From 7792bdbdf91a5854e580adea0f993886c3eec5df Mon Sep 17 00:00:00 2001 From: Manish V Badarkhe Date: Mon, 24 Feb 2025 21:16:47 +0000 Subject: [PATCH 1/8] feat(drtm): add platform API to retrieve ACPI tables region size Introduces a platform-specific API to retrieve the ACPI table region size. This will be used in a subsequent patch to specify the minimum DLME size requirement for the DCE preamble. Change-Id: I44ce9241733b22fea3cbce9d42f1c2cc5ef20852 Signed-off-by: Manish V Badarkhe --- docs/porting-guide.rst | 16 +++++++++++++--- include/plat/common/plat_drtm.h | 4 +++- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/docs/porting-guide.rst b/docs/porting-guide.rst index 9ca2aa927..98aa76de8 100644 --- a/docs/porting-guide.rst +++ b/docs/porting-guide.rst @@ -1001,7 +1001,7 @@ Function : plat_drtm_get_min_size_normal_world_dce() This function returns the size normal-world DCE of the platform. Function : plat_drtm_get_imp_def_dlme_region_size() -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :: @@ -1012,7 +1012,7 @@ This function returns the size of implementation defined DLME region of the platform. Function : plat_drtm_get_tcb_hash_table_size() -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :: @@ -1021,8 +1021,18 @@ Function : plat_drtm_get_tcb_hash_table_size() This function returns the size of TCB hash table of the platform. +Function : plat_drtm_get_acpi_tables_region_size() +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +:: + + Argument : void + Return : uint64_t + +This function returns the size of ACPI tables region of the platform. + Function : plat_drtm_get_tcb_hash_features() -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :: diff --git a/include/plat/common/plat_drtm.h b/include/plat/common/plat_drtm.h index 07545a68f..4f6921084 100644 --- a/include/plat/common/plat_drtm.h +++ b/include/plat/common/plat_drtm.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2024, Arm Limited. All rights reserved. + * Copyright (c) 2022-2025, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -59,6 +59,8 @@ uint64_t plat_drtm_get_min_size_normal_world_dce(void); uint64_t plat_drtm_get_tcb_hash_table_size(void); uint64_t plat_drtm_get_imp_def_dlme_region_size(void); uint64_t plat_drtm_get_tcb_hash_features(void); +uint64_t plat_drtm_get_acpi_tables_region_size(void); + /* DRTM error handling functions */ int plat_set_drtm_error(uint64_t error_code); From 5d377555e862dd07e11022ba0a70f0150e34454b Mon Sep 17 00:00:00 2001 From: Manish V Badarkhe Date: Mon, 24 Feb 2025 21:31:51 +0000 Subject: [PATCH 2/8] feat(fvp): add stub platform function to get ACPI table region size Introduces a stub platform function for FVP to retrieve the ACPI table region size. Change-Id: Icbf1ae0cb89c393502de2c2f4f66df6b510e6b81 Signed-off-by: Manish V Badarkhe --- plat/arm/board/fvp/fvp_drtm_stub.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/plat/arm/board/fvp/fvp_drtm_stub.c b/plat/arm/board/fvp/fvp_drtm_stub.c index e2bc5169a..213a7e394 100644 --- a/plat/arm/board/fvp/fvp_drtm_stub.c +++ b/plat/arm/board/fvp/fvp_drtm_stub.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022, Arm Limited. All rights reserved. + * Copyright (c) 2022-2025, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -33,3 +33,8 @@ uint64_t plat_drtm_get_tcb_hash_table_size(void) { return 0ULL; } + +uint64_t plat_drtm_get_acpi_tables_region_size(void) +{ + return 0ULL; +} From a65fa57b129713ddaa3cdff048921368f9dacc2e Mon Sep 17 00:00:00 2001 From: Manish V Badarkhe Date: Sat, 22 Feb 2025 20:33:17 +0000 Subject: [PATCH 3/8] fix(drtm): add missing DLME data regions for min size requirement Ensure compliance with minimum size requirements by including the missing DLME data regions, such as the DLME data header and ACPI region size. This will prevent incorrect allocation of DLME data regions in the DCE preamble. Change-Id: Ic493262152dfe39eb2d54f8771f19651be042288 Signed-off-by: Manish V Badarkhe --- services/std_svc/drtm/drtm_main.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/services/std_svc/drtm/drtm_main.c b/services/std_svc/drtm/drtm_main.c index 37f2a2fe5..bb95c13c0 100644 --- a/services/std_svc/drtm/drtm_main.c +++ b/services/std_svc/drtm/drtm_main.c @@ -104,12 +104,16 @@ int drtm_setup(void) dlme_data_hdr_init.dlme_addr_map_size = drtm_get_address_map_size(); dlme_data_hdr_init.dlme_tcb_hashes_table_size = plat_drtm_get_tcb_hash_table_size(); + dlme_data_hdr_init.dlme_acpi_tables_region_size = + plat_drtm_get_acpi_tables_region_size(); dlme_data_hdr_init.dlme_impdef_region_size = plat_drtm_get_imp_def_dlme_region_size(); - dlme_data_min_size += dlme_data_hdr_init.dlme_addr_map_size + + dlme_data_min_size += sizeof(struct_dlme_data_header) + + dlme_data_hdr_init.dlme_addr_map_size + ARM_DRTM_MIN_EVENT_LOG_SIZE + dlme_data_hdr_init.dlme_tcb_hashes_table_size + + dlme_data_hdr_init.dlme_acpi_tables_region_size + dlme_data_hdr_init.dlme_impdef_region_size; /* Fill out platform DRTM features structure */ From 8d24a30d6073239a40eb835cb6014172080f2f06 Mon Sep 17 00:00:00 2001 From: Manish V Badarkhe Date: Wed, 26 Feb 2025 09:49:03 +0000 Subject: [PATCH 4/8] feat(drtm): ensure event types aligns with DRTM specification v1.1 This patch updates event logging to comply with the latest version (v1.1) of the DRTM specification [1]. It ensures that all required event types, including those related to DLME authentication, are properly defined. Although these additional events are not currently utilized in the implementation, this change ensures their presence as specified in DRTM v1.1 for completeness. [1]: https://developer.arm.com/documentation/den0113/c/?lang=en Change-Id: I6846488c4121b1e2dc948d73c946e06883e16b28 Signed-off-by: Manish V Badarkhe --- services/std_svc/drtm/drtm_measurements.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/services/std_svc/drtm/drtm_measurements.h b/services/std_svc/drtm/drtm_measurements.h index 6d7a84e93..f5a8c7cd3 100644 --- a/services/std_svc/drtm/drtm_measurements.h +++ b/services/std_svc/drtm/drtm_measurements.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Arm Limited. All rights reserved. + * Copyright (c) 2022-2025 Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * @@ -25,6 +25,9 @@ #define DRTM_EVENT_ARM_DCE_SECONDARY DRTM_EVENT_TYPE(8) #define DRTM_EVENT_ARM_TZFW DRTM_EVENT_TYPE(9) #define DRTM_EVENT_ARM_SEPARATOR DRTM_EVENT_TYPE(10) +#define DRTM_EVENT_ARM_DLME_PUBKEY DRTM_EVENT_TYPE(11) +#define DRTM_EVENT_ARM_DLME_SVN DRTM_EVENT_TYPE(12) +#define DRTM_EVENT_ARM_NO_ACTION DRTM_EVENT_TYPE(13) #define CHECK_RC(rc, func_call) { \ if (rc != 0) { \ From 0f7ebef73eb72f4627cf657fcb92f60c01001b41 Mon Sep 17 00:00:00 2001 From: Manish V Badarkhe Date: Wed, 26 Feb 2025 12:01:03 +0000 Subject: [PATCH 5/8] feat(drtm): introduce plat API for DLME authentication features This patch introduces a platform-specific function to provide DLME authentication features. While no platforms currently support DLME authentication, this change offers a structured way for platforms to define and expose their DLME authentication features, with the flexibility to extend support in the future if needed. Change-Id: Ia708914477c4d8cfee4809a9daade9a3e91ed073 Signed-off-by: Manish V Badarkhe --- docs/porting-guide.rst | 11 +++++++++++ include/plat/common/plat_drtm.h | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/docs/porting-guide.rst b/docs/porting-guide.rst index 98aa76de8..d06d15357 100644 --- a/docs/porting-guide.rst +++ b/docs/porting-guide.rst @@ -1043,6 +1043,17 @@ This function returns the Maximum number of TCB hashes recorded by the platform. For more details see section 3.3 Table 6 of `DRTM`_ specification. +Function : plat_drtm_get_dlme_img_auth_features() +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +:: + + Argument : void + Return : uint64_t + +This function returns the DLME image authentication features. +For more details see section 3.3 Table 6 of `DRTM`_ specification. + Function : plat_drtm_validate_ns_region() ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/include/plat/common/plat_drtm.h b/include/plat/common/plat_drtm.h index 4f6921084..0d6a81863 100644 --- a/include/plat/common/plat_drtm.h +++ b/include/plat/common/plat_drtm.h @@ -60,7 +60,7 @@ uint64_t plat_drtm_get_tcb_hash_table_size(void); uint64_t plat_drtm_get_imp_def_dlme_region_size(void); uint64_t plat_drtm_get_tcb_hash_features(void); uint64_t plat_drtm_get_acpi_tables_region_size(void); - +uint64_t plat_drtm_get_dlme_img_auth_features(void); /* DRTM error handling functions */ int plat_set_drtm_error(uint64_t error_code); From 1733deb46c02444febfd25e411d09b1888ba8a7b Mon Sep 17 00:00:00 2001 From: Manish V Badarkhe Date: Wed, 26 Feb 2025 12:32:12 +0000 Subject: [PATCH 6/8] feat(fvp): add stub function to retrieve DLME image auth features DLME image authentication features are currently not supported on FVP. This patch introduces a stub function in fvp_drtm_stub.c as a placeholder for retrieving DLME image authentication features. Change-Id: I6d274834245774c5442d67ee93fcd641f3a9cd1a Signed-off-by: Manish V Badarkhe --- plat/arm/board/fvp/fvp_drtm_stub.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/plat/arm/board/fvp/fvp_drtm_stub.c b/plat/arm/board/fvp/fvp_drtm_stub.c index 213a7e394..238febd83 100644 --- a/plat/arm/board/fvp/fvp_drtm_stub.c +++ b/plat/arm/board/fvp/fvp_drtm_stub.c @@ -38,3 +38,8 @@ uint64_t plat_drtm_get_acpi_tables_region_size(void) { return 0ULL; } + +uint64_t plat_drtm_get_dlme_img_auth_features(void) +{ + return 0ULL; +} From 2ec44880d0a47a60b851fea09b7bec0cd694e858 Mon Sep 17 00:00:00 2001 From: Manish V Badarkhe Date: Wed, 26 Feb 2025 12:40:26 +0000 Subject: [PATCH 7/8] feat(drtm): log No-Action Event in Event Log for DRTM measurements This patch updates `drtm_measurements.c` to ensure that a No-Action event is recorded in the Event Log as part of the DRTM measurement process. This helps maintain compliance with the event logging requirements specified in DRTM spec v1.1 [1]. [1]: https://developer.arm.com/documentation/den0113/c/?lang=en Change-Id: Ifcf25b7ec91393a0c91b05e30f1f6cc4960d5634 Signed-off-by: Manish V Badarkhe --- services/std_svc/drtm/drtm_measurements.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/services/std_svc/drtm/drtm_measurements.c b/services/std_svc/drtm/drtm_measurements.c index 8d514b77f..d4f2b57ad 100644 --- a/services/std_svc/drtm/drtm_measurements.c +++ b/services/std_svc/drtm/drtm_measurements.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Arm Limited. All rights reserved. + * Copyright (c) 2022-2025 Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * @@ -198,6 +198,10 @@ enum drtm_retc drtm_take_measurements(const struct_drtm_dl_args *a) PCR_18); CHECK_RC(rc, drtm_event_log_measure_and_record(DRTM_EVENT_ARM_SEPARATOR)); + + /* Measure no Action event but not extend it in PCR */ + CHECK_RC(rc, + drtm_event_log_measure_and_record(DRTM_EVENT_ARM_NO_ACTION)); /* * If the DCE is unable to log a measurement because there is no available * space in the event log region, the DCE must extend a hash of the value From 94127ae299aedf7642e598785c90961ab6e18266 Mon Sep 17 00:00:00 2001 From: Manish V Badarkhe Date: Tue, 25 Feb 2025 18:24:47 +0000 Subject: [PATCH 8/8] feat(drtm): retrieve DLME image authentication features Retrieve DLME image authentication features and report them back to the DCE preamble. Currently, this value is always set to 0, as no platform supports DLME authentication. Additionally, the default schema is always used instead of the DLME PCR schema since DLME authentication is not currently supported. This change primarily upgrades the DRTM parameters version to V2, aligning with DRTM spec v1.1 [1]. [1]: https://developer.arm.com/documentation/den0113/c/?lang=en Change-Id: Ie2ceb0d2ff49465643597e8725710a93d89e74a2 Signed-off-by: Manish V Badarkhe --- include/services/drtm_svc.h | 16 +++++++++++++++- services/std_svc/drtm/drtm_main.c | 14 ++++++++++++++ services/std_svc/drtm/drtm_main.h | 5 +++-- 3 files changed, 32 insertions(+), 3 deletions(-) diff --git a/include/services/drtm_svc.h b/include/services/drtm_svc.h index f0d3c63bc..3503fa465 100644 --- a/include/services/drtm_svc.h +++ b/include/services/drtm_svc.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2024 Arm Limited. All rights reserved. + * Copyright (c) 2022-2025 Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * @@ -49,6 +49,7 @@ #define ARM_DRTM_FEATURES_DMA_PROT U(0x3) #define ARM_DRTM_FEATURES_BOOT_PE_ID U(0x4) #define ARM_DRTM_FEATURES_TCB_HASHES U(0x5) +#define ARM_DRTM_FEATURES_DLME_IMG_AUTH U(0x6) #define is_drtm_fid(_fid) \ (((_fid) >= ARM_DRTM_SVC_VERSION) && ((_fid) <= ARM_DRTM_SVC_LOCK_TCB_HASH)) @@ -109,6 +110,9 @@ #define ARM_DRTM_TCB_HASH_FEATURES_MAX_NUM_HASHES_SHIFT U(0) #define ARM_DRTM_TCB_HASH_FEATURES_MAX_NUM_HASHES_MASK ULL(0xFF) +#define ARM_DRTM_DLME_IMAGE_AUTH_SUPPORT_SHIFT U(0) +#define ARM_DRTM_DLME_IMAGE_AUTH_SUPPORT_MASK ULL(0x1) + #define ARM_DRTM_TPM_FEATURES_SET_PCR_SCHEMA(reg, val) \ do { \ reg = (((reg) & ~(ARM_DRTM_TPM_FEATURES_PCR_SCHEMA_MASK \ @@ -178,6 +182,16 @@ ARM_DRTM_TCB_HASH_FEATURES_MAX_NUM_HASHES_SHIFT)); \ } while (false) +#define ARM_DRTM_DLME_IMG_AUTH_SUPPORT(reg, val) \ + do { \ + reg = (((reg) & \ + ~(ARM_DRTM_DLME_IMAGE_AUTH_SUPPORT_MASK << \ + ARM_DRTM_DLME_IMAGE_AUTH_SUPPORT_SHIFT)) | \ + (((val) & \ + ARM_DRTM_DLME_IMAGE_AUTH_SUPPORT_MASK) << \ + ARM_DRTM_DLME_IMAGE_AUTH_SUPPORT_SHIFT)); \ + } while (false) + /* Definitions for DRTM address map */ #define ARM_DRTM_REGION_SIZE_TYPE_CACHEABILITY_SHIFT U(55) #define ARM_DRTM_REGION_SIZE_TYPE_CACHEABILITY_MASK ULL(0x3) diff --git a/services/std_svc/drtm/drtm_main.c b/services/std_svc/drtm/drtm_main.c index bb95c13c0..117934f25 100644 --- a/services/std_svc/drtm/drtm_main.c +++ b/services/std_svc/drtm/drtm_main.c @@ -134,6 +134,8 @@ int drtm_setup(void) plat_dma_prot_feat->dma_protection_support); ARM_DRTM_TCB_HASH_FEATURES_SET_MAX_NUM_HASHES(plat_drtm_features.tcb_hash_features, plat_drtm_get_tcb_hash_features()); + ARM_DRTM_DLME_IMG_AUTH_SUPPORT(plat_drtm_features.dlme_image_auth_features, + plat_drtm_get_dlme_img_auth_features()); return 0; } @@ -175,6 +177,12 @@ static inline uint64_t drtm_features_tcb_hashes(void *ctx) plat_drtm_features.tcb_hash_features); } +static inline uint64_t drtm_features_dlme_img_auth_features(void *ctx) +{ + SMC_RET2(ctx, 1ULL, /* DLME Image auth is supported */ + plat_drtm_features.dlme_image_auth_features); +} + static enum drtm_retc drtm_dl_check_caller_el(void *ctx) { uint64_t spsr_el3 = read_ctx_reg(get_el3state_ctx(ctx), CTX_SPSR_EL3); @@ -789,6 +797,12 @@ uint64_t drtm_smc_handler(uint32_t smc_fid, return drtm_features_tcb_hashes(handle); break; /* not reached */ + case ARM_DRTM_FEATURES_DLME_IMG_AUTH: + INFO("++ DRTM service handler: " + "DLME Image authentication features\n"); + return drtm_features_dlme_img_auth_features(handle); + break; /* not reached */ + default: ERROR("Unknown ARM DRTM service feature\n"); SMC_RET1(handle, NOT_SUPPORTED); diff --git a/services/std_svc/drtm/drtm_main.h b/services/std_svc/drtm/drtm_main.h index c105b56a7..44d0d2d6b 100644 --- a/services/std_svc/drtm/drtm_main.h +++ b/services/std_svc/drtm/drtm_main.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2024 Arm Limited. All rights reserved. + * Copyright (c) 2022-2025 Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * @@ -45,7 +45,7 @@ * Range(Min/Max) of DRTM parameter structure versions supported */ #define ARM_DRTM_PARAMS_MIN_VERSION U(1) -#define ARM_DRTM_PARAMS_MAX_VERSION U(1) +#define ARM_DRTM_PARAMS_MAX_VERSION U(2) enum drtm_dlme_el { DLME_AT_EL1 = MODE_EL1, @@ -74,6 +74,7 @@ typedef struct { uint64_t dma_prot_features; uint64_t boot_pe_id; uint64_t tcb_hash_features; + uint64_t dlme_image_auth_features; } drtm_features_t; struct __packed drtm_dl_args_v1 {