Boot: Add measured boot record TLV to shared area
This patch provides an alternative implementation of the
boot_save_boot_status() function which can read the already CBOR encoded
measured boot record from the image manifest and writes it to the shared
data area (between the bootloader and runtime SW) instead of copying the
individual (not encoded) claims separately.
Add new ATTEST_BOOT_INTERFACE variable to the build system to be able to
switch between the two behaviours.
Change-Id: I9ee66a5174cb5b851a79262decd35192cae7cc27
Signed-off-by: David Vincze <david.vincze@arm.com>
diff --git a/bl2/ext/mcuboot/CMakeLists.txt b/bl2/ext/mcuboot/CMakeLists.txt
index 684de64..bf29f18 100644
--- a/bl2/ext/mcuboot/CMakeLists.txt
+++ b/bl2/ext/mcuboot/CMakeLists.txt
@@ -180,6 +180,12 @@
target_compile_definitions(${PROJECT_NAME} PRIVATE MCUBOOT_HW_KEY)
endif()
+if (ATTEST_BOOT_INTERFACE STREQUAL "INDIVIDUAL_CLAIMS")
+ target_compile_definitions(${PROJECT_NAME} PRIVATE MCUBOOT_INDIVIDUAL_CLAIMS)
+ message(WARNING "ATTEST_BOOT_INTERFACE was set to ${ATTEST_BOOT_INTERFACE}. This configuration is "
+ "deprecated and this feature will probably be removed from MCUBoot in the future.")
+endif()
+
#Set install location. Keep original value to avoid overriding command line settings.
if(CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT)
set(CMAKE_INSTALL_PREFIX "${CMAKE_BINARY_DIR}/install" CACHE PATH "Default install location for MCUBoot." FORCE)
diff --git a/bl2/ext/mcuboot/bootutil/include/bootutil/image.h b/bl2/ext/mcuboot/bootutil/include/bootutil/image.h
index 596f0f8..bb2e9b8 100644
--- a/bl2/ext/mcuboot/bootutil/include/bootutil/image.h
+++ b/bl2/ext/mcuboot/bootutil/include/bootutil/image.h
@@ -71,6 +71,7 @@
#define IMAGE_TLV_RSA3072_PSS 0x23 /* RSA3072 of hash output */
#define IMAGE_TLV_DEPENDENCY 0x40 /* Image depends on other image */
#define IMAGE_TLV_SEC_CNT 0x50 /* security counter */
+#define IMAGE_TLV_BOOT_RECORD 0x60 /* measured boot record */
#define IMAGE_VER_MAJOR_LENGTH 8
#define IMAGE_VER_MINOR_LENGTH 8
diff --git a/bl2/ext/mcuboot/bootutil/src/image_validate.c b/bl2/ext/mcuboot/bootutil/src/image_validate.c
index 94a25d0..13892d8 100644
--- a/bl2/ext/mcuboot/bootutil/src/image_validate.c
+++ b/bl2/ext/mcuboot/bootutil/src/image_validate.c
@@ -73,9 +73,8 @@
/* Hash is computed over image header and image itself. */
size = hdr->ih_img_size + hdr->ih_hdr_size;
- /* If a security counter TLV and/or a dependency TLV(s) are present then the
- * TLV info header, the security counter TLV and/or the dependency TLV(s)
- * are also protected and must be included in the hash calculation.
+ /* If protected TLVs are present (e.g. security counter TLV) then the
+ * TLV info header and these TLVs must be included in the hash calculation.
*/
if (hdr->ih_protect_tlv_size != 0) {
size += hdr->ih_protect_tlv_size;