Merge changes from topic "mb/mb-signer-id" into integration

* changes:
  feat(qemu): add dummy plat_mboot_measure_key() function
  docs(rss): update RSS doc for signer-ID
  feat(imx): add dummy 'plat_mboot_measure_key' function
  feat(tc): implement platform function to measure and publish Public Key
  feat(auth): measure and publicise the Public Key
  feat(fvp): implement platform function to measure and publish Public Key
  feat(fvp): add public key-OID information in RSS metadata structure
  feat(auth): add explicit entries for key OIDs
  feat(rss): set the signer-ID in the RSS metadata
  feat(auth): create a zero-OID for Subject Public Key
  docs: add details about plat_mboot_measure_key function
  feat(measured-boot): introduce platform function to measure and publish Public Key

docs/design_documents/measured_boot.rst

@@ -204,6 +204,28 @@ Responsibilities of these platform interfaces are -
    In FVP, Non volatile counters get measured and recorded as Critical data
    using the backend via this interface.
 
+#. **Function : plat_mboot_measure_key()**
+
+   .. code-block:: c
+
+      int plat_mboot_measure_key(const void *pk_oid, const void *pk_ptr,
+                                 size_t pk_len);
+
+   - This function is used by the platform to measure the passed key and
+     publicise it using any of the supported backends.
+   - The authentication module within the trusted boot framework calls this
+     function for every ROTPK involved in verifying the signature of a root
+     certificate and for every subsidiary key that gets extracted from a key
+     certificate for later authentication of a content certificate.
+   - A cookie, passed as the first argument, serves as a key-OID pointer
+     associated with the public key data, passed as the second argument.
+   - Public key data size is passed as the third argument to this function.
+   - This function must return 0 on success, a signed integer error code
+     otherwise.
+   - In FVP platform, this function is used to calculate the hash of the given
+     key and forward this hash to RSS alongside the measurement of the image
+     which the key signs.
+
 --------------
 
 *Copyright (c) 2023, Arm Limited. All rights reserved.*

docs/design_documents/rss.rst

@@ -262,7 +262,8 @@ The following metadata can be stored alongside the measurement:
 - ``SW type``: Optional. Short text description (e.g.: BL1, BL2, BL31, etc.)
 
 .. Note::
-    Signer-id and version info is not implemented in TF-A yet.
+    Version info is not implemented in TF-A yet.
+
 
 The caller must specify in which measurement slot to extend a certain
 measurement and metadata. A measurement slot can be extended by multiple
@@ -321,9 +322,38 @@ structure is defined in
             size_t  version_size;
             uint8_t sw_type[SW_TYPE_MAX_SIZE];
             size_t  sw_type_size;
+            void    *pk_oid;
             bool    lock_measurement;
     };
 
+Signer-ID API
+^^^^^^^^^^^^^
+
+This function calculates the hash of a public key (signer-ID) using the
+``Measurement algorithm`` and stores it in the ``rss_mboot_metadata`` field
+named ``signer_id``.
+Prior to calling this function, the caller must ensure that the ``signer_id``
+field points to the zero-filled buffer.
+
+Defined here:
+
+- ``include/drivers/measured_boot/rss/rss_measured_boot.h``
+
+.. code-block:: c
+
+   int rss_mboot_set_signer_id(struct rss_mboot_metadata *metadata_ptr,
+                               const void *pk_oid,
+                               const void *pk_ptr,
+                               size_t pk_len)
+
+
+- First parameter is the pointer to the ``rss_mboot_metadata`` structure.
+- Second parameter is the pointer to the key-OID of the public key.
+- Third parameter is the pointer to the public key buffer.
+- Fourth parameter is the size of public key buffer.
+- This function returns 0 on success, a signed integer error code
+  otherwise.
+
 Build time config options
 ^^^^^^^^^^^^^^^^^^^^^^^^^
 
@@ -361,8 +391,8 @@ Sample console log
     INFO:    Image id=24 loaded: 0x4001300 - 0x400153a
     INFO:    Measured boot extend measurement:
     INFO:     - slot        : 7
-    INFO:     - signer_id   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+    INFO:     - signer_id   : b0 f3 82 09 12 97 d8 3a 37 7a 72 47 1b ec 32 73
-    INFO:                   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+    INFO:                   : e9 92 32 e2 49 59 f6 5e 8b 4a 4a 46 d8 22 9a da
     INFO:     - version     :
     INFO:     - version_size: 0
     INFO:     - sw_type     : TB_FW_CONFIG
@@ -377,8 +407,8 @@ Sample console log
     INFO:    Image id=1 loaded: 0x404d000 - 0x406412a
     INFO:    Measured boot extend measurement:
     INFO:     - slot        : 8
-    INFO:     - signer_id   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+    INFO:     - signer_id   : b0 f3 82 09 12 97 d8 3a 37 7a 72 47 1b ec 32 73
-    INFO:                   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+    INFO:                   : e9 92 32 e2 49 59 f6 5e 8b 4a 4a 46 d8 22 9a da
     INFO:     - version     :
     INFO:     - version_size: 0
     INFO:     - sw_type     : BL_2
@@ -483,31 +513,31 @@ Binary format:
     INFO:            a2 6a df 34 c3 29 48 9a dc 38 04 67 31 2e 35 2e
     INFO:            30 2b 30 01 60 02 58 20 b8 01 65 a7 78 8b c6 59
     INFO:            42 8d 33 10 85 d1 49 0a dc 9e c3 ee df 85 1b d2
-    INFO:            f0 73 73 6a 0c 07 11 b8 a4 05 58 20 00 00 00 00
+    INFO:            f0 73 73 6a 0c 07 11 b8 a4 05 58 20 b0 f3 82 09
-    INFO:            00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+    INFO:            12 97 d8 3a 37 7a 72 47 1b ec 32 73 e9 92 32 e2
-    INFO:            00 00 00 00 00 00 00 00 00 00 00 00 04 60 01 6a
+    INFO:            49 59 f6 5e 8b 4a 4a 46 d8 22 9a da 04 60 01 6a
     INFO:            46 57 5f 43 4f 4e 46 49 47 00 02 58 20 21 9e a0
     INFO:            13 82 e6 d7 97 5a 11 13 a3 5f 45 39 68 b1 d9 a3
     INFO:            ea 6a ab 84 23 3b 8c 06 16 98 20 ba b9 a4 05 58
-    INFO:            20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+    INFO:            20 b0 f3 82 09 12 97 d8 3a 37 7a 72 47 1b ec 32
-    INFO:            00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+    INFO:            73 e9 92 32 e2 49 59 f6 5e 8b 4a 4a 46 d8 22 9a
-    INFO:            00 04 60 01 6d 54 42 5f 46 57 5f 43 4f 4e 46 49
+    INFO:            da 04 60 01 6d 54 42 5f 46 57 5f 43 4f 4e 46 49
     INFO:            47 00 02 58 20 41 39 f6 c2 10 84 53 c5 17 ae 9a
     INFO:            e5 be c1 20 7b cc 24 24 f3 9d 20 a8 fb c7 b3 10
-    INFO:            e3 ee af 1b 05 a4 05 58 20 00 00 00 00 00 00 00
+    INFO:            e3 ee af 1b 05 a4 05 58 20 b0 f3 82 09 12 97 d8
-    INFO:            00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+    INFO:            3a 37 7a 72 47 1b ec 32 73 e9 92 32 e2 49 59 f6
-    INFO:            00 00 00 00 00 00 00 00 00 04 60 01 65 42 4c 5f
+    INFO:            5e 8b 4a 4a 46 d8 22 9a da 04 60 01 65 42 4c 5f
     INFO:            32 00 02 58 20 5c 96 20 e1 e3 3b 0f 2c eb c1 8e
     INFO:            1a 02 a6 65 86 dd 34 97 a7 4c 98 13 bf 74 14 45
-    INFO:            2d 30 28 05 c3 a4 05 58 20 00 00 00 00 00 00 00
+    INFO:            2d 30 28 05 c3 a4 05 58 20 b0 f3 82 09 12 97 d8
-    INFO:            00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+    INFO:            3a 37 7a 72 47 1b ec 32 73 e9 92 32 e2 49 59 f6
-    INFO:            00 00 00 00 00 00 00 00 00 04 60 01 6e 53 45 43
+    INFO:            5e 8b 4a 4a 46 d8 22 9a da 04 60 01 6e 53 45 43
     INFO:            55 52 45 5f 52 54 5f 45 4c 33 00 02 58 20 f6 fb
     INFO:            62 99 a5 0c df db 02 0b 72 5b 1c 0b 63 6e 94 ee
     INFO:            66 50 56 3a 29 9c cb 38 f0 ec 59 99 d4 2e a4 05
-    INFO:            58 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+    INFO:            58 20 b0 f3 82 09 12 97 d8 3a 37 7a 72 47 1b ec
-    INFO:            00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+    INFO:            32 73 e9 92 32 e2 49 59 f6 5e 8b 4a 4a 46 d8 22
-    INFO:            00 00 04 60 01 6a 48 57 5f 43 4f 4e 46 49 47 00
+    INFO:            9a da 04 60 01 6a 48 57 5f 43 4f 4e 46 49 47 00
     INFO:            02 58 20 98 5d 87 21 84 06 33 9d c3 1f 91 f5 68
     INFO:            8d a0 5a f0 d7 7e 20 51 ce 3b f2 a5 c3 05 2e 3c
     INFO:            8b 52 31 19 01 09 78 1c 68 74 74 70 3a 2f 2f 61
@@ -559,31 +589,31 @@ JSON format:
                 "MEASUREMENT_VALUE": "b'B80165A7788BC659428D331085D1490ADC9EC3EEDF851BD2F073736A0C0711B8'"
             },
             {
-                "SIGNER_ID": "b'0000000000000000000000000000000000000000000000000000000000000000'",
+                "SIGNER_ID": "b'b0f382091297d83a377a72471bec3273e99232e24959f65e8b4a4a46d8229ada'",
                 "SW_COMPONENT_VERSION": "",
                 "SW_COMPONENT_TYPE": "FW_CONFIG\u0000",
                 "MEASUREMENT_VALUE": "b'219EA01382E6D7975A1113A35F453968B1D9A3EA6AAB84233B8C06169820BAB9'"
             },
             {
-                "SIGNER_ID": "b'0000000000000000000000000000000000000000000000000000000000000000'",
+                "SIGNER_ID": "b'b0f382091297d83a377a72471bec3273e99232e24959f65e8b4a4a46d8229ada'",
                 "SW_COMPONENT_VERSION": "",
                 "SW_COMPONENT_TYPE": "TB_FW_CONFIG\u0000",
                 "MEASUREMENT_VALUE": "b'4139F6C2108453C517AE9AE5BEC1207BCC2424F39D20A8FBC7B310E3EEAF1B05'"
             },
             {
-                "SIGNER_ID": "b'0000000000000000000000000000000000000000000000000000000000000000'",
+                "SIGNER_ID": "b'b0f382091297d83a377a72471bec3273e99232e24959f65e8b4a4a46d8229ada'",
                 "SW_COMPONENT_VERSION": "",
                 "SW_COMPONENT_TYPE": "BL_2\u0000",
                 "MEASUREMENT_VALUE": "b'5C9620E1E33B0F2CEBC18E1A02A66586DD3497A74C9813BF7414452D302805C3'"
             },
             {
-                "SIGNER_ID": "b'0000000000000000000000000000000000000000000000000000000000000000'",
+                "SIGNER_ID": "b'b0f382091297d83a377a72471bec3273e99232e24959f65e8b4a4a46d8229ada'",
                 "SW_COMPONENT_VERSION": "",
                 "SW_COMPONENT_TYPE": "SECURE_RT_EL3\u0000",
                 "MEASUREMENT_VALUE": "b'F6FB6299A50CDFDB020B725B1C0B636E94EE6650563A299CCB38F0EC5999D42E'"
             },
             {
-                "SIGNER_ID": "b'0000000000000000000000000000000000000000000000000000000000000000'",
+                "SIGNER_ID": "b'b0f382091297d83a377a72471bec3273e99232e24959f65e8b4a4a46d8229ada'",
                 "SW_COMPONENT_VERSION": "",
                 "SW_COMPONENT_TYPE": "HW_CONFIG\u0000",
                 "MEASUREMENT_VALUE": "b'985D87218406339DC31F91F5688DA05AF0D77E2051CE3BF2A5C3052E3C8B5231'"

drivers/auth/auth_mod.c

@@ -20,6 +20,8 @@
 #include <lib/fconf/fconf_tbbr_getter.h>
 #include <plat/common/platform.h>
 
+#include <tools_share/zero_oid.h>
+
 /* ASN.1 tags */
 #define ASN1_INTEGER                 0x02
 
@@ -148,7 +150,7 @@ static int auth_signature(const auth_method_param_sig_t *param,
 			  const auth_img_desc_t *img_desc,
 			  void *img, unsigned int img_len)
 {
-	void *data_ptr, *pk_ptr, *pk_plat_ptr, *sig_ptr, *sig_alg_ptr;
+	void *data_ptr, *pk_ptr, *pk_plat_ptr, *sig_ptr, *sig_alg_ptr, *pk_oid;
 	unsigned int data_len, pk_len, pk_plat_len, sig_len, sig_alg_len;
 	unsigned int flags = 0;
 	int rc = 0;
@@ -226,6 +228,25 @@ static int auth_signature(const auth_method_param_sig_t *param,
 				return -1;
 			}
 		}
+
+		/*
+		 * Set Zero-OID for ROTPK(subject key) as a the certificate
+		 * does not hold Key-OID information for ROTPK.
+		 */
+		if (param->pk->cookie != NULL) {
+			pk_oid = param->pk->cookie;
+		} else {
+			pk_oid = ZERO_OID;
+		}
+
+		/*
+		 * Public key is verified at this stage, notify platform
+		 * to measure and publish it.
+		 */
+		rc = plat_mboot_measure_key(pk_oid, pk_ptr, pk_len);
+		if (rc != 0) {
+			WARN("Public Key measurement failure = %d\n", rc);
+		}
 	}
 
 	/* Ask the crypto module to verify the signature */
@@ -381,6 +402,7 @@ int auth_mod_verify_img(unsigned int img_id,
 			unsigned int img_len)
 {
 	const auth_img_desc_t *img_desc = NULL;
+	const auth_param_type_desc_t *type_desc = NULL;
 	const auth_method_desc_t *auth_method = NULL;
 	void *param_ptr;
 	unsigned int param_len;
@@ -462,6 +484,21 @@ int auth_mod_verify_img(unsigned int img_id,
 			/* Copy the parameter for later use */
 			memcpy((void *)img_desc->authenticated_data[i].data.ptr,
 					(void *)param_ptr, param_len);
+
+			/*
+			 * If this is a public key then measure and publicise
+			 * it.
+			 */
+			type_desc = img_desc->authenticated_data[i].type_desc;
+			if (type_desc->type == AUTH_PARAM_PUB_KEY) {
+				rc = plat_mboot_measure_key(type_desc->cookie,
+							    param_ptr,
+							    param_len);
+				if (rc != 0) {
+					WARN("Public Key measurement "
+					     "failure = %d\n", rc);
+				}
+			}
 		}
 	}
 

drivers/measured_boot/rss/rss_measured_boot.c

@@ -32,6 +32,19 @@
 #  error Invalid Measured Boot algorithm.
 #endif /* MBOOT_ALG_ID */
 
+#if ENABLE_ASSERTIONS
+static bool null_arr(const uint8_t *signer_id, size_t signer_id_size)
+{
+	for (size_t i = 0U; i < signer_id_size; i++) {
+		if (signer_id[i] != 0U) {
+			return false;
+		}
+	}
+
+	return true;
+}
+#endif /* ENABLE_ASSERTIONS */
+
 /* Functions' declarations */
 void rss_measured_boot_init(struct rss_mboot_metadata *metadata_ptr)
 {
@@ -39,6 +52,7 @@ void rss_measured_boot_init(struct rss_mboot_metadata *metadata_ptr)
 
 	/* Init the non-const members of the metadata structure */
 	while (metadata_ptr->id != RSS_MBOOT_INVALID_ID) {
+		assert(null_arr(metadata_ptr->signer_id, MBOOT_DIGEST_SIZE));
 		metadata_ptr->sw_type_size =
 			strlen((const char *)&metadata_ptr->sw_type) + 1;
 		metadata_ptr++;
@@ -93,36 +107,53 @@ int rss_mboot_measure_and_record(struct rss_mboot_metadata *metadata_ptr,
 }
 
 int rss_mboot_set_signer_id(struct rss_mboot_metadata *metadata_ptr,
-			    unsigned int img_id,
+			    const void *pk_oid,
 			    const void *pk_ptr,
 			    size_t pk_len)
 {
 	unsigned char hash_data[CRYPTO_MD_MAX_SIZE];
 	int rc;
+	bool hash_calc_done = false;
 
 	assert(metadata_ptr != NULL);
 
-	/* Get the metadata associated with this image. */
+	/*
-	while ((metadata_ptr->id != RSS_MBOOT_INVALID_ID) &&
+	 * Do an exhaustive search over the platform metadata to find
-		(metadata_ptr->id != img_id)) {
+	 * all images whose key OID matches the one passed in argument.
+	 *
+	 * Note that it is not an error if do not get any matches.
+	 * The platform may decide not to measure all of the images
+	 * in the system.
+	 */
+	while (metadata_ptr->id != RSS_MBOOT_INVALID_ID) {
+		/* Get the metadata associated with this key-oid */
+		if (metadata_ptr->pk_oid == pk_oid) {
+			if (!hash_calc_done) {
+				/* Calculate public key hash */
+				rc = crypto_mod_calc_hash(CRYPTO_MD_ID,
+							  (void *)pk_ptr,
+							  pk_len, hash_data);
+				if (rc != 0) {
+					return rc;
+				}
+
+				hash_calc_done = true;
+			}
+
+			/*
+			 * Fill the signer-ID field with the newly/already
+			 * computed hash of the public key and update its
+			 * signer ID size field with compile-time decided
+			 * digest size.
+			 */
+			(void)memcpy(metadata_ptr->signer_id,
+				     hash_data,
+				     MBOOT_DIGEST_SIZE);
+			metadata_ptr->signer_id_size = MBOOT_DIGEST_SIZE;
+		}
+
 		metadata_ptr++;
 	}
 
-	/* If image is not present in metadata array then skip */
-	if (metadata_ptr->id == RSS_MBOOT_INVALID_ID) {
-		return 0;
-	}
-
-	/* Calculate public key hash */
-	rc = crypto_mod_calc_hash(CRYPTO_MD_ID, (void *)pk_ptr,
-				  pk_len, hash_data);
-	if (rc != 0) {
-		return rc;
-	}
-
-	/* Update metadata struct with the received signer_id */
-	(void)memcpy(metadata_ptr->signer_id, hash_data, MBOOT_DIGEST_SIZE);
-	metadata_ptr->signer_id_size = MBOOT_DIGEST_SIZE;
-
 	return 0;
 }

include/drivers/measured_boot/rss/rss_measured_boot.h

@@ -40,6 +40,7 @@ struct rss_mboot_metadata {
 	size_t  version_size;
 	uint8_t sw_type[SW_TYPE_MAX_SIZE];
 	size_t  sw_type_size;
+	void    *pk_oid;
 	bool    lock_measurement;
 };
 
@@ -49,9 +50,8 @@ int rss_mboot_measure_and_record(struct rss_mboot_metadata *metadata_ptr,
 				 uintptr_t data_base, uint32_t data_size,
 				 uint32_t data_id);
 
-/* TODO: These metadata are currently not available during TF-A boot */
 int rss_mboot_set_signer_id(struct rss_mboot_metadata *metadata_ptr,
-			    unsigned int img_id, const void *pk_ptr,
+			    const void *pk_oid, const void *pk_ptr,
 			    size_t pk_len);
 
 #endif /* RSS_MEASURED_BOOT_H */

include/plat/common/platform.h

@@ -146,6 +146,8 @@ int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data);
 int plat_mboot_measure_critical_data(unsigned int critical_data_id,
 				     const void *base,
 				     size_t size);
+int plat_mboot_measure_key(const void *pk_oid, const void *pk_ptr,
+			   size_t pk_len);
 #else
 static inline int plat_mboot_measure_image(unsigned int image_id __unused,
 					   image_info_t *image_data __unused)
@@ -159,6 +161,12 @@ static inline int plat_mboot_measure_critical_data(
 {
 	return 0;
 }
+static inline int plat_mboot_measure_key(const void *pk_oid __unused,
+					 const void *pk_ptr __unused,
+					 size_t pk_len __unused)
+{
+	return 0;
+}
 #endif /* MEASURED_BOOT */
 
 /*******************************************************************************

include/tools_share/cca_oid.h

@@ -28,4 +28,17 @@
 /* CCAFirmwareNVCounter - Non-volatile counter extension */
 #define CCA_FW_NVCOUNTER_OID			"1.3.6.1.4.1.4128.2100.3"
 
+/*
+ * First undef previous definitions from tbbr_oid.h.
+ * CCA ROTPK authenticates BL31 and its configuration image in
+ * CCA CoT.
+ **/
+#undef BL31_IMAGE_KEY_OID
+#undef SOC_FW_CONFIG_KEY_OID
+#undef HW_CONFIG_KEY_OID
+#define BL31_IMAGE_KEY_OID			ZERO_OID
+#define SOC_FW_CONFIG_KEY_OID			ZERO_OID
+#define HW_CONFIG_KEY_OID			ZERO_OID
+#define RMM_IMAGE_KEY_OID			ZERO_OID
+
 #endif /* CCA_OID_H */

include/tools_share/dualroot_oid.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */

include/tools_share/tbbr_oid.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -7,6 +7,8 @@
 #ifndef TBBR_OID_H
 #define TBBR_OID_H
 
+#include "zero_oid.h"
+
 #define	MAX_OID_NAME_LEN	30
 
 /*
@@ -160,6 +162,14 @@
 #define SP_PKG7_HASH_OID			"1.3.6.1.4.1.4128.2100.1307"
 #define SP_PKG8_HASH_OID			"1.3.6.1.4.1.4128.2100.1308"
 
+/*
+ * Public Keys present in SOC FW content certificates authenticate BL31 and
+ * its configuration.
+ */
+#define BL31_IMAGE_KEY_OID			SOC_FW_CONTENT_CERT_PK_OID
+#define SOC_FW_CONFIG_KEY_OID			SOC_FW_CONTENT_CERT_PK_OID
+#define HW_CONFIG_KEY_OID			ZERO_OID
+
 #ifdef PLAT_DEF_OID
 #include <platform_oid.h>
 #endif

include/tools_share/zero_oid.h

@@ -0,0 +1,12 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef ZERO_OID_H
+#define ZERO_OID_H
+
+#define ZERO_OID                              "0.0.0.0.0.0.0.0.0"
+
+#endif /* ZERO_OID_H */

plat/arm/board/fvp/fvp_bl1_measured_boot.c

@@ -9,6 +9,7 @@
 #include <drivers/measured_boot/event_log/event_log.h>
 #include <drivers/measured_boot/rss/rss_measured_boot.h>
 #include <plat/arm/common/plat_arm.h>
+#include <tools_share/zero_oid.h>
 
 /* Event Log data */
 static uint8_t event_log[PLAT_ARM_EVENT_LOG_MAX_SIZE];
@@ -31,18 +32,21 @@ struct rss_mboot_metadata fvp_rss_mboot_metadata[] = {
 		.slot = U(6),
 		.signer_id_size = SIGNER_ID_MIN_SIZE,
 		.sw_type = RSS_MBOOT_FW_CONFIG_STRING,
+		.pk_oid = ZERO_OID,
 		.lock_measurement = true },
 	{
 		.id = TB_FW_CONFIG_ID,
 		.slot = U(7),
 		.signer_id_size = SIGNER_ID_MIN_SIZE,
 		.sw_type = RSS_MBOOT_TB_FW_CONFIG_STRING,
+		.pk_oid = ZERO_OID,
 		.lock_measurement = true },
 	{
 		.id = BL2_IMAGE_ID,
 		.slot = U(8),
 		.signer_id_size = SIGNER_ID_MIN_SIZE,
 		.sw_type = RSS_MBOOT_BL2_STRING,
+		.pk_oid = ZERO_OID,
 		.lock_measurement = true },
 
 	{

plat/arm/board/fvp/fvp_bl2_measured_boot.c

@@ -9,7 +9,11 @@
 #include <common/tbbr/tbbr_img_def.h>
 #include <drivers/measured_boot/event_log/event_log.h>
 #include <drivers/measured_boot/rss/rss_measured_boot.h>
+#if defined(ARM_COT_cca)
+#include <tools_share/cca_oid.h>
+#else
 #include <tools_share/tbbr_oid.h>
+#endif /* ARM_COT_cca */
 #include <fvp_critical_data.h>
 
 #include <plat/arm/common/plat_arm.h>
@@ -62,25 +66,31 @@ struct rss_mboot_metadata fvp_rss_mboot_metadata[] = {
 		.slot = U(9),
 		.signer_id_size = SIGNER_ID_MIN_SIZE,
 		.sw_type = RSS_MBOOT_BL31_STRING,
+		.pk_oid = BL31_IMAGE_KEY_OID,
 		.lock_measurement = true },
 	{
 		.id = HW_CONFIG_ID,
 		.slot = U(10),
 		.signer_id_size = SIGNER_ID_MIN_SIZE,
 		.sw_type = RSS_MBOOT_HW_CONFIG_STRING,
+		.pk_oid = HW_CONFIG_KEY_OID,
 		.lock_measurement = true },
 	{
 		.id = SOC_FW_CONFIG_ID,
 		.slot = U(11),
 		.signer_id_size = SIGNER_ID_MIN_SIZE,
 		.sw_type = RSS_MBOOT_SOC_FW_CONFIG_STRING,
+		.pk_oid = SOC_FW_CONFIG_KEY_OID,
 		.lock_measurement = true },
+#if ENABLE_RME
 	{
 		.id = RMM_IMAGE_ID,
 		.slot = U(12),
 		.signer_id_size = SIGNER_ID_MIN_SIZE,
 		.sw_type = RSS_MBOOT_RMM_STRING,
+		.pk_oid = RMM_IMAGE_KEY_OID,
 		.lock_measurement = true },
+#endif /* ENABLE_RME */
 	{
 		.id = RSS_MBOOT_INVALID_ID }
 };

plat/arm/board/fvp/fvp_common_measured_boot.c

@@ -45,3 +45,10 @@ int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data)
 
 	return rc;
 }
+
+int plat_mboot_measure_key(const void *pk_oid, const void *pk_ptr,
+			   size_t pk_len)
+{
+	return rss_mboot_set_signer_id(fvp_rss_mboot_metadata, pk_oid, pk_ptr,
+				       pk_len);
+}

plat/arm/board/tc/tc_bl1_measured_boot.c

@@ -9,6 +9,7 @@
 #include <drivers/arm/rss_comms.h>
 #include <drivers/measured_boot/rss/rss_measured_boot.h>
 #include <lib/psa/measured_boot.h>
+#include <tools_share/zero_oid.h>
 
 #include <plat/arm/common/plat_arm.h>
 #include <platform_def.h>
@@ -22,18 +23,21 @@ struct rss_mboot_metadata tc_rss_mboot_metadata[] = {
 		.slot = U(6),
 		.signer_id_size = SIGNER_ID_MIN_SIZE,
 		.sw_type = RSS_MBOOT_FW_CONFIG_STRING,
+		.pk_oid = ZERO_OID,
 		.lock_measurement = true },
 	{
 		.id = TB_FW_CONFIG_ID,
 		.slot = U(7),
 		.signer_id_size = SIGNER_ID_MIN_SIZE,
 		.sw_type = RSS_MBOOT_TB_FW_CONFIG_STRING,
+		.pk_oid = ZERO_OID,
 		.lock_measurement = true },
 	{
 		.id = BL2_IMAGE_ID,
 		.slot = U(8),
 		.signer_id_size = SIGNER_ID_MIN_SIZE,
 		.sw_type = RSS_MBOOT_BL2_STRING,
+		.pk_oid = ZERO_OID,
 		.lock_measurement = true },
 
 	{

plat/arm/board/tc/tc_bl2_measured_boot.c

@@ -9,6 +9,7 @@
 #include <drivers/arm/rss_comms.h>
 #include <drivers/measured_boot/rss/rss_measured_boot.h>
 #include <lib/psa/measured_boot.h>
+#include <tools_share/tbbr_oid.h>
 
 #include <plat/common/common_def.h>
 #include <platform_def.h>
@@ -22,18 +23,21 @@ struct rss_mboot_metadata tc_rss_mboot_metadata[] = {
 		.slot = U(9),
 		.signer_id_size = SIGNER_ID_MIN_SIZE,
 		.sw_type = RSS_MBOOT_BL31_STRING,
+		.pk_oid = BL31_IMAGE_KEY_OID,
 		.lock_measurement = true },
 	{
 		.id = HW_CONFIG_ID,
 		.slot = U(10),
 		.signer_id_size = SIGNER_ID_MIN_SIZE,
 		.sw_type = RSS_MBOOT_HW_CONFIG_STRING,
+		.pk_oid = HW_CONFIG_KEY_OID,
 		.lock_measurement = true },
 	{
 		.id = SOC_FW_CONFIG_ID,
 		.slot = U(11),
 		.signer_id_size = SIGNER_ID_MIN_SIZE,
 		.sw_type = RSS_MBOOT_SOC_FW_CONFIG_STRING,
+		.pk_oid = SOC_FW_CONFIG_KEY_OID,
 		.lock_measurement = true },
 	{
 		.id = RSS_MBOOT_INVALID_ID }

plat/arm/board/tc/tc_common_measured_boot.c

@@ -28,3 +28,9 @@ int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data)
 
 	return err;
 }
+
+int plat_mboot_measure_key(void *pk_oid, void *pk_ptr, unsigned int pk_len)
+{
+	return rss_mboot_set_signer_id(tc_rss_mboot_metadata, pk_oid, pk_ptr,
+				       pk_len);
+}

plat/imx/imx8m/imx8m_measured_boot.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
  * Copyright (c) 2022, Linaro.
  *
  * SPDX-License-Identifier: BSD-3-Clause
@@ -79,3 +79,9 @@ void bl2_plat_mboot_finish(void)
 
 	dump_event_log((uint8_t *)event_log, event_log_cur_size);
 }
+
+int plat_mboot_measure_key(const void *pk_oid, const void *pk_ptr,
+			   size_t pk_len)
+{
+	return 0;
+}

plat/qemu/qemu/qemu_measured_boot.c

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2022, Arm Limited. All rights reserved.
- * Copyright (c) 2022, Linaro.
+ * Copyright (c) 2022-2023, Linaro.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -118,3 +118,9 @@ int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data)
 
 	return 0;
 }
+
+int plat_mboot_measure_key(const void *pk_oid, const void *pk_ptr,
+			   size_t pk_len)
+{
+	return 0;
+}