From 955116982f5bfb6803b1961eda5fa24ab7886419 Mon Sep 17 00:00:00 2001 From: Tamas Ban Date: Wed, 21 Feb 2024 11:40:21 +0100 Subject: [PATCH 01/15] refactor(rss): rename all 'rss' files to 'rse' Signed-off-by: Tamas Ban Change-Id: I6cfca1d67e246d5079f683241021ed039cc27f74 --- drivers/arm/{rss/rss_comms.c => rse/rse_comms.c} | 0 drivers/arm/{rss/rss_comms.mk => rse/rse_comms.mk} | 0 .../arm/{rss/rss_comms_protocol.c => rse/rse_comms_protocol.c} | 0 .../arm/{rss/rss_comms_protocol.h => rse/rse_comms_protocol.h} | 0 .../rse_comms_protocol_common.h} | 0 .../rss_comms_protocol_embed.c => rse/rse_comms_protocol_embed.c} | 0 .../rss_comms_protocol_embed.h => rse/rse_comms_protocol_embed.h} | 0 .../rse_comms_protocol_pointer_access.c} | 0 .../rse_comms_protocol_pointer_access.h} | 0 include/drivers/arm/{rss_comms.h => rse_comms.h} | 0 10 files changed, 0 insertions(+), 0 deletions(-) rename drivers/arm/{rss/rss_comms.c => rse/rse_comms.c} (100%) rename drivers/arm/{rss/rss_comms.mk => rse/rse_comms.mk} (100%) rename drivers/arm/{rss/rss_comms_protocol.c => rse/rse_comms_protocol.c} (100%) rename drivers/arm/{rss/rss_comms_protocol.h => rse/rse_comms_protocol.h} (100%) rename drivers/arm/{rss/rss_comms_protocol_common.h => rse/rse_comms_protocol_common.h} (100%) rename drivers/arm/{rss/rss_comms_protocol_embed.c => rse/rse_comms_protocol_embed.c} (100%) rename drivers/arm/{rss/rss_comms_protocol_embed.h => rse/rse_comms_protocol_embed.h} (100%) rename drivers/arm/{rss/rss_comms_protocol_pointer_access.c => rse/rse_comms_protocol_pointer_access.c} (100%) rename drivers/arm/{rss/rss_comms_protocol_pointer_access.h => rse/rse_comms_protocol_pointer_access.h} (100%) rename include/drivers/arm/{rss_comms.h => rse_comms.h} (100%) diff --git a/drivers/arm/rss/rss_comms.c b/drivers/arm/rse/rse_comms.c similarity index 100% rename from drivers/arm/rss/rss_comms.c rename to drivers/arm/rse/rse_comms.c diff --git a/drivers/arm/rss/rss_comms.mk b/drivers/arm/rse/rse_comms.mk similarity index 100% rename from drivers/arm/rss/rss_comms.mk rename to drivers/arm/rse/rse_comms.mk diff --git a/drivers/arm/rss/rss_comms_protocol.c b/drivers/arm/rse/rse_comms_protocol.c similarity index 100% rename from drivers/arm/rss/rss_comms_protocol.c rename to drivers/arm/rse/rse_comms_protocol.c diff --git a/drivers/arm/rss/rss_comms_protocol.h b/drivers/arm/rse/rse_comms_protocol.h similarity index 100% rename from drivers/arm/rss/rss_comms_protocol.h rename to drivers/arm/rse/rse_comms_protocol.h diff --git a/drivers/arm/rss/rss_comms_protocol_common.h b/drivers/arm/rse/rse_comms_protocol_common.h similarity index 100% rename from drivers/arm/rss/rss_comms_protocol_common.h rename to drivers/arm/rse/rse_comms_protocol_common.h diff --git a/drivers/arm/rss/rss_comms_protocol_embed.c b/drivers/arm/rse/rse_comms_protocol_embed.c similarity index 100% rename from drivers/arm/rss/rss_comms_protocol_embed.c rename to drivers/arm/rse/rse_comms_protocol_embed.c diff --git a/drivers/arm/rss/rss_comms_protocol_embed.h b/drivers/arm/rse/rse_comms_protocol_embed.h similarity index 100% rename from drivers/arm/rss/rss_comms_protocol_embed.h rename to drivers/arm/rse/rse_comms_protocol_embed.h diff --git a/drivers/arm/rss/rss_comms_protocol_pointer_access.c b/drivers/arm/rse/rse_comms_protocol_pointer_access.c similarity index 100% rename from drivers/arm/rss/rss_comms_protocol_pointer_access.c rename to drivers/arm/rse/rse_comms_protocol_pointer_access.c diff --git a/drivers/arm/rss/rss_comms_protocol_pointer_access.h b/drivers/arm/rse/rse_comms_protocol_pointer_access.h similarity index 100% rename from drivers/arm/rss/rss_comms_protocol_pointer_access.h rename to drivers/arm/rse/rse_comms_protocol_pointer_access.h diff --git a/include/drivers/arm/rss_comms.h b/include/drivers/arm/rse_comms.h similarity index 100% rename from include/drivers/arm/rss_comms.h rename to include/drivers/arm/rse_comms.h From 024c49484d21b7b20b320051b38cea90fb482b13 Mon Sep 17 00:00:00 2001 From: Tamas Ban Date: Wed, 21 Feb 2024 12:13:41 +0100 Subject: [PATCH 02/15] refactor(measured-boot): rename all 'rss' files to 'rse' Signed-off-by: Tamas Ban Change-Id: I3bd987456ad0f5c7a003960dd543efad2ce668a8 --- drivers/measured_boot/{rss => rse}/dice_prot_env.c | 0 drivers/measured_boot/{rss => rse}/dice_prot_env.mk | 0 drivers/measured_boot/{rss => rse}/qcbor.mk | 0 .../{rss/rss_measured_boot.c => rse/rse_measured_boot.c} | 0 .../{rss/rss_measured_boot.mk => rse/rse_measured_boot.mk} | 0 include/drivers/measured_boot/{rss => rse}/dice_prot_env.h | 0 .../{rss/rss_measured_boot.h => rse/rse_measured_boot.h} | 0 7 files changed, 0 insertions(+), 0 deletions(-) rename drivers/measured_boot/{rss => rse}/dice_prot_env.c (100%) rename drivers/measured_boot/{rss => rse}/dice_prot_env.mk (100%) rename drivers/measured_boot/{rss => rse}/qcbor.mk (100%) rename drivers/measured_boot/{rss/rss_measured_boot.c => rse/rse_measured_boot.c} (100%) rename drivers/measured_boot/{rss/rss_measured_boot.mk => rse/rse_measured_boot.mk} (100%) rename include/drivers/measured_boot/{rss => rse}/dice_prot_env.h (100%) rename include/drivers/measured_boot/{rss/rss_measured_boot.h => rse/rse_measured_boot.h} (100%) diff --git a/drivers/measured_boot/rss/dice_prot_env.c b/drivers/measured_boot/rse/dice_prot_env.c similarity index 100% rename from drivers/measured_boot/rss/dice_prot_env.c rename to drivers/measured_boot/rse/dice_prot_env.c diff --git a/drivers/measured_boot/rss/dice_prot_env.mk b/drivers/measured_boot/rse/dice_prot_env.mk similarity index 100% rename from drivers/measured_boot/rss/dice_prot_env.mk rename to drivers/measured_boot/rse/dice_prot_env.mk diff --git a/drivers/measured_boot/rss/qcbor.mk b/drivers/measured_boot/rse/qcbor.mk similarity index 100% rename from drivers/measured_boot/rss/qcbor.mk rename to drivers/measured_boot/rse/qcbor.mk diff --git a/drivers/measured_boot/rss/rss_measured_boot.c b/drivers/measured_boot/rse/rse_measured_boot.c similarity index 100% rename from drivers/measured_boot/rss/rss_measured_boot.c rename to drivers/measured_boot/rse/rse_measured_boot.c diff --git a/drivers/measured_boot/rss/rss_measured_boot.mk b/drivers/measured_boot/rse/rse_measured_boot.mk similarity index 100% rename from drivers/measured_boot/rss/rss_measured_boot.mk rename to drivers/measured_boot/rse/rse_measured_boot.mk diff --git a/include/drivers/measured_boot/rss/dice_prot_env.h b/include/drivers/measured_boot/rse/dice_prot_env.h similarity index 100% rename from include/drivers/measured_boot/rss/dice_prot_env.h rename to include/drivers/measured_boot/rse/dice_prot_env.h diff --git a/include/drivers/measured_boot/rss/rss_measured_boot.h b/include/drivers/measured_boot/rse/rse_measured_boot.h similarity index 100% rename from include/drivers/measured_boot/rss/rss_measured_boot.h rename to include/drivers/measured_boot/rse/rse_measured_boot.h From a5a5947a283331f5d99ef4be80393c01826d10dd Mon Sep 17 00:00:00 2001 From: Tamas Ban Date: Wed, 21 Feb 2024 12:17:08 +0100 Subject: [PATCH 03/15] docs: rename all 'rss' files to 'rse' Signed-off-by: Tamas Ban Change-Id: I93877ebeca1db6ee27dcb5446cc1f1a1e4e56775 --- docs/design_documents/{rss.rst => rse.rst} | 0 .../{rss_attestation_flow.puml => rse_attestation_flow.puml} | 0 .../{rss_measured_boot_flow.puml => rse_measured_boot_flow.puml} | 0 .../diagrams/plantuml/{tfa_rss_dfd.puml => tfa_rse_dfd.puml} | 0 .../{rss_attestation_flow.svg => rse_attestation_flow.svg} | 0 .../{rss_measured_boot_flow.svg => rse_measured_boot_flow.svg} | 0 ...eat_model_rss_interface.rst => threat_model_rse_interface.rst} | 0 7 files changed, 0 insertions(+), 0 deletions(-) rename docs/design_documents/{rss.rst => rse.rst} (100%) rename docs/resources/diagrams/plantuml/{rss_attestation_flow.puml => rse_attestation_flow.puml} (100%) rename docs/resources/diagrams/plantuml/{rss_measured_boot_flow.puml => rse_measured_boot_flow.puml} (100%) rename docs/resources/diagrams/plantuml/{tfa_rss_dfd.puml => tfa_rse_dfd.puml} (100%) rename docs/resources/diagrams/{rss_attestation_flow.svg => rse_attestation_flow.svg} (100%) rename docs/resources/diagrams/{rss_measured_boot_flow.svg => rse_measured_boot_flow.svg} (100%) rename docs/threat_model/firmware_threat_model/{threat_model_rss_interface.rst => threat_model_rse_interface.rst} (100%) diff --git a/docs/design_documents/rss.rst b/docs/design_documents/rse.rst similarity index 100% rename from docs/design_documents/rss.rst rename to docs/design_documents/rse.rst diff --git a/docs/resources/diagrams/plantuml/rss_attestation_flow.puml b/docs/resources/diagrams/plantuml/rse_attestation_flow.puml similarity index 100% rename from docs/resources/diagrams/plantuml/rss_attestation_flow.puml rename to docs/resources/diagrams/plantuml/rse_attestation_flow.puml diff --git a/docs/resources/diagrams/plantuml/rss_measured_boot_flow.puml b/docs/resources/diagrams/plantuml/rse_measured_boot_flow.puml similarity index 100% rename from docs/resources/diagrams/plantuml/rss_measured_boot_flow.puml rename to docs/resources/diagrams/plantuml/rse_measured_boot_flow.puml diff --git a/docs/resources/diagrams/plantuml/tfa_rss_dfd.puml b/docs/resources/diagrams/plantuml/tfa_rse_dfd.puml similarity index 100% rename from docs/resources/diagrams/plantuml/tfa_rss_dfd.puml rename to docs/resources/diagrams/plantuml/tfa_rse_dfd.puml diff --git a/docs/resources/diagrams/rss_attestation_flow.svg b/docs/resources/diagrams/rse_attestation_flow.svg similarity index 100% rename from docs/resources/diagrams/rss_attestation_flow.svg rename to docs/resources/diagrams/rse_attestation_flow.svg diff --git a/docs/resources/diagrams/rss_measured_boot_flow.svg b/docs/resources/diagrams/rse_measured_boot_flow.svg similarity index 100% rename from docs/resources/diagrams/rss_measured_boot_flow.svg rename to docs/resources/diagrams/rse_measured_boot_flow.svg diff --git a/docs/threat_model/firmware_threat_model/threat_model_rss_interface.rst b/docs/threat_model/firmware_threat_model/threat_model_rse_interface.rst similarity index 100% rename from docs/threat_model/firmware_threat_model/threat_model_rss_interface.rst rename to docs/threat_model/firmware_threat_model/threat_model_rse_interface.rst From 097e7d37e2bdd643b85bdbe468f259bffd745988 Mon Sep 17 00:00:00 2001 From: Tamas Ban Date: Wed, 21 Feb 2024 12:23:53 +0100 Subject: [PATCH 04/15] refactor(tc): rename all 'rss' files to 'rse' Signed-off-by: Tamas Ban Change-Id: I264690e9bbc30be7ed7b8e4e165696494a67e00c --- plat/arm/board/tc/{rss_ap_test_stubs.c => rse_ap_test_stubs.c} | 0 plat/arm/board/tc/{rss_ap_tests.c => rse_ap_tests.c} | 0 plat/arm/board/tc/{rss_ap_testsuites.c => rse_ap_testsuites.c} | 0 plat/arm/board/tc/{rss_ap_testsuites.h => rse_ap_testsuites.h} | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename plat/arm/board/tc/{rss_ap_test_stubs.c => rse_ap_test_stubs.c} (100%) rename plat/arm/board/tc/{rss_ap_tests.c => rse_ap_tests.c} (100%) rename plat/arm/board/tc/{rss_ap_testsuites.c => rse_ap_testsuites.c} (100%) rename plat/arm/board/tc/{rss_ap_testsuites.h => rse_ap_testsuites.h} (100%) diff --git a/plat/arm/board/tc/rss_ap_test_stubs.c b/plat/arm/board/tc/rse_ap_test_stubs.c similarity index 100% rename from plat/arm/board/tc/rss_ap_test_stubs.c rename to plat/arm/board/tc/rse_ap_test_stubs.c diff --git a/plat/arm/board/tc/rss_ap_tests.c b/plat/arm/board/tc/rse_ap_tests.c similarity index 100% rename from plat/arm/board/tc/rss_ap_tests.c rename to plat/arm/board/tc/rse_ap_tests.c diff --git a/plat/arm/board/tc/rss_ap_testsuites.c b/plat/arm/board/tc/rse_ap_testsuites.c similarity index 100% rename from plat/arm/board/tc/rss_ap_testsuites.c rename to plat/arm/board/tc/rse_ap_testsuites.c diff --git a/plat/arm/board/tc/rss_ap_testsuites.h b/plat/arm/board/tc/rse_ap_testsuites.h similarity index 100% rename from plat/arm/board/tc/rss_ap_testsuites.h rename to plat/arm/board/tc/rse_ap_testsuites.h From 3857898f661cab5729a1eee283f2d773a21302a6 Mon Sep 17 00:00:00 2001 From: Tamas Ban Date: Wed, 21 Feb 2024 12:25:02 +0100 Subject: [PATCH 05/15] refactor(psa): rename all 'rss' files to 'rse' Signed-off-by: Tamas Ban Change-Id: I379c471c541dda25d8ee9087fcf67e05b4204474 --- include/lib/psa/{rss_crypto_defs.h => rse_crypto_defs.h} | 0 include/lib/psa/{rss_platform_api.h => rse_platform_api.h} | 0 lib/psa/{rss_platform.c => rse_platform.c} | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename include/lib/psa/{rss_crypto_defs.h => rse_crypto_defs.h} (100%) rename include/lib/psa/{rss_platform_api.h => rse_platform_api.h} (100%) rename lib/psa/{rss_platform.c => rse_platform.c} (100%) diff --git a/include/lib/psa/rss_crypto_defs.h b/include/lib/psa/rse_crypto_defs.h similarity index 100% rename from include/lib/psa/rss_crypto_defs.h rename to include/lib/psa/rse_crypto_defs.h diff --git a/include/lib/psa/rss_platform_api.h b/include/lib/psa/rse_platform_api.h similarity index 100% rename from include/lib/psa/rss_platform_api.h rename to include/lib/psa/rse_platform_api.h diff --git a/lib/psa/rss_platform.c b/lib/psa/rse_platform.c similarity index 100% rename from lib/psa/rss_platform.c rename to lib/psa/rse_platform.c From e249e56954ed81924d53b47eb068f61182c8ed1d Mon Sep 17 00:00:00 2001 From: Tamas Ban Date: Wed, 21 Feb 2024 12:42:00 +0100 Subject: [PATCH 06/15] refactor(rse): change all occurrences of RSS to RSE Changes all occurrences of "RSS" and "rss" in the code and build files to "RSE" and "rse". Signed-off-by: Tamas Ban Change-Id: I9f72ad36ec233d7eaac3ce9e2f2b010130e1fa94 --- drivers/arm/rse/rse_comms.c | 48 +++++++++---------- drivers/arm/rse/rse_comms.mk | 18 +++---- drivers/arm/rse/rse_comms_protocol.c | 28 +++++------ drivers/arm/rse/rse_comms_protocol.h | 48 +++++++++---------- drivers/arm/rse/rse_comms_protocol_common.h | 6 +-- drivers/arm/rse/rse_comms_protocol_embed.c | 12 ++--- drivers/arm/rse/rse_comms_protocol_embed.h | 22 ++++----- .../rse/rse_comms_protocol_pointer_access.c | 12 ++--- .../rse/rse_comms_protocol_pointer_access.h | 18 +++---- include/drivers/arm/rse_comms.h | 8 ++-- 10 files changed, 110 insertions(+), 110 deletions(-) diff --git a/drivers/arm/rse/rse_comms.c b/drivers/arm/rse/rse_comms.c index 332105fda..cfc5a83cf 100644 --- a/drivers/arm/rse/rse_comms.c +++ b/drivers/arm/rse/rse_comms.c @@ -9,16 +9,16 @@ #include #include -#include +#include #include -#include +#include /* Union as message space and reply space are never used at the same time, and this saves space as * we can overlap them. */ -union __packed __attribute__((aligned(4))) rss_comms_io_buffer_t { - struct serialized_rss_comms_msg_t msg; - struct serialized_rss_comms_reply_t reply; +union __packed __attribute__((aligned(4))) rse_comms_io_buffer_t { + struct serialized_rse_comms_msg_t msg; + struct serialized_rse_comms_reply_t reply; }; static uint8_t select_protocol_version(const psa_invec *in_vec, size_t in_len, @@ -40,13 +40,13 @@ static uint8_t select_protocol_version(const psa_invec *in_vec, size_t in_len, comms_mhu_msg_size = mhu_get_max_message_size(); - comms_embed_msg_min_size = sizeof(struct serialized_rss_comms_header_t) + - sizeof(struct rss_embed_msg_t) - - PLAT_RSS_COMMS_PAYLOAD_MAX_SIZE; + comms_embed_msg_min_size = sizeof(struct serialized_rse_comms_header_t) + + sizeof(struct rse_embed_msg_t) - + PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE; - comms_embed_reply_min_size = sizeof(struct serialized_rss_comms_header_t) + - sizeof(struct rss_embed_reply_t) - - PLAT_RSS_COMMS_PAYLOAD_MAX_SIZE; + comms_embed_reply_min_size = sizeof(struct serialized_rse_comms_header_t) + + sizeof(struct rse_embed_reply_t) - + PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE; /* Use embed if we can pack into one message and reply, else use * pointer_access. The underlying MHU transport protocol uses a @@ -63,9 +63,9 @@ static uint8_t select_protocol_version(const psa_invec *in_vec, size_t in_len, comms_mhu_msg_size - sizeof(uint32_t)) || (comms_embed_reply_min_size + out_size_total > comms_mhu_msg_size - sizeof(uint32_t))) { - return RSS_COMMS_PROTOCOL_POINTER_ACCESS; + return RSE_COMMS_PROTOCOL_POINTER_ACCESS; } else { - return RSS_COMMS_PROTOCOL_EMBED; + return RSE_COMMS_PROTOCOL_EMBED; } } @@ -75,7 +75,7 @@ psa_status_t psa_call(psa_handle_t handle, int32_t type, const psa_invec *in_vec /* Declared statically to avoid using huge amounts of stack space. Maybe revisit if * functions not being reentrant becomes a problem. */ - static union rss_comms_io_buffer_t io_buf; + static union rse_comms_io_buffer_t io_buf; enum mhu_error_t err; psa_status_t status; static uint8_t seq_num = 1U; @@ -94,13 +94,13 @@ psa_status_t psa_call(psa_handle_t handle, int32_t type, const psa_invec *in_vec io_buf.msg.header.client_id = 1U, io_buf.msg.header.protocol_ver = select_protocol_version(in_vec, in_len, out_vec, out_len); - status = rss_protocol_serialize_msg(handle, type, in_vec, in_len, out_vec, + status = rse_protocol_serialize_msg(handle, type, in_vec, in_len, out_vec, out_len, &io_buf.msg, &msg_size); if (status != PSA_SUCCESS) { return status; } - VERBOSE("[RSS-COMMS] Sending message\n"); + VERBOSE("[RSE-COMMS] Sending message\n"); VERBOSE("protocol_ver=%u\n", io_buf.msg.header.protocol_ver); VERBOSE("seq_num=%u\n", io_buf.msg.header.seq_num); VERBOSE("client_id=%u\n", io_buf.msg.header.client_id); @@ -117,7 +117,7 @@ psa_status_t psa_call(psa_handle_t handle, int32_t type, const psa_invec *in_vec #if DEBUG /* * Poisoning the message buffer (with a known pattern). - * Helps in detecting hypothetical RSS communication bugs. + * Helps in detecting hypothetical RSE communication bugs. */ memset(&io_buf.msg, 0xA5, msg_size); #endif @@ -127,12 +127,12 @@ psa_status_t psa_call(psa_handle_t handle, int32_t type, const psa_invec *in_vec return PSA_ERROR_COMMUNICATION_FAILURE; } - VERBOSE("[RSS-COMMS] Received reply\n"); + VERBOSE("[RSE-COMMS] Received reply\n"); VERBOSE("protocol_ver=%u\n", io_buf.reply.header.protocol_ver); VERBOSE("seq_num=%u\n", io_buf.reply.header.seq_num); VERBOSE("client_id=%u\n", io_buf.reply.header.client_id); - status = rss_protocol_deserialize_reply(out_vec, out_len, &return_val, + status = rse_protocol_deserialize_reply(out_vec, out_len, &return_val, &io_buf.reply, reply_size); if (status != PSA_SUCCESS) { return status; @@ -152,16 +152,16 @@ psa_status_t psa_call(psa_handle_t handle, int32_t type, const psa_invec *in_vec return return_val; } -int rss_comms_init(uintptr_t mhu_sender_base, uintptr_t mhu_receiver_base) +int rse_comms_init(uintptr_t mhu_sender_base, uintptr_t mhu_receiver_base) { enum mhu_error_t err; err = mhu_init_sender(mhu_sender_base); if (err != MHU_ERR_NONE) { if (err == MHU_ERR_ALREADY_INIT) { - INFO("[RSS-COMMS] Host to RSS MHU driver already initialized\n"); + INFO("[RSE-COMMS] Host to RSE MHU driver already initialized\n"); } else { - ERROR("[RSS-COMMS] Host to RSS MHU driver initialization failed: %d\n", err); + ERROR("[RSE-COMMS] Host to RSE MHU driver initialization failed: %d\n", err); return -1; } } @@ -169,9 +169,9 @@ int rss_comms_init(uintptr_t mhu_sender_base, uintptr_t mhu_receiver_base) err = mhu_init_receiver(mhu_receiver_base); if (err != MHU_ERR_NONE) { if (err == MHU_ERR_ALREADY_INIT) { - INFO("[RSS-COMMS] RSS to Host MHU driver already initialized\n"); + INFO("[RSE-COMMS] RSE to Host MHU driver already initialized\n"); } else { - ERROR("[RSS-COMMS] RSS to Host MHU driver initialization failed: %d\n", err); + ERROR("[RSE-COMMS] RSE to Host MHU driver initialization failed: %d\n", err); return -1; } } diff --git a/drivers/arm/rse/rse_comms.mk b/drivers/arm/rse/rse_comms.mk index 0d1e30875..a1abc6a98 100644 --- a/drivers/arm/rse/rse_comms.mk +++ b/drivers/arm/rse/rse_comms.mk @@ -4,25 +4,25 @@ # SPDX-License-Identifier: BSD-3-Clause # -$(warning "RSS driver is an experimental feature") +$(warning "RSE driver is an experimental feature") -RSS_COMMS_SOURCES := $(addprefix drivers/arm/rss/, \ - rss_comms.c \ - rss_comms_protocol.c \ - rss_comms_protocol_embed.c \ - rss_comms_protocol_pointer_access.c \ +RSE_COMMS_SOURCES := $(addprefix drivers/arm/rse/, \ + rse_comms.c \ + rse_comms_protocol.c \ + rse_comms_protocol_embed.c \ + rse_comms_protocol_pointer_access.c \ ) # Default to MHUv2 if PLAT_MHU_VERSION undefined PLAT_MHU_VERSION ?= 2 ifeq (${PLAT_MHU_VERSION}, 3) -RSS_COMMS_SOURCES += $(addprefix drivers/arm/mhu/, \ +RSE_COMMS_SOURCES += $(addprefix drivers/arm/mhu/, \ mhu_v3_x.c \ mhu_wrapper_v3_x.c \ ) else ifeq (${PLAT_MHU_VERSION}, 2) -RSS_COMMS_SOURCES += $(addprefix drivers/arm/mhu/, \ +RSE_COMMS_SOURCES += $(addprefix drivers/arm/mhu/, \ mhu_v2_x.c \ mhu_wrapper_v2_x.c \ ) @@ -30,5 +30,5 @@ else $(error Unsupported MHU version) endif -PLAT_INCLUDES += -Idrivers/arm/rss \ +PLAT_INCLUDES += -Idrivers/arm/rse \ -Idrivers/arm/mhu diff --git a/drivers/arm/rse/rse_comms_protocol.c b/drivers/arm/rse/rse_comms_protocol.c index a1b1b58cb..3eb7eaa58 100644 --- a/drivers/arm/rse/rse_comms_protocol.c +++ b/drivers/arm/rse/rse_comms_protocol.c @@ -7,15 +7,15 @@ #include #include -#include "rss_comms_protocol.h" +#include "rse_comms_protocol.h" -psa_status_t rss_protocol_serialize_msg(psa_handle_t handle, +psa_status_t rse_protocol_serialize_msg(psa_handle_t handle, int16_t type, const psa_invec *in_vec, uint8_t in_len, const psa_outvec *out_vec, uint8_t out_len, - struct serialized_rss_comms_msg_t *msg, + struct serialized_rse_comms_msg_t *msg, size_t *msg_len) { psa_status_t status; @@ -25,15 +25,15 @@ psa_status_t rss_protocol_serialize_msg(psa_handle_t handle, assert(in_vec != NULL); switch (msg->header.protocol_ver) { - case RSS_COMMS_PROTOCOL_EMBED: - status = rss_protocol_embed_serialize_msg(handle, type, in_vec, in_len, out_vec, + case RSE_COMMS_PROTOCOL_EMBED: + status = rse_protocol_embed_serialize_msg(handle, type, in_vec, in_len, out_vec, out_len, &msg->msg.embed, msg_len); if (status != PSA_SUCCESS) { return status; } break; - case RSS_COMMS_PROTOCOL_POINTER_ACCESS: - status = rss_protocol_pointer_access_serialize_msg(handle, type, in_vec, in_len, + case RSE_COMMS_PROTOCOL_POINTER_ACCESS: + status = rse_protocol_pointer_access_serialize_msg(handle, type, in_vec, in_len, out_vec, out_len, &msg->msg.pointer_access, msg_len); @@ -45,26 +45,26 @@ psa_status_t rss_protocol_serialize_msg(psa_handle_t handle, return PSA_ERROR_NOT_SUPPORTED; } - *msg_len += sizeof(struct serialized_rss_comms_header_t); + *msg_len += sizeof(struct serialized_rse_comms_header_t); return PSA_SUCCESS; } -psa_status_t rss_protocol_deserialize_reply(psa_outvec *out_vec, +psa_status_t rse_protocol_deserialize_reply(psa_outvec *out_vec, uint8_t out_len, psa_status_t *return_val, - const struct serialized_rss_comms_reply_t *reply, + const struct serialized_rse_comms_reply_t *reply, size_t reply_size) { assert(reply != NULL); assert(return_val != NULL); switch (reply->header.protocol_ver) { - case RSS_COMMS_PROTOCOL_EMBED: - return rss_protocol_embed_deserialize_reply(out_vec, out_len, return_val, + case RSE_COMMS_PROTOCOL_EMBED: + return rse_protocol_embed_deserialize_reply(out_vec, out_len, return_val, &reply->reply.embed, reply_size); - case RSS_COMMS_PROTOCOL_POINTER_ACCESS: - return rss_protocol_pointer_access_deserialize_reply(out_vec, out_len, return_val, + case RSE_COMMS_PROTOCOL_POINTER_ACCESS: + return rse_protocol_pointer_access_deserialize_reply(out_vec, out_len, return_val, &reply->reply.pointer_access, reply_size); default: diff --git a/drivers/arm/rse/rse_comms_protocol.h b/drivers/arm/rse/rse_comms_protocol.h index 9a38057cd..24f396572 100644 --- a/drivers/arm/rse/rse_comms_protocol.h +++ b/drivers/arm/rse/rse_comms_protocol.h @@ -5,63 +5,63 @@ * */ -#ifndef __RSS_COMMS_PROTOCOL_H__ -#define __RSS_COMMS_PROTOCOL_H__ +#ifndef __RSE_COMMS_PROTOCOL_H__ +#define __RSE_COMMS_PROTOCOL_H__ #include #include #include -#include "rss_comms_protocol_embed.h" -#include "rss_comms_protocol_pointer_access.h" +#include "rse_comms_protocol_embed.h" +#include "rse_comms_protocol_pointer_access.h" -enum rss_comms_protocol_version_t { - RSS_COMMS_PROTOCOL_EMBED = 0, - RSS_COMMS_PROTOCOL_POINTER_ACCESS = 1, +enum rse_comms_protocol_version_t { + RSE_COMMS_PROTOCOL_EMBED = 0, + RSE_COMMS_PROTOCOL_POINTER_ACCESS = 1, }; -struct __packed serialized_rss_comms_header_t { +struct __packed serialized_rse_comms_header_t { uint8_t protocol_ver; uint8_t seq_num; uint16_t client_id; }; -/* MHU message passed from Host to RSS to deliver a PSA client call */ -struct __packed serialized_rss_comms_msg_t { - struct serialized_rss_comms_header_t header; +/* MHU message passed from Host to RSE to deliver a PSA client call */ +struct __packed serialized_rse_comms_msg_t { + struct serialized_rse_comms_header_t header; union __packed { - struct rss_embed_msg_t embed; - struct rss_pointer_access_msg_t pointer_access; + struct rse_embed_msg_t embed; + struct rse_pointer_access_msg_t pointer_access; } msg; }; -/* MHU reply message to hold the PSA client reply result returned by RSS */ -struct __packed serialized_rss_comms_reply_t { - struct serialized_rss_comms_header_t header; +/* MHU reply message to hold the PSA client reply result returned by RSE */ +struct __packed serialized_rse_comms_reply_t { + struct serialized_rse_comms_header_t header; union __packed { - struct rss_embed_reply_t embed; - struct rss_pointer_access_reply_t pointer_access; + struct rse_embed_reply_t embed; + struct rse_pointer_access_reply_t pointer_access; } reply; }; /* in_len and out_len are uint8_ts, therefore if there are more than 255 iovecs * an error may occur. */ -CASSERT(PSA_MAX_IOVEC <= UINT8_MAX, assert_rss_comms_max_iovec_too_large); +CASSERT(PSA_MAX_IOVEC <= UINT8_MAX, assert_rse_comms_max_iovec_too_large); -psa_status_t rss_protocol_serialize_msg(psa_handle_t handle, +psa_status_t rse_protocol_serialize_msg(psa_handle_t handle, int16_t type, const psa_invec *in_vec, uint8_t in_len, const psa_outvec *out_vec, uint8_t out_len, - struct serialized_rss_comms_msg_t *msg, + struct serialized_rse_comms_msg_t *msg, size_t *msg_len); -psa_status_t rss_protocol_deserialize_reply(psa_outvec *out_vec, +psa_status_t rse_protocol_deserialize_reply(psa_outvec *out_vec, uint8_t out_len, psa_status_t *return_val, - const struct serialized_rss_comms_reply_t *reply, + const struct serialized_rse_comms_reply_t *reply, size_t reply_size); -#endif /* __RSS_COMMS_PROTOCOL_H__ */ +#endif /* __RSE_COMMS_PROTOCOL_H__ */ diff --git a/drivers/arm/rse/rse_comms_protocol_common.h b/drivers/arm/rse/rse_comms_protocol_common.h index 177d6363c..235ea92f9 100644 --- a/drivers/arm/rse/rse_comms_protocol_common.h +++ b/drivers/arm/rse/rse_comms_protocol_common.h @@ -17,8 +17,8 @@ * Res: Reserved. */ -#ifndef RSS_COMMS_PROTOCOL_COMMON -#define RSS_COMMS_PROTOCOL_COMMON +#ifndef RSE_COMMS_PROTOCOL_COMMON +#define RSE_COMMS_PROTOCOL_COMMON #define TYPE_OFFSET (0U) #define TYPE_MASK (0xFFFFUL << TYPE_OFFSET) @@ -32,4 +32,4 @@ ((((uint32_t)(in_len)) << IN_LEN_OFFSET) & IN_LEN_MASK) | \ ((((uint32_t)(out_len)) << OUT_LEN_OFFSET) & OUT_LEN_MASK)) -#endif /* RSS_COMMS_PROTOCOL_COMMON */ +#endif /* RSE_COMMS_PROTOCOL_COMMON */ diff --git a/drivers/arm/rse/rse_comms_protocol_embed.c b/drivers/arm/rse/rse_comms_protocol_embed.c index 05628ccdd..d425257de 100644 --- a/drivers/arm/rse/rse_comms_protocol_embed.c +++ b/drivers/arm/rse/rse_comms_protocol_embed.c @@ -9,16 +9,16 @@ #include #include -#include "rss_comms_protocol_common.h" -#include "rss_comms_protocol_embed.h" +#include "rse_comms_protocol_common.h" +#include "rse_comms_protocol_embed.h" -psa_status_t rss_protocol_embed_serialize_msg(psa_handle_t handle, +psa_status_t rse_protocol_embed_serialize_msg(psa_handle_t handle, int16_t type, const psa_invec *in_vec, uint8_t in_len, const psa_outvec *out_vec, uint8_t out_len, - struct rss_embed_msg_t *msg, + struct rse_embed_msg_t *msg, size_t *msg_len) { uint32_t payload_size = 0; @@ -55,10 +55,10 @@ psa_status_t rss_protocol_embed_serialize_msg(psa_handle_t handle, return PSA_SUCCESS; } -psa_status_t rss_protocol_embed_deserialize_reply(psa_outvec *out_vec, +psa_status_t rse_protocol_embed_deserialize_reply(psa_outvec *out_vec, uint8_t out_len, psa_status_t *return_val, - const struct rss_embed_reply_t *reply, + const struct rse_embed_reply_t *reply, size_t reply_size) { uint32_t payload_offset = 0; diff --git a/drivers/arm/rse/rse_comms_protocol_embed.h b/drivers/arm/rse/rse_comms_protocol_embed.h index c81c7954e..165978d4a 100644 --- a/drivers/arm/rse/rse_comms_protocol_embed.h +++ b/drivers/arm/rse/rse_comms_protocol_embed.h @@ -5,8 +5,8 @@ * */ -#ifndef __RSS_COMMS_PROTOCOL_EMBED_H__ -#define __RSS_COMMS_PROTOCOL_EMBED_H__ +#ifndef __RSE_COMMS_PROTOCOL_EMBED_H__ +#define __RSE_COMMS_PROTOCOL_EMBED_H__ #include @@ -16,32 +16,32 @@ -struct __packed rss_embed_msg_t { +struct __packed rse_embed_msg_t { psa_handle_t handle; uint32_t ctrl_param; /* type, in_len, out_len */ uint16_t io_size[PSA_MAX_IOVEC]; - uint8_t trailer[PLAT_RSS_COMMS_PAYLOAD_MAX_SIZE]; + uint8_t trailer[PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE]; }; -struct __packed rss_embed_reply_t { +struct __packed rse_embed_reply_t { int32_t return_val; uint16_t out_size[PSA_MAX_IOVEC]; - uint8_t trailer[PLAT_RSS_COMMS_PAYLOAD_MAX_SIZE]; + uint8_t trailer[PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE]; }; -psa_status_t rss_protocol_embed_serialize_msg(psa_handle_t handle, +psa_status_t rse_protocol_embed_serialize_msg(psa_handle_t handle, int16_t type, const psa_invec *in_vec, uint8_t in_len, const psa_outvec *out_vec, uint8_t out_len, - struct rss_embed_msg_t *msg, + struct rse_embed_msg_t *msg, size_t *msg_len); -psa_status_t rss_protocol_embed_deserialize_reply(psa_outvec *out_vec, +psa_status_t rse_protocol_embed_deserialize_reply(psa_outvec *out_vec, uint8_t out_len, psa_status_t *return_val, - const struct rss_embed_reply_t *reply, + const struct rse_embed_reply_t *reply, size_t reply_size); -#endif /* __RSS_COMMS_PROTOCOL_EMBED_H__ */ +#endif /* __RSE_COMMS_PROTOCOL_EMBED_H__ */ diff --git a/drivers/arm/rse/rse_comms_protocol_pointer_access.c b/drivers/arm/rse/rse_comms_protocol_pointer_access.c index 3a10a9843..63524ebef 100644 --- a/drivers/arm/rse/rse_comms_protocol_pointer_access.c +++ b/drivers/arm/rse/rse_comms_protocol_pointer_access.c @@ -6,16 +6,16 @@ */ #include -#include "rss_comms_protocol_common.h" -#include "rss_comms_protocol_pointer_access.h" +#include "rse_comms_protocol_common.h" +#include "rse_comms_protocol_pointer_access.h" -psa_status_t rss_protocol_pointer_access_serialize_msg(psa_handle_t handle, +psa_status_t rse_protocol_pointer_access_serialize_msg(psa_handle_t handle, int16_t type, const psa_invec *in_vec, uint8_t in_len, const psa_outvec *out_vec, uint8_t out_len, - struct rss_pointer_access_msg_t *msg, + struct rse_pointer_access_msg_t *msg, size_t *msg_len) { unsigned int i; @@ -42,10 +42,10 @@ psa_status_t rss_protocol_pointer_access_serialize_msg(psa_handle_t handle, return PSA_SUCCESS; } -psa_status_t rss_protocol_pointer_access_deserialize_reply(psa_outvec *out_vec, +psa_status_t rse_protocol_pointer_access_deserialize_reply(psa_outvec *out_vec, uint8_t out_len, psa_status_t *return_val, - const struct rss_pointer_access_reply_t *reply, + const struct rse_pointer_access_reply_t *reply, size_t reply_size) { unsigned int i; diff --git a/drivers/arm/rse/rse_comms_protocol_pointer_access.h b/drivers/arm/rse/rse_comms_protocol_pointer_access.h index a4d054bd2..e5935f3f8 100644 --- a/drivers/arm/rse/rse_comms_protocol_pointer_access.h +++ b/drivers/arm/rse/rse_comms_protocol_pointer_access.h @@ -5,38 +5,38 @@ * */ -#ifndef __RSS_COMMS_PROTOCOL_POINTER_ACCESS_H__ -#define __RSS_COMMS_PROTOCOL_POINTER_ACCESS_H__ +#ifndef __RSE_COMMS_PROTOCOL_POINTER_ACCESS_H__ +#define __RSE_COMMS_PROTOCOL_POINTER_ACCESS_H__ #include #include -struct __packed rss_pointer_access_msg_t { +struct __packed rse_pointer_access_msg_t { psa_handle_t handle; uint32_t ctrl_param; uint32_t io_sizes[PSA_MAX_IOVEC]; uint64_t host_ptrs[PSA_MAX_IOVEC]; }; -struct __packed rss_pointer_access_reply_t { +struct __packed rse_pointer_access_reply_t { int32_t return_val; uint32_t out_sizes[PSA_MAX_IOVEC]; }; -psa_status_t rss_protocol_pointer_access_serialize_msg(psa_handle_t handle, +psa_status_t rse_protocol_pointer_access_serialize_msg(psa_handle_t handle, int16_t type, const psa_invec *in_vec, uint8_t in_len, const psa_outvec *out_vec, uint8_t out_len, - struct rss_pointer_access_msg_t *msg, + struct rse_pointer_access_msg_t *msg, size_t *msg_len); -psa_status_t rss_protocol_pointer_access_deserialize_reply(psa_outvec *out_vec, +psa_status_t rse_protocol_pointer_access_deserialize_reply(psa_outvec *out_vec, uint8_t out_len, psa_status_t *return_val, - const struct rss_pointer_access_reply_t *reply, + const struct rse_pointer_access_reply_t *reply, size_t reply_size); -#endif /* __RSS_COMMS_PROTOCOL_POINTER_ACCESS_H__ */ +#endif /* __RSE_COMMS_PROTOCOL_POINTER_ACCESS_H__ */ diff --git a/include/drivers/arm/rse_comms.h b/include/drivers/arm/rse_comms.h index b96c79f7c..e4169a512 100644 --- a/include/drivers/arm/rse_comms.h +++ b/include/drivers/arm/rse_comms.h @@ -5,11 +5,11 @@ * */ -#ifndef RSS_COMMS_H -#define RSS_COMMS_H +#ifndef RSE_COMMS_H +#define RSE_COMMS_H #include -int rss_comms_init(uintptr_t mhu_sender_base, uintptr_t mhu_receiver_base); +int rse_comms_init(uintptr_t mhu_sender_base, uintptr_t mhu_receiver_base); -#endif /* RSS_COMMS_H */ +#endif /* RSE_COMMS_H */ From b8245368cc79e0ab8187d805e7e743eeb3d306e7 Mon Sep 17 00:00:00 2001 From: Tamas Ban Date: Wed, 21 Feb 2024 12:49:34 +0100 Subject: [PATCH 07/15] refactor(measured-boot): change all occurrences of RSS to RSE Changes all occurrences of "RSS" and "rss" in the code and build files to "RSE" and "rse". Signed-off-by: Tamas Ban Change-Id: I8c2fcbdf1de1c75f9969d28bc15e0b3500071404 --- drivers/measured_boot/rse/dice_prot_env.c | 2 +- drivers/measured_boot/rse/dice_prot_env.mk | 2 +- drivers/measured_boot/rse/rse_measured_boot.c | 18 +++++++++--------- drivers/measured_boot/rse/rse_measured_boot.mk | 14 +++++++------- .../measured_boot/rse/rse_measured_boot.h | 16 ++++++++-------- 5 files changed, 26 insertions(+), 26 deletions(-) diff --git a/drivers/measured_boot/rse/dice_prot_env.c b/drivers/measured_boot/rse/dice_prot_env.c index 81a21d164..8e9185a75 100644 --- a/drivers/measured_boot/rse/dice_prot_env.c +++ b/drivers/measured_boot/rse/dice_prot_env.c @@ -13,7 +13,7 @@ #include #include -#include +#include #include #include diff --git a/drivers/measured_boot/rse/dice_prot_env.mk b/drivers/measured_boot/rse/dice_prot_env.mk index c5a35e031..7c833076a 100644 --- a/drivers/measured_boot/rse/dice_prot_env.mk +++ b/drivers/measured_boot/rse/dice_prot_env.mk @@ -26,4 +26,4 @@ $(eval $(call add_defines,\ DPE_DIGEST_SIZE \ ))) -DPE_SOURCES += drivers/measured_boot/rss/dice_prot_env.c +DPE_SOURCES += drivers/measured_boot/rse/dice_prot_env.c diff --git a/drivers/measured_boot/rse/rse_measured_boot.c b/drivers/measured_boot/rse/rse_measured_boot.c index c44ec7396..5337c3de1 100644 --- a/drivers/measured_boot/rse/rse_measured_boot.c +++ b/drivers/measured_boot/rse/rse_measured_boot.c @@ -9,7 +9,7 @@ #include #include -#include +#include #include #include #include @@ -46,12 +46,12 @@ static bool null_arr(const uint8_t *signer_id, size_t signer_id_size) #endif /* ENABLE_ASSERTIONS */ /* Functions' declarations */ -void rss_measured_boot_init(struct rss_mboot_metadata *metadata_ptr) +void rse_measured_boot_init(struct rse_mboot_metadata *metadata_ptr) { assert(metadata_ptr != NULL); /* Init the non-const members of the metadata structure */ - while (metadata_ptr->id != RSS_MBOOT_INVALID_ID) { + while (metadata_ptr->id != RSE_MBOOT_INVALID_ID) { assert(null_arr(metadata_ptr->signer_id, MBOOT_DIGEST_SIZE)); metadata_ptr->sw_type_size = strlen((const char *)&metadata_ptr->sw_type) + 1; @@ -59,7 +59,7 @@ void rss_measured_boot_init(struct rss_mboot_metadata *metadata_ptr) } } -int rss_mboot_measure_and_record(struct rss_mboot_metadata *metadata_ptr, +int rse_mboot_measure_and_record(struct rse_mboot_metadata *metadata_ptr, uintptr_t data_base, uint32_t data_size, uint32_t data_id) { @@ -70,13 +70,13 @@ int rss_mboot_measure_and_record(struct rss_mboot_metadata *metadata_ptr, assert(metadata_ptr != NULL); /* Get the metadata associated with this image. */ - while ((metadata_ptr->id != RSS_MBOOT_INVALID_ID) && + while ((metadata_ptr->id != RSE_MBOOT_INVALID_ID) && (metadata_ptr->id != data_id)) { metadata_ptr++; } /* If image is not present in metadata array then skip */ - if (metadata_ptr->id == RSS_MBOOT_INVALID_ID) { + if (metadata_ptr->id == RSE_MBOOT_INVALID_ID) { return 0; } @@ -87,7 +87,7 @@ int rss_mboot_measure_and_record(struct rss_mboot_metadata *metadata_ptr, return rc; } - ret = rss_measured_boot_extend_measurement( + ret = rse_measured_boot_extend_measurement( metadata_ptr->slot, metadata_ptr->signer_id, metadata_ptr->signer_id_size, @@ -106,7 +106,7 @@ int rss_mboot_measure_and_record(struct rss_mboot_metadata *metadata_ptr, return 0; } -int rss_mboot_set_signer_id(struct rss_mboot_metadata *metadata_ptr, +int rse_mboot_set_signer_id(struct rse_mboot_metadata *metadata_ptr, const void *pk_oid, const void *pk_ptr, size_t pk_len) @@ -125,7 +125,7 @@ int rss_mboot_set_signer_id(struct rss_mboot_metadata *metadata_ptr, * The platform may decide not to measure all of the images * in the system. */ - while (metadata_ptr->id != RSS_MBOOT_INVALID_ID) { + while (metadata_ptr->id != RSE_MBOOT_INVALID_ID) { /* Get the metadata associated with this key-oid */ if (metadata_ptr->pk_oid == pk_oid) { if (hash_calc_done == false) { diff --git a/drivers/measured_boot/rse/rse_measured_boot.mk b/drivers/measured_boot/rse/rse_measured_boot.mk index 18ee83618..1bd971f32 100644 --- a/drivers/measured_boot/rse/rse_measured_boot.mk +++ b/drivers/measured_boot/rse/rse_measured_boot.mk @@ -6,27 +6,27 @@ # Hash algorithm for measured boot # SHA-256 (or stronger) is required. -MBOOT_RSS_HASH_ALG := sha256 +MBOOT_RSE_HASH_ALG := sha256 -ifeq (${MBOOT_RSS_HASH_ALG}, sha512) +ifeq (${MBOOT_RSE_HASH_ALG}, sha512) MBOOT_ALG_ID := MBOOT_ALG_SHA512 MBOOT_DIGEST_SIZE := 64U -else ifeq (${MBOOT_RSS_HASH_ALG}, sha384) +else ifeq (${MBOOT_RSE_HASH_ALG}, sha384) MBOOT_ALG_ID := MBOOT_ALG_SHA384 MBOOT_DIGEST_SIZE := 48U else MBOOT_ALG_ID := MBOOT_ALG_SHA256 MBOOT_DIGEST_SIZE := 32U -endif #MBOOT_RSS_HASH_ALG +endif #MBOOT_RSE_HASH_ALG # Set definitions for Measured Boot driver. $(eval $(call add_defines,\ $(sort \ MBOOT_ALG_ID \ MBOOT_DIGEST_SIZE \ - MBOOT_RSS_BACKEND \ + MBOOT_RSE_BACKEND \ ))) -MEASURED_BOOT_SRC_DIR := drivers/measured_boot/rss/ +MEASURED_BOOT_SRC_DIR := drivers/measured_boot/rse/ -MEASURED_BOOT_SOURCES += ${MEASURED_BOOT_SRC_DIR}rss_measured_boot.c +MEASURED_BOOT_SOURCES += ${MEASURED_BOOT_SRC_DIR}rse_measured_boot.c diff --git a/include/drivers/measured_boot/rse/rse_measured_boot.h b/include/drivers/measured_boot/rse/rse_measured_boot.h index 38f7d4e34..2f605d715 100644 --- a/include/drivers/measured_boot/rse/rse_measured_boot.h +++ b/include/drivers/measured_boot/rse/rse_measured_boot.h @@ -4,17 +4,17 @@ * SPDX-License-Identifier: BSD-3-Clause */ -#ifndef RSS_MEASURED_BOOT_H -#define RSS_MEASURED_BOOT_H +#ifndef RSE_MEASURED_BOOT_H +#define RSE_MEASURED_BOOT_H #include #include #include -#define RSS_MBOOT_INVALID_ID UINT32_MAX +#define RSE_MBOOT_INVALID_ID UINT32_MAX -struct rss_mboot_metadata { +struct rse_mboot_metadata { unsigned int id; uint8_t slot; uint8_t signer_id[SIGNER_ID_MAX_SIZE]; @@ -28,13 +28,13 @@ struct rss_mboot_metadata { }; /* Functions' declarations */ -void rss_measured_boot_init(struct rss_mboot_metadata *metadata_ptr); -int rss_mboot_measure_and_record(struct rss_mboot_metadata *metadata_ptr, +void rse_measured_boot_init(struct rse_mboot_metadata *metadata_ptr); +int rse_mboot_measure_and_record(struct rse_mboot_metadata *metadata_ptr, uintptr_t data_base, uint32_t data_size, uint32_t data_id); -int rss_mboot_set_signer_id(struct rss_mboot_metadata *metadata_ptr, +int rse_mboot_set_signer_id(struct rse_mboot_metadata *metadata_ptr, const void *pk_oid, const void *pk_ptr, size_t pk_len); -#endif /* RSS_MEASURED_BOOT_H */ +#endif /* RSE_MEASURED_BOOT_H */ From 624c9a0b387aa35005b9655e224d664a96d4ca67 Mon Sep 17 00:00:00 2001 From: Tamas Ban Date: Wed, 21 Feb 2024 13:55:31 +0100 Subject: [PATCH 08/15] docs: change all occurrences of RSS to RSE Changes all occurrences of "RSS" and "rss" in the documentation to "RSE" and "rse". Signed-off-by: Tamas Ban Change-Id: Ia42078f5faa1db331b1e5a35f01faeaf1afacb5f --- docs/about/features.rst | 2 +- docs/about/maintainers.rst | 8 +- docs/design_documents/index.rst | 2 +- docs/design_documents/measured_boot.rst | 10 +- docs/design_documents/rse.rst | 148 +++++++++--------- docs/porting-guide.rst | 6 +- .../plantuml/rse_attestation_flow.puml | 2 +- .../plantuml/rse_measured_boot_flow.puml | 96 ++++++------ .../diagrams/plantuml/tfa_rse_dfd.puml | 12 +- .../diagrams/rse_attestation_flow.svg | 4 +- .../diagrams/rse_measured_boot_flow.svg | 98 ++++++------ .../firmware_threat_model/index.rst | 2 +- .../threat_model_rse_interface.rst | 28 ++-- .../supply_chain_threat_model.rst | 2 +- 14 files changed, 210 insertions(+), 210 deletions(-) diff --git a/docs/about/features.rst b/docs/about/features.rst index c12509d9d..9b7bdf9da 100644 --- a/docs/about/features.rst +++ b/docs/about/features.rst @@ -128,7 +128,7 @@ Additionally the following libraries are marked experimental when included in a platform: - MPU translation library ``lib/xlat_mpu`` -- RSS comms driver ``drivers/arm/rss`` +- RSE comms driver ``drivers/arm/rse`` Still to come ------------- diff --git a/docs/about/maintainers.rst b/docs/about/maintainers.rst index 6d34339d2..0fade3efb 100644 --- a/docs/about/maintainers.rst +++ b/docs/about/maintainers.rst @@ -337,12 +337,12 @@ Message Handling Unit (MHU) driver :|F|: include/drivers/arm/mhu.h :|F|: drivers/arm/mhu -Runtime Security Subsystem (RSS) comms driver -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Runtime Security Engine (RSE) comms driver +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ :|M|: David Vincze :|G|: `davidvincze`_ -:|F|: include/drivers/arm/rss_comms.h -:|F|: drivers/arm/rss +:|F|: include/drivers/arm/rse_comms.h +:|F|: drivers/arm/rse Libfdt wrappers ^^^^^^^^^^^^^^^ diff --git a/docs/design_documents/index.rst b/docs/design_documents/index.rst index ecc68b237..ac982e098 100644 --- a/docs/design_documents/index.rst +++ b/docs/design_documents/index.rst @@ -9,7 +9,7 @@ Design Documents context_mgmt_rework measured_boot_poc drtm_poc - rss + rse psci_osi_mode measured_boot diff --git a/docs/design_documents/measured_boot.rst b/docs/design_documents/measured_boot.rst index 8a2ab2df8..9dfe49415 100644 --- a/docs/design_documents/measured_boot.rst +++ b/docs/design_documents/measured_boot.rst @@ -91,10 +91,10 @@ The Measured Boot implementation in TF-A supports: and the variable length crypto agile structure called TCG_PCR_EVENT2. Event Log driver implemented in TF-A covers later part. -#. RSS +#. RSE It is one of physical backend to extend the measurements. Please refer this - document :ref:`Runtime Security Subsystem (RSS)` for more details. + document :ref:`Runtime Security Engine (RSE)` for more details. Platform Interface ------------------ @@ -121,7 +121,7 @@ Responsibilities of these platform interfaces are - void bl2_plat_mboot_init(void); Initialise all Measured Boot backends supported by the platform - (e.g. Event Log buffer, RSS). As these functions do not return any value, + (e.g. Event Log buffer, RSE). As these functions do not return any value, the platform should deal with error management, such as logging the error somewhere, or panicking the system if this is considered a fatal error. @@ -147,7 +147,7 @@ Responsibilities of these platform interfaces are - - If it is Event Log backend, then record the measurement in TCG Event Log format. - - If it is a secure crypto-processor (like RSS), then extend the designated + - If it is a secure crypto-processor (like RSE), then extend the designated PCR (or slot) with the given measurement. - This function must return 0 on success, a signed integer error code otherwise. @@ -223,7 +223,7 @@ Responsibilities of these platform interfaces are - - This function must return 0 on success, a signed integer error code otherwise. - In TC2 platform, this function is used to calculate the hash of the given - key and forward this hash to RSS alongside the measurement of the image + key and forward this hash to RSE alongside the measurement of the image which the key signs. -------------- diff --git a/docs/design_documents/rse.rst b/docs/design_documents/rse.rst index 18d543683..7296a453e 100644 --- a/docs/design_documents/rse.rst +++ b/docs/design_documents/rse.rst @@ -1,45 +1,45 @@ -Runtime Security Subsystem (RSS) -================================ +Runtime Security Engine (RSE) +============================= -This document focuses on the relationship between the Runtime Security Subsystem -(RSS) and the application processor (AP). According to the ARM reference design -the RSS is an independent core next to the AP and the SCP on the same die. It +This document focuses on the relationship between the Runtime Security Engine +(RSE) and the application processor (AP). According to the ARM reference design +the RSE is an independent core next to the AP and the SCP on the same die. It provides fundamental security guarantees and runtime services for the rest of the system (e.g.: trusted boot, measured boot, platform attestation, key management, and key derivation). -At power up RSS boots first from its private ROM code. It validates and loads +At power up RSE boots first from its private ROM code. It validates and loads its own images and the initial images of SCP and AP. When AP and SCP are released from reset and their initial code is loaded then they continue their -own boot process, which is the same as on non-RSS systems. Please refer to the -``RSS documentation`` [1]_ for more details about the RSS boot flow. +own boot process, which is the same as on non-RSE systems. Please refer to the +``RSE documentation`` [1]_ for more details about the RSE boot flow. -The last stage of the RSS firmware is a persistent, runtime component. Much +The last stage of the RSE firmware is a persistent, runtime component. Much like AP_BL31, this is a passive entity which has no periodical task to do and -just waits for external requests from other subsystems. RSS and other -subsystems can communicate with each other over message exchange. RSS waits +just waits for external requests from other subsystems. RSE and other +subsystems can communicate with each other over message exchange. RSE waits in idle for the incoming request, handles them, and sends a response then goes back to idle. -RSS communication layer +RSE communication layer ----------------------- -The communication between RSS and other subsystems are primarily relying on the -Message Handling Unit (MHU) module. The number of MHU interfaces between RSS +The communication between RSE and other subsystems are primarily relying on the +Message Handling Unit (MHU) module. The number of MHU interfaces between RSE and other cores is IMPDEF. Besides MHU other modules also could take part in -the communication. RSS is capable of mapping the AP memory to its address space. -Thereby either RSS core itself or a DMA engine if it is present, can move the -data between memory belonging to RSS or AP. In this way, a bigger amount of data +the communication. RSE is capable of mapping the AP memory to its address space. +Thereby either RSE core itself or a DMA engine if it is present, can move the +data between memory belonging to RSE or AP. In this way, a bigger amount of data can be transferred in a short time. The MHU comes in pairs. There is a sender and receiver side. They are connected to each other. An MHU interface consists of two pairs of MHUs, one sender and one receiver on both sides. Bidirectional communication is possible over an -interface. One pair provides message sending from AP to RSS and the other pair -from RSS to AP. The sender and receiver are connected via channels. There is an +interface. One pair provides message sending from AP to RSE and the other pair +from RSE to AP. The sender and receiver are connected via channels. There is an IMPDEF number of channels (e.g: 4-16) between a sender and a receiver module. -The RSS communication layer provides two ways for message exchange: +The RSE communication layer provides two ways for message exchange: - ``Embedded messaging``: The full message, including header and payload, are exchanged over the MHU channels. A channel is capable of delivering a single @@ -55,16 +55,16 @@ The RSS communication layer provides two ways for message exchange: - ``Pointer-access messaging``: The message header and the payload are separated and they are conveyed in different ways. The header is sent over the channels, similar to the embedded messaging but the payload is - copied over by RSS core (or by DMA) between the sender and the receiver. This + copied over by RSE core (or by DMA) between the sender and the receiver. This could be useful in the case of long messages because transaction time is less - compared to the embedded messaging mode. Small payloads are copied by the RSS + compared to the embedded messaging mode. Small payloads are copied by the RSE core because setting up DMA would require more CPU cycles. The payload is - either copied into an internal buffer or directly read-written by RSS. Actual - behavior depends on RSS setup, whether the partition supports memory-mapped + either copied into an internal buffer or directly read-written by RSE. Actual + behavior depends on RSE setup, whether the partition supports memory-mapped ``iovec``. Therefore, the sender must handle both cases and prevent access to - the memory, where payload data lives, while the RSS handles the request. + the memory, where payload data lives, while the RSE handles the request. -The RSS communication layer supports both ways of messaging in parallel. It is +The RSE communication layer supports both ways of messaging in parallel. It is decided at runtime based on the message size which way to transfer the message. .. code-block:: bash @@ -93,25 +93,25 @@ decided at runtime based on the message size which way to transfer the message. V | | | V V +----------------------------------------------+ | | +-------------------+ | |--+-+ | | - | RSS | | SRAM | + | RSE | | SRAM | | | | | +----------------------------------------------+ +-------------------+ .. Note:: - The RSS communication layer is not prepared for concurrent execution. The + The RSE communication layer is not prepared for concurrent execution. The current use case only requires message exchange during the boot phase. In the boot phase, only a single core is running and the rest of the cores are in reset. Message structure ^^^^^^^^^^^^^^^^^ -A description of the message format can be found in the ``RSS communication +A description of the message format can be found in the ``RSE communication design`` [2]_ document. Source files ^^^^^^^^^^^^ -- RSS comms: ``drivers/arm/rss`` +- RSE comms: ``drivers/arm/rse`` - MHU driver: ``drivers/arm/mhu`` @@ -119,29 +119,29 @@ API for communication over MHU ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The API is defined in these header files: -- ``include/drivers/arm/rss_comms.h`` +- ``include/drivers/arm/rse_comms.h`` - ``include/drivers/arm/mhu.h`` -RSS provided runtime services +RSE provided runtime services ----------------------------- -RSS provides the following runtime services: +RSE provides the following runtime services: - ``Measured boot``: Securely store the firmware measurements which were computed during the boot process and the associated metadata (image description, measurement algorithm, etc.). More info on measured boot service - in RSS can be found in the ``measured_boot_integration_guide`` [3]_ . + in RSE can be found in the ``measured_boot_integration_guide`` [3]_ . - ``Delegated attestation``: Query the platform attestation token and derive a delegated attestation key. More info on the delegated attestation service - in RSS can be found in the ``delegated_attestation_integration_guide`` [4]_ . + in RSE can be found in the ``delegated_attestation_integration_guide`` [4]_ . - ``OTP assets management``: Public keys used by AP during the trusted boot - process can be requested from RSS. Furthermore, AP can request RSS to + process can be requested from RSE. Furthermore, AP can request RSE to increase a non-volatile counter. Please refer to the - ``RSS key management`` [5]_ document for more details. + ``RSE key management`` [5]_ document for more details. Runtime service API ^^^^^^^^^^^^^^^^^^^ -The RSS provided runtime services implement a PSA aligned API. The parameter +The RSE provided runtime services implement a PSA aligned API. The parameter encoding follows the PSA client protocol described in the ``Firmware Framework for M`` [6]_ document in chapter 4.4. The implementation is restricted to the static handle use case therefore only the ``psa_call`` API is @@ -168,7 +168,7 @@ Software and API layers | | V V +------------------------------------------------+ - | RSS communication protocol | + | RSE communication protocol | +------------------------------------------------+ | ^ | mhu_send_data() | mhu_receive_data() @@ -188,7 +188,7 @@ Software and API layers | V +------------------------------------------------+ - | MHU HW on RSS side | + | MHU HW on RSE side | +------------------------------------------------+ | ^ | IRQ | Register access @@ -204,17 +204,17 @@ Software and API layers +---------------+ +------------------------+ -RSS based Measured Boot +RSE based Measured Boot ----------------------- Measured Boot is the process of cryptographically measuring (computing the hash value of a binary) the code and critical data used at boot time. The measurement must be stored in a tamper-resistant way, so the security state -of the device can be attested later to an external party. RSS provides a runtime +of the device can be attested later to an external party. RSE provides a runtime service which is meant to store measurements and associated metadata alongside. Data is stored in internal SRAM which is only accessible by the secure runtime -firmware of RSS. Data is stored in so-called measurement slots. A platform has +firmware of RSE. Data is stored in so-called measurement slots. A platform has IMPDEF number of measurement slots. The measurement storage follows extend semantics. This means that measurements are not stored directly (as it was taken) instead they contribute to the current value of the measurement slot. @@ -236,7 +236,7 @@ Defined here: .. code-block:: c psa_status_t - rss_measured_boot_extend_measurement(uint8_t index, + rse_measured_boot_extend_measurement(uint8_t index, const uint8_t *signer_id, size_t signer_id_size, const uint8_t *version, @@ -291,27 +291,27 @@ multiple times: .. Note:: Extending multiple measurements in the same slot leads to some metadata - information loss. Since RSS is not constrained on special HW resources to + information loss. Since RSE is not constrained on special HW resources to store the measurements and metadata, therefore it is worth considering to store all of them one by one in distinct slots. However, they are one-by-one included in the platform attestation token. So, the number of distinct firmware image measurements has an impact on the size of the attestation token. -The allocation of the measurement slot among RSS, Root and Realm worlds is +The allocation of the measurement slot among RSE, Root and Realm worlds is platform dependent. The platform must provide an allocation of the measurement slot at build time. An example can be found in ``tf-a/plat/arm/board/tc/tc_bl1_measured_boot.c`` Furthermore, the memory, which holds the metadata is also statically allocated -in RSS memory. Some of the fields have a static value (measurement algorithm), +in RSE memory. Some of the fields have a static value (measurement algorithm), and some of the values have a dynamic value (measurement value) which is updated by the bootloaders when the firmware image is loaded and measured. The metadata structure is defined in -``include/drivers/measured_boot/rss/rss_measured_boot.h``. +``include/drivers/measured_boot/rse/rse_measured_boot.h``. .. code-block:: c - struct rss_mboot_metadata { + struct rse_mboot_metadata { unsigned int id; uint8_t slot; uint8_t signer_id[SIGNER_ID_MAX_SIZE]; @@ -328,24 +328,24 @@ Signer-ID API ^^^^^^^^^^^^^ This function calculates the hash of a public key (signer-ID) using the -``Measurement algorithm`` and stores it in the ``rss_mboot_metadata`` field +``Measurement algorithm`` and stores it in the ``rse_mboot_metadata`` field named ``signer_id``. Prior to calling this function, the caller must ensure that the ``signer_id`` field points to the zero-filled buffer. Defined here: -- ``include/drivers/measured_boot/rss/rss_measured_boot.h`` +- ``include/drivers/measured_boot/rse/rse_measured_boot.h`` .. code-block:: c - int rss_mboot_set_signer_id(struct rss_mboot_metadata *metadata_ptr, + int rse_mboot_set_signer_id(struct rse_mboot_metadata *metadata_ptr, const void *pk_oid, const void *pk_ptr, size_t pk_len) -- First parameter is the pointer to the ``rss_mboot_metadata`` structure. +- First parameter is the pointer to the ``rse_mboot_metadata`` structure. - Second parameter is the pointer to the key-OID of the public key. - Third parameter is the pointer to the public key buffer. - Fourth parameter is the size of public key buffer. @@ -356,15 +356,15 @@ Build time config options ^^^^^^^^^^^^^^^^^^^^^^^^^ - ``MEASURED_BOOT``: Enable measured boot. It depends on the platform - implementation whether RSS or TPM (or both) backend based measured boot is + implementation whether RSE or TPM (or both) backend based measured boot is enabled. -- ``MBOOT_RSS_HASH_ALG``: Determine the hash algorithm to measure the images. +- ``MBOOT_RSE_HASH_ALG``: Determine the hash algorithm to measure the images. The default value is sha-256. Measured boot flow ^^^^^^^^^^^^^^^^^^ -.. figure:: ../resources/diagrams/rss_measured_boot_flow.svg +.. figure:: ../resources/diagrams/rse_measured_boot_flow.svg :align: center Sample console log @@ -425,15 +425,15 @@ The detailed description of the delegated attestation service can be found in the ``Delegated Attestation Service Integration Guide`` [4]_ document. In the CCA use case, the Realm Management Monitor (RMM) relies on the delegated -attestation service of the RSS to get a realm attestation key and the CCA +attestation service of the RSE to get a realm attestation key and the CCA platform token. BL31 does not use the service for its own purpose, only calls -it on behalf of RMM. The access to MHU interface and thereby to RSS is +it on behalf of RMM. The access to MHU interface and thereby to RSE is restricted to BL31 only. Therefore, RMM does not have direct access, all calls need to go through BL31. The RMM dispatcher module of the BL31 is responsible for delivering the calls between the two parties. .. Note:: - Currently the connection between the RMM dispatcher and the PSA/RSS layer + Currently the connection between the RMM dispatcher and the PSA/RSE layer is not yet implemented. RMM dispatcher just returns hard coded data. Delegated Attestation API @@ -445,7 +445,7 @@ Defined here: .. code-block:: c psa_status_t - rss_delegated_attest_get_delegated_key(uint8_t ecc_curve, + rse_delegated_attest_get_delegated_key(uint8_t ecc_curve, uint32_t key_bits, uint8_t *key_buf, size_t key_buf_size, @@ -453,7 +453,7 @@ Defined here: uint32_t hash_algo); psa_status_t - rss_delegated_attest_get_token(const uint8_t *dak_pub_hash, + rse_delegated_attest_get_token(const uint8_t *dak_pub_hash, size_t dak_pub_hash_size, uint8_t *token_buf, size_t token_buf_size, @@ -462,7 +462,7 @@ Defined here: Attestation flow ^^^^^^^^^^^^^^^^ -.. figure:: ../resources/diagrams/rss_attestation_flow.svg +.. figure:: ../resources/diagrams/rse_attestation_flow.svg :align: center Sample attestation token @@ -623,27 +623,27 @@ JSON format: "CCA_PLATFORM_VERIFICATION_SERVICE": "www.trustedfirmware.org" } -RSS OTP Assets Management +RSE OTP Assets Management ------------------------- -RSS provides access for AP to assets in OTP, which include keys for image +RSE provides access for AP to assets in OTP, which include keys for image signature verification and non-volatile counters for anti-rollback protection. Non-Volatile Counter API ^^^^^^^^^^^^^^^^^^^^^^^^ -AP/RSS interface for retrieving and incrementing non-volatile counters API is +AP/RSE interface for retrieving and incrementing non-volatile counters API is as follows. Defined here: -- ``include/lib/psa/rss_platform_api.h`` +- ``include/lib/psa/rse_platform_api.h`` .. code-block:: c - psa_status_t rss_platform_nv_counter_increment(uint32_t counter_id) + psa_status_t rse_platform_nv_counter_increment(uint32_t counter_id) - psa_status_t rss_platform_nv_counter_read(uint32_t counter_id, + psa_status_t rse_platform_nv_counter_read(uint32_t counter_id, uint32_t size, uint8_t *val) Through this service, we can read/increment any of the 3 non-volatile @@ -656,15 +656,15 @@ counters used on an Arm CCA platform: Public Key API ^^^^^^^^^^^^^^ -AP/RSS interface for reading the ROTPK is as follows. +AP/RSE interface for reading the ROTPK is as follows. Defined here: -- ``include/lib/psa/rss_platform_api.h`` +- ``include/lib/psa/rse_platform_api.h`` .. code-block:: c - psa_status_t rss_platform_key_read(enum rss_key_id_builtin_t key, + psa_status_t rse_platform_key_read(enum rse_key_id_builtin_t key, uint8_t *data, size_t data_size, size_t *data_length) Through this service, we can read any of the 3 ROTPKs used on an @@ -677,11 +677,11 @@ Arm CCA platform: References ---------- -.. [1] https://tf-m-user-guide.trustedfirmware.org/platform/arm/rss/readme.html -.. [2] https://tf-m-user-guide.trustedfirmware.org/platform/arm/rss/rss_comms.html +.. [1] https://tf-m-user-guide.trustedfirmware.org/platform/arm/rse/readme.html +.. [2] https://tf-m-user-guide.trustedfirmware.org/platform/arm/rse/rse_comms.html .. [3] https://git.trustedfirmware.org/TF-M/tf-m-extras.git/tree/partitions/measured_boot/measured_boot_integration_guide.rst .. [4] https://git.trustedfirmware.org/TF-M/tf-m-extras.git/tree/partitions/delegated_attestation/delegated_attest_integration_guide.rst -.. [5] https://tf-m-user-guide.trustedfirmware.org/platform/arm/rss/rss_key_management.html +.. [5] https://tf-m-user-guide.trustedfirmware.org/platform/arm/rse/rse_key_management.html .. [6] https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Architect/DEN0063-PSA_Firmware_Framework-1.0.0-2.pdf?revision=2d1429fa-4b5b-461a-a60e-4ef3d8f7f4b4&hash=3BFD6F3E687F324672F18E5BE9F08EDC48087C93 .. [7] https://developer.arm.com/documentation/DEN0096/A_a/?lang=en diff --git a/docs/porting-guide.rst b/docs/porting-guide.rst index 7c66d1118..fdd434081 100644 --- a/docs/porting-guide.rst +++ b/docs/porting-guide.rst @@ -256,10 +256,10 @@ likely to be suitable for all platform ports. Defines the maximum address in secure RAM that the BL31 image can occupy. -- **#define : PLAT_RSS_COMMS_PAYLOAD_MAX_SIZE** +- **#define : PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE** - Defines the maximum message size between AP and RSS. Need to define if - platform supports RSS. + Defines the maximum message size between AP and RSE. Need to define if + platform supports RSE. For every image, the platform must define individual identifiers that will be used by BL1 or BL2 to load the corresponding image into memory from non-volatile diff --git a/docs/resources/diagrams/plantuml/rse_attestation_flow.puml b/docs/resources/diagrams/plantuml/rse_attestation_flow.puml index aca5c01f3..9d7d78029 100644 --- a/docs/resources/diagrams/plantuml/rse_attestation_flow.puml +++ b/docs/resources/diagrams/plantuml/rse_attestation_flow.puml @@ -5,7 +5,7 @@ box AP participant RMM participant BL31 endbox -box RSS +box RSE participant DelegAttest participant InitAttest participant MeasuredBoot diff --git a/docs/resources/diagrams/plantuml/rse_measured_boot_flow.puml b/docs/resources/diagrams/plantuml/rse_measured_boot_flow.puml index 1aeb1a9f3..97af56270 100644 --- a/docs/resources/diagrams/plantuml/rse_measured_boot_flow.puml +++ b/docs/resources/diagrams/plantuml/rse_measured_boot_flow.puml @@ -1,11 +1,11 @@ @startuml skinparam ParticipantPadding 10 skinparam BoxPadding 10 -box RSS -participant RSS_BL1_1 -participant RSS_BL1_2 -participant RSS_BL2 -participant RSS_S +box RSE +participant RSE_BL1_1 +participant RSE_BL1_2 +participant RSE_BL2 +participant RSE_S endbox box SCP participant SCP_BL1 @@ -16,64 +16,64 @@ participant AP_BL2 participant AP_BL31 endbox -== RSS Boot phase == --> RSS_BL1_1: Reset -Rnote over RSS_BL1_1: ROM code, XIP -Rnote over RSS_BL1_2: OTP code, XIP -Rnote over RSS_BL2, AP_BL31: Stored in flash, loaded and executed in RAM -activate RSS_BL1_1 #Green -RSS_BL1_1 -->> RSS_BL1_2: Validate, measure -Rnote over RSS_BL1_1: BL1_2 measurement\n\ saved to a shared buffer -RSS_BL1_1 -> RSS_BL1_2: Pass execution -deactivate RSS_BL1_1 -activate RSS_BL1_2 #Green -RSS_BL1_2 -->> RSS_BL2: Validate, measure, load -Rnote over RSS_BL1_2: RSS_BL2 measurement\n\ saved to a shared buffer -RSS_BL1_2 -> RSS_BL2: Pass execution -deactivate RSS_BL1_2 -activate RSS_BL2 #Green -RSS_BL2 -->> RSS_S: Validate, measure, load -RSS_BL2 -->> SCP_BL1: Validate, measure, load -Rnote over RSS_BL2: RSS_S and SCP_BL1\n\ measurements saved\n\ to a shared buffer -RSS_BL2 -> SCP_BL1: Release from reset +== RSE Boot phase == +-> RSE_BL1_1: Reset +Rnote over RSE_BL1_1: ROM code, XIP +Rnote over RSE_BL1_2: OTP code, XIP +Rnote over RSE_BL2, AP_BL31: Stored in flash, loaded and executed in RAM +activate RSE_BL1_1 #Green +RSE_BL1_1 -->> RSE_BL1_2: Validate, measure +Rnote over RSE_BL1_1: BL1_2 measurement\n\ saved to a shared buffer +RSE_BL1_1 -> RSE_BL1_2: Pass execution +deactivate RSE_BL1_1 +activate RSE_BL1_2 #Green +RSE_BL1_2 -->> RSE_BL2: Validate, measure, load +Rnote over RSE_BL1_2: RSE_BL2 measurement\n\ saved to a shared buffer +RSE_BL1_2 -> RSE_BL2: Pass execution +deactivate RSE_BL1_2 +activate RSE_BL2 #Green +RSE_BL2 -->> RSE_S: Validate, measure, load +RSE_BL2 -->> SCP_BL1: Validate, measure, load +Rnote over RSE_BL2: RSE_S and SCP_BL1\n\ measurements saved\n\ to a shared buffer +RSE_BL2 -> SCP_BL1: Release from reset activate SCP_BL1 #Green -Rnote over RSS_BL2, SCP_BL1: MHU init between RSS and SCP +Rnote over RSE_BL2, SCP_BL1: MHU init between RSE and SCP Rnote over SCP_BL1: Configure memory -Rnote over RSS_BL2: Waits for SCP -SCP_BL1 --> RSS_BL2: Done -RSS_BL2 -->> AP_BL1: Validate, measure, load -Rnote over RSS_BL2: AP_BL1 measurement\n\ saved to a shared buffer -RSS_BL2 -> AP_BL1: Release from reset +Rnote over RSE_BL2: Waits for SCP +SCP_BL1 --> RSE_BL2: Done +RSE_BL2 -->> AP_BL1: Validate, measure, load +Rnote over RSE_BL2: AP_BL1 measurement\n\ saved to a shared buffer +RSE_BL2 -> AP_BL1: Release from reset activate AP_BL1 #Green -RSS_BL2 -> RSS_S: Pass execution -deactivate RSS_BL2 -activate RSS_S #Green -Rnote over RSS_S: Measurements read from\n\ shared buffer and saved by\n\ +RSE_BL2 -> RSE_S: Pass execution +deactivate RSE_BL2 +activate RSE_S #Green +Rnote over RSE_S: Measurements read from\n\ shared buffer and saved by\n\ Measured Boot service to\n\ measurement slots. -== RSS Runtime / AP Boot phase == -Rnote over RSS_S, AP_BL1: MHU init between RSS and AP +== RSE Runtime / AP Boot phase == +Rnote over RSE_S, AP_BL1: MHU init between RSE and AP Rnote over AP_BL1: Measure and load:\n\ FW_CONFIG\n\ TB_FW_CONFIG -AP_BL1 -> RSS_S: Extend measurement -Rnote over RSS_S: Measured Boot:\n\ store measurement +AP_BL1 -> RSE_S: Extend measurement +Rnote over RSE_S: Measured Boot:\n\ store measurement AP_BL1 -->> AP_BL2: Validate, measure,load -AP_BL1 -> RSS_S: Extend measurement -Rnote over RSS_S: Measured Boot:\n\ store measurement +AP_BL1 -> RSE_S: Extend measurement +Rnote over RSE_S: Measured Boot:\n\ store measurement AP_BL1 -> AP_BL2: Pass execution deactivate AP_BL1 activate AP_BL2 #Green Rnote over AP_BL2: Measure and load:\n\ HW_CONFIG -AP_BL2 -> RSS_S: Extend measurement -Rnote over RSS_S: Measured Boot:\n\ store measurement +AP_BL2 -> RSE_S: Extend measurement +Rnote over RSE_S: Measured Boot:\n\ store measurement AP_BL2 -->> AP_BL31: Validate, measure,load Rnote over AP_BL2: Measure and load:\n\ BL31 -AP_BL2 -> RSS_S: Extend measurement -Rnote over RSS_S: Measured Boot:\n\ store measurement +AP_BL2 -> RSE_S: Extend measurement +Rnote over RSE_S: Measured Boot:\n\ store measurement Rnote over AP_BL2: Measure and load:\n\ RMM -AP_BL2 -> RSS_S: Extend measurement -Rnote over RSS_S: Measured Boot:\n\ store measurement +AP_BL2 -> RSE_S: Extend measurement +Rnote over RSE_S: Measured Boot:\n\ store measurement AP_BL2 -> AP_BL31: Pass execution deactivate AP_BL2 activate AP_BL31 #Green -== RSS / AP Runtime == +== RSE / AP Runtime == @enduml diff --git a/docs/resources/diagrams/plantuml/tfa_rse_dfd.puml b/docs/resources/diagrams/plantuml/tfa_rse_dfd.puml index a7e0ce576..68a80bfde 100644 --- a/docs/resources/diagrams/plantuml/tfa_rse_dfd.puml +++ b/docs/resources/diagrams/plantuml/tfa_rse_dfd.puml @@ -5,7 +5,7 @@ '/ /' -TF-A Data Flow Diagram including RSS +TF-A Data Flow Diagram including RSE '/ @startuml @@ -54,12 +54,12 @@ digraph tfa_dfd { bl31 [label="TF-A Runtime\n(BL31)" fillcolor="#ddffb3"] } - # RSS cluster - subgraph cluster_rss{ - label ="RSS"; + # RSE cluster + subgraph cluster_rse{ + label ="RSE"; graph [style=filled color="#000000" fillcolor="#faf9cd"] - rss [label="Runtime Security\n\ Subsystem\n\ (RSS)" fillcolor="#ddffb3"] + rse [label="Runtime Security\n\ Subsystem\n\ (RSE)" fillcolor="#ddffb3"] } } @@ -70,7 +70,7 @@ digraph tfa_dfd { sec -> bl2 [dir="both" lhead=cluster_tfa label="DF4"] nsec -> bl1 [dir="both" lhead=cluster_tfa, label="DF5"] bl2 -> tzc [dir="both" ltail=cluster_tfa lhead=cluster_ip label="DF6" minlen=1] - bl31 -> rss [dir="both" ltail=cluster_tfa lhead=cluster_rss label="DF7" minlen=1] + bl31 -> rse [dir="both" ltail=cluster_tfa lhead=cluster_rse label="DF7" minlen=1] } diff --git a/docs/resources/diagrams/rse_attestation_flow.svg b/docs/resources/diagrams/rse_attestation_flow.svg index 3728c6fb7..7257576c3 100644 --- a/docs/resources/diagrams/rse_attestation_flow.svg +++ b/docs/resources/diagrams/rse_attestation_flow.svg @@ -1,4 +1,4 @@ -APRSSRMMRMMBL31BL31DelegAttestDelegAttestInitAttestInitAttestMeasuredBootMeasuredBootCryptoCryptoRMM Boot phaseget_realm_key(hash_algo, ...)get_delegated_keyread_measurementCompute inputfor key derivation(hash of measurements)derive_keyCompute public keyhash withhash_algo.Seed is provisionedin the factory.get_delegated_keyget_realm_keyOnly private keyis returned. Publickey and its hashmust be computed.Public key is includedin the realm token.Its hash is the inputfor get_platform_tokenget_platform_token(pub_key_hash, ...)get_delegated_tokenCheckpub_key_hashagainst derived key.get_initial_tokenCreate the token includingthepub_key_hashas thechallenge claimread_measurementsign_tokenget_initial_tokenget_delegated_tokenget_platform_tokenPlatform token iscached. It is notchanging withina power cycle. RSS_BL1_1: Reset -Rnote over RSS_BL1_1: ROM code, XIP -Rnote over RSS_BL1_2: OTP code, XIP -Rnote over RSS_BL2, AP_BL31: Stored in flash, loaded and executed in RAM -activate RSS_BL1_1 #Green -RSS_BL1_1 - ->> RSS_BL1_2: Validate, measure -Rnote over RSS_BL1_1: BL1_2 measurement\n\ saved to a shared buffer -RSS_BL1_1 -> RSS_BL1_2: Pass execution -deactivate RSS_BL1_1 -activate RSS_BL1_2 #Green -RSS_BL1_2 - ->> RSS_BL2: Validate, measure, load -Rnote over RSS_BL1_2: RSS_BL2 measurement\n\ saved to a shared buffer -RSS_BL1_2 -> RSS_BL2: Pass execution -deactivate RSS_BL1_2 -activate RSS_BL2 #Green -RSS_BL2 - ->> RSS_S: Validate, measure, load -RSS_BL2 - ->> SCP_BL1: Validate, measure, load -Rnote over RSS_BL2: RSS_S and SCP_BL1\n\ measurements saved\n\ to a shared buffer -RSS_BL2 -> SCP_BL1: Release from reset +== RSE Boot phase == +-> RSE_BL1_1: Reset +Rnote over RSE_BL1_1: ROM code, XIP +Rnote over RSE_BL1_2: OTP code, XIP +Rnote over RSE_BL2, AP_BL31: Stored in flash, loaded and executed in RAM +activate RSE_BL1_1 #Green +RSE_BL1_1 - ->> RSE_BL1_2: Validate, measure +Rnote over RSE_BL1_1: BL1_2 measurement\n\ saved to a shared buffer +RSE_BL1_1 -> RSE_BL1_2: Pass execution +deactivate RSE_BL1_1 +activate RSE_BL1_2 #Green +RSE_BL1_2 - ->> RSE_BL2: Validate, measure, load +Rnote over RSE_BL1_2: RSE_BL2 measurement\n\ saved to a shared buffer +RSE_BL1_2 -> RSE_BL2: Pass execution +deactivate RSE_BL1_2 +activate RSE_BL2 #Green +RSE_BL2 - ->> RSE_S: Validate, measure, load +RSE_BL2 - ->> SCP_BL1: Validate, measure, load +Rnote over RSE_BL2: RSE_S and SCP_BL1\n\ measurements saved\n\ to a shared buffer +RSE_BL2 -> SCP_BL1: Release from reset activate SCP_BL1 #Green -Rnote over RSS_BL2, SCP_BL1: MHU init between RSS and SCP +Rnote over RSE_BL2, SCP_BL1: MHU init between RSE and SCP Rnote over SCP_BL1: Configure memory -Rnote over RSS_BL2: Waits for SCP -SCP_BL1 - -> RSS_BL2: Done -RSS_BL2 - ->> AP_BL1: Validate, measure, load -Rnote over RSS_BL2: AP_BL1 measurement\n\ saved to a shared buffer -RSS_BL2 -> AP_BL1: Release from reset +Rnote over RSE_BL2: Waits for SCP +SCP_BL1 - -> RSE_BL2: Done +RSE_BL2 - ->> AP_BL1: Validate, measure, load +Rnote over RSE_BL2: AP_BL1 measurement\n\ saved to a shared buffer +RSE_BL2 -> AP_BL1: Release from reset activate AP_BL1 #Green -RSS_BL2 -> RSS_S: Pass execution -deactivate RSS_BL2 -activate RSS_S #Green -Rnote over RSS_S: Measurements read from\n\ shared buffer and saved by\nMeasured Boot service to\n\ measurement slots. +RSE_BL2 -> RSE_S: Pass execution +deactivate RSE_BL2 +activate RSE_S #Green +Rnote over RSE_S: Measurements read from\n\ shared buffer and saved by\nMeasured Boot service to\n\ measurement slots. -== RSS Runtime / AP Boot phase == -Rnote over RSS_S, AP_BL1: MHU init between RSS and AP +== RSE Runtime / AP Boot phase == +Rnote over RSE_S, AP_BL1: MHU init between RSE and AP Rnote over AP_BL1: Measure and load:\n\ FW_CONFIG\n\ TB_FW_CONFIG -AP_BL1 -> RSS_S: Extend measurement -Rnote over RSS_S: Measured Boot:\n\ store measurement +AP_BL1 -> RSE_S: Extend measurement +Rnote over RSE_S: Measured Boot:\n\ store measurement AP_BL1 - ->> AP_BL2: Validate, measure,load -AP_BL1 -> RSS_S: Extend measurement -Rnote over RSS_S: Measured Boot:\n\ store measurement +AP_BL1 -> RSE_S: Extend measurement +Rnote over RSE_S: Measured Boot:\n\ store measurement AP_BL1 -> AP_BL2: Pass execution deactivate AP_BL1 activate AP_BL2 #Green Rnote over AP_BL2: Measure and load:\n\ HW_CONFIG -AP_BL2 -> RSS_S: Extend measurement -Rnote over RSS_S: Measured Boot:\n\ store measurement +AP_BL2 -> RSE_S: Extend measurement +Rnote over RSE_S: Measured Boot:\n\ store measurement AP_BL2 - ->> AP_BL31: Validate, measure,load Rnote over AP_BL2: Measure and load:\n\ BL31 -AP_BL2 -> RSS_S: Extend measurement -Rnote over RSS_S: Measured Boot:\n\ store measurement +AP_BL2 -> RSE_S: Extend measurement +Rnote over RSE_S: Measured Boot:\n\ store measurement Rnote over AP_BL2: Measure and load:\n\ RMM -AP_BL2 -> RSS_S: Extend measurement -Rnote over RSS_S: Measured Boot:\n\ store measurement +AP_BL2 -> RSE_S: Extend measurement +Rnote over RSE_S: Measured Boot:\n\ store measurement AP_BL2 -> AP_BL31: Pass execution deactivate AP_BL2 activate AP_BL31 #Green -== RSS / AP Runtime == +== RSE / AP Runtime == @enduml PlantUML version 1.2022.7(Mon Aug 22 19:01:30 CEST 2022) diff --git a/docs/threat_model/firmware_threat_model/index.rst b/docs/threat_model/firmware_threat_model/index.rst index 05b671096..ce1752fdc 100644 --- a/docs/threat_model/firmware_threat_model/index.rst +++ b/docs/threat_model/firmware_threat_model/index.rst @@ -30,7 +30,7 @@ data flow diagram, as well as a list of threats we have identified using the threat_model threat_model_el3_spm threat_model_fvp_r - threat_model_rss_interface + threat_model_rse_interface threat_model_arm_cca threat_model_fw_update_and_recovery diff --git a/docs/threat_model/firmware_threat_model/threat_model_rse_interface.rst b/docs/threat_model/firmware_threat_model/threat_model_rse_interface.rst index 025d2d9be..3b391c145 100644 --- a/docs/threat_model/firmware_threat_model/threat_model_rse_interface.rst +++ b/docs/threat_model/firmware_threat_model/threat_model_rse_interface.rst @@ -1,41 +1,41 @@ -Threat Model for RSS - AP interface +Threat Model for RSE - AP interface *********************************** ************ Introduction ************ This document is an extension for the general TF-A threat-model. It considers -those platforms where a Runtime Security Subsystem (RSS) is included in the SoC +those platforms where a Runtime Security Engine (RSE) is included in the SoC next to the Application Processor (AP). ******************** Target of Evaluation ******************** -The scope of this threat model only includes the interface between the RSS and +The scope of this threat model only includes the interface between the RSE and AP. Otherwise, the TF-A :ref:`Generic Threat Model` document is applicable for -the AP core. The threat model for the RSS firmware will be provided by the RSS +the AP core. The threat model for the RSE firmware will be provided by the RSE firmware project in the future. Data Flow Diagram ================= This diagram is different only from the general TF-A data flow diagram in that -it includes the RSS and highlights the interface between the AP and the RSS -cores. The interface description only focuses on the AP-RSS interface the rest +it includes the RSE and highlights the interface between the AP and the RSE +cores. The interface description only focuses on the AP-RSE interface the rest is the same as in the general TF-A threat-model document. -.. uml:: ../../resources/diagrams/plantuml/tfa_rss_dfd.puml - :caption: Figure 1: TF-A Data Flow Diagram including RSS +.. uml:: ../../resources/diagrams/plantuml/tfa_rse_dfd.puml + :caption: Figure 1: TF-A Data Flow Diagram including RSE -.. table:: Table 1: TF-A - RSS data flow diagram +.. table:: Table 1: TF-A - RSE data flow diagram +-----------------+--------------------------------------------------------+ | Diagram Element | Description | +=================+========================================================+ - | DF7 | | Boot images interact with RSS over a communication | + | DF7 | | Boot images interact with RSE over a communication | | | channel to record boot measurements and get image | | | verification keys. At runtime, BL31 obtains the | - | | realm world attestation signing key from RSS. | + | | realm world attestation signing key from RSE. | +-----------------+--------------------------------------------------------+ Threat Assessment @@ -44,12 +44,12 @@ For this section, please reference the Threat Assessment under the general TF-A threat-model document, :ref:`Generic Threat Model`. All the threats listed there are applicable for the AP core, here only the differences are highlighted. - - ID 11: The access to the communication interface between AP and RSS is + - ID 11: The access to the communication interface between AP and RSE is allowed only for firmware running at EL3. Accidentally exposing this - interface to NSCode can allow malicious code to interact with RSS and + interface to NSCode can allow malicious code to interact with RSE and gain access to sensitive data. - ID 13: Relevant in the context of the realm attestation key, which can be - retrieved by BL31 through DF7. The RSS communication protocol layer + retrieved by BL31 through DF7. The RSE communication protocol layer mitigates against this by clearing its internal buffer when reply is received. The caller of the API must do the same if data is not needed anymore. diff --git a/docs/threat_model/supply_chain_threat_model.rst b/docs/threat_model/supply_chain_threat_model.rst index 386a4b00c..a0fed5c89 100644 --- a/docs/threat_model/supply_chain_threat_model.rst +++ b/docs/threat_model/supply_chain_threat_model.rst @@ -115,7 +115,7 @@ description of each component and where they are sourced from. - *EDK2 UEFI*: Normal world bootloader from the EDK2 project [7]_. We use EDK2 UEFI binaries hosted on tf.org servers for testing [8]_. -Other software components used to test TF-A include U-Boot, Linux kernel, RSS, +Other software components used to test TF-A include U-Boot, Linux kernel, RSE, MCP, and file systems, all sourced from the Arm Reference Platforms teams. TF-A Toolchain From 7f8589cdba38c53a77fd38ec2096ee984437e74c Mon Sep 17 00:00:00 2001 From: Tamas Ban Date: Thu, 22 Feb 2024 11:35:28 +0100 Subject: [PATCH 09/15] refactor(tc): change all occurrences of RSS to RSE Changes all occurrences of "RSS" and "rss" in the code and build files to "RSE" and "rse". Signed-off-by: Tamas Ban Change-Id: Idec0bf7a90ae381f5bc968e1bb167daace24a11f --- plat/arm/board/tc/include/platform_def.h | 18 ++++++------- plat/arm/board/tc/include/tc_plat.h | 4 +-- plat/arm/board/tc/nv_counter_test.c | 20 +++++++------- plat/arm/board/tc/plat_def_fip_uuid.h | 16 +++++------ plat/arm/board/tc/platform.mk | 18 ++++++------- plat/arm/board/tc/platform_test.mk | 30 ++++++++++----------- plat/arm/board/tc/rotpk_test.c | 16 +++++------ plat/arm/board/tc/rse_ap_test_stubs.c | 8 +++--- plat/arm/board/tc/rse_ap_tests.c | 6 ++--- plat/arm/board/tc/rse_ap_testsuites.c | 2 +- plat/arm/board/tc/rse_ap_testsuites.h | 6 ++--- plat/arm/board/tc/tc_bl1_dpe.c | 28 +++++++++---------- plat/arm/board/tc/tc_bl1_measured_boot.c | 16 +++++------ plat/arm/board/tc/tc_bl2_dpe.c | 10 +++---- plat/arm/board/tc/tc_bl2_measured_boot.c | 16 +++++------ plat/arm/board/tc/tc_common_dpe.c | 4 +-- plat/arm/board/tc/tc_common_measured_boot.c | 12 ++++----- plat/arm/board/tc/tc_dpe_cert.h | 6 ++--- plat/arm/board/tc/tc_plat.c | 2 +- 19 files changed, 119 insertions(+), 119 deletions(-) diff --git a/plat/arm/board/tc/include/platform_def.h b/plat/arm/board/tc/include/platform_def.h index 3897096c8..43a08dc27 100644 --- a/plat/arm/board/tc/include/platform_def.h +++ b/plat/arm/board/tc/include/platform_def.h @@ -193,11 +193,11 @@ /* * In the current implementation the RoT Service request that requires the - * biggest message buffer is the RSS_DELEGATED_ATTEST_GET_PLATFORM_TOKEN. The + * biggest message buffer is the RSE_DELEGATED_ATTEST_GET_PLATFORM_TOKEN. The * maximum required buffer size is calculated based on the platform-specific * needs of this request. */ -#define PLAT_RSS_COMMS_PAYLOAD_MAX_SIZE 0x500 +#define PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE 0x500 #define TC_DEVICE_BASE 0x21000000 #define TC_DEVICE_SIZE 0x5f000000 @@ -279,13 +279,13 @@ /* Index of SDS region used in the communication with SCP */ #define SDS_SCP_AP_REGION_ID U(0) -/* Index of SDS region used in the communication with RSS */ -#define SDS_RSS_AP_REGION_ID U(1) +/* Index of SDS region used in the communication with RSE */ +#define SDS_RSE_AP_REGION_ID U(1) /* - * Memory region for RSS's shared data storage (SDS) + * Memory region for RSE's shared data storage (SDS) * It is placed right after the SCMI payload area. */ -#define PLAT_ARM_RSS_AP_SDS_MEM_BASE (CSS_SCMI_PAYLOAD_BASE + \ +#define PLAT_ARM_RSE_AP_SDS_MEM_BASE (CSS_SCMI_PAYLOAD_BASE + \ CSS_SCMI_PAYLOAD_SIZE_MAX) #define PLAT_ARM_CLUSTER_COUNT U(1) @@ -306,9 +306,9 @@ #endif /* TARGET_PLATFORM == 3 */ #define PLAT_MHUV2_BASE PLAT_CSS_MHU_BASE -/* TC2: AP<->RSS MHUs */ -#define PLAT_RSS_AP_SND_MHU_BASE UL(0x2A840000) -#define PLAT_RSS_AP_RCV_MHU_BASE UL(0x2A850000) +/* TC2: AP<->RSE MHUs */ +#define PLAT_RSE_AP_SND_MHU_BASE UL(0x2A840000) +#define PLAT_RSE_AP_RCV_MHU_BASE UL(0x2A850000) #define CSS_SYSTEM_PWR_DMN_LVL ARM_PWR_LVL2 #define PLAT_MAX_PWR_LVL ARM_PWR_LVL1 diff --git a/plat/arm/board/tc/include/tc_plat.h b/plat/arm/board/tc/include/tc_plat.h index a6b2b0dff..6ba4694f7 100644 --- a/plat/arm/board/tc/include/tc_plat.h +++ b/plat/arm/board/tc/include/tc_plat.h @@ -8,7 +8,7 @@ #define TC_PLAT_H #ifdef PLATFORM_TEST_ROTPK -#include +#include #endif void tc_bl31_common_platform_setup(void); @@ -23,7 +23,7 @@ int nv_counter_test(void); #ifdef PLATFORM_TEST_ROTPK struct key_id_info { - enum rss_key_id_builtin_t key_id; + enum rse_key_id_builtin_t key_id; const char *key_id_name; }; diff --git a/plat/arm/board/tc/nv_counter_test.c b/plat/arm/board/tc/nv_counter_test.c index 179ec4b0e..902556932 100644 --- a/plat/arm/board/tc/nv_counter_test.c +++ b/plat/arm/board/tc/nv_counter_test.c @@ -7,9 +7,9 @@ #include #include -#include +#include #include -#include "rss_platform_api.h" +#include "rse_platform_api.h" #include @@ -20,30 +20,30 @@ int nv_counter_test(void) uint32_t new_val; uint32_t id; - status = rss_comms_init(PLAT_RSS_AP_SND_MHU_BASE, PLAT_RSS_AP_RCV_MHU_BASE); + status = rse_comms_init(PLAT_RSE_AP_SND_MHU_BASE, PLAT_RSE_AP_RCV_MHU_BASE); if (status != PSA_SUCCESS) { - printf("Failed to initialize RSS communication channel - psa_status = %d\n", status); + printf("Failed to initialize RSE communication channel - psa_status = %d\n", status); return -1; } for (id = 0; id < 3; id++) { - status = rss_platform_nv_counter_read(id, sizeof(old_val), (uint8_t *)&old_val); + status = rse_platform_nv_counter_read(id, sizeof(old_val), (uint8_t *)&old_val); if (status != PSA_SUCCESS) { - printf("Failed during first id=(%d) rss_platform_nv_counter_read - psa_status = %d\n", + printf("Failed during first id=(%d) rse_platform_nv_counter_read - psa_status = %d\n", id, status); return -1; } - status = rss_platform_nv_counter_increment(id); + status = rse_platform_nv_counter_increment(id); if (status != PSA_SUCCESS) { - printf("Failed during id=(%d) rss_platform_nv_counter_increment - psa_status = %d\n", + printf("Failed during id=(%d) rse_platform_nv_counter_increment - psa_status = %d\n", id, status); return -1; } - status = rss_platform_nv_counter_read(id, sizeof(new_val), (uint8_t *)&new_val); + status = rse_platform_nv_counter_read(id, sizeof(new_val), (uint8_t *)&new_val); if (status != PSA_SUCCESS) { - printf("Failed during second id=(%d) rss_platform_nv_counter_read - psa_status = %d\n", + printf("Failed during second id=(%d) rse_platform_nv_counter_read - psa_status = %d\n", id, status); return -1; } diff --git a/plat/arm/board/tc/plat_def_fip_uuid.h b/plat/arm/board/tc/plat_def_fip_uuid.h index 631f7c952..46a455cd8 100644 --- a/plat/arm/board/tc/plat_def_fip_uuid.h +++ b/plat/arm/board/tc/plat_def_fip_uuid.h @@ -10,28 +10,28 @@ #include "uuid.h" -#define UUID_RSS_FIRMWARE_BL1_2 \ +#define UUID_RSE_FIRMWARE_BL1_2 \ {{0x0a, 0xa5, 0xb1, 0xbe}, {0xe7, 0x84}, {0x41, 0xc5}, 0x81, 0xb8, {0x4a, 0x41, 0xcb, 0x4a, 0xd2, 0xdf}} -#define UUID_RSS_FIRMWARE_BL2 \ +#define UUID_RSE_FIRMWARE_BL2 \ {{0xa3, 0xb3, 0xb3, 0x0d}, {0xeb, 0xc9}, {0x40, 0x48}, 0xb4, 0x80, {0x15, 0x53, 0x61, 0xc1, 0x70, 0x48}} -#define UUID_RSS_FIRMWARE_SCP_BL1 \ +#define UUID_RSE_FIRMWARE_SCP_BL1 \ {{0xbf, 0xd5, 0x09, 0x8d}, {0xa7, 0x07}, {0x4f, 0x15}, 0x89, 0x1c, {0x37, 0x22, 0x10, 0xcb, 0x51, 0xe2}} -#define UUID_RSS_FIRMWARE_AP_BL1 \ +#define UUID_RSE_FIRMWARE_AP_BL1 \ {{0x12, 0x4c, 0x50, 0xe0}, {0xf2, 0xda}, {0x45, 0xe9}, 0x85, 0xc8, {0xda, 0xd9, 0x60, 0x9b, 0x7a, 0x11}} -#define UUID_RSS_FIRMWARE_NS \ +#define UUID_RSE_FIRMWARE_NS \ {{0x8d, 0x95, 0x9f, 0x72}, {0xb8, 0xb1}, {0x42, 0x11}, 0x9a, 0xe6, {0x4b, 0x80, 0x97, 0x47, 0x5a, 0xd9}} -#define UUID_RSS_FIRMWARE_S \ +#define UUID_RSE_FIRMWARE_S \ {{0x22, 0xea, 0x33, 0x85}, {0xf8, 0x6e}, {0x47, 0x93}, 0x96, 0x8a, {0x2f, 0xe3, 0xdd, 0x50, 0x33, 0xcc}} -#define UUID_RSS_SIC_TABLES_NS \ +#define UUID_RSE_SIC_TABLES_NS \ {{0xd9, 0x10, 0x00, 0x72}, {0x6a, 0x28}, {0x4b, 0xec}, 0xb0, 0xd6, {0x8c, 0xed, 0xc4, 0x15, 0x7c, 0xe0}} -#define UUID_RSS_SIC_TABLES_S \ +#define UUID_RSE_SIC_TABLES_S \ {{0xc7, 0x38, 0xd0, 0xde}, {0x8c, 0x26}, {0x48, 0x51}, 0x93, 0x36, {0xf3, 0xdb, 0xe2, 0x96, 0x65, 0x18}} #endif /* __PLAT_DEF_FIP_UUID__ */ diff --git a/plat/arm/board/tc/platform.mk b/plat/arm/board/tc/platform.mk index b30e40cfa..8756f3195 100644 --- a/plat/arm/board/tc/platform.mk +++ b/plat/arm/board/tc/platform.mk @@ -173,20 +173,20 @@ $(eval $(call TOOL_ADD_PAYLOAD,${TC_HW_CONFIG},--hw-config,${TC_HW_CONFIG})) # Include Measured Boot makefile before any Crypto library makefile. # Crypto library makefile may need default definitions of Measured Boot build # flags present in Measured Boot makefile. -$(info Including rss_comms.mk) +$(info Including rse_comms.mk) ifeq (${MEASURED_BOOT},1) - $(info Including rss_comms.mk) - include drivers/arm/rss/rss_comms.mk + $(info Including rse_comms.mk) + include drivers/arm/rse/rse_comms.mk - BL1_SOURCES += ${RSS_COMMS_SOURCES} - BL2_SOURCES += ${RSS_COMMS_SOURCES} + BL1_SOURCES += ${RSE_COMMS_SOURCES} + BL2_SOURCES += ${RSE_COMMS_SOURCES} PLAT_INCLUDES += -Iinclude/lib/psa ifeq (${DICE_PROTECTION_ENVIRONMENT},1) $(info Including qcbor.mk) - include drivers/measured_boot/rss/qcbor.mk + include drivers/measured_boot/rse/qcbor.mk $(info Including dice_prot_env.mk) - include drivers/measured_boot/rss/dice_prot_env.mk + include drivers/measured_boot/rse/dice_prot_env.mk BL1_SOURCES += ${QCBOR_SOURCES} \ ${DPE_SOURCES} \ @@ -206,8 +206,8 @@ ifeq (${MEASURED_BOOT},1) PLAT_INCLUDES += -I${QCBOR_INCLUDES} \ -Iinclude/lib/dice else - $(info Including rss_measured_boot.mk) - include drivers/measured_boot/rss/rss_measured_boot.mk + $(info Including rse_measured_boot.mk) + include drivers/measured_boot/rse/rse_measured_boot.mk BL1_SOURCES += ${MEASURED_BOOT_SOURCES} \ plat/arm/board/tc/tc_common_measured_boot.c \ diff --git a/plat/arm/board/tc/platform_test.mk b/plat/arm/board/tc/platform_test.mk index 4e81b2c31..8ef6f768b 100644 --- a/plat/arm/board/tc/platform_test.mk +++ b/plat/arm/board/tc/platform_test.mk @@ -5,42 +5,42 @@ $(eval $(call add_define,PLATFORM_TESTS)) -ifeq (${PLATFORM_TEST},rss-nv-counters) - include drivers/arm/rss/rss_comms.mk +ifeq (${PLATFORM_TEST},rse-nv-counters) + include drivers/arm/rse/rse_comms.mk # Test code. BL31_SOURCES += plat/arm/board/tc/nv_counter_test.c # Code under testing. - BL31_SOURCES += lib/psa/rss_platform.c \ - ${RSS_COMMS_SOURCES} + BL31_SOURCES += lib/psa/rse_platform.c \ + ${RSE_COMMS_SOURCES} PLAT_INCLUDES += -Iinclude/lib/psa $(eval $(call add_define,PLATFORM_TEST_NV_COUNTERS)) -else ifeq (${PLATFORM_TEST},rss-rotpk) - include drivers/arm/rss/rss_comms.mk +else ifeq (${PLATFORM_TEST},rse-rotpk) + include drivers/arm/rse/rse_comms.mk # Test code. BL31_SOURCES += plat/arm/board/tc/rotpk_test.c # Code under testing. - BL31_SOURCES += lib/psa/rss_platform.c \ - ${RSS_COMMS_SOURCES} + BL31_SOURCES += lib/psa/rse_platform.c \ + ${RSE_COMMS_SOURCES} PLAT_INCLUDES += -Iinclude/lib/psa $(eval $(call add_define,PLATFORM_TEST_ROTPK)) else ifeq (${PLATFORM_TEST},tfm-testsuite) - include drivers/arm/rss/rss_comms.mk + include drivers/arm/rse/rse_comms.mk # The variables need to be set to compile the platform test: ifeq (${TF_M_TESTS_PATH},) - # Example: ../rss/tf-m-tests + # Example: ../rse/tf-m-tests $(error Error: TF_M_TESTS_PATH not set) endif ifeq (${TF_M_EXTRAS_PATH},) - # Example: ../rss/tf-m-extras + # Example: ../rse/tf-m-extras $(error Error: TF_M_EXTRAS_PATH not set) endif ifeq (${MEASUREMENT_VALUE_SIZE},) @@ -68,11 +68,11 @@ else ifeq (${PLATFORM_TEST},tfm-testsuite) psa_crypto_slot_management.c \ ) - BL31_SOURCES += ${RSS_COMMS_SOURCES} \ + BL31_SOURCES += ${RSE_COMMS_SOURCES} \ plat/arm/common/arm_dyn_cfg.c \ - ${TC_BASE}/rss_ap_tests.c \ - ${TC_BASE}/rss_ap_testsuites.c \ - ${TC_BASE}/rss_ap_test_stubs.c \ + ${TC_BASE}/rse_ap_tests.c \ + ${TC_BASE}/rse_ap_testsuites.c \ + ${TC_BASE}/rse_ap_test_stubs.c \ $(TF_M_TESTS_PATH)/tests_reg/test/framework/test_framework.c \ $(MEASURED_BOOT_TESTS_PATH)/measured_boot_common.c \ $(MEASURED_BOOT_TESTS_PATH)/measured_boot_tests_common.c \ diff --git a/plat/arm/board/tc/rotpk_test.c b/plat/arm/board/tc/rotpk_test.c index ed56c31b5..2178f6973 100644 --- a/plat/arm/board/tc/rotpk_test.c +++ b/plat/arm/board/tc/rotpk_test.c @@ -7,9 +7,9 @@ #include #include -#include +#include #include -#include +#include #include static void print_hex(const char *key_id_name, size_t key_size, const uint8_t *key_buf) @@ -28,19 +28,19 @@ int rotpk_test(void) size_t key_size; struct key_id_info key_ids[3] = { - {.key_id = RSS_BUILTIN_KEY_ID_HOST_S_ROTPK, .key_id_name = "Secure-ROTPK"}, - {.key_id = RSS_BUILTIN_KEY_ID_HOST_NS_ROTPK, .key_id_name = "NS-ROTPK"}, - {.key_id = RSS_BUILTIN_KEY_ID_HOST_CCA_ROTPK, .key_id_name = "CCA-ROTPK"} + {.key_id = RSE_BUILTIN_KEY_ID_HOST_S_ROTPK, .key_id_name = "Secure-ROTPK"}, + {.key_id = RSE_BUILTIN_KEY_ID_HOST_NS_ROTPK, .key_id_name = "NS-ROTPK"}, + {.key_id = RSE_BUILTIN_KEY_ID_HOST_CCA_ROTPK, .key_id_name = "CCA-ROTPK"} }; - status = rss_comms_init(PLAT_RSS_AP_SND_MHU_BASE, PLAT_RSS_AP_RCV_MHU_BASE); + status = rse_comms_init(PLAT_RSE_AP_SND_MHU_BASE, PLAT_RSE_AP_RCV_MHU_BASE); if (status != PSA_SUCCESS) { - printf("Failed to initialize RSS communication channel - psa_status = %d\n", status); + printf("Failed to initialize RSE communication channel - psa_status = %d\n", status); return -1; } for (int i = 0; i < ARRAY_SIZE(key_ids); i++) { - status = rss_platform_key_read(key_ids[i].key_id, key_buf, + status = rse_platform_key_read(key_ids[i].key_id, key_buf, sizeof(key_buf), &key_size); if (status != PSA_SUCCESS) { printf("Failed to retrieve %s - psa_status = %d\n", key_ids[i].key_id_name, status); diff --git a/plat/arm/board/tc/rse_ap_test_stubs.c b/plat/arm/board/tc/rse_ap_test_stubs.c index aa97476f3..cf7918144 100644 --- a/plat/arm/board/tc/rse_ap_test_stubs.c +++ b/plat/arm/board/tc/rse_ap_test_stubs.c @@ -26,7 +26,7 @@ tfm_measured_boot_extend_measurement(uint8_t index, size_t measurement_value_size, bool lock_measurement) { - return rss_measured_boot_extend_measurement(index, + return rse_measured_boot_extend_measurement(index, signer_id, signer_id_size, version, @@ -56,7 +56,7 @@ tfm_measured_boot_read_measurement(uint8_t index, size_t *measurement_value_len, bool *is_locked) { - return rss_measured_boot_read_measurement(index, + return rse_measured_boot_read_measurement(index, signer_id, signer_id_size, signer_id_len, @@ -80,7 +80,7 @@ tfm_delegated_attest_get_token(const uint8_t *dak_pub_hash, size_t token_buf_size, size_t *token_size) { - return rss_delegated_attest_get_token(dak_pub_hash, + return rse_delegated_attest_get_token(dak_pub_hash, dak_pub_hash_size, token_buf, token_buf_size, @@ -95,7 +95,7 @@ tfm_delegated_attest_get_delegated_key(uint8_t ecc_curve, size_t *key_size, uint32_t hash_algo) { - return rss_delegated_attest_get_delegated_key(ecc_curve, + return rse_delegated_attest_get_delegated_key(ecc_curve, key_bits, key_buf, key_buf_size, diff --git a/plat/arm/board/tc/rse_ap_tests.c b/plat/arm/board/tc/rse_ap_tests.c index ea90ac337..3ca628a6c 100644 --- a/plat/arm/board/tc/rse_ap_tests.c +++ b/plat/arm/board/tc/rse_ap_tests.c @@ -10,9 +10,9 @@ #include #include #include -#include +#include -#include "rss_ap_testsuites.h" +#include "rse_ap_testsuites.h" static struct test_suite_t test_suites[] = { {.freg = register_testsuite_delegated_attest}, @@ -32,7 +32,7 @@ static int run_tests(void) size_t i; /* Initialize test environment. */ - rss_comms_init(PLAT_RSS_AP_SND_MHU_BASE, PLAT_RSS_AP_RCV_MHU_BASE); + rse_comms_init(PLAT_RSE_AP_SND_MHU_BASE, PLAT_RSE_AP_RCV_MHU_BASE); mbedtls_init(); status = psa_crypto_init(); if (status != PSA_SUCCESS) { diff --git a/plat/arm/board/tc/rse_ap_testsuites.c b/plat/arm/board/tc/rse_ap_testsuites.c index aa47d4c22..5f4dc165c 100644 --- a/plat/arm/board/tc/rse_ap_testsuites.c +++ b/plat/arm/board/tc/rse_ap_testsuites.c @@ -11,7 +11,7 @@ * necessary because both files define the function `extra_tests_init`, so a * linker error occurs when both are linked to BL31. This file defines a macro * that renames the colliding function names to something unique. - * `plat/arm/board/tc/rss_ap_tests.c` can call the test init functions with + * `plat/arm/board/tc/rse_ap_tests.c` can call the test init functions with * their new name. */ diff --git a/plat/arm/board/tc/rse_ap_testsuites.h b/plat/arm/board/tc/rse_ap_testsuites.h index 58502ab66..9bb42f580 100644 --- a/plat/arm/board/tc/rse_ap_testsuites.h +++ b/plat/arm/board/tc/rse_ap_testsuites.h @@ -5,12 +5,12 @@ * SPDX-License-Identifier: BSD-3-Clause */ -#ifndef RSS_AP_TESTSUITES_H -#define RSS_AP_TESTSUITES_H +#ifndef RSE_AP_TESTSUITES_H +#define RSE_AP_TESTSUITES_H #include void register_testsuite_measured_boot(struct test_suite_t *p_test_suite); void register_testsuite_delegated_attest(struct test_suite_t *p_test_suite); -#endif /* RSS_AP_TESTSUITES_H */ +#endif /* RSE_AP_TESTSUITES_H */ diff --git a/plat/arm/board/tc/tc_bl1_dpe.c b/plat/arm/board/tc/tc_bl1_dpe.c index dc60fb6a0..432a163e2 100644 --- a/plat/arm/board/tc/tc_bl1_dpe.c +++ b/plat/arm/board/tc/tc_bl1_dpe.c @@ -8,11 +8,11 @@ #include #include -#include +#include #include #include #include -#include +#include #include #include #include @@ -53,7 +53,7 @@ struct dpe_metadata tc_dpe_metadata[] = { }; /* Effective timeout of 10000 ms */ -#define RSS_DPE_BOOT_10US_RETRIES 1000000 +#define RSE_DPE_BOOT_10US_RETRIES 1000000 #define TC2_SDS_DPE_CTX_HANDLE_STRUCT_ID 0x0000000A /* Context handle is meant to be used by BL2. Sharing it via TB_FW_CONFIG */ @@ -66,20 +66,20 @@ void plat_dpe_share_context_handle(int *ctx_handle) void plat_dpe_get_context_handle(int *ctx_handle) { - int retry = RSS_DPE_BOOT_10US_RETRIES; + int retry = RSE_DPE_BOOT_10US_RETRIES; int ret; /* Initialize System level generic or SP804 timer */ generic_delay_timer_init(); - /* Check the initialization of the Shared Data Storage area between RSS - * and AP. Since AP_BL1 is executed first then a bit later the RSS + /* Check the initialization of the Shared Data Storage area between RSE + * and AP. Since AP_BL1 is executed first then a bit later the RSE * runtime, which initialize this area, therefore AP needs to check it - * in a loop until it gets written by RSS Secure Runtime. + * in a loop until it gets written by RSE Secure Runtime. */ - VERBOSE("Waiting for DPE service initialization in RSS Secure Runtime\n"); + VERBOSE("Waiting for DPE service initialization in RSE Secure Runtime\n"); while (retry > 0) { - ret = sds_init(SDS_RSS_AP_REGION_ID); + ret = sds_init(SDS_RSE_AP_REGION_ID); if (ret != SDS_OK) { udelay(10); retry--; @@ -93,11 +93,11 @@ void plat_dpe_get_context_handle(int *ctx_handle) plat_panic_handler(); } else { VERBOSE("DPE init succeeded in %dms.\n", - (RSS_DPE_BOOT_10US_RETRIES - retry) / 100); + (RSE_DPE_BOOT_10US_RETRIES - retry) / 100); } /* TODO: call this in a loop to avoid reading unfinished data */ - ret = sds_struct_read(SDS_RSS_AP_REGION_ID, + ret = sds_struct_read(SDS_RSE_AP_REGION_ID, TC2_SDS_DPE_CTX_HANDLE_STRUCT_ID, 0, ctx_handle, @@ -113,9 +113,9 @@ void plat_dpe_get_context_handle(int *ctx_handle) void bl1_plat_mboot_init(void) { - /* Initialize the communication channel between AP and RSS */ - (void)rss_comms_init(PLAT_RSS_AP_SND_MHU_BASE, - PLAT_RSS_AP_RCV_MHU_BASE); + /* Initialize the communication channel between AP and RSE */ + (void)rse_comms_init(PLAT_RSE_AP_SND_MHU_BASE, + PLAT_RSE_AP_RCV_MHU_BASE); dpe_init(tc_dpe_metadata); } diff --git a/plat/arm/board/tc/tc_bl1_measured_boot.c b/plat/arm/board/tc/tc_bl1_measured_boot.c index 2e5895464..28a1e316b 100644 --- a/plat/arm/board/tc/tc_bl1_measured_boot.c +++ b/plat/arm/board/tc/tc_bl1_measured_boot.c @@ -6,9 +6,9 @@ #include -#include +#include #include -#include +#include #include #include @@ -17,7 +17,7 @@ /* Table with platform specific image IDs and metadata. Intentionally not a * const struct, some members might set by bootloaders during trusted boot. */ -struct rss_mboot_metadata tc_rss_mboot_metadata[] = { +struct rse_mboot_metadata tc_rse_mboot_metadata[] = { { .id = FW_CONFIG_ID, .slot = U(6), @@ -41,16 +41,16 @@ struct rss_mboot_metadata tc_rss_mboot_metadata[] = { .lock_measurement = true }, { - .id = RSS_MBOOT_INVALID_ID } + .id = RSE_MBOOT_INVALID_ID } }; void bl1_plat_mboot_init(void) { - /* Initialize the communication channel between AP and RSS */ - (void)rss_comms_init(PLAT_RSS_AP_SND_MHU_BASE, - PLAT_RSS_AP_RCV_MHU_BASE); + /* Initialize the communication channel between AP and RSE */ + (void)rse_comms_init(PLAT_RSE_AP_SND_MHU_BASE, + PLAT_RSE_AP_RCV_MHU_BASE); - rss_measured_boot_init(tc_rss_mboot_metadata); + rse_measured_boot_init(tc_rse_mboot_metadata); } void bl1_plat_mboot_finish(void) diff --git a/plat/arm/board/tc/tc_bl2_dpe.c b/plat/arm/board/tc/tc_bl2_dpe.c index e50508f7e..50cdbf8d3 100644 --- a/plat/arm/board/tc/tc_bl2_dpe.c +++ b/plat/arm/board/tc/tc_bl2_dpe.c @@ -7,9 +7,9 @@ #include #include -#include +#include #include -#include +#include #include #include #include @@ -211,9 +211,9 @@ void plat_dpe_get_context_handle(int *ctx_handle) void bl2_plat_mboot_init(void) { - /* Initialize the communication channel between AP and RSS */ - (void)rss_comms_init(PLAT_RSS_AP_SND_MHU_BASE, - PLAT_RSS_AP_RCV_MHU_BASE); + /* Initialize the communication channel between AP and RSE */ + (void)rse_comms_init(PLAT_RSE_AP_SND_MHU_BASE, + PLAT_RSE_AP_RCV_MHU_BASE); dpe_init(tc_dpe_metadata); } diff --git a/plat/arm/board/tc/tc_bl2_measured_boot.c b/plat/arm/board/tc/tc_bl2_measured_boot.c index fd80fdc0e..add871c3c 100644 --- a/plat/arm/board/tc/tc_bl2_measured_boot.c +++ b/plat/arm/board/tc/tc_bl2_measured_boot.c @@ -6,9 +6,9 @@ #include -#include +#include #include -#include +#include #include #include @@ -17,7 +17,7 @@ /* TC specific table with image IDs and metadata. Intentionally not a * const struct, some members might set by bootloaders during trusted boot. */ -struct rss_mboot_metadata tc_rss_mboot_metadata[] = { +struct rse_mboot_metadata tc_rse_mboot_metadata[] = { { .id = BL31_IMAGE_ID, .slot = U(9), @@ -40,16 +40,16 @@ struct rss_mboot_metadata tc_rss_mboot_metadata[] = { .pk_oid = SOC_FW_CONFIG_KEY_OID, .lock_measurement = true }, { - .id = RSS_MBOOT_INVALID_ID } + .id = RSE_MBOOT_INVALID_ID } }; void bl2_plat_mboot_init(void) { - /* Initialize the communication channel between AP and RSS */ - (void)rss_comms_init(PLAT_RSS_AP_SND_MHU_BASE, - PLAT_RSS_AP_RCV_MHU_BASE); + /* Initialize the communication channel between AP and RSE */ + (void)rse_comms_init(PLAT_RSE_AP_SND_MHU_BASE, + PLAT_RSE_AP_RCV_MHU_BASE); - rss_measured_boot_init(tc_rss_mboot_metadata); + rse_measured_boot_init(tc_rse_mboot_metadata); } void bl2_plat_mboot_finish(void) diff --git a/plat/arm/board/tc/tc_common_dpe.c b/plat/arm/board/tc/tc_common_dpe.c index 42b546864..72ac67304 100644 --- a/plat/arm/board/tc/tc_common_dpe.c +++ b/plat/arm/board/tc/tc_common_dpe.c @@ -9,7 +9,7 @@ #include #include -#include +#include extern struct dpe_metadata tc_dpe_metadata[]; @@ -17,7 +17,7 @@ int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data) { int err; - /* Calculate image hash and record it in the DPE service in RSS. */ + /* Calculate image hash and record it in the DPE service in RSE. */ err = dpe_measure_and_record(tc_dpe_metadata, image_data->image_base, image_data->image_size, diff --git a/plat/arm/board/tc/tc_common_measured_boot.c b/plat/arm/board/tc/tc_common_measured_boot.c index 925a41142..6b8d41aca 100644 --- a/plat/arm/board/tc/tc_common_measured_boot.c +++ b/plat/arm/board/tc/tc_common_measured_boot.c @@ -8,22 +8,22 @@ #include #include -#include +#include -extern struct rss_mboot_metadata tc_rss_mboot_metadata[]; +extern struct rse_mboot_metadata tc_rse_mboot_metadata[]; int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data) { int err; - /* Calculate image hash and record data in RSS */ - err = rss_mboot_measure_and_record(tc_rss_mboot_metadata, + /* Calculate image hash and record data in RSE */ + err = rse_mboot_measure_and_record(tc_rse_mboot_metadata, image_data->image_base, image_data->image_size, image_id); if (err != 0) { ERROR("%s%s image id %u (%i)\n", - "Failed to ", "record in RSS", image_id, err); + "Failed to ", "record in RSE", image_id, err); } return err; @@ -31,6 +31,6 @@ int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data) int plat_mboot_measure_key(void *pk_oid, void *pk_ptr, unsigned int pk_len) { - return rss_mboot_set_signer_id(tc_rss_mboot_metadata, pk_oid, pk_ptr, + return rse_mboot_set_signer_id(tc_rse_mboot_metadata, pk_oid, pk_ptr, pk_len); } diff --git a/plat/arm/board/tc/tc_dpe_cert.h b/plat/arm/board/tc/tc_dpe_cert.h index 25855ec7c..d0632e8a1 100644 --- a/plat/arm/board/tc/tc_dpe_cert.h +++ b/plat/arm/board/tc/tc_dpe_cert.h @@ -20,10 +20,10 @@ * RoT Cert. | | | +->TOS_FW_CONF | | | * +------------+ | +->SCP_BL1 +-----+-----+-->FW_CONF +->AP_BL32 | | +->PVMFW | * | | | | | | | | | | | | - * | RSS_BL1_2--+-----+-->RSS_BL2------->AP_BL1--+-----+------------->AP_BL2------------+-----+-->AP_BL33 | + * | RSE_BL1_2--+-----+-->RSE_BL2------->AP_BL1--+-----+------------->AP_BL2------------+-----+-->AP_BL33 | * | | | | | | | | | | | | - * +------------+ | +->RSS_S +-----+-----+-->TB_FW_CONF +->AP_BL31 | | +->HYPERVISOR | - * | +->RSS_NS | | +->SCP_BL2 | | | + * +------------+ | +->RSE_S +-----+-----+-->TB_FW_CONF +->AP_BL31 | | +->HYPERVISOR | + * | +->RSE_NS | | +->SCP_BL2 | | | * | | | +->HW_CONF | | | * +--------------------------+ | +---------------+-----+-->NT_FW_CONF | * | | | | diff --git a/plat/arm/board/tc/tc_plat.c b/plat/arm/board/tc/tc_plat.c index e5d05c42e..fed14f7db 100644 --- a/plat/arm/board/tc/tc_plat.c +++ b/plat/arm/board/tc/tc_plat.c @@ -165,7 +165,7 @@ void plat_arm_secure_wdt_refresh(void) static sds_region_desc_t tc_sds_regions[] = { { .base = PLAT_ARM_SDS_MEM_BASE }, - { .base = PLAT_ARM_RSS_AP_SDS_MEM_BASE }, + { .base = PLAT_ARM_RSE_AP_SDS_MEM_BASE }, }; sds_region_desc_t *plat_sds_get_regions(unsigned int *region_count) From 47805037a2bf705c8162855ceceabde927a0342e Mon Sep 17 00:00:00 2001 From: Tamas Ban Date: Thu, 22 Feb 2024 11:38:33 +0100 Subject: [PATCH 10/15] refactor(fvp): remove leftovers from rss measured boot support Signed-off-by: Tamas Ban Change-Id: I1687327e028c2baec1ac6f0ae21b42b6047ceac0 --- plat/arm/board/fvp/fvp_common_measured_boot.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/plat/arm/board/fvp/fvp_common_measured_boot.c b/plat/arm/board/fvp/fvp_common_measured_boot.c index d56f510fc..605f0ff6a 100644 --- a/plat/arm/board/fvp/fvp_common_measured_boot.c +++ b/plat/arm/board/fvp/fvp_common_measured_boot.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2023, Arm Limited. All rights reserved. + * Copyright (c) 2021-2024, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -9,12 +9,10 @@ #include #include -#include #include #include extern event_log_metadata_t fvp_event_log_metadata[]; -extern struct rss_mboot_metadata fvp_rss_mboot_metadata[]; int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data) { From d797665ccef759852dff63bdb75898119577b524 Mon Sep 17 00:00:00 2001 From: Tamas Ban Date: Thu, 22 Feb 2024 11:41:25 +0100 Subject: [PATCH 11/15] refactor(psa): change all occurrences of RSS to RSE Changes all occurrences of "RSS" and "rss" in the code and build files to "RSE" and "rse". Signed-off-by: Tamas Ban Change-Id: I606e2663fb3719edf6372d6ffa4f1982eef45994 --- include/lib/psa/delegated_attestation.h | 16 +++++----- include/lib/psa/dice_protection_environment.h | 4 +-- include/lib/psa/measured_boot.h | 6 ++-- include/lib/psa/psa_manifest/sid.h | 14 ++++---- include/lib/psa/rse_crypto_defs.h | 32 +++++++++---------- include/lib/psa/rse_platform_api.h | 18 +++++------ lib/psa/delegated_attestation.c | 12 +++---- lib/psa/dice_protection_environment.c | 2 +- lib/psa/measured_boot.c | 10 +++--- lib/psa/measured_boot_private.h | 4 +-- lib/psa/rse_platform.c | 26 +++++++-------- 11 files changed, 72 insertions(+), 72 deletions(-) diff --git a/include/lib/psa/delegated_attestation.h b/include/lib/psa/delegated_attestation.h index 7aaceb3e3..ec49f5d39 100644 --- a/include/lib/psa/delegated_attestation.h +++ b/include/lib/psa/delegated_attestation.h @@ -15,9 +15,9 @@ #include "psa/error.h" -/* RSS Delegated Attestation message types that distinguish its services. */ -#define RSS_DELEGATED_ATTEST_GET_DELEGATED_KEY 1001U -#define RSS_DELEGATED_ATTEST_GET_PLATFORM_TOKEN 1002U +/* RSE Delegated Attestation message types that distinguish its services. */ +#define RSE_DELEGATED_ATTEST_GET_DELEGATED_KEY 1001U +#define RSE_DELEGATED_ATTEST_GET_PLATFORM_TOKEN 1002U /** * The aim of these APIs to get a derived signing key (private only) for the @@ -28,13 +28,13 @@ * key is bind to the platform token (details below). * * Expected usage model: - * - First rss_delegated_attest_get_delegated_key() API need to be called to + * - First rse_delegated_attest_get_delegated_key() API need to be called to * obtain the private part of the delegated attestation key. The public part * of key is computed by the cryptographic library when the key is * registered. - * - Secondly the rss_delegated_attest_get_token() must be called to obtain + * - Secondly the rse_delegated_attest_get_token() must be called to obtain * platform attestation token. The hash of the public key (computed by - * the hash_algo indicated in the rss_delegated_attest_get_delegated_key() + * the hash_algo indicated in the rse_delegated_attest_get_delegated_key() * call) must be the input of this call. This ensures that nothing but the * previously derived delegated key is bindable to the platform token. */ @@ -74,7 +74,7 @@ * platform attestation token as they are cryptographically linked together. */ psa_status_t -rss_delegated_attest_get_delegated_key(uint8_t ecc_curve, +rse_delegated_attest_get_delegated_key(uint8_t ecc_curve, uint32_t key_bits, uint8_t *key_buf, size_t key_buf_size, @@ -100,7 +100,7 @@ rss_delegated_attest_get_delegated_key(uint8_t ecc_curve, * code will be returned. */ psa_status_t -rss_delegated_attest_get_token(const uint8_t *dak_pub_hash, +rse_delegated_attest_get_token(const uint8_t *dak_pub_hash, size_t dak_pub_hash_size, uint8_t *token_buf, size_t token_buf_size, diff --git a/include/lib/psa/dice_protection_environment.h b/include/lib/psa/dice_protection_environment.h index 61b648266..535145161 100644 --- a/include/lib/psa/dice_protection_environment.h +++ b/include/lib/psa/dice_protection_environment.h @@ -14,7 +14,7 @@ #include -/* Additional defines for max size limit. These limits are set by DPE in RSS. */ +/* Additional defines for max size limit. These limits are set by DPE in RSE. */ #define DICE_AUTHORITY_DESCRIPTOR_MAX_SIZE 64 #define DICE_CONFIG_DESCRIPTOR_MAX_SIZE 64 #define DICE_CODE_DESCRIPTOR_MAX_SIZE 32 @@ -28,7 +28,7 @@ typedef int32_t dpe_error_t; #define DPE_ARGUMENT_NOT_SUPPORTED ((dpe_error_t)4) #define DPE_SESSION_EXHAUSTED ((dpe_error_t)5) -/* Custom values in RSS based DPE implementation */ +/* Custom values in RSE based DPE implementation */ #define DPE_INSUFFICIENT_MEMORY ((dpe_error_t)128) #define DPE_ERR_CBOR_FORMATTING ((dpe_error_t)129) diff --git a/include/lib/psa/measured_boot.h b/include/lib/psa/measured_boot.h index 79cdfa004..3cc6c95d8 100644 --- a/include/lib/psa/measured_boot.h +++ b/include/lib/psa/measured_boot.h @@ -43,11 +43,11 @@ * - When the requested slot is not accessible to the caller. */ -/* Not a standard PSA API, just an extension therefore use the 'rss_' prefix +/* Not a standard PSA API, just an extension therefore use the 'rse_' prefix * rather than the usual 'psa_'. */ psa_status_t -rss_measured_boot_extend_measurement(uint8_t index, +rse_measured_boot_extend_measurement(uint8_t index, const uint8_t *signer_id, size_t signer_id_size, const uint8_t *version, @@ -92,7 +92,7 @@ rss_measured_boot_extend_measurement(uint8_t index, * PSA_ERROR_DOES_NOT_EXIST * - The requested slot is empty, does not contain a measurement. */ -psa_status_t rss_measured_boot_read_measurement(uint8_t index, +psa_status_t rse_measured_boot_read_measurement(uint8_t index, uint8_t *signer_id, size_t signer_id_size, size_t *signer_id_len, diff --git a/include/lib/psa/psa_manifest/sid.h b/include/lib/psa/psa_manifest/sid.h index 6c1565641..bb8abe46a 100644 --- a/include/lib/psa/psa_manifest/sid.h +++ b/include/lib/psa/psa_manifest/sid.h @@ -8,19 +8,19 @@ #ifndef PSA_MANIFEST_SID_H #define PSA_MANIFEST_SID_H -/******** RSS_SP_CRYPTO ********/ -#define RSS_CRYPTO_HANDLE (0x40000100U) +/******** RSE_SP_CRYPTO ********/ +#define RSE_CRYPTO_HANDLE (0x40000100U) -/******** RSS_SP_PLATFORM ********/ -#define RSS_PLATFORM_SERVICE_HANDLE (0x40000105U) +/******** RSE_SP_PLATFORM ********/ +#define RSE_PLATFORM_SERVICE_HANDLE (0x40000105U) /******** PSA_SP_MEASURED_BOOT ********/ -#define RSS_MEASURED_BOOT_HANDLE (0x40000110U) +#define RSE_MEASURED_BOOT_HANDLE (0x40000110U) /******** PSA_SP_DELEGATED_ATTESTATION ********/ -#define RSS_DELEGATED_SERVICE_HANDLE (0x40000111U) +#define RSE_DELEGATED_SERVICE_HANDLE (0x40000111U) /******** PSA_SP_DICE_PROTECTION_ENVIRONMENT ********/ -#define RSS_DPE_SERVICE_HANDLE (0x40000112U) +#define RSE_DPE_SERVICE_HANDLE (0x40000112U) #endif /* PSA_MANIFEST_SID_H */ diff --git a/include/lib/psa/rse_crypto_defs.h b/include/lib/psa/rse_crypto_defs.h index 301dc05f9..44936b829 100644 --- a/include/lib/psa/rse_crypto_defs.h +++ b/include/lib/psa/rse_crypto_defs.h @@ -5,8 +5,8 @@ * */ -#ifndef RSS_CRYPTO_DEFS_H -#define RSS_CRYPTO_DEFS_H +#ifndef RSE_CRYPTO_DEFS_H +#define RSE_CRYPTO_DEFS_H /* Declares types that encode errors, algorithms, key types, policies, etc. */ #include "psa/crypto_types.h" @@ -16,31 +16,31 @@ * to the corresponding API implementation in the Crypto service backend. * */ -#define RSS_CRYPTO_EXPORT_PUBLIC_KEY_SID (uint16_t)(0x701) +#define RSE_CRYPTO_EXPORT_PUBLIC_KEY_SID (uint16_t)(0x701) /* - * The persistent key identifiers for RSS builtin keys. + * The persistent key identifiers for RSE builtin keys. */ -enum rss_key_id_builtin_t { - RSS_BUILTIN_KEY_ID_HOST_S_ROTPK = 0x7FFF816Cu, - RSS_BUILTIN_KEY_ID_HOST_NS_ROTPK, - RSS_BUILTIN_KEY_ID_HOST_CCA_ROTPK, +enum rse_key_id_builtin_t { + RSE_BUILTIN_KEY_ID_HOST_S_ROTPK = 0x7FFF816Cu, + RSE_BUILTIN_KEY_ID_HOST_NS_ROTPK, + RSE_BUILTIN_KEY_ID_HOST_CCA_ROTPK, }; /* - * This type is used to overcome a limitation within RSS firmware in the number of maximum + * This type is used to overcome a limitation within RSE firmware in the number of maximum * IOVECs it can use especially in psa_aead_encrypt and psa_aead_decrypt. */ -#define RSS_CRYPTO_MAX_NONCE_LENGTH (16u) -struct rss_crypto_aead_pack_input { - uint8_t nonce[RSS_CRYPTO_MAX_NONCE_LENGTH]; +#define RSE_CRYPTO_MAX_NONCE_LENGTH (16u) +struct rse_crypto_aead_pack_input { + uint8_t nonce[RSE_CRYPTO_MAX_NONCE_LENGTH]; uint32_t nonce_length; }; /* * Structure used to pack non-pointer types in a call to PSA Crypto APIs */ -struct rss_crypto_pack_iovec { +struct rse_crypto_pack_iovec { psa_key_id_t key_id; /* !< Key id */ psa_algorithm_t alg; /* !< Algorithm */ uint32_t op_handle; /* @@ -56,7 +56,7 @@ struct rss_crypto_pack_iovec { * AEAD */ - struct rss_crypto_aead_pack_input aead_in; /* + struct rse_crypto_aead_pack_input aead_in; /* * !< Packs AEAD-related * inputs */ @@ -64,7 +64,7 @@ struct rss_crypto_pack_iovec { uint16_t function_id; /* * !< Used to identify the function in the * API dispatcher to the service backend - * See rss_crypto_func_sid for detail + * See rse_crypto_func_sid for detail */ uint16_t step; /* !< Key derivation step */ union { @@ -76,4 +76,4 @@ struct rss_crypto_pack_iovec { }; }; -#endif /* RSS_CRYPTO_DEFS_H */ +#endif /* RSE_CRYPTO_DEFS_H */ diff --git a/include/lib/psa/rse_platform_api.h b/include/lib/psa/rse_platform_api.h index 8f74a51fd..535001bd6 100644 --- a/include/lib/psa/rse_platform_api.h +++ b/include/lib/psa/rse_platform_api.h @@ -5,16 +5,16 @@ * */ -#ifndef RSS_PLATFORM_API_H -#define RSS_PLATFORM_API_H +#ifndef RSE_PLATFORM_API_H +#define RSE_PLATFORM_API_H #include #include "psa/error.h" -#include +#include -#define RSS_PLATFORM_API_ID_NV_READ (1010) -#define RSS_PLATFORM_API_ID_NV_INCREMENT (1011) +#define RSE_PLATFORM_API_ID_NV_READ (1010) +#define RSE_PLATFORM_API_ID_NV_INCREMENT (1011) /* * Increments the given non-volatile (NV) counter by one @@ -25,7 +25,7 @@ * it returns a PSA_ERROR. */ psa_status_t -rss_platform_nv_counter_increment(uint32_t counter_id); +rse_platform_nv_counter_increment(uint32_t counter_id); /* * Reads the given non-volatile (NV) counter @@ -39,7 +39,7 @@ rss_platform_nv_counter_increment(uint32_t counter_id); * it returns a PSA_ERROR. */ psa_status_t -rss_platform_nv_counter_read(uint32_t counter_id, +rse_platform_nv_counter_read(uint32_t counter_id, uint32_t size, uint8_t *val); /* @@ -54,7 +54,7 @@ rss_platform_nv_counter_read(uint32_t counter_id, * it returns a PSA_ERROR. */ psa_status_t -rss_platform_key_read(enum rss_key_id_builtin_t key, uint8_t *data, +rse_platform_key_read(enum rse_key_id_builtin_t key, uint8_t *data, size_t data_size, size_t *data_length); -#endif /* RSS_PLATFORM_API_H */ +#endif /* RSE_PLATFORM_API_H */ diff --git a/lib/psa/delegated_attestation.c b/lib/psa/delegated_attestation.c index 81e26215f..805a94163 100644 --- a/lib/psa/delegated_attestation.c +++ b/lib/psa/delegated_attestation.c @@ -10,7 +10,7 @@ #include psa_status_t -rss_delegated_attest_get_delegated_key(uint8_t ecc_curve, +rse_delegated_attest_get_delegated_key(uint8_t ecc_curve, uint32_t key_bits, uint8_t *key_buf, size_t key_buf_size, @@ -31,8 +31,8 @@ rss_delegated_attest_get_delegated_key(uint8_t ecc_curve, return PSA_ERROR_INVALID_ARGUMENT; } - status = psa_call(RSS_DELEGATED_SERVICE_HANDLE, - RSS_DELEGATED_ATTEST_GET_DELEGATED_KEY, + status = psa_call(RSE_DELEGATED_SERVICE_HANDLE, + RSE_DELEGATED_ATTEST_GET_DELEGATED_KEY, in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); if (status == PSA_SUCCESS) { @@ -43,7 +43,7 @@ rss_delegated_attest_get_delegated_key(uint8_t ecc_curve, } psa_status_t -rss_delegated_attest_get_token(const uint8_t *dak_pub_hash, +rse_delegated_attest_get_token(const uint8_t *dak_pub_hash, size_t dak_pub_hash_size, uint8_t *token_buf, size_t token_buf_size, @@ -61,8 +61,8 @@ rss_delegated_attest_get_token(const uint8_t *dak_pub_hash, return PSA_ERROR_INVALID_ARGUMENT; } - status = psa_call(RSS_DELEGATED_SERVICE_HANDLE, - RSS_DELEGATED_ATTEST_GET_PLATFORM_TOKEN, + status = psa_call(RSE_DELEGATED_SERVICE_HANDLE, + RSE_DELEGATED_ATTEST_GET_PLATFORM_TOKEN, in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); if (status == PSA_SUCCESS) { diff --git a/lib/psa/dice_protection_environment.c b/lib/psa/dice_protection_environment.c index 44a58482c..214561179 100644 --- a/lib/psa/dice_protection_environment.c +++ b/lib/psa/dice_protection_environment.c @@ -258,7 +258,7 @@ static int32_t dpe_client_call(const char *cmd_input, size_t cmd_input_size, { cmd_output, *cmd_output_size }, }; - err = psa_call(RSS_DPE_SERVICE_HANDLE, 0, + err = psa_call(RSE_DPE_SERVICE_HANDLE, 0, in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); if (err == PSA_SUCCESS) { diff --git a/lib/psa/measured_boot.c b/lib/psa/measured_boot.c index ff1f45dbc..c66b8dae9 100644 --- a/lib/psa/measured_boot.c +++ b/lib/psa/measured_boot.c @@ -63,7 +63,7 @@ static void log_measurement(uint8_t index, } psa_status_t -rss_measured_boot_extend_measurement(uint8_t index, +rse_measured_boot_extend_measurement(uint8_t index, const uint8_t *signer_id, size_t signer_id_size, const uint8_t *version, @@ -115,13 +115,13 @@ rss_measured_boot_extend_measurement(uint8_t index, measurement_algo, measurement_value, measurement_value_size, lock_measurement); - return psa_call(RSS_MEASURED_BOOT_HANDLE, - RSS_MEASURED_BOOT_EXTEND, + return psa_call(RSE_MEASURED_BOOT_HANDLE, + RSE_MEASURED_BOOT_EXTEND, in_vec, IOVEC_LEN(in_vec), NULL, 0); } -psa_status_t rss_measured_boot_read_measurement(uint8_t index, +psa_status_t rse_measured_boot_read_measurement(uint8_t index, uint8_t *signer_id, size_t signer_id_size, size_t *signer_id_len, @@ -158,7 +158,7 @@ psa_status_t rss_measured_boot_read_measurement(uint8_t index, {.base = measurement_value, .len = measurement_value_size} }; - status = psa_call(RSS_MEASURED_BOOT_HANDLE, RSS_MEASURED_BOOT_READ, + status = psa_call(RSE_MEASURED_BOOT_HANDLE, RSE_MEASURED_BOOT_READ, in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); diff --git a/lib/psa/measured_boot_private.h b/lib/psa/measured_boot_private.h index b8ca31d9c..bf2ae48ad 100644 --- a/lib/psa/measured_boot_private.h +++ b/lib/psa/measured_boot_private.h @@ -13,8 +13,8 @@ #include /* Measured boot message types that distinguish its services */ -#define RSS_MEASURED_BOOT_READ 1001U -#define RSS_MEASURED_BOOT_EXTEND 1002U +#define RSE_MEASURED_BOOT_READ 1001U +#define RSE_MEASURED_BOOT_EXTEND 1002U struct measured_boot_read_iovec_in_t { uint8_t index; diff --git a/lib/psa/rse_platform.c b/lib/psa/rse_platform.c index 7d90bfce2..7fc238206 100644 --- a/lib/psa/rse_platform.c +++ b/lib/psa/rse_platform.c @@ -7,24 +7,24 @@ #include #include -#include -#include +#include +#include psa_status_t -rss_platform_nv_counter_increment(uint32_t counter_id) +rse_platform_nv_counter_increment(uint32_t counter_id) { struct psa_invec in_vec[1]; in_vec[0].base = &counter_id; in_vec[0].len = sizeof(counter_id); - return psa_call(RSS_PLATFORM_SERVICE_HANDLE, - RSS_PLATFORM_API_ID_NV_INCREMENT, + return psa_call(RSE_PLATFORM_SERVICE_HANDLE, + RSE_PLATFORM_API_ID_NV_INCREMENT, in_vec, 1, NULL, 0); } psa_status_t -rss_platform_nv_counter_read(uint32_t counter_id, +rse_platform_nv_counter_read(uint32_t counter_id, uint32_t size, uint8_t *val) { struct psa_invec in_vec[1]; @@ -36,30 +36,30 @@ rss_platform_nv_counter_read(uint32_t counter_id, out_vec[0].base = val; out_vec[0].len = size; - return psa_call(RSS_PLATFORM_SERVICE_HANDLE, - RSS_PLATFORM_API_ID_NV_READ, + return psa_call(RSE_PLATFORM_SERVICE_HANDLE, + RSE_PLATFORM_API_ID_NV_READ, in_vec, 1, out_vec, 1); } psa_status_t -rss_platform_key_read(enum rss_key_id_builtin_t key, uint8_t *data, +rse_platform_key_read(enum rse_key_id_builtin_t key, uint8_t *data, size_t data_size, size_t *data_length) { psa_status_t status; - struct rss_crypto_pack_iovec iov = { - .function_id = RSS_CRYPTO_EXPORT_PUBLIC_KEY_SID, + struct rse_crypto_pack_iovec iov = { + .function_id = RSE_CRYPTO_EXPORT_PUBLIC_KEY_SID, .key_id = key, }; psa_invec in_vec[] = { - {.base = &iov, .len = sizeof(struct rss_crypto_pack_iovec)}, + {.base = &iov, .len = sizeof(struct rse_crypto_pack_iovec)}, }; psa_outvec out_vec[] = { {.base = data, .len = data_size} }; - status = psa_call(RSS_CRYPTO_HANDLE, PSA_IPC_CALL, + status = psa_call(RSE_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); From a11230ad008bdee89c3095f90926547094dbd57c Mon Sep 17 00:00:00 2001 From: Tamas Ban Date: Thu, 22 Feb 2024 11:45:26 +0100 Subject: [PATCH 12/15] refactor(fiptool): change all occurrences of RSS to RSE Changes all occurrences of "RSS" and "rss" in the code and build files to "RSE" and "rse". Signed-off-by: Tamas Ban Change-Id: I8982c203375250d6c709a26f33fb88673d69da50 --- .../arm/board/tc/plat_def_uuid_config.c | 48 +++++++++---------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/tools/fiptool/plat_fiptool/arm/board/tc/plat_def_uuid_config.c b/tools/fiptool/plat_fiptool/arm/board/tc/plat_def_uuid_config.c index 903310b21..792593f3a 100644 --- a/tools/fiptool/plat_fiptool/arm/board/tc/plat_def_uuid_config.c +++ b/tools/fiptool/plat_fiptool/arm/board/tc/plat_def_uuid_config.c @@ -13,44 +13,44 @@ toc_entry_t plat_def_toc_entries[] = { { - .name = "RSS Firmware BL1_2 image", - .uuid = UUID_RSS_FIRMWARE_BL1_2, - .cmdline_name = "rss-bl1_2" + .name = "RSE Firmware BL1_2 image", + .uuid = UUID_RSE_FIRMWARE_BL1_2, + .cmdline_name = "rse-bl1_2" }, { - .name = "RSS Firmware BL2 image", - .uuid = UUID_RSS_FIRMWARE_BL2, - .cmdline_name = "rss-bl2" + .name = "RSE Firmware BL2 image", + .uuid = UUID_RSE_FIRMWARE_BL2, + .cmdline_name = "rse-bl2" }, { - .name = "RSS Firmware SCP BL1 image", - .uuid = UUID_RSS_FIRMWARE_SCP_BL1, - .cmdline_name = "rss-scp-bl1" + .name = "RSE Firmware SCP BL1 image", + .uuid = UUID_RSE_FIRMWARE_SCP_BL1, + .cmdline_name = "rse-scp-bl1" }, { - .name = "RSS Firmware AP BL1 image", - .uuid = UUID_RSS_FIRMWARE_AP_BL1, - .cmdline_name = "rss-ap-bl1" + .name = "RSE Firmware AP BL1 image", + .uuid = UUID_RSE_FIRMWARE_AP_BL1, + .cmdline_name = "rse-ap-bl1" }, { - .name = "RSS Firmware non-secure image", - .uuid = UUID_RSS_FIRMWARE_NS, - .cmdline_name = "rss-ns" + .name = "RSE Firmware non-secure image", + .uuid = UUID_RSE_FIRMWARE_NS, + .cmdline_name = "rse-ns" }, { - .name = "RSS Firmware secure image", - .uuid = UUID_RSS_FIRMWARE_S, - .cmdline_name = "rss-s" + .name = "RSE Firmware secure image", + .uuid = UUID_RSE_FIRMWARE_S, + .cmdline_name = "rse-s" }, { - .name = "RSS Firmware non-secure SIC tables", - .uuid = UUID_RSS_SIC_TABLES_NS, - .cmdline_name = "rss-sic-tables-ns" + .name = "RSE Firmware non-secure SIC tables", + .uuid = UUID_RSE_SIC_TABLES_NS, + .cmdline_name = "rse-sic-tables-ns" }, { - .name = "RSS Firmware secure SIC tables", - .uuid = UUID_RSS_SIC_TABLES_S, - .cmdline_name = "rss-sic-tables-s" + .name = "RSE Firmware secure SIC tables", + .uuid = UUID_RSE_SIC_TABLES_S, + .cmdline_name = "rse-sic-tables-s" }, { From a822b8d82cd9baa38694928f130fbfcdf4c0d2e0 Mon Sep 17 00:00:00 2001 From: Tamas Ban Date: Thu, 22 Feb 2024 12:01:07 +0100 Subject: [PATCH 13/15] refactor(fvp): change all occurrences of RSS to RSE Changes all occurrences of "RSS" and "rss" in the code and build files to "RSE" and "rse". Signed-off-by: Tamas Ban Change-Id: I36b8e498f3226fc72d21634aae2cc9328d00711d --- plat/arm/board/fvp/fvp_plat_attest_token.c | 2 +- plat/arm/board/fvp/fvp_realm_attest_key.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/plat/arm/board/fvp/fvp_plat_attest_token.c b/plat/arm/board/fvp/fvp_plat_attest_token.c index 5fb3141c4..f5bd7229d 100644 --- a/plat/arm/board/fvp/fvp_plat_attest_token.c +++ b/plat/arm/board/fvp/fvp_plat_attest_token.c @@ -98,7 +98,7 @@ static const uint8_t sample_platform_token[] = { /* * Get the hardcoded platform attestation token as FVP does not support - * RSS. + * RSE. */ int plat_rmmd_get_cca_attest_token(uintptr_t buf, size_t *len, uintptr_t hash, size_t hash_size) diff --git a/plat/arm/board/fvp/fvp_realm_attest_key.c b/plat/arm/board/fvp/fvp_realm_attest_key.c index fe0cde725..150608d64 100644 --- a/plat/arm/board/fvp/fvp_realm_attest_key.c +++ b/plat/arm/board/fvp/fvp_realm_attest_key.c @@ -19,7 +19,7 @@ static const uint8_t sample_delegated_key[] = { /* * Get the hardcoded delegated realm attestation key as FVP - * does not support RSS. + * does not support RSE. */ int plat_rmmd_get_cca_realm_attest_key(uintptr_t buf, size_t *len, unsigned int type) From 59549e62cb6ea38a2478e4b5a8bc17ca61c4fdf5 Mon Sep 17 00:00:00 2001 From: Tamas Ban Date: Thu, 22 Feb 2024 12:03:19 +0100 Subject: [PATCH 14/15] refactor(qemu): change all occurrences of RSS to RSE Changes all occurrences of "RSS" and "rss" in the code and build files to "RSE" and "rse". Signed-off-by: Tamas Ban Change-Id: I2c6840f6f3f2f8f64595a0e0aa6e12084a37ce6e --- plat/qemu/common/qemu_plat_attest_token.c | 2 +- plat/qemu/common/qemu_realm_attest_key.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/plat/qemu/common/qemu_plat_attest_token.c b/plat/qemu/common/qemu_plat_attest_token.c index cf3376d52..f7d7e9050 100644 --- a/plat/qemu/common/qemu_plat_attest_token.c +++ b/plat/qemu/common/qemu_plat_attest_token.c @@ -98,7 +98,7 @@ static const uint8_t sample_platform_token[] = { /* * Get the hardcoded platform attestation token as QEMU does not support - * RSS. + * RSE. */ int plat_rmmd_get_cca_attest_token(uintptr_t buf, size_t *len, uintptr_t hash, size_t hash_size) diff --git a/plat/qemu/common/qemu_realm_attest_key.c b/plat/qemu/common/qemu_realm_attest_key.c index abd569b39..7da04d157 100644 --- a/plat/qemu/common/qemu_realm_attest_key.c +++ b/plat/qemu/common/qemu_realm_attest_key.c @@ -19,7 +19,7 @@ static const uint8_t sample_delegated_key[] = { /* * Get the hardcoded delegated realm attestation key as QEMU - * does not support RSS. + * does not support RSE. */ int plat_rmmd_get_cca_realm_attest_key(uintptr_t buf, size_t *len, unsigned int type) From ccc717391f5359fe2f04fe5a7a6a841bbab587b6 Mon Sep 17 00:00:00 2001 From: Tamas Ban Date: Mon, 22 Apr 2024 15:41:45 +0200 Subject: [PATCH 15/15] refactor(changelog): change all occurrences of RSS to RSE Changes all occurrences of "RSS" and "rss" in the code and build files to "RSE" and "rse". Signed-off-by: Tamas Ban Change-Id: I66a6c87c158b14e18cba25ea6c6e0809e30008ca --- changelog.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/changelog.yaml b/changelog.yaml index b7f281c15..f38dd85c0 100644 --- a/changelog.yaml +++ b/changelog.yaml @@ -955,11 +955,12 @@ subsections: deprecated: - drivers/arm/mhu - - title: RSS - scope: rss + - title: RSE + scope: rse deprecated: - drivers/arm/rss + - rss - title: TZC scope: tzc