refactor(measured_boot): remove passing of BL2 hash via device tree
Subsequent patches will provide a solution to do the BL2 hash measurement
and recording in BL1 itself, hence in preparation to adopt that solution
remove the logic of passing BL2 hash measurement to BL2 component
via TB_FW config.
Change-Id: Iff9b3d4c6a236a33b942898fcdf799cbab89b724
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
diff --git a/include/lib/fconf/fconf_tbbr_getter.h b/include/lib/fconf/fconf_tbbr_getter.h
index 6066af6..db98b68 100644
--- a/include/lib/fconf/fconf_tbbr_getter.h
+++ b/include/lib/fconf/fconf_tbbr_getter.h
@@ -23,9 +23,6 @@
uint32_t disable_auth;
void *mbedtls_heap_addr;
size_t mbedtls_heap_size;
-#if MEASURED_BOOT
- uint8_t bl2_hash_data[TCG_DIGEST_SIZE];
-#endif
};
extern struct tbbr_dyn_config_t tbbr_dyn_config;
diff --git a/include/plat/arm/common/arm_dyn_cfg_helpers.h b/include/plat/arm/common/arm_dyn_cfg_helpers.h
index 34bf07c..ff00fe7 100644
--- a/include/plat/arm/common/arm_dyn_cfg_helpers.h
+++ b/include/plat/arm/common/arm_dyn_cfg_helpers.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -14,8 +14,4 @@
int arm_set_dtb_mbedtls_heap_info(void *dtb, void *heap_addr,
size_t heap_size);
-#if MEASURED_BOOT
-int arm_set_bl2_hash_info(void *dtb, void *data);
-#endif
-
#endif /* ARM_DYN_CFG_HELPERS_H */
diff --git a/include/plat/arm/common/plat_arm.h b/include/plat/arm/common/plat_arm.h
index 1500ed3..57e6953 100644
--- a/include/plat/arm/common/plat_arm.h
+++ b/include/plat/arm/common/plat_arm.h
@@ -250,9 +250,6 @@
int arm_get_mbedtls_heap(void **heap_addr, size_t *heap_size);
#if MEASURED_BOOT
-/* Measured boot related functions */
-void arm_bl1_set_bl2_hash(const image_desc_t *image_desc);
-void arm_bl2_get_hash(void *data);
int arm_set_tos_fw_info(uintptr_t config_base, uintptr_t log_addr,
size_t log_size);
int arm_set_nt_fw_info(uintptr_t config_base,
diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h
index bbf8ee80..c7c4dcb 100644
--- a/include/plat/common/platform.h
+++ b/include/plat/common/platform.h
@@ -181,14 +181,6 @@
int bl1_plat_handle_pre_image_load(unsigned int image_id);
int bl1_plat_handle_post_image_load(unsigned int image_id);
-#if MEASURED_BOOT
-/*
- * Calculates and writes BL2 hash data to the platform's defined location.
- * For ARM platforms the data are written to TB_FW_CONFIG DTB.
- */
-void bl1_plat_set_bl2_hash(const image_desc_t *image_desc);
-#endif
-
/*******************************************************************************
* Mandatory BL2 functions
******************************************************************************/
@@ -208,9 +200,6 @@
* Optional BL2 functions (may be overridden)
******************************************************************************/
#if MEASURED_BOOT
-/* Read TCG_DIGEST_SIZE bytes of BL2 hash data */
-void bl2_plat_get_hash(void *data);
-
void bl2_plat_mboot_init(void);
void bl2_plat_mboot_finish(void);
int plat_mboot_measure_image(unsigned int image_id);
diff --git a/lib/fconf/fconf_tbbr_getter.c b/lib/fconf/fconf_tbbr_getter.c
index 9a20ced..6f043e6 100644
--- a/lib/fconf/fconf_tbbr_getter.c
+++ b/lib/fconf/fconf_tbbr_getter.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2020, ARM Limited. All rights reserved.
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -71,26 +71,13 @@
}
tbbr_dyn_config.mbedtls_heap_size = val32;
-#if MEASURED_BOOT
- /* Retrieve BL2 hash data details from the DTB */
- err = fdtw_read_bytes(dtb, node, "bl2_hash_data", TCG_DIGEST_SIZE,
- &tbbr_dyn_config.bl2_hash_data);
- if (err < 0) {
- ERROR("FCONF: Read %s failed for '%s'\n",
- "bytes", "bl2_hash_data");
- return err;
- }
-#endif
VERBOSE("%s%s%s %d\n", "FCONF: `tbbr.", "disable_auth",
"` cell found with value =", tbbr_dyn_config.disable_auth);
VERBOSE("%s%s%s %p\n", "FCONF: `tbbr.", "mbedtls_heap_addr",
"` cell found with value =", tbbr_dyn_config.mbedtls_heap_addr);
VERBOSE("%s%s%s %zu\n", "FCONF: `tbbr.", "mbedtls_heap_size",
"` cell found with value =", tbbr_dyn_config.mbedtls_heap_size);
-#if MEASURED_BOOT
- VERBOSE("%s%s%s %p\n", "FCONF: `tbbr.", "bl2_hash_data",
- "` array found at address =", tbbr_dyn_config.bl2_hash_data);
-#endif
+
return 0;
}
diff --git a/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts b/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts
index 08d3c32..9e5b59a 100644
--- a/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts
+++ b/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts
@@ -26,19 +26,6 @@
*/
mbedtls_heap_addr = <0x0 0x0>;
mbedtls_heap_size = <0x0>;
-
-#if MEASURED_BOOT
- /* BL2 image hash calculated by BL1 */
- bl2_hash_data = [
- 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-#if BL2_HASH_SIZE > 32
- 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-#if BL2_HASH_SIZE > 48
- 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-#endif /* > 48 */
-#endif /* > 32 */
- 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00];
-#endif /* MEASURED_BOOT */
};
/*
diff --git a/plat/arm/board/fvp/fvp_bl1_setup.c b/plat/arm/board/fvp/fvp_bl1_setup.c
index 06ee037..59fc0f3 100644
--- a/plat/arm/board/fvp/fvp_bl1_setup.c
+++ b/plat/arm/board/fvp/fvp_bl1_setup.c
@@ -76,63 +76,6 @@
wfi();
}
-#if MEASURED_BOOT
-/*
- * Calculates and writes BL2 hash data to TB_FW_CONFIG DTB.
- */
-void bl1_plat_set_bl2_hash(const image_desc_t *image_desc)
-{
- arm_bl1_set_bl2_hash(image_desc);
-}
-
-/*
- * Implementation for bl1_plat_handle_post_image_load(). This function
- * populates the default arguments to BL2. The BL2 memory layout structure
- * is allocated and the calculated layout is populated in arg1 to BL2.
- */
-int bl1_plat_handle_post_image_load(unsigned int image_id)
-{
- meminfo_t *bl2_tzram_layout;
- meminfo_t *bl1_tzram_layout;
- image_desc_t *image_desc;
- entry_point_info_t *ep_info;
-
- if (image_id != BL2_IMAGE_ID) {
- return 0;
- }
-
- /* Get the image descriptor */
- image_desc = bl1_plat_get_image_desc(BL2_IMAGE_ID);
- assert(image_desc != NULL);
-
- /* Calculate BL2 hash and set it in TB_FW_CONFIG */
- bl1_plat_set_bl2_hash(image_desc);
-
- /* Get the entry point info */
- ep_info = &image_desc->ep_info;
-
- /* Find out how much free trusted ram remains after BL1 load */
- bl1_tzram_layout = bl1_plat_sec_mem_layout();
-
- /*
- * Create a new layout of memory for BL2 as seen by BL1 i.e.
- * tell it the amount of total and free memory available.
- * This layout is created at the first free address visible
- * to BL2. BL2 will read the memory layout before using its
- * memory for other purposes.
- */
- bl2_tzram_layout = (meminfo_t *)bl1_tzram_layout->total_base;
-
- bl1_calc_bl2_mem_layout(bl1_tzram_layout, bl2_tzram_layout);
-
- ep_info->args.arg1 = (uintptr_t)bl2_tzram_layout;
-
- VERBOSE("BL1: BL2 memory layout address = %p\n",
- (void *)bl2_tzram_layout);
- return 0;
-}
-#endif /* MEASURED_BOOT */
-
/*******************************************************************************
* The following function checks if Firmware update is needed by checking error
* reported in NV flag.
diff --git a/plat/arm/board/fvp/fvp_measured_boot.c b/plat/arm/board/fvp/fvp_measured_boot.c
index 24885f5..f0de752 100644
--- a/plat/arm/board/fvp/fvp_measured_boot.c
+++ b/plat/arm/board/fvp/fvp_measured_boot.c
@@ -45,16 +45,7 @@
void bl2_plat_mboot_init(void)
{
- uint8_t bl2_hash[TCG_DIGEST_SIZE];
-
event_log_init();
-
- /* Get BL2 hash from DTB */
- /* TODO: Avoid the extra copy of the hash buffer */
- bl2_plat_get_hash(bl2_hash);
-
- /* Add BL2 event */
- event_log_record(bl2_hash, &fvp_images_data[0]);
}
void bl2_plat_mboot_finish(void)
diff --git a/plat/arm/common/arm_bl2_setup.c b/plat/arm/common/arm_bl2_setup.c
index 2871b1b..08c014d 100644
--- a/plat/arm/common/arm_bl2_setup.c
+++ b/plat/arm/common/arm_bl2_setup.c
@@ -48,9 +48,6 @@
#pragma weak bl2_platform_setup
#pragma weak bl2_plat_arch_setup
#pragma weak bl2_plat_sec_mem_layout
-#if MEASURED_BOOT
-#pragma weak bl2_plat_get_hash
-#endif
#if ENABLE_RME
#define MAP_BL2_TOTAL MAP_REGION_FLAT( \
@@ -323,11 +320,3 @@
{
return arm_bl2_plat_handle_post_image_load(image_id);
}
-
-#if MEASURED_BOOT
-/* Read TCG_DIGEST_SIZE bytes of BL2 hash data */
-void bl2_plat_get_hash(void *data)
-{
- arm_bl2_get_hash(data);
-}
-#endif
diff --git a/plat/arm/common/arm_dyn_cfg.c b/plat/arm/common/arm_dyn_cfg.c
index 30473be..6aae9ae 100644
--- a/plat/arm/common/arm_dyn_cfg.c
+++ b/plat/arm/common/arm_dyn_cfg.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -15,10 +15,6 @@
#include <common/tbbr/tbbr_img_def.h>
#if TRUSTED_BOARD_BOOT
#include <drivers/auth/mbedtls/mbedtls_config.h>
-#if MEASURED_BOOT
-#include <drivers/auth/crypto_mod.h>
-#include <mbedtls/md.h>
-#endif
#endif
#include <lib/fconf/fconf.h>
#include <lib/fconf/fconf_dyn_cfg_getter.h>
@@ -115,82 +111,13 @@
* images. It's critical because BL2 won't be able to proceed
* without the heap info.
*
- * In MEASURED_BOOT case flushing is done in
- * arm_bl1_set_bl2_hash() function which is called after heap
- * information is written in the DTB.
+ * In MEASURED_BOOT case flushing is done in a function which
+ * is called after heap information is written in the DTB.
*/
flush_dcache_range(tb_fw_cfg_dtb, fdt_totalsize(dtb));
#endif /* !MEASURED_BOOT */
}
-}
-
-#if MEASURED_BOOT
-/*
- * Calculates and writes BL2 hash data to TB_FW_CONFIG DTB.
- * Executed only from BL1.
- */
-void arm_bl1_set_bl2_hash(const image_desc_t *image_desc)
-{
- unsigned char hash_data[MBEDTLS_MD_MAX_SIZE];
- const image_info_t image_info = image_desc->image_info;
- uintptr_t tb_fw_cfg_dtb;
- int err;
- const struct dyn_cfg_dtb_info_t *tb_fw_config_info;
-
- tb_fw_config_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, TB_FW_CONFIG_ID);
- assert(tb_fw_config_info != NULL);
-
- tb_fw_cfg_dtb = tb_fw_config_info->config_addr;
-
- /*
- * If tb_fw_cfg_dtb==NULL then DTB is not present for the current
- * platform. As such, we cannot write to the DTB at all and pass
- * measured data.
- */
- if (tb_fw_cfg_dtb == 0UL) {
- panic();
- }
-
- /* Calculate hash */
- err = crypto_mod_calc_hash(MBEDTLS_MD_ID,
- (void *)image_info.image_base,
- image_info.image_size, hash_data);
- if (err != 0) {
- ERROR("%scalculate%s\n", "BL1: unable to ",
- " BL2 hash");
- panic();
- }
-
- err = arm_set_bl2_hash_info((void *)tb_fw_cfg_dtb, hash_data);
- if (err < 0) {
- ERROR("%swrite%sdata%s\n", "BL1: unable to ",
- " BL2 hash ", "to DTB\n");
- panic();
- }
-
- /*
- * Ensure that the info written to the DTB is visible to other
- * images. It's critical because BL2 won't be able to proceed
- * without the heap info and its hash data.
- */
- flush_dcache_range(tb_fw_cfg_dtb, fdt_totalsize((void *)tb_fw_cfg_dtb));
-}
-
-/*
- * Reads TCG_DIGEST_SIZE bytes of BL2 hash data from the DTB.
- * Executed only from BL2.
- */
-void arm_bl2_get_hash(void *data)
-{
- const void *bl2_hash;
-
- assert(data != NULL);
-
- /* Retrieve TCG_DIGEST_SIZE bytes of BL2 hash data from the DTB */
- bl2_hash = FCONF_GET_PROPERTY(tbbr, dyn_config, bl2_hash_data);
- (void)memcpy(data, bl2_hash, TCG_DIGEST_SIZE);
}
-#endif /* MEASURED_BOOT */
#endif /* TRUSTED_BOARD_BOOT */
/*
diff --git a/plat/arm/common/arm_dyn_cfg_helpers.c b/plat/arm/common/arm_dyn_cfg_helpers.c
index 5f20c8d..8ebb6d6 100644
--- a/plat/arm/common/arm_dyn_cfg_helpers.c
+++ b/plat/arm/common/arm_dyn_cfg_helpers.c
@@ -20,18 +20,15 @@
#define DTB_PROP_MBEDTLS_HEAP_SIZE "mbedtls_heap_size"
#if MEASURED_BOOT
-#define DTB_PROP_BL2_HASH_DATA "bl2_hash_data"
#ifdef SPD_opteed
/*
* Currently OP-TEE does not support reading DTBs from Secure memory
* and this property should be removed when this feature is supported.
*/
#define DTB_PROP_HW_SM_LOG_ADDR "tpm_event_log_sm_addr"
-#endif
+#endif /* SPD_opteed */
#define DTB_PROP_HW_LOG_ADDR "tpm_event_log_addr"
#define DTB_PROP_HW_LOG_SIZE "tpm_event_log_size"
-
-static int dtb_root = -1;
#endif /* MEASURED_BOOT */
/*******************************************************************************
@@ -81,9 +78,8 @@
*/
int arm_set_dtb_mbedtls_heap_info(void *dtb, void *heap_addr, size_t heap_size)
{
-#if !MEASURED_BOOT
int dtb_root;
-#endif
+
/*
* Verify that the DTB is valid, before attempting to write to it,
* and get the DTB root node.
@@ -123,28 +119,6 @@
#if MEASURED_BOOT
/*
- * This function writes the BL2 hash data in HW_FW_CONFIG DTB.
- * When it is called, it is guaranteed that a DTB is available.
- *
- * This function is supposed to be called only by BL1.
- *
- * Returns:
- * 0 = success
- * < 0 = error
- */
-int arm_set_bl2_hash_info(void *dtb, void *data)
-{
- assert(dtb_root >= 0);
-
- /*
- * Write the BL2 hash data in the DTB.
- */
- return fdtw_write_inplace_bytes(dtb, dtb_root,
- DTB_PROP_BL2_HASH_DATA,
- TCG_DIGEST_SIZE, data);
-}
-
-/*
* Write the Event Log address and its size in the DTB.
*
* This function is supposed to be called only by BL2.
diff --git a/plat/common/plat_bl1_common.c b/plat/common/plat_bl1_common.c
index 1c6d68b..bcf9f89 100644
--- a/plat/common/plat_bl1_common.c
+++ b/plat/common/plat_bl1_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2021, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -27,9 +27,6 @@
#pragma weak bl1_plat_fwu_done
#pragma weak bl1_plat_handle_pre_image_load
#pragma weak bl1_plat_handle_post_image_load
-#if MEASURED_BOOT
-#pragma weak bl1_plat_set_bl2_hash
-#endif
unsigned int bl1_plat_get_next_image_id(void)
{
@@ -118,12 +115,3 @@
(void *) bl2_secram_layout);
return 0;
}
-
-#if MEASURED_BOOT
-/*
- * Calculates and writes BL2 hash data to TB_FW_CONFIG DTB.
- */
-void bl1_plat_set_bl2_hash(const image_desc_t *image_desc)
-{
-}
-#endif