aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSandrine Bailleux <sandrine.bailleux@arm.com>2022-12-07 13:51:57 +0100
committerTrustedFirmware Code Review <review@review.trustedfirmware.org>2022-12-07 13:51:57 +0100
commit825641d6150f05c1bcf6328ec726f46f2e9e37f9 (patch)
tree18e91027776d2532736196822d1e3616e6c57665
parentca32548a3b756d634b94104be32e46a8473182ad (diff)
parent3be9c27694bbec247e81746a45691d121535fd9f (diff)
downloadtrusted-firmware-a-master.tar.gz
Merge changes Ida9abfd5,Iec447d97 into integrationHEADmaster
* changes: build: enable adding MbedTLS files for platform feat(lib/psa): add read_measurement API
-rw-r--r--drivers/auth/mbedtls/mbedtls_common.mk2
-rw-r--r--include/lib/psa/measured_boot.h49
-rw-r--r--lib/psa/measured_boot.c75
-rw-r--r--lib/psa/measured_boot_private.h16
4 files changed, 141 insertions, 1 deletions
diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
index 16ce65ffe6..ae4b0676bf 100644
--- a/drivers/auth/mbedtls/mbedtls_common.mk
+++ b/drivers/auth/mbedtls/mbedtls_common.mk
@@ -22,7 +22,7 @@ $(eval $(call add_define,MBEDTLS_CONFIG_FILE))
MBEDTLS_SOURCES += drivers/auth/mbedtls/mbedtls_common.c
-LIBMBEDTLS_SRCS := $(addprefix ${MBEDTLS_DIR}/library/, \
+LIBMBEDTLS_SRCS += $(addprefix ${MBEDTLS_DIR}/library/, \
aes.c \
asn1parse.c \
asn1write.c \
diff --git a/include/lib/psa/measured_boot.h b/include/lib/psa/measured_boot.h
index 47aa0b9050..231da2c3af 100644
--- a/include/lib/psa/measured_boot.h
+++ b/include/lib/psa/measured_boot.h
@@ -74,4 +74,53 @@ rss_measured_boot_extend_measurement(uint8_t index,
size_t measurement_value_size,
bool lock_measurement);
+/**
+ * Retrieves a measurement from the requested slot.
+ *
+ * index Slot number from which measurement is to be
+ * retrieved.
+ * signer_id Pointer to signer_id buffer.
+ * signer_id_size Size of the signer_id buffer in bytes.
+ * signer_id_len On success, number of bytes that make up
+ * signer_id.
+ * version Pointer to version buffer.
+ * version_size Size of the version buffer in bytes.
+ * version_len On success, number of bytes that makeup the
+ * version.
+ * measurement_algo Pointer to measurement_algo.
+ * sw_type Pointer to sw_type buffer.
+ * sw_type_size Size of the sw_type buffer in bytes.
+ * sw_type_len On success, number of bytes that makeup the
+ * sw_type.
+ * measurement_value Pointer to measurement_value buffer.
+ * measurement_value_size Size of the measurement_value buffer in bytes.
+ * measurement_value_len On success, number of bytes that make up the
+ * measurement_value.
+ * is_locked Pointer to lock status of requested measurement
+ * slot.
+ *
+ * PSA_SUCCESS
+ * - Success.
+ * PSA_ERROR_INVALID_ARGUMENT
+ * - The size of at least one of the output buffers is incorrect or the
+ * requested slot index is invalid.
+ * PSA_ERROR_DOES_NOT_EXIST
+ * - The requested slot is empty, does not contain a measurement.
+ */
+psa_status_t rss_measured_boot_read_measurement(uint8_t index,
+ uint8_t *signer_id,
+ size_t signer_id_size,
+ size_t *signer_id_len,
+ uint8_t *version,
+ size_t version_size,
+ size_t *version_len,
+ uint32_t *measurement_algo,
+ uint8_t *sw_type,
+ size_t sw_type_size,
+ size_t *sw_type_len,
+ uint8_t *measurement_value,
+ size_t measurement_value_size,
+ size_t *measurement_value_len,
+ bool *is_locked);
+
#endif /* PSA_MEASURED_BOOT_H */
diff --git a/lib/psa/measured_boot.c b/lib/psa/measured_boot.c
index 61747f2157..10c43f1f89 100644
--- a/lib/psa/measured_boot.c
+++ b/lib/psa/measured_boot.c
@@ -111,6 +111,61 @@ rss_measured_boot_extend_measurement(uint8_t index,
NULL, 0);
}
+psa_status_t rss_measured_boot_read_measurement(uint8_t index,
+ uint8_t *signer_id,
+ size_t signer_id_size,
+ size_t *signer_id_len,
+ uint8_t *version,
+ size_t version_size,
+ size_t *version_len,
+ uint32_t *measurement_algo,
+ uint8_t *sw_type,
+ size_t sw_type_size,
+ size_t *sw_type_len,
+ uint8_t *measurement_value,
+ size_t measurement_value_size,
+ size_t *measurement_value_len,
+ bool *is_locked)
+{
+ psa_status_t status;
+ struct measured_boot_read_iovec_in_t read_iov_in = {
+ .index = index,
+ .sw_type_size = sw_type_size,
+ .version_size = version_size,
+ };
+
+ struct measured_boot_read_iovec_out_t read_iov_out;
+
+ psa_invec in_vec[] = {
+ {.base = &read_iov_in,
+ .len = sizeof(struct measured_boot_read_iovec_in_t)},
+ };
+
+ psa_outvec out_vec[] = {
+ {.base = &read_iov_out,
+ .len = sizeof(struct measured_boot_read_iovec_out_t)},
+ {.base = signer_id, .len = signer_id_size},
+ {.base = measurement_value, .len = measurement_value_size}
+ };
+
+ status = psa_call(RSS_MEASURED_BOOT_HANDLE, RSS_MEASURED_BOOT_READ,
+ in_vec, IOVEC_LEN(in_vec),
+ out_vec, IOVEC_LEN(out_vec));
+
+ if (status == PSA_SUCCESS) {
+ *is_locked = read_iov_out.is_locked;
+ *measurement_algo = read_iov_out.measurement_algo;
+ *sw_type_len = read_iov_out.sw_type_len;
+ *version_len = read_iov_out.version_len;
+ memcpy(sw_type, read_iov_out.sw_type, read_iov_out.sw_type_len);
+ memcpy(version, read_iov_out.version, read_iov_out.version_len);
+ *signer_id_len = out_vec[1].len;
+ *measurement_value_len = out_vec[2].len;
+ }
+
+ return status;
+}
+
#else /* !PLAT_RSS_NOT_SUPPORTED */
psa_status_t
@@ -133,4 +188,24 @@ rss_measured_boot_extend_measurement(uint8_t index,
return PSA_SUCCESS;
}
+
+psa_status_t rss_measured_boot_read_measurement(uint8_t index,
+ uint8_t *signer_id,
+ size_t signer_id_size,
+ size_t *signer_id_len,
+ uint8_t *version,
+ size_t version_size,
+ size_t *version_len,
+ uint32_t *measurement_algo,
+ uint8_t *sw_type,
+ size_t sw_type_size,
+ size_t *sw_type_len,
+ uint8_t *measurement_value,
+ size_t measurement_value_size,
+ size_t *measurement_value_len,
+ bool *is_locked)
+{
+ return PSA_SUCCESS;
+}
+
#endif /* !PLAT_RSS_NOT_SUPPORTED */
diff --git a/lib/psa/measured_boot_private.h b/lib/psa/measured_boot_private.h
index 649c3f6a4a..80d2c19fa3 100644
--- a/lib/psa/measured_boot_private.h
+++ b/lib/psa/measured_boot_private.h
@@ -11,8 +11,24 @@
#include <stdint.h>
/* Measured boot message types that distinguish its services */
+#define RSS_MEASURED_BOOT_READ 1001U
#define RSS_MEASURED_BOOT_EXTEND 1002U
+struct measured_boot_read_iovec_in_t {
+ uint8_t index;
+ uint8_t sw_type_size;
+ uint8_t version_size;
+};
+
+struct measured_boot_read_iovec_out_t {
+ uint8_t is_locked;
+ uint32_t measurement_algo;
+ uint8_t sw_type[SW_TYPE_MAX_SIZE];
+ uint8_t sw_type_len;
+ uint8_t version[VERSION_MAX_SIZE];
+ uint8_t version_len;
+};
+
struct measured_boot_extend_iovec_t {
uint8_t index;
uint8_t lock_measurement;