1/*
2 * Copyright (c) 2014, ARM Limited and Contributors. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
6 *
7 * Redistributions of source code must retain the above copyright notice, this
8 * list of conditions and the following disclaimer.
9 *
10 * Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 *
14 * Neither the name of ARM nor the names of its contributors may be used
15 * to endorse or promote products derived from this software without specific
16 * prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28 * POSSIBILITY OF SUCH DAMAGE.
29 */
30
31#include <assert.h>
32#include <bl_common.h>
33#include <debug.h>
34#include <errno.h>
35#include <firmware_image_package.h>
36#include <io_driver.h>
37#include <io_fip.h>
38#include <io_storage.h>
39#include <platform.h>
40#include <platform_def.h>
41#include <stdint.h>
42#include <string.h>
43#include <uuid.h>
44
45/* Useful for printing UUIDs when debugging.*/
46#define PRINT_UUID2(x)								\
47	"%08x-%04hx-%04hx-%02hhx%02hhx-%02hhx%02hhx%02hhx%02hhx%02hhx%02hhx",	\
48		x.time_low, x.time_mid, x.time_hi_and_version,			\
49		x.clock_seq_hi_and_reserved, x.clock_seq_low,			\
50		x.node[0], x.node[1], x.node[2], x.node[3],			\
51		x.node[4], x.node[5]
52
53typedef struct {
54	const char	*name;
55	const uuid_t	 uuid;
56} plat_fip_name_uuid_t;
57
58typedef struct {
59	/* Put file_pos above the struct to allow {0} on static init.
60	 * It is a workaround for a known bug in GCC
61	 * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53119
62	 */
63	unsigned int file_pos;
64	fip_toc_entry_t entry;
65} file_state_t;
66
67static const plat_fip_name_uuid_t name_uuid[] = {
68	{BL2_IMAGE_NAME, UUID_TRUSTED_BOOT_FIRMWARE_BL2},
69#ifdef BL30_IMAGE_NAME
70	/* BL3-0 is optional in the platform */
71	{BL30_IMAGE_NAME, UUID_SCP_FIRMWARE_BL30},
72#endif /* BL30_IMAGE_NAME */
73	{BL31_IMAGE_NAME, UUID_EL3_RUNTIME_FIRMWARE_BL31},
74#ifdef BL32_IMAGE_NAME
75	/* BL3-2 is optional in the platform */
76	{BL32_IMAGE_NAME, UUID_SECURE_PAYLOAD_BL32},
77#endif /* BL32_IMAGE_NAME */
78	{BL33_IMAGE_NAME, UUID_NON_TRUSTED_FIRMWARE_BL33},
79#if TRUSTED_BOARD_BOOT
80	/* Certificates */
81	{BL2_CERT_NAME, UUID_TRUSTED_BOOT_FIRMWARE_BL2_CERT},
82	{TRUSTED_KEY_CERT_NAME, UUID_TRUSTED_KEY_CERT},
83#ifdef BL30_KEY_CERT_NAME
84	{BL30_KEY_CERT_NAME, UUID_SCP_FIRMWARE_BL30_KEY_CERT},
85#endif
86	{BL31_KEY_CERT_NAME, UUID_EL3_RUNTIME_FIRMWARE_BL31_KEY_CERT},
87	{BL32_KEY_CERT_NAME, UUID_SECURE_PAYLOAD_BL32_KEY_CERT},
88	{BL33_KEY_CERT_NAME, UUID_NON_TRUSTED_FIRMWARE_BL33_KEY_CERT},
89#ifdef BL30_CERT_NAME
90	{BL30_CERT_NAME, UUID_SCP_FIRMWARE_BL30_CERT},
91#endif
92	{BL31_CERT_NAME, UUID_EL3_RUNTIME_FIRMWARE_BL31_CERT},
93	{BL32_CERT_NAME, UUID_SECURE_PAYLOAD_BL32_CERT},
94	{BL33_CERT_NAME, UUID_NON_TRUSTED_FIRMWARE_BL33_CERT},
95#endif /* TRUSTED_BOARD_BOOT */
96};
97
98static const uuid_t uuid_null = {0};
99static file_state_t current_file = {0};
100static uintptr_t backend_dev_handle;
101static uintptr_t backend_image_spec;
102
103
104/* Firmware Image Package driver functions */
105static int fip_dev_open(const uintptr_t dev_spec, io_dev_info_t **dev_info);
106static int fip_file_open(io_dev_info_t *dev_info, const uintptr_t spec,
107			  io_entity_t *entity);
108static int fip_file_len(io_entity_t *entity, size_t *length);
109static int fip_file_read(io_entity_t *entity, uintptr_t buffer, size_t length,
110			  size_t *length_read);
111static int fip_file_close(io_entity_t *entity);
112static int fip_dev_init(io_dev_info_t *dev_info, const uintptr_t init_params);
113static int fip_dev_close(io_dev_info_t *dev_info);
114
115
116static inline int copy_uuid(uuid_t *dst, const uuid_t *src)
117{
118	memcpy(dst, src, sizeof(uuid_t));
119	return 0;
120}
121
122
123/* Return 0 for equal uuids. */
124static inline int compare_uuids(const uuid_t *uuid1, const uuid_t *uuid2)
125{
126	return memcmp(uuid1, uuid2, sizeof(uuid_t));
127}
128
129
130/* TODO: We could check version numbers or do a package checksum? */
131static inline int is_valid_header(fip_toc_header_t *header)
132{
133	if ((header->name == TOC_HEADER_NAME) && (header->serial_number != 0)) {
134		return 1;
135	} else {
136		return 0;
137	}
138}
139
140
141static int file_to_uuid(const char *filename, uuid_t *uuid)
142{
143	int i;
144	int status = -EINVAL;
145
146	for (i = 0; i < (sizeof(name_uuid) / sizeof(name_uuid[0])); i++) {
147		if (strcmp(filename, name_uuid[i].name) == 0) {
148			copy_uuid(uuid, &name_uuid[i].uuid);
149			status = 0;
150			break;
151		}
152	}
153	return status;
154}
155
156
157/* Identify the device type as a virtual driver */
158io_type_t device_type_fip(void)
159{
160	return IO_TYPE_FIRMWARE_IMAGE_PACKAGE;
161}
162
163
164static const io_dev_connector_t fip_dev_connector = {
165	.dev_open = fip_dev_open
166};
167
168
169static const io_dev_funcs_t fip_dev_funcs = {
170	.type = device_type_fip,
171	.open = fip_file_open,
172	.seek = NULL,
173	.size = fip_file_len,
174	.read = fip_file_read,
175	.write = NULL,
176	.close = fip_file_close,
177	.dev_init = fip_dev_init,
178	.dev_close = fip_dev_close,
179};
180
181
182/* No state associated with this device so structure can be const */
183static const io_dev_info_t fip_dev_info = {
184	.funcs = &fip_dev_funcs,
185	.info = (uintptr_t)NULL
186};
187
188
189/* Open a connection to the FIP device */
190static int fip_dev_open(const uintptr_t dev_spec __attribute__((unused)),
191			 io_dev_info_t **dev_info)
192{
193	assert(dev_info != NULL);
194	*dev_info = (io_dev_info_t *)&fip_dev_info; /* cast away const */
195
196	return IO_SUCCESS;
197}
198
199
200/* Do some basic package checks. */
201static int fip_dev_init(io_dev_info_t *dev_info, const uintptr_t init_params)
202{
203	int result = IO_FAIL;
204	char *image_name = (char *)init_params;
205	uintptr_t backend_handle;
206	fip_toc_header_t header;
207	size_t bytes_read;
208
209	/* Obtain a reference to the image by querying the platform layer */
210	result = plat_get_image_source(image_name, &backend_dev_handle,
211				       &backend_image_spec);
212	if (result != IO_SUCCESS) {
213		WARN("Failed to obtain reference to image '%s' (%i)\n",
214			image_name, result);
215		result = IO_FAIL;
216		goto fip_dev_init_exit;
217	}
218
219	/* Attempt to access the FIP image */
220	result = io_open(backend_dev_handle, backend_image_spec,
221			 &backend_handle);
222	if (result != IO_SUCCESS) {
223		WARN("Failed to access image '%s' (%i)\n", image_name, result);
224		result = IO_FAIL;
225		goto fip_dev_init_exit;
226	}
227
228	result = io_read(backend_handle, (uintptr_t)&header, sizeof(header),
229			&bytes_read);
230	if (result == IO_SUCCESS) {
231		if (!is_valid_header(&header)) {
232			WARN("Firmware Image Package header check failed.\n");
233			result = IO_FAIL;
234		} else {
235			VERBOSE("FIP header looks OK.\n");
236		}
237	}
238
239	io_close(backend_handle);
240
241 fip_dev_init_exit:
242	return result;
243}
244
245/* Close a connection to the FIP device */
246static int fip_dev_close(io_dev_info_t *dev_info)
247{
248	/* TODO: Consider tracking open files and cleaning them up here */
249
250	/* Clear the backend. */
251	backend_dev_handle = (uintptr_t)NULL;
252	backend_image_spec = (uintptr_t)NULL;
253
254	return IO_SUCCESS;
255}
256
257
258/* Open a file for access from package. */
259static int fip_file_open(io_dev_info_t *dev_info, const uintptr_t spec,
260			 io_entity_t *entity)
261{
262	int result = IO_FAIL;
263	uintptr_t backend_handle;
264	uuid_t file_uuid;
265	const io_file_spec_t *file_spec = (io_file_spec_t *)spec;
266	size_t bytes_read;
267	int found_file = 0;
268
269	assert(file_spec != NULL);
270	assert(entity != NULL);
271
272	/* Can only have one file open at a time for the moment. We need to
273	 * track state like file cursor position. We know the header lives at
274	 * offset zero, so this entry should never be zero for an active file.
275	 * When the system supports dynamic memory allocation we can allow more
276	 * than one open file at a time if needed.
277	 */
278	if (current_file.entry.offset_address != 0) {
279		WARN("fip_file_open : Only one open file at a time.\n");
280		return IO_RESOURCES_EXHAUSTED;
281	}
282
283	/* Attempt to access the FIP image */
284	result = io_open(backend_dev_handle, backend_image_spec,
285			 &backend_handle);
286	if (result != IO_SUCCESS) {
287		WARN("Failed to open Firmware Image Package (%i)\n", result);
288		result = IO_FAIL;
289		goto fip_file_open_exit;
290	}
291
292	/* Seek past the FIP header into the Table of Contents */
293	result = io_seek(backend_handle, IO_SEEK_SET, sizeof(fip_toc_header_t));
294	if (result != IO_SUCCESS) {
295		WARN("fip_file_open: failed to seek\n");
296		result = IO_FAIL;
297		goto fip_file_open_close;
298	}
299
300	file_to_uuid(file_spec->path, &file_uuid);
301
302	found_file = 0;
303	do {
304		result = io_read(backend_handle,
305				 (uintptr_t)&current_file.entry,
306				 sizeof(current_file.entry),
307				 &bytes_read);
308		if (result == IO_SUCCESS) {
309			if (compare_uuids(&current_file.entry.uuid,
310					  &file_uuid) == 0) {
311				found_file = 1;
312				break;
313			}
314		} else {
315			WARN("Failed to read FIP (%i)\n", result);
316			goto fip_file_open_close;
317		}
318	} while (compare_uuids(&current_file.entry.uuid, &uuid_null) != 0);
319
320	if (found_file == 1) {
321		/* All fine. Update entity info with file state and return. Set
322		 * the file position to 0. The 'current_file.entry' holds the
323		 * base and size of the file.
324		 */
325		current_file.file_pos = 0;
326		entity->info = (uintptr_t)&current_file;
327	} else {
328		/* Did not find the file in the FIP. */
329		current_file.entry.offset_address = 0;
330		result = IO_FAIL;
331	}
332
333 fip_file_open_close:
334	io_close(backend_handle);
335
336 fip_file_open_exit:
337	return result;
338}
339
340
341/* Return the size of a file in package */
342static int fip_file_len(io_entity_t *entity, size_t *length)
343{
344	assert(entity != NULL);
345	assert(length != NULL);
346
347	*length =  ((file_state_t *)entity->info)->entry.size;
348
349	return IO_SUCCESS;
350}
351
352
353/* Read data from a file in package */
354static int fip_file_read(io_entity_t *entity, uintptr_t buffer, size_t length,
355			  size_t *length_read)
356{
357	int result = IO_FAIL;
358	file_state_t *fp;
359	size_t file_offset;
360	size_t bytes_read;
361	uintptr_t backend_handle;
362
363	assert(entity != NULL);
364	assert(buffer != (uintptr_t)NULL);
365	assert(length_read != NULL);
366	assert(entity->info != (uintptr_t)NULL);
367
368	/* Open the backend, attempt to access the blob image */
369	result = io_open(backend_dev_handle, backend_image_spec,
370			 &backend_handle);
371	if (result != IO_SUCCESS) {
372		WARN("Failed to open FIP (%i)\n", result);
373		result = IO_FAIL;
374		goto fip_file_read_exit;
375	}
376
377	fp = (file_state_t *)entity->info;
378
379	/* Seek to the position in the FIP where the payload lives */
380	file_offset = fp->entry.offset_address + fp->file_pos;
381	result = io_seek(backend_handle, IO_SEEK_SET, file_offset);
382	if (result != IO_SUCCESS) {
383		WARN("fip_file_read: failed to seek\n");
384		result = IO_FAIL;
385		goto fip_file_read_close;
386	}
387
388	result = io_read(backend_handle, buffer, length, &bytes_read);
389	if (result != IO_SUCCESS) {
390		/* We cannot read our data. Fail. */
391		WARN("Failed to read payload (%i)\n", result);
392		result = IO_FAIL;
393		goto fip_file_read_close;
394	} else {
395		/* Set caller length and new file position. */
396		*length_read = bytes_read;
397		fp->file_pos += bytes_read;
398	}
399
400/* Close the backend. */
401 fip_file_read_close:
402	io_close(backend_handle);
403
404 fip_file_read_exit:
405	return result;
406}
407
408
409/* Close a file in package */
410static int fip_file_close(io_entity_t *entity)
411{
412	/* Clear our current file pointer.
413	 * If we had malloc() we would free() here.
414	 */
415	if (current_file.entry.offset_address != 0) {
416		memset(&current_file, 0, sizeof(current_file));
417	}
418
419	/* Clear the Entity info. */
420	entity->info = 0;
421
422	return IO_SUCCESS;
423}
424
425/* Exported functions */
426
427/* Register the Firmware Image Package driver with the IO abstraction */
428int register_io_dev_fip(const io_dev_connector_t **dev_con)
429{
430	int result = IO_FAIL;
431	assert(dev_con != NULL);
432
433	result = io_register_device(&fip_dev_info);
434	if (result == IO_SUCCESS)
435		*dev_con = &fip_dev_connector;
436
437	return result;
438}
439