aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTamas Ban <tamas.ban@arm.com>2019-01-29 22:03:43 +0000
committerTamas Ban <tamas.ban@arm.com>2019-02-14 15:50:12 +0100
commitca682b2885f5d396b94d7099d1418833f1b345f8 (patch)
tree91028f04f3d31ed3a150807f8a55afb80e43eb47
parentc90adc38f4b86bcb8ab3185a0bb3d9ed603297d4 (diff)
downloadtrusted-firmware-m-ca682b2885f5d396b94d7099d1418833f1b345f8.tar.gz
Attest: Handle no SW component case
It might happen that bootloader is not capable to provide the measurements of SW components. In this case a special claim must be included in IAT, which aim is to indicate that the lack of measurement claims is intentional. Change-Id: I183a58cecc8593fa809f6f18d09b6b8b4eea37c1 Signed-off-by: Tamas Ban <tamas.ban@arm.com>
-rw-r--r--secure_fw/services/initial_attestation/attestation_core.c33
-rw-r--r--secure_fw/services/initial_attestation/tfm_attestation.c15
2 files changed, 39 insertions, 9 deletions
diff --git a/secure_fw/services/initial_attestation/attestation_core.c b/secure_fw/services/initial_attestation/attestation_core.c
index 8afdbe1271..b2cd01c92e 100644
--- a/secure_fw/services/initial_attestation/attestation_core.c
+++ b/secure_fw/services/initial_attestation/attestation_core.c
@@ -25,6 +25,11 @@
#define EAT_SW_COMPONENT_NESTED 1 /* Nested map */
#define EAT_SW_COMPONENT_NOT_NESTED 0 /* Flat structure */
+/* Indicates that the boot status does not contain any SW components'
+ * measurement
+ */
+#define NO_SW_COMPONENT_FIXED_VALUE 1
+
/*!
* \var boot_status
*
@@ -414,16 +419,12 @@ attest_add_all_sw_components(struct attest_token_ctx *token_ctx)
uint8_t *tlv_ptr;
uint8_t tlv_id;
int32_t found;
+ uint32_t cnt = 0;
uint32_t module;
QCBOREncodeContext *cbor_encode_ctx;
- /* Open array which stores SW components claims */
- cbor_encode_ctx = attest_token_borrow_cbor_cntxt(token_ctx);
- QCBOREncode_OpenArrayInMapN(cbor_encode_ctx,
- EAT_CBOR_ARM_LABEL_SW_COMPONENTS);
-
/* Starting from module 1, because module 0 contains general claims which
- * are not related to SW module(i.e: boot_seed)
+ * are not related to SW module(i.e: boot_seed, etc.)
*/
for (module = 1; module < SW_MAX; ++module) {
/* Indicates to restart the look up from the beginning of the shared
@@ -439,12 +440,28 @@ attest_add_all_sw_components(struct attest_token_ctx *token_ctx)
}
if (found == 1) {
+ cnt++;
+ if (cnt == 1) {
+ /* Open array which stores SW components claims */
+ cbor_encode_ctx = attest_token_borrow_cbor_cntxt(token_ctx);
+ QCBOREncode_OpenArrayInMapN(cbor_encode_ctx,
+ EAT_CBOR_ARM_LABEL_SW_COMPONENTS);
+ }
attest_add_single_sw_component(token_ctx, module, tlv_ptr);
}
}
- /* Close array which stores SW components claims*/
- QCBOREncode_CloseArray(cbor_encode_ctx);
+ if (cnt != 0) {
+ /* Close array which stores SW components claims*/
+ QCBOREncode_CloseArray(cbor_encode_ctx);
+ } else {
+ /* If there is not any SW components' measurement in the boot status
+ * then include this claim to indicate that this state is intentional
+ */
+ attest_token_add_integer(token_ctx,
+ EAT_CBOR_ARM_LABEL_NO_SW_COMPONENTS,
+ (int64_t)NO_SW_COMPONENT_FIXED_VALUE);
+ }
return PSA_ATTEST_ERR_SUCCESS;
}
diff --git a/secure_fw/services/initial_attestation/tfm_attestation.c b/secure_fw/services/initial_attestation/tfm_attestation.c
index f2dbf922a3..186a58c742 100644
--- a/secure_fw/services/initial_attestation/tfm_attestation.c
+++ b/secure_fw/services/initial_attestation/tfm_attestation.c
@@ -44,13 +44,26 @@ attest_get_caller_client_id(int32_t *caller_id)
enum psa_attest_err_t
attest_get_boot_data(uint8_t major_type, void *ptr, uint32_t len)
{
- enum tfm_status_e tfm_res;
enum psa_attest_err_t attest_res = PSA_ATTEST_ERR_SUCCESS;
+#ifndef BL2
+ struct shared_data_tlv_header *tlv_header;
+
+ /* Avoid compiler warning due to unused argument */
+ (void)len;
+ (void)major_type;
+
+ tlv_header = (struct shared_data_tlv_header *)ptr;
+ tlv_header->tlv_magic = SHARED_DATA_TLV_INFO_MAGIC;
+ tlv_header->tlv_tot_len = SHARED_DATA_HEADER_SIZE;
+#else
+ enum tfm_status_e tfm_res;
+
tfm_res = tfm_core_get_boot_data(major_type, ptr, len);
if (tfm_res != TFM_SUCCESS) {
attest_res = PSA_ATTEST_ERR_INIT_FAILED;
}
+#endif /* BL2 */
return attest_res;
}