mirrors/meta-arm
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-arm synced 2026-04-20 11:29:54 +00:00
Code Issues Projects Releases Wiki Activity

arm-bsp/trusted-services: corstone1000: Fix Capsule Update

Browse Source 
Adds missing update service definitions for using stateless platform
services and initializes the capsule udpate provider in se-proxy-sp
for corstone1000.

Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit is contained in:
Emekcan Aras
2023-06-22 14:16:28 +01:00
committed by Jon Mason
parent bd0c162e37
commit 779594c5d8
3 changed files with 221 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

141
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-plat-corstone1000-Use-the-stateless-platform-service.patch Normal file
View File

@@ -0,0 +1,141 @@
From a71e99045996c57a4f80509ae8b770aa4f73f6c0 Mon Sep 17 00:00:00 2001
From: Emekcan Aras <emekcan.aras@arm.com>
Date: Sun, 18 Jun 2023 14:38:42 +0100
Subject: [PATCH] plat: corstone1000: Use the stateless platform service calls
Calls to psa_connect is not needed and psa_call can be called directly with a
pre defined handle.
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Upstream-Status: Inappropriate [Design is to revisted]
---
.../provider/capsule_update_provider.c | 24 ++++---------------
.../provider/corstone1000_fmp_service.c | 10 ++++----
.../provider/corstone1000_fmp_service.h | 3 +--
components/service/common/include/psa/sid.h | 7 ++++++
4 files changed, 17 insertions(+), 27 deletions(-)
diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
index 991a2235..6809249f 100644
--- a/components/service/capsule_update/provider/capsule_update_provider.c
+++ b/components/service/capsule_update/provider/capsule_update_provider.c
@@ -61,7 +61,6 @@ void capsule_update_provider_deinit(struct capsule_update_provider *context)
static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
{
uint32_t ioctl_id;
- psa_handle_t handle;
rpc_status_t rpc_status = TS_RPC_CALL_ACCEPTED;
struct psa_invec in_vec[] = {
@@ -79,31 +78,18 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
case CAPSULE_UPDATE_REQUEST:
/* Openamp call with IOCTL for firmware update*/
ioctl_id = IOCTL_CORSTONE1000_FWU_FLASH_IMAGES;
- handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
- TFM_SP_PLATFORM_IOCTL_VERSION);
- if (handle <= 0) {
- EMSG("%s Invalid handle", __func__);
- rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
- return rpc_status;
- }
- psa_call(caller,handle, PSA_IPC_CALL,
+ psa_call(caller,TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
in_vec,IOVEC_LEN(in_vec), NULL, 0);
- set_fmp_image_info(caller, handle);
+ set_fmp_image_info(caller);
break;
case KERNEL_STARTED_EVENT:
ioctl_id = IOCTL_CORSTONE1000_FWU_HOST_ACK;
/*openamp call with IOCTL for kernel start*/
- handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
- TFM_SP_PLATFORM_IOCTL_VERSION);
- if (handle <= 0) {
- EMSG("%s Invalid handle", __func__);
- rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
- return rpc_status;
- }
- psa_call(caller,handle, PSA_IPC_CALL,
+
+ psa_call(caller,TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
in_vec,IOVEC_LEN(in_vec), NULL, 0);
- set_fmp_image_info(caller, handle);
+ set_fmp_image_info(caller);
break;
default:
EMSG("%s unsupported opcode", __func__);
diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c
index 6a7a47a7..d811af9f 100644
--- a/components/service/capsule_update/provider/corstone1000_fmp_service.c
+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c
@@ -238,8 +238,7 @@ static psa_status_t unpack_image_info(void *buffer, uint32_t size)
return PSA_SUCCESS;
}
-static psa_status_t get_image_info(struct rpc_caller *caller,
- psa_handle_t platform_service_handle)
+static psa_status_t get_image_info(struct rpc_caller *caller)
{
psa_status_t status;
psa_handle_t handle;
@@ -255,7 +254,7 @@ static psa_status_t get_image_info(struct rpc_caller *caller,
memset(image_info_buffer, 0, IMAGE_INFO_BUFFER_SIZE);
- psa_call(caller, platform_service_handle, PSA_IPC_CALL,
+ psa_call(caller, TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
status = unpack_image_info(image_info_buffer, IMAGE_INFO_BUFFER_SIZE);
@@ -288,12 +287,11 @@ static psa_status_t set_image_info(struct rpc_caller *caller)
return PSA_SUCCESS;
}
-void set_fmp_image_info(struct rpc_caller *caller,
- psa_handle_t platform_service_handle)
+void set_fmp_image_info(struct rpc_caller *caller)
{
psa_status_t status;
- status = get_image_info(caller, platform_service_handle);
+ status = get_image_info(caller);
if (status != PSA_SUCCESS) {
return;
}
diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h
index 95fba2a0..963223e8 100644
--- a/components/service/capsule_update/provider/corstone1000_fmp_service.h
+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h
@@ -16,8 +16,7 @@ extern "C" {
void provision_fmp_variables_metadata(struct rpc_caller *caller);
-void set_fmp_image_info(struct rpc_caller *caller,
- psa_handle_t platform_service_handle);
+void set_fmp_image_info(struct rpc_caller *caller);
#ifdef __cplusplus
} /* extern "C" */
diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
index 5aaa659d..fc3a4fb0 100644
--- a/components/service/common/include/psa/sid.h
+++ b/components/service/common/include/psa/sid.h
@@ -40,6 +40,13 @@ extern "C" {
#define TFM_CRYPTO_VERSION (1U)
#define TFM_CRYPTO_HANDLE (0x40000100U)
+/******** TFM_PLATFORM_SERVICE *******/
+#define TFM_PLATFORM_API_ID_IOCTL (1013)
+#define TFM_PLATFORM_SERVICE_HANDLE (0x40000105U)
+
+/**
+ * \brief Define a progressive numerical value for each SID which can be used
+ * when dispatching the requests to the service
/******** TFM_SP_PLATFORM ********/
#define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U)
#define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U)
--
2.17.1

78
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-Initialize-capsule-update-provider.patch Normal file
View File

@@ -0,0 +1,78 @@
From b5b31064959665f4cc616733be3d989ae4356636 Mon Sep 17 00:00:00 2001
From: Emekcan Aras <emekcan.aras@arm.com>
Date: Sun, 18 Jun 2023 16:05:27 +0100
Subject: [PATCH] plat: corstone1000: Initialize capsule update provider
Initializes the capsule update service provider in se-proxy-sp.c deployment
for corstone1000.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Upstream-Status: Inappropriate [Design is to revisted]
---
deployments/se-proxy/env/commonsp/se_proxy_sp.c | 3 +++
.../infra/corstone1000/service_proxy_factory.c | 17 +++++++++++++++++
.../se-proxy/infra/service_proxy_factory.h | 1 +
3 files changed, 21 insertions(+)
diff --git a/deployments/se-proxy/env/commonsp/se_proxy_sp.c b/deployments/se-proxy/env/commonsp/se_proxy_sp.c
index 45fcb385..dc2a9d49 100644
--- a/deployments/se-proxy/env/commonsp/se_proxy_sp.c
+++ b/deployments/se-proxy/env/commonsp/se_proxy_sp.c
@@ -77,6 +77,9 @@ void __noreturn sp_main(struct ffa_init_info *init_info)
}
rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_ATTEST, rpc_iface);
+ rpc_iface = capsule_update_proxy_create();
+ rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_CAPSULE_UPDATE, rpc_iface);
+
/* End of boot phase */
result = sp_msg_wait(&req_msg);
if (result != SP_RESULT_OK) {
diff --git a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
index bacab1de..32d88c97 100644
--- a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
+++ b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
@@ -14,6 +14,7 @@
#include <service/crypto/factory/crypto_provider_factory.h>
#include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
#include <trace.h>
+#include <service/capsule_update/provider/capsule_update_provider.h>
/* backends */
#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
@@ -94,3 +95,19 @@ struct rpc_interface *its_proxy_create(void)
return secure_storage_provider_init(&its_provider, backend);
}
+
+struct rpc_interface *capsule_update_proxy_create(void)
+{
+ static struct capsule_update_provider capsule_update_provider;
+ static struct rpc_caller *capsule_update_caller;
+
+ capsule_update_caller = psa_ipc_caller_init(&psa_ipc);
+
+ if (!capsule_update_caller)
+ return NULL;
+
+ capsule_update_provider.client.caller = capsule_update_caller;
+
+ return capsule_update_provider_init(&capsule_update_provider);
+}
+
diff --git a/deployments/se-proxy/infra/service_proxy_factory.h b/deployments/se-proxy/infra/service_proxy_factory.h
index 298d407a..02aa7fe2 100644
--- a/deployments/se-proxy/infra/service_proxy_factory.h
+++ b/deployments/se-proxy/infra/service_proxy_factory.h
@@ -17,6 +17,7 @@ struct rpc_interface *attest_proxy_create(void);
struct rpc_interface *crypto_proxy_create(void);
struct rpc_interface *ps_proxy_create(void);
struct rpc_interface *its_proxy_create(void);
+struct rpc_interface *capsule_update_proxy_create(void);
#ifdef __cplusplus
}
--
2.17.1

2
meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
View File

@@ -7,6 +7,8 @@ SRC_URI:append:corstone1000 = " \
file://0003-FMP-Support-in-Corstone1000.patch;patchdir=../trusted-services \
file://0004-GetNextVariableName-Fix.patch;patchdir=../trusted-services \
file://0005-plat-corstone1000-add-compile-definitions-for-ECP_DP.patch;patchdir=../trusted-services \
file://0006-plat-corstone1000-Use-the-stateless-platform-service.patch;patchdir=../trusted-services \
file://0007-plat-corstone1000-Initialize-capsule-update-provider.patch;patchdir=../trusted-services \
"