Merge changes from topic "mb/drtm" into integration

* changes: feat(drtm): retrieve DLME image authentication features feat(drtm): log No-Action Event in Event Log for DRTM measurements feat(fvp): add stub function to retrieve DLME image auth features feat(drtm): introduce plat API for DLME authentication features feat(drtm): ensure event types aligns with DRTM specification v1.1 fix(drtm): add missing DLME data regions for min size requirement feat(fvp): add stub platform function to get ACPI table region size feat(drtm): add platform API to retrieve ACPI tables region size
2025-04-08 05:43:53 +00:00 · 2025-02-27 19:14:11 +01:00 · 2025-02-27 19:14:11 +01:00 · 70b5967ebc
commit 70b5967ebc
parent 1dd6f3ece6 94127ae299
8 changed files with 84 additions and 11 deletions
--- a/docs/porting-guide.rst
+++ b/docs/porting-guide.rst
@ -1001,7 +1001,7 @@ Function : plat_drtm_get_min_size_normal_world_dce()
 This function returns the size normal-world DCE of the platform.

 Function : plat_drtm_get_imp_def_dlme_region_size()
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 ::

@ -1012,7 +1012,7 @@ This function returns the size of implementation defined DLME region
 of the platform.

 Function : plat_drtm_get_tcb_hash_table_size()
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 ::

@ -1021,8 +1021,18 @@ Function : plat_drtm_get_tcb_hash_table_size()

 This function returns the size of TCB hash table of the platform.

+Function : plat_drtm_get_acpi_tables_region_size()
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+::
+
+    Argument : void
+    Return   : uint64_t
+
+This function returns the size of ACPI tables region of the platform.
+
 Function : plat_drtm_get_tcb_hash_features()
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 ::

@ -1033,6 +1043,17 @@ This function returns the Maximum number of TCB hashes recorded by the
 platform.
 For more details see section 3.3 Table 6 of `DRTM`_ specification.

+Function : plat_drtm_get_dlme_img_auth_features()
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+::
+
+    Argument : void
+    Return   : uint64_t
+
+This function returns the DLME image authentication features.
+For more details see section 3.3 Table 6 of `DRTM`_ specification.
+
 Function : plat_drtm_validate_ns_region()
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- a/include/plat/common/plat_drtm.h
+++ b/include/plat/common/plat_drtm.h
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2025, Arm Limited. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -59,6 +59,8 @@ uint64_t plat_drtm_get_min_size_normal_world_dce(void);
 uint64_t plat_drtm_get_tcb_hash_table_size(void);
 uint64_t plat_drtm_get_imp_def_dlme_region_size(void);
 uint64_t plat_drtm_get_tcb_hash_features(void);
+uint64_t plat_drtm_get_acpi_tables_region_size(void);
+uint64_t plat_drtm_get_dlme_img_auth_features(void);

 /* DRTM error handling functions */
 int plat_set_drtm_error(uint64_t error_code);
--- a/include/services/drtm_svc.h
+++ b/include/services/drtm_svc.h
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022-2024 Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2025 Arm Limited. All rights reserved.
 *
 * SPDX-License-Identifier:    BSD-3-Clause
 *
@ -49,6 +49,7 @@
 #define ARM_DRTM_FEATURES_DMA_PROT	U(0x3)
 #define ARM_DRTM_FEATURES_BOOT_PE_ID	U(0x4)
 #define ARM_DRTM_FEATURES_TCB_HASHES	U(0x5)
+#define ARM_DRTM_FEATURES_DLME_IMG_AUTH	U(0x6)

 #define is_drtm_fid(_fid) \
 	(((_fid) >= ARM_DRTM_SVC_VERSION) && ((_fid) <= ARM_DRTM_SVC_LOCK_TCB_HASH))
@ -109,6 +110,9 @@
 #define ARM_DRTM_TCB_HASH_FEATURES_MAX_NUM_HASHES_SHIFT	U(0)
 #define ARM_DRTM_TCB_HASH_FEATURES_MAX_NUM_HASHES_MASK	ULL(0xFF)

+#define ARM_DRTM_DLME_IMAGE_AUTH_SUPPORT_SHIFT	U(0)
+#define ARM_DRTM_DLME_IMAGE_AUTH_SUPPORT_MASK	ULL(0x1)
+
 #define ARM_DRTM_TPM_FEATURES_SET_PCR_SCHEMA(reg, val)			\
 	do {								\
 		reg = (((reg) & ~(ARM_DRTM_TPM_FEATURES_PCR_SCHEMA_MASK \
@ -178,6 +182,16 @@
 		ARM_DRTM_TCB_HASH_FEATURES_MAX_NUM_HASHES_SHIFT));	\
 	} while (false)

+#define ARM_DRTM_DLME_IMG_AUTH_SUPPORT(reg, val)		\
+	do {								\
+		reg = (((reg) &						\
+		~(ARM_DRTM_DLME_IMAGE_AUTH_SUPPORT_MASK <<	\
+		ARM_DRTM_DLME_IMAGE_AUTH_SUPPORT_SHIFT)) |	\
+		(((val) &						\
+		ARM_DRTM_DLME_IMAGE_AUTH_SUPPORT_MASK) <<	\
+		ARM_DRTM_DLME_IMAGE_AUTH_SUPPORT_SHIFT));	\
+	} while (false)
+
 /* Definitions for DRTM address map */
 #define ARM_DRTM_REGION_SIZE_TYPE_CACHEABILITY_SHIFT	U(55)
 #define ARM_DRTM_REGION_SIZE_TYPE_CACHEABILITY_MASK	ULL(0x3)
--- a/plat/arm/board/fvp/fvp_drtm_stub.c
+++ b/plat/arm/board/fvp/fvp_drtm_stub.c
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2025, Arm Limited. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -33,3 +33,13 @@ uint64_t plat_drtm_get_tcb_hash_table_size(void)
 {
 	return 0ULL;
 }
+
+uint64_t plat_drtm_get_acpi_tables_region_size(void)
+{
+	return 0ULL;
+}
+
+uint64_t plat_drtm_get_dlme_img_auth_features(void)
+{
+	return 0ULL;
+}
--- a/services/std_svc/drtm/drtm_main.c
+++ b/services/std_svc/drtm/drtm_main.c
@ -104,12 +104,16 @@ int drtm_setup(void)
 	dlme_data_hdr_init.dlme_addr_map_size = drtm_get_address_map_size();
 	dlme_data_hdr_init.dlme_tcb_hashes_table_size =
 				plat_drtm_get_tcb_hash_table_size();
+	dlme_data_hdr_init.dlme_acpi_tables_region_size =
+				plat_drtm_get_acpi_tables_region_size();
 	dlme_data_hdr_init.dlme_impdef_region_size =
 				plat_drtm_get_imp_def_dlme_region_size();

-	dlme_data_min_size += dlme_data_hdr_init.dlme_addr_map_size +
+	dlme_data_min_size += sizeof(struct_dlme_data_header) +
+			      dlme_data_hdr_init.dlme_addr_map_size +
 			      ARM_DRTM_MIN_EVENT_LOG_SIZE +
 			      dlme_data_hdr_init.dlme_tcb_hashes_table_size +
+			      dlme_data_hdr_init.dlme_acpi_tables_region_size +
 			      dlme_data_hdr_init.dlme_impdef_region_size;

 	/* Fill out platform DRTM features structure */
@ -130,6 +134,8 @@ int drtm_setup(void)
 		plat_dma_prot_feat->dma_protection_support);
 	ARM_DRTM_TCB_HASH_FEATURES_SET_MAX_NUM_HASHES(plat_drtm_features.tcb_hash_features,
 		plat_drtm_get_tcb_hash_features());
+	ARM_DRTM_DLME_IMG_AUTH_SUPPORT(plat_drtm_features.dlme_image_auth_features,
+		plat_drtm_get_dlme_img_auth_features());

 	return 0;
 }
@ -171,6 +177,12 @@ static inline uint64_t drtm_features_tcb_hashes(void *ctx)
 		 plat_drtm_features.tcb_hash_features);
 }

+static inline uint64_t drtm_features_dlme_img_auth_features(void *ctx)
+{
+	SMC_RET2(ctx, 1ULL, /* DLME Image auth is supported */
+		 plat_drtm_features.dlme_image_auth_features);
+}
+
 static enum drtm_retc drtm_dl_check_caller_el(void *ctx)
 {
 	uint64_t spsr_el3 = read_ctx_reg(get_el3state_ctx(ctx), CTX_SPSR_EL3);
@ -785,6 +797,12 @@ uint64_t drtm_smc_handler(uint32_t smc_fid,
 				return drtm_features_tcb_hashes(handle);
 				break;	/* not reached */

+			case ARM_DRTM_FEATURES_DLME_IMG_AUTH:
+				INFO("++ DRTM service handler: "
+				     "DLME Image authentication features\n");
+				return drtm_features_dlme_img_auth_features(handle);
+				break;	/* not reached */
+
 			default:
 				ERROR("Unknown ARM DRTM service feature\n");
 				SMC_RET1(handle, NOT_SUPPORTED);
--- a/services/std_svc/drtm/drtm_main.h
+++ b/services/std_svc/drtm/drtm_main.h
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022-2024 Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2025 Arm Limited. All rights reserved.
 *
 * SPDX-License-Identifier:    BSD-3-Clause
 *
@ -45,7 +45,7 @@
 * Range(Min/Max) of DRTM parameter structure versions supported
 */
 #define ARM_DRTM_PARAMS_MIN_VERSION	U(1)
-#define ARM_DRTM_PARAMS_MAX_VERSION	U(1)
+#define ARM_DRTM_PARAMS_MAX_VERSION	U(2)

 enum drtm_dlme_el {
 	DLME_AT_EL1 = MODE_EL1,
@ -74,6 +74,7 @@ typedef struct {
 	uint64_t dma_prot_features;
 	uint64_t boot_pe_id;
 	uint64_t tcb_hash_features;
+	uint64_t dlme_image_auth_features;
 } drtm_features_t;

 struct __packed drtm_dl_args_v1 {
--- a/services/std_svc/drtm/drtm_measurements.c
+++ b/services/std_svc/drtm/drtm_measurements.c
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022 Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2025 Arm Limited. All rights reserved.
 *
 * SPDX-License-Identifier:    BSD-3-Clause
 *
@ -198,6 +198,10 @@ enum drtm_retc drtm_take_measurements(const struct_drtm_dl_args *a)
 					       PCR_18);
 	CHECK_RC(rc,
 		 drtm_event_log_measure_and_record(DRTM_EVENT_ARM_SEPARATOR));
+
+	/* Measure no Action event but not extend it in PCR */
+	CHECK_RC(rc,
+		 drtm_event_log_measure_and_record(DRTM_EVENT_ARM_NO_ACTION));
 	/*
 	 * If the DCE is unable to log a measurement because there is no available
 	 * space in the event log region, the DCE must extend a hash of the value
--- a/services/std_svc/drtm/drtm_measurements.h
+++ b/services/std_svc/drtm/drtm_measurements.h
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022 Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2025 Arm Limited. All rights reserved.
 *
 * SPDX-License-Identifier:    BSD-3-Clause
 *
@ -25,6 +25,9 @@
 #define DRTM_EVENT_ARM_DCE_SECONDARY	DRTM_EVENT_TYPE(8)
 #define DRTM_EVENT_ARM_TZFW		DRTM_EVENT_TYPE(9)
 #define DRTM_EVENT_ARM_SEPARATOR	DRTM_EVENT_TYPE(10)
+#define DRTM_EVENT_ARM_DLME_PUBKEY	DRTM_EVENT_TYPE(11)
+#define DRTM_EVENT_ARM_DLME_SVN		DRTM_EVENT_TYPE(12)
+#define DRTM_EVENT_ARM_NO_ACTION	DRTM_EVENT_TYPE(13)

 #define CHECK_RC(rc, func_call) { \
 	if (rc != 0) { \