Blame - docs/reference/services/tfm_audit_integration_guide.rst - TF-M/trusted-firmware-m

blob: 248f0f9fb11d5cd9626a2965b73981132632c904 [file] [log] [blame]

Galanakis, Minos	41f8597	2019-09-30 15:56:40 +0100	[diff] [blame]	1	#######################################
				2	Audit Logging Service Integration Guide
				3	#######################################
Gyorgy Szing	db9783c	2019-04-17 21:08:48 +0200	[diff] [blame]	4
				5	************
				6	Introduction
				7	************
				8	TF-M Audit logging service allows secure services in the system to log critical
				9	system events and information that have security implications. This is required
				10	to post analyse the system behaviour, system events and triage system issues
				11	offline. This offers a mitigation against the repudiation threat.
				12
				13	The types of information that can be logged are the ID of the entity that
				14	originated a secure service request, or the relevant output or data
				15	associated to the authentication mechanism that the requesting service
				16	has performed on the entity that originated the request. The possible types of
				17	information that can be logged can be easily extended to accommodate various
				18	requirements from other secure services.
				19
				20	***************************
				21	Current service limitations
				22	***************************
				23
				24	- Policy manager - Currently, there is no policy manager implemented, which
				25	means that there are no restrictions on the entities which can add or remove
				26	items from the log. Also, the item replacement in the log is just replacing
				27	older elements first.
				28
				29	- Encryption - Support for encryption and authentication is not available
				30	yet.
				31
				32	- Permanent storage - Currently the Audit Logging service supports only a
				33	RAM based storage of the log, permanent storage is not supported yet.
				34
				35
				36	**************
				37	Code structure
				38	**************
				39	The PSA interfaces for the Audit logging service are located in
				40	``interface/include``.
				41
				42	The TF-M Audit logging service source files are located in
Ken Liu	738a4b0	2020-06-04 14:52:38 +0800	[diff] [blame]	43	``secure_fw/partitions/audit_logging``.
Gyorgy Szing	db9783c	2019-04-17 21:08:48 +0200	[diff] [blame]	44
				45	PSA interfaces
				46	==============
				47	The TF-M Audit logging service exposes the following PSA interfaces:
				48
				49	.. code-block:: c
				50
				51	enum psa_audit_err psa_audit_retrieve_record(const uint32_t record_index,
				52	const uint32_t buffer_size, const uint8_t *token, const uint32_t token_size,
				53	uint8_t buffer, uint32_t record_size);
				54
				55	enum psa_audit_err psa_audit_get_info(uint32_t *num_records, uint32_t
				56	*size);
				57
				58	enum psa_audit_err psa_audit_get_record_info(const uint32_t record_index,
				59	uint32_t *size);
				60
				61	enum psa_audit_err psa_audit_delete_record(const uint32_t record_index,
				62	const uint8_t *token, const uint32_t token_size);
				63
				64	The TF-M Audit logging service exposes an additional PSA interface which can
				65	only be called from secure services:
				66
				67	.. code-block:: c
				68
				69	enum psa_audit_err psa_audit_add_record(const struct psa_audit_record
				70	*record);
				71
				72	Service source files
				73	====================
				74
				75	- ``audit_core.c`` : This file implements core functionalities such as log
				76	management, record addition and deletion and extraction of record information.
				77	- ``audit_wrappers.c`` : This file implements TF-M compatible wrappers in case
				78	they are needed by the functions exported by the core.
				79
Galanakis, Minos	f56baf6	2019-11-11 13:57:42 +0000	[diff] [blame]	80	*********************************
				81	Audit logging service integration
				82	*********************************
Gyorgy Szing	db9783c	2019-04-17 21:08:48 +0200	[diff] [blame]	83	In this section, a brief description of each field of a log record is given,
				84	with an example on how to perform a logging request from a secure service.
				85	The secure service that requests the addition of a record to the log has to
				86	provide data as described by the ``psa_audit_record`` type, defined in
				87	``interface\include\psa_audit_defs.h``:
				88
				89	.. code-block:: c
				90
				91	/*!
				92	* \struct psa_audit_record
				93	*
				94	* \brief This structure contains the record that is added to the audit log
				95	* by the requesting secure service
				96	*/
				97	struct psa_audit_record {
				98	uint32_t size; /!< Size in bytes of the id and payload fields /
				99	uint32_t id; /!< ID of the record /
				100	uint8_t payload[]; /!< Flexible array member for payload /
				101	};
				102
				103	Each field is described as follows:
				104
				105	- ``size`` - This is the size, in bytes, of the ``id`` and ``payload[]`` fields
				106	that follow. Given that the ``payload[]`` field is optional, in the current
				107	implementation the minimum value to be provided in ``size`` is 4 bytes;
				108	- ``id`` - This field is meant to be used to store an ID of the log record from
				109	the requesting service
				110	- ``payload[]`` - The payload is an optional content which can be made
				111	of one or more Type-Length-Value entries as described by the following type:
				112
				113	.. code-block:: c
				114
				115	/*!
				116	* \struct audit_tlv_entry
				117	*
				118	* \brief TLV entry structure with a flexible
				119	* array member
				120	*/
				121	struct audit_tlv_entry {
				122	enum audit_tlv_type type;
				123	uint32_t length;
				124	uint8_t value[];
				125	};
				126
				127	The possible TLV types described by ``enum audit_tlv_type`` can be extended by
				128	system integrators modifying ``audit_core.h`` as needed. A logging request is
				129	performed by a secure service which calls the
				130	Secure-only API function ``psa_audit_add_record()``.
				131
				132	--------------
				133
				134	Copyright (c) 2018-2019, Arm Limited. All rights reserved.