TF-A: Add support for Measured Boot driver
This patch adds support for Measured Boot driver functionality
in common Arm platform code.
Change-Id: If049dcf8d847c39023b77c0d805a8cf5b8bcaa3e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
diff --git a/include/lib/fconf/fconf_tbbr_getter.h b/include/lib/fconf/fconf_tbbr_getter.h
index db98b68..6066af6 100644
--- a/include/lib/fconf/fconf_tbbr_getter.h
+++ b/include/lib/fconf/fconf_tbbr_getter.h
@@ -23,6 +23,9 @@
uint32_t disable_auth;
void *mbedtls_heap_addr;
size_t mbedtls_heap_size;
+#if MEASURED_BOOT
+ uint8_t bl2_hash_data[TCG_DIGEST_SIZE];
+#endif
};
extern struct tbbr_dyn_config_t tbbr_dyn_config;
diff --git a/include/plat/arm/common/arm_def.h b/include/plat/arm/common/arm_def.h
index 680d354..139145b 100644
--- a/include/plat/arm/common/arm_def.h
+++ b/include/plat/arm/common/arm_def.h
@@ -81,7 +81,7 @@
ARM_SCP_TZC_DRAM1_SIZE)
#define ARM_SCP_TZC_DRAM1_SIZE PLAT_ARM_SCP_TZC_DRAM1_SIZE
#define ARM_SCP_TZC_DRAM1_END (ARM_SCP_TZC_DRAM1_BASE + \
- ARM_SCP_TZC_DRAM1_SIZE - 1)
+ ARM_SCP_TZC_DRAM1_SIZE - 1U)
/*
* Define a 2MB region within the TZC secured DRAM for use by EL3 runtime
@@ -92,7 +92,7 @@
#define ARM_EL3_TZC_DRAM1_BASE (ARM_SCP_TZC_DRAM1_BASE - ARM_EL3_TZC_DRAM1_SIZE)
#define ARM_EL3_TZC_DRAM1_SIZE UL(0x00200000) /* 2 MB */
#define ARM_EL3_TZC_DRAM1_END (ARM_EL3_TZC_DRAM1_BASE + \
- ARM_EL3_TZC_DRAM1_SIZE - 1)
+ ARM_EL3_TZC_DRAM1_SIZE - 1U)
#define ARM_AP_TZC_DRAM1_BASE (ARM_DRAM1_BASE + \
ARM_DRAM1_SIZE - \
@@ -101,7 +101,7 @@
(ARM_SCP_TZC_DRAM1_SIZE + \
ARM_EL3_TZC_DRAM1_SIZE))
#define ARM_AP_TZC_DRAM1_END (ARM_AP_TZC_DRAM1_BASE + \
- ARM_AP_TZC_DRAM1_SIZE - 1)
+ ARM_AP_TZC_DRAM1_SIZE - 1U)
/* Define the Access permissions for Secure peripherals to NS_DRAM */
#if ARM_CRYPTOCELL_INTEG
@@ -148,17 +148,17 @@
#define ARM_NS_DRAM1_SIZE (ARM_DRAM1_SIZE - \
ARM_TZC_DRAM1_SIZE)
#define ARM_NS_DRAM1_END (ARM_NS_DRAM1_BASE + \
- ARM_NS_DRAM1_SIZE - 1)
+ ARM_NS_DRAM1_SIZE - 1U)
#define ARM_DRAM1_BASE ULL(0x80000000)
#define ARM_DRAM1_SIZE ULL(0x80000000)
#define ARM_DRAM1_END (ARM_DRAM1_BASE + \
- ARM_DRAM1_SIZE - 1)
+ ARM_DRAM1_SIZE - 1U)
#define ARM_DRAM2_BASE PLAT_ARM_DRAM2_BASE
#define ARM_DRAM2_SIZE PLAT_ARM_DRAM2_SIZE
#define ARM_DRAM2_END (ARM_DRAM2_BASE + \
- ARM_DRAM2_SIZE - 1)
+ ARM_DRAM2_SIZE - 1U)
#define ARM_IRQ_SEC_PHY_TIMER 29
diff --git a/include/plat/arm/common/plat_arm.h b/include/plat/arm/common/plat_arm.h
index 3625530..95fc18e 100644
--- a/include/plat/arm/common/plat_arm.h
+++ b/include/plat/arm/common/plat_arm.h
@@ -235,8 +235,20 @@
#if MEASURED_BOOT
/* Measured boot related functions */
-void arm_bl1_set_bl2_hash(image_desc_t *image_desc);
+void arm_bl1_set_bl2_hash(const image_desc_t *image_desc);
+void arm_bl2_get_hash(void *data);
+int arm_set_tos_fw_info(uintptr_t config_base, uintptr_t log_addr,
+ size_t log_size);
+int arm_set_nt_fw_info(uintptr_t config_base,
+/*
+ * Currently OP-TEE does not support reading DTBs from Secure memory
+ * and this option should be removed when feature is supported.
+ */
+#ifdef SPD_opteed
+ uintptr_t log_addr,
#endif
+ size_t log_size, uintptr_t *ns_log_addr);
+#endif /* MEASURED_BOOT */
/*
* Free the memory storing initialization code only used during an images boot
diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h
index 720c259..658b423 100644
--- a/include/plat/common/platform.h
+++ b/include/plat/common/platform.h
@@ -175,6 +175,14 @@
int bl1_plat_handle_pre_image_load(unsigned int image_id);
int bl1_plat_handle_post_image_load(unsigned int image_id);
+#if MEASURED_BOOT
+/*
+ * Calculates and writes BL2 hash data to the platform's defined location.
+ * For ARM platforms the data are written to TB_FW_CONFIG DTB.
+ */
+void bl1_plat_set_bl2_hash(const image_desc_t *image_desc);
+#endif
+
/*******************************************************************************
* Mandatory BL2 functions
******************************************************************************/
@@ -190,11 +198,13 @@
int bl2_plat_handle_pre_image_load(unsigned int image_id);
int bl2_plat_handle_post_image_load(unsigned int image_id);
-
/*******************************************************************************
* Optional BL2 functions (may be overridden)
******************************************************************************/
-
+#if MEASURED_BOOT
+/* Read TCG_DIGEST_SIZE bytes of BL2 hash data */
+void bl2_plat_get_hash(void *data);
+#endif
/*******************************************************************************
* Mandatory BL2 at EL3 functions: Must be implemented if BL2_AT_EL3 image is
@@ -204,7 +214,6 @@
u_register_t arg2, u_register_t arg3);
void bl2_el3_plat_arch_setup(void);
-
/*******************************************************************************
* Optional BL2 at EL3 functions (may be overridden)
******************************************************************************/