Remove any residual RSS usage in the FVP platform, complementing the
changes made in commit dea307fd6c.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I9ced272503456361610ec0c7783d270349233926
Added public key-OID information in the RSS metadata structure.
Change-Id: I5ee5d41519980091296deaa1882fdfe9ae6766c0
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
In order to comply with the previous RSS driver change,
interface calls have been updated.
Change-Id: I0a1f3c6a6f8017468d86903cc0158805c6461c28
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Updated the code to get and set the 'tpm_event_log_max_size' property
in the event_log.dtsi.
In this change, the maximum Event Log buffer size allocated by BL1 is
passed to BL2, rather than both relying on the maximum Event Log buffer
size macro.
Change-Id: I7aa6256390872171e362b6f166f3f7335aa6e425
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Copied the Event Log from internal SRAM to the TZC secured DRAM
reserved area. Also passed this Trusted DRAM address to OPTEE via
NT FW configuration, and to SPMC via TOS FW configuration,
which is eventually used to extend PCR via fTPM application running
on top of OPTEE/SPMC.
Furthermore, this patch makes it easier to access Event Log in RME
enabled systems where Secure World firmware does not have access to
internal(Root) SRAM.
Change-Id: I005e9da1e6075511f412bdf4d8b541fa543df9ab
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Based on the prototype modification of the event_log_measure_and_record
function in the previous patch, platform metadata was passed as an
argument.
Change-Id: Id1bf59c243c483d7e32152f094c693e95d29fe2b
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Add SP entries to event_log_metadata if SPD_spmd is enabled. Otherwise
the platform cannot boot with measured boot enabled.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: I525eb50e7bb60796b63a8c7f81962983017bbf87
Enable the RSS backend based measured boot feature.
In the absence of RSS the mocked version of PSA APIs
are used. They always return with success and hard-code data.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I7543e9033a7a21f1b836d911d8d9498c6e09b956
Platforms which support Realm world cannot boot up
properly if measured boot is enabled at build time.
An assertions occurs due to the missing RMM entry
in the event_log_metadata array.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I172f10a440797f7c9e1bc79dc72242b40c2521ea
As Measured-Boot and Trusted-Boot are orthogonal, removed
Trusted-Boot's dependency on Measured-Boot by allowing them
to apply the Crypto module changes independently using the
CRYPTO_SUPPORT build flag.
Change-Id: I5a420e5d84f3fefe0c0092d822dab981e6390bbf
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Implemented a platform function 'plat_mboot_measure_critical_data' to
measure critical data and record its measurement using the Event Log
driver.
'bl2_plat_mboot_finish' function invokes this platform function
immediately after populating the critical data.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ia198295c6e07ab26d436eab1ff90df2cf28303af
Renamed a macro 'INVALID_ID' to 'EVLOG_INVALID_ID' to avoid its clash
with other macro names and to show it is explicitly used for Event
Log driver.
Change-Id: Ie4c92b3cd1366d9a59cd6f43221e24734865f427
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Made measurement strings compliant to Server Base Security Guide
(SBSG, Arm DEN 0086) hence updated measurement strings for BL32, BL31,
and SCP_BL2 images. As the GPT image is not get measured by BL2 so
removed its measurement string.
Also, namespaced measurement string defines that were looking quite
generic.
Change-Id: Iaa17c0cfeee3d06dc822eff2bd553da23bd99b76
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Introduced functions to set and get Event log information
(tpm_event_log address and its size).
In FVP platform case, measured boot with Event Log backend flow
work as below
1. event_log_init function called by BL1 to initialize Event Log
module
2. arm_set_tb_fw_info function called by BL1 to set the
'tpm_event_log_addr' and 'tpm_event_log_size' properties
in tb_fw_config
3. arm_get_tb_fw_info function called by BL2 to get tpm Event Log
parameters set by BL1. These parameters used by the BL2 to
extend the tpm Event Log records, and use these parameters
to initialize Event Log using event_log_init function
4. arm_set_nt_fw_info and arm_set_tos_fw_info function called by
BL2 to set 'tpm_event_log' address and its size properties in
nt_fw_config and tos_fw_config respectively
Alongside, this patch created a separate instances of plat_mboot_init
and plat_mboot_finish APIs for BL1 and BL2.
This patch is tested using the existing measured boot test configuration
in jenkins CI.
Change-Id: Ib9eca092afe580df014541c937868f921dff9c37
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
It looks safer and cleaner approach to record the measurement taken by
BL1 straightaway in TCG Event Log instead of deferring these recordings
to BL2.
Hence pull in the full-fledged measured boot driver into BL1 that
replaces the former ad-hoc platform interfaces i.e.
bl1_plat_set_bl2_hash, bl2_plat_get_hash.
As a result of this change the BL1 of Arm FVP platform now do the
measurements and recordings of below images:
1. FW_CONFIG
2. TB_FW_CONFIG
3. BL2
Change-Id: I798c20336308b5e91b547da4f8ed57c24d490731
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
2021-10-12 17:53:48 +01:00
Renamed from plat/arm/board/fvp/fvp_measured_boot.c (Browse further)
