diff options
author | David Vincze <david.vincze@arm.com> | 2020-01-08 17:42:30 +0100 |
---|---|---|
committer | David Vincze <david.vincze@arm.com> | 2020-01-27 14:54:41 +0100 |
commit | e13a48b65321a8828bd9e3a11e1652436df6c6b0 (patch) | |
tree | c9c421db5e31f4c60a04b67cc25f77bff2ce762a | |
parent | ead78fb7c1268e38e639eac8b45c11eb4ffbc315 (diff) | |
download | trusted-firmware-m-e13a48b65321a8828bd9e3a11e1652436df6c6b0.tar.gz |
Attest: Accept empty shared data area
Introduce the BOOT_DATA_AVAILABLE CMake variable to indicate whether
boot data is available in the shared data area (between the boot loader
and runtime firmware). If it's false the content of the shared data area
will be ignored and thus all the tests will pass for example when TF-M
is used with a boot loader that doesn't provide any boot data or when a
boot loader is not used at all.
Change-Id: Ic6d32cfdc8741018c6668692d64f81236006b593
Signed-off-by: David Vincze <david.vincze@arm.com>
-rw-r--r-- | CommonConfig.cmake | 8 | ||||
-rw-r--r-- | docs/user_guides/services/tfm_attestation_integration_guide.rst | 12 | ||||
-rw-r--r-- | secure_fw/CMakeLists.txt | 4 | ||||
-rw-r--r-- | secure_fw/core/tfm_boot_data.c | 13 | ||||
-rw-r--r-- | secure_fw/services/initial_attestation/tfm_attestation.c | 12 |
5 files changed, 37 insertions, 12 deletions
diff --git a/CommonConfig.cmake b/CommonConfig.cmake index fc4dd2d9df..cf711eb7c1 100644 --- a/CommonConfig.cmake +++ b/CommonConfig.cmake @@ -425,6 +425,14 @@ set(ATTEST_BOOT_INTERFACE "CBOR_ENCODED_CLAIMS" CACHE STRING "Set the format in set_property(CACHE ATTEST_BOOT_INTERFACE PROPERTY STRINGS "INDIVIDUAL_CLAIMS;CBOR_ENCODED_CLAIMS") validate_cache_value(ATTEST_BOOT_INTERFACE) +if (NOT DEFINED BOOT_DATA_AVAILABLE) + if (BL2) + set(BOOT_DATA_AVAILABLE ON) + else() + set(BOOT_DATA_AVAILABLE OFF) + endif() +endif() + ##Set mbedTLS compiler flags for BL2 bootloader set(MBEDCRYPTO_C_FLAGS_BL2 "-D__ARM_FEATURE_CMSE=${ARM_FEATURE_CMSE} -D__thumb2__ ${COMMON_COMPILE_FLAGS_STR} -DMBEDTLS_CONFIG_FILE=\\\\\\\"config-rsa.h\\\\\\\" -I${CMAKE_CURRENT_LIST_DIR}/bl2/ext/mcuboot/include") if (MCUBOOT_SIGNATURE_TYPE STREQUAL "RSA-3072") diff --git a/docs/user_guides/services/tfm_attestation_integration_guide.rst b/docs/user_guides/services/tfm_attestation_integration_guide.rst index eb5601f0bb..80af21e2e1 100644 --- a/docs/user_guides/services/tfm_attestation_integration_guide.rst +++ b/docs/user_guides/services/tfm_attestation_integration_guide.rst @@ -307,6 +307,9 @@ Boot loader interface It is **recommended** to have a secure boot loader in the boot chain, which is capable of measuring the runtime firmware components (calculates the hash value of firmware images) and provide other attributes of these (version, type, etc). +If the used boot loader is not capable of sharing these information with the +runtime software then the ``BOOT_DATA_AVAILABLE`` compiler flag **must** be +set to false (see `Related compile time options`_). The shared data between boot loader and runtime software is TLV encoded. The definition of TLV structure is described in ``bl2/include/tfm_boot_status.h``. @@ -445,6 +448,15 @@ those flags. The list of flags are: unprotected header. Key-id is calculated and added to the COSE header based on the value of this flag. Default value: False. +Related compile time options +---------------------------- +- ``BOOT_DATA_AVAILABLE``: The boot data is expected to be present in the shared + data area between the boot loader and the runtime firmware when it's true. + Otherwise, when it's false does not check the content of the shared data area. + Also assume that the TLV header is present and valid (the magic number is + correct) and there are no other data entries. Its default value depends on + the BL2 flag. + ************ Verification ************ diff --git a/secure_fw/CMakeLists.txt b/secure_fw/CMakeLists.txt index e71971ec2e..87211116c3 100644 --- a/secure_fw/CMakeLists.txt +++ b/secure_fw/CMakeLists.txt @@ -161,6 +161,10 @@ if(TARGET_NV_COUNTERS_ENABLE) embedded_set_target_compile_defines(TARGET ${PROJECT_OBJ_LIB} LANGUAGE C DEFINES TFM_NVCOUNTERS_ENABLE APPEND) endif() +if(BOOT_DATA_AVAILABLE) + embedded_set_target_compile_defines(TARGET ${PROJECT_OBJ_LIB} LANGUAGE C DEFINES BOOT_DATA_AVAILABLE APPEND) +endif() + if (NOT DEFINED CORE_TEST) message(FATAL_ERROR "Incomplete build configuration: CORE_TEST is undefined.") elseif(CORE_TEST) diff --git a/secure_fw/core/tfm_boot_data.c b/secure_fw/core/tfm_boot_data.c index 7a3edc91c7..079e0204ab 100644 --- a/secure_fw/core/tfm_boot_data.c +++ b/secure_fw/core/tfm_boot_data.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2019, Arm Limited. All rights reserved. + * Copyright (c) 2018-2020, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * @@ -120,6 +120,7 @@ static int32_t tfm_core_check_boot_data_access_policy(uint8_t major_type) void tfm_core_validate_boot_data(void) { +#ifdef BOOT_DATA_AVAILABLE struct tfm_boot_data *boot_data; boot_data = (struct tfm_boot_data *)BOOT_TFM_SHARED_DATA_BASE; @@ -127,6 +128,9 @@ void tfm_core_validate_boot_data(void) if (boot_data->header.tlv_magic == SHARED_DATA_TLV_INFO_MAGIC) { is_boot_data_valid = BOOT_DATA_VALID; } +#else + is_boot_data_valid = BOOT_DATA_VALID; +#endif /* BOOT_DATA_AVAILABLE */ } void tfm_core_get_boot_data_handler(uint32_t args[]) @@ -136,8 +140,10 @@ void tfm_core_get_boot_data_handler(uint32_t args[]) uint16_t buf_size = (uint16_t)args[2]; uint8_t *ptr; struct tfm_boot_data *boot_data; +#ifdef BOOT_DATA_AVAILABLE struct shared_data_tlv_entry tlv_entry; uintptr_t tlv_end, offset; +#endif /* BOOT_DATA_AVAILABLE */ #ifndef TFM_PSA_API uint32_t running_partition_idx = tfm_spm_partition_get_running_partition_idx(); @@ -188,10 +194,12 @@ void tfm_core_get_boot_data_handler(uint32_t args[]) return; } +#ifdef BOOT_DATA_AVAILABLE /* Get the boundaries of TLV section */ boot_data = (struct tfm_boot_data *)BOOT_TFM_SHARED_DATA_BASE; tlv_end = BOOT_TFM_SHARED_DATA_BASE + boot_data->header.tlv_tot_len; offset = BOOT_TFM_SHARED_DATA_BASE + SHARED_DATA_HEADER_SIZE; +#endif /* BOOT_DATA_AVAILABLE */ /* Add header to output buffer as well */ if (buf_size < SHARED_DATA_HEADER_SIZE) { @@ -204,6 +212,7 @@ void tfm_core_get_boot_data_handler(uint32_t args[]) ptr = boot_data->data; } +#ifdef BOOT_DATA_AVAILABLE /* Iterates over the TLV section and copy TLVs with requested major * type to the provided buffer. */ @@ -226,6 +235,8 @@ void tfm_core_get_boot_data_handler(uint32_t args[]) boot_data->header.tlv_tot_len += tlv_entry.tlv_len; } } +#endif /* BOOT_DATA_AVAILABLE */ + args[0] = (uint32_t)TFM_SUCCESS; return; } diff --git a/secure_fw/services/initial_attestation/tfm_attestation.c b/secure_fw/services/initial_attestation/tfm_attestation.c index 1b8757ac79..7e20b2e3d4 100644 --- a/secure_fw/services/initial_attestation/tfm_attestation.c +++ b/secure_fw/services/initial_attestation/tfm_attestation.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019, Arm Limited. All rights reserved. + * Copyright (c) 2019-2020, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * @@ -57,22 +57,12 @@ attest_get_boot_data(uint8_t major_type, uint32_t len) { enum psa_attest_err_t attest_res = PSA_ATTEST_ERR_SUCCESS; - -#ifndef BL2 - /* Avoid compiler warning due to unused argument */ - (void)len; - (void)major_type; - - boot_data->header.tlv_magic = SHARED_DATA_TLV_INFO_MAGIC; - boot_data->header.tlv_tot_len = SHARED_DATA_HEADER_SIZE; -#else int32_t tfm_res; tfm_res = tfm_core_get_boot_data(major_type, boot_data, len); if (tfm_res != (int32_t)TFM_SUCCESS) { attest_res = PSA_ATTEST_ERR_INIT_FAILED; } -#endif /* BL2 */ return attest_res; } |