Merge changes from topic "lm/fconf" into integration

* changes: arm-io: Panic in case of io setup failure MISRA fix: Use boolean essential type fconf: Add documentation fconf: Move platform io policies into fconf fconf: Add mbedtls shared heap as property fconf: Add TBBR disable_authentication property fconf: Add dynamic config DTBs info as property fconf: Populate properties from dtb during bl2 setup fconf: Load config dtb from bl1 fconf: initial commit
5 years ago · 21c4f56fa7
48 changed files with 1232 additions and 430 deletions
--- a/2
+++ b/2
@ -786,6 +786,7 @@ $(eval $(call assert_boolean,SPM_MM))
 $(eval $(call assert_boolean,TRUSTED_BOARD_BOOT))
 $(eval $(call assert_boolean,USE_COHERENT_MEM))
 $(eval $(call assert_boolean,USE_DEBUGFS))
+$(eval $(call assert_boolean,USE_FCONF_BASED_IO))
 $(eval $(call assert_boolean,USE_ROMLIB))
 $(eval $(call assert_boolean,USE_TBBR_DEFS))
 $(eval $(call assert_boolean,WARMBOOT_ENABLE_DCACHE_EARLY))
@ -854,6 +855,7 @@ $(eval $(call add_define,SPM_MM))
 $(eval $(call add_define,TRUSTED_BOARD_BOOT))
 $(eval $(call add_define,USE_COHERENT_MEM))
 $(eval $(call add_define,USE_DEBUGFS))
+$(eval $(call add_define,USE_FCONF_BASED_IO))
 $(eval $(call add_define,USE_ROMLIB))
 $(eval $(call add_define,USE_TBBR_DEFS))
 $(eval $(call add_define,WARMBOOT_ENABLE_DCACHE_EARLY))
--- a/bl2/bl2.ld.S
+++ b/bl2/bl2.ld.S
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -46,6 +46,11 @@ SECTIONS
        __RODATA_START__ = .;
        *(SORT_BY_ALIGNMENT(.rodata*))

+       . = ALIGN(8);
+        __FCONF_POPULATOR_START__ = .;
+        KEEP(*(.fconf_populator))
+        __FCONF_POPULATOR_END__ = .;
+
        /* Ensure 8-byte alignment for descriptors and ensure inclusion */
        . = ALIGN(8);
        __PARSER_LIB_DESCS_START__ = .;
@ -62,6 +67,11 @@ SECTIONS
        *(SORT_BY_ALIGNMENT(.text*))
        *(SORT_BY_ALIGNMENT(.rodata*))

+	. = ALIGN(8);
+         __FCONF_POPULATOR_START__ = .;
+         KEEP(*(.fconf_populator))
+         __FCONF_POPULATOR_END__ = .;
+
        /* Ensure 8-byte alignment for descriptors and ensure inclusion */
        . = ALIGN(8);
        __PARSER_LIB_DESCS_START__ = .;
--- a/common/bl_common.c
+++ b/common/bl_common.c
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
--- a/docs/components/fconf.rst
+++ b/docs/components/fconf.rst
@ -0,0 +1,85 @@
+Firmware Configuration Framework
+================================
+
+This document provides an overview of the |FCONF| framework.
+
+Introduction
+~~~~~~~~~~~~
+
+The Firmware CONfiguration Framework (|FCONF|) is an abstraction layer for
+platform specific data, allowing a "property" to be queried and a value
+retrieved without the requesting entity knowing what backing store is being used
+to hold the data.
+
+It is used to bridge new and old ways of providing platform-specific data.
+Today, information like the Chain of Trust is held within several, nested
+platform-defined tables. In the future, it may be provided as part of a device
+blob, along with the rest of the information about images to load.
+Introducing this abstraction layer will make migration easier and will preserve
+functionality for platforms that cannot / don't want to use device tree.
+
+Accessing properties
+~~~~~~~~~~~~~~~~~~~~
+
+Properties defined in the |FCONF| are grouped around namespaces and
+sub-namespaces: a.b.property.
+Examples namespace can be:
+
+- (|TBBR|) Chain of Trust data: tbbr.cot.trusted_boot_fw_cert
+- (|TBBR|) dynamic configuration info: tbbr.dyn_config.disable_auth
+- Arm io policies: arm.io_policies.bl2_image
+
+Properties can be accessed with the ``FCONF_GET_PROPERTY(a,b,property)`` macro.
+
+Defining properties
+~~~~~~~~~~~~~~~~~~~
+
+Properties composing the |FCONF| have to be stored in C structures. If another
+backing store is wanted to be used, the platform has to provide a ``populate()``
+function to fill the corresponding C structure.
+
+The ``populate()`` function must be registered to the |FCONF| framework with
+the ``FCONF_REGISTER_POPULATOR()`` macro. This ensures that the function would
+be called inside the generic ``fconf_populate()`` function during
+initialization.
+
+::
+
+    int fconf_populate_tbbr_dyn_config(uintptr_t config)
+    {
+        /* read dtb and fill tbbr_dyn_config struct */
+    }
+
+    FCONF_REGISTER_POPULATOR(fconf_populate_tbbr_dyn_config);
+
+Then, a wrapper has to be provided to match the ``FCONF_GET_PROPERTY()`` macro:
+
+::
+
+    /* generic getter */
+    #define FCONF_GET_PROPERTY(a,b,property)	a##__##b##_getter(property)
+
+    /* my specific getter */
+    #define tbbr__dyn_config_getter(id)	tbbr_dyn_config.id
+
+This second level wrapper can be used to remap the ``FCONF_GET_PROPERTY()`` to
+anything appropriate: structure, array, function, etc..
+
+Loading the property device tree
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The ``fconf_load_config()`` must be called to load the device tree containing
+the properties' values. This must be done after the io layer is initialized, as
+the |DTB| is stored on an external device (FIP).
+
+.. uml:: ../resources/diagrams/plantuml/fconf_bl1_load_config.puml
+
+Populating the properties
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Once a valid device tree is available, the ``fconf_populate(config)`` function
+can be used to fill the C data structure with the data from the config |DTB|.
+This function will call all the ``populate()`` callbacks which have been
+registered with ``FCONF_REGISTER_POPULATOR()``.
+
+.. uml:: ../resources/diagrams/plantuml/fconf_bl2_populate.puml
--- a/docs/components/index.rst
+++ b/docs/components/index.rst
@ -9,6 +9,7 @@ Components
   spd/index
   arm-sip-service
   exception-handling
+   fconf
   firmware-update
   platform-interrupt-controller-API
   ras
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@ -578,6 +578,11 @@ Common build options
   exposing a virtual filesystem interface through BL31 as a SiP SMC function.
   Default is 0.

+-  ``USE_FCONF_BASED_IO``: This flag determines whether to use IO based on the
+   firmware configuration framework. This allows moving the io_policies into a
+   configuration device tree, instead of static structure in the code base.
+
+
 -  ``USE_ROMLIB``: This flag determines whether library at ROM will be used.
   This feature creates a library of functions to be placed in ROM and thus
   reduces SRAM usage. Refer to :ref:`Library at ROM` for further details. Default
--- a/docs/global_substitutions.txt
+++ b/docs/global_substitutions.txt
@ -6,11 +6,13 @@
 .. |COT| replace:: :term:`COT`
 .. |CSS| replace:: :term:`CSS`
 .. |CVE| replace:: :term:`CVE`
+.. |DTB| replace:: :term:`DTB`
 .. |DS-5| replace:: :term:`DS-5`
 .. |DSU| replace:: :term:`DSU`
 .. |DT| replace:: :term:`DT`
 .. |EL| replace:: :term:`EL`
 .. |EHF| replace:: :term:`EHF`
+.. |FCONF| replace:: :term:`FCONF`
 .. |FDT| replace:: :term:`FDT`
 .. |FIP| replace:: :term:`FIP`
 .. |FVP| replace:: :term:`FVP`
--- a/docs/glossary.rst
+++ b/docs/glossary.rst
@ -42,12 +42,18 @@ You can find additional definitions in the `Arm Glossary`_.
   DT
      Device Tree

+   DTB
+      Device Tree Blob
+
   EL
      Exception Level

   EHF
      Exception Handling Framework

+   FCONF
+      Firmware Configuration Framework
+
   FDT
      Flattened Device Tree

--- a/docs/resources/diagrams/plantuml/fconf_bl1_load_config.puml
+++ b/docs/resources/diagrams/plantuml/fconf_bl1_load_config.puml
@ -0,0 +1,52 @@
+@startuml
+
+box "BL1 common code"
+	participant bl1_main
+	participant bl_common
+end box
+
+box "arm platform code" #LightBlue
+	participant fvp_bl1_setup
+	participant arm_bl1_setup
+	participant arm_io_storage
+end box
+
+box "platform common code"
+	participant plat_bl1_common
+	participant fconf
+end box
+
+bl1_main -> fvp_bl1_setup : bl1_platform_setup()
+fvp_bl1_setup -> arm_bl1_setup : arm_bl1_platform_setup()
+arm_bl1_setup -> arm_io_storage : plat_arm_io_setup()
+note over arm_io_storage : register and setup fip
+arm_bl1_setup -> fconf : fconf_load_config()
+activate fconf
+	note over fconf
+		create and populate an
+		image_desc_t for TB_FW_CONFIG
+	end note
+	fconf -> bl_common : load_auth_image(TB_FW_CONFIG_ID, &image_info)
+	activate bl_common
+	note over bl_common
+		load and auth image from fip
+		with info from plat_io_policy
+	end note
+	bl_common -> arm_io_storage
+	arm_io_storage -> fconf: FCONF_GET_PROPERTY(arm, arm_io_policies, tb_fw_cfg)
+	note over fconf: use staticaly defined policies in bl1
+	fconf <- bl_common : image_info
+	deactivate bl_common
+	note over fconf : get tb_fw_config_dtb from image_info
+	fconf -> plat_bl1_common : bl1_plat_get_image_desc(BL2_IMAGE_ID)
+	fconf <- plat_bl1_common : BL2_IMAGE_DESC
+	note over fconf
+		set ep_info.args.arg0 of BL2_IMAGE_DESC
+		to TB_FW_CONFIG base address
+	end note
+arm_bl1_setup <- fconf
+deactivate fconf
+
+== load & auth, prepare and jump to BL2 ==
+
+@enduml
--- a/docs/resources/diagrams/plantuml/fconf_bl2_populate.puml
+++ b/docs/resources/diagrams/plantuml/fconf_bl2_populate.puml
@ -0,0 +1,41 @@
+@startuml
+
+box "BL2 common code"
+	participant bl2_entrypoint
+	participant bl2_main
+end box
+
+box "platform common code"
+	participant fconf
+	participant fconf_tbbr_getter
+end box
+
+box "arm platform code" #LightBlue
+	participant arm_bl2_setup
+	participant arm_io_storage
+	participant arm_fconf_io
+end box
+
+== bl2 setup ==
+bl2_entrypoint -> bl2_main : bl2_setup()
+bl2_main -> arm_bl2_setup : bl2_early_platform_setup2(\n\t arg0, arg1, arg2, arg3)
+note over arm_bl2_setup
+	arg0 = tb_fw_config
+	arg1 = mem_layout
+end note
+arm_bl2_setup -> arm_bl2_setup : arm_bl2_early_platform_setup(\n\t tb_fw_config, mem_layout)
+activate arm_bl2_setup
+	arm_bl2_setup -> fconf: fconf_polulate(tb_fw_config)
+	activate fconf
+		fconf -> fconf_tbbr_getter: fconf_populate_tbbr_dyn_config(uintptr_t dtb)
+		note over fconf_tbbr_getter: read tbbr propeties from dtb
+		fconf -> arm_fconf_io: fconf_populate_arm_io_policies(uintptr_t dtb)
+		note over arm_fconf_io: read arm io propeties from dtb
+	deactivate fconf
+	arm_bl2_setup -> arm_io_storage : plat_arm_io_setup()
+	note over arm_io_storage: use populated properties
+deactivate arm_bl2_setup
+
+== bl2 main ==
+
+@enduml
--- a/drivers/auth/auth_mod.c
+++ b/drivers/auth/auth_mod.c
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -16,6 +16,7 @@
 #include <drivers/auth/auth_mod.h>
 #include <drivers/auth/crypto_mod.h>
 #include <drivers/auth/img_parser_mod.h>
+#include <lib/fconf/fconf_tbbr_getter.h>
 #include <plat/common/platform.h>

 /* ASN.1 tags */
@ -302,9 +303,8 @@ int auth_mod_get_parent_id(unsigned int img_id, unsigned int *parent_id)
 	const auth_img_desc_t *img_desc = NULL;

 	assert(parent_id != NULL);
-
 	/* Get the image descriptor */
-	img_desc = cot_desc_ptr[img_id];
+	img_desc = FCONF_GET_PROPERTY(tbbr, cot, img_id);

 	/* Check if the image has no parent (ROT) */
 	if (img_desc->parent == NULL) {
@ -353,7 +353,7 @@ int auth_mod_verify_img(unsigned int img_id,
 	int rc, i;

 	/* Get the image descriptor from the chain of trust */
-	img_desc = cot_desc_ptr[img_id];
+	img_desc = FCONF_GET_PROPERTY(tbbr, cot, img_id);

 	/* Ask the parser to check the image integrity */
 	rc = img_parser_check_integrity(img_desc->img_type, img_ptr, img_len);
--- a/include/drivers/io/io_storage.h
+++ b/include/drivers/io/io_storage.h
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2020, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -53,7 +53,7 @@ typedef struct io_file_spec {
 /* UUID specification - used to refer to data accessed using UUIDs (i.e. FIP
 * images) */
 typedef struct io_uuid_spec {
-	const uuid_t uuid;
+	uuid_t uuid;
 } io_uuid_spec_t;

 /* Block specification - used to refer to data on a device supporting
--- a/include/lib/fconf/fconf.h
+++ b/include/lib/fconf/fconf.h
@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2019-2020, ARM Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef FCONF_H
+#define FCONF_H
+
+#include <stdint.h>
+
+/* Public API */
+#define FCONF_GET_PROPERTY(a, b, c)	a##__##b##_getter(c)
+
+#define FCONF_REGISTER_POPULATOR(name, callback)				\
+	__attribute__((used, section(".fconf_populator")))			\
+	const struct fconf_populator name##__populator = {			\
+		.info = #name,							\
+		.populate = callback						\
+	};
+
+/*
+ * Populator callback
+ *
+ * This structure are used by the fconf_populate function and should only be
+ * defined by the FCONF_REGISTER_POPULATOR macro.
+ */
+struct fconf_populator {
+	/* Description of the data loaded by the callback */
+	const char *info;
+
+	/* Callback used by fconf_populate function with a provided config dtb.
+	 * Return 0 on success, err_code < 0 otherwise.
+	 */
+	int (*populate)(uintptr_t config);
+};
+
+/* Load firmware configuration dtb */
+void fconf_load_config(void);
+
+/* Top level populate function
+ *
+ * This function takes a configuration dtb and calls all the registered
+ * populator callback with it.
+ *
+ *  Panic on error.
+ */
+void fconf_populate(uintptr_t config);
+
+/* FCONF specific getter */
+#define fconf__dtb_getter(prop)	fconf_dtb_info.prop
+
+/* Structure used to locally keep a reference to the config dtb. */
+struct fconf_dtb_info_t {
+	uintptr_t base_addr;
+	size_t size;
+};
+
+extern struct fconf_dtb_info_t fconf_dtb_info;
+
+#endif /* FCONF_H */
--- a/include/lib/fconf/fconf_dyn_cfg_getter.h
+++ b/include/lib/fconf/fconf_dyn_cfg_getter.h
@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef FCONF_DYN_CFG_GETTER_H
+#define FCONF_DYN_CFG_GETTER_H
+
+#include <lib/fconf/fconf.h>
+
+/* Dynamic configuration related getter */
+#define dyn_cfg__dtb_getter(id)	dyn_cfg_dtb_info_getter(id)
+
+struct dyn_cfg_dtb_info_t {
+	uintptr_t config_addr;
+	size_t config_max_size;
+	unsigned int config_id;
+};
+
+struct dyn_cfg_dtb_info_t *dyn_cfg_dtb_info_getter(unsigned int config_id);
+int fconf_populate_dtb_registry(uintptr_t config);
+
+#endif /* FCONF_DYN_CFG_GETTER_H */
--- a/include/lib/fconf/fconf_tbbr_getter.h
+++ b/include/lib/fconf/fconf_tbbr_getter.h
@ -0,0 +1,27 @@
+/*
+ * Copyright (c) 2019-2020, ARM Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef FCONF_TBBR_GETTER_H
+#define FCONF_TBBR_GETTER_H
+
+#include <lib/fconf/fconf.h>
+
+/* TBBR related getter */
+#define tbbr__cot_getter(id)	cot_desc_ptr[id]
+
+#define tbbr__dyn_config_getter(id)	tbbr_dyn_config.id
+
+struct tbbr_dyn_config_t {
+	uint32_t disable_auth;
+	void *mbedtls_heap_addr;
+	size_t mbedtls_heap_size;
+};
+
+extern struct tbbr_dyn_config_t tbbr_dyn_config;
+
+int fconf_populate_tbbr_dyn_config(uintptr_t config);
+
+#endif /* FCONF_TBBR_GETTER_H */
--- a/include/plat/arm/common/arm_dyn_cfg_helpers.h
+++ b/include/plat/arm/common/arm_dyn_cfg_helpers.h
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2020, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -10,12 +10,7 @@
 #include <stdint.h>

 /* Function declarations */
-int arm_dyn_get_config_load_info(void *dtb, int node, unsigned int config_id,
-		uint64_t *config_addr, uint32_t *config_size);
 int arm_dyn_tb_fw_cfg_init(void *dtb, int *node);
-int arm_dyn_get_disable_auth(void *dtb, int node, uint32_t *disable_auth);
-int arm_get_dtb_mbedtls_heap_info(void *dtb, void **heap_addr,
-	size_t *heap_size);
 int arm_set_dtb_mbedtls_heap_info(void *dtb, void *heap_addr,
 	size_t heap_size);

--- a/include/plat/arm/common/arm_fconf_getter.h
+++ b/include/plat/arm/common/arm_fconf_getter.h
@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2019-2020, ARM Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef ARM_FCONF_GETTER
+#define ARM_FCONF_GETTER
+
+#include <lib/fconf/fconf.h>
+
+/* ARM io policies */
+#define arm__io_policies_getter(id)	&policies[id]
+
+struct plat_io_policy {
+	uintptr_t *dev_handle;
+	uintptr_t image_spec;
+	int (*check)(const uintptr_t spec);
+};
+
+extern struct plat_io_policy policies[];
+int fconf_populate_arm_io_policies(uintptr_t config);
+
+#endif /* ARM_FCONF_GETTER */
--- a/include/plat/arm/common/arm_fconf_io_storage.h
+++ b/include/plat/arm/common/arm_fconf_io_storage.h
@ -0,0 +1,19 @@
+/*
+ * Copyright (c) 2020, ARM Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+#ifndef ARM_FCONF_IO_STORAGE_H
+#define ARM_FCONF_IO_STORAGE_H
+
+#include <stdint.h>
+
+/* IO devices handle */
+extern uintptr_t memmap_dev_handle;
+extern uintptr_t fip_dev_handle;
+
+/* Function declarations */
+int open_fip(const uintptr_t spec);
+int open_memmap(const uintptr_t spec);
+
+#endif /* ARM_FCONF_IO_STORAGE_H */
--- a/include/plat/arm/common/plat_arm.h
+++ b/include/plat/arm/common/plat_arm.h
@ -6,6 +6,7 @@
 #ifndef PLAT_ARM_H
 #define PLAT_ARM_H

+#include <stdbool.h>
 #include <stdint.h>

 #include <drivers/arm/tzc_common.h>
@ -148,7 +149,7 @@ void arm_setup_romlib(void);
 #define ARM_ROTPK_DEVEL_ECDSA_ID	3

 /* IO storage utility functions */
-void arm_io_setup(void);
+int arm_io_setup(void);

 /* Security utility functions */
 void arm_tzc400_setup(const arm_tzc_regions_info_t *tzc_regions);
@ -222,11 +223,9 @@ void arm_sp_min_early_platform_setup(void *from_bl2, uintptr_t tos_fw_config,
 void arm_sp_min_plat_runtime_setup(void);

 /* FIP TOC validity check */
-int arm_io_is_toc_valid(void);
+bool arm_io_is_toc_valid(void);

 /* Utility functions for Dynamic Config */
-void arm_load_tb_fw_config(void);
-void arm_bl2_set_tb_cfg_addr(void *dtb);
 void arm_bl2_dyn_cfg_init(void);
 void arm_bl1_set_mbedtls_heap(void);
 int arm_get_mbedtls_heap(void **heap_addr, size_t *heap_size);
@ -256,7 +255,7 @@ void plat_arm_interconnect_init(void);
 void plat_arm_interconnect_enter_coherency(void);
 void plat_arm_interconnect_exit_coherency(void);
 void plat_arm_program_trusted_mailbox(uintptr_t address);
-int plat_arm_bl1_fwu_needed(void);
+bool plat_arm_bl1_fwu_needed(void);
 __dead2 void plat_arm_error_handler(int err);

 /*
--- a/include/tools_share/uuid.h
+++ b/include/tools_share/uuid.h
@ -27,7 +27,7 @@
 */

 /*
- * Portions copyright (c) 2014, ARM Limited and Contributors.
+ * Portions copyright (c) 2014-2020, ARM Limited and Contributors.
 * All rights reserved.
 */

@ -56,6 +56,11 @@ struct uuid {
 	uint8_t		node[_UUID_NODE_LEN];
 };

+union uuid_helper_t {
+	struct uuid uuid_struct;
+	uint32_t word[4];
+};
+
 /* XXX namespace pollution? */
 typedef struct uuid uuid_t;

--- a/lib/fconf/fconf.c
+++ b/lib/fconf/fconf.c
@ -0,0 +1,85 @@
+/*
+ * Copyright (c) 2019-2020, ARM Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+
+#include <common/debug.h>
+#include <common/fdt_wrappers.h>
+#include <lib/fconf/fconf.h>
+#include <libfdt.h>
+#include <plat/common/platform.h>
+#include <platform_def.h>
+
+struct fconf_dtb_info_t fconf_dtb_info;
+
+void fconf_load_config(void)
+{
+	int err;
+	/* fconf FW_CONFIG and TB_FW_CONFIG are currently the same DTB */
+	image_info_t arm_tb_fw_info = {
+		.h.type = (uint8_t)PARAM_IMAGE_BINARY,
+		.h.version = (uint8_t)VERSION_2,
+		.h.size = (uint16_t)sizeof(image_info_t),
+		.h.attr = 0,
+		.image_base = ARM_TB_FW_CONFIG_BASE,
+		.image_max_size = (uint32_t)
+				(ARM_TB_FW_CONFIG_LIMIT - ARM_TB_FW_CONFIG_BASE)
+	};
+
+	VERBOSE("FCONF: Loading FW_CONFIG\n");
+	err = load_auth_image(TB_FW_CONFIG_ID, &arm_tb_fw_info);
+	if (err != 0) {
+		/* Return if FW_CONFIG is not loaded */
+		VERBOSE("Failed to load FW_CONFIG\n");
+		return;
+	}
+
+	/* At this point we know that a DTB is indeed available */
+	fconf_dtb_info.base_addr = arm_tb_fw_info.image_base;
+	fconf_dtb_info.size = (size_t)arm_tb_fw_info.image_size;
+
+#if !BL2_AT_EL3
+	image_desc_t *desc;
+
+	/* The BL2 ep_info arg0 is modified to point to FW_CONFIG */
+	desc = bl1_plat_get_image_desc(BL2_IMAGE_ID);
+	assert(desc != NULL);
+	desc->ep_info.args.arg0 = arm_tb_fw_info.image_base;
+#endif
+
+	INFO("FCONF: FW_CONFIG loaded at address = 0x%lx\n", arm_tb_fw_info.image_base);
+}
+
+void fconf_populate(uintptr_t config)
+{
+	assert(config != 0UL);
+
+	/* Check if the pointer to DTB is correct */
+	if (fdt_check_header((void *)config) != 0) {
+		ERROR("FCONF: Invalid DTB file passed for FW_CONFIG\n");
+		panic();
+	}
+
+	INFO("FCONF: Reading firmware configuration file from: 0x%lx\n", config);
+
+	/* Go through all registered populate functions */
+	IMPORT_SYM(struct fconf_populator *, __FCONF_POPULATOR_START__, start);
+	IMPORT_SYM(struct fconf_populator *, __FCONF_POPULATOR_END__, end);
+	const struct fconf_populator *populator;
+
+	for (populator = start; populator != end; populator++) {
+		assert((populator->info != NULL) && (populator->populate != NULL));
+
+		INFO("FCONF: Reading firmware configuration information for: %s\n", populator->info);
+		if (populator->populate(config) != 0) {
+			/* TODO: handle property miss */
+			panic();
+		}
+	}
+
+	/* save local pointer to the config dtb */
+	fconf_dtb_info.base_addr = config;
+}
--- a/lib/fconf/fconf.mk
+++ b/lib/fconf/fconf.mk
@ -0,0 +1,12 @@
+#
+# Copyright (c) 2019-2020, ARM Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+# Add Firmware Configuration files
+FCONF_SOURCES		:=	lib/fconf/fconf.c				\
+				lib/fconf/fconf_dyn_cfg_getter.c
+
+BL1_SOURCES		+=	${FCONF_SOURCES}
+BL2_SOURCES		+=	${FCONF_SOURCES}
--- a/lib/fconf/fconf_dyn_cfg_getter.c
+++ b/lib/fconf/fconf_dyn_cfg_getter.c
@ -0,0 +1,95 @@
+/*
+ * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+
+#include <common/debug.h>
+#include <common/fdt_wrappers.h>
+#include <lib/fconf/fconf_dyn_cfg_getter.h>
+#include <lib/object_pool.h>
+#include <libfdt.h>
+
+/* We currently use TB_FW, SOC_FW, TOS_FW, NS_fw and HW configs  */
+#define MAX_DTB_INFO	U(5)
+
+static struct dyn_cfg_dtb_info_t dtb_infos[MAX_DTB_INFO];
+static OBJECT_POOL_ARRAY(dtb_info_pool, dtb_infos);
+
+struct dyn_cfg_dtb_info_t *dyn_cfg_dtb_info_getter(unsigned int config_id)
+{
+	unsigned int index;
+	struct dyn_cfg_dtb_info_t *info;
+
+	/* Positions index to the proper config-id */
+	for (index = 0; index < MAX_DTB_INFO; index++) {
+		if (dtb_infos[index].config_id == config_id) {
+			info = &dtb_infos[index];
+			break;
+		}
+	}
+
+	if (index == MAX_DTB_INFO) {
+		WARN("FCONF: Invalid config id %u\n", config_id);
+		info = NULL;
+	}
+
+	return info;
+}
+
+int fconf_populate_dtb_registry(uintptr_t config)
+{
+	int rc;
+	int node, child;
+	struct dyn_cfg_dtb_info_t *dtb_info;
+
+	/* As libfdt use void *, we can't avoid this cast */
+	const void *dtb = (void *)config;
+
+	/* Find the node offset point to "arm,dyn_cfg-dtb_registry" compatible property */
+	const char *compatible_str = "arm,dyn_cfg-dtb_registry";
+	node = fdt_node_offset_by_compatible(dtb, -1, compatible_str);
+	if (node < 0) {
+		ERROR("FCONF: Can't find %s compatible in dtb\n", compatible_str);
+		return node;
+	}
+
+	fdt_for_each_subnode(child, dtb, node) {
+		dtb_info = pool_alloc(&dtb_info_pool);
+
+		/* Read configuration dtb information */
+		rc = fdtw_read_cells(dtb, child, "load-address", 2, &dtb_info->config_addr);
+		if (rc < 0) {
+			ERROR("FCONF: Incomplete configuration property in dtb-registry.\n");
+			return rc;
+		}
+
+		rc = fdtw_read_cells(dtb, child, "max-size", 1, &dtb_info->config_max_size);
+		if (rc < 0) {
+			ERROR("FCONF: Incomplete configuration property in dtb-registry.\n");
+			return rc;
+		}
+
+		rc = fdtw_read_cells(dtb, child, "id", 1, &dtb_info->config_id);
+		if (rc < 0) {
+			ERROR("FCONF: Incomplete configuration property in dtb-registry.\n");
+			return rc;
+		}
+
+		VERBOSE("FCONF: dyn_cfg.dtb_registry cell found with:\n");
+		VERBOSE("\tload-address = %lx\n", dtb_info->config_addr);
+		VERBOSE("\tmax-size = 0x%zx\n", dtb_info->config_max_size);
+		VERBOSE("\tconfig-id = %u\n", dtb_info->config_id);
+	}
+
+	if ((child < 0) && (child != -FDT_ERR_NOTFOUND)) {
+		ERROR("%d: fdt_for_each_subnode(): %d\n", __LINE__, node);
+		return child;
+	}
+
+	return 0;
+}
+
+FCONF_REGISTER_POPULATOR(dyn_cfg, fconf_populate_dtb_registry);
--- a/lib/fconf/fconf_tbbr_getter.c
+++ b/lib/fconf/fconf_tbbr_getter.c
@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 2019-2020, ARM Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+#include <assert.h>
+
+#include <common/bl_common.h>
+#include <common/debug.h>
+#include <common/fdt_wrappers.h>
+#include <lib/fconf/fconf_tbbr_getter.h>
+#include <libfdt.h>
+
+struct tbbr_dyn_config_t tbbr_dyn_config;
+
+int fconf_populate_tbbr_dyn_config(uintptr_t config)
+{
+	int err;
+	int node;
+
+	/* As libfdt use void *, we can't avoid this cast */
+	const void *dtb = (void *)config;
+
+	/* Assert the node offset point to "arm,tb_fw" compatible property */
+	const char *compatible_str = "arm,tb_fw";
+	node = fdt_node_offset_by_compatible(dtb, -1, compatible_str);
+	if (node < 0) {
+		ERROR("FCONF: Can't find %s compatible in dtb\n", compatible_str);
+		return node;
+	}
+
+	/* Locate the disable_auth cell and read the value */
+	err = fdtw_read_cells(dtb, node, "disable_auth", 1, &tbbr_dyn_config.disable_auth);
+	if (err < 0) {
+		WARN("FCONF: Read cell failed for `disable_auth`\n");
+		return err;
+	}
+
+	/* Check if the value is boolean */
+	if ((tbbr_dyn_config.disable_auth != 0U) && (tbbr_dyn_config.disable_auth != 1U)) {
+		WARN("Invalid value for `disable_auth` cell %d\n", tbbr_dyn_config.disable_auth);
+		return -1;
+	}
+
+#if defined(DYN_DISABLE_AUTH)
+	if (tbbr_dyn_config.disable_auth == 1)
+		dyn_disable_auth();
+#endif
+
+	/* Retrieve the Mbed TLS heap details from the DTB */
+	err = fdtw_read_cells(dtb, node,
+		"mbedtls_heap_addr", 2, &tbbr_dyn_config.mbedtls_heap_addr);
+	if (err < 0) {
+		ERROR("FCONF: Read cell failed for mbedtls_heap\n");
+		return err;
+	}
+
+	err = fdtw_read_cells(dtb, node,
+		"mbedtls_heap_size", 1, &tbbr_dyn_config.mbedtls_heap_size);
+	if (err < 0) {
+		ERROR("FCONF: Read cell failed for mbedtls_heap\n");
+		return err;
+	}
+
+	VERBOSE("FCONF:tbbr.disable_auth cell found with value = %d\n",
+					tbbr_dyn_config.disable_auth);
+	VERBOSE("FCONF:tbbr.mbedtls_heap_addr cell found with value = %p\n",
+					tbbr_dyn_config.mbedtls_heap_addr);
+	VERBOSE("FCONF:tbbr.mbedtls_heap_size cell found with value = %zu\n",
+					tbbr_dyn_config.mbedtls_heap_size);
+
+	return 0;
+}
+
+FCONF_REGISTER_POPULATOR(tbbr, fconf_populate_tbbr_dyn_config);
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@ -201,6 +201,9 @@ USE_COHERENT_MEM		:= 1
 # Build option to add debugfs support
 USE_DEBUGFS			:= 0

+# Build option to fconf based io
+USE_FCONF_BASED_IO		:= 0
+
 # Build option to choose whether Trusted Firmware uses library at ROM
 USE_ROMLIB			:= 0

--- a/plat/arm/board/a5ds/fdts/a5ds_fw_config.dts
+++ b/plat/arm/board/a5ds/fdts/a5ds_fw_config.dts
@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <export/common/tbbr/tbbr_img_def_exp.h>
+
+/dts-v1/;
+
+/ {
+	dtb-registry {
+		compatible = "arm,dyn_cfg-dtb_registry";
+
+		/* tb_fw_config is temporarily contained in this dtb */
+		tb_fw-config {
+			load-address = <0x0 0x2001010>;
+			max-size = <0x200>;
+			id = <TB_FW_CONFIG_ID>;
+		};
+
+		hw-config {
+			load-address = <0x0 0x83000000>;
+			max-size = <0x01000000>;
+			id = <HW_CONFIG_ID>;
+		};
+	};
+
+	tb_fw-config {
+		compatible = "arm,tb_fw";
+
+		/* Disable authentication for development */
+		disable_auth = <0x0>;
+	};
+};
--- a/plat/arm/board/a5ds/fdts/a5ds_tb_fw_config.dts
+++ b/plat/arm/board/a5ds/fdts/a5ds_tb_fw_config.dts
@ -1,18 +0,0 @@
-/*
- * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-/dts-v1/;
-
-/ {
-	/* Platform Config */
-	plat_arm_bl2 {
-		compatible = "arm,tb_fw";
-		hw_config_addr = <0x0 0x83000000>;
-		hw_config_max_size = <0x01000000>;
-		/* Disable authentication for development */
-		disable_auth = <0x0>;
-	};
-};
--- a/plat/arm/board/a5ds/platform.mk
+++ b/plat/arm/board/a5ds/platform.mk
@ -1,9 +1,12 @@
 #
-# Copyright (c) 2019, Arm Limited. All rights reserved.
+# Copyright (c) 2019-2020, Arm Limited. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #

+# Firmware Configuration Framework sources
+include lib/fconf/fconf.mk
+
 # Add `libfdt` and Arm common helpers required for Dynamic Config
 include lib/libfdt/libfdt.mk

@ -67,7 +70,7 @@ BL2_SOURCES		+=	lib/aarch32/arm32_aeabi_divmod.c		\
 # Add the FDT_SOURCES and options for Dynamic Config (only for Unix env)
 ifdef UNIX_MK

-FVP_TB_FW_CONFIG	:=	${BUILD_PLAT}/fdts/a5ds_tb_fw_config.dtb
+FVP_TB_FW_CONFIG	:=	${BUILD_PLAT}/fdts/a5ds_fw_config.dtb

 # Add the TB_FW_CONFIG to FIP and specify the same to certtool
 $(eval $(call TOOL_ADD_PAYLOAD,${FVP_TB_FW_CONFIG},--tb-fw-config))
@ -77,7 +80,7 @@ $(eval FVP_HW_CONFIG	:=	${BUILD_PLAT}/$(patsubst %.dts,%.dtb, \
 # Add the HW_CONFIG to FIP and specify the same to certtool
 $(eval $(call TOOL_ADD_PAYLOAD,${FVP_HW_CONFIG},--hw-config))

-FDT_SOURCES		+=	plat/arm/board/a5ds/fdts/a5ds_tb_fw_config.dts \
+FDT_SOURCES		+=	plat/arm/board/a5ds/fdts/a5ds_fw_config.dts \
 					${FVP_HW_CONFIG_DTS}
 endif

--- a/plat/arm/board/fvp/fdts/fvp_fw_config.dts
+++ b/plat/arm/board/fvp/fdts/fvp_fw_config.dts
@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2019-2020, ARM Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <export/common/tbbr/tbbr_img_def_exp.h>
+
+/dts-v1/;
+
+/ {
+	dtb-registry {
+		compatible = "arm,dyn_cfg-dtb_registry";
+
+		/* tb_fw_config is temporarily contained on this dtb */
+		tb_fw-config {
+			load-address = <0x0 0x4001010>;
+			max-size = <0x200>;
+			id = <TB_FW_CONFIG_ID>;
+		};
+
+		hw-config {
+			load-address = <0x0 0x82000000>;
+			max-size = <0x01000000>;
+			id = <HW_CONFIG_ID>;
+		};
+
+		/*
+		 * Load SoC and TOS firmware configs at the base of
+		 * non shared SRAM. The runtime checks ensure we don't
+		 * overlap BL2, BL31 or BL32. The NT firmware config
+		 * is loaded at base of DRAM.
+		 */
+		soc_fw-config {
+			load-address = <0x0 0x04001000>;
+			max-size = <0x200>;
+			id = <SOC_FW_CONFIG_ID>;
+		};
+
+		tos_fw-config {
+			load-address = <0x0 0x04001200>;
+			max-size = <0x200>;
+			id = <TOS_FW_CONFIG_ID>;
+		};
+
+		nt_fw-config {
+			load-address = <0x0 0x80000000>;
+			max-size = <0x200>;
+			id = <NT_FW_CONFIG_ID>;
+		};
+	};
+
+	tb_fw-config {
+		compatible = "arm,tb_fw";
+
+		/* Disable authentication for development */
+		disable_auth = <0x0>;
+
+		/*
+		 * The following two entries are placeholders for Mbed TLS
+		 * heap information. The default values don't matter since
+		 * they will be overwritten by BL1.
+		 * In case of having shared Mbed TLS heap between BL1 and BL2,
+		 * BL1 will populate these two properties with the respective
+		 * info about the shared heap. This info will be available for
+		 * BL2 in order to locate and re-use the heap.
+		 */
+		mbedtls_heap_addr = <0x0 0x0>;
+		mbedtls_heap_size = <0x0>;
+	};
+
+	arm-io_policies {
+		fip-handles {
+			compatible = "arm,io-fip-handle";
+			scp_bl2_uuid = <0x3dfd6697 0x49e8be89 0xa1785dae 0x13826040>;
+			bl31_uuid = <0x6d08d447 0x4698fe4c 0x5029959b 0x005abdcb>;
+			bl32_uuid = <0x89e1d005 0x4713dc53 0xa502b8d 0x383e7a4b>;
+			bl32_extra1_uuid = <0x9bc2700b 0x40785a2a 0x560a659f 0x88827382>;
+			bl32_extra2_uuid = <0xb17ba88e 0x4d3fa2cf 0xbbe7fd85 0xd92002a5>;
+			bl33_uuid = <0xa7eed0d6 0x4bd5eafc 0x34998297 0xe4b634f2>;
+			hw_cfg_uuid = <0xd9f1b808 0x4993cfc9 0xbc6f62a9 0xcc65726b>;
+			soc_fw_cfg_uuid = <0x4b817999 0x46fb7603 0x268d8e8c 0xe059787f>;
+			tos_fw_cfg_uuid = <0x1a7c2526 0x477fc6db 0xc4c4968d 0x218024b0>;
+			nt_fw_cfg_uuid = <0x1598da28 0x447ee893 0xaf1a66ac 0xf9501580>;
+			t_key_cert_uuid = <0x90e87e82 0x11e460f8 0x7a77b4a1 0x4cf9b421>;
+			scp_fw_key_uuid = <0xa1214202 0x11e460f8 0x3cf39b8d 0x14a0150e>;
+			soc_fw_key_uuid = <0xccbeb88a 0x11e460f9 0x48ebd09a 0xf8dcd822>;
+			tos_fw_key_cert_uuid = <0x3d67794 0x11e460fb 0x10b7dd85 0x4ee8c5b>;
+			nt_fw_key_cert_uuid = <0x2a83d58a 0x11e460fb 0x30dfaf8a 0x5998c4bb>;
+			scp_fw_content_cert_uuid = <0x046fbe44 0x11e4635e 0xd8738bb2 0x5696aeea>;
+			soc_fw_content_cert_uuid = <0x200cb2e2 0x11e4635e 0xccabe89c 0x66b62bf9>;
+			tos_fw_content_cert_uuid = <0x11449fa4 0x11e4635e 0x53f2887 0x3df32a72>;
+			nt_fw_content_cert_uuid = <0xf3c1c48e 0x11e4635d 0xee87a9a7 0xa73fb240>;
+		};
+	};
+};
--- a/plat/arm/board/fvp/fvp_io_storage.c
+++ b/plat/arm/board/fvp/fvp_io_storage.c
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2020, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -120,18 +120,22 @@ void plat_arm_io_setup(void)
 {
 	int io_result;

-	arm_io_setup();
+	io_result = arm_io_setup();
+	if (io_result < 0) {
+		panic();
+	}

 	/* Register the additional IO devices on this platform */
 	io_result = register_io_dev_sh(&sh_dev_con);
-	assert(io_result == 0);
+	if (io_result < 0) {
+		panic();
+	}

 	/* Open connections to devices and cache the handles */
 	io_result = io_dev_open(sh_dev_con, (uintptr_t)NULL, &sh_dev_handle);
-	assert(io_result == 0);
-
-	/* Ignore improbable errors in release builds */
-	(void)io_result;
+	if (io_result < 0) {
+		panic();
+	}
 }

 /*
--- a/plat/arm/board/fvp/jmptbl.i
+++ b/plat/arm/board/fvp/jmptbl.i
@ -20,6 +20,8 @@ fdt     fdt_setprop_inplace
 fdt     fdt_check_header
 fdt     fdt_node_offset_by_compatible
 fdt     fdt_setprop_inplace_namelen_partial
+fdt     fdt_first_subnode
+fdt     fdt_next_subnode
 mbedtls mbedtls_asn1_get_alg
 mbedtls mbedtls_asn1_get_alg_null
 mbedtls mbedtls_asn1_get_bitstring_null
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@ -10,6 +10,11 @@ FVP_USE_GIC_DRIVER	:= FVP_GICV3
 # Use the SP804 timer instead of the generic one
 FVP_USE_SP804_TIMER	:= 0

+# Use fconf based io for FVP
+ifeq ($(BL2_AT_EL3), 0)
+USE_FCONF_BASED_IO	:= 1
+endif
+
 # Default cluster count for FVP
 FVP_CLUSTER_COUNT	:= 2

@ -205,12 +210,12 @@ endif
 ifdef UNIX_MK
 FVP_HW_CONFIG_DTS	:=	fdts/${FVP_DT_PREFIX}.dts
 FDT_SOURCES		+=	$(addprefix plat/arm/board/fvp/fdts/,	\
-					${PLAT}_tb_fw_config.dts	\
+					${PLAT}_fw_config.dts		\
 					${PLAT}_soc_fw_config.dts	\
 					${PLAT}_nt_fw_config.dts	\
 				)

-FVP_TB_FW_CONFIG	:=	${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
+FVP_TB_FW_CONFIG	:=	${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb
 FVP_SOC_FW_CONFIG	:=	${BUILD_PLAT}/fdts/${PLAT}_soc_fw_config.dtb
 FVP_NT_FW_CONFIG	:=	${BUILD_PLAT}/fdts/${PLAT}_nt_fw_config.dtb

--- a/plat/arm/board/fvp_ve/fdts/fvp_ve_fw_config.dts
+++ b/plat/arm/board/fvp_ve/fdts/fvp_ve_fw_config.dts
@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <export/common/tbbr/tbbr_img_def_exp.h>
+
+/dts-v1/;
+
+/ {
+	dtb-registry {
+		compatible = "arm,dyn_cfg-dtb_registry";
+
+		/* tb_fw_config is temporarily contained on this dtb */
+		tb_fw-config {
+			load-address = <0x0 0x80001010>;
+			max-size = <0x200>;
+			id = <TB_FW_CONFIG_ID>;
+		};
+
+		hw-config {
+			load-address = <0x0 0x82000000>;
+			max-size = <0x01000000>;
+			id = <HW_CONFIG_ID>;
+		};
+	};
+
+	tb_fw-config {
+		compatible = "arm,tb_fw";
+
+		/* Disable authentication for development */
+		disable_auth = <0x0>;
+	};
+};
--- a/plat/arm/board/fvp_ve/fdts/fvp_ve_tb_fw_config.dts
+++ b/plat/arm/board/fvp_ve/fdts/fvp_ve_tb_fw_config.dts
@ -1,18 +0,0 @@
-/*
- * Copyright (c) 2019, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-/dts-v1/;
-
-/ {
-	/* Platform Config */
-	plat_arm_bl2 {
-		compatible = "arm,tb_fw";
-		hw_config_addr = <0x0 0x82000000>;
-		hw_config_max_size = <0x01000000>;
-		/* Disable authentication for development */
-		disable_auth = <0x0>;
-	};
-};
--- a/plat/arm/board/fvp_ve/platform.mk
+++ b/plat/arm/board/fvp_ve/platform.mk
@ -1,5 +1,5 @@
 #
-# Copyright (c) 2019, Arm Limited. All rights reserved.
+# Copyright (c) 2019-2020, Arm Limited. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@ -72,9 +72,9 @@ BL2_SOURCES		+=	plat/arm/board/fvp_ve/fvp_ve_bl2_setup.c		\
 # Add the FDT_SOURCES and options for Dynamic Config (only for Unix env)
 ifdef UNIX_MK

-FDT_SOURCES		+=	plat/arm/board/fvp_ve/fdts/fvp_ve_tb_fw_config.dts
+FDT_SOURCES		+=	plat/arm/board/fvp_ve/fdts/fvp_ve_fw_config.dts

-FVP_TB_FW_CONFIG	:=	${BUILD_PLAT}/fdts/fvp_ve_tb_fw_config.dtb
+FVP_TB_FW_CONFIG	:=	${BUILD_PLAT}/fdts/fvp_ve_fw_config.dtb

 # Add the TB_FW_CONFIG to FIP and specify the same to certtool
 $(eval $(call TOOL_ADD_PAYLOAD,${FVP_TB_FW_CONFIG},--tb-fw-config))
@ -116,6 +116,9 @@ else
 	PLAT_BL_COMMON_SOURCES	+=	${XLAT_TABLES_LIB_SRCS}
 endif

+# Firmware Configuration Framework sources
+include lib/fconf/fconf.mk
+
 # Add `libfdt` and Arm common helpers required for Dynamic Config
 include lib/libfdt/libfdt.mk

--- a/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts
+++ b/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts
@ -1,31 +1,30 @@
 /*
- * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2019-2020, ARM Limited. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */

+#include <export/common/tbbr/tbbr_img_def_exp.h>
+
 /dts-v1/;

 / {
-	/* Platform Config */
-	plat_arm_bl2 {
+	dtb-registry {
+		compatible = "arm,dyn_cfg-dtb_registry";
+
+		/* tb_fw_config is temporarily contained on this dtb */
+		tb_fw-config {
+			load-address = <0x0 0x4001010>;
+			max-size = <0x200>;
+			id = <TB_FW_CONFIG_ID>;
+		};
+	};
+
+	tb_fw-config {
+		/* Platform Config */
 		compatible = "arm,tb_fw";
-		hw_config_addr = <0x0 0x82000000>;
-		hw_config_max_size = <0x01000000>;
 		/* Disable authentication for development */
 		disable_auth = <0x0>;
-		/*
-		 * Load SoC and TOS firmware configs at the base of
-		 * non shared SRAM. The runtime checks ensure we don't
-		 * overlap BL2, BL31 or BL32. The NT firmware config
-		 * is loaded at base of DRAM.
-		 */
-		soc_fw_config_addr = <0x0 0x04001000>;
-		soc_fw_config_max_size = <0x200>;
-		tos_fw_config_addr = <0x0 0x04001200>;
-		tos_fw_config_max_size = <0x200>;
-		nt_fw_config_addr = <0x0 0x80000000>;
-		nt_fw_config_max_size = <0x200>;
 		/*
 		 * The following two entries are placeholders for Mbed TLS
 		 * heap information. The default values don't matter since
--- a/plat/arm/board/juno/fdts/juno_tb_fw_config.dts
+++ b/plat/arm/board/juno/fdts/juno_tb_fw_config.dts
@ -1,25 +0,0 @@
-/*
- * Copyright (c) 2019, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-/dts-v1/;
-
-/ {
-	/* Platform Config */
-	compatible = "arm,tb_fw";
-	/* Disable authentication for development */
-	disable_auth = <0x0>;
-	/*
-	 * The following two entries are placeholders for Mbed TLS
-	 * heap information. The default values don't matter since
-	 * they will be overwritten by BL1.
-	 * In case of having shared Mbed TLS heap between BL1 and BL2,
-	 * BL1 will populate these two properties with the respective
-	 * info about the shared heap. This info will be available for
-	 * BL2 in order to locate and re-use the heap.
-	 */
-	mbedtls_heap_addr = <0x0 0x0>;
-	mbedtls_heap_size = <0x0>;
-};
--- a/plat/arm/board/juno/jmptbl.i
+++ b/plat/arm/board/juno/jmptbl.i
@ -20,6 +20,8 @@ fdt     fdt_setprop_inplace
 fdt     fdt_check_header
 fdt     fdt_node_offset_by_compatible
 fdt     fdt_setprop_inplace_namelen_partial
+fdt     fdt_first_subnode
+fdt     fdt_next_subnode
 mbedtls mbedtls_asn1_get_alg
 mbedtls mbedtls_asn1_get_alg_null
 mbedtls mbedtls_asn1_get_bitstring_null
--- a/plat/arm/board/juno/juno_bl1_setup.c
+++ b/plat/arm/board/juno/juno_bl1_setup.c
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2016, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -60,17 +60,13 @@ static int is_watchdog_reset(void)
 * The following function checks if Firmware update is needed,
 * by checking if TOC in FIP image is valid or watchdog reset happened.
 ******************************************************************************/
-int plat_arm_bl1_fwu_needed(void)
+bool plat_arm_bl1_fwu_needed(void)
 {
 	const int32_t *nv_flags_ptr = (const int32_t *)V2M_SYS_NVFLAGS_ADDR;

 	/* Check if TOC is invalid or watchdog reset happened. */
-	if ((arm_io_is_toc_valid() != 1) ||
-		(((*nv_flags_ptr == -EAUTH) || (*nv_flags_ptr == -ENOENT))
-		&& is_watchdog_reset()))
-		return 1;
-
-	return 0;
+	return (!arm_io_is_toc_valid() || (((*nv_flags_ptr == -EAUTH) ||
+		(*nv_flags_ptr == -ENOENT)) && is_watchdog_reset()));
 }

 /*******************************************************************************
--- a/plat/arm/board/juno/platform.mk
+++ b/plat/arm/board/juno/platform.mk
@ -156,8 +156,8 @@ else
 endif

 # Add the FDT_SOURCES and options for Dynamic Config
-FDT_SOURCES		+=	plat/arm/board/juno/fdts/${PLAT}_tb_fw_config.dts
-TB_FW_CONFIG		:=	${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
+FDT_SOURCES		+=	plat/arm/board/juno/fdts/${PLAT}_fw_config.dts
+TB_FW_CONFIG		:=	${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb

 # Add the TB_FW_CONFIG to FIP and specify the same to certtool
 $(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
--- a/plat/arm/common/arm_bl1_setup.c
+++ b/plat/arm/common/arm_bl1_setup.c
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -11,6 +11,7 @@
 #include <arch.h>
 #include <bl1/bl1.h>
 #include <common/bl_common.h>
+#include <lib/fconf/fconf.h>
 #include <lib/utils.h>
 #include <lib/xlat_tables/xlat_tables_compat.h>
 #include <plat/arm/common/plat_arm.h>
@ -143,7 +144,10 @@ void arm_bl1_platform_setup(void)
 {
 	/* Initialise the IO layer and register platform IO devices */
 	plat_arm_io_setup();
-	arm_load_tb_fw_config();
+
+	/* Load fw config */
+	fconf_load_config();
+
 #if TRUSTED_BOARD_BOOT
 	/* Share the Mbed TLS heap info with other images */
 	arm_bl1_set_mbedtls_heap();
@ -184,9 +188,9 @@ void bl1_plat_prepare_exit(entry_point_info_t *ep_info)
 * On Arm platforms, the FWU process is triggered when the FIP image has
 * been tampered with.
 */
-int plat_arm_bl1_fwu_needed(void)
+bool plat_arm_bl1_fwu_needed(void)
 {
-	return (arm_io_is_toc_valid() != 1);
+	return !arm_io_is_toc_valid();
 }

 /*******************************************************************************
@ -195,8 +199,5 @@ int plat_arm_bl1_fwu_needed(void)
 ******************************************************************************/
 unsigned int bl1_plat_get_next_image_id(void)
 {
-	if (plat_arm_bl1_fwu_needed() != 0)
-		return NS_BL1U_IMAGE_ID;
-
-	return BL2_IMAGE_ID;
+	return plat_arm_bl1_fwu_needed() ? NS_BL1U_IMAGE_ID : BL2_IMAGE_ID;
 }
--- a/plat/arm/common/arm_bl2_setup.c
+++ b/plat/arm/common/arm_bl2_setup.c
@ -14,6 +14,7 @@
 #include <common/debug.h>
 #include <common/desc_image_load.h>
 #include <drivers/generic_delay_timer.h>
+#include <lib/fconf/fconf.h>
 #ifdef SPD_opteed
 #include <lib/optee_utils.h>
 #endif
@ -58,11 +59,13 @@ void arm_bl2_early_platform_setup(uintptr_t tb_fw_config,
 	/* Setup the BL2 memory layout */
 	bl2_tzram_layout = *mem_layout;

+	/* Fill the properties struct with the info from the config dtb */
+	if (tb_fw_config != 0U) {
+		fconf_populate(tb_fw_config);
+	}
+
 	/* Initialise the IO layer and register platform IO devices */
 	plat_arm_io_setup();
-
-	if (tb_fw_config != 0U)
-		arm_bl2_set_tb_cfg_addr((void *)tb_fw_config);
 }

 void bl2_early_platform_setup2(u_register_t arg0, u_register_t arg1, u_register_t arg2, u_register_t arg3)
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@ -177,12 +177,20 @@ include lib/xlat_tables_v2/xlat_tables.mk
 PLAT_BL_COMMON_SOURCES	+=	${XLAT_TABLES_LIB_SRCS}
 endif

+ifeq (${USE_FCONF_BASED_IO}, 0)
+ARM_IO_SOURCES		+=	plat/arm/common/arm_io_storage.c
+else
+ARM_IO_SOURCES		+=	plat/arm/common/arm_fconf_io_storage.c		\
+				plat/arm/common/fconf/arm_fconf_io.c
+endif
+
 BL1_SOURCES		+=	drivers/io/io_fip.c				\
 				drivers/io/io_memmap.c				\
 				drivers/io/io_storage.c				\
 				plat/arm/common/arm_bl1_setup.c			\
 				plat/arm/common/arm_err.c			\
-				plat/arm/common/arm_io_storage.c
+				${ARM_IO_SOURCES}
+
 ifdef EL3_PAYLOAD_BASE
 # Need the plat_arm_program_trusted_mailbox() function to release secondary CPUs from
 # their holding pen
@ -196,7 +204,10 @@ BL2_SOURCES		+=	drivers/delay_timer/delay_timer.c		\
 				drivers/io/io_storage.c				\
 				plat/arm/common/arm_bl2_setup.c			\
 				plat/arm/common/arm_err.c			\
-				plat/arm/common/arm_io_storage.c
+				${ARM_IO_SOURCES}
+
+# Firmware Configuration Framework sources
+include lib/fconf/fconf.mk

 # Add `libfdt` and Arm common helpers required for Dynamic Config
 include lib/libfdt/libfdt.mk
@ -278,6 +289,7 @@ ifneq (${TRUSTED_BOARD_BOOT},0)
    AUTH_SOURCES	:=	drivers/auth/auth_mod.c				\
 				drivers/auth/crypto_mod.c			\
 				drivers/auth/img_parser_mod.c			\
+				lib/fconf/fconf_tbbr_getter.c

    # Include the selected chain of trust sources.
    ifeq (${COT},tbbr)
--- a/plat/arm/common/arm_dyn_cfg.c
+++ b/plat/arm/common/arm_dyn_cfg.c
@ -16,13 +16,13 @@
 #if TRUSTED_BOARD_BOOT
 #include <drivers/auth/mbedtls/mbedtls_config.h>
 #endif
+#include <lib/fconf/fconf.h>
+#include <lib/fconf/fconf_dyn_cfg_getter.h>
+#include <lib/fconf/fconf_tbbr_getter.h>
 #include <plat/arm/common/arm_dyn_cfg_helpers.h>
 #include <plat/arm/common/plat_arm.h>
 #include <plat/common/platform.h>

-/* Variable to store the address to TB_FW_CONFIG passed from BL1 */
-static void *tb_fw_cfg_dtb;
-
 #if TRUSTED_BOARD_BOOT

 static void *mbedtls_heap_addr;
@ -57,20 +57,10 @@ int arm_get_mbedtls_heap(void **heap_addr, size_t *heap_size)

 #elif defined(IMAGE_BL2)

-	int err;
-
 	/* If in BL2, retrieve the already allocated heap's info from DTB */
-	if (tb_fw_cfg_dtb != NULL) {
-		err = arm_get_dtb_mbedtls_heap_info(tb_fw_cfg_dtb, heap_addr,
-			heap_size);
-		if (err < 0) {
-			ERROR("BL2: unable to retrieve shared Mbed TLS heap information from DTB\n");
-			panic();
-		}
-	} else {
-		ERROR("BL2: DTB missing, cannot get Mbed TLS heap\n");
-		panic();
-	}
+	*heap_addr = FCONF_GET_PROPERTY(tbbr, dyn_config, mbedtls_heap_addr);
+	*heap_size = FCONF_GET_PROPERTY(tbbr, dyn_config, mbedtls_heap_size);
+
 #endif

 	return 0;
@ -83,6 +73,7 @@ int arm_get_mbedtls_heap(void **heap_addr, size_t *heap_size)
 void arm_bl1_set_mbedtls_heap(void)
 {
 	int err;
+	uintptr_t tb_fw_cfg_dtb;

 	/*
 	 * If tb_fw_cfg_dtb==NULL then DTB is not present for the current
@ -96,8 +87,15 @@ void arm_bl1_set_mbedtls_heap(void)
 	 * information, we would need to call plat_get_mbedtls_heap to retrieve
 	 * the default heap's address and size.
 	 */
-	if ((tb_fw_cfg_dtb != NULL) && (mbedtls_heap_addr != NULL)) {
-		err = arm_set_dtb_mbedtls_heap_info(tb_fw_cfg_dtb,
+
+	/* fconf FW_CONFIG and TB_FW_CONFIG are currently the same DTB*/
+	tb_fw_cfg_dtb = FCONF_GET_PROPERTY(fconf, dtb, base_addr);
+
+	if ((tb_fw_cfg_dtb != 0UL) && (mbedtls_heap_addr != NULL)) {
+		/* As libfdt use void *, we can't avoid this cast */
+		void *dtb = (void *)tb_fw_cfg_dtb;
+
+		err = arm_set_dtb_mbedtls_heap_info(dtb,
 			mbedtls_heap_addr, mbedtls_heap_size);
 		if (err < 0) {
 			ERROR("BL1: unable to write shared Mbed TLS heap information to DTB\n");
@ -108,79 +106,12 @@ void arm_bl1_set_mbedtls_heap(void)
 		 * images. It's critical because BL2 won't be able to proceed
 		 * without the heap info.
 		 */
-		flush_dcache_range((uintptr_t)tb_fw_cfg_dtb,
-			fdt_totalsize(tb_fw_cfg_dtb));
+		flush_dcache_range(tb_fw_cfg_dtb, fdt_totalsize(dtb));
 	}
 }

 #endif /* TRUSTED_BOARD_BOOT */

-/*
- * Helper function to load TB_FW_CONFIG and populate the load information to
- * arg0 of BL2 entrypoint info.
- */
-void arm_load_tb_fw_config(void)
-{
-	int err;
-	uintptr_t config_base = 0UL;
-	image_desc_t *desc;
-
-	image_desc_t arm_tb_fw_info = {
-		.image_id = TB_FW_CONFIG_ID,
-		SET_STATIC_PARAM_HEAD(image_info, PARAM_IMAGE_BINARY,
-				VERSION_2, image_info_t, 0),
-		.image_info.image_base = ARM_TB_FW_CONFIG_BASE,
-		.image_info.image_max_size =
-			ARM_TB_FW_CONFIG_LIMIT - ARM_TB_FW_CONFIG_BASE
-	};
-
-	VERBOSE("BL1: Loading TB_FW_CONFIG\n");
-	err = load_auth_image(TB_FW_CONFIG_ID, &arm_tb_fw_info.image_info);
-	if (err != 0) {
-		/* Return if TB_FW_CONFIG is not loaded */
-		VERBOSE("Failed to load TB_FW_CONFIG\n");
-		return;
-	}
-
-	/* At this point we know that a DTB is indeed available */
-	config_base = arm_tb_fw_info.image_info.image_base;
-	tb_fw_cfg_dtb = (void *)config_base;
-
-	/* The BL2 ep_info arg0 is modified to point to TB_FW_CONFIG */
-	desc = bl1_plat_get_image_desc(BL2_IMAGE_ID);
-	assert(desc != NULL);
-	desc->ep_info.args.arg0 = config_base;
-
-	INFO("BL1: TB_FW_CONFIG loaded at address = 0x%lx\n", config_base);
-
-#if TRUSTED_BOARD_BOOT && defined(DYN_DISABLE_AUTH)
-	int tb_fw_node;
-	uint32_t disable_auth = 0;
-
-	err = arm_dyn_tb_fw_cfg_init((void *)config_base, &tb_fw_node);
-	if (err < 0) {
-		ERROR("Invalid TB_FW_CONFIG loaded\n");
-		panic();
-	}
-
-	err = arm_dyn_get_disable_auth((void *)config_base, tb_fw_node, &disable_auth);
-	if (err < 0)
-		return;
-
-	if (disable_auth == 1)
-		dyn_disable_auth();
-#endif
-}
-
-/*
- * BL2 utility function to set the address of TB_FW_CONFIG passed from BL1.
- */
-void arm_bl2_set_tb_cfg_addr(void *dtb)
-{
-	assert(dtb != NULL);
-	tb_fw_cfg_dtb = dtb;
-}
-
 /*
 * BL2 utility function to initialize dynamic configuration specified by
 * TB_FW_CONFIG. Populate the bl_mem_params_node_t of other FW_CONFIGs if
@ -188,11 +119,10 @@ void arm_bl2_set_tb_cfg_addr(void *dtb)
 */
 void arm_bl2_dyn_cfg_init(void)
 {
-	int err = 0, tb_fw_node;
 	unsigned int i;
 	bl_mem_params_node_t *cfg_mem_params = NULL;
-	uint64_t image_base;
-	uint32_t image_size;
+	uintptr_t image_base;
+	size_t image_size;
 	const unsigned int config_ids[] = {
 			HW_CONFIG_ID,
 			SOC_FW_CONFIG_ID,
@ -203,16 +133,7 @@ void arm_bl2_dyn_cfg_init(void)
 #endif
 	};

-	if (tb_fw_cfg_dtb == NULL) {
-		VERBOSE("No TB_FW_CONFIG specified\n");
-		return;
-	}
-
-	err = arm_dyn_tb_fw_cfg_init(tb_fw_cfg_dtb, &tb_fw_node);
-	if (err < 0) {
-		ERROR("Invalid TB_FW_CONFIG passed from BL1\n");
-		panic();
-	}
+	const struct dyn_cfg_dtb_info_t *dtb_info;

 	/* Iterate through all the fw config IDs */
 	for (i = 0; i < ARRAY_SIZE(config_ids); i++) {
@ -223,14 +144,16 @@ void arm_bl2_dyn_cfg_init(void)
 			continue;
 		}

-		err = arm_dyn_get_config_load_info(tb_fw_cfg_dtb, tb_fw_node,
-				config_ids[i], &image_base, &image_size);
-		if (err < 0) {
+		dtb_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, config_ids[i]);
+		if (dtb_info == NULL) {
 			VERBOSE("Couldn't find config_id %d load info in TB_FW_CONFIG\n",
 					config_ids[i]);
 			continue;
 		}

+		image_base = dtb_info->config_addr;
+		image_size = dtb_info->config_max_size;
+
 		/*
 		 * Do some runtime checks on the load addresses of soc_fw_config,
 		 * tos_fw_config, nt_fw_config. This is not a comprehensive check
@ -262,8 +185,8 @@ void arm_bl2_dyn_cfg_init(void)
 		}


-		cfg_mem_params->image_info.image_base = (uintptr_t)image_base;
-		cfg_mem_params->image_info.image_max_size = image_size;
+		cfg_mem_params->image_info.image_base = image_base;
+		cfg_mem_params->image_info.image_max_size = (uint32_t)image_size;

 		/*
 		 * Remove the IMAGE_ATTRIB_SKIP_LOADING attribute from
@ -271,16 +194,4 @@ void arm_bl2_dyn_cfg_init(void)
 		 */
 		cfg_mem_params->image_info.h.attr &= ~IMAGE_ATTRIB_SKIP_LOADING;
 	}
-
-#if TRUSTED_BOARD_BOOT && defined(DYN_DISABLE_AUTH)
-	uint32_t disable_auth = 0;
-
-	err = arm_dyn_get_disable_auth(tb_fw_cfg_dtb, tb_fw_node,
-					&disable_auth);
-	if (err < 0)
-		return;
-
-	if (disable_auth == 1)
-		dyn_disable_auth();
-#endif
 }
--- a/plat/arm/common/arm_dyn_cfg_helpers.c
+++ b/plat/arm/common/arm_dyn_cfg_helpers.c
@ -15,128 +15,6 @@
 #define DTB_PROP_MBEDTLS_HEAP_ADDR "mbedtls_heap_addr"
 #define DTB_PROP_MBEDTLS_HEAP_SIZE "mbedtls_heap_size"

-typedef struct config_load_info_prop {
-	unsigned int config_id;
-	const char *config_addr;
-	const char *config_max_size;
-} config_load_info_prop_t;
-
-static const config_load_info_prop_t prop_names[] = {
-	{HW_CONFIG_ID, "hw_config_addr", "hw_config_max_size"},
-	{SOC_FW_CONFIG_ID, "soc_fw_config_addr", "soc_fw_config_max_size"},
-	{TOS_FW_CONFIG_ID, "tos_fw_config_addr", "tos_fw_config_max_size"},
-	{NT_FW_CONFIG_ID, "nt_fw_config_addr", "nt_fw_config_max_size"}
-};
-
-/*******************************************************************************
- * Helper to read the load information corresponding to the `config_id` in
- * TB_FW_CONFIG. This function expects the following properties to be defined :
- *	<config>_addr		size : 2 cells
- *	<config>_max_size	size : 1 cell
- *
- * Arguments:
- *	void *dtb		 - pointer to the TB_FW_CONFIG in memory
- *	int node		 - The node offset to appropriate node in the
- *					 DTB.
- *	unsigned int config_id	 - The configuration id
- *	uint64_t *config_addr	 - Returns the `config` load address if read
- *					 is successful.
- *	uint32_t *config_size	 - Returns the `config` size if read is
- *					 successful.
- *
- * Returns 0 on success and -1 on error.
- ******************************************************************************/
-int arm_dyn_get_config_load_info(void *dtb, int node, unsigned int config_id,
-		uint64_t *config_addr, uint32_t *config_size)
-{
-	int err;
-	unsigned int i;
-
-	assert(dtb != NULL);
-	assert(config_addr != NULL);
-	assert(config_size != NULL);
-
-	for (i = 0; i < ARRAY_SIZE(prop_names); i++) {
-		if (prop_names[i].config_id == config_id)
-			break;
-	}
-
-	if (i == ARRAY_SIZE(prop_names)) {
-		WARN("Invalid config id %d\n", config_id);
-		return -1;
-	}
-
-	/* Check if the pointer to DT is correct */
-	assert(fdt_check_header(dtb) == 0);
-
-	/* Assert the node offset point to "arm,tb_fw" compatible property */
-	assert(node == fdt_node_offset_by_compatible(dtb, -1, "arm,tb_fw"));
-
-	err = fdtw_read_cells(dtb, node, prop_names[i].config_addr, 2,
-				(void *) config_addr);
-	if (err < 0) {
-		WARN("Read cell failed for %s\n", prop_names[i].config_addr);
-		return -1;
-	}
-
-	err = fdtw_read_cells(dtb, node, prop_names[i].config_max_size, 1,
-				(void *) config_size);
-	if (err < 0) {
-		WARN("Read cell failed for %s\n", prop_names[i].config_max_size);
-		return -1;
-	}
-
-	VERBOSE("Dyn cfg: Read config_id %d load info from TB_FW_CONFIG 0x%llx 0x%x\n",
-				config_id, (unsigned long long)*config_addr, *config_size);
-
-	return 0;
-}
-
-/*******************************************************************************
- * Helper to read the `disable_auth` property in config DTB. This function
- * expects the following properties to be present in the config DTB.
- *	name : disable_auth		size : 1 cell
- *
- * Arguments:
- *	void *dtb		 - pointer to the TB_FW_CONFIG in memory
- *	int node		 - The node offset to appropriate node in the
- *				   DTB.
- *	uint64_t *disable_auth	 - The value of `disable_auth` property on
- *				   successful read. Must be 0 or 1.
- *
- * Returns 0 on success and -1 on error.
- ******************************************************************************/
-int arm_dyn_get_disable_auth(void *dtb, int node, uint32_t *disable_auth)
-{
-	int err;
-
-	assert(dtb != NULL);
-	assert(disable_auth != NULL);
-
-	/* Check if the pointer to DT is correct */
-	assert(fdt_check_header(dtb) == 0);
-
-	/* Assert the node offset point to "arm,tb_fw" compatible property */
-	assert(node == fdt_node_offset_by_compatible(dtb, -1, "arm,tb_fw"));
-
-	/* Locate the disable_auth cell and read the value */
-	err = fdtw_read_cells(dtb, node, "disable_auth", 1, disable_auth);
-	if (err < 0) {
-		WARN("Read cell failed for `disable_auth`\n");
-		return -1;
-	}
-
-	/* Check if the value is boolean */
-	if ((*disable_auth != 0U) && (*disable_auth != 1U)) {
-		WARN("Invalid value for `disable_auth` cell %d\n", *disable_auth);
-		return -1;
-	}
-
-	VERBOSE("Dyn cfg: `disable_auth` cell found with value = %d\n",
-					*disable_auth);
-	return 0;
-}
-
 /*******************************************************************************
 * Validate the tb_fw_config is a valid DTB file and returns the node offset
 * to "arm,tb_fw" property.
@ -168,47 +46,6 @@ int arm_dyn_tb_fw_cfg_init(void *dtb, int *node)
 	return 0;
 }

-/*
- * Reads and returns the Mbed TLS shared heap information from the DTB.
- * This function is supposed to be called *only* when a DTB is present.
- * This function is supposed to be called only by BL2.
- *
- * Returns:
- *	0 = success
- *	-1 = error. In this case the values of heap_addr, heap_size should be
- *	    considered as garbage by the caller.
- */
-int arm_get_dtb_mbedtls_heap_info(void *dtb, void **heap_addr,
-	size_t *heap_size)
-{
-	int err, dtb_root;
-
-	/* Verify the DTB is valid and get the root node */
-	err = arm_dyn_tb_fw_cfg_init(dtb, &dtb_root);
-	if (err < 0) {
-		ERROR("Invalid TB_FW_CONFIG. Cannot retrieve Mbed TLS heap information from DTB\n");
-		return -1;
-	}
-
-	/* Retrieve the Mbed TLS heap details from the DTB */
-	err = fdtw_read_cells(dtb, dtb_root,
-		DTB_PROP_MBEDTLS_HEAP_ADDR, 2, heap_addr);
-	if (err < 0) {
-		ERROR("Error while reading %s from DTB\n",
-			DTB_PROP_MBEDTLS_HEAP_ADDR);
-		return -1;
-	}
-	err = fdtw_read_cells(dtb, dtb_root,
-		DTB_PROP_MBEDTLS_HEAP_SIZE, 1, heap_size);
-	if (err < 0) {
-		ERROR("Error while reading %s from DTB\n",
-			DTB_PROP_MBEDTLS_HEAP_SIZE);
-		return -1;
-	}
-	return 0;
-}
-
-
 /*
 * This function writes the Mbed TLS heap address and size in the DTB. When it
 * is called, it is guaranteed that a DTB is available. However it is not
--- a/plat/arm/common/arm_fconf_io_storage.c
+++ b/plat/arm/common/arm_fconf_io_storage.c
@ -0,0 +1,143 @@
+/*
+ * Copyright (c) 2015-2020, ARM Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+
+#include <common/debug.h>
+#include <drivers/io/io_driver.h>
+#include <drivers/io/io_fip.h>
+#include <drivers/io/io_memmap.h>
+#include <drivers/io/io_storage.h>
+#include <lib/utils.h>
+#include <tools_share/firmware_image_package.h>
+
+#include <plat/arm/common/arm_fconf_getter.h>
+#include <plat/arm/common/arm_fconf_io_storage.h>
+#include <plat/arm/common/plat_arm.h>
+#include <plat/common/platform.h>
+#include <platform_def.h>
+
+/* IO devices */
+static const io_dev_connector_t *fip_dev_con;
+uintptr_t fip_dev_handle;
+static const io_dev_connector_t *memmap_dev_con;
+uintptr_t memmap_dev_handle;
+
+/* Weak definitions may be overridden in specific ARM standard platform */
+#pragma weak plat_arm_io_setup
+#pragma weak plat_arm_get_alt_image_source
+
+int open_fip(const uintptr_t spec)
+{
+	int result;
+	uintptr_t local_image_handle;
+
+	/* See if a Firmware Image Package is available */
+	result = io_dev_init(fip_dev_handle, (uintptr_t)FIP_IMAGE_ID);
+	if (result == 0) {
+		result = io_open(fip_dev_handle, spec, &local_image_handle);
+		if (result == 0) {
+			VERBOSE("Using FIP\n");
+			io_close(local_image_handle);
+		}
+	}
+	return result;
+}
+
+int open_memmap(const uintptr_t spec)
+{
+	int result;
+	uintptr_t local_image_handle;
+
+	result = io_dev_init(memmap_dev_handle, (uintptr_t)NULL);
+	if (result == 0) {
+		result = io_open(memmap_dev_handle, spec, &local_image_handle);
+		if (result == 0) {
+			VERBOSE("Using Memmap\n");
+			io_close(local_image_handle);
+		}
+	}
+	return result;
+}
+
+int arm_io_setup(void)
+{
+	int io_result;
+
+	io_result = register_io_dev_fip(&fip_dev_con);
+	if (io_result < 0) {
+		return io_result;
+	}
+
+	io_result = register_io_dev_memmap(&memmap_dev_con);
+	if (io_result < 0) {
+		return io_result;
+	}
+
+	/* Open connections to devices and cache the handles */
+	io_result = io_dev_open(fip_dev_con, (uintptr_t)NULL,
+				&fip_dev_handle);
+	if (io_result < 0) {
+		return io_result;
+	}
+
+	io_result = io_dev_open(memmap_dev_con, (uintptr_t)NULL,
+				&memmap_dev_handle);
+
+	return io_result;
+}
+
+void plat_arm_io_setup(void)
+{
+	int err;
+
+	err = arm_io_setup();
+	if (err < 0) {
+		panic();
+	}
+}
+
+int plat_arm_get_alt_image_source(
+	unsigned int image_id __unused,
+	uintptr_t *dev_handle __unused,
+	uintptr_t *image_spec __unused)
+{
+	/* By default do not try an alternative */
+	return -ENOENT;
+}
+
+/* Return an IO device handle and specification which can be used to access
+ * an image. Use this to enforce platform load policy */
+int plat_get_image_source(unsigned int image_id, uintptr_t *dev_handle,
+			  uintptr_t *image_spec)
+{
+	int result;
+	const struct plat_io_policy *policy;
+
+	assert(image_id < MAX_NUMBER_IDS);
+
+	policy = FCONF_GET_PROPERTY(arm, io_policies, image_id);
+	result = policy->check(policy->image_spec);
+	if (result == 0) {
+		*image_spec = policy->image_spec;
+		*dev_handle = *(policy->dev_handle);
+	} else {
+		VERBOSE("Trying alternative IO\n");
+		result = plat_arm_get_alt_image_source(image_id, dev_handle,
+						       image_spec);
+	}
+
+	return result;
+}
+
+/*
+ * See if a Firmware Image Package is available,
+ * by checking if TOC is valid or not.
+ */
+bool arm_io_is_toc_valid(void)
+{
+	return (io_dev_init(fip_dev_handle, (uintptr_t)FIP_IMAGE_ID) == 0);
+}
--- a/plat/arm/common/arm_io_storage.c
+++ b/plat/arm/common/arm_io_storage.c
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -292,32 +292,41 @@ static int open_memmap(const uintptr_t spec)
 }


-void arm_io_setup(void)
+int arm_io_setup(void)
 {
 	int io_result;

 	io_result = register_io_dev_fip(&fip_dev_con);
-	assert(io_result == 0);
+	if (io_result < 0) {
+		return io_result;
+	}

 	io_result = register_io_dev_memmap(&memmap_dev_con);
-	assert(io_result == 0);
+	if (io_result < 0) {
+		return io_result;
+	}

 	/* Open connections to devices and cache the handles */
 	io_result = io_dev_open(fip_dev_con, (uintptr_t)NULL,
 				&fip_dev_handle);
-	assert(io_result == 0);
+	if (io_result < 0) {
+		return io_result;
+	}

 	io_result = io_dev_open(memmap_dev_con, (uintptr_t)NULL,
 				&memmap_dev_handle);
-	assert(io_result == 0);

-	/* Ignore improbable errors in release builds */
-	(void)io_result;
+	return io_result;
 }

 void plat_arm_io_setup(void)
 {
-	arm_io_setup();
+	int err;
+
+	err = arm_io_setup();
+	if (err < 0) {
+		panic();
+	}
 }

 int plat_arm_get_alt_image_source(
@ -357,12 +366,8 @@ int plat_get_image_source(unsigned int image_id, uintptr_t *dev_handle,
 * See if a Firmware Image Package is available,
 * by checking if TOC is valid or not.
 */
-int arm_io_is_toc_valid(void)
+bool arm_io_is_toc_valid(void)
 {
-	int result;
-
-	result = io_dev_init(fip_dev_handle, (uintptr_t)FIP_IMAGE_ID);
-
-	return (result == 0);
+	return (io_dev_init(fip_dev_handle, (uintptr_t)FIP_IMAGE_ID) == 0);
 }

--- a/plat/arm/common/fconf/arm_fconf_io.c
+++ b/plat/arm/common/fconf/arm_fconf_io.c
@ -0,0 +1,143 @@
+/*
+ * Copyright (c) 2019-2020, ARM Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+
+#include <common/debug.h>
+#include <common/fdt_wrappers.h>
+#include <drivers/io/io_storage.h>
+#include <lib/object_pool.h>
+#include <libfdt.h>
+#include <tools_share/firmware_image_package.h>
+
+#include <plat/arm/common/arm_fconf_getter.h>
+#include <plat/arm/common/arm_fconf_io_storage.h>
+#include <platform_def.h>
+
+const io_block_spec_t fip_block_spec = {
+	.offset = PLAT_ARM_FIP_BASE,
+	.length = PLAT_ARM_FIP_MAX_SIZE
+};
+
+const io_uuid_spec_t arm_uuid_spec[MAX_NUMBER_IDS] = {
+	[BL2_IMAGE_ID] = {UUID_TRUSTED_BOOT_FIRMWARE_BL2},
+	[TB_FW_CONFIG_ID] = {UUID_TB_FW_CONFIG},
+#if TRUSTED_BOARD_BOOT
+	[TRUSTED_BOOT_FW_CERT_ID] = {UUID_TRUSTED_BOOT_FW_CERT},
+#endif /* TRUSTED_BOARD_BOOT */
+};
+
+/* By default, ARM platforms load images from the FIP */
+struct plat_io_policy policies[MAX_NUMBER_IDS] = {
+	[FIP_IMAGE_ID] = {
+		&memmap_dev_handle,
+		(uintptr_t)&fip_block_spec,
+		open_memmap
+	},
+	[BL2_IMAGE_ID] = {
+		&fip_dev_handle,
+		(uintptr_t)&arm_uuid_spec[BL2_IMAGE_ID],
+		open_fip
+	},
+	[TB_FW_CONFIG_ID] = {
+		&fip_dev_handle,
+		(uintptr_t)&arm_uuid_spec[TB_FW_CONFIG_ID],
+		open_fip
+	},
+#if TRUSTED_BOARD_BOOT
+	[TRUSTED_BOOT_FW_CERT_ID] = {
+		&fip_dev_handle,
+		(uintptr_t)&arm_uuid_spec[TRUSTED_BOOT_FW_CERT_ID],
+		open_fip
+	},
+#endif /* TRUSTED_BOARD_BOOT */
+};
+
+#ifdef IMAGE_BL2
+
+#if TRUSTED_BOARD_BOOT
+#define FCONF_ARM_IO_UUID_NUMBER	19
+#else
+#define FCONF_ARM_IO_UUID_NUMBER	10
+#endif
+
+static io_uuid_spec_t fconf_arm_uuids[FCONF_ARM_IO_UUID_NUMBER];
+static OBJECT_POOL_ARRAY(fconf_arm_uuids_pool, fconf_arm_uuids);
+
+struct policies_load_info {
+	unsigned int image_id;
+	const char *name;
+};
+
+/* image id to property name table */
+static const struct policies_load_info load_info[FCONF_ARM_IO_UUID_NUMBER] = {
+	{SCP_BL2_IMAGE_ID, "scp_bl2_uuid"},
+	{BL31_IMAGE_ID, "bl31_uuid"},
+	{BL32_IMAGE_ID, "bl32_uuid"},
+	{BL32_EXTRA1_IMAGE_ID, "bl32_extra1_uuid"},
+	{BL32_EXTRA2_IMAGE_ID, "bl32_extra2_uuid"},
+	{BL33_IMAGE_ID, "bl33_uuid"},
+	{HW_CONFIG_ID, "hw_cfg_uuid"},
+	{SOC_FW_CONFIG_ID, "soc_fw_cfg_uuid"},
+	{TOS_FW_CONFIG_ID, "tos_fw_cfg_uuid"},
+	{NT_FW_CONFIG_ID, "nt_fw_cfg_uuid"},
+#if TRUSTED_BOARD_BOOT
+	{TRUSTED_KEY_CERT_ID, "t_key_cert_uuid"},
+	{SCP_FW_KEY_CERT_ID, "scp_fw_key_uuid"},
+	{SOC_FW_KEY_CERT_ID, "soc_fw_key_uuid"},
+	{TRUSTED_OS_FW_KEY_CERT_ID, "tos_fw_key_cert_uuid"},
+	{NON_TRUSTED_FW_KEY_CERT_ID, "nt_fw_key_cert_uuid"},
+	{SCP_FW_CONTENT_CERT_ID, "scp_fw_content_cert_uuid"},
+	{SOC_FW_CONTENT_CERT_ID, "soc_fw_content_cert_uuid"},
+	{TRUSTED_OS_FW_CONTENT_CERT_ID, "tos_fw_content_cert_uuid"},
+	{NON_TRUSTED_FW_CONTENT_CERT_ID, "nt_fw_content_cert_uuid"},
+#endif /* TRUSTED_BOARD_BOOT */
+};
+
+int fconf_populate_arm_io_policies(uintptr_t config)
+{
+	int err, node;
+	unsigned int i;
+
+	union uuid_helper_t uuid_helper;
+	io_uuid_spec_t *uuid_ptr;
+
+	/* As libfdt uses void *, we can't avoid this cast */
+	const void *dtb = (void *)config;
+
+	/* Assert the node offset point to "arm,io-fip-handle" compatible property */
+	const char *compatible_str = "arm,io-fip-handle";
+	node = fdt_node_offset_by_compatible(dtb, -1, compatible_str);
+	if (node < 0) {
+		ERROR("FCONF: Can't find %s compatible in dtb\n", compatible_str);
+		return node;
+	}
+
+	/* Locate the uuid cells and read the value for all the load info uuid */
+	for (i = 0; i < FCONF_ARM_IO_UUID_NUMBER; i++) {
+		uuid_ptr = pool_alloc(&fconf_arm_uuids_pool);
+		err = fdtw_read_array(dtb, node, load_info[i].name, 4, &uuid_helper.word);
+		if (err < 0) {
+			WARN("FCONF: Read cell failed for %s\n", load_info[i].name);
+			return err;
+		}
+
+		VERBOSE("FCONF: arm-io_policies.%s cell found with value = 0x%x 0x%x 0x%x 0x%x\n",
+			load_info[i].name,
+			uuid_helper.word[0], uuid_helper.word[1],
+			uuid_helper.word[2], uuid_helper.word[3]);
+
+		uuid_ptr->uuid = uuid_helper.uuid_struct;
+		policies[load_info[i].image_id].image_spec = (uintptr_t)uuid_ptr;
+		policies[load_info[i].image_id].dev_handle = &fip_dev_handle;
+		policies[load_info[i].image_id].check = open_fip;
+	}
+	return 0;
+}
+
+FCONF_REGISTER_POPULATOR(arm_io, fconf_populate_arm_io_policies);
+
+#endif /* IMAGE_BL2 */