Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame^] | 1 | From 2e56f2601249243f2fb3ba67caf9febe4bfc8371 Mon Sep 17 00:00:00 2001 |
| 2 | From: Satish Kumar <satish.kumar01@arm.com> |
| 3 | Date: Tue, 26 Apr 2022 20:17:13 +0100 |
| 4 | Subject: [PATCH 3/6] corstone1000: enable secure enclave run without host |
| 5 | binaries |
| 6 | |
| 7 | In TEST_S configuration, the build disables part of the code which |
| 8 | assumes that the host binaries are present in the flash. This change |
| 9 | will allow secure enclave's part of the platforms software to build |
| 10 | and run without the host support. The configuration can be used to run |
| 11 | CI and test secure enclave software independently. |
| 12 | |
| 13 | Change-Id: I29325750a3bea270fe5b3b8b47932a7071a59482 |
| 14 | Signed-off-by: Satish Kumar <satish.kumar01@arm.com> |
| 15 | Upstream-Status: Accepted [TF-Mv1.7.0] |
| 16 | --- |
| 17 | .../ext/target/arm/corstone1000/readme.rst | 88 +++++++++++++++---- |
| 18 | .../target/arm/corstone1000/CMakeLists.txt | 8 +- |
| 19 | .../arm/corstone1000/bl1/CMakeLists.txt | 2 +- |
| 20 | .../target/arm/corstone1000/bl2_flash_map.c | 2 + |
| 21 | .../target/arm/corstone1000/boot_hal_bl2.c | 2 + |
| 22 | .../ext/target/arm/corstone1000/config.cmake | 11 ++- |
| 23 | .../arm/corstone1000/partition/flash_layout.h | 2 +- |
| 24 | .../arm/corstone1000/tfm_hal_multi_core.c | 2 + |
| 25 | 8 files changed, 94 insertions(+), 23 deletions(-) |
| 26 | |
| 27 | diff --git a/docs/platform/ext/target/arm/corstone1000/readme.rst b/docs/platform/ext/target/arm/corstone1000/readme.rst |
| 28 | index 94b58ac6fc..10c9c58f78 100644 |
| 29 | --- a/docs/platform/ext/target/arm/corstone1000/readme.rst |
| 30 | +++ b/docs/platform/ext/target/arm/corstone1000/readme.rst |
| 31 | @@ -7,22 +7,27 @@ Introduction |
| 32 | ************ |
| 33 | |
| 34 | The ARM's Corstone-1000 platform is a reference implementation of PSA FF-M |
| 35 | -architecture where NSPE and SPE environments are partitioned into |
| 36 | +architecture where NSPE and SPE environments are partitioned/isolated into |
| 37 | Cortex-A35 and Cortex-M0+ respectively. |
| 38 | |
| 39 | Cortex-M0+ acting as Secure Enclave is the Root-of-trust of SoC. Its |
| 40 | -software comprises of two boot loading stages, i.e. Bl1 and Bl2, based on |
| 41 | -mcuboot, and TF-M as run time software. Cortex-A35, also referred as host, |
| 42 | -is completely treated as non-secure from the Secure Enclave perspective. |
| 43 | +software comprises of two boot loading stages, i.e. Bl1 and Bl2 (based on |
| 44 | +mcuboot) and TF-M as run time software. Cortex-A35, also referred as host, |
| 45 | +is treated as non-secure from the Secure Enclave perspective. |
| 46 | The Cortex-A35 is brought out of rest by Secure Enclave in aarch64 bit mode, |
| 47 | and boots the software ecosystem based on linux, u-boot, UEFI run time |
| 48 | -services, TF-A and Optee. |
| 49 | +services, TF-A, Secure Partitions and Optee. |
| 50 | |
| 51 | The communication between NSPE and SPE is based on PSA IPC protocol running on |
| 52 | -top of OpenAMP. |
| 53 | +top of FF-A/OpenAMP. |
| 54 | |
| 55 | The secure enclave subsystem has ARM's CC-312 (Crypto Cell) hardware to |
| 56 | -accelerate cryptographic operations. |
| 57 | +accelerate cryptographic operations. Additionaly, platform supports Secure Debug |
| 58 | +using SDC-600 as the communication interface between host debugger and platform |
| 59 | +target. The platform has the build option to enable secure debug protocol to |
| 60 | +unlock debug ports during boot time. The protocol is based on ARM's ADAC |
| 61 | +(Authenticated Debug Access Control) standard. |
| 62 | + |
| 63 | |
| 64 | *********** |
| 65 | System boot |
| 66 | @@ -33,23 +38,76 @@ System boot |
| 67 | - BL1 load, verifies and transfer execution to BL2 which is again based on mcuboot. |
| 68 | - BL2 loads and verifies TF-M and host's initial boot loader image. |
| 69 | - BL2 transfer the execution to the TF-M. |
| 70 | -- During TF-M initialization, the host is reset. |
| 71 | +- During TF-M initialization, the host is taken out of rest. |
| 72 | +- Hashes of the keys used for image verification are stored in the OTP memory. |
| 73 | |
| 74 | ***** |
| 75 | Build |
| 76 | ***** |
| 77 | |
| 78 | -.. code-block:: |
| 79 | +Platform solution |
| 80 | +================= |
| 81 | + |
| 82 | +The platform binaries are build using Yocto. Below is the user guide: |
| 83 | + |
| 84 | +`Arm Corstone-1000 User Guide`_ |
| 85 | + |
| 86 | +Secure Test |
| 87 | +=========== |
| 88 | + |
| 89 | +This section can be used to test the secure enclave software indedendently from |
| 90 | +the host. The below configuration builds the secure enclave binaries with CI test |
| 91 | +frame integrated. On boot, secure enclave softwares stack is brought up, and |
| 92 | +CI tests starts executing at the end of the initialization process. In the |
| 93 | +below configuration, host software support is disabled, and meant only |
| 94 | +to test/verify the secure enclave softwares. |
| 95 | + |
| 96 | +FVP |
| 97 | +--- |
| 98 | |
| 99 | - cmake -B build/ -S <tf-m-root>/ -DCMAKE_BUILD_TYPE=Debug -DTFM_TOOLCHAIN_FILE=<tf-m-root>/toolchain_GNUARM.cmake -DTFM_PLATFORM=arm/corstone1000 |
| 100 | +- Download Corstone-1000 FVP from : `Arm Ecosystem FVPs`_ |
| 101 | +- Install FVP by running the shell script. |
| 102 | +- Running of the binary will boot secure enclave software stack and at the end all CI test |
| 103 | + from tf-m-test along with platform specific tests are executed. |
| 104 | + |
| 105 | +.. code-block:: bash |
| 106 | + |
| 107 | + cmake -B build/ -S <tf-m-root>/ -DCMAKE_BUILD_TYPE=Debug -DTFM_TOOLCHAIN_FILE=<tf-m-root>/toolchain_GNUARM.cmake -DTFM_PLATFORM=arm/corstone1000 -DPLATFORM_IS_FVP=TRUE -DTEST_NS=OFF -DTEST_S=ON -DEXTRA_S_TEST_SUITES_PATHS=<tf-m-root>/trusted-firmware-m/platform/ext/target/arm/corstone1000/ci_regression_tests/ |
| 108 | cmake --build build -- install |
| 109 | + cd ./build/install/outputs/ |
| 110 | + cat bl2_signed.bin bl2_signed.bin tfm_s_signed.bin > cs1000.bin |
| 111 | + cd <path-to-FVP-installation>/models/Linux64_GCC-9.3/ |
| 112 | + ./FVP_Corstone-1000 -C board.flashloader0.fname="none" -C se.trustedBootROMloader.fname="./<path-to-build-dir>/install/outputs/bl1.bin" -C board.xnvm_size=64 -C se.trustedSRAM_config=6 -C se.BootROM_config="3" -C board.smsc_91c111.enabled=0 -C board.hostbridge.userNetworking=true --data board.flash0=./<path-to-build-dir>/install/outputs/cs1000.bin@0x68100000 -C diagnostics=4 -C disable_visualisation=true -C board.se_flash_size=8192 -C diagnostics=4 -C disable_visualisation=true |
| 113 | + |
| 114 | +FPGA |
| 115 | +---- |
| 116 | |
| 117 | -The binaries will be installed inside: |
| 118 | +- Follow the above pointed platform user guide to setup the FPGA board. |
| 119 | +- Use the BL1 generated from the below commands to place it inside FPGA board SD Card. |
| 120 | +- Use the cs1000.bin created from the below commands to place it inside FPGA board SD Card. |
| 121 | + |
| 122 | +.. code-block:: bash |
| 123 | + |
| 124 | + cmake -B build/ -S <tf-m-root>/ -DCMAKE_BUILD_TYPE=Debug -DTFM_TOOLCHAIN_FILE=<tf-m-root>/toolchain_GNUARM.cmake -DTFM_PLATFORM=arm/corstone1000 -DTEST_NS=OFF -DTEST_S=ON -DEXTRA_S_TEST_SUITES_PATHS=<tf-m-root>/trusted-firmware-m/platform/ext/target/arm/corstone1000/ci_regression_tests/ -DTEST_S_PS=OFF -DTEST_S_PLATFORM=OFF |
| 125 | + cmake --build build -- install |
| 126 | + cd ./build/install/outputs/ |
| 127 | + cat bl2_signed.bin bl2_signed.bin tfm_s_signed.bin > cs1000.bin |
| 128 | + cp bl1.bin <path-to-FPGA-SD-CARD>/SOFTWARE/ |
| 129 | + cp cs1000.bin <path-to-FPGA-SD-CARD>/SOFTWARE/ |
| 130 | |
| 131 | -.. code-block:: |
| 132 | +FPGA build can not compile all the CI tests into a single build as it exceeds |
| 133 | +the available RAM size. So there is a need to select few tests but not all. |
| 134 | +The above configuration disable build of -DTEST_S_PS and -DTEST_S_PLATFORM. |
| 135 | +Other test configurations are: |
| 136 | |
| 137 | - ./build/install/outputs/ARM/CORSTONE1000 |
| 138 | +- -DTEST_S_ATTESTATION=ON/OFF |
| 139 | +- -DTEST_S_AUDIT=ON/OFF |
| 140 | +- -DTEST_S_CRYPTO=ON/OFF |
| 141 | +- -DTEST_S_ITS=ON/OFF |
| 142 | +- -DTEST_S_PS=ON/OFF |
| 143 | +- -DTEST_S_PLATFORM=ON/OFF |
| 144 | |
| 145 | --------------- |
| 146 | +*Copyright (c) 2021-2022, Arm Limited. All rights reserved.* |
| 147 | |
| 148 | -*Copyright (c) 2021, Arm Limited. All rights reserved.* |
| 149 | +.. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps |
| 150 | +.. _Arm Corstone-1000 User Guide: https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-docs/-/blob/CORSTONE1000-2022.04.19/docs/embedded-a/corstone1000/user-guide.rst |
| 151 | diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt |
| 152 | index 39d7b03455..81522c7cf0 100644 |
| 153 | --- a/platform/ext/target/arm/corstone1000/CMakeLists.txt |
| 154 | +++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt |
| 155 | @@ -18,7 +18,7 @@ target_include_directories(platform_region_defs |
| 156 | |
| 157 | target_compile_definitions(platform_region_defs |
| 158 | INTERFACE |
| 159 | - $<$<BOOL:${TEST_S}>:TEST_S> |
| 160 | + $<$<BOOL:${TFM_S_REG_TEST}>:TFM_S_REG_TEST> |
| 161 | ) |
| 162 | #========================= Platform common defs ===============================# |
| 163 | |
| 164 | @@ -75,7 +75,7 @@ target_sources(platform_s |
| 165 | $<$<BOOL:TFM_PARTITION_PLATFORM>:${CMAKE_CURRENT_SOURCE_DIR}/services/src/tfm_platform_system.c> |
| 166 | fw_update_agent/uefi_capsule_parser.c |
| 167 | fw_update_agent/fwu_agent.c |
| 168 | - $<$<BOOL:${TEST_S}>:${CMAKE_CURRENT_SOURCE_DIR}/target_cfg.c> |
| 169 | + $<$<BOOL:${TFM_S_REG_TEST}>:${CMAKE_CURRENT_SOURCE_DIR}/target_cfg.c> |
| 170 | ) |
| 171 | |
| 172 | if (PLATFORM_IS_FVP) |
| 173 | @@ -96,7 +96,7 @@ endif() |
| 174 | target_compile_definitions(platform_s |
| 175 | PRIVATE |
| 176 | $<$<BOOL:${PLATFORM_IS_FVP}>:PLATFORM_IS_FVP> |
| 177 | - $<$<BOOL:${TEST_S}>:TEST_S> |
| 178 | + $<$<BOOL:${TFM_S_REG_TEST}>:TFM_S_REG_TEST> |
| 179 | $<$<BOOL:${EXTERNAL_SYSTEM_SUPPORT}>:EXTERNAL_SYSTEM_SUPPORT> |
| 180 | ) |
| 181 | |
| 182 | @@ -136,7 +136,7 @@ endif() |
| 183 | target_compile_definitions(platform_bl2 |
| 184 | PRIVATE |
| 185 | $<$<BOOL:${PLATFORM_IS_FVP}>:PLATFORM_IS_FVP> |
| 186 | - $<$<BOOL:${TEST_S}>:TEST_S> |
| 187 | + $<$<BOOL:${TFM_S_REG_TEST}>:TFM_S_REG_TEST> |
| 188 | ) |
| 189 | |
| 190 | # boot_hal_bl2.c is compiled as part of 'bl2' target and not inside |
| 191 | diff --git a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt b/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt |
| 192 | index 369695f148..d39c5ae91d 100644 |
| 193 | --- a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt |
| 194 | +++ b/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt |
| 195 | @@ -291,7 +291,7 @@ target_compile_definitions(signing_layout_for_bl2 |
| 196 | PRIVATE |
| 197 | MCUBOOT_IMAGE_NUMBER=${BL1_IMAGE_NUMBER} |
| 198 | BL1 |
| 199 | - $<$<BOOL:${TEST_S}>:TEST_S> |
| 200 | + $<$<BOOL:${TFM_S_REG_TEST}>:TFM_S_REG_TEST> |
| 201 | ) |
| 202 | |
| 203 | target_include_directories(signing_layout_for_bl2 |
| 204 | diff --git a/platform/ext/target/arm/corstone1000/bl2_flash_map.c b/platform/ext/target/arm/corstone1000/bl2_flash_map.c |
| 205 | index 6bffa274df..0a6a592d94 100644 |
| 206 | --- a/platform/ext/target/arm/corstone1000/bl2_flash_map.c |
| 207 | +++ b/platform/ext/target/arm/corstone1000/bl2_flash_map.c |
| 208 | @@ -38,6 +38,7 @@ struct flash_area flash_map[] = { |
| 209 | .fa_off = FLASH_AREA_1_OFFSET, |
| 210 | .fa_size = FLASH_AREA_1_SIZE, |
| 211 | }, |
| 212 | +#ifndef TFM_S_REG_TEST |
| 213 | { |
| 214 | .fa_id = FLASH_AREA_2_ID, |
| 215 | .fa_device_id = FLASH_DEVICE_ID, |
| 216 | @@ -52,6 +53,7 @@ struct flash_area flash_map[] = { |
| 217 | .fa_off = FLASH_INVALID_OFFSET, |
| 218 | .fa_size = FLASH_INVALID_SIZE, |
| 219 | }, |
| 220 | +#endif |
| 221 | }; |
| 222 | |
| 223 | const int flash_map_entry_num = ARRAY_SIZE(flash_map); |
| 224 | diff --git a/platform/ext/target/arm/corstone1000/boot_hal_bl2.c b/platform/ext/target/arm/corstone1000/boot_hal_bl2.c |
| 225 | index 792e06f81e..134315a17b 100644 |
| 226 | --- a/platform/ext/target/arm/corstone1000/boot_hal_bl2.c |
| 227 | +++ b/platform/ext/target/arm/corstone1000/boot_hal_bl2.c |
| 228 | @@ -100,10 +100,12 @@ int32_t boot_platform_init(void) |
| 229 | return 1; |
| 230 | } |
| 231 | |
| 232 | +#ifndef TFM_S_REG_TEST |
| 233 | result = fill_bl2_flash_map_by_parsing_fips(BANK_0_PARTITION_OFFSET); |
| 234 | if (result) { |
| 235 | return 1; |
| 236 | } |
| 237 | +#endif |
| 238 | |
| 239 | result = FLASH_DEV_NAME.Initialize(NULL); |
| 240 | if (result != ARM_DRIVER_OK) { |
| 241 | diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake |
| 242 | index a3399db318..a6a1a33c42 100644 |
| 243 | --- a/platform/ext/target/arm/corstone1000/config.cmake |
| 244 | +++ b/platform/ext/target/arm/corstone1000/config.cmake |
| 245 | @@ -13,8 +13,15 @@ set(DEFAULT_MCUBOOT_FLASH_MAP OFF CACHE BOOL "Whether to us |
| 246 | set(MCUBOOT_UPGRADE_STRATEGY "RAM_LOAD" CACHE STRING "Upgrade strategy when multiple boot images are loaded") |
| 247 | set(MCUBOOT_SECURITY_COUNTER_S "1" CACHE STRING "Security counter for S image. auto sets it to IMAGE_VERSION_S") |
| 248 | |
| 249 | -set(TFM_ISOLATION_LEVEL 2 CACHE STRING "Isolation level") |
| 250 | -set(MCUBOOT_IMAGE_NUMBER 2 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each separately") |
| 251 | +if (TEST_S OR TEST_S_ATTESTATION OR TEST_S_AUDIT OR TEST_S_CRYPTO OR TEST_S_ITS OR TEST_S_PS OR TEST_S_PLATFORM OR EXTRA_S_TEST_SUITES_PATHS) |
| 252 | + # Test configuration: host images are not needed and work only with isolation level 1 |
| 253 | + set(MCUBOOT_IMAGE_NUMBER 1 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each separately") |
| 254 | + set(TFM_ISOLATION_LEVEL 1 CACHE STRING "Isolation level") |
| 255 | +else() |
| 256 | + set(MCUBOOT_IMAGE_NUMBER 2 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each separately") |
| 257 | + set(TFM_ISOLATION_LEVEL 2 CACHE STRING "Isolation level") |
| 258 | +endif() |
| 259 | + |
| 260 | set(TFM_MULTI_CORE_TOPOLOGY ON CACHE BOOL "Whether to build for a dual-cpu architecture") |
| 261 | set(TFM_PLAT_SPECIFIC_MULTI_CORE_COMM ON CACHE BOOL "Whether to use a platform specific inter core communication instead of mailbox in dual-cpu topology") |
| 262 | set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms") |
| 263 | diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h |
| 264 | index aa5a8fe463..b0319bb319 100644 |
| 265 | --- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h |
| 266 | +++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h |
| 267 | @@ -119,7 +119,7 @@ |
| 268 | * |
| 269 | */ |
| 270 | #define SE_BL2_PARTITION_SIZE (0x19000) /* 100 KB */ |
| 271 | -#ifdef TEST_S |
| 272 | +#ifdef TFM_S_REG_TEST |
| 273 | #define TFM_PARTITION_SIZE (0x61C00) /* 391 KB */ |
| 274 | #else |
| 275 | #define TFM_PARTITION_SIZE (0x5E000) /* 376 KB */ |
| 276 | diff --git a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c |
| 277 | index 8622844d91..1146ffe22a 100644 |
| 278 | --- a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c |
| 279 | +++ b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c |
| 280 | @@ -31,6 +31,7 @@ void tfm_hal_boot_ns_cpu(uintptr_t start_addr) |
| 281 | /* Switch the shared flash to XiP mode for the host */ |
| 282 | Select_XIP_Mode_For_Shared_Flash(); |
| 283 | |
| 284 | +#ifndef TFM_S_REG_TEST |
| 285 | volatile uint32_t *bir_base = (uint32_t *)CORSTONE1000_HOST_BIR_BASE; |
| 286 | |
| 287 | /* Program Boot Instruction Register to jump to BL2 (TF-A) base address |
| 288 | @@ -68,6 +69,7 @@ void tfm_hal_boot_ns_cpu(uintptr_t start_addr) |
| 289 | /*release EXT SYS out of reset*/ |
| 290 | tfm_external_system_boot(); |
| 291 | #endif |
| 292 | +#endif /* !TFM_S_REG_TEST */ |
| 293 | } |
| 294 | |
| 295 | void tfm_hal_wait_for_ns_cpu_ready(void) |
| 296 | -- |
| 297 | 2.25.1 |
| 298 | |