TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TS / trusted-services / ab7db21cfc94e8f2da05d17ba4f99a56fdff059c / . / deployments / attestation / env / commonsp / attestation_sp.c
blob: 0ed3f6503e1db766c251fee3c4255b7713d22c6a [file] [log] [blame]
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]1/*
Imre Kis9757f6b2022-07-26 17:19:46 +0200[diff] [blame]2 * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
Imre Kis0d5046d2023-07-04 18:00:02 +0200[diff] [blame]7#include "components/rpc/ts_rpc/endpoint/sp/ts_rpc_endpoint_sp.h"
8#include "components/rpc/ts_rpc/caller/sp/ts_rpc_caller_sp.h"
9#include "components/rpc/common/caller/rpc_caller_session.h"
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]10#include "protocols/rpc/common/packed-c/status.h"
11#include "config/ramstore/config_ramstore.h"
12#include "config/loader/sp/sp_config_loader.h"
13#include "service/attestation/provider/attest_provider.h"
14#include "service/attestation/provider/serializer/packed-c/packedc_attest_provider_serializer.h"
15#include "service/attestation/claims/claims_register.h"
16#include "service/attestation/claims/sources/event_log/event_log_claim_source.h"
17#include "service/attestation/claims/sources/boot_seed_generator/boot_seed_generator.h"
18#include "service/attestation/claims/sources/null_lifecycle/null_lifecycle_claim_source.h"
19#include "service/attestation/claims/sources/instance_id/instance_id_claim_source.h"
20#include "service/attestation/claims/sources/implementation_id/implementation_id_claim_source.h"
21#include "service/attestation/key_mngr/local/local_attest_key_mngr.h"
22#include "service/crypto/client/psa/psa_crypto_client.h"
23#include "service_locator.h"
24#include "psa/crypto.h"
25#include "sp_api.h"
26#include "sp_discovery.h"
27#include "sp_rxtx.h"
28#include "trace.h"
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]29
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]30static bool sp_init(uint16_t *own_sp_id);
31static bool locate_crypto_service(void);
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]32
Balint Dobszay4f9d8e32023-04-13 13:55:08 +0200[diff] [blame]33void __noreturn sp_main(union ffa_boot_info *boot_info)
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]34{
35 /* Service provider objects */
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]36 struct attest_provider attest_provider = { 0 };
Imre Kis0d5046d2023-07-04 18:00:02 +0200[diff] [blame]37 struct rpc_service_interface *attest_iface = NULL;
38 struct ts_rpc_endpoint_sp rpc_endpoint = { 0 };
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]39 struct sp_msg req_msg = { 0 };
40 struct sp_msg resp_msg = { 0 };
Imre Kisf6562652022-07-04 15:33:13 +0200[diff] [blame]41 uint16_t own_id = 0;
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]42 sp_result result = SP_RESULT_INTERNAL_ERROR;
Imre Kis0d5046d2023-07-04 18:00:02 +0200[diff] [blame]43 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]44
45 /* Claim source objects */
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]46 struct claim_source *claim_source = NULL;
47 struct event_log_claim_source event_log_claim_source = { 0 };
48 struct boot_seed_generator boot_seed_claim_source = { 0 };
49 struct null_lifecycle_claim_source lifecycle_claim_source = { 0 };
50 struct instance_id_claim_source instance_id_claim_source = { 0 };
51 struct implementation_id_claim_source implementation_id_claim_source = { 0 };
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]52
53 /*********************************************************
54 * Boot phase
55 *********************************************************/
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]56 if (!sp_init(&own_id)) {
57 EMSG("Failed to init SP");
58 goto fatal_error;
59 }
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]60
61 config_ramstore_init();
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]62
Balint Dobszay4f9d8e32023-04-13 13:55:08 +0200[diff] [blame]63 if (!sp_config_load(boot_info)) {
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]64 EMSG("Failed to load SP config");
65 goto fatal_error;
66 }
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]67
68 /**
Julian Hallc52807c2021-08-13 15:15:18 +0100[diff] [blame]69 * Locate crypto service endpoint and establish RPC session
Julian Hall6bab0212021-07-27 11:45:47 +0100[diff] [blame]70 */
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]71 if (!locate_crypto_service()) {
72 EMSG("Failed to locate crypto service");
73 goto fatal_error;
74 }
Julian Hall6bab0212021-07-27 11:45:47 +0100[diff] [blame]75
76 /**
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]77 * Register claim sources for deployment
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]78 */
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]79 claims_register_init();
80
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]81 /* Boot measurement claim source */
82 claim_source = event_log_claim_source_init_from_config(&event_log_claim_source);
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]83 if (!claim_source) {
84 EMSG("Failed to claim event log source from config");
85 goto fatal_error;
86 }
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]87 claims_register_add_claim_source(CLAIM_CATEGORY_BOOT_MEASUREMENT, claim_source);
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]88
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]89 /* Boot seed claim source */
90 claim_source = boot_seed_generator_init(&boot_seed_claim_source);
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]91 if (!claim_source) {
92 EMSG("Failed to initialize boot seed generator");
93 goto fatal_error;
94 }
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]95 claims_register_add_claim_source(CLAIM_CATEGORY_DEVICE, claim_source);
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]96
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]97 /* Lifecycle state claim source */
98 claim_source = null_lifecycle_claim_source_init(&lifecycle_claim_source);
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]99 if (!claim_source) {
100 EMSG("Failed to initialize lifecycle state claim source");
101 goto fatal_error;
102 }
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]103 claims_register_add_claim_source(CLAIM_CATEGORY_DEVICE, claim_source);
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]104
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]105 /* Instance ID claim source */
106 claim_source = instance_id_claim_source_init(&instance_id_claim_source);
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]107 if (!claim_source) {
108 EMSG("Failed to initialize instance ID claim source");
109 goto fatal_error;
110 }
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]111 claims_register_add_claim_source(CLAIM_CATEGORY_DEVICE, claim_source);
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]112
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]113 /* Implementation ID claim source */
Julian Hall3b2fc5c2021-08-12 15:56:07 +0100[diff] [blame]114 claim_source = implementation_id_claim_source_init(&implementation_id_claim_source,
115 "trustedfirmware.org.ts.attestation_sp");
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]116 if (!claim_source) {
117 EMSG("Failed to initialize implementation ID claim source");
118 goto fatal_error;
119 }
Julian Hall3b2fc5c2021-08-12 15:56:07 +0100[diff] [blame]120 claims_register_add_claim_source(CLAIM_CATEGORY_DEVICE, claim_source);
121
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]122 /**
123 * Initialize the service provider
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]124 */
Julian Hall644b57a2021-06-30 08:45:19 +0100[diff] [blame]125 local_attest_key_mngr_init(LOCAL_ATTEST_KEY_MNGR_VOLATILE_IAK);
126 attest_iface = attest_provider_init(&attest_provider);
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]127 if (!attest_iface) {
128 EMSG("Failed to initialize attestation provider");
129 goto fatal_error;
130 }
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]131
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]132 attest_provider_register_serializer(&attest_provider,
Imre Kis0d5046d2023-07-04 18:00:02 +0200[diff] [blame]133 packedc_attest_provider_serializer_instance());
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]134
Imre Kis0d5046d2023-07-04 18:00:02 +0200[diff] [blame]135 rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 1, 16);
136 if (rpc_status != RPC_SUCCESS) {
137 EMSG("Failed to initialize RPC endpoint: %d", rpc_status);
138 goto fatal_error;
139 }
140
141 rpc_status = ts_rpc_endpoint_sp_add_service(&rpc_endpoint, attest_iface);
142 if (rpc_status != RPC_SUCCESS) {
143 EMSG("Failed to add service to RPC endpoint: %d", rpc_status);
144 goto fatal_error;
145 }
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]146
147 /*********************************************************
148 * End of boot phase
149 *********************************************************/
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]150 result = sp_msg_wait(&req_msg);
151 if (result != SP_RESULT_OK) {
152 EMSG("Failed to send message wait %d", result);
153 goto fatal_error;
154 }
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]155
156 while (1) {
Imre Kis0d5046d2023-07-04 18:00:02 +0200[diff] [blame]157 ts_rpc_endpoint_sp_receive(&rpc_endpoint, &req_msg, &resp_msg);
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]158
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]159 result = sp_msg_send_direct_resp(&resp_msg, &req_msg);
160 if (result != SP_RESULT_OK) {
161 EMSG("Failed to send direct response %d", result);
162 result = sp_msg_wait(&req_msg);
163 if (result != SP_RESULT_OK) {
164 EMSG("Failed to send message wait %d", result);
165 goto fatal_error;
166 }
167 }
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]168 }
169
170fatal_error:
171 /* SP is not viable */
172 EMSG("Attestation SP error");
173 while (1) {}
174}
175
176void sp_interrupt_handler(uint32_t interrupt_id)
177{
178 (void)interrupt_id;
179}
180
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]181static bool sp_init(uint16_t *own_id)
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]182{
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]183 sp_result sp_res = SP_RESULT_INTERNAL_ERROR;
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]184 static uint8_t tx_buffer[4096] __aligned(4096);
185 static uint8_t rx_buffer[4096] __aligned(4096);
186
187 sp_res = sp_rxtx_buffer_map(tx_buffer, rx_buffer, sizeof(rx_buffer));
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]188 if (sp_res != SP_RESULT_OK) {
189 EMSG("Failed to map RXTX buffers: %d", sp_res);
190 return false;
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]191 }
192
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]193 sp_res = sp_discovery_own_id_get(own_id);
194 if (sp_res != SP_RESULT_OK) {
195 EMSG("Failed to query own ID: %d", sp_res);
196 return false;
197 }
198
199 return true;
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]200}
Julian Hallc52807c2021-08-13 15:15:18 +0100[diff] [blame]201
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]202bool locate_crypto_service(void)
Julian Hallc52807c2021-08-13 15:15:18 +0100[diff] [blame]203{
Imre Kis0d5046d2023-07-04 18:00:02 +0200[diff] [blame]204 struct rpc_caller_session *session = NULL;
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]205 psa_status_t psa_status = PSA_ERROR_GENERIC_ERROR;
Julian Hallc52807c2021-08-13 15:15:18 +0100[diff] [blame]206
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]207 service_locator_init();
Julian Hallc52807c2021-08-13 15:15:18 +0100[diff] [blame]208
209 /* todo - add option to use configurable crypto service location */
210 struct service_context *crypto_service_context =
Imre Kis0d5046d2023-07-04 18:00:02 +0200[diff] [blame]211 service_locator_query("sn:ffa:d9df52d5-16a2-4bb2-9aa4-d26d3b84e8c0:0");
Julian Hallc52807c2021-08-13 15:15:18 +0100[diff] [blame]212
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]213 if (!crypto_service_context) {
Imre Kis0d5046d2023-07-04 18:00:02 +0200[diff] [blame]214 EMSG("Service locator query failed");
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]215 return false;
Julian Hallc52807c2021-08-13 15:15:18 +0100[diff] [blame]216 }
217
Imre Kis0d5046d2023-07-04 18:00:02 +0200[diff] [blame]218 session = service_context_open(crypto_service_context);
219 if (!session) {
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]220 EMSG("Failed to open crypto service context");
221 return false;
222 }
223
Imre Kis0d5046d2023-07-04 18:00:02 +0200[diff] [blame]224 psa_status = psa_crypto_client_init(session);
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]225 if (psa_status != PSA_SUCCESS) {
226 EMSG("Failed to init PSA crypto client: %d", psa_status);
227 return false;
228 }
229
230 psa_status = psa_crypto_init();
231 if (psa_status != PSA_SUCCESS) {
232 EMSG("Failed to init PSA crypto: %d", psa_status);
233 return false;
234 }
235
236 return true;
Julian Hallc52807c2021-08-13 15:15:18 +0100[diff] [blame]237}