diff options
author | Lauren Wehrmeister <lauren.wehrmeister@arm.com> | 2022-06-27 17:32:59 +0200 |
---|---|---|
committer | TrustedFirmware Code Review <review@review.trustedfirmware.org> | 2022-06-27 17:32:59 +0200 |
commit | 02450800bca438eac1da75f3a04d732f55c32f48 (patch) | |
tree | 24627955ec1efb0f7a2ec82e05ff550607efb148 | |
parent | 6f614219c70fbfea2b8ea20351ed83a34e9612c9 (diff) | |
parent | 4ee91ba98f7b86aa27b1e14a524c4429bf13fd2f (diff) | |
download | trusted-firmware-a-02450800bca438eac1da75f3a04d732f55c32f48.tar.gz |
Merge changes from topic "mb_hash" into integration
* changes:
refactor(imx): update config of mbedtls support
refactor(qemu): update configuring mbedtls support
refactor(measured-boot): mb algorithm selection
-rw-r--r-- | drivers/auth/mbedtls/mbedtls_common.mk | 16 | ||||
-rw-r--r-- | drivers/measured_boot/event_log/event_log.mk | 15 | ||||
-rw-r--r-- | drivers/measured_boot/rss/rss_measured_boot.mk | 11 | ||||
-rw-r--r-- | include/drivers/auth/mbedtls/mbedtls_config.h | 5 | ||||
-rw-r--r-- | plat/arm/board/fvp/platform.mk | 4 | ||||
-rw-r--r-- | plat/arm/common/arm_common.mk | 4 | ||||
-rw-r--r-- | plat/imx/imx8m/imx8mm/platform.mk | 4 | ||||
-rw-r--r-- | plat/qemu/qemu/platform.mk | 4 |
8 files changed, 32 insertions, 31 deletions
diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk index 3eb41617fa..16ce65ffe6 100644 --- a/drivers/auth/mbedtls/mbedtls_common.mk +++ b/drivers/auth/mbedtls/mbedtls_common.mk @@ -97,18 +97,6 @@ else TF_MBEDTLS_USE_AES_GCM := 0 endif -ifeq ($(MEASURED_BOOT),1) - ifeq (${TPM_HASH_ALG}, sha256) - TF_MBEDTLS_TPM_HASH_ALG_ID := TF_MBEDTLS_SHA256 - else ifeq (${TPM_HASH_ALG}, sha384) - TF_MBEDTLS_TPM_HASH_ALG_ID := TF_MBEDTLS_SHA384 - else ifeq (${TPM_HASH_ALG}, sha512) - TF_MBEDTLS_TPM_HASH_ALG_ID := TF_MBEDTLS_SHA512 - else - $(error "TPM_HASH_ALG not defined.") - endif -endif - # Needs to be set to drive mbed TLS configuration correctly $(eval $(call add_defines,\ $(sort \ @@ -118,10 +106,6 @@ $(eval $(call add_defines,\ TF_MBEDTLS_USE_AES_GCM \ ))) -ifeq ($(MEASURED_BOOT),1) - $(eval $(call add_define,TF_MBEDTLS_TPM_HASH_ALG_ID)) -endif - $(eval $(call MAKE_LIB,mbedtls)) endif diff --git a/drivers/measured_boot/event_log/event_log.mk b/drivers/measured_boot/event_log/event_log.mk index 1ff4aa81c2..5ea4c554a0 100644 --- a/drivers/measured_boot/event_log/event_log.mk +++ b/drivers/measured_boot/event_log/event_log.mk @@ -7,20 +7,25 @@ # Default log level to dump the event log (LOG_LEVEL_INFO) EVENT_LOG_LEVEL ?= 40 -# TPM hash algorithm. +# Measured Boot hash algorithm. # SHA-256 (or stronger) is required for all devices that are TPM 2.0 compliant. -TPM_HASH_ALG := sha256 +ifdef TPM_HASH_ALG + $(warning "TPM_HASH_ALG is deprecated. Please use MBOOT_EL_HASH_ALG instead.") + MBOOT_EL_HASH_ALG := ${TPM_HASH_ALG} +else + MBOOT_EL_HASH_ALG := sha256 +endif -ifeq (${TPM_HASH_ALG}, sha512) +ifeq (${MBOOT_EL_HASH_ALG}, sha512) TPM_ALG_ID := TPM_ALG_SHA512 TCG_DIGEST_SIZE := 64U -else ifeq (${TPM_HASH_ALG}, sha384) +else ifeq (${MBOOT_EL_HASH_ALG}, sha384) TPM_ALG_ID := TPM_ALG_SHA384 TCG_DIGEST_SIZE := 48U else TPM_ALG_ID := TPM_ALG_SHA256 TCG_DIGEST_SIZE := 32U -endif #TPM_HASH_ALG +endif #MBOOT_EL_HASH_ALG # Set definitions for Measured Boot driver. $(eval $(call add_defines,\ diff --git a/drivers/measured_boot/rss/rss_measured_boot.mk b/drivers/measured_boot/rss/rss_measured_boot.mk index 01545afeb3..18ee836184 100644 --- a/drivers/measured_boot/rss/rss_measured_boot.mk +++ b/drivers/measured_boot/rss/rss_measured_boot.mk @@ -6,21 +6,18 @@ # Hash algorithm for measured boot # SHA-256 (or stronger) is required. -# TODO: The measurement algorithm incorrectly suggests that the TPM backend -# is used which may not be the case. It is currently being worked on and -# soon TPM_HASH_ALG will be replaced by a more generic name. -TPM_HASH_ALG := sha256 +MBOOT_RSS_HASH_ALG := sha256 -ifeq (${TPM_HASH_ALG}, sha512) +ifeq (${MBOOT_RSS_HASH_ALG}, sha512) MBOOT_ALG_ID := MBOOT_ALG_SHA512 MBOOT_DIGEST_SIZE := 64U -else ifeq (${TPM_HASH_ALG}, sha384) +else ifeq (${MBOOT_RSS_HASH_ALG}, sha384) MBOOT_ALG_ID := MBOOT_ALG_SHA384 MBOOT_DIGEST_SIZE := 48U else MBOOT_ALG_ID := MBOOT_ALG_SHA256 MBOOT_DIGEST_SIZE := 32U -endif #TPM_HASH_ALG +endif #MBOOT_RSS_HASH_ALG # Set definitions for Measured Boot driver. $(eval $(call add_defines,\ diff --git a/include/drivers/auth/mbedtls/mbedtls_config.h b/include/drivers/auth/mbedtls/mbedtls_config.h index 8ad6d7a424..92188a2e1f 100644 --- a/include/drivers/auth/mbedtls/mbedtls_config.h +++ b/include/drivers/auth/mbedtls/mbedtls_config.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2021, Arm Limited. All rights reserved. + * Copyright (c) 2015-2022, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -80,8 +80,7 @@ #define MBEDTLS_SHA512_C #else /* TBB uses SHA-256, what about measured boot? */ -#if defined(TF_MBEDTLS_TPM_HASH_ALG_ID) && \ - (TF_MBEDTLS_TPM_HASH_ALG_ID != TF_MBEDTLS_SHA256) +#if defined(TF_MBEDTLS_MBOOT_USE_SHA512) #define MBEDTLS_SHA512_C #endif #endif diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk index 54c5e75450..f9053a8704 100644 --- a/plat/arm/board/fvp/platform.mk +++ b/plat/arm/board/fvp/platform.mk @@ -375,6 +375,10 @@ ifeq (${MEASURED_BOOT},1) $(info Including ${RSS_MEASURED_BOOT_MK}) include ${RSS_MEASURED_BOOT_MK} + ifneq (${MBOOT_RSS_HASH_ALG}, sha256) + $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA512)) + endif + BL1_SOURCES += ${MEASURED_BOOT_SOURCES} BL2_SOURCES += ${MEASURED_BOOT_SOURCES} endif diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk index 10b01fa36c..290b4eeda9 100644 --- a/plat/arm/common/arm_common.mk +++ b/plat/arm/common/arm_common.mk @@ -403,6 +403,10 @@ ifeq (${MEASURED_BOOT},1) $(info Including ${MEASURED_BOOT_MK}) include ${MEASURED_BOOT_MK} + ifneq (${MBOOT_EL_HASH_ALG}, sha256) + $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA512)) + endif + BL1_SOURCES += ${EVENT_LOG_SOURCES} BL2_SOURCES += ${EVENT_LOG_SOURCES} endif diff --git a/plat/imx/imx8m/imx8mm/platform.mk b/plat/imx/imx8m/imx8mm/platform.mk index 0cce7ca57e..60fa325864 100644 --- a/plat/imx/imx8m/imx8mm/platform.mk +++ b/plat/imx/imx8m/imx8mm/platform.mk @@ -162,6 +162,10 @@ ifeq (${MEASURED_BOOT},1) $(info Including ${MEASURED_BOOT_MK}) include ${MEASURED_BOOT_MK} +ifneq (${MBOOT_EL_HASH_ALG}, sha256) + $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA512)) +endif + BL2_SOURCES += plat/imx/imx8m/imx8m_measured_boot.c \ plat/imx/imx8m/imx8m_dyn_cfg_helpers.c \ ${EVENT_LOG_SOURCES} diff --git a/plat/qemu/qemu/platform.mk b/plat/qemu/qemu/platform.mk index 6a877c3ff1..8e7f7c8253 100644 --- a/plat/qemu/qemu/platform.mk +++ b/plat/qemu/qemu/platform.mk @@ -104,6 +104,10 @@ ifeq (${MEASURED_BOOT},1) $(info Including ${MEASURED_BOOT_MK}) include ${MEASURED_BOOT_MK} + ifneq (${MBOOT_EL_HASH_ALG}, sha256) + $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA512)) + endif + BL2_SOURCES += plat/qemu/qemu/qemu_measured_boot.c \ plat/qemu/qemu/qemu_common_measured_boot.c \ plat/qemu/qemu/qemu_helpers.c \ |