Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / caf03fd251a8830ed4fecbb9d499647d29cf5d7c^! / .
commitcaf03fd251a8830ed4fecbb9d499647d29cf5d7c[log] [tgz]
authorManish V Badarkhe <Manish.Badarkhe@arm.com>Tue Apr 11 12:55:07 2023 +0100
committerManish V Badarkhe <Manish.Badarkhe@arm.com>Fri Jul 28 09:01:15 2023 +0100
tree9b4b0b784e63abe9066481711cd6057e8be19e17
parent18369ec5d673c3ffdb7f105471cc6b511d8e9c10 [diff]
feat(auth): measure and publicise the Public Key

Once the Public Key has been verified, call 'plat_mboot_measure_key'
to measure and publicise it.

Change-Id: I46ea71dcbba96db3706602ccd89f22596ae68416
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

diff --git a/drivers/auth/auth_mod.c b/drivers/auth/auth_mod.c
index 7a9cca8..105dc05 100644
--- a/drivers/auth/auth_mod.c
+++ b/drivers/auth/auth_mod.c

@@ -20,6 +20,8 @@
 #include <lib/fconf/fconf_tbbr_getter.h>
 #include <plat/common/platform.h>
 
+#include <tools_share/zero_oid.h>
+
 /* ASN.1 tags */
 #define ASN1_INTEGER                 0x02
 
@@ -148,7 +150,7 @@
 			  const auth_img_desc_t *img_desc,
 			  void *img, unsigned int img_len)
 {
-	void *data_ptr, *pk_ptr, *pk_plat_ptr, *sig_ptr, *sig_alg_ptr;
+	void *data_ptr, *pk_ptr, *pk_plat_ptr, *sig_ptr, *sig_alg_ptr, *pk_oid;
 	unsigned int data_len, pk_len, pk_plat_len, sig_len, sig_alg_len;
 	unsigned int flags = 0;
 	int rc = 0;
@@ -226,6 +228,25 @@
 				return -1;
 			}
 		}
+
+		/*
+		 * Set Zero-OID for ROTPK(subject key) as a the certificate
+		 * does not hold Key-OID information for ROTPK.
+		 */
+		if (param->pk->cookie != NULL) {
+			pk_oid = param->pk->cookie;
+		} else {
+			pk_oid = ZERO_OID;
+		}
+
+		/*
+		 * Public key is verified at this stage, notify platform
+		 * to measure and publish it.
+		 */
+		rc = plat_mboot_measure_key(pk_oid, pk_ptr, pk_len);
+		if (rc != 0) {
+			WARN("Public Key measurement failure = %d\n", rc);
+		}
 	}
 
 	/* Ask the crypto module to verify the signature */
@@ -381,6 +402,7 @@
 			unsigned int img_len)
 {
 	const auth_img_desc_t *img_desc = NULL;
+	const auth_param_type_desc_t *type_desc = NULL;
 	const auth_method_desc_t *auth_method = NULL;
 	void *param_ptr;
 	unsigned int param_len;
@@ -462,6 +484,21 @@
 			/* Copy the parameter for later use */
 			memcpy((void *)img_desc->authenticated_data[i].data.ptr,
 					(void *)param_ptr, param_len);
+
+			/*
+			 * If this is a public key then measure and publicise
+			 * it.
+			 */
+			type_desc = img_desc->authenticated_data[i].type_desc;
+			if (type_desc->type == AUTH_PARAM_PUB_KEY) {
+				rc = plat_mboot_measure_key(type_desc->cookie,
+							    param_ptr,
+							    param_len);
+				if (rc != 0) {
+					WARN("Public Key measurement "
+					     "failure = %d\n", rc);
+				}
+			}
 		}
 	}