mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2025-04-16 09:34:18 +00:00
48ba0345f7
It looks safer and cleaner approach to record the measurement taken by BL1 straightaway in TCG Event Log instead of deferring these recordings to BL2. Hence pull in the full-fledged measured boot driver into BL1 that replaces the former ad-hoc platform interfaces i.e. bl1_plat_set_bl2_hash, bl2_plat_get_hash. As a result of this change the BL1 of Arm FVP platform now do the measurements and recordings of below images: 1. FW_CONFIG 2. TB_FW_CONFIG 3. BL2 Change-Id: I798c20336308b5e91b547da4f8ed57c24d490731 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
85 lines
2.4 KiB
C
85 lines
2.4 KiB
C
/*
|
|
* Copyright (c) 2021, Arm Limited. All rights reserved.
|
|
*
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*/
|
|
|
|
#include <stdint.h>
|
|
|
|
#include <drivers/measured_boot/event_log/event_log.h>
|
|
#include <plat/arm/common/plat_arm.h>
|
|
|
|
/* Event Log data */
|
|
static uint8_t event_log[PLAT_ARM_EVENT_LOG_MAX_SIZE];
|
|
|
|
/* FVP table with platform specific image IDs, names and PCRs */
|
|
const event_log_metadata_t fvp_event_log_metadata[] = {
|
|
{ BL31_IMAGE_ID, BL31_STRING, PCR_0 },
|
|
{ BL32_IMAGE_ID, BL32_STRING, PCR_0 },
|
|
{ BL32_EXTRA1_IMAGE_ID, BL32_EXTRA1_IMAGE_STRING, PCR_0 },
|
|
{ BL32_EXTRA2_IMAGE_ID, BL32_EXTRA2_IMAGE_STRING, PCR_0 },
|
|
{ BL33_IMAGE_ID, BL33_STRING, PCR_0 },
|
|
{ HW_CONFIG_ID, HW_CONFIG_STRING, PCR_0 },
|
|
{ NT_FW_CONFIG_ID, NT_FW_CONFIG_STRING, PCR_0 },
|
|
{ SCP_BL2_IMAGE_ID, SCP_BL2_IMAGE_STRING, PCR_0 },
|
|
{ SOC_FW_CONFIG_ID, SOC_FW_CONFIG_STRING, PCR_0 },
|
|
{ TOS_FW_CONFIG_ID, TOS_FW_CONFIG_STRING, PCR_0 },
|
|
{ INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */
|
|
};
|
|
|
|
void bl2_plat_mboot_init(void)
|
|
{
|
|
event_log_init(event_log, event_log + sizeof(event_log));
|
|
event_log_write_header();
|
|
}
|
|
|
|
void bl2_plat_mboot_finish(void)
|
|
{
|
|
int rc;
|
|
|
|
/* Event Log address in Non-Secure memory */
|
|
uintptr_t ns_log_addr;
|
|
|
|
/* Event Log filled size */
|
|
size_t event_log_cur_size;
|
|
|
|
event_log_cur_size = event_log_get_cur_size(event_log);
|
|
|
|
rc = arm_set_nt_fw_info(
|
|
#ifdef SPD_opteed
|
|
(uintptr_t)event_log,
|
|
#endif
|
|
event_log_cur_size, &ns_log_addr);
|
|
if (rc != 0) {
|
|
ERROR("%s(): Unable to update %s_FW_CONFIG\n",
|
|
__func__, "NT");
|
|
/*
|
|
* It is a fatal error because on FVP secure world software
|
|
* assumes that a valid event log exists and will use it to
|
|
* record the measurements into the fTPM.
|
|
* Note: In FVP platform, OP-TEE uses nt_fw_config to get the
|
|
* secure Event Log buffer address.
|
|
*/
|
|
panic();
|
|
}
|
|
|
|
/* Copy Event Log to Non-secure memory */
|
|
(void)memcpy((void *)ns_log_addr, (const void *)event_log,
|
|
event_log_cur_size);
|
|
|
|
/* Ensure that the Event Log is visible in Non-secure memory */
|
|
flush_dcache_range(ns_log_addr, event_log_cur_size);
|
|
|
|
#if defined(SPD_tspd) || defined(SPD_spmd)
|
|
/* Set Event Log data in TOS_FW_CONFIG */
|
|
rc = arm_set_tos_fw_info((uintptr_t)event_log,
|
|
event_log_cur_size);
|
|
if (rc != 0) {
|
|
ERROR("%s(): Unable to update %s_FW_CONFIG\n",
|
|
__func__, "TOS");
|
|
panic();
|
|
}
|
|
#endif
|
|
|
|
dump_event_log(event_log, event_log_cur_size);
|
|
}
|