feat(auth): allow to verify PublicKey with platform format PK
In some platform the digest of the public key saved in the OTP is not
the digest of the exact same public key buffer needed to check the
signature. Typically, platform checks signature using the DER ROTPK
whereas some others add some related information. Add a new platform
weak function to transform the public key buffer used by
verify_signature to a platform specific public key.
Mark this new weak function as deprecated as it will be replaced
by another framework implementation.
Change-Id: I71017b41e3eca9398cededf317ad97e9b511be5f
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
diff --git a/docs/about/release-information.rst b/docs/about/release-information.rst
index c0875b6..6c05aec 100644
--- a/docs/about/release-information.rst
+++ b/docs/about/release-information.rst
@@ -67,6 +67,11 @@
+================================+=============+=========+=========================================================+
| STM32MP_USE_STM32IMAGE macro | Dec '21 | 2.7 | FIP is the recommended boot method for STM32MP |
+--------------------------------+-------------+---------+---------------------------------------------------------+
+| plat_convert_pk() function | Nov'22 | Next | Platform conversion to manage specific PK hash |
+| | | release | |
+| | | after | |
+| | | 2.8 | |
++--------------------------------+-------------+---------+---------------------------------------------------------+
--------------
diff --git a/docs/getting_started/porting-guide.rst b/docs/getting_started/porting-guide.rst
index 9019e83..7f38054 100644
--- a/docs/getting_started/porting-guide.rst
+++ b/docs/getting_started/porting-guide.rst
@@ -809,6 +809,34 @@
either could not be updated or the authentication image descriptor indicates
that it is not allowed to be updated.
+Function: plat_convert_pk()
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+::
+
+ Argument : void *, unsigned int, void **, unsigned int *
+ Return : int
+
+This function is optional when Trusted Board Boot is enabled, and only
+used if the platform saves a hash of the ROTPK.
+First argument is the Distinguished Encoding Rules (DER) ROTPK.
+Second argument is its size.
+Third argument is used to return a pointer to a buffer, which hash should
+be the one saved in OTP.
+Fourth argument is a pointer to return its size.
+
+Most platforms save the hash of the ROTPK, but some may save slightly different
+information - e.g the hash of the ROTPK plus some related information.
+Defining this function allows to transform the ROTPK used to verify
+the signature to the buffer (a platform specific public key) which
+hash is saved in OTP.
+
+The default implementation copies the input key and length to the output without
+modification.
+
+The function returns 0 on success. Any other value means the expected
+public key buffer cannot be extracted.
+
Dynamic Root of Trust for Measurement support (in BL31)
-------------------------------------------------------
diff --git a/drivers/auth/auth_mod.c b/drivers/auth/auth_mod.c
index a99a2c7..fa9509a 100644
--- a/drivers/auth/auth_mod.c
+++ b/drivers/auth/auth_mod.c
@@ -31,6 +31,7 @@
} while (0)
#pragma weak plat_set_nv_ctr2
+#pragma weak plat_convert_pk
static int cmp_auth_param_type_desc(const auth_param_type_desc_t *a,
@@ -202,6 +203,10 @@
NOTICE("ROTPK is not deployed on platform. "
"Skipping ROTPK verification.\n");
} else {
+ /* platform may store the hash of a prefixed, suffixed or modified pk */
+ rc = plat_convert_pk(pk_ptr, pk_len, &pk_ptr, &pk_len);
+ return_if_error(rc);
+
/* Ask the crypto-module to verify the key hash */
rc = crypto_mod_verify_hash(pk_ptr, pk_len,
pk_hash_ptr, pk_hash_len);
@@ -301,6 +306,15 @@
return plat_set_nv_ctr(cookie, nv_ctr);
}
+int plat_convert_pk(void *full_pk_ptr, unsigned int full_pk_len,
+ void **hashed_pk_ptr, unsigned int *hashed_pk_len)
+{
+ *hashed_pk_ptr = full_pk_ptr;
+ *hashed_pk_len = full_pk_len;
+
+ return 0;
+}
+
/*
* Return the parent id in the output parameter '*parent_id'
*
diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h
index c7b7908..8407bbd 100644
--- a/include/plat/common/platform.h
+++ b/include/plat/common/platform.h
@@ -344,6 +344,8 @@
int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr);
int plat_set_nv_ctr2(void *cookie, const struct auth_img_desc_s *img_desc,
unsigned int nv_ctr);
+int plat_convert_pk(void *full_pk_ptr, unsigned int full_pk_len,
+ void **hashed_pk_ptr, unsigned int *hash_pk_len);
int get_mbedtls_heap_helper(void **heap_addr, size_t *heap_size);
int plat_get_enc_key_info(enum fw_enc_status_t fw_enc_status, uint8_t *key,
size_t *key_len, unsigned int *flags,