Blame - bl2/src/security_cnt.c - sandbox/pfalcon/trusted-firmware-m

blob: 7ee6bb05a2ebbc78230509f4916b6f0dbd2d5e62 [file] [log] [blame]

David Vincze	060968d	2019-05-23 01:13:14 +0200	[diff] [blame]	1	/*
Raef Coles	91fadb9	2021-06-18 09:20:50 +0100	[diff] [blame^]	2	* Copyright (c) 2019-2021, Arm Limited. All rights reserved.
David Vincze	060968d	2019-05-23 01:13:14 +0200	[diff] [blame]	3	*
				4	* SPDX-License-Identifier: BSD-3-Clause
				5	*
				6	*/
				7
Balint Matyi	69e2d2e	2020-07-08 10:53:54 +0100	[diff] [blame]	8	#include "bootutil/security_cnt.h"
David Vincze	060968d	2019-05-23 01:13:14 +0200	[diff] [blame]	9	#include "../../platform/include/tfm_plat_nv_counters.h"
				10	#include "../../platform/include/tfm_plat_defs.h"
Tamas Ban	1bfc9da	2020-07-09 13:55:38 +0100	[diff] [blame]	11	#include "bootutil/fault_injection_hardening.h"
David Vincze	060968d	2019-05-23 01:13:14 +0200	[diff] [blame]	12	#include <stdint.h>
				13
Raef Coles	91fadb9	2021-06-18 09:20:50 +0100	[diff] [blame^]	14	#define TFM_BOOT_NV_COUNTER_0 PLAT_NV_COUNTER_BL2_0 /* NV counter of Image 0 */
				15	#define TFM_BOOT_NV_COUNTER_1 PLAT_NV_COUNTER_BL2_1 /* NV counter of Image 1 */
				16	#define TFM_BOOT_NV_COUNTER_2 PLAT_NV_COUNTER_BL2_2 /* NV counter of Image 2 */
				17	#define TFM_BOOT_NV_COUNTER_MAX PLAT_NV_COUNTER_BL2_2 + 1
David Vincze	060968d	2019-05-23 01:13:14 +0200	[diff] [blame]	18
				19	static enum tfm_nv_counter_t get_nv_counter_from_image_id(uint32_t image_id)
				20	{
				21	uint32_t nv_counter;
				22
				23	/* Avoid integer overflow */
				24	if ((UINT32_MAX - TFM_BOOT_NV_COUNTER_0) < image_id) {
				25	return TFM_BOOT_NV_COUNTER_MAX;
				26	}
				27
				28	nv_counter = TFM_BOOT_NV_COUNTER_0 + image_id;
				29
				30	/* Check the existence of the enumerated counter value */
				31	if (nv_counter >= TFM_BOOT_NV_COUNTER_MAX) {
				32	return TFM_BOOT_NV_COUNTER_MAX;
				33	}
				34
				35	return (enum tfm_nv_counter_t)nv_counter;
				36	}
				37
Tamas Ban	1bfc9da	2020-07-09 13:55:38 +0100	[diff] [blame]	38	fih_int boot_nv_security_counter_init(void)
David Vincze	060968d	2019-05-23 01:13:14 +0200	[diff] [blame]	39	{
Tamas Ban	1bfc9da	2020-07-09 13:55:38 +0100	[diff] [blame]	40	fih_int fih_rc = FIH_FAILURE;
David Vincze	060968d	2019-05-23 01:13:14 +0200	[diff] [blame]	41
Tamas Ban	1bfc9da	2020-07-09 13:55:38 +0100	[diff] [blame]	42	fih_rc = fih_int_encode_zero_equality(tfm_plat_init_nv_counter());
David Vincze	060968d	2019-05-23 01:13:14 +0200	[diff] [blame]	43
Tamas Ban	1bfc9da	2020-07-09 13:55:38 +0100	[diff] [blame]	44	FIH_RET(fih_rc);
David Vincze	060968d	2019-05-23 01:13:14 +0200	[diff] [blame]	45	}
				46
Tamas Ban	1bfc9da	2020-07-09 13:55:38 +0100	[diff] [blame]	47	fih_int boot_nv_security_counter_get(uint32_t image_id, fih_int *security_cnt)
David Vincze	060968d	2019-05-23 01:13:14 +0200	[diff] [blame]	48	{
				49	enum tfm_nv_counter_t nv_counter;
Tamas Ban	1bfc9da	2020-07-09 13:55:38 +0100	[diff] [blame]	50	fih_int fih_rc = FIH_FAILURE;
				51	uint32_t security_cnt_soft;
David Vincze	060968d	2019-05-23 01:13:14 +0200	[diff] [blame]	52
				53	/* Check if it's a null-pointer. */
				54	if (!security_cnt) {
Tamas Ban	1bfc9da	2020-07-09 13:55:38 +0100	[diff] [blame]	55	FIH_RET(FIH_FAILURE);
David Vincze	060968d	2019-05-23 01:13:14 +0200	[diff] [blame]	56	}
				57
				58	nv_counter = get_nv_counter_from_image_id(image_id);
Raef Coles	91fadb9	2021-06-18 09:20:50 +0100	[diff] [blame^]	59	if (nv_counter >= TFM_BOOT_NV_COUNTER_MAX) {
Tamas Ban	1bfc9da	2020-07-09 13:55:38 +0100	[diff] [blame]	60	FIH_RET(FIH_FAILURE);
David Vincze	060968d	2019-05-23 01:13:14 +0200	[diff] [blame]	61	}
				62
Tamas Ban	1bfc9da	2020-07-09 13:55:38 +0100	[diff] [blame]	63	fih_rc = fih_int_encode_zero_equality(
				64	tfm_plat_read_nv_counter(nv_counter,
				65	sizeof(security_cnt_soft),
				66	(uint8_t *)&security_cnt_soft));
				67	*security_cnt = fih_int_encode(security_cnt_soft);
David Vincze	060968d	2019-05-23 01:13:14 +0200	[diff] [blame]	68
Tamas Ban	1bfc9da	2020-07-09 13:55:38 +0100	[diff] [blame]	69	FIH_RET(fih_rc);
David Vincze	060968d	2019-05-23 01:13:14 +0200	[diff] [blame]	70	}
				71
				72	int32_t boot_nv_security_counter_update(uint32_t image_id,
				73	uint32_t img_security_cnt)
				74	{
				75	enum tfm_nv_counter_t nv_counter;
				76	enum tfm_plat_err_t err;
				77
				78	nv_counter = get_nv_counter_from_image_id(image_id);
Raef Coles	91fadb9	2021-06-18 09:20:50 +0100	[diff] [blame^]	79	if (nv_counter >= TFM_BOOT_NV_COUNTER_MAX) {
David Vincze	060968d	2019-05-23 01:13:14 +0200	[diff] [blame]	80	return -1;
				81	}
				82
				83	err = tfm_plat_set_nv_counter(nv_counter, img_security_cnt);
				84	if (err != TFM_PLAT_ERR_SUCCESS) {
				85	return -1;
				86	}
				87
				88	return 0;
				89	}