TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m.git / a9de4a6e9caecc6b1f9be038016686149eefa9f9^! / . / bl2 / include
commita9de4a6e9caecc6b1f9be038016686149eefa9f9[log] [tgz]
authorTamas Ban <tamas.ban@arm.com>Tue Sep 18 08:09:45 2018 +0100
committerTamas Ban <tamas.ban@arm.com>Wed Dec 05 16:04:49 2018 +0100
tree435770d6bf3ac2f65aef1328f7f9d2d97aee5980
parent361e5a837f3ceffa40ec4b4217eec032ffe215e3 [diff]
Boot: Save boot status to shared data area

Details:
 - PSA requirement: Attestation service must include
   the measured boot status to attestation token. Secure
   bootloader measuring the runtime SW (calculatinig its hash)
   ans shares the measurements with runtime SW through a shared
   memory area.
 - add new functions to save the boot status in TLV
   encoded format to the shared data area
 - save combined (S+NS) image hash to boot status

Change-Id: I4f7b4f134294aea75fe5bce10cd98c74614c32e8
Signed-off-by: Tamas Ban <tamas.ban@arm.com>

diff --git a/bl2/include/boot_record.h b/bl2/include/boot_record.h
new file mode 100644
index 0000000..ab71a48
--- /dev/null
+++ b/bl2/include/boot_record.h

@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2018, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __BOOT_RECORD_H__
+#define __BOOT_RECORD_H__
+
+#include <stdint.h>
+#include <stddef.h>
+#include <limits.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*!
+ * \enum shared_data_err_t
+ *
+ * \brief Return values for adding data entry to shared memory area
+ */
+enum shared_memory_err_t {
+    SHARED_MEMORY_OK = 0,
+    SHARED_MEMORY_OVERFLOW = 1,
+    SHARED_MEMORY_OVERWRITE = 2,
+
+    /* This is used to force the maximum size */
+    TLV_TYPE_MAX = INT_MAX
+};
+
+/*!
+ * \brief Add a data item to the shared data area between bootloader and
+ *        runtime SW
+ *
+ * \param[in] major_type  TLV major type, identify consumer
+ * \param[in] minor_type  TLV minor type, identify TLV type
+ * \param[in] size        length of added data
+ * \param[in] data        pointer to data
+ *
+ * \return Returns error code as specified in \ref shared_memory_err_t
+ */
+enum shared_memory_err_t
+boot_add_data_to_shared_area(uint8_t        major_type,
+                             uint8_t        minor_type,
+                             size_t         size,
+                             const uint8_t *data);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __BOOT_RECORD_H__ */

diff --git a/bl2/include/tfm_boot_status.h b/bl2/include/tfm_boot_status.h
new file mode 100644
index 0000000..30a7b1c
--- /dev/null
+++ b/bl2/include/tfm_boot_status.h

@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2018, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __TFM_BOOT_STATUS_H__
+#define __TFM_BOOT_STATUS_H__
+
+#include <stdint.h>
+#include <stddef.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Major numbers to identify the consumer of shared data in runtime SW */
+#define TLV_MAJOR_CORE  0x0
+#define TLV_MAJOR_IAS   0x1
+
+/* PSA Root of Trust */
+#define TLV_MINOR_IAS_PRoT_SHA256     0x00
+#define TLV_MINOR_IAS_PRoT_SW_VERSION 0x01
+#define TLV_MINOR_IAS_PRoT_EPOCH      0x02
+
+/* Application Root of Trust */
+#define TLV_MINOR_IAS_ARoT_SHA256     0x03
+#define TLV_MINOR_IAS_ARoT_SW_VERSION 0x04
+#define TLV_MINOR_IAS_ARoT_EPOCH      0x05
+
+/* Non-secure processing environment: single non-secure image */
+#define TLV_MINOR_IAS_NSPE_SHA256     0x06
+#define TLV_MINOR_IAS_NSPE_SW_VERSION 0x07
+#define TLV_MINOR_IAS_NSPE_EPOCH      0x08
+
+/* ARoT + PRoT:  single secure image */
+#define TLV_MINOR_IAS_S_SHA256        0x09
+#define TLV_MINOR_IAS_S_SW_VERSION    0x0a
+#define TLV_MINOR_IAS_S_EPOCH         0x0b
+
+/* S + NS: combined secure and non-secure image */
+#define TLV_MINOR_IAS_S_NS_SHA256     0x0c
+#define TLV_MINOR_IAS_S_NS_SW_VERSION 0x0d
+#define TLV_MINOR_IAS_S_NS_EPOCH      0x0e
+
+#define SHARED_DATA_TLV_INFO_MAGIC    0x2016
+
+/**
+ * Shared data TLV header.  All fields in little endian.
+ *
+ *    ---------------------------
+ *    | tlv_magic | tlv_tot_len |
+ *    ---------------------------
+ */
+struct shared_data_tlv_header {
+    uint16_t tlv_magic;
+    uint16_t tlv_tot_len; /* size of whole TLV area (including this header) */
+};
+
+#define SHARED_DATA_HEADER_SIZE sizeof(struct shared_data_tlv_header)
+
+/**
+ * Shared data TLV entry header format. All fields in little endian.
+ *
+ *    ---------------------------------------------
+ *    | tlv_major_type | tlv_minor_type | tlv_len |
+ *    ---------------------------------------------
+ *    |                    Raw data               |
+ *    ---------------------------------------------
+ */
+struct shared_data_tlv_entry {
+    uint8_t  tlv_major_type;
+    uint8_t  tlv_minor_type;
+    uint16_t tlv_len; /* size of single TLV entry (including this header). */
+};
+
+#define SHARED_DATA_ENTRY_HEADER_SIZE sizeof(struct shared_data_tlv_entry)
+#define SHARED_DATA_ENTRY_SIZE(size) (size + SHARED_DATA_ENTRY_HEADER_SIZE)
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __TFM_BOOT_STATUS_H__ */