aboutsummaryrefslogtreecommitdiff
path: root/secure_fw/partitions
diff options
context:
space:
mode:
authorTamas Ban <tamas.ban@arm.com>2022-06-22 14:23:52 +0200
committerAnton Komlev <Anton.Komlev@arm.com>2022-07-27 23:10:24 +0200
commitfc318d7f644b52c1231cb51382c49ac981b6cbe4 (patch)
treea65687dc8651d30d9d4a6b01b6894b059c0e3532 /secure_fw/partitions
parentdf28e9f0289565ddb14d0094c6b087abceb97be6 (diff)
downloadtrusted-firmware-m-fc318d7f644b52c1231cb51382c49ac981b6cbe4.tar.gz
Attest: Rename claims according to latest spec version
Latest spec: https://www.ietf.org/archive/id/draft-tschofenig-rats-psa-token-09.html Rename the following claims and related code (functions and variables, etc): - UEID -> Instance ID - Origination -> Verification Service Indicator - Hardware Version -> Certification Reference - Challenge -> Nonce Signed-off-by: Tamas Ban <tamas.ban@arm.com> Change-Id: I4342d18893f81f4cd9163fca5e9ea9a08f1b8b6e
Diffstat (limited to 'secure_fw/partitions')
-rw-r--r--secure_fw/partitions/initial_attestation/attest_core.c43
-rw-r--r--secure_fw/partitions/initial_attestation/attest_iat_defines.h8
2 files changed, 26 insertions, 25 deletions
diff --git a/secure_fw/partitions/initial_attestation/attest_core.c b/secure_fw/partitions/initial_attestation/attest_core.c
index 84e456175e..4a74950c42 100644
--- a/secure_fw/partitions/initial_attestation/attest_core.c
+++ b/secure_fw/partitions/initial_attestation/attest_core.c
@@ -402,7 +402,7 @@ attest_add_instance_id_claim(struct attest_token_encode_ctx *token_ctx)
}
attest_token_encode_add_bstr(token_ctx,
- IAT_UEID,
+ IAT_INSTANCE_ID,
&claim_value);
return PSA_ATTEST_ERR_SUCCESS;
@@ -512,20 +512,20 @@ attest_add_security_lifecycle_claim(struct attest_token_encode_ctx *token_ctx)
}
/*!
- * \brief Static function to add challenge claim to attestation token.
+ * \brief Static function to add the nonce claim to attestation token.
*
* \param[in] token_ctx Token encoding context
- * \param[in] challenge Pointer to buffer which stores the challenge
+ * \param[in] nonce Pointer to buffer which stores the challenge
*
* \return Returns error code as specified in \ref psa_attest_err_t
*/
static enum psa_attest_err_t
-attest_add_challenge_claim(struct attest_token_encode_ctx *token_ctx,
- const struct q_useful_buf_c *challenge)
+attest_add_nonce_claim(struct attest_token_encode_ctx *token_ctx,
+ const struct q_useful_buf_c *nonce)
{
attest_token_encode_add_bstr(token_ctx,
- IAT_CHALLENGE,
- challenge);
+ IAT_NONCE,
+ nonce);
return PSA_ATTEST_ERR_SUCCESS;
}
@@ -555,7 +555,7 @@ attest_add_verification_service(struct attest_token_encode_ctx *token_ctx)
service.ptr = &buf;
service.len = size;
attest_token_encode_add_tstr(token_ctx,
- IAT_ORIGINATION,
+ IAT_VERIFICATION_SERVICE,
&service);
return PSA_ATTEST_ERR_SUCCESS;
@@ -591,27 +591,28 @@ attest_add_profile_definition(struct attest_token_encode_ctx *token_ctx)
}
/*!
- * \brief Static function to add hardware version claim to attestation token.
+ * \brief Static function to add certification reference claim to attestation
+ * token.
*
* \param[in] token_ctx Token encoding context
*
* \return Returns error code as specified in \ref psa_attest_err_t
*/
static enum psa_attest_err_t
-attest_add_hw_version_claim(struct attest_token_encode_ctx *token_ctx)
+attest_add_cert_ref_claim(struct attest_token_encode_ctx *token_ctx)
{
- uint8_t hw_version[HW_VERSION_MAX_SIZE];
+ uint8_t buf[CERTIFICATION_REF_MAX_SIZE];
enum tfm_plat_err_t res_plat;
- uint32_t size = sizeof(hw_version);
+ uint32_t size = sizeof(buf);
struct q_useful_buf_c claim_value = {0};
uint16_t tlv_len;
uint8_t *tlv_ptr = NULL;
int32_t found = 0;
- /* First look up HW version in boot status, it might comes
- * from bootloader
+ /* First look up the certification reference in the boot status, it might
+ * comes from the bootloader.
*/
- found = attest_get_tlv_by_id(HW_VERSION, &tlv_len, &tlv_ptr);
+ found = attest_get_tlv_by_id(CERT_REF, &tlv_len, &tlv_ptr);
if (found == 1) {
claim_value.ptr = tlv_ptr + SHARED_DATA_ENTRY_HEADER_SIZE;
claim_value.len = tlv_len;
@@ -619,16 +620,16 @@ attest_add_hw_version_claim(struct attest_token_encode_ctx *token_ctx)
/* If not found in boot status then use callback function to get it
* from runtime SW
*/
- res_plat = tfm_plat_get_hw_version(&size, hw_version);
+ res_plat = tfm_plat_get_cert_ref(&size, buf);
if (res_plat != TFM_PLAT_ERR_SUCCESS) {
return PSA_ATTEST_ERR_CLAIM_UNAVAILABLE;
}
- claim_value.ptr = hw_version;
+ claim_value.ptr = buf;
claim_value.len = size;
}
attest_token_encode_add_tstr(token_ctx,
- IAT_HW_VERSION,
+ IAT_CERTIFICATION_REFERENCE,
&claim_value);
return PSA_ATTEST_ERR_SUCCESS;
@@ -758,8 +759,8 @@ attest_create_token(struct q_useful_buf_c *challenge,
goto error;
}
- attest_err = attest_add_challenge_claim(&attest_token_ctx,
- challenge);
+ attest_err = attest_add_nonce_claim(&attest_token_ctx,
+ challenge);
if (attest_err != PSA_ATTEST_ERR_SUCCESS) {
goto error;
}
@@ -808,7 +809,7 @@ attest_create_token(struct q_useful_buf_c *challenge,
goto error;
}
- attest_err = attest_add_hw_version_claim(&attest_token_ctx);
+ attest_err = attest_add_cert_ref_claim(&attest_token_ctx);
if (attest_err != PSA_ATTEST_ERR_SUCCESS) {
goto error;
}
diff --git a/secure_fw/partitions/initial_attestation/attest_iat_defines.h b/secure_fw/partitions/initial_attestation/attest_iat_defines.h
index ef25cb48ba..45eb601974 100644
--- a/secure_fw/partitions/initial_attestation/attest_iat_defines.h
+++ b/secure_fw/partitions/initial_attestation/attest_iat_defines.h
@@ -18,12 +18,12 @@ extern "C" {
#define IAT_SECURITY_LIFECYCLE (IAT_ARM_RANGE_BASE - 2)
#define IAT_IMPLEMENTATION_ID (IAT_ARM_RANGE_BASE - 3)
#define IAT_BOOT_SEED (IAT_ARM_RANGE_BASE - 4)
-#define IAT_HW_VERSION (IAT_ARM_RANGE_BASE - 5)
+#define IAT_CERTIFICATION_REFERENCE (IAT_ARM_RANGE_BASE - 5)
#define IAT_SW_COMPONENTS (IAT_ARM_RANGE_BASE - 6)
#define IAT_NO_SW_COMPONENTS (IAT_ARM_RANGE_BASE - 7)
-#define IAT_CHALLENGE (IAT_ARM_RANGE_BASE - 8)
-#define IAT_UEID (IAT_ARM_RANGE_BASE - 9)
-#define IAT_ORIGINATION (IAT_ARM_RANGE_BASE - 10)
+#define IAT_NONCE (IAT_ARM_RANGE_BASE - 8)
+#define IAT_INSTANCE_ID (IAT_ARM_RANGE_BASE - 9)
+#define IAT_VERIFICATION_SERVICE (IAT_ARM_RANGE_BASE - 10)
#define IAT_SW_COMPONENT_MEASUREMENT_TYPE (1)
#define IAT_SW_COMPONENT_MEASUREMENT_VALUE (2)