aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulian Hall <julian.hall@arm.com>2021-06-03 16:07:28 +0100
committerGyorgy Szing <Gyorgy.Szing@arm.com>2021-07-05 12:47:43 +0200
commit7048d3091637689f4849206216b803e0cbf8b89f (patch)
tree16487f15899818303ca6d53e098690b515ed1409
parent4834e6323a9ae2106ea80331b851194a3f7c5c81 (diff)
downloadtrusted-services-7048d3091637689f4849206216b803e0cbf8b89f.tar.gz
Add event log parameter handling in SP
A generic publish/subscribe mechanism is implemented to allow boot information such as the TPM event log to be passed to specific SPs, based on subscriptions specified in the SP manifest. This change implements the in-SP handling for the initialization parameters. The env_test has been extended to include tests that check that the event log is being passed and stored in the config store. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: I89211ebffd9e2d1768eaf5736e6b28dceafb0a02
-rw-r--r--components/config/interface/config_blob.h35
-rw-r--r--components/config/interface/config_store.h90
-rw-r--r--components/config/interface/platform_config.h61
-rw-r--r--components/config/loader/sp/sp_config_loader.c70
-rw-r--r--components/config/ramstore/config_ramstore.c79
-rw-r--r--components/config/ramstore/config_ramstore.h4
-rw-r--r--components/config/ramstore/test/ramstore_tests.cpp139
-rw-r--r--components/config/test/sp/sp_config_tests.c183
-rw-r--r--components/service/attestation/claims/claims_register.c2
-rw-r--r--components/service/attestation/claims/sources/event_log/event_log_claim_source.c359
-rw-r--r--components/service/attestation/claims/sources/event_log/event_log_claim_source.h25
-rw-r--r--components/service/crypto/provider/mbedcrypto/trng_adapter/platform/platform_trng_adapter.c36
-rw-r--r--components/service/locator/standalone/services/attestation/attestation_service_context.cpp117
-rw-r--r--deployments/attestation/opteesp/attestation_sp.c42
-rw-r--r--deployments/attestation/opteesp/default_attestation.dts.in9
-rw-r--r--deployments/crypto/opteesp/default_crypto.dts.in11
-rw-r--r--deployments/env-test/env_test.cmake4
-rw-r--r--deployments/env-test/opteesp/CMakeLists.txt45
-rw-r--r--deployments/env-test/opteesp/default_env-test.dts.in50
-rw-r--r--deployments/env-test/opteesp/env_test.c4
-rw-r--r--deployments/libts/linux-pc/CMakeLists.txt1
21 files changed, 845 insertions, 521 deletions
diff --git a/components/config/interface/config_blob.h b/components/config/interface/config_blob.h
new file mode 100644
index 000000000..4f8325f37
--- /dev/null
+++ b/components/config/interface/config_blob.h
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef CONFIG_BLOB_H
+#define CONFIG_BLOB_H
+
+#include <stddef.h>
+
+/**
+ * A general-purpose blob of configuarion data. Points to a buffer
+ * that contains the actual data.
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Structure definition for a config_blob
+ *
+ */
+struct config_blob
+{
+ const void *data;
+ size_t data_len;
+};
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* CONFIG_BLOB_H */
diff --git a/components/config/interface/config_store.h b/components/config/interface/config_store.h
new file mode 100644
index 000000000..63f928267
--- /dev/null
+++ b/components/config/interface/config_store.h
@@ -0,0 +1,90 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef CONFIG_STORE_H
+#define CONFIG_STORE_H
+
+#include <stdbool.h>
+#include <stddef.h>
+
+/**
+ * Provides a common interface for retrieving configuration
+ * objects. Configuration objects are used at run-time
+ * to configure TS deployments such as a service provider
+ * running within a secure partition.
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief A classifier for configuration objects
+ *
+ * Used as a label to identifier the general class of a configuartion object.
+ */
+enum config_classifier
+{
+ /* A classifier for a device region that describes a region of IO mapped memory */
+ CONFIG_CLASSIFIER_DEVICE_REGION,
+
+ /* A classifier for a memory region that describes a region of memory */
+ CONFIG_CLASSIFIER_MEMORY_REGION,
+
+ /* A classifier for an opaque configuration blob */
+ CONFIG_CLASSIFIER_BLOB
+};
+
+
+/**
+ * \brief Query for a particular configuration object
+ *
+ * \param[in] classifier The class of object
+ * \param[in] name The name of the object
+ * \param[in] instance The instance number
+ * \param[out] data Pointer to client provided buffer for the object
+ * \param[in] data_buf_size Size of the client provided buffer
+ *
+ * \return True if successful
+ */
+bool config_store_query(enum config_classifier classifier,
+ const char *name,
+ unsigned int instance,
+ void *data,
+ size_t data_buf_size);
+
+/**
+ * \brief Add an object to the config store
+ *
+ * \param[in] classifier The class of object
+ * \param[in] name The name of the object
+ * \param[in] instance The instance number
+ * \param[in] data The object data to add
+ * \param[in] data_len The size of the object
+ *
+ * \return True if successful
+ */
+bool config_store_add(enum config_classifier classifier,
+ const char *name,
+ unsigned int instance,
+ const void *data,
+ size_t data_len);
+
+/**
+ * \brief Returns a count of the number of objects of a particular class
+ *
+ * \param[in] classifier The class of object
+ *
+ * \return Count of objects held
+ */
+unsigned int config_store_count(enum config_classifier classifier);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* CONFIG_STORE_H */
diff --git a/components/config/interface/platform_config.h b/components/config/interface/platform_config.h
deleted file mode 100644
index 3f7eb941e..000000000
--- a/components/config/interface/platform_config.h
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef TS_CONFIG_INTERFACE_PLATFORM_CONFIG_H
-#define TS_CONFIG_INTERFACE_PLATFORM_CONFIG_H
-
-#include <platform/interface/device_region.h>
-#include <stddef.h>
-
-/**
- * Provides a common interface for retrieving platform configuration
- * data for initializing platform provided devices or services.
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Query platform configuartion for a particular device_region
- *
- * \param[in] dev_class Class of device (e.g. 'trng')
- * \param[in] dev_instance The instance of the class of a device on platform
- *
- * \return Pointer to device_region or NULL if no qualifying configuration
- */
-struct device_region *platform_config_device_query(const char *dev_class,
- int dev_instance);
-
-/**
- * \brief Frees a device region returned by platform_config_device_query()
- *
- * \param[in] device_region Device region object to free. Can be NULL.
- */
-void platform_config_device_query_free(struct device_region *device_region);
-
-/**
- * \brief Add a device_region to the platform configuration
- *
- * \param[in] device_region The device_region object to add
- *
- * \return 0 if successful
- */
-int platform_config_device_add(const struct device_region *device_region);
-
-/**
- * \brief Returns a count of the number of device regions
- *
- * \return 0 if successful
- */
-unsigned int platform_config_device_region_count(void);
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* TS_CONFIG_INTERFACE_PLATFORM_CONFIG_H */
diff --git a/components/config/loader/sp/sp_config_loader.c b/components/config/loader/sp/sp_config_loader.c
index a1c88042e..5fa953b80 100644
--- a/components/config/loader/sp/sp_config_loader.c
+++ b/components/config/loader/sp/sp_config_loader.c
@@ -4,7 +4,8 @@
*/
#include <string.h>
-#include <config/interface/platform_config.h>
+#include <config/interface/config_store.h>
+#include <config/interface/config_blob.h>
#include <platform/interface/device_region.h>
#include "sp_config_loader.h"
@@ -16,9 +17,15 @@ struct sp_param_device_region
size_t size;
};
+static void load_device_regions(const struct ffa_name_value_pair *value_pair);
+static void load_memory_regions(const struct ffa_name_value_pair *value_pair);
+static void load_blob(const struct ffa_name_value_pair *value_pair);
+
/**
- * Loads externally provided configuration data originating from
- * theh SP manifest.
+ * Loads externally provided configuration data passed into the SP via
+ * FFA initialisation parameters. Data can originate from
+ * the SP manifest, an external device tree or a dynamic configuration
+ * mechanism such as a handover block (HOB).
*/
void sp_config_load(struct ffa_init_info *init_info)
{
@@ -27,22 +34,55 @@ void sp_config_load(struct ffa_init_info *init_info)
if (!strcmp((const char *)init_info->nvp[param_index].name,"DEVICE_REGIONS")) {
- struct sp_param_device_region *d = (struct sp_param_device_region *)init_info->nvp[param_index].value;
+ load_device_regions(&init_info->nvp[param_index]);
+ }
+ else if (!strcmp((const char *)init_info->nvp[param_index].name,"MEMORY_REGIONS")) {
+
+ load_memory_regions(&init_info->nvp[param_index]);
+ }
+ else {
+
+ load_blob(&init_info->nvp[param_index]);
+ }
+ }
+}
- /*Iterate over the device regions*/
- while ((uintptr_t)d < (init_info->nvp[param_index].value + init_info->nvp[param_index].size)) {
+static void load_device_regions(const struct ffa_name_value_pair *value_pair)
+{
+ struct sp_param_device_region *d = (struct sp_param_device_region *)value_pair->value;
- struct device_region device_region;
+ /* Iterate over the device regions */
+ while ((uintptr_t)d < (value_pair->value + value_pair->size)) {
- strcpy(device_region.dev_class, d->name);
- device_region.dev_instance = 0;
- device_region.base_addr = d->location;
- device_region.io_region_size = d->size;
+ struct device_region device_region;
- platform_config_device_add(&device_region);
+ strcpy(device_region.dev_class, d->name);
+ device_region.dev_instance = 0;
+ device_region.base_addr = d->location;
+ device_region.io_region_size = d->size;
- ++d;
- }
- }
+ config_store_add(CONFIG_CLASSIFIER_DEVICE_REGION,
+ device_region.dev_class, device_region.dev_instance,
+ &device_region, sizeof(device_region));
+
+ ++d;
}
}
+
+static void load_memory_regions(const struct ffa_name_value_pair *value_pair)
+{
+ /* Not yet supported */
+ (void)value_pair;
+}
+
+static void load_blob(const struct ffa_name_value_pair *value_pair)
+{
+ struct config_blob blob;
+
+ blob.data = (const void*)value_pair->value;
+ blob.data_len = value_pair->size;
+
+ config_store_add(CONFIG_CLASSIFIER_BLOB,
+ (const char *)value_pair->name, 0,
+ &blob, sizeof(blob));
+}
diff --git a/components/config/ramstore/config_ramstore.c b/components/config/ramstore/config_ramstore.c
index 2e2464547..42d749e2d 100644
--- a/components/config/ramstore/config_ramstore.c
+++ b/components/config/ramstore/config_ramstore.c
@@ -5,7 +5,7 @@
*/
#include "config_ramstore.h"
-#include <config/interface/platform_config.h>
+#include <config/interface/config_store.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
@@ -15,16 +15,25 @@
*/
struct config_container
{
+ enum config_classifier classifier;
+ char name[32];
+ unsigned int instance;
size_t size;
struct config_container *next;
};
-static struct config_container *config_container_create(const void *data, size_t size)
+static struct config_container *config_container_create(enum config_classifier classifier,
+ const char *name, unsigned int instance,
+ const void *data, size_t size)
{
struct config_container *container = malloc(sizeof(struct config_container) + size);
if (container) {
+ container->classifier = classifier;
+ strncpy(container->name, name, sizeof(container->name));
+ container->name[sizeof(container->name) - 1] = '\0';
+ container->instance = instance;
container->size = size;
container->next = NULL;
@@ -49,56 +58,61 @@ static const void *config_container_data(const struct config_container *containe
*/
static struct config_ramstore
{
- struct config_container *device_region_list;
+ struct config_container *object_list;
} ramstore = {0};
void config_ramstore_init(void)
{
- ramstore.device_region_list = NULL;
+
}
void config_ramstore_deinit(void)
{
- while (ramstore.device_region_list) {
+ while (ramstore.object_list) {
- struct config_container *next = ramstore.device_region_list->next;
- free(ramstore.device_region_list);
- ramstore.device_region_list = next;
+ struct config_container *next = ramstore.object_list->next;
+ free(ramstore.object_list);
+ ramstore.object_list = next;
}
}
-int platform_config_device_add(const struct device_region *device_region)
+bool config_store_add(enum config_classifier classifier,
+ const char *name,
+ unsigned int instance,
+ const void *data,
+ size_t data_len)
{
struct config_container *container;
- container = config_container_create(device_region, sizeof(struct device_region));
- if (!container) return -1;
+ container = config_container_create(classifier, name, instance, data, data_len);
+ if (!container) return false;
- container->next = ramstore.device_region_list;
- ramstore.device_region_list = container;
+ container->next = ramstore.object_list;
+ ramstore.object_list = container;
- return 0;
+ return true;
}
-struct device_region *platform_config_device_query(const char *dev_class,
- int dev_instance)
+bool config_store_query(enum config_classifier classifier,
+ const char *name,
+ unsigned int instance,
+ void *data,
+ size_t data_buf_size)
{
- struct device_region *result = NULL;
- const struct config_container *container = ramstore.device_region_list;
+ bool success = false;
+ const struct config_container *container = ramstore.object_list;
while (container) {
- const struct device_region *candidate;
- candidate = (const struct device_region*)config_container_data(container);
-
- if ((candidate->dev_instance == dev_instance) &&
- (strcmp(candidate->dev_class, dev_class) == 0)) {
+ if ((container->classifier == classifier) &&
+ (strcmp(container->name, name) == 0) &&
+ (container->instance == instance)) {
- result = malloc(container->size);
- if (result) {
+ if (data_buf_size == container->size) {
- memcpy(result, candidate, container->size);
+ memcpy(data, config_container_data(container), container->size);
+ success = true;
}
break;
@@ -107,23 +121,18 @@ struct device_region *platform_config_device_query(const char *dev_class,
container = container->next;
}
- return result;
-}
-
-void platform_config_device_query_free(struct device_region *device_region)
-{
- free(device_region);
+ return success;
}
-unsigned int platform_config_device_region_count(void)
+unsigned int config_store_count(enum config_classifier classifier)
{
unsigned int count = 0;
- const struct config_container *container = ramstore.device_region_list;
+ const struct config_container *container = ramstore.object_list;
while (container) {
- ++count;
+ if (container->classifier == classifier) ++count;
container = container->next;
}
diff --git a/components/config/ramstore/config_ramstore.h b/components/config/ramstore/config_ramstore.h
index 5df18381a..cf9b80a1f 100644
--- a/components/config/ramstore/config_ramstore.h
+++ b/components/config/ramstore/config_ramstore.h
@@ -13,10 +13,6 @@
#ifndef CONFIG_RAMSTORE_H
#define CONFIG_RAMSTORE_H
-#include <stddef.h>
-#include <platform/interface/device_region.h>
-#include <config/interface/platform_config.h>
-
#ifdef __cplusplus
extern "C" {
#endif
diff --git a/components/config/ramstore/test/ramstore_tests.cpp b/components/config/ramstore/test/ramstore_tests.cpp
index aadb62b03..a9cde4f0f 100644
--- a/components/config/ramstore/test/ramstore_tests.cpp
+++ b/components/config/ramstore/test/ramstore_tests.cpp
@@ -5,91 +5,110 @@
*/
#include <cstring>
+#include <config/interface/config_store.h>
#include <config/ramstore/config_ramstore.h>
+#include <config/interface/config_blob.h>
+#include <platform/interface/device_region.h>
#include <CppUTest/TestHarness.h>
TEST_GROUP(ConfigRamstoreTests)
{
- void setup()
- {
- config_ramstore_init();
- }
-
- void teardown()
- {
- config_ramstore_deinit();
- }
+ void setup()
+ {
+ config_ramstore_init();
+ }
+
+ void teardown()
+ {
+ config_ramstore_deinit();
+ }
};
TEST(ConfigRamstoreTests, checkEmptyConfig)
{
- /* Expect queries to an empty store to return gracefully */
- struct device_region *query_result = platform_config_device_query("flash", 0);
- CHECK(!query_result);
+ struct config_blob blob;
- /* Expect freeing a null pointer to be harmless */
- platform_config_device_query_free(query_result);
+ /* Expect queries to an empty store to return gracefully */
+ bool query_result = config_store_query(CONFIG_CLASSIFIER_BLOB, "flash", 0,
+ &blob, sizeof(blob));
+
+ CHECK_FALSE(query_result);
+ UNSIGNED_LONGS_EQUAL(0, config_store_count(CONFIG_CLASSIFIER_DEVICE_REGION));
+ UNSIGNED_LONGS_EQUAL(0, config_store_count(CONFIG_CLASSIFIER_MEMORY_REGION));
+ UNSIGNED_LONGS_EQUAL(0, config_store_count(CONFIG_CLASSIFIER_BLOB));
}
TEST(ConfigRamstoreTests, checkSingleConfig)
{
- struct device_region config;
-
- /* This would be external configuration, obtained say from device tree */
- strcpy(config.dev_class, "fs");
- config.dev_instance = 2;
- config.base_addr = (uintptr_t)0x0f000010;
- config.io_region_size = 0x100;
-
- /* Add the configuration object */
- int status = platform_config_device_add(&config);
- CHECK_EQUAL(0, status);
-
- /* Expect query find the config object */
- struct device_region *query_result = platform_config_device_query(config.dev_class, config.dev_instance);
- CHECK(query_result);
- CHECK(strcmp(config.dev_class, query_result->dev_class) == 0);
- CHECK_EQUAL(config.dev_instance, query_result->dev_instance);
- CHECK_EQUAL(config.base_addr, query_result->base_addr);
- CHECK_EQUAL(config.io_region_size, query_result->io_region_size);
-
- platform_config_device_query_free(query_result);
+ struct device_region config;
+
+ /* This would be external configuration, obtained say from device tree */
+ strcpy(config.dev_class, "fs");
+ config.dev_instance = 2;
+ config.base_addr = (uintptr_t)0x0f000010;
+ config.io_region_size = 0x100;
+
+ /* Add the configuration object */
+ bool success = config_store_add(CONFIG_CLASSIFIER_DEVICE_REGION,
+ config.dev_class, config.dev_instance,
+ &config, sizeof(config));
+
+ CHECK_TRUE(success);
+
+ /* Expect query find the config object */
+ struct device_region query_result;
+ success = config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION,
+ config.dev_class, config.dev_instance,
+ &query_result, sizeof(query_result));
+
+ CHECK_TRUE(success);
+ STRCMP_EQUAL(config.dev_class, query_result.dev_class);
+ UNSIGNED_LONGS_EQUAL(config.dev_instance, query_result.dev_instance);
+ UNSIGNED_LONGS_EQUAL(config.base_addr, query_result.base_addr);
+ UNSIGNED_LONGS_EQUAL(config.io_region_size, query_result.io_region_size);
}
TEST(ConfigRamstoreTests, checkMultipleConfig)
{
- int status;
+ int status;
- /* Add first config object */
- struct device_region config1;
+ /* Add first config object */
+ struct device_region config1;
- strcpy(config1.dev_class, "flash");
- config1.dev_instance = 0;
- config1.base_addr = (uintptr_t)0x0f000010;
- config1.io_region_size = 0x100;
+ strcpy(config1.dev_class, "flash");
+ config1.dev_instance = 0;
+ config1.base_addr = (uintptr_t)0x0f000010;
+ config1.io_region_size = 0x100;
- status = platform_config_device_add(&config1);
- CHECK_EQUAL(0, status);
+ bool success = config_store_add(CONFIG_CLASSIFIER_DEVICE_REGION,
+ config1.dev_class, config1.dev_instance,
+ &config1, sizeof(config1));
- /* Add second config object */
- struct device_region config2;
+ CHECK_TRUE(success);
- strcpy(config2.dev_class, "flash");
- config2.dev_instance = 1;
- config2.base_addr = (uintptr_t)0x0f000010;
- config2.io_region_size = 0x100;
+ /* Add second config object */
+ struct config_blob config2;
- status = platform_config_device_add(&config2);
- CHECK_EQUAL(0, status);
+ uint8_t config2_data[100];
+ config2.data = config2_data;
+ config2.data_len = sizeof(config2_data);
- CHECK_EQUAL(2, platform_config_device_region_count());
+ success = config_store_add(CONFIG_CLASSIFIER_BLOB,
+ "a_config_blob", 0,
+ &config2, sizeof(config2));
- /* Expect queries for both objects to work */
- struct device_region *query1_result = platform_config_device_query(config1.dev_class, config1.dev_instance);
- CHECK(query1_result);
+ CHECK_TRUE(success);
+ UNSIGNED_LONGS_EQUAL(1, config_store_count(CONFIG_CLASSIFIER_DEVICE_REGION));
+ UNSIGNED_LONGS_EQUAL(1, config_store_count(CONFIG_CLASSIFIER_BLOB));
- struct device_region *query2_result = platform_config_device_query(config2.dev_class, config2.dev_instance);
- CHECK(query2_result);
+ /* Expect queries for both objects to work */
+ struct device_region query1_result;
+ CHECK_TRUE(config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION,
+ config1.dev_class, config1.dev_instance,
+ &query1_result, sizeof(query1_result)));
- platform_config_device_query_free(query2_result);
-} \ No newline at end of file
+ struct config_blob query2_result;
+ CHECK_TRUE(config_store_query(CONFIG_CLASSIFIER_BLOB,
+ "a_config_blob", 0,
+ &query2_result, sizeof(query2_result)));
+}
diff --git a/components/config/test/sp/sp_config_tests.c b/components/config/test/sp/sp_config_tests.c
index 94ba26866..023f5ac63 100644
--- a/components/config/test/sp/sp_config_tests.c
+++ b/components/config/test/sp/sp_config_tests.c
@@ -4,14 +4,15 @@
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <service/test_runner/provider/backend/simple_c/simple_c_test_runner.h>
-#include <config/interface/platform_config.h>
+#include <config/interface/config_store.h>
+#include <config/interface/config_blob.h>
+#include <platform/interface/device_region.h>
#include <stdint.h>
/**
* Secure Partition configuration tests for checking configuartion
- * data passed to an SP at initialisation. These tests assume
- * use of the FFA manifest for any SP deployments of
- * deployments/env_test.
+ * data passed to an SP at initialisation. These tests rely on
+ * the SP manifest for deployments/env_test.
*/
/*
@@ -20,7 +21,7 @@
*/
static bool check_device_region_loaded(struct test_failure *failure)
{
- return platform_config_device_region_count() > 0;
+ return config_store_count(CONFIG_CLASSIFIER_DEVICE_REGION) > 0;
}
/*
@@ -29,19 +30,30 @@ static bool check_device_region_loaded(struct test_failure *failure)
*/
static bool check_trng_device_region_loaded(struct test_failure *failure)
{
- bool passed = false;
- struct device_region *dev_region = platform_config_device_query("trng", 0);
+ struct device_region dev_region;
- if (dev_region) {
+ bool passed = config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION,
+ "trng", 0,
+ &dev_region, sizeof(dev_region));
- passed =
- (dev_region->dev_instance == 0) &&
- (dev_region->io_region_size == 0x1000);
- }
+ if (passed) {
- platform_config_device_query_free(dev_region);
+ passed = (dev_region.dev_instance == 0);
+ failure->line_num = __LINE__;
+ failure->info = dev_region.dev_instance;
- return passed;
+ if (passed) {
+ passed = (dev_region.io_region_size == 0x1000);
+ failure->line_num = __LINE__;
+ failure->info = dev_region.io_region_size;
+ }
+ }
+ else {
+
+ failure->line_num = __LINE__;
+ }
+
+ return passed;
}
/*
@@ -49,54 +61,111 @@ static bool check_trng_device_region_loaded(struct test_failure *failure)
*/
static bool check_trng_register_access(struct test_failure *failure)
{
- bool passed = false;
-
- struct device_region *dev_region = platform_config_device_query("trng", 0);
-
- if (dev_region) {
-
- /* Expect reset values to be read from a selection of TRNG registers */
- uint32_t reg_val;
- passed = true;
-
- /* PID4 */
- if (passed) {
- reg_val = *((volatile uint32_t*)((uint8_t*)dev_region->base_addr + 0xfd0));
- passed = (reg_val == 0x00000004);
- failure->line_num = __LINE__;
- failure->info = reg_val;
- }
-
- /* PID0 */
- if (passed) {
- reg_val = *((volatile uint32_t*)((uint8_t*)dev_region->base_addr + 0xfe0));
- passed = (reg_val == 0x000000aa);
- failure->line_num = __LINE__;
- failure->info = reg_val;
- }
- }
-
- return passed;
+ struct device_region dev_region;
+
+ bool passed = config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION,
+ "trng", 0,
+ &dev_region, sizeof(dev_region));
+
+ if (passed) {
+
+ /* Expect reset values to be read from a selection of TRNG registers */
+ uint32_t reg_val;
+
+ /* PID4 */
+ reg_val = *((volatile uint32_t*)((uint8_t*)dev_region.base_addr + 0xfd0));
+ passed = (reg_val == 0x00000004);
+ failure->line_num = __LINE__;
+ failure->info = reg_val;
+
+ /* PID0 */
+ if (passed) {
+ reg_val = *((volatile uint32_t*)((uint8_t*)dev_region.base_addr + 0xfe0));
+ passed = (reg_val == 0x000000aa);
+ failure->line_num = __LINE__;
+ failure->info = reg_val;
+ }
+ }
+ else {
+
+ failure->line_num = __LINE__;
+ }
+
+ return passed;
}
+/*
+ * Check that the loaded configuration includes one or more
+ * configuration blobs. One is expected for teh TPM event log.
+ */
+static bool check_config_blob_loaded(struct test_failure *failure)
+{
+ return config_store_count(CONFIG_CLASSIFIER_BLOB) > 0;
+}
+
+/*
+ * Check that the event log has been loaded.
+ */
+static bool check_event_log_loaded(struct test_failure *failure)
+{
+ struct config_blob config_blob;
+
+ bool passed = config_store_query(CONFIG_CLASSIFIER_BLOB,
+ "EVENT_LOG", 0,
+ &config_blob, sizeof(config_blob));
+
+ return passed;
+}
+
+/*
+ * Check that the event log can be accessed
+ */
+static bool check_event_log_access(struct test_failure *failure)
+{
+ struct config_blob config_blob;
+
+ bool passed = config_store_query(CONFIG_CLASSIFIER_BLOB,
+ "EVENT_LOG", 0,
+ &config_blob, sizeof(config_blob));
+
+ if (passed) {
+
+ passed = (config_blob.data_len > 0);
+ failure->line_num = __LINE__;
+
+ if (passed) {
+ passed = (config_blob.data);
+ failure->line_num = __LINE__;
+ }
+ }
+ else {
+
+ failure->line_num = __LINE__;
+ }
+
+ return passed;
+}
/**
* Define an register test group
*/
void sp_config_tests_register(void)
{
- static const struct simple_c_test_case sp_config_tests[] = {
- {.name = "DevRegionLoaded", .test_func = check_device_region_loaded},
- {.name = "TrngDevRegionLoaded", .test_func = check_trng_device_region_loaded},
- {.name = "TrngRegAccess", .test_func = check_trng_register_access}
- };
-
- static const struct simple_c_test_group sp_config_test_group =
- {
- .group = "SpConfigTests",
- .num_test_cases = sizeof(sp_config_tests)/sizeof(struct simple_c_test_case),
- .test_cases = sp_config_tests
- };
-
- simple_c_test_runner_register_group(&sp_config_test_group);
-} \ No newline at end of file
+ static const struct simple_c_test_case sp_config_tests[] = {
+ {.name = "DevRegionLoaded", .test_func = check_device_region_loaded},
+ {.name = "TrngDevRegionLoaded", .test_func = check_trng_device_region_loaded},
+ {.name = "TrngRegAccess", .test_func = check_trng_register_access},
+ {.name = "ConfigBlobLoaded", .test_func = check_config_blob_loaded},
+ {.name = "EventLogLoaded", .test_func = check_event_log_loaded},
+ {.name = "EventLogAccess", .test_func = check_event_log_access}
+ };
+
+ static const struct simple_c_test_group sp_config_test_group =
+ {
+ .group = "SpConfigTests",
+ .num_test_cases = sizeof(sp_config_tests)/sizeof(struct simple_c_test_case),
+ .test_cases = sp_config_tests
+ };
+
+ simple_c_test_runner_register_group(&sp_config_test_group);
+}
diff --git a/components/service/attestation/claims/claims_register.c b/components/service/attestation/claims/claims_register.c
index 76c09c857..439ab76d1 100644
--- a/components/service/attestation/claims/claims_register.c
+++ b/components/service/attestation/claims/claims_register.c
@@ -39,7 +39,7 @@ void claims_register_deinit(void)
void claims_register_add_claim_source(uint32_t category_map,
struct claim_source *source)
{
- if (instance.num_sources < CLAIMS_REGISTER_MAX_CLAIM_SOURCES) {
+ if (source && (instance.num_sources < CLAIMS_REGISTER_MAX_CLAIM_SOURCES)) {
source->category_map = category_map;
diff --git a/components/service/attestation/claims/sources/event_log/event_log_claim_source.c b/components/service/attestation/claims/sources/event_log/event_log_claim_source.c
index b7273ab61..94b7bb9ec 100644
--- a/components/service/attestation/claims/sources/event_log/event_log_claim_source.c
+++ b/components/service/attestation/claims/sources/event_log/event_log_claim_source.c
@@ -7,12 +7,14 @@
#include <stddef.h>
#include <string.h>
#include <common/endian/le.h>
+#include <config/interface/config_store.h>
+#include <config/interface/config_blob.h>
#include "event_log_claim_source.h"
#include "tcg.h"
static bool event_log_claim_source_get_claim(void *context, struct claim *claim);
static void create_event_log_iterator(const struct claim_collection_variant *variant,
- struct claim_iterator *iter);
+ struct claim_iterator *iter);
static void event_log_iterator_first(struct claim_iterator *iter);
static bool event_log_iterator_next(struct claim_iterator *iter);
@@ -23,245 +25,262 @@ static size_t tcg_event2_digest_size(uint16_t algorithm_id);
static size_t tcg_event2_header_size(const void *header, const void *limit);
static size_t tcg_event1_record_size(const void *header, const void *limit);
static void tcg_event2_extract_digest(const void *header,
- struct measurement_claim_variant *measurement);
+ struct measurement_claim_variant *measurement);
static void tcg_event2_extract_measurement_id(const void *event_data,
- struct measurement_claim_variant *measurement,
- const void *limit);
+ struct measurement_claim_variant *measurement,
+ const void *limit);
struct claim_source *event_log_claim_source_init(struct event_log_claim_source *instance,
- const uint8_t *event_log, size_t event_log_len)
+ const uint8_t *event_log, size_t event_log_len)
{
- instance->base.get_claim = event_log_claim_source_get_claim;
- instance->base.context = instance;
+ instance->base.get_claim = event_log_claim_source_get_claim;
+ instance->base.context = instance;
- instance->event_log = event_log;
- instance->event_log_len = event_log_len;
+ instance->event_log = event_log;
+ instance->event_log_len = event_log_len;
- return &instance->base;
+ return &instance->base;
+}
+
+struct claim_source *event_log_claim_source_init_from_config(
+ struct event_log_claim_source *instance)
+{
+ struct claim_source *claim_source = NULL;
+ struct config_blob config_blob;
+
+ if (config_store_query(CONFIG_CLASSIFIER_BLOB,
+ "EVENT_LOG", 0,
+ &config_blob, sizeof(config_blob))) {
+
+ claim_source = event_log_claim_source_init(instance,
+ config_blob.data, config_blob.data_len);
+ }
+
+ return claim_source;
}
static bool event_log_claim_source_get_claim(void *context, struct claim *claim)
{
- bool is_available = false;
- struct event_log_claim_source *instance = (struct event_log_claim_source*)context;
+ bool is_available = false;
+ struct event_log_claim_source *instance = (struct event_log_claim_source*)context;
- /* The claim returned from a event_log_claim_source is always a claim collection,
- * realized by the associated event log. The event log may contain 0..*
- * claims.
- */
- if (instance->event_log && instance->event_log_len) {
+ /* The claim returned from a event_log_claim_source is always a claim collection,
+ * realized by the associated event log. The event log may contain 0..*
+ * claims.
+ */
+ if (instance->event_log && instance->event_log_len) {
- claim->subject_id = CLAIM_SUBJECT_ID_NONE;
- claim->variant_id = CLAIM_VARIANT_ID_COLLECTION;
- claim->raw_data = instance->event_log;
+ claim->subject_id = CLAIM_SUBJECT_ID_NONE;
+ claim->variant_id = CLAIM_VARIANT_ID_COLLECTION;
+ claim->raw_data = instance->event_log;
- claim->variant.collection.create_iterator = create_event_log_iterator;
- claim->variant.collection.begin_pos = instance->event_log;
- claim->variant.collection.end_pos = &instance->event_log[instance->event_log_len];
+ claim->variant.collection.create_iterator = create_event_log_iterator;
+ claim->variant.collection.begin_pos = instance->event_log;
+ claim->variant.collection.end_pos = &instance->event_log[instance->event_log_len];
- is_available = true;
- }
+ is_available = true;
+ }
- return is_available;
+ return is_available;
}
static void create_event_log_iterator(const struct claim_collection_variant *variant,
- struct claim_iterator *iter)
+ struct claim_iterator *iter)
{
- /* Assign concrete methods */
- iter->first = event_log_iterator_first;
- iter->next = event_log_iterator_next;
- iter->is_done = event_log_iterator_is_done;
- iter->current = event_log_iterator_current;
-
- /* Initialize to start of collection */
- iter->begin_pos = variant->begin_pos;
- iter->end_pos = variant->end_pos;
- iter->cur_pos = variant->begin_pos;
+ /* Assign concrete methods */
+ iter->first = event_log_iterator_first;
+ iter->next = event_log_iterator_next;
+ iter->is_done = event_log_iterator_is_done;
+ iter->current = event_log_iterator_current;
+
+ /* Initialize to start of collection */
+ iter->begin_pos = variant->begin_pos;
+ iter->end_pos = variant->end_pos;
+ iter->cur_pos = variant->begin_pos;
}
static void event_log_iterator_first(struct claim_iterator *iter)
{
- iter->cur_pos = iter->begin_pos;
+ iter->cur_pos = iter->begin_pos;
}
static bool event_log_iterator_next(struct claim_iterator *iter)
{
- const void *header = iter->cur_pos;
- size_t record_len;
-
- if (header == iter->begin_pos) {
- /* The first record must in TSG EVENT-1 format */
- record_len = tcg_event1_record_size(header, iter->end_pos);
- if (!record_len) return false; /* Problem in record */
- }
- else {
- /* All subsequent records are assumed to be in variable
- * length TCG_PCR_EVENT2 format.
- */
- record_len = tcg_event2_header_size(header, iter->end_pos);
- if (!record_len) return false; /* Problem in header */
-
- /* Add the variable length space used for event data */
- const void *event_data = ((const uint8_t*)iter->cur_pos + record_len);
- record_len += sizeof(event2_data_t);
- record_len += load_u32_le(event_data, offsetof(event2_data_t, event_size));
- }
-
- /* Advance iterator to start of next record */
- iter->cur_pos = (const uint8_t*)iter->cur_pos + record_len;
-
- return !event_log_iterator_is_done(iter);
+ const void *header = iter->cur_pos;
+ size_t record_len;
+
+ if (header == iter->begin_pos) {
+ /* The first record must in TSG EVENT-1 format */
+ record_len = tcg_event1_record_size(header, iter->end_pos);
+ if (!record_len) return false; /* Problem in record */
+ }
+ else {
+ /* All subsequent records are assumed to be in variable
+ * length TCG_PCR_EVENT2 format.
+ */
+ record_len = tcg_event2_header_size(header, iter->end_pos);
+ if (!record_len) return false; /* Problem in header */
+
+ /* Add the variable length space used for event data */
+ const void *event_data = ((const uint8_t*)iter->cur_pos + record_len);
+ record_len += sizeof(event2_data_t);
+ record_len += load_u32_le(event_data, offsetof(event2_data_t, event_size));
+ }
+
+ /* Advance iterator to start of next record */
+ iter->cur_pos = (const uint8_t*)iter->cur_pos + record_len;
+
+ return !event_log_iterator_is_done(iter);
}
static bool event_log_iterator_is_done(struct claim_iterator *iter)
{
- return (iter->cur_pos >= iter->end_pos) || (iter->cur_pos < iter->begin_pos);
+ return (iter->cur_pos >= iter->end_pos) || (iter->cur_pos < iter->begin_pos);
}
static bool event_log_iterator_current(struct claim_iterator *iter, struct claim *claim)
{
- bool success = false;
-
- if (!event_log_iterator_is_done(iter)) {
-
- uint32_t event_type = EV_NO_ACTION;
- const void *event_data = NULL;
- const void *header = iter->cur_pos;
- claim->raw_data = (const uint8_t*)header;
-
- if (header != iter->begin_pos) {
- /* Initial TSG EVENT-1 record is not supported */
- size_t header_len = tcg_event2_header_size(header, iter->end_pos);
- if (!header_len) return false; /* Problem in header */
-
- event_type = load_u32_le(header, offsetof(event2_header_t, event_type));
- event_data = (const uint8_t*)header + header_len;
- }
-
- switch (event_type)
- {
- case EV_POST_CODE:
- /* A measurement claim */
- claim->category = CLAIM_CATEGORY_BOOT_MEASUREMENT;
- claim->subject_id = CLAIM_SUBJECT_ID_SW_COMPONENT;
- claim->variant_id = CLAIM_VARIANT_ID_MEASUREMENT;
- tcg_event2_extract_digest(header, &claim->variant.measurement);
- tcg_event2_extract_measurement_id(event_data, &claim->variant.measurement,
- iter->end_pos);
- break;
-
- default:
- /* Unsupported event type */
- claim->category = CLAIM_CATEGORY_NONE;
- claim->subject_id = CLAIM_SUBJECT_ID_NONE;
- claim->variant_id = CLAIM_VARIANT_ID_UNSUPPORTED;
- break;
- }
-
- success = true;
- }
-
- return success;
+ bool success = false;
+
+ if (!event_log_iterator_is_done(iter)) {
+
+ uint32_t event_type = EV_NO_ACTION;
+ const void *event_data = NULL;
+ const void *header = iter->cur_pos;
+ claim->raw_data = (const uint8_t*)header;
+
+ if (header != iter->begin_pos) {
+ /* Initial TSG EVENT-1 record is not supported */
+ size_t header_len = tcg_event2_header_size(header, iter->end_pos);
+ if (!header_len) return false; /* Problem in header */
+
+ event_type = load_u32_le(header, offsetof(event2_header_t, event_type));
+ event_data = (const uint8_t*)header + header_len;
+ }
+
+ switch (event_type)
+ {
+ case EV_POST_CODE:
+ /* A measurement claim */
+ claim->category = CLAIM_CATEGORY_BOOT_MEASUREMENT;
+ claim->subject_id = CLAIM_SUBJECT_ID_SW_COMPONENT;
+ claim->variant_id = CLAIM_VARIANT_ID_MEASUREMENT;
+ tcg_event2_extract_digest(header, &claim->variant.measurement);
+ tcg_event2_extract_measurement_id(event_data, &claim->variant.measurement,
+ iter->end_pos);
+ break;
+
+ default:
+ /* Unsupported event type */
+ claim->category = CLAIM_CATEGORY_NONE;
+ claim->subject_id = CLAIM_SUBJECT_ID_NONE;
+ claim->variant_id = CLAIM_VARIANT_ID_UNSUPPORTED;
+ break;
+ }
+
+ success = true;
+ }
+
+ return success;
}
static size_t tcg_event2_digest_size(uint16_t algorithm_id)
{
- size_t size = 0;
-
- switch (algorithm_id)
- {
- case TPM_ALG_SHA256:
- size = SHA256_DIGEST_SIZE;
- break;
- case TPM_ALG_SHA384:
- size = SHA384_DIGEST_SIZE;
- break;
- case TPM_ALG_SHA512:
- size = SHA512_DIGEST_SIZE;
- break;
- default:
- break;
- }
-
- return size;
+ size_t size = 0;
+
+ switch (algorithm_id)
+ {
+ case TPM_ALG_SHA256:
+ size = SHA256_DIGEST_SIZE;
+ break;
+ case TPM_ALG_SHA384:
+ size = SHA384_DIGEST_SIZE;
+ break;
+ case TPM_ALG_SHA512:
+ size = SHA512_DIGEST_SIZE;
+ break;
+ default:
+ break;
+ }
+
+ return size;
}
static size_t tcg_event2_header_size(const void *header, const void *limit)
{
- /* Return the length of the variable length header. Returns zero if there's
- * a problem.
- */
- size_t header_len = 0;
+ /* Return the length of the variable length header. Returns zero if there's
+ * a problem.
+ */
+ size_t header_len = 0;
- /* Ensure that the header is within the limit of the event log */
- if (((const uint8_t*)limit - sizeof(event2_header_t)) >= (const uint8_t*)header) {
+ /* Ensure that the header is within the limit of the event log */
+ if (((const uint8_t*)limit - sizeof(event2_header_t)) >= (const uint8_t*)header) {
- uint32_t digest_count = load_u32_le(header, offsetof(event2_header_t, digests.count));
- header_len = sizeof(event2_header_t);
+ uint32_t digest_count = load_u32_le(header, offsetof(event2_header_t, digests.count));
+ header_len = sizeof(event2_header_t);
- /* Add the variable length space used for digests */
- for (unsigned int i = 0; i < digest_count; ++i) {
+ /* Add the variable length space used for digests */
+ for (unsigned int i = 0; i < digest_count; ++i) {
- uint16_t algorithm_id =
- load_u16_le(header, offsetof(event2_header_t, digests.digests[i].algorithm_id));
- size_t digest_size =
- tcg_event2_digest_size(algorithm_id);
+ uint16_t algorithm_id =
+ load_u16_le(header, offsetof(event2_header_t, digests.digests[i].algorithm_id));
+ size_t digest_size =
+ tcg_event2_digest_size(algorithm_id);
- if (digest_size) header_len += sizeof(tpmt_ha) + digest_size;
- }
- }
+ if (digest_size) header_len += sizeof(tpmt_ha) + digest_size;
+ }
+ }
- return header_len;
+ return header_len;
}
static void tcg_event2_extract_digest(const void *header,
- struct measurement_claim_variant *measurement)
+ struct measurement_claim_variant *measurement)
{
- uint32_t digest_count = load_u32_le(header, offsetof(event2_header_t, digests.count));
+ uint32_t digest_count = load_u32_le(header, offsetof(event2_header_t, digests.count));
- measurement->digest.len = 0;
- measurement->digest.bytes = NULL;
+ measurement->digest.len = 0;
+ measurement->digest.bytes = NULL;
- if (digest_count > 0) {
+ if (digest_count > 0) {
- uint16_t algorithm_id =
- load_u16_le(header, offsetof(event2_header_t, digests.digests[0].algorithm_id));
- size_t digest_size =
- tcg_event2_digest_size(algorithm_id);
+ uint16_t algorithm_id =
+ load_u16_le(header, offsetof(event2_header_t, digests.digests[0].algorithm_id));
+ size_t digest_size =
+ tcg_event2_digest_size(algorithm_id);
- if (digest_size) {
+ if (digest_size) {
- measurement->digest.len =
- digest_size;
- measurement->digest.bytes =
- (const uint8_t*)header + offsetof(event2_header_t, digests.digests[0].digest);
- }
- }
+ measurement->digest.len =
+ digest_size;
+ measurement->digest.bytes =
+ (const uint8_t*)header + offsetof(event2_header_t, digests.digests[0].digest);
+ }
+ }
}
static size_t tcg_event1_record_size(const void *header, const void *limit)
{
- size_t record_len = load_u32_le(header, offsetof(tcg_pcr_event_t, event_size));
- record_len += sizeof(tcg_pcr_event_t);
- return record_len;
+ size_t record_len = load_u32_le(header, offsetof(tcg_pcr_event_t, event_size));
+ record_len += sizeof(tcg_pcr_event_t);
+ return record_len;
}
static void tcg_event2_extract_measurement_id(const void *event_data,
- struct measurement_claim_variant *measurement,
- const void *limit)
+ struct measurement_claim_variant *measurement,
+ const void *limit)
{
- measurement->id.string = NULL;
+ measurement->id.string = NULL;
- if (((const uint8_t*)limit - sizeof(event2_data_t)) >= (const uint8_t*)event_data) {
+ if (((const uint8_t*)limit - sizeof(event2_data_t)) >= (const uint8_t*)event_data) {
- size_t id_size = load_u32_le(event_data, offsetof(event2_data_t, event_size));
+ size_t id_size = load_u32_le(event_data, offsetof(event2_data_t, event_size));
- if (id_size) {
+ if (id_size) {
- measurement->id.string = (const uint8_t*)event_data + offsetof(event2_data_t, event);
- }
- }
+ measurement->id.string = (const uint8_t*)event_data + offsetof(event2_data_t, event);
+ }
+ }
}
diff --git a/components/service/attestation/claims/sources/event_log/event_log_claim_source.h b/components/service/attestation/claims/sources/event_log/event_log_claim_source.h
index 4a79e27bb..5061dd1cd 100644
--- a/components/service/attestation/claims/sources/event_log/event_log_claim_source.h
+++ b/components/service/attestation/claims/sources/event_log/event_log_claim_source.h
@@ -24,14 +24,17 @@ extern "C" {
*/
struct event_log_claim_source
{
- struct claim_source base;
+ struct claim_source base;
- const uint8_t *event_log;
- size_t event_log_len;
+ const uint8_t *event_log;
+ size_t event_log_len;
};
/**
- * \brief Initializes a event_log_claim_source.
+ * \brief Initializes a event_log_claim_source from buffer.
+ *
+ * Initializes an event_log_claim_source, taking the provided buffer
+ * containing the TCG event log data.
*
* \param[in] instance The event_log_claim_source instance to initialze
* \param[in] event_log Pointer to the event log.
@@ -40,8 +43,20 @@ struct event_log_claim_source
* \return The initialize base claim_source structure
*/
struct claim_source *event_log_claim_source_init(struct event_log_claim_source *instance,
- const uint8_t *event_log, size_t event_log_len);
+ const uint8_t *event_log, size_t event_log_len);
+/**
+ * \brief Initializes a event_log_claim_source from config store
+ *
+ * Initializes an event_log_claim_source using an event log configuration object
+ * obtained from the config store.
+ *
+ * \param[in] instance The event_log_claim_source instance to initialze
+ *
+ * \return The initialize base claim_source structure
+ */
+struct claim_source *event_log_claim_source_init_from_config(
+ struct event_log_claim_source *instance);
#ifdef __cplusplus
} /* extern "C" */
diff --git a/components/service/crypto/provider/mbedcrypto/trng_adapter/platform/platform_trng_adapter.c b/components/service/crypto/provider/mbedcrypto/trng_adapter/platform/platform_trng_adapter.c
index 1b9f1d2c2..9342bcfdb 100644
--- a/components/service/crypto/provider/mbedcrypto/trng_adapter/platform/platform_trng_adapter.c
+++ b/components/service/crypto/provider/mbedcrypto/trng_adapter/platform/platform_trng_adapter.c
@@ -6,7 +6,8 @@
#include <mbedtls/entropy.h>
#include <platform/interface/trng.h>
#include <service/crypto/provider/mbedcrypto/trng_adapter/trng_adapter.h>
-#include <config/interface/platform_config.h>
+#include <config/interface/config_store.h>
+#include <psa/error.h>
#include <stddef.h>
/*
@@ -18,33 +19,36 @@ static struct platform_trng_driver driver = {0};
int trng_adapter_init(int instance)
{
- int status;
- struct device_region *device_region;
+ int status = PSA_STATUS_HARDWARE_FAILURE;
+ struct device_region device_region;
- device_region = platform_config_device_query("trng", instance);
- status = platform_trng_create(&driver, device_region);
- platform_config_device_query_free(device_region);
+ if (config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION,
+ "trng", instance,
+ &device_region, sizeof(device_region))) {
- return status;
+ status = platform_trng_create(&driver, &device_region);
+ }
+
+ return status;
}
void trng_adapter_deinit()
{
- platform_trng_destroy(&driver);
+ platform_trng_destroy(&driver);
- driver.iface = NULL;
- driver.context = NULL;
+ driver.iface = NULL;
+ driver.context = NULL;
}
int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len, size_t *olen)
{
- int status = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
- *olen = 0;
+ int status = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+ *olen = 0;
- if (driver.iface) {
+ if (driver.iface) {
- status = driver.iface->poll(driver.context, output, len, olen);
- }
+ status = driver.iface->poll(driver.context, output, len, olen);
+ }
- return status;
+ return status;
}
diff --git a/components/service/locator/standalone/services/attestation/attestation_service_context.cpp b/components/service/locator/standalone/services/attestation/attestation_service_context.cpp
index b7ec8eb3d..a00295c22 100644
--- a/components/service/locator/standalone/services/attestation/attestation_service_context.cpp
+++ b/components/service/locator/standalone/services/attestation/attestation_service_context.cpp
@@ -9,15 +9,18 @@
#include <service/attestation/claims/claims_register.h>
#include <service/attestation/claims/sources/event_log/event_log_claim_source.h>
#include <service/attestation/claims/sources/event_log/mock/mock_event_log.h>
+#include <config/ramstore/config_ramstore.h>
+#include <config/interface/config_store.h>
+#include <config/interface/config_blob.h>
#include <psa/crypto.h>
attestation_service_context::attestation_service_context(const char *sn) :
- standalone_service_context(sn),
- m_attest_provider(),
- m_event_log_claim_source(),
- m_boot_seed_claim_source(),
- m_lifecycle_claim_source(),
- m_instance_id_claim_source()
+ standalone_service_context(sn),
+ m_attest_provider(),
+ m_event_log_claim_source(),
+ m_boot_seed_claim_source(),
+ m_lifecycle_claim_source(),
+ m_instance_id_claim_source()
{
}
@@ -29,52 +32,66 @@ attestation_service_context::~attestation_service_context()
void attestation_service_context::do_init()
{
- struct claim_source *claim_source;
-
- /* For the standalone attestation service deployment, the
- * mbedcrypto library is used directly. Note that psa_crypto_init()
- * is allowed to be called multiple times.
- */
- psa_crypto_init();
-
- /**
- * Initialize and register claims sources to define the view of
- * the device reflected by the attestation service. On a real
- * device, the set of claim sources will be deployment specific
- * to accommodate specific device architecture and product
- * variations.
- */
- claims_register_init();
-
- /* Boot measurement claim source - uses mock event log */
- claim_source = event_log_claim_source_init(&m_event_log_claim_source,
- mock_event_log_start(), mock_event_log_size());
- claims_register_add_claim_source(CLAIM_CATEGORY_BOOT_MEASUREMENT, claim_source);
-
- /* Boot seed claim source */
- claim_source = boot_seed_generator_init(&m_boot_seed_claim_source);
- claims_register_add_claim_source(CLAIM_CATEGORY_DEVICE, claim_source);
-
- /* Lifecycle state claim source */
- claim_source = null_lifecycle_claim_source_init(&m_lifecycle_claim_source);
- claims_register_add_claim_source(CLAIM_CATEGORY_DEVICE, claim_source);
-
- /* Instance ID claim source */
- claim_source = instance_id_claim_source_init(&m_instance_id_claim_source);
- claims_register_add_claim_source(CLAIM_CATEGORY_DEVICE, claim_source);
-
- /* Initialize the attestation service provider */
- struct rpc_interface *attest_ep =
- attest_provider_init(&m_attest_provider, ATTEST_KEY_MNGR_VOLATILE_IAK);
-
- attest_provider_register_serializer(&m_attest_provider,
- TS_RPC_ENCODING_PACKED_C, packedc_attest_provider_serializer_instance());
-
- standalone_service_context::set_rpc_interface(attest_ep);
+ struct claim_source *claim_source;
+ struct config_blob event_log_blob;
+
+ /* For the standalone attestation service deployment, the
+ * mbedcrypto library is used directly. Note that psa_crypto_init()
+ * is allowed to be called multiple times.
+ */
+ psa_crypto_init();
+
+ /**
+ * Initialize the config_store and load dynamic parameters. For
+ * the attestation service provider, the TPM event log is expected
+ * to be loaded as a dynamic parameter.
+ */
+ config_ramstore_init();
+
+ event_log_blob.data = mock_event_log_start();
+ event_log_blob.data_len = mock_event_log_size();
+
+ config_store_add(CONFIG_CLASSIFIER_BLOB,
+ "EVENT_LOG", 0, &event_log_blob, sizeof(event_log_blob));
+
+ /**
+ * Initialize and register claims sources to define the view of
+ * the device reflected by the attestation service. On a real
+ * device, the set of claim sources will be deployment specific
+ * to accommodate specific device architecture and product
+ * variations.
+ */
+ claims_register_init();
+
+ /* Boot measurement claim source */
+ claim_source = event_log_claim_source_init_from_config(&m_event_log_claim_source);
+ claims_register_add_claim_source(CLAIM_CATEGORY_BOOT_MEASUREMENT, claim_source);
+
+ /* Boot seed claim source */
+ claim_source = boot_seed_generator_init(&m_boot_seed_claim_source);
+ claims_register_add_claim_source(CLAIM_CATEGORY_DEVICE, claim_source);
+
+ /* Lifecycle state claim source */
+ claim_source = null_lifecycle_claim_source_init(&m_lifecycle_claim_source);
+ claims_register_add_claim_source(CLAIM_CATEGORY_DEVICE, claim_source);
+
+ /* Instance ID claim source */
+ claim_source = instance_id_claim_source_init(&m_instance_id_claim_source);
+ claims_register_add_claim_source(CLAIM_CATEGORY_DEVICE, claim_source);
+
+ /* Initialize the attestation service provider */
+ struct rpc_interface *attest_ep =
+ attest_provider_init(&m_attest_provider, ATTEST_KEY_MNGR_VOLATILE_IAK);
+
+ attest_provider_register_serializer(&m_attest_provider,
+ TS_RPC_ENCODING_PACKED_C, packedc_attest_provider_serializer_instance());
+
+ standalone_service_context::set_rpc_interface(attest_ep);
}
void attestation_service_context::do_deinit()
{
- attest_provider_deinit(&m_attest_provider);
- claims_register_deinit();
+ attest_provider_deinit(&m_attest_provider);
+ claims_register_deinit();
+ config_ramstore_deinit();
}
diff --git a/deployments/attestation/opteesp/attestation_sp.c b/deployments/attestation/opteesp/attestation_sp.c
index ce455160b..f597e7ed3 100644
--- a/deployments/attestation/opteesp/attestation_sp.c
+++ b/deployments/attestation/opteesp/attestation_sp.c
@@ -23,7 +23,6 @@
/* Temporary dependencies */
-#include <service/attestation/claims/sources/event_log/mock/mock_event_log.h>
#include <psa/crypto.h>
@@ -43,9 +42,9 @@ void __noreturn sp_main(struct ffa_init_info *init_info)
/* Claim source objects */
struct claim_source *claim_source;
struct event_log_claim_source event_log_claim_source;
- struct boot_seed_generator boot_seed_claim_source;
- struct null_lifecycle_claim_source lifecycle_claim_source;
- struct instance_id_claim_source instance_id_claim_source;
+ struct boot_seed_generator boot_seed_claim_source;
+ struct null_lifecycle_claim_source lifecycle_claim_source;
+ struct instance_id_claim_source instance_id_claim_source;
/*********************************************************
* Boot phase
@@ -57,35 +56,34 @@ void __noreturn sp_main(struct ffa_init_info *init_info)
/**
* Register claim sources for deployment
- */
+ */
claims_register_init();
- /* Boot measurement claim source - uses mock event log */
- claim_source = event_log_claim_source_init(&event_log_claim_source,
- mock_event_log_start(), mock_event_log_size());
- claims_register_add_claim_source(CLAIM_CATEGORY_BOOT_MEASUREMENT, claim_source);
+ /* Boot measurement claim source */
+ claim_source = event_log_claim_source_init_from_config(&event_log_claim_source);
+ claims_register_add_claim_source(CLAIM_CATEGORY_BOOT_MEASUREMENT, claim_source);
- /* Boot seed claim source */
- claim_source = boot_seed_generator_init(&boot_seed_claim_source);
- claims_register_add_claim_source(CLAIM_CATEGORY_DEVICE, claim_source);
+ /* Boot seed claim source */
+ claim_source = boot_seed_generator_init(&boot_seed_claim_source);
+ claims_register_add_claim_source(CLAIM_CATEGORY_DEVICE, claim_source);
- /* Lifecycle state claim source */
- claim_source = null_lifecycle_claim_source_init(&lifecycle_claim_source);
- claims_register_add_claim_source(CLAIM_CATEGORY_DEVICE, claim_source);
+ /* Lifecycle state claim source */
+ claim_source = null_lifecycle_claim_source_init(&lifecycle_claim_source);
+ claims_register_add_claim_source(CLAIM_CATEGORY_DEVICE, claim_source);
- /* Instance ID claim source */
- claim_source = instance_id_claim_source_init(&instance_id_claim_source);
- claims_register_add_claim_source(CLAIM_CATEGORY_DEVICE, claim_source);
+ /* Instance ID claim source */
+ claim_source = instance_id_claim_source_init(&instance_id_claim_source);
+ claims_register_add_claim_source(CLAIM_CATEGORY_DEVICE, claim_source);
/**
* Initialize the service provider
- */
+ */
psa_crypto_init(); /* temporary */
- attest_iface = attest_provider_init(&attest_provider, ATTEST_KEY_MNGR_VOLATILE_IAK);
+ attest_iface = attest_provider_init(&attest_provider, ATTEST_KEY_MNGR_VOLATILE_IAK);
- attest_provider_register_serializer(&attest_provider,
- TS_RPC_ENCODING_PACKED_C, packedc_attest_provider_serializer_instance());
+ attest_provider_register_serializer(&attest_provider,
+ TS_RPC_ENCODING_PACKED_C, packedc_attest_provider_serializer_instance());
ffa_call_ep_init(&ffarpc_call_ep, attest_iface);
diff --git a/deployments/attestation/opteesp/default_attestation.dts.in b/deployments/attestation/opteesp/default_attestation.dts.in
index a18416472..1a7439742 100644
--- a/deployments/attestation/opteesp/default_attestation.dts.in
+++ b/deployments/attestation/opteesp/default_attestation.dts.in
@@ -16,4 +16,13 @@
execution-state = <0>; /* AArch64 */
xlat-granule = <0>; /* 4KiB */
messaging-method = <0>; /* Direct messaging only */
+
+ boot-params {
+ compatible = "arm,ffa-manifest-boot-params";
+
+ event-log {
+ param = "EVENT_LOG"; /* The init parameter name */
+ tag = "arm,event-log"; /* Object identifier */
+ };
+ };
};
diff --git a/deployments/crypto/opteesp/default_crypto.dts.in b/deployments/crypto/opteesp/default_crypto.dts.in
index 92b709b8b..2646239d9 100644
--- a/deployments/crypto/opteesp/default_crypto.dts.in
+++ b/deployments/crypto/opteesp/default_crypto.dts.in
@@ -16,4 +16,15 @@
execution-state = <0>; /* AArch64 */
xlat-granule = <0>; /* 4KiB */
messaging-method = <0>; /* Direct messaging only */
+
+ device-regions {
+ compatible = "arm,ffa-manifest-device-regions";
+
+ trng {
+ /* Armv8 A Foundation Platform values */
+ base-address = <0x00000000 0x7fe60000>;
+ pages-count = <1>;
+ attributes = <0x3>; /* read-write */
+ };
+ };
};
diff --git a/deployments/env-test/env_test.cmake b/deployments/env-test/env_test.cmake
index 12089a1b5..9c0926b84 100644
--- a/deployments/env-test/env_test.cmake
+++ b/deployments/env-test/env_test.cmake
@@ -16,7 +16,7 @@
#
#-------------------------------------------------------------------------------
add_components(
- TARGET "env_test"
+ TARGET "env-test"
BASE_DIR ${TS_ROOT}
COMPONENTS
"components/common/tlv"
@@ -45,4 +45,4 @@ add_components(
# Mbed TLS provides libmbedcrypto
include(${TS_ROOT}/external/MbedTLS/MbedTLS.cmake)
-target_link_libraries(env_test PRIVATE mbedcrypto)
+target_link_libraries(env-test PRIVATE mbedcrypto)
diff --git a/deployments/env-test/opteesp/CMakeLists.txt b/deployments/env-test/opteesp/CMakeLists.txt
index 3149ecd3d..044fae0fc 100644
--- a/deployments/env-test/opteesp/CMakeLists.txt
+++ b/deployments/env-test/opteesp/CMakeLists.txt
@@ -16,8 +16,8 @@ include(../../deployment.cmake REQUIRED)
#-------------------------------------------------------------------------------
include(${TS_ROOT}/environments/opteesp/env.cmake)
project(trusted-services LANGUAGES C ASM)
-add_executable(env_test)
-target_include_directories(env_test PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}")
+add_executable(env-test)
+target_include_directories(env-test PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}")
set(SP_UUID "33c75baf-ac6a-4fe4-8ac7-e9909bee2d17")
@@ -25,14 +25,14 @@ set(SP_UUID "33c75baf-ac6a-4fe4-8ac7-e9909bee2d17")
set(SP_DEV_KIT_INC_DIR ${CMAKE_CURRENT_LIST_DIR})
list(APPEND CMAKE_MODULE_PATH "${TS_ROOT}/external/Spdevkit")
find_package(Spdevkit REQUIRED)
-sp_dev_kit_configure_linking(TARGET env_test DEFINES ARM64=1)
-target_link_libraries(env_test PRIVATE ${SP_DEV_KIT_LIBRARIES})
+sp_dev_kit_configure_linking(TARGET env-test DEFINES ARM64=1)
+target_link_libraries(env-test PRIVATE ${SP_DEV_KIT_LIBRARIES})
#-------------------------------------------------------------------------------
-# Components that are env_testecific to deployment in the opteesp
+# Components that are env-test specific to deployment in the opteesp
# environment.
#-------------------------------------------------------------------------------
-add_components(TARGET "env_test"
+add_components(TARGET "env-test"
BASE_DIR ${TS_ROOT}
COMPONENTS
"components/config/loader/sp"
@@ -44,7 +44,7 @@ add_components(TARGET "env_test"
#-------------------------------------------------------------------------------
# Extend with components that are common across all deployments of
-# env_test
+# env-test
#
#-------------------------------------------------------------------------------
include(../env_test.cmake REQUIRED)
@@ -52,7 +52,7 @@ include(../env_test.cmake REQUIRED)
#-------------------------------------------------------------------------------
# Deployment specific source files
#-------------------------------------------------------------------------------
-target_sources(env_test PRIVATE
+target_sources(env-test PRIVATE
env_test.c
env_test_tests.c
)
@@ -64,26 +64,26 @@ target_sources(env_test PRIVATE
# temporarily force platform - remove when external builder updated
set(TS_PLATFORM "arm/fvp/fvp_base_revc-2xaemv8a" CACHE STRING "Overridden" FORCE)
-add_platform(TARGET "env_test")
+add_platform(TARGET "env-test")
if(CMAKE_CROSSCOMPILING)
- target_link_libraries(env_test PRIVATE stdc++ gcc m)
+ target_link_libraries(env-test PRIVATE stdc++ gcc m)
endif()
#################################################################
-target_compile_definitions(env_test PRIVATE
+target_compile_definitions(env-test PRIVATE
ARM64=1
)
-target_include_directories(env_test PRIVATE
+target_include_directories(env-test PRIVATE
${TS_ROOT}
${TS_ROOT}/components
${TS_ROOT}/deployments/env-test/opteesp
)
if(CMAKE_C_COMPILER_ID STREQUAL "GNU")
- target_compile_options(env_test PRIVATE
+ target_compile_options(env-test PRIVATE
-fdiagnostics-show-option
-fpic
-gdwarf-2
@@ -94,7 +94,7 @@ if(CMAKE_C_COMPILER_ID STREQUAL "GNU")
)
# Options for GCC that control linking
- target_link_options(env_test PRIVATE
+ target_link_options(env-test PRIVATE
-e __sp_entry
-fno-lto
-nostdlib
@@ -102,25 +102,30 @@ if(CMAKE_C_COMPILER_ID STREQUAL "GNU")
-zmax-page-size=4096
)
# Options directly for LD, these are not understood by GCC
- target_link_options(env_test PRIVATE
+ target_link_options(env-test PRIVATE
-Wl,--as-needed
-Wl,--sort-section=alignment
# -Wl,--dynamic-list ${CMAKE_CURRENT_LIST_DIR}/dyn_list
)
endif()
-compiler_generate_stripped_elf(TARGET env_test NAME "${SP_UUID}.stripped.elf" RES STRIPPED_ELF)
+compiler_generate_stripped_elf(TARGET env-test NAME "${SP_UUID}.stripped.elf" RES STRIPPED_ELF)
######################################## install
if (CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT)
set(CMAKE_INSTALL_PREFIX ${CMAKE_BINARY_DIR}/install CACHE PATH "location to install build output to." FORCE)
endif()
#TODO: api headers
-install(TARGETS env_test
- PUBLIC_HEADER DESTINATION include
- RUNTIME DESTINATION bin
+
+install(TARGETS env-test
+ PUBLIC_HEADER DESTINATION ${TS_ENV}/include
+ RUNTIME DESTINATION ${TS_ENV}/bin
)
-install(FILES ${STRIPPED_ELF} DESTINATION bin)
+install(FILES ${STRIPPED_ELF} DESTINATION ${TS_ENV}/bin)
+
+get_property(_PROTO_FILES TARGET env-test PROPERTY PROTOBUF_FILES)
+install(FILES ${_PROTO_FILES} DESTINATION ${TS_ENV}/lib/protobuf)
+
set(EXPORT_SP_NAME "env-test")
set(EXPORT_SP_UUID ${SP_UUID})
diff --git a/deployments/env-test/opteesp/default_env-test.dts.in b/deployments/env-test/opteesp/default_env-test.dts.in
new file mode 100644
index 000000000..f64a5faf8
--- /dev/null
+++ b/deployments/env-test/opteesp/default_env-test.dts.in
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+@DTS_TAG@
+
+@DTS_NODE@ {
+ compatible = "arm,ffa-manifest-1.0";
+ ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */
+ uuid = <@EXPORT_SP_UUID_DT@>;
+ description = "EnvTest";
+ execution-ctx-count = <1>;
+ exception-level = <1>; /* S-EL0 */
+ execution-state = <0>; /* AArch64 */
+ xlat-granule = <0>; /* 4KiB */
+ messaging-method = <0>; /* Direct messaging only */
+
+ memory-regions {
+ compatible = "arm,ffa-manifest-memory-regions";
+
+ /* Without optional base-address */
+ test-memory {
+ description = "test-memory";
+ pages-count = <4>;
+ attributes = <0x7>; /* read-write-execute */
+ };
+ };
+
+ device-regions {
+ compatible = "arm,ffa-manifest-device-regions";
+
+ trng {
+ /* Armv8 A Foundation Platform values */
+ base-address = <0x00000000 0x7fe60000>;
+ pages-count = <1>;
+ attributes = <0x3>; /* read-write */
+ };
+ };
+
+ boot-params {
+ compatible = "arm,ffa-manifest-boot-params";
+
+ event-log {
+ param = "EVENT_LOG"; /* The init parameter name */
+ tag = "arm,event-log"; /* Object identifier */
+ };
+ };
+};
diff --git a/deployments/env-test/opteesp/env_test.c b/deployments/env-test/opteesp/env_test.c
index 3df4c1adb..ff2f8dfe0 100644
--- a/deployments/env-test/opteesp/env_test.c
+++ b/deployments/env-test/opteesp/env_test.c
@@ -31,8 +31,6 @@ void __noreturn sp_main(struct ffa_init_info *init_info)
struct ffa_direct_msg req_msg;
/* Boot */
- (void) init_info;
-
if (sp_init(&own_id) != 0) goto fatal_error;
config_ramstore_init();
@@ -42,7 +40,7 @@ void __noreturn sp_main(struct ffa_init_info *init_info)
test_runner_iface = test_runner_provider_init(&test_runner_provider);
test_runner_provider_register_serializer(&test_runner_provider,
- TS_RPC_ENCODING_PACKED_C, packedc_test_runner_provider_serializer_instance());
+ TS_RPC_ENCODING_PACKED_C, packedc_test_runner_provider_serializer_instance());
env_test_register_tests(&test_runner_provider);
diff --git a/deployments/libts/linux-pc/CMakeLists.txt b/deployments/libts/linux-pc/CMakeLists.txt
index 842f70245..779e2d6fe 100644
--- a/deployments/libts/linux-pc/CMakeLists.txt
+++ b/deployments/libts/linux-pc/CMakeLists.txt
@@ -32,6 +32,7 @@ add_components(
"components/rpc/direct"
"components/common/tlv"
"components/common/endian"
+ "components/config/ramstore"
"components/service/common/include"
"components/service/common/serializer/protobuf"
"components/service/common/provider"