tf_firmware_handoff/

lib.rs

// SPDX-FileCopyrightText: Copyright The tf-firmware-handoff Contributors.
// SPDX-License-Identifier: MIT OR Apache-2.0

//! [crate::TransferList]: crate::TransferList
#![doc = include_str!("../README.md")]
#![no_std]

pub mod entries;

use crate::entries::Void;
use bitflags::bitflags;
use core::{
    cell::Cell,
    cmp::Ordering,
    ffi::c_void,
    mem::offset_of,
    ops::{Deref, DerefMut, Range},
};
use num_enum::TryFromPrimitive;
use thiserror::Error;
use zerocopy::{FromBytes, Immutable, IntoBytes, KnownLayout};

const BASE_ALIGNMENT: usize = 8;

const TL_SIGNATURE: u32 = 0x4a0f_b10b;
const TL_VERSION: u8 = 0x1;

const TL_ASSUMED_HEADER_SIZE: usize = 0x18;
const TE_HEADER_SIZE: usize = 0x8;

const REGISTER_CONVENTION: u8 = 1;

#[derive(Debug, Clone, Copy, Error, PartialEq, Eq)]
pub enum ValidationError {
    #[error("Invalid signature")]
    InvalidSignature,
    #[error("Size mismatch")]
    SizeMismatch,
    #[error("Checksum mismatch")]
    ChecksumMismatch,
    #[error("TL version is too old")]
    VersionTooOld,
    #[error("TL version is invalid")]
    InvalidVersion,
}

#[derive(Debug, Clone, Copy, Error, PartialEq, Eq)]
pub enum Error {
    #[error("TL is read-only")]
    ReadOnly,
    #[error("Invalid Transfer List: {0}")]
    Validation(#[from] ValidationError),
    #[error("Needs reallocation")]
    /// Returned when trying to increase the size of the [`TransferList`], for
    /// example by adding a new entry while the size of the underlying buffer is too small to
    /// contain it.
    ///
    /// Before retrying, the caller should allocate a new buffer with the restriction given by the
    /// error's fields and call [`relocate`][crate::TransferList::relocate] on the
    /// [`TransferList`].
    NeedsReallocation {
        /// Minimum size of the buffer to give [`relocate`][crate::TransferList::relocate] before
        /// retrying.
        required_size: u32,
    },
    #[error("Not enough memory")]
    NotEnoughMemory,
    #[error("Could not convert byte sequence to data")]
    FromBytes,
}

#[derive(Debug, Clone, Copy, Error, PartialEq, Eq)]
pub enum GetError<'a, T>
where
    T: FromTLEPayload<'a>,
{
    #[error("Payload could not be accessed")]
    Payload(T::Error),
    #[error("No entry with the requested tag found")]
    NotFound,
    #[error("Other: {0}")]
    Other(#[from] Error),
}

/// Identifier of a [`TransferListEntry`].
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum TLETag {
    Standard(StandardTLETag),
    NonStandard(NonStandardTLETag),
}

impl From<StandardTLETag> for TLETag {
    fn from(value: StandardTLETag) -> Self {
        Self::Standard(value)
    }
}

impl From<NonStandardTLETag> for TLETag {
    fn from(value: NonStandardTLETag) -> Self {
        Self::NonStandard(value)
    }
}

impl TLETag {
    const STANDARD_RANGE: Range<u32> = 0x0..0x80_0000;
    const NON_STANDARD_RANGE: Range<u32> = 0xff_f000..0x100_0000;
}

#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum TLETagError {
    Reserved,
    InvalidStandardValue(u32),
    InvalidNonStandardValue(u32),
}

impl TryFrom<[u8; 3]> for TLETag {
    type Error = TLETagError;

    fn try_from(value: [u8; 3]) -> Result<Self, Self::Error> {
        let value = u32::from_le_bytes([value[0], value[1], value[2], 0]);

        if Self::STANDARD_RANGE.contains(&value) {
            match value.try_into() {
                Ok(v) => Ok(Self::Standard(v)),
                Err(_) => Err(Self::Error::InvalidStandardValue(value)),
            }
        } else {
            value.try_into().map(Self::NonStandard)
        }
    }
}

impl From<TLETag> for [u8; 3] {
    fn from(value: TLETag) -> Self {
        let value = match value {
            TLETag::Standard(t) => t as u32,
            TLETag::NonStandard(NonStandardTLETag(t)) => {
                assert!(TLETag::NON_STANDARD_RANGE.contains(&t));
                t
            }
        };

        let bytes = value.to_le_bytes();
        assert_eq!(bytes[3], 0);

        [bytes[0], bytes[1], bytes[2]]
    }
}

/// Standardized TLE tags.
#[derive(Debug, Clone, Copy, PartialEq, Eq, TryFromPrimitive)]
#[repr(u32)]
pub enum StandardTLETag {
    Void = 0x0,
    Fdt = 0x1,
    HobB = 0x2,
    HobL = 0x3,
    AcpiAggr = 0x4,
    EventLog = 0x5,
    TpmCrbBase = 0x6,
    // Trusted Firmware entries
    OpteePageablePartAddress = 0x100,
    DtFormattedSpmcManifest = 0x101,
    Aarch64EntrypointInfo = 0x102,
    FfaSpBinary = 0x103,
    MbedTlsHeapInfo = 0x105,
    DtFormattedFfaManifest = 0x106,
    RwMemoryLayout64 = 0x107,
    Aarch32EntrypointInfo = 0x108,
    GptErrorInfo = 0x109,
}

#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub struct NonStandardTLETag(u32);

impl TryFrom<u32> for NonStandardTLETag {
    type Error = TLETagError;

    fn try_from(value: u32) -> Result<Self, Self::Error> {
        if TLETag::NON_STANDARD_RANGE.contains(&value) {
            Ok(Self(value))
        } else {
            Err(Self::Error::InvalidNonStandardValue(value))
        }
    }
}

impl NonStandardTLETag {
    pub fn tag(&self) -> u32 {
        self.0
    }
}

#[inline(always)]
fn slice_checksum(slice: &[u8]) -> u8 {
    slice.iter().fold(0, |a, v| a.wrapping_add(*v))
}

#[derive(Debug, PartialEq, Eq, Clone, Copy)]
enum OperationMode {
    RW,
    RO,
}

#[derive(Debug, PartialEq, Eq)]
#[repr(C)]
/// View over a memory region to be interpreted as a TransferList (or Glob List). The memory is not
/// owned by this struct.
///
/// ## Creating a TL struct
///
/// The [`TransferList`] structure can be instantiated via either [`new`][Self::new]
/// or [`create`][Self::create] which, respectively, wraps a memory region already containing a TL
/// allowing to read and modify it, or create a fresh TL from an uninitialized memory region. The
/// [`from_raw_ptr`][Self::from_raw_ptr] function achieves the same as [`new`][Self::new] but
/// through a pointer rather than a reference (see the safety instructions).
///
/// As the TL struct only consists of a wrapper
/// around the memory region, their lifetime are bound; but the [`relocate`][Self::relocate] can be
/// used to move the TL to another buffer, thus binding to its lifetime instead.
///
/// ## Entry management
///
/// Entries of the Transfer List can be accessed either through an iterator or directly using their
/// tags. An iterator can be constructed using the [`entries`][Self::entries] or
/// [`entries_mut`][Self::entries_mut], and will yield respectively [`TransferListEntry`] or
/// [`TransferListEntryMut`] that can be used to read from/write to the entry. Alternatively, the
/// [`get`][Self::get] and [`get_mut`][Self::get_mut] methods can be used to directly retreive an
/// entry based on its tag and convert it to a struct through the use of the [`FromTLEPayload`]
/// trait.
///
/// ## Entry allocation
///
/// New entries can be added using the following functions:
/// - [`add_entry`][Self::add_entry]
/// - [`add_uninitialized_entry`][Self::add_uninitialized_entry]
/// - [`add_aligned_entry`][Self::add_aligned_entry]
/// - [`add_uninitialized_aligned_entry`][Self::add_uninitialized_aligned_entry]
///
/// `add_uninitialized_*` functions will not modify the data present in the entry, but only its
/// header. `add_*aligned_entry` ensure that the address of the content of the entry will be aligned
/// to the number of bits given as arguments.
///
/// These functions may return an [`Error::NeedsReallocation`], indicating that the buffer
/// containing the TL is too small to complete the allocation. In that case, the caller may allocate
/// a new memory region of the size specified in the error's
/// [`required_size`][Error::NeedsReallocation::required_size] field and
/// [`relocate`][Self::relocate] the TL there. If done so, reattempting the allocation with the same
/// parameters will succeed.
pub struct TransferList<'a> {
    header: &'a mut TransferListHeader,
    payload: &'a mut [u8],
    operation_mode: OperationMode,
}

#[derive(Debug, PartialEq, Eq, IntoBytes, FromBytes, KnownLayout)]
#[repr(C)]
struct TransferListHeader {
    signature: u32,
    checksum: Cell<u8>,
    version: u8,
    header_size: u8,
    alignment: u8,
    used_size: u32,
    total_size: u32,
    flags: TransferListFlags,
    reserved: u32,
}

#[derive(Debug, PartialEq, Eq, Immutable, IntoBytes, FromBytes, KnownLayout)]
struct TransferListFlags(u32);

bitflags! {
    impl TransferListFlags: u32 {
        const HAS_CHECKSUM = 1 << 0;
    }

}

#[derive(Debug, PartialEq, Eq)]
#[repr(C)]
/// Immutable view over a [`TransferList`]'s entry. The memory is not owned by this struct.
pub struct TransferListEntry<'a> {
    header: &'a TransferListEntryHeader,
    payload: &'a [u8],
}

#[derive(Debug, PartialEq, Eq)]
#[repr(C)]
/// Mutable view over a [`TransferList`]'s entry. The memory is not owned by this struct.
pub struct TransferListEntryMut<'a> {
    header: &'a TransferListEntryHeader,
    payload: &'a mut [u8],
    tl_cs: Option<&'a Cell<u8>>,
}

#[derive(Debug, PartialEq, Eq, Immutable, IntoBytes, FromBytes, KnownLayout)]
#[repr(C)]
pub struct TransferListEntryHeader {
    tag: [u8; 3],
    pub header_size: u8,
    pub data_size: u32,
}

impl TransferListEntryHeader {
    pub fn tag(&self) -> Result<TLETag, TLETagError> {
        self.tag.try_into()
    }
}

impl<'a> TransferList<'a> {
    /// Creates a `TransferList` backed by the given memory region. The region must already contain
    /// a valid `TransferList`. To create a new one, see [`TransferList::create`].
    pub fn new(data: &'a mut [u8]) -> Result<Self, Error> {
        if data.len() < TL_ASSUMED_HEADER_SIZE {
            return Err(Error::Validation(ValidationError::SizeMismatch));
        }

        let header_size = (data[offset_of!(TransferListHeader, header_size)] as usize)
            .next_multiple_of(BASE_ALIGNMENT);

        if data.len() < header_size {
            return Err(Error::Validation(ValidationError::SizeMismatch));
        }

        let (header, payload) = data.split_at_mut(header_size);

        let Ok(header) = TransferListHeader::mut_from_bytes(header) else {
            return Err(Error::Validation(ValidationError::SizeMismatch));
        };

        let mut s = Self {
            header,
            payload,
            operation_mode: OperationMode::RO,
        };

        s.validate()?;

        Ok(s)
    }

    /// Instantiate a fresh TransferList from an uninitialized buffer. To use buffer already
    /// containing a Transfer List, see [`TransferList::new`].
    pub fn create(data: &'a mut [u8], use_checksum: bool) -> Result<Self, Error> {
        let len = data.len();
        if len < TL_ASSUMED_HEADER_SIZE {
            return Err(Error::NotEnoughMemory);
        }

        let (header, payload) = data.split_at_mut(TL_ASSUMED_HEADER_SIZE);

        // Zeroes out the payload to prevent any data leaks.
        payload.fill(0);

        let header = TransferListHeader::mut_from_bytes(header).map_err(|_| Error::FromBytes)?;

        header.signature = TL_SIGNATURE;
        header.checksum = Cell::new(0);
        header.version = TL_VERSION;
        header.header_size = TL_ASSUMED_HEADER_SIZE as u8;
        header.alignment = 0x3;
        header.used_size = TL_ASSUMED_HEADER_SIZE as u32;
        header.total_size = len as u32;
        header.flags = if use_checksum {
            TransferListFlags::HAS_CHECKSUM
        } else {
            TransferListFlags::empty()
        };

        let mut s = Self {
            header,
            payload,
            operation_mode: OperationMode::RW,
        };

        if use_checksum {
            let cs = s.compute_checksum();
            s.header.checksum.set(cs.wrapping_neg());
        }

        Ok(s)
    }

    /// Construct a `TransferList` from a raw pointer, pointing to an already existing
    /// `TransferList`.
    ///
    /// ## SAFETY
    ///
    /// This function will not cause undefined behavior as long as:
    ///
    /// - The little-endian representation of `ptr[0x0c..0x10]` as an unsigned value is less or
    ///   equal to the size of the memory region where `ptr` points to.
    /// - The memory region where `ptr` points and of size `ptr[0x0c..0x10]` remains accessible for
    ///   the lifetime `'a`.
    /// - The memory region where `ptr` points and of size `ptr[0x0c..0x10]` will not be accessed
    ///   through any means other than the resulting TL struct for the lifetime `'a`.
    pub unsafe fn from_raw_ptr(ptr: *mut u8) -> Result<Self, Error> {
        let size = unsafe { *(ptr.add(offset_of!(TransferListHeader, total_size)) as *const u32) }
            as usize;

        let slice = core::ptr::slice_from_raw_parts_mut(ptr, size);
        let slice = unsafe { &mut *slice };

        Self::new(slice)
    }

    fn requires_rw(&self) -> Result<(), Error> {
        match self.operation_mode {
            OperationMode::RW => Ok(()),
            OperationMode::RO => Err(Error::ReadOnly),
        }
    }

    /// Clones this TL to the location given, allowing to increase the TL's size.
    ///
    /// This function should be used after receiving a [`NeedReallocation`][enum@crate::Error],
    /// with a buffer of at least `required_size` elements.
    pub fn relocate<'b>(&mut self, data: &'b mut [u8]) -> Result<TransferList<'b>, Error> {
        self.requires_rw()?;

        // Computes the index where to put the new TL in `data` to preserve alignment.
        // See https://firmwarehandoff.github.io/firmware_handoff/main/transfer_list.html#relocating-a-tl.
        let tl_base_addr = self.header.as_mut_bytes().as_ptr() as usize;
        let target_base = data.as_ptr() as usize;
        let target_size = data.len();

        let alignment_mask = (1 << self.header.alignment) - 1;
        let alignment_offset = tl_base_addr & alignment_mask;

        let mut new_tl_base = (target_base & !alignment_mask) + alignment_offset;
        if new_tl_base < target_base {
            new_tl_base += alignment_mask + 1;
        }

        let new_tl_base_index = new_tl_base - target_base;
        if new_tl_base_index + self.header.used_size as usize > target_size {
            return Err(Error::NotEnoughMemory);
        }

        // Re-indexes the new slice and extract header and payload references.
        let new_slice = &mut data[new_tl_base_index..];
        let new_size = new_slice.len();
        let (header, payload) = new_slice.split_at_mut(self.header.header_size as usize);
        let header = TransferListHeader::mut_from_bytes(header).map_err(|_| Error::FromBytes)?;

        // Copies data from the old TL to the new one.
        let old_payload_size = self.header.total_size as usize - self.header.header_size as usize;
        header
            .as_mut_bytes()
            .copy_from_slice(self.header.as_mut_bytes());
        payload[..old_payload_size].copy_from_slice(self.payload);

        header.total_size = new_size as u32;
        if self.is_checksum_enabled() {
            header.checksum.update(|cs| {
                cs.wrapping_add(slice_checksum(self.header.total_size.as_bytes()))
                    .wrapping_sub(slice_checksum(header.total_size.as_bytes()))
            });
        }

        Ok(TransferList {
            header,
            payload,
            operation_mode: self.operation_mode,
        })
    }

    /// Performs a full validation of the TransferList structure:
    ///
    /// - Checks the magic bytes of the signature.
    /// - Checks the TL's version field to choose an operation mode.
    ///   - Read/Write if it is `0x1`.
    ///   - Read-only if it is less than `0x1`.
    ///   - Failure if it is `0x0` or greater than `0x1`.
    /// - Checks that the sizes are coherent amongst them and with the underlying buffer.
    /// - Recomputes and checks the TL's checksum.
    fn validate(&mut self) -> Result<(), Error> {
        // Signature check.
        if self.header.signature != TL_SIGNATURE {
            return Err(Error::Validation(ValidationError::InvalidSignature));
        }

        // Version check. Updates the `operation_mode` field accordingly.
        if self.header.version == 0 {
            return Err(Error::Validation(ValidationError::InvalidVersion));
        }
        match self.header.version.cmp(&TL_VERSION) {
            Ordering::Less => {
                return Err(Error::Validation(ValidationError::VersionTooOld));
            }
            Ordering::Equal => self.operation_mode = OperationMode::RW,
            Ordering::Greater => self.operation_mode = OperationMode::RO,
        }

        // Checks that the sizes are coherent.
        if self.header.used_size < self.header.header_size as u32
            || !self.header.used_size.is_multiple_of(BASE_ALIGNMENT as u32)
            || !self.header.total_size.is_multiple_of(BASE_ALIGNMENT as u32)
            || !self.header.header_size.is_multiple_of(BASE_ALIGNMENT as u8)
            || self.header.used_size > self.header.total_size
            || (self.header.total_size as usize)
                > (self.payload.len() + self.header.header_size as usize)
        {
            return Err(Error::Validation(ValidationError::SizeMismatch));
        }

        // Verifies checksum.
        if self.is_checksum_enabled() {
            let cs = self.compute_checksum();
            if cs != 0 {
                return Err(Error::Validation(ValidationError::ChecksumMismatch));
            }
        }

        Ok(())
    }

    fn compute_checksum(&mut self) -> u8 {
        slice_checksum(self.header.as_mut_bytes()).wrapping_add(slice_checksum(
            &self.payload[..(self.header.used_size - self.header.header_size as u32) as usize],
        ))
    }

    fn update_checksum(&mut self, old: u8, new: u8) {
        assert!(self.is_checksum_enabled());

        self.header
            .checksum
            .update(|cs| cs.wrapping_add(old).wrapping_sub(new));
    }

    fn is_checksum_enabled(&self) -> bool {
        self.header.flags.contains(TransferListFlags::HAS_CHECKSUM)
    }

    /// Adds a new entry with the given tag and size in the TransferList. The payload field of the
    /// entry is left uninitialized.
    pub fn add_uninitialized_entry(&mut self, tag: TLETag, len: usize) -> Result<(), Error> {
        self.requires_rw()?;

        let index = self.allocate_entry(len)?;
        self.create_entry_header(tag, len, index)?;
        Ok(())
    }

    /// Adds a new entry with the given tag in the TransferList. `data` is copied into the entry's
    /// payload.
    pub fn add_entry(&mut self, tag: TLETag, data: &[u8]) -> Result<(), Error> {
        self.requires_rw()?;

        let index = self.allocate_entry(data.len())?;
        self.create_entry_with_data(tag, data, index)?;
        Ok(())
    }

    /// Allocates and creates a new entry in the TransferList. Returns the index of the allocated
    /// region in the `payload` slice.
    fn allocate_entry(&mut self, len: usize) -> Result<usize, Error> {
        let len = len.next_multiple_of(BASE_ALIGNMENT);
        let base = self.payload.as_ptr() as usize;

        // Searches for a Void entry to reclaim.
        let Some(e) = self.entries_mut()?.find(|e| {
            matches!(e.header.tag(), Ok(TLETag::Standard(StandardTLETag::Void)))
                && len <= (e.header.data_size as usize).next_multiple_of(BASE_ALIGNMENT)
        }) else {
            // No entry found, allocates by creating a new one at the end of the TL.
            return self.allocate_entry_end(len);
        };

        let data_size = (e.header.data_size as usize).next_multiple_of(BASE_ALIGNMENT);
        let entry_index = e.payload.as_ptr() as usize - e.header.header_size as usize - base;

        // Creates a new Void entry serving as padding between the entry being allocated and the
        // next one. If the allocated entry has the exact same size as the Void entry
        // reclaimed, no padding is necessary.
        if e.header.data_size as usize != len {
            let pad_index = entry_index + (TE_HEADER_SIZE + len).next_multiple_of(BASE_ALIGNMENT);
            self.create_entry_header(
                Void::TAG,
                data_size - len.next_multiple_of(BASE_ALIGNMENT) - TE_HEADER_SIZE,
                pad_index,
            )?;
        }

        Ok(entry_index)
    }

    /// Allocates and creates a new entry at the end of the TransferList. Entries marked with
    /// `XFERLIST_VOID` are not considered. Returns the index of the allocated region in the
    /// `payload` slice.
    fn allocate_entry_end(&mut self, len: usize) -> Result<usize, Error> {
        let total_required_len = (len + TE_HEADER_SIZE).next_multiple_of(BASE_ALIGNMENT);
        let index = self.header.used_size as usize - self.header.header_size as usize;

        // Checks that the buffer is enough for the requested entry size.
        if (self.header.total_size as usize - self.header.header_size as usize)
            < index + total_required_len
        {
            let alignment_mask = (1 << self.header.alignment) - 1;
            let base_addr = self.header.as_mut_bytes().as_ptr() as usize;
            let alignment_offset = base_addr & alignment_mask;

            return Err(Error::NeedsReallocation {
                required_size: (alignment_offset
                    + self.header.used_size as usize
                    + total_required_len) as u32,
            });
        }

        // Removes the used_size from the checksum.
        let removed_cs = if self.is_checksum_enabled() {
            slice_checksum(self.header.used_size.as_bytes())
        } else {
            0
        };

        self.header.used_size += total_required_len as u32;

        // Adds back the used_size to the checksum.
        if self.is_checksum_enabled() {
            self.update_checksum(removed_cs, slice_checksum(self.header.used_size.as_bytes()));
        }

        Ok(index)
    }

    /// Creates an entry at the given index with the data provided.
    fn create_entry_with_data(
        &mut self,
        tag: TLETag,
        data: &[u8],
        index: usize,
    ) -> Result<(), Error> {
        // Precomputes the range in which the payload of the entry will be stored (excluding its
        // header).
        let te_payload_range = (index + TE_HEADER_SIZE)..(index + TE_HEADER_SIZE + data.len());

        // Updates the checksum if needed.
        if self.is_checksum_enabled() {
            let old_cs = slice_checksum(&self.payload[te_payload_range.clone()]);
            let new_cs = slice_checksum(data);
            self.update_checksum(old_cs, new_cs);
        }

        // Sets up the entry header.
        self.create_entry_header(tag, data.len(), index)?;

        // Copies the entry's payload.
        self.payload[te_payload_range].copy_from_slice(data);

        Ok(())
    }

    /// Creates an entry at the given index in the payload.
    fn create_entry_header(&mut self, tag: TLETag, len: usize, index: usize) -> Result<(), Error> {
        let is_checksum_enabled = self.is_checksum_enabled(); // Computed now to avoid borrow checker issue.
        let location = &mut self.payload[index..(index + len + TE_HEADER_SIZE)];

        let (header, _) = TransferListEntryHeader::mut_from_prefix(location).unwrap();

        let old_cs = if is_checksum_enabled {
            slice_checksum(header.as_bytes())
        } else {
            0
        };

        header.tag = tag.into();
        header.header_size = TE_HEADER_SIZE as u8;
        header.data_size = len as u32;

        if is_checksum_enabled {
            let new_cs = slice_checksum(header.as_bytes());
            self.update_checksum(old_cs, new_cs);
        }

        Ok(())
    }

    /// Adds a new entry with the given tag and size in the TransferList. The payload field of the
    /// entry is left uninitialized. The payload of the entry will be aligned with `1 <<
    /// alignment`.
    pub fn add_uninitialized_aligned_entry(
        &mut self,
        tag: TLETag,
        len: usize,
        alignment: u8,
    ) -> Result<(), Error> {
        self.requires_rw()?;

        // Align the end of the TL.
        self.align_end(alignment).map_err(|e| match e {
            Error::NeedsReallocation { required_size } => Error::NeedsReallocation {
                required_size: required_size
                    + TE_HEADER_SIZE as u32
                    + len.next_multiple_of(BASE_ALIGNMENT) as u32,
            },
            e => e,
        })?;

        // Allocate the entry.
        let index = self.allocate_entry_end(len)?;
        self.create_entry_header(tag, len, index)?;

        // Update the TL's alignment requirement if needed.
        self.update_alignment_header(alignment);

        Ok(())
    }

    /// Adds a new entry with the given tag in the TransferList. The payload field of the entry is
    /// initialized from the `data` slice. The payload of the entry will be aligned with `1 <<
    /// alignment`.
    pub fn add_aligned_entry(
        &mut self,
        tag: TLETag,
        data: &[u8],
        alignment: u8,
    ) -> Result<(), Error> {
        self.requires_rw()?;

        // Align the end of the TL.
        self.align_end(alignment).map_err(|e| match e {
            Error::NeedsReallocation { required_size } => Error::NeedsReallocation {
                required_size: required_size
                    + TE_HEADER_SIZE as u32
                    + data.len().next_multiple_of(BASE_ALIGNMENT) as u32,
            },
            e => e,
        })?;

        // Allocate the entry.
        let index = self.allocate_entry_end(data.len())?;
        self.create_entry_with_data(tag, data, index)?;

        // Update the TL's alignment requirement if needed.
        self.update_alignment_header(alignment);

        Ok(())
    }

    /// Align the end of the TL to the given value by adding an `XFERLIST_VOID` entry. Does nothing
    /// if the requirement is already met.
    fn align_end(&mut self, alignment: u8) -> Result<(), Error> {
        // TODO: should not commit if the subsequent allocation in add_*_aligned would fail ?

        let base_addr = self.header.as_mut_bytes().as_ptr() as usize;
        let mask = (1 << alignment) - 1;
        let tl_end = base_addr + self.header.used_size as usize + TE_HEADER_SIZE;

        // Checks whether the end of the TL is already aligned.
        if tl_end & mask != 0 {
            // If not, we allocate an `XFERLIST_VOID` entry to serve as padding.
            let padding_len = ((1 << alignment) - (tl_end & mask)) - TE_HEADER_SIZE;
            let padding_index = self.allocate_entry_end(padding_len)?;
            self.create_entry_header(entries::Void::TAG, padding_len, padding_index)?;
        }

        Ok(())
    }

    /// Updates the `alignment` field of the header to the maximum of `header.alignment` and
    /// `new_alignment`.
    fn update_alignment_header(&mut self, new_alignment: u8) {
        if self.header.alignment < new_alignment {
            if self.is_checksum_enabled() {
                self.update_checksum(self.header.alignment, new_alignment);
            }

            self.header.alignment = new_alignment
        }
    }

    /// Creates an iterator yielding immutable references to all the [`TransferListEntry`] of this
    /// `TransferList`.
    pub fn entries<'b>(&'b self) -> impl Iterator<Item = TransferListEntry<'b>>
    where
        'a: 'b,
    {
        TransferListEntryIterator::<'b> {
            slice: Cell::new(
                &self.payload
                    [..(self.header.used_size as usize - self.header.header_size as usize)],
            ),
        }
    }

    /// Creates an iterator yielding mutable references to all the [`TransferListEntry`] of this
    /// `TransferList`.
    pub fn entries_mut<'b>(
        &'b mut self,
    ) -> Result<impl Iterator<Item = TransferListEntryMut<'b>>, Error>
    where
        'a: 'b,
    {
        self.requires_rw()?;

        Ok(TransferListEntryIteratorMut::<'b> {
            tl_cs: self.is_checksum_enabled().then_some(&self.header.checksum),
            slice: Cell::new(
                &mut self.payload
                    [..(self.header.used_size as usize - self.header.header_size as usize)],
            ),
        })
    }

    /// Locates and finds the TLE with tag indicated by [`TLETagged`] and convert it into `T`.
    ///
    /// If there are multiple entries with the same tag, this returns the first occurrence.
    pub fn get<'b, T>(&'b self) -> Result<TLEWrapperRef<'b, T>, GetError<'b, T>>
    where
        T: TLETagged + FromTLEPayload<'b>,
        'a: 'b,
    {
        match self.entries().find(|t| t.header.tag() == Ok(T::TAG)) {
            Some(some) => some.get().map_err(GetError::Payload),
            None => Err(GetError::NotFound),
        }
    }

    /// Locates and finds the TLE with tag indicated by [`TLETagged`] and convert it into `T`.
    ///
    /// If there are multiple entries with the same tag, this returns the first occurrence.
    ///
    /// Similarly to [`TransferListEntryMut::get_mut`], the TLE is given through a wrapper that
    /// automatically updates the checksum of the TL, if needed.
    pub fn get_mut<'b, T>(&'b mut self) -> Result<TLEWrapperMut<'b, T>, GetError<'b, T>>
    where
        T: TLETagged + FromTLEPayload<'b>,
        'a: 'b,
    {
        match self.entries_mut()?.find(|t| t.header.tag() == Ok(T::TAG)) {
            Some(some) => some.get_mut().map_err(GetError::Payload),
            None => Err(GetError::NotFound),
        }
    }

    /// Returns the value for the registers `R0..R4` when handing off to an AArch32 receiver.
    ///
    /// `translation`: Translate the given virtual address to a physical one.
    pub fn aarch32_regs<T>(&self, translation: T) -> [u32; 4]
    where
        T: FnOnce(*const c_void) -> u32,
    {
        const AARCH32_SIGNATURE_BITS: u32 = 24;

        [
            0,
            ((REGISTER_CONVENTION as u32) << AARCH32_SIGNATURE_BITS)
                | (self.header.signature & ((1 << AARCH32_SIGNATURE_BITS) - 1)),
            // TODO: might be simplified using self.get once Fdt is fully implemented.
            self.entries()
                .find(|e| e.header.tag() == Ok(StandardTLETag::Fdt.into()))
                .map(|e| e.payload.as_ptr() as u32)
                .unwrap_or(0),
            translation(self.header as *const TransferListHeader as *const c_void),
        ]
    }

    /// Returns the value for the registers `R0..R4` when handing off to an AArch64 receiver.
    ///
    /// `translation`: Translate the given virtual address to a physical one.
    pub fn aarch64_regs<T>(&self, translation: T) -> [u64; 4]
    where
        T: FnOnce(*const c_void) -> u64,
    {
        const AARCH64_SIGNATURE_BITS: u32 = 32;

        [
            // TODO: might be simplified using self.get once Fdt is fully implemented.
            self.entries()
                .find(|e| e.header.tag() == Ok(StandardTLETag::Fdt.into()))
                .map(|e| e.payload.as_ptr() as u64)
                .unwrap_or(0),
            ((REGISTER_CONVENTION as u64) << AARCH64_SIGNATURE_BITS) | self.header.signature as u64,
            0,
            translation(self.header as *const TransferListHeader as *const c_void),
        ]
    }
}

struct TransferListEntryIterator<'a> {
    slice: Cell<&'a [u8]>,
}

impl<'a> Iterator for TransferListEntryIterator<'a> {
    type Item = TransferListEntry<'a>;

    fn next(&mut self) -> Option<Self::Item> {
        let slice = self.slice.take();

        // Ensures that the reads below are in-bounds.
        if slice.len() < TE_HEADER_SIZE {
            return None;
        }

        let header_size = slice[0x3] as usize;
        let data_size = *u32::ref_from_bytes(&slice[0x4..0x8]).unwrap() as usize;

        let entry_size = header_size.checked_add(data_size)?;
        let next_entry_size = entry_size.next_multiple_of(BASE_ALIGNMENT);

        if next_entry_size > slice.len()
            || next_entry_size < entry_size
            || header_size > slice.len()
            || data_size > slice.len()
        {
            return None;
        }

        // Splits the TL content's between the next entry and the rest.
        let (payload, remaining_data) = slice.split_at(entry_size);

        // Skips the inter-TE padding.
        let remaining_data = &remaining_data[(next_entry_size - entry_size)..];

        self.slice.set(remaining_data);

        // Parses the next entry.
        let (header, payload) = payload.split_at(header_size);
        let header = TransferListEntryHeader::ref_from_bytes(header).ok()?;

        Some(TransferListEntry { header, payload })
    }
}

impl<'a> TransferListEntry<'a> {
    pub fn get<'b, T>(self) -> Result<TLEWrapperRef<'b, T>, T::Error>
    where
        T: FromTLEPayload<'b>,
        'a: 'b,
    {
        T::from_bytes(self.payload).map(|e| TLEWrapperRef {
            header: self.header,
            tle: e,
        })
    }
}

struct TransferListEntryIteratorMut<'a> {
    tl_cs: Option<&'a Cell<u8>>,
    slice: Cell<&'a mut [u8]>,
}

impl<'a> Iterator for TransferListEntryIteratorMut<'a> {
    type Item = TransferListEntryMut<'a>;

    fn next(&mut self) -> Option<Self::Item> {
        let slice = self.slice.take();

        // Ensures that the reads below are in-bounds.
        if slice.len() < TE_HEADER_SIZE {
            return None;
        }

        let header_size = slice[offset_of!(TransferListEntryHeader, header_size)] as usize;
        let data_size = *u32::ref_from_bytes(&slice[0x4..0x8]).unwrap() as usize;

        let entry_size = header_size.checked_add(data_size)?;
        let next_entry_size = entry_size.next_multiple_of(BASE_ALIGNMENT);

        if next_entry_size > slice.len()
            || next_entry_size < entry_size
            || header_size > slice.len()
            || data_size > slice.len()
        {
            return None;
        }

        // Splits the TL content's between the next entry and the rest.
        let (payload, remaining_data) = slice.split_at_mut(entry_size);

        // Skips the inter-TE padding.
        let remaining_data =
            &mut remaining_data[(entry_size.next_multiple_of(BASE_ALIGNMENT) - entry_size)..];

        self.slice.set(remaining_data);

        // Parses the next entry.
        let (header, payload) = payload.split_at_mut(header_size);
        let header = TransferListEntryHeader::mut_from_bytes(header).ok()?;

        Some(TransferListEntryMut {
            header,
            payload,
            tl_cs: self.tl_cs,
        })
    }
}

impl<'a> TransferListEntryMut<'a> {
    /// Convert the entry payload to an immutable reference using [`FromTLEPayload`].
    pub fn get<'b, T>(self) -> Result<TLEWrapperRef<'b, T>, T::Error>
    where
        T: FromTLEPayload<'b>,
        'a: 'b,
    {
        T::from_bytes(self.payload).map(|e| TLEWrapperRef {
            header: self.header,
            tle: e,
        })
    }

    /// Convert the entry payload to a mutable reference using [`FromTLEPayload`].
    ///
    /// Similarly to [`TransferList::get_mut`], the TLE is given through a wrapper that
    /// automatically updates the checksum of the TL, if needed.
    pub fn get_mut<'b, T>(self) -> Result<TLEWrapperMut<'b, T>, T::Error>
    where
        T: FromTLEPayload<'b>,
        'a: 'b,
    {
        let cs = self
            .tl_cs
            .map(|tl_cs| (tl_cs, slice_checksum(self.payload)));

        T::from_bytes_mut(self.payload).map(|e| TLEWrapperMut {
            header: self.header,
            tle: e,
            cs,
            dirty: false,
        })
    }
}

/// This traits allows to easily re-interpret a [`TransferListEntry`]'s payload into another type.
///
/// ## Example
///
/// This example show how to make a simple implementation of `FromTLEPayload` into a type wrapping
/// the reference.
///
/// ```
/// # use core::convert::Infallible;
/// # use tf_firmware_handoff::{TLETagged, TLETag, FromTLEPayload, StandardTLETag};
///
/// pub struct Fdt<'a>(pub &'a [u8]);
/// pub struct FdtMut<'a>(pub &'a [u8]);
///
/// impl<'a> TLETagged for Fdt<'a> {
///     const TAG: TLETag = TLETag::Standard(StandardTLETag::Fdt);
/// }
///
/// impl<'a> FromTLEPayload<'a> for Fdt<'a> {
///     type OutputRef = Self;
///     type OutputMut = FdtMut<'a>;
///     type Error = Infallible;
///
///     fn from_bytes(payload: &'a [u8]) -> Result<Self::OutputRef, Self::Error> {
///         Ok(Self(payload))
///     }
///
///     fn from_bytes_mut(payload: &'a mut [u8]) -> Result<Self::OutputMut, Self::Error> {
///         Ok(FdtMut(payload))
///     }
///
///     fn as_bytes(val: &Self::OutputRef) -> impl Iterator<Item = u8> {
///         val.0.iter().copied()
///     }
///
///     fn mut_as_bytes(val: &mut Self::OutputMut) -> impl Iterator<Item = u8> {
///         val.0.iter().copied()
///     }
/// }
/// ```
pub trait FromTLEPayload<'a> {
    /// Outcome of a conversion from an immutable memory slice. Usually a `Result<&'a T, _>`.
    type OutputRef;
    /// Outcome of a conversion from an mutable memory slice. Usually a `Result<&'a mut T, _>`.
    ///
    /// Any changes made to the TLE entry through that interface should immediately be made visible
    /// in the TL's memory region.
    type OutputMut;
    type Error;

    /// Reinterprets an immutable `payload` and yields the corresponding
    /// [`FromTLEPayload::OutputRef`].
    fn from_bytes(payload: &'a [u8]) -> Result<Self::OutputRef, Self::Error>;
    /// Reinterprets a mutable `payload` and yields the corresponding [`FromTLEPayload::OutputMut`].
    fn from_bytes_mut(payload: &'a mut [u8]) -> Result<Self::OutputMut, Self::Error>;

    /// Iterator over the bytes of the immutable conversion output.
    fn as_bytes(val: &Self::OutputRef) -> impl Iterator<Item = u8>;
    /// Iterator over the bytes of the mutable conversion output.
    fn mut_as_bytes(val: &mut Self::OutputMut) -> impl Iterator<Item = u8>;
}

impl<'a, T> FromTLEPayload<'a> for T
where
    T: FromBytes + IntoBytes + Immutable + KnownLayout + 'a,
{
    type OutputRef = &'a T;
    type OutputMut = &'a mut T;
    type Error = Error;

    fn from_bytes(payload: &'a [u8]) -> Result<Self::OutputRef, Self::Error> {
        T::try_ref_from_bytes(payload).map_err(|_| Error::FromBytes)
    }

    fn from_bytes_mut(payload: &'a mut [u8]) -> Result<Self::OutputMut, Self::Error> {
        T::try_mut_from_bytes(payload).map_err(|_| Error::FromBytes)
    }

    fn as_bytes(val: &Self::OutputRef) -> impl Iterator<Item = u8> {
        val.as_bytes().iter().copied()
    }

    fn mut_as_bytes(val: &mut Self::OutputMut) -> impl Iterator<Item = u8> {
        val.as_bytes().iter().copied()
    }
}

/// This trait specifies the [`TLETag`] associated with a struct. See [`TransferList::get`] and
/// [`TransferList::get_mut`].
pub trait TLETagged {
    /// The tag that identifies this TLE in a Transfer List.
    const TAG: TLETag;
}

#[derive(Debug)]
pub struct TLEWrapperRef<'a, T>
where
    T: FromTLEPayload<'a>,
{
    header: &'a TransferListEntryHeader,
    tle: T::OutputRef,
}

impl<'a, T> Deref for TLEWrapperRef<'a, T>
where
    T: FromTLEPayload<'a>,
{
    type Target = T::OutputRef;

    fn deref(&self) -> &Self::Target {
        &self.tle
    }
}

impl<'a, T> TLEWrapperRef<'a, T>
where
    T: FromTLEPayload<'a>,
{
    pub fn header(&self) -> &'a TransferListEntryHeader {
        self.header
    }
}

#[derive(Debug)]
pub struct TLEWrapperMut<'a, T>
where
    T: FromTLEPayload<'a>,
{
    header: &'a TransferListEntryHeader,
    tle: T::OutputMut,
    cs: Option<(&'a Cell<u8>, u8)>,
    dirty: bool,
}

impl<'a, T> TLEWrapperMut<'a, T>
where
    T: FromTLEPayload<'a>,
{
    pub fn header(&self) -> &'a TransferListEntryHeader {
        self.header
    }
}

impl<'a, T> Deref for TLEWrapperMut<'a, T>
where
    T: FromTLEPayload<'a>,
{
    type Target = T::OutputMut;

    fn deref(&self) -> &Self::Target {
        &self.tle
    }
}

impl<'a, T> DerefMut for TLEWrapperMut<'a, T>
where
    T: FromTLEPayload<'a>,
{
    fn deref_mut(&mut self) -> &mut Self::Target {
        self.dirty = true;
        &mut self.tle
    }
}

impl<'a, T> Drop for TLEWrapperMut<'a, T>
where
    T: FromTLEPayload<'a>,
{
    fn drop(&mut self) {
        if self.dirty
            && let Some((tl_cs, orig_cs)) = self.cs
        {
            let cs = T::mut_as_bytes(&mut self.tle).fold(0u8, |a, v| a.wrapping_add(v));
            tl_cs.update(|v| v.wrapping_add(orig_cs).wrapping_sub(cs));
        }
    }
}

#[cfg(test)]
mod tests {
    use core::cell::Cell;
    use zerocopy::IntoBytes;

    use crate::{
        Error, GetError, OperationMode, StandardTLETag, TLETag, TransferList,
        TransferListEntryHeader, TransferListFlags, TransferListHeader, ValidationError,
        entries::{ExecEpInfo32, ExecEpInfo64, ParamHeader},
    };

    #[test]
    fn standard_tag_from_u8() {
        assert_eq!(
            TLETag::try_from([0; 3]),
            Ok(TLETag::Standard(StandardTLETag::Void))
        );
        assert_eq!(
            TLETag::try_from([1, 0, 0]),
            Ok(TLETag::Standard(StandardTLETag::Fdt))
        );
        assert_eq!(
            TLETag::try_from([9, 1, 0]),
            Ok(TLETag::Standard(StandardTLETag::GptErrorInfo))
        );
    }

    #[test]
    fn tag_to_u8() {
        assert_eq!(
            <TLETag as Into<[u8; 3]>>::into(TLETag::Standard(StandardTLETag::Void)),
            [0; 3]
        );
        assert_eq!(
            <TLETag as Into<[u8; 3]>>::into(TLETag::Standard(StandardTLETag::Fdt)),
            [1, 0, 0]
        );
        assert_eq!(
            <TLETag as Into<[u8; 3]>>::into(TLETag::Standard(StandardTLETag::GptErrorInfo)),
            [9, 1, 0]
        );
    }

    macro_rules! open_tl_and_buf {
        ($tl:ident, $buf:ident, $path:expr, $size:expr) => {
            let mut $buf = [0; $size];
            let input = include_bytes!(concat!("../test_data/", $path));
            $buf[..input.len()].copy_from_slice(input);
            #[allow(unused_mut)]
            let mut $tl = crate::TransferList::new(&mut $buf).unwrap();
        };
    }

    macro_rules! open_tl {
        ($tl:ident, $path:expr, $size:expr) => {
            open_tl_and_buf!($tl, buf, $path, $size)
        };
    }

    #[test]
    fn tl_nocs_is_valid() {
        open_tl!(tl, "tl-nocs.bin", 4096);
        assert_eq!(tl.validate(), Ok(()))
    }

    #[test]
    fn tl_nocs() {
        open_tl!(tl, "tl-nocs.bin", 4096);

        assert_eq!(tl.header.signature, 0x4a0f_b10b);
        assert_eq!(tl.header.checksum.get(), 0);
        assert_eq!(tl.header.version, 1);
        assert_eq!(tl.header.header_size, 0x18);
        assert_eq!(tl.header.alignment, 3);
        assert_eq!(tl.header.used_size, 120);
        assert_eq!(tl.header.total_size, 4096);
        assert_eq!(tl.header.flags, TransferListFlags::empty());
        assert_eq!(tl.header.reserved, 0);

        let mut iter = tl.entries();

        let entry = iter.next().unwrap();
        assert_eq!(iter.next(), None);

        let entry = entry.get::<ExecEpInfo64>().unwrap();

        assert_eq!(
            **entry,
            ExecEpInfo64 {
                ep_info_hdr: ParamHeader {
                    ty: 1,
                    version: 2,
                    size: 0x58,
                    attr: 8
                },
                pc: 0x4020000,
                spsr: 467,
                pad0: 0,
                x: [0x4001008, 0x4001000, 0, 0, 0, 0, 0, 0]
            }
        )
    }

    #[test]
    fn tl_cs() {
        open_tl!(tl, "tl-cs.bin", 4096);

        assert_eq!(tl.header.signature, 0x4a0f_b10b);
        assert_eq!(tl.header.checksum.get(), 118);
        assert_eq!(tl.header.version, 1);
        assert_eq!(tl.header.header_size, 0x18);
        assert_eq!(tl.header.alignment, 3);
        assert_eq!(tl.header.used_size, 120);
        assert_eq!(tl.header.total_size, 4096);
        assert_eq!(tl.header.flags, TransferListFlags::HAS_CHECKSUM);
        assert_eq!(tl.header.reserved, 0);

        let mut iter = tl.entries();

        let entry = iter.next().unwrap();
        assert_eq!(iter.next(), None);

        let entry = entry.get::<ExecEpInfo64>().unwrap();

        assert_eq!(
            **entry,
            ExecEpInfo64 {
                ep_info_hdr: ParamHeader {
                    ty: 1,
                    version: 2,
                    size: 0x58,
                    attr: 8
                },
                pc: 0x4020000,
                spsr: 467,
                pad0: 0,
                x: [0x4001008, 0x4001000, 0, 0, 0, 0, 0, 0]
            }
        )
    }

    #[test]
    fn tl_cs_from_ptr() {
        let mut buf = [0; 4096];
        let input = include_bytes!("../test_data/tl-cs.bin");
        buf[..input.len()].copy_from_slice(input);
        let tl = unsafe { TransferList::from_raw_ptr(buf.as_mut_ptr()).unwrap() };

        assert_eq!(tl.header.signature, 0x4a0f_b10b);
        assert_eq!(tl.header.checksum.get(), 118);
        assert_eq!(tl.header.version, 1);
        assert_eq!(tl.header.header_size, 0x18);
        assert_eq!(tl.header.alignment, 3);
        assert_eq!(tl.header.used_size, 120);
        assert_eq!(tl.header.total_size, 4096);
        assert_eq!(tl.header.flags, TransferListFlags::HAS_CHECKSUM);
        assert_eq!(tl.header.reserved, 0);

        let mut iter = tl.entries();

        let entry = iter.next().unwrap();
        assert_eq!(iter.next(), None);

        let entry = entry.get::<ExecEpInfo64>().unwrap();

        assert_eq!(
            **entry,
            ExecEpInfo64 {
                ep_info_hdr: ParamHeader {
                    ty: 1,
                    version: 2,
                    size: 0x58,
                    attr: 8
                },
                pc: 0x4020000,
                spsr: 467,
                pad0: 0,
                x: [0x4001008, 0x4001000, 0, 0, 0, 0, 0, 0]
            }
        )
    }

    #[test]
    fn create_tl_nocs() {
        let mut buf = [0; 4096];
        let mut tl = TransferList::create(&mut buf, false).unwrap();

        assert_eq!(
            *tl.header,
            TransferListHeader {
                signature: 0x4a0f_b10b,
                checksum: Cell::new(0),
                version: 1,
                header_size: 0x18,
                alignment: 3,
                used_size: 0x18,
                total_size: 0x1000,
                flags: TransferListFlags::empty(),
                reserved: 0
            }
        );

        assert_eq!(tl.entries().count(), 0);
        assert_eq!(tl.validate(), Ok(()));
    }

    #[test]
    fn create_tl_cs() {
        let mut buf = [0; 4096];
        let mut tl = TransferList::create(&mut buf, true).unwrap();

        assert_eq!(
            *tl.header,
            TransferListHeader {
                signature: 0x4a0f_b10b,
                checksum: Cell::new(0xa6),
                version: 1,
                header_size: 0x18,
                alignment: 3,
                used_size: 0x18,
                total_size: 0x1000,
                flags: TransferListFlags::HAS_CHECKSUM,
                reserved: 0
            }
        );

        assert_eq!(tl.entries().count(), 0);
        assert_eq!(tl.validate(), Ok(()));
    }

    #[test]
    fn create_too_small() {
        let mut buf = [0; 0x10];
        assert_eq!(
            TransferList::create(&mut buf, true),
            Err(Error::NotEnoughMemory)
        );
    }

    #[test]
    fn tl_invalid_sig() {
        let mut buf = [0; 4096];
        let input = include_bytes!("../test_data/tl-nocs.bin");
        buf[..input.len()].copy_from_slice(input);
        buf[0x0] = 0;
        assert_eq!(
            TransferList::new(&mut buf),
            Err(Error::Validation(ValidationError::InvalidSignature)),
        );
    }

    #[test]
    fn tl_invalid_version() {
        let mut buf = [0; 4096];
        let input = include_bytes!("../test_data/tl-nocs.bin");
        buf[..input.len()].copy_from_slice(input);
        buf[0x5] = 0;
        assert_eq!(
            TransferList::new(&mut buf),
            Err(Error::Validation(ValidationError::InvalidVersion)),
        );
    }

    #[test]
    fn tl_invalid_checksum() {
        let mut buf = [0; 4096];
        let input = include_bytes!("../test_data/tl-cs.bin");
        buf[..input.len()].copy_from_slice(input);
        buf[0x4] += 5;
        assert_eq!(
            TransferList::new(&mut buf),
            Err(Error::Validation(ValidationError::ChecksumMismatch)),
        );
    }

    #[test]
    fn tl_buffer_too_small() {
        let mut buf = [0; 2048];
        let input = include_bytes!("../test_data/tl-nocs.bin");
        buf[..input.len()].copy_from_slice(input);
        assert_eq!(
            TransferList::new(&mut buf),
            Err(Error::Validation(ValidationError::SizeMismatch)),
        );
    }

    #[test]
    fn tl_too_recent_is_ro() {
        let mut buf = [0; 4096];
        let input = include_bytes!("../test_data/tl-nocs.bin");
        buf[..input.len()].copy_from_slice(input);
        buf[0x5] = 2;

        let tl = TransferList::new(&mut buf).unwrap();
        assert_eq!(tl.operation_mode, OperationMode::RO);
    }

    macro_rules! mut_test {
        ($fn:ident,$path:literal,$checksum:literal) => {
            let mut buf = [0; 4096];
            let input = include_bytes!($path);
            buf[..input.len()].copy_from_slice(input);
            $fn(&mut buf, $checksum);
        };
    }

    #[test]
    fn push_back_with_data_nocs() {
        mut_test!(push_back_with_data, "../test_data/tl-nocs.bin", false);
    }
    #[test]
    fn push_back_with_data_cs() {
        mut_test!(push_back_with_data, "../test_data/tl-cs.bin", true);
    }

    fn push_back_with_data(buf: &mut [u8], checksum: bool) {
        let mut tl = TransferList::new(buf).unwrap();

        assert_eq!(
            tl.add_entry(StandardTLETag::DtFormattedFfaManifest.into(), &[4; 8]),
            Ok(())
        );

        let entry = tl.entries().nth(1).unwrap();
        assert_eq!(
            *entry.header,
            TransferListEntryHeader {
                tag: [6, 1, 0],
                header_size: 8,
                data_size: 8
            }
        );
        assert_eq!(entry.payload, &[4; 8]);
        assert_eq!(tl.header.used_size, 136);

        if checksum {
            assert_eq!(tl.validate(), Ok(()));
        }

        assert_eq!(
            buf[120..136],
            [6, 1, 0, 8, 8, 0, 0, 0, 4, 4, 4, 4, 4, 4, 4, 4]
        );
    }

    #[test]
    fn push_back_uninitialized_nocs() {
        mut_test!(push_back_uninitialized, "../test_data/tl-nocs.bin", false);
    }
    #[test]
    fn push_back_uninitialized_cs() {
        mut_test!(push_back_uninitialized, "../test_data/tl-cs.bin", true);
    }

    fn push_back_uninitialized(buf: &mut [u8], checksum: bool) {
        let mut tl = TransferList::new(buf).unwrap();

        assert_eq!(
            tl.add_uninitialized_entry(StandardTLETag::DtFormattedFfaManifest.into(), 32),
            Ok(())
        );

        if checksum {
            assert_eq!(tl.validate(), Ok(()));
        }

        let entry = tl.entries().nth(1).unwrap();
        assert_eq!(
            *entry.header,
            TransferListEntryHeader {
                tag: [6, 1, 0],
                header_size: 8,
                data_size: 32
            }
        );
        assert_eq!(tl.header.used_size, 160);

        if checksum {
            assert_eq!(tl.validate(), Ok(()));
        }

        assert_eq!(buf[120..128], [6, 1, 0, 8, 32, 0, 0, 0]);
        assert_eq!(buf[0x8..0xc], [160, 0, 0, 0]);
    }

    #[test]
    fn push_back_uninitialized_oom() {
        open_tl_and_buf!(tl, buf, "tl-nocs.bin", 4096);

        assert_eq!(
            tl.add_uninitialized_entry(
                TLETag::Standard(StandardTLETag::DtFormattedFfaManifest),
                4000
            ),
            Err(Error::NeedsReallocation {
                required_size: 4128 // used_size (120) + TE header (8) + requested_size (4000)
            })
        );
    }

    #[test]
    fn push_back_with_data_oom() {
        open_tl_and_buf!(tl, buf, "tl-nocs.bin", 4096);

        assert_eq!(
            tl.add_entry(StandardTLETag::DtFormattedFfaManifest.into(), &[1; 4000]),
            Err(Error::NeedsReallocation {
                required_size: 4128 // used_size (120) + TE header (8) + requested_size (4000)
            })
        );
    }

    #[test]
    fn add_uninitialized_aligned_entry_nocs() {
        mut_test!(
            add_uninitialized_aligned_entry,
            "../test_data/tl-nocs.bin",
            false
        );
    }
    #[test]
    fn add_uninitialized_aligned_entry_cs() {
        mut_test!(
            add_uninitialized_aligned_entry,
            "../test_data/tl-cs.bin",
            true
        );
    }

    fn add_uninitialized_aligned_entry(buf: &mut [u8], checksum: bool) {
        let align = 10;

        let base = buf.as_ptr() as usize;
        let mut tl = TransferList::new(buf).unwrap();

        let end = base + 128; // used_size + TE header

        let offset = ((1 << align) - (end & ((1 << align) - 1))) % (1 << align);
        let pad_size = offset - 8;

        assert_eq!(
            tl.add_uninitialized_aligned_entry(
                StandardTLETag::DtFormattedFfaManifest.into(),
                128,
                align
            ),
            Ok(())
        );

        {
            let mut iter = tl.entries().skip(1);

            if pad_size != 0 {
                let void = iter.next().unwrap();
                assert_eq!(
                    *void.header,
                    TransferListEntryHeader {
                        tag: [0, 0, 0],
                        header_size: 8,
                        data_size: pad_size as u32
                    }
                );
            }

            let entry = iter.next().unwrap();
            assert_eq!(
                *entry.header,
                TransferListEntryHeader {
                    tag: [6, 1, 0],
                    header_size: 8,
                    data_size: 128
                }
            );
        }

        assert_eq!(tl.header.alignment, align);
        assert_eq!(tl.header.used_size, 256 + offset as u32);

        if checksum {
            assert_eq!(tl.validate(), Ok(()));
        }

        if pad_size != 0 {
            assert_eq!(buf[120..124], [0, 0, 0, 8]);
            assert_eq!(&buf[124..128], (pad_size as u32).as_bytes());
        }
        assert_eq!(
            buf[(120 + offset)..(128 + offset)],
            [6, 1, 0, 8, 128, 0, 0, 0]
        );
        assert_eq!(&buf[0x8..0xc], (120 + offset as u32 + 8 + 128).as_bytes());
        assert_eq!(buf[0x7], align);
    }

    #[test]
    fn add_small_entries_nocs() {
        mut_test!(add_small_entries, "../test_data/tl-nocs.bin", false);
    }
    #[test]
    fn add_small_entries_cs() {
        mut_test!(add_small_entries, "../test_data/tl-cs.bin", true);
    }

    fn add_small_entries(buf: &mut [u8], checksum: bool) {
        let mut tl = TransferList::new(buf).unwrap();
        tl.add_entry(StandardTLETag::Fdt.into(), &[1; 3]).unwrap();
        tl.add_entry(StandardTLETag::HobB.into(), &[2; 3]).unwrap();
        tl.add_entry(StandardTLETag::HobL.into(), &[3; 3]).unwrap();
        tl.add_entry(StandardTLETag::AcpiAggr.into(), &[4; 3])
            .unwrap();

        assert_eq!(tl.header.used_size, 184);

        for (i, e) in tl.entries().skip(1).enumerate() {
            let i = (i as u8) + 1;

            assert_eq!(
                *e.header,
                TransferListEntryHeader {
                    tag: [i, 0, 0],
                    header_size: 8,
                    data_size: 3
                }
            );

            assert_eq!(e.payload, &[i; 3]);
        }

        if checksum {
            assert_eq!(tl.validate(), Ok(()));
        }
    }

    #[test]
    fn add_small_aligned_entry_nocs() {
        mut_test!(add_small_aligned_entry, "../test_data/tl-nocs.bin", false);
    }
    #[test]
    fn add_small_aligned_entry_cs() {
        mut_test!(add_small_aligned_entry, "../test_data/tl-cs.bin", true);
    }

    fn add_small_aligned_entry(buf: &mut [u8], checksum: bool) {
        let mut tl = TransferList::new(buf).unwrap();
        tl.add_aligned_entry(StandardTLETag::DtFormattedFfaManifest.into(), &[1; 32], 1)
            .unwrap();

        assert_eq!(tl.entries().count(), 2); // No padding should be allocated.

        let entry = tl.entries().nth(1).unwrap();
        assert_eq!(
            *entry.header,
            TransferListEntryHeader {
                tag: [6, 1, 0],
                header_size: 8,
                data_size: 32
            }
        );

        assert_eq!(entry.payload, &[1; 32]);

        assert_eq!(tl.header.used_size, 160);
        assert_eq!(tl.header.alignment, 3);

        if checksum {
            assert_eq!(tl.validate(), Ok(()));
        }
    }

    #[test]
    fn add_aligned_entry_nocs() {
        mut_test!(add_aligned_entry, "../test_data/tl-nocs.bin", false);
    }
    #[test]
    fn add_aligned_entry_cs() {
        mut_test!(add_aligned_entry, "../test_data/tl-cs.bin", true);
    }

    fn add_aligned_entry(buf: &mut [u8], checksum: bool) {
        let align = 10;

        let base = buf.as_ptr() as usize;

        let mut tl = TransferList::new(buf).unwrap();

        let end = base + 128; // used_size + TE header

        let offset = ((1 << align) - (end & ((1 << align) - 1))) % (1 << align);
        let pad_size = offset - 8;

        assert_eq!(
            tl.add_aligned_entry(
                StandardTLETag::DtFormattedFfaManifest.into(),
                &[4; 128],
                align
            ),
            Ok(())
        );

        if checksum {
            assert_eq!(tl.validate(), Ok(()));
        }

        {
            let mut iter = tl.entries().skip(1);

            if pad_size != 0 {
                let void = iter.next().unwrap();
                assert_eq!(
                    *void.header,
                    TransferListEntryHeader {
                        tag: [0, 0, 0],
                        header_size: 8,
                        data_size: pad_size as u32
                    }
                );
            }

            let entry = iter.next().unwrap();
            assert_eq!(
                *entry.header,
                TransferListEntryHeader {
                    tag: [6, 1, 0],
                    header_size: 8,
                    data_size: 128
                }
            );
        }

        assert_eq!(tl.header.alignment, align);
        assert_eq!(tl.header.used_size, 256 + offset as u32);

        if checksum {
            assert_eq!(tl.validate(), Ok(()));
        }

        if pad_size != 0 {
            assert_eq!(buf[120..124], [0, 0, 0, 8]);
            assert_eq!(&buf[124..128], (pad_size as u32).as_bytes());
        }
        assert_eq!(
            buf[(120 + offset)..(128 + offset)],
            [6, 1, 0, 8, 128, 0, 0, 0]
        );
        assert_eq!(buf[(128 + offset)..(256 + offset)], [4u8; 128]);
        assert_eq!(&buf[0x8..0xc], (120 + offset as u32 + 8 + 128).as_bytes());
        assert_eq!(buf[0x7], align);
    }

    #[test]
    fn add_reclaim_nocs() {
        mut_test!(add_reclaim, "../test_data/tl-nocs.bin", false);
    }
    #[test]
    fn add_reclaim_cs() {
        mut_test!(add_reclaim, "../test_data/tl-cs.bin", true);
    }

    fn add_reclaim(buf: &mut [u8], checksum: bool) {
        let align = 10;

        let base = buf.as_ptr() as usize;
        let mut tl = TransferList::new(buf).unwrap();

        let end = base + 128; // used_size + TE header

        let offset = ((1 << align) - (end & ((1 << align) - 1))) % (1 << align);
        let pad_size = offset - 8;

        assert_eq!(
            tl.add_uninitialized_aligned_entry(
                StandardTLETag::DtFormattedFfaManifest.into(),
                128,
                align
            ),
            Ok(())
        );
        assert_eq!(tl.header.used_size, 256 + offset as u32);

        // If through bad luck the padding for the alignment is not large enough, restart. Since we
        // now know that the end of the TL at 2^10 + 128, the next padding will be large
        // enough for the allocation.
        if pad_size < 40 {
            add_reclaim(buf, checksum);
            return;
        }

        assert_eq!(
            Ok(()),
            tl.add_uninitialized_entry(StandardTLETag::AcpiAggr.into(), 32)
        );
        assert_eq!(tl.header.used_size, 256 + offset as u32); // Size should not be modified.

        assert_eq!(tl.entries().count(), 4);

        let tags = [
            StandardTLETag::Aarch64EntrypointInfo.into(),
            StandardTLETag::AcpiAggr.into(),
            StandardTLETag::Void.into(),
            StandardTLETag::DtFormattedFfaManifest.into(),
        ];
        let sizes = [88, 32, pad_size - 40, 128];

        for (i, e) in tl.entries().enumerate() {
            assert_eq!(e.header.tag(), Ok(tags[i]));
            assert_eq!(e.header.data_size as usize, sizes[i]);
        }

        if checksum {
            assert_eq!(tl.validate(), Ok(()));
        }
    }

    #[test]
    fn relocate() {
        open_tl!(tl, "tl-cs.bin", 4096);

        let mut new_buf = [0; 5120];
        let mut new_tl = tl.relocate(&mut new_buf).unwrap();

        assert_eq!(new_tl.header.signature, tl.header.signature);
        assert_eq!(new_tl.header.checksum.get(), 114);
        assert_eq!(new_tl.header.version, tl.header.version);
        assert_eq!(new_tl.header.header_size, tl.header.header_size);
        assert_eq!(new_tl.header.alignment, tl.header.alignment);
        assert_eq!(new_tl.header.used_size, tl.header.used_size);
        assert_eq!(new_tl.header.total_size, 5120);
        assert_eq!(new_tl.header.flags, tl.header.flags);
        assert_eq!(new_tl.header.reserved, tl.header.reserved);

        assert_eq!(new_tl.validate(), Ok(()));

        assert_eq!(tl.entries().count(), new_tl.entries().count());
        for (entry, new_entry) in tl.entries().zip(new_tl.entries()) {
            assert_eq!(entry, new_entry);
        }

        assert_eq!(
            new_buf[0..0x18],
            [
                0x0b, 0xb1, 0x0f, 0x4a, // Signature
                114,  // Checksum
                0x1,  // Version
                0x18, // Header size
                0x3,  // Alignment
                0x78, 0x0, 0x0, 0x0, // Used size
                0x0, 0x14, 0x0, 0x0, // Total size
                0x1, 0x0, 0x0, 0x0, // Flags
                0x0, 0x0, 0x0, 0x0 // Reserved
            ]
        )
    }

    #[test]
    fn relocate_preserves_alignment() {
        open_tl!(tl, "tl-cs.bin", 4096);
        tl.add_uninitialized_aligned_entry(StandardTLETag::DtFormattedFfaManifest.into(), 128, 9)
            .unwrap();

        let mut new_buf = [0; 5120];
        let new_tl = tl.relocate(&mut new_buf).unwrap();

        assert_eq!(tl.entries().count(), 3);

        let entry = new_tl
            .entries()
            .find(|e| e.header.tag() == Ok(StandardTLETag::DtFormattedFfaManifest.into()))
            .unwrap();

        assert!((entry.payload.as_ptr() as usize).is_multiple_of(1 << 9));
    }

    #[test]
    fn relocate_then_alloc() {
        open_tl!(tl, "tl-cs.bin", 4096);

        let err = tl
            .add_uninitialized_entry(StandardTLETag::DtFormattedFfaManifest.into(), 4096)
            .unwrap_err();
        let Error::NeedsReallocation { required_size } = err else {
            panic!()
        };

        assert_eq!(required_size, 4224);
        let mut new_buf = [0; 4224];

        let mut new_tl = tl.relocate(&mut new_buf).unwrap();

        assert_eq!(
            new_tl.add_uninitialized_entry(StandardTLETag::DtFormattedFfaManifest.into(), 4096),
            Ok(())
        );
    }

    #[test]
    fn relocate_too_small() {
        open_tl!(tl, "tl-cs.bin", 4096);
        let mut new_buf = [0; 119];

        assert_eq!(tl.relocate(&mut new_buf), Err(Error::NotEnoughMemory));
    }

    #[test]
    fn get_valid() {
        open_tl!(tl, "tl-cs.bin", 4096);
        assert!(tl.get::<ExecEpInfo64>().is_ok());
        assert!(tl.get_mut::<ExecEpInfo64>().is_ok());
    }

    #[test]
    fn get_not_found() {
        open_tl!(tl, "tl-cs.bin", 4096);
        assert!(matches!(tl.get::<ExecEpInfo32>(), Err(GetError::NotFound)));
    }

    #[test]
    fn get_then_mut_updates_checksum() {
        open_tl!(tl, "tl-cs.bin", 4096);

        let mut entry = tl.get_mut::<ExecEpInfo64>().unwrap();
        entry.x.fill(0x1234_abcd);
        drop(entry);

        assert_eq!(Ok(()), tl.validate());
    }

    #[test]
    fn readonly_tl() {
        open_tl!(tl, "tl-cs.bin", 4096);
        tl.operation_mode = OperationMode::RO;

        let mut buf = [0; 4096];
        assert_eq!(tl.relocate(&mut buf), Err(Error::ReadOnly));

        assert_eq!(
            tl.add_aligned_entry(StandardTLETag::Aarch64EntrypointInfo.into(), &[0; 8], 1),
            Err(Error::ReadOnly)
        );
        assert_eq!(
            tl.add_uninitialized_aligned_entry(StandardTLETag::Aarch32EntrypointInfo.into(), 32, 1),
            Err(Error::ReadOnly)
        );
        assert_eq!(
            tl.add_entry(StandardTLETag::AcpiAggr.into(), &[0; 8],),
            Err(Error::ReadOnly)
        );
        assert_eq!(
            tl.add_uninitialized_entry(StandardTLETag::AcpiAggr.into(), 32),
            Err(Error::ReadOnly)
        );
    }

    #[test]
    fn aarch32_regs_no_fdt() {
        let mut buf = [0; 4096];
        let input = include_bytes!("../test_data/tl-cs.bin");
        buf[..input.len()].copy_from_slice(input);
        let tl = TransferList::new(&mut buf).unwrap();

        assert_eq!(
            tl.aarch32_regs(|addr| addr as u32),
            [0, 0x010f_b10b, 0, buf.as_ptr() as u32]
        )
    }

    #[test]
    fn aarch64_regs_no_fdt() {
        let mut buf = [0; 4096];
        let input = include_bytes!("../test_data/tl-cs.bin");
        buf[..input.len()].copy_from_slice(input);
        let tl = TransferList::new(&mut buf).unwrap();

        assert_eq!(
            tl.aarch64_regs(|addr| addr as u64),
            [0, 0x0000_0001_4a0f_b10b, 0, buf.as_ptr() as u64]
        )
    }

    #[test]
    fn aarch32_regs_fdt() {
        let mut buf = [0; 4096];
        let input = include_bytes!("../test_data/tl-fdt.bin");
        buf[..input.len()].copy_from_slice(input);
        let base = buf.as_ptr() as u32;
        let tl = TransferList::new(&mut buf).unwrap();

        assert_eq!(
            tl.aarch32_regs(|addr| addr as u32),
            [0, 0x010f_b10b, base + 0x20, base]
        )
    }

    #[test]
    fn aarch64_regs_fdt() {
        let mut buf = [0; 4096];
        let input = include_bytes!("../test_data/tl-fdt.bin");
        buf[..input.len()].copy_from_slice(input);
        let base = buf.as_ptr() as u64;
        let tl = TransferList::new(&mut buf).unwrap();

        assert_eq!(
            tl.aarch64_regs(|addr| addr as u64),
            [base + 0x20, 0x0000_0001_4a0f_b10b, 0, base]
        )
    }

    macro_rules! add_or_reloc {
        ($buf:ident, $tl:ident, $tag:expr, $len:expr) => {
            match $tl.add_uninitialized_entry($tag, $len) {
                Ok(_) => {}
                Err(Error::NeedsReallocation { required_size }) => {
                    let buf = &mut $buf[0..required_size as usize];
                    $tl = $tl.relocate(buf).unwrap();
                    $tl.add_uninitialized_entry($tag, $len).unwrap();
                }
                Err(e) => panic!("unexpected error: {e:?}"),
            }
        };
        ($buf:ident, $tl:ident, $tag:expr, $len:expr, $align:expr) => {
            match $tl.add_uninitialized_aligned_entry($tag, $len, $align) {
                Ok(_) => {}
                Err(Error::NeedsReallocation { required_size }) => {
                    let buf = &mut $buf[0..required_size as usize];
                    $tl = $tl.relocate(buf).unwrap();
                    $tl.add_uninitialized_aligned_entry($tag, $len, $align)
                        .unwrap();
                }
                Err(e) => panic!("unexpected error: {e:?}"),
            }
        };
    }

    macro_rules! assert_entry_matches {
        ($tl:ident, $tag:expr, $len:expr) => {
            assert_eq!(
                $tl.entries()
                    .find(|e| e.header.tag == $tag)
                    .unwrap()
                    .payload
                    .len(),
                $len
            );
        };
        ($tl:ident, $tag:expr, $len:expr, $align:expr) => {
            let tl = $tl.entries().find(|e| e.header.tag == $tag).unwrap();
            let len = tl.payload.len();
            let ptr = (tl.payload.as_ptr() as usize);
            let align = ptr.trailing_zeros();

            assert_eq!(
                len, $len,
                "For entry with tag {:?}, expected len of {:x} but got {len:x}",
                $tag, $len
            );
            assert!(
                align >= $align,
                "For entry with tag {:?}, expected alignment of at least {:x} but got {align:x} (0x{ptr:x})",
                $tag,
                $align
            );
        };
    }

    #[test]
    fn add_reloc_seq1() {
        let mut buf1 = [0; 4096];
        let mut buf2 = [0; 4096];
        let mut buf3 = [0; 4096];
        let mut buf4 = [0; 4096];
        let mut buf5 = [0; 4096];
        let mut buf6 = [0; 4096];

        let mut tl = TransferList::create(&mut buf1[0..256], true).unwrap();

        add_or_reloc!(buf2, tl, StandardTLETag::Fdt.into(), 128);
        add_or_reloc!(buf3, tl, StandardTLETag::HobB.into(), 53);
        add_or_reloc!(buf4, tl, StandardTLETag::HobL.into(), 200, 7);
        add_or_reloc!(buf5, tl, StandardTLETag::AcpiAggr.into(), 192, 6);
        add_or_reloc!(buf6, tl, StandardTLETag::EventLog.into(), 48);

        assert_entry_matches!(tl, [1, 0, 0], 128);
        assert_entry_matches!(tl, [2, 0, 0], 53);
        assert_entry_matches!(tl, [3, 0, 0], 200, 7);
        assert_entry_matches!(tl, [4, 0, 0], 192, 6);
        assert_entry_matches!(tl, [5, 0, 0], 48);
    }

    #[test]
    fn add_reloc_seq2() {
        let mut buf1 = [0; 4096];
        let mut buf2 = [0; 4096];
        let mut buf3 = [0; 4096];
        let mut buf4 = [0; 4096];
        let mut buf5 = [0; 4096];
        let mut buf6 = [0; 4096];

        let mut tl = TransferList::create(&mut buf1[0..256], true).unwrap();

        add_or_reloc!(buf2, tl, StandardTLETag::Fdt.into(), 36, 2);
        add_or_reloc!(buf3, tl, StandardTLETag::HobB.into(), 64, 8);
        add_or_reloc!(buf4, tl, StandardTLETag::HobL.into(), 150);
        add_or_reloc!(buf5, tl, StandardTLETag::AcpiAggr.into(), 133, 1);
        add_or_reloc!(buf6, tl, StandardTLETag::EventLog.into(), 267);

        assert_entry_matches!(tl, [1, 0, 0], 36, 2);
        assert_entry_matches!(tl, [2, 0, 0], 64, 8);
        assert_entry_matches!(tl, [3, 0, 0], 150);
        assert_entry_matches!(tl, [4, 0, 0], 133, 1);
        assert_entry_matches!(tl, [5, 0, 0], 267);
    }

    #[test]
    fn add_reloc_seq3() {
        let mut buf1 = [0; 4096];
        let mut buf2 = [0; 4096];
        let mut buf3 = [0; 4096];
        let mut buf4 = [0; 4096];

        let mut tl = TransferList::create(&mut buf1[0..256], true).unwrap();

        add_or_reloc!(buf2, tl, StandardTLETag::Fdt.into(), 48);
        add_or_reloc!(buf3, tl, StandardTLETag::HobB.into(), 96, 4);
        add_or_reloc!(buf4, tl, StandardTLETag::HobL.into(), 200, 8);

        assert_entry_matches!(tl, [1, 0, 0], 48);
        assert_entry_matches!(tl, [2, 0, 0], 96, 4);
        assert_entry_matches!(tl, [3, 0, 0], 200, 8);
    }

    #[test]
    fn add_reloc_seq4() {
        let mut buf1 = [0; 4096];
        let mut buf2 = [0; 4096];
        let mut buf3 = [0; 4096];
        let mut buf4 = [0; 4096];
        let mut buf5 = [0; 4096];
        let mut buf6 = [0; 4096];
        let mut buf7 = [0; 4096];

        let mut tl = TransferList::create(&mut buf1[0..256], true).unwrap();

        add_or_reloc!(buf3, tl, StandardTLETag::Fdt.into(), 32, 2);
        add_or_reloc!(buf4, tl, StandardTLETag::HobB.into(), 24, 4);
        add_or_reloc!(buf5, tl, StandardTLETag::HobL.into(), 20, 8);
        add_or_reloc!(buf6, tl, StandardTLETag::AcpiAggr.into(), 12);
        add_or_reloc!(buf7, tl, StandardTLETag::EventLog.into(), 10, 2);
        add_or_reloc!(buf2, tl, StandardTLETag::TpmCrbBase.into(), 16, 1);

        assert_entry_matches!(tl, [1, 0, 0], 32, 2);
        assert_entry_matches!(tl, [2, 0, 0], 24, 4);
        assert_entry_matches!(tl, [3, 0, 0], 20, 8);
        assert_entry_matches!(tl, [4, 0, 0], 12);
        assert_entry_matches!(tl, [5, 0, 0], 10, 2);
        assert_entry_matches!(tl, [6, 0, 0], 16, 1);
    }

    #[test]
    fn add_reloc_seq5() {
        let mut buf1 = [0; 4096];
        let mut buf2 = [0; 4096];
        let mut buf3 = [0; 4096];
        let mut buf4 = [0; 4096];
        let mut buf5 = [0; 4096];

        let mut tl = TransferList::create(&mut buf1[0..256], true).unwrap();

        add_or_reloc!(buf2, tl, StandardTLETag::Fdt.into(), 100);
        add_or_reloc!(buf3, tl, StandardTLETag::HobB.into(), 200);
        add_or_reloc!(buf4, tl, StandardTLETag::HobL.into(), 300);
        add_or_reloc!(buf5, tl, StandardTLETag::AcpiAggr.into(), 400);

        assert_entry_matches!(tl, [1, 0, 0], 100);
        assert_entry_matches!(tl, [2, 0, 0], 200);
        assert_entry_matches!(tl, [3, 0, 0], 300);
        assert_entry_matches!(tl, [4, 0, 0], 400);
    }

    #[test]
    fn add_reloc_seq6() {
        let mut buf1 = [0; 4096];
        let mut buf2 = [0; 4096];
        let mut buf3 = [0; 4096];
        let mut buf4 = [0; 4096];
        let mut buf5 = [0; 4096];
        let mut buf6 = [0; 4096];

        let mut tl = TransferList::create(&mut buf1[0..256], true).unwrap();

        add_or_reloc!(buf2, tl, StandardTLETag::Fdt.into(), 60, 2);
        add_or_reloc!(buf3, tl, StandardTLETag::HobB.into(), 128, 4);
        add_or_reloc!(buf4, tl, StandardTLETag::HobL.into(), 256, 1);
        add_or_reloc!(buf5, tl, StandardTLETag::AcpiAggr.into(), 512, 8);
        add_or_reloc!(buf6, tl, StandardTLETag::EventLog.into(), 1024, 2);

        assert_entry_matches!(tl, [1, 0, 0], 60, 2);
        assert_entry_matches!(tl, [2, 0, 0], 128, 4);
        assert_entry_matches!(tl, [3, 0, 0], 256, 1);
        assert_entry_matches!(tl, [4, 0, 0], 512, 8);
        assert_entry_matches!(tl, [5, 0, 0], 1024, 2);
    }
}