Add PoC of Arm DRTM specification version Beta-0
Change-Id: I26e6f2d4b2299edc246f5e8504d5d15b1399f640
diff --git a/drivers/arm/smmu/smmu_v3.c b/drivers/arm/smmu/smmu_v3.c
index a082a81..de47feb 100644
--- a/drivers/arm/smmu/smmu_v3.c
+++ b/drivers/arm/smmu/smmu_v3.c
@@ -13,7 +13,7 @@
/* SMMU poll number of retries */
#define SMMU_POLL_TIMEOUT_US U(1000)
-static int __init smmuv3_poll(uintptr_t smmu_reg, uint32_t mask,
+static int smmuv3_poll(uintptr_t smmu_reg, uint32_t mask,
uint32_t value)
{
uint32_t reg_val;
@@ -94,3 +94,45 @@
return smmuv3_poll(smmu_base + SMMU_S_INIT,
SMMU_S_INIT_INV_ALL, 0U);
}
+
+int smmuv3_ns_set_abort_all(uintptr_t smmu_base)
+{
+ /* Attribute update has completed when SMMU_GBPA.Update bit is 0 */
+ if (smmuv3_poll(smmu_base + SMMU_GBPA, SMMU_GBPA_UPDATE, 0U) != 0U)
+ return -1;
+
+ /*
+ * Set GBPA's ABORT bit. Other GBPA fields are presumably ignored then, so
+ * simply preserve their value.
+ */
+ mmio_setbits_32(smmu_base + SMMU_GBPA, SMMU_GBPA_UPDATE | SMMU_GBPA_ABORT);
+ if (smmuv3_poll(smmu_base + SMMU_GBPA, SMMU_GBPA_UPDATE, 0U) != 0U)
+ return -1;
+
+ /* Disable the SMMU to engage the GBPA fields previously configured. */
+ mmio_clrbits_32(smmu_base + SMMU_CR0, SMMU_CR0_SMMUEN);
+ if (smmuv3_poll(smmu_base + SMMU_CR0ACK, SMMU_CR0_SMMUEN, 0U) != 0U)
+ return -1;
+
+ return 0;
+}
+
+int smmuv3_ns_set_bypass_all(uintptr_t smmu_base)
+{
+ /* Attribute update has completed when SMMU_GBPA.Update bit is 0 */
+ if (smmuv3_poll(smmu_base + SMMU_GBPA, SMMU_GBPA_UPDATE, 0U) != 0U)
+ return -1;
+
+ /* Clear GBPA's ABORT bit. Other GBPA fields are preserved. */
+ mmio_clrsetbits_32(smmu_base + SMMU_GBPA,
+ SMMU_GBPA_ABORT, SMMU_GBPA_UPDATE);
+ if (smmuv3_poll(smmu_base + SMMU_GBPA, SMMU_GBPA_UPDATE, 0U) != 0U)
+ return -1;
+
+ /* Disable the SMMU to engage the GBPA fields previously configured. */
+ mmio_clrbits_32(smmu_base + SMMU_CR0, SMMU_CR0_SMMUEN);
+ if (smmuv3_poll(smmu_base + SMMU_CR0ACK, SMMU_CR0_SMMUEN, 0U) != 0U)
+ return -1;
+
+ return 0;
+}
diff --git a/drivers/auth/mbedtls/mbedtls_common.c b/drivers/auth/mbedtls/mbedtls_common.c
index 4a8efae..39b4b1c 100644
--- a/drivers/auth/mbedtls/mbedtls_common.c
+++ b/drivers/auth/mbedtls/mbedtls_common.c
@@ -13,7 +13,7 @@
#include <common/debug.h>
#include <drivers/auth/mbedtls/mbedtls_common.h>
-#include <drivers/auth/mbedtls/mbedtls_config.h>
+#include MBEDTLS_CONFIG_FILE
#include <plat/common/platform.h>
static void cleanup(void)
@@ -36,7 +36,16 @@
if (atexit(cleanup))
panic();
+#if DRTM_SUPPORT && defined(IMAGE_BL31)
+ /*
+ * XXX-LPT: Short-circuit the mbedtls heap linkage for DRTM.
+ * The heap linkage should ideally be integrated with the other sub-
+ * systems that require it (e.g. trusted board boot).
+ */
+ err = get_mbedtls_heap_helper(&heap_addr, &heap_size);
+#else
err = plat_get_mbedtls_heap(&heap_addr, &heap_size);
+#endif
/* Ensure heap setup is proper */
if (err < 0) {
diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
index 53ebe30..ace4312 100644
--- a/drivers/auth/mbedtls/mbedtls_common.mk
+++ b/drivers/auth/mbedtls/mbedtls_common.mk
@@ -16,7 +16,7 @@
MBEDTLS_INC = -I${MBEDTLS_DIR}/include
# Specify mbed TLS configuration file
-MBEDTLS_CONFIG_FILE := "<drivers/auth/mbedtls/mbedtls_config.h>"
+MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/mbedtls_config.h>"
$(eval $(call add_define,MBEDTLS_CONFIG_FILE))
MBEDTLS_SOURCES += drivers/auth/mbedtls/mbedtls_common.c
diff --git a/drivers/measured_boot/event_log.c b/drivers/measured_boot/event_log.c
index 727bdf5..26f0779 100644
--- a/drivers/measured_boot/event_log.c
+++ b/drivers/measured_boot/event_log.c
@@ -13,10 +13,17 @@
#include <common/debug.h>
#include <drivers/auth/crypto_mod.h>
#include <drivers/measured_boot/event_log.h>
+#include <lib/tpm/tpm_log.h>
#include <mbedtls/md.h>
#include <plat/common/platform.h>
+/*
+ * TODO: Remove dependency on private header, depend solely on
+ * lib/tpm/tpm_log.h instead.
+ */
+#include "../../lib/tpm/tpm_log_private.h"
+
/* Event Log data */
static uint8_t event_log[EVENT_LOG_SIZE];
@@ -35,17 +42,17 @@
static uintptr_t nt_fw_config_base;
/* TCG_EfiSpecIdEvent */
-static const id_event_headers_t id_event_header = {
- .header = {
- .pcr_index = PCR_0,
- .event_type = EV_NO_ACTION,
+static const id_event_container_t id_event_header = {
+ .container = {
+ .pcr_index = TPM_PCR_0,
+ .event_type = TPM_LOG_EV_NO_ACTION,
.digest = {0},
- .event_size = (uint32_t)(sizeof(id_event_struct_t) +
- (sizeof(id_event_algorithm_size_t) *
+ .event_size = (uint32_t)(sizeof(__id_event_t) +
+ (sizeof(id_event_alg_info_t) *
HASH_ALG_COUNT))
},
- .struct_header = {
+ .id_event_misc_data = {
.signature = TCG_ID_EVENT_SIGNATURE_03,
.platform_class = PLATFORM_CLASS_CLIENT,
.spec_version_minor = TCG_SPEC_VERSION_MINOR_TPM2,
@@ -62,13 +69,13 @@
* All EV_NO_ACTION events SHALL set
* TCG_PCR_EVENT2.pcrIndex = 0, unless otherwise specified
*/
- .pcr_index = PCR_0,
+ .pcr_index = TPM_PCR_0,
/*
* All EV_NO_ACTION events SHALL set
* TCG_PCR_EVENT2.eventType = 03h
*/
- .event_type = EV_NO_ACTION,
+ .event_type = TPM_LOG_EV_NO_ACTION,
/*
* All EV_NO_ACTION events SHALL set
@@ -82,7 +89,7 @@
/* Platform's table with platform specific image IDs, names and PCRs */
static const image_data_t plat_images_data[] = {
- { BL2_IMAGE_ID, BL2_STRING, PCR_0 }, /* Reserved for BL2 */
+ { BL2_IMAGE_ID, BL2_STRING, TPM_PCR_0 }, /* Reserved for BL2 */
{ INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */
};
@@ -140,21 +147,21 @@
((event2_header_t *)ptr)->pcr_index = image_ptr->pcr;
/* TCG_PCR_EVENT2.EventType */
- ((event2_header_t *)ptr)->event_type = EV_POST_CODE;
+ ((event2_header_t *)ptr)->event_type = TPM_LOG_EV_POST_CODE;
/* TCG_PCR_EVENT2.Digests.Count */
ptr = (uint8_t *)ptr + offsetof(event2_header_t, digests);
- ((tpml_digest_values *)ptr)->count = HASH_ALG_COUNT;
+ ((tpml_digest_values_t *)ptr)->count = HASH_ALG_COUNT;
/* TCG_PCR_EVENT2.Digests[] */
ptr = (uint8_t *)((uintptr_t)ptr +
- offsetof(tpml_digest_values, digests));
+ offsetof(tpml_digest_values_t, digests));
/* TCG_PCR_EVENT2.Digests[].AlgorithmId */
- ((tpmt_ha *)ptr)->algorithm_id = TPM_ALG_ID;
+ ((tpmt_ha_t *)ptr)->algorithm_id = TPM_ALG_ID;
/* TCG_PCR_EVENT2.Digests[].Digest[] */
- ptr = (uint8_t *)((uintptr_t)ptr + offsetof(tpmt_ha, digest));
+ ptr = (uint8_t *)((uintptr_t)ptr + offsetof(tpmt_ha_t, digest));
/* Check for space in Event Log buffer */
if (((uintptr_t)ptr + TCG_DIGEST_SIZE) > EVENT_LOG_END) {
@@ -210,17 +217,17 @@
ptr = (uint8_t *)((uintptr_t)ptr + sizeof(id_event_header));
/* TCG_EfiSpecIdEventAlgorithmSize structure */
- ((id_event_algorithm_size_t *)ptr)->algorithm_id = TPM_ALG_ID;
- ((id_event_algorithm_size_t *)ptr)->digest_size = TCG_DIGEST_SIZE;
- ptr = (uint8_t *)((uintptr_t)ptr + sizeof(id_event_algorithm_size_t));
+ ((id_event_alg_info_t *)ptr)->algorithm_id = TPM_ALG_ID;
+ ((id_event_alg_info_t *)ptr)->digest_size = TCG_DIGEST_SIZE;
+ ptr = (uint8_t *)((uintptr_t)ptr + sizeof(id_event_alg_info_t));
/*
* TCG_EfiSpecIDEventStruct.vendorInfoSize
* No vendor data
*/
- ((id_event_struct_data_t *)ptr)->vendor_info_size = 0;
+ ((id_event_vendor_data_t *)ptr)->vendor_info_size = 0;
ptr = (uint8_t *)((uintptr_t)ptr +
- offsetof(id_event_struct_data_t, vendor_info));
+ offsetof(id_event_vendor_data_t, vendor_info));
if ((uintptr_t)ptr != ((uintptr_t)event_log + ID_EVENT_SIZE)) {
panic();
}
@@ -240,16 +247,16 @@
ptr = (uint8_t *)((uintptr_t)ptr + sizeof(locality_event_header));
/* TCG_PCR_EVENT2.Digests[].AlgorithmId */
- ((tpmt_ha *)ptr)->algorithm_id = TPM_ALG_ID;
+ ((tpmt_ha_t *)ptr)->algorithm_id = TPM_ALG_ID;
/* TCG_PCR_EVENT2.Digests[].Digest[] */
- (void)memset(&((tpmt_ha *)ptr)->digest, 0, TPM_ALG_ID);
+ (void)memset(&((tpmt_ha_t *)ptr)->digest, 0, TPM_ALG_ID);
ptr = (uint8_t *)((uintptr_t)ptr +
- offsetof(tpmt_ha, digest) + TCG_DIGEST_SIZE);
+ offsetof(tpmt_ha_t, digest) + TCG_DIGEST_SIZE);
/* TCG_PCR_EVENT2.EventSize */
((event2_data_t *)ptr)->event_size =
- (uint32_t)sizeof(startup_locality_event_t);
+ (uint32_t)sizeof(startup_locality_event_data_t);
ptr = (uint8_t *)((uintptr_t)ptr + offsetof(event2_data_t, event));
/* TCG_EfiStartupLocalityEvent.Signature */
@@ -260,8 +267,8 @@
* TCG_EfiStartupLocalityEvent.StartupLocality = 0:
* the platform's boot firmware
*/
- ((startup_locality_event_t *)ptr)->startup_locality = 0U;
- ptr = (uint8_t *)((uintptr_t)ptr + sizeof(startup_locality_event_t));
+ ((startup_locality_event_data_t *)ptr)->startup_locality = 0U;
+ ptr = (uint8_t *)((uintptr_t)ptr + sizeof(startup_locality_event_data_t));
if ((uintptr_t)ptr != ((uintptr_t)start_ptr + LOC_EVENT_SIZE)) {
panic();
}
diff --git a/drivers/measured_boot/event_print.c b/drivers/measured_boot/event_print.c
index 84ed4b1..2054f93 100644
--- a/drivers/measured_boot/event_print.c
+++ b/drivers/measured_boot/event_print.c
@@ -9,6 +9,13 @@
#include <common/debug.h>
#include <drivers/measured_boot/event_log.h>
+#include <lib/tpm/tpm_log.h>
+
+/*
+ * TODO: Remove dependency on private header, depend solely on
+ * lib/tpm/tpm_log.h instead.
+ */
+#include "../../lib/tpm/tpm_log_private.h"
#if LOG_LEVEL >= EVENT_LOG_LEVEL
@@ -23,8 +30,8 @@
unsigned int i;
uint8_t info_size, *info_size_ptr;
void *ptr = *log_addr;
- id_event_headers_t *event = (id_event_headers_t *)ptr;
- id_event_algorithm_size_t *alg_ptr;
+ id_event_container_t *event = (id_event_container_t *)ptr;
+ id_event_alg_info_t *alg_ptr;
uint32_t event_size, number_of_algorithms;
size_t digest_len;
#if ENABLE_ASSERTIONS
@@ -32,22 +39,22 @@
bool valid = true;
#endif
- assert(*log_size >= sizeof(id_event_headers_t));
+ assert(*log_size >= sizeof(id_event_container_t));
/* The fields of the event log header are defined to be PCRIndex of 0,
* EventType of EV_NO_ACTION, Digest of 20 bytes of 0, and
* Event content defined as TCG_EfiSpecIDEventStruct.
*/
LOG_EVENT("TCG_EfiSpecIDEvent:\n");
- LOG_EVENT(" PCRIndex : %u\n", event->header.pcr_index);
- assert(event->header.pcr_index == (uint32_t)PCR_0);
+ LOG_EVENT(" PCRIndex : %u\n", event->container.pcr_index);
+ assert(event->container.pcr_index == (uint32_t)TPM_PCR_0);
- LOG_EVENT(" EventType : %u\n", event->header.event_type);
- assert(event->header.event_type == EV_NO_ACTION);
+ LOG_EVENT(" EventType : %u\n", event->container.event_type);
+ assert(event->container.event_type == TPM_LOG_EV_NO_ACTION);
LOG_EVENT(" Digest :");
- for (i = 0U; i < sizeof(event->header.digest); ++i) {
- uint8_t val = event->header.digest[i];
+ for (i = 0U; i < sizeof(event->container.digest); ++i) {
+ uint8_t val = event->container.digest[i];
(void)printf(" %02x", val);
if ((i & U(0xF)) == 0U) {
@@ -67,29 +74,29 @@
assert(valid);
/* EventSize */
- event_size = event->header.event_size;
+ event_size = event->container.event_size;
LOG_EVENT(" EventSize : %u\n", event_size);
LOG_EVENT(" Signature : %s\n",
- event->struct_header.signature);
+ event->id_event_misc_data.signature);
LOG_EVENT(" PlatformClass : %u\n",
- event->struct_header.platform_class);
+ event->id_event_misc_data.platform_class);
LOG_EVENT(" SpecVersion : %u.%u.%u\n",
- event->struct_header.spec_version_major,
- event->struct_header.spec_version_minor,
- event->struct_header.spec_errata);
+ event->id_event_misc_data.spec_version_major,
+ event->id_event_misc_data.spec_version_minor,
+ event->id_event_misc_data.spec_errata);
LOG_EVENT(" UintnSize : %u\n",
- event->struct_header.uintn_size);
+ event->id_event_misc_data.uintn_size);
/* NumberOfAlgorithms */
- number_of_algorithms = event->struct_header.number_of_algorithms;
+ number_of_algorithms = event->id_event_misc_data.number_of_algorithms;
LOG_EVENT(" NumberOfAlgorithms : %u\n", number_of_algorithms);
/* Address of DigestSizes[] */
- alg_ptr = event->struct_header.digest_size;
+ alg_ptr = event->id_event_misc_data.digest_sizes;
/* Size of DigestSizes[] */
- digest_len = number_of_algorithms * sizeof(id_event_algorithm_size_t);
+ digest_len = number_of_algorithms * sizeof(id_event_alg_info_t);
assert(((uintptr_t)alg_ptr + digest_len) <= (uintptr_t)end_ptr);
LOG_EVENT(" DigestSizes :\n");
@@ -128,7 +135,7 @@
assert(((uintptr_t)info_size_ptr + info_size) <= (uintptr_t)end_ptr);
/* Check EventSize */
- assert(event_size == (sizeof(id_event_struct_t) +
+ assert(event_size == (sizeof(__id_event_t) +
digest_len + info_size));
if (info_size != 0U) {
LOG_EVENT(" VendorInfo :");
@@ -175,10 +182,10 @@
for (unsigned int i = 0U; i < count; ++i) {
/* Check AlgorithmId address */
assert(((uintptr_t)ptr +
- offsetof(tpmt_ha, digest)) <= (uintptr_t)end_ptr);
+ offsetof(tpmt_ha_t, digest)) <= (uintptr_t)end_ptr);
LOG_EVENT(" #%u AlgorithmId : SHA", i);
- switch (((tpmt_ha *)ptr)->algorithm_id) {
+ switch (((tpmt_ha_t *)ptr)->algorithm_id) {
case TPM_ALG_SHA256:
sha_size = SHA256_DIGEST_SIZE;
(void)printf("256\n");
@@ -194,12 +201,12 @@
default:
(void)printf("?\n");
ERROR("Algorithm 0x%x not found\n",
- ((tpmt_ha *)ptr)->algorithm_id);
+ ((tpmt_ha_t *)ptr)->algorithm_id);
panic();
}
/* End of Digest[] */
- ptr = (uint8_t *)((uintptr_t)ptr + offsetof(tpmt_ha, digest));
+ ptr = (uint8_t *)((uintptr_t)ptr + offsetof(tpmt_ha_t, digest));
assert(((uintptr_t)ptr + sha_size) <= (uintptr_t)end_ptr);
/* Total size of all digests */
@@ -229,12 +236,12 @@
/* End of TCG_PCR_EVENT2.Event[EventSize] */
assert(((uintptr_t)ptr + event_size) <= (uintptr_t)end_ptr);
- if ((event_size == sizeof(startup_locality_event_t)) &&
+ if ((event_size == sizeof(startup_locality_event_data_t)) &&
(strcmp((const char *)ptr, TCG_STARTUP_LOCALITY_SIGNATURE) == 0)) {
LOG_EVENT(" Signature : %s\n",
- ((startup_locality_event_t *)ptr)->signature);
+ ((startup_locality_event_data_t *)ptr)->signature);
LOG_EVENT(" StartupLocality : %u\n",
- ((startup_locality_event_t *)ptr)->startup_locality);
+ ((startup_locality_event_data_t *)ptr)->startup_locality);
} else {
LOG_EVENT(" Event : %s\n", (uint8_t *)ptr);
}