* changes:
refactor(docs): update RSE docs to match the example CCA token
refactor(qemu): use the example CCA platform token from iat-verifier
refactor(fvp): use the example CCA platform token from iat-verifier
Until now, the attestation token size was limited by the size of the
shared buffer between RMM and TF-A. With this change, RMM can now
request the token in pieces, so they fit in the shared buffer. A new
output parameter was added to the SMC call, which will return (along
with the size of bytes copied into the buffer) the number of bytes
of the token that remain to be retrieved.
TF-A will keep an offset variable that will indicate the position in
the token where the next call will retrieve bytes from. This offset
will be increased on every call by adding the number number of bytes
copied. If the received hash size is not 0, TF-A will reset the
offset to 0 and copy from that position on.
The SMC call will now return at most the size of the shared buffer
in bytes on every call. Therefore, from now on, multiple SMC calls
may be needed to be issued if the token size exceeds the shared
buffer size.
Change-Id: I591f7013d06f64e98afaf9535dbea6f815799723
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
In [1], the example CCA platform token has been updated to fix a small
problem with the description of one of the software components, and to
provide a more realistic breakdown of the expected components in the CCA
TCB.
This change replaces the static CCA platform token in the Total Compute
platform.
[1] https://review.trustedfirmware.org/c/TF-M/tf-m-tools/+/28493
Change-Id: I792e693cc994fc1e856f713fd97bac4930b28e1e
Signed-off-by: Thomas Fossati <thomas.fossati@linaro.org>
Changes all occurrences of "RSS" and "rss" in the code and build files
to "RSE" and "rse".
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I36b8e498f3226fc72d21634aae2cc9328d00711d
Since FVP does not support RSS, RSS APIs used to provide the hardcoded
platform token and attestation key. However, that seems to be causing
un-necessary mandating of some PSA crypto definitions, that doesn't
seem appropriate.
Hence to retrieve platform token and realm attestation key, these
RSS APIs calls have been replaced with hardcoded information.
Change-Id: I5fd091025e3444a698b9d387763ce20db6b13ae1
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Retrieved the platform attestation token and delegated realm attestation
key through the PSA delegated attestation layer.
Even though FVP doesn't support RSS hardware today, it can still
leverage the RSS implementation of these PSA interfaces in their mocking
form (see PLAT_RSS_NOT_SUPPORTED).
Therefore, platform APIs now call these PSA interfaces instead of
directly providing these hardcoded values.
Change-Id: I31d0ca58f6f1a444f513d954da4e3e67757321ad
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Update test CCA Platform token in fvp_plat_attest_token.c to be
up-to-date with RMM spec Beta0.
Change-Id: I0f5e2ac1149eb6f7a93a997682f41d90e109a049
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, among others, to pass a boot manifest to RMM. The buffer is
composed a single memory page be used by a later EL3 <-> RMM interface
by all CPUs.
The RMM boot manifest is not implemented by this patch.
In addition to that, this patch also enables support for RMM when
RESET_TO_BL31 is enabled.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I855cd4758ee3843eadd9fb482d70a6d18954d82a
Add a dummy platform token to RMMD and return it on request. The
platform token is requested with an SMC with the following parameters:
* Fid (0xC40001B3).
* Platform token PA (the platform token is copied at this address by
the monitor). The challenge object needs to be passed by
the caller in this buffer.
* Platform token len.
* Challenge object len.
When calling the SMC, the platform token buffer received by EL3 contains
the challenge object. It is not used on the FVP and is only printed to
the log.
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Change-Id: I8b2f1d54426c04e76d7a3baa6b0fbc40b0116348
