refactor(measured-boot): avoid Measured-Boot dependency on Trusted-Boot
Measured-Boot and Trusted-Boot are orthogonal to each other and hence
removed dependency of Trusted-Boot on Measured-Boot by making below
changes -
1. BL1 and BL2 main functions are used for initializing Crypto module
instead of the authentication module
2. Updated Crypto module registration macro for MEASURED_BOOT with only
necessary callbacks for calculating image hashes
3. The 'load_auth_image' function is now used for the image measurement
during Trusted or Non-Trusted Boot flow
Change-Id: I3570e80bae8ce8f5b58d84bd955aa43e925d9fff
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
diff --git a/Makefile b/Makefile
index b92d3a9..a238ee4 100644
--- a/Makefile
+++ b/Makefile
@@ -768,15 +768,6 @@
endif
endif
-# Trusted Boot is a prerequisite for Measured Boot. It provides trust that the
-# code taking the measurements and recording them has not been tampered
-# with. This is referred to as the Root of Trust for Measurement.
-ifeq ($(MEASURED_BOOT),1)
- ifneq (${TRUSTED_BOARD_BOOT},1)
- $(error MEASURED_BOOT requires TRUSTED_BOARD_BOOT=1)
- endif
-endif
-
ifeq ($(PSA_FWU_SUPPORT),1)
$(info PSA_FWU_SUPPORT is an experimental feature)
endif
diff --git a/bl1/bl1_main.c b/bl1/bl1_main.c
index 663ec64..7399bc8 100644
--- a/bl1/bl1_main.c
+++ b/bl1/bl1_main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -15,6 +15,7 @@
#include <common/bl_common.h>
#include <common/debug.h>
#include <drivers/auth/auth_mod.h>
+#include <drivers/auth/crypto_mod.h>
#include <drivers/console.h>
#include <lib/cpus/errata_report.h>
#include <lib/utils.h>
@@ -121,10 +122,10 @@
/* Perform remaining generic architectural setup from EL3 */
bl1_arch_setup();
-#if TRUSTED_BOARD_BOOT
+ crypto_mod_init();
+
/* Initialize authentication module */
auth_mod_init();
-#endif /* TRUSTED_BOARD_BOOT */
/* Initialize the measured boot */
bl1_plat_mboot_init();
diff --git a/bl2/bl2_main.c b/bl2/bl2_main.c
index 90fe39b..5da8037 100644
--- a/bl2/bl2_main.c
+++ b/bl2/bl2_main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,6 +13,7 @@
#include <common/bl_common.h>
#include <common/debug.h>
#include <drivers/auth/auth_mod.h>
+#include <drivers/auth/crypto_mod.h>
#include <drivers/console.h>
#include <drivers/fwu/fwu.h>
#include <lib/extensions/pauth.h>
@@ -89,10 +90,10 @@
fwu_init();
#endif /* PSA_FWU_SUPPORT */
-#if TRUSTED_BOARD_BOOT
+ crypto_mod_init();
+
/* Initialize authentication module */
auth_mod_init();
-#endif /* TRUSTED_BOARD_BOOT */
/* Initialize the Measured Boot backend */
bl2_plat_mboot_init();
diff --git a/common/bl_common.c b/common/bl_common.c
index eb2352a..9bfaafd 100644
--- a/common/bl_common.c
+++ b/common/bl_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2021, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -143,25 +143,6 @@
return io_result;
}
-/*
- * Load an image and flush it out to main memory so that it can be executed
- * later by any CPU, regardless of cache and MMU state.
- */
-static int load_image_flush(unsigned int image_id,
- image_info_t *image_data)
-{
- int rc;
-
- rc = load_image(image_id, image_data);
- if (rc == 0) {
- flush_dcache_range(image_data->image_base,
- image_data->image_size);
- }
-
- return rc;
-}
-
-
#if TRUSTED_BOARD_BOOT
/*
* This function uses recursion to authenticate the parent images up to the root
@@ -202,30 +183,6 @@
return -EAUTH;
}
- if (is_parent_image == 0) {
- /*
- * Measure the image.
- * We do not measure its parents because these only play a role
- * in authentication, which is orthogonal to measured boot.
- *
- * TODO: Change this code if we change our minds about measuring
- * certificates.
- */
- rc = plat_mboot_measure_image(image_id, image_data);
- if (rc != 0) {
- return rc;
- }
-
- /*
- * Flush the image to main memory so that it can be executed
- * later by any CPU, regardless of cache and MMU state. This
- * is only needed for child images, not for the parents
- * (certificates).
- */
- flush_dcache_range(image_data->image_base,
- image_data->image_size);
- }
-
return 0;
}
#endif /* TRUSTED_BOARD_BOOT */
@@ -239,7 +196,7 @@
}
#endif
- return load_image_flush(image_id, image_data);
+ return load_image(image_id, image_data);
}
/*******************************************************************************
@@ -266,6 +223,25 @@
} while ((err != 0) && (plat_try_next_boot_source() != 0));
#endif /* PSA_FWU_SUPPORT */
+ if (err == 0) {
+ /*
+ * If loading of the image gets passed (along with its
+ * authentication in case of Trusted-Boot flow) then measure
+ * it (if MEASURED_BOOT flag is enabled).
+ */
+ err = plat_mboot_measure_image(image_id, image_data);
+ if (err != 0) {
+ return err;
+ }
+
+ /*
+ * Flush the image to main memory so that it can be executed
+ * later by any CPU, regardless of cache and MMU state.
+ */
+ flush_dcache_range(image_data->image_base,
+ image_data->image_size);
+ }
+
return err;
}
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index d77875e..a34bb3c 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -529,9 +529,9 @@
the build. The default value is 40 in debug builds and 20 in release builds.
- ``MEASURED_BOOT``: Boolean flag to include support for the Measured Boot
- feature. If this flag is enabled ``TRUSTED_BOARD_BOOT`` must be set as well
- in order to provide trust that the code taking the measurements and recording
- them has not been tampered with.
+ feature. This flag can be enabled with ``TRUSTED_BOARD_BOOT`` in order to
+ provide trust that the code taking the measurements and recording them has
+ not been tampered with.
This option defaults to 0.
diff --git a/drivers/auth/auth_mod.c b/drivers/auth/auth_mod.c
index 917ee4a..a99a2c7 100644
--- a/drivers/auth/auth_mod.c
+++ b/drivers/auth/auth_mod.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -339,9 +339,6 @@
/* Check we have a valid CoT registered */
assert(cot_desc_ptr != NULL);
- /* Crypto module */
- crypto_mod_init();
-
/* Image parser module */
img_parser_init();
}
diff --git a/drivers/auth/crypto_mod.c b/drivers/auth/crypto_mod.c
index 127eb0d..eada357 100644
--- a/drivers/auth/crypto_mod.c
+++ b/drivers/auth/crypto_mod.c
@@ -46,8 +46,13 @@
{
assert(crypto_lib_desc.name != NULL);
assert(crypto_lib_desc.init != NULL);
+#if TRUSTED_BOARD_BOOT
assert(crypto_lib_desc.verify_signature != NULL);
assert(crypto_lib_desc.verify_hash != NULL);
+#endif /* TRUSTED_BOARD_BOOT */
+#if MEASURED_BOOT
+ assert(crypto_lib_desc.calc_hash != NULL);
+#endif /* MEASURED_BOOT */
/* Initialize the cryptographic library */
crypto_lib_desc.init();
diff --git a/drivers/auth/mbedtls/mbedtls_crypto.c b/drivers/auth/mbedtls/mbedtls_crypto.c
index 114e6ad..0901d04 100644
--- a/drivers/auth/mbedtls/mbedtls_crypto.c
+++ b/drivers/auth/mbedtls/mbedtls_crypto.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -60,6 +60,7 @@
mbedtls_init();
}
+#if TRUSTED_BOARD_BOOT
/*
* Verify a signature.
*
@@ -218,6 +219,7 @@
return CRYPTO_SUCCESS;
}
+#endif /* TRUSTED_BOARD_BOOT */
#if MEASURED_BOOT
/*
@@ -366,7 +368,7 @@
/*
* Register crypto library descriptor
*/
-#if MEASURED_BOOT
+#if MEASURED_BOOT && TRUSTED_BOARD_BOOT
#if TF_MBEDTLS_USE_AES_GCM
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash,
auth_decrypt);
@@ -374,11 +376,13 @@
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash,
NULL);
#endif
-#else /* MEASURED_BOOT */
+#elif TRUSTED_BOARD_BOOT
#if TF_MBEDTLS_USE_AES_GCM
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash,
auth_decrypt);
#else
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL);
#endif
-#endif /* MEASURED_BOOT */
+#elif MEASURED_BOOT
+REGISTER_CRYPTO_LIB(LIB_NAME, init, calc_hash);
+#endif /* MEASURED_BOOT && TRUSTED_BOARD_BOOT */
diff --git a/include/drivers/auth/auth_mod.h b/include/drivers/auth/auth_mod.h
index d1fd52c..94537f6 100644
--- a/include/drivers/auth/auth_mod.h
+++ b/include/drivers/auth/auth_mod.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,8 +7,6 @@
#ifndef AUTH_MOD_H
#define AUTH_MOD_H
-#if TRUSTED_BOARD_BOOT
-
#include <common/tbbr/cot_def.h>
#include <common/tbbr/tbbr_img_def.h>
#include <drivers/auth/auth_common.h>
@@ -46,7 +44,13 @@
#endif /* COT_DESC_IN_DTB && !IMAGE_BL1 */
/* Public functions */
+#if TRUSTED_BOARD_BOOT
void auth_mod_init(void);
+#else
+static inline void auth_mod_init(void)
+{
+}
+#endif /* TRUSTED_BOARD_BOOT */
int auth_mod_get_parent_id(unsigned int img_id, unsigned int *parent_id);
int auth_mod_verify_img(unsigned int img_id,
void *img_ptr,
@@ -85,6 +89,4 @@
#endif
-#endif /* TRUSTED_BOARD_BOOT */
-
#endif /* AUTH_MOD_H */
diff --git a/include/drivers/auth/crypto_mod.h b/include/drivers/auth/crypto_mod.h
index cdcf504..73b2b99 100644
--- a/include/drivers/auth/crypto_mod.h
+++ b/include/drivers/auth/crypto_mod.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -76,7 +76,14 @@
} crypto_lib_desc_t;
/* Public functions */
+#if CRYPTO_SUPPORT
void crypto_mod_init(void);
+#else
+static inline void crypto_mod_init(void)
+{
+}
+#endif /* CRYPTO_SUPPORT */
+
int crypto_mod_verify_signature(void *data_ptr, unsigned int data_len,
void *sig_ptr, unsigned int sig_len,
void *sig_alg_ptr, unsigned int sig_alg_len,
@@ -93,7 +100,9 @@
int crypto_mod_calc_hash(enum crypto_md_algo alg, void *data_ptr,
unsigned int data_len,
unsigned char output[CRYPTO_MD_MAX_SIZE]);
+#endif /* MEASURED_BOOT */
+#if MEASURED_BOOT && TRUSTED_BOARD_BOOT
/* Macro to register a cryptographic library */
#define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash, \
_calc_hash, _auth_decrypt) \
@@ -105,7 +114,7 @@
.calc_hash = _calc_hash, \
.auth_decrypt = _auth_decrypt \
}
-#else
+#elif TRUSTED_BOARD_BOOT
#define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash, \
_auth_decrypt) \
const crypto_lib_desc_t crypto_lib_desc = { \
@@ -115,7 +124,14 @@
.verify_hash = _verify_hash, \
.auth_decrypt = _auth_decrypt \
}
+#elif MEASURED_BOOT
+#define REGISTER_CRYPTO_LIB(_name, _init, _calc_hash) \
+ const crypto_lib_desc_t crypto_lib_desc = { \
+ .name = _name, \
+ .init = _init, \
+ .calc_hash = _calc_hash, \
+ }
-#endif /* MEASURED_BOOT */
+#endif /* MEASURED_BOOT && TRUSTED_BOARD_BOOT */
extern const crypto_lib_desc_t crypto_lib_desc;