aboutsummaryrefslogtreecommitdiff
path: root/platform
diff options
context:
space:
mode:
authorTamas Ban <tamas.ban@arm.com>2020-11-20 16:48:04 +0000
committerDavid Hu <david.hu@arm.com>2021-03-19 15:08:58 +0800
commit36528dff5923be27d81cbf2ccc4f605220e0fdaf (patch)
treedfe625dd4cf5c3e68878a4b16a4e54b409938df7 /platform
parent616eaa3733c181f22c081210d3c38c2c2984fca6 (diff)
downloadtrusted-firmware-m-36528dff5923be27d81cbf2ccc4f605220e0fdaf.tar.gz
Platform: Use extended CFI against physical attacks on AN521
Harden the configuration of memory isolation hardware with extended CFI functionality to make sure that critical steps cannot be unnoticeable skipped due to physical attacks. Signed-off-by: Tamas Ban <tamas.ban@arm.com> Co-authorized-by: David Hu <david.hu@arm.com> Change-Id: Ic803499427d5327e3f83feb586efb42c2ff27e48
Diffstat (limited to 'platform')
-rw-r--r--platform/ext/target/mps2/an521/target_cfg.c73
1 files changed, 73 insertions, 0 deletions
diff --git a/platform/ext/target/mps2/an521/target_cfg.c b/platform/ext/target/mps2/an521/target_cfg.c
index 090bca8bc..a57a2e80c 100644
--- a/platform/ext/target/mps2/an521/target_cfg.c
+++ b/platform/ext/target/mps2/an521/target_cfg.c
@@ -376,11 +376,15 @@ const struct sau_cfg_t sau_cfg[] = {
#endif
};
+#define NR_SAU_INIT_STEP 3
+
fih_int sau_and_idau_cfg(void)
{
struct spctrl_def *spctrl = CMSDK_SPCTRL;
uint32_t i;
+ FIH_CFI_STEP_INIT(NR_SAU_INIT_STEP);
+
/* Enables SAU */
#ifdef TFM_FIH_PROFILE_ON
TZ_SAU_Enable();
@@ -388,6 +392,8 @@ fih_int sau_and_idau_cfg(void)
#endif
TZ_SAU_Enable();
+ FIH_CFI_STEP_DECREMENT();
+
for (i = 0; i < ARRAY_SIZE(sau_cfg); i++) {
SAU->RNR = i;
SAU->RBAR = sau_cfg[i].RBAR & SAU_RBAR_BADDR_Msk;
@@ -396,22 +402,41 @@ fih_int sau_and_idau_cfg(void)
SAU_RLAR_ENABLE_Msk;
}
+ FIH_CFI_STEP_DECREMENT();
+
/* Allows SAU to define the code region as a NSC */
spctrl->nsccfg |= NSCCFG_CODENSC;
+ FIH_CFI_STEP_DECREMENT();
+
FIH_RET(fih_int_encode(TFM_PLAT_ERR_SUCCESS));
+
+ /*
+ * Dummy operation to avoid unused variable warning of the saved FIH counter
+ * variable.
+ */
+ FIH_CFI_STEP_ERR_RESET();
}
/*------------------- Memory configuration functions -------------------------*/
+#ifdef BL2
+#define NR_MPC_INIT_STEP 7
+#else
+#define NR_MPC_INIT_STEP 6
+#endif
fih_int mpc_init_cfg(void)
{
int32_t ret = ARM_DRIVER_ERROR;
fih_int fih_rc = FIH_FAILURE;
+ FIH_CFI_STEP_INIT(NR_MPC_INIT_STEP);
+
ret = Driver_SRAM1_MPC.Initialize();
+ FIH_CFI_STEP_DECREMENT();
if (ret != ARM_DRIVER_OK) {
fih_rc = fih_int_encode(ret);
+ FIH_CFI_STEP_ERR_RESET();
goto Done;
}
@@ -419,8 +444,10 @@ fih_int mpc_init_cfg(void)
memory_regions.non_secure_partition_base,
memory_regions.non_secure_partition_limit,
ARM_MPC_ATTR_NONSECURE);
+ FIH_CFI_STEP_DECREMENT();
if (ret != ARM_DRIVER_OK) {
fih_rc = fih_int_encode(ret);
+ FIH_CFI_STEP_ERR_RESET();
goto Done;
}
@@ -429,35 +456,45 @@ fih_int mpc_init_cfg(void)
ret = Driver_SRAM1_MPC.ConfigRegion(memory_regions.secondary_partition_base,
memory_regions.secondary_partition_limit,
ARM_MPC_ATTR_NONSECURE);
+ FIH_CFI_STEP_DECREMENT();
if (ret != ARM_DRIVER_OK) {
fih_rc = fih_int_encode(ret);
+ FIH_CFI_STEP_ERR_RESET();
goto Done;
}
#endif /* BL2 */
ret = Driver_SRAM2_MPC.Initialize();
+ FIH_CFI_STEP_DECREMENT();
if (ret != ARM_DRIVER_OK) {
fih_rc = fih_int_encode(ret);
+ FIH_CFI_STEP_ERR_RESET();
goto Done;
}
ret = Driver_SRAM2_MPC.ConfigRegion(NS_DATA_START, NS_DATA_LIMIT,
ARM_MPC_ATTR_NONSECURE);
+ FIH_CFI_STEP_DECREMENT();
if (ret != ARM_DRIVER_OK) {
fih_rc = fih_int_encode(ret);
+ FIH_CFI_STEP_ERR_RESET();
goto Done;
}
/* Lock down the MPC configuration */
ret = Driver_SRAM1_MPC.LockDown();
+ FIH_CFI_STEP_DECREMENT();
if (ret != ARM_DRIVER_OK) {
fih_rc = fih_int_encode(ret);
+ FIH_CFI_STEP_ERR_RESET();
goto Done;
}
ret = Driver_SRAM2_MPC.LockDown();
+ FIH_CFI_STEP_DECREMENT();
if (ret != ARM_DRIVER_OK) {
fih_rc = fih_int_encode(ret);
+ FIH_CFI_STEP_ERR_RESET();
goto Done;
}
@@ -474,12 +511,15 @@ Done:
}
/*---------------------- PPC configuration functions -------------------------*/
+#define NR_PPC_INIT_STEP 4
fih_int ppc_init_cfg(void)
{
struct spctrl_def* spctrl = CMSDK_SPCTRL;
struct nspctrl_def* nspctrl = CMSDK_NSPCTRL;
+ FIH_CFI_STEP_INIT(NR_PPC_INIT_STEP);
+
/* Grant non-secure access to peripherals in the PPC0
* (timer0 and 1, dualtimer, watchdog, mhu 0 and 1)
*/
@@ -519,6 +559,8 @@ fih_int ppc_init_cfg(void)
(1U << CMSDK_FPGA_AUDIO_PPC_POS) |
(1U << CMSDK_FPGA_IO_PPC_POS);
+ FIH_CFI_STEP_DECREMENT();
+
/* Grant non-secure access to all peripherals on AHB EXP:
* Make sure that all possible peripherals are enabled by default
*/
@@ -534,6 +576,8 @@ fih_int ppc_init_cfg(void)
(1U << CMSDK_DMA2_PPC_POS) |
(1U << CMSDK_DMA3_PPC_POS);
+ FIH_CFI_STEP_DECREMENT();
+
/* in NS, grant un-privileged for UART0 */
nspctrl->apbnspppcexp1 |= (1U << CMSDK_UART0_APB_PPC_POS);
@@ -541,12 +585,22 @@ fih_int ppc_init_cfg(void)
nspctrl->apbnspppcexp2 |= (1U << CMSDK_FPGA_SCC_PPC_POS) |
(1U << CMSDK_FPGA_IO_PPC_POS);
+ FIH_CFI_STEP_DECREMENT();
+
/* Configure the response to a security violation as a
* bus error instead of RAZ/WI
*/
spctrl->secrespcfg |= 1U;
+ FIH_CFI_STEP_DECREMENT();
+
FIH_RET(fih_int_encode(TFM_PLAT_ERR_SUCCESS));
+
+ /*
+ * Dummy operation to avoid unused variable warning of the saved FIH counter
+ * variable.
+ */
+ FIH_CFI_STEP_ERR_RESET();
}
fih_int ppc_configure_to_non_secure(enum ppc_bank_e bank, uint16_t pos)
@@ -591,30 +645,43 @@ void ppc_clear_irq(void)
}
#ifdef TFM_FIH_PROFILE_ON
+#ifdef BL2
+#define NR_VERIFY_STEP 4
+#else
+#define NR_VERIFY_STEP 3
+#endif
+
fih_int verify_isolation_hw(void)
{
enum tfm_plat_err_t ret = ARM_DRIVER_ERROR;
ARM_MPC_SEC_ATTR attr;
fih_int fih_rc = FIH_FAILURE;
+ FIH_CFI_STEP_INIT(NR_VERIFY_STEP);
+
/* Check SAU config */
if (!(SAU->CTRL & SAU_CTRL_ENABLE_Msk ||
SAU->CTRL | SAU_CTRL_ALLNS_Msk)) {
FIH_PANIC;
}
+ FIH_CFI_STEP_DECREMENT();
+
/* Check MPC config */
ret = Driver_SRAM1_MPC.GetRegionConfig(
memory_regions.non_secure_partition_base,
memory_regions.non_secure_partition_limit,
&attr);
+ FIH_CFI_STEP_DECREMENT();
if (ret != ARM_DRIVER_OK) {
fih_rc = FIH_FAILURE;
+ FIH_CFI_STEP_ERR_RESET();
goto Done;
}
if (attr != ARM_MPC_ATTR_NONSECURE) {
fih_rc = FIH_FAILURE;
+ FIH_CFI_STEP_ERR_RESET();
goto Done;
}
@@ -623,25 +690,31 @@ fih_int verify_isolation_hw(void)
memory_regions.secondary_partition_base,
memory_regions.secondary_partition_limit,
&attr);
+ FIH_CFI_STEP_DECREMENT();
if (ret != ARM_DRIVER_OK) {
fih_rc = FIH_FAILURE;
+ FIH_CFI_STEP_ERR_RESET();
goto Done;
}
if (attr != ARM_MPC_ATTR_NONSECURE) {
fih_rc = FIH_FAILURE;
+ FIH_CFI_STEP_ERR_RESET();
goto Done;
}
#endif
ret = Driver_SRAM2_MPC.GetRegionConfig(NS_DATA_START, NS_DATA_LIMIT, &attr);
+ FIH_CFI_STEP_DECREMENT();
if (ret != ARM_DRIVER_OK) {
fih_rc = FIH_FAILURE;
+ FIH_CFI_STEP_ERR_RESET();
goto Done;
}
if (attr != ARM_MPC_ATTR_NONSECURE) {
fih_rc = FIH_FAILURE;
+ FIH_CFI_STEP_ERR_RESET();
goto Done;
}