feat(rdfremont): fetch attestation key and token from RSE
Use the delegated attestation driver to fetch platform attestation token
and Realm attestation key from RSE over the AP-RSE comms interface.
Signed-off-by: Rohit Mathew <Rohit.Mathew@arm.com>
Signed-off-by: Vivek Gautam <vivek.gautam@arm.com>
Change-Id: Id0cfd82ef79598cd8368ba017c145bf34d502e65
diff --git a/plat/arm/board/neoverse_rd/platform/rdfremont/platform.mk b/plat/arm/board/neoverse_rd/platform/rdfremont/platform.mk
index 61eacbb..9a4ca1c 100644
--- a/plat/arm/board/neoverse_rd/platform/rdfremont/platform.mk
+++ b/plat/arm/board/neoverse_rd/platform/rdfremont/platform.mk
@@ -43,11 +43,13 @@
include plat/arm/board/neoverse_rd/common/nrd-common.mk
include drivers/arm/rse/rse_comms.mk
+include drivers/auth/mbedtls/mbedtls_common.mk
RDFREMONT_BASE = plat/arm/board/neoverse_rd/platform/rdfremont
PLAT_INCLUDES += -I${NRD_COMMON_BASE}/include/nrd3/ \
- -I${RDFREMONT_BASE}/include/
+ -I${RDFREMONT_BASE}/include/ \
+ -Iinclude/lib/psa
NRD_CPU_SOURCES := lib/cpus/aarch64/neoverse_v3.S
@@ -72,6 +74,7 @@
endif
BL31_SOURCES += ${NRD_CPU_SOURCES} \
+ ${MBEDTLS_SOURCES} \
${RSE_COMMS_SOURCES} \
${RDFREMONT_BASE}/rdfremont_bl31_setup.c \
${RDFREMONT_BASE}/rdfremont_mhuv3.c \
@@ -80,6 +83,8 @@
${RDFREMONT_BASE}/rdfremont_realm_attest_key.c \
drivers/arm/smmu/smmu_v3.c \
drivers/cfi/v2m/v2m_flash.c \
+ lib/psa/cca_attestation.c \
+ lib/psa/delegated_attestation.c \
lib/utils/mem_region.c \
plat/arm/common/arm_nor_psci_mem_protect.c
ifeq (${NRD_PLATFORM_VARIANT}, 2)
diff --git a/plat/arm/board/neoverse_rd/platform/rdfremont/rdfremont_plat_attest_token.c b/plat/arm/board/neoverse_rd/platform/rdfremont/rdfremont_plat_attest_token.c
index c7c3769..188a09f 100644
--- a/plat/arm/board/neoverse_rd/platform/rdfremont/rdfremont_plat_attest_token.c
+++ b/plat/arm/board/neoverse_rd/platform/rdfremont/rdfremont_plat_attest_token.c
@@ -4,11 +4,23 @@
* SPDX-License-Identifier: BSD-3-Clause
*/
+#include <errno.h>
#include <stdint.h>
-/* Placeholder implementation of the API to retrieve attestation token */
+#include <cca_attestation.h>
+#include <common/debug.h>
+#include <psa/error.h>
+
int plat_rmmd_get_cca_attest_token(uintptr_t buf, size_t *len,
uintptr_t hash, size_t hash_size)
{
+ psa_status_t ret;
+
+ ret = cca_attestation_get_plat_token(buf, len, hash, hash_size);
+ if (ret != PSA_SUCCESS) {
+ ERROR("Unable to fetch CCA attestation token\n");
+ return -1;
+ }
+
return 0;
}
diff --git a/plat/arm/board/neoverse_rd/platform/rdfremont/rdfremont_realm_attest_key.c b/plat/arm/board/neoverse_rd/platform/rdfremont/rdfremont_realm_attest_key.c
index 3853127..224c20b 100644
--- a/plat/arm/board/neoverse_rd/platform/rdfremont/rdfremont_realm_attest_key.c
+++ b/plat/arm/board/neoverse_rd/platform/rdfremont/rdfremont_realm_attest_key.c
@@ -4,11 +4,23 @@
* SPDX-License-Identifier: BSD-3-Clause
*/
+#include <errno.h>
#include <stdint.h>
-/* Placeholder implementation of the API to retrieve attestation key */
+#include <cca_attestation.h>
+#include <common/debug.h>
+#include <psa/error.h>
+
int plat_rmmd_get_cca_realm_attest_key(uintptr_t buf, size_t *len,
unsigned int type)
{
+ psa_status_t ret;
+
+ ret = cca_attestation_get_realm_key(buf, len, type);
+ if (ret != PSA_SUCCESS) {
+ ERROR("Unable to fetch CCA attestation key\n");
+ return -1;
+ }
+
return 0;
}