xref: /arm-trusted-firmware/lib/optee/optee_utils.c (revision 91f16700b400a8c0651d24a598fc48ee2997a0d7) 
1*91f16700Schasinglulu /*
2*91f16700Schasinglulu  * Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved.
3*91f16700Schasinglulu  *
4*91f16700Schasinglulu  * SPDX-License-Identifier: BSD-3-Clause
5*91f16700Schasinglulu  */
6*91f16700Schasinglulu 
7*91f16700Schasinglulu #include <assert.h>
8*91f16700Schasinglulu 
9*91f16700Schasinglulu #include <common/debug.h>
10*91f16700Schasinglulu #include <lib/optee_utils.h>
11*91f16700Schasinglulu 
12*91f16700Schasinglulu #include <platform_def.h>
13*91f16700Schasinglulu 
14*91f16700Schasinglulu /*******************************************************************************
15*91f16700Schasinglulu  * Check if it is a valid tee header
16*91f16700Schasinglulu  * Return true if valid
17*91f16700Schasinglulu  * Return false if invalid
18*91f16700Schasinglulu  ******************************************************************************/
19*91f16700Schasinglulu static bool tee_validate_header(optee_header_t *header)
20*91f16700Schasinglulu {
21*91f16700Schasinglulu 	if ((header->magic == TEE_MAGIC_NUM_OPTEE) &&
22*91f16700Schasinglulu 		(header->version == 2u) &&
23*91f16700Schasinglulu 		(header->nb_images > 0u) &&
24*91f16700Schasinglulu 		(header->nb_images <= OPTEE_MAX_NUM_IMAGES)) {
25*91f16700Schasinglulu 		return true;
26*91f16700Schasinglulu 	}
27*91f16700Schasinglulu 
28*91f16700Schasinglulu 	return false;
29*91f16700Schasinglulu }
30*91f16700Schasinglulu 
31*91f16700Schasinglulu bool optee_header_is_valid(uintptr_t header_base)
32*91f16700Schasinglulu {
33*91f16700Schasinglulu 	return tee_validate_header((optee_header_t *)header_base);
34*91f16700Schasinglulu }
35*91f16700Schasinglulu 
36*91f16700Schasinglulu /*******************************************************************************
37*91f16700Schasinglulu  * Parse the OPTEE image
38*91f16700Schasinglulu  * Return 0 on success or a negative error code otherwise.
39*91f16700Schasinglulu  ******************************************************************************/
40*91f16700Schasinglulu static int parse_optee_image(image_info_t *image_info,
41*91f16700Schasinglulu 		optee_image_t *image)
42*91f16700Schasinglulu {
43*91f16700Schasinglulu 	uintptr_t init_load_addr, free_end, requested_end;
44*91f16700Schasinglulu 	size_t init_size;
45*91f16700Schasinglulu 
46*91f16700Schasinglulu 	init_load_addr = ((uint64_t)image->load_addr_hi << 32) |
47*91f16700Schasinglulu 					image->load_addr_lo;
48*91f16700Schasinglulu 	init_size = image->size;
49*91f16700Schasinglulu 
50*91f16700Schasinglulu 	/*
51*91f16700Schasinglulu 	 * image->load_addr_hi & image->load_addr_lo set to UINT32_MAX indicate
52*91f16700Schasinglulu 	 * loader decided address; take our pre-mapped area for current image
53*91f16700Schasinglulu 	 * since arm-tf could not allocate memory dynamically
54*91f16700Schasinglulu 	 */
55*91f16700Schasinglulu 	if ((image->load_addr_hi == UINT32_MAX) &&
56*91f16700Schasinglulu 	    (image->load_addr_lo == UINT32_MAX)) {
57*91f16700Schasinglulu 		init_load_addr = image_info->image_base;
58*91f16700Schasinglulu 	}
59*91f16700Schasinglulu 
60*91f16700Schasinglulu 	/* Check that the default end address doesn't overflow */
61*91f16700Schasinglulu 	if (check_uptr_overflow(image_info->image_base,
62*91f16700Schasinglulu 				image_info->image_max_size - 1))
63*91f16700Schasinglulu 		return -1;
64*91f16700Schasinglulu 	free_end = image_info->image_base + (image_info->image_max_size - 1);
65*91f16700Schasinglulu 
66*91f16700Schasinglulu 	/* Check that the image end address doesn't overflow */
67*91f16700Schasinglulu 	if (check_uptr_overflow(init_load_addr, init_size - 1))
68*91f16700Schasinglulu 		return -1;
69*91f16700Schasinglulu 	requested_end = init_load_addr + (init_size - 1);
70*91f16700Schasinglulu 	/*
71*91f16700Schasinglulu 	 * Check that the requested RAM location is within reserved
72*91f16700Schasinglulu 	 * space for OPTEE.
73*91f16700Schasinglulu 	 */
74*91f16700Schasinglulu 	if (!((init_load_addr >= image_info->image_base) &&
75*91f16700Schasinglulu 			(requested_end <= free_end))) {
76*91f16700Schasinglulu 		WARN("The load address in optee header %p - %p is not in reserved area: %p - %p.\n",
77*91f16700Schasinglulu 				(void *)init_load_addr,
78*91f16700Schasinglulu 				(void *)(init_load_addr + init_size),
79*91f16700Schasinglulu 				(void *)image_info->image_base,
80*91f16700Schasinglulu 				(void *)(image_info->image_base +
81*91f16700Schasinglulu 					image_info->image_max_size));
82*91f16700Schasinglulu 		return -1;
83*91f16700Schasinglulu 	}
84*91f16700Schasinglulu 
85*91f16700Schasinglulu 	/*
86*91f16700Schasinglulu 	 * Remove the skip attr from image_info, the image will be loaded.
87*91f16700Schasinglulu 	 * The default attr in image_info is "IMAGE_ATTRIB_SKIP_LOADING", which
88*91f16700Schasinglulu 	 * mean the image will not be loaded. Here, we parse the header image to
89*91f16700Schasinglulu 	 * know that the extra image need to be loaded, so remove the skip attr.
90*91f16700Schasinglulu 	 */
91*91f16700Schasinglulu 	image_info->h.attr &= ~IMAGE_ATTRIB_SKIP_LOADING;
92*91f16700Schasinglulu 
93*91f16700Schasinglulu 	/* Update image base and size of image_info */
94*91f16700Schasinglulu 	image_info->image_base = init_load_addr;
95*91f16700Schasinglulu 	image_info->image_size = init_size;
96*91f16700Schasinglulu 
97*91f16700Schasinglulu 	return 0;
98*91f16700Schasinglulu }
99*91f16700Schasinglulu 
100*91f16700Schasinglulu /*******************************************************************************
101*91f16700Schasinglulu  * Parse the OPTEE header
102*91f16700Schasinglulu  * Return 0 on success or a negative error code otherwise.
103*91f16700Schasinglulu  ******************************************************************************/
104*91f16700Schasinglulu int parse_optee_header(entry_point_info_t *header_ep,
105*91f16700Schasinglulu 		image_info_t *pager_image_info,
106*91f16700Schasinglulu 		image_info_t *paged_image_info)
107*91f16700Schasinglulu 
108*91f16700Schasinglulu {
109*91f16700Schasinglulu 	optee_header_t *header;
110*91f16700Schasinglulu 	uint32_t num;
111*91f16700Schasinglulu 	int ret;
112*91f16700Schasinglulu 
113*91f16700Schasinglulu 	assert(header_ep);
114*91f16700Schasinglulu 	header = (optee_header_t *)header_ep->pc;
115*91f16700Schasinglulu 	assert(header);
116*91f16700Schasinglulu 
117*91f16700Schasinglulu 	/* Print the OPTEE header information */
118*91f16700Schasinglulu 	INFO("OPTEE ep=0x%x\n", (unsigned int)header_ep->pc);
119*91f16700Schasinglulu 	INFO("OPTEE header info:\n");
120*91f16700Schasinglulu 	INFO("      magic=0x%x\n", header->magic);
121*91f16700Schasinglulu 	INFO("      version=0x%x\n", header->version);
122*91f16700Schasinglulu 	INFO("      arch=0x%x\n", header->arch);
123*91f16700Schasinglulu 	INFO("      flags=0x%x\n", header->flags);
124*91f16700Schasinglulu 	INFO("      nb_images=0x%x\n", header->nb_images);
125*91f16700Schasinglulu 
126*91f16700Schasinglulu 	/*
127*91f16700Schasinglulu 	 * OPTEE image has 3 types:
128*91f16700Schasinglulu 	 *
129*91f16700Schasinglulu 	 * 1. Plain OPTEE bin without header.
130*91f16700Schasinglulu 	 *	Original bin without header, return directly,
131*91f16700Schasinglulu 	 *	BL32_EXTRA1_IMAGE_ID and BL32_EXTRA2_IMAGE_ID will be skipped.
132*91f16700Schasinglulu 	 *
133*91f16700Schasinglulu 	 * 2. OPTEE bin with header bin, but no paging.
134*91f16700Schasinglulu 	 *	Header available and nb_images = 1, remove skip attr for
135*91f16700Schasinglulu 	 *	BL32_EXTRA1_IMAGE_ID. BL32_EXTRA1_IMAGE_ID will be loaded,
136*91f16700Schasinglulu 	 *	and BL32_EXTRA2_IMAGE_ID be skipped.
137*91f16700Schasinglulu 	 *
138*91f16700Schasinglulu 	 * 3. OPTEE image with paging support.
139*91f16700Schasinglulu 	 *	Header available and nb_images = 2, there are 3 bins: header,
140*91f16700Schasinglulu 	 *	pager and pageable. Remove skip attr for BL32_EXTRA1_IMAGE_ID
141*91f16700Schasinglulu 	 *	and BL32_EXTRA2_IMAGE_ID to load pager and paged bin.
142*91f16700Schasinglulu 	 */
143*91f16700Schasinglulu 	if (!tee_validate_header(header)) {
144*91f16700Schasinglulu 		INFO("Invalid OPTEE header, set legacy mode.\n");
145*91f16700Schasinglulu #ifdef __aarch64__
146*91f16700Schasinglulu 		header_ep->args.arg0 = MODE_RW_64;
147*91f16700Schasinglulu #else
148*91f16700Schasinglulu 		header_ep->args.arg0 = MODE_RW_32;
149*91f16700Schasinglulu #endif
150*91f16700Schasinglulu 		return 0;
151*91f16700Schasinglulu 	}
152*91f16700Schasinglulu 
153*91f16700Schasinglulu 	/* Parse OPTEE image */
154*91f16700Schasinglulu 	for (num = 0U; num < header->nb_images; num++) {
155*91f16700Schasinglulu 		if (header->optee_image_list[num].image_id ==
156*91f16700Schasinglulu 				OPTEE_PAGER_IMAGE_ID) {
157*91f16700Schasinglulu 			ret = parse_optee_image(pager_image_info,
158*91f16700Schasinglulu 				&header->optee_image_list[num]);
159*91f16700Schasinglulu 		} else if (header->optee_image_list[num].image_id ==
160*91f16700Schasinglulu 				OPTEE_PAGED_IMAGE_ID) {
161*91f16700Schasinglulu 			if (paged_image_info == NULL) {
162*91f16700Schasinglulu 				if (header->optee_image_list[num].size != 0U) {
163*91f16700Schasinglulu 					ERROR("Paged image is not supported\n");
164*91f16700Schasinglulu 					return -1;
165*91f16700Schasinglulu 				}
166*91f16700Schasinglulu 
167*91f16700Schasinglulu 				continue;
168*91f16700Schasinglulu 			} else {
169*91f16700Schasinglulu 				ret = parse_optee_image(paged_image_info,
170*91f16700Schasinglulu 							&header->optee_image_list[num]);
171*91f16700Schasinglulu 			}
172*91f16700Schasinglulu 		} else {
173*91f16700Schasinglulu 			ERROR("Parse optee image failed.\n");
174*91f16700Schasinglulu 			return -1;
175*91f16700Schasinglulu 		}
176*91f16700Schasinglulu 
177*91f16700Schasinglulu 		if (ret != 0)
178*91f16700Schasinglulu 			return -1;
179*91f16700Schasinglulu 	}
180*91f16700Schasinglulu 
181*91f16700Schasinglulu 	/*
182*91f16700Schasinglulu 	 * Update "pc" value which should comes from pager image. After the
183*91f16700Schasinglulu 	 * header image is parsed, it will be useless, and the actual
184*91f16700Schasinglulu 	 * execution image after BL31 is pager image.
185*91f16700Schasinglulu 	 */
186*91f16700Schasinglulu 	header_ep->pc =	pager_image_info->image_base;
187*91f16700Schasinglulu 
188*91f16700Schasinglulu 	/*
189*91f16700Schasinglulu 	 * The paged load address and size are populated in
190*91f16700Schasinglulu 	 * header image arguments so that can be read by the
191*91f16700Schasinglulu 	 * BL32 SPD.
192*91f16700Schasinglulu 	 */
193*91f16700Schasinglulu 	if (paged_image_info != NULL) {
194*91f16700Schasinglulu 		header_ep->args.arg1 = paged_image_info->image_base;
195*91f16700Schasinglulu 		header_ep->args.arg2 = paged_image_info->image_size;
196*91f16700Schasinglulu 	}
197*91f16700Schasinglulu 
198*91f16700Schasinglulu 	/* Set OPTEE runtime arch - aarch32/aarch64 */
199*91f16700Schasinglulu 	if (header->arch == 0) {
200*91f16700Schasinglulu 		header_ep->args.arg0 = MODE_RW_32;
201*91f16700Schasinglulu 	} else {
202*91f16700Schasinglulu #ifdef __aarch64__
203*91f16700Schasinglulu 		header_ep->args.arg0 = MODE_RW_64;
204*91f16700Schasinglulu #else
205*91f16700Schasinglulu 		ERROR("Cannot boot an AArch64 OP-TEE\n");
206*91f16700Schasinglulu 		return -1;
207*91f16700Schasinglulu #endif
208*91f16700Schasinglulu 	}
209*91f16700Schasinglulu 
210*91f16700Schasinglulu 	return 0;
211*91f16700Schasinglulu }
212