Blame - deployments/smm-gateway/common/smm_gateway.c - TS/trusted-services

blob: fdc1b8c8f4c81416315ca32bd971afe113833444 [file] [log] [blame]

Julian Hall	ead5b62	2021-11-23 17:31:07 +0100	[diff] [blame]	1	/*
Gabor Toth	7595163	2023-09-06 09:17:28 +0200	[diff] [blame]	2	* Copyright (c) 2021-2023, Arm Limited and Contributors. All rights reserved.
Julian Hall	ead5b62	2021-11-23 17:31:07 +0100	[diff] [blame]	3	*
				4	* SPDX-License-Identifier: BSD-3-Clause
				5	*/
				6
				7	#include <stddef.h>
				8	#include <protocols/rpc/common/packed-c/encoding.h>
Julian Hall	98656d5	2022-05-05 11:09:21 +0100	[diff] [blame]	9	#include <service/uefi/smm_variable/provider/smm_variable_provider.h>
Julian Hall	ead5b62	2021-11-23 17:31:07 +0100	[diff] [blame]	10	#include <service/secure_storage/backend/secure_storage_client/secure_storage_client.h>
				11	#include <service/secure_storage/backend/mock_store/mock_store.h>
				12	#include <service_locator.h>
				13
				14	/* Build-time default configuration */
				15
				16	/* Default to using the Protected Storage SP */
				17	#ifndef SMM_GATEWAY_NV_STORE_SN
				18	#define SMM_GATEWAY_NV_STORE_SN "sn:ffa:751bf801-3dde-4768-a514-0f10aeed1790:0"
				19	#endif
				20
Gabor Toth	bdc11a7	2023-12-13 09:02:15 +0100	[diff] [blame^]	21	#if defined(UEFI_AUTH_VAR) && !defined(UEFI_INTERNAL_CRYPTO)
Gabor Toth	7595163	2023-09-06 09:17:28 +0200	[diff] [blame]	22	/* Default to using the Crypto SP */
				23	#ifndef SMM_GATEWAY_CRYPTO_SN
				24	#define SMM_GATEWAY_CRYPTO_SN "sn:ffa:d9df52d5-16a2-4bb2-9aa4-d26d3b84e8c0:0"
				25	#endif
				26	#endif
				27
Julian Hall	ead5b62	2021-11-23 17:31:07 +0100	[diff] [blame]	28	/* Default maximum number of UEFI variables */
				29	#ifndef SMM_GATEWAY_MAX_UEFI_VARIABLES
				30	#define SMM_GATEWAY_MAX_UEFI_VARIABLES (40)
				31	#endif
				32
				33	/* The smm_gateway instance - it's a singleton */
				34	static struct smm_gateway
				35	{
				36	struct smm_variable_provider smm_variable_provider;
				37	struct secure_storage_client nv_store_client;
				38	struct mock_store volatile_store;
				39	struct service_context *nv_storage_service_context;
Imre Kis	6472142	2023-07-28 15:18:30 +0200	[diff] [blame]	40	struct rpc_caller_session *nv_storage_session;
Gabor Toth	bdc11a7	2023-12-13 09:02:15 +0100	[diff] [blame^]	41	#if defined(UEFI_AUTH_VAR) && !defined(UEFI_INTERNAL_CRYPTO)
Gabor Toth	7595163	2023-09-06 09:17:28 +0200	[diff] [blame]	42	struct service_context *crypto_service_context;
				43	struct rpc_caller_session *crypto_session;
				44	#endif
Julian Hall	ead5b62	2021-11-23 17:31:07 +0100	[diff] [blame]	45
				46	} smm_gateway_instance;
				47
Gabor Toth	bdc11a7	2023-12-13 09:02:15 +0100	[diff] [blame^]	48	#if defined(UEFI_AUTH_VAR) && !defined(UEFI_INTERNAL_CRYPTO)
Gabor Toth	7595163	2023-09-06 09:17:28 +0200	[diff] [blame]	49	bool create_crypto_binding(void)
				50	{
				51	psa_status_t psa_status = PSA_ERROR_GENERIC_ERROR;
				52
				53	smm_gateway_instance.crypto_service_context = NULL;
				54	smm_gateway_instance.crypto_session = NULL;
				55
				56	smm_gateway_instance.crypto_service_context = service_locator_query(SMM_GATEWAY_CRYPTO_SN);
				57	if (!smm_gateway_instance.crypto_service_context)
				58	goto err;
				59
				60	smm_gateway_instance.crypto_session =
				61	service_context_open(smm_gateway_instance.crypto_service_context);
				62	if (!smm_gateway_instance.crypto_session)
				63	goto err;
				64
				65	/* Initialize the crypto client */
				66	psa_status = psa_crypto_client_init(smm_gateway_instance.crypto_session);
				67	if (psa_status != PSA_SUCCESS)
				68	goto err;
				69
				70	psa_status = psa_crypto_init();
				71	if (psa_status != PSA_SUCCESS)
				72	goto err;
				73
				74	return true;
				75
				76	err:
				77	if (smm_gateway_instance.crypto_session != NULL)
				78	{
				79	service_context_close(smm_gateway_instance.crypto_service_context, smm_gateway_instance.crypto_session);
				80	smm_gateway_instance.crypto_session = NULL;
				81	}
				82
				83	if (smm_gateway_instance.crypto_service_context != NULL)
				84	{
				85	service_context_relinquish(smm_gateway_instance.crypto_service_context);
				86	smm_gateway_instance.crypto_service_context = NULL;
				87	}
				88
				89	return false;
				90	}
				91	#else
				92	#define create_crypto_binding(a) (true)
				93	#endif
Julian Hall	ead5b62	2021-11-23 17:31:07 +0100	[diff] [blame]	94
Imre Kis	6472142	2023-07-28 15:18:30 +0200	[diff] [blame]	95	struct rpc_service_interface *smm_gateway_create(uint32_t owner_id)
Julian Hall	ead5b62	2021-11-23 17:31:07 +0100	[diff] [blame]	96	{
Imre Kis	6472142	2023-07-28 15:18:30 +0200	[diff] [blame]	97	service_locator_envinit();
Julian Hall	ead5b62	2021-11-23 17:31:07 +0100	[diff] [blame]	98
				99	/* todo - add option to use configurable service location */
				100	smm_gateway_instance.nv_storage_service_context =
Imre Kis	6472142	2023-07-28 15:18:30 +0200	[diff] [blame]	101	service_locator_query(SMM_GATEWAY_NV_STORE_SN);
Julian Hall	ead5b62	2021-11-23 17:31:07 +0100	[diff] [blame]	102
Imre Kis	6472142	2023-07-28 15:18:30 +0200	[diff] [blame]	103	if (!smm_gateway_instance.nv_storage_service_context)
				104	return NULL;
Julian Hall	ead5b62	2021-11-23 17:31:07 +0100	[diff] [blame]	105
Imre Kis	6472142	2023-07-28 15:18:30 +0200	[diff] [blame]	106	smm_gateway_instance.nv_storage_session = service_context_open(
				107	smm_gateway_instance.nv_storage_service_context);
Julian Hall	ead5b62	2021-11-23 17:31:07 +0100	[diff] [blame]	108
Imre Kis	6472142	2023-07-28 15:18:30 +0200	[diff] [blame]	109	if (!smm_gateway_instance.nv_storage_session)
				110	return NULL;
Julian Hall	ead5b62	2021-11-23 17:31:07 +0100	[diff] [blame]	111
				112	/* Initialize a storage client to access the remote NV store */
Julian Hall	ead5b62	2021-11-23 17:31:07 +0100	[diff] [blame]	113	struct storage_backend *persistent_backend = secure_storage_client_init(
				114	&smm_gateway_instance.nv_store_client,
Imre Kis	6472142	2023-07-28 15:18:30 +0200	[diff] [blame]	115	smm_gateway_instance.nv_storage_session);
				116	if (!persistent_backend)
				117	return NULL;
Julian Hall	ead5b62	2021-11-23 17:31:07 +0100	[diff] [blame]	118
				119	/* Initialize the volatile storage backend */
				120	struct storage_backend *volatile_backend = mock_store_init(
				121	&smm_gateway_instance.volatile_store);
Imre Kis	6472142	2023-07-28 15:18:30 +0200	[diff] [blame]	122	if (!volatile_backend)
				123	return NULL;
Julian Hall	ead5b62	2021-11-23 17:31:07 +0100	[diff] [blame]	124
				125	/* Initialize the smm_variable service provider */
Imre Kis	6472142	2023-07-28 15:18:30 +0200	[diff] [blame]	126	struct rpc_service_interface *service_iface = smm_variable_provider_init(
Julian Hall	ead5b62	2021-11-23 17:31:07 +0100	[diff] [blame]	127	&smm_gateway_instance.smm_variable_provider,
				128	owner_id,
				129	SMM_GATEWAY_MAX_UEFI_VARIABLES,
				130	persistent_backend,
				131	volatile_backend);
				132
Gabor Toth	7595163	2023-09-06 09:17:28 +0200	[diff] [blame]	133	if (!create_crypto_binding())
				134	return NULL;
				135
Julian Hall	ead5b62	2021-11-23 17:31:07 +0100	[diff] [blame]	136	return service_iface;
				137	}