refactor(measured-boot): avoid Measured-Boot dependency on Trusted-Boot
Measured-Boot and Trusted-Boot are orthogonal to each other and hence
removed dependency of Trusted-Boot on Measured-Boot by making below
changes -
1. BL1 and BL2 main functions are used for initializing Crypto module
instead of the authentication module
2. Updated Crypto module registration macro for MEASURED_BOOT with only
necessary callbacks for calculating image hashes
3. The 'load_auth_image' function is now used for the image measurement
during Trusted or Non-Trusted Boot flow
Change-Id: I3570e80bae8ce8f5b58d84bd955aa43e925d9fff
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
diff --git a/drivers/auth/auth_mod.c b/drivers/auth/auth_mod.c
index 917ee4a..a99a2c7 100644
--- a/drivers/auth/auth_mod.c
+++ b/drivers/auth/auth_mod.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -339,9 +339,6 @@
/* Check we have a valid CoT registered */
assert(cot_desc_ptr != NULL);
- /* Crypto module */
- crypto_mod_init();
-
/* Image parser module */
img_parser_init();
}
diff --git a/drivers/auth/crypto_mod.c b/drivers/auth/crypto_mod.c
index 127eb0d..eada357 100644
--- a/drivers/auth/crypto_mod.c
+++ b/drivers/auth/crypto_mod.c
@@ -46,8 +46,13 @@
{
assert(crypto_lib_desc.name != NULL);
assert(crypto_lib_desc.init != NULL);
+#if TRUSTED_BOARD_BOOT
assert(crypto_lib_desc.verify_signature != NULL);
assert(crypto_lib_desc.verify_hash != NULL);
+#endif /* TRUSTED_BOARD_BOOT */
+#if MEASURED_BOOT
+ assert(crypto_lib_desc.calc_hash != NULL);
+#endif /* MEASURED_BOOT */
/* Initialize the cryptographic library */
crypto_lib_desc.init();
diff --git a/drivers/auth/mbedtls/mbedtls_crypto.c b/drivers/auth/mbedtls/mbedtls_crypto.c
index 114e6ad..0901d04 100644
--- a/drivers/auth/mbedtls/mbedtls_crypto.c
+++ b/drivers/auth/mbedtls/mbedtls_crypto.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -60,6 +60,7 @@
mbedtls_init();
}
+#if TRUSTED_BOARD_BOOT
/*
* Verify a signature.
*
@@ -218,6 +219,7 @@
return CRYPTO_SUCCESS;
}
+#endif /* TRUSTED_BOARD_BOOT */
#if MEASURED_BOOT
/*
@@ -366,7 +368,7 @@
/*
* Register crypto library descriptor
*/
-#if MEASURED_BOOT
+#if MEASURED_BOOT && TRUSTED_BOARD_BOOT
#if TF_MBEDTLS_USE_AES_GCM
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash,
auth_decrypt);
@@ -374,11 +376,13 @@
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash,
NULL);
#endif
-#else /* MEASURED_BOOT */
+#elif TRUSTED_BOARD_BOOT
#if TF_MBEDTLS_USE_AES_GCM
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash,
auth_decrypt);
#else
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL);
#endif
-#endif /* MEASURED_BOOT */
+#elif MEASURED_BOOT
+REGISTER_CRYPTO_LIB(LIB_NAME, init, calc_hash);
+#endif /* MEASURED_BOOT && TRUSTED_BOARD_BOOT */