TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / tf-m-extras / 90d89a0b4e5ca0394fdcb2a119665d17585c68e2 / . / partitions / measured_boot / measured_boot_req_mngr.c
blob: 83157b22a8cabc132655f81e9d78e469debe8862 [file] [log] [blame]
Maulik Pateld3142702022-06-22 10:09:13 +0100[diff] [blame]1/*
Jackson Cooper-Driver90d89a02025-03-03 16:41:37 +0000[diff] [blame^]2 * SPDX-FileCopyrightText: Copyright The TrustedFirmware-M Contributors
Maulik Pateld3142702022-06-22 10:09:13 +0100[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
8#include <string.h>
9#include "measured_boot.h"
10#include "measured_boot_defs.h"
Jackson Cooper-Driver90d89a02025-03-03 16:41:37 +0000[diff] [blame^]11#include "tfm_log_unpriv.h"
Maulik Pateld3142702022-06-22 10:09:13 +0100[diff] [blame]12
13#include "psa/service.h"
14#include "psa_manifest/pid.h"
15#include "psa/crypto.h"
16#include "psa_manifest/tfm_measured_boot.h"
17
Jamie Fox6ab56cc2023-07-04 14:51:18 +0100[diff] [blame]18#define MIN(x, y) (((x) < (y)) ? (x) : (y))
19
Maulik Pateld3142702022-06-22 10:09:13 +0100[diff] [blame]20/* TODO: This info will be used later on as input to decide access control */
21static int32_t g_measured_boot_caller_id;
22
23static psa_status_t read_measurements(const psa_msg_t *msg)
24{
25 struct measured_boot_read_iovec_in_t read_iov_in;
26 struct measured_boot_read_iovec_out_t read_iov_out;
27 size_t signer_id_len, measurement_value_len;
28 size_t num;
29 size_t signer_id_size, measurement_value_size;
30 uint8_t signer_id[SIGNER_ID_MAX_SIZE] = {0};
31 uint8_t measurement_value[MEASUREMENT_VALUE_SIZE] = {0};
32 psa_status_t status;
33
34 /* store the client ID here for later use in service */
35 g_measured_boot_caller_id = msg->client_id;
36
Jamie Fox6ab56cc2023-07-04 14:51:18 +0100[diff] [blame]37 /* Limit requested sizes to the size of the local buffers */
38 signer_id_size = MIN(msg->out_size[1], sizeof(signer_id));
39 measurement_value_size = MIN(msg->out_size[2], sizeof(measurement_value));
Maulik Pateld3142702022-06-22 10:09:13 +0100[diff] [blame]40
41 /* Check input parameter */
42 if ((msg->in_size[0] != sizeof(struct measured_boot_read_iovec_in_t)) ||
43 (msg->out_size[0] != sizeof(struct measured_boot_read_iovec_out_t))) {
44 return PSA_ERROR_PROGRAMMER_ERROR;
45 }
46
47 num = psa_read(msg->handle, 0, &read_iov_in, sizeof(read_iov_in));
48 if (num != sizeof(read_iov_in)) {
49 return PSA_ERROR_PROGRAMMER_ERROR;
50 }
51
52 /* Validate requested slot number */
53 if (read_iov_in.index >= NUM_OF_MEASUREMENT_SLOTS) {
54 return PSA_ERROR_INVALID_ARGUMENT;
55 }
56
57 memset(&read_iov_out, 0, sizeof(read_iov_out));
58
59 status = measured_boot_read_measurement(read_iov_in.index,
60 &signer_id[0],
61 signer_id_size,
62 &signer_id_len,
63 &read_iov_out.version[0],
64 read_iov_in.version_size,
65 &read_iov_out.version_len,
66 &read_iov_out.measurement_algo,
67 &read_iov_out.sw_type[0],
68 read_iov_in.sw_type_size,
69 &read_iov_out.sw_type_len,
70 &measurement_value[0],
71 measurement_value_size,
72 &measurement_value_len,
73 &read_iov_out.is_locked);
74
75 if (status == PSA_SUCCESS) {
76 psa_write(msg->handle, 0, &read_iov_out, sizeof(read_iov_out));
77 psa_write(msg->handle, 1, &signer_id[0], signer_id_len);
78 psa_write(msg->handle, 2, &measurement_value[0], measurement_value_len);
79 }
80
81 return status;
82}
83
84static psa_status_t extend_measurement(const psa_msg_t *msg)
85{
86 struct measured_boot_extend_iovec_t extend_iov;
87 size_t num;
88 size_t signer_id_size;
89 size_t version_size;
90 size_t measurement_value_size;
91 uint8_t signer_id[SIGNER_ID_MAX_SIZE] = {0};
92 uint8_t version[VERSION_MAX_SIZE] = {0};
93 uint8_t measurement_value[MEASUREMENT_VALUE_MAX_SIZE] = {0};
94
95 /* store the client ID here for later use in service */
96 g_measured_boot_caller_id = msg->client_id;
97
98 /* Check input parameter */
99 if (msg->in_size[0] != sizeof(struct measured_boot_extend_iovec_t)) {
100 return PSA_ERROR_PROGRAMMER_ERROR;
101 }
102
103 signer_id_size = msg->in_size[1];
104 version_size = msg->in_size[2];
105 measurement_value_size = msg->in_size[3];
106
107 memset(&extend_iov, 0, sizeof(extend_iov));
108 num = psa_read(msg->handle, 0, &extend_iov,
109 sizeof(struct measured_boot_extend_iovec_t));
110 if (num != sizeof(struct measured_boot_extend_iovec_t)) {
111 return PSA_ERROR_PROGRAMMER_ERROR;
112 }
113
114 /* Validate size limits of input parameters */
115 if ((signer_id_size < SIGNER_ID_MIN_SIZE) ||
116 (signer_id_size > SIGNER_ID_MAX_SIZE) ||
117 (version_size > VERSION_MAX_SIZE) ||
118 (measurement_value_size < MEASUREMENT_VALUE_MIN_SIZE) ||
119 (measurement_value_size > MEASUREMENT_VALUE_MAX_SIZE) ||
120 (extend_iov.sw_type_size > SW_TYPE_MAX_SIZE)) {
121 return PSA_ERROR_INVALID_ARGUMENT;
122 }
123
124 /* Validate requested slot number */
125 if (extend_iov.index >= NUM_OF_MEASUREMENT_SLOTS) {
126 return PSA_ERROR_INVALID_ARGUMENT;
127 }
128
129 num = psa_read(msg->handle, 1, signer_id, signer_id_size);
130 if (num != signer_id_size) {
131 return PSA_ERROR_PROGRAMMER_ERROR;
132 }
133
134 num = psa_read(msg->handle, 2, version, version_size);
135 if (num != version_size) {
136 return PSA_ERROR_PROGRAMMER_ERROR;
137 }
138
139 num = psa_read(msg->handle, 3, &measurement_value[0],
140 measurement_value_size);
141 if (num != measurement_value_size) {
142 return PSA_ERROR_PROGRAMMER_ERROR;
143 }
144
145 return measured_boot_extend_measurement(extend_iov.index,
146 signer_id,
147 signer_id_size,
148 version,
149 version_size,
150 extend_iov.measurement_algo,
151 &extend_iov.sw_type[0],
152 extend_iov.sw_type_size,
153 measurement_value,
154 measurement_value_size,
155 extend_iov.lock_measurement);
156}
157
Maulik Pateld3142702022-06-22 10:09:13 +0100[diff] [blame]158/**
159 * \brief The measured_boot partition's entry function.
160 */
161psa_status_t tfm_measured_boot_init(void)
162{
163 psa_status_t status = PSA_SUCCESS;
164
165 /* Initialise all measurements & related metadata */
166 initialise_all_measurements();
167
Jackson Cooper-Driver90d89a02025-03-03 16:41:37 +0000[diff] [blame^]168 VERBOSE_UNPRIV_RAW("Measured Boot : selected algorithm: %x\n",
Maulik Pateld3142702022-06-22 10:09:13 +0100[diff] [blame]169 TFM_MEASURED_BOOT_HASH_ALG);
170
Jamie Fox5fb7a132022-08-01 17:26:03 +0100[diff] [blame]171#ifdef CONFIG_TFM_BOOT_STORE_MEASUREMENTS
Maulik Pateld3142702022-06-22 10:09:13 +0100[diff] [blame]172 status = collect_shared_measurements();
173#endif
174
Sherry Zhang52ee8922023-09-06 16:11:32 +0800[diff] [blame]175 return status;
176}
Maulik Pateld3142702022-06-22 10:09:13 +0100[diff] [blame]177
Sherry Zhang52ee8922023-09-06 16:11:32 +0800[diff] [blame]178psa_status_t tfm_measured_boot_sfn(const psa_msg_t *msg)
179{
180 switch (msg->type) {
181 case TFM_MEASURED_BOOT_READ:
182 return read_measurements(msg);
183 case TFM_MEASURED_BOOT_EXTEND:
184 return extend_measurement(msg);
185 default:
186 /* Invalid message type */
187 return PSA_ERROR_NOT_SUPPORTED;
Maulik Pateld3142702022-06-22 10:09:13 +0100[diff] [blame]188 }
189}