mirrors/meta-arm
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-arm synced 2026-05-06 04:42:16 +00:00
Code Issues Projects Releases Wiki Activity

arm-bsp/trusted-firmware-m: corstone1000 support FMP image info

Browse Source 
Apply tfm patches to support FMP image info

Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit is contained in:
Mohamed Omar Asaker
2022-10-24 14:33:29 +01:00
committed by Jon Mason
parent dc4a702aaf
commit bcba4a6c5f
7 changed files with 1441 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

359
meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0001-corstone1000-platform-secure-test-framework.patch Normal file
View File

@@ -0,0 +1,359 @@
From 6ab17eeb8225cdf4afc6956c9a2774d60866c36d Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Mon, 28 Mar 2022 05:16:50 +0100
Subject: [PATCH 1/6] corstone1000: platform secure test framework
Change-Id: Ib781927f0add93ec9c06515d251e79518ee1db6e
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Upstream-Status: Accepted [TF-Mv1.7.0]
---
.../arm/corstone1000/Native_Driver/firewall.c | 15 ++
.../arm/corstone1000/Native_Driver/firewall.h | 5 +
.../ci_regression_tests/CMakeLists.txt | 45 +++++
.../corstone1000/ci_regression_tests/s_test.c | 186 ++++++++++++++++++
.../corstone1000/ci_regression_tests/s_test.h | 30 +++
.../ci_regression_tests/s_test_config.cmake | 8 +
6 files changed, 289 insertions(+)
create mode 100644 platform/ext/target/arm/corstone1000/ci_regression_tests/CMakeLists.txt
create mode 100644 platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.c
create mode 100644 platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.h
create mode 100644 platform/ext/target/arm/corstone1000/ci_regression_tests/s_test_config.cmake
diff --git a/platform/ext/target/arm/corstone1000/Native_Driver/firewall.c b/platform/ext/target/arm/corstone1000/Native_Driver/firewall.c
index 788cc3ec92..356b85e9d5 100755
--- a/platform/ext/target/arm/corstone1000/Native_Driver/firewall.c
+++ b/platform/ext/target/arm/corstone1000/Native_Driver/firewall.c
@@ -293,6 +293,21 @@ void fc_enable_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t mpl)
ptr->rgn_mpl3 |= (mpl & RGN_MPL_EN_MASK);
}
+void fc_read_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t* mpl)
+{
+ struct _firewall_pe_rwe_reg_map_t *ptr =
+ (struct _firewall_pe_rwe_reg_map_t *)fw_data.rwe_ptr;
+ if (mpe == RGN_MPE0)
+ *mpl = (ptr->rgn_mpl0 & RGN_MPL_EN_MASK);
+ else if (mpe == RGN_MPE1)
+ *mpl = (ptr->rgn_mpl1 & RGN_MPL_EN_MASK);
+ else if (mpe == RGN_MPE2)
+ *mpl = (ptr->rgn_mpl2 & RGN_MPL_EN_MASK);
+ else if (mpe == RGN_MPE3)
+ *mpl = (ptr->rgn_mpl3 & RGN_MPL_EN_MASK);
+}
+
+
void fc_disable_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t mpl)
{
struct _firewall_pe_rwe_reg_map_t *ptr =
diff --git a/platform/ext/target/arm/corstone1000/Native_Driver/firewall.h b/platform/ext/target/arm/corstone1000/Native_Driver/firewall.h
index 48c86725ef..17afe6a92f 100755
--- a/platform/ext/target/arm/corstone1000/Native_Driver/firewall.h
+++ b/platform/ext/target/arm/corstone1000/Native_Driver/firewall.h
@@ -247,6 +247,11 @@ void fc_init_mpl(enum rgn_mpe_t mpe);
*/
void fc_enable_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t mpl);
+/**
+ * \brief Reads Master Permission List in the selected Firewall Component
+ */
+void fc_read_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t* mpl);
+
/**
* \brief Disables Master Permission List in the selected Firewall Component
*/
diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/CMakeLists.txt b/platform/ext/target/arm/corstone1000/ci_regression_tests/CMakeLists.txt
new file mode 100644
index 0000000000..70e1c20e4e
--- /dev/null
+++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/CMakeLists.txt
@@ -0,0 +1,45 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021-22, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+cmake_policy(SET CMP0079 NEW)
+
+include(${CMAKE_CURRENT_SOURCE_DIR}/s_test_config.cmake)
+
+####################### Secure #################################################
+
+add_library(corstone1000_test_s STATIC EXCLUDE_FROM_ALL)
+
+target_sources(corstone1000_test_s
+ PRIVATE
+ ${CMAKE_CURRENT_SOURCE_DIR}/s_test.c
+ ../Native_Driver/firewall.c
+)
+
+target_include_directories(corstone1000_test_s
+ PRIVATE
+ ${CMAKE_CURRENT_SOURCE_DIR}
+ ../Device/Include
+ ../Native_Driver
+)
+
+# Example test links tfm_test_suite_extra_common to use related interface
+target_link_libraries(corstone1000_test_s
+ PRIVATE
+ tfm_test_suite_extra_common
+ tfm_log
+)
+
+target_compile_definitions(corstone1000_test_s
+ PRIVATE
+ $<$<BOOL:${PLATFORM_IS_FVP}>:PLATFORM_IS_FVP>
+)
+
+# The corstone1000_test_s library is linked by tfm_test_suite_extra_s
+target_link_libraries(tfm_test_suite_extra_s
+ PRIVATE
+ corstone1000_test_s
+)
diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.c b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.c
new file mode 100644
index 0000000000..963f46d2ab
--- /dev/null
+++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.c
@@ -0,0 +1,186 @@
+/*
+ * Copyright (c) 2021-22, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "s_test.h"
+#include "platform_base_address.h"
+#include "firewall.h"
+#include "tfm_log_raw.h"
+
+#define DISABLED_TEST 0
+
+enum host_firewall_host_comp_id_t {
+ HOST_FCTRL = (0x00u),
+ COMP_SYSPERIPH,
+ COMP_DBGPERIPH,
+ COMP_AONPERIPH,
+ COMP_XNVM,
+ COMP_CVM,
+ COMP_HOSTCPU,
+ COMP_EXTSYS0,
+ COMP_EXTSYS1,
+ COMP_EXPSLV0,
+ COMP_EXPSLV1,
+ COMP_EXPMST0,
+ COMP_EXPMST1,
+ COMP_OCVM,
+ COMP_DEBUG,
+};
+
+const struct extra_tests_t plat_s_t = {
+ .test_entry = s_test,
+ .expected_ret = EXTRA_TEST_SUCCESS
+};
+
+static int test_host_firewall_status(void)
+{
+ enum fw_lockdown_status_t status;
+ uint32_t any_component_id = 2;
+
+ fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, any_component_id);
+ status = fw_get_lockdown_status();
+ if (status != FW_LOCKED) {
+ tfm_log_printf("FAIL: %s.\n\r", __func__);
+ return EXTRA_TEST_FAILED;
+ }
+
+ tfm_log_printf("PASS: %s\n\r", __func__);
+ return EXTRA_TEST_SUCCESS;
+}
+
+static int test_host_firewall_external_flash_configurations(void)
+{
+ enum rgn_mpl_t mpl_rights = 0;
+ enum rgn_mpl_t expected_rights = 0;
+
+#if !(PLATFORM_IS_FVP)
+ /* External flash */
+ fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_EXPMST0);
+ fc_select_region(3);
+ fc_read_mpl(RGN_MPE0, &mpl_rights);
+ expected_rights = (RGN_MPL_ANY_MST_MASK | RGN_MPL_SECURE_READ_MASK |
+ RGN_MPL_SECURE_WRITE_MASK);
+ if (mpl_rights != expected_rights) {
+ tfm_log_printf("FAIL1: %s.\n\r", __func__);
+ return EXTRA_TEST_FAILED;
+ }
+ /* XIP Permissions */
+ fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_XNVM);
+ fc_select_region(1);
+ fc_read_mpl(RGN_MPE0, &mpl_rights);
+ expected_rights = (RGN_MPL_ANY_MST_MASK |
+ RGN_MPL_SECURE_READ_MASK |
+ RGN_MPL_NONSECURE_READ_MASK);
+ if (mpl_rights != expected_rights) {
+ tfm_log_printf("FAIL2: %s.\n\r", __func__);
+ return EXTRA_TEST_FAILED;
+ }
+#else
+ /* Enable the below test when FVP Host Firewall is configured. */
+ /*
+ fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_XNVM);
+ fc_select_region(1);
+ fc_read_mpl(RGN_MPE0, &mpl_rights);
+ tfm_log_printf("mpl rights = %d\n\r", mpl_rights);
+ expected_rights = (RGN_MPL_ANY_MST_MASK |
+ RGN_MPL_SECURE_READ_MASK |
+ RGN_MPL_SECURE_WRITE_MASK |
+ RGN_MPL_NONSECURE_READ_MASK |
+ RGN_MPL_NONSECURE_WRITE_MASK);
+ if (mpl_rights != expected_rights) {
+ tfm_log_printf("FAIL1: %s.\n\r", __func__);
+ return EXTRA_TEST_FAILED;
+ }
+ */
+#endif
+
+ tfm_log_printf("PASS: %s\n\r", __func__);
+ return EXTRA_TEST_SUCCESS;
+}
+
+static int test_host_firewall_secure_flash_configurations(void)
+{
+ enum rgn_mpl_t mpl_rights = 0;
+ enum rgn_mpl_t expected_rights = 0;
+
+#if !(PLATFORM_IS_FVP)
+ /* External flash */
+ fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_EXPMST1);
+ fc_select_region(1);
+ fc_read_mpl(RGN_MPE0, &mpl_rights);
+ expected_rights = (RGN_MPL_ANY_MST_MASK | RGN_MPL_SECURE_READ_MASK |
+ RGN_MPL_SECURE_WRITE_MASK);
+ if (mpl_rights != expected_rights) {
+ tfm_log_printf("FAIL: %s.\n\r", __func__);
+ return EXTRA_TEST_FAILED;
+ }
+#endif
+
+ tfm_log_printf("PASS: %s\n\r", __func__);
+ return EXTRA_TEST_SUCCESS;
+}
+
+static int test_bir_programming(void)
+{
+ /* BIR is expected to bhaive like write once register */
+
+ volatile uint32_t *bir_base = (uint32_t *)CORSTONE1000_HOST_BIR_BASE;
+
+ bir_base[0] = 0x1;
+ bir_base[0] = 0x2;
+ if (bir_base[0] != 0x1) {
+ tfm_log_printf("FAIL: %s : (%u)\n\r", __func__, bir_base[0]);
+ return EXTRA_TEST_FAILED;
+ }
+
+ tfm_log_printf("PASS: %s\n\r", __func__);
+ return EXTRA_TEST_SUCCESS;
+}
+
+int32_t s_test(void)
+{
+ int status;
+ int failures = 0;
+
+#if (DISABLED_TEST == 1)
+ status = test_host_firewall_status();
+ if (status) {
+ failures++;
+ }
+#endif
+
+ status = test_host_firewall_secure_flash_configurations();
+ if (status) {
+ failures++;
+ }
+
+ status = test_host_firewall_external_flash_configurations();
+ if (status) {
+ failures++;
+ }
+
+#if (DISABLED_TEST == 1)
+ status = test_bir_programming();
+ if (status) {
+ failures++;
+ }
+#endif
+
+ if (failures) {
+ tfm_log_printf("Not all platform test could pass: failures=%d\n\r", failures);
+ return EXTRA_TEST_FAILED;
+ }
+
+ tfm_log_printf("ALL_PASS: corstone1000 platform test cases passed.\n\r");
+ return EXTRA_TEST_SUCCESS;
+}
+
+int32_t extra_tests_init(struct extra_tests_t *internal_test_t)
+{
+ /* Add platform init code here. */
+
+ return register_extra_tests(internal_test_t, &plat_s_t);
+}
diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.h b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.h
new file mode 100644
index 0000000000..8aff4d679c
--- /dev/null
+++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) 2021-22, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __S_TESTS_H__
+#define __S_TESTS_H__
+
+#include "extra_tests_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+const struct extra_tests_t plat_s_t;
+
+/**
+ * \brief Platform specific secure test function.
+ *
+ * \returns Returns error code as specified in \ref int32_t
+ */
+int32_t s_test(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __S_TESTS_H__ */
diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test_config.cmake b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test_config.cmake
new file mode 100644
index 0000000000..bb8d26bf1c
--- /dev/null
+++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test_config.cmake
@@ -0,0 +1,8 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021-22, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+############ Define secure test specific cmake configurations here #############
--
2.25.1

77
meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0002-corstone1000-make-external-system-support-optional.patch Normal file
View File

@@ -0,0 +1,77 @@
From 6fd49ab55c3419429e437845864c5bb2d731da29 Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Mon, 25 Apr 2022 05:26:38 +0100
Subject: [PATCH 2/6] corstone1000: make external system support optional
The commits introduce build time variables to make
external system support in the platform optional.
Change-Id: I593014e0da4ac553c105c66ae55f6fd83ffe427e
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Upstream-Status: Accepted [TF-Mv1.7.0]
---
.../ext/target/arm/corstone1000/CMakeLists.txt | 1 +
platform/ext/target/arm/corstone1000/config.cmake | 1 +
.../target/arm/corstone1000/tfm_hal_multi_core.c | 15 +++++++++++++++
3 files changed, 17 insertions(+)
diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt
index 16bc708964..39d7b03455 100644
--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt
+++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt
@@ -97,6 +97,7 @@ target_compile_definitions(platform_s
PRIVATE
$<$<BOOL:${PLATFORM_IS_FVP}>:PLATFORM_IS_FVP>
$<$<BOOL:${TEST_S}>:TEST_S>
+ $<$<BOOL:${EXTERNAL_SYSTEM_SUPPORT}>:EXTERNAL_SYSTEM_SUPPORT>
)
#========================= Platform BL2 =======================================#
diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake
index e5f91108ee..a3399db318 100644
--- a/platform/ext/target/arm/corstone1000/config.cmake
+++ b/platform/ext/target/arm/corstone1000/config.cmake
@@ -21,6 +21,7 @@ set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to en
set(CRYPTO_NV_SEED OFF CACHE BOOL "Use stored NV seed to provide entropy")
set(TFM_CRYPTO_TEST_ALG_CFB OFF CACHE BOOL "Test CFB cryptography mode")
set(NS FALSE CACHE BOOL "Whether to build NS app")
+set(EXTERNAL_SYSTEM_SUPPORT OFF CACHE BOOL "Whether to include external system support.")
# FVP is not integrated/tested with CC312.
if (${PLATFORM_IS_FVP})
diff --git a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c
index 8e1b455086..8622844d91 100644
--- a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c
+++ b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c
@@ -16,6 +16,16 @@
#define HOST_CPU_PE0_CONFIG_OFFSET 0x010
#define AA64nAA32_MASK (1 << 3)
+#ifdef EXTERNAL_SYSTEM_SUPPORT
+void tfm_external_system_boot()
+{
+ volatile uint32_t *ext_sys_reset_ctl_reg = (uint32_t *)(CORSTONE1000_EXT_SYS_RESET_REG);
+
+ /* de-assert CPU_WAIT signal*/
+ *ext_sys_reset_ctl_reg = 0x0;
+}
+#endif
+
void tfm_hal_boot_ns_cpu(uintptr_t start_addr)
{
/* Switch the shared flash to XiP mode for the host */
@@ -53,6 +63,11 @@ void tfm_hal_boot_ns_cpu(uintptr_t start_addr)
*reset_ctl_reg = 0;
(void) start_addr;
+
+#ifdef EXTERNAL_SYSTEM_SUPPORT
+ /*release EXT SYS out of reset*/
+ tfm_external_system_boot();
+#endif
}
void tfm_hal_wait_for_ns_cpu_ready(void)
--
2.25.1

298
meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0003-corstone1000-enable-secure-enclave-run-without-host-.patch Normal file
View File

@@ -0,0 +1,298 @@
From 2e56f2601249243f2fb3ba67caf9febe4bfc8371 Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Tue, 26 Apr 2022 20:17:13 +0100
Subject: [PATCH 3/6] corstone1000: enable secure enclave run without host
binaries
In TEST_S configuration, the build disables part of the code which
assumes that the host binaries are present in the flash. This change
will allow secure enclave's part of the platforms software to build
and run without the host support. The configuration can be used to run
CI and test secure enclave software independently.
Change-Id: I29325750a3bea270fe5b3b8b47932a7071a59482
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Upstream-Status: Accepted [TF-Mv1.7.0]
---
.../ext/target/arm/corstone1000/readme.rst | 88 +++++++++++++++----
.../target/arm/corstone1000/CMakeLists.txt | 8 +-
.../arm/corstone1000/bl1/CMakeLists.txt | 2 +-
.../target/arm/corstone1000/bl2_flash_map.c | 2 +
.../target/arm/corstone1000/boot_hal_bl2.c | 2 +
.../ext/target/arm/corstone1000/config.cmake | 11 ++-
.../arm/corstone1000/partition/flash_layout.h | 2 +-
.../arm/corstone1000/tfm_hal_multi_core.c | 2 +
8 files changed, 94 insertions(+), 23 deletions(-)
diff --git a/docs/platform/ext/target/arm/corstone1000/readme.rst b/docs/platform/ext/target/arm/corstone1000/readme.rst
index 94b58ac6fc..10c9c58f78 100644
--- a/docs/platform/ext/target/arm/corstone1000/readme.rst
+++ b/docs/platform/ext/target/arm/corstone1000/readme.rst
@@ -7,22 +7,27 @@ Introduction
************
The ARM's Corstone-1000 platform is a reference implementation of PSA FF-M
-architecture where NSPE and SPE environments are partitioned into
+architecture where NSPE and SPE environments are partitioned/isolated into
Cortex-A35 and Cortex-M0+ respectively.
Cortex-M0+ acting as Secure Enclave is the Root-of-trust of SoC. Its
-software comprises of two boot loading stages, i.e. Bl1 and Bl2, based on
-mcuboot, and TF-M as run time software. Cortex-A35, also referred as host,
-is completely treated as non-secure from the Secure Enclave perspective.
+software comprises of two boot loading stages, i.e. Bl1 and Bl2 (based on
+mcuboot) and TF-M as run time software. Cortex-A35, also referred as host,
+is treated as non-secure from the Secure Enclave perspective.
The Cortex-A35 is brought out of rest by Secure Enclave in aarch64 bit mode,
and boots the software ecosystem based on linux, u-boot, UEFI run time
-services, TF-A and Optee.
+services, TF-A, Secure Partitions and Optee.
The communication between NSPE and SPE is based on PSA IPC protocol running on
-top of OpenAMP.
+top of FF-A/OpenAMP.
The secure enclave subsystem has ARM's CC-312 (Crypto Cell) hardware to
-accelerate cryptographic operations.
+accelerate cryptographic operations. Additionaly, platform supports Secure Debug
+using SDC-600 as the communication interface between host debugger and platform
+target. The platform has the build option to enable secure debug protocol to
+unlock debug ports during boot time. The protocol is based on ARM's ADAC
+(Authenticated Debug Access Control) standard.
+
***********
System boot
@@ -33,23 +38,76 @@ System boot
- BL1 load, verifies and transfer execution to BL2 which is again based on mcuboot.
- BL2 loads and verifies TF-M and host's initial boot loader image.
- BL2 transfer the execution to the TF-M.
-- During TF-M initialization, the host is reset.
+- During TF-M initialization, the host is taken out of rest.
+- Hashes of the keys used for image verification are stored in the OTP memory.
*****
Build
*****
-.. code-block::
+Platform solution
+=================
+
+The platform binaries are build using Yocto. Below is the user guide:
+
+`Arm Corstone-1000 User Guide`_
+
+Secure Test
+===========
+
+This section can be used to test the secure enclave software indedendently from
+the host. The below configuration builds the secure enclave binaries with CI test
+frame integrated. On boot, secure enclave softwares stack is brought up, and
+CI tests starts executing at the end of the initialization process. In the
+below configuration, host software support is disabled, and meant only
+to test/verify the secure enclave softwares.
+
+FVP
+---
- cmake -B build/ -S <tf-m-root>/ -DCMAKE_BUILD_TYPE=Debug -DTFM_TOOLCHAIN_FILE=<tf-m-root>/toolchain_GNUARM.cmake -DTFM_PLATFORM=arm/corstone1000
+- Download Corstone-1000 FVP from : `Arm Ecosystem FVPs`_
+- Install FVP by running the shell script.
+- Running of the binary will boot secure enclave software stack and at the end all CI test
+ from tf-m-test along with platform specific tests are executed.
+
+.. code-block:: bash
+
+ cmake -B build/ -S <tf-m-root>/ -DCMAKE_BUILD_TYPE=Debug -DTFM_TOOLCHAIN_FILE=<tf-m-root>/toolchain_GNUARM.cmake -DTFM_PLATFORM=arm/corstone1000 -DPLATFORM_IS_FVP=TRUE -DTEST_NS=OFF -DTEST_S=ON -DEXTRA_S_TEST_SUITES_PATHS=<tf-m-root>/trusted-firmware-m/platform/ext/target/arm/corstone1000/ci_regression_tests/
cmake --build build -- install
+ cd ./build/install/outputs/
+ cat bl2_signed.bin bl2_signed.bin tfm_s_signed.bin > cs1000.bin
+ cd <path-to-FVP-installation>/models/Linux64_GCC-9.3/
+ ./FVP_Corstone-1000 -C board.flashloader0.fname="none" -C se.trustedBootROMloader.fname="./<path-to-build-dir>/install/outputs/bl1.bin" -C board.xnvm_size=64 -C se.trustedSRAM_config=6 -C se.BootROM_config="3" -C board.smsc_91c111.enabled=0 -C board.hostbridge.userNetworking=true --data board.flash0=./<path-to-build-dir>/install/outputs/cs1000.bin@0x68100000 -C diagnostics=4 -C disable_visualisation=true -C board.se_flash_size=8192 -C diagnostics=4 -C disable_visualisation=true
+
+FPGA
+----
-The binaries will be installed inside:
+- Follow the above pointed platform user guide to setup the FPGA board.
+- Use the BL1 generated from the below commands to place it inside FPGA board SD Card.
+- Use the cs1000.bin created from the below commands to place it inside FPGA board SD Card.
+
+.. code-block:: bash
+
+ cmake -B build/ -S <tf-m-root>/ -DCMAKE_BUILD_TYPE=Debug -DTFM_TOOLCHAIN_FILE=<tf-m-root>/toolchain_GNUARM.cmake -DTFM_PLATFORM=arm/corstone1000 -DTEST_NS=OFF -DTEST_S=ON -DEXTRA_S_TEST_SUITES_PATHS=<tf-m-root>/trusted-firmware-m/platform/ext/target/arm/corstone1000/ci_regression_tests/ -DTEST_S_PS=OFF -DTEST_S_PLATFORM=OFF
+ cmake --build build -- install
+ cd ./build/install/outputs/
+ cat bl2_signed.bin bl2_signed.bin tfm_s_signed.bin > cs1000.bin
+ cp bl1.bin <path-to-FPGA-SD-CARD>/SOFTWARE/
+ cp cs1000.bin <path-to-FPGA-SD-CARD>/SOFTWARE/
-.. code-block::
+FPGA build can not compile all the CI tests into a single build as it exceeds
+the available RAM size. So there is a need to select few tests but not all.
+The above configuration disable build of -DTEST_S_PS and -DTEST_S_PLATFORM.
+Other test configurations are:
- ./build/install/outputs/ARM/CORSTONE1000
+- -DTEST_S_ATTESTATION=ON/OFF
+- -DTEST_S_AUDIT=ON/OFF
+- -DTEST_S_CRYPTO=ON/OFF
+- -DTEST_S_ITS=ON/OFF
+- -DTEST_S_PS=ON/OFF
+- -DTEST_S_PLATFORM=ON/OFF
---------------
+*Copyright (c) 2021-2022, Arm Limited. All rights reserved.*
-*Copyright (c) 2021, Arm Limited. All rights reserved.*
+.. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
+.. _Arm Corstone-1000 User Guide: https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-docs/-/blob/CORSTONE1000-2022.04.19/docs/embedded-a/corstone1000/user-guide.rst
diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt
index 39d7b03455..81522c7cf0 100644
--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt
+++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt
@@ -18,7 +18,7 @@ target_include_directories(platform_region_defs
target_compile_definitions(platform_region_defs
INTERFACE
- $<$<BOOL:${TEST_S}>:TEST_S>
+ $<$<BOOL:${TFM_S_REG_TEST}>:TFM_S_REG_TEST>
)
#========================= Platform common defs ===============================#
@@ -75,7 +75,7 @@ target_sources(platform_s
$<$<BOOL:TFM_PARTITION_PLATFORM>:${CMAKE_CURRENT_SOURCE_DIR}/services/src/tfm_platform_system.c>
fw_update_agent/uefi_capsule_parser.c
fw_update_agent/fwu_agent.c
- $<$<BOOL:${TEST_S}>:${CMAKE_CURRENT_SOURCE_DIR}/target_cfg.c>
+ $<$<BOOL:${TFM_S_REG_TEST}>:${CMAKE_CURRENT_SOURCE_DIR}/target_cfg.c>
)
if (PLATFORM_IS_FVP)
@@ -96,7 +96,7 @@ endif()
target_compile_definitions(platform_s
PRIVATE
$<$<BOOL:${PLATFORM_IS_FVP}>:PLATFORM_IS_FVP>
- $<$<BOOL:${TEST_S}>:TEST_S>
+ $<$<BOOL:${TFM_S_REG_TEST}>:TFM_S_REG_TEST>
$<$<BOOL:${EXTERNAL_SYSTEM_SUPPORT}>:EXTERNAL_SYSTEM_SUPPORT>
)
@@ -136,7 +136,7 @@ endif()
target_compile_definitions(platform_bl2
PRIVATE
$<$<BOOL:${PLATFORM_IS_FVP}>:PLATFORM_IS_FVP>
- $<$<BOOL:${TEST_S}>:TEST_S>
+ $<$<BOOL:${TFM_S_REG_TEST}>:TFM_S_REG_TEST>
)
# boot_hal_bl2.c is compiled as part of 'bl2' target and not inside
diff --git a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt b/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt
index 369695f148..d39c5ae91d 100644
--- a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt
+++ b/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt
@@ -291,7 +291,7 @@ target_compile_definitions(signing_layout_for_bl2
PRIVATE
MCUBOOT_IMAGE_NUMBER=${BL1_IMAGE_NUMBER}
BL1
- $<$<BOOL:${TEST_S}>:TEST_S>
+ $<$<BOOL:${TFM_S_REG_TEST}>:TFM_S_REG_TEST>
)
target_include_directories(signing_layout_for_bl2
diff --git a/platform/ext/target/arm/corstone1000/bl2_flash_map.c b/platform/ext/target/arm/corstone1000/bl2_flash_map.c
index 6bffa274df..0a6a592d94 100644
--- a/platform/ext/target/arm/corstone1000/bl2_flash_map.c
+++ b/platform/ext/target/arm/corstone1000/bl2_flash_map.c
@@ -38,6 +38,7 @@ struct flash_area flash_map[] = {
.fa_off = FLASH_AREA_1_OFFSET,
.fa_size = FLASH_AREA_1_SIZE,
},
+#ifndef TFM_S_REG_TEST
{
.fa_id = FLASH_AREA_2_ID,
.fa_device_id = FLASH_DEVICE_ID,
@@ -52,6 +53,7 @@ struct flash_area flash_map[] = {
.fa_off = FLASH_INVALID_OFFSET,
.fa_size = FLASH_INVALID_SIZE,
},
+#endif
};
const int flash_map_entry_num = ARRAY_SIZE(flash_map);
diff --git a/platform/ext/target/arm/corstone1000/boot_hal_bl2.c b/platform/ext/target/arm/corstone1000/boot_hal_bl2.c
index 792e06f81e..134315a17b 100644
--- a/platform/ext/target/arm/corstone1000/boot_hal_bl2.c
+++ b/platform/ext/target/arm/corstone1000/boot_hal_bl2.c
@@ -100,10 +100,12 @@ int32_t boot_platform_init(void)
return 1;
}
+#ifndef TFM_S_REG_TEST
result = fill_bl2_flash_map_by_parsing_fips(BANK_0_PARTITION_OFFSET);
if (result) {
return 1;
}
+#endif
result = FLASH_DEV_NAME.Initialize(NULL);
if (result != ARM_DRIVER_OK) {
diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake
index a3399db318..a6a1a33c42 100644
--- a/platform/ext/target/arm/corstone1000/config.cmake
+++ b/platform/ext/target/arm/corstone1000/config.cmake
@@ -13,8 +13,15 @@ set(DEFAULT_MCUBOOT_FLASH_MAP OFF CACHE BOOL "Whether to us
set(MCUBOOT_UPGRADE_STRATEGY "RAM_LOAD" CACHE STRING "Upgrade strategy when multiple boot images are loaded")
set(MCUBOOT_SECURITY_COUNTER_S "1" CACHE STRING "Security counter for S image. auto sets it to IMAGE_VERSION_S")
-set(TFM_ISOLATION_LEVEL 2 CACHE STRING "Isolation level")
-set(MCUBOOT_IMAGE_NUMBER 2 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each separately")
+if (TEST_S OR TEST_S_ATTESTATION OR TEST_S_AUDIT OR TEST_S_CRYPTO OR TEST_S_ITS OR TEST_S_PS OR TEST_S_PLATFORM OR EXTRA_S_TEST_SUITES_PATHS)
+ # Test configuration: host images are not needed and work only with isolation level 1
+ set(MCUBOOT_IMAGE_NUMBER 1 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each separately")
+ set(TFM_ISOLATION_LEVEL 1 CACHE STRING "Isolation level")
+else()
+ set(MCUBOOT_IMAGE_NUMBER 2 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each separately")
+ set(TFM_ISOLATION_LEVEL 2 CACHE STRING "Isolation level")
+endif()
+
set(TFM_MULTI_CORE_TOPOLOGY ON CACHE BOOL "Whether to build for a dual-cpu architecture")
set(TFM_PLAT_SPECIFIC_MULTI_CORE_COMM ON CACHE BOOL "Whether to use a platform specific inter core communication instead of mailbox in dual-cpu topology")
set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms")
diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
index aa5a8fe463..b0319bb319 100644
--- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h
+++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
@@ -119,7 +119,7 @@
*
*/
#define SE_BL2_PARTITION_SIZE (0x19000) /* 100 KB */
-#ifdef TEST_S
+#ifdef TFM_S_REG_TEST
#define TFM_PARTITION_SIZE (0x61C00) /* 391 KB */
#else
#define TFM_PARTITION_SIZE (0x5E000) /* 376 KB */
diff --git a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c
index 8622844d91..1146ffe22a 100644
--- a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c
+++ b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c
@@ -31,6 +31,7 @@ void tfm_hal_boot_ns_cpu(uintptr_t start_addr)
/* Switch the shared flash to XiP mode for the host */
Select_XIP_Mode_For_Shared_Flash();
+#ifndef TFM_S_REG_TEST
volatile uint32_t *bir_base = (uint32_t *)CORSTONE1000_HOST_BIR_BASE;
/* Program Boot Instruction Register to jump to BL2 (TF-A) base address
@@ -68,6 +69,7 @@ void tfm_hal_boot_ns_cpu(uintptr_t start_addr)
/*release EXT SYS out of reset*/
tfm_external_system_boot();
#endif
+#endif /* !TFM_S_REG_TEST */
}
void tfm_hal_wait_for_ns_cpu_ready(void)
--
2.25.1

72
meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0004-Platform-Partition-Allow-configuration-of-input-and-.patch Normal file
View File

@@ -0,0 +1,72 @@
From f3686dfb8fb97cb42c3d4f8ee2d7aa736d5cb760 Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Wed, 3 Aug 2022 15:50:27 +0100
Subject: [PATCH 4/6] Platform Partition: Allow configuration of input and
output buffer
The change makes input and output buffer size macros used by
the platform partition to be configured by cmake. This will
allow platforms to set the buffer size accordingly.
Change-Id: Ia492ce02f8744b0157228d9be51a9ec5b7c88ef6
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Upstream-Status: Accepted [TF-Mv1.7.0]
---
config/config_default.cmake | 2 ++
secure_fw/partitions/platform/CMakeLists.txt | 6 ++++++
secure_fw/partitions/platform/platform_sp.c | 9 +++++++--
3 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/config/config_default.cmake b/config/config_default.cmake
index 3112b707bc..497c972dc9 100755
--- a/config/config_default.cmake
+++ b/config/config_default.cmake
@@ -141,6 +141,8 @@ set(ATTEST_INCLUDE_OPTIONAL_CLAIMS ON CACHE BOOL "Include opt
set(ATTEST_INCLUDE_COSE_KEY_ID OFF CACHE BOOL "Include COSE key-id in initial attestation token")
set(TFM_PARTITION_PLATFORM ON CACHE BOOL "Enable Platform partition")
+set(PLATFORM_SERVICE_INPUT_BUFFER_SIZE 64 CACHE STRING "Size of input buffer in platform service.")
+set(PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 64 CACHE STRING "Size of output buffer in platform service.")
set(TFM_PARTITION_AUDIT_LOG OFF CACHE BOOL "Enable Audit Log partition")
diff --git a/secure_fw/partitions/platform/CMakeLists.txt b/secure_fw/partitions/platform/CMakeLists.txt
index 4b37cd780c..3070f89d6d 100644
--- a/secure_fw/partitions/platform/CMakeLists.txt
+++ b/secure_fw/partitions/platform/CMakeLists.txt
@@ -47,6 +47,12 @@ target_link_libraries(tfm_psa_rot_partition_platform
tfm_spm
)
+target_compile_definitions(tfm_psa_rot_partition_platform
+ PRIVATE
+ INPUT_BUFFER_SIZE=${PLATFORM_SERVICE_INPUT_BUFFER_SIZE}
+ OUTPUT_BUFFER_SIZE=${PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE}
+)
+
############################ Secure API ########################################
target_sources(tfm_sprt
diff --git a/secure_fw/partitions/platform/platform_sp.c b/secure_fw/partitions/platform/platform_sp.c
index 673cb0ee06..87bd434720 100644
--- a/secure_fw/partitions/platform/platform_sp.c
+++ b/secure_fw/partitions/platform/platform_sp.c
@@ -38,8 +38,13 @@ static const int32_t nv_counter_access_map[NV_COUNTER_MAP_SIZE] = {
#include "psa/service.h"
#include "region_defs.h"
-#define INPUT_BUFFER_SIZE 64
-#define OUTPUT_BUFFER_SIZE 64
+#ifndef INPUT_BUFFER_SIZE
+#define INPUT_BUFFER_SIZE 64
+#endif
+
+#ifndef OUTPUT_BUFFER_SIZE
+#define OUTPUT_BUFFER_SIZE 64
+#endif
typedef enum tfm_platform_err_t (*plat_func_t)(const psa_msg_t *msg);
#endif /* TFM_PSA_API */
--
2.25.1

573
meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0005-corstone1000-support-for-UEFI-FMP-image-Information.patch Normal file
View File

@@ -0,0 +1,573 @@
From 9d70628b7dc1dbc3c1ac7f4f3c0f6aa6b237510d Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Wed, 6 Jul 2022 11:19:39 +0100
Subject: [PATCH 5/6] corstone1000: support for UEFI FMP image Information
The commit provides the support for UEFI FMP (Firmware Management
Protocol) SET and GET Image info APIs.
The APIs to SET and GET image info is implemented. In current design,
SET is called by secure encalve and GET is called by the host.
FMP image information is initialized on every boot and retained
in SRAM. The updatable values of the FMP are stored in private
metadata section of the flash.
Change-Id: Iaf0b4a13a9c24f05e4a32509e61a8b96ee8e9e4b
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Upstream-Status: Accepted [TF-Mv1.7.0]
---
.../target/arm/corstone1000/CMakeLists.txt | 2 +
.../ext/target/arm/corstone1000/config.cmake | 8 +-
.../corstone1000/fw_update_agent/fwu_agent.c | 61 ++++-
.../corstone1000/fw_update_agent/fwu_agent.h | 3 +
.../corstone1000/fw_update_agent/uefi_fmp.c | 240 ++++++++++++++++++
.../corstone1000/fw_update_agent/uefi_fmp.h | 56 ++++
.../include/corstone1000_ioctl_requests.h | 14 +-
.../services/src/tfm_platform_system.c | 9 +
8 files changed, 374 insertions(+), 19 deletions(-)
create mode 100644 platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.c
create mode 100644 platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.h
diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt
index 81522c7cf0..3602312a3a 100644
--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt
+++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt
@@ -76,6 +76,8 @@ target_sources(platform_s
fw_update_agent/uefi_capsule_parser.c
fw_update_agent/fwu_agent.c
$<$<BOOL:${TFM_S_REG_TEST}>:${CMAKE_CURRENT_SOURCE_DIR}/target_cfg.c>
+ fw_update_agent/uefi_fmp.c
+ $<$<NOT:$<BOOL:${PLATFORM_DEFAULT_OTP}>>:${PLATFORM_DIR}/ext/accelerator/cc312/otp_cc312.c>
)
if (PLATFORM_IS_FVP)
diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake
index a6a1a33c42..ab0fe17ba8 100644
--- a/platform/ext/target/arm/corstone1000/config.cmake
+++ b/platform/ext/target/arm/corstone1000/config.cmake
@@ -50,7 +50,9 @@ else()
set(PLATFORM_PSA_ADAC_SECURE_DEBUG FALSE CACHE BOOL "Whether to use psa-adac secure debug.")
endif()
-set(DEFAULT_MCUBOOT_SECURITY_COUNTERS OFF CACHE BOOL "Whether to use the default security counter configuration defined by TF-M project")
+set(DEFAULT_MCUBOOT_SECURITY_COUNTERS OFF CACHE BOOL "Whether to use the default security counter configuration defined by TF-M project")
-set(PS_ENCRYPTION OFF CACHE BOOL "Enable encryption for Protected Storage partition")
-set(PS_ROLLBACK_PROTECTION OFF CACHE BOOL "Enable rollback protection for Protected Storage partition")
+set(PS_ENCRYPTION OFF CACHE BOOL "Enable encryption for Protected Storage partition")
+set(PS_ROLLBACK_PROTECTION OFF CACHE BOOL "Enable rollback protection for Protected Storage partition")
+
+set(PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 256 CACHE STRING "Size of output buffer in platform service.")
diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
index 3abb5dd0dc..72a5fc9c1d 100644
--- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
@@ -18,6 +18,7 @@
#include "platform_description.h"
#include "tfm_plat_nv_counters.h"
#include "tfm_plat_defs.h"
+#include "uefi_fmp.h"
/* Properties of image in a bank */
struct fwu_image_properties {
@@ -84,6 +85,11 @@ struct fwu_private_metadata {
/* staged nv_counter: temprary location before written to the otp */
uint32_t nv_counter[NR_OF_IMAGES_IN_FW_BANK];
+ /* FMP information */
+ uint32_t fmp_version;
+ uint32_t fmp_last_attempt_version;
+ uint32_t fmp_last_attempt_status;
+
} __packed;
#define MAX_BOOT_ATTEMPTS_PER_BANK 3
@@ -278,7 +284,7 @@ enum fwu_agent_error_t fwu_metadata_provision(void)
{
enum fwu_agent_error_t ret;
struct fwu_private_metadata priv_metadata;
- uint32_t image_version = 0;
+ uint32_t image_version = FWU_IMAGE_INITIAL_VERSION;
FWU_LOG_MSG("%s: enter\n\r", __func__);
@@ -302,8 +308,8 @@ enum fwu_agent_error_t fwu_metadata_provision(void)
memset(&_metadata, 0, sizeof(struct fwu_metadata));
_metadata.version = 1;
- _metadata.active_index = 0;
- _metadata.previous_active_index = 1;
+ _metadata.active_index = BANK_0;
+ _metadata.previous_active_index = BANK_1;
/* bank 0 is the place where images are located at the
* start of device lifecycle */
@@ -339,6 +345,10 @@ enum fwu_agent_error_t fwu_metadata_provision(void)
priv_metadata.boot_index = BANK_0;
priv_metadata.boot_attempted = 0;
+ priv_metadata.fmp_version = FWU_IMAGE_INITIAL_VERSION;
+ priv_metadata.fmp_last_attempt_version = FWU_IMAGE_INITIAL_VERSION;
+ priv_metadata.fmp_last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS;
+
ret = private_metadata_write(&priv_metadata);
if (ret) {
return ret;
@@ -540,9 +550,25 @@ enum fwu_agent_error_t corstone1000_fwu_flash_image(void)
&image_bank_offset);
switch(image_index) {
case IMAGE_ALL:
+
ret = flash_full_capsule(&_metadata, capsule_info.image[i],
capsule_info.size[i],
capsule_info.version[i]);
+
+ if (ret != FWU_AGENT_SUCCESS) {
+
+ priv_metadata.fmp_last_attempt_version = capsule_info.version[i];
+ priv_metadata.fmp_last_attempt_status = LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL;
+
+ private_metadata_write(&priv_metadata);
+
+ fmp_set_image_info(&full_capsule_image_guid,
+ priv_metadata.fmp_version,
+ priv_metadata.fmp_last_attempt_version,
+ priv_metadata.fmp_last_attempt_status);
+ }
+
+
break;
default:
FWU_LOG_MSG("%s: sent image not recognized\n\r", __func__);
@@ -866,17 +892,42 @@ enum fwu_agent_error_t corstone1000_fwu_host_ack(void)
current_state = get_fwu_agent_state(&_metadata, &priv_metadata);
if (current_state == FWU_AGENT_STATE_REGULAR) {
+
ret = FWU_AGENT_SUCCESS; /* nothing to be done */
+
+ fmp_set_image_info(&full_capsule_image_guid,
+ priv_metadata.fmp_version,
+ priv_metadata.fmp_last_attempt_version,
+ priv_metadata.fmp_last_attempt_status);
+
goto out;
+
} else if (current_state != FWU_AGENT_STATE_TRIAL) {
FWU_ASSERT(0);
}
if (_metadata.active_index != priv_metadata.boot_index) {
+
/* firmware update failed, revert back to previous bank */
+
+ priv_metadata.fmp_last_attempt_version =
+ _metadata.img_entry[IMAGE_0].img_props[_metadata.active_index].version;
+
+ priv_metadata.fmp_last_attempt_status = LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL;
+
ret = fwu_select_previous(&_metadata, &priv_metadata);
+
} else {
+
/* firmware update successful */
+
+ priv_metadata.fmp_version =
+ _metadata.img_entry[IMAGE_0].img_props[_metadata.active_index].version;
+ priv_metadata.fmp_last_attempt_version =
+ _metadata.img_entry[IMAGE_0].img_props[_metadata.active_index].version;
+
+ priv_metadata.fmp_last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS;
+
ret = fwu_accept_image(&full_capsule_image_guid, &_metadata,
&priv_metadata);
if (!ret) {
@@ -886,6 +937,10 @@ enum fwu_agent_error_t corstone1000_fwu_host_ack(void)
if (ret == FWU_AGENT_SUCCESS) {
disable_host_ack_timer();
+ fmp_set_image_info(&full_capsule_image_guid,
+ priv_metadata.fmp_version,
+ priv_metadata.fmp_last_attempt_version,
+ priv_metadata.fmp_last_attempt_status);
}
out:
diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h
index 57b07e8d2c..aa18179024 100644
--- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h
+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h
@@ -30,6 +30,9 @@ enum fwu_agent_error_t {
} \
+/* Version used for the very first image of the device. */
+#define FWU_IMAGE_INITIAL_VERSION 0
+
enum fwu_agent_error_t fwu_metadata_provision(void);
enum fwu_agent_error_t fwu_metadata_init(void);
diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.c b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.c
new file mode 100644
index 0000000000..ce576e1794
--- /dev/null
+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.c
@@ -0,0 +1,240 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <string.h>
+#include <stdbool.h>
+#include "cmsis.h"
+#include "uefi_fmp.h"
+
+/* The count will increase when partial update is supported.
+ * At present, only full WIC is considered as updatable image.
+ */
+#define NUMBER_OF_FMP_IMAGES 1
+#define NO_OF_FMP_VARIABLES_PER_IMAGE 6
+
+#define UEFI_ARCHITECTURE_64
+
+#ifdef UEFI_ARCHITECTURE_64
+typedef uint64_t uefi_ptr_t;
+typedef uint64_t efi_uintn_t;
+#else
+typedef uint32_t uefi_ptr_t;
+typedef uint32_t efi_uintn_t;
+#endif
+
+/* Below macro definations and struct declarations taken from UEFI spec 2.9 */
+
+/*
+ * Image Attribute Definitions
+ */
+#define IMAGE_ATTRIBUTE_IMAGE_UPDATABLE 0x00000001
+#define IMAGE_ATTRIBUTE_RESET_REQUIRED 0x00000002
+#define IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED 0x00000004
+#define IMAGE_ATTRIBUTE_IN_USE 0x00000008
+#define IMAGE_ATTRIBUTE_UEFI_IMAGE 0x00000010
+#define IMAGE_ATTRIBUTE_DEPENDENCY 0x00000020
+
+typedef uint32_t DescriptorVersion_t;
+typedef uint32_t DescriptorSize_t;
+typedef uint8_t DescriptorCount_t;
+
+typedef __PACKED_STRUCT {
+ uint8_t ImageIndex;
+ struct efi_guid ImageTypeId;
+ uint64_t ImageId;
+ uefi_ptr_t PtrImageIdName;
+ uint32_t Version;
+ uefi_ptr_t PtrVersionName;
+ efi_uintn_t Size;
+ uint64_t AttributesSupported;
+ uint64_t AttributesSetting;
+ uint64_t Compatibilities;
+ /* Introduced with DescriptorVersion 2+ */
+ uint32_t LowestSupportedImageVersion;
+ /* Introduced with DescriptorVersion 3+ */
+ uint32_t LastAttemptVersion;
+ uint32_t LastAttemptStatus;
+ uint64_t HardwareInstance;
+ /* Introduced with DescriptorVersion 4+ */
+ uefi_ptr_t PtrDependencies;
+} EFI_FIRMWARE_IMAGE_DESCRIPTOR;
+
+typedef __PACKED_STRUCT {
+ DescriptorVersion_t DescriptorVersion;
+ DescriptorSize_t DescriptorsSize;
+ DescriptorCount_t DescriptorCount;
+ EFI_FIRMWARE_IMAGE_DESCRIPTOR ImageDescriptor;
+ uint16_t *ImageName;
+ uint32_t ImageNameSize;
+ uint16_t *ImageVersionName;
+ uint32_t ImageVersionNameSize;
+} EFI_FIRMWARE_MANAGEMENT_PROTOCOL_IMAGE_INFO;
+
+
+static uint16_t corstone_image_name0[] = { 'C', 'O', 'R', 'S', 'T', 'O', 'N', 'E', '1', '0', '0', '0', '_', 'W', 'I', 'C', '\0' };
+static uint16_t corstone_version_name0[] = { 'C', 'O', 'R', 'S', 'T', 'O', 'N', 'E', '1', '0', '0', '0', '_', 'B', 'E', 'S', 'T', '\0'};
+
+static EFI_FIRMWARE_MANAGEMENT_PROTOCOL_IMAGE_INFO fmp_info[NUMBER_OF_FMP_IMAGES];
+
+extern struct efi_guid full_capsule_image_guid;
+
+static bool is_fmp_info_initialized = false;
+
+static void init_fmp_info(void)
+{
+ memset(fmp_info, 0,
+ sizeof(EFI_FIRMWARE_MANAGEMENT_PROTOCOL_IMAGE_INFO) * NUMBER_OF_FMP_IMAGES);
+
+ /* Fill information for the WIC.
+ * Add further details when partial image is supported.
+ */
+
+ fmp_info[0].DescriptorVersion = 4;
+ fmp_info[0].DescriptorCount = NUMBER_OF_FMP_IMAGES;
+ fmp_info[0].DescriptorsSize =
+ sizeof(EFI_FIRMWARE_IMAGE_DESCRIPTOR) +
+ sizeof(corstone_image_name0) + sizeof(corstone_version_name0);
+
+ fmp_info[0].ImageDescriptor.ImageIndex = 1;
+
+ memcpy(&fmp_info[0].ImageDescriptor.ImageTypeId, &full_capsule_image_guid,
+ sizeof(struct efi_guid));
+
+ fmp_info[0].ImageDescriptor.ImageId = 1;
+ fmp_info[0].ImageDescriptor.Version = FWU_IMAGE_INITIAL_VERSION;
+ fmp_info[0].ImageDescriptor.AttributesSupported = 1;
+ fmp_info[0].ImageDescriptor.AttributesSetting = (
+ IMAGE_ATTRIBUTE_IMAGE_UPDATABLE | IMAGE_ATTRIBUTE_RESET_REQUIRED);
+ fmp_info[0].ImageDescriptor.LowestSupportedImageVersion =
+ FWU_IMAGE_INITIAL_VERSION;
+ fmp_info[0].ImageDescriptor.LastAttemptVersion = FWU_IMAGE_INITIAL_VERSION;
+ fmp_info[0].ImageDescriptor.LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS;
+
+ fmp_info[0].ImageName = corstone_image_name0;
+ fmp_info[0].ImageNameSize = sizeof(corstone_image_name0);
+ fmp_info[0].ImageVersionName = corstone_version_name0;
+ fmp_info[0].ImageVersionNameSize = sizeof(corstone_version_name0);
+
+ is_fmp_info_initialized = true;
+
+ return;
+}
+
+enum fwu_agent_error_t fmp_set_image_info(struct efi_guid *guid,
+ uint32_t current_version, uint32_t attempt_version,
+ uint32_t last_attempt_status)
+{
+ enum fwu_agent_error_t status = FWU_AGENT_ERROR;
+
+ FWU_LOG_MSG("%s:%d Enter\n\r", __func__, __LINE__);
+
+ if (is_fmp_info_initialized == false) {
+ init_fmp_info();
+ }
+
+ for (int i = 0; i < NUMBER_OF_FMP_IMAGES; i++) {
+ if ((memcmp(guid, &fmp_info[i].ImageDescriptor.ImageTypeId,
+ sizeof(struct efi_guid))) == 0)
+ {
+ FWU_LOG_MSG("FMP image update: image id = %u\n\r",
+ fmp_info[i].ImageDescriptor.ImageId);
+ fmp_info[i].ImageDescriptor.Version = current_version;
+ fmp_info[i].ImageDescriptor.LastAttemptVersion = attempt_version;
+ fmp_info[i].ImageDescriptor.LastAttemptStatus = last_attempt_status;
+ FWU_LOG_MSG("FMP image update: status = %u"
+ "version=%u last_attempt_version=%u.\n\r",
+ last_attempt_status, current_version,
+ attempt_version);
+ status = FWU_AGENT_SUCCESS;
+ break;
+ }
+ }
+
+ FWU_LOG_MSG("%s:%d Exit.\n\r", __func__, __LINE__);
+ return status;
+}
+
+
+#define NO_OF_FMP_VARIABLES (NUMBER_OF_FMP_IMAGES * NO_OF_FMP_VARIABLES_PER_IMAGE)
+
+static enum fwu_agent_error_t pack_image_info(void *buffer, uint32_t size)
+{
+ typedef __PACKED_STRUCT {
+ uint32_t variable_count;
+ uint32_t variable_size[NO_OF_FMP_VARIABLES];
+ uint8_t variable[];
+ } packed_buffer_t;
+
+ packed_buffer_t *packed_buffer = buffer;
+ int runner = 0;
+ int index = 0;
+ int current_size = sizeof(packed_buffer_t);
+ int size_requirement_1 = 0;
+ int size_requirement_2 = 0;
+
+ if (size < current_size) {
+ FWU_LOG_MSG("%s:%d Buffer too small.\n\r", __func__, __LINE__);
+ return FWU_AGENT_ERROR;
+ }
+
+ packed_buffer->variable_count = NO_OF_FMP_VARIABLES;
+
+ for (int i = 0; i < NUMBER_OF_FMP_IMAGES; i++) {
+
+ packed_buffer->variable_size[index++] = sizeof(DescriptorVersion_t);
+ packed_buffer->variable_size[index++] = sizeof(DescriptorSize_t);
+ packed_buffer->variable_size[index++] = sizeof(DescriptorCount_t);
+ packed_buffer->variable_size[index++] = sizeof(EFI_FIRMWARE_IMAGE_DESCRIPTOR);
+ packed_buffer->variable_size[index++] = fmp_info[i].ImageNameSize;
+ packed_buffer->variable_size[index++] = fmp_info[i].ImageVersionNameSize;
+
+ size_requirement_1 = sizeof(DescriptorVersion_t) + sizeof(DescriptorSize_t) +
+ sizeof(DescriptorCount_t) + sizeof(EFI_FIRMWARE_IMAGE_DESCRIPTOR);
+
+ size_requirement_2 = fmp_info[i].ImageNameSize + fmp_info[i].ImageVersionNameSize;
+
+ current_size += size_requirement_1 + size_requirement_2;
+
+ if (size < current_size) {
+ FWU_LOG_MSG("%s:%d Buffer too small.\n\r", __func__, __LINE__);
+ return FWU_AGENT_ERROR;
+ }
+
+ FWU_LOG_MSG("%s:%d ImageInfo size = %u, ImageName size = %u, "
+ "ImageVersionName size = %u\n\r", __func__, __LINE__,
+ sizeof(EFI_FIRMWARE_IMAGE_DESCRIPTOR), fmp_info[i].ImageNameSize,
+ fmp_info[i].ImageVersionNameSize);
+
+ memcpy(&packed_buffer->variable[runner], &fmp_info[i], size_requirement_1);
+ runner += size_requirement_1;
+
+ memcpy(&packed_buffer->variable[runner], fmp_info[i].ImageName,
+ fmp_info[i].ImageNameSize);
+ runner += fmp_info[i].ImageNameSize;
+
+ memcpy(&packed_buffer->variable[runner], fmp_info[i].ImageVersionName,
+ fmp_info[i].ImageVersionNameSize);
+ runner += fmp_info[i].ImageVersionNameSize;
+
+ }
+
+ return FWU_AGENT_SUCCESS;
+}
+
+enum fwu_agent_error_t fmp_get_image_info(void *buffer, uint32_t size)
+{
+ enum fwu_agent_error_t status;
+
+ FWU_LOG_MSG("%s:%d Enter\n\r", __func__, __LINE__);
+
+ status = pack_image_info(buffer, size);
+
+ FWU_LOG_MSG("%s:%d Exit\n\r", __func__, __LINE__);
+
+ return status;
+}
+
diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.h b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.h
new file mode 100644
index 0000000000..d876bd7cff
--- /dev/null
+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.h
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef UEFI_FMP_H
+#define UEFI_FMP_H
+
+
+#include <stdint.h>
+#include "fwu_agent.h"
+#include "../fip_parser/external/uuid.h"
+
+/*
+ * Last Attempt Status Value
+ */
+
+#define LAST_ATTEMPT_STATUS_SUCCESS 0x00000000
+#define LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL 0x00000001
+#define LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES 0x00000002
+#define LAST_ATTEMPT_STATUS_ERROR_INCORRECT_VERSION 0x00000003
+#define LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT 0x00000004
+#define LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR 0x00000005
+#define LAST_ATTEMPT_STATUS_ERROR_PWR_EVT_AC 0x00000006
+#define LAST_ATTEMPT_STATUS_ERROR_PWR_EVT_BATT 0x00000007
+#define LAST_ATTEMPT_STATUS_ERROR_UNSATISFIED_DEPENDENCIES 0x00000008
+/* The LastAttemptStatus values of 0x1000 - 0x4000 are reserved for vendor usage. */
+#define LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL_VENDOR_RANGE_MIN 0x00001000
+#define LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL_VENDOR_RANGE_MAX 0x00004000
+
+
+
+/*
+ * Updates FMP information for the image matched by guid.
+ *
+ * guid : guid of the image
+ * current_version: current versions for the image
+ * attempt_version: attempted versions for the image
+ *
+ */
+enum fwu_agent_error_t fmp_set_image_info(struct efi_guid *guid,
+ uint32_t current_version, uint32_t attempt_version,
+ uint32_t last_attempt_status);
+
+/*
+ * Return fmp image information for all the updable images.
+ *
+ * buffer : pointer to the out buffer
+ * size : size of the buffer
+ *
+ */
+enum fwu_agent_error_t fmp_get_image_info(void *buffer, uint32_t size);
+
+#endif /* UEFI_FMP_H */
diff --git a/platform/ext/target/arm/corstone1000/services/include/corstone1000_ioctl_requests.h b/platform/ext/target/arm/corstone1000/services/include/corstone1000_ioctl_requests.h
index 8ac67346b6..c5f3537e9d 100644
--- a/platform/ext/target/arm/corstone1000/services/include/corstone1000_ioctl_requests.h
+++ b/platform/ext/target/arm/corstone1000/services/include/corstone1000_ioctl_requests.h
@@ -14,19 +14,7 @@
enum corstone1000_ioctl_id_t {
IOCTL_CORSTONE1000_FWU_FLASH_IMAGES = 0,
IOCTL_CORSTONE1000_FWU_HOST_ACK,
+ IOCTL_CORSTONE1000_FMP_GET_IMAGE_INFO,
};
-
-typedef struct corstone1000_ioctl_in_params {
-
- uint32_t ioctl_id;
-
-} corstone1000_ioctl_in_params_t;
-
-typedef struct corstone1000_ioctl_out_params {
-
- int32_t result;
-
-} corstone1000_ioctl_out_params_t;
-
#endif /* CORSTONE1000_IOCTL_REQUESTS_H */
diff --git a/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c b/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c
index 5b3f3e14a2..41305ed966 100644
--- a/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c
+++ b/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c
@@ -9,6 +9,7 @@
#include "platform_description.h"
#include "corstone1000_ioctl_requests.h"
#include "fwu_agent.h"
+#include "uefi_fmp.h"
void tfm_platform_hal_system_reset(void)
{
@@ -36,6 +37,14 @@ enum tfm_platform_err_t tfm_platform_hal_ioctl(tfm_platform_ioctl_req_t request,
corstone1000_fwu_host_ack();
break;
+ case IOCTL_CORSTONE1000_FMP_GET_IMAGE_INFO:
+ if (out_vec == NULL) {
+ ret = TFM_PLATFORM_ERR_INVALID_PARAM;
+ break;
+ }
+ fmp_get_image_info(out_vec[0].base, out_vec[0].len);
+ break;
+
default:
ret = TFM_PLATFORM_ERR_NOT_SUPPORTED;
break;
--
2.25.1

51
meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0006-corstone1000-remove-two-partition-configuration.patch Normal file
View File

@@ -0,0 +1,51 @@
From 492c887c8dff97ea1b8a11b4e729620d3744ac38 Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Mon, 30 May 2022 12:38:23 +0100
Subject: [PATCH 6/6] corstone1000: remove two partition configuration
Previously to run tf-m test, a larger partition was created
which allowed all default test binaries to be included.
The patch revert the change because any partition might
not be enough to hold all test binaries in the future.
So its better to run few test at a time instead of creating
a larger partition.
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Change-Id: I223fe45f2de014dbcadc6ac12c321c524701116a
Upstream-Status: Accepted [TF-Mv1.7.0]
---
platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt | 1 -
platform/ext/target/arm/corstone1000/partition/flash_layout.h | 4 ----
2 files changed, 5 deletions(-)
diff --git a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt b/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt
index d39c5ae91d..f1ae1ebd47 100644
--- a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt
+++ b/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt
@@ -291,7 +291,6 @@ target_compile_definitions(signing_layout_for_bl2
PRIVATE
MCUBOOT_IMAGE_NUMBER=${BL1_IMAGE_NUMBER}
BL1
- $<$<BOOL:${TFM_S_REG_TEST}>:TFM_S_REG_TEST>
)
target_include_directories(signing_layout_for_bl2
diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
index b0319bb319..50a0a11fc8 100644
--- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h
+++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
@@ -119,11 +119,7 @@
*
*/
#define SE_BL2_PARTITION_SIZE (0x19000) /* 100 KB */
-#ifdef TFM_S_REG_TEST
-#define TFM_PARTITION_SIZE (0x61C00) /* 391 KB */
-#else
#define TFM_PARTITION_SIZE (0x5E000) /* 376 KB */
-#endif
#define FIP_PARTITION_SIZE (0x200000) /* 2 MB */
#define KERNEL_PARTITION_SIZE (0xC00000) /* 12 MB */
--
2.25.1

11
meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
View File

@@ -25,6 +25,17 @@ SRC_URI += "git://github.com/OpenAMP/open-amp.git;protocol=https;branch=main;nam
SRCREV_openamp = "347397decaa43372fc4d00f965640ebde042966d" SRCREV_openamp = "347397decaa43372fc4d00f965640ebde042966d"
EXTRA_OECMAKE += "-DLIBOPENAMP_SRC_PATH=${S}/../openamp -DLIBOPENAMP_BIN_PATH=${B}/libopenamp-build" EXTRA_OECMAKE += "-DLIBOPENAMP_SRC_PATH=${S}/../openamp -DLIBOPENAMP_BIN_PATH=${B}/libopenamp-build"
# Apply the necessary changes for supporting FMP image info
FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000:"
SRC_URI:append:corstone1000 = " \
file://0001-corstone1000-platform-secure-test-framework.patch \
file://0002-corstone1000-make-external-system-support-optional.patch \
file://0003-corstone1000-enable-secure-enclave-run-without-host-.patch \
file://0004-Platform-Partition-Allow-configuration-of-input-and-.patch \
file://0005-corstone1000-support-for-UEFI-FMP-image-Information.patch \
file://0006-corstone1000-remove-two-partition-configuration.patch \
"
do_install() { do_install() {
install -D -p -m 0644 ${B}/install/outputs/tfm_s_signed.bin ${D}/firmware/tfm_s_signed.bin install -D -p -m 0644 ${B}/install/outputs/tfm_s_signed.bin ${D}/firmware/tfm_s_signed.bin
install -D -p -m 0644 ${B}/install/outputs/bl2_signed.bin ${D}/firmware/bl2_signed.bin install -D -p -m 0644 ${B}/install/outputs/bl2_signed.bin ${D}/firmware/bl2_signed.bin