diff options
author | Tamas Ban <tamas.ban@arm.com> | 2022-06-28 15:03:10 +0200 |
---|---|---|
committer | Anton Komlev <Anton.Komlev@arm.com> | 2022-07-27 23:10:24 +0200 |
commit | a7ef16b88c062994f5ee2a856b727c2557c53464 (patch) | |
tree | 54dd1491cf065447b210f34ccc0870cab6c243eb /secure_fw/partitions | |
parent | fc318d7f644b52c1231cb51382c49ac981b6cbe4 (diff) | |
download | trusted-firmware-m-a7ef16b88c062994f5ee2a856b727c2557c53464.tar.gz |
Attest: Introduce PSA 2.0.0 attestation profile
The attestation profile is evolving.
The original implementation is based on this version:
- https://www.ietf.org/archive/id/draft-tschofenig-rats-psa-token-05.html
- Profile name in the config: PSA_IOT_1
An updated version is available:
- https://www.ietf.org/archive/id/draft-tschofenig-rats-psa-token-09.html
- Profile name in the config: PSA_2_0_0
This change (and some follow-up) addresses the
differences between these and make the attestation
profile configurable. Currently, both profile is
supported. But in the long-term, the PSA_IOT_1 is
planned to be deprecated and then later removed.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Iebe584f22e05fa60a324e0a13126440cb6f936d5
Diffstat (limited to 'secure_fw/partitions')
3 files changed, 60 insertions, 56 deletions
diff --git a/secure_fw/partitions/initial_attestation/CMakeLists.txt b/secure_fw/partitions/initial_attestation/CMakeLists.txt index d5a59eb0cc..eb1bce4720 100644 --- a/secure_fw/partitions/initial_attestation/CMakeLists.txt +++ b/secure_fw/partitions/initial_attestation/CMakeLists.txt @@ -74,6 +74,7 @@ target_compile_definitions(tfm_psa_rot_partition_attestation $<$<BOOL:${ATTEST_INCLUDE_OPTIONAL_CLAIMS}>:INCLUDE_OPTIONAL_CLAIMS> $<$<BOOL:${ATTEST_INCLUDE_COSE_KEY_ID}>:INCLUDE_COSE_KEY_ID> $<$<NOT:$<BOOL:${PLATFORM_DEFAULT_ATTEST_HAL}>>:CLAIM_VALUE_CHECK> + ATTEST_TOKEN_PROFILE_${ATTEST_TOKEN_PROFILE} ) ########################### Attest defs ######################################## @@ -85,6 +86,11 @@ target_include_directories(tfm_attestation_defs . ) +target_compile_definitions(tfm_attestation_defs + INTERFACE + ATTEST_TOKEN_PROFILE_${ATTEST_TOKEN_PROFILE} +) + ############################ Secure API ######################################## target_sources(tfm_sprt diff --git a/secure_fw/partitions/initial_attestation/attest_core.c b/secure_fw/partitions/initial_attestation/attest_core.c index 4a74950c42..42587c5cd2 100644 --- a/secure_fw/partitions/initial_attestation/attest_core.c +++ b/secure_fw/partitions/initial_attestation/attest_core.c @@ -23,9 +23,7 @@ #define MAX_BOOT_STATUS 512 -/* Indicates how to encode SW components' measurements in the CBOR map */ -#define EAT_SW_COMPONENT_NESTED 1 /* Nested map */ -#define EAT_SW_COMPONENT_NOT_NESTED 0 /* Flat structure */ +#define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array))) /* The algorithm used in COSE */ #ifdef SYMMETRIC_INITIAL_ATTESTATION @@ -713,6 +711,24 @@ static void attest_get_option_flags(struct q_useful_buf_c *challenge, } #endif /* INCLUDE_TEST_CODE */ +#if defined(ATTEST_TOKEN_PROFILE_PSA_IOT_1) || \ + defined(ATTEST_TOKEN_PROFILE_PSA_2_0_0) + static enum psa_attest_err_t + (*claim_query_funcs[])(struct attest_token_encode_ctx *) = { + &attest_add_boot_seed_claim, + &attest_add_instance_id_claim, + &attest_add_implementation_id_claim, + &attest_add_caller_id_claim, + &attest_add_security_lifecycle_claim, + &attest_add_all_sw_components, +#ifdef INCLUDE_OPTIONAL_CLAIMS + &attest_add_verification_service, + &attest_add_profile_definition, + &attest_add_cert_ref_claim +#endif + }; +#endif + /*! * \brief Static function to create the initial attestation token * @@ -735,6 +751,7 @@ attest_create_token(struct q_useful_buf_c *challenge, struct attest_token_encode_ctx attest_token_ctx; int32_t key_select = 0; uint32_t option_flags = 0; + int i; attest_err = attest_register_initial_attestation_key(); if (attest_err != PSA_ATTEST_ERR_SUCCESS) { @@ -766,54 +783,13 @@ attest_create_token(struct q_useful_buf_c *challenge, } if (!(option_flags & TOKEN_OPT_OMIT_CLAIMS)) { - /* Mandatory claims in IAT token */ - attest_err = attest_add_boot_seed_claim(&attest_token_ctx); - if (attest_err != PSA_ATTEST_ERR_SUCCESS) { - goto error; - } - - attest_err = attest_add_instance_id_claim(&attest_token_ctx); - if (attest_err != PSA_ATTEST_ERR_SUCCESS) { - goto error; - } - - attest_err = attest_add_implementation_id_claim(&attest_token_ctx); - if (attest_err != PSA_ATTEST_ERR_SUCCESS) { - goto error; - } - - attest_err = attest_add_caller_id_claim(&attest_token_ctx); - if (attest_err != PSA_ATTEST_ERR_SUCCESS) { - goto error; - } - - attest_err = attest_add_security_lifecycle_claim(&attest_token_ctx); - if (attest_err != PSA_ATTEST_ERR_SUCCESS) { - goto error; - } - - attest_err = attest_add_all_sw_components(&attest_token_ctx); - if (attest_err != PSA_ATTEST_ERR_SUCCESS) { - goto error; - } - -#ifdef INCLUDE_OPTIONAL_CLAIMS - /* Optional claims in IAT token, remove them from release build */ - attest_err = attest_add_verification_service(&attest_token_ctx); - if (attest_err != PSA_ATTEST_ERR_SUCCESS) { - goto error; - } - - attest_err = attest_add_profile_definition(&attest_token_ctx); - if (attest_err != PSA_ATTEST_ERR_SUCCESS) { - goto error; - } - - attest_err = attest_add_cert_ref_claim(&attest_token_ctx); - if (attest_err != PSA_ATTEST_ERR_SUCCESS) { - goto error; + for (i = 0; i < ARRAY_LENGTH(claim_query_funcs); ++i) { + /* Calling the attest_add_XXX_claim functions */ + attest_err = claim_query_funcs[i](&attest_token_ctx); + if (attest_err != PSA_ATTEST_ERR_SUCCESS) { + goto error; + } } -#endif /* INCLUDE_OPTIONAL_CLAIMS */ } /* Finish up creating the token. This is where the actual signature diff --git a/secure_fw/partitions/initial_attestation/attest_iat_defines.h b/secure_fw/partitions/initial_attestation/attest_iat_defines.h index 45eb601974..57e286fbfa 100644 --- a/secure_fw/partitions/initial_attestation/attest_iat_defines.h +++ b/secure_fw/partitions/initial_attestation/attest_iat_defines.h @@ -12,6 +12,9 @@ extern "C" { #endif +#if defined(ATTEST_TOKEN_PROFILE_PSA_IOT_1) + +/* In case of the original PSA_IOT_PROFILE_1 */ #define IAT_ARM_RANGE_BASE (-75000) #define IAT_PROFILE_DEFINITION (IAT_ARM_RANGE_BASE - 0) #define IAT_CLIENT_ID (IAT_ARM_RANGE_BASE - 1) @@ -25,6 +28,31 @@ extern "C" { #define IAT_INSTANCE_ID (IAT_ARM_RANGE_BASE - 9) #define IAT_VERIFICATION_SERVICE (IAT_ARM_RANGE_BASE - 10) +/* Indicates that the boot status intentionally (i.e. the bootloader is not + * capable of producing it) does not contain any SW components' measurement. + * Required integer value for claim labeled IAT_NO_SW_COMPONENTS. + */ +#define NO_SW_COMPONENT_FIXED_VALUE 1 + +#elif defined(ATTEST_TOKEN_PROFILE_PSA_2_0_0) + +/* In case of PSA_2_0_0 (updated PSA profile ) */ +#define IAT_NONCE 10 /* EAT nonce */ +#define IAT_INSTANCE_ID 256 /* EAT ueid */ +#define IAT_PROFILE_DEFINITION 265 /* EAT eat_profile */ +#define IAT_ARM_RANGE_BASE (2393) +#define IAT_CLIENT_ID (IAT_ARM_RANGE_BASE + 1) +#define IAT_SECURITY_LIFECYCLE (IAT_ARM_RANGE_BASE + 2) +#define IAT_IMPLEMENTATION_ID (IAT_ARM_RANGE_BASE + 3) +#define IAT_BOOT_SEED (IAT_ARM_RANGE_BASE + 4) +#define IAT_CERTIFICATION_REFERENCE (IAT_ARM_RANGE_BASE + 5) +#define IAT_SW_COMPONENTS (IAT_ARM_RANGE_BASE + 6) +#define IAT_VERIFICATION_SERVICE (IAT_ARM_RANGE_BASE + 7) + +#else +#error "Attestation token profile is incorrect" +#endif + #define IAT_SW_COMPONENT_MEASUREMENT_TYPE (1) #define IAT_SW_COMPONENT_MEASUREMENT_VALUE (2) /* Reserved (3) */ @@ -32,12 +60,6 @@ extern "C" { #define IAT_SW_COMPONENT_SIGNER_ID (5) #define IAT_SW_COMPONENT_MEASUREMENT_DESC (6) -/* Indicates that the boot status intentionally (i.e. boot loader does not - * capable to produce it) does not contain any SW components' measurement. - * Required integer value for claim labeled IAT_NO_SW_COMPONENTS. - */ -#define NO_SW_COMPONENT_FIXED_VALUE 1 - #ifdef __cplusplus } #endif |