Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
adam.huang
Arm Trusted Firmware
Commits
8d8d9cf2
Commit
8d8d9cf2
authored
Mar 26, 2020
by
Mark Dykes
Committed by
TrustedFirmware Code Review
Mar 26, 2020
Browse files
Merge "FVP: Add BL2 hash calculation in BL1" into integration
parents
4e1ca009
0ab49645
Changes
8
Show whitespace changes
Inline
Side-by-side
Makefile
View file @
8d8d9cf2
...
@@ -367,6 +367,10 @@ DTC_FLAGS += -I dts -O dtb
...
@@ -367,6 +367,10 @@ DTC_FLAGS += -I dts -O dtb
DTC_CPPFLAGS
+=
-P
-nostdinc
-Iinclude
-Ifdts
-undef
\
DTC_CPPFLAGS
+=
-P
-nostdinc
-Iinclude
-Ifdts
-undef
\
-x
assembler-with-cpp
$(DEFINES)
-x
assembler-with-cpp
$(DEFINES)
ifeq
($(MEASURED_BOOT),1)
DTC_CPPFLAGS
+=
-DMEASURED_BOOT
-DBL2_HASH_SIZE
=
${TCG_DIGEST_SIZE}
endif
################################################################################
################################################################################
# Common sources and include directories
# Common sources and include directories
################################################################################
################################################################################
...
...
drivers/auth/mbedtls/mbedtls_common.mk
View file @
8d8d9cf2
#
#
# Copyright (c) 2015-20
19
, ARM Limited and Contributors. All rights reserved.
# Copyright (c) 2015-20
20
, ARM Limited and Contributors. All rights reserved.
#
#
# SPDX-License-Identifier: BSD-3-Clause
# SPDX-License-Identifier: BSD-3-Clause
#
#
...
@@ -75,10 +75,19 @@ endif
...
@@ -75,10 +75,19 @@ endif
ifeq
(${HASH_ALG}, sha384)
ifeq
(${HASH_ALG}, sha384)
TF_MBEDTLS_HASH_ALG_ID
:=
TF_MBEDTLS_SHA384
TF_MBEDTLS_HASH_ALG_ID
:=
TF_MBEDTLS_SHA384
MBEDTLS_MD_ID
:=
MBEDTLS_MD_SHA384
TPM_ALG_ID
:=
TPM_ALG_SHA384
TCG_DIGEST_SIZE
:=
48
else
ifeq
(${HASH_ALG}, sha512)
else
ifeq
(${HASH_ALG}, sha512)
TF_MBEDTLS_HASH_ALG_ID
:=
TF_MBEDTLS_SHA512
TF_MBEDTLS_HASH_ALG_ID
:=
TF_MBEDTLS_SHA512
MBEDTLS_MD_ID
:=
MBEDTLS_MD_SHA512
TPM_ALG_ID
:=
TPM_ALG_SHA512
TCG_DIGEST_SIZE
:=
64
else
else
TF_MBEDTLS_HASH_ALG_ID
:=
TF_MBEDTLS_SHA256
TF_MBEDTLS_HASH_ALG_ID
:=
TF_MBEDTLS_SHA256
MBEDTLS_MD_ID
:=
MBEDTLS_MD_SHA256
TPM_ALG_ID
:=
TPM_ALG_SHA256
TCG_DIGEST_SIZE
:=
32
endif
endif
ifeq
(${TF_MBEDTLS_KEY_ALG},ecdsa)
ifeq
(${TF_MBEDTLS_KEY_ALG},ecdsa)
...
@@ -103,6 +112,11 @@ $(eval $(call add_define,TF_MBEDTLS_KEY_SIZE))
...
@@ -103,6 +112,11 @@ $(eval $(call add_define,TF_MBEDTLS_KEY_SIZE))
$(eval
$(call
add_define,TF_MBEDTLS_HASH_ALG_ID))
$(eval
$(call
add_define,TF_MBEDTLS_HASH_ALG_ID))
$(eval
$(call
add_define,TF_MBEDTLS_USE_AES_GCM))
$(eval
$(call
add_define,TF_MBEDTLS_USE_AES_GCM))
# Set definitions for measured boot driver
$(eval
$(call
add_define,MBEDTLS_MD_ID))
$(eval
$(call
add_define,TPM_ALG_ID))
$(eval
$(call
add_define,TCG_DIGEST_SIZE))
$(eval
$(call
MAKE_LIB,mbedtls))
$(eval
$(call
MAKE_LIB,mbedtls))
endif
endif
include/plat/arm/common/arm_dyn_cfg_helpers.h
View file @
8d8d9cf2
...
@@ -14,4 +14,8 @@ int arm_dyn_tb_fw_cfg_init(void *dtb, int *node);
...
@@ -14,4 +14,8 @@ int arm_dyn_tb_fw_cfg_init(void *dtb, int *node);
int
arm_set_dtb_mbedtls_heap_info
(
void
*
dtb
,
void
*
heap_addr
,
int
arm_set_dtb_mbedtls_heap_info
(
void
*
dtb
,
void
*
heap_addr
,
size_t
heap_size
);
size_t
heap_size
);
#if MEASURED_BOOT
int
arm_set_bl2_hash_info
(
void
*
dtb
,
void
*
data
);
#endif
#endif
/* ARM_DYN_CFG_HELPERS_H */
#endif
/* ARM_DYN_CFG_HELPERS_H */
include/plat/arm/common/plat_arm.h
View file @
8d8d9cf2
...
@@ -238,6 +238,11 @@ void arm_bl2_dyn_cfg_init(void);
...
@@ -238,6 +238,11 @@ void arm_bl2_dyn_cfg_init(void);
void
arm_bl1_set_mbedtls_heap
(
void
);
void
arm_bl1_set_mbedtls_heap
(
void
);
int
arm_get_mbedtls_heap
(
void
**
heap_addr
,
size_t
*
heap_size
);
int
arm_get_mbedtls_heap
(
void
**
heap_addr
,
size_t
*
heap_size
);
#if MEASURED_BOOT
/* Measured boot related functions */
void
arm_bl1_set_bl2_hash
(
image_desc_t
*
image_desc
);
#endif
/*
/*
* Free the memory storing initialization code only used during an images boot
* Free the memory storing initialization code only used during an images boot
* time so it can be reclaimed for runtime data
* time so it can be reclaimed for runtime data
...
...
plat/arm/board/fvp/fdts/fvp_fw_config.dts
View file @
8d8d9cf2
...
@@ -67,6 +67,19 @@
...
@@ -67,6 +67,19 @@
*/
*/
mbedtls_heap_addr = <0x0 0x0>;
mbedtls_heap_addr = <0x0 0x0>;
mbedtls_heap_size = <0x0>;
mbedtls_heap_size = <0x0>;
#if MEASURED_BOOT
/* BL2 image hash calculated by BL1 */
bl2_hash_data = [
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#if BL2_HASH_SIZE > 32
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#if BL2_HASH_SIZE > 48
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#endif /* > 48 */
#endif /* > 32 */
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00];
#endif /* MEASURED_BOOT */
};
};
/*
/*
...
...
plat/arm/board/fvp/fvp_bl1_setup.c
View file @
8d8d9cf2
/*
/*
* Copyright (c) 2013-20
19
, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2013-20
20
, ARM Limited and Contributors. All rights reserved.
*
*
* SPDX-License-Identifier: BSD-3-Clause
* SPDX-License-Identifier: BSD-3-Clause
*/
*/
#include <assert.h>
#include <bl1/bl1.h>
#include <common/tbbr/tbbr_img_def.h>
#include <common/tbbr/tbbr_img_def.h>
#include <drivers/arm/smmu_v3.h>
#include <drivers/arm/smmu_v3.h>
#include <drivers/arm/sp805.h>
#include <drivers/arm/sp805.h>
...
@@ -64,3 +67,52 @@ __dead2 void bl1_plat_fwu_done(void *client_cookie, void *reserved)
...
@@ -64,3 +67,52 @@ __dead2 void bl1_plat_fwu_done(void *client_cookie, void *reserved)
while
(
1
)
while
(
1
)
wfi
();
wfi
();
}
}
#if MEASURED_BOOT
/*
* Implementation for bl1_plat_handle_post_image_load(). This function
* populates the default arguments to BL2. The BL2 memory layout structure
* is allocated and the calculated layout is populated in arg1 to BL2.
*/
int
bl1_plat_handle_post_image_load
(
unsigned
int
image_id
)
{
meminfo_t
*
bl2_tzram_layout
;
meminfo_t
*
bl1_tzram_layout
;
image_desc_t
*
image_desc
;
entry_point_info_t
*
ep_info
;
if
(
image_id
!=
BL2_IMAGE_ID
)
{
return
0
;
}
/* Get the image descriptor */
image_desc
=
bl1_plat_get_image_desc
(
BL2_IMAGE_ID
);
assert
(
image_desc
!=
NULL
);
/* Calculate BL2 hash and set it in TB_FW_CONFIG */
arm_bl1_set_bl2_hash
(
image_desc
);
/* Get the entry point info */
ep_info
=
&
image_desc
->
ep_info
;
/* Find out how much free trusted ram remains after BL1 load */
bl1_tzram_layout
=
bl1_plat_sec_mem_layout
();
/*
* Create a new layout of memory for BL2 as seen by BL1 i.e.
* tell it the amount of total and free memory available.
* This layout is created at the first free address visible
* to BL2. BL2 will read the memory layout before using its
* memory for other purposes.
*/
bl2_tzram_layout
=
(
meminfo_t
*
)
bl1_tzram_layout
->
total_base
;
bl1_calc_bl2_mem_layout
(
bl1_tzram_layout
,
bl2_tzram_layout
);
ep_info
->
args
.
arg1
=
(
uintptr_t
)
bl2_tzram_layout
;
VERBOSE
(
"BL1: BL2 memory layout address = %p
\n
"
,
(
void
*
)
bl2_tzram_layout
);
return
0
;
}
#endif
/* MEASURED_BOOT */
plat/arm/common/arm_dyn_cfg.c
View file @
8d8d9cf2
...
@@ -15,6 +15,10 @@
...
@@ -15,6 +15,10 @@
#include <common/tbbr/tbbr_img_def.h>
#include <common/tbbr/tbbr_img_def.h>
#if TRUSTED_BOARD_BOOT
#if TRUSTED_BOARD_BOOT
#include <drivers/auth/mbedtls/mbedtls_config.h>
#include <drivers/auth/mbedtls/mbedtls_config.h>
#if MEASURED_BOOT
#include <drivers/auth/crypto_mod.h>
#include <mbedtls/md.h>
#endif
#endif
#endif
#include <lib/fconf/fconf.h>
#include <lib/fconf/fconf.h>
#include <lib/fconf/fconf_dyn_cfg_getter.h>
#include <lib/fconf/fconf_dyn_cfg_getter.h>
...
@@ -87,7 +91,7 @@ void arm_bl1_set_mbedtls_heap(void)
...
@@ -87,7 +91,7 @@ void arm_bl1_set_mbedtls_heap(void)
* the default heap's address and size.
* the default heap's address and size.
*/
*/
/* fconf FW_CONFIG and TB_FW_CONFIG are currently the same DTB*/
/* fconf FW_CONFIG and TB_FW_CONFIG are currently the same DTB
*/
tb_fw_cfg_dtb
=
FCONF_GET_PROPERTY
(
fconf
,
dtb
,
base_addr
);
tb_fw_cfg_dtb
=
FCONF_GET_PROPERTY
(
fconf
,
dtb
,
base_addr
);
if
((
tb_fw_cfg_dtb
!=
0UL
)
&&
(
mbedtls_heap_addr
!=
NULL
))
{
if
((
tb_fw_cfg_dtb
!=
0UL
)
&&
(
mbedtls_heap_addr
!=
NULL
))
{
...
@@ -100,15 +104,68 @@ void arm_bl1_set_mbedtls_heap(void)
...
@@ -100,15 +104,68 @@ void arm_bl1_set_mbedtls_heap(void)
ERROR
(
"BL1: unable to write shared Mbed TLS heap information to DTB
\n
"
);
ERROR
(
"BL1: unable to write shared Mbed TLS heap information to DTB
\n
"
);
panic
();
panic
();
}
}
#if !MEASURED_BOOT
/*
/*
* Ensure that the info written to the DTB is visible to other
* Ensure that the info written to the DTB is visible to other
* images. It's critical because BL2 won't be able to proceed
* images. It's critical because BL2 won't be able to proceed
* without the heap info.
* without the heap info.
*
* In MEASURED_BOOT case flushing is done in
* arm_bl1_set_bl2_hash() function which is called after heap
* information is written in the DTB.
*/
*/
flush_dcache_range
(
tb_fw_cfg_dtb
,
fdt_totalsize
(
dtb
));
flush_dcache_range
(
tb_fw_cfg_dtb
,
fdt_totalsize
(
dtb
));
#endif
/* !MEASURED_BOOT */
}
}
}
}
#if MEASURED_BOOT
/*
* Puts the BL2 hash data to TB_FW_CONFIG DTB.
* Executed only from BL1.
*/
void
arm_bl1_set_bl2_hash
(
image_desc_t
*
image_desc
)
{
unsigned
char
hash_data
[
MBEDTLS_MD_MAX_SIZE
];
image_info_t
image_info
=
image_desc
->
image_info
;
uintptr_t
tb_fw_cfg_dtb
;
int
err
;
/* fconf FW_CONFIG and TB_FW_CONFIG are currently the same DTB */
tb_fw_cfg_dtb
=
FCONF_GET_PROPERTY
(
fconf
,
dtb
,
base_addr
);
/*
* If tb_fw_cfg_dtb==NULL then DTB is not present for the current
* platform. As such, we cannot write to the DTB at all and pass
* measured data.
*/
if
(
tb_fw_cfg_dtb
==
0UL
)
{
panic
();
}
/* Calculate hash */
err
=
crypto_mod_calc_hash
(
MBEDTLS_MD_ID
,
(
void
*
)
image_info
.
image_base
,
image_info
.
image_size
,
hash_data
);
if
(
err
!=
0
)
{
ERROR
(
"BL1: unable to calculate BL2 hash
\n
"
);
panic
();
}
err
=
arm_set_bl2_hash_info
((
void
*
)
tb_fw_cfg_dtb
,
hash_data
);
if
(
err
<
0
)
{
ERROR
(
"BL1: unable to write BL2 hash data to DTB
\n
"
);
panic
();
}
/*
* Ensure that the info written to the DTB is visible to other
* images. It's critical because BL2 won't be able to proceed
* without the heap info and its hash data.
*/
flush_dcache_range
(
tb_fw_cfg_dtb
,
fdt_totalsize
((
void
*
)
tb_fw_cfg_dtb
));
}
#endif
/* MEASURED_BOOT */
#endif
/* TRUSTED_BOARD_BOOT */
#endif
/* TRUSTED_BOARD_BOOT */
/*
/*
...
...
plat/arm/common/arm_dyn_cfg_helpers.c
View file @
8d8d9cf2
...
@@ -15,6 +15,12 @@
...
@@ -15,6 +15,12 @@
#define DTB_PROP_MBEDTLS_HEAP_ADDR "mbedtls_heap_addr"
#define DTB_PROP_MBEDTLS_HEAP_ADDR "mbedtls_heap_addr"
#define DTB_PROP_MBEDTLS_HEAP_SIZE "mbedtls_heap_size"
#define DTB_PROP_MBEDTLS_HEAP_SIZE "mbedtls_heap_size"
#if MEASURED_BOOT
#define DTB_PROP_BL2_HASH_DATA "bl2_hash_data"
static
int
dtb_root
=
-
1
;
#endif
/* MEASURED_BOOT */
/*******************************************************************************
/*******************************************************************************
* Validate the tb_fw_config is a valid DTB file and returns the node offset
* Validate the tb_fw_config is a valid DTB file and returns the node offset
* to "arm,tb_fw" property.
* to "arm,tb_fw" property.
...
@@ -57,17 +63,18 @@ int arm_dyn_tb_fw_cfg_init(void *dtb, int *node)
...
@@ -57,17 +63,18 @@ int arm_dyn_tb_fw_cfg_init(void *dtb, int *node)
*
*
* Returns:
* Returns:
* 0 = success
* 0 = success
*
1 = error
*
-
1 = error
*/
*/
int
arm_set_dtb_mbedtls_heap_info
(
void
*
dtb
,
void
*
heap_addr
,
size_t
heap_size
)
int
arm_set_dtb_mbedtls_heap_info
(
void
*
dtb
,
void
*
heap_addr
,
size_t
heap_size
)
{
{
int
err
,
dtb_root
;
#if !MEASURED_BOOT
int
dtb_root
;
#endif
/*
/*
* Verify that the DTB is valid, before attempting to write to it,
* Verify that the DTB is valid, before attempting to write to it,
* and get the DTB root node.
* and get the DTB root node.
*/
*/
err
=
arm_dyn_tb_fw_cfg_init
(
dtb
,
&
dtb_root
);
int
err
=
arm_dyn_tb_fw_cfg_init
(
dtb
,
&
dtb_root
);
if
(
err
<
0
)
{
if
(
err
<
0
)
{
ERROR
(
"Invalid TB_FW_CONFIG loaded. Unable to get root node
\n
"
);
ERROR
(
"Invalid TB_FW_CONFIG loaded. Unable to get root node
\n
"
);
return
-
1
;
return
-
1
;
...
@@ -98,3 +105,26 @@ int arm_set_dtb_mbedtls_heap_info(void *dtb, void *heap_addr, size_t heap_size)
...
@@ -98,3 +105,26 @@ int arm_set_dtb_mbedtls_heap_info(void *dtb, void *heap_addr, size_t heap_size)
return
0
;
return
0
;
}
}
#if MEASURED_BOOT
/*
* This function writes the BL2 hash data in HW_FW_CONFIG DTB.
* When it is called, it is guaranteed that a DTB is available.
*
* This function is supposed to be called only by BL1.
*
* Returns:
* 0 = success
* < 0 = error
*/
int
arm_set_bl2_hash_info
(
void
*
dtb
,
void
*
data
)
{
assert
(
dtb_root
>=
0
);
/*
* Write the BL2 hash data in the DTB.
*/
return
fdtw_write_inplace_bytes
(
dtb
,
dtb_root
,
DTB_PROP_BL2_HASH_DATA
,
TCG_DIGEST_SIZE
,
data
);
}
#endif
/* MEASURED_BOOT */
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment