|
|
|
|
/*
|
|
|
|
|
* Copyright (c) 2019-2022, Arm Limited. All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
|
*/
|
|
|
|
|
#include <assert.h>
|
|
|
|
|
|
|
|
|
|
#include <common/bl_common.h>
|
|
|
|
|
#include <common/debug.h>
|
|
|
|
|
#include <common/fdt_wrappers.h>
|
|
|
|
|
#include <lib/fconf/fconf_tbbr_getter.h>
|
|
|
|
|
#include <libfdt.h>
|
|
|
|
|
|
|
|
|
|
struct tbbr_dyn_config_t tbbr_dyn_config;
|
|
|
|
|
|
|
|
|
|
int fconf_populate_tbbr_dyn_config(uintptr_t config)
|
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
int node;
|
fdt/wrappers: Replace fdtw_read_cells() implementation
Our fdtw_read_cells() implementation goes to great lengths to
sanity-check every parameter and result, but leaves a big hole open:
The size of the storage the value pointer points at needs to match the
number of cells given. This can't be easily checked at compile time,
since we lose the size information by using a void pointer.
Regardless the current usage of this function is somewhat wrong anyways,
since we use it on single-element, fixed-length properties only, for
which the DT binding specifies the size.
Typically we use those functions dealing with a number of cells in DT
context to deal with *dynamically* sized properties, which depend on
other properties (#size-cells, #clock-cells, ...), to specify the number
of cells needed.
Another problem with the current implementation is the use of
ambiguously sized types (uintptr_t, size_t) together with a certain
expectation about their size. In general there is no relation between
the length of a DT property and the bitness of the code that parses the
DTB: AArch64 code could encounter 32-bit addresses (where the physical
address space is limited to 4GB [1]), while AArch32 code could read
64-bit sized properties (/memory nodes on LPAE systems, [2]).
To make this more clear, fix the potential issues and also align more
with other DT users (Linux and U-Boot), introduce functions to explicitly
read uint32 and uint64 properties. As the other DT consumers, we do this
based on the generic "read array" function.
Convert all users to use either of those two new functions, and make
sure we never use a pointer to anything other than uint32_t or uint64_t
variables directly.
This reveals (and fixes) a bug in plat_spmd_manifest.c, where we write
4 bytes into a uint16_t variable (passed via a void pointer).
Also we change the implementation of the function to better align with
other libfdt users, by using the right types (fdt32_t) and common
variable names (*prop, prop_names).
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi#n874
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm/boot/dts/ecx-2000.dts
Change-Id: I718de960515117ac7a3331a1b177d2ec224a3890
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
5 years ago
|
|
|
uint64_t val64;
|
|
|
|
|
uint32_t val32;
|
|
|
|
|
|
|
|
|
|
/* As libfdt use void *, we can't avoid this cast */
|
|
|
|
|
const void *dtb = (void *)config;
|
|
|
|
|
|
|
|
|
|
/* Assert the node offset point to "arm,tb_fw" compatible property */
|
|
|
|
|
const char *compatible_str = "arm,tb_fw";
|
|
|
|
|
node = fdt_node_offset_by_compatible(dtb, -1, compatible_str);
|
|
|
|
|
if (node < 0) {
|
|
|
|
|
ERROR("FCONF: Can't find `%s` compatible in dtb\n",
|
|
|
|
|
compatible_str);
|
|
|
|
|
return node;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Locate the disable_auth cell and read the value */
|
|
|
|
|
err = fdt_read_uint32(dtb, node, "disable_auth",
|
|
|
|
|
&tbbr_dyn_config.disable_auth);
|
|
|
|
|
if (err < 0) {
|
|
|
|
|
WARN("FCONF: Read %s failed for `%s`\n",
|
|
|
|
|
"cell", "disable_auth");
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check if the value is boolean */
|
|
|
|
|
if ((tbbr_dyn_config.disable_auth != 0U) &&
|
|
|
|
|
(tbbr_dyn_config.disable_auth != 1U)) {
|
|
|
|
|
WARN("Invalid value for `%s` cell %u\n",
|
|
|
|
|
"disable_auth", tbbr_dyn_config.disable_auth);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#if defined(DYN_DISABLE_AUTH)
|
|
|
|
|
if (tbbr_dyn_config.disable_auth == 1)
|
|
|
|
|
dyn_disable_auth();
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/* Retrieve the Mbed TLS heap details from the DTB */
|
fdt/wrappers: Replace fdtw_read_cells() implementation
Our fdtw_read_cells() implementation goes to great lengths to
sanity-check every parameter and result, but leaves a big hole open:
The size of the storage the value pointer points at needs to match the
number of cells given. This can't be easily checked at compile time,
since we lose the size information by using a void pointer.
Regardless the current usage of this function is somewhat wrong anyways,
since we use it on single-element, fixed-length properties only, for
which the DT binding specifies the size.
Typically we use those functions dealing with a number of cells in DT
context to deal with *dynamically* sized properties, which depend on
other properties (#size-cells, #clock-cells, ...), to specify the number
of cells needed.
Another problem with the current implementation is the use of
ambiguously sized types (uintptr_t, size_t) together with a certain
expectation about their size. In general there is no relation between
the length of a DT property and the bitness of the code that parses the
DTB: AArch64 code could encounter 32-bit addresses (where the physical
address space is limited to 4GB [1]), while AArch32 code could read
64-bit sized properties (/memory nodes on LPAE systems, [2]).
To make this more clear, fix the potential issues and also align more
with other DT users (Linux and U-Boot), introduce functions to explicitly
read uint32 and uint64 properties. As the other DT consumers, we do this
based on the generic "read array" function.
Convert all users to use either of those two new functions, and make
sure we never use a pointer to anything other than uint32_t or uint64_t
variables directly.
This reveals (and fixes) a bug in plat_spmd_manifest.c, where we write
4 bytes into a uint16_t variable (passed via a void pointer).
Also we change the implementation of the function to better align with
other libfdt users, by using the right types (fdt32_t) and common
variable names (*prop, prop_names).
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi#n874
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm/boot/dts/ecx-2000.dts
Change-Id: I718de960515117ac7a3331a1b177d2ec224a3890
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
5 years ago
|
|
|
err = fdt_read_uint64(dtb, node, "mbedtls_heap_addr", &val64);
|
|
|
|
|
if (err < 0) {
|
|
|
|
|
ERROR("FCONF: Read %s failed for `%s`\n",
|
|
|
|
|
"cell", "mbedtls_heap_addr");
|
|
|
|
|
return err;
|
|
|
|
|
}
|
fdt/wrappers: Replace fdtw_read_cells() implementation
Our fdtw_read_cells() implementation goes to great lengths to
sanity-check every parameter and result, but leaves a big hole open:
The size of the storage the value pointer points at needs to match the
number of cells given. This can't be easily checked at compile time,
since we lose the size information by using a void pointer.
Regardless the current usage of this function is somewhat wrong anyways,
since we use it on single-element, fixed-length properties only, for
which the DT binding specifies the size.
Typically we use those functions dealing with a number of cells in DT
context to deal with *dynamically* sized properties, which depend on
other properties (#size-cells, #clock-cells, ...), to specify the number
of cells needed.
Another problem with the current implementation is the use of
ambiguously sized types (uintptr_t, size_t) together with a certain
expectation about their size. In general there is no relation between
the length of a DT property and the bitness of the code that parses the
DTB: AArch64 code could encounter 32-bit addresses (where the physical
address space is limited to 4GB [1]), while AArch32 code could read
64-bit sized properties (/memory nodes on LPAE systems, [2]).
To make this more clear, fix the potential issues and also align more
with other DT users (Linux and U-Boot), introduce functions to explicitly
read uint32 and uint64 properties. As the other DT consumers, we do this
based on the generic "read array" function.
Convert all users to use either of those two new functions, and make
sure we never use a pointer to anything other than uint32_t or uint64_t
variables directly.
This reveals (and fixes) a bug in plat_spmd_manifest.c, where we write
4 bytes into a uint16_t variable (passed via a void pointer).
Also we change the implementation of the function to better align with
other libfdt users, by using the right types (fdt32_t) and common
variable names (*prop, prop_names).
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi#n874
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm/boot/dts/ecx-2000.dts
Change-Id: I718de960515117ac7a3331a1b177d2ec224a3890
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
5 years ago
|
|
|
tbbr_dyn_config.mbedtls_heap_addr = (void *)(uintptr_t)val64;
|
|
|
|
|
|
fdt/wrappers: Replace fdtw_read_cells() implementation
Our fdtw_read_cells() implementation goes to great lengths to
sanity-check every parameter and result, but leaves a big hole open:
The size of the storage the value pointer points at needs to match the
number of cells given. This can't be easily checked at compile time,
since we lose the size information by using a void pointer.
Regardless the current usage of this function is somewhat wrong anyways,
since we use it on single-element, fixed-length properties only, for
which the DT binding specifies the size.
Typically we use those functions dealing with a number of cells in DT
context to deal with *dynamically* sized properties, which depend on
other properties (#size-cells, #clock-cells, ...), to specify the number
of cells needed.
Another problem with the current implementation is the use of
ambiguously sized types (uintptr_t, size_t) together with a certain
expectation about their size. In general there is no relation between
the length of a DT property and the bitness of the code that parses the
DTB: AArch64 code could encounter 32-bit addresses (where the physical
address space is limited to 4GB [1]), while AArch32 code could read
64-bit sized properties (/memory nodes on LPAE systems, [2]).
To make this more clear, fix the potential issues and also align more
with other DT users (Linux and U-Boot), introduce functions to explicitly
read uint32 and uint64 properties. As the other DT consumers, we do this
based on the generic "read array" function.
Convert all users to use either of those two new functions, and make
sure we never use a pointer to anything other than uint32_t or uint64_t
variables directly.
This reveals (and fixes) a bug in plat_spmd_manifest.c, where we write
4 bytes into a uint16_t variable (passed via a void pointer).
Also we change the implementation of the function to better align with
other libfdt users, by using the right types (fdt32_t) and common
variable names (*prop, prop_names).
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi#n874
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm/boot/dts/ecx-2000.dts
Change-Id: I718de960515117ac7a3331a1b177d2ec224a3890
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
5 years ago
|
|
|
err = fdt_read_uint32(dtb, node, "mbedtls_heap_size", &val32);
|
|
|
|
|
if (err < 0) {
|
|
|
|
|
ERROR("FCONF: Read %s failed for `%s`\n",
|
|
|
|
|
"cell", "mbedtls_heap_size");
|
|
|
|
|
return err;
|
|
|
|
|
}
|
fdt/wrappers: Replace fdtw_read_cells() implementation
Our fdtw_read_cells() implementation goes to great lengths to
sanity-check every parameter and result, but leaves a big hole open:
The size of the storage the value pointer points at needs to match the
number of cells given. This can't be easily checked at compile time,
since we lose the size information by using a void pointer.
Regardless the current usage of this function is somewhat wrong anyways,
since we use it on single-element, fixed-length properties only, for
which the DT binding specifies the size.
Typically we use those functions dealing with a number of cells in DT
context to deal with *dynamically* sized properties, which depend on
other properties (#size-cells, #clock-cells, ...), to specify the number
of cells needed.
Another problem with the current implementation is the use of
ambiguously sized types (uintptr_t, size_t) together with a certain
expectation about their size. In general there is no relation between
the length of a DT property and the bitness of the code that parses the
DTB: AArch64 code could encounter 32-bit addresses (where the physical
address space is limited to 4GB [1]), while AArch32 code could read
64-bit sized properties (/memory nodes on LPAE systems, [2]).
To make this more clear, fix the potential issues and also align more
with other DT users (Linux and U-Boot), introduce functions to explicitly
read uint32 and uint64 properties. As the other DT consumers, we do this
based on the generic "read array" function.
Convert all users to use either of those two new functions, and make
sure we never use a pointer to anything other than uint32_t or uint64_t
variables directly.
This reveals (and fixes) a bug in plat_spmd_manifest.c, where we write
4 bytes into a uint16_t variable (passed via a void pointer).
Also we change the implementation of the function to better align with
other libfdt users, by using the right types (fdt32_t) and common
variable names (*prop, prop_names).
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi#n874
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm/boot/dts/ecx-2000.dts
Change-Id: I718de960515117ac7a3331a1b177d2ec224a3890
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
5 years ago
|
|
|
tbbr_dyn_config.mbedtls_heap_size = val32;
|
|
|
|
|
|
|
|
|
|
VERBOSE("%s%s%s %u\n", "FCONF: `tbbr.", "disable_auth",
|
|
|
|
|
"` cell found with value =", tbbr_dyn_config.disable_auth);
|
|
|
|
|
VERBOSE("%s%s%s %p\n", "FCONF: `tbbr.", "mbedtls_heap_addr",
|
|
|
|
|
"` cell found with value =", tbbr_dyn_config.mbedtls_heap_addr);
|
|
|
|
|
VERBOSE("%s%s%s %zu\n", "FCONF: `tbbr.", "mbedtls_heap_size",
|
|
|
|
|
"` cell found with value =", tbbr_dyn_config.mbedtls_heap_size);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
FCONF_REGISTER_POPULATOR(TB_FW, tbbr, fconf_populate_tbbr_dyn_config);
|
