From e60f2af9499e33583e920e72b463b58bce0c31ee Mon Sep 17 00:00:00 2001 From: Soby Mathew Date: Wed, 10 May 2017 11:50:30 +0100 Subject: ARM plat changes to enable CryptoCell integration This patch makes the necessary changes to enable ARM platform to successfully integrate CryptoCell during Trusted Board Boot. The changes are as follows: * A new build option `ARM_CRYPTOCELL_INTEG` is introduced to select the CryptoCell crypto driver for Trusted Board boot. * The TrustZone filter settings for Non Secure DRAM is modified to allow CryptoCell to read this memory. This is required to authenticate BL33 which is loaded into the Non Secure DDR. * The CSS platforms are modified to use coherent stacks in BL1 and BL2 when CryptoCell crypto is selected. This is because CryptoCell makes use of DMA to transfer data and the CryptoCell SBROM library allocates buffers on the stack during signature/hash verification. Change-Id: I1e6f6dcd1899784f1edeabfa2a9f279bbfb90e31 Signed-off-by: Soby Mathew --- docs/porting-guide.md | 6 ++++++ docs/user-guide.md | 5 +++++ 2 files changed, 11 insertions(+) (limited to 'docs') diff --git a/docs/porting-guide.md b/docs/porting-guide.md index c7b9e89c..047e2250 100644 --- a/docs/porting-guide.md +++ b/docs/porting-guide.md @@ -299,6 +299,12 @@ also be defined: Firmware Update (FWU) certificate identifier, used by NS_BL1U to load the FWU content certificate. +* **#define : PLAT_CRYPTOCELL_BASE** + + This defines the base address of ARM® TrustZone® CryptoCell and must be + defined if CryptoCell crypto driver is used for Trusted Board Boot. For + capable ARM platforms, this driver is used if `ARM_CRYPTOCELL_INTEG` is + set. If the AP Firmware Updater Configuration image, BL2U is used, the following must also be defined: diff --git a/docs/user-guide.md b/docs/user-guide.md index 29691c5b..ea2874d8 100644 --- a/docs/user-guide.md +++ b/docs/user-guide.md @@ -623,6 +623,11 @@ performed. with version 1 of the translation tables library instead of version 2. It is set to 0 by default, which selects version 2. +* `ARM_CRYPTOCELL_INTEG` : bool option to enable Trusted Firmware to invoke + ARM® TrustZone® CryptoCell functionality for Trusted Board Boot on capable + ARM platforms. If this option is specified, then the path to the CryptoCell + SBROM library must be specified via `CCSBROM_LIB_PATH` flag. + For a better understanding of these options, the ARM development platform memory map is explained in the [Firmware Design]. -- cgit v1.2.3