TBB: switch to the new authentication framework

This patch modifies the Trusted Board Boot implementation to use
the new authentication framework, making use of the authentication
module, the cryto module and the image parser module to
authenticate the images in the Chain of Trust.

A new function 'load_auth_image()' has been implemented. When TBB
is enabled, this function will call the authentication module to
authenticate parent images following the CoT up to the root of
trust to finally load and authenticate the requested image.

The platform is responsible for picking up the right makefiles to
build the corresponding cryptographic and image parser libraries.
ARM platforms use the mbedTLS based libraries.

The platform may also specify what key algorithm should be used
to sign the certificates. This is done by declaring the 'KEY_ALG'
variable in the platform makefile. FVP and Juno use ECDSA keys.

On ARM platforms, BL2 and BL1-RW regions have been increased 4KB
each to accommodate the ECDSA code.

REMOVED BUILD OPTIONS:

  * 'AUTH_MOD'

Change-Id: I47d436589fc213a39edf5f5297bbd955f15ae867

Makefile

@@ -76,7 +76,6 @@ CREATE_KEYS		:= 1
 SAVE_KEYS		:= 0
 # Flags to build TF with Trusted Boot support
 TRUSTED_BOARD_BOOT	:= 0
-AUTH_MOD		:= none
 # By default, consider that the platform's reset address is not programmable.
 # The platform Makefile is free to override this value.
 PROGRAMMABLE_RESET_ADDRESS	:= 0
@@ -215,6 +214,7 @@ INCLUDES		+=	-Iinclude/bl31			\
 				-Iinclude/common		\
 				-Iinclude/drivers		\
 				-Iinclude/drivers/arm		\
+				-Iinclude/drivers/auth		\
 				-Iinclude/drivers/io		\
 				-Iinclude/drivers/ti/uart	\
 				-Iinclude/lib			\
@@ -340,23 +340,6 @@ ifneq (${GENERATE_COT},0)
     $(eval CRT_ARGS += $(if ${KEY_ALG}, --key-alg ${KEY_ALG}))
 endif
 
-# Check Trusted Board Boot options
-ifneq (${TRUSTED_BOARD_BOOT},0)
-    ifeq (${AUTH_MOD},none)
-        $(error Error: When TRUSTED_BOARD_BOOT=1, AUTH_MOD has to be the name of a valid authentication module)
-    else
-        # We expect to locate an *.mk file under the specified AUTH_MOD directory
-        AUTH_MAKE := $(shell m="common/auth/${AUTH_MOD}/${AUTH_MOD}.mk"; [ -f "$$m" ] && echo "$$m")
-        ifeq (${AUTH_MAKE},)
-            $(error Error: No common/auth/${AUTH_MOD}/${AUTH_MOD}.mk located)
-        endif
-        $(info Including ${AUTH_MAKE})
-        include ${AUTH_MAKE}
-    endif
-
-    BL_COMMON_SOURCES	+=	common/auth.c
-endif
-
 # Check if -pedantic option should be used
 ifeq (${DISABLE_PEDANTIC},0)
     CFLAGS		+= 	-pedantic

bl1/bl1_main.c

@@ -31,7 +31,7 @@
 #include <arch.h>
 #include <arch_helpers.h>
 #include <assert.h>
-#include <auth.h>
+#include <auth_mod.h>
 #include <bl_common.h>
 #include <debug.h>
 #include <platform.h>
@@ -161,38 +161,16 @@ void bl1_main(void)
 
 #if TRUSTED_BOARD_BOOT
 	/* Initialize authentication module */
-	auth_init();
-
-	/*
-	 * Load the BL2 certificate into the BL2 region. This region will be
-	 * overwritten by the image, so the authentication module is responsible
-	 * for storing the relevant data from the certificate (keys, hashes,
-	 * etc.) so it can be used later.
-	 */
-	err = load_image(bl1_tzram_layout,
-			 BL2_CERT_ID,
-			 BL2_BASE,
-			 &bl2_image_info,
-			 NULL);
-	if (err) {
-		ERROR("Failed to load BL2 certificate.\n");
-		panic();
-	}
-
-	err = auth_verify_obj(AUTH_BL2_IMG_CERT, bl2_image_info.image_base,
-			bl2_image_info.image_size);
-	if (err) {
-		ERROR("Failed to validate BL2 certificate.\n");
-		panic();
-	}
+	auth_mod_init();
 #endif /* TRUSTED_BOARD_BOOT */
 
 	/* Load the BL2 image */
-	err = load_image(bl1_tzram_layout,
+	err = load_auth_image(bl1_tzram_layout,
 			 BL2_IMAGE_ID,
 			 BL2_BASE,
 			 &bl2_image_info,
 			 &bl2_ep);
+
 	if (err) {
 		/*
 		 * TODO: print failure to load BL2 but also add a tzwdog timer
@@ -202,19 +180,6 @@ void bl1_main(void)
 		panic();
 	}
 
-#if TRUSTED_BOARD_BOOT
-	err = auth_verify_obj(AUTH_BL2_IMG, bl2_image_info.image_base,
-				bl2_image_info.image_size);
-	if (err) {
-		ERROR("Failed to validate BL2 image.\n");
-		panic();
-	}
-
-	/* After working with data, invalidate the data cache */
-	inv_dcache_range(bl2_image_info.image_base,
-			(size_t)bl2_image_info.image_size);
-#endif /* TRUSTED_BOARD_BOOT */
-
 	/*
 	 * Create a new layout of memory for BL2 as seen by BL1 i.e.
 	 * tell it the amount of total and free memory available.

bl2/bl2_main.c

@@ -31,7 +31,7 @@
 #include <arch.h>
 #include <arch_helpers.h>
 #include <assert.h>
-#include <auth.h>
+#include <auth_mod.h>
 #include <bl_common.h>
 #include <debug.h>
 #include <platform.h>
@@ -39,147 +39,6 @@
 #include <stdint.h>
 #include "bl2_private.h"
 
-#if TRUSTED_BOARD_BOOT
-
-#ifdef BL32_BASE
-static int bl32_cert_error;
-#endif
-
-/*
- * Load and authenticate the key and content certificates for a BL3-x image.
- * The _blob values identify the authentication objects (an object may be seen
- * as a single stage in the authentication process). See auth.h for the complete
- * list of objects. The _id values are passed to the IO framework to identify
- * the images to load.
- *
- * Parameters:
- *   key_cert_blob: key certificate blob id (see auth.h)
- *   key_cert_id: key certificate image identifier (for IO framework)
- *   cont_cert_blob: content certificate blob id (see auth.h)
- *   cont_cert_id: content certificate image identifier (for IO framework)
- *   mem_layout: Trusted SRAM memory layout
- *   load_addr: load the certificates at this address
- *
- * Return: 0 = success, Otherwise = error
- */
-static int load_cert_bl3x(unsigned int key_cert_blob, unsigned int key_cert_id,
-			  unsigned int cont_cert_blob, unsigned int cont_cert_id,
-			  meminfo_t *mem_layout, uint64_t load_addr)
-{
-	image_info_t image_info;
-	int err;
-
-	/* Load Key certificate */
-	image_info.h.version = VERSION_1;
-	err = load_image(mem_layout, key_cert_id, load_addr, &image_info, NULL);
-	if (err) {
-		ERROR("Cannot load key certificate id=%u\n", key_cert_id);
-		return err;
-	}
-
-	err = auth_verify_obj(key_cert_blob, image_info.image_base,
-			image_info.image_size);
-	if (err) {
-		ERROR("Invalid key certificate id=%u\n", key_cert_id);
-		return err;
-	}
-
-	/* Load Content certificate */
-	image_info.h.version = VERSION_1;
-	err = load_image(mem_layout, cont_cert_id, load_addr, &image_info, NULL);
-	if (err) {
-		ERROR("Cannot load content certificate id=%u\n",
-				cont_cert_id);
-		return err;
-	}
-
-	err = auth_verify_obj(cont_cert_blob, image_info.image_base,
-			image_info.image_size);
-	if (err) {
-		ERROR("Invalid content certificate id=%u\n", cont_cert_id);
-		return err;
-	}
-
-	return 0;
-}
-
-/*
- * Load and authenticate the Trusted Key certificate the key and content
- * certificates for each of the BL3-x images.
- *
- * Return: 0 = success, Otherwise = error
- */
-static int load_certs(void)
-{
-	const uint64_t load_addr = BL31_BASE;
-	image_info_t image_info;
-	meminfo_t *mem_layout;
-	int err;
-
-	/* Find out how much free trusted ram remains after BL2 load */
-	mem_layout = bl2_plat_sec_mem_layout();
-
-	/* Load the Trusted Key certificate in the BL31 region */
-	image_info.h.version = VERSION_1;
-	err = load_image(mem_layout, TRUSTED_KEY_CERT_ID, load_addr,
-			 &image_info, NULL);
-	if (err) {
-		ERROR("Failed to load Trusted Key certificate.\n");
-		return err;
-	}
-
-	/* Validate the certificate */
-	err = auth_verify_obj(AUTH_TRUSTED_KEY_CERT, image_info.image_base,
-			image_info.image_size);
-	if (err) {
-		ERROR("Invalid Trusted Key certificate.\n");
-		return err;
-	}
-
-	/* Load and validate Key and Content certificates for BL3-x images */
-#ifdef BL30_BASE
-	err = load_cert_bl3x(AUTH_BL30_KEY_CERT, BL30_KEY_CERT_ID,
-			     AUTH_BL30_IMG_CERT, BL30_CERT_ID,
-			     mem_layout, load_addr);
-	if (err) {
-		ERROR("Failed to verify BL3-0 authenticity\n");
-		return err;
-	}
-#endif /* BL30_BASE */
-
-	err = load_cert_bl3x(AUTH_BL31_KEY_CERT, BL31_KEY_CERT_ID,
-			     AUTH_BL31_IMG_CERT, BL31_CERT_ID,
-			     mem_layout, load_addr);
-	if (err) {
-		ERROR("Failed to verify BL3-1 authenticity\n");
-		return err;
-	}
-
-#ifdef BL32_BASE
-	/* BL3-2 image is optional, but keep the return value in case the
-	 * image is present but the certificate is missing */
-	err = load_cert_bl3x(AUTH_BL32_KEY_CERT, BL32_KEY_CERT_ID,
-			     AUTH_BL32_IMG_CERT, BL32_CERT_ID,
-			     mem_layout, load_addr);
-	if (err) {
-		WARN("Failed to verify BL3-2 authenticity\n");
-	}
-	bl32_cert_error = err;
-#endif /* BL32_BASE */
-
-	err = load_cert_bl3x(AUTH_BL33_KEY_CERT, BL33_KEY_CERT_ID,
-			     AUTH_BL33_IMG_CERT, BL33_CERT_ID,
-			     mem_layout, load_addr);
-	if (err) {
-		ERROR("Failed to verify BL3-3 authenticity\n");
-		return err;
-	}
-
-	return 0;
-}
-
-#endif /* TRUSTED_BOARD_BOOT */
-
 /*******************************************************************************
  * Load the BL3-0 image if there's one.
  * If a platform does not want to attempt to load BL3-0 image it must leave
@@ -205,34 +64,18 @@ static int load_bl30(void)
 	INFO("BL2: Loading BL3-0\n");
 	bl2_plat_get_bl30_meminfo(&bl30_mem_info);
 	bl30_image_info.h.version = VERSION_1;
-	e = load_image(&bl30_mem_info,
-		       BL30_IMAGE_ID,
-		       BL30_BASE,
-		       &bl30_image_info,
-		       NULL);
-
-	if (e)
-		return e;
-
-#if TRUSTED_BOARD_BOOT
-	e = auth_verify_obj(AUTH_BL30_IMG,
-			bl30_image_info.image_base,
-			bl30_image_info.image_size);
-	if (e) {
-		ERROR("Failed to authenticate BL3-0 image.\n");
-		return e;
-	}
-
-	/* After working with data, invalidate the data cache */
-	inv_dcache_range(bl30_image_info.image_base,
-			(size_t)bl30_image_info.image_size);
-#endif /* TRUSTED_BOARD_BOOT */
-
-	/* The subsequent handling of BL3-0 is platform specific */
-	e = bl2_plat_handle_bl30(&bl30_image_info);
-	if (e) {
-		ERROR("Failure in platform-specific handling of BL3-0 image.\n");
-		return e;
+	e = load_auth_image(&bl30_mem_info,
+			    BL30_IMAGE_ID,
+			    BL30_BASE,
+			    &bl30_image_info,
+			    NULL);
+
+	if (e == 0) {
+		/* The subsequent handling of BL3-0 is platform specific */
+		e = bl2_plat_handle_bl30(&bl30_image_info);
+		if (e) {
+			ERROR("Failure in platform-specific handling of BL3-0 image.\n");
+		}
 	}
 #endif /* BL30_BASE */
 
@@ -262,31 +105,17 @@ static int load_bl31(bl31_params_t *bl2_to_bl31_params,
 	bl31_ep_info->args.arg0 = (unsigned long)bl2_to_bl31_params;
 
 	/* Load the BL3-1 image */
-	e = load_image(bl2_tzram_layout,
-		       BL31_IMAGE_ID,
-		       BL31_BASE,
-		       bl2_to_bl31_params->bl31_image_info,
-		       bl31_ep_info);
-	if (e)
-		return e;
-
-#if TRUSTED_BOARD_BOOT
-	e = auth_verify_obj(AUTH_BL31_IMG,
-			    bl2_to_bl31_params->bl31_image_info->image_base,
-			    bl2_to_bl31_params->bl31_image_info->image_size);
-	if (e) {
-		ERROR("Failed to authenticate BL3-1 image.\n");
-		return e;
+	e = load_auth_image(bl2_tzram_layout,
+			    BL31_IMAGE_ID,
+			    BL31_BASE,
+			    bl2_to_bl31_params->bl31_image_info,
+			    bl31_ep_info);
+
+	if (e == 0) {
+		bl2_plat_set_bl31_ep_info(bl2_to_bl31_params->bl31_image_info,
+					  bl31_ep_info);
 	}
 
-	/* After working with data, invalidate the data cache */
-	inv_dcache_range(bl2_to_bl31_params->bl31_image_info->image_base,
-			(size_t)bl2_to_bl31_params->bl31_image_info->image_size);
-#endif /* TRUSTED_BOARD_BOOT */
-
-	bl2_plat_set_bl31_ep_info(bl2_to_bl31_params->bl31_image_info,
-				  bl31_ep_info);
-
 	return e;
 }
 
@@ -314,37 +143,17 @@ static int load_bl32(bl31_params_t *bl2_to_bl31_params)
 	 * completely different memory.
 	 */
 	bl2_plat_get_bl32_meminfo(&bl32_mem_info);
-	e = load_image(&bl32_mem_info,
-		       BL32_IMAGE_ID,
-		       BL32_BASE,
-		       bl2_to_bl31_params->bl32_image_info,
-		       bl2_to_bl31_params->bl32_ep_info);
-
-	if (e)
-		return e;
-
-#if TRUSTED_BOARD_BOOT
-	/* Image is present. Check if there is a valid certificate */
-	if (bl32_cert_error) {
-		ERROR("Failed to authenticate BL3-2 certificates.\n");
-		return bl32_cert_error;
-	}
-
-	e = auth_verify_obj(AUTH_BL32_IMG,
-			    bl2_to_bl31_params->bl32_image_info->image_base,
-			    bl2_to_bl31_params->bl32_image_info->image_size);
-	if (e) {
-		ERROR("Failed to authenticate BL3-2 image.\n");
-		return e;
+	e = load_auth_image(&bl32_mem_info,
+			    BL32_IMAGE_ID,
+			    BL32_BASE,
+			    bl2_to_bl31_params->bl32_image_info,
+			    bl2_to_bl31_params->bl32_ep_info);
+
+	if (e == 0) {
+		bl2_plat_set_bl32_ep_info(
+			bl2_to_bl31_params->bl32_image_info,
+			bl2_to_bl31_params->bl32_ep_info);
 	}
-	/* After working with data, invalidate the data cache */
-	inv_dcache_range(bl2_to_bl31_params->bl32_image_info->image_base,
-			(size_t)bl2_to_bl31_params->bl32_image_info->image_size);
-#endif /* TRUSTED_BOARD_BOOT */
-
-	bl2_plat_set_bl32_ep_info(
-		bl2_to_bl31_params->bl32_image_info,
-		bl2_to_bl31_params->bl32_ep_info);
 #endif /* BL32_BASE */
 
 	return e;
@@ -367,30 +176,16 @@ static int load_bl33(bl31_params_t *bl2_to_bl31_params)
 	bl2_plat_get_bl33_meminfo(&bl33_mem_info);
 
 	/* Load the BL3-3 image in non-secure memory provided by the platform */
-	e = load_image(&bl33_mem_info,
-		       BL33_IMAGE_ID,
-		       plat_get_ns_image_entrypoint(),
-		       bl2_to_bl31_params->bl33_image_info,
-		       bl2_to_bl31_params->bl33_ep_info);
-
-	if (e)
-		return e;
-
-#if TRUSTED_BOARD_BOOT
-	e = auth_verify_obj(AUTH_BL33_IMG,
-			    bl2_to_bl31_params->bl33_image_info->image_base,
-			    bl2_to_bl31_params->bl33_image_info->image_size);
-	if (e) {
-		ERROR("Failed to authenticate BL3-3 image.\n");
-		return e;
+	e = load_auth_image(&bl33_mem_info,
+			    BL33_IMAGE_ID,
+			    plat_get_ns_image_entrypoint(),
+			    bl2_to_bl31_params->bl33_image_info,
+			    bl2_to_bl31_params->bl33_ep_info);
+
+	if (e == 0) {
+		bl2_plat_set_bl33_ep_info(bl2_to_bl31_params->bl33_image_info,
+					  bl2_to_bl31_params->bl33_ep_info);
 	}
-	/* After working with data, invalidate the data cache */
-	inv_dcache_range(bl2_to_bl31_params->bl33_image_info->image_base,
-			(size_t)bl2_to_bl31_params->bl33_image_info->image_size);
-#endif /* TRUSTED_BOARD_BOOT */
-
-	bl2_plat_set_bl33_ep_info(bl2_to_bl31_params->bl33_image_info,
-				  bl2_to_bl31_params->bl33_ep_info);
 
 	return e;
 }
@@ -414,14 +209,7 @@ void bl2_main(void)
 
 #if TRUSTED_BOARD_BOOT
 	/* Initialize authentication module */
-	auth_init();
-
-	/* Validate the certificates involved in the Chain of Trust */
-	e = load_certs();
-	if (e) {
-		ERROR("Chain of Trust invalid. Aborting...\n");
-		panic();
-	}
+	auth_mod_init();
 #endif /* TRUSTED_BOARD_BOOT */
 
 	/*

common/auth.c

@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * Neither the name of ARM nor the names of its contributors may be used
- * to endorse or promote products derived from this software without specific
- * prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <assert.h>
-#include <auth.h>
-#include <debug.h>
-
-/*
- * Initialize the authentication module
- */
-void auth_init(void)
-{
-	assert(auth_mod.name);
-	assert(auth_mod.init);
-	assert(auth_mod.verify);
-
-	INFO("Using authentication module '%s'\n", auth_mod.name);
-	if (auth_mod.init() != 0)
-		assert(0);
-}
-
-/*
- * Authenticate a certificate/image
- *
- * Return: 0 = success, Otherwise = error
- */
-int auth_verify_obj(unsigned int obj_id, uintptr_t obj_buf, size_t len)
-{
-	assert(obj_id < AUTH_NUM_OBJ);
-	assert(obj_buf != 0);
-	assert(auth_mod.verify);
-
-	return auth_mod.verify(obj_id, obj_buf, len);
-}

common/bl_common.c

@@ -31,6 +31,7 @@
 #include <arch.h>
 #include <arch_helpers.h>
 #include <assert.h>
+#include <auth_mod.h>
 #include <bl_common.h>
 #include <debug.h>
 #include <errno.h>
@@ -209,7 +210,7 @@ unsigned long image_size(unsigned int image_id)
  ******************************************************************************/
 int load_image(meminfo_t *mem_layout,
 	       unsigned int image_id,
-	       uint64_t image_base,
+	       uintptr_t image_base,
 	       image_info_t *image_data,
 	       entry_point_info_t *entry_point_info)
 {
@@ -308,3 +309,54 @@ exit:
 
 	return io_result;
 }
+
+/*******************************************************************************
+ * Generic function to load and authenticate an image. The image is actually
+ * loaded by calling the 'load_image()' function. In addition, this function
+ * uses recursion to authenticate the parent images up to the root of trust.
+ ******************************************************************************/
+int load_auth_image(meminfo_t *mem_layout,
+		    unsigned int image_id,
+		    uintptr_t image_base,
+		    image_info_t *image_data,
+		    entry_point_info_t *entry_point_info)
+{
+	int rc;
+
+#if TRUSTED_BOARD_BOOT
+	unsigned int parent_id;
+
+	/* Use recursion to authenticate parent images */
+	rc = auth_mod_get_parent_id(image_id, &parent_id);
+	if (rc == 0) {
+		rc = load_auth_image(mem_layout, parent_id, image_base,
+				     image_data, NULL);
+		if (rc != IO_SUCCESS) {
+			return rc;
+		}
+	}
+#endif /* TRUSTED_BOARD_BOOT */
+
+	/* Load the image */
+	rc = load_image(mem_layout, image_id, image_base, image_data,
+			entry_point_info);
+	if (rc != IO_SUCCESS) {
+		return rc;
+	}
+
+#if TRUSTED_BOARD_BOOT
+	/* Authenticate it */
+	rc = auth_mod_verify_img(image_id,
+				 (void *)image_data->image_base,
+				 image_data->image_size);
+	if (rc != 0) {
+		return IO_FAIL;
+	}
+
+	/* After working with data, invalidate the data cache */
+	inv_dcache_range(image_data->image_base,
+			(size_t)image_data->image_size);
+#endif /* TRUSTED_BOARD_BOOT */
+
+	return IO_SUCCESS;
+}

docs/user-guide.md

@@ -265,16 +265,8 @@ performed.
 *   `TRUSTED_BOARD_BOOT`: Boolean flag to include support for the Trusted Board
     Boot feature. When set to '1', BL1 and BL2 images include support to load
     and verify the certificates and images in a FIP. The default value is '0'.
-    A successful build, when `TRUSTED_BOARD_BOOT=1`, depends upon the correct
-    initialization of the `AUTH_MOD` option. Generation and inclusion of
-    certificates in the FIP depends upon the value of the `GENERATE_COT` option.
-
-*   `AUTH_MOD`: This option is used when `TRUSTED_BOARD_BOOT=1`. It specifies
-    the name of the authentication module that will be used in the Trusted Board
-    Boot sequence. The module must be located in `common/auth/<module name>`
-    directory. The directory must contain a makefile `<module name>.mk` which
-    will be used to build the module. More information can be found in
-    [Trusted Board Boot]. The default module name is 'none'.
+    Generation and inclusion of certificates in the FIP depends upon the value
+    of the `GENERATE_COT` option.
 
 *   `GENERATE_COT`: Boolean flag used to build and execute the `cert_create`
     tool to create certificates as per the Chain of Trust described in

include/common/auth.h

@@ -1,88 +0,0 @@
-/*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- *
- * Neither the name of ARM nor the names of its contributors may be used
- * to endorse or promote products derived from this software without specific
- * prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef AUTH_H_
-#define AUTH_H_
-
-#include <stddef.h>
-#include <stdint.h>
-
-/*
- * Authentication infrastructure for Trusted Boot
- *
- * This infrastructure provides an API to access the authentication module. This
- * module will implement the required operations for Trusted Boot by creating an
- * instance of the structure 'auth_mod_t'. This instance must be called
- * 'auth_mod' and must provide the functions to initialize the module and
- * verify the authenticity of the images.
- */
-
-/* Objects (images and certificates) involved in the TBB process */
-enum {
-	AUTH_BL2_IMG_CERT,
-	AUTH_BL2_IMG,
-	AUTH_TRUSTED_KEY_CERT,
-	AUTH_BL30_KEY_CERT,
-	AUTH_BL30_IMG_CERT,
-	AUTH_BL30_IMG,
-	AUTH_BL31_KEY_CERT,
-	AUTH_BL31_IMG_CERT,
-	AUTH_BL31_IMG,
-	AUTH_BL32_KEY_CERT,
-	AUTH_BL32_IMG_CERT,
-	AUTH_BL32_IMG,
-	AUTH_BL33_KEY_CERT,
-	AUTH_BL33_IMG_CERT,
-	AUTH_BL33_IMG,
-	AUTH_NUM_OBJ
-};
-
-/* Authentication module structure */
-typedef struct auth_mod_s {
-	/* [mandatory] Module name. Printed to the log during initialization */
-	const char *name;
-
-	/* [mandatory] Initialize the authentication module */
-	int (*init)(void);
-
-	/* [mandatory] This function will be called to authenticate a new
-	 * object loaded into memory. The obj_id corresponds to one of the
-	 * values in the enumeration above */
-	int (*verify)(unsigned int obj_id, uintptr_t obj_buf, size_t len);
-} auth_mod_t;
-
-/* This variable must be instantiated by the authentication module */
-extern const auth_mod_t auth_mod;
-
-/* Public functions */
-void auth_init(void);
-int auth_verify_obj(unsigned int obj_id, uintptr_t obj_buf, size_t len);
-
-#endif /* AUTH_H_ */

include/common/bl_common.h

@@ -229,9 +229,14 @@ void change_security_state(unsigned int);
 unsigned long image_size(unsigned int image_id);
 int load_image(meminfo_t *mem_layout,
 	       unsigned int image_id,
-	       uint64_t image_base,
+	       uintptr_t image_base,
 	       image_info_t *image_data,
 	       entry_point_info_t *entry_point_info);
+int load_auth_image(meminfo_t *mem_layout,
+		    unsigned int image_name,
+		    uintptr_t image_base,
+		    image_info_t *image_data,
+		    entry_point_info_t *entry_point_info);
 extern const char build_message[];
 extern const char version_string[];
 

include/plat/arm/common/arm_def.h

@@ -201,7 +201,7 @@
 #if TRUSTED_BOARD_BOOT
 #define BL1_RW_BASE			(ARM_BL_RAM_BASE +		\
 						ARM_BL_RAM_SIZE -	\
-						0x8000)
+						0x9000)
 #else
 #define BL1_RW_BASE			(ARM_BL_RAM_BASE +		\
 						ARM_BL_RAM_SIZE -	\
@@ -217,7 +217,7 @@
  * size plus a little space for growth.
  */
 #if TRUSTED_BOARD_BOOT
-#define BL2_BASE			(BL31_BASE - 0x1C000)
+#define BL2_BASE			(BL31_BASE - 0x1D000)
 #else
 #define BL2_BASE			(BL31_BASE - 0xC000)
 #endif

plat/arm/board/juno/platform.mk

@@ -40,7 +40,6 @@ BL2_SOURCES		+=	plat/arm/board/juno/juno_security.c	\
 BL31_SOURCES		+=	lib/cpus/aarch64/cortex_a53.S		\
 				lib/cpus/aarch64/cortex_a57.S
 
-
 # Enable workarounds for selected Cortex-A57 erratas.
 ERRATA_A57_806969	:=	0
 ERRATA_A57_813420	:=	1
@@ -53,3 +52,7 @@ include plat/arm/board/common/board_css.mk
 include plat/arm/common/arm_common.mk
 include plat/arm/soc/common/soc_css.mk
 include plat/arm/css/common/css_common.mk
+
+ifeq (${KEY_ALG},ecdsa)
+    $(error "ECDSA key algorithm is not fully supported on Juno.")
+endif

plat/arm/common/arm_common.mk

@@ -84,3 +84,31 @@ BL31_SOURCES		+=	drivers/arm/cci/cci.c				\
 				plat/arm/common/arm_topology.c			\
 				plat/common/plat_gic.c				\
 				plat/common/aarch64/platform_mp_stack.S
+
+ifneq (${TRUSTED_BOARD_BOOT},0)
+
+    # By default, ARM platforms use RSA keys
+    KEY_ALG		:=	rsa
+
+    # Include common TBB sources
+    AUTH_SOURCES	:=	drivers/auth/auth_mod.c				\
+    				drivers/auth/crypto_mod.c			\
+    				drivers/auth/img_parser_mod.c			\
+    				drivers/auth/tbbr/tbbr_cot.c			\
+
+    BL1_SOURCES		+=	${AUTH_SOURCES}
+    BL2_SOURCES		+=	${AUTH_SOURCES}
+
+    MBEDTLS_KEY_ALG	:=	${KEY_ALG}
+
+    # We expect to locate the *.mk files under the directories specified below
+    CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
+    IMG_PARSER_LIB_MK := drivers/auth/mbedtls/mbedtls_x509.mk
+
+    $(info Including ${CRYPTO_LIB_MK})
+    include ${CRYPTO_LIB_MK}
+
+    $(info Including ${IMG_PARSER_LIB_MK})
+    include ${IMG_PARSER_LIB_MK}
+
+endif