diff options
author | Tamas Ban <tamas.ban@arm.com> | 2022-06-28 15:45:10 +0200 |
---|---|---|
committer | Tamas Ban <tamas.ban@arm.com> | 2022-09-07 15:59:21 +0200 |
commit | 7a32d9c17c63c9598c920c8fada6513d4ebee62b (patch) | |
tree | bc96c4a913c2b6a1c018cac55c06b361c1bc7d6e /secure_fw/partitions | |
parent | 7dcb8c5aa7d566c4a5aa026e6fd33f188da20e99 (diff) | |
download | trusted-firmware-m-7a32d9c17c63c9598c920c8fada6513d4ebee62b.tar.gz |
Attest: Add ARM_CCA attestation token profile
Specification:
https://developer.arm.com/documentation/den0137/latest
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I5baa8004e72a5c6e8202fbe67c2dc86a7a2a358a
Diffstat (limited to 'secure_fw/partitions')
-rw-r--r-- | secure_fw/partitions/initial_attestation/attest_core.c | 121 |
1 files changed, 101 insertions, 20 deletions
diff --git a/secure_fw/partitions/initial_attestation/attest_core.c b/secure_fw/partitions/initial_attestation/attest_core.c index c5b9719edc..ba12ebd948 100644 --- a/secure_fw/partitions/initial_attestation/attest_core.c +++ b/secure_fw/partitions/initial_attestation/attest_core.c @@ -298,6 +298,74 @@ attest_add_caller_id_claim(struct attest_token_encode_ctx *token_ctx) return PSA_ATTEST_ERR_SUCCESS; } +#ifdef ATTEST_TOKEN_PROFILE_ARM_CCA +/*! + * \brief Static function to add the platform hash algorithm identifier + * claim to the attestation token. This hash algo is used for extending + * the boot measurements. + * + * \param[in] token_ctx Token encoding context + * \param[in] challenge Pointer to buffer which stores the hash algo. + * + * \return Returns error code as specified in \ref psa_attest_err_t + */ +static enum psa_attest_err_t +attest_add_hash_algo_claim(struct attest_token_encode_ctx *token_ctx) +{ + struct q_useful_buf_c hash_algo; + uint8_t buf[PLATFORM_HASH_ALGO_ID_MAX_SIZE]; + uint32_t size = sizeof(buf); + enum tfm_plat_err_t err; + + err = tfm_attest_hal_get_platform_hash_algo(&size, buf); + if (err != TFM_PLAT_ERR_SUCCESS) { + return PSA_ATTEST_ERR_GENERAL; + } + + hash_algo.ptr = &buf; + hash_algo.len = size; + attest_token_encode_add_tstr(token_ctx, + IAT_PLATFORM_HASH_ALGO_ID, + &hash_algo); + + return PSA_ATTEST_ERR_SUCCESS; +} + +/*! + * \brief Static function to add the platform hash algorithm identifier + * claim to the attestation token. This hash algo is used for extending + * the boot measurements. + * + * \param[in] token_ctx Token encoding context + * \param[in] challenge Pointer to buffer which stores the hash algo. + * + * \return Returns error code as specified in \ref psa_attest_err_t + */ +static enum psa_attest_err_t +attest_add_platform_config_claim(struct attest_token_encode_ctx *token_ctx) +{ + + uint8_t plat_config[PLATFORM_CONFIG_MAX_SIZE]; + enum tfm_plat_err_t res; + uint32_t size = sizeof(plat_config); + struct q_useful_buf_c claim_value; + + res = tfm_attest_hal_get_platform_config(&size, plat_config); + if (res != TFM_PLAT_ERR_SUCCESS) { + return PSA_ATTEST_ERR_GENERAL; + } + + claim_value.ptr = plat_config; + claim_value.len = size; + + attest_token_encode_add_bstr(token_ctx, + IAT_PLATFORM_CONFIG, + &claim_value); + + return PSA_ATTEST_ERR_SUCCESS; +} +#endif + /*! * \brief Static function to add security lifecycle claim to attestation token. * @@ -366,7 +434,6 @@ attest_add_nonce_claim(struct attest_token_encode_ctx *token_ctx, return PSA_ATTEST_ERR_SUCCESS; } -#ifdef INCLUDE_OPTIONAL_CLAIMS /* Remove them from release build */ /*! * \brief Static function to add the verification service indicator claim * to the attestation token. @@ -470,7 +537,6 @@ attest_add_cert_ref_claim(struct attest_token_encode_ctx *token_ctx) return PSA_ATTEST_ERR_SUCCESS; } -#endif /* INCLUDE_OPTIONAL_CLAIMS */ /*! * \brief Static function to verify the input challenge size @@ -549,24 +615,6 @@ static void attest_get_option_flags(struct q_useful_buf_c *challenge, } #endif /* INCLUDE_TEST_CODE */ -#if defined(ATTEST_TOKEN_PROFILE_PSA_IOT_1) || \ - defined(ATTEST_TOKEN_PROFILE_PSA_2_0_0) - static enum psa_attest_err_t - (*claim_query_funcs[])(struct attest_token_encode_ctx *) = { - &attest_add_boot_seed_claim, - &attest_add_instance_id_claim, - &attest_add_implementation_id_claim, - &attest_add_caller_id_claim, - &attest_add_security_lifecycle_claim, - &attest_add_all_sw_components, -#ifdef INCLUDE_OPTIONAL_CLAIMS - &attest_add_verification_service, - &attest_add_profile_definition, - &attest_add_cert_ref_claim -#endif - }; -#endif - static enum psa_attest_err_t attest_get_t_cose_algorithm( int32_t *cose_algorithm_id) { @@ -621,6 +669,39 @@ static enum psa_attest_err_t attest_get_t_cose_algorithm( return PSA_ATTEST_ERR_SUCCESS; } +#if defined(ATTEST_TOKEN_PROFILE_PSA_IOT_1) || \ + defined(ATTEST_TOKEN_PROFILE_PSA_2_0_0) + static enum psa_attest_err_t + (*claim_query_funcs[])(struct attest_token_encode_ctx *) = { + &attest_add_boot_seed_claim, + &attest_add_instance_id_claim, + &attest_add_implementation_id_claim, + &attest_add_caller_id_claim, + &attest_add_security_lifecycle_claim, + &attest_add_all_sw_components, +#ifdef INCLUDE_OPTIONAL_CLAIMS + &attest_add_verification_service, + &attest_add_profile_definition, + &attest_add_cert_ref_claim +#endif + }; +#elif defined(ATTEST_TOKEN_PROFILE_ARM_CCA) + + static enum psa_attest_err_t + (*claim_query_funcs[])(struct attest_token_encode_ctx *) = { + &attest_add_instance_id_claim, + &attest_add_implementation_id_claim, + &attest_add_security_lifecycle_claim, + &attest_add_all_sw_components, + &attest_add_profile_definition, + &attest_add_hash_algo_claim, + &attest_add_platform_config_claim, +#ifdef INCLUDE_OPTIONAL_CLAIMS + &attest_add_verification_service, +#endif + }; +#endif + /*! * \brief Static function to create the initial attestation token * |