Use mbedtls from Crypto SP in SMMGW
Crypto SP provides hash calculation and signature verification API-s
that will be used by the uefi service in SMMGW SP.
Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Change-Id: I03e2862662734275221481784d82d8498c6f08af
diff --git a/deployments/smm-gateway/common/smm_gateway.c b/deployments/smm-gateway/common/smm_gateway.c
index 329c883..db089a0 100644
--- a/deployments/smm-gateway/common/smm_gateway.c
+++ b/deployments/smm-gateway/common/smm_gateway.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2021-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -18,6 +18,13 @@
#define SMM_GATEWAY_NV_STORE_SN "sn:ffa:751bf801-3dde-4768-a514-0f10aeed1790:0"
#endif
+#if defined(UEFI_AUTH_VAR)
+/* Default to using the Crypto SP */
+#ifndef SMM_GATEWAY_CRYPTO_SN
+#define SMM_GATEWAY_CRYPTO_SN "sn:ffa:d9df52d5-16a2-4bb2-9aa4-d26d3b84e8c0:0"
+#endif
+#endif
+
/* Default maximum number of UEFI variables */
#ifndef SMM_GATEWAY_MAX_UEFI_VARIABLES
#define SMM_GATEWAY_MAX_UEFI_VARIABLES (40)
@@ -31,9 +38,59 @@
struct mock_store volatile_store;
struct service_context *nv_storage_service_context;
struct rpc_caller_session *nv_storage_session;
+#if defined(UEFI_AUTH_VAR)
+ struct service_context *crypto_service_context;
+ struct rpc_caller_session *crypto_session;
+#endif
} smm_gateway_instance;
+#if defined(UEFI_AUTH_VAR)
+bool create_crypto_binding(void)
+{
+ psa_status_t psa_status = PSA_ERROR_GENERIC_ERROR;
+
+ smm_gateway_instance.crypto_service_context = NULL;
+ smm_gateway_instance.crypto_session = NULL;
+
+ smm_gateway_instance.crypto_service_context = service_locator_query(SMM_GATEWAY_CRYPTO_SN);
+ if (!smm_gateway_instance.crypto_service_context)
+ goto err;
+
+ smm_gateway_instance.crypto_session =
+ service_context_open(smm_gateway_instance.crypto_service_context);
+ if (!smm_gateway_instance.crypto_session)
+ goto err;
+
+ /* Initialize the crypto client */
+ psa_status = psa_crypto_client_init(smm_gateway_instance.crypto_session);
+ if (psa_status != PSA_SUCCESS)
+ goto err;
+
+ psa_status = psa_crypto_init();
+ if (psa_status != PSA_SUCCESS)
+ goto err;
+
+ return true;
+
+err:
+ if (smm_gateway_instance.crypto_session != NULL)
+ {
+ service_context_close(smm_gateway_instance.crypto_service_context, smm_gateway_instance.crypto_session);
+ smm_gateway_instance.crypto_session = NULL;
+ }
+
+ if (smm_gateway_instance.crypto_service_context != NULL)
+ {
+ service_context_relinquish(smm_gateway_instance.crypto_service_context);
+ smm_gateway_instance.crypto_service_context = NULL;
+ }
+
+ return false;
+}
+#else
+#define create_crypto_binding(a) (true)
+#endif
struct rpc_service_interface *smm_gateway_create(uint32_t owner_id)
{
@@ -73,5 +130,8 @@
persistent_backend,
volatile_backend);
+ if (!create_crypto_binding())
+ return NULL;
+
return service_iface;
}
diff --git a/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt b/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt
index 0ca4606..2e65b62 100644
--- a/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt
+++ b/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt
@@ -20,10 +20,26 @@
project(trusted-services LANGUAGES C ASM)
add_executable(smm-gateway)
target_include_directories(smm-gateway PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}")
+
+#-------------------------------------------------------------------------------
+# Options and variables
+#-------------------------------------------------------------------------------
+option(UEFI_AUTH_VAR "Enable variable authentication" ON)
+if (UEFI_AUTH_VAR)
+ target_compile_definitions(smm-gateway PRIVATE
+ -DUEFI_AUTH_VAR
+ )
+endif()
+
set(SP_BIN_UUID_CANON "ed32d533-99e6-4209-9cc0-2d72cdd998a7")
set(SP_FFA_UUID_CANON "${SP_BIN_UUID_CANON}")
+if (UEFI_AUTH_VAR)
+set(SP_HEAP_SIZE "64 * 1024" CACHE STRING "SP heap size in bytes")
+else()
set(SP_HEAP_SIZE "32 * 1024" CACHE STRING "SP heap size in bytes")
+endif()
+
set(TRACE_PREFIX "SMMGW" CACHE STRING "Trace prefix")
# Setting the MM communication buffer parameters
diff --git a/deployments/smm-gateway/config/default-sp/CMakeLists.txt b/deployments/smm-gateway/config/default-sp/CMakeLists.txt
index 95c5726..08ee1e7 100644
--- a/deployments/smm-gateway/config/default-sp/CMakeLists.txt
+++ b/deployments/smm-gateway/config/default-sp/CMakeLists.txt
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2021-2023, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -22,12 +22,28 @@
project(trusted-services LANGUAGES C ASM)
add_executable(smm-gateway)
target_include_directories(smm-gateway PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}")
+
+#-------------------------------------------------------------------------------
+# Options and variables
+#-------------------------------------------------------------------------------
+option(UEFI_AUTH_VAR "Enable variable authentication" ON)
+if (UEFI_AUTH_VAR)
+ target_compile_definitions(smm-gateway PRIVATE
+ -DUEFI_AUTH_VAR
+ )
+endif()
+
set(SP_NAME "smm-gateway")
set(SP_BIN_UUID_CANON "ed32d533-99e6-4209-9cc0-2d72cdd998a7")
set(SP_FFA_UUID_CANON "${SP_BIN_UUID_CANON}")
set(TRACE_PREFIX "SMMGW" CACHE STRING "Trace prefix")
set(SP_STACK_SIZE "64 * 1024" CACHE STRING "Stack size")
+
+if (UEFI_AUTH_VAR)
+set(SP_HEAP_SIZE "64 * 1024" CACHE STRING "Heap size")
+else()
set(SP_HEAP_SIZE "32 * 1024" CACHE STRING "Heap size")
+endif()
# Setting the MM communication buffer parameters
set(MM_COMM_BUFFER_ADDRESS "0x00000008 0x81000000" CACHE STRING "Address of MM communicte buffer in 64 bit DTS format")
diff --git a/deployments/smm-gateway/smm-gateway.cmake b/deployments/smm-gateway/smm-gateway.cmake
index 7921d59..e0bd773 100644
--- a/deployments/smm-gateway/smm-gateway.cmake
+++ b/deployments/smm-gateway/smm-gateway.cmake
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2021-2023, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -19,6 +19,16 @@
"protocols/rpc/common/packed-c"
)
+if (UEFI_AUTH_VAR)
+add_components(TARGET "smm-gateway"
+ BASE_DIR ${TS_ROOT}
+ COMPONENTS
+ "components/common/tlv"
+ "components/service/crypto/include"
+ "components/service/crypto/client/psa"
+)
+endif()
+
target_include_directories(smm-gateway PRIVATE
${TS_ROOT}
${TS_ROOT}/components
diff --git a/protocols/service/smm_variable/parameters.h b/protocols/service/smm_variable/parameters.h
index 233f301..d8918b4 100644
--- a/protocols/service/smm_variable/parameters.h
+++ b/protocols/service/smm_variable/parameters.h
@@ -7,6 +7,8 @@
#ifndef TS_SMM_VARIABLE_PARAMETERS_H
#define TS_SMM_VARIABLE_PARAMETERS_H
+#include <stddef.h>
+
#include "protocols/common/efi/efi_status.h"
#include "protocols/common/efi/efi_types.h"