refactor(measured boot): remove platform calls from Event Log driver
Currently, the Event Log driver does platform layer work by invoking
a few platform functions in the 'event_log_finalise' call. Doing
platform work does not seem to be the driver's responsibility, hence
moved 'event_log_finalise' function's implementation to the platform
layer.
Alongside, introduced few Event Log driver functions and done
some cosmetic changes.
Change-Id: I486160e17e5b0677c734fd202af7ccd85476a551
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
diff --git a/drivers/measured_boot/event_log/event_log.c b/drivers/measured_boot/event_log/event_log.c
index ff771aa..1755dd9 100644
--- a/drivers/measured_boot/event_log/event_log.c
+++ b/drivers/measured_boot/event_log/event_log.c
@@ -17,22 +17,14 @@
#include <plat/common/platform.h>
-/* Event Log data */
-static uint8_t event_log[EVENT_LOG_SIZE];
+/* Running Event Log Pointer */
+static uint8_t *log_ptr;
-/* End of Event Log */
-#define EVENT_LOG_END ((uintptr_t)event_log + sizeof(event_log) - 1U)
+/* Pointer to the first byte past end of the Event Log buffer */
+static uintptr_t log_end;
-CASSERT(sizeof(event_log) >= LOG_MIN_SIZE, assert_event_log_size);
-
-/* Pointer in event_log[] */
-static uint8_t *log_ptr = event_log;
-
-/* Pointer to measured_boot_data_t */
-const static measured_boot_data_t *plat_data_ptr;
-
-static uintptr_t tos_fw_config_base;
-static uintptr_t nt_fw_config_base;
+/* Pointer to event_log_metadata_t */
+static const event_log_metadata_t *plat_metadata_ptr;
/* TCG_EfiSpecIdEvent */
static const id_event_headers_t id_event_header = {
@@ -82,25 +74,28 @@
/*
* Record a measurement as a TCG_PCR_EVENT2 event
*
- * @param[in] hash Pointer to hash data of TCG_DIGEST_SIZE bytes
- * @param[in] image_ptr Pointer to image_data_t structure
+ * @param[in] hash Pointer to hash data of TCG_DIGEST_SIZE bytes
+ * @param[in] metadata_ptr Pointer to event_log_metadata_t structure
*
* There must be room for storing this new event into the event log buffer.
*/
-void event_log_record(const uint8_t *hash, const image_data_t *image_ptr)
+static void event_log_record(const uint8_t *hash,
+ const event_log_metadata_t *metadata_ptr)
{
void *ptr = log_ptr;
uint32_t name_len;
- assert(image_ptr != NULL);
- assert(image_ptr->name != NULL);
assert(hash != NULL);
+ assert(metadata_ptr != NULL);
+ assert(metadata_ptr->name != NULL);
+ /* event_log_init() must have been called prior to this. */
+ assert(log_ptr != NULL);
- name_len = (uint32_t)strlen(image_ptr->name) + 1U;
+ name_len = (uint32_t)strlen(metadata_ptr->name) + 1U;
/* Check for space in Event Log buffer */
- assert(((uintptr_t)ptr + (uint32_t)EVENT2_HDR_SIZE + name_len) <=
- EVENT_LOG_END);
+ assert(((uintptr_t)ptr + (uint32_t)EVENT2_HDR_SIZE + name_len) <
+ log_end);
/*
* As per TCG specifications, firmware components that are measured
@@ -108,7 +103,7 @@
* EV_POST_CODE.
*/
/* TCG_PCR_EVENT2.PCRIndex */
- ((event2_header_t *)ptr)->pcr_index = image_ptr->pcr;
+ ((event2_header_t *)ptr)->pcr_index = metadata_ptr->pcr;
/* TCG_PCR_EVENT2.EventType */
((event2_header_t *)ptr)->event_type = EV_POST_CODE;
@@ -136,7 +131,7 @@
/* Copy event data to TCG_PCR_EVENT2.Event */
(void)memcpy((void *)(((event2_data_t *)ptr)->event),
- (const void *)image_ptr->name, name_len);
+ (const void *)metadata_ptr->name, name_len);
/* End of event data */
log_ptr = (uint8_t *)((uintptr_t)ptr +
@@ -144,18 +139,38 @@
}
/*
- * Init Event Log
+ * Initialise Event Log global variables, used during the recording
+ * of various payload measurements into the Event Log buffer
*
+ * @param[in] event_log_start Base address of Event Log buffer
+ * @param[in] event_log_finish End address of Event Log buffer,
+ * it is a first byte past end of the
+ * buffer
+ */
+void event_log_init(uint8_t *event_log_start, uint8_t *event_log_finish)
+{
+ assert(event_log_start != NULL);
+ assert(event_log_finish > event_log_start);
+
+ log_ptr = event_log_start;
+ log_end = (uintptr_t)event_log_finish;
+
+ /* Get pointer to platform's event_log_metadata_t structure */
+ plat_metadata_ptr = plat_event_log_get_metadata();
+ assert(plat_metadata_ptr != NULL);
+}
+
+/*
* Initialises Event Log by writing Specification ID and
- * Startup Locality events.
+ * Startup Locality events
*/
-void event_log_init(void)
+void event_log_write_header(void)
{
const char locality_signature[] = TCG_STARTUP_LOCALITY_SIGNATURE;
- void *ptr = event_log;
+ void *ptr = log_ptr;
- /* Get pointer to platform's measured_boot_data_t structure */
- plat_data_ptr = plat_get_measured_boot_data();
+ /* event_log_init() must have been called prior to this. */
+ assert(log_ptr != NULL);
/*
* Add Specification ID Event first
@@ -213,9 +228,7 @@
* the platform's boot firmware
*/
((startup_locality_event_t *)ptr)->startup_locality = 0U;
- ptr = (uint8_t *)((uintptr_t)ptr + sizeof(startup_locality_event_t));
-
- log_ptr = (uint8_t *)ptr;
+ log_ptr = (uint8_t *)((uintptr_t)ptr + sizeof(startup_locality_event_t));
}
/*
@@ -232,23 +245,16 @@
int event_log_measure_and_record(uintptr_t data_base, uint32_t data_size,
uint32_t data_id)
{
- const image_data_t *data_ptr = plat_data_ptr->images_data;
unsigned char hash_data[MBEDTLS_MD_MAX_SIZE];
int rc;
+ const event_log_metadata_t *metadata_ptr = plat_metadata_ptr;
/* Get the metadata associated with this image. */
- while ((data_ptr->id != INVALID_ID) && (data_ptr->id != data_id)) {
- data_ptr++;
+ while ((metadata_ptr->id != INVALID_ID) &&
+ (metadata_ptr->id != data_id)) {
+ metadata_ptr++;
}
- assert(data_ptr->id != INVALID_ID);
-
- if (data_id == TOS_FW_CONFIG_ID) {
- tos_fw_config_base = data_base;
- } else if (data_id == NT_FW_CONFIG_ID) {
- nt_fw_config_base = data_base;
- } else {
- /* No action */
- }
+ assert(metadata_ptr->id != INVALID_ID);
/* Calculate hash */
rc = crypto_mod_calc_hash((unsigned int)MBEDTLS_MD_ID,
@@ -257,97 +263,22 @@
return rc;
}
- event_log_record(hash_data, data_ptr);
+ event_log_record(hash_data, metadata_ptr);
return 0;
}
/*
- * Finalise Event Log
+ * Get current Event Log buffer size i.e. used space of Event Log buffer
*
- * @param[out] log_addr Pointer to return Event Log address
- * @param[out] log_size Pointer to return Event Log size
- * @return:
- * 0 = success
- * < 0 = error code
+ * @param[in] event_log_start Base Pointer to Event Log buffer
+ *
+ * @return: current Size of Event Log buffer
*/
-int event_log_finalise(uint8_t **log_addr, size_t *log_size)
+size_t event_log_get_cur_size(uint8_t *event_log_start)
{
- /* Event Log size */
- size_t num_bytes = (uintptr_t)log_ptr - (uintptr_t)event_log;
- int rc;
-
- assert(log_addr != NULL);
- assert(log_size != NULL);
+ assert(event_log_start != NULL);
+ assert(log_ptr >= event_log_start);
- if (nt_fw_config_base == 0UL) {
- ERROR("%s(): %s_FW_CONFIG not loaded\n", __func__, "NT");
- return -ENOENT;
- }
-
- /*
- * Set Event Log data in NT_FW_CONFIG and
- * get Event Log address in Non-Secure memory
- */
- if (plat_data_ptr->set_nt_fw_info != NULL) {
-
- /* Event Log address in Non-Secure memory */
- uintptr_t ns_log_addr;
-
- rc = plat_data_ptr->set_nt_fw_info(
- nt_fw_config_base,
-#ifdef SPD_opteed
- (uintptr_t)event_log,
-#endif
- num_bytes, &ns_log_addr);
- if (rc != 0) {
- ERROR("%s(): Unable to update %s_FW_CONFIG\n",
- __func__, "NT");
- return rc;
- }
-
- /* Copy Event Log to Non-secure memory */
- (void)memcpy((void *)ns_log_addr, (const void *)event_log,
- num_bytes);
-
- /* Ensure that the Event Log is visible in Non-secure memory */
- flush_dcache_range(ns_log_addr, num_bytes);
-
- /* Return Event Log address in Non-Secure memory */
- *log_addr = (uint8_t *)ns_log_addr;
-
- } else {
- INFO("%s(): set_%s_fw_info not set\n", __func__, "nt");
-
- /* Return Event Log address in Secure memory */
- *log_addr = event_log;
- }
-
- if (tos_fw_config_base != 0UL) {
- if (plat_data_ptr->set_tos_fw_info != NULL) {
-
- /* Set Event Log data in TOS_FW_CONFIG */
- rc = plat_data_ptr->set_tos_fw_info(
- tos_fw_config_base,
- (uintptr_t)event_log,
- num_bytes);
- if (rc != 0) {
- ERROR("%s(): Unable to update %s_FW_CONFIG\n",
- __func__, "TOS");
- return rc;
- }
- } else {
- INFO("%s(): set_%s_fw_info not set\n", __func__, "tos");
- }
- } else {
- INFO("%s(): %s_FW_CONFIG not loaded\n", __func__, "TOS");
- }
-
- /* Ensure that the Event Log is visible in Secure memory */
- flush_dcache_range((uintptr_t)event_log, num_bytes);
-
- /* Return Event Log size */
- *log_size = num_bytes;
-
- return 0;
+ return (size_t)((uintptr_t)log_ptr - (uintptr_t)event_log_start);
}
diff --git a/drivers/measured_boot/event_log/event_log.mk b/drivers/measured_boot/event_log/event_log.mk
index 34bde17..e42f9c9 100644
--- a/drivers/measured_boot/event_log/event_log.mk
+++ b/drivers/measured_boot/event_log/event_log.mk
@@ -25,8 +25,6 @@
TCG_DIGEST_SIZE := 32U
endif
-# Event Log length in bytes
-EVENT_LOG_SIZE := 1024
# Set definitions for mbed TLS library and Measured Boot driver
$(eval $(call add_defines,\
@@ -34,7 +32,6 @@
MBEDTLS_MD_ID \
TPM_ALG_ID \
TCG_DIGEST_SIZE \
- EVENT_LOG_SIZE \
EVENT_LOG_LEVEL \
)))
diff --git a/include/drivers/measured_boot/event_log/event_log.h b/include/drivers/measured_boot/event_log/event_log.h
index 96fdc2f..9aa6dc7 100644
--- a/include/drivers/measured_boot/event_log/event_log.h
+++ b/include/drivers/measured_boot/event_log/event_log.h
@@ -10,6 +10,7 @@
#include <stdint.h>
#include <common/debug.h>
+#include <common/tbbr/tbbr_img_def.h>
#include <drivers/measured_boot/event_log/tcg.h>
/*
@@ -59,18 +60,7 @@
unsigned int id;
const char *name;
unsigned int pcr;
-} image_data_t;
-
-typedef struct {
- const image_data_t *images_data;
- int (*set_nt_fw_info)(uintptr_t config_base,
-#ifdef SPD_opteed
- uintptr_t log_addr,
-#endif
- size_t log_size, uintptr_t *ns_log_addr);
- int (*set_tos_fw_info)(uintptr_t config_base, uintptr_t log_addr,
- size_t log_size);
-} measured_boot_data_t;
+} event_log_metadata_t;
#define ID_EVENT_SIZE (sizeof(id_event_headers_t) + \
(sizeof(id_event_algorithm_size_t) * HASH_ALG_COUNT) + \
@@ -88,12 +78,12 @@
sizeof(event2_data_t))
/* Functions' declarations */
-void event_log_init(void);
-int event_log_finalise(uint8_t **log_addr, size_t *log_size);
+void event_log_init(uint8_t *event_log_start, uint8_t *event_log_finish);
+void event_log_write_header(void);
void dump_event_log(uint8_t *log_addr, size_t log_size);
-const measured_boot_data_t *plat_get_measured_boot_data(void);
+const event_log_metadata_t *plat_event_log_get_metadata(void);
int event_log_measure_and_record(uintptr_t data_base, uint32_t data_size,
uint32_t data_id);
-void event_log_record(const uint8_t *hash, const image_data_t *image_ptr);
+size_t event_log_get_cur_size(uint8_t *event_log_start);
#endif /* EVENT_LOG_H */
diff --git a/include/plat/arm/common/plat_arm.h b/include/plat/arm/common/plat_arm.h
index 57e6953..5765226 100644
--- a/include/plat/arm/common/plat_arm.h
+++ b/include/plat/arm/common/plat_arm.h
@@ -250,9 +250,8 @@
int arm_get_mbedtls_heap(void **heap_addr, size_t *heap_size);
#if MEASURED_BOOT
-int arm_set_tos_fw_info(uintptr_t config_base, uintptr_t log_addr,
- size_t log_size);
-int arm_set_nt_fw_info(uintptr_t config_base,
+int arm_set_tos_fw_info(uintptr_t log_addr, size_t log_size);
+int arm_set_nt_fw_info(
/*
* Currently OP-TEE does not support reading DTBs from Secure memory
* and this option should be removed when feature is supported.
diff --git a/plat/arm/board/fvp/fvp_measured_boot.c b/plat/arm/board/fvp/fvp_measured_boot.c
index f0de752..83419b6 100644
--- a/plat/arm/board/fvp/fvp_measured_boot.c
+++ b/plat/arm/board/fvp/fvp_measured_boot.c
@@ -1,21 +1,19 @@
/*
- * Copyright (c) 2020-2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
-#include <assert.h>
#include <stdint.h>
-#include <common/desc_image_load.h>
#include <drivers/measured_boot/event_log/event_log.h>
-
#include <plat/arm/common/plat_arm.h>
-#include <plat/common/platform.h>
+
+/* Event Log data */
+static uint8_t event_log[PLAT_ARM_EVENT_LOG_MAX_SIZE];
/* FVP table with platform specific image IDs, names and PCRs */
-static const image_data_t fvp_images_data[] = {
- { BL2_IMAGE_ID, BL2_STRING, PCR_0 }, /* Reserved for BL2 */
+const event_log_metadata_t fvp_event_log_metadata[] = {
{ BL31_IMAGE_ID, BL31_STRING, PCR_0 },
{ BL32_IMAGE_ID, BL32_STRING, PCR_0 },
{ BL32_EXTRA1_IMAGE_ID, BL32_EXTRA1_IMAGE_STRING, PCR_0 },
@@ -29,42 +27,66 @@
{ INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */
};
-static const measured_boot_data_t fvp_measured_boot_data = {
- fvp_images_data,
- arm_set_nt_fw_info,
- arm_set_tos_fw_info
-};
-
-/*
- * Function retuns pointer to FVP plat_measured_boot_data_t structure
- */
-const measured_boot_data_t *plat_get_measured_boot_data(void)
+const event_log_metadata_t *plat_event_log_get_metadata(void)
{
- return &fvp_measured_boot_data;
+ return fvp_event_log_metadata;
}
void bl2_plat_mboot_init(void)
{
- event_log_init();
+ event_log_init(event_log, event_log + sizeof(event_log));
+ event_log_write_header();
}
void bl2_plat_mboot_finish(void)
{
- uint8_t *log_addr;
- size_t log_size;
int rc;
+ /* Event Log address in Non-Secure memory */
+ uintptr_t ns_log_addr;
+
+ /* Event Log filled size */
+ size_t event_log_cur_size;
+
- rc = event_log_finalise(&log_addr, &log_size);
+ event_log_cur_size = event_log_get_cur_size(event_log);
+
+ rc = arm_set_nt_fw_info(
+#ifdef SPD_opteed
+ (uintptr_t)event_log,
+#endif
+ event_log_cur_size, &ns_log_addr);
if (rc != 0) {
+ ERROR("%s(): Unable to update %s_FW_CONFIG\n",
+ __func__, "NT");
/*
* It is a fatal error because on FVP secure world software
* assumes that a valid event log exists and will use it to
- * record the measurements into the fTPM
+ * record the measurements into the fTPM.
+ * Note: In FVP platform, OP-TEE uses nt_fw_config to get the
+ * secure Event Log buffer address.
*/
panic();
}
+
+ /* Copy Event Log to Non-secure memory */
+ (void)memcpy((void *)ns_log_addr, (const void *)event_log,
+ event_log_cur_size);
+
+ /* Ensure that the Event Log is visible in Non-secure memory */
+ flush_dcache_range(ns_log_addr, event_log_cur_size);
+
+#if defined(SPD_tspd) || defined(SPD_spmd)
+ /* Set Event Log data in TOS_FW_CONFIG */
+ rc = arm_set_tos_fw_info((uintptr_t)event_log,
+ event_log_cur_size);
+ if (rc != 0) {
+ ERROR("%s(): Unable to update %s_FW_CONFIG\n",
+ __func__, "TOS");
+ panic();
+ }
+#endif
- dump_event_log(log_addr, log_size);
+ dump_event_log(event_log, event_log_cur_size);
}
int plat_mboot_measure_image(unsigned int image_id)
diff --git a/plat/arm/board/fvp/include/platform_def.h b/plat/arm/board/fvp/include/platform_def.h
index 96574e5..d89e122 100644
--- a/plat/arm/board/fvp/include/platform_def.h
+++ b/plat/arm/board/fvp/include/platform_def.h
@@ -341,4 +341,9 @@
#define PLAT_VIRT_ADDR_SPACE_SIZE (1ULL << 32)
#endif
+/*
+ * Maximum size of Event Log buffer used in Measured Boot Event Log driver
+ */
+#define PLAT_ARM_EVENT_LOG_MAX_SIZE UL(0x400)
+
#endif /* PLATFORM_DEF_H */
diff --git a/plat/arm/common/arm_dyn_cfg_helpers.c b/plat/arm/common/arm_dyn_cfg_helpers.c
index 8ebb6d6..33f2e49 100644
--- a/plat/arm/common/arm_dyn_cfg_helpers.c
+++ b/plat/arm/common/arm_dyn_cfg_helpers.c
@@ -205,14 +205,20 @@
* 0 = success
* < 0 = error
*/
-int arm_set_tos_fw_info(uintptr_t config_base, uintptr_t log_addr,
- size_t log_size)
+int arm_set_tos_fw_info(uintptr_t log_addr, size_t log_size)
{
+ uintptr_t config_base;
+ const bl_mem_params_node_t *cfg_mem_params;
int err;
- assert(config_base != 0UL);
assert(log_addr != 0UL);
+ /* Get the config load address and size of TOS_FW_CONFIG */
+ cfg_mem_params = get_bl_mem_params_node(TOS_FW_CONFIG_ID);
+ assert(cfg_mem_params != NULL);
+
+ config_base = cfg_mem_params->image_info.image_base;
+
/* Write the Event Log address and its size in the DTB */
err = arm_set_event_log_info(config_base,
#ifdef SPD_opteed
@@ -237,23 +243,25 @@
* 0 = success
* < 0 = error
*/
-int arm_set_nt_fw_info(uintptr_t config_base,
+int arm_set_nt_fw_info(
#ifdef SPD_opteed
uintptr_t log_addr,
#endif
size_t log_size, uintptr_t *ns_log_addr)
{
+ uintptr_t config_base;
uintptr_t ns_addr;
const bl_mem_params_node_t *cfg_mem_params;
int err;
- assert(config_base != 0UL);
assert(ns_log_addr != NULL);
/* Get the config load address and size from NT_FW_CONFIG */
cfg_mem_params = get_bl_mem_params_node(NT_FW_CONFIG_ID);
assert(cfg_mem_params != NULL);
+ config_base = cfg_mem_params->image_info.image_base;
+
/* Calculate Event Log address in Non-secure memory */
ns_addr = cfg_mem_params->image_info.image_base +
cfg_mem_params->image_info.image_max_size;