diff --git a/docs/design_documents/measured_boot.rst b/docs/design_documents/measured_boot.rst index 8130d7d7b..c4e521355 100644 --- a/docs/design_documents/measured_boot.rst +++ b/docs/design_documents/measured_boot.rst @@ -204,6 +204,28 @@ Responsibilities of these platform interfaces are - In FVP, Non volatile counters get measured and recorded as Critical data using the backend via this interface. +#. **Function : plat_mboot_measure_key()** + + .. code-block:: c + + int plat_mboot_measure_key(const void *pk_oid, const void *pk_ptr, + size_t pk_len); + + - This function is used by the platform to measure the passed key and + publicise it using any of the supported backends. + - The authentication module within the trusted boot framework calls this + function for every ROTPK involved in verifying the signature of a root + certificate and for every subsidiary key that gets extracted from a key + certificate for later authentication of a content certificate. + - A cookie, passed as the first argument, serves as a key-OID pointer + associated with the public key data, passed as the second argument. + - Public key data size is passed as the third argument to this function. + - This function must return 0 on success, a signed integer error code + otherwise. + - In FVP platform, this function is used to calculate the hash of the given + key and forward this hash to RSS alongside the measurement of the image + which the key signs. + -------------- *Copyright (c) 2023, Arm Limited. All rights reserved.* diff --git a/docs/design_documents/rss.rst b/docs/design_documents/rss.rst index 2be806795..2ad2ee72f 100644 --- a/docs/design_documents/rss.rst +++ b/docs/design_documents/rss.rst @@ -262,7 +262,8 @@ The following metadata can be stored alongside the measurement: - ``SW type``: Optional. Short text description (e.g.: BL1, BL2, BL31, etc.) .. Note:: - Signer-id and version info is not implemented in TF-A yet. + Version info is not implemented in TF-A yet. + The caller must specify in which measurement slot to extend a certain measurement and metadata. A measurement slot can be extended by multiple @@ -321,9 +322,38 @@ structure is defined in size_t version_size; uint8_t sw_type[SW_TYPE_MAX_SIZE]; size_t sw_type_size; + void *pk_oid; bool lock_measurement; }; +Signer-ID API +^^^^^^^^^^^^^ + +This function calculates the hash of a public key (signer-ID) using the +``Measurement algorithm`` and stores it in the ``rss_mboot_metadata`` field +named ``signer_id``. +Prior to calling this function, the caller must ensure that the ``signer_id`` +field points to the zero-filled buffer. + +Defined here: + +- ``include/drivers/measured_boot/rss/rss_measured_boot.h`` + +.. code-block:: c + + int rss_mboot_set_signer_id(struct rss_mboot_metadata *metadata_ptr, + const void *pk_oid, + const void *pk_ptr, + size_t pk_len) + + +- First parameter is the pointer to the ``rss_mboot_metadata`` structure. +- Second parameter is the pointer to the key-OID of the public key. +- Third parameter is the pointer to the public key buffer. +- Fourth parameter is the size of public key buffer. +- This function returns 0 on success, a signed integer error code + otherwise. + Build time config options ^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -361,8 +391,8 @@ Sample console log INFO: Image id=24 loaded: 0x4001300 - 0x400153a INFO: Measured boot extend measurement: INFO: - slot : 7 - INFO: - signer_id : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - INFO: : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + INFO: - signer_id : b0 f3 82 09 12 97 d8 3a 37 7a 72 47 1b ec 32 73 + INFO: : e9 92 32 e2 49 59 f6 5e 8b 4a 4a 46 d8 22 9a da INFO: - version : INFO: - version_size: 0 INFO: - sw_type : TB_FW_CONFIG @@ -377,8 +407,8 @@ Sample console log INFO: Image id=1 loaded: 0x404d000 - 0x406412a INFO: Measured boot extend measurement: INFO: - slot : 8 - INFO: - signer_id : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - INFO: : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + INFO: - signer_id : b0 f3 82 09 12 97 d8 3a 37 7a 72 47 1b ec 32 73 + INFO: : e9 92 32 e2 49 59 f6 5e 8b 4a 4a 46 d8 22 9a da INFO: - version : INFO: - version_size: 0 INFO: - sw_type : BL_2 @@ -483,31 +513,31 @@ Binary format: INFO: a2 6a df 34 c3 29 48 9a dc 38 04 67 31 2e 35 2e INFO: 30 2b 30 01 60 02 58 20 b8 01 65 a7 78 8b c6 59 INFO: 42 8d 33 10 85 d1 49 0a dc 9e c3 ee df 85 1b d2 - INFO: f0 73 73 6a 0c 07 11 b8 a4 05 58 20 00 00 00 00 - INFO: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - INFO: 00 00 00 00 00 00 00 00 00 00 00 00 04 60 01 6a + INFO: f0 73 73 6a 0c 07 11 b8 a4 05 58 20 b0 f3 82 09 + INFO: 12 97 d8 3a 37 7a 72 47 1b ec 32 73 e9 92 32 e2 + INFO: 49 59 f6 5e 8b 4a 4a 46 d8 22 9a da 04 60 01 6a INFO: 46 57 5f 43 4f 4e 46 49 47 00 02 58 20 21 9e a0 INFO: 13 82 e6 d7 97 5a 11 13 a3 5f 45 39 68 b1 d9 a3 INFO: ea 6a ab 84 23 3b 8c 06 16 98 20 ba b9 a4 05 58 - INFO: 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - INFO: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - INFO: 00 04 60 01 6d 54 42 5f 46 57 5f 43 4f 4e 46 49 + INFO: 20 b0 f3 82 09 12 97 d8 3a 37 7a 72 47 1b ec 32 + INFO: 73 e9 92 32 e2 49 59 f6 5e 8b 4a 4a 46 d8 22 9a + INFO: da 04 60 01 6d 54 42 5f 46 57 5f 43 4f 4e 46 49 INFO: 47 00 02 58 20 41 39 f6 c2 10 84 53 c5 17 ae 9a INFO: e5 be c1 20 7b cc 24 24 f3 9d 20 a8 fb c7 b3 10 - INFO: e3 ee af 1b 05 a4 05 58 20 00 00 00 00 00 00 00 - INFO: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - INFO: 00 00 00 00 00 00 00 00 00 04 60 01 65 42 4c 5f + INFO: e3 ee af 1b 05 a4 05 58 20 b0 f3 82 09 12 97 d8 + INFO: 3a 37 7a 72 47 1b ec 32 73 e9 92 32 e2 49 59 f6 + INFO: 5e 8b 4a 4a 46 d8 22 9a da 04 60 01 65 42 4c 5f INFO: 32 00 02 58 20 5c 96 20 e1 e3 3b 0f 2c eb c1 8e INFO: 1a 02 a6 65 86 dd 34 97 a7 4c 98 13 bf 74 14 45 - INFO: 2d 30 28 05 c3 a4 05 58 20 00 00 00 00 00 00 00 - INFO: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - INFO: 00 00 00 00 00 00 00 00 00 04 60 01 6e 53 45 43 + INFO: 2d 30 28 05 c3 a4 05 58 20 b0 f3 82 09 12 97 d8 + INFO: 3a 37 7a 72 47 1b ec 32 73 e9 92 32 e2 49 59 f6 + INFO: 5e 8b 4a 4a 46 d8 22 9a da 04 60 01 6e 53 45 43 INFO: 55 52 45 5f 52 54 5f 45 4c 33 00 02 58 20 f6 fb INFO: 62 99 a5 0c df db 02 0b 72 5b 1c 0b 63 6e 94 ee INFO: 66 50 56 3a 29 9c cb 38 f0 ec 59 99 d4 2e a4 05 - INFO: 58 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - INFO: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - INFO: 00 00 04 60 01 6a 48 57 5f 43 4f 4e 46 49 47 00 + INFO: 58 20 b0 f3 82 09 12 97 d8 3a 37 7a 72 47 1b ec + INFO: 32 73 e9 92 32 e2 49 59 f6 5e 8b 4a 4a 46 d8 22 + INFO: 9a da 04 60 01 6a 48 57 5f 43 4f 4e 46 49 47 00 INFO: 02 58 20 98 5d 87 21 84 06 33 9d c3 1f 91 f5 68 INFO: 8d a0 5a f0 d7 7e 20 51 ce 3b f2 a5 c3 05 2e 3c INFO: 8b 52 31 19 01 09 78 1c 68 74 74 70 3a 2f 2f 61 @@ -559,31 +589,31 @@ JSON format: "MEASUREMENT_VALUE": "b'B80165A7788BC659428D331085D1490ADC9EC3EEDF851BD2F073736A0C0711B8'" }, { - "SIGNER_ID": "b'0000000000000000000000000000000000000000000000000000000000000000'", + "SIGNER_ID": "b'b0f382091297d83a377a72471bec3273e99232e24959f65e8b4a4a46d8229ada'", "SW_COMPONENT_VERSION": "", "SW_COMPONENT_TYPE": "FW_CONFIG\u0000", "MEASUREMENT_VALUE": "b'219EA01382E6D7975A1113A35F453968B1D9A3EA6AAB84233B8C06169820BAB9'" }, { - "SIGNER_ID": "b'0000000000000000000000000000000000000000000000000000000000000000'", + "SIGNER_ID": "b'b0f382091297d83a377a72471bec3273e99232e24959f65e8b4a4a46d8229ada'", "SW_COMPONENT_VERSION": "", "SW_COMPONENT_TYPE": "TB_FW_CONFIG\u0000", "MEASUREMENT_VALUE": "b'4139F6C2108453C517AE9AE5BEC1207BCC2424F39D20A8FBC7B310E3EEAF1B05'" }, { - "SIGNER_ID": "b'0000000000000000000000000000000000000000000000000000000000000000'", + "SIGNER_ID": "b'b0f382091297d83a377a72471bec3273e99232e24959f65e8b4a4a46d8229ada'", "SW_COMPONENT_VERSION": "", "SW_COMPONENT_TYPE": "BL_2\u0000", "MEASUREMENT_VALUE": "b'5C9620E1E33B0F2CEBC18E1A02A66586DD3497A74C9813BF7414452D302805C3'" }, { - "SIGNER_ID": "b'0000000000000000000000000000000000000000000000000000000000000000'", + "SIGNER_ID": "b'b0f382091297d83a377a72471bec3273e99232e24959f65e8b4a4a46d8229ada'", "SW_COMPONENT_VERSION": "", "SW_COMPONENT_TYPE": "SECURE_RT_EL3\u0000", "MEASUREMENT_VALUE": "b'F6FB6299A50CDFDB020B725B1C0B636E94EE6650563A299CCB38F0EC5999D42E'" }, { - "SIGNER_ID": "b'0000000000000000000000000000000000000000000000000000000000000000'", + "SIGNER_ID": "b'b0f382091297d83a377a72471bec3273e99232e24959f65e8b4a4a46d8229ada'", "SW_COMPONENT_VERSION": "", "SW_COMPONENT_TYPE": "HW_CONFIG\u0000", "MEASUREMENT_VALUE": "b'985D87218406339DC31F91F5688DA05AF0D77E2051CE3BF2A5C3052E3C8B5231'" diff --git a/drivers/auth/auth_mod.c b/drivers/auth/auth_mod.c index 7a9cca8e3..105dc054f 100644 --- a/drivers/auth/auth_mod.c +++ b/drivers/auth/auth_mod.c @@ -20,6 +20,8 @@ #include #include +#include + /* ASN.1 tags */ #define ASN1_INTEGER 0x02 @@ -148,7 +150,7 @@ static int auth_signature(const auth_method_param_sig_t *param, const auth_img_desc_t *img_desc, void *img, unsigned int img_len) { - void *data_ptr, *pk_ptr, *pk_plat_ptr, *sig_ptr, *sig_alg_ptr; + void *data_ptr, *pk_ptr, *pk_plat_ptr, *sig_ptr, *sig_alg_ptr, *pk_oid; unsigned int data_len, pk_len, pk_plat_len, sig_len, sig_alg_len; unsigned int flags = 0; int rc = 0; @@ -226,6 +228,25 @@ static int auth_signature(const auth_method_param_sig_t *param, return -1; } } + + /* + * Set Zero-OID for ROTPK(subject key) as a the certificate + * does not hold Key-OID information for ROTPK. + */ + if (param->pk->cookie != NULL) { + pk_oid = param->pk->cookie; + } else { + pk_oid = ZERO_OID; + } + + /* + * Public key is verified at this stage, notify platform + * to measure and publish it. + */ + rc = plat_mboot_measure_key(pk_oid, pk_ptr, pk_len); + if (rc != 0) { + WARN("Public Key measurement failure = %d\n", rc); + } } /* Ask the crypto module to verify the signature */ @@ -381,6 +402,7 @@ int auth_mod_verify_img(unsigned int img_id, unsigned int img_len) { const auth_img_desc_t *img_desc = NULL; + const auth_param_type_desc_t *type_desc = NULL; const auth_method_desc_t *auth_method = NULL; void *param_ptr; unsigned int param_len; @@ -462,6 +484,21 @@ int auth_mod_verify_img(unsigned int img_id, /* Copy the parameter for later use */ memcpy((void *)img_desc->authenticated_data[i].data.ptr, (void *)param_ptr, param_len); + + /* + * If this is a public key then measure and publicise + * it. + */ + type_desc = img_desc->authenticated_data[i].type_desc; + if (type_desc->type == AUTH_PARAM_PUB_KEY) { + rc = plat_mboot_measure_key(type_desc->cookie, + param_ptr, + param_len); + if (rc != 0) { + WARN("Public Key measurement " + "failure = %d\n", rc); + } + } } } diff --git a/drivers/measured_boot/rss/rss_measured_boot.c b/drivers/measured_boot/rss/rss_measured_boot.c index 1b2f17720..258aa8d4c 100644 --- a/drivers/measured_boot/rss/rss_measured_boot.c +++ b/drivers/measured_boot/rss/rss_measured_boot.c @@ -32,6 +32,19 @@ # error Invalid Measured Boot algorithm. #endif /* MBOOT_ALG_ID */ +#if ENABLE_ASSERTIONS +static bool null_arr(const uint8_t *signer_id, size_t signer_id_size) +{ + for (size_t i = 0U; i < signer_id_size; i++) { + if (signer_id[i] != 0U) { + return false; + } + } + + return true; +} +#endif /* ENABLE_ASSERTIONS */ + /* Functions' declarations */ void rss_measured_boot_init(struct rss_mboot_metadata *metadata_ptr) { @@ -39,6 +52,7 @@ void rss_measured_boot_init(struct rss_mboot_metadata *metadata_ptr) /* Init the non-const members of the metadata structure */ while (metadata_ptr->id != RSS_MBOOT_INVALID_ID) { + assert(null_arr(metadata_ptr->signer_id, MBOOT_DIGEST_SIZE)); metadata_ptr->sw_type_size = strlen((const char *)&metadata_ptr->sw_type) + 1; metadata_ptr++; @@ -93,36 +107,53 @@ int rss_mboot_measure_and_record(struct rss_mboot_metadata *metadata_ptr, } int rss_mboot_set_signer_id(struct rss_mboot_metadata *metadata_ptr, - unsigned int img_id, + const void *pk_oid, const void *pk_ptr, size_t pk_len) { unsigned char hash_data[CRYPTO_MD_MAX_SIZE]; int rc; + bool hash_calc_done = false; assert(metadata_ptr != NULL); - /* Get the metadata associated with this image. */ - while ((metadata_ptr->id != RSS_MBOOT_INVALID_ID) && - (metadata_ptr->id != img_id)) { + /* + * Do an exhaustive search over the platform metadata to find + * all images whose key OID matches the one passed in argument. + * + * Note that it is not an error if do not get any matches. + * The platform may decide not to measure all of the images + * in the system. + */ + while (metadata_ptr->id != RSS_MBOOT_INVALID_ID) { + /* Get the metadata associated with this key-oid */ + if (metadata_ptr->pk_oid == pk_oid) { + if (!hash_calc_done) { + /* Calculate public key hash */ + rc = crypto_mod_calc_hash(CRYPTO_MD_ID, + (void *)pk_ptr, + pk_len, hash_data); + if (rc != 0) { + return rc; + } + + hash_calc_done = true; + } + + /* + * Fill the signer-ID field with the newly/already + * computed hash of the public key and update its + * signer ID size field with compile-time decided + * digest size. + */ + (void)memcpy(metadata_ptr->signer_id, + hash_data, + MBOOT_DIGEST_SIZE); + metadata_ptr->signer_id_size = MBOOT_DIGEST_SIZE; + } + metadata_ptr++; } - /* If image is not present in metadata array then skip */ - if (metadata_ptr->id == RSS_MBOOT_INVALID_ID) { - return 0; - } - - /* Calculate public key hash */ - rc = crypto_mod_calc_hash(CRYPTO_MD_ID, (void *)pk_ptr, - pk_len, hash_data); - if (rc != 0) { - return rc; - } - - /* Update metadata struct with the received signer_id */ - (void)memcpy(metadata_ptr->signer_id, hash_data, MBOOT_DIGEST_SIZE); - metadata_ptr->signer_id_size = MBOOT_DIGEST_SIZE; - return 0; } diff --git a/include/drivers/measured_boot/rss/rss_measured_boot.h b/include/drivers/measured_boot/rss/rss_measured_boot.h index 76affd81d..7ab517c18 100644 --- a/include/drivers/measured_boot/rss/rss_measured_boot.h +++ b/include/drivers/measured_boot/rss/rss_measured_boot.h @@ -40,6 +40,7 @@ struct rss_mboot_metadata { size_t version_size; uint8_t sw_type[SW_TYPE_MAX_SIZE]; size_t sw_type_size; + void *pk_oid; bool lock_measurement; }; @@ -49,9 +50,8 @@ int rss_mboot_measure_and_record(struct rss_mboot_metadata *metadata_ptr, uintptr_t data_base, uint32_t data_size, uint32_t data_id); -/* TODO: These metadata are currently not available during TF-A boot */ int rss_mboot_set_signer_id(struct rss_mboot_metadata *metadata_ptr, - unsigned int img_id, const void *pk_ptr, + const void *pk_oid, const void *pk_ptr, size_t pk_len); #endif /* RSS_MEASURED_BOOT_H */ diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h index d146a2945..e024d916d 100644 --- a/include/plat/common/platform.h +++ b/include/plat/common/platform.h @@ -146,6 +146,8 @@ int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data); int plat_mboot_measure_critical_data(unsigned int critical_data_id, const void *base, size_t size); +int plat_mboot_measure_key(const void *pk_oid, const void *pk_ptr, + size_t pk_len); #else static inline int plat_mboot_measure_image(unsigned int image_id __unused, image_info_t *image_data __unused) @@ -159,6 +161,12 @@ static inline int plat_mboot_measure_critical_data( { return 0; } +static inline int plat_mboot_measure_key(const void *pk_oid __unused, + const void *pk_ptr __unused, + size_t pk_len __unused) +{ + return 0; +} #endif /* MEASURED_BOOT */ /******************************************************************************* diff --git a/include/tools_share/cca_oid.h b/include/tools_share/cca_oid.h index 2ca12c9cf..8c53ef955 100644 --- a/include/tools_share/cca_oid.h +++ b/include/tools_share/cca_oid.h @@ -28,4 +28,17 @@ /* CCAFirmwareNVCounter - Non-volatile counter extension */ #define CCA_FW_NVCOUNTER_OID "1.3.6.1.4.1.4128.2100.3" +/* + * First undef previous definitions from tbbr_oid.h. + * CCA ROTPK authenticates BL31 and its configuration image in + * CCA CoT. + **/ +#undef BL31_IMAGE_KEY_OID +#undef SOC_FW_CONFIG_KEY_OID +#undef HW_CONFIG_KEY_OID +#define BL31_IMAGE_KEY_OID ZERO_OID +#define SOC_FW_CONFIG_KEY_OID ZERO_OID +#define HW_CONFIG_KEY_OID ZERO_OID +#define RMM_IMAGE_KEY_OID ZERO_OID + #endif /* CCA_OID_H */ diff --git a/include/tools_share/dualroot_oid.h b/include/tools_share/dualroot_oid.h index 3e88a6d22..3762c7937 100644 --- a/include/tools_share/dualroot_oid.h +++ b/include/tools_share/dualroot_oid.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020, Arm Limited. All rights reserved. + * Copyright (c) 2020-2023, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ diff --git a/include/tools_share/tbbr_oid.h b/include/tools_share/tbbr_oid.h index 52b43ab3e..9881d1a18 100644 --- a/include/tools_share/tbbr_oid.h +++ b/include/tools_share/tbbr_oid.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -7,6 +7,8 @@ #ifndef TBBR_OID_H #define TBBR_OID_H +#include "zero_oid.h" + #define MAX_OID_NAME_LEN 30 /* @@ -160,6 +162,14 @@ #define SP_PKG7_HASH_OID "1.3.6.1.4.1.4128.2100.1307" #define SP_PKG8_HASH_OID "1.3.6.1.4.1.4128.2100.1308" +/* + * Public Keys present in SOC FW content certificates authenticate BL31 and + * its configuration. + */ +#define BL31_IMAGE_KEY_OID SOC_FW_CONTENT_CERT_PK_OID +#define SOC_FW_CONFIG_KEY_OID SOC_FW_CONTENT_CERT_PK_OID +#define HW_CONFIG_KEY_OID ZERO_OID + #ifdef PLAT_DEF_OID #include #endif diff --git a/include/tools_share/zero_oid.h b/include/tools_share/zero_oid.h new file mode 100644 index 000000000..9b8309428 --- /dev/null +++ b/include/tools_share/zero_oid.h @@ -0,0 +1,12 @@ +/* + * Copyright (c) 2023, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef ZERO_OID_H +#define ZERO_OID_H + +#define ZERO_OID "0.0.0.0.0.0.0.0.0" + +#endif /* ZERO_OID_H */ diff --git a/plat/arm/board/fvp/fvp_bl1_measured_boot.c b/plat/arm/board/fvp/fvp_bl1_measured_boot.c index b8431c5cf..dc95ba1c0 100644 --- a/plat/arm/board/fvp/fvp_bl1_measured_boot.c +++ b/plat/arm/board/fvp/fvp_bl1_measured_boot.c @@ -9,6 +9,7 @@ #include #include #include +#include /* Event Log data */ static uint8_t event_log[PLAT_ARM_EVENT_LOG_MAX_SIZE]; @@ -31,18 +32,21 @@ struct rss_mboot_metadata fvp_rss_mboot_metadata[] = { .slot = U(6), .signer_id_size = SIGNER_ID_MIN_SIZE, .sw_type = RSS_MBOOT_FW_CONFIG_STRING, + .pk_oid = ZERO_OID, .lock_measurement = true }, { .id = TB_FW_CONFIG_ID, .slot = U(7), .signer_id_size = SIGNER_ID_MIN_SIZE, .sw_type = RSS_MBOOT_TB_FW_CONFIG_STRING, + .pk_oid = ZERO_OID, .lock_measurement = true }, { .id = BL2_IMAGE_ID, .slot = U(8), .signer_id_size = SIGNER_ID_MIN_SIZE, .sw_type = RSS_MBOOT_BL2_STRING, + .pk_oid = ZERO_OID, .lock_measurement = true }, { diff --git a/plat/arm/board/fvp/fvp_bl2_measured_boot.c b/plat/arm/board/fvp/fvp_bl2_measured_boot.c index 564118ef2..349e064d8 100644 --- a/plat/arm/board/fvp/fvp_bl2_measured_boot.c +++ b/plat/arm/board/fvp/fvp_bl2_measured_boot.c @@ -9,7 +9,11 @@ #include #include #include +#if defined(ARM_COT_cca) +#include +#else #include +#endif /* ARM_COT_cca */ #include #include @@ -62,25 +66,31 @@ struct rss_mboot_metadata fvp_rss_mboot_metadata[] = { .slot = U(9), .signer_id_size = SIGNER_ID_MIN_SIZE, .sw_type = RSS_MBOOT_BL31_STRING, + .pk_oid = BL31_IMAGE_KEY_OID, .lock_measurement = true }, { .id = HW_CONFIG_ID, .slot = U(10), .signer_id_size = SIGNER_ID_MIN_SIZE, .sw_type = RSS_MBOOT_HW_CONFIG_STRING, + .pk_oid = HW_CONFIG_KEY_OID, .lock_measurement = true }, { .id = SOC_FW_CONFIG_ID, .slot = U(11), .signer_id_size = SIGNER_ID_MIN_SIZE, .sw_type = RSS_MBOOT_SOC_FW_CONFIG_STRING, + .pk_oid = SOC_FW_CONFIG_KEY_OID, .lock_measurement = true }, +#if ENABLE_RME { .id = RMM_IMAGE_ID, .slot = U(12), .signer_id_size = SIGNER_ID_MIN_SIZE, .sw_type = RSS_MBOOT_RMM_STRING, + .pk_oid = RMM_IMAGE_KEY_OID, .lock_measurement = true }, +#endif /* ENABLE_RME */ { .id = RSS_MBOOT_INVALID_ID } }; diff --git a/plat/arm/board/fvp/fvp_common_measured_boot.c b/plat/arm/board/fvp/fvp_common_measured_boot.c index 7419e5e96..0c1d5e706 100644 --- a/plat/arm/board/fvp/fvp_common_measured_boot.c +++ b/plat/arm/board/fvp/fvp_common_measured_boot.c @@ -45,3 +45,10 @@ int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data) return rc; } + +int plat_mboot_measure_key(const void *pk_oid, const void *pk_ptr, + size_t pk_len) +{ + return rss_mboot_set_signer_id(fvp_rss_mboot_metadata, pk_oid, pk_ptr, + pk_len); +} diff --git a/plat/arm/board/tc/tc_bl1_measured_boot.c b/plat/arm/board/tc/tc_bl1_measured_boot.c index 6d4bb07c6..6821a6ab5 100644 --- a/plat/arm/board/tc/tc_bl1_measured_boot.c +++ b/plat/arm/board/tc/tc_bl1_measured_boot.c @@ -9,6 +9,7 @@ #include #include #include +#include #include #include @@ -22,18 +23,21 @@ struct rss_mboot_metadata tc_rss_mboot_metadata[] = { .slot = U(6), .signer_id_size = SIGNER_ID_MIN_SIZE, .sw_type = RSS_MBOOT_FW_CONFIG_STRING, + .pk_oid = ZERO_OID, .lock_measurement = true }, { .id = TB_FW_CONFIG_ID, .slot = U(7), .signer_id_size = SIGNER_ID_MIN_SIZE, .sw_type = RSS_MBOOT_TB_FW_CONFIG_STRING, + .pk_oid = ZERO_OID, .lock_measurement = true }, { .id = BL2_IMAGE_ID, .slot = U(8), .signer_id_size = SIGNER_ID_MIN_SIZE, .sw_type = RSS_MBOOT_BL2_STRING, + .pk_oid = ZERO_OID, .lock_measurement = true }, { diff --git a/plat/arm/board/tc/tc_bl2_measured_boot.c b/plat/arm/board/tc/tc_bl2_measured_boot.c index 903985364..4b7917084 100644 --- a/plat/arm/board/tc/tc_bl2_measured_boot.c +++ b/plat/arm/board/tc/tc_bl2_measured_boot.c @@ -9,6 +9,7 @@ #include #include #include +#include #include #include @@ -22,18 +23,21 @@ struct rss_mboot_metadata tc_rss_mboot_metadata[] = { .slot = U(9), .signer_id_size = SIGNER_ID_MIN_SIZE, .sw_type = RSS_MBOOT_BL31_STRING, + .pk_oid = BL31_IMAGE_KEY_OID, .lock_measurement = true }, { .id = HW_CONFIG_ID, .slot = U(10), .signer_id_size = SIGNER_ID_MIN_SIZE, .sw_type = RSS_MBOOT_HW_CONFIG_STRING, + .pk_oid = HW_CONFIG_KEY_OID, .lock_measurement = true }, { .id = SOC_FW_CONFIG_ID, .slot = U(11), .signer_id_size = SIGNER_ID_MIN_SIZE, .sw_type = RSS_MBOOT_SOC_FW_CONFIG_STRING, + .pk_oid = SOC_FW_CONFIG_KEY_OID, .lock_measurement = true }, { .id = RSS_MBOOT_INVALID_ID } diff --git a/plat/arm/board/tc/tc_common_measured_boot.c b/plat/arm/board/tc/tc_common_measured_boot.c index eddcc8150..925a41142 100644 --- a/plat/arm/board/tc/tc_common_measured_boot.c +++ b/plat/arm/board/tc/tc_common_measured_boot.c @@ -28,3 +28,9 @@ int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data) return err; } + +int plat_mboot_measure_key(void *pk_oid, void *pk_ptr, unsigned int pk_len) +{ + return rss_mboot_set_signer_id(tc_rss_mboot_metadata, pk_oid, pk_ptr, + pk_len); +} diff --git a/plat/imx/imx8m/imx8m_measured_boot.c b/plat/imx/imx8m/imx8m_measured_boot.c index e9ea2d873..bfcd6ceb2 100644 --- a/plat/imx/imx8m/imx8m_measured_boot.c +++ b/plat/imx/imx8m/imx8m_measured_boot.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022, Arm Limited. All rights reserved. + * Copyright (c) 2022-2023, Arm Limited. All rights reserved. * Copyright (c) 2022, Linaro. * * SPDX-License-Identifier: BSD-3-Clause @@ -79,3 +79,9 @@ void bl2_plat_mboot_finish(void) dump_event_log((uint8_t *)event_log, event_log_cur_size); } + +int plat_mboot_measure_key(const void *pk_oid, const void *pk_ptr, + size_t pk_len) +{ + return 0; +} diff --git a/plat/qemu/qemu/qemu_measured_boot.c b/plat/qemu/qemu/qemu_measured_boot.c index 122bb23b1..077f7a486 100644 --- a/plat/qemu/qemu/qemu_measured_boot.c +++ b/plat/qemu/qemu/qemu_measured_boot.c @@ -1,6 +1,6 @@ /* * Copyright (c) 2022, Arm Limited. All rights reserved. - * Copyright (c) 2022, Linaro. + * Copyright (c) 2022-2023, Linaro. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -118,3 +118,9 @@ int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data) return 0; } + +int plat_mboot_measure_key(const void *pk_oid, const void *pk_ptr, + size_t pk_len) +{ + return 0; +}