Changes all occurrences of "RSS" and "rss" in the code and build files
to "RSE" and "rse".
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I606e2663fb3719edf6372d6ffa4f1982eef45994
RSS provides the DICE Protection Environment
service (DPE). It partially implements the
DPE specification from TCG.
As a DPE profile, it supports the
Open Profile for DICE specification.
https://pigweed.googlesource.com/open-dice/+/refs/heads/main/docs/specification.md
In order to communicate with the service, commands
must be CBOR encoded.
The API implementation:
- Expose a C API to the upper layer,
- Do the CBOR encoding, decoding of the DPE
commands,
- Rely on the PSA framework to communicate
with the RSS through an MHU.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I26a08f0c7cbffe07e725a7defbb6c60fd7735efe
Adding the AP/RSS interface for reading the ROTPK.
The read interface implements the psa_call:
psa_call(RSS_CRYPTO_HANDLE, PSA_IPC_CALL,
in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
where the in_vec indicates which of the 3 ROTPKs we want,
and the out_vec stores the ROTPK value we get back from RSS.
Through this service, we will be able to read any of the 3
ROTPKs used on a CCA platform:
- ROTPK for CCA firmware (BL2, BL31, RMM).
- ROTPK for secure firmware.
- ROTPK for non-secure firmware.
Change-Id: I44c615588235cc797fdf38870b74b4c422be0a72
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Adding AP/RSS interface for retrieving and incrementing non-volatile
counters.
The read interface implements the psa_call:
psa_call(RSS_PLATFORM_SERVICE_HANDLE,
RSS_PLATFORM_API_ID_NV_READ,
in_vec, 1, out_vec, 1);
where the in_vec indicates which of the 3 counters we want, and the
out_vec stores the counter value we get back from RSS.
The increment interface implements the psa_call:
psa_call(RSS_PLATFORM_SERVICE_HANDLE,
RSS_PLATFORM_API_ID_NV_INCREMENT,
in_vec, 1, (psa_outvec *)NULL, 0);
where, again, in_vec indicates the counter to increment, and we don't
get any output parameter from RSS.
Through this service, we will be able to get/increment any of the 3 NV
counters used on a CCA platform:
- NV counter for CCA firmware (BL2, BL31, RMM).
- NV counter for secure firmware.
- NV counter for non-secure firmware.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Signed-off-by: Raef Coles <raef.coles@arm.com>
Change-Id: I4c1c7f4837ebff30de16bb0ce7ecd416b70b1f62
The attestation key derivation and platform attestation token
creation functionality is provided by the Delegated Attestation
partition in RSS.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I2d8c0e6589d11e7c81c698adf75ee2a993e3a0c6
Delegated attestation is a service provided by RSS to:
- Derive a delegated attestation key: Realm Attestation Key
- Query the platform attestation token
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I3edf09fcbef24bca7c8a000ffac8c1ab64dfb812
When the measured boot service was upstreamed to TF-M, its static
handle was reallocated into the user partitions range. This change
updates the static handle here to make the service accessible.
Also removes the SIDs and Versions, since they are unused when a
service is accessed through a stateless handle, which encodes both
service ID and version. The attestation and measured boot services
only support access through their handles.
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
Change-Id: I9d2ff1aad19470728289d574be3d5d11bdabeef4
A secure enclave could provide an alternate
backend for measured boot. This API can be used
to store measurements in a secure enclave, which
provides the measured boot runtime service.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I2448e324e7ece6b318403c5937dfe7abea53d0f3
