From 703df3a3ef4aafe30a3522b80ec305a9833f732d Mon Sep 17 00:00:00 2001 From: laurenw-arm Date: Tue, 14 May 2024 12:41:59 -0500 Subject: [PATCH 1/4] feat(dt-bindings): introduce Dualroot CoT DTB Add Dualroot CoT DTB, which allows Dualroot platforms to get their chain of trust description from a configuration file, rather than hard-coding it into the firmware source code itself. Change-Id: I03af8f28ba7ad56b883ff5e7961500ffdb8c3957 Signed-off-by: Lauren Wehrmeister --- fdts/dualroot_cot_descriptors.dtsi | 314 +++++++++++++++++++++++++++++ 1 file changed, 314 insertions(+) create mode 100644 fdts/dualroot_cot_descriptors.dtsi diff --git a/fdts/dualroot_cot_descriptors.dtsi b/fdts/dualroot_cot_descriptors.dtsi new file mode 100644 index 000000000..459a1dda8 --- /dev/null +++ b/fdts/dualroot_cot_descriptors.dtsi @@ -0,0 +1,314 @@ +/* + * Copyright (c) 2024, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include +#include +#include + +cot { + manifests { + compatible = "arm, cert-descs"; + + trusted_boot_fw_cert: trusted_boot_fw_cert { + root-certificate; + image-id =; + antirollback-counter = <&trusted_nv_counter>; + + tb_fw_hash: tb_fw_hash { + oid = TRUSTED_BOOT_FW_HASH_OID; + }; + tb_fw_config_hash: tb_fw_config_hash { + oid = TRUSTED_BOOT_FW_CONFIG_HASH_OID; + }; + hw_config_hash: hw_config_hash { + oid = HW_CONFIG_HASH_OID; + }; + fw_config_hash: fw_config_hash { + oid = FW_CONFIG_HASH_OID; + }; + }; + + trusted_key_cert: trusted_key_cert { + root-certificate; + image-id = ; + antirollback-counter = <&trusted_nv_counter>; + + trusted_world_pk: trusted_world_pk { + oid = TRUSTED_WORLD_PK_OID; + }; + }; + + scp_fw_key_cert: scp_fw_key_cert { + image-id = ; + parent = <&trusted_key_cert>; + signing-key = <&trusted_world_pk>; + antirollback-counter = <&trusted_nv_counter>; + + scp_fw_content_pk: scp_fw_content_pk { + oid = SCP_FW_CONTENT_CERT_PK_OID; + }; + }; + + scp_fw_content_cert: scp_fw_content_cert { + image-id = ; + parent = <&scp_fw_key_cert>; + signing-key = <&scp_fw_content_pk>; + antirollback-counter = <&trusted_nv_counter>; + + scp_fw_hash: scp_fw_hash { + oid = SCP_FW_HASH_OID; + }; + }; + + soc_fw_key_cert: soc_fw_key_cert { + image-id = ; + parent = <&trusted_key_cert>; + signing-key = <&trusted_world_pk>; + antirollback-counter = <&trusted_nv_counter>; + soc_fw_content_pk: soc_fw_content_pk { + oid = SOC_FW_CONTENT_CERT_PK_OID; + }; + }; + + soc_fw_content_cert: soc_fw_content_cert { + image-id = ; + parent = <&soc_fw_key_cert>; + signing-key = <&soc_fw_content_pk>; + antirollback-counter = <&trusted_nv_counter>; + + soc_fw_hash: soc_fw_hash { + oid = SOC_AP_FW_HASH_OID; + }; + soc_fw_config_hash: soc_fw_config_hash { + oid = SOC_FW_CONFIG_HASH_OID; + }; + }; + + trusted_os_fw_key_cert: trusted_os_fw_key_cert { + image-id = ; + parent = <&trusted_key_cert>; + signing-key = <&trusted_world_pk>; + antirollback-counter = <&trusted_nv_counter>; + + tos_fw_content_pk: tos_fw_content_pk { + oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID; + }; + }; + + trusted_os_fw_content_cert: trusted_os_fw_content_cert { + image-id = ; + parent = <&trusted_os_fw_key_cert>; + signing-key = <&tos_fw_content_pk>; + antirollback-counter = <&trusted_nv_counter>; + + tos_fw_hash: tos_fw_hash { + oid = TRUSTED_OS_FW_HASH_OID; + }; + tos_fw_extra1_hash: tos_fw_extra1_hash { + oid = TRUSTED_OS_FW_EXTRA1_HASH_OID; + }; + tos_fw_extra2_hash: tos_fw_extra2_hash { + oid = TRUSTED_OS_FW_EXTRA2_HASH_OID; + }; + tos_fw_config_hash: tos_fw_config_hash { + oid = TRUSTED_OS_FW_CONFIG_HASH_OID; + }; + }; + + non_trusted_fw_content_cert: non_trusted_fw_content_cert { + root-certificate; + image-id = ; + signing-key = <&prot_pk>; + antirollback-counter = <&non_trusted_nv_counter>; + + nt_world_bl_hash: nt_world_bl_hash { + oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID; + }; + nt_fw_config_hash: nt_fw_config_hash { + oid = NON_TRUSTED_FW_CONFIG_HASH_OID; + }; + }; + +#if defined(SPD_spmd) + sip_sp_content_cert: sip_sp_content_cert { + image-id = ; + parent = <&trusted_key_cert>; + signing-key = <&trusted_world_pk>; + antirollback-counter = <&trusted_nv_counter>; + + sp_pkg1_hash: sp_pkg1_hash { + oid = SP_PKG1_HASH_OID; + }; + sp_pkg2_hash: sp_pkg2_hash { + oid = SP_PKG2_HASH_OID; + }; + sp_pkg3_hash: sp_pkg3_hash { + oid = SP_PKG3_HASH_OID; + }; + sp_pkg4_hash: sp_pkg4_hash { + oid = SP_PKG4_HASH_OID; + }; + }; + + plat_sp_content_cert: plat_sp_content_cert { + root-certificate; + image-id = ; + signing-key = <&prot_pk>; + antirollback-counter = <&non_trusted_nv_counter>; + + sp_pkg5_hash: sp_pkg5_hash { + oid = SP_PKG5_HASH_OID; + }; + sp_pkg6_hash: sp_pkg6_hash { + oid = SP_PKG6_HASH_OID; + }; + sp_pkg7_hash: sp_pkg7_hash { + oid = SP_PKG7_HASH_OID; + }; + sp_pkg8_hash: sp_pkg8_hash { + oid = SP_PKG8_HASH_OID; + }; + }; +#endif + }; + + images { + compatible = "arm, img-descs"; + + hw_config { + image-id = ; + parent = <&trusted_boot_fw_cert>; + hash = <&hw_config_hash>; + }; + + scp_bl2_image { + image-id = ; + parent = <&scp_fw_content_cert>; + hash = <&scp_fw_hash>; + }; + + bl31_image { + image-id = ; + parent = <&soc_fw_content_cert>; + hash = <&soc_fw_hash>; + }; + + soc_fw_config { + image-id = ; + parent = <&soc_fw_content_cert>; + hash = <&soc_fw_config_hash>; + }; + + bl32_image { + image-id = ; + parent = <&trusted_os_fw_content_cert>; + hash = <&tos_fw_hash>; + }; + + bl32_extra1_image { + image-id = ; + parent = <&trusted_os_fw_content_cert>; + hash = <&tos_fw_extra1_hash>; + }; + + bl32_extra2_image { + image-id = ; + parent = <&trusted_os_fw_content_cert>; + hash = <&tos_fw_extra2_hash>; + }; + + tos_fw_config { + image-id = ; + parent = <&trusted_os_fw_content_cert>; + hash = <&tos_fw_config_hash>; + }; + + bl33_image { + image-id = ; + parent = <&non_trusted_fw_content_cert>; + hash = <&nt_world_bl_hash>; + }; + + nt_fw_config { + image-id = ; + parent = <&non_trusted_fw_content_cert>; + hash = <&nt_fw_config_hash>; + }; + +#if defined(SPD_spmd) + sp_pkg1 { + image-id = ; + parent = <&sip_sp_content_cert>; + hash = <&sp_pkg1_hash>; + }; + + sp_pkg2 { + image-id = ; + parent = <&sip_sp_content_cert>; + hash = <&sp_pkg2_hash>; + }; + + sp_pkg3 { + image-id = ; + parent = <&sip_sp_content_cert>; + hash = <&sp_pkg3_hash>; + }; + + sp_pkg4 { + image-id = ; + parent = <&sip_sp_content_cert>; + hash = <&sp_pkg4_hash>; + }; + + sp_pkg5 { + image-id = ; + parent = <&plat_sp_content_cert>; + hash = <&sp_pkg5_hash>; + }; + + sp_pkg6 { + image-id = ; + parent = <&plat_sp_content_cert>; + hash = <&sp_pkg6_hash>; + }; + + sp_pkg7 { + image-id = ; + parent = <&plat_sp_content_cert>; + hash = <&sp_pkg7_hash>; + }; + + sp_pkg8 { + image-id = ; + parent = <&plat_sp_content_cert>; + hash = <&sp_pkg8_hash>; + }; +#endif + }; +}; + +non_volatile_counters: non_volatile_counters { + compatible = "arm, non-volatile-counter"; + + #address-cells = <1>; + #size-cells = <0>; + + trusted_nv_counter: trusted_nv_counter { + id = ; + oid = TRUSTED_FW_NVCOUNTER_OID; + }; + + non_trusted_nv_counter: non_trusted_nv_counter { + id = ; + oid = NON_TRUSTED_FW_NVCOUNTER_OID; + }; +}; + +rot_keys { + prot_pk: prot_pk { + oid = PROT_PK_OID; + }; +}; From 0af86f08ce5c39e3d53ccd9daa77084acef09fa7 Mon Sep 17 00:00:00 2001 From: laurenw-arm Date: Tue, 14 May 2024 12:44:54 -0500 Subject: [PATCH 2/4] feat(fvp): add Dualroot CoT in DTB support Adding support for Dualroot CoT in DTB. This makes it possible for BL2 to retrieve its chain of trust description from a configuration file in DTB format. With this, the CoT description may be updated without rebuilding BL2 image. This feature can be enabled by building BL2 with COT_DESC_IN_DTB=1 and COT=dualroot. The default behavior remains to embed the CoT description into BL2 image. Change-Id: I343931b145aa8a53b0a5d4b8aefb273ffb5a9163 Signed-off-by: Lauren Wehrmeister --- plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts b/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts index 9eb2177c7..ed6020396 100644 --- a/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts +++ b/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts @@ -106,6 +106,8 @@ #if COT_DESC_IN_DTB #if defined(ARM_COT_cca) #include "cca_cot_descriptors.dtsi" + #elif defined(ARM_COT_dualroot) + #include "dualroot_cot_descriptors.dtsi" #elif defined(ARM_COT_tbbr) #include "tbbr_cot_descriptors.dtsi" #endif From 731ac5ea043efb333ea74c8443c10989acce5d94 Mon Sep 17 00:00:00 2001 From: laurenw-arm Date: Tue, 14 May 2024 12:51:26 -0500 Subject: [PATCH 3/4] feat(arm): add COT_DESC_IN_DTB option for Dualroot Add support for BL2 to get the Dualroot chain of trust description through the Firmware Configuration Framework (FCONF). This makes it possible to export the part of the Dualroot chain of trust enforced by BL2 in BL2's configuration file (TB_FW_CONFIG DTB file). BL2 will parse it when setting up the platform. The feature can be enabled through the COT_DESC_IN_DTB=1 option. The default behavior (COT_DESC_IN_DTB=0) remains to hard-code the Dualroot CoT into BL2 images. Change-Id: I3497b1daf14be09b5ce3a74d39df7551819255c2 Signed-off-by: Lauren Wehrmeister --- plat/arm/common/arm_common.mk | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk index 7ab39eb28..7377a01f8 100644 --- a/plat/arm/common/arm_common.mk +++ b/plat/arm/common/arm_common.mk @@ -385,7 +385,12 @@ ifneq (${TRUSTED_BOARD_BOOT},0) endif endif else ifeq (${COT},dualroot) - AUTH_SOURCES += drivers/auth/dualroot/cot.c + BL1_SOURCES += drivers/auth/dualroot/cot.c + ifneq (${COT_DESC_IN_DTB},0) + BL2_SOURCES += lib/fconf/fconf_cot_getter.c + else + BL2_SOURCES += drivers/auth/dualroot/cot.c + endif else ifeq (${COT},cca) BL1_SOURCES += drivers/auth/cca/cot.c ifneq (${COT_DESC_IN_DTB},0) From bdc15fe6d47d600d5de721ac552b53bfc31fb008 Mon Sep 17 00:00:00 2001 From: laurenw-arm Date: Tue, 4 Jun 2024 14:10:31 -0500 Subject: [PATCH 4/4] refactor(fvp): add CoT desc dtsi Adding CoT descriptor dtsi file to streamline fvp_tb_fw_config DTB file. Change-Id: I0bbaef764b100ed0e749ec5f0c78a366398b3519 Signed-off-by: Lauren Wehrmeister --- plat/arm/board/fvp/fdts/fvp_cot_desc.dtsi | 16 ++++++++++++++++ plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts | 10 +--------- 2 files changed, 17 insertions(+), 9 deletions(-) create mode 100644 plat/arm/board/fvp/fdts/fvp_cot_desc.dtsi diff --git a/plat/arm/board/fvp/fdts/fvp_cot_desc.dtsi b/plat/arm/board/fvp/fdts/fvp_cot_desc.dtsi new file mode 100644 index 000000000..9c8328bbd --- /dev/null +++ b/plat/arm/board/fvp/fdts/fvp_cot_desc.dtsi @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2024, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + + +#if COT_DESC_IN_DTB + #if defined(ARM_COT_cca) + #include "cca_cot_descriptors.dtsi" + #elif defined(ARM_COT_dualroot) + #include "dualroot_cot_descriptors.dtsi" + #elif defined(ARM_COT_tbbr) + #include "tbbr_cot_descriptors.dtsi" + #endif +#endif diff --git a/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts b/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts index ed6020396..b1d3bc185 100644 --- a/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts +++ b/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts @@ -103,15 +103,7 @@ #endif /* ARM_BL2_SP_LIST_DTS */ }; -#if COT_DESC_IN_DTB - #if defined(ARM_COT_cca) - #include "cca_cot_descriptors.dtsi" - #elif defined(ARM_COT_dualroot) - #include "dualroot_cot_descriptors.dtsi" - #elif defined(ARM_COT_tbbr) - #include "tbbr_cot_descriptors.dtsi" - #endif -#endif +#include "fvp_cot_desc.dtsi" #if MEASURED_BOOT #include "event_log.dtsi"