[7/8] arm-bsp/trusted-services: corstone1000: Fix Capsule Update

Message ID	20230622130836.11346-8-emekcan.aras@arm.com
State	New
Headers	show Return-Path: <emekcan.aras@arm.com> ip: 217.140.110.172, mailfrom: emekcan.aras@arm.com) From: emekcan.aras@arm.com To: meta-arm@lists.yoctoproject.org, Ross.Burton@arm.com, Jon.Mason@arm.com Cc: nd@arm.com, Emekcan Aras <emekcan.aras@arm.com> Subject: [PATCH 7/8] arm-bsp/trusted-services: corstone1000: Fix Capsule Update Date: Thu, 22 Jun 2023 14:08:35 +0100 Message-Id: <20230622130836.11346-8-emekcan.aras@arm.com> In-Reply-To: <20230622130836.11346-1-emekcan.aras@arm.com> References: <20230622130836.11346-1-emekcan.aras@arm.com>
Series	arm-bsp/corstone1000: Various fixes for upcoming release \| expand [0/8] arm-bsp/corstone1000: Various fixes for upcoming release [1/8] arm-bsp/u-boot: corstone1000: Fix EFI multiple protocol install failure [2/8] arm-bsp/u-boot: corstone1000: Enable EFI set/get time services [3/8] arm-bsp/trusted-services: corstone1000: GetNextVariableName Fix [4/8] arm-bsp/optee-os:corstone1000: Drop SPMC non secure interrupt patches [5/8] arm-bsp/u-boot: corstone1000: Fix u-boot compilation warnings [6/8] arm-bsp/trusted-services: corstone1000: Fix PSA_RAW_KEY agreement test [7/8] arm-bsp/trusted-services: corstone1000: Fix Capsule Update [8/8] arm-bsp/trusted-firmware-a: corstone1000: Fix Trusted-Firmware-A version for corstone1000

diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-plat-corstone1000-Use-the-stateless-platform-service.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-plat-corstone1000-Use-the-stateless-platform-service.patch new file mode 100644 index 00000000..4e9d5c2e --- /dev/null +++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-plat-corstone1000-Use-the-stateless-platform-service.patch @@ -0,0 +1,141 @@ +From a71e99045996c57a4f80509ae8b770aa4f73f6c0 Mon Sep 17 00:00:00 2001 +From: Emekcan Aras <emekcan.aras@arm.com> +Date: Sun, 18 Jun 2023 14:38:42 +0100 +Subject: [PATCH] plat: corstone1000: Use the stateless platform service calls + Calls to psa_connect is not needed and psa_call can be called directly with a + pre defined handle. + +Signed-off-by: Satish Kumar <satish.kumar01@arm.com> +Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> + +Upstream-Status: Inappropriate [Design is to revisted] +--- + .../provider/capsule_update_provider.c | 24 ++++--------------- + .../provider/corstone1000_fmp_service.c | 10 ++++---- + .../provider/corstone1000_fmp_service.h | 3 +-- + components/service/common/include/psa/sid.h | 7 ++++++ + 4 files changed, 17 insertions(+), 27 deletions(-) + +diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c +index 991a2235..6809249f 100644 +--- a/components/service/capsule_update/provider/capsule_update_provider.c ++++ b/components/service/capsule_update/provider/capsule_update_provider.c +@@ -61,7 +61,6 @@ void capsule_update_provider_deinit(struct capsule_update_provider *context) + static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller) + { + uint32_t ioctl_id; +- psa_handle_t handle; + rpc_status_t rpc_status = TS_RPC_CALL_ACCEPTED; + + struct psa_invec in_vec[] = { +@@ -79,31 +78,18 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller) + case CAPSULE_UPDATE_REQUEST: + /* Openamp call with IOCTL for firmware update*/ + ioctl_id = IOCTL_CORSTONE1000_FWU_FLASH_IMAGES; +- handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID, +- TFM_SP_PLATFORM_IOCTL_VERSION); +- if (handle <= 0) { +- EMSG("%s Invalid handle", __func__); +- rpc_status = TS_RPC_ERROR_INVALID_PARAMETER; +- return rpc_status; +- } +- psa_call(caller,handle, PSA_IPC_CALL, ++ psa_call(caller,TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL, + in_vec,IOVEC_LEN(in_vec), NULL, 0); +- set_fmp_image_info(caller, handle); ++ set_fmp_image_info(caller); + break; + + case KERNEL_STARTED_EVENT: + ioctl_id = IOCTL_CORSTONE1000_FWU_HOST_ACK; + /*openamp call with IOCTL for kernel start*/ +- handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID, +- TFM_SP_PLATFORM_IOCTL_VERSION); +- if (handle <= 0) { +- EMSG("%s Invalid handle", __func__); +- rpc_status = TS_RPC_ERROR_INVALID_PARAMETER; +- return rpc_status; +- } +- psa_call(caller,handle, PSA_IPC_CALL, ++ ++ psa_call(caller,TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL, + in_vec,IOVEC_LEN(in_vec), NULL, 0); +- set_fmp_image_info(caller, handle); ++ set_fmp_image_info(caller); + break; + default: + EMSG("%s unsupported opcode", __func__); +diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c +index 6a7a47a7..d811af9f 100644 +--- a/components/service/capsule_update/provider/corstone1000_fmp_service.c ++++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c +@@ -238,8 +238,7 @@ static psa_status_t unpack_image_info(void *buffer, uint32_t size) + return PSA_SUCCESS; + } + +-static psa_status_t get_image_info(struct rpc_caller *caller, +- psa_handle_t platform_service_handle) ++static psa_status_t get_image_info(struct rpc_caller *caller) + { + psa_status_t status; + psa_handle_t handle; +@@ -255,7 +254,7 @@ static psa_status_t get_image_info(struct rpc_caller *caller, + + memset(image_info_buffer, 0, IMAGE_INFO_BUFFER_SIZE); + +- psa_call(caller, platform_service_handle, PSA_IPC_CALL, ++ psa_call(caller, TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL, + in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); + + status = unpack_image_info(image_info_buffer, IMAGE_INFO_BUFFER_SIZE); +@@ -288,12 +287,11 @@ static psa_status_t set_image_info(struct rpc_caller *caller) + return PSA_SUCCESS; + } + +-void set_fmp_image_info(struct rpc_caller *caller, +- psa_handle_t platform_service_handle) ++void set_fmp_image_info(struct rpc_caller *caller) + { + psa_status_t status; + +- status = get_image_info(caller, platform_service_handle); ++ status = get_image_info(caller); + if (status != PSA_SUCCESS) { + return; + } +diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h +index 95fba2a0..963223e8 100644 +--- a/components/service/capsule_update/provider/corstone1000_fmp_service.h ++++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h +@@ -16,8 +16,7 @@ extern "C" { + + void provision_fmp_variables_metadata(struct rpc_caller *caller); + +-void set_fmp_image_info(struct rpc_caller *caller, +- psa_handle_t platform_service_handle); ++void set_fmp_image_info(struct rpc_caller *caller); + + #ifdef __cplusplus + } /* extern "C" */ +diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h +index 5aaa659d..fc3a4fb0 100644 +--- a/components/service/common/include/psa/sid.h ++++ b/components/service/common/include/psa/sid.h +@@ -40,6 +40,13 @@ extern "C" { + #define TFM_CRYPTO_VERSION (1U) + #define TFM_CRYPTO_HANDLE (0x40000100U) + ++/******** TFM_PLATFORM_SERVICE *******/ ++#define TFM_PLATFORM_API_ID_IOCTL (1013) ++#define TFM_PLATFORM_SERVICE_HANDLE (0x40000105U) ++ ++/** ++ * \brief Define a progressive numerical value for each SID which can be used ++ * when dispatching the requests to the service + /******** TFM_SP_PLATFORM ********/ + #define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U) + #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U) +-- +2.17.1 + diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-Initialize-capsule-update-provider.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-Initialize-capsule-update-provider.patch new file mode 100644 index 00000000..3e6f606c --- /dev/null +++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-Initialize-capsule-update-provider.patch @@ -0,0 +1,78 @@ +From b5b31064959665f4cc616733be3d989ae4356636 Mon Sep 17 00:00:00 2001 +From: Emekcan Aras <emekcan.aras@arm.com> +Date: Sun, 18 Jun 2023 16:05:27 +0100 +Subject: [PATCH] plat: corstone1000: Initialize capsule update provider + +Initializes the capsule update service provider in se-proxy-sp.c deployment +for corstone1000. + +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> +Upstream-Status: Inappropriate [Design is to revisted] + +--- + deployments/se-proxy/env/commonsp/se_proxy_sp.c | 3 +++ + .../infra/corstone1000/service_proxy_factory.c | 17 +++++++++++++++++ + .../se-proxy/infra/service_proxy_factory.h | 1 + + 3 files changed, 21 insertions(+) + +diff --git a/deployments/se-proxy/env/commonsp/se_proxy_sp.c b/deployments/se-proxy/env/commonsp/se_proxy_sp.c +index 45fcb385..dc2a9d49 100644 +--- a/deployments/se-proxy/env/commonsp/se_proxy_sp.c ++++ b/deployments/se-proxy/env/commonsp/se_proxy_sp.c +@@ -77,6 +77,9 @@ void __noreturn sp_main(struct ffa_init_info *init_info) + } + rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_ATTEST, rpc_iface); + ++ rpc_iface = capsule_update_proxy_create(); ++ rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_CAPSULE_UPDATE, rpc_iface); ++ + /* End of boot phase */ + result = sp_msg_wait(&req_msg); + if (result != SP_RESULT_OK) { +diff --git a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c +index bacab1de..32d88c97 100644 +--- a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c ++++ b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c +@@ -14,6 +14,7 @@ + #include <service/crypto/factory/crypto_provider_factory.h> + #include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h> + #include <trace.h> ++#include <service/capsule_update/provider/capsule_update_provider.h> + + /* backends */ + #include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> +@@ -94,3 +95,19 @@ struct rpc_interface *its_proxy_create(void) + + return secure_storage_provider_init(&its_provider, backend); + } ++ ++struct rpc_interface *capsule_update_proxy_create(void) ++{ ++ static struct capsule_update_provider capsule_update_provider; ++ static struct rpc_caller *capsule_update_caller; ++ ++ capsule_update_caller = psa_ipc_caller_init(&psa_ipc); ++ ++ if (!capsule_update_caller) ++ return NULL; ++ ++ capsule_update_provider.client.caller = capsule_update_caller; ++ ++ return capsule_update_provider_init(&capsule_update_provider); ++} ++ +diff --git a/deployments/se-proxy/infra/service_proxy_factory.h b/deployments/se-proxy/infra/service_proxy_factory.h +index 298d407a..02aa7fe2 100644 +--- a/deployments/se-proxy/infra/service_proxy_factory.h ++++ b/deployments/se-proxy/infra/service_proxy_factory.h +@@ -17,6 +17,7 @@ struct rpc_interface *attest_proxy_create(void); + struct rpc_interface *crypto_proxy_create(void); + struct rpc_interface *ps_proxy_create(void); + struct rpc_interface *its_proxy_create(void); ++struct rpc_interface *capsule_update_proxy_create(void); + + #ifdef __cplusplus + } +-- +2.17.1 + diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc index baf4dbdb..3535ddb6 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc +++ b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc @@ -7,6 +7,8 @@ SRC_URI:append:corstone1000 = " \ file://0003-FMP-Support-in-Corstone1000.patch;patchdir=../trusted-services \ file://0004-GetNextVariableName-Fix.patch;patchdir=../trusted-services \ file://0005-plat-corstone1000-add-compile-definitions-for-ECP_DP.patch;patchdir=../trusted-services \ + file://0006-plat-corstone1000-Use-the-stateless-platform-service.patch;patchdir=../trusted-services \ + file://0007-plat-corstone1000-Initialize-capsule-update-provider.patch;patchdir=../trusted-services \ "

[7/8] arm-bsp/trusted-services: corstone1000: Fix Capsule Update

Commit Message

Patch