From 2374ab1799bedae1acc17fde0205d272f8111836 Mon Sep 17 00:00:00 2001 From: Ambroise Vincent Date: Wed, 10 Apr 2019 12:50:27 +0100 Subject: [PATCH] Mbed TLS: Remove weak heap implementation The implementation of the heap function plat_get_mbedtls_heap() becomes mandatory for platforms supporting TRUSTED_BOARD_BOOT. The shared Mbed TLS heap default weak function implementation is converted to a helper function get_mbedtls_heap_helper() which can be used by the platforms for their own function implementation. Change-Id: Ic8f2994e25e3d9fcd371a21ac459fdcafe07433e Signed-off-by: Ambroise Vincent --- docs/porting-guide.rst | 50 +++++++++++++----------- drivers/auth/mbedtls/mbedtls_common.c | 8 ++-- include/plat/common/platform.h | 3 +- plat/arm/board/juno/juno_security.c | 10 ++++- plat/hisilicon/hikey/hikey_tbbr.c | 7 +++- plat/hisilicon/hikey960/hikey960_tbbr.c | 7 +++- plat/imx/imx7/warp7/warp7_trusted_boot.c | 7 +++- plat/qemu/qemu_trusted_boot.c | 7 +++- plat/rpi3/rpi3_trusted_boot.c | 7 +++- plat/socionext/uniphier/uniphier_tbbr.c | 7 +++- 10 files changed, 77 insertions(+), 36 deletions(-) diff --git a/docs/porting-guide.rst b/docs/porting-guide.rst index 3ea86b04f..6244a6387 100644 --- a/docs/porting-guide.rst +++ b/docs/porting-guide.rst @@ -841,6 +841,33 @@ utilize the C runtime environment. For further details about how TF-A represents the power domain topology and how this relates to the linear CPU index, please refer `Power Domain Topology Design`_. +Function : plat_get_mbedtls_heap() [when TRUSTED_BOARD_BOOT == 1] +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +:: + + Arguments : void **heap_addr, size_t *heap_size + Return : int + +This function is invoked during Mbed TLS library initialisation to get a heap, +by means of a starting address and a size. This heap will then be used +internally by the Mbed TLS library. Hence, each BL stage that utilises Mbed TLS +must be able to provide a heap to it. + +A helper function can be found in `drivers/auth/mbedtls/mbedtls_common.c` in +which a heap is statically reserved during compile time inside every image +(i.e. every BL stage) that utilises Mbed TLS. In this default implementation, +the function simply returns the address and size of this "pre-allocated" heap. +For a platform to use this default implementation, only a call to the helper +from inside plat_get_mbedtls_heap() body is enough and nothing else is needed. + +However, by writting their own implementation, platforms have the potential to +optimise memory usage. For example, on some Arm platforms, the Mbed TLS heap is +shared between BL1 and BL2 stages and, thus, the necessary space is not reserved +twice. + +On success the function should return 0 and a negative error code otherwise. + Common optional modifications ----------------------------- @@ -1054,29 +1081,6 @@ can override the common implementation to define a different prefix string for the log output. The implementation should be robust to future changes that increase the number of log levels. -Function : plat_get_mbedtls_heap() -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -:: - - Arguments : void **heap_addr, size_t *heap_size - Return : int - -This function is invoked during Mbed TLS library initialisation to get -a heap, by means of a starting address and a size. This heap will then be used -internally by the Mbed TLS library. The heap is requested from the current BL -stage, i.e. the current BL image inside which Mbed TLS is used. - -In the default implementation a heap is statically allocated inside every image -(i.e. every BL stage) that utilises Mbed TLS. So, in this case, the function -simply returns the address and size of this "pre-allocated" heap. However, by -overriding the default implementation, platforms have the potential to optimise -memory usage. For example, on some Arm platforms, the Mbed TLS heap is shared -between BL1 and BL2 stages and, thus, the necessary space is not reserved -twice. - -On success the function should return 0 and a negative error code otherwise. - Modifications specific to a Boot Loader stage --------------------------------------------- diff --git a/drivers/auth/mbedtls/mbedtls_common.c b/drivers/auth/mbedtls/mbedtls_common.c index cdb504295..4a8efaebb 100644 --- a/drivers/auth/mbedtls/mbedtls_common.c +++ b/drivers/auth/mbedtls/mbedtls_common.c @@ -16,8 +16,6 @@ #include #include -#pragma weak plat_get_mbedtls_heap - static void cleanup(void) { ERROR("EXIT from BL2\n"); @@ -58,10 +56,10 @@ void mbedtls_init(void) } /* - * The following default implementation of the function simply returns the - * by default allocated heap. + * The following helper function simply returns the default allocated heap. + * It can be used by platforms for their plat_get_mbedtls_heap() implementation. */ -int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size) +int get_mbedtls_heap_helper(void **heap_addr, size_t *heap_size) { static unsigned char heap[TF_MBEDTLS_HEAP_SIZE]; diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h index 4832e491c..3f9ab1b66 100644 --- a/include/plat/common/platform.h +++ b/include/plat/common/platform.h @@ -47,6 +47,7 @@ int plat_get_image_source(unsigned int image_id, uintptr_t plat_get_ns_image_entrypoint(void); unsigned int plat_my_core_pos(void); int plat_core_pos_by_mpidr(u_register_t mpidr); +int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size); #if STACK_PROTECTOR_ENABLED /* @@ -103,7 +104,6 @@ void plat_panic_handler(void) __dead2; const char *plat_log_get_prefix(unsigned int log_level); void bl2_plat_preload_setup(void); int plat_try_next_boot_source(void); -int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size); uint64_t *plat_init_apiakey(void); /******************************************************************************* @@ -262,6 +262,7 @@ int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr); int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr); int plat_set_nv_ctr2(void *cookie, const struct auth_img_desc_s *img_desc, unsigned int nv_ctr); +int get_mbedtls_heap_helper(void **heap_addr, size_t *heap_size); /******************************************************************************* * Secure Partitions functions diff --git a/plat/arm/board/juno/juno_security.c b/plat/arm/board/juno/juno_security.c index 9d7f0e421..6566b15c8 100644 --- a/plat/arm/board/juno/juno_security.c +++ b/plat/arm/board/juno/juno_security.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2014-2019, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -10,6 +10,7 @@ #include #include #include +#include #include "juno_tzmp1_def.h" @@ -144,3 +145,10 @@ void plat_arm_security_setup(void) init_v550(); #endif } + +#if TRUSTED_BOARD_BOOT +int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size) +{ + return get_mbedtls_heap_helper(heap_addr, heap_size); +} +#endif diff --git a/plat/hisilicon/hikey/hikey_tbbr.c b/plat/hisilicon/hikey/hikey_tbbr.c index 1f05d18ea..b7dda8d82 100644 --- a/plat/hisilicon/hikey/hikey_tbbr.c +++ b/plat/hisilicon/hikey/hikey_tbbr.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -29,3 +29,8 @@ int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr) { return 1; } + +int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size) +{ + return get_mbedtls_heap_helper(heap_addr, heap_size); +} diff --git a/plat/hisilicon/hikey960/hikey960_tbbr.c b/plat/hisilicon/hikey960/hikey960_tbbr.c index e435ec2e5..ed4da3b7f 100644 --- a/plat/hisilicon/hikey960/hikey960_tbbr.c +++ b/plat/hisilicon/hikey960/hikey960_tbbr.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -29,3 +29,8 @@ int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr) { return 1; } + +int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size) +{ + return get_mbedtls_heap_helper(heap_addr, heap_size); +} diff --git a/plat/imx/imx7/warp7/warp7_trusted_boot.c b/plat/imx/imx7/warp7/warp7_trusted_boot.c index 8157cd5c4..6a00224c9 100644 --- a/plat/imx/imx7/warp7/warp7_trusted_boot.c +++ b/plat/imx/imx7/warp7/warp7_trusted_boot.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -29,3 +29,8 @@ int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr) { return 1; } + +int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size) +{ + return get_mbedtls_heap_helper(heap_addr, heap_size); +} diff --git a/plat/qemu/qemu_trusted_boot.c b/plat/qemu/qemu_trusted_boot.c index 17666b99e..1ef7e431b 100644 --- a/plat/qemu/qemu_trusted_boot.c +++ b/plat/qemu/qemu_trusted_boot.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -29,3 +29,8 @@ int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr) { return 1; } + +int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size) +{ + return get_mbedtls_heap_helper(heap_addr, heap_size); +} diff --git a/plat/rpi3/rpi3_trusted_boot.c b/plat/rpi3/rpi3_trusted_boot.c index b306c45c2..f6c669fad 100644 --- a/plat/rpi3/rpi3_trusted_boot.c +++ b/plat/rpi3/rpi3_trusted_boot.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -29,3 +29,8 @@ int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr) { return 1; } + +int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size) +{ + return get_mbedtls_heap_helper(heap_addr, heap_size); +} diff --git a/plat/socionext/uniphier/uniphier_tbbr.c b/plat/socionext/uniphier/uniphier_tbbr.c index 962a8d288..e31ca03e4 100644 --- a/plat/socionext/uniphier/uniphier_tbbr.c +++ b/plat/socionext/uniphier/uniphier_tbbr.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -33,3 +33,8 @@ int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr) { return 0; } + +int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size) +{ + return get_mbedtls_heap_helper(heap_addr, heap_size); +}