TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TS / trusted-services / ac721da2bf7b47f42b8a2b52d4bb59c288b5ebc7 / . / deployments / attestation / env / commonsp / attestation_sp.c
blob: d82c217c1ab498c43f6e00cad0481cd598957eaa [file] [log] [blame]
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]1/*
Imre Kis9757f6b2022-07-26 17:19:46 +0200[diff] [blame]2 * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
Imre Kis0d5046d2023-07-04 18:00:02 +0200[diff] [blame]7#include "components/rpc/ts_rpc/endpoint/sp/ts_rpc_endpoint_sp.h"
8#include "components/rpc/ts_rpc/caller/sp/ts_rpc_caller_sp.h"
9#include "components/rpc/common/caller/rpc_caller_session.h"
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]10#include "protocols/rpc/common/packed-c/status.h"
11#include "config/ramstore/config_ramstore.h"
12#include "config/loader/sp/sp_config_loader.h"
13#include "service/attestation/provider/attest_provider.h"
14#include "service/attestation/provider/serializer/packed-c/packedc_attest_provider_serializer.h"
15#include "service/attestation/claims/claims_register.h"
16#include "service/attestation/claims/sources/event_log/event_log_claim_source.h"
17#include "service/attestation/claims/sources/boot_seed_generator/boot_seed_generator.h"
18#include "service/attestation/claims/sources/null_lifecycle/null_lifecycle_claim_source.h"
19#include "service/attestation/claims/sources/instance_id/instance_id_claim_source.h"
20#include "service/attestation/claims/sources/implementation_id/implementation_id_claim_source.h"
21#include "service/attestation/key_mngr/local/local_attest_key_mngr.h"
22#include "service/crypto/client/psa/psa_crypto_client.h"
Gabor Ambrus70908d02023-08-15 14:42:38 +0200[diff] [blame]23#include "service/log/factory/log_factory.h"
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]24#include "service_locator.h"
25#include "psa/crypto.h"
26#include "sp_api.h"
27#include "sp_discovery.h"
28#include "sp_rxtx.h"
29#include "trace.h"
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]30
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]31static bool sp_init(uint16_t *own_sp_id);
32static bool locate_crypto_service(void);
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]33
Balint Dobszay4f9d8e32023-04-13 13:55:08 +0200[diff] [blame]34void __noreturn sp_main(union ffa_boot_info *boot_info)
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]35{
36 /* Service provider objects */
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]37 struct attest_provider attest_provider = { 0 };
Imre Kis0d5046d2023-07-04 18:00:02 +0200[diff] [blame]38 struct rpc_service_interface *attest_iface = NULL;
39 struct ts_rpc_endpoint_sp rpc_endpoint = { 0 };
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]40 struct sp_msg req_msg = { 0 };
41 struct sp_msg resp_msg = { 0 };
Imre Kisf6562652022-07-04 15:33:13 +0200[diff] [blame]42 uint16_t own_id = 0;
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]43 sp_result result = SP_RESULT_INTERNAL_ERROR;
Imre Kis0d5046d2023-07-04 18:00:02 +0200[diff] [blame]44 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]45
46 /* Claim source objects */
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]47 struct claim_source *claim_source = NULL;
48 struct event_log_claim_source event_log_claim_source = { 0 };
49 struct boot_seed_generator boot_seed_claim_source = { 0 };
50 struct null_lifecycle_claim_source lifecycle_claim_source = { 0 };
51 struct instance_id_claim_source instance_id_claim_source = { 0 };
52 struct implementation_id_claim_source implementation_id_claim_source = { 0 };
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]53
54 /*********************************************************
55 * Boot phase
56 *********************************************************/
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]57 if (!sp_init(&own_id)) {
58 EMSG("Failed to init SP");
59 goto fatal_error;
60 }
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]61
62 config_ramstore_init();
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]63
Balint Dobszay4f9d8e32023-04-13 13:55:08 +0200[diff] [blame]64 if (!sp_config_load(boot_info)) {
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]65 EMSG("Failed to load SP config");
66 goto fatal_error;
67 }
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]68
69 /**
Julian Hallc52807c2021-08-13 15:15:18 +0100[diff] [blame]70 * Locate crypto service endpoint and establish RPC session
Julian Hall6bab0212021-07-27 11:45:47 +0100[diff] [blame]71 */
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]72 if (!locate_crypto_service()) {
73 EMSG("Failed to locate crypto service");
74 goto fatal_error;
75 }
Julian Hall6bab0212021-07-27 11:45:47 +0100[diff] [blame]76
77 /**
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]78 * Register claim sources for deployment
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]79 */
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]80 claims_register_init();
81
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]82 /* Boot measurement claim source */
83 claim_source = event_log_claim_source_init_from_config(&event_log_claim_source);
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]84 if (!claim_source) {
85 EMSG("Failed to claim event log source from config");
86 goto fatal_error;
87 }
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]88 claims_register_add_claim_source(CLAIM_CATEGORY_BOOT_MEASUREMENT, claim_source);
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]89
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]90 /* Boot seed claim source */
91 claim_source = boot_seed_generator_init(&boot_seed_claim_source);
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]92 if (!claim_source) {
93 EMSG("Failed to initialize boot seed generator");
94 goto fatal_error;
95 }
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]96 claims_register_add_claim_source(CLAIM_CATEGORY_DEVICE, claim_source);
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]97
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]98 /* Lifecycle state claim source */
99 claim_source = null_lifecycle_claim_source_init(&lifecycle_claim_source);
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]100 if (!claim_source) {
101 EMSG("Failed to initialize lifecycle state claim source");
102 goto fatal_error;
103 }
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]104 claims_register_add_claim_source(CLAIM_CATEGORY_DEVICE, claim_source);
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]105
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]106 /* Instance ID claim source */
107 claim_source = instance_id_claim_source_init(&instance_id_claim_source);
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]108 if (!claim_source) {
109 EMSG("Failed to initialize instance ID claim source");
110 goto fatal_error;
111 }
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]112 claims_register_add_claim_source(CLAIM_CATEGORY_DEVICE, claim_source);
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]113
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]114 /* Implementation ID claim source */
Julian Hall3b2fc5c2021-08-12 15:56:07 +0100[diff] [blame]115 claim_source = implementation_id_claim_source_init(&implementation_id_claim_source,
116 "trustedfirmware.org.ts.attestation_sp");
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]117 if (!claim_source) {
118 EMSG("Failed to initialize implementation ID claim source");
119 goto fatal_error;
120 }
Julian Hall3b2fc5c2021-08-12 15:56:07 +0100[diff] [blame]121 claims_register_add_claim_source(CLAIM_CATEGORY_DEVICE, claim_source);
122
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]123 /**
124 * Initialize the service provider
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]125 */
Julian Hall644b57a2021-06-30 08:45:19 +0100[diff] [blame]126 local_attest_key_mngr_init(LOCAL_ATTEST_KEY_MNGR_VOLATILE_IAK);
127 attest_iface = attest_provider_init(&attest_provider);
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]128 if (!attest_iface) {
129 EMSG("Failed to initialize attestation provider");
130 goto fatal_error;
131 }
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]132
Julian Hall7048d302021-06-03 16:07:28 +0100[diff] [blame]133 attest_provider_register_serializer(&attest_provider,
Imre Kis0d5046d2023-07-04 18:00:02 +0200[diff] [blame]134 packedc_attest_provider_serializer_instance());
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]135
Imre Kis0d5046d2023-07-04 18:00:02 +0200[diff] [blame]136 rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 1, 16);
137 if (rpc_status != RPC_SUCCESS) {
138 EMSG("Failed to initialize RPC endpoint: %d", rpc_status);
139 goto fatal_error;
140 }
141
142 rpc_status = ts_rpc_endpoint_sp_add_service(&rpc_endpoint, attest_iface);
143 if (rpc_status != RPC_SUCCESS) {
144 EMSG("Failed to add service to RPC endpoint: %d", rpc_status);
145 goto fatal_error;
146 }
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]147
148 /*********************************************************
149 * End of boot phase
150 *********************************************************/
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]151 result = sp_msg_wait(&req_msg);
152 if (result != SP_RESULT_OK) {
153 EMSG("Failed to send message wait %d", result);
154 goto fatal_error;
155 }
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]156
157 while (1) {
Imre Kis0d5046d2023-07-04 18:00:02 +0200[diff] [blame]158 ts_rpc_endpoint_sp_receive(&rpc_endpoint, &req_msg, &resp_msg);
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]159
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]160 result = sp_msg_send_direct_resp(&resp_msg, &req_msg);
161 if (result != SP_RESULT_OK) {
162 EMSG("Failed to send direct response %d", result);
163 result = sp_msg_wait(&req_msg);
164 if (result != SP_RESULT_OK) {
165 EMSG("Failed to send message wait %d", result);
166 goto fatal_error;
167 }
168 }
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]169 }
170
171fatal_error:
172 /* SP is not viable */
173 EMSG("Attestation SP error");
174 while (1) {}
175}
176
177void sp_interrupt_handler(uint32_t interrupt_id)
178{
179 (void)interrupt_id;
180}
181
Balint Dobszayac721da2024-07-02 16:33:59 +0200[diff] [blame^]182ffa_result ffa_vm_created_handler(uint16_t vm_id, uint64_t handle)
183{
184 (void)vm_id;
185 (void)handle;
186
187 return FFA_OK;
188}
189
190ffa_result ffa_vm_destroyed_handler(uint16_t vm_id, uint64_t handle)
191{
192 (void)vm_id;
193 (void)handle;
194
195 return FFA_OK;
196}
197
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]198static bool sp_init(uint16_t *own_id)
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]199{
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]200 sp_result sp_res = SP_RESULT_INTERNAL_ERROR;
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]201 static uint8_t tx_buffer[4096] __aligned(4096);
202 static uint8_t rx_buffer[4096] __aligned(4096);
203
204 sp_res = sp_rxtx_buffer_map(tx_buffer, rx_buffer, sizeof(rx_buffer));
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]205 if (sp_res != SP_RESULT_OK) {
206 EMSG("Failed to map RXTX buffers: %d", sp_res);
207 return false;
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]208 }
209
Gabor Ambrus70908d02023-08-15 14:42:38 +0200[diff] [blame]210 IMSG("Start discovering logging service");
211 if (log_factory_create()) {
212 IMSG("Logging service discovery successful");
213 } else {
214 EMSG("Logging service discovery failed, falling back to console log");
215 }
216
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]217 sp_res = sp_discovery_own_id_get(own_id);
218 if (sp_res != SP_RESULT_OK) {
219 EMSG("Failed to query own ID: %d", sp_res);
220 return false;
221 }
222
223 return true;
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]224}
Julian Hallc52807c2021-08-13 15:15:18 +0100[diff] [blame]225
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]226bool locate_crypto_service(void)
Julian Hallc52807c2021-08-13 15:15:18 +0100[diff] [blame]227{
Imre Kis0d5046d2023-07-04 18:00:02 +0200[diff] [blame]228 struct rpc_caller_session *session = NULL;
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]229 psa_status_t psa_status = PSA_ERROR_GENERIC_ERROR;
Julian Hallc52807c2021-08-13 15:15:18 +0100[diff] [blame]230
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]231 service_locator_init();
Julian Hallc52807c2021-08-13 15:15:18 +0100[diff] [blame]232
233 /* todo - add option to use configurable crypto service location */
234 struct service_context *crypto_service_context =
Imre Kis0d5046d2023-07-04 18:00:02 +0200[diff] [blame]235 service_locator_query("sn:ffa:d9df52d5-16a2-4bb2-9aa4-d26d3b84e8c0:0");
Julian Hallc52807c2021-08-13 15:15:18 +0100[diff] [blame]236
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]237 if (!crypto_service_context) {
Imre Kis0d5046d2023-07-04 18:00:02 +0200[diff] [blame]238 EMSG("Service locator query failed");
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]239 return false;
Julian Hallc52807c2021-08-13 15:15:18 +0100[diff] [blame]240 }
241
Imre Kis0d5046d2023-07-04 18:00:02 +0200[diff] [blame]242 session = service_context_open(crypto_service_context);
243 if (!session) {
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]244 EMSG("Failed to open crypto service context");
245 return false;
246 }
247
Imre Kis0d5046d2023-07-04 18:00:02 +0200[diff] [blame]248 psa_status = psa_crypto_client_init(session);
Imre Kis2edea5d2022-07-05 16:42:43 +0200[diff] [blame]249 if (psa_status != PSA_SUCCESS) {
250 EMSG("Failed to init PSA crypto client: %d", psa_status);
251 return false;
252 }
253
254 psa_status = psa_crypto_init();
255 if (psa_status != PSA_SUCCESS) {
256 EMSG("Failed to init PSA crypto: %d", psa_status);
257 return false;
258 }
259
260 return true;
Julian Hallc52807c2021-08-13 15:15:18 +0100[diff] [blame]261}