Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-27 15:24:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
arm-trusted-firmware/include/drivers/measured_boot/rse/dice_prot_env.h
Tamas Ban 3201faf356 feat(tc): provide target_locality info of AP FW components 
The target_locality attribute is meant to specify that
a certain SW component is expected to run and thereby
send DPE commands from a given security domain. The DPE
service must be capable of determining the locality of
a client on his own. RSE determines the client's locality
based on the MHU channel used for communication.

If the expected locality (specified by the parent component)
is not matching with the determined locality by DPE
service then command fails.

The goal is to protect against spoofing when a
context_handle is stolen and used by a component
that should not have access.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I96d255de231611cfed10eef4335a47b91c2c94de
2024-07-03 15:03:20 +02:00

50 lines
1.3 KiB
C
Raw Blame History

/*
* Copyright (c) 2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef DICE_PROT_ENV_H
#define DICE_PROT_ENV_H
#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>
#include <drivers/measured_boot/metadata.h>
#define DPE_INVALID_ID UINT32_MAX
struct dpe_metadata {
unsigned int id;
uint32_t cert_id;
uint8_t signer_id[SIGNER_ID_MAX_SIZE];
size_t signer_id_size;
uint8_t version[VERSION_MAX_SIZE];
size_t version_size;
uint8_t sw_type[SW_TYPE_MAX_SIZE];
size_t sw_type_size;
bool allow_new_context_to_derive;
bool retain_parent_context;
bool create_certificate;
int target_locality;
void *pk_oid;
};
void dpe_init(struct dpe_metadata *metadata);
/* Returns 0 in case of success otherwise -1. */
int dpe_measure_and_record(struct dpe_metadata *metadata,
uintptr_t data_base, uint32_t data_size,
uint32_t data_id);
int dpe_set_signer_id(struct dpe_metadata *metadata,
const void *pk_oid, const void *pk_ptr, size_t pk_len);
/* Child components inherit their first valid context handle from their parents.
* How to share context handle is platform specific.
*/
void plat_dpe_share_context_handle(int *ctx_handle, int *parent_ctx_handle);
void plat_dpe_get_context_handle(int *ctx_handle);
#endif /* DICE_PROT_ENV_H */
Reference in a new issue View git blame Copy permalink