diff options
| author | Sumit Garg <sumit.garg@linaro.org> | 2019-11-15 15:34:55 +0530 |
|---|---|---|
| committer | Sumit Garg <sumit.garg@linaro.org> | 2020-03-06 16:40:37 +0530 |
| commit | 2be57b8658b1206a8fb8a2cfbbd9b15cae4b354d (patch) | |
| tree | 25df7c21a1cff5b174bc7c2dc2154339d70039ea /plat/common | |
| parent | 7cda17bb0f92db39d123a4f2a1732c9978556453 (diff) | |
| download | arm-trusted-firmware-2be57b8658b1206a8fb8a2cfbbd9b15cae4b354d.tar.gz | |
TBB: Add an IO abstraction layer to load encrypted firmwares
TBBR spec advocates for optional encryption of firmwares (see optional
requirement: R060_TBBR_FUNCTION). So add an IO abstaction layer to
support firmware decryption that can be stacked above any underlying IO/
packaging layer like FIP etc. It aims to provide a framework to load any
encrypted IO payload.
Also, add plat_get_enc_key_info() to be implemented in a platform
specific manner as handling of encryption key may vary from one platform
to another.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I9892e0ddf00ebecb8981301dbfa41ea23e078b03
Diffstat (limited to 'plat/common')
| -rw-r--r-- | plat/common/plat_bl_common.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/plat/common/plat_bl_common.c b/plat/common/plat_bl_common.c index 6070db235..de6c1d176 100644 --- a/plat/common/plat_bl_common.c +++ b/plat/common/plat_bl_common.c @@ -11,6 +11,7 @@ #include <common/debug.h> #include <lib/xlat_tables/xlat_tables_compat.h> #include <plat/common/platform.h> +#include <tools_share/firmware_encrypted.h> /* * The following platform functions are weakly defined. The Platforms @@ -22,6 +23,7 @@ #pragma weak bl2_plat_handle_pre_image_load #pragma weak bl2_plat_handle_post_image_load #pragma weak plat_try_next_boot_source +#pragma weak plat_get_enc_key_info void bl2_el3_plat_prepare_exit(void) { @@ -53,6 +55,31 @@ int plat_try_next_boot_source(void) } /* + * Weak implementation to provide dummy decryption key only for test purposes, + * platforms must override this API for any real world firmware encryption + * use-case. + */ +int plat_get_enc_key_info(enum fw_enc_status_t fw_enc_status, uint8_t *key, + size_t *key_len, unsigned int *flags, + const uint8_t *img_id, size_t img_id_len) +{ +#define DUMMY_FIP_ENC_KEY { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef, \ + 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef, \ + 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef, \ + 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef } + + const uint8_t dummy_key[] = DUMMY_FIP_ENC_KEY; + + assert(*key_len >= sizeof(dummy_key)); + + *key_len = sizeof(dummy_key); + memcpy(key, dummy_key, *key_len); + *flags = 0; + + return 0; +} + +/* * Set up the page tables for the generic and platform-specific memory regions. * The size of the Trusted SRAM seen by the BL image must be specified as well * as an array specifying the generic memory regions which can be; |