From patchwork Tue Apr 30 15:46:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: harsimransingh.tungal@arm.com X-Patchwork-Id: 42961 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0FEF6C10F16 for ; Tue, 30 Apr 2024 15:47:11 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.19107.1714492029263049179 for ; Tue, 30 Apr 2024 08:47:09 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: harsimransingh.tungal@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 3AEE22F4; Tue, 30 Apr 2024 08:47:35 -0700 (PDT) Received: from e132995.cambridge.arm.com (e132995.arm.com [10.1.39.83]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 06AB73F793; Tue, 30 Apr 2024 08:47:07 -0700 (PDT) From: harsimransingh.tungal@arm.com To: meta-arm@lists.yoctoproject.org Cc: Harsimran Singh Tungal Subject: [PATCH 1/3] arm-bsp: corstone1000: Enable SMM gateway authenticated variables Date: Tue, 30 Apr 2024 16:46:52 +0100 Message-Id: <20240430154654.26833-2-harsimransingh.tungal@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240430154654.26833-1-harsimransingh.tungal@arm.com> References: <20240430154654.26833-1-harsimransingh.tungal@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 30 Apr 2024 15:47:11 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/5652 From: Harsimran Singh Tungal This change enables the SMM gateway authenticated variables feature implementation for Corstone1000 Signed-off-by: Harsimran Singh Tungal --- .../0002-increase-tzdram-size.patch | 28 +++++++++++++++++++ .../optee/optee-os-corstone1000-common.inc | 1 + .../ts-sp-smm-gateway_%.bbappend | 2 ++ 3 files changed, 31 insertions(+) create mode 100644 meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0002-increase-tzdram-size.patch diff --git a/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0002-increase-tzdram-size.patch b/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0002-increase-tzdram-size.patch new file mode 100644 index 00000000..c499a163 --- /dev/null +++ b/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0002-increase-tzdram-size.patch @@ -0,0 +1,28 @@ +From 1410d9e9c3e73b1319b98be67ad00c7630c4cb2e Mon Sep 17 00:00:00 2001 +From: Emekcan Aras +Date: Wed, 3 Apr 2024 16:05:07 +0100 +Subject: [PATCH] increase tzdram size + +Upstream-Status: Pending +Signed-off-by: Emekcan Aras +Signed-off-by: Harsimran Singh Tungal +--- + core/arch/arm/plat-corstone1000/conf.mk | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/core/arch/arm/plat-corstone1000/conf.mk b/core/arch/arm/plat-corstone1000/conf.mk +index 98347b143..c2dd71f05 100644 +--- a/core/arch/arm/plat-corstone1000/conf.mk ++++ b/core/arch/arm/plat-corstone1000/conf.mk +@@ -34,7 +34,7 @@ CFG_TEE_CORE_NB_CORE ?= 1 + CFG_TZDRAM_START ?= 0x02002000 + + # TEE_RAM (OPTEE kernel + DATA) + TA_RAM = 3MB +-CFG_TZDRAM_SIZE ?= 0x300000 ++CFG_TZDRAM_SIZE ?= 0x340000 + CFG_SHMEM_START ?= 0x86000000 + CFG_SHMEM_SIZE ?= 0x00200000 + +-- +2.25.1 + diff --git a/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc b/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc index a883c345..260abc05 100644 --- a/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc +++ b/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc @@ -1,6 +1,7 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/corstone1000:" SRC_URI:append = " \ file://0001-Handle-logging-syscall.patch \ + file://0002-increase-tzdram-size.patch \ " COMPATIBLE_MACHINE = "corstone1000" diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend index f584f81b..931d567f 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend +++ b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend @@ -2,6 +2,8 @@ require ts-arm-platforms.inc EXTRA_OECMAKE:append:corstone1000 = " -DMM_COMM_BUFFER_ADDRESS="0x00000000 0x81FFF000" \ -DMM_COMM_BUFFER_PAGE_COUNT="1" \ + -DUEFI_AUTH_VAR=ON \ + -DUEFI_INTERNAL_CRYPTO=ON \ " EXTRA_OECMAKE:append:fvp-base = " -DMM_COMM_BUFFER_ADDRESS="0x00000000 0x81000000" \ From patchwork Tue Apr 30 15:46:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: harsimransingh.tungal@arm.com X-Patchwork-Id: 42962 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D671CC4345F for ; Tue, 30 Apr 2024 15:47:20 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.19108.1714492031216180167 for ; Tue, 30 Apr 2024 08:47:11 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: harsimransingh.tungal@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5511C2F4; Tue, 30 Apr 2024 08:47:37 -0700 (PDT) Received: from e132995.cambridge.arm.com (e132995.arm.com [10.1.39.83]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 12CCB3F793; Tue, 30 Apr 2024 08:47:09 -0700 (PDT) From: harsimransingh.tungal@arm.com To: meta-arm@lists.yoctoproject.org Cc: Harsimran Singh Tungal Subject: [PATCH 2/3] arm-bsp/u-boot: corstone1000: Enable UEFI secure boot Date: Tue, 30 Apr 2024 16:46:53 +0100 Message-Id: <20240430154654.26833-3-harsimransingh.tungal@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240430154654.26833-1-harsimransingh.tungal@arm.com> References: <20240430154654.26833-1-harsimransingh.tungal@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 30 Apr 2024 15:47:20 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/5653 From: Harsimran Singh Tungal This change enables the UEFI secure boot and its related configurations for corstone1000 Signed-off-by: Harsimran Singh Tungal --- .../u-boot/u-boot-corstone1000.inc | 1 + ...corstone1000-Enable-UEFI-Secure-boot.patch | 28 +++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0048-corstone1000-Enable-UEFI-Secure-boot.patch diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot-corstone1000.inc b/meta-arm-bsp/recipes-bsp/u-boot/u-boot-corstone1000.inc index 4b45fbbf..82049c43 100644 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot-corstone1000.inc +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot-corstone1000.inc @@ -63,6 +63,7 @@ SRC_URI:append = " \ file://0045-efi-corstone1000-fwu-update-RPC-ABI.patch \ file://0046-Corstone1000-Change-MMCOMM-buffer-location.patch \ file://0047-corstone1000-dts-add-external-system-node.patch \ + file://0048-corstone1000-Enable-UEFI-Secure-boot.patch \ " do_configure:append() { diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0048-corstone1000-Enable-UEFI-Secure-boot.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0048-corstone1000-Enable-UEFI-Secure-boot.patch new file mode 100644 index 00000000..1e91249a --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0048-corstone1000-Enable-UEFI-Secure-boot.patch @@ -0,0 +1,28 @@ +From b2ef7318686d13cfa2ac76d6f2d69c17135328df Mon Sep 17 00:00:00 2001 +From: Harsimran Singh Tungal +Date: Thu, 11 Apr 2024 13:35:54 +0000 +Subject: [PATCH] corstone1000: Enable UEFI Secure boot + +Enable secure boot and related configurations for corstone1000 + +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Harsimran Singh Tungal +--- + configs/corstone1000_defconfig | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig +index 8770b474e2..0ecba096d5 100644 +--- a/configs/corstone1000_defconfig ++++ b/configs/corstone1000_defconfig +@@ -80,3 +80,7 @@ CONFIG_EFI_SET_TIME=y + CONFIG_EFI_GET_TIME=y + CONFIG_VIRTIO_NET=y + CONFIG_VIRTIO_MMIO=y ++CONFIG_EFI_SECURE_BOOT=y ++CONFIG_FIT_SIGNATURE=y ++CONFIG_EFI_LOADER=y ++CONFIG_CMD_NVEDIT_EFI=y +-- +2.34.1 + From patchwork Tue Apr 30 15:46:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: harsimransingh.tungal@arm.com X-Patchwork-Id: 42963 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E4A39C19F4F for ; Tue, 30 Apr 2024 15:47:20 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.19110.1714492033165915937 for ; Tue, 30 Apr 2024 08:47:13 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: harsimransingh.tungal@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 3995F2F4; Tue, 30 Apr 2024 08:47:39 -0700 (PDT) Received: from e132995.cambridge.arm.com (e132995.arm.com [10.1.39.83]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 1E2413F793; Tue, 30 Apr 2024 08:47:11 -0700 (PDT) From: harsimransingh.tungal@arm.com To: meta-arm@lists.yoctoproject.org Cc: Emekcan Aras Subject: [PATCH 3/3] arm-bsp/trusted-firmware-a: corstone1000: Remove unused NS_SHARED_RAM region Date: Tue, 30 Apr 2024 16:46:54 +0100 Message-Id: <20240430154654.26833-4-harsimransingh.tungal@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240430154654.26833-1-harsimransingh.tungal@arm.com> References: <20240430154654.26833-1-harsimransingh.tungal@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 30 Apr 2024 15:47:20 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/5654 From: Emekcan Aras After enabling additional features in Trusted Services, the size of BL32 image (OP-TEE + Trusted Services SPs) is larger now. To create more space in secure RAM for BL32 image, this patch removes NS_SHARED_RAM region which is not currently used by corstone1000 platform. Signed-off-by: Emekcan Aras --- ...0-remove-unused-NS_SHARED_RAM-region.patch | 92 +++++++++++++++++++ .../trusted-firmware-a-corstone1000.inc | 1 + 2 files changed, 93 insertions(+) create mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-remove-unused-NS_SHARED_RAM-region.patch diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-remove-unused-NS_SHARED_RAM-region.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-remove-unused-NS_SHARED_RAM-region.patch new file mode 100644 index 00000000..60282048 --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-remove-unused-NS_SHARED_RAM-region.patch @@ -0,0 +1,92 @@ +From 19600e6718e1a5b2ac8ec27d471acdafce0e433e Mon Sep 17 00:00:00 2001 +From: Emekcan Aras +Date: Thu, 25 Apr 2024 11:30:58 +0100 +Subject: [PATCH] fix(corstone1000): remove unused NS_SHARED_RAM region + +After enabling additional features in Trusted Services, the size of BL32 image +(OP-TEE + Trusted Services SPs) is larger now. To create more space in secure RAM +for BL32 image, this patch removes NS_SHARED_RAM region which is not currently used by +corstone1000 platform. + +Signed-off-by: Emekcan Aras +Upstream-Status: Pending +--- + .../corstone1000/common/corstone1000_plat.c | 1 - + .../common/include/platform_def.h | 19 +------------------ + 2 files changed, 1 insertion(+), 19 deletions(-) + +diff --git a/plat/arm/board/corstone1000/common/corstone1000_plat.c b/plat/arm/board/corstone1000/common/corstone1000_plat.c +index ed3801caa..a9475859a 100644 +--- a/plat/arm/board/corstone1000/common/corstone1000_plat.c ++++ b/plat/arm/board/corstone1000/common/corstone1000_plat.c +@@ -23,7 +23,6 @@ + + const mmap_region_t plat_arm_mmap[] = { + ARM_MAP_SHARED_RAM, +- ARM_MAP_NS_SHARED_RAM, + ARM_MAP_NS_DRAM1, + CORSTONE1000_MAP_DEVICE, + CORSTONE1000_EXTERNAL_FLASH, +diff --git a/plat/arm/board/corstone1000/common/include/platform_def.h b/plat/arm/board/corstone1000/common/include/platform_def.h +index 442d187f0..18fce4486 100644 +--- a/plat/arm/board/corstone1000/common/include/platform_def.h ++++ b/plat/arm/board/corstone1000/common/include/platform_def.h +@@ -90,9 +90,6 @@ + * partition size: 176 KB + * content: BL2 + * +- * = + 1 MB +- * partition size: 512 KB +- * content: BL33 (u-boot) + */ + + /* DDR memory */ +@@ -117,11 +114,7 @@ + /* The remaining Trusted SRAM is used to load the BL images */ + #define TOTAL_SRAM_SIZE (SZ_4M) /* 4 MB */ + +-/* Last 512KB of CVM is allocated for shared RAM as an example openAMP */ +-#define ARM_NS_SHARED_RAM_SIZE (512 * SZ_1K) +- + #define PLAT_ARM_TRUSTED_SRAM_SIZE (TOTAL_SRAM_SIZE - \ +- ARM_NS_SHARED_RAM_SIZE - \ + ARM_SHARED_RAM_SIZE) + + #define PLAT_ARM_MAX_BL2_SIZE (180 * SZ_1K) /* 180 KB */ +@@ -160,11 +153,6 @@ + + /* NS memory */ + +-/* The last 512KB of the SRAM is allocated as shared memory */ +-#define ARM_NS_SHARED_RAM_BASE (ARM_TRUSTED_SRAM_BASE + TOTAL_SRAM_SIZE - \ +- (PLAT_ARM_MAX_BL31_SIZE + \ +- PLAT_ARM_MAX_BL32_SIZE)) +- + #define BL33_BASE ARM_DRAM1_BASE + #define PLAT_ARM_MAX_BL33_SIZE (12 * SZ_1M) /* 12 MB*/ + #define BL33_LIMIT (ARM_DRAM1_BASE + PLAT_ARM_MAX_BL33_SIZE) +@@ -266,7 +254,7 @@ + #define PLAT_ARM_TRUSTED_MAILBOX_BASE ARM_TRUSTED_SRAM_BASE + #define PLAT_ARM_NSTIMER_FRAME_ID U(1) + +-#define PLAT_ARM_NS_IMAGE_BASE (ARM_NS_SHARED_RAM_BASE) ++#define PLAT_ARM_NS_IMAGE_BASE (BL33_BASE) + + #define PLAT_PHY_ADDR_SPACE_SIZE (1ULL << 32) + #define PLAT_VIRT_ADDR_SPACE_SIZE (1ULL << 32) +@@ -295,11 +283,6 @@ + ARM_SHARED_RAM_SIZE, \ + MT_MEMORY | MT_RW | MT_SECURE) + +-#define ARM_MAP_NS_SHARED_RAM MAP_REGION_FLAT( \ +- ARM_NS_SHARED_RAM_BASE, \ +- ARM_NS_SHARED_RAM_SIZE, \ +- MT_MEMORY | MT_RW | MT_NS) +- + #define ARM_MAP_NS_DRAM1 MAP_REGION_FLAT( \ + ARM_NS_DRAM1_BASE, \ + ARM_NS_DRAM1_SIZE, \ +-- +2.25.1 + + diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc b/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc index e061b944..a61c74b4 100644 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc @@ -7,6 +7,7 @@ SRC_URI:append = " \ file://0001-Fix-FF-A-version-in-SPMC-manifest.patch \ file://0002-fix-corstone1000-pass-spsr-value-explicitly.patch \ file://0003-fix-spmd-remove-EL3-interrupt-registration.patch \ + file://0004-fix-corstone1000-remove-unused-NS_SHARED_RAM-region.patch \ " TFA_DEBUG = "1"