1,35 +0,0 @@
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _CRYPTO_DRIVER_H
#define _CRYPTO_DRIVER_H
#ifdef __cplusplus
extern "C"
{
#endif
#include "cc_pal_sb_plat.h"
#include "cc_sec_defs.h"
/*----------------------------
PUBLIC FUNCTIONS
-----------------------------------*/
/*!
* @brief This function gives the functionality of integrated hash
*
* @param[in] hwBaseAddress - CryptoCell base address
* @param[out] hashResult - the HASH result.
*
*/
CCError_t SBROM_CryptoHash(unsigned long hwBaseAddress, CCDmaAddr_t inputDataAddr, uint32_t BlockSize,
CCHashResult_t hashResult);
#ifdef __cplusplus
}
#endif
#endif

55
atf-20231013-0ea67d76a/include/drivers/arm/cryptocell/712/nvm.h
View File

@@ -1,55 +0,0 @@
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _NVM__H
#define _NVM__H
#ifdef __cplusplus
extern "C"
{
#endif
#include "cc_crypto_boot_defs.h"
#include "cc_pal_types.h"
#include "cc_sec_defs.h"
/*------------------------------------
DEFINES
-------------------------------------*/
/**
* @brief This function reads the LCS from the SRAM/NVM
*
* @param[in] hwBaseAddress - CryptoCell base address
*
* @param[in/out] lcs_ptr - pointer to memory to store the LCS
*
* @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
*/
CCError_t NVM_GetLCS(unsigned long hwBaseAddress, uint32_t *lcs_ptr);
/**
* @brief The NVM_ReadHASHPubKey function is a NVM interface function -
* The function retrieves the HASH of the device Public key from the SRAM/NVM
*
* @param[in] hwBaseAddress - CryptoCell base address
*
* @param[in] pubKeyIndex - Index of HASH in the OTP
*
* @param[out] PubKeyHASH - the public key HASH.
*
* @param[in] hashSizeInWords - hash size (valid values: 4W, 8W)
*
* @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
*/
CCError_t NVM_ReadHASHPubKey(unsigned long hwBaseAddress, CCSbPubKeyIndexType_t pubKeyIndex, CCHashResult_t PubKeyHASH, uint32_t hashSizeInWords);
#ifdef __cplusplus
}
#endif
#endif

59
atf-20231013-0ea67d76a/include/drivers/arm/cryptocell/712/nvm_otp.h
View File

@@ -1,59 +0,0 @@
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _NVM_OTP_H
#define _NVM_OTP_H
#ifdef __cplusplus
extern "C"
{
#endif
#include "cc_crypto_boot_defs.h"
#include "cc_pal_types.h"
/*------------------------------------
DEFINES
-------------------------------------*/
/**
* @brief The NVM_GetSwVersion function is a NVM interface function -
* The function retrieves the SW version from the SRAM/NVM.
* In case of OTP, we support up to 16 anti-rollback counters (taken from the certificate)
*
* @param[in] hwBaseAddress - CryptoCell base address
*
* @param[in] counterId - relevant only for OTP (valid values: 1,2)
*
* @param[out] swVersion - the minimum SW version
*
* @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
*/
CCError_t NVM_GetSwVersion(unsigned long hwBaseAddress, CCSbSwVersionId_t counterId, uint32_t *swVersion);
/**
* @brief The NVM_SetSwVersion function is a NVM interface function -
* The function writes the SW version into the SRAM/NVM.
* In case of OTP, we support up to 16 anti-rollback counters (taken from the certificate)
*
* @param[in] hwBaseAddress - CryptoCell base address
*
* @param[in] counterId - relevant only for OTP (valid values: 1,2)
*
* @param[in] swVersion - the minimum SW version
*
* @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
*/
CCError_t NVM_SetSwVersion(unsigned long hwBaseAddress, CCSbSwVersionId_t counterId, uint32_t swVersion);
#ifdef __cplusplus
}
#endif
#endif

57
atf-20231013-0ea67d76a/include/drivers/arm/cryptocell/712/rsa.h
View File

@@ -1,57 +0,0 @@
/*
* Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef RSA_H
#define RSA_H
/*
* All the includes that are needed for code using this module to
* compile correctly should be #included here.
*/
#ifdef __cplusplus
extern "C"
{
#endif
#include "cc_pal_types.h"
/************************ Defines ******************************/
/* the modulus size in bits */
#if (KEY_SIZE == 2048)
#define RSA_MOD_SIZE_IN_BITS 2048UL
#elif (KEY_SIZE == 3072)
#define RSA_MOD_SIZE_IN_BITS 3072UL
#else
#error Unsupported CryptoCell key size requested
#endif
#define RSA_MOD_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_MOD_SIZE_IN_BITS))
#define RSA_MOD_SIZE_IN_WORDS (CALC_FULL_32BIT_WORDS(RSA_MOD_SIZE_IN_BITS))
#define RSA_MOD_SIZE_IN_256BITS (RSA_MOD_SIZE_IN_WORDS/8)
#define RSA_EXP_SIZE_IN_BITS 17UL
#define RSA_EXP_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_EXP_SIZE_IN_BITS))
/*
* @brief The RSA_CalcNp calculates Np value and saves it into Np_ptr:
*
*
* @param[in] hwBaseAddress - HW base address. Relevant for HW
* implementation, for SW it is ignored.
* @N_ptr[in] - The pointer to the modulus buffer.
* @Np_ptr[out] - pointer to Np vector buffer. Its size must be >= 160.
*/
void RSA_CalcNp(unsigned long hwBaseAddress,
uint32_t *N_ptr,
uint32_t *Np_ptr);
#ifdef __cplusplus
}
#endif
#endif

72
atf-20231013-0ea67d76a/include/drivers/arm/cryptocell/712/sbrom_bsv_api.h
View File

@@ -1,72 +0,0 @@
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _SBROM_BSV_API_H
#define _SBROM_BSV_API_H
#ifdef __cplusplus
extern "C"
{
#endif
/*! @file
@brief This file contains all SBROM library APIs and definitions.
*/
#include "cc_pal_types.h"
/* Life cycle state definitions */
#define CC_BSV_CHIP_MANUFACTURE_LCS 0x0 /*!< CM lifecycle value. */
#define CC_BSV_DEVICE_MANUFACTURE_LCS 0x1 /*!< DM lifecycle value. */
#define CC_BSV_SECURITY_DISABLED_LCS 0x3 /*!< SD lifecycle value. */
#define CC_BSV_SECURE_LCS 0x5 /*!< Secure lifecycle value. */
#define CC_BSV_RMA_LCS 0x7 /*!< RMA lifecycle value. */
/*----------------------------
PUBLIC FUNCTIONS
-----------------------------------*/
/*!
@brief This function should be the first ARM TrustZone CryptoCell TEE SBROM library API called.
It verifies the HW product and version numbers.
@return CC_OK On success.
@return A non-zero value from sbrom_bsv_error.h on failure.
*/
CCError_t CC_BsvSbromInit(
unsigned long hwBaseAddress /*!< [in] HW registers base address. */
);
/*!
@brief This function can be used for checking the LCS value, after CC_BsvLcsGetAndInit was called by the Boot ROM.
@return CC_OK On success.
@return A non-zero value from sbrom_bsv_error.h on failure.
*/
CCError_t CC_BsvLcsGet(
unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
uint32_t *pLcs /*!< [out] Returned lifecycle state. */
);
/*!
@brief This function retrieves the HW security lifecycle state, performs validity checks,
and additional initializations in case the LCS is RMA (sets the Kce to fixed value).
\note Invalid LCS results in an error returned.
In this case, the customer's code must completely disable the device.
@return CC_OK On success.
@return A non-zero value from sbrom_bsv_error.h on failure.
*/
CCError_t CC_BsvLcsGetAndInit(
unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
uint32_t *pLcs /*!< [out] Returned lifecycle state. */
);
#ifdef __cplusplus
}
#endif
#endif

49
atf-20231013-0ea67d76a/include/drivers/arm/cryptocell/712/secureboot_base_func.h
View File

@@ -1,49 +0,0 @@
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _SECURE_BOOT_BASE_FUNC_H
#define _SECURE_BOOT_BASE_FUNC_H
#ifdef __cplusplus
extern "C"
{
#endif
#include "cc_pal_types.h"
#include "secureboot_gen_defs.h"
/*----------------------------
PUBLIC FUNCTIONS
-----------------------------------*/
/**
* @brief This function calculates the HASH over the given data and than verify
* RSA signature on that hashed data
*
* @param[in] hwBaseAddr - CryptoCell base address
* @param[in] pData - pointer to the data to be verified
* @param[in] pNParams - a pointer to the public key parameters
* @param[in] pSignature - a pointer to the signature structure
* @param[in] sizeOfData - size of the data to calculate the HASH on (in bytes)
* @param[in] RSAAlg - RSA algorithm to use
*
* @return CCError_t - On success the value CC_OK is returned,
* on failure - a value from BootImagesVerifier_error.h
*/
CCError_t CCSbVerifySignature(unsigned long hwBaseAddress,
uint32_t *pData,
CCSbNParams_t *pNParams,
CCSbSignature_t *pSignature,
uint32_t sizeOfData,
CCSbRsaAlg_t RSAAlg);
#ifdef __cplusplus
}
#endif
#endif

66
atf-20231013-0ea67d76a/include/drivers/arm/cryptocell/712/secureboot_gen_defs.h
View File

@@ -1,66 +0,0 @@
/*
* Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _SECURE_BOOT_GEN_DEFS_H
#define _SECURE_BOOT_GEN_DEFS_H
#ifdef __cplusplus
extern "C"
{
#endif
/*! @file
@brief This file contains all of the definitions and structures that are used for the secure boot.
*/
#include "cc_pal_sb_plat.h"
#include "cc_sec_defs.h"
/* General definitions */
/***********************/
/*RSA definitions*/
#if (KEY_SIZE == 2048)
#define SB_RSA_MOD_SIZE_IN_WORDS 64
#elif (KEY_SIZE == 3072)
#define SB_RSA_MOD_SIZE_IN_WORDS 96
#else
#error Unsupported CryptoCell key size requested
#endif
#define SB_RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS 5
/*! Public key data structure. */
typedef struct {
uint32_t N[SB_RSA_MOD_SIZE_IN_WORDS]; /*!< N public key, big endian representation. */
uint32_t Np[SB_RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS]; /*!< Np (Barrett n' value). */
} CCSbNParams_t;
/*! Signature structure. */
typedef struct {
uint32_t sig[SB_RSA_MOD_SIZE_IN_WORDS]; /*!< RSA PSS signature. */
} CCSbSignature_t;
/********* Supported algorithms definitions ***********/
/*! RSA supported algorithms */
/* Note: this applies to either 2k or 3k based on CryptoCell SBROM library
* version - it means 2k in version 1 and 3k in version 2 (yes, really).
*/
typedef enum {
RSA_PSS = 0x01, /*!< RSA PSS after hash SHA 256 */
RSA_PKCS15 = 0x02, /*!< RSA PKX15 */
RSA_Last = 0x7FFFFFFF
} CCSbRsaAlg_t;
#ifdef __cplusplus
}
#endif
#endif

72
atf-20231013-0ea67d76a/include/drivers/arm/cryptocell/712/util.h
View File

@@ -1,72 +0,0 @@
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef UTIL_H
#define UTIL_H
/*
* All the includes that are needed for code using this module to
* compile correctly should be #included here.
*/
#ifdef __cplusplus
extern "C"
{
#endif
/************************ Defines ******************************/
/* invers the bytes on a word- used for output from HASH */
#ifdef BIG__ENDIAN
#define UTIL_INVERSE_UINT32_BYTES(val) (val)
#else
#define UTIL_INVERSE_UINT32_BYTES(val) \
(((val) >> 24) | (((val) & 0x00FF0000) >> 8) | (((val) & 0x0000FF00) << 8) | (((val) & 0x000000FF) << 24))
#endif
/* invers the bytes on a word - used for input data for HASH */
#ifdef BIG__ENDIAN
#define UTIL_REVERT_UINT32_BYTES(val) \
(((val) >> 24) | (((val) & 0x00FF0000) >> 8) | (((val) & 0x0000FF00) << 8) | (((val) & 0x000000FF) << 24))
#else
#define UTIL_REVERT_UINT32_BYTES(val) (val)
#endif
/* ------------------------------------------------------------
**
* @brief This function executes a reverse bytes copying from one buffer to another buffer.
*
* @param[in] dst_ptr - The pointer to destination buffer.
* @param[in] src_ptr - The pointer to source buffer.
* @param[in] size - The size in bytes.
*
*/
void UTIL_ReverseMemCopy(uint8_t *dst_ptr, uint8_t *src_ptr, uint32_t size);
/* ------------------------------------------------------------
**
* @brief This function executes a reversed byte copy on a specified buffer.
*
* on a 6 byte byffer:
*
* buff[5] <---> buff[0]
* buff[4] <---> buff[1]
* buff[3] <---> buff[2]
*
* @param[in] dst_ptr - The counter buffer.
* @param[in] src_ptr - The counter size in bytes.
*
*/
void UTIL_ReverseBuff(uint8_t *buff_ptr, uint32_t size);
#ifdef __cplusplus
}
#endif
#endif

221
atf-20231013-0ea67d76a/include/drivers/arm/cryptocell/713/bsv_api.h
View File

@@ -1,221 +0,0 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _BSV_API_H
#define _BSV_API_H
#ifdef __cplusplus
extern "C"
{
#endif
/*!
@file
@brief This file contains the Boot Services APIs and definitions.
@defgroup cc_bsv_api CryptoCell Boot Services APIs and definitions
@{
@ingroup cc_bsv
*/
#include "cc_pal_types.h"
#include "cc_sec_defs.h"
#include "cc_boot_defs.h"
/* Life cycle state definitions. */
#define CC_BSV_CHIP_MANUFACTURE_LCS 0x0 /*!< The CM life-cycle state (LCS) value. */
#define CC_BSV_DEVICE_MANUFACTURE_LCS 0x1 /*!< The DM life-cycle state (LCS) value. */
#define CC_BSV_SECURE_LCS 0x5 /*!< The Secure life-cycle state (LCS) value. */
#define CC_BSV_RMA_LCS 0x7 /*!< The RMA life-cycle state (LCS) value. */
#define CC_BSV_INVALID_LCS 0xff /*!< The invalid life-cycle state (LCS) value. */
/*----------------------------
TYPES
-----------------------------------*/
/*----------------------------
PUBLIC FUNCTIONS
-----------------------------------*/
/*!
@brief This function verifies the product and version numbers of the HW, and initializes it.
\warning This function must be the first CryptoCell-7xx SBROM library API called.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvInit(
unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
);
/*!
@brief This function retrieves the HW LCS and performs validity checks.
If the LCS is RMA, it also sets the OTP secret keys to a fixed value.
@note An error is returned if there is an invalid LCS. If this happens, your code must
completely disable the device.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvGetAndInitLcs(
unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
uint32_t *pLcs /*!< [out] The value of the current LCS. */
);
/*!
@brief This function retrieves the LCS from the NVM manager.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvLcsGet(
unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
uint32_t *pLcs /*!< [out] The value of the current LCS. */
);
/*!
@brief This function reads software revocation counter from OTP memory, according to the provided sw version index.
SW version is stored in NVM counter and represented by ones. Meaning seVersion=5 would be stored as binary 0b11111;
hence:
the maximal of trusted is 32
the maximal of non-trusted is 224
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvSwVersionGet(
unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
CCSbSwVersionId_t id, /*!< [in] Enumeration defining the trusted/non-trusted counter to read. */
uint32_t *swVersion /*!< [out] The value of the requested counter as read from OTP memory. */
);
/*!
@brief This function sets the NVM counter according to swVersionID (trusted/non-trusted).
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvSwVersionSet(
unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
CCSbSwVersionId_t id, /*!< [in] Enumeration defining the trusted/non-trusted counter to read. */
uint32_t swVersion /*!< [in] New value of the counter to be programmed in OTP memory. */
);
/*!
@brief This function sets the "fatal error" flag in the NVM manager, to disable the use of
any HW keys or security services.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvFatalErrorSet(
unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
);
/*!
@brief This function retrieves the public key hash from OTP memory, according to the provided index.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvPubKeyHashGet(
unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
CCSbPubKeyIndexType_t keyIndex, /*!< [in] Enumeration defining the key hash to retrieve: 128-bit HBK0, 128-bit HBK1, or 256-bit HBK. */
uint32_t *hashedPubKey, /*!< [out] A buffer to contain the public key HASH. */
uint32_t hashResultSizeWords /*!< [in] The size of the hash in 32-bit words:
- Must be 4 for 128-bit hash.
- Must be 8 for 256bit hash. */
);
/*!
@brief This function permanently sets the RMA LCS for the ICV and the OEM.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvRMAModeEnable(
unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
);
/*!
@brief This function is called by the ICV code, to disable the OEM code from changing the ICV RMA bit flag.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvICVRMAFlagBitLock(
unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
);
/*!
@brief This function locks the defined ICV class keys from further usage.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvICVKeyLock(
unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
CCBool_t isICVProvisioningKeyLock, /*!< [in] Should the provisioning key be locked. */
CCBool_t isICVCodeEncKeyLock /*!< [in] Should the encryption key be locked. */
);
/*!
@brief This function retrieves the value of "secure disable" bit.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvSecureDisableGet(
unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
CCBool_t *isSDEnabled /*!< [out] The value of the SD Enable bit. */
);
/*!
@brief This function derives the platform key (Kplt) from the Kpicv, and then decrypts the customer key (Kcst)
from the EKcst (burned in the OTP). The decryption is done only in Secure and RMA LCS mode using AES-ECB.
The customer ROM should invoke this function during early boot, prior to running any non-ROM code, only if Kcst exists.
The resulting Kcst is saved in a HW register.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvCustomerKeyDecrypt(
unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
);
#ifdef __cplusplus
}
#endif
/*!
@brief This function derives the unique SoC_ID for the device, as hashed (Hbk || AES_CMAC (HUK)).
@note SoC_ID is required to create debug certificates.
The OEM or ICV must provide a method for a developer to discover the SoC_ID of a target
device without having to first enable debugging.
One suggested implementation is to have the device ROM code compute the SoC_ID and place
it in a specific location in the flash memory, from where it can be accessed by the developer.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvSocIDCompute(
unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
CCHashResult_t hashResult /*!< [out] The derived SoC_ID. */
);
#endif /* _BSV_API_H */
/**
@}
*/

76
atf-20231013-0ea67d76a/include/drivers/arm/cryptocell/713/bsv_crypto_api.h
View File

@@ -1,76 +0,0 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _BSV_CRYPTO_API_H
#define _BSV_CRYPTO_API_H
#ifdef __cplusplus
extern "C"
{
#endif
/*!
@file
@brief This file contains the cryptographic ROM APIs of the Boot Services.
@defgroup cc_bsv_crypto_api CryptoCell Boot Services cryptographic ROM APIs
@{
@ingroup cc_bsv
*/
#include "cc_pal_types.h"
#include "cc_sec_defs.h"
#include "cc_address_defs.h"
#include "bsv_crypto_defs.h"
/*----------------------------
PUBLIC FUNCTIONS
-----------------------------------*/
/*!
@brief This function calculates the SHA-256 digest over contiguous memory
in an integrated operation.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvSha256(
unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
uint8_t *pDataIn, /*!< [in] A pointer to the input buffer to be hashed. The buffer must be contiguous. */
size_t dataSize, /*!< [in] The size of the data to be hashed, in bytes. */
CCHashResult_t hashBuff /*!< [out] A pointer to a word-aligned 32-byte buffer. */
);
/*!
@brief This function allows you to calculate SHA256 digest of an image with decryption base on AES-CTR,
with HW or user key.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure. (in this case, hashBuff will be returned clean, while the output data should be cleaned by the user).
*/
CCError_t CC_BsvCryptoImageDecrypt( unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
CCBsvflowMode_t flow, /*!< [in] The supported operations are: HASH, AES to HASH, AES and HASH. */
CCBsvKeyType_t keyType, /*!< [in] The key type to use: Kce, Kceicv, or user key. */
uint8_t *pUserKey, /*!< [in] A pointer to the user key buffer in case keyType is CC_BSV_USER_KEY. */
size_t userKeySize, /*!< [in] The user key size in bytes (128bits) in case keyType is CC_BSV_USER_KEY. */
uint8_t *pIvBuf, /*!< [in] A pointer to the IV / counter buffer. */
uint8_t *pInputData, /*!< [in] A pointer to the input data. */
uint8_t *pOutputData, /*!< [out] A pointer to the output buffer. (optional should be null in case of hash only). */
size_t dataSize, /*!< [in] The size of the input data in bytes. MUST be multiple of AES block size. */
CCHashResult_t hashBuff /*!< [out] A pointer to a word-aligned 32-byte digest output buffer. */
);
#ifdef __cplusplus
}
#endif
#endif
/**
@}
*/

100
atf-20231013-0ea67d76a/include/drivers/arm/cryptocell/713/bsv_crypto_asym_api.h
View File

@@ -1,100 +0,0 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _BSV_CRYPTO_ASYM_API_H
#define _BSV_CRYPTO_ASYM_API_H
#ifdef __cplusplus
extern "C"
{
#endif
/*!
@file
@brief This file contains the cryptographic Asymmetric ROM APIs of the Boot Services.
@defgroup cc_bsv_crypto_asym_api CryptoCell Boot Services cryptographic Asymmetric ROM APIs
@{
@ingroup cc_bsv
*/
#include "cc_pal_types.h"
#include "cc_pka_hw_plat_defs.h"
#include "cc_sec_defs.h"
#include "bsv_crypto_api.h"
/*! Defines the workspace size in bytes needed for internal Asymmetric operations. */
#define BSV_RSA_WORKSPACE_MIN_SIZE (4*BSV_CERT_RSA_KEY_SIZE_IN_BYTES +\
2*RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_BYTES)
/*! Definition for the RSA public modulus array. */
typedef uint32_t CCBsvNBuff_t[BSV_CERT_RSA_KEY_SIZE_IN_WORDS];
/*! Definition for the RSA Barrett mod tag array. */
typedef uint32_t CCBsvNpBuff_t[RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_BYTES];
/*! Definition for the RSA signature array. */
typedef uint32_t CCBsvSignature_t[BSV_CERT_RSA_KEY_SIZE_IN_WORDS];
/*----------------------------
PUBLIC FUNCTIONS
-----------------------------------*/
/*!
@brief This function performs the primitive operation of RSA, meaning exponent and modulus.
outBuff = (pInBuff ^ Exp) mod NBuff. ( Exp = 0x10001 )
The function supports 2k and 3K bit size of modulus, based on compile time define.
There are no restriction on pInBuff location, however its size must be equal to BSV_RSA_KEY_SIZE_IN_BYTES and its
value must be smaller than the modulus.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvRsaPrimVerify (unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
CCBsvNBuff_t NBuff, /*!< [in] The modulus buffer big endian format. */
CCBsvNpBuff_t NpBuff, /*!< [in] The barret tag buffer big endian format - optional. */
uint32_t *pInBuff, /*!< [in] The DataIn buffer to be encrypted. */
size_t inBuffSize, /*!< [in] The DataIn buffer size in bytes, must be BSV_RSA_KEY_SIZE_IN_BYTES. */
CCBsvSignature_t pOutBuff, /*!< [out] The encrypted buffer in big endian format. */
uint32_t *pWorkSpace, /*!< [in] The pointer to user allocated buffer for internal use. */
size_t workBufferSize /*!< [in] The size in bytes of pWorkSpace, must be at-least BSV_RSA_WORKSPACE_MIN_SIZE. */
);
/*!
@brief This function performs RSA PSS verify.
The function should support 2k and 3K bit size of modulus, based on compile time define.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvRsaPssVerify (unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
CCBsvNBuff_t NBuff, /*!< [in] The modulus buffer big endian format. */
CCBsvNpBuff_t NpBuff, /*!< [in] The barret tag buffer big endian format - optional. */
CCBsvSignature_t signature, /*!< [in] The signature buffer to verify - big endian format. */
CCHashResult_t hashedData, /*!< [in] The data-in buffer to be verified as sha256 digest. */
uint32_t *pWorkSpace, /*!< [in] The pointer to user allocated buffer for internal use. */
size_t workBufferSize, /*!< [in] The size in bytes of pWorkSpace, must be at-least BSV_RSA_WORKSPACE_MIN_SIZE. */
CCBool_t *pIsVerified /*!< [out] The flag indicates whether the signature is verified or not.
If verified value will be CC_TRUE, otherwise CC_FALSE */
);
#ifdef __cplusplus
}
#endif
#endif
/**
@}
*/

94
atf-20231013-0ea67d76a/include/drivers/arm/cryptocell/713/bsv_crypto_defs.h
View File

@@ -1,94 +0,0 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _BSV_CRYPTO_DEFS_H
#define _BSV_CRYPTO_DEFS_H
#ifdef __cplusplus
extern "C"
{
#endif
/*!
@file
@brief This file contains the definitions of the cryptographic ROM APIs.
@defgroup cc_bsv_crypto_defs CryptoCell Boot Services cryptographic ROM API definitions
@{
@ingroup cc_bsv
*/
/*! AES supported HW key code table. */
typedef enum {
CC_BSV_USER_KEY = 0, /*!< Definition for a user key. */
CC_BSV_HUK_KEY = 1, /*!< Definition for the HW unique key. */
CC_BSV_RTL_KEY = 2, /*!< Definition for the RTL key. */
CC_BSV_SESSION_KEY = 3, /*!< Definition for the Session key. */
CC_BSV_CE_KEY = 4, /*!< Definition for the Kce. */
CC_BSV_PLT_KEY = 5, /*!< Definition for the Platform key. */
CC_BSV_KCST_KEY = 6, /*!< Definition for Kcst. */
CC_BSV_ICV_PROV_KEY = 0xd, /*!< Definition for the Kpicv. */
CC_BSV_ICV_CE_KEY = 0xe, /*!< Definition for the Kceicv. */
CC_BSV_PROV_KEY = 0xf, /*!< Definition for the Kcp. */
CC_BSV_END_OF_KEY_TYPE = INT32_MAX, /*!< Reserved. */
}CCBsvKeyType_t;
/*! AES directions. */
typedef enum bsvAesDirection {
BSV_AES_DIRECTION_ENCRYPT = 0, /*!< Encrypt.*/
BSV_AES_DIRECTION_DECRYPT = 1, /*!< Decrypt.*/
BSV_AES_NUM_OF_ENCRYPT_MODES, /*!< The maximal number of operations. */
BSV_AES_DIRECTION_RESERVE32B = INT32_MAX /*!< Reserved.*/
}bsvAesDirection_t;
/*! Definitions of the cryptographic flow supported as part of the Secure Boot. */
typedef enum {
CC_BSV_CRYPTO_HASH_MODE = 0, /*!< Hash mode only. */
CC_BSV_CRYPTO_AES_CTR_AND_HASH_MODE = 1, /*!< Data goes into the AES and Hash engines. */
CC_BSV_CRYPTO_AES_CTR_TO_HASH_MODE = 2 /*!< Data goes into the AES and from the AES to the Hash engine. */
}CCBsvflowMode_t;
/*! CryptoImage HW completion sequence mode */
typedef enum
{
BSV_CRYPTO_COMPLETION_NO_WAIT = 0, /*!< The driver waits only before reading the output. */
BSV_CRYPTO_COMPLETION_WAIT_UPON_END = 1 /*!< The driver waits after each chunk of data. */
}bsvCryptoCompletionMode_t;
/*! AES-CMAC result size, in words. */
#define CC_BSV_CMAC_RESULT_SIZE_IN_WORDS 4 /* 128b */
/*! AES-CMAC result size, in bytes. */
#define CC_BSV_CMAC_RESULT_SIZE_IN_BYTES 16 /* 128b */
/*! AES-CCM 128bit key size, in bytes. */
#define CC_BSV_CCM_KEY_SIZE_BYTES 16
/*! AES-CCM 128bit key size, in words. */
#define CC_BSV_CCM_KEY_SIZE_WORDS 4
/*! AES-CCM NONCE size, in bytes. */
#define CC_BSV_CCM_NONCE_SIZE_BYTES 12
/*! AES-CMAC result buffer. */
typedef uint32_t CCBsvCmacResult_t[CC_BSV_CMAC_RESULT_SIZE_IN_WORDS];
/*! AES-CCM key buffer.*/
typedef uint32_t CCBsvCcmKey_t[CC_BSV_CCM_KEY_SIZE_WORDS];
/*! AES-CCM nonce buffer.*/
typedef uint8_t CCBsvCcmNonce_t[CC_BSV_CCM_NONCE_SIZE_BYTES];
/*! AES-CCM MAC buffer.*/
typedef uint8_t CCBsvCcmMacRes_t[CC_BSV_CMAC_RESULT_SIZE_IN_BYTES];
#ifdef __cplusplus
}
#endif
#endif
/**
@}
*/

161
atf-20231013-0ea67d76a/include/drivers/arm/cryptocell/713/bsv_error.h
View File

@@ -1,161 +0,0 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _BSV_ERROR_H
#define _BSV_ERROR_H
#ifdef __cplusplus
extern "C"
{
#endif
/*!
@file
@brief This file defines the error code types that are returned from the Boot Services APIs.
@defgroup cc_bsv_error CryptoCell Boot Services error codes
@{
@ingroup cc_bsv
*/
/*! Defines the base address for Boot Services errors. */
#define CC_BSV_BASE_ERROR 0x0B000000
/*! Defines the base address for Boot Services cryptographic errors. */
#define CC_BSV_CRYPTO_ERROR 0x0C000000
/*! Illegal input parameter. */
#define CC_BSV_ILLEGAL_INPUT_PARAM_ERR (CC_BSV_BASE_ERROR + 0x00000001)
/*! Illegal HUK value. */
#define CC_BSV_ILLEGAL_HUK_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000002)
/*! Illegal Kcp value. */
#define CC_BSV_ILLEGAL_KCP_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000003)
/*! Illegal Kce value. */
#define CC_BSV_ILLEGAL_KCE_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000004)
/*! Illegal Kpicv value. */
#define CC_BSV_ILLEGAL_KPICV_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000005)
/*! Illegal Kceicv value. */
#define CC_BSV_ILLEGAL_KCEICV_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000006)
/*! Illegal EKcst value. */
#define CC_BSV_ILLEGAL_EKCST_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000007)
/*! Hash boot key not programmed in the OTP. */
#define CC_BSV_HASH_NOT_PROGRAMMED_ERR (CC_BSV_BASE_ERROR + 0x00000008)
/*! Illegal Hash boot key zero count in the OTP. */
#define CC_BSV_HBK_ZERO_COUNT_ERR (CC_BSV_BASE_ERROR + 0x00000009)
/*! Illegal LCS. */
#define CC_BSV_ILLEGAL_LCS_ERR (CC_BSV_BASE_ERROR + 0x0000000A)
/*! OTP write compare failure. */
#define CC_BSV_OTP_WRITE_CMP_FAIL_ERR (CC_BSV_BASE_ERROR + 0x0000000B)
/*! OTP access error */
#define CC_BSV_OTP_ACCESS_ERR (CC_BSV_BASE_ERROR + 0x0000000C)
/*! Erase key in OTP failed. */
#define CC_BSV_ERASE_KEY_FAILED_ERR (CC_BSV_BASE_ERROR + 0x0000000D)
/*! Illegal PIDR. */
#define CC_BSV_ILLEGAL_PIDR_ERR (CC_BSV_BASE_ERROR + 0x0000000E)
/*! Illegal CIDR. */
#define CC_BSV_ILLEGAL_CIDR_ERR (CC_BSV_BASE_ERROR + 0x0000000F)
/*! Device failed to move to fatal error state. */
#define CC_BSV_FAILED_TO_SET_FATAL_ERR (CC_BSV_BASE_ERROR + 0x00000010)
/*! Failed to set RMA LCS. */
#define CC_BSV_FAILED_TO_SET_RMA_ERR (CC_BSV_BASE_ERROR + 0x00000011)
/*! Illegal RMA indication. */
#define CC_BSV_ILLEGAL_RMA_INDICATION_ERR (CC_BSV_BASE_ERROR + 0x00000012)
/*! Boot Services version is not initialized. */
#define CC_BSV_VER_IS_NOT_INITIALIZED_ERR (CC_BSV_BASE_ERROR + 0x00000013)
/*! APB secure mode is locked. */
#define CC_BSV_APB_SECURE_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000014)
/*! APB privilege mode is locked. */
#define CC_BSV_APB_PRIVILEG_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000015)
/*! Illegal operation. */
#define CC_BSV_ILLEGAL_OPERATION_ERR (CC_BSV_BASE_ERROR + 0x00000016)
/*! Illegal asset size. */
#define CC_BSV_ILLEGAL_ASSET_SIZE_ERR (CC_BSV_BASE_ERROR + 0x00000017)
/*! Illegal asset value. */
#define CC_BSV_ILLEGAL_ASSET_VAL_ERR (CC_BSV_BASE_ERROR + 0x00000018)
/*! Kpicv is locked. */
#define CC_BSV_KPICV_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000019)
/*! Illegal SW version. */
#define CC_BSV_ILLEGAL_SW_VERSION_ERR (CC_BSV_BASE_ERROR + 0x0000001A)
/*! AO write operation. */
#define CC_BSV_AO_WRITE_FAILED_ERR (CC_BSV_BASE_ERROR + 0x0000001B)
/*! Chip state is already initialized. */
#define CC_BSV_CHIP_INITIALIZED_ERR (CC_BSV_BASE_ERROR + 0x0000001C)
/*! SP is not enabled. */
#define CC_BSV_SP_NOT_ENABLED_ERR (CC_BSV_BASE_ERROR + 0x0000001D)
/*! Production secure provisioning - header fields. */
#define CC_BSV_PROD_PKG_HEADER_ERR (CC_BSV_BASE_ERROR + 0x0000001E)
/*! Production secure provisioning - header MAC. */
#define CC_BSV_PROD_PKG_HEADER_MAC_ERR (CC_BSV_BASE_ERROR + 0x0000001F)
/*! Overrun buffer or size. */
#define CC_BSV_OVERRUN_ERR (CC_BSV_BASE_ERROR + 0x00000020)
/*! Kceicv is locked. */
#define CC_BSV_KCEICV_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000021)
/*! Chip indication is CHIP_STATE_ERROR. */
#define CC_BSV_CHIP_INDICATION_ERR (CC_BSV_BASE_ERROR + 0x00000022)
/*! Device is locked in fatal error state. */
#define CC_BSV_FATAL_ERR_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000023)
/*! Device has security disable feature enabled. */
#define CC_BSV_SECURE_DISABLE_ERROR (CC_BSV_BASE_ERROR + 0x00000024)
/*! Device has Kcst in disabled state */
#define CC_BSV_KCST_DISABLE_ERROR (CC_BSV_BASE_ERROR + 0x00000025)
/*! Illegal data-in pointer. */
#define CC_BSV_CRYPTO_INVALID_DATA_IN_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000001)
/*! Illegal data-out pointer. */
#define CC_BSV_CRYPTO_INVALID_DATA_OUT_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000002)
/*! Illegal data size. */
#define CC_BSV_CRYPTO_INVALID_DATA_SIZE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000003)
/*! Illegal key type. */
#define CC_BSV_CRYPTO_INVALID_KEY_TYPE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000004)
/*! Illegal key size. */
#define CC_BSV_CRYPTO_INVALID_KEY_SIZE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000005)
/*! Invalid key pointer. */
#define CC_BSV_CRYPTO_INVALID_KEY_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000006)
/*! Illegal key DMA type. */
#define CC_BSV_CRYPTO_INVALID_KEY_DMA_TYPE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000007)
/*! Illegal IV pointer. */
#define CC_BSV_CRYPTO_INVALID_IV_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000008)
/*! Illegal cipher mode. */
#define CC_BSV_CRYPTO_INVALID_CIPHER_MODE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000009)
/*! Illegal result buffer pointer. */
#define CC_BSV_CRYPTO_INVALID_RESULT_BUFFER_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000A)
/*! Invalid DMA type. */
#define CC_BSV_CRYPTO_INVALID_DMA_TYPE_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000B)
/*! Invalid in/out buffers overlapping. */
#define CC_BSV_CRYPTO_DATA_OUT_DATA_IN_OVERLAP_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000C)
/*! Invalid KDF label size. */
#define CC_BSV_CRYPTO_ILLEGAL_KDF_LABEL_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000D)
/*! Invalid KDF Context size. */
#define CC_BSV_CRYPTO_ILLEGAL_KDF_CONTEXT_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000E)
/*! Invalid CCM key. */
#define CC_BSV_CCM_INVALID_KEY_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000f)
/*! Invalid CCM Nonce. */
#define CC_BSV_CCM_INVALID_NONCE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000010)
/*! Invalid CCM associated data. */
#define CC_BSV_CCM_INVALID_ASSOC_DATA_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000011)
/*! Invalid CCM text data. */
#define CC_BSV_CCM_INVALID_TEXT_DATA_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000012)
/*! Invalid CCM-MAC buffer. */
#define CC_BSV_CCM_INVALID_MAC_BUF_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000013)
/*! CCM-MAC comparison failed. */
#define CC_BSV_CCM_TAG_LENGTH_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000014)
/*! CCM-MAC comparison failed. */
#define CC_BSV_CCM_MAC_INVALID_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000015)
/*! Illegal flow mode. */
#define CC_BSV_CRYPTO_INVALID_FLOW_MODE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000016)
#ifdef __cplusplus
}
#endif
#endif
/**
@}
*/

50
atf-20231013-0ea67d76a/include/drivers/arm/cryptocell/713/cc_address_defs.h
View File

@@ -1,50 +0,0 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _CC_ADDRESS_DEFS_H
#define _CC_ADDRESS_DEFS_H
/*!
@file
@brief This file contains general definitions.
*/
#ifdef __cplusplus
extern "C"
{
#endif
#include "cc_pal_types.h"
/************************ Defines ******************************/
/**
* Address types within CC
*/
/*! Definition of DMA address type, can be 32 bits or 64 bits according to CryptoCell's HW. */
typedef uint64_t CCDmaAddr_t;
/*! Definition of CryptoCell address type, can be 32 bits or 64 bits according to platform. */
typedef uint64_t CCAddr_t;
/*! Definition of CC SRAM address type, can be 32 bits according to CryptoCell's HW. */
typedef uint32_t CCSramAddr_t;
/*
* CCSramAddr_t is being cast into pointer type which can be 64 bit.
*/
/*! Definition of MACRO that casts SRAM addresses to pointer types. */
#define CCSramAddr2Ptr(sramAddr) ((uintptr_t)sramAddr)
#ifdef __cplusplus
}
#endif
#endif
/**
@}
*/

52
atf-20231013-0ea67d76a/include/drivers/arm/cryptocell/713/cc_boot_defs.h
View File

@@ -1,52 +0,0 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _CC_BOOT_DEFS_H
#define _CC_BOOT_DEFS_H
/*!
@file
@brief This file contains general definitions of types and enums of Boot APIs.
*/
#ifdef __cplusplus
extern "C"
{
#endif
/*! Version counters value. */
typedef enum {
CC_SW_VERSION_TRUSTED = 0, /*!< Trusted counter. */
CC_SW_VERSION_NON_TRUSTED, /*!< Non trusted counter. */
CC_SW_VERSION_MAX = 0x7FFFFFFF /*!< Reserved */
} CCSbSwVersionId_t;
/*! The hash boot key definition. */
typedef enum {
CC_SB_HASH_BOOT_KEY_0_128B = 0, /*!< Hbk0: 128-bit truncated SHA-256 digest of PubKB0. Used by ICV */
CC_SB_HASH_BOOT_KEY_1_128B = 1, /*!< Hbk1: 128-bit truncated SHA-256 digest of PubKB1. Used by OEM */
CC_SB_HASH_BOOT_KEY_256B = 2, /*!< Hbk: 256-bit SHA-256 digest of public key. */
CC_SB_HASH_BOOT_NOT_USED = 0xF, /*!< Hbk is not used. */
CC_SB_HASH_MAX_NUM = 0x7FFFFFFF, /*!< Reserved. */
} CCSbPubKeyIndexType_t;
/*! Chip state. */
typedef enum {
CHIP_STATE_NOT_INITIALIZED = 0, /*! Chip is not initialized. */
CHIP_STATE_TEST = 1, /*! Chip is in Production state. */
CHIP_STATE_PRODUCTION = 2, /*! Chip is in Production state. */
CHIP_STATE_ERROR = 3, /*! Chip is in Error state. */
} CCBsvChipState_t;
#ifdef __cplusplus
}
#endif
#endif /*_CC_BOOT_DEFS_H */
/**
@}
*/

100
atf-20231013-0ea67d76a/include/drivers/arm/cryptocell/713/cc_pal_types.h
View File

@@ -1,100 +0,0 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef CC_PAL_TYPES_H
#define CC_PAL_TYPES_H
/*!
@file
@brief This file contains platform-dependent definitions and types of the PAL layer.
@defgroup cc_pal_types CryptoCell platform-dependent PAL layer definitions and types
@{
@ingroup cc_pal
@{
@ingroup cc_pal
@}
*/
#include "cc_pal_types_plat.h"
/*! Definition of Boolean type.*/
typedef enum {
/*! Boolean false.*/
CC_FALSE = 0,
/*! Boolean true.*/
CC_TRUE = 1
} CCBool_t;
/*! Success. */
#define CC_SUCCESS 0UL
/*! Failure. */
#define CC_FAIL 1UL
/*! Success (OK). */
#define CC_OK 0
/*! This macro handles unused parameters in the code, to avoid compilation warnings. */
#define CC_UNUSED_PARAM(prm) ((void)prm)
/*! The maximal uint32 value.*/
#define CC_MAX_UINT32_VAL (0xFFFFFFFF)
/* Minimal and Maximal macros */
#ifdef min
/*! Definition for minimal calculation. */
#define CC_MIN(a,b) min( a , b )
#else
/*! Definition for minimal calculation. */
#define CC_MIN( a , b ) ( ( (a) < (b) ) ? (a) : (b) )
#endif
#ifdef max
/*! Definition for maximal calculation. */
#define CC_MAX(a,b) max( a , b )
#else
/*! Definition for maximal calculation.. */
#define CC_MAX( a , b ) ( ( (a) > (b) ) ? (a) : (b) )
#endif
/*! This macro calculates the number of full Bytes from bits, where seven bits are one Byte. */
#define CALC_FULL_BYTES(numBits) ((numBits)/CC_BITS_IN_BYTE + (((numBits) & (CC_BITS_IN_BYTE-1)) > 0))
/*! This macro calculates the number of full 32-bit words from bits where 31 bits are one word. */
#define CALC_FULL_32BIT_WORDS(numBits) ((numBits)/CC_BITS_IN_32BIT_WORD + (((numBits) & (CC_BITS_IN_32BIT_WORD-1)) > 0))
/*! This macro calculates the number of full 32-bit words from Bytes where three Bytes are one word. */
#define CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) ((sizeBytes)/CC_32BIT_WORD_SIZE + (((sizeBytes) & (CC_32BIT_WORD_SIZE-1)) > 0))
/*! This macro calculates the number of full 32-bit words from 64-bits dwords. */
#define CALC_32BIT_WORDS_FROM_64BIT_DWORD(sizeWords) (sizeWords * CC_32BIT_WORD_IN_64BIT_DWORD)
/*! This macro rounds up bits to 32-bit words. */
#define ROUNDUP_BITS_TO_32BIT_WORD(numBits) (CALC_FULL_32BIT_WORDS(numBits) * CC_BITS_IN_32BIT_WORD)
/*! This macro rounds up bits to Bytes. */
#define ROUNDUP_BITS_TO_BYTES(numBits) (CALC_FULL_BYTES(numBits) * CC_BITS_IN_BYTE)
/*! This macro rounds up bytes to 32-bit words. */
#define ROUNDUP_BYTES_TO_32BIT_WORD(sizeBytes) (CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) * CC_32BIT_WORD_SIZE)
/*! This macro calculates the number Bytes from words. */
#define CALC_WORDS_TO_BYTES(numwords) ((numwords)*CC_32BIT_WORD_SIZE)
/*! Definition of 1 KB in Bytes. */
#define CC_1K_SIZE_IN_BYTES 1024
/*! Definition of number of bits in a Byte. */
#define CC_BITS_IN_BYTE 8
/*! Definition of number of bits in a 32-bits word. */
#define CC_BITS_IN_32BIT_WORD 32
/*! Definition of number of Bytes in a 32-bits word. */
#define CC_32BIT_WORD_SIZE 4
/*! Definition of number of 32-bits words in a 64-bits dword. */
#define CC_32BIT_WORD_IN_64BIT_DWORD 2
#endif
/**
@}
*/

25
atf-20231013-0ea67d76a/include/drivers/arm/cryptocell/713/cc_pal_types_plat.h
View File

@@ -1,25 +0,0 @@
/*
* Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
/*! @file
@brief This file contains basic type definitions that are platform-dependent.
*/
#ifndef _CC_PAL_TYPES_PLAT_H
#define _CC_PAL_TYPES_PLAT_H
/* Host specific types for standard (ISO-C99) compliant platforms */
#include <stddef.h>
#include <stdint.h>
typedef uint32_t CCStatus;
#define CCError_t CCStatus
#define CC_INFINITE 0xFFFFFFFF
#define CEXPORT_C
#define CIMPORT_C
#endif /*_CC_PAL_TYPES_PLAT_H*/

62
atf-20231013-0ea67d76a/include/drivers/arm/cryptocell/713/cc_pka_hw_plat_defs.h
View File

@@ -1,62 +0,0 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _CC_PKA_HW_PLAT_DEFS_H
#define _CC_PKA_HW_PLAT_DEFS_H
#ifdef __cplusplus
extern "C"
{
#endif
#include "cc_pal_types.h"
/*!
@file
@brief Contains the enums and definitions that are used in the PKA code (definitions that are platform dependent).
*/
/*! The size of the PKA engine word. */
#define CC_PKA_WORD_SIZE_IN_BITS 128
/*! The maximal supported size of modulus in RSA in bits. */
#define CC_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS 4096
/*! The maximal supported size of key-generation in RSA in bits. */
#define CC_RSA_MAX_KEY_GENERATION_HW_SIZE_BITS 4096
/*! Secure boot/debug certificate RSA public modulus key size in bits. */
#if (KEY_SIZE == 3072)
#define BSV_CERT_RSA_KEY_SIZE_IN_BITS 3072
#else
#define BSV_CERT_RSA_KEY_SIZE_IN_BITS 2048
#endif
/*! Secure boot/debug certificate RSA public modulus key size in bytes. */
#define BSV_CERT_RSA_KEY_SIZE_IN_BYTES (BSV_CERT_RSA_KEY_SIZE_IN_BITS/CC_BITS_IN_BYTE)
/*! Secure boot/debug certificate RSA public modulus key size in words. */
#define BSV_CERT_RSA_KEY_SIZE_IN_WORDS (BSV_CERT_RSA_KEY_SIZE_IN_BITS/CC_BITS_IN_32BIT_WORD)
/*! The maximal count of extra bits in PKA operations. */
#define PKA_EXTRA_BITS 8
/*! The number of memory registers in PKA operations. */
#define PKA_MAX_COUNT_OF_PHYS_MEM_REGS 32
/*! Size of buffer for Barrett modulus tag in words. */
#define RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS 5
/*! Size of buffer for Barrett modulus tag in bytes. */
#define RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_BYTES (RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS*CC_32BIT_WORD_SIZE)
#ifdef __cplusplus
}
#endif
#endif //_CC_PKA_HW_PLAT_DEFS_H
/**
@}
*/

70
atf-20231013-0ea67d76a/include/drivers/arm/cryptocell/713/cc_sec_defs.h
View File

@@ -1,70 +0,0 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _CC_SEC_DEFS_H
#define _CC_SEC_DEFS_H
/*!
@file
@brief This file contains general definitions and types.
*/
#ifdef __cplusplus
extern "C"
{
#endif
#include "cc_pal_types.h"
/*! Hashblock size in words. */
#define HASH_BLOCK_SIZE_IN_WORDS 16
/*! Hash - SHA2 results in words. */
#define HASH_RESULT_SIZE_IN_WORDS 8
/*! Hash - SHA2 results in bytes. */
#define HASH_RESULT_SIZE_IN_BYTES 32
/*! Definition for hash result array. */
typedef uint32_t CCHashResult_t[HASH_RESULT_SIZE_IN_WORDS];
/*! Definition for converting pointer to Host address. */
#define CONVERT_TO_ADDR(ptr) (unsigned long)ptr
/*! Definition for converting pointer to SRAM address. */
#define CONVERT_TO_SRAM_ADDR(ptr) (0xFFFFFFFF & ptr)
/*! The data size of the signed SW image, in bytes. */
/*!\internal ContentCertImageRecord_t includes: HS(8W) + 64-b dstAddr(2W) + imgSize(1W) + isCodeEncUsed(1W) */
#define SW_REC_SIGNED_DATA_SIZE_IN_BYTES 48
/*! The data size of the unsigned SW image, in bytes. */
/*!\internal CCSbSwImgAddData_t includes: 64-b srcAddr(2W)*/
#define SW_REC_NONE_SIGNED_DATA_SIZE_IN_BYTES 8
/*! The additional data size - storage address and length of the unsigned SW image, in words. */
#define SW_REC_NONE_SIGNED_DATA_SIZE_IN_WORDS SW_REC_NONE_SIGNED_DATA_SIZE_IN_BYTES/CC_32BIT_WORD_SIZE
/*! The additional data section size, in bytes. */
#define CC_SB_MAX_SIZE_ADDITIONAL_DATA_BYTES 128
/*! Indication of whether or not to load the SW image to memory. */
#define CC_SW_COMP_NO_MEM_LOAD_INDICATION 0xFFFFFFFFFFFFFFFFUL
/*! Indication of product version, stored in certificate version field. */
#define CC_SB_CERT_VERSION_PROJ_PRD 0x713
#ifdef __cplusplus
}
#endif
#endif
/**
@}
*/

13
atf-20231013-0ea67d76a/include/drivers/arm/cryptocell/cc_rotpk.h
View File

@@ -1,13 +0,0 @@
/*
* Copyright (c) 2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _CC_ROTPK_H
#define _CC_ROTPK_H
int cc_get_rotpk_hash(unsigned char *dst, unsigned int len,
unsigned int *flags);
#endif

167
atf-20231013-0ea67d76a/makefile
View File

@@ -1,167 +0,0 @@
TOPDIR := $(CURDIR)
KCONFIG := $(TOPDIR)/config.in
MENUCONFIG := $(TOPDIR)/Kconfiglib/menuconfig.py
SAVEDEFCONFIG := $(TOPDIR)/Kconfiglib/savedefconfig.py
OLDCONFIG := $(TOPDIR)/Kconfiglib/oldconfig.py
DEFCONFIG := $(TOPDIR)/Kconfiglib/defconfig.py
ifneq ("$(wildcard $(TOPDIR)/.config)", "")
include $(TOPDIR)/.config
MTK_CONFIG_EXIST := y
MAKE_ARGS := PLAT=$(CONFIG_PLAT)
TARGET_ARGS :=
MAKE_ARGS += CROSS_COMPILE=$(CONFIG_CROSS_COMPILER)
ifeq (${CONFIG_FPGA},y)
FPGA = 1
MAKE_ARGS += FPGA=$(FPGA)
endif
ifeq (${CONFIG_NEED_SBC},y)
MAKE_ARGS += TRUSTED_BOARD_BOOT=1
MAKE_ARGS += GENERATE_COT=1
MAKE_ARGS += ROT_KEY=$(CONFIG_ROT_KEY)
MAKE_ARGS += BROM_SIGN_KEY=$(CONFIG_BROM_SIGN_KEY)
endif
ifeq (${CONFIG_NEED_MBEDTLS},y)
MAKE_ARGS += MBEDTLS_DIR=$(CONFIG_MBEDTLS_DIR)
endif
MAKE_ARGS += BOOT_DEVICE=$(CONFIG_BOOT_DEVICE)
ifeq (${CONFIG_FLASH_DEVICE_SNFI_SNAND},y)
MAKE_ARGS += NAND_TYPE=$(CONFIG_SNFI_SNAND_TYPE)
endif
ifeq (${CONFIG_NMBM},y)
NMBM := 1
MAKE_ARGS += NMBM=$(NMBM)
endif
ifeq (${CONFIG_FLASH_DEVICE_SPIM_NAND},y)
MAKE_ARGS += NAND_TYPE=$(CONFIG_SPIM_NAND_TYPE)
endif
ifeq (${CONFIG_DRAM_DDR3},y)
MAKE_ARGS += DRAM_USE_DDR4=0
endif
ifeq (${CONFIG_DRAM_DDR3_FLYBY},y)
MAKE_ARGS += DRAM_USE_DDR4=0
MAKE_ARGS += DDR3_FLYBY=1
endif
ifeq (${CONFIG_DRAM_DDR4},y)
MAKE_ARGS += DRAM_USE_DDR4=1
endif
ifeq (${CONFIG_DDR3_FREQ_2133},y)
MAKE_ARGS += DDR3_FREQ_2133=1
endif
ifeq (${CONFIG_DDR3_FREQ_1866},y)
MAKE_ARGS += DDR3_FREQ_1866=1
endif
ifeq (${CONFIG_DDR4_FREQ_2666},y)
MAKE_ARGS += DDR4_FREQ_2666=1
endif
ifeq (${CONFIG_DDR4_FREQ_3200},y)
MAKE_ARGS += DDR4_FREQ_3200=1
endif
ifeq (${CONFIG_QFN},y)
MAKE_ARGS += BOARD_QFN=1
endif
ifeq (${CONFIG_BGA},y)
MAKE_ARGS += BOARD_BGA=1
endif
ifeq (${CONFIG_DRAM_SIZE_AUTO},y)
endif
ifeq (${CONFIG_DRAM_SIZE_256},y)
MAKE_ARGS += DRAM_SIZE_LIMIT=256
endif
ifeq (${CONFIG_DRAM_SIZE_512},y)
MAKE_ARGS += DRAM_SIZE_LIMIT=512
endif
ifeq (${CONFIG_DRAM_SIZE_1024},y)
MAKE_ARGS += DRAM_SIZE_LIMIT=1024
endif
ifeq (${CONFIG_DRAM_SIZE_2048},y)
MAKE_ARGS += DRAM_SIZE_LIMIT=2048
endif
ifeq (${CONFIG_LOG_LEVEL_NONE},y)
MAKE_ARGS += LOG_LEVEL=0
endif
ifeq (${CONFIG_LOG_LEVEL_ERROR},y)
MAKE_ARGS += LOG_LEVEL=10
endif
ifeq (${CONFIG_LOG_LEVEL_NOTICE},y)
MAKE_ARGS += LOG_LEVEL=20
endif
ifeq (${CONFIG_LOG_LEVEL_WARNING},y)
MAKE_ARGS += LOG_LEVEL=30
endif
ifeq (${CONFIG_LOG_LEVEL_INFO},y)
MAKE_ARGS += LOG_LEVEL=40
endif
ifeq (${CONFIG_LOG_LEVEL_VERBOSE},y)
MAKE_ARGS += LOG_LEVEL=50
endif
ifeq (${CONFIG_DRAM_DEBUG_LOG},y)
MAKE_ARGS += DRAM_DEBUG_LOG=1
endif
ifeq ($(CONFIG_NEED_BL33),y)
MAKE_ARGS += BL33=$(CONFIG_BL33)
endif
ifeq ($(CONFIG_AARCH32),y)
MAKE_ARGS += ARCH=aarch32
endif
ifeq ($(CONFIG_NEED_BL2),y)
TARGET_ARGS += bl2
endif
ifeq ($(CONFIG_NEED_FIP),y)
TARGET_ARGS += bl31 fip
else
ifeq ($(CONFIG_NEED_BL31),y)
TARGET_ARGS += bl31
endif
endif
endif
PYTHON := $(shell which python3)
ifeq (${MTK_CONFIG_EXIST},y)
all: atf
atf: clean
make -f $(TOPDIR)/Makefile $(MAKE_ARGS) $(TARGET_ARGS)
clean:
make -f $(TOPDIR)/Makefile $(MAKE_ARGS) clean
else
# ignore %_defconfig, defconfig and menuconfig to prevent re-define / overwrite
$(filter-out %config, $(MAKECMDGOALS)):
make -f $(TOPDIR)/Makefile ${MAKEOVERRIDES} $(MAKECMDGOALS)
endif
check_python:
ifeq ($(PYTHON),)
@echo ">> Unable to find python"
@echo ">> You must have python installed in order"
@echo ">> to use 'make menuconfig'"
@exit 1;
endif
%_defconfig: check_python
$(PYTHON) $(DEFCONFIG) $(TOPDIR)/configs/$@ --kconfig $(KCONFIG)
$(PYTHON) $(OLDCONFIG) $(KCONFIG)
defconfig:
$(PYTHON) $(DEFCONFIG) --kconfig $(KCONFIG)
menuconfig: check_python
$(PYTHON) $(MENUCONFIG) $(KCONFIG)
savedefconfig: check_python
$(PYTHON) $(SAVEDEFCONFIG) --kconfig $(KCONFIG) \
--out $(TOPDIR)/defconfig
%_defconfig_update: check_python savedefconfig
cp $(TOPDIR)/defconfig $(TOPDIR)/configs/$(subst _update,,$@)

32
atf-20231013-0ea67d76a/plat/arm/board/common/rotpk/arm_full_dev_rsa_rotpk.S
View File

@@ -1,32 +0,0 @@
/*
* Copyright (c) 2022, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
/* corstone1000 platform provides custom values for the macros defined in
* arm_def.h , so only platform_def.h needs to be included
*/
#if !defined(TARGET_PLATFORM_FVP) && !defined(TARGET_PLATFORM_FPGA)
#include "plat/arm/common/arm_def.h"
#else
#include <platform_def.h>
#endif
.global arm_rotpk_key
.global arm_rotpk_key_end
.section .rodata.arm_rotpk_key, "a"
arm_rotpk_key:
.byte 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01
.byte 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01
.byte 0x00, 0xCB, 0x2C, 0x60, 0xD5, 0x8D, 0x63, 0xD4, 0x07, 0x79, 0x7E, 0xC7, 0x16, 0x96, 0xBD, 0x4D, 0x24, 0x4E, 0xAC, 0x86, 0xE6, 0xB7, 0x71, 0xE3, 0xC5, 0x54, 0x0B, 0xE7, 0x14, 0x1C, 0xBD, 0x29, 0x1A, 0xC1, 0x3F, 0x7A, 0xB6, 0x02, 0xAA, 0xAB, 0x36, 0xC4, 0xD9, 0x36, 0x69, 0x6C, 0xE2, 0x65, 0xC3, 0x9B, 0xB1, 0xBF, 0x3D, 0xA8, 0x56, 0x26, 0xCB, 0xFD, 0x04, 0x01, 0xBA, 0xAC, 0x3E, 0x54, 0x32, 0xCA, 0x79, 0x5E, 0xBB, 0xB2, 0x05, 0xEA, 0x06, 0x58, 0xF2, 0x74, 0xBA, 0xE1, 0xF4, 0x87, 0xC0, 0x19, 0x0A, 0x1F, 0x66, 0x07, 0x77, 0x84, 0x83, 0xA1, 0x1C, 0xEF, 0xFF, 0x28, 0x59, 0xE7, 0xC3, 0x68, 0x7D, 0x26, 0x20, 0x43, 0xEB, 0x56, 0x63, 0xF3, 0x39, 0x31, 0xD8, 0x2B, 0x51, 0xA9, 0xBC, 0x4F, 0xD0, 0xF6, 0xDE, 0x95, 0xDC, 0x5F, 0x5B, 0xC1, 0xED, 0x90, 0x6F, 0xEC, 0x28, 0x91, 0x7E, 0x17, 0xED, 0x78, 0x90, 0xF4, 0x60, 0xA7, 0xC4, 0xC7, 0x4F, 0x50, 0xED, 0x5D, 0x13, 0x3A, 0x21, 0x2B, 0x70, 0xC5, 0x61, 0x7B, 0x08, 0x21, 0x65, 0x3A, 0xCD, 0x82, 0x56, 0x8C, 0x7A, 0x47, 0xAC, 0x89, 0xE8, 0xA5, 0x48, 0x48
.byte 0x31, 0xD9, 0x1D, 0x46, 0xE5, 0x85, 0x86, 0x98, 0xA0, 0xE5, 0xC0, 0xA6, 0x6A, 0xBD, 0x07, 0xE4, 0x92, 0x57, 0x61, 0x07, 0x8F, 0x7D, 0x5A, 0x4D, 0xCA, 0xAE, 0x36, 0xB9, 0x56, 0x04, 0x10, 0xF2, 0x6C, 0xBE, 0xF6, 0x3B, 0x6C, 0x80, 0x3E, 0xBE , 0x0E, 0xA3, 0x4D , 0xC7 , 0xD4, 0x7E , 0xA7 , 0x49, 0xD4, 0xF2, 0xD2, 0xBC, 0xCF, 0x30, 0xA8, 0xE7, 0x74, 0x8F, 0x64, 0xDF, 0xBC, 0x5C, 0x47, 0x68, 0xCC, 0x40, 0x4C, 0xF8, 0x83, 0xCC, 0xCB, 0x40, 0x35, 0x04, 0x60, 0xCA, 0xB3, 0xA4, 0x17, 0x9F, 0x03, 0xCA, 0x1D, 0x5A, 0xFA, 0xD1, 0xAF, 0x21, 0x57, 0x10, 0xD3, 0x02, 0x03, 0x01, 0x00, 0x01
arm_rotpk_key_end:
.if ARM_ROTPK_KEY_LEN != arm_rotpk_key_end - arm_rotpk_key
.error "Invalid ROTPK length."
.endif

26
atf-20231013-0ea67d76a/plat/arm/board/fvp/fvp_plat_attest_token.c
View File

@@ -1,26 +0,0 @@
/*
* Copyright (c) 2022-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <delegated_attestation.h>
#include <psa/error.h>
/*
* Get the platform attestation token through the PSA delegated attestation
* layer.
*
* FVP cannot support RSS hardware at the moment, but it can still mock the
* RSS implementation of the PSA interface (see PLAT_RSS_NOT_SUPPORTED).
*/
int plat_rmmd_get_cca_attest_token(uintptr_t buf, size_t *len,
uintptr_t hash, size_t hash_size)
{
psa_status_t ret;
ret = rss_delegated_attest_get_token((const uint8_t *)hash, hash_size,
(uint8_t *)buf, *len, len);
return ret;
}

30
atf-20231013-0ea67d76a/plat/arm/board/fvp/fvp_realm_attest_key.c
View File

@@ -1,30 +0,0 @@
/*
* Copyright (c) 2022-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
#include <delegated_attestation.h>
#include <psa/error.h>
#include <services/rmmd_svc.h>
/*
* Get the delegated realm attestation key through the PSA delegated
* attestation layer.
*
* FVP cannot support RSS hardware at the moment, but it can still mock
* the RSS implementation of the PSA interface (see PLAT_RSS_NOT_SUPPORTED).
*/
int plat_rmmd_get_cca_realm_attest_key(uintptr_t buf, size_t *len,
unsigned int type)
{
psa_status_t ret;
assert(type == ATTEST_KEY_CURVE_ECC_SECP384R1);
ret = rss_delegated_attest_get_delegated_key(0U, 0U, (uint8_t *)buf,
*len, len, 0U);
return ret;
}

24
atf-20231013-0ea67d76a/plat/mediatek/drivers/iommu/mt8188/mtk_iommu_plat.h
View File

@@ -1,24 +0,0 @@
/*
* Copyright (c) 2022, MediaTek Inc. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef IOMMU_PLAT_H
#define IOMMU_PLAT_H
#include <mtk_iommu_priv.h>
/* mm iommu */
#define SMI_LARB_NUM (26)
extern struct mtk_smi_larb_config *g_larb_cfg;
/* infra iommu */
#define MMU_DEV_NUM (1)
extern struct mtk_ifr_mst_config *g_ifr_mst_cfg;
extern uint32_t *g_ifr_mst_cfg_base;
extern uint32_t *g_ifr_mst_cfg_offs;
extern void mtk_infra_iommu_enable_protect(void);
#endif /* IOMMU_PLAT_H */

43
atf-20231013-0ea67d76a/plat/mediatek/mt7986/include/mt7986_mmu.h
View File

@@ -1,43 +0,0 @@
#ifndef MT7986_MMU_H
#define MT7986_MMU_H
#include <platform_def.h>
#define MTK_MAP_DEVICE(_name, _base, _size) \
MAP_REGION_FLAT(_base, \
_size, \
MT_DEVICE | MT_RW | MT_SECURE)
#define MAP_SEC_SYSRAM MAP_REGION_FLAT(TZRAM_BASE, \
TZRAM_SIZE, \
MT_MEMORY | MT_RW | MT_SECURE)
#define MAP_GIC \
MTK_MAP_DEVICE(GIC_V3, GIC_BASE, 0x1000000)
#define MAP_DEVICE0 \
MTK_MAP_DEVICE(BASIC, 0x10000000, 0x20000), \
MTK_MAP_DEVICE(INFRACFG, 0x10209000, 0x2000), \
MTK_MAP_DEVICE(PERICFG, 0x1020B000, 0x2000), \
MTK_MAP_DEVICE(TRNG, 0x1020F000, 0x1000), \
MTK_MAP_DEVICE(MCUSYS, 0x10400000, 0x2000), \
MTK_MAP_DEVICE(UART, 0x11002000, 0x3000), \
MTK_MAP_DEVICE(EFUSE, 0x11D00000, 0x10000), \
MTK_MAP_DEVICE(TOP_MISC, 0x11D10000, 0x1000)
#define MAP_DEVICE1 \
MTK_MAP_DEVICE(MPU, 0x10226000, 0x1000), \
MTK_MAP_DEVICE(DEVICE_APC, 0x1A0F0000, 0x30000)
#define MAP_DEVICE_EXTENTION \
MTK_MAP_DEVICE(PWM, 0x10048000, 0x1000), \
MTK_MAP_DEVICE(DMA, 0x10212000, 0x6000), \
MTK_MAP_DEVICE(EIP97, 0x10320000, 0x40000), \
MTK_MAP_DEVICE(NFI, 0x11005000, 0x2000), \
MTK_MAP_DEVICE(I2C, 0x11008000, 0x1000), \
MTK_MAP_DEVICE(SPI, 0x1100A000, 0x2000), \
MTK_MAP_DEVICE(AUXADC, 0x1100D000, 0x1000), \
MTK_MAP_DEVICE(IOCFG_0, 0x11C30000, 0x2000), \
MTK_MAP_DEVICE(IOCFG_1, 0x11E20000, 0x4000)
#endif

BIN
atf-20231013-0ea67d76a/plat/mediatek/mt7988/drivers/efuse/release/efuse_cmd.o
View File

Binary file not shown.

155
atf-20231013-0ea67d76a/plat/mediatek/mt7988/include/reg_base.h
View File

@@ -1,155 +0,0 @@
/*
* Not inside DE memory map
*/
#define GIC_BASE 0x0C000000
#define INTER_SRAM 0x00100000
/*
* Base on memory_map_to_reg_base_H.py
*/
/* SRAMROM */
#define ROM_BASE 0x00000000
/* SRAMROM */
#define RAM_BASE 0x00100000
/* L2C */
#define L2C_BASE 0x00200000
/* HW_VER CID */
#define HW_VER_CID_BASE 0x08000000
/* DEVAPC TOPS_PERI_BUS_AO_PDN_PDN */
#define DEVAPC_TOPS_PERI_BUS_AO_PDN_PDN_BASE 0x09129000
/* DEVAPC TOPS_PERI_BUS_AO_PDN */
#define DEVAPC_TOPS_PERI_BUS_AO_PDN_BASE 0x0912C000
/* DEVAPC TOPS_BUS_AO_PDN_PDN */
#define DEVAPC_TOPS_BUS_AO_PDN_PDN_BASE 0x09139000
/* DEVAPC TOPS_BUS_AO_PDN */
#define DEVAPC_TOPS_BUS_AO_PDN_BASE 0x0913C000
/* DEVAPC CLUST_PERI_BUS_AO_PDN_PDN */
#define DEVAPC_CLUST_PERI_BUS_AO_PDN_PDN_BASE 0x09629000
/* DEVAPC CLUST_PERI_BUS_AO_PDN */
#define DEVAPC_CLUST_PERI_BUS_AO_PDN_BASE 0x0962C000
/* DEVAPC CLUST_BUS_AO_PDN_PDN */
#define DEVAPC_CLUST_BUS_AO_PDN_PDN_BASE 0x09639000
/* DEVAPC CLUST_BUS_AO_PDN */
#define DEVAPC_CLUST_BUS_AO_PDN_BASE 0x0963C000
/* DEBUGSYS */
#define DEBUGSYS_BASE 0x0D000000
/* INFRA_CFG_AO */
#define INFRACFG_AO_BASE 0x10001000
/* INFRA_CFG_AO_MEM */
#define INFRACFG_AO_MEM_BASE 0x10002000
/* PERICFG_AO */
#define PERICFG_AO_BASE 0x10003000
/* APXGPT */
#define APXGPT_BASE 0x10008000
/* Reserved */
#define RESERVED_BASE 0x10009000
/* AP_CIRQ_ENIT_APB */
#define AP_CIRQ_ENIT_APB_BASE 0x1000B000
/* SYS_TIMER */
#define SYS_TIMER_BASE 0x10017000
#define TOPCKGEN_BASE 0x1001B000
#define TOPRGU_BASE 0x1001C000
#define DRM_BASE 0x1001D000
#define APMIXEDSYS_BASE 0x1001E000
/* Pinmux0 */
#define PINMUX0_BASE 0x10021000
/* Pinmux1 */
#define PINMUX1_BASE 0x10022000
/* PWM */
#define PWM_BASE 0x10048000
/* SGMII_SBUS0 */
#define SGMII_SBUS0_BASE 0x10060000
/* SGMII_SBUS1 */
#define SGMII_SBUS1_BASE 0x10070000
/* SYS_CIRQ */
#define SYS_CIRQ_BASE 0x10204000
/* INFRACFG_PDN */
#define INFRACFG_PDN_BASE 0x1020E000
/* TRNG */
#define TRNG_BASE 0x1020f000
/* CQ_DMA */
#define CQ_DMA_BASE 0x10212000
/* SRAMROM_APB */
#define SRAMROM_APB_BASE 0x10214000
/* AP_DMA */
#define AP_DMA_BASE 0x10217000
/* EMI_APB */
#define EMI_APB_BASE 0x10219000
/* INFRACFG_MEM_APB */
#define INFRACFG_MEM_APB_BASE 0x1021C000
/* EMI_FAKE_ENGINE0 */
#define EMI_FAKE_ENGINE0_BASE 0x10225000
/* EMI_MPU_APB */
#define EMI_MPU_APB_BASE 0x10226000
/* EMI_FAKE_ENGINE1 */
#define EMI_FAKE_ENGINE1_BASE 0x10227000
/* DRAMC_CH0 */
#define DRAMC_CH0_BASE 0x10230000
/* DRAMC_CH1 */
#define DRAMC_CH1_BASE 0x10240000
/* EIP97 */
#define EIP97_BASE 0x10320000
/* MCUSYS_CFGREG_APB */
#define MCUSYS_CFGREG_APB_BASE 0x10390000
/* MCUSYS_CFGREG_APB-1 */
#define MCUSYS_CFGREG_APB_1_BASE 0x100E0000
#define MCUCFG_BASE MCUSYS_CFGREG_APB_1_BASE
#define MCUCFG_CA73 0x100E2000
/* UART0 */
#define UART0_BASE 0x11000000
/* UART1 */
#define UART1_BASE 0x11000100
/* UART2 */
#define UART2_BASE 0x11000200
/* NFI */
#define NFI_BASE 0x11001000
/* NFI_ECC */
#define NFI_ECC_BASE 0x11002000
/* I2C */
#define I2C_BASE 0x11008000
/* SPI0 */
#define SPI0_BASE 0x11007000
/* SPI1 */
#define SPI1_BASE 0x11008000
/* PTP_THERM_CTRL */
#define PTP_THERM_CTRL_BASE 0x1100C000
/* AUXADC */
#define AUXADC_BASE 0x1100D000
/* AUDIO_S */
#define AUDIO_S_BASE 0x11210000
/* AUDIO_S-1 */
#define AUDIO_S_1_BASE 0x11219000
/* MDSC0 */
#define MSDC0_BASE 0x11230000
/* EAST0 */
#define PCIE_PHYD_L0_BASE 0x11C00000
/* EAST1 */
#define PCIE_PHYD_L1_BASE 0x11C10000
/* MDSC0 TOP */
#define MSDC0_TOP_BASE 0x11C20000
/* WEST0 */
#define EFUSE_CONTROLLER_BASE 0x11E00000
/* WEST1 */
#define USB_PHYD_BASE 0x11E10000
/* TOP Misc */
#define TOP_MISC_BASE 0x11D10000
/* NETSYS1 */
#define NETSYS1_BASE 0x15000000
/* NETSYS2 */
#define NETSYS2_BASE 0x15180000
/* NETSYS3 */
#define NETSYS3_BASE 0x1518C000
/* NETSYS4 */
#define NETSYS4_BASE 0x151C0000
/* CONNSYS */
#define CONNSYS_BASE 0x18000000
/* DEVAPC_FMEM_AO */
#define DEVAPC_FMEM_AO_BASE 0x1A0F0000
/* DEVAPC_INFRA_AO */
#define DEVAPC_INFRA_AO_BASE 0x1A100000
/* DEVAPC_INFRA_PDN */
#define DEVAPC_INFRA_PDN_BASE 0x1A110000

98
atf-20231013-0ea67d76a/plat/xilinx/common/plat_fdt.c
View File

@@ -1,98 +0,0 @@
/*
* Copyright (c) 2023, Advanced Micro Devices, Inc. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
*/
#include <common/debug.h>
#include <common/fdt_fixup.h>
#include <common/fdt_wrappers.h>
#include <libfdt.h>
#include <lib/xlat_tables/xlat_tables_v2.h>
#include <plat_fdt.h>
#include <platform_def.h>
void prepare_dtb(void)
{
#if defined(XILINX_OF_BOARD_DTB_ADDR)
void *dtb;
int map_ret = 0;
int ret = 0;
dtb = (void *)XILINX_OF_BOARD_DTB_ADDR;
if (!IS_TFA_IN_OCM(BL31_BASE)) {
#if defined(PLAT_XLAT_TABLES_DYNAMIC)
map_ret = mmap_add_dynamic_region((unsigned long long)dtb,
(uintptr_t)dtb,
XILINX_OF_BOARD_DTB_MAX_SIZE,
MT_MEMORY | MT_RW | MT_NS);
if (map_ret != 0) {
WARN("Failed to add dynamic region for dtb: error %d\n",
map_ret);
}
#endif
if (!map_ret) {
/* Return if no device tree is detected */
if (fdt_check_header(dtb) != 0) {
NOTICE("Can't read DT at %p\n", dtb);
} else {
ret = fdt_open_into(dtb, dtb, XILINX_OF_BOARD_DTB_MAX_SIZE);
if (ret < 0) {
ERROR("Invalid Device Tree at %p: error %d\n",
dtb, ret);
} else {
if (dt_add_psci_node(dtb)) {
WARN("Failed to add PSCI Device Tree node\n");
}
if (dt_add_psci_cpu_enable_methods(dtb)) {
WARN("Failed to add PSCI cpu enable methods in DT\n");
}
/* Reserve memory used by Trusted Firmware. */
ret = fdt_add_reserved_memory(dtb,
"tf-a",
BL31_BASE,
BL31_LIMIT
-
BL31_BASE);
if (ret < 0) {
WARN("Failed to add reserved memory nodes for BL31 to DT.\n");
}
ret = fdt_pack(dtb);
if (ret < 0) {
WARN("Failed to pack dtb at %p: error %d\n",
dtb, ret);
}
flush_dcache_range((uintptr_t)dtb,
fdt_blob_size(dtb));
INFO("Changed device tree to advertise PSCI and reserved memories.\n");
}
}
}
#if defined(PLAT_XLAT_TABLES_DYNAMIC)
if (!map_ret) {
ret = mmap_remove_dynamic_region((uintptr_t)dtb,
XILINX_OF_BOARD_DTB_MAX_SIZE);
if (ret != 0) {
WARN("Failed to remove dynamic region for dtb:error %d\n",
ret);
}
}
#endif
}
#endif
}

17
atf-20231013-0ea67d76a/services/std_svc/spm/common/spm.mk
View File

@@ -1,17 +0,0 @@
#
# Copyright (c) 2022, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
ifneq (${ARCH},aarch64)
$(error "Error: SPM is only supported on aarch64.")
endif
INCLUDES += -Iservices/std_svc/spm/common/include
SPM_SOURCES := $(addprefix services/std_svc/spm/common/,\
${ARCH}/spm_helpers.S)
# Let the top-level Makefile know that we intend to include a BL32 image
NEED_BL32 := yes

278
atf-20231013-0ea67d76a/services/std_svc/spm/el3_spmc/spmc_setup.c
View File

@@ -1,278 +0,0 @@
/*
* Copyright (c) 2022, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
#include <string.h>
#include <arch.h>
#include <arch_helpers.h>
#include <common/debug.h>
#include <common/fdt_wrappers.h>
#include <context.h>
#include <lib/el3_runtime/context_mgmt.h>
#include <lib/utils.h>
#include <lib/xlat_tables/xlat_tables_v2.h>
#include <libfdt.h>
#include <plat/common/common_def.h>
#include <plat/common/platform.h>
#include <services/ffa_svc.h>
#include "spm_common.h"
#include "spmc.h"
#include <tools_share/firmware_image_package.h>
#include <platform_def.h>
/*
* Statically allocate a page of memory for passing boot information to an SP.
*/
static uint8_t ffa_boot_info_mem[PAGE_SIZE] __aligned(PAGE_SIZE);
/*
* This function creates a initialization descriptor in the memory reserved
* for passing boot information to an SP. It then copies the partition manifest
* into this region and ensures that its reference in the initialization
* descriptor is updated.
*/
static void spmc_create_boot_info(entry_point_info_t *ep_info,
struct secure_partition_desc *sp)
{
struct ffa_boot_info_header *boot_header;
struct ffa_boot_info_desc *boot_descriptor;
uintptr_t manifest_addr;
/*
* Calculate the maximum size of the manifest that can be accommodated
* in the boot information memory region.
*/
const unsigned int
max_manifest_sz = sizeof(ffa_boot_info_mem) -
(sizeof(struct ffa_boot_info_header) +
sizeof(struct ffa_boot_info_desc));
/*
* The current implementation only supports the FF-A v1.1
* implementation of the boot protocol, therefore check
* that a v1.0 SP has not requested use of the protocol.
*/
if (sp->ffa_version == MAKE_FFA_VERSION(1, 0)) {
ERROR("FF-A boot protocol not supported for v1.0 clients\n");
return;
}
/*
* Check if the manifest will fit into the boot info memory region else
* bail.
*/
if (ep_info->args.arg1 > max_manifest_sz) {
WARN("Unable to copy manifest into boot information. ");
WARN("Max sz = %u bytes. Manifest sz = %lu bytes\n",
max_manifest_sz, ep_info->args.arg1);
return;
}
/* Zero the memory region before populating. */
memset(ffa_boot_info_mem, 0, PAGE_SIZE);
/*
* Populate the ffa_boot_info_header at the start of the boot info
* region.
*/
boot_header = (struct ffa_boot_info_header *) ffa_boot_info_mem;
/* Position the ffa_boot_info_desc after the ffa_boot_info_header. */
boot_header->offset_boot_info_desc =
sizeof(struct ffa_boot_info_header);
boot_descriptor = (struct ffa_boot_info_desc *)
(ffa_boot_info_mem +
boot_header->offset_boot_info_desc);
/*
* We must use the FF-A version corresponding to the version implemented
* by the SP. Currently this can only be v1.1.
*/
boot_header->version = sp->ffa_version;
/* Populate the boot information header. */
boot_header->size_boot_info_desc = sizeof(struct ffa_boot_info_desc);
/* Set the signature "0xFFA". */
boot_header->signature = FFA_INIT_DESC_SIGNATURE;
/* Set the count. Currently 1 since only the manifest is specified. */
boot_header->count_boot_info_desc = 1;
/* Populate the boot information descriptor for the manifest. */
boot_descriptor->type =
FFA_BOOT_INFO_TYPE(FFA_BOOT_INFO_TYPE_STD) |
FFA_BOOT_INFO_TYPE_ID(FFA_BOOT_INFO_TYPE_ID_FDT);
boot_descriptor->flags =
FFA_BOOT_INFO_FLAG_NAME(FFA_BOOT_INFO_FLAG_NAME_UUID) |
FFA_BOOT_INFO_FLAG_CONTENT(FFA_BOOT_INFO_FLAG_CONTENT_ADR);
/*
* Copy the manifest into boot info region after the boot information
* descriptor.
*/
boot_descriptor->size_boot_info = (uint32_t) ep_info->args.arg1;
manifest_addr = (uintptr_t) (ffa_boot_info_mem +
boot_header->offset_boot_info_desc +
boot_header->size_boot_info_desc);
memcpy((void *) manifest_addr, (void *) ep_info->args.arg0,
boot_descriptor->size_boot_info);
boot_descriptor->content = manifest_addr;
/* Calculate the size of the total boot info blob. */
boot_header->size_boot_info_blob = boot_header->offset_boot_info_desc +
boot_descriptor->size_boot_info +
(boot_header->count_boot_info_desc *
boot_header->size_boot_info_desc);
INFO("SP boot info @ 0x%lx, size: %u bytes.\n",
(uintptr_t) ffa_boot_info_mem,
boot_header->size_boot_info_blob);
INFO("SP manifest @ 0x%lx, size: %u bytes.\n",
boot_descriptor->content,
boot_descriptor->size_boot_info);
}
/*
* We are assuming that the index of the execution
* context used is the linear index of the current physical cpu.
*/
unsigned int get_ec_index(struct secure_partition_desc *sp)
{
return plat_my_core_pos();
}
/* S-EL1 partition specific initialisation. */
void spmc_el1_sp_setup(struct secure_partition_desc *sp,
entry_point_info_t *ep_info)
{
/* Sanity check input arguments. */
assert(sp != NULL);
assert(ep_info != NULL);
/* Initialise the SPSR for S-EL1 SPs. */
ep_info->spsr = SPSR_64(MODE_EL1, MODE_SP_ELX,
DISABLE_ALL_EXCEPTIONS);
/*
* TF-A Implementation defined behaviour to provide the linear
* core ID in the x4 register.
*/
ep_info->args.arg4 = (uintptr_t) plat_my_core_pos();
/*
* Check whether setup is being performed for the primary or a secondary
* execution context. In the latter case, indicate to the SP that this
* is a warm boot.
* TODO: This check would need to be reworked if the same entry point is
* used for both primary and secondary initialisation.
*/
if (sp->secondary_ep != 0U) {
/*
* Sanity check that the secondary entry point is still what was
* originally set.
*/
assert(sp->secondary_ep == ep_info->pc);
ep_info->args.arg0 = FFA_WB_TYPE_S2RAM;
}
}
/* Common initialisation for all SPs. */
void spmc_sp_common_setup(struct secure_partition_desc *sp,
entry_point_info_t *ep_info,
int32_t boot_info_reg)
{
uint16_t sp_id;
/* Assign FF-A Partition ID if not already assigned. */
if (sp->sp_id == INV_SP_ID) {
sp_id = FFA_SP_ID_BASE + ACTIVE_SP_DESC_INDEX;
/*
* Ensure we don't clash with previously assigned partition
* IDs.
*/
while (!is_ffa_secure_id_valid(sp_id)) {
sp_id++;
if (sp_id == FFA_SWD_ID_LIMIT) {
ERROR("Unable to determine valid SP ID.\n");
panic();
}
}
sp->sp_id = sp_id;
}
/*
* We currently only support S-EL1 partitions so ensure this is the
* case.
*/
assert(sp->runtime_el == S_EL1);
/* Check if the SP wants to use the FF-A boot protocol. */
if (boot_info_reg >= 0) {
/*
* Create a boot information descriptor and copy the partition
* manifest into the reserved memory region for consumption by
* the SP.
*/
spmc_create_boot_info(ep_info, sp);
/*
* We have consumed what we need from ep args so we can now
* zero them before we start populating with new information
* specifically for the SP.
*/
zeromem(&ep_info->args, sizeof(ep_info->args));
/*
* Pass the address of the boot information in the
* boot_info_reg.
*/
switch (boot_info_reg) {
case 0:
ep_info->args.arg0 = (uintptr_t) ffa_boot_info_mem;
break;
case 1:
ep_info->args.arg1 = (uintptr_t) ffa_boot_info_mem;
break;
case 2:
ep_info->args.arg2 = (uintptr_t) ffa_boot_info_mem;
break;
case 3:
ep_info->args.arg3 = (uintptr_t) ffa_boot_info_mem;
break;
default:
ERROR("Invalid value for \"gp-register-num\" %d.\n",
boot_info_reg);
}
} else {
/*
* We don't need any of the information that was populated
* in ep_args so we can clear them.
*/
zeromem(&ep_info->args, sizeof(ep_info->args));
}
}
/*
* Initialise the SP context now we have populated the common and EL specific
* entrypoint information.
*/
void spmc_sp_common_ep_commit(struct secure_partition_desc *sp,
entry_point_info_t *ep_info)
{
cpu_context_t *cpu_ctx;
cpu_ctx = &(spmc_get_sp_ec(sp)->cpu_ctx);
print_entry_point_info(ep_info);
cm_setup_context(cpu_ctx, ep_info);
}

365
atf-20231013-0ea67d76a/tools/dev/single_img_wrapper/mk_image.sh
View File

@@ -1,365 +0,0 @@
#!/bin/bash
#global variables:
gpt_start_dec=0
gpt_start_hex=0
bl2_start_dec=0
bl2_start_hex=0x0
rf_start_dec=0
rf_start_hex=0x0
fip_start_dec=0
fip_start_hex=0x0
kernel_start_dec=0
kernel_start_hex=0x0
rootfs_start_dec=0
rootfs_start_hex=0x0
rootfs_image=""
sdmmc_extracted_folder=""
# Regular Colors
RED='\033[0;31m'
NC='\033[0m'
usage() {
printf 'Usage:\n'\
' ./mk_image -p <platform>\n'\
' -d <flash device type>\n'\
' -c <partition config>\n'\
' -b <BL2 image>, default=bl2.img\n'\
' -r <RF image>\n'\
' -f <FIP image>, default=fip.bin\n'\
' -k <kernel image>\n'\
' -g <GPT table>\n'\
' -h <usage menu>\n'\
' -o <single image name>\n'\
' example:\n'\
' ./mk_image.sh -p mt7986a -d emmc \\\n'\
' -g GPT_EMMC-iap-20220125 \\\n'\
' -f fip-iap-emmc-20220125.bin \\\n'\
' -k OF_openwrt-mediatek-mt7986-mt7986a-ax6000-emmc-rfb-squashfs-sysupgrade.bin\n'\
' ./mk_image.sh -p mt7986a -d spim-nand \\\n'\
' -b bl2-iap-snand-20220114.img \\\n'\
' -f fip-snand-20220114.bin \\\n'\
' -k OF_openwrt-mediatek-mt7986-mt7986a-ax6000-spim-nand-rfb-squashfs-factory.bin \\\n'
exit 0
}
parse_yaml() {
local prefix=$2
local s='[[:space:]]*' w='[a-zA-Z0-9_]*' fs=$(echo @|tr @ '\034')
sed -ne "s|^\($s\):|\1|" \
-e "s|^\($s\)\($w\)$s:$s[\"']\(.*\)[\"']$s\$|\1$fs\2$fs\3|p" \
-e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p" $1 |
awk -F$fs '{
indent = length($1)/2;
vname[indent] = $2;
for (i in vname) {if (i > indent) {delete vname[i]}}
if (length($3) > 0) {
vn=""; for (i=0; i<indent; i++) {vn=(vn)(vname[i])("_")}
printf("%s=%s\n", $2, $3);
}
}'
}
load_partition() {
IFS=$'\r\n'
for line in `parse_yaml $partition_config`; do
IFS='=' read -ra arr <<< "$line"
case "${arr[0]}" in
gpt_start )
gpt_start_hex=${arr[1]}
gpt_start_dec=`printf '%d' $gpt_start_hex`
;;
bl2_start )
bl2_start_hex=${arr[1]}
bl2_start_dec=`printf '%d' $bl2_start_hex`
;;
rf_start )
rf_start_hex=${arr[1]}
rf_start_dec=`printf '%d' $rf_start_hex`
;;
fip_start )
fip_start_hex=${arr[1]}
fip_start_dec=`printf '%d' $fip_start_hex`
;;
kernel_start )
kernel_start_hex=${arr[1]}
kernel_start_dec=`printf '%d' $kernel_start_hex`
;;
rootfs_start )
rootfs_start_hex=${arr[1]}
rootfs_start_dec=`printf '%d' $rootfs_start_hex`
esac
done
}
prepare_image() {
# Pad empty bytes to single image first
if [[ -z $kernel_image ]]
then
if [[ $flash_type == "emmc" ]] || [[ $flash_type == "sd" ]]
then
dd if=/dev/zero ibs=$fip_start_dec count=1 \
> $single_image
else
dd if=/dev/zero ibs=$fip_start_dec count=1 \
| tr "\000" "\377" > $single_image
fi
else
if [[ $flash_type == "emmc" ]] || [[ $flash_type == "sd" ]]
then
dd if=/dev/zero ibs=$kernel_start_dec count=1 \
> $single_image 2>&1
else
dd if=/dev/zero ibs=$kernel_start_dec count=1 \
| tr "\000" "\377" > $single_image 2>&1
fi
fi
}
extract_sdmmc_kernel() {
output=`tar -xvf $kernel_image | awk {'print $1'}`
IFS=$'\n' read -d "\034" -r -a output_arr <<< "$output"
#For debugging
#echo "There are ${#output_arr[*]}" next lines in the output.
sdmmc_extracted_folder=${output_arr[0]}
for filename in "${output_arr[@]}";
do
if [[ "$filename" == *"kernel" ]]
then
kernel_image=$filename
elif [[ "$filename" == *"root" ]]
then
rootfs_image=$filename
fi
done
}
start_wrapping() {
printf "[Start wrapping %s single image......]\n" $flash_type
if [[ $flash_type == "emmc" ]] || [[ $flash_type == "sd" ]]
then
printf "[wrapping GPT......]\n"
dd if=$gpt of=$single_image bs=512 seek=0 conv=notrunc
fi
if [[ $flash_type != "emmc" ]]
then
printf "[wrapping BL2 image......]\n"
dd if=$bl2_image of=$single_image bs=512 \
seek=$(( ($bl2_start_dec/512) )) conv=notrunc
fi
if [[ -n $rf_image ]]
then
printf "[wrapping RF image......]\n"
dd if=$rf_image of=$single_image bs=512 \
seek=$(( ($rf_start_dec/512) )) conv=notrunc
fi
printf "[wrapping FIP image......]\n"
dd if=$fip_image of=$single_image bs=512 \
seek=$(( ($fip_start_dec/512) )) conv=notrunc
if [[ -n $kernel_image ]]
then
printf "[wrapping kernel image......]\n"
if [[ $flash_type == "emmc" ]] || [[ $flash_type == "sd" ]]
then
extract_sdmmc_kernel
dd if=$kernel_image of=$single_image bs=512 \
seek=$(( ($kernel_start_dec/512) )) conv=notrunc
printf "[wrapping rootfs image......]\n"
dd if=$rootfs_image of=$single_image bs=512 \
seek=$(( ($rootfs_start_dec/512) )) conv=notrunc
rm -r $sdmmc_extracted_folder
else
dd if=$kernel_image of=$single_image bs=512 \
seek=$(( ($kernel_start_dec/512) )) conv=notrunc
fi
fi
}
## Enter current folder
DIR="$(cd "$(dirname "$0")" && pwd)"
cd ${DIR}
if [ $# -lt 1 ]
then
usage
exit 0
fi
## We set default values for some arguments
bl2_image="bl2.img"
bl2_default=1
fip_image="fip.bin"
fip_default=1
partition_config=""
partition_config_default=1
while [ "$1" != "" ]; do
case $1 in
-h )
usage
;;
-p )
shift
platform=$1
;;
-d )
shift
flash_type=$1
;;
-c )
shift
partition_config=$1
partition_config_default=0
;;
-b )
shift
bl2_image=$1
bl2_default=0
;;
-f )
shift
fip_image=$1
fip_default=0
;;
-k )
shift
kernel_image=$1
;;
-g )
shift
gpt=$1
;;
-o )
shift
single_image=$1
;;
-r )
shift
rf_image=$1
;;
esac
shift
done
######## Check if variables are valid ########
check_ok=1
if ! [[ $platform =~ ^(mt7981abd|mt7981c|mt7986a|mt7986b|mt7988)$ ]]; then
printf "${RED}Platform must be in mt7981abd|mt7981c|mt7986a|mt7986b|mt7988\n${NC}"
usage
exit 1
fi
if ! [[ $flash_type =~ ^(snfi-nand|spim-nand|spim-nor|emmc|sd)$ ]]; then
printf "${RED}Flash type must be in snfi-nand|spim-nand|spim-nor|emmc|sd\n${NC}"
usage
exit 1
fi
if [[ $partition_config_default -eq 1 ]]; then
declare -A part_by_platform
declare -A default_part
declare -A mt7988_part
## | snfi-nand | spim-nand | spim-nor | emmc | sd
## mt7981 | default | default | default | default | default
## mt7986 | default | default | default | default | default
## mt7988 | custom | custom | custom | custom | custom
default_part=( ['snfi-nand']="-default"
['spim-nand']="-default"
['spim-nor']="-default"
['emmc']="-default"
['sd']="-default" )
mt7988_part=( ['snfi-nand']="-mt7988"
['spim-nand']="-mt7988"
['spim-nor']="-mt7988"
['emmc']="-mt7988"
['sd']="-mt7988" )
part_by_platform=( ['mt7981abd']="default_part"
['mt7981c']="default_part"
['mt7986a']="default_part"
['mt7986b']="default_part"
['mt7988']="mt7988_part")
#For debugging
#eval hey=\${${part_by_platform['mt7988']}['snfi-nand']}
eval suffix=\${${part_by_platform[${platform}]}[${flash_type}]}
partition_config="./partitions/${flash_type}${suffix}.yml"
fi
if [[ $flash_type =~ ^(emmc|sd)$ ]] && [[ -z $gpt ]]; then
printf "${RED}GPT table must be provided if flash type is emmc or sd\n${NC}"
usage
exit 1
fi
if [[ -n $gpt ]] && ! [[ -f $gpt ]]; then
printf "${RED}GPT table provided doesn't exist.\n${NC}"
exit 1
fi
if [[ -n $rf_image ]] && ! [[ -f $rf_image ]]; then
printf "${RED}RF image provided doesn't exist.\n${NC}"
exit 1
fi
if [[ -n $kernel_image ]] && ! [[ -f $kernel_image ]]; then
printf "${RED}Kernel image provided doesn't exist.\n${NC}"
exit 1
fi
##############################################
if ! [[ -f $partition_config ]]
then
if [[ $partition_config_default -eq 1 ]]
then
printf "${RED}Default partition config${NC}"
else
printf "${RED}Partition config provided${NC}"
fi
printf "${RED} doesn't exist: %s\n${NC}" $partition_config
exit 1
fi
printf "* Partition config: %s\n" $partition_config
if ! [[ -f $bl2_image ]] && [[ $flash_type != "emmc" ]]
then
if [[ $bl2_default -eq 1 ]]
then
printf "${RED}Default BL2 image${NC}"
else
printf "${RED}BL2 image provided${NC}"
fi
printf "${RED} doesn't exist: %s\n${NC}" $bl2_image
exit 1
fi
printf "* BL2 image name: %s\n" $bl2_image
if ! [[ -f $fip_image ]]
then
if [[ $fip_default -eq 1 ]]
then
printf "${RED}Default FIP image"
else
printf "${RED}FIP image provided"
fi
printf "${RED} doesn't exist: %s\n${NC}" $fip_image
exit 1
fi
printf "* FIP image name: %s\n" $fip_image
if [[ -z $single_image ]]
then
single_image="$platform-$flash_type-$(date +%Y%m%d)-single-image.bin"
printf "* Single image name: %s\n" $single_image
fi
if [[ $check_ok == 1 ]]; then
#printf "./mk_image -p %s -d %s\n" $platform $flash_type
load_partition
prepare_image
start_wrapping
fi

29
atf-20231013-0ea67d76a/tools/dev/single_img_wrapper/partitions/emmc-default.yml
View File

@@ -1,29 +0,0 @@
# Copyright (C) 2021-2022 SkyLake Huang
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# eMMC layout:
# 0x0~0x4400 : GPT
# 0x400000~0x480000 : u-boot-env
# 0x480000~0x680000 : rf
# 0x680000~0x880000 : fip
# 0x880000~0x2880000 : kernel
# 0x2880000~0x12880000: rootfs
emmc:
rf_start: 0x480000
fip_start: 0x680000
kernel_start: 0x880000
rootfs_start: 0x2880000

21
atf-20231013-0ea67d76a/tools/dev/single_img_wrapper/partitions/emmc-mt7988.yml
View File

@@ -1,21 +0,0 @@
# eMMC layout(Panther/Cheetah):
# 0x0~0x4400 : GPT
# 0x400000~0x480000 : u-boot-env
# 0x480000~0x680000 : rf
# 0x680000~0x880000 : fip
# 0x880000~0x2880000 : kernel
# 0x2880000~0x12880000: rootfs
# eMMC layout(Jaguar):
# 0x0~0x4400 : GPT
# 0x400000~0x480000 : u-boot-env
# 0x480000~0x880000 : rf
# 0x880000~0xa80000 : fip
# 0xa80000~0x2a80000 : kernel
# 0x2a80000~0x12a80000: rootfs
emmc:
rf_start: 0x480000
fip_start: 0x880000
kernel_start: 0xa80000
rootfs_start: 0x2a80000

31
atf-20231013-0ea67d76a/tools/dev/single_img_wrapper/partitions/sd-default.yml
View File

@@ -1,31 +0,0 @@
# Copyright (C) 2021-2022 SkyLake Huang
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# SD-card layout:
# 0x0~0x4400 : GPT
# 0x4400~0x400000 : bl2
# 0x400000~0x480000 : u-boot-env
# 0x480000~0x680000 : rf
# 0x680000~0x880000 : fip
# 0x880000~0x2880000 : kernel
# 0x2880000~0x12880000: rootfs
sd:
bl2_start: 0x4400
rf_start: 0x480000
fip_start: 0x680000
kernel_start: 0x880000
rootfs_start: 0x2880000

25
atf-20231013-0ea67d76a/tools/dev/single_img_wrapper/partitions/sd-mt7988.yml
View File

@@ -1,25 +0,0 @@
# SD-card layout:
# 0x0~0x4400 : GPT
# 0x4400~0x400000 : bl2
# 0x400000~0x480000 : u-boot-env
# 0x480000~0x680000 : rf
# 0x680000~0x880000 : fip
# 0x880000~0x2880000 : kernel
# 0x2880000~0x12880000: rootfs
# SD-card layout(Jaguar):
# 0x0~0x4400 : GPT
# 0x80000~0x400000 : bl2
# 0x400000~0x480000 : u-boot-env
# 0x480000~0x880000 : rf
# 0x880000~0xa80000 : fip
# 0xa80000~0x2a80000 : kernel
# 0x2a80000~0x12a80000: rootfs
sd:
gpt_start: 0x0
bl2_start: 0x80000
rf_start: 0x480000
fip_start: 0x880000
kernel_start: 0xa80000
rootfs_start: 0x2a80000

28
atf-20231013-0ea67d76a/tools/dev/single_img_wrapper/partitions/snfi-nand-default.yml
View File

@@ -1,28 +0,0 @@
# Copyright (C) 2021-2022 SkyLake Huang
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# NAND flash layout:
# 0x0~0x100000: BL2, 1024K
# 0x100000~0x180000: Uboot env, 512K
# 0x180000~0x380000: RF, 2048K
# 0x380000~0x580000: FIP, 2048K
# 0x580000~ : firmware
snfi-nand:
bl2_start: 0x0
rf_start: 0x180000
fip_start: 0x380000
kernel_start: 0x580000

19
atf-20231013-0ea67d76a/tools/dev/single_img_wrapper/partitions/snfi-nand-mt7988.yml
View File

@@ -1,19 +0,0 @@
# NAND flash layout(Panther/Cheetah):
# 0x0~0x100000: BL2, 1024K
# 0x100000~0x180000: Uboot env, 512K
# 0x180000~0x380000: RF, 2048K
# 0x380000~0x580000: FIP, 2048K
# 0x580000~ : firmware
# NAND flash layout(Jaguar):
# 0x0~0x100000: BL2, 1024K
# 0x100000~0x180000: Uboot env, 512K
# 0x180000~0x580000: RF, 4096K
# 0x580000~0x780000: FIP, 2048K
# 0x780000~ : firmware
snfi-nand:
bl2_start: 0x0
rf_start: 0x180000
fip_start: 0x580000
kernel_start: 0x780000

28
atf-20231013-0ea67d76a/tools/dev/single_img_wrapper/partitions/spim-nand-default.yml
View File

@@ -1,28 +0,0 @@
# Copyright (C) 2021-2022 SkyLake Huang
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# NAND flash layout:
# 0x0~0x100000: BL2, 1024K
# 0x100000~0x180000: Uboot env, 512K
# 0x180000~0x380000: RF, 2048K
# 0x380000~0x580000: FIP, 2048K
# 0x580000~ : firmware
spim-nand:
bl2_start: 0x0
rf_start: 0x180000
fip_start: 0x380000
kernel_start: 0x580000

19
atf-20231013-0ea67d76a/tools/dev/single_img_wrapper/partitions/spim-nand-mt7988.yml
View File

@@ -1,19 +0,0 @@
# NAND flash layout(Panther/Cheetah):
# 0x0~0x100000: BL2, 1024K
# 0x100000~0x180000: Uboot env, 512K
# 0x180000~0x380000: RF, 2048K
# 0x380000~0x580000: FIP, 2048K
# 0x580000~ : firmware
# NAND flash layout(Jaguar):
# 0x0~0x100000: BL2, 1024K
# 0x100000~0x180000: Uboot env, 512K
# 0x180000~0x580000: RF, 4096K
# 0x580000~0x780000: FIP, 2048K
# 0x780000~ : firmware
spim-nand:
bl2_start: 0x0
rf_start: 0x180000
fip_start: 0x580000
kernel_start: 0x780000

28
atf-20231013-0ea67d76a/tools/dev/single_img_wrapper/partitions/spim-nand-slt.yml
View File

@@ -1,28 +0,0 @@
# Copyright (C) 2021-2022 SkyLake Huang
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# NAND flash layout:
# 0x0~0x100000 : BL2, 1024K
# 0x100000~0x180000 : Uboot env, 512K
# 0x180000~0x380000 : RF, 2048K
# 0x380000~0x1080000: FIP, 13M
# 0x1080000~ : firmware
spim-nand:
bl2_start: 0x0
rf_start: 0x180000
fip_start: 0x380000
kernel_start: 0x1080000

19
atf-20231013-0ea67d76a/tools/dev/single_img_wrapper/partitions/spim-nor-mt7988.yml
View File

@@ -1,19 +0,0 @@
# NOR flash layout(Panther/Cheetah):
# 0x0~0x40000 : BL2, 256K
# 0x40000~0x50000 : Uboot env, 64K
# 0x50000~0x100000: RF, 704K
# 0x100000~0x180000: FIP, 512K
# 0x180000~ : firmware
# NOR flash layout(Jaguar):
# 0x0~0x40000 : BL2, 256K
# 0x40000~0x50000 : Uboot env, 64K
# 0x50000~0x250000: RF, 2048K
# 0x250000~0x2d0000: FIP, 512K
# 0x2d0000~ : firmware
spim-nor:
bl2_start: 0x0
rf_start: 0x50000
fip_start: 0x250000
kernel_start: 0x2d0000

0
atf-20231013-0ea67d76a/.checkpatch.conf → atf-20240117-bacca82a8/.checkpatch.conf
View File

0
atf-20231013-0ea67d76a/.commitlintrc.js → atf-20240117-bacca82a8/.commitlintrc.js
View File

0
atf-20231013-0ea67d76a/.cz.json → atf-20240117-bacca82a8/.cz.json
View File

0
atf-20231013-0ea67d76a/.editorconfig → atf-20240117-bacca82a8/.editorconfig
View File

4
atf-20231013-0ea67d76a/.gitignore → atf-20240117-bacca82a8/.gitignore vendored
View File

@@ -53,3 +53,7 @@ node_modules/
env/
.venv/
venv/
# MediaTek related
.vscode/
Kconfiglib/__pycache__/

0
atf-20231013-0ea67d76a/.gitreview → atf-20240117-bacca82a8/.gitreview
View File

0
atf-20231013-0ea67d76a/.husky/.gitignore → atf-20240117-bacca82a8/.husky/.gitignore vendored
View File

0
atf-20231013-0ea67d76a/.husky/commit-msg → atf-20240117-bacca82a8/.husky/commit-msg
View File

0
atf-20231013-0ea67d76a/.husky/commit-msg.commitlint → atf-20240117-bacca82a8/.husky/commit-msg.commitlint
View File

0
atf-20231013-0ea67d76a/.husky/commit-msg.gerrit → atf-20240117-bacca82a8/.husky/commit-msg.gerrit
View File

0
atf-20231013-0ea67d76a/.husky/pre-commit → atf-20240117-bacca82a8/.husky/pre-commit
View File

0
atf-20231013-0ea67d76a/.husky/pre-commit.copyright → atf-20240117-bacca82a8/.husky/pre-commit.copyright
View File

0
atf-20231013-0ea67d76a/.husky/prepare-commit-msg → atf-20240117-bacca82a8/.husky/prepare-commit-msg
View File

0
atf-20231013-0ea67d76a/.husky/prepare-commit-msg.cz → atf-20240117-bacca82a8/.husky/prepare-commit-msg.cz
View File

0
atf-20231013-0ea67d76a/.nvmrc → atf-20240117-bacca82a8/.nvmrc
View File

0
atf-20231013-0ea67d76a/.readthedocs.yaml → atf-20240117-bacca82a8/.readthedocs.yaml
View File

0
atf-20231013-0ea67d76a/.versionrc.js → atf-20240117-bacca82a8/.versionrc.js
View File

7
atf-20240117-bacca82a8/Config.in Normal file
View File

@@ -0,0 +1,7 @@
#
# Copyright (c) 2023, MediaTek Inc. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
source "plat/mediatek/apsoc_common/Config.in"

0
atf-20231013-0ea67d76a/Kconfiglib/LICENSE.txt → atf-20240117-bacca82a8/Kconfiglib/LICENSE.txt
View File

0
atf-20231013-0ea67d76a/Kconfiglib/MANIFEST.in → atf-20240117-bacca82a8/Kconfiglib/MANIFEST.in
View File

0
atf-20231013-0ea67d76a/Kconfiglib/README.rst → atf-20240117-bacca82a8/Kconfiglib/README.rst
View File

0
atf-20231013-0ea67d76a/Kconfiglib/alldefconfig.py → atf-20240117-bacca82a8/Kconfiglib/alldefconfig.py
View File

0
atf-20231013-0ea67d76a/Kconfiglib/allmodconfig.py → atf-20240117-bacca82a8/Kconfiglib/allmodconfig.py
View File

0
atf-20231013-0ea67d76a/Kconfiglib/allnoconfig.py → atf-20240117-bacca82a8/Kconfiglib/allnoconfig.py
View File

0
atf-20231013-0ea67d76a/Kconfiglib/allyesconfig.py → atf-20240117-bacca82a8/Kconfiglib/allyesconfig.py
View File

0
atf-20231013-0ea67d76a/Kconfiglib/defconfig.py → atf-20240117-bacca82a8/Kconfiglib/defconfig.py
View File

0
atf-20231013-0ea67d76a/Kconfiglib/genconfig.py → atf-20240117-bacca82a8/Kconfiglib/genconfig.py
View File

0
atf-20231013-0ea67d76a/Kconfiglib/guiconfig.py → atf-20240117-bacca82a8/Kconfiglib/guiconfig.py
View File

0
atf-20231013-0ea67d76a/Kconfiglib/kconfiglib.py → atf-20240117-bacca82a8/Kconfiglib/kconfiglib.py
View File

0
atf-20231013-0ea67d76a/Kconfiglib/listnewconfig.py → atf-20240117-bacca82a8/Kconfiglib/listnewconfig.py
View File

0
atf-20231013-0ea67d76a/Kconfiglib/menuconfig.py → atf-20240117-bacca82a8/Kconfiglib/menuconfig.py
View File

0
atf-20231013-0ea67d76a/Kconfiglib/oldconfig.py → atf-20240117-bacca82a8/Kconfiglib/oldconfig.py
View File

0
atf-20231013-0ea67d76a/Kconfiglib/olddefconfig.py → atf-20240117-bacca82a8/Kconfiglib/olddefconfig.py
View File

0
atf-20231013-0ea67d76a/Kconfiglib/savedefconfig.py → atf-20240117-bacca82a8/Kconfiglib/savedefconfig.py
View File

0
atf-20231013-0ea67d76a/Kconfiglib/setconfig.py → atf-20240117-bacca82a8/Kconfiglib/setconfig.py
View File

324
atf-20231013-0ea67d76a/Makefile → atf-20240117-bacca82a8/Makefile
View File

@@ -8,8 +8,8 @@
# Trusted Firmware Version
#
VERSION_MAJOR := 2
VERSION_MINOR := 9
VERSION_PATCH := 0
VERSION_MINOR := 10
VERSION_PATCH := 0 # Only used for LTS releases
VERSION := ${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}
# Default goal is build all images
@@ -35,16 +35,15 @@ ENABLE_ASSERTIONS := ${DEBUG}
ENABLE_PMF := ${ENABLE_RUNTIME_INSTRUMENTATION}
PLAT := ${DEFAULT_PLAT}
# Include Kconfig script
include makeconfig_pre.mk
################################################################################
# Checkpatch script options
################################################################################
CHECKCODE_ARGS := --no-patch
# Do not check the coding style on imported library files or documentation files
INC_ARM_DIRS_TO_CHECK := $(sort $(filter-out \
include/drivers/arm/cryptocell, \
$(wildcard include/drivers/arm/*)))
INC_ARM_DIRS_TO_CHECK += include/drivers/arm/cryptocell/*.h
INC_DRV_DIRS_TO_CHECK := $(sort $(filter-out \
include/drivers/arm, \
$(wildcard include/drivers/*)))
@@ -215,14 +214,14 @@ ifneq (${DEBUG}, 0)
ASFLAGS += -g -Wa,-gdwarf-4
# Use LOG_LEVEL_INFO by default for debug builds
LOG_LEVEL := 40
LOG_LEVEL ?= 40
else
BUILD_TYPE := release
TF_CFLAGS += -g -gdwarf-4
ASFLAGS += -g -Wa,-gdwarf-4
# Use LOG_LEVEL_NOTICE by default for release builds
LOG_LEVEL := 20
LOG_LEVEL ?= 20
endif #(Debug)
# Default build string (git branch and commit)
@@ -315,6 +314,10 @@ WARNINGS += -Wunused-but-set-variable -Wmaybe-uninitialized \
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105523
TF_CFLAGS += $(call cc_option, --param=min-pagesize=0)
ifeq ($(HARDEN_SLS), 1)
TF_CFLAGS_aarch64 += $(call cc_option, -mharden-sls=all)
endif
else
# using clang
WARNINGS += -Wshift-overflow -Wshift-sign-overflow \
@@ -364,6 +367,7 @@ else ifneq ($(findstring gcc,$(notdir $(LD))),)
TF_LDFLAGS += -Wl,-z,common-page-size=4096 #Configure page size constants
TF_LDFLAGS += -Wl,-z,max-page-size=4096
TF_LDFLAGS += -Wl,--build-id=none
ifeq ($(ENABLE_LTO),1)
ifeq (${ARCH},aarch64)
@@ -373,8 +377,10 @@ else ifneq ($(findstring gcc,$(notdir $(LD))),)
# GCC automatically adds fix-cortex-a53-843419 flag when used to link
# which breaks some builds, so disable if errata fix is not explicitly enabled
ifneq (${ERRATA_A53_843419},1)
TF_LDFLAGS += -mno-fix-cortex-a53-843419
ifeq (${ARCH},aarch64)
ifneq (${ERRATA_A53_843419},1)
TF_LDFLAGS += -mno-fix-cortex-a53-843419
endif
endif
TF_LDFLAGS += -nostdlib
TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH)))
@@ -389,6 +395,7 @@ else
TF_LDFLAGS += -z common-page-size=4096 # Configure page size constants
TF_LDFLAGS += -z max-page-size=4096
TF_LDFLAGS += --build-id=none
# ld.lld doesn't recognize the errata flags,
# therefore don't add those in that case.
@@ -400,10 +407,6 @@ else
endif #(LD = armlink)
DTC_FLAGS += -I dts -O dtb
DTC_CPPFLAGS += -P -nostdinc -Iinclude -Ifdts -undef \
-x assembler-with-cpp $(DEFINES)
################################################################################
# Setup ARCH_MAJOR/MINOR before parsing arch_features.
################################################################################
@@ -415,7 +418,6 @@ endif
################################################################################
# Common sources and include directories
################################################################################
include ${MAKE_HELPERS_DIRECTORY}arch_features.mk
include lib/compiler-rt/compiler-rt.mk
BL_COMMON_SOURCES += common/bl_common.c \
@@ -446,106 +448,12 @@ INCLUDES += -Iinclude \
${PLAT_INCLUDES} \
${SPD_INCLUDES}
DTC_FLAGS += -I dts -O dtb
DTC_CPPFLAGS += -P -nostdinc $(INCLUDES) -Ifdts -undef \
-x assembler-with-cpp $(DEFINES)
include common/backtrace/backtrace.mk
################################################################################
# Process BRANCH_PROTECTION value and set
# Pointer Authentication and Branch Target Identification flags
################################################################################
ifeq (${BRANCH_PROTECTION},0)
# Default value turns off all types of branch protection
BP_OPTION := none
else ifneq (${ARCH},aarch64)
$(error BRANCH_PROTECTION requires AArch64)
else ifeq (${BRANCH_PROTECTION},1)
# Enables all types of branch protection features
BP_OPTION := standard
ENABLE_BTI := 1
ENABLE_PAUTH := 1
else ifeq (${BRANCH_PROTECTION},2)
# Return address signing to its standard level
BP_OPTION := pac-ret
ENABLE_PAUTH := 1
else ifeq (${BRANCH_PROTECTION},3)
# Extend the signing to include leaf functions
BP_OPTION := pac-ret+leaf
ENABLE_PAUTH := 1
else ifeq (${BRANCH_PROTECTION},4)
# Turn on branch target identification mechanism
BP_OPTION := bti
ENABLE_BTI := 1
else
$(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION})
endif #(BRANCH_PROTECTION)
ifeq ($(ENABLE_PAUTH),1)
CTX_INCLUDE_PAUTH_REGS := 1
endif
ifneq (${BP_OPTION},none)
TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION}
endif #(BP_OPTION)
# Pointer Authentication sources
ifeq (${ENABLE_PAUTH}, 1)
# arm/common/aarch64/arm_pauth.c contains a sample platform hook to complete the
# Pauth support. As it's not secure, it must be reimplemented for real platforms
BL_COMMON_SOURCES += lib/extensions/pauth/pauth_helpers.S
endif
####################################################
# Enable required options for Memory Stack Tagging.
####################################################
# Currently, these options are enabled only for clang and armclang compiler.
ifeq (${SUPPORT_STACK_MEMTAG},yes)
ifdef mem_tag_arch_support
# Check for armclang and clang compilers
ifneq ( ,$(filter $(notdir $(CC)),armclang clang))
# Add "memtag" architecture feature modifier if not specified
ifeq ( ,$(findstring memtag,$(arch-features)))
arch-features := $(arch-features)+memtag
endif # memtag
ifeq ($(notdir $(CC)),armclang)
TF_CFLAGS += -mmemtag-stack
else ifeq ($(notdir $(CC)),clang)
TF_CFLAGS += -fsanitize=memtag
endif # armclang
endif
else
$(error "Error: stack memory tagging is not supported for \
architecture ${ARCH},armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a")
endif #(mem_tag_arch_support)
endif #(SUPPORT_STACK_MEMTAG)
################################################################################
# RME dependent flags configuration, Enable optional features for RME.
################################################################################
# FEAT_RME
ifeq (${ENABLE_RME},1)
# RME doesn't support PIE
ifneq (${ENABLE_PIE},0)
$(error ENABLE_RME does not support PIE)
endif
# RME doesn't support BRBE
ifneq (${ENABLE_BRBE_FOR_NS},0)
$(error ENABLE_RME does not support BRBE.)
endif
# RME requires AARCH64
ifneq (${ARCH},aarch64)
$(error ENABLE_RME requires AArch64)
endif
# RME requires el2 context to be saved for now.
CTX_INCLUDE_EL2_REGS := 1
CTX_INCLUDE_AARCH32_REGS := 0
CTX_INCLUDE_PAUTH_REGS := 1
# RME enables CSV2_2 extension by default.
ENABLE_FEAT_CSV2_2 = 1
endif #(FEAT_RME)
################################################################################
# Generic definitions
################################################################################
@@ -602,6 +510,12 @@ ifneq (${SPD},none)
ifneq ($(SP_LAYOUT_FILE),)
BL2_ENABLE_SP_LOAD := 1
endif
ifeq ($(SPMC_AT_EL3_SEL0_SP),1)
ifneq ($(SPMC_AT_EL3),1)
$(error SEL0 SP cannot be enabled without SPMC at EL3)
endif
endif
else
# All other SPDs in spd directory
SPD_DIR := spd
@@ -636,14 +550,118 @@ ifeq ($(SPMC_AT_EL3),1)
endif
endif
ifeq (${CTX_INCLUDE_EL2_REGS}, 1)
ifeq (${SPD},none)
ifeq (${ENABLE_RME},0)
$(error CTX_INCLUDE_EL2_REGS is available only when SPD \
or RME is enabled)
endif
endif
################################################################################
# Process BRANCH_PROTECTION value and set
# Pointer Authentication and Branch Target Identification flags
################################################################################
ifeq (${BRANCH_PROTECTION},0)
# Default value turns off all types of branch protection
BP_OPTION := none
else ifneq (${ARCH},aarch64)
$(error BRANCH_PROTECTION requires AArch64)
else ifeq (${BRANCH_PROTECTION},1)
# Enables all types of branch protection features
BP_OPTION := standard
ENABLE_BTI := 1
ENABLE_PAUTH := 1
else ifeq (${BRANCH_PROTECTION},2)
# Return address signing to its standard level
BP_OPTION := pac-ret
ENABLE_PAUTH := 1
else ifeq (${BRANCH_PROTECTION},3)
# Extend the signing to include leaf functions
BP_OPTION := pac-ret+leaf
ENABLE_PAUTH := 1
else ifeq (${BRANCH_PROTECTION},4)
# Turn on branch target identification mechanism
BP_OPTION := bti
ENABLE_BTI := 1
else
$(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION})
endif #(BRANCH_PROTECTION)
ifeq ($(ENABLE_PAUTH),1)
CTX_INCLUDE_PAUTH_REGS := 1
endif
ifneq (${BP_OPTION},none)
TF_CFLAGS_aarch64 += -mbranch-protection=${BP_OPTION}
endif #(BP_OPTION)
# Pointer Authentication sources
ifeq (${ENABLE_PAUTH}, 1)
# arm/common/aarch64/arm_pauth.c contains a sample platform hook to complete the
# Pauth support. As it's not secure, it must be reimplemented for real platforms
BL_COMMON_SOURCES += lib/extensions/pauth/pauth_helpers.S
endif
################################################################################
# Include the platform specific Makefile after the SPD Makefile (the platform
# makefile may use all previous definitions in this file)
################################################################################
include ${PLAT_MAKEFILE_FULL}
################################################################################
# Setup arch_features based on ARM_ARCH_MAJOR, ARM_ARCH_MINOR provided from
# platform.
################################################################################
include ${MAKE_HELPERS_DIRECTORY}arch_features.mk
####################################################
# Enable required options for Memory Stack Tagging.
####################################################
# Currently, these options are enabled only for clang and armclang compiler.
ifeq (${SUPPORT_STACK_MEMTAG},yes)
ifdef mem_tag_arch_support
# Check for armclang and clang compilers
ifneq ( ,$(filter $(notdir $(CC)),armclang clang))
# Add "memtag" architecture feature modifier if not specified
ifeq ( ,$(findstring memtag,$(arch-features)))
arch-features := $(arch-features)+memtag
endif # memtag
ifeq ($(notdir $(CC)),armclang)
TF_CFLAGS += -mmemtag-stack
else ifeq ($(notdir $(CC)),clang)
TF_CFLAGS += -fsanitize=memtag
endif # armclang
endif
else
$(error "Error: stack memory tagging is not supported for \
architecture ${ARCH},armv${ARM_ARCH_MAJOR}.${ARM_ARCH_MINOR}-a")
endif #(mem_tag_arch_support)
endif #(SUPPORT_STACK_MEMTAG)
################################################################################
# RME dependent flags configuration, Enable optional features for RME.
################################################################################
# FEAT_RME
ifeq (${ENABLE_RME},1)
# RME doesn't support BRBE
ENABLE_BRBE_FOR_NS := 0
# RME doesn't support PIE
ifneq (${ENABLE_PIE},0)
$(error ENABLE_RME does not support PIE)
endif
# RME doesn't support BRBE
ifneq (${ENABLE_BRBE_FOR_NS},0)
$(error ENABLE_RME does not support BRBE.)
endif
# RME requires AARCH64
ifneq (${ARCH},aarch64)
$(error ENABLE_RME requires AArch64)
endif
# RME requires el2 context to be saved for now.
CTX_INCLUDE_EL2_REGS := 1
CTX_INCLUDE_AARCH32_REGS := 0
CTX_INCLUDE_PAUTH_REGS := 1
# RME enables CSV2_2 extension by default.
ENABLE_FEAT_CSV2_2 = 1
endif #(FEAT_RME)
################################################################################
# Include rmmd Makefile if RME is enabled
@@ -665,12 +683,14 @@ include services/std_svc/rmmd/rmmd.mk
$(warning "RME is an experimental feature")
endif
################################################################################
# Include the platform specific Makefile after the SPD Makefile (the platform
# makefile may use all previous definitions in this file)
################################################################################
include ${PLAT_MAKEFILE_FULL}
ifeq (${CTX_INCLUDE_EL2_REGS}, 1)
ifeq (${SPD},none)
ifeq (${ENABLE_RME},0)
$(error CTX_INCLUDE_EL2_REGS is available only when SPD \
or RME is enabled)
endif
endif
endif
################################################################################
# Platform specific Makefile might provide us ARCH_MAJOR/MINOR use that to come
@@ -697,6 +717,14 @@ else
BL2_RUNS_AT_EL3 := 0
endif
# This internal flag is set to 1 when Firmware First handling of External aborts
# is required by lowe ELs. Currently only NS requires this support.
ifeq ($(HANDLE_EA_EL3_FIRST_NS),1)
FFH_SUPPORT := 1
else
FFH_SUPPORT := 0
endif
$(eval $(call MAKE_PREREQ_DIR,${BUILD_PLAT}))
ifeq (${ARM_ARCH_MAJOR},7)
@@ -858,18 +886,9 @@ endif
# RAS_EXTENSION is deprecated, provide alternate build options
ifeq ($(RAS_EXTENSION),1)
$(error "RAS_EXTENSION is now deprecated, please use ENABLE_FEAT_RAS \
and RAS_FFH_SUPPORT instead")
and HANDLE_EA_EL3_FIRST_NS instead")
endif
# RAS firmware first handling requires that EAs are handled in EL3 first
ifeq ($(RAS_FFH_SUPPORT),1)
ifneq ($(ENABLE_FEAT_RAS),1)
$(error For RAS_FFH_SUPPORT, ENABLE_FEAT_RAS must also be 1)
endif
ifneq ($(HANDLE_EA_EL3_FIRST_NS),1)
$(error For RAS_FFH_SUPPORT, HANDLE_EA_EL3_FIRST_NS must also be 1)
endif
endif #(RAS_FFH_SUPPORT)
# When FAULT_INJECTION_SUPPORT is used, require that FEAT_RAS is enabled
ifeq ($(FAULT_INJECTION_SUPPORT),1)
@@ -1162,6 +1181,7 @@ $(eval $(call assert_booleans,\
CTX_INCLUDE_AARCH32_REGS \
CTX_INCLUDE_FPREGS \
CTX_INCLUDE_EL2_REGS \
CTX_INCLUDE_MPAM_REGS \
DEBUG \
DYN_DISABLE_AUTH \
EL3_EXCEPTION_HANDLING \
@@ -1176,18 +1196,20 @@ $(eval $(call assert_booleans,\
ENABLE_RUNTIME_INSTRUMENTATION \
ENABLE_SME_FOR_SWD \
ENABLE_SVE_FOR_SWD \
ENABLE_FEAT_RAS \
FFH_SUPPORT \
ERROR_DEPRECATED \
FAULT_INJECTION_SUPPORT \
GENERATE_COT \
GICV2_G0_FOR_EL3 \
HANDLE_EA_EL3_FIRST_NS \
HARDEN_SLS \
HW_ASSISTED_COHERENCY \
MEASURED_BOOT \
DRTM_SUPPORT \
NS_TIMER_SWITCH \
OVERRIDE_LIBC \
PL011_GENERIC_UART \
PLAT_RSS_NOT_SUPPORTED \
PROGRAMMABLE_RESET_ADDRESS \
PSCI_EXTENDED_STATE_ID \
PSCI_OS_INIT_MODE \
@@ -1199,6 +1221,7 @@ $(eval $(call assert_booleans,\
SPIN_ON_BL1_EXIT \
SPM_MM \
SPMC_AT_EL3 \
SPMC_AT_EL3_SEL0_SP \
SPMD_SPM_AT_SEL2 \
ENABLE_SPMD_LP \
TRANSFER_LIST \
@@ -1229,9 +1252,10 @@ $(eval $(call assert_booleans,\
ERRATA_ABI_SUPPORT \
ERRATA_NON_ARM_INTERCONNECT \
CONDITIONAL_CMO \
RAS_FFH_SUPPORT \
PSA_CRYPTO \
ENABLE_CONSOLE_GETC \
INIT_UNUSED_NS_EL2 \
PLATFORM_REPORT_CTX_MEM_USE \
)))
# Numeric_Flags
@@ -1252,7 +1276,6 @@ $(eval $(call assert_numerics,\
ENABLE_FEAT_AMU \
ENABLE_FEAT_AMUv1p1 \
ENABLE_FEAT_CSV2_2 \
ENABLE_FEAT_RAS \
ENABLE_FEAT_DIT \
ENABLE_FEAT_ECV \
ENABLE_FEAT_FGT \
@@ -1269,7 +1292,7 @@ $(eval $(call assert_numerics,\
ENABLE_FEAT_GCS \
ENABLE_FEAT_VHE \
ENABLE_FEAT_MTE_PERM \
ENABLE_MPAM_FOR_LOWER_ELS \
ENABLE_FEAT_MPAM \
ENABLE_RME \
ENABLE_SPE_FOR_NS \
ENABLE_SYS_REG_TRACE_FOR_NS \
@@ -1310,6 +1333,7 @@ $(eval $(call add_defines,\
CTX_INCLUDE_AARCH32_REGS \
CTX_INCLUDE_FPREGS \
CTX_INCLUDE_PAUTH_REGS \
CTX_INCLUDE_MPAM_REGS \
EL3_EXCEPTION_HANDLING \
CTX_INCLUDE_MTE_REGS \
CTX_INCLUDE_EL2_REGS \
@@ -1322,7 +1346,7 @@ $(eval $(call add_defines,\
AMU_RESTRICT_COUNTERS \
ENABLE_ASSERTIONS \
ENABLE_BTI \
ENABLE_MPAM_FOR_LOWER_ELS \
ENABLE_FEAT_MPAM \
ENABLE_PAUTH \
ENABLE_PIE \
ENABLE_PMF \
@@ -1335,6 +1359,8 @@ $(eval $(call add_defines,\
ENABLE_SPE_FOR_NS \
ENABLE_SVE_FOR_NS \
ENABLE_SVE_FOR_SWD \
ENABLE_FEAT_RAS \
FFH_SUPPORT \
ENCRYPT_BL31 \
ENCRYPT_BL32 \
ERROR_DEPRECATED \
@@ -1348,12 +1374,9 @@ $(eval $(call add_defines,\
NS_TIMER_SWITCH \
PL011_GENERIC_UART \
PLAT_${PLAT} \
PLAT_RSS_NOT_SUPPORTED \
PROGRAMMABLE_RESET_ADDRESS \
PSCI_EXTENDED_STATE_ID \
PSCI_OS_INIT_MODE \
ENABLE_FEAT_RAS \
RAS_FFH_SUPPORT \
RESET_TO_BL31 \
SEPARATE_CODE_AND_RODATA \
SEPARATE_BL2_NOLOAD_REGION \
@@ -1363,6 +1386,7 @@ $(eval $(call add_defines,\
SPIN_ON_BL1_EXIT \
SPM_MM \
SPMC_AT_EL3 \
SPMC_AT_EL3_SEL0_SP \
SPMD_SPM_AT_SEL2 \
TRANSFER_LIST \
TRUSTED_BOARD_BOOT \
@@ -1424,8 +1448,17 @@ $(eval $(call add_defines,\
ENABLE_SPMD_LP \
PSA_CRYPTO \
ENABLE_CONSOLE_GETC \
INIT_UNUSED_NS_EL2 \
PLATFORM_REPORT_CTX_MEM_USE \
)))
ifeq (${PLATFORM_REPORT_CTX_MEM_USE}, 1)
ifeq (${DEBUG}, 0)
$(warning "PLATFORM_REPORT_CTX_MEM_USE can be applied when DEBUG=1 only")
override PLATFORM_REPORT_CTX_MEM_USE := 0
endif
endif
ifeq (${SANITIZE_UB},trap)
$(eval $(call add_define,MONITOR_TRAPS))
endif #(SANITIZE_UB)
@@ -1781,5 +1814,8 @@ help:
@echo "example: build all targets for the FVP platform:"
@echo " CROSS_COMPILE=aarch64-none-elf- make PLAT=fvp all"
# Include Kconfig script
include makeconfig_post.mk
.PHONY: FORCE
FORCE:;

0
atf-20231013-0ea67d76a/bl1/aarch32/bl1_arch_setup.c → atf-20240117-bacca82a8/bl1/aarch32/bl1_arch_setup.c
View File

0
atf-20231013-0ea67d76a/bl1/aarch32/bl1_context_mgmt.c → atf-20240117-bacca82a8/bl1/aarch32/bl1_context_mgmt.c
View File

0
atf-20231013-0ea67d76a/bl1/aarch32/bl1_entrypoint.S → atf-20240117-bacca82a8/bl1/aarch32/bl1_entrypoint.S
View File

0
atf-20231013-0ea67d76a/bl1/aarch32/bl1_exceptions.S → atf-20240117-bacca82a8/bl1/aarch32/bl1_exceptions.S
View File

Some files were not shown because too many files have changed in this diff Show More