feat(tc): provide target_locality info of AP FW components
The target_locality attribute is meant to specify that
a certain SW component is expected to run and thereby
send DPE commands from a given security domain. The DPE
service must be capable of determining the locality of
a client on his own. RSE determines the client's locality
based on the MHU channel used for communication.
If the expected locality (specified by the parent component)
is not matching with the determined locality by DPE
service then command fails.
The goal is to protect against spoofing when a
context_handle is stolen and used by a component
that should not have access.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I96d255de231611cfed10eef4335a47b91c2c94de
diff --git a/drivers/measured_boot/rse/dice_prot_env.c b/drivers/measured_boot/rse/dice_prot_env.c
index da98afe..dad30b2 100644
--- a/drivers/measured_boot/rse/dice_prot_env.c
+++ b/drivers/measured_boot/rse/dice_prot_env.c
@@ -115,7 +115,7 @@
metadata->allow_new_context_to_derive,
metadata->create_certificate,
&dice_inputs,
- 0, /* target_locality */
+ metadata->target_locality,
false, /* return_certificate */
true, /* allow_new_context_to_export */
false, /* export_cdi */
diff --git a/include/drivers/measured_boot/rse/dice_prot_env.h b/include/drivers/measured_boot/rse/dice_prot_env.h
index e453198..e5aef51 100644
--- a/include/drivers/measured_boot/rse/dice_prot_env.h
+++ b/include/drivers/measured_boot/rse/dice_prot_env.h
@@ -27,6 +27,7 @@
bool allow_new_context_to_derive;
bool retain_parent_context;
bool create_certificate;
+ int target_locality;
void *pk_oid;
};
diff --git a/plat/arm/board/tc/tc_bl1_dpe.c b/plat/arm/board/tc/tc_bl1_dpe.c
index 3a39c66..de5702a 100644
--- a/plat/arm/board/tc/tc_bl1_dpe.c
+++ b/plat/arm/board/tc/tc_bl1_dpe.c
@@ -29,6 +29,7 @@
.allow_new_context_to_derive = false,
.retain_parent_context = true,
.create_certificate = false,
+ .target_locality = LOCALITY_NONE, /* won't derive don't care */
.pk_oid = ZERO_OID },
{
.id = TB_FW_CONFIG_ID,
@@ -38,6 +39,7 @@
.allow_new_context_to_derive = false,
.retain_parent_context = true,
.create_certificate = false,
+ .target_locality = LOCALITY_NONE, /* won't derive don't care */
.pk_oid = ZERO_OID },
{
.id = BL2_IMAGE_ID,
@@ -46,6 +48,7 @@
.sw_type = MBOOT_BL2_IMAGE_STRING,
.allow_new_context_to_derive = true,
.retain_parent_context = true, /* To handle restart */
+ .target_locality = LOCALITY_AP_S,
.create_certificate = false,
.pk_oid = ZERO_OID },
{
diff --git a/plat/arm/board/tc/tc_bl2_dpe.c b/plat/arm/board/tc/tc_bl2_dpe.c
index 02aca43..c56612b 100644
--- a/plat/arm/board/tc/tc_bl2_dpe.c
+++ b/plat/arm/board/tc/tc_bl2_dpe.c
@@ -39,6 +39,7 @@
.allow_new_context_to_derive = false,
.retain_parent_context = true,
.create_certificate = false,
+ .target_locality = LOCALITY_NONE, /* won't derive don't care */
.pk_oid = BL31_IMAGE_KEY_OID },
{
.id = BL32_IMAGE_ID,
@@ -48,6 +49,7 @@
.allow_new_context_to_derive = false,
.retain_parent_context = true,
.create_certificate = false,
+ .target_locality = LOCALITY_NONE, /* won't derive don't care */
.pk_oid = BL32_IMAGE_KEY_OID },
{
.id = BL33_IMAGE_ID,
@@ -57,6 +59,7 @@
.allow_new_context_to_derive = true,
.retain_parent_context = true,
.create_certificate = false,
+ .target_locality = LOCALITY_AP_NS,
.pk_oid = BL33_IMAGE_KEY_OID },
{
@@ -67,6 +70,7 @@
.allow_new_context_to_derive = false,
.retain_parent_context = true,
.create_certificate = false,
+ .target_locality = LOCALITY_NONE, /* won't derive don't care */
.pk_oid = HW_CONFIG_KEY_OID },
{
.id = NT_FW_CONFIG_ID,
@@ -76,6 +80,7 @@
.allow_new_context_to_derive = false,
.retain_parent_context = true,
.create_certificate = false,
+ .target_locality = LOCALITY_NONE, /* won't derive don't care */
.pk_oid = NT_FW_CONFIG_KEY_OID },
{
.id = SCP_BL2_IMAGE_ID,
@@ -85,6 +90,7 @@
.allow_new_context_to_derive = false,
.retain_parent_context = true,
.create_certificate = false,
+ .target_locality = LOCALITY_NONE, /* won't derive don't care */
.pk_oid = SCP_BL2_IMAGE_KEY_OID },
{
.id = SOC_FW_CONFIG_ID,
@@ -94,6 +100,7 @@
.allow_new_context_to_derive = false,
.retain_parent_context = true,
.create_certificate = false,
+ .target_locality = LOCALITY_NONE, /* won't derive don't care */
.pk_oid = SOC_FW_CONFIG_KEY_OID },
{
.id = TOS_FW_CONFIG_ID,
@@ -103,6 +110,7 @@
.allow_new_context_to_derive = false,
.retain_parent_context = true,
.create_certificate = false,
+ .target_locality = LOCALITY_NONE, /* won't derive don't care */
.pk_oid = TOS_FW_CONFIG_KEY_OID },
#if defined(SPD_spmd)
{
@@ -113,6 +121,7 @@
.allow_new_context_to_derive = false,
.retain_parent_context = true,
.create_certificate = true, /* With Trusty only one SP is loaded */
+ .target_locality = LOCALITY_NONE, /* won't derive don't care */
.pk_oid = NULL },
{
.id = SP_PKG2_ID,
@@ -122,6 +131,7 @@
.allow_new_context_to_derive = false,
.retain_parent_context = true,
.create_certificate = false,
+ .target_locality = LOCALITY_NONE, /* won't derive don't care */
.pk_oid = NULL },
{
.id = SP_PKG3_ID,
@@ -131,6 +141,7 @@
.allow_new_context_to_derive = false,
.retain_parent_context = true,
.create_certificate = false,
+ .target_locality = LOCALITY_NONE, /* won't derive don't care */
.pk_oid = NULL },
{
.id = SP_PKG4_ID,
@@ -140,6 +151,7 @@
.allow_new_context_to_derive = false,
.retain_parent_context = true,
.create_certificate = false,
+ .target_locality = LOCALITY_NONE, /* won't derive don't care */
.pk_oid = NULL },
{
.id = SP_PKG5_ID,
@@ -149,6 +161,7 @@
.allow_new_context_to_derive = false,
.retain_parent_context = true,
.create_certificate = false,
+ .target_locality = LOCALITY_NONE, /* won't derive don't care */
.pk_oid = NULL },
{
.id = SP_PKG6_ID,
@@ -158,6 +171,7 @@
.allow_new_context_to_derive = false,
.retain_parent_context = true,
.create_certificate = false,
+ .target_locality = LOCALITY_NONE, /* won't derive don't care */
.pk_oid = NULL },
{
.id = SP_PKG7_ID,
@@ -167,6 +181,7 @@
.allow_new_context_to_derive = false,
.retain_parent_context = true,
.create_certificate = false,
+ .target_locality = LOCALITY_NONE, /* won't derive don't care */
.pk_oid = NULL },
{
.id = SP_PKG8_ID,
@@ -176,6 +191,7 @@
.allow_new_context_to_derive = false,
.retain_parent_context = true,
.create_certificate = false,
+ .target_locality = LOCALITY_NONE, /* won't derive don't care */
.pk_oid = NULL },
#endif
diff --git a/plat/arm/board/tc/tc_dpe.h b/plat/arm/board/tc/tc_dpe.h
index d5f4f6b..3e1af5a 100644
--- a/plat/arm/board/tc/tc_dpe.h
+++ b/plat/arm/board/tc/tc_dpe.h
@@ -36,4 +36,18 @@
/* Common definition */
#define DPE_CERT_ID_SAME_AS_PARENT 0xFFFFFFFF
+/*
+ * Target Locality:
+ * The goal is to specify that a certain component is expected to run and
+ * thereby send DPE commands from a given security domain. RSE is capable of
+ * of distinguishing the client's locality based on the MHU channel used for
+ * communication.
+ * Defines here must match with RSE side:
+ */
+#define LOCALITY_NONE -1
+/* #define LOCALITY_RSE_S 0 */ /* Not applicable on AP side */
+/* #define LOCALITY_RSE_NS 1 */ /* Not applicable on AP side */
+#define LOCALITY_AP_S 2
+#define LOCALITY_AP_NS 3
+
#endif /* TC_DPE_H */