Add support to build (and run) an image with Measured Boot and fTPM support. This patch enables Measured Boot on TF-A and builds the TSS tools and the TPM Kernel Module for the FVP toolkit. The functionality is disabled by default. To enable it, build with MEASURED_BOOT=y. Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com> Reviewed-by: Jerome Forissier <jerome@forissier.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

commit: cf568484e8e8ced0b4a884f4750ff0cacfa82c0f [log] [tgz]
author: Javier Almansa Sobrino <javier.almansasobrino@arm.com> Wed Feb 26 11:51:45 2020 +0000
committer: Jérôme Forissier <jerome@forissier.org> Wed Jun 30 18:32:14 2021 +0200
tree: b8b9cfb1f809b16ab6b9481f5812718fbd571ebd
parent: 24606793c70be5ff85f48d585f50144f62bceee2 [diff]
diff --git a/br-ext/Config.in b/br-ext/Config.in
index 276e971..db39e6d 100644
--- a/br-ext/Config.in
+++ b/br-ext/Config.in

@@ -4,3 +4,5 @@
 source "$BR2_EXTERNAL_OPTEE_PATH/package/optee_examples_ext/Config.in"
 source "$BR2_EXTERNAL_OPTEE_PATH/package/optee_benchmark_ext/Config.in"
 source "$BR2_EXTERNAL_OPTEE_PATH/package/opensc/Config.in"
+source "$BR2_EXTERNAL_OPTEE_PATH/package/ftpm_optee_ext/Config.in"
+source "$BR2_EXTERNAL_OPTEE_PATH/package/linux_ftpm_mod_ext/Config.in"

diff --git a/br-ext/board/fvp/overlay/etc/profile.d/ftpm_alias.sh b/br-ext/board/fvp/overlay/etc/profile.d/ftpm_alias.sh
new file mode 100644
index 0000000..9201c4a
--- /dev/null
+++ b/br-ext/board/fvp/overlay/etc/profile.d/ftpm_alias.sh

@@ -0,0 +1,6 @@
+alias ftpm_mod='insmod /lib/modules/extra/tpm_ftpm_tee.ko'
+alias ftpm_getpcr='tpm2_pcrread'
+
+alias ftpm='ftpm_mod && ftpm_getpcr'
+
+alias ll='ls -al'

diff --git a/br-ext/configs/ftpm_optee b/br-ext/configs/ftpm_optee
new file mode 100644
index 0000000..b4a284e
--- /dev/null
+++ b/br-ext/configs/ftpm_optee

@@ -0,0 +1 @@
+BR2_PACKAGE_FTPM_OPTEE_EXT=y

diff --git a/br-ext/configs/linux_ftpm b/br-ext/configs/linux_ftpm
new file mode 100644
index 0000000..82e47bd
--- /dev/null
+++ b/br-ext/configs/linux_ftpm

@@ -0,0 +1 @@
+BR2_PACKAGE_LINUX_FTPM_MOD_EXT=y

diff --git a/br-ext/configs/tss b/br-ext/configs/tss
new file mode 100644
index 0000000..c10abeb
--- /dev/null
+++ b/br-ext/configs/tss

@@ -0,0 +1 @@
+BR2_PACKAGE_TPM2_TOOLS=y

diff --git a/br-ext/package/ftpm_optee_ext/CMakeLists.txt b/br-ext/package/ftpm_optee_ext/CMakeLists.txt
new file mode 100644
index 0000000..907b41d
--- /dev/null
+++ b/br-ext/package/ftpm_optee_ext/CMakeLists.txt

@@ -0,0 +1,3 @@
+# This is a dummy Makefile. When this package is invoked, the fTPM service
+# has been built already.
+install(FILES /dev/null DESTINATION /dev/null)

diff --git a/br-ext/package/ftpm_optee_ext/Config.in b/br-ext/package/ftpm_optee_ext/Config.in
new file mode 100644
index 0000000..105a898
--- /dev/null
+++ b/br-ext/package/ftpm_optee_ext/Config.in

@@ -0,0 +1,29 @@
+config BR2_PACKAGE_FTPM_OPTEE_EXT
+       bool "Enable fTPM based on OPTEE"
+       depends on BR2_PACKAGE_OPTEE_OS_EXT
+       select BR2_PACKAGE_OPTEE_OS_EXT
+       help
+         fTPM, http://github.com/microsoft/ms-tpm-20-ref.
+	 NOTE: This package currently only takes care of installing files
+	 into the root FS, that have been compiled already.
+	 The build of the OPTEE fTPM service is assumed to have been done
+	 previously.
+
+config BR2_PACKAGE_FTPM_OPTEE_EXT_SITE
+	string "FTPM_OPTEE installation package path"
+	default ""
+	help
+	  The path to this installation package.
+
+config BR2_PACKAGE_FTPM_OPTEE_PACKAGE_SITE
+	string "Path to the TPM 2.0 Reference Implementation"
+	default ""
+	help
+	  The path to this installation package.
+
+config BR2_PACKAGE_FTPM_OPTEE_EXT_TA_SRC
+       string "Path of the fTPM sources within the TPM Ref. Implementation"
+       default "Samples/ARM32-FirmwareTPM/optee_ta"
+       help
+         The path, relative to where the TPM 2.0 Reference Implementation
+	 is installed, where the sources for the fTPM can be found.

diff --git a/br-ext/package/ftpm_optee_ext/ftpm_optee_ext.mk b/br-ext/package/ftpm_optee_ext/ftpm_optee_ext.mk
new file mode 100644
index 0000000..9473cca
--- /dev/null
+++ b/br-ext/package/ftpm_optee_ext/ftpm_optee_ext.mk

@@ -0,0 +1,18 @@
+FTPM_OPTEE_EXT_VERSION = 1.0
+FTPM_OPTEE_EXT_SOURCE = local
+FTPM_OPTEE_EXT_SITE = $(BR2_PACKAGE_FTPM_OPTEE_EXT_SITE)
+FTPM_OPTEE_EXT_SRC = $(BR2_PACKAGE_FTPM_OPTEE_PACKAGE_SITE)
+FTPM_OPTEE_EXT_SITE_METHOD = local
+FTPM_OPTEE_EXT_TA_SRC = $(BR2_PACKAGE_FTPM_OPTEE_EXT_TA_SRC)
+
+define FTPM_OPTEE_EXT_INSTALL_TA
+	echo "Installing fTPM based on OPTEE" && \
+		mkdir -p $(TARGET_DIR)/lib/optee_armtz && \
+		$(INSTALL) -v -p --mode=444 \
+		--target-directory=$(TARGET_DIR)/lib/optee_armtz \
+		$(FTPM_OPTEE_EXT_SRC)/$(FTPM_OPTEE_EXT_TA_SRC)/out/fTPM/bc50d971-d4c9-42c4-82cb-343fb7f37896.ta
+endef
+
+FTPM_OPTEE_EXT_POST_INSTALL_TARGET_HOOKS += FTPM_OPTEE_EXT_INSTALL_TA
+
+$(eval $(cmake-package))

diff --git a/br-ext/package/linux_ftpm_mod_ext/CMakeLists.txt b/br-ext/package/linux_ftpm_mod_ext/CMakeLists.txt
new file mode 100644
index 0000000..d2a0632
--- /dev/null
+++ b/br-ext/package/linux_ftpm_mod_ext/CMakeLists.txt

@@ -0,0 +1,3 @@
+# This is a dummy Makefile. When this package is invoked, the TPM Kernel
+# module has been built already.
+install(FILES /dev/null DESTINATION /dev/null)

diff --git a/br-ext/package/linux_ftpm_mod_ext/Config.in b/br-ext/package/linux_ftpm_mod_ext/Config.in
new file mode 100644
index 0000000..02d40d5
--- /dev/null
+++ b/br-ext/package/linux_ftpm_mod_ext/Config.in

@@ -0,0 +1,20 @@
+config BR2_PACKAGE_LINUX_FTPM_MOD_EXT
+       bool "Enable TPM Kernel module"
+       help
+         Enable TPM Kernel module.
+	 NOTE: This package currently only takes care of installing files
+	 into the root FS, that have been compiled already.
+	 The build of the TPM Kernel module is assumed to have been done
+	 previously.
+
+config BR2_PACKAGE_LINUX_FTPM_MOD_EXT_SITE
+	string "TPM Kernel Module installation package path"
+	default ""
+	help
+	  The path to this installation package.
+
+config BR2_PACKAGE_LINUX_FTPM_MOD_EXT_PATH
+	string "Path to the TPM Kernel module"
+	default ""
+	help
+	  The path of the TPM Kernel sources.

diff --git a/br-ext/package/linux_ftpm_mod_ext/linux_ftpm_mod_ext.mk b/br-ext/package/linux_ftpm_mod_ext/linux_ftpm_mod_ext.mk
new file mode 100644
index 0000000..6df8a73
--- /dev/null
+++ b/br-ext/package/linux_ftpm_mod_ext/linux_ftpm_mod_ext.mk

@@ -0,0 +1,18 @@
+LINUX_FTPM_MOD_EXT_VERSION = 1.0
+LINUX_FTPM_MOD_EXT_SOURCE = local
+LINUX_FTPM_MOD_EXT_SITE = $(BR2_PACKAGE_LINUX_FTPM_MOD_EXT_SITE)
+LINUX_FTPM_MOD_EXT_PATH = $(BR2_PACKAGE_LINUX_FTPM_MOD_EXT_PATH)
+LINUX_FTPM_MOD_EXT_SITE_METHOD = local
+LINUX_FTPM_MOD_EXT_INSTALL_DIR=$(TARGET_DIR)/lib/modules/extra
+
+define LINUX_FTPM_MOD_EXT_INSTALL
+	echo "Installing TPM kernel module" && \
+		mkdir -p $(LINUX_FTPM_MOD_EXT_INSTALL_DIR)
+		$(INSTALL) -v -p --mode=444 \
+		--target-directory=$(LINUX_FTPM_MOD_EXT_INSTALL_DIR) \
+		$(LINUX_FTPM_MOD_EXT_PATH)/drivers/char/tpm/tpm_ftpm_tee.ko
+endef
+
+LINUX_FTPM_MOD_EXT_POST_INSTALL_TARGET_HOOKS += LINUX_FTPM_MOD_EXT_INSTALL
+
+$(eval $(cmake-package))
commit	cf568484e8e8ced0b4a884f4750ff0cacfa82c0f	[log] [tgz]
author	Javier Almansa Sobrino <javier.almansasobrino@arm.com>	Wed Feb 26 11:51:45 2020 +0000
committer	Jérôme Forissier <jerome@forissier.org>	Wed Jun 30 18:32:14 2021 +0200
tree	b8b9cfb1f809b16ab6b9481f5812718fbd571ebd
parent	24606793c70be5ff85f48d585f50144f62bceee2 [diff]