Platform: Add implementation ID
Add a getter function to platform code, to retrieve
the implementation ID of the device. This is a mandatory claim
in the initial attestation token. It represents the original
implementation signer of the attestation key and identifies the
contract between the report and verification.
Change-Id: Iedf27b6f1a7cd7a7cb10ddfb5dc980444667b0d7
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
diff --git a/platform/ext/target/mps2/an519/dummy_device_id.c b/platform/ext/target/mps2/an519/dummy_device_id.c
index 9faf71d..be428f0 100644
--- a/platform/ext/target/mps2/an519/dummy_device_id.c
+++ b/platform/ext/target/mps2/an519/dummy_device_id.c
@@ -23,6 +23,12 @@
extern const uint8_t initial_attestation_raw_public_key_hash[];
extern const uint32_t initial_attestation_raw_public_key_hash_size;
+static const uint8_t implementation_id[] = {
+ 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+ 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB,
+ 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
+ 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
+};
/**
* \brief Copy the device specific ID to the destination buffer
@@ -68,3 +74,19 @@
return TFM_PLAT_ERR_SUCCESS;
}
+
+enum tfm_plat_err_t tfm_plat_get_implementation_id(uint32_t *size,
+ uint8_t *buf)
+{
+ const uint8_t *p_impl_id = implementation_id;
+ uint32_t impl_id_size = sizeof(implementation_id);
+
+ if (*size < impl_id_size) {
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+
+ copy_id(buf, p_impl_id, impl_id_size);
+ *size = impl_id_size;
+
+ return TFM_PLAT_ERR_SUCCESS;
+}
diff --git a/platform/ext/target/mps2/an521/dummy_device_id.c b/platform/ext/target/mps2/an521/dummy_device_id.c
index 9faf71d..be428f0 100644
--- a/platform/ext/target/mps2/an521/dummy_device_id.c
+++ b/platform/ext/target/mps2/an521/dummy_device_id.c
@@ -23,6 +23,12 @@
extern const uint8_t initial_attestation_raw_public_key_hash[];
extern const uint32_t initial_attestation_raw_public_key_hash_size;
+static const uint8_t implementation_id[] = {
+ 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+ 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB,
+ 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
+ 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
+};
/**
* \brief Copy the device specific ID to the destination buffer
@@ -68,3 +74,19 @@
return TFM_PLAT_ERR_SUCCESS;
}
+
+enum tfm_plat_err_t tfm_plat_get_implementation_id(uint32_t *size,
+ uint8_t *buf)
+{
+ const uint8_t *p_impl_id = implementation_id;
+ uint32_t impl_id_size = sizeof(implementation_id);
+
+ if (*size < impl_id_size) {
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+
+ copy_id(buf, p_impl_id, impl_id_size);
+ *size = impl_id_size;
+
+ return TFM_PLAT_ERR_SUCCESS;
+}
diff --git a/platform/ext/target/musca_a/dummy_device_id.c b/platform/ext/target/musca_a/dummy_device_id.c
index 9faf71d..be428f0 100644
--- a/platform/ext/target/musca_a/dummy_device_id.c
+++ b/platform/ext/target/musca_a/dummy_device_id.c
@@ -23,6 +23,12 @@
extern const uint8_t initial_attestation_raw_public_key_hash[];
extern const uint32_t initial_attestation_raw_public_key_hash_size;
+static const uint8_t implementation_id[] = {
+ 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+ 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB,
+ 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
+ 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
+};
/**
* \brief Copy the device specific ID to the destination buffer
@@ -68,3 +74,19 @@
return TFM_PLAT_ERR_SUCCESS;
}
+
+enum tfm_plat_err_t tfm_plat_get_implementation_id(uint32_t *size,
+ uint8_t *buf)
+{
+ const uint8_t *p_impl_id = implementation_id;
+ uint32_t impl_id_size = sizeof(implementation_id);
+
+ if (*size < impl_id_size) {
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+
+ copy_id(buf, p_impl_id, impl_id_size);
+ *size = impl_id_size;
+
+ return TFM_PLAT_ERR_SUCCESS;
+}
diff --git a/platform/ext/target/musca_b1/dummy_device_id.c b/platform/ext/target/musca_b1/dummy_device_id.c
index 9faf71d..be428f0 100644
--- a/platform/ext/target/musca_b1/dummy_device_id.c
+++ b/platform/ext/target/musca_b1/dummy_device_id.c
@@ -23,6 +23,12 @@
extern const uint8_t initial_attestation_raw_public_key_hash[];
extern const uint32_t initial_attestation_raw_public_key_hash_size;
+static const uint8_t implementation_id[] = {
+ 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+ 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB,
+ 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
+ 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
+};
/**
* \brief Copy the device specific ID to the destination buffer
@@ -68,3 +74,19 @@
return TFM_PLAT_ERR_SUCCESS;
}
+
+enum tfm_plat_err_t tfm_plat_get_implementation_id(uint32_t *size,
+ uint8_t *buf)
+{
+ const uint8_t *p_impl_id = implementation_id;
+ uint32_t impl_id_size = sizeof(implementation_id);
+
+ if (*size < impl_id_size) {
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+
+ copy_id(buf, p_impl_id, impl_id_size);
+ *size = impl_id_size;
+
+ return TFM_PLAT_ERR_SUCCESS;
+}
diff --git a/platform/include/tfm_plat_device_id.h b/platform/include/tfm_plat_device_id.h
index cbf8338..350505c 100644
--- a/platform/include/tfm_plat_device_id.h
+++ b/platform/include/tfm_plat_device_id.h
@@ -12,7 +12,8 @@
*
* The interfaces defined in this file are meant to provide the following
* attributes of the device:
- * - Instance ID: Unique identifier of the device.
+ * - Instance ID: Unique identifier of the device.
+ * - Implementation ID: Original implementation signer of the attestation key.
*/
/**
@@ -35,6 +36,13 @@
#define INSTANCE_ID_MAX_SIZE (33u)
/**
+ * \def IMPLEMENTATION_ID_MAX_SIZE
+ *
+ * \brief Maximum size of implementation ID in bytes
+ */
+#define IMPLEMENTATION_ID_MAX_SIZE (32u)
+
+/**
* \brief Get the UEID of the device.
*
* This mandatory claim represents the unique identifier of the instance.
@@ -53,6 +61,27 @@
*/
enum tfm_plat_err_t tfm_plat_get_instance_id(uint32_t *size, uint8_t *buf);
+/**
+ * \brief Get the Implementation ID of the device.
+ *
+ * This mandatory claim represents the original implementation signer of the
+ * attestation key and identifies the contract between the report and
+ * verification. A verification service will use this claim to locate the
+ * details of the verification process. The claim will be represented by a
+ * custom EAT claim with a value consisting of a CBOR byte string. The size of
+ * this string will normally be 32 bytes to accommodate a 256 bit hash.
+ *
+ * \param[in/out] size As an input value it indicates the size of the caller
+ * allocated buffer (in bytes) to store the implementation
+ * ID. At return its value is updated with the exact size
+ * of the implementation ID.
+ * \param[out] buf Pointer to the buffer to store the implementation ID
+ *
+ * \return Returns error code specified in \ref tfm_plat_err_t
+ */
+enum tfm_plat_err_t tfm_plat_get_implementation_id(uint32_t *size,
+ uint8_t *buf);
+
#ifdef __cplusplus
}
#endif