| Raef Coles | abfe81a | 2020-07-10 09:52:34 +0100 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (c) 2018-2020, Arm Limited. All rights reserved. |
| 3 | * |
| 4 | * SPDX-License-Identifier: BSD-3-Clause |
| 5 | * |
| 6 | */ |
| 7 | |
| 8 | #ifndef __TFM_BOOT_STATUS_H__ |
| 9 | #define __TFM_BOOT_STATUS_H__ |
| 10 | |
| 11 | #include <stdint.h> |
| 12 | #include <stddef.h> |
| 13 | |
| 14 | |
| 15 | #ifdef __cplusplus |
| 16 | extern "C" { |
| 17 | #endif |
| 18 | |
| 19 | /* Major numbers (4 bit) to identify |
| 20 | * the consumer of shared data in runtime SW |
| 21 | */ |
| 22 | #define TLV_MAJOR_CORE 0x0 |
| 23 | #define TLV_MAJOR_IAS 0x1 |
| 24 | |
| 25 | /** |
| 26 | * The shared data between boot loader and runtime SW is TLV encoded. The |
| 27 | * shared data is stored in a well known location in secure memory and this is |
| 28 | * a contract between boot loader and runtime SW. |
| 29 | * |
| 30 | * The structure of shared data must be the following: |
| 31 | * - At the beginning there must be a header: struct shared_data_tlv_header |
| 32 | * This contains a magic number and a size field which covers the entire |
| 33 | * size of the shared data area including this header. |
| 34 | * - After the header there come the entries which are composed from an entry |
| 35 | * header structure: struct shared_data_tlv_entry and the data. In the entry |
| 36 | * header is a type field (tly_type) which identify the consumer of the |
| 37 | * entry in the runtime SW and specify the subtype of that data item. There |
| 38 | * is a size field (tlv_len) which covers the size of the entry header and |
| 39 | * the data. After this structure comes the actual data. |
| 40 | * - Arbitrary number and size of data entry can be in the shared memory area. |
| 41 | * |
| 42 | * This table gives of overview about the tlv_type field in the entry header. |
| 43 | * The tlv_type always composed from a major and minor number. Major number |
| 44 | * identifies the addressee in runtime SW, who should process the data entry. |
| 45 | * Minor number used to encode more info about the data entry. The actual |
| 46 | * definition of minor number could change per major number. In case of boot |
| 47 | * status data, which is going to be processed by initial attestation service |
| 48 | * the minor number is split further to two part: sw_module and claim. The |
| 49 | * sw_module identifies the SW component in the system which the data item |
| 50 | * belongs to and the claim part identifies the exact type of the data. |
| 51 | * |
| 52 | * |---------------------------------------| |
| 53 | * | tlv_type (16) | |
| 54 | * |---------------------------------------| |
| 55 | * | tlv_major(4)| tlv_minor(12) | |
| 56 | * |---------------------------------------| |
| 57 | * | MAJOR_IAS | sw_module(6) | claim(6) | |
| 58 | * |---------------------------------------| |
| 59 | * | MAJOR_CORE | TBD | |
| 60 | * |---------------------------------------| |
| 61 | */ |
| 62 | |
| 63 | /* Initial attestation: SW components / SW modules |
| 64 | * This list is intended to be adjusted per device. It contains more SW |
| 65 | * components than currently available in TF-M project. It serves as an example, |
| 66 | * what kind of SW components might be available. |
| 67 | */ |
| 68 | #define SW_GENERAL 0x00 |
| 69 | #define SW_BL2 0x01 |
| 70 | #define SW_PROT 0x02 |
| 71 | #define SW_AROT 0x03 |
| 72 | #define SW_SPE 0x04 |
| 73 | #define SW_NSPE 0x05 |
| 74 | #define SW_S_NS 0x06 |
| 75 | #define SW_MAX 0x07 |
| 76 | |
| 77 | /* Initial attestation: Claim per SW components / SW modules */ |
| 78 | /* Bits: 0-2 */ |
| 79 | #define SW_VERSION 0x00 |
| 80 | #define SW_SIGNER_ID 0x01 |
| 81 | /* Reserved 0x02 */ |
| 82 | #define SW_TYPE 0x03 |
| 83 | /* Bits: 3-5 */ |
| 84 | #define SW_MEASURE_VALUE 0x08 |
| 85 | #define SW_MEASURE_TYPE 0x09 |
| 86 | #define SW_BOOT_RECORD 0x3F |
| 87 | |
| 88 | /* Initial attestation: General claim does not belong any particular SW |
| 89 | * component. But they might be part of the boot status. |
| 90 | */ |
| 91 | #define BOOT_SEED 0x00 |
| 92 | #define HW_VERSION 0x01 |
| 93 | #define SECURITY_LIFECYCLE 0x02 |
| 94 | |
| 95 | /* Minor numbers (12 bit) to identify attestation service related data */ |
| 96 | #define TLV_MINOR_IAS_BOOT_SEED ((SW_GENERAL << 6) | BOOT_SEED) |
| 97 | #define TLV_MINOR_IAS_HW_VERSION ((SW_GENERAL << 6) | HW_VERSION) |
| 98 | #define TLV_MINOR_IAS_SLC ((SW_GENERAL << 6) | SECURITY_LIFECYCLE) |
| 99 | |
| 100 | /* Bootloader - It can be more stage */ |
| 101 | #define TLV_MINOR_IAS_BL2_MEASURE_VALUE ((SW_BL2 << 6) | SW_MEASURE_VALUE) |
| 102 | #define TLV_MINOR_IAS_BL2_MEASURE_TYPE ((SW_BL2 << 6) | SW_MEASURE_TYPE) |
| 103 | #define TLV_MINOR_IAS_BL2_VERSION ((SW_BL2 << 6) | SW_VERSION) |
| 104 | #define TLV_MINOR_IAS_BL2_SIGNER_ID ((SW_BL2 << 6) | SW_SIGNER_ID) |
| 105 | #define TLV_MINOR_IAS_BL2_TYPE ((SW_BL2 << 6) | SW_TYPE) |
| 106 | |
| 107 | /* PROT: PSA Root of Trust */ |
| 108 | #define TLV_MINOR_IAS_PROT_MEASURE_VALUE ((SW_PROT << 6) | SW_MEASURE_VALUE) |
| 109 | #define TLV_MINOR_IAS_PROT_MEASURE_TYPE ((SW_PROT << 6) | SW_MEASURE_TYPE) |
| 110 | #define TLV_MINOR_IAS_PROT_VERSION ((SW_PROT << 6) | SW_VERSION) |
| 111 | #define TLV_MINOR_IAS_PROT_SIGNER_ID ((SW_PROT << 6) | SW_SIGNER_ID) |
| 112 | #define TLV_MINOR_IAS_PROT_TYPE ((SW_PROT << 6) | SW_TYPE) |
| 113 | |
| 114 | /* AROT: Application Root of Trust */ |
| 115 | #define TLV_MINOR_IAS_AROT_MEASURE_VALUE ((SW_AROT << 6) | SW_MEASURE_VALUE) |
| 116 | #define TLV_MINOR_IAS_AROT_MEASURE_TYPE ((SW_AROT << 6) | SW_MEASURE_TYPE) |
| 117 | #define TLV_MINOR_IAS_AROT_VERSION ((SW_AROT << 6) | SW_VERSION) |
| 118 | #define TLV_MINOR_IAS_AROT_SIGNER_ID ((SW_AROT << 6) | SW_SIGNER_ID) |
| 119 | #define TLV_MINOR_IAS_AROT_TYPE ((SW_AROT << 6) | SW_TYPE) |
| 120 | |
| 121 | /* Non-secure processing environment - single non-secure image */ |
| 122 | #define TLV_MINOR_IAS_NSPE_MEASURE_VALUE ((SW_NSPE << 6) | SW_MEASURE_VALUE) |
| 123 | #define TLV_MINOR_IAS_NSPE_MEASURE_TYPE ((SW_NSPE << 6) | SW_MEASURE_TYPE) |
| 124 | #define TLV_MINOR_IAS_NSPE_VERSION ((SW_NSPE << 6) | SW_VERSION) |
| 125 | #define TLV_MINOR_IAS_NSPE_SIGNER_ID ((SW_NSPE << 6) | SW_SIGNER_ID) |
| 126 | #define TLV_MINOR_IAS_NSPE_TYPE ((SW_NSPE << 6) | SW_TYPE) |
| 127 | |
| 128 | /* Secure processing environment (ARoT + PRoT) - single secure image */ |
| 129 | #define TLV_MINOR_IAS_SPE_MEASURE_VALUE ((SW_SPE << 6) | SW_MEASURE_VALUE) |
| 130 | #define TLV_MINOR_IAS_SPE_MEASURE_TYPE ((SW_SPE << 6) | SW_MEASURE_TYPE) |
| 131 | #define TLV_MINOR_IAS_SPE_VERSION ((SW_SPE << 6) | SW_VERSION) |
| 132 | #define TLV_MINOR_IAS_SPE_SIGNER_ID ((SW_SPE << 6) | SW_SIGNER_ID) |
| 133 | #define TLV_MINOR_IAS_SPE_TYPE ((SW_SPE << 6) | SW_TYPE) |
| 134 | |
| 135 | /* SPE + NSPE - combined secure and non-secure image */ |
| 136 | #define TLV_MINOR_IAS_S_NS_MEASURE_VALUE ((SW_S_NS << 6) | SW_MEASURE_VALUE) |
| 137 | #define TLV_MINOR_IAS_S_NS_MEASURE_TYPE ((SW_S_NS << 6) | SW_MEASURE_TYPE) |
| 138 | #define TLV_MINOR_IAS_S_NS_VERSION ((SW_S_NS << 6) | SW_VERSION) |
| 139 | #define TLV_MINOR_IAS_S_NS_SIGNER_ID ((SW_S_NS << 6) | SW_SIGNER_ID) |
| 140 | #define TLV_MINOR_IAS_S_NS_TYPE ((SW_S_NS << 6) | SW_TYPE) |
| 141 | |
| 142 | /* General macros to handle TLV type */ |
| 143 | #define MAJOR_MASK 0xF /* 4 bit */ |
| 144 | #define MAJOR_POS 12 /* 12 bit */ |
| 145 | #define MINOR_MASK 0xFFF /* 12 bit */ |
| 146 | |
| 147 | #define SET_TLV_TYPE(major, minor) \ |
| 148 | ((((major) & MAJOR_MASK) << MAJOR_POS) | ((minor) & MINOR_MASK)) |
| 149 | #define GET_MAJOR(tlv_type) ((tlv_type) >> MAJOR_POS) |
| 150 | #define GET_MINOR(tlv_type) ((tlv_type) & MINOR_MASK) |
| 151 | |
| 152 | /* Initial attestation specific macros */ |
| 153 | #define MODULE_POS 6 /* 6 bit */ |
| 154 | #define CLAIM_MASK 0x3F /* 6 bit */ |
| 155 | #define MEASUREMENT_CLAIM_POS 3 /* 3 bit */ |
| 156 | |
| 157 | #define GET_IAS_MODULE(tlv_type) (GET_MINOR(tlv_type) >> MODULE_POS) |
| 158 | #define GET_IAS_CLAIM(tlv_type) (GET_MINOR(tlv_type) & CLAIM_MASK) |
| 159 | #define SET_IAS_MINOR(sw_module, claim) (((sw_module) << 6) | (claim)) |
| 160 | |
| 161 | #define GET_IAS_MEASUREMENT_CLAIM(ias_claim) ((ias_claim) >> \ |
| 162 | MEASUREMENT_CLAIM_POS) |
| 163 | |
| 164 | /* Magic value which marks the beginning of shared data area in memory */ |
| 165 | #define SHARED_DATA_TLV_INFO_MAGIC 0x2016 |
| 166 | |
| 167 | /** |
| 168 | * Shared data TLV header. All fields in little endian. |
| 169 | * |
| 170 | * ----------------------------------- |
| 171 | * | tlv_magic(16) | tlv_tot_len(16) | |
| 172 | * ----------------------------------- |
| 173 | */ |
| 174 | struct shared_data_tlv_header { |
| 175 | uint16_t tlv_magic; |
| 176 | uint16_t tlv_tot_len; /* size of whole TLV area (including this header) */ |
| 177 | }; |
| 178 | |
| 179 | #define SHARED_DATA_HEADER_SIZE sizeof(struct shared_data_tlv_header) |
| 180 | |
| 181 | /** |
| 182 | * Shared data TLV entry header format. All fields in little endian. |
| 183 | * |
| 184 | * ------------------------------- |
| 185 | * | tlv_type(16) | tlv_len(16) | |
| 186 | * ------------------------------- |
| 187 | * | Raw data | |
| 188 | * ------------------------------- |
| 189 | */ |
| 190 | struct shared_data_tlv_entry { |
| 191 | uint16_t tlv_type; |
| 192 | uint16_t tlv_len; /* size of single TLV entry (including this header). */ |
| 193 | }; |
| 194 | |
| 195 | /** |
| 196 | * \struct tfm_boot_data |
| 197 | * |
| 198 | * \brief Store the data for the runtime SW |
| 199 | */ |
| 200 | struct tfm_boot_data { |
| 201 | struct shared_data_tlv_header header; |
| 202 | uint8_t data[]; |
| 203 | }; |
| 204 | |
| 205 | #define SHARED_DATA_ENTRY_HEADER_SIZE sizeof(struct shared_data_tlv_entry) |
| 206 | #define SHARED_DATA_ENTRY_SIZE(size) (size + SHARED_DATA_ENTRY_HEADER_SIZE) |
| 207 | |
| 208 | #ifdef __cplusplus |
| 209 | } |
| 210 | #endif |
| 211 | |
| 212 | #endif /* __TFM_BOOT_STATUS_H__ */ |