TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TS / trusted-services / 4f9d8e339c0d5eef75e57cae992fb32d2d6e8876 / . / deployments / attestation / env / commonsp / attestation_sp.c
blob: 266f3fb02a292ad475db6c5b9019f003f0fcec44 [file] [log] [blame]
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]1/*
Imre Kis9757f6b2022-07-26 17:19:46 +0200[diff] [blame]2 * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]7#include "rpc/ffarpc/endpoint/ffarpc_call_ep.h"
8#include "protocols/rpc/common/packed-c/status.h"
9#include "config/ramstore/config_ramstore.h"
10#include "config/loader/sp/sp_config_loader.h"
11#include "service/attestation/provider/attest_provider.h"
12#include "service/attestation/provider/serializer/packed-c/packedc_attest_provider_serializer.h"
13#include "service/attestation/claims/claims_register.h"
14#include "service/attestation/claims/sources/event_log/event_log_claim_source.h"
15#include "service/attestation/claims/sources/boot_seed_generator/boot_seed_generator.h"
16#include "service/attestation/claims/sources/null_lifecycle/null_lifecycle_claim_source.h"
17#include "service/attestation/claims/sources/instance_id/instance_id_claim_source.h"
18#include "service/attestation/claims/sources/implementation_id/implementation_id_claim_source.h"
19#include "service/attestation/key_mngr/local/local_attest_key_mngr.h"
20#include "service/crypto/client/psa/psa_crypto_client.h"
21#include "service_locator.h"
22#include "psa/crypto.h"
23#include "sp_api.h"
24#include "sp_discovery.h"
25#include "sp_rxtx.h"
26#include "trace.h"
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]27
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]28static bool sp_init(uint16_t *own_sp_id);
29static bool locate_crypto_service(void);
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]30
Balint Dobszay4f9d8e32023-04-13 13:55:08 +0200[diff] [blame^]31void __noreturn sp_main(union ffa_boot_info *boot_info)
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]32{
33 /* Service provider objects */
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]34 struct attest_provider attest_provider = { 0 };
35 struct rpc_interface *attest_iface = NULL;
36 struct ffa_call_ep ffarpc_call_ep = { 0 };
37 struct sp_msg req_msg = { 0 };
38 struct sp_msg resp_msg = { 0 };
Imre Kisf6562652022-07-04 15:33:13 +0200[diff] [blame]39 uint16_t own_id = 0;
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]40 sp_result result = SP_RESULT_INTERNAL_ERROR;
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]41
42 /* Claim source objects */
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]43 struct claim_source *claim_source = NULL;
44 struct event_log_claim_source event_log_claim_source = { 0 };
45 struct boot_seed_generator boot_seed_claim_source = { 0 };
46 struct null_lifecycle_claim_source lifecycle_claim_source = { 0 };
47 struct instance_id_claim_source instance_id_claim_source = { 0 };
48 struct implementation_id_claim_source implementation_id_claim_source = { 0 };
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]49
50 /*********************************************************
51 * Boot phase
52 *********************************************************/
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]53 if (!sp_init(&own_id)) {
54 EMSG("Failed to init SP");
55 goto fatal_error;
56 }
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]57
58 config_ramstore_init();
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]59
Balint Dobszay4f9d8e32023-04-13 13:55:08 +0200[diff] [blame^]60 if (!sp_config_load(boot_info)) {
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]61 EMSG("Failed to load SP config");
62 goto fatal_error;
63 }
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]64
65 /**
Julian Hallc52807c2021-08-13 15:15:18 +0100[diff] [blame]66 * Locate crypto service endpoint and establish RPC session
Julian Hall6bab0212021-07-27 11:45:47 +0100[diff] [blame]67 */
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]68 if (!locate_crypto_service()) {
69 EMSG("Failed to locate crypto service");
70 goto fatal_error;
71 }
Julian Hall6bab0212021-07-27 11:45:47 +0100[diff] [blame]72
73 /**
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]74 * Register claim sources for deployment
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]75 */
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]76 claims_register_init();
77
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]78 /* Boot measurement claim source */
79 claim_source = event_log_claim_source_init_from_config(&event_log_claim_source);
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]80 if (!claim_source) {
81 EMSG("Failed to claim event log source from config");
82 goto fatal_error;
83 }
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]84 claims_register_add_claim_source(CLAIM_CATEGORY_BOOT_MEASUREMENT, claim_source);
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]85
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]86 /* Boot seed claim source */
87 claim_source = boot_seed_generator_init(&boot_seed_claim_source);
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]88 if (!claim_source) {
89 EMSG("Failed to initialize boot seed generator");
90 goto fatal_error;
91 }
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]92 claims_register_add_claim_source(CLAIM_CATEGORY_DEVICE, claim_source);
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]93
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]94 /* Lifecycle state claim source */
95 claim_source = null_lifecycle_claim_source_init(&lifecycle_claim_source);
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]96 if (!claim_source) {
97 EMSG("Failed to initialize lifecycle state claim source");
98 goto fatal_error;
99 }
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]100 claims_register_add_claim_source(CLAIM_CATEGORY_DEVICE, claim_source);
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]101
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]102 /* Instance ID claim source */
103 claim_source = instance_id_claim_source_init(&instance_id_claim_source);
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]104 if (!claim_source) {
105 EMSG("Failed to initialize instance ID claim source");
106 goto fatal_error;
107 }
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]108 claims_register_add_claim_source(CLAIM_CATEGORY_DEVICE, claim_source);
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]109
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]110 /* Implementation ID claim source */
Julian Hall3b2fc5c2021-08-12 15:56:07 +0100[diff] [blame]111 claim_source = implementation_id_claim_source_init(&implementation_id_claim_source,
112 "trustedfirmware.org.ts.attestation_sp");
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]113 if (!claim_source) {
114 EMSG("Failed to initialize implementation ID claim source");
115 goto fatal_error;
116 }
Julian Hall3b2fc5c2021-08-12 15:56:07 +0100[diff] [blame]117 claims_register_add_claim_source(CLAIM_CATEGORY_DEVICE, claim_source);
118
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]119 /**
120 * Initialize the service provider
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]121 */
Julian Hall644b57a2021-06-30 08:45:19 +0100[diff] [blame]122 local_attest_key_mngr_init(LOCAL_ATTEST_KEY_MNGR_VOLATILE_IAK);
123 attest_iface = attest_provider_init(&attest_provider);
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]124 if (!attest_iface) {
125 EMSG("Failed to initialize attestation provider");
126 goto fatal_error;
127 }
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]128
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]129 attest_provider_register_serializer(&attest_provider,
130 TS_RPC_ENCODING_PACKED_C, packedc_attest_provider_serializer_instance());
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]131
Imre Kisd92645c2022-06-28 17:26:53 +0200[diff] [blame]132 ffa_call_ep_init(&ffarpc_call_ep, attest_iface, own_id);
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]133
134 /*********************************************************
135 * End of boot phase
136 *********************************************************/
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]137 result = sp_msg_wait(&req_msg);
138 if (result != SP_RESULT_OK) {
139 EMSG("Failed to send message wait %d", result);
140 goto fatal_error;
141 }
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]142
143 while (1) {
Julian Hall22c47a92021-07-09 14:49:16 +0100[diff] [blame]144 ffa_call_ep_receive(&ffarpc_call_ep, &req_msg, &resp_msg);
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]145
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]146 result = sp_msg_send_direct_resp(&resp_msg, &req_msg);
147 if (result != SP_RESULT_OK) {
148 EMSG("Failed to send direct response %d", result);
149 result = sp_msg_wait(&req_msg);
150 if (result != SP_RESULT_OK) {
151 EMSG("Failed to send message wait %d", result);
152 goto fatal_error;
153 }
154 }
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]155 }
156
157fatal_error:
158 /* SP is not viable */
159 EMSG("Attestation SP error");
160 while (1) {}
161}
162
163void sp_interrupt_handler(uint32_t interrupt_id)
164{
165 (void)interrupt_id;
166}
167
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]168static bool sp_init(uint16_t *own_id)
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]169{
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]170 sp_result sp_res = SP_RESULT_INTERNAL_ERROR;
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]171 static uint8_t tx_buffer[4096] __aligned(4096);
172 static uint8_t rx_buffer[4096] __aligned(4096);
173
174 sp_res = sp_rxtx_buffer_map(tx_buffer, rx_buffer, sizeof(rx_buffer));
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]175 if (sp_res != SP_RESULT_OK) {
176 EMSG("Failed to map RXTX buffers: %d", sp_res);
177 return false;
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]178 }
179
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]180 sp_res = sp_discovery_own_id_get(own_id);
181 if (sp_res != SP_RESULT_OK) {
182 EMSG("Failed to query own ID: %d", sp_res);
183 return false;
184 }
185
186 return true;
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]187}
Julian Hallc52807c2021-08-13 15:15:18 +0100[diff] [blame]188
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]189bool locate_crypto_service(void)
Julian Hallc52807c2021-08-13 15:15:18 +0100[diff] [blame]190{
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]191 int status = 0;
192 struct rpc_caller *caller = NULL;
193 psa_status_t psa_status = PSA_ERROR_GENERIC_ERROR;
Julian Hallc52807c2021-08-13 15:15:18 +0100[diff] [blame]194
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]195 service_locator_init();
Julian Hallc52807c2021-08-13 15:15:18 +0100[diff] [blame]196
197 /* todo - add option to use configurable crypto service location */
198 struct service_context *crypto_service_context =
199 service_locator_query("sn:ffa:d9df52d5-16a2-4bb2-9aa4-d26d3b84e8c0:0", &status);
200
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]201 if (!crypto_service_context) {
202 EMSG("Service locator query failed: %d", status);
203 return false;
Julian Hallc52807c2021-08-13 15:15:18 +0100[diff] [blame]204 }
205
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]206 if (!service_context_open(crypto_service_context, TS_RPC_ENCODING_PACKED_C, &caller)) {
207 EMSG("Failed to open crypto service context");
208 return false;
209 }
210
211 psa_status = psa_crypto_client_init(caller);
212 if (psa_status != PSA_SUCCESS) {
213 EMSG("Failed to init PSA crypto client: %d", psa_status);
214 return false;
215 }
216
217 psa_status = psa_crypto_init();
218 if (psa_status != PSA_SUCCESS) {
219 EMSG("Failed to init PSA crypto: %d", psa_status);
220 return false;
221 }
222
223 return true;
Julian Hallc52807c2021-08-13 15:15:18 +0100[diff] [blame]224}