feat(measured_boot): image hash measurement and recording in BL1
It looks safer and cleaner approach to record the measurement taken by
BL1 straightaway in TCG Event Log instead of deferring these recordings
to BL2.
Hence pull in the full-fledged measured boot driver into BL1 that
replaces the former ad-hoc platform interfaces i.e.
bl1_plat_set_bl2_hash, bl2_plat_get_hash.
As a result of this change the BL1 of Arm FVP platform now do the
measurements and recordings of below images:
1. FW_CONFIG
2. TB_FW_CONFIG
3. BL2
Change-Id: I798c20336308b5e91b547da4f8ed57c24d490731
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
diff --git a/bl1/bl1_main.c b/bl1/bl1_main.c
index fd60232..663ec64 100644
--- a/bl1/bl1_main.c
+++ b/bl1/bl1_main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -126,6 +126,9 @@
auth_mod_init();
#endif /* TRUSTED_BOARD_BOOT */
+ /* Initialize the measured boot */
+ bl1_plat_mboot_init();
+
/* Perform platform setup in BL1. */
bl1_platform_setup();
@@ -147,6 +150,9 @@
else
NOTICE("BL1-FWU: *******FWU Process Started*******\n");
+ /* Teardown the measured boot driver */
+ bl1_plat_mboot_finish();
+
bl1_prepare_next_image(image_id);
console_flush();
diff --git a/common/bl_common.c b/common/bl_common.c
index 3c37bcf..eb2352a 100644
--- a/common/bl_common.c
+++ b/common/bl_common.c
@@ -203,7 +203,6 @@
}
if (is_parent_image == 0) {
-#if IMAGE_BL2
/*
* Measure the image.
* We do not measure its parents because these only play a role
@@ -212,11 +211,11 @@
* TODO: Change this code if we change our minds about measuring
* certificates.
*/
- rc = plat_mboot_measure_image(image_id);
+ rc = plat_mboot_measure_image(image_id, image_data);
if (rc != 0) {
return rc;
}
-#endif
+
/*
* Flush the image to main memory so that it can be executed
* later by any CPU, regardless of cache and MMU state. This
diff --git a/drivers/measured_boot/event_log/event_log.mk b/drivers/measured_boot/event_log/event_log.mk
index e42f9c9..37e5e29 100644
--- a/drivers/measured_boot/event_log/event_log.mk
+++ b/drivers/measured_boot/event_log/event_log.mk
@@ -47,3 +47,4 @@
${MEASURED_BOOT_SRC_DIR}event_print.c
BL2_SOURCES += ${MEASURED_BOOT_SOURCES}
+BL1_SOURCES += ${MEASURED_BOOT_SOURCES}
diff --git a/include/drivers/measured_boot/event_log/event_log.h b/include/drivers/measured_boot/event_log/event_log.h
index 9aa6dc7..0d22d87 100644
--- a/include/drivers/measured_boot/event_log/event_log.h
+++ b/include/drivers/measured_boot/event_log/event_log.h
@@ -48,12 +48,14 @@
#define BL32_EXTRA1_IMAGE_STRING "BL32_EXTRA1_IMAGE"
#define BL32_EXTRA2_IMAGE_STRING "BL32_EXTRA2_IMAGE"
#define BL33_STRING "BL_33"
+#define FW_CONFIG_STRING "FW_CONFIG"
#define GPT_IMAGE_STRING "GPT"
#define HW_CONFIG_STRING "HW_CONFIG"
#define NT_FW_CONFIG_STRING "NT_FW_CONFIG"
#define SCP_BL2_IMAGE_STRING "SCP_BL2_IMAGE"
#define SOC_FW_CONFIG_STRING "SOC_FW_CONFIG"
#define STM32_IMAGE_STRING "STM32"
+#define TB_FW_CONFIG_STRING "TB_FW_CONFIG"
#define TOS_FW_CONFIG_STRING "TOS_FW_CONFIG"
typedef struct {
diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h
index c7c4dcb..3fa63f5 100644
--- a/include/plat/common/platform.h
+++ b/include/plat/common/platform.h
@@ -122,6 +122,16 @@
void bl2_plat_preload_setup(void);
int plat_try_next_boot_source(void);
+#if MEASURED_BOOT
+int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data);
+#else
+static inline int plat_mboot_measure_image(unsigned int image_id __unused,
+ image_info_t *image_data __unused)
+{
+ return 0;
+}
+#endif /* MEASURED_BOOT */
+
/*******************************************************************************
* Mandatory BL1 functions
******************************************************************************/
@@ -181,6 +191,18 @@
int bl1_plat_handle_pre_image_load(unsigned int image_id);
int bl1_plat_handle_post_image_load(unsigned int image_id);
+#if MEASURED_BOOT
+void bl1_plat_mboot_init(void);
+void bl1_plat_mboot_finish(void);
+#else
+static inline void bl1_plat_mboot_init(void)
+{
+}
+static inline void bl1_plat_mboot_finish(void)
+{
+}
+#endif /* MEASURED_BOOT */
+
/*******************************************************************************
* Mandatory BL2 functions
******************************************************************************/
@@ -202,17 +224,12 @@
#if MEASURED_BOOT
void bl2_plat_mboot_init(void);
void bl2_plat_mboot_finish(void);
-int plat_mboot_measure_image(unsigned int image_id);
#else
static inline void bl2_plat_mboot_init(void)
{
}
static inline void bl2_plat_mboot_finish(void)
{
-}
-static inline int plat_mboot_measure_image(unsigned int image_id __unused)
-{
- return 0;
}
#endif /* MEASURED_BOOT */
diff --git a/plat/arm/board/fvp/fvp_bl1_measured_boot.c b/plat/arm/board/fvp/fvp_bl1_measured_boot.c
new file mode 100644
index 0000000..15ea059
--- /dev/null
+++ b/plat/arm/board/fvp/fvp_bl1_measured_boot.c
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stdint.h>
+
+#include <drivers/measured_boot/event_log/event_log.h>
+
+/* Event Log data */
+static uint8_t event_log[PLAT_ARM_EVENT_LOG_MAX_SIZE];
+
+/* FVP table with platform specific image IDs, names and PCRs */
+const event_log_metadata_t fvp_event_log_metadata[] = {
+ { FW_CONFIG_ID, FW_CONFIG_STRING, PCR_0 },
+ { TB_FW_CONFIG_ID, TB_FW_CONFIG_STRING, PCR_0 },
+ { BL2_IMAGE_ID, BL2_STRING, PCR_0 },
+ { INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */
+};
+
+void bl1_plat_mboot_init(void)
+{
+ event_log_init(event_log, PLAT_ARM_EVENT_LOG_MAX_SIZE, 0U);
+}
+
+void bl1_plat_mboot_finish(void)
+{
+ /*
+ * ToDo: populate tb_fw_config with Event Log address, its maximum size
+ * and filled size
+ */
+}
diff --git a/plat/arm/board/fvp/fvp_measured_boot.c b/plat/arm/board/fvp/fvp_bl2_measured_boot.c
similarity index 78%
rename from plat/arm/board/fvp/fvp_measured_boot.c
rename to plat/arm/board/fvp/fvp_bl2_measured_boot.c
index 83419b6..f5d829a 100644
--- a/plat/arm/board/fvp/fvp_measured_boot.c
+++ b/plat/arm/board/fvp/fvp_bl2_measured_boot.c
@@ -27,11 +27,6 @@
{ INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */
};
-const event_log_metadata_t *plat_event_log_get_metadata(void)
-{
- return fvp_event_log_metadata;
-}
-
void bl2_plat_mboot_init(void)
{
event_log_init(event_log, event_log + sizeof(event_log));
@@ -88,27 +83,3 @@
dump_event_log(event_log, event_log_cur_size);
}
-
-int plat_mboot_measure_image(unsigned int image_id)
-{
- const bl_mem_params_node_t *bl_mem_params =
- get_bl_mem_params_node(image_id);
-
- assert(bl_mem_params != NULL);
-
- image_info_t info = bl_mem_params->image_info;
- int err;
-
- if ((info.h.attr & IMAGE_ATTRIB_SKIP_LOADING) == 0U) {
- /* Calculate image hash and record data in Event Log */
- err = event_log_measure_record(info.image_base,
- info.image_size, image_id);
- if (err != 0) {
- ERROR("%s%s image id %u (%i)\n",
- "BL2: Failed to ", "record", image_id, err);
- return err;
- }
- }
-
- return 0;
-}
diff --git a/plat/arm/board/fvp/fvp_common_measured_boot.c b/plat/arm/board/fvp/fvp_common_measured_boot.c
new file mode 100644
index 0000000..6a403d9
--- /dev/null
+++ b/plat/arm/board/fvp/fvp_common_measured_boot.c
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <stdint.h>
+
+#include <common/desc_image_load.h>
+#include <drivers/measured_boot/event_log/event_log.h>
+#include <plat/arm/common/plat_arm.h>
+#include <plat/common/platform.h>
+
+extern event_log_metadata_t fvp_event_log_metadata[];
+
+const event_log_metadata_t *plat_event_log_get_metadata(void)
+{
+ return fvp_event_log_metadata;
+}
+
+int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data)
+{
+ /* Calculate image hash and record data in Event Log */
+ int err = event_log_measure_and_record(image_data->image_base,
+ image_data->image_size,
+ image_id);
+ if (err != 0) {
+ ERROR("%s%s image id %u (%i)\n",
+ "Failed to ", "record", image_id, err);
+ return err;
+ }
+
+ return 0;
+}
diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk
index b375146..70b1051 100644
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@@ -376,7 +376,10 @@
BL2_SOURCES += plat/arm/board/fvp/fvp_trusted_boot.c
ifeq (${MEASURED_BOOT},1)
-BL2_SOURCES += plat/arm/board/fvp/fvp_measured_boot.c
+BL1_SOURCES += plat/arm/board/fvp/fvp_common_measured_boot.c \
+ plat/arm/board/fvp/fvp_bl1_measured_boot.c
+BL2_SOURCES += plat/arm/board/fvp/fvp_common_measured_boot.c \
+ plat/arm/board/fvp/fvp_bl2_measured_boot.c
endif
# FVP being a development platform, enable capability to disable Authentication