From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Mon, 25 Jul 2022 14:05:00 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1oFwpY-0035nu-V3 for lore@lore.pengutronix.de; Mon, 25 Jul 2022 14:05:00 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1oFwpV-0000PK-Jo; Mon, 25 Jul 2022 14:04:57 +0200 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oFwpN-0000Ig-8O; Mon, 25 Jul 2022 14:04:49 +0200 Received: from [2a0a:edc0:0:1101:1d::ac] (helo=dude04.red.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.94.2) (envelope-from ) id 1oFwpM-0036bc-Gm; Mon, 25 Jul 2022 14:04:48 +0200 Received: from afa by dude04.red.stw.pengutronix.de with local (Exim 4.94.2) (envelope-from ) id 1oFwpK-005R6d-SX; Mon, 25 Jul 2022 14:04:46 +0200 From: Ahmad Fatoum To: distrokit@pengutronix.de Date: Mon, 25 Jul 2022 14:04:40 +0200 Message-Id: <20220725120445.1295669-3-a.fatoum@pengutronix.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220725120445.1295669-1-a.fatoum@pengutronix.de> References: <20220725120445.1295669-1-a.fatoum@pengutronix.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [DistroKit] [PATCH 3/8] genimage: patch in Firmware Image Package (FIP) support X-BeenThere: distrokit@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: DistroKit Mailinglist List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ahmad Fatoum Sender: "DistroKit" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: distrokit-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false genimage master has support for calling fiptool, which makes it straight-forward to generate eMMC boot partition images with the same genimage.config generating the image for the user area. TF-A also has a fip target that can call fiptool for us, but is only works when generating a single bootloader image, but we generate multiple images, so we can't reuse the current tf-a rule as is. One more option would be to write a custom image rule, but as genimage master has support, let's just backport the patch. The autogen.sh is necessary, because we touch Makefile.am and we want autogen to rerun to account for changes between our host autotools and the one used to build the shipped files. Signed-off-by: Ahmad Fatoum --- ...d-Firmware-Image-Package-FIP-support.patch | 311 ++++++++++++++++++ patches/genimage-15/series | 1 + 2 files changed, 312 insertions(+) create mode 100644 patches/genimage-15/0001-Add-Firmware-Image-Package-FIP-support.patch create mode 100644 patches/genimage-15/series diff --git a/patches/genimage-15/0001-Add-Firmware-Image-Package-FIP-support.patch b/patches/genimage-15/0001-Add-Firmware-Image-Package-FIP-support.patch new file mode 100644 index 000000000000..72d2aaaaa80c --- /dev/null +++ b/patches/genimage-15/0001-Add-Firmware-Image-Package-FIP-support.patch @@ -0,0 +1,311 @@ +From de9a29b0c03696bf6d851c5fad9b4ab976ee48f1 Mon Sep 17 00:00:00 2001 +From: Ahmad Fatoum +Date: Fri, 1 Apr 2022 14:00:53 +0200 +Subject: [PATCH] Add Firmware Image Package (FIP) support + +Platforms where ARM Trusted Firmware is the first stage bootloader are +converging to use FIP as bundle format for further firmware including +trusted OS and non secure bootloader. Teach genimage to call fiptool to +generate FIP images. + +Signed-off-by: Ahmad Fatoum +Origin: master, 1e224789bacfa7b1411c3b5d5bee66aa61681cda +--- + Makefile.am | 2 + + README.rst | 39 ++++++++++++ + config.c | 5 ++ + genimage.c | 1 + + genimage.h | 1 + + image-fip.c | 135 +++++++++++++++++++++++++++++++++++++++++ + test/basic-images.test | 8 +++ + test/fip.config | 7 +++ + 8 files changed, 198 insertions(+) + create mode 100644 image-fip.c + create mode 100644 test/fip.config + +diff --git a/Makefile.am b/Makefile.am +index 30fe973cfb38..c1d42e4cedd3 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -23,6 +23,7 @@ genimage_SOURCES = \ + image-cramfs.c \ + image-ext2.c \ + image-file.c \ ++ image-fip.c \ + image-fit.c \ + image-flash.c \ + image-hd.c \ +@@ -66,6 +67,7 @@ EXTRA_DIST += \ + test/ext4.config \ + test/ext4test.0.dump \ + test/ext4test.1.dump \ ++ test/fip.config \ + test/fit.its \ + test/fit.config \ + test/flash-types.config \ +diff --git a/README.rst b/README.rst +index a2cc76b2af6b..234bc57ce384 100644 +--- a/README.rst ++++ b/README.rst +@@ -496,6 +496,45 @@ Options: + Note: If no content is specified with ``file`` or ``files`` then + ``rootpath`` and ``mountpoint`` are used to provide the content. + ++fip ++*** ++Generates a Firmware Image Package (FIP). A format used to bundle ++firmware to be loaded by ARM Trusted Firmware. ++ ++Options: ++ ++:extraargs: Extra arguments passed to fiptool ++:fw-config: Firmware Configuration (device tree), usually provided by BL2 (Trusted Firmware) ++:nt-fw: Non-Trusted Firmware (BL33) ++:hw-config: Hardware Configuration (device tree), passed to BL33 ++:tos-fw: Trusted OS (BL32) binaries. Second and third binary are used as ++ extra1 and extra2 binaries if specified. Example: ++ ``tos-fw = {"tee-header_v2.bin", "tee-pager_v2.bin", "tee-pageable_v2.bin"}`` ++:scp-fwu-cfg: SCP Firmware Updater Configuration FWU SCP_BL2U ++:ap-fwu-cfg: AP Firmware Updater Configuration BL2U ++:fwu: Firmware Updater NS_BL2U ++:fwu-cert: Non-Trusted Firmware Updater certificate ++:tb-fw: Trusted Boot Firmware BL2 ++:scp-fw: SCP Firmware SCP_BL2 ++:soc-fw: EL3 Runtime Firmware BL31 ++:tb-fw-config: TB_FW_CONFIG ++:soc-fw-config: SOC_FW_CONFIG ++:tos-fw-config: TOS_FW_CONFIG ++:nt-fw-config: NT_FW_CONFIG ++:rot-cert: Root Of Trust key certificate ++:trusted-key-cert: Trusted key certificate ++:scp-fw-key-cert: SCP Firmware key certificate ++:soc-fw-key-cert: SoC Firmware key certificate ++:tos-fw-key-cert: Trusted OS Firmware key certificate ++:nt-fw-key-cert: Non-Trusted Firmware key certificate ++:tb-fw-cert: Trusted Boot Firmware BL2 certificate ++:scp-fw-cert: SCP Firmware content certificate ++:soc-fw-cert: SoC Firmware content certificate ++:tos-fw-cert: Trusted OS Firmware content certificate ++:nt-fw-cert: Non-Trusted Firmware content certificate ++:sip-sp-cert: SiP owned Secure Partition content certificate ++:plat-sp-cert: Platform owned Secure Partition content certificate ++ + The Flash Section + ----------------- + +diff --git a/config.c b/config.c +index e3289169e779..db31dad7212d 100644 +--- a/config.c ++++ b/config.c +@@ -438,6 +438,11 @@ static struct config opts[] = { + .opt = CFG_STR("mkimage", NULL, CFGF_NONE), + .env = "GENIMAGE_MKIMAGE", + .def = "mkimage", ++ }, { ++ .name = "fiptool", ++ .opt = CFG_STR("fiptool", NULL, CFGF_NONE), ++ .env = "GENIMAGE_FIPTOOL", ++ .def = "fiptool", + }, { + .name = "config", + .env = "GENIMAGE_CONFIG", +diff --git a/genimage.c b/genimage.c +index 205c70fba338..fbb29f3deae7 100644 +--- a/genimage.c ++++ b/genimage.c +@@ -46,6 +46,7 @@ static struct image_handler *handlers[] = { + &ext4_handler, + &file_handler, + &fit_handler, ++ &fip_handler, + &flash_handler, + &hdimage_handler, + &iso_handler, +diff --git a/genimage.h b/genimage.h +index ca273f58047d..24354670ff4d 100644 +--- a/genimage.h ++++ b/genimage.h +@@ -118,6 +118,7 @@ extern struct image_handler ubi_handler; + extern struct image_handler ubifs_handler; + extern struct image_handler vfat_handler; + extern struct image_handler fit_handler; ++extern struct image_handler fip_handler; + + #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0])) + +diff --git a/image-fip.c b/image-fip.c +new file mode 100644 +index 000000000000..774c4222aeb6 +--- /dev/null ++++ b/image-fip.c +@@ -0,0 +1,135 @@ ++/* ++ * Copyright (c) 2022 Ahmad Fatoum ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License version 2 ++ * as published by the Free Software Foundation. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++ ++#include "genimage.h" ++ ++static int fip_generate(struct image *image) ++{ ++ struct partition *part; ++ char *args = strdup(""); ++ const char *extraargs = cfg_getstr(image->imagesec, "extraargs"); ++ int ret; ++ ++ list_for_each_entry(part, &image->partitions, list) { ++ struct image *child = image_get(part->image); ++ char *oldargs; ++ ++ oldargs = args; ++ xasprintf(&args, "%s --%s '%s'", args, part->name, imageoutfile(child)); ++ free(oldargs); ++ } ++ ++ ret = systemp(image, "%s create %s %s '%s'", get_opt("fiptool"), ++ args, extraargs, imageoutfile(image)); ++ ++ free(args); ++ ++ return ret; ++} ++ ++static void fip_add_part(struct image *image, ++ const char *name, const char *path) ++{ ++ struct partition *part; ++ ++ part = xzalloc(sizeof *part); ++ part->image = path; ++ part->name = name; ++ list_add_tail(&part->list, &image->partitions); ++} ++ ++static cfg_opt_t fip_opts[] = { ++ CFG_STR("extraargs", "", CFGF_NONE), ++ CFG_STR_LIST("tos-fw", NULL, CFGF_NONE), /* Secure Payload BL32 (Trusted OS, Extra1, Extra 2) */ ++ /* CFGF_NODEFAULT marks options passed as-is */ ++ CFG_STR("scp-fwu-cfg", NULL, CFGF_NODEFAULT), /* SCP Firmware Updater Configuration FWU SCP_BL2U */ ++ CFG_STR("ap-fwu-cfg", NULL, CFGF_NODEFAULT), /* AP Firmware Updater Configuration BL2U */ ++ CFG_STR("fwu", NULL, CFGF_NODEFAULT), /* Firmware Updater NS_BL2U */ ++ CFG_STR("fwu-cert", NULL, CFGF_NODEFAULT), /* Non-Trusted Firmware Updater certificate */ ++ CFG_STR("tb-fw", NULL, CFGF_NODEFAULT), /* Trusted Boot Firmware BL2 */ ++ CFG_STR("scp-fw", NULL, CFGF_NODEFAULT), /* SCP Firmware SCP_BL2 */ ++ CFG_STR("soc-fw", NULL, CFGF_NODEFAULT), /* EL3 Runtime Firmware BL31 */ ++ CFG_STR("nt-fw", NULL, CFGF_NODEFAULT), /* Non-Trusted Firmware BL33 */ ++ CFG_STR("fw-config", NULL, CFGF_NODEFAULT), /* FW_CONFIG */ ++ CFG_STR("hw-config", NULL, CFGF_NODEFAULT), /* HW_CONFIG */ ++ CFG_STR("tb-fw-config", NULL, CFGF_NODEFAULT), /* TB_FW_CONFIG */ ++ CFG_STR("soc-fw-config", NULL, CFGF_NODEFAULT), /* SOC_FW_CONFIG */ ++ CFG_STR("tos-fw-config", NULL, CFGF_NODEFAULT), /* TOS_FW_CONFIG */ ++ CFG_STR("nt-fw-config", NULL, CFGF_NODEFAULT), /* NT_FW_CONFIG */ ++ ++ CFG_STR("rot-cert", NULL, CFGF_NODEFAULT), /* Root Of Trust key certificate */ ++ ++ CFG_STR("trusted-key-cert", NULL, CFGF_NODEFAULT), /* Trusted key certificate */ ++ CFG_STR("scp-fw-key-cert", NULL, CFGF_NODEFAULT), /* SCP Firmware key certificate */ ++ CFG_STR("soc-fw-key-cert", NULL, CFGF_NODEFAULT), /* SoC Firmware key certificate */ ++ CFG_STR("tos-fw-key-cert", NULL, CFGF_NODEFAULT), /* Trusted OS Firmware key certificate */ ++ CFG_STR("nt-fw-key-cert", NULL, CFGF_NODEFAULT), /* Non-Trusted Firmware key certificate */ ++ ++ CFG_STR("tb-fw-cert", NULL, CFGF_NODEFAULT), /* Trusted Boot Firmware BL2 certificate */ ++ CFG_STR("scp-fw-cert", NULL, CFGF_NODEFAULT), /* SCP Firmware content certificate */ ++ CFG_STR("soc-fw-cert", NULL, CFGF_NODEFAULT), /* SoC Firmware content certificate */ ++ CFG_STR("tos-fw-cert", NULL, CFGF_NODEFAULT), /* Trusted OS Firmware content certificate */ ++ CFG_STR("nt-fw-cert", NULL, CFGF_NODEFAULT), /* Non-Trusted Firmware content certificate */ ++ ++ CFG_STR("sip-sp-cert", NULL, CFGF_NODEFAULT), /* SiP owned Secure Partition content certificate */ ++ CFG_STR("plat-sp-cert", NULL, CFGF_NODEFAULT), /* Platform owned Secure Partition content certificate */ ++ ++ CFG_END() ++}; ++ ++static const char *tos_fw[] = { "tos-fw", "tos-fw-extra1", "tos-fw-extra2" }; ++ ++static int fip_parse(struct image *image, cfg_t *cfg) ++{ ++ unsigned int i, num_tos_fw; ++ cfg_opt_t *opt; ++ ++ num_tos_fw = cfg_size(cfg, "tos-fw"); ++ if (num_tos_fw > ARRAY_SIZE(tos_fw)) { ++ image_error(image, "%u tos-fw binaries given, but maximum is %zu\n", ++ num_tos_fw, ARRAY_SIZE(tos_fw)); ++ return -EINVAL; ++ } ++ ++ for (i = 0; i < num_tos_fw; i++) ++ fip_add_part(image, tos_fw[i], cfg_getnstr(cfg, "tos-fw", i)); ++ ++ for (opt = fip_opts; opt->type; opt++) { ++ const char *file; ++ ++ if (opt->flags != CFGF_NODEFAULT) ++ continue; ++ ++ file = cfg_getstr(cfg, opt->name); ++ if (file) ++ fip_add_part(image, opt->name, file); ++ } ++ ++ return 0; ++} ++ ++struct image_handler fip_handler = { ++ .type = "fip", ++ .generate = fip_generate, ++ .parse = fip_parse, ++ .opts = fip_opts, ++}; +diff --git a/test/basic-images.test b/test/basic-images.test +index efddc34a6fd3..91e7f09dd9ed 100755 +--- a/test/basic-images.test ++++ b/test/basic-images.test +@@ -548,6 +548,14 @@ test_expect_success !includepath "includepath5" " + " + + ++exec_test_set_prereq fiptool ++test_expect_success fiptool "fip" " ++ setup_test_images && ++ run_genimage fip.config test.fip && ++ check_size_range images/test.fip 12804 13056 && ++ fiptool info images/test.fip ++" ++ + test_done + + # vim: syntax=sh +diff --git a/test/fip.config b/test/fip.config +new file mode 100644 +index 000000000000..31a7914d69ce +--- /dev/null ++++ b/test/fip.config +@@ -0,0 +1,7 @@ ++image test.fip { ++ fip { ++ extraargs = "--align 64" ++ fw-config = "part1.img" ++ tos-fw = { "part2.img", "part1.img" } ++ } ++} +-- +2.30.2 + diff --git a/patches/genimage-15/series b/patches/genimage-15/series new file mode 100644 index 000000000000..9b36f2745ad7 --- /dev/null +++ b/patches/genimage-15/series @@ -0,0 +1 @@ +0001-Add-Firmware-Image-Package-FIP-support.patch -- 2.30.2