Merge changes I072fe5fe,I4066d476,Ie4af38b8,I730e7b04,Iac3356f8, ... into integration

* changes: fix(psa): extend measured boot logging fix(rss): determine the size of sw_type in RSS mboot metadata fix(psa): align with original API in tf-m-extras fix(rss): clear the message buffer feat(tc): enable RSS backend based measured boot feat(tc): increase maximum BL1/BL2/BL31 sizes
2 years ago · 402d2316c8
9 changed files with 210 additions and 25 deletions
--- a/drivers/arm/rss/rss_comms.c
+++ b/drivers/arm/rss/rss_comms.c
@ -142,6 +142,9 @@ psa_status_t psa_call(psa_handle_t handle, int32_t type, const psa_invec *in_vec
 		VERBOSE("out_vec[%lu].buf=%p\n", idx, (void *)out_vec[idx].base);
 	}

+	/* Clear the MHU message buffer to remove assets from memory */
+	memset(&io_buf, 0x0, sizeof(io_buf));
+
 	seq_num++;

 	return return_val;
--- a/drivers/measured_boot/rss/rss_measured_boot.c
+++ b/drivers/measured_boot/rss/rss_measured_boot.c
@ -41,10 +41,21 @@ void rss_measured_boot_init(void)
 	/* At this point it is expected that communication channel over MHU
 	 * is already initialised by platform init.
 	 */
+	struct rss_mboot_metadata *metadata_ptr;

 	/* Get pointer to platform's struct rss_mboot_metadata structure */
 	plat_metadata_ptr = plat_rss_mboot_get_metadata();
 	assert(plat_metadata_ptr != NULL);
+
+	/* Use a local variable to preserve the value of the global pointer */
+	metadata_ptr = plat_metadata_ptr;
+
+	/* Init the non-const members of the metadata structure */
+	while (metadata_ptr->id != RSS_MBOOT_INVALID_ID) {
+		metadata_ptr->sw_type_size =
+			strlen((const char *)&metadata_ptr->sw_type) + 1;
+		metadata_ptr++;
+	}
 }

 int rss_mboot_measure_and_record(uintptr_t data_base, uint32_t data_size,
--- a/lib/psa/measured_boot.c
+++ b/lib/psa/measured_boot.c
@ -39,8 +39,10 @@ static void log_measurement(uint8_t index,
 			    const uint8_t *signer_id,
 			    size_t signer_id_size,
 			    const uint8_t *version,     /* string */
-			    uint32_t measurement_algo,
+			    size_t version_size,
 			    const uint8_t *sw_type,     /* string */
+			    size_t sw_type_size,
+			    uint32_t measurement_algo,
 			    const uint8_t *measurement_value,
 			    size_t measurement_value_size,
 			    bool lock_measurement)
@ -49,9 +51,11 @@ static void log_measurement(uint8_t index,
 	INFO(" - slot        : %u\n", index);
 	INFO(" - signer_id   :");
 	print_byte_array(signer_id, signer_id_size);
-	INFO(" - version     : %s\n", version);
+	INFO(" - version     : %s\n",  version);
+	INFO(" - version_size: %zu\n", version_size);
+	INFO(" - sw_type     : %s\n",  sw_type);
+	INFO(" - sw_type_size: %zu\n", sw_type_size);
 	INFO(" - algorithm   : %x\n", measurement_algo);
-	INFO(" - sw_type     : %s\n", sw_type);
 	INFO(" - measurement :");
 	print_byte_array(measurement_value, measurement_value_size);
 	INFO(" - locking     : %s\n", lock_measurement ? "true" : "false");
@ -87,18 +91,17 @@ rss_measured_boot_extend_measurement(uint8_t index,
 		{.base = measurement_value, .len = measurement_value_size}
 	};

-	uint32_t sw_type_size_limited;
-
 	if (sw_type != NULL) {
-		sw_type_size_limited = (sw_type_size < SW_TYPE_MAX_SIZE) ?
-					sw_type_size : SW_TYPE_MAX_SIZE;
-		memcpy(extend_iov.sw_type, sw_type, sw_type_size_limited);
+		if (sw_type_size > SW_TYPE_MAX_SIZE) {
+			return PSA_ERROR_INVALID_ARGUMENT;
+		}
+		memcpy(extend_iov.sw_type, sw_type, sw_type_size);
 	}

 	log_measurement(index, signer_id, signer_id_size,
-			version, measurement_algo, sw_type,
-			measurement_value, measurement_value_size,
-			lock_measurement);
+			version, version_size, sw_type, sw_type_size,
+			measurement_algo, measurement_value,
+			measurement_value_size, lock_measurement);

 	return psa_call(RSS_MEASURED_BOOT_HANDLE,
 			RSS_MEASURED_BOOT_EXTEND,
@ -122,9 +125,9 @@ rss_measured_boot_extend_measurement(uint8_t index,
 				     bool lock_measurement)
 {
 	log_measurement(index, signer_id, signer_id_size,
-			version, measurement_algo, sw_type,
-			measurement_value, measurement_value_size,
-			lock_measurement);
+			version, version_size, sw_type, sw_type_size,
+			measurement_algo, measurement_value,
+			measurement_value_size, lock_measurement);

 	return PSA_SUCCESS;
 }
--- a/plat/arm/board/tc/include/platform_def.h
+++ b/plat/arm/board/tc/include/platform_def.h
@ -101,7 +101,7 @@
 * PLAT_ARM_MAX_BL1_RW_SIZE is calculated using the current BL1 RW debug size
 * plus a little space for growth.
 */
-#define PLAT_ARM_MAX_BL1_RW_SIZE	0xC000
+#define PLAT_ARM_MAX_BL1_RW_SIZE	0xD000

 /*
 * PLAT_ARM_MAX_ROMLIB_RW_SIZE is define to use a full page
@ -117,20 +117,19 @@

 /*
 * PLAT_ARM_MAX_BL2_SIZE is calculated using the current BL2 debug size plus a
- * little space for growth.
+ * little space for growth. Current size is considering that TRUSTED_BOARD_BOOT
+ * and MEASURED_BOOT is enabled.
 */
-#if TRUSTED_BOARD_BOOT
-# define PLAT_ARM_MAX_BL2_SIZE		0x20000
-#else
-# define PLAT_ARM_MAX_BL2_SIZE		0x14000
-#endif
+# define PLAT_ARM_MAX_BL2_SIZE		0x26000
+

 /*
 * Since BL31 NOBITS overlays BL2 and BL1-RW, PLAT_ARM_MAX_BL31_SIZE is
 * calculated using the current BL31 PROGBITS debug size plus the sizes of
- * BL2 and BL1-RW
+ * BL2 and BL1-RW. Current size is considering that TRUSTED_BOARD_BOOT and
+ * MEASURED_BOOT is enabled.
 */
-#define PLAT_ARM_MAX_BL31_SIZE		0x3F000
+#define PLAT_ARM_MAX_BL31_SIZE		0x47000

 /*
 * Size of cacheable stacks
--- a/plat/arm/board/tc/platform.mk
+++ b/plat/arm/board/tc/platform.mk
@ -94,7 +94,6 @@ BL1_SOURCES		+=	${INTERCONNECT_SOURCES}	\
 				${TC_BASE}/tc_err.c	\
 				drivers/arm/sbsa/sbsa.c

-
 BL2_SOURCES		+=	${TC_BASE}/tc_security.c	\
 				${TC_BASE}/tc_err.c		\
 				${TC_BASE}/tc_trusted_boot.c		\
@ -162,6 +161,32 @@ override ENABLE_AMU_FCONF := 1
 override ENABLE_MPMM := 1
 override ENABLE_MPMM_FCONF := 1

+# Include Measured Boot makefile before any Crypto library makefile.
+# Crypto library makefile may need default definitions of Measured Boot build
+# flags present in Measured Boot makefile.
+ifeq (${MEASURED_BOOT},1)
+    MEASURED_BOOT_MK := drivers/measured_boot/rss/rss_measured_boot.mk
+    $(info Including ${MEASURED_BOOT_MK})
+    include ${MEASURED_BOOT_MK}
+    $(info Including rss_comms.mk)
+    include drivers/arm/rss/rss_comms.mk
+
+    BL1_SOURCES		+=	${MEASURED_BOOT_SOURCES} \
+				plat/arm/board/tc/tc_common_measured_boot.c \
+				plat/arm/board/tc/tc_bl1_measured_boot.c \
+				lib/psa/measured_boot.c			 \
+				${RSS_COMMS_SOURCES}
+
+    BL2_SOURCES		+=	${MEASURED_BOOT_SOURCES} \
+				plat/arm/board/tc/tc_common_measured_boot.c \
+				plat/arm/board/tc/tc_bl2_measured_boot.c \
+				lib/psa/measured_boot.c			 \
+				${RSS_COMMS_SOURCES}
+
+PLAT_INCLUDES		+=	-Iinclude/lib/psa
+
+endif
+
 include plat/arm/common/arm_common.mk
 include plat/arm/css/common/css_common.mk
 include plat/arm/soc/common/soc_css.mk
--- a/plat/arm/board/tc/tc_bl1_measured_boot.c
+++ b/plat/arm/board/tc/tc_bl1_measured_boot.c
@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stdint.h>
+
+#include <drivers/arm/rss_comms.h>
+#include <drivers/measured_boot/rss/rss_measured_boot.h>
+#include <lib/psa/measured_boot.h>
+
+#include <plat/arm/common/plat_arm.h>
+#include <platform_def.h>
+
+/* Table with platform specific image IDs and metadata. Intentionally not a
+ * const struct, some members might set by bootloaders during trusted boot.
+ */
+struct rss_mboot_metadata tc_rss_mboot_metadata[] = {
+	{
+		.id = FW_CONFIG_ID,
+		.slot = U(6),
+		.signer_id_size = SIGNER_ID_MIN_SIZE,
+		.sw_type = RSS_MBOOT_FW_CONFIG_STRING,
+		.lock_measurement = true },
+	{
+		.id = TB_FW_CONFIG_ID,
+		.slot = U(7),
+		.signer_id_size = SIGNER_ID_MIN_SIZE,
+		.sw_type = RSS_MBOOT_TB_FW_CONFIG_STRING,
+		.lock_measurement = true },
+	{
+		.id = BL2_IMAGE_ID,
+		.slot = U(8),
+		.signer_id_size = SIGNER_ID_MIN_SIZE,
+		.sw_type = RSS_MBOOT_BL2_STRING,
+		.lock_measurement = true },
+
+	{
+		.id = RSS_MBOOT_INVALID_ID }
+};
+
+void bl1_plat_mboot_init(void)
+{
+	/* Initialize the communication channel between AP and RSS */
+	(void)rss_comms_init(PLAT_RSS_AP_SND_MHU_BASE,
+			     PLAT_RSS_AP_RCV_MHU_BASE);
+
+	rss_measured_boot_init();
+}
+
+void bl1_plat_mboot_finish(void)
+{
+	/* Nothing to do. */
+}
--- a/plat/arm/board/tc/tc_bl2_measured_boot.c
+++ b/plat/arm/board/tc/tc_bl2_measured_boot.c
@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stdint.h>
+
+#include <drivers/arm/rss_comms.h>
+#include <drivers/measured_boot/rss/rss_measured_boot.h>
+#include <lib/psa/measured_boot.h>
+
+#include <plat/common/common_def.h>
+#include <platform_def.h>
+
+/* TC specific table with image IDs and metadata. Intentionally not a
+ * const struct, some members might set by bootloaders during trusted boot.
+ */
+struct rss_mboot_metadata tc_rss_mboot_metadata[] = {
+	{
+		.id = BL31_IMAGE_ID,
+		.slot = U(9),
+		.signer_id_size = SIGNER_ID_MIN_SIZE,
+		.sw_type = RSS_MBOOT_BL31_STRING,
+		.lock_measurement = true },
+	{
+		.id = HW_CONFIG_ID,
+		.slot = U(10),
+		.signer_id_size = SIGNER_ID_MIN_SIZE,
+		.sw_type = RSS_MBOOT_HW_CONFIG_STRING,
+		.lock_measurement = true },
+	{
+		.id = SOC_FW_CONFIG_ID,
+		.slot = U(11),
+		.signer_id_size = SIGNER_ID_MIN_SIZE,
+		.sw_type = RSS_MBOOT_SOC_FW_CONFIG_STRING,
+		.lock_measurement = true },
+	{
+		.id = RSS_MBOOT_INVALID_ID }
+};
+
+void bl2_plat_mboot_init(void)
+{
+	/* Initialize the communication channel between AP and RSS */
+	(void)rss_comms_init(PLAT_RSS_AP_SND_MHU_BASE,
+			     PLAT_RSS_AP_RCV_MHU_BASE);
+
+	rss_measured_boot_init();
+}
+
+void bl2_plat_mboot_finish(void)
+{
+	/* Nothing to do. */
+}
--- a/plat/arm/board/tc/tc_common_measured_boot.c
+++ b/plat/arm/board/tc/tc_common_measured_boot.c
@ -0,0 +1,35 @@
+
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <stdint.h>
+
+#include <common/desc_image_load.h>
+#include <drivers/measured_boot/rss/rss_measured_boot.h>
+
+extern struct rss_mboot_metadata tc_rss_mboot_metadata[];
+
+struct rss_mboot_metadata *plat_rss_mboot_get_metadata(void)
+{
+	return tc_rss_mboot_metadata;
+}
+
+int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data)
+{
+	int err;
+
+	/* Calculate image hash and record data in RSS */
+	err = rss_mboot_measure_and_record(image_data->image_base,
+					   image_data->image_size,
+					   image_id);
+	if (err != 0) {
+		ERROR("%s%s image id %u (%i)\n",
+		      "Failed to ", "record in RSS", image_id, err);
+	}
+
+	return err;
+}
--- a/plat/arm/board/tc/tc_plat.c
+++ b/plat/arm/board/tc/tc_plat.c
@ -135,7 +135,7 @@ const struct spm_mm_boot_info *plat_get_secure_partition_boot_info(
 }
 #endif /* SPM_MM && defined(IMAGE_BL31) */

-#if TRUSTED_BOARD_BOOT
+#if TRUSTED_BOARD_BOOT || MEASURED_BOOT
 int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size)
 {
 	assert(heap_addr != NULL);