blob: 6cbb4dc47caed16a376e5930a275668ea556bd3a [file] [log] [blame]
Tamas Ban64c33a12022-01-11 20:24:24 +01001/*
2 * Copyright (c) 2022, Arm Limited. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6#include <assert.h>
7#include <stdint.h>
Claus Pedersen785e66c2022-09-12 22:42:58 +00008#include <string.h>
Tamas Ban64c33a12022-01-11 20:24:24 +01009
10#include <common/debug.h>
11#include <drivers/auth/crypto_mod.h>
12#include <drivers/measured_boot/rss/rss_measured_boot.h>
13#include <lib/psa/measured_boot.h>
14#include <psa/crypto_types.h>
15#include <psa/crypto_values.h>
16#include <psa/error.h>
17
18#define MBOOT_ALG_SHA512 0
19#define MBOOT_ALG_SHA384 1
20#define MBOOT_ALG_SHA256 2
21
22#if MBOOT_ALG_ID == MBOOT_ALG_SHA512
23#define CRYPTO_MD_ID CRYPTO_MD_SHA512
24#define PSA_CRYPTO_MD_ID PSA_ALG_SHA_512
25#elif MBOOT_ALG_ID == MBOOT_ALG_SHA384
26#define CRYPTO_MD_ID CRYPTO_MD_SHA384
27#define PSA_CRYPTO_MD_ID PSA_ALG_SHA_384
28#elif MBOOT_ALG_ID == MBOOT_ALG_SHA256
29#define CRYPTO_MD_ID CRYPTO_MD_SHA256
30#define PSA_CRYPTO_MD_ID PSA_ALG_SHA_256
31#else
32# error Invalid Measured Boot algorithm.
33#endif /* MBOOT_ALG_ID */
34
35/* Pointer to struct rss_mboot_metadata */
36static struct rss_mboot_metadata *plat_metadata_ptr;
37
38/* Functions' declarations */
39void rss_measured_boot_init(void)
40{
41 /* At this point it is expected that communication channel over MHU
42 * is already initialised by platform init.
43 */
44
45 /* Get pointer to platform's struct rss_mboot_metadata structure */
46 plat_metadata_ptr = plat_rss_mboot_get_metadata();
47 assert(plat_metadata_ptr != NULL);
48}
49
50int rss_mboot_measure_and_record(uintptr_t data_base, uint32_t data_size,
51 uint32_t data_id)
52{
53 unsigned char hash_data[CRYPTO_MD_MAX_SIZE];
54 int rc;
55 psa_status_t ret;
56 const struct rss_mboot_metadata *metadata_ptr = plat_metadata_ptr;
57
58 /* Get the metadata associated with this image. */
59 while ((metadata_ptr->id != RSS_MBOOT_INVALID_ID) &&
60 (metadata_ptr->id != data_id)) {
61 metadata_ptr++;
62 }
63
64 /* If image is not present in metadata array then skip */
65 if (metadata_ptr->id == RSS_MBOOT_INVALID_ID) {
66 return 0;
67 }
68
69 /* Calculate hash */
70 rc = crypto_mod_calc_hash(CRYPTO_MD_ID,
71 (void *)data_base, data_size, hash_data);
72 if (rc != 0) {
73 return rc;
74 }
75
76 ret = rss_measured_boot_extend_measurement(
77 metadata_ptr->slot,
78 metadata_ptr->signer_id,
79 metadata_ptr->signer_id_size,
80 metadata_ptr->version,
81 metadata_ptr->version_size,
82 PSA_CRYPTO_MD_ID,
83 metadata_ptr->sw_type,
84 metadata_ptr->sw_type_size,
85 hash_data,
86 MBOOT_DIGEST_SIZE,
87 metadata_ptr->lock_measurement);
88 if (ret != PSA_SUCCESS) {
89 return ret;
90 }
91
92 return 0;
93}
94
95int rss_mboot_set_signer_id(unsigned int img_id,
96 const void *pk_ptr,
97 size_t pk_len)
98{
99 unsigned char hash_data[CRYPTO_MD_MAX_SIZE];
100 struct rss_mboot_metadata *metadata_ptr = plat_metadata_ptr;
101 int rc;
102
103 /* Get the metadata associated with this image. */
104 while ((metadata_ptr->id != RSS_MBOOT_INVALID_ID) &&
105 (metadata_ptr->id != img_id)) {
106 metadata_ptr++;
107 }
108
109 /* If image is not present in metadata array then skip */
110 if (metadata_ptr->id == RSS_MBOOT_INVALID_ID) {
111 return 0;
112 }
113
114 /* Calculate public key hash */
115 rc = crypto_mod_calc_hash(CRYPTO_MD_ID, (void *)pk_ptr,
116 pk_len, hash_data);
117 if (rc != 0) {
118 return rc;
119 }
120
121 /* Update metadata struct with the received signer_id */
122 (void)memcpy(metadata_ptr->signer_id, hash_data, MBOOT_DIGEST_SIZE);
123 metadata_ptr->signer_id_size = MBOOT_DIGEST_SIZE;
124
125 return 0;
126}