From 35d4b3f2f48bc032579c15439b5cb29a5d254ce3 Mon Sep 17 00:00:00 2001 From: Venkateshwar S Date: Sun, 12 Oct 2025 23:04:15 -0700 Subject: [PATCH] arch/arm64: Support to load QTEE firmware in x1P42100 This patch adds support to load QTEE firmware in X1P42100. A new Kconfig 'ARM64_HAS_SECURE_OS_PAYLOAD' has been introduced to support packing the QTEE firmware as a CBFS payload type. Based on this configuration, the QTEE firmware is packed either as a stage or payload type in CBFS. In X1P42100, the QTEE FW is packed as a CBFS payload type, as its memory regions are non-contiguous across system IMEM and DDR. TEST=Create an image.serial.bin and ensure it boots on X1P42100. Ensure loading of the QTEE firmware in the appropriate regions. [INFO ] CBFS: Found 'fallback/secure_os' @0xff1c0 size 0x2ac188 [DEBUG] read SPI 0xd2f218 0x2ac188: 225876 us, 12405 KB/s, 99.240 Mbps [INFO ] VB2:vb2_secdata_kernel_get() VB2_SECDATA_KERNEL_FLAGS not supported for secdata_kernel v0, return 0 [INFO ] VB2:vb2_digest_init() 2802056 bytes, hash algo 2, HW acceleration forbidden [DEBUG] Loading segment from ROM address 0x9f8040f8 [DEBUG] code (compression=0) [DEBUG] New segment dstaddr 0x1468f000 memsize 0x2000 srcaddr 0x9f804280 filesize 0x2000 [DEBUG] Loading Segment: addr: 0x1468f000 memsz: 0x0000000000002000 filesz: 0x0000000000002000 [DEBUG] it's not compressed! [SPEW ] [ 0x1468f000, 14691000, 0x14691000) <- 9f804280 [DEBUG] Loading segment from ROM address 0x9f804114 [DEBUG] data (compression=0) [DEBUG] New segment dstaddr 0x14691000 memsize 0x2000 srcaddr 0x9f806280 filesize 0x2000 [DEBUG] Loading Segment: addr: 0x14691000 memsz: 0x0000000000002000 filesz: 0x0000000000002000 [DEBUG] it's not compressed! [SPEW ] [ 0x14691000, 14693000, 0x14693000) <- 9f806280 [DEBUG] Loading segment from ROM address 0x9f804130 [DEBUG] code (compression=0) [DEBUG] New segment dstaddr 0xd8087000 memsize 0x12b000 srcaddr 0x9f808280 filesize 0x12b000 [DEBUG] Loading Segment: addr: 0xd8087000 memsz: 0x000000000012b000 filesz: 0x000000000012b000 [DEBUG] it's not compressed! [SPEW ] [ 0xd8087000, d81b2000, 0xd81b2000) <- 9f808280 [DEBUG] Loading segment from ROM address 0x9f80414c [DEBUG] data (compression=0) [DEBUG] New segment dstaddr 0xd81b2000 memsize 0x14000 srcaddr 0x9f933280 filesize 0x14000 [DEBUG] Loading Segment: addr: 0xd81b2000 memsz: 0x0000000000014000 filesz: 0x0000000000014000 [DEBUG] it's not compressed! [SPEW ] [ 0xd81b2000, d81c6000, 0xd81c6000) <- 9f933280 [DEBUG] Loading segment from ROM address 0x9f804168 [DEBUG] data (compression=0) [DEBUG] New segment dstaddr 0xd81c6000 memsize 0xb3000 srcaddr 0x9f947280 filesize 0xb3000 [DEBUG] Loading Segment: addr: 0xd81c6000 memsz: 0x00000000000b3000 filesz: 0x00000000000b3000 [DEBUG] it's not compressed! [SPEW ] [ 0xd81c6000, d8279000, 0xd8279000) <- 9f947280 [DEBUG] Loading segment from ROM address 0x9f804184 [DEBUG] BSS 0xd8279000 (4096 byte) [DEBUG] Loading Segment: addr: 0xd8279000 memsz: 0x0000000000001000 filesz: 0x0000000000000000 [DEBUG] it's not compressed! [SPEW ] [ 0xd8279000, d8279000, 0xd827a000) <- 9f9fa280 [DEBUG] Clearing Segment: addr: 0x00000000d8279000 memsz: 0x0000000000001000 [DEBUG] Loading segment from ROM address 0x9f8041a0 [DEBUG] data (compression=0) [DEBUG] New segment dstaddr 0xd82e6000 memsize 0x5d000 srcaddr 0x9f9fa280 filesize 0xe000 [DEBUG] Loading Segment: addr: 0xd82e6000 memsz: 0x000000000005d000 filesz: 0x000000000000e000 [DEBUG] it's not compressed! [SPEW ] [ 0xd82e6000, d82f4000, 0xd8343000) <- 9f9fa280 [DEBUG] Clearing Segment: addr: 0x00000000d82f4000 memsz: 0x000000000004f000 [DEBUG] Loading segment from ROM address 0x9f8041bc [DEBUG] BSS 0xd8343000 (65536 byte) [DEBUG] Loading Segment: addr: 0xd8343000 memsz: 0x0000000000010000 [DEBUG] Loading Segment: addr: 0xd8279000 memsz: 0x0000000000001000 filesz: 0x0000000000000000 [DEBUG] it's not compressed! [SPEW ] [ 0xd8279000, d8279000, 0xd827a000) <- 9f9fa280 [DEBUG] Clearing Segment: addr: 0x00000000d8279000 memsz: 0x0000000000001000 [DEBUG] Loading segment from ROM address 0x9f8041a0 [DEBUG] data (compression=0) [DEBUG] New segment dstaddr 0xd82e6000 memsize 0x5d000 srcaddr 0x9f9fa280 filesize 0xe000 [DEBUG] Loading Segment: addr: 0xd82e6000 memsz: 0x000000000005d000 filesz: 0x000000000000e000 [DEBUG] it's not compressed! [SPEW ] [ 0xd82e6000, d82f4000, 0xd8343000) <- 9f9fa280 [DEBUG] Clearing Segment: addr: 0x00000000d82f4000 memsz: 0x000000000004f000 [DEBUG] Loading segment from ROM address 0x9f8041bc [DEBUG] BSS 0xd8343000 (65536 byte) [DEBUG] Loading Segment: addr: 0xd8343000 memsz: 0x0000000000010000 filesz: 0x0000000000000000 [DEBUG] it's not compressed! [SPEW ] [ 0xd8343000, d8343000, 0xd8353000) <- 9fa08280 [DEBUG] Clearing Segment: addr: 0x00000000d8343000 memsz: 0x0000000000010000 [DEBUG] Loading segment from ROM address 0x9f8041d8 [DEBUG] BSS 0xd8353000 (65536 byte) [DEBUG] Loading Segment: addr: 0xd8353000 memsz: 0x0000000000010000 filesz: 0x0000000000000000 [DEBUG] it's not compressed! [SPEW ] [ 0xd8353000, d8353000, 0xd8363000) <- 9fa08280 [DEBUG] Clearing Segment: addr: 0x00000000d8353000 memsz: 0x0000000000010000 [DEBUG] Loading segment from ROM address 0x9f8041f4 [DEBUG] data (compression=0) [DEBUG] New segment dstaddr 0xd836a000 memsize 0x1000 srcaddr 0x9fa08280 filesize 0x1000 [DEBUG] Loading Segment: addr: 0xd836a000 memsz: 0x0000000000001000 filesz: 0x0000000000001000 [DEBUG] it's not compressed! [SPEW ] [ 0xd836a000, d836b000, 0xd836b000) <- 9fa08280 [DEBUG] Loading segment from ROM address 0x9f804210 [DEBUG] code (compression=0) [DEBUG] New segment dstaddr 0xd836b000 memsize 0x99000 srcaddr 0x9fa09280 filesize 0x99000 [DEBUG] Loading Segment: addr: 0xd836b000 memsz: 0x0000000000099000 filesz: 0x0000000000099000 [DEBUG] it's not compressed! [SPEW ] [ 0xd836b000, d8404000, 0xd8404000) <- 9fa09280 [DEBUG] Loading segment from ROM address 0x9f80422c [DEBUG] data (compression=0) [DEBUG] New segment dstaddr 0xd8404000 memsize 0x3000 srcaddr 0x9faa2280 filesize 0x3000 [DEBUG] Loading Segment: addr: 0xd8404000 memsz: 0x0000000000003000 filesz: 0x0000000000003000 [DEBUG] it's not compressed! [SPEW ] [ 0xd8404000, d8407000, 0xd8407000) <- 9faa2280 [DEBUG] Loading segment from ROM address 0x9f804248 [DEBUG] data (compression=0) [DEBUG] New segment dstaddr 0xd8407000 memsize 0xb000 srcaddr 0x9faa5280 filesize 0xb000 [DEBUG] Loading Segment: addr: 0xd8407000 memsz: 0x000000000000b000 filesz: 0x000000000000b000 [DEBUG] it's not compressed! [SPEW ] [ 0xd8407000, d8412000, 0xd8412000) <- 9faa5280 [DEBUG] Loading segment from ROM address 0x9f804264 [DEBUG] Entry Point 0x1468f000 [SPEW ] Loaded segments Change-Id: I5498f418ae7ccc4a8ad2ca05698da3e0a3ec5609 Signed-off-by: Venkateshwar S Reviewed-on: https://review.coreboot.org/c/coreboot/+/89548 Reviewed-by: Subrata Banik Tested-by: build bot (Jenkins) --- src/arch/arm64/Kconfig | 8 ++++++++ src/arch/arm64/Makefile.mk | 4 ++++ src/arch/arm64/bl31.c | 9 +++++++-- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/src/arch/arm64/Kconfig b/src/arch/arm64/Kconfig index af5050b21b..9853ceddc0 100644 --- a/src/arch/arm64/Kconfig +++ b/src/arch/arm64/Kconfig @@ -68,6 +68,14 @@ config ARM64_USE_SECURE_OS default n depends on ARM64_USE_ARM_TRUSTED_FIRMWARE +config ARM64_USE_SECURE_OS_PAYLOAD + bool + default n + depends on ARM64_USE_SECURE_OS + help + This option adds support for packing the SECURE_OS image as a CBFS + payload type when it spans non-contiguous memory regions. + config ARM64_SECURE_OS_FILE string "Secure OS binary file" depends on ARM64_USE_SECURE_OS diff --git a/src/arch/arm64/Makefile.mk b/src/arch/arm64/Makefile.mk index f54c6d22fc..279d31fb47 100644 --- a/src/arch/arm64/Makefile.mk +++ b/src/arch/arm64/Makefile.mk @@ -219,7 +219,11 @@ ifeq ($(CONFIG_ARM64_USE_SECURE_OS),y) SECURE_OS_FILE := $(CONFIG_ARM64_SECURE_OS_FILE) SECURE_OS_FILE_CBFS := $(CONFIG_CBFS_PREFIX)/secure_os $(SECURE_OS_FILE_CBFS)-file := $(SECURE_OS_FILE) +ifeq ($(CONFIG_ARM64_USE_SECURE_OS_PAYLOAD),y) +$(SECURE_OS_FILE_CBFS)-type := payload +else $(SECURE_OS_FILE_CBFS)-type := stage +endif # CONFIG_ARM64_USE_SECURE_OS_PAYLOAD cbfs-files-y += $(SECURE_OS_FILE_CBFS) check-ramstage-overlap-files += $(SECURE_OS_FILE_CBFS) diff --git a/src/arch/arm64/bl31.c b/src/arch/arm64/bl31.c index 06676bcab8..a0402d7351 100644 --- a/src/arch/arm64/bl31.c +++ b/src/arch/arm64/bl31.c @@ -84,8 +84,13 @@ void run_bl31(u64 payload_entry, u64 payload_arg0, u64 payload_spsr) struct prog bl32 = PROG_INIT(PROG_BL32, CONFIG_CBFS_PREFIX"/secure_os"); - if (cbfs_prog_stage_load(&bl32)) - die("BL32 load failed"); + if (CONFIG(ARM64_USE_SECURE_OS_PAYLOAD)) { + if (!selfload(&bl32)) + die("BL32 load failed"); + } else { + if (cbfs_prog_stage_load(&bl32)) + die("BL32 load failed"); + } bl32_ep_info.pc = (uintptr_t)prog_entry(&bl32); bl32_ep_info.spsr = SPSR_EXCEPTION_MASK |