Boot: Clear RAM before starting secure firmware
Clearing RAM to not leak accidentally any sensitive
information to software components running after boot.
This change also addressing the conformance with
the R30_TBFU_EXEC rule in PSA-TBFU spec (version 1.0.beta.1).
Change-Id: I173ecee9f2c163d385d74c2f14887ed655df7cd5
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
diff --git a/bl2/ext/mcuboot/CMakeLists.txt b/bl2/ext/mcuboot/CMakeLists.txt
index 80f0610..684de64 100644
--- a/bl2/ext/mcuboot/CMakeLists.txt
+++ b/bl2/ext/mcuboot/CMakeLists.txt
@@ -47,6 +47,7 @@
set(BUILD_UART_STDOUT On)
set(BUILD_FLASH On)
set(BUILD_PLAT_TEST Off)
+set(BUILD_BOOT_HAL On)
if (MCUBOOT_HW_KEY)
set(BUILD_TARGET_HARDWARE_KEYS On)
diff --git a/bl2/ext/mcuboot/bl2_main.c b/bl2/ext/mcuboot/bl2_main.c
index 7a8a451..f86c4c2 100644
--- a/bl2/ext/mcuboot/bl2_main.c
+++ b/bl2/ext/mcuboot/bl2_main.c
@@ -29,6 +29,7 @@
#include "flash_map/flash_map.h"
#include "bl2/include/boot_record.h"
#include "security_cnt.h"
+#include "bl2/include/boot_hal.h"
/* Avoids the semihosting issue */
#if defined (__ARMCC_VERSION) && (__ARMCC_VERSION >= 6010050)
@@ -56,6 +57,41 @@
uint32_t reset;
};
+/*!
+ * \brief Chain-loading the next image in the boot sequence.
+ *
+ * This function calls the Reset_Handler of the next image in the boot sequence,
+ * usually it is the secure firmware. Before passing the execution to next image
+ * there is conditional rule to remove the secrets from the memory. This must be
+ * done if the following conditions are satisfied:
+ * - Memory is shared between SW components at different stages of the trusted
+ * boot process.
+ * - There are secrets in the memory: KDF parameter, symmetric key,
+ * manufacturer sensitive code/data, etc.
+ */
+__attribute__((naked)) void boot_jump_to_next_image(uint32_t reset_handler_addr)
+{
+ __ASM volatile(
+ ".syntax unified \n"
+ "mov r7, r0 \n"
+ "bl boot_clear_bl2_ram_area \n" /* Clear RAM before jump */
+ "movs r0, #0 \n" /* Clear registers: R0-R12, */
+ "mov r1, r0 \n" /* except R7 */
+ "mov r2, r0 \n"
+ "mov r3, r0 \n"
+ "mov r4, r0 \n"
+ "mov r5, r0 \n"
+ "mov r6, r0 \n"
+ "mov r8, r0 \n"
+ "mov r9, r0 \n"
+ "mov r10, r0 \n"
+ "mov r11, r0 \n"
+ "mov r12, r0 \n"
+ "mov lr, r0 \n"
+ "bx r7 \n" /* Jump to Reset_handler */
+ );
+}
+
static void do_boot(struct boot_rsp *rsp)
{
/* Clang at O0, stores variables on the stack with SP relative addressing.
@@ -107,7 +143,7 @@
__DSB();
__ISB();
- ((void (*)(void))vt->reset)();
+ boot_jump_to_next_image(vt->reset);
}
int main(void)
diff --git a/bl2/include/boot_hal.h b/bl2/include/boot_hal.h
new file mode 100644
index 0000000..133c789
--- /dev/null
+++ b/bl2/include/boot_hal.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2019, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __BOOT_HAL_H__
+#define __BOOT_HAL_H__
+
+/* Include header section */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * \brief It clears that part of the RAM which was used by MCUBoot, expect the
+ * TFM_SHARED_DATA area, which is used to pass data to the TF-M runtime.
+ *
+ * \note This function must be implemented per target platform by system
+ * integrator. If the bootloader has not loaded any secret to the shared
+ * RAM then this function can immediately return to shorten the boot-up
+ * time. Clearing RAM area can be done several way, it is platform
+ * dependent:
+ * - Overwritten with a pre-defined constant value (i.e.: 0).
+ * - Overwritten with a random value.
+ * - Change the secret if its location is known.
+ * - Set a register which can hide some part of the flash/RAM against
+ * next stage software components.
+ * - Etc.
+ */
+void boot_clear_bl2_ram_area(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __BOOT_HAL_H__ */