| Maulik Patel | d314270 | 2022-06-22 10:09:13 +0100 | [diff] [blame] | 1 | ####################################### |
| 2 | Measured Boot Service Integration Guide |
| 3 | ####################################### |
| 4 | |
| 5 | Introduction |
| 6 | ************ |
| 7 | Measured Boot partition provides services to extend and read |
| 8 | measurements (hash values and metadata) during various stages of a power cycle. |
| 9 | These measurements can be extended and read by any application/service |
| 10 | (secure or non-secure). |
| 11 | |
| 12 | ************ |
| 13 | Measurements |
| 14 | ************ |
| 15 | The initial attestation token (required by attestation service) is formed of |
| 16 | various claims. Each software component claim comprises of the following |
| 17 | measurements which are extended and read by Measured Boot services. |
| 18 | |
| 19 | - **Measurement type**: It represents the role of the |
| 20 | software component. Value is encoded as a short(!) text string. |
| 21 | |
| 22 | - **Measurement value**: It represents a hash of the invariant software |
| 23 | component in memory at start-up time. The value must be a cryptographic |
| 24 | hash of 256 bits or stronger. Value is encoded as a byte string. |
| 25 | |
| 26 | - **Version**: It represents the issued software version. Value is encoded |
| 27 | as a text string. |
| 28 | |
| 29 | - **Signer ID**: It represents the hash of a signing authority public key. |
| 30 | Value is encoded as a byte string. |
| 31 | |
| 32 | - **Measurement description**: It represents the way in which the |
| 33 | measurement value of the software component is computed. Value is |
| 34 | encoded as text string containing an abbreviated description (name) of |
| 35 | the measurement method. |
| 36 | |
| 37 | ************** |
| 38 | Code structure |
| 39 | ************** |
| 40 | |
| 41 | The TF-M Measured Boot Service source and header files are located in current |
| 42 | directory. The interfaces for the measured boot service are located in the |
| 43 | ``interface/include``. The headers to be included by applications that want |
| 44 | to use functions from the API is ``measured_boot_api.h`` and |
| 45 | ``measured_boot_defs.h``. |
| 46 | |
| 47 | Service source files |
| 48 | ==================== |
| 49 | |
| 50 | - Measured Boot Service: |
| 51 | - ``measured_boot.c`` : Implements core functionalities such as |
| 52 | implementation of APIs, extension and reading of measurements. |
| 53 | - ``measured_boot_api.c``: Implements the secure API layer to |
| 54 | allow other services in the secure domain to request functionalities |
| 55 | from the measured boot service using the PSA API interface. |
| 56 | - ``measured_boot_req_mngr.c``: Includes the initialization entry of |
| 57 | measured boot service and handles service requests in IPC model. |
| 58 | |
| 59 | Measured Boot Interfaces |
| 60 | ======================== |
| 61 | |
| 62 | The TF-M Measured Boot service exposes the following interfaces: |
| 63 | |
| 64 | .. code-block:: c |
| 65 | |
| 66 | psa_status_t tfm_measured_boot_read_measurement( |
| 67 | uint8_t index, |
| 68 | uint8_t *signer_id, |
| 69 | size_t signer_id_size, |
| 70 | size_t *signer_id_len, |
| 71 | uint8_t *version, |
| 72 | size_t version_size, |
| 73 | size_t *version_len, |
| 74 | uint32_t *measurement_algo, |
| 75 | uint8_t *sw_type, |
| 76 | size_t sw_type_size, |
| 77 | size_t *sw_type_len, |
| 78 | uint8_t *measurement_value, |
| 79 | size_t measurement_value_size, |
| 80 | size_t *measurement_value_len, |
| 81 | bool *is_locked); |
| 82 | psa_status_t tfm_measured_boot_extend_measurement( |
| 83 | uint8_t index, |
| 84 | const uint8_t *signer_id, |
| 85 | size_t signer_id_size, |
| 86 | const uint8_t *version, |
| 87 | size_t version_size, |
| 88 | uint32_t measurement_algo, |
| 89 | const uint8_t *sw_type, |
| 90 | size_t sw_type_size, |
| 91 | const uint8_t *measurement_value, |
| 92 | size_t measurement_value_size, |
| 93 | bool lock_measurement); |
| 94 | |
| 95 | When reading measurement, the caller must allocate large enough |
| 96 | buffers to accommodate data for all the output measurement parameters. |
| 97 | The definitions ``SIGNER_ID_MAX_SIZE``, ``VERSION_MAX_SIZE``, |
| 98 | ``SW_TYPE_MAX_SIZE``, and ``MEASUREMENT_VALUE_MAX_SIZE`` can be used to |
| 99 | determine the required size of the buffers. |
| 100 | |
| 101 | System integrators might need to port these interfaces to a custom secure |
| 102 | partition manager implementation (SPM). Implementations in TF-M project can be |
| 103 | found in tf-m-extras repository. |
| 104 | |
| 105 | - ``partitions/measured_boot/interface/src/measured_boot_api.c``: |
| 106 | non-secure as well as secure interface implementation |
| 107 | |
| 108 | Related compile time options for out of tree build |
| 109 | -------------------------------------------------- |
| 110 | - ``TFM_PARTITION_MEASURED_BOOT``: To include measured boot secure partition |
| 111 | and its services, its value should be ON. By default, it is switched OFF. |
| 112 | |
| 113 | - ``MEASURED_BOOT_HASH_ALG``: This option selects the hash algorithm used |
| 114 | for extension of measurement hashes. Its default value is PSA_ALG_SHA_256. |
| 115 | |
| 116 | - ``TFM_EXTRA_MANIFEST_LIST_FILES``: <tf-m-extras-repo>/partitions/ |
| 117 | measured_boot/measured_boot_manifest_list.yaml |
| 118 | |
| 119 | - ``TFM_EXTRA_PARTITION_PATHS``: <tf-m-extras-repo>/partitions/measured_boot |
| 120 | |
| 121 | ************ |
| 122 | Verification |
| 123 | ************ |
| 124 | |
| 125 | Regression test |
| 126 | =============== |
| 127 | |
| 128 | To be implemented. |
| 129 | |
| 130 | -------------- |
| 131 | |
| 132 | *Copyright (c) 2022, Arm Limited. All rights reserved.* |