feat(rmm): move attestation data to REC auxiliary granule
This patch moves attestation data from REC to
'rec_attest_data' structure in auxiliary granule.
In 'handle_rsi_attest_token_init' function
initialisation of variables which depend on 'rec'
parameter is moved after
assert(rec != NULL);
to prevent accessing 'rec' in case of NULL pointer.
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Change-Id: Ia182d66bfb19a2baea5a9d2039dbbf6523e72bdd
diff --git a/runtime/rsi/realm_attest.c b/runtime/rsi/realm_attest.c
index c83888c..b6f39c6 100644
--- a/runtime/rsi/realm_attest.c
+++ b/runtime/rsi/realm_attest.c
@@ -36,8 +36,10 @@
*/
static void save_input_parameters(struct rec *rec)
{
- rec->token_sign_ctx.token_ipa = rec->regs[1];
- (void)memcpy(rec->token_sign_ctx.challenge, &rec->regs[2],
+ struct rec_attest_data *attest_data = rec->aux_data.attest_data;
+
+ attest_data->token_sign_ctx.token_ipa = rec->regs[1];
+ (void)memcpy(attest_data->token_sign_ctx.challenge, &rec->regs[2],
ATTEST_CHALLENGE_SIZE);
}
@@ -47,21 +49,24 @@
*/
static bool verify_input_parameters_consistency(struct rec *rec)
{
- return rec->token_sign_ctx.token_ipa == rec->regs[1];
+ struct rec_attest_data *attest_data = rec->aux_data.attest_data;
+
+ return attest_data->token_sign_ctx.token_ipa == rec->regs[1];
}
/*
* Function to continue with the sign operation
*/
-static void attest_token_continue_sign_state(struct rec *rec,
- struct rsi_result *res)
+static void attest_token_continue_sign_state(
+ struct rec_attest_data *attest_data,
+ struct rsi_result *res)
{
/*
* Sign and finish creating the token.
*/
enum attest_token_err_t ret =
- attest_realm_token_sign(&(rec->token_sign_ctx.ctx),
- &(rec->rmm_realm_token_len));
+ attest_realm_token_sign(&(attest_data->token_sign_ctx.ctx),
+ &(attest_data->rmm_realm_token_len));
if ((ret == ATTEST_TOKEN_ERR_COSE_SIGN_IN_PROGRESS) ||
(ret == ATTEST_TOKEN_ERR_SUCCESS)) {
@@ -74,7 +79,7 @@
/* If this was the last signing cycle */
if (ret == ATTEST_TOKEN_ERR_SUCCESS) {
- rec->token_sign_ctx.state =
+ attest_data->token_sign_ctx.state =
ATTEST_SIGN_TOKEN_WRITE_IN_PROGRESS;
}
} else {
@@ -96,6 +101,7 @@
enum s2_walk_status walk_status;
struct s2_walk_result walk_res = { 0UL };
size_t attest_token_len;
+ struct rec_attest_data *attest_data = rec->aux_data.attest_data;
/*
* Translate realm granule IPA to PA. If returns with
@@ -126,9 +132,9 @@
realm_att_token = granule_map(gr, SLOT_RSI_CALL);
attest_token_len = attest_cca_token_create(realm_att_token,
- ATTEST_TOKEN_BUFFER_SIZE,
- (void *)rec->rmm_realm_token_buf,
- rec->rmm_realm_token_len);
+ ATTEST_TOKEN_BUFFER_SIZE,
+ &attest_data->rmm_realm_token_buf,
+ attest_data->rmm_realm_token_len);
/* Unmap realm granule */
buffer_unmap(realm_att_token);
@@ -145,19 +151,23 @@
}
/* The signing has either succeeded or failed. Reset the state. */
- rec->token_sign_ctx.state = ATTEST_SIGN_NOT_STARTED;
+ attest_data->token_sign_ctx.state = ATTEST_SIGN_NOT_STARTED;
}
void handle_rsi_attest_token_init(struct rec *rec, struct rsi_result *res)
{
struct rd *rd = NULL;
- unsigned long realm_buf_ipa = rec->regs[1];
+ unsigned long realm_buf_ipa;
+ struct rec_attest_data *attest_data;
void *rpv_ptr;
size_t rpv_len;
int att_ret;
assert(rec != NULL);
+ realm_buf_ipa = rec->regs[1];
+ attest_data = rec->aux_data.attest_data;
+
res->action = UPDATE_REC_RETURN_TO_REALM;
/*
@@ -165,10 +175,10 @@
* operation.
* TODO: This can be moved to attestation lib
*/
- if (rec->token_sign_ctx.state != ATTEST_SIGN_NOT_STARTED) {
+ if (attest_data->token_sign_ctx.state != ATTEST_SIGN_NOT_STARTED) {
int restart;
- rec->token_sign_ctx.state = ATTEST_SIGN_NOT_STARTED;
+ attest_data->token_sign_ctx.state = ATTEST_SIGN_NOT_STARTED;
restart = attestation_heap_reinit_pe(rec->aux_data.attest_heap_buf,
REC_HEAP_SIZE);
if (restart != 0) {
@@ -204,15 +214,15 @@
MEASUREMENT_SLOT_NR,
rpv_ptr,
rpv_len,
- &rec->token_sign_ctx,
- rec->rmm_realm_token_buf,
- sizeof(rec->rmm_realm_token_buf));
+ &attest_data->token_sign_ctx,
+ attest_data->rmm_realm_token_buf,
+ sizeof(attest_data->rmm_realm_token_buf));
if (att_ret != 0) {
ERROR("FATAL_ERROR: Realm token creation failed\n");
panic();
}
- rec->token_sign_ctx.state = ATTEST_SIGN_IN_PROGRESS;
+ attest_data->token_sign_ctx.state = ATTEST_SIGN_IN_PROGRESS;
res->smc_res.x[0] = RSI_SUCCESS;
out_unmap_rd:
@@ -233,9 +243,12 @@
struct rmi_rec_exit *rec_exit,
struct rsi_result *res)
{
+ struct rec_attest_data *attest_data;
+
assert(rec != NULL);
assert(rec_exit != NULL);
+ attest_data = rec->aux_data.attest_data;
res->action = UPDATE_REC_RETURN_TO_REALM;
if (!verify_input_parameters_consistency(rec)) {
@@ -244,7 +257,7 @@
}
while (true) {
- switch (rec->token_sign_ctx.state) {
+ switch (attest_data->token_sign_ctx.state) {
case ATTEST_SIGN_NOT_STARTED:
/*
* Before this call the initial attestation token call
@@ -254,7 +267,7 @@
res->smc_res.x[0] = RSI_ERROR_STATE;
break;
case ATTEST_SIGN_IN_PROGRESS:
- attest_token_continue_sign_state(rec, res);
+ attest_token_continue_sign_state(attest_data, res);
break;
case ATTEST_SIGN_TOKEN_WRITE_IN_PROGRESS:
attest_token_continue_write_state(rec, res);