feat(tc): get the parent component provided DPE context_handle

Each client who wants to communicate with the DPE service must own a valid context handle issued by the DPE service. A context handle can be used for a single time then it will be invalidated by the DPE service. In case of calls from the same component, the next valid context handle is returned in the response to a DPE command. When a component finishes their job then the next component in the boot flow inherits its first context handle from its parent. How the inheritance is done can be client or platform-dependent. It can be shared through shared memory or be part of a DTB object passed to the next bootloader stage. Signed-off-by: Tamas Ban <tamas.ban@arm.com> Signed-off-by: David Vincze <david.vincze@arm.com> Change-Id: Ic82f074f1c5b15953e78f9fa5404ed7f48674cbb
1 year ago · 467bdf26b6
5 changed files with 78 additions and 2 deletions
--- a/drivers/measured_boot/rss/dice_prot_env.c
+++ b/drivers/measured_boot/rss/dice_prot_env.c
@ -67,7 +67,7 @@ void dpe_init(struct dpe_metadata *metadata)
 		metadata++;
 	}
-	/* TODO: Obtain ctx handle and assign it to initial_context_handle */
+	plat_dpe_get_context_handle(&initial_context_handle);
 }
 int dpe_measure_and_record(struct dpe_metadata *metadata,
--- a/include/drivers/measured_boot/rss/dice_prot_env.h
+++ b/include/drivers/measured_boot/rss/dice_prot_env.h
@ -43,5 +43,6 @@ int dpe_set_signer_id(struct dpe_metadata *metadata,
 * How to share context handle is platform specific.
 */
 void plat_dpe_share_context_handle(int *ctx_handle);
 void plat_dpe_get_context_handle(int *ctx_handle);
 #endif /* DICE_PROT_ENV_H */
--- a/plat/arm/board/tc/platform.mk
+++ b/plat/arm/board/tc/platform.mk
@ -193,7 +193,10 @@ ifeq (${MEASURED_BOOT},1)
 				${DPE_SOURCES} \
 				plat/arm/board/tc/tc_common_dpe.c \
 				plat/arm/board/tc/tc_bl1_dpe.c \
-				lib/psa/dice_protection_environment.c
+				lib/psa/dice_protection_environment.c \
 				drivers/arm/css/sds/sds.c \
 				drivers/delay_timer/delay_timer.c \
 				drivers/delay_timer/generic_delay_timer.c
 	BL2_SOURCES	+=	${QCBOR_SOURCES} \
 				${DPE_SOURCES} \
--- a/plat/arm/board/tc/tc_bl1_dpe.c
+++ b/plat/arm/board/tc/tc_bl1_dpe.c
@ -7,7 +7,10 @@
 #include <stdint.h>
 #include <common/debug.h>
 #include <drivers/arm/css/sds.h>
 #include <drivers/arm/rss_comms.h>
 #include <drivers/delay_timer.h>
 #include <drivers/generic_delay_timer.h>
 #include <drivers/measured_boot/metadata.h>
 #include <drivers/measured_boot/rss/dice_prot_env.h>
 #include <plat/arm/common/plat_arm.h>
@ -44,6 +47,10 @@ struct dpe_metadata tc_dpe_metadata[] = {
 		.id = DPE_INVALID_ID }
 };
 /* Effective timeout of 10000 ms */
 #define RSS_DPE_BOOT_10US_RETRIES		1000000
 #define TC2_SDS_DPE_CTX_HANDLE_STRUCT_ID	0x0000000A
 /* Context handle is meant to be used by BL2. Sharing it via TB_FW_CONFIG */
 static int new_ctx_handle;
@ -52,6 +59,53 @@ void plat_dpe_share_context_handle(int *ctx_handle)
 	new_ctx_handle = *ctx_handle;
 }
 void plat_dpe_get_context_handle(int *ctx_handle)
 {
 	int retry = RSS_DPE_BOOT_10US_RETRIES;
 	int ret;
 	/* Initialize System level generic or SP804 timer */
 	generic_delay_timer_init();
 	/* Check the initialization of the Shared Data Storage area between RSS
 	 * and AP. Since AP_BL1 is executed first then a bit later the RSS
 	 * runtime, which initialize this area, therefore AP needs to check it
 	 * in a loop until it gets written by RSS Secure Runtime.
 	 */
 	VERBOSE("Waiting for DPE service initialization in RSS Secure Runtime\n");
 	while (retry > 0) {
 		ret = sds_init(SDS_RSS_AP_REGION_ID);
 		if (ret != SDS_OK) {
 			udelay(10);
 			retry--;
 		} else {
 			break;
 		}
 	}
 	if (retry == 0) {
 		ERROR("DPE init timeout\n");
 		plat_panic_handler();
 	} else {
 		VERBOSE("DPE init succeeded in %dms.\n",
 			(RSS_DPE_BOOT_10US_RETRIES - retry) / 100);
 	}
 	/* TODO: call this in a loop to avoid reading unfinished data */
 	ret = sds_struct_read(SDS_RSS_AP_REGION_ID,
 			      TC2_SDS_DPE_CTX_HANDLE_STRUCT_ID,
 			      0,
 			      ctx_handle,
 			      sizeof(*ctx_handle),
 			      SDS_ACCESS_MODE_NON_CACHED);
 	if (ret != SDS_OK) {
 		ERROR("Unable to get DPE context handle from SDS area\n");
 		plat_panic_handler();
 	}
 	VERBOSE("Received DPE context handle: 0x%x\n", *ctx_handle);
 }
 void bl1_plat_mboot_init(void)
 {
 	/* Initialize the communication channel between AP and RSS */
--- a/plat/arm/board/tc/tc_bl2_dpe.c
+++ b/plat/arm/board/tc/tc_bl2_dpe.c
@ -173,6 +173,24 @@ void plat_dpe_share_context_handle(int *ctx_handle)
 	new_ctx_handle = *ctx_handle;
 }
 void plat_dpe_get_context_handle(int *ctx_handle)
 {
 	int rc;
 	rc = arm_get_tb_fw_info(ctx_handle);
 	if (rc != 0) {
 		ERROR("Unable to get DPE context handle from TB_FW_CONFIG\n");
 		/*
 		 * It is a fatal error because on FVP platform, BL2 software
 		 * assumes that a valid DPE context_handle is passed through
 		 * the DTB object by BL1.
 		 */
 		plat_panic_handler();
 	}
 	VERBOSE("Received DPE context handle: 0x%x\n", *ctx_handle);
 }
 void bl2_plat_mboot_init(void)
 {
 	/* Initialize the communication channel between AP and RSS */