Platform: Add boot seed support
Add a getter function to platform code, which makes possible
to get the boot seed value. Boot seed is a mandatory claim
in the initial attestation token.
Change-Id: Ifd547c541a51093f0766b57ba9e9cdd124cd840d
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
diff --git a/CommonConfig.cmake b/CommonConfig.cmake
index 51ddc6a..8418922 100644
--- a/CommonConfig.cmake
+++ b/CommonConfig.cmake
@@ -32,6 +32,7 @@
set(BUILD_CMSIS_DRIVERS Off)
set(BUILD_UART_STDOUT Off)
set(BUILD_FLASH Off)
+set(BUILD_BOOT_SEED Off)
if(NOT DEFINED PLATFORM_CMAKE_FILE)
message (FATAL_ERROR "Platform specific CMake is not defined. Please set PLATFORM_CMAKE_FILE.")
elseif(NOT EXISTS ${PLATFORM_CMAKE_FILE})
diff --git a/app/CMakeLists.txt b/app/CMakeLists.txt
index efc979f..a4e390b 100755
--- a/app/CMakeLists.txt
+++ b/app/CMakeLists.txt
@@ -70,6 +70,7 @@
set(BUILD_CMSIS_DRIVERS On)
set(BUILD_UART_STDOUT Off)
set(BUILD_FLASH Off)
+set(BUILD_BOOT_SEED Off)
if(NOT DEFINED PLATFORM_CMAKE_FILE)
message (FATAL_ERROR "Platform specific CMake is not defined. Please set PLATFORM_CMAKE_FILE.")
elseif(NOT EXISTS ${PLATFORM_CMAKE_FILE})
diff --git a/platform/ext/Mps2AN519.cmake b/platform/ext/Mps2AN519.cmake
index 0a0741e..af4a560 100644
--- a/platform/ext/Mps2AN519.cmake
+++ b/platform/ext/Mps2AN519.cmake
@@ -167,3 +167,9 @@
if (MCUBOOT_RAM_LOADING)
message (FATAL_ERROR "MCUBOOT_RAM_LOADING is not supported on " ${TARGET_PLATFORM})
endif()
+
+if (NOT DEFINED BUILD_BOOT_SEED)
+ message(FATAL_ERROR "Configuration variable BUILD_BOOT_SEED (true|false) is undefined!")
+elseif(BUILD_BOOT_SEED)
+ list(APPEND ALL_SRC_C "${PLATFORM_DIR}/target/mps2/an519/dummy_boot_seed.c")
+endif()
diff --git a/platform/ext/Mps2AN521.cmake b/platform/ext/Mps2AN521.cmake
index a95b472..7459547 100644
--- a/platform/ext/Mps2AN521.cmake
+++ b/platform/ext/Mps2AN521.cmake
@@ -168,3 +168,9 @@
if (MCUBOOT_RAM_LOADING)
message (FATAL_ERROR "MCUBOOT_RAM_LOADING is not supported on " ${TARGET_PLATFORM})
endif()
+
+if (NOT DEFINED BUILD_BOOT_SEED)
+ message(FATAL_ERROR "Configuration variable BUILD_BOOT_SEED (true|false) is undefined!")
+elseif(BUILD_BOOT_SEED)
+ list(APPEND ALL_SRC_C "${PLATFORM_DIR}/target/mps2/an521/dummy_boot_seed.c")
+endif()
diff --git a/platform/ext/musca_a.cmake b/platform/ext/musca_a.cmake
index ccd5073..985d8b9 100755
--- a/platform/ext/musca_a.cmake
+++ b/platform/ext/musca_a.cmake
@@ -178,3 +178,9 @@
if (MCUBOOT_NO_SWAP)
message (FATAL_ERROR "MCUBOOT_NO_SWAP configuration is not supported on " ${TARGET_PLATFORM})
endif()
+
+if (NOT DEFINED BUILD_BOOT_SEED)
+ message(FATAL_ERROR "Configuration variable BUILD_BOOT_SEED (true|false) is undefined!")
+elseif(BUILD_BOOT_SEED)
+ list(APPEND ALL_SRC_C "${PLATFORM_DIR}/target/musca_a/dummy_boot_seed.c")
+endif()
diff --git a/platform/ext/musca_b1.cmake b/platform/ext/musca_b1.cmake
index c34782a..db584af 100755
--- a/platform/ext/musca_b1.cmake
+++ b/platform/ext/musca_b1.cmake
@@ -165,3 +165,9 @@
if (MCUBOOT_RAM_LOADING)
message(FATAL_ERROR "MCUBOOT_RAM_LOADING is not supported on " ${TARGET_PLATFORM})
endif()
+
+if (NOT DEFINED BUILD_BOOT_SEED)
+ message(FATAL_ERROR "Configuration variable BUILD_BOOT_SEED (true|false) is undefined!")
+elseif(BUILD_BOOT_SEED)
+ list(APPEND ALL_SRC_C "${PLATFORM_DIR}/target/musca_b1/dummy_boot_seed.c")
+endif()
diff --git a/platform/ext/target/mps2/an519/armclang/mps2_an519_s.sct b/platform/ext/target/mps2/an519/armclang/mps2_an519_s.sct
index 420c863..5eef45a 100644
--- a/platform/ext/target/mps2/an519/armclang/mps2_an519_s.sct
+++ b/platform/ext/target/mps2/an519/armclang/mps2_an519_s.sct
@@ -60,6 +60,7 @@
tfm_spm_services.o (+RO)
dummy_crypto_keys.o (+RO)
dummy_nv_counters.o (+RO)
+ dummy_boot_seed.o (+RO)
platform_retarget_dev.o (+RO)
*(SFN)
*armlib*
@@ -139,6 +140,7 @@
tfm_spm_services.o (+RW +ZI)
dummy_crypto_keys.o (+RW +ZI)
dummy_nv_counters.o (+RW +ZI)
+ dummy_boot_seed.o (+RW +ZI)
platform_retarget_dev.o (+RW +ZI)
}
diff --git a/platform/ext/target/mps2/an519/dummy_boot_seed.c b/platform/ext/target/mps2/an519/dummy_boot_seed.c
new file mode 100644
index 0000000..f4cbb5c
--- /dev/null
+++ b/platform/ext/target/mps2/an519/dummy_boot_seed.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2018 ARM Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "platform/include/tfm_plat_boot_seed.h"
+
+/*!
+ * \def BOOT_SEED
+ *
+ * \brief Fixed value for boot seed used for test.
+ */
+#define BOOT_SEED 0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 0xA7, \
+ 0xA8, 0xA9, 0xAA, 0xAB, 0xAC, 0xAD, 0xAE, 0xAF, \
+ 0xB0, 0xB1, 0xB2, 0xB3, 0xB4, 0xB5, 0xB6, 0xB7, \
+ 0xB8, 0xB9, 0xBA, 0xBB, 0xBC, 0xBD, 0xBE, 0xBF
+
+static const uint8_t boot_seed[BOOT_SEED_SIZE] = {BOOT_SEED};
+
+enum tfm_plat_err_t tfm_plat_get_boot_seed(uint32_t size, uint8_t *buf)
+{
+ /* FixMe: - This getter function must be ported per target platform.
+ * - Platform service shall provide an API to further interact this
+ * getter function to retrieve the boot seed.
+ */
+
+ uint32_t i;
+ uint8_t *p_dst = buf;
+ const uint8_t *p_src = boot_seed;
+
+ if (size != BOOT_SEED_SIZE) {
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+
+ for (i = size; i > 0; i--) {
+ *p_dst = *p_src;
+ p_src++;
+ p_dst++;
+ }
+
+ return TFM_PLAT_ERR_SUCCESS;
+}
diff --git a/platform/ext/target/mps2/an519/gcc/mps2_an519_s.ld b/platform/ext/target/mps2/an519/gcc/mps2_an519_s.ld
index bc4717f..951db0d 100644
--- a/platform/ext/target/mps2/an519/gcc/mps2_an519_s.ld
+++ b/platform/ext/target/mps2/an519/gcc/mps2_an519_s.ld
@@ -188,6 +188,8 @@
*dummy_crypto_keys.o(.rodata*)
*dummy_nv_counters.o(.text*)
*dummy_nv_counters.o(.rodata*)
+ *dummy_boot_seed.o(.text*)
+ *dummy_boot_seed.o(.rodata*)
*platform_retarget_dev.o(.text*)
*platform_retarget_dev.o(.rodata*)
*(SFN)
@@ -409,6 +411,7 @@
*/tfm_spm_services.o(.data*)
*/dummy_crypto_keys.o(.data*)
*/dummy_nv_counters.o(.data*)
+ */dummy_boot_seed.o(.data*)
*/platform_retarget_dev.o(.data*)
. = ALIGN(32);
} > RAM AT> FLASH
@@ -421,10 +424,12 @@
*/platform_retarget_dev.o(.bss*)
*/dummy_crypto_keys.o(.bss*)
*/dummy_nv_counters.o(.bss*)
+ */dummy_boot_seed.o(.bss*)
*/tfm_spm_services.o(COMMON)
*/platform_retarget_dev.o(COMMON)
*/dummy_crypto_keys.o(COMMON)
*/dummy_nv_counters.o(COMMON)
+ */dummy_boot_seed.o(COMMON)
. = ALIGN(32);
} > RAM AT> FLASH
Image$$TFM_UNPRIV_RO_DATA$$ZI$$Base = ADDR(.TFM_UNPRIV_RO_BSS);
diff --git a/platform/ext/target/mps2/an519/gcc/mps2_an519_s.ld.template b/platform/ext/target/mps2/an519/gcc/mps2_an519_s.ld.template
index f08b0c8..2d185b8 100644
--- a/platform/ext/target/mps2/an519/gcc/mps2_an519_s.ld.template
+++ b/platform/ext/target/mps2/an519/gcc/mps2_an519_s.ld.template
@@ -139,6 +139,8 @@
*dummy_crypto_keys.o(.rodata*)
*dummy_nv_counters.o(.text*)
*dummy_nv_counters.o(.rodata*)
+ *dummy_boot_seed.o(.text*)
+ *dummy_boot_seed.o(.rodata*)
*platform_retarget_dev.o(.text*)
*platform_retarget_dev.o(.rodata*)
*(SFN)
@@ -270,6 +272,7 @@
*/tfm_spm_services.o(.data*)
*/dummy_crypto_keys.o(.data*)
*/dummy_nv_counters.o(.data*)
+ */dummy_boot_seed.o(.data*)
*/platform_retarget_dev.o(.data*)
. = ALIGN(32);
} > RAM AT> FLASH
@@ -282,10 +285,12 @@
*/platform_retarget_dev.o(.bss*)
*/dummy_crypto_keys.o(.bss*)
*/dummy_nv_counters.o(.bss*)
+ */dummy_boot_seed.o(.bss*)
*/tfm_spm_services.o(COMMON)
*/platform_retarget_dev.o(COMMON)
*/dummy_crypto_keys.o(COMMON)
*/dummy_nv_counters.o(COMMON)
+ */dummy_boot_seed.o(COMMON)
. = ALIGN(32);
} > RAM AT> FLASH
Image$$TFM_UNPRIV_RO_DATA$$ZI$$Base = ADDR(.TFM_UNPRIV_RO_BSS);
diff --git a/platform/ext/target/mps2/an521/armclang/mps2_an521_s.sct b/platform/ext/target/mps2/an521/armclang/mps2_an521_s.sct
index 420c863..5eef45a 100644
--- a/platform/ext/target/mps2/an521/armclang/mps2_an521_s.sct
+++ b/platform/ext/target/mps2/an521/armclang/mps2_an521_s.sct
@@ -60,6 +60,7 @@
tfm_spm_services.o (+RO)
dummy_crypto_keys.o (+RO)
dummy_nv_counters.o (+RO)
+ dummy_boot_seed.o (+RO)
platform_retarget_dev.o (+RO)
*(SFN)
*armlib*
@@ -139,6 +140,7 @@
tfm_spm_services.o (+RW +ZI)
dummy_crypto_keys.o (+RW +ZI)
dummy_nv_counters.o (+RW +ZI)
+ dummy_boot_seed.o (+RW +ZI)
platform_retarget_dev.o (+RW +ZI)
}
diff --git a/platform/ext/target/mps2/an521/dummy_boot_seed.c b/platform/ext/target/mps2/an521/dummy_boot_seed.c
new file mode 100644
index 0000000..f4cbb5c
--- /dev/null
+++ b/platform/ext/target/mps2/an521/dummy_boot_seed.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2018 ARM Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "platform/include/tfm_plat_boot_seed.h"
+
+/*!
+ * \def BOOT_SEED
+ *
+ * \brief Fixed value for boot seed used for test.
+ */
+#define BOOT_SEED 0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 0xA7, \
+ 0xA8, 0xA9, 0xAA, 0xAB, 0xAC, 0xAD, 0xAE, 0xAF, \
+ 0xB0, 0xB1, 0xB2, 0xB3, 0xB4, 0xB5, 0xB6, 0xB7, \
+ 0xB8, 0xB9, 0xBA, 0xBB, 0xBC, 0xBD, 0xBE, 0xBF
+
+static const uint8_t boot_seed[BOOT_SEED_SIZE] = {BOOT_SEED};
+
+enum tfm_plat_err_t tfm_plat_get_boot_seed(uint32_t size, uint8_t *buf)
+{
+ /* FixMe: - This getter function must be ported per target platform.
+ * - Platform service shall provide an API to further interact this
+ * getter function to retrieve the boot seed.
+ */
+
+ uint32_t i;
+ uint8_t *p_dst = buf;
+ const uint8_t *p_src = boot_seed;
+
+ if (size != BOOT_SEED_SIZE) {
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+
+ for (i = size; i > 0; i--) {
+ *p_dst = *p_src;
+ p_src++;
+ p_dst++;
+ }
+
+ return TFM_PLAT_ERR_SUCCESS;
+}
diff --git a/platform/ext/target/mps2/an521/gcc/mps2_an521_s.ld b/platform/ext/target/mps2/an521/gcc/mps2_an521_s.ld
index 456db25..b9e6080 100644
--- a/platform/ext/target/mps2/an521/gcc/mps2_an521_s.ld
+++ b/platform/ext/target/mps2/an521/gcc/mps2_an521_s.ld
@@ -188,6 +188,8 @@
*dummy_crypto_keys.o(.rodata*)
*dummy_nv_counters.o(.text*)
*dummy_nv_counters.o(.rodata*)
+ *dummy_boot_seed.o(.text*)
+ *dummy_boot_seed.o(.rodata*)
*platform_retarget_dev.o(.text*)
*platform_retarget_dev.o(.rodata*)
*(SFN)
@@ -409,6 +411,7 @@
*/tfm_spm_services.o(.data*)
*/dummy_crypto_keys.o(.data*)
*/dummy_nv_counters.o(.data*)
+ */dummy_boot_seed.o(.data*)
*/platform_retarget_dev.o(.data*)
. = ALIGN(32);
} > RAM AT> FLASH
@@ -421,10 +424,12 @@
*/platform_retarget_dev.o(.bss*)
*/dummy_crypto_keys.o(.bss*)
*/dummy_nv_counters.o(.bss*)
+ */dummy_boot_seed.o(.bss*)
*/tfm_spm_services.o(COMMON)
*/platform_retarget_dev.o(COMMON)
*/dummy_crypto_keys.o(COMMON)
*/dummy_nv_counters.o(COMMON)
+ */dummy_boot_seed.o(COMMON)
. = ALIGN(32);
} > RAM AT> FLASH
Image$$TFM_UNPRIV_RO_DATA$$ZI$$Base = ADDR(.TFM_UNPRIV_RO_BSS);
diff --git a/platform/ext/target/mps2/an521/gcc/mps2_an521_s.ld.template b/platform/ext/target/mps2/an521/gcc/mps2_an521_s.ld.template
index dfe91a4..876a47a 100644
--- a/platform/ext/target/mps2/an521/gcc/mps2_an521_s.ld.template
+++ b/platform/ext/target/mps2/an521/gcc/mps2_an521_s.ld.template
@@ -139,6 +139,8 @@
*dummy_crypto_keys.o(.rodata*)
*dummy_nv_counters.o(.text*)
*dummy_nv_counters.o(.rodata*)
+ *dummy_boot_seed.o(.text*)
+ *dummy_boot_seed.o(.rodata*)
*platform_retarget_dev.o(.text*)
*platform_retarget_dev.o(.rodata*)
*(SFN)
@@ -270,6 +272,7 @@
*/tfm_spm_services.o(.data*)
*/dummy_crypto_keys.o(.data*)
*/dummy_nv_counters.o(.data*)
+ */dummy_boot_seed.o(.data*)
*/platform_retarget_dev.o(.data*)
. = ALIGN(32);
} > RAM AT> FLASH
@@ -282,10 +285,12 @@
*/platform_retarget_dev.o(.bss*)
*/dummy_crypto_keys.o(.bss*)
*/dummy_nv_counters.o(.bss*)
+ */dummy_boot_seed.o(.bss*)
*/tfm_spm_services.o(COMMON)
*/platform_retarget_dev.o(COMMON)
*/dummy_crypto_keys.o(COMMON)
*/dummy_nv_counters.o(COMMON)
+ */dummy_boot_seed.o(COMMON)
. = ALIGN(32);
} > RAM AT> FLASH
Image$$TFM_UNPRIV_RO_DATA$$ZI$$Base = ADDR(.TFM_UNPRIV_RO_BSS);
diff --git a/platform/ext/target/musca_a/Device/Source/armclang/musca_s.sct b/platform/ext/target/musca_a/Device/Source/armclang/musca_s.sct
index 215efdc..bc40a2f 100755
--- a/platform/ext/target/musca_a/Device/Source/armclang/musca_s.sct
+++ b/platform/ext/target/musca_a/Device/Source/armclang/musca_s.sct
@@ -60,6 +60,7 @@
tfm_spm_services.o (+RO)
dummy_crypto_keys.o (+RO)
dummy_nv_counters.o (+RO)
+ dummy_boot_seed.o (+RO)
platform_retarget_dev.o (+RO)
*(SFN)
*armlib*
@@ -139,6 +140,7 @@
tfm_spm_services.o (+RW +ZI)
dummy_crypto_keys.o (+RW +ZI)
dummy_nv_counters.o (+RW +ZI)
+ dummy_boot_seed.o (+RW +ZI)
platform_retarget_dev.o (+RW +ZI)
}
diff --git a/platform/ext/target/musca_a/Device/Source/gcc/musca_s.ld b/platform/ext/target/musca_a/Device/Source/gcc/musca_s.ld
index bc4717f..951db0d 100644
--- a/platform/ext/target/musca_a/Device/Source/gcc/musca_s.ld
+++ b/platform/ext/target/musca_a/Device/Source/gcc/musca_s.ld
@@ -188,6 +188,8 @@
*dummy_crypto_keys.o(.rodata*)
*dummy_nv_counters.o(.text*)
*dummy_nv_counters.o(.rodata*)
+ *dummy_boot_seed.o(.text*)
+ *dummy_boot_seed.o(.rodata*)
*platform_retarget_dev.o(.text*)
*platform_retarget_dev.o(.rodata*)
*(SFN)
@@ -409,6 +411,7 @@
*/tfm_spm_services.o(.data*)
*/dummy_crypto_keys.o(.data*)
*/dummy_nv_counters.o(.data*)
+ */dummy_boot_seed.o(.data*)
*/platform_retarget_dev.o(.data*)
. = ALIGN(32);
} > RAM AT> FLASH
@@ -421,10 +424,12 @@
*/platform_retarget_dev.o(.bss*)
*/dummy_crypto_keys.o(.bss*)
*/dummy_nv_counters.o(.bss*)
+ */dummy_boot_seed.o(.bss*)
*/tfm_spm_services.o(COMMON)
*/platform_retarget_dev.o(COMMON)
*/dummy_crypto_keys.o(COMMON)
*/dummy_nv_counters.o(COMMON)
+ */dummy_boot_seed.o(COMMON)
. = ALIGN(32);
} > RAM AT> FLASH
Image$$TFM_UNPRIV_RO_DATA$$ZI$$Base = ADDR(.TFM_UNPRIV_RO_BSS);
diff --git a/platform/ext/target/musca_a/Device/Source/gcc/musca_s.ld.template b/platform/ext/target/musca_a/Device/Source/gcc/musca_s.ld.template
index f08b0c8..2d185b8 100644
--- a/platform/ext/target/musca_a/Device/Source/gcc/musca_s.ld.template
+++ b/platform/ext/target/musca_a/Device/Source/gcc/musca_s.ld.template
@@ -139,6 +139,8 @@
*dummy_crypto_keys.o(.rodata*)
*dummy_nv_counters.o(.text*)
*dummy_nv_counters.o(.rodata*)
+ *dummy_boot_seed.o(.text*)
+ *dummy_boot_seed.o(.rodata*)
*platform_retarget_dev.o(.text*)
*platform_retarget_dev.o(.rodata*)
*(SFN)
@@ -270,6 +272,7 @@
*/tfm_spm_services.o(.data*)
*/dummy_crypto_keys.o(.data*)
*/dummy_nv_counters.o(.data*)
+ */dummy_boot_seed.o(.data*)
*/platform_retarget_dev.o(.data*)
. = ALIGN(32);
} > RAM AT> FLASH
@@ -282,10 +285,12 @@
*/platform_retarget_dev.o(.bss*)
*/dummy_crypto_keys.o(.bss*)
*/dummy_nv_counters.o(.bss*)
+ */dummy_boot_seed.o(.bss*)
*/tfm_spm_services.o(COMMON)
*/platform_retarget_dev.o(COMMON)
*/dummy_crypto_keys.o(COMMON)
*/dummy_nv_counters.o(COMMON)
+ */dummy_boot_seed.o(COMMON)
. = ALIGN(32);
} > RAM AT> FLASH
Image$$TFM_UNPRIV_RO_DATA$$ZI$$Base = ADDR(.TFM_UNPRIV_RO_BSS);
diff --git a/platform/ext/target/musca_a/dummy_boot_seed.c b/platform/ext/target/musca_a/dummy_boot_seed.c
new file mode 100644
index 0000000..f4cbb5c
--- /dev/null
+++ b/platform/ext/target/musca_a/dummy_boot_seed.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2018 ARM Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "platform/include/tfm_plat_boot_seed.h"
+
+/*!
+ * \def BOOT_SEED
+ *
+ * \brief Fixed value for boot seed used for test.
+ */
+#define BOOT_SEED 0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 0xA7, \
+ 0xA8, 0xA9, 0xAA, 0xAB, 0xAC, 0xAD, 0xAE, 0xAF, \
+ 0xB0, 0xB1, 0xB2, 0xB3, 0xB4, 0xB5, 0xB6, 0xB7, \
+ 0xB8, 0xB9, 0xBA, 0xBB, 0xBC, 0xBD, 0xBE, 0xBF
+
+static const uint8_t boot_seed[BOOT_SEED_SIZE] = {BOOT_SEED};
+
+enum tfm_plat_err_t tfm_plat_get_boot_seed(uint32_t size, uint8_t *buf)
+{
+ /* FixMe: - This getter function must be ported per target platform.
+ * - Platform service shall provide an API to further interact this
+ * getter function to retrieve the boot seed.
+ */
+
+ uint32_t i;
+ uint8_t *p_dst = buf;
+ const uint8_t *p_src = boot_seed;
+
+ if (size != BOOT_SEED_SIZE) {
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+
+ for (i = size; i > 0; i--) {
+ *p_dst = *p_src;
+ p_src++;
+ p_dst++;
+ }
+
+ return TFM_PLAT_ERR_SUCCESS;
+}
diff --git a/platform/ext/target/musca_b1/Device/Source/armclang/musca_s.sct b/platform/ext/target/musca_b1/Device/Source/armclang/musca_s.sct
index e28f166..80d901c 100644
--- a/platform/ext/target/musca_b1/Device/Source/armclang/musca_s.sct
+++ b/platform/ext/target/musca_b1/Device/Source/armclang/musca_s.sct
@@ -60,6 +60,7 @@
tfm_spm_services.o (+RO)
dummy_crypto_keys.o (+RO)
dummy_nv_counters.o (+RO)
+ dummy_boot_seed.o (+RO)
platform_retarget_dev.o (+RO)
*(SFN)
*armlib*
@@ -139,6 +140,7 @@
tfm_spm_services.o (+RW +ZI)
dummy_crypto_keys.o (+RW +ZI)
dummy_nv_counters.o (+RW +ZI)
+ dummy_boot_seed.o (+RW +ZI)
platform_retarget_dev.o (+RW +ZI)
}
diff --git a/platform/ext/target/musca_b1/Device/Source/gcc/musca_s.ld b/platform/ext/target/musca_b1/Device/Source/gcc/musca_s.ld
index db44652..9d046b4 100644
--- a/platform/ext/target/musca_b1/Device/Source/gcc/musca_s.ld
+++ b/platform/ext/target/musca_b1/Device/Source/gcc/musca_s.ld
@@ -188,6 +188,8 @@
*dummy_crypto_keys.o(.rodata*)
*dummy_nv_counters.o(.text*)
*dummy_nv_counters.o(.rodata*)
+ *dummy_boot_seed.o(.text*)
+ *dummy_boot_seed.o(.rodata*)
*platform_retarget_dev.o(.text*)
*platform_retarget_dev.o(.rodata*)
*(SFN)
@@ -409,6 +411,7 @@
*/tfm_spm_services.o(.data*)
*/dummy_crypto_keys.o(.data*)
*/dummy_nv_counters.o(.data*)
+ */dummy_boot_seed.o(.data*)
*/platform_retarget_dev.o(.data*)
. = ALIGN(32);
} > RAM AT> FLASH
@@ -421,10 +424,12 @@
*/platform_retarget_dev.o(.bss*)
*/dummy_crypto_keys.o(.bss*)
*/dummy_nv_counters.o(.bss*)
+ */dummy_boot_seed.o(.bss*)
*/tfm_spm_services.o(COMMON)
*/platform_retarget_dev.o(COMMON)
*/dummy_crypto_keys.o(COMMON)
*/dummy_nv_counters.o(COMMON)
+ */dummy_boot_seed.o(COMMON)
. = ALIGN(32);
} > RAM AT> FLASH
Image$$TFM_UNPRIV_RO_DATA$$ZI$$Base = ADDR(.TFM_UNPRIV_RO_BSS);
diff --git a/platform/ext/target/musca_b1/Device/Source/gcc/musca_s.ld.template b/platform/ext/target/musca_b1/Device/Source/gcc/musca_s.ld.template
index 8ed42b0..7ec8696 100644
--- a/platform/ext/target/musca_b1/Device/Source/gcc/musca_s.ld.template
+++ b/platform/ext/target/musca_b1/Device/Source/gcc/musca_s.ld.template
@@ -139,6 +139,8 @@
*dummy_crypto_keys.o(.rodata*)
*dummy_nv_counters.o(.text*)
*dummy_nv_counters.o(.rodata*)
+ *dummy_boot_seed.o(.text*)
+ *dummy_boot_seed.o(.rodata*)
*platform_retarget_dev.o(.text*)
*platform_retarget_dev.o(.rodata*)
*(SFN)
@@ -270,6 +272,7 @@
*/tfm_spm_services.o(.data*)
*/dummy_crypto_keys.o(.data*)
*/dummy_nv_counters.o(.data*)
+ */dummy_boot_seed.o(.data*)
*/platform_retarget_dev.o(.data*)
. = ALIGN(32);
} > RAM AT> FLASH
@@ -282,10 +285,12 @@
*/platform_retarget_dev.o(.bss*)
*/dummy_crypto_keys.o(.bss*)
*/dummy_nv_counters.o(.bss*)
+ */dummy_boot_seed.o(.bss*)
*/tfm_spm_services.o(COMMON)
*/platform_retarget_dev.o(COMMON)
*/dummy_crypto_keys.o(COMMON)
*/dummy_nv_counters.o(COMMON)
+ */dummy_boot_seed.o(COMMON)
. = ALIGN(32);
} > RAM AT> FLASH
Image$$TFM_UNPRIV_RO_DATA$$ZI$$Base = ADDR(.TFM_UNPRIV_RO_BSS);
diff --git a/platform/ext/target/musca_b1/dummy_boot_seed.c b/platform/ext/target/musca_b1/dummy_boot_seed.c
new file mode 100644
index 0000000..f4cbb5c
--- /dev/null
+++ b/platform/ext/target/musca_b1/dummy_boot_seed.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2018 ARM Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "platform/include/tfm_plat_boot_seed.h"
+
+/*!
+ * \def BOOT_SEED
+ *
+ * \brief Fixed value for boot seed used for test.
+ */
+#define BOOT_SEED 0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 0xA7, \
+ 0xA8, 0xA9, 0xAA, 0xAB, 0xAC, 0xAD, 0xAE, 0xAF, \
+ 0xB0, 0xB1, 0xB2, 0xB3, 0xB4, 0xB5, 0xB6, 0xB7, \
+ 0xB8, 0xB9, 0xBA, 0xBB, 0xBC, 0xBD, 0xBE, 0xBF
+
+static const uint8_t boot_seed[BOOT_SEED_SIZE] = {BOOT_SEED};
+
+enum tfm_plat_err_t tfm_plat_get_boot_seed(uint32_t size, uint8_t *buf)
+{
+ /* FixMe: - This getter function must be ported per target platform.
+ * - Platform service shall provide an API to further interact this
+ * getter function to retrieve the boot seed.
+ */
+
+ uint32_t i;
+ uint8_t *p_dst = buf;
+ const uint8_t *p_src = boot_seed;
+
+ if (size != BOOT_SEED_SIZE) {
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+
+ for (i = size; i > 0; i--) {
+ *p_dst = *p_src;
+ p_src++;
+ p_dst++;
+ }
+
+ return TFM_PLAT_ERR_SUCCESS;
+}
diff --git a/platform/include/tfm_plat_boot_seed.h b/platform/include/tfm_plat_boot_seed.h
new file mode 100644
index 0000000..11b79f0
--- /dev/null
+++ b/platform/include/tfm_plat_boot_seed.h
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2018, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __TFM_PLAT_BOOT_SEED_H__
+#define __TFM_PLAT_BOOT_SEED_H__
+/**
+ * \file tfm_plat_boot_seed.h
+ *
+ * Boot seed is used by a validating entity to ensure multiple reports were
+ * generated in the same boot session. Boot seed is a random number, generated
+ * only once during a boot cycle and its value is constant in the same cycle.
+ * Size recommendation is 256-bit to meet the statistically improbable property.
+ * Boot seed can be generated by secure boot loader an included to the measured
+ * boot state or can be generated by PRoT SW.
+ */
+
+/**
+ * \note The interfaces defined in this file must be implemented for each
+ * SoC.
+ */
+
+#include <stdint.h>
+#include "tfm_plat_defs.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*!
+ * \def BOOT_SEED_SIZE
+ *
+ * \brief Size of boot seed in bytes.
+ */
+#define BOOT_SEED_SIZE (32u)
+
+/**
+ * \brief Gets the boot seed, which is a constant random number during a boot
+ * cycle.
+ *
+ * \param[in] size The required size of boot seed in bytes
+ * \param[out] buf Pointer to the buffer to store boot seed
+ *
+ * \return TFM_PLAT_ERR_SUCCESS if the value is generated correctly. Otherwise,
+ * it returns TFM_PLAT_ERR_SYSTEM_ERR.
+ */
+enum tfm_plat_err_t tfm_plat_get_boot_seed(uint32_t size, uint8_t *buf);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __TFM_PLAT_BOOT_SEED_H__ */
diff --git a/secure_fw/CMakeLists.txt b/secure_fw/CMakeLists.txt
index 865fa24..ec583c3 100644
--- a/secure_fw/CMakeLists.txt
+++ b/secure_fw/CMakeLists.txt
@@ -46,6 +46,7 @@
set(BUILD_TIME Off)
set(BUILD_UART_STDOUT On)
set(BUILD_FLASH On)
+set(BUILD_BOOT_SEED On)
if(NOT DEFINED PLATFORM_CMAKE_FILE)
message (FATAL_ERROR "Platform specific CMake is not defined. Please set PLATFORM_CMAKE_FILE.")
elseif(NOT EXISTS ${PLATFORM_CMAKE_FILE})
diff --git a/secure_fw/core/CMakeLists.inc b/secure_fw/core/CMakeLists.inc
index a4b6229..249bdc9 100644
--- a/secure_fw/core/CMakeLists.inc
+++ b/secure_fw/core/CMakeLists.inc
@@ -60,6 +60,7 @@
set(BUILD_TIME Off)
set(BUILD_UART_STDOUT Off)
set(BUILD_FLASH Off)
+set(BUILD_BOOT_SEED Off)
if(NOT DEFINED PLATFORM_CMAKE_FILE)
message (FATAL_ERROR "Platform specific CMake is not defined. Please set PLATFORM_CMAKE_FILE.")
elseif(NOT EXISTS ${PLATFORM_CMAKE_FILE})
diff --git a/secure_fw/services/secure_storage/CMakeLists.inc b/secure_fw/services/secure_storage/CMakeLists.inc
index c553f89..bd270e4 100644
--- a/secure_fw/services/secure_storage/CMakeLists.inc
+++ b/secure_fw/services/secure_storage/CMakeLists.inc
@@ -143,6 +143,7 @@
set(BUILD_TIME Off)
set(BUILD_UART_STDOUT Off)
set(BUILD_FLASH Off)
+ set(BUILD_BOOT_SEED Off)
if(NOT DEFINED PLATFORM_CMAKE_FILE)
message (FATAL_ERROR "Platform specific CMake is not defined. Please set PLATFORM_CMAKE_FILE.")
elseif(NOT EXISTS ${PLATFORM_CMAKE_FILE})
diff --git a/secure_fw/spm/CMakeLists.inc b/secure_fw/spm/CMakeLists.inc
index cdc2e7c..640234c 100644
--- a/secure_fw/spm/CMakeLists.inc
+++ b/secure_fw/spm/CMakeLists.inc
@@ -49,6 +49,7 @@
set(BUILD_TIME Off)
set(BUILD_UART_STDOUT Off)
set(BUILD_FLASH Off)
+set(BUILD_BOOT_SEED Off)
if(NOT DEFINED PLATFORM_CMAKE_FILE)
message (FATAL_ERROR "Platform specific CMake is not defined. Please set PLATFORM_CMAKE_FILE.")
elseif(NOT EXISTS ${PLATFORM_CMAKE_FILE})
diff --git a/test/test_services/CMakeLists.inc b/test/test_services/CMakeLists.inc
index d2fd100..521534a 100644
--- a/test/test_services/CMakeLists.inc
+++ b/test/test_services/CMakeLists.inc
@@ -76,6 +76,7 @@
set(BUILD_TIME Off)
set(BUILD_UART_STDOUT Off)
set(BUILD_FLASH Off)
+set(BUILD_BOOT_SEED Off)
if(NOT DEFINED PLATFORM_CMAKE_FILE)
message (FATAL_ERROR "Platform specific CMake is not defined. Please set PLATFORM_CMAKE_FILE.")
elseif(NOT EXISTS ${PLATFORM_CMAKE_FILE})