diff options
| -rw-r--r-- | Makefile | 9 | ||||
| -rw-r--r-- | bl1/bl1_main.c | 7 | ||||
| -rw-r--r-- | bl2/bl2_main.c | 7 | ||||
| -rw-r--r-- | common/bl_common.c | 66 | ||||
| -rw-r--r-- | docs/getting_started/build-options.rst | 6 | ||||
| -rw-r--r-- | drivers/auth/auth_mod.c | 5 | ||||
| -rw-r--r-- | drivers/auth/crypto_mod.c | 5 | ||||
| -rw-r--r-- | drivers/auth/mbedtls/mbedtls_crypto.c | 12 | ||||
| -rw-r--r-- | include/drivers/auth/auth_mod.h | 12 | ||||
| -rw-r--r-- | include/drivers/auth/crypto_mod.h | 22 |
10 files changed, 72 insertions, 79 deletions
@@ -768,15 +768,6 @@ ifeq ($(CTX_INCLUDE_MTE_REGS),1) endif endif -# Trusted Boot is a prerequisite for Measured Boot. It provides trust that the -# code taking the measurements and recording them has not been tampered -# with. This is referred to as the Root of Trust for Measurement. -ifeq ($(MEASURED_BOOT),1) - ifneq (${TRUSTED_BOARD_BOOT},1) - $(error MEASURED_BOOT requires TRUSTED_BOARD_BOOT=1) - endif -endif - ifeq ($(PSA_FWU_SUPPORT),1) $(info PSA_FWU_SUPPORT is an experimental feature) endif diff --git a/bl1/bl1_main.c b/bl1/bl1_main.c index 663ec642b..7399bc8fc 100644 --- a/bl1/bl1_main.c +++ b/bl1/bl1_main.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -15,6 +15,7 @@ #include <common/bl_common.h> #include <common/debug.h> #include <drivers/auth/auth_mod.h> +#include <drivers/auth/crypto_mod.h> #include <drivers/console.h> #include <lib/cpus/errata_report.h> #include <lib/utils.h> @@ -121,10 +122,10 @@ void bl1_main(void) /* Perform remaining generic architectural setup from EL3 */ bl1_arch_setup(); -#if TRUSTED_BOARD_BOOT + crypto_mod_init(); + /* Initialize authentication module */ auth_mod_init(); -#endif /* TRUSTED_BOARD_BOOT */ /* Initialize the measured boot */ bl1_plat_mboot_init(); diff --git a/bl2/bl2_main.c b/bl2/bl2_main.c index 90fe39bc2..5da803795 100644 --- a/bl2/bl2_main.c +++ b/bl2/bl2_main.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -13,6 +13,7 @@ #include <common/bl_common.h> #include <common/debug.h> #include <drivers/auth/auth_mod.h> +#include <drivers/auth/crypto_mod.h> #include <drivers/console.h> #include <drivers/fwu/fwu.h> #include <lib/extensions/pauth.h> @@ -89,10 +90,10 @@ void bl2_main(void) fwu_init(); #endif /* PSA_FWU_SUPPORT */ -#if TRUSTED_BOARD_BOOT + crypto_mod_init(); + /* Initialize authentication module */ auth_mod_init(); -#endif /* TRUSTED_BOARD_BOOT */ /* Initialize the Measured Boot backend */ bl2_plat_mboot_init(); diff --git a/common/bl_common.c b/common/bl_common.c index eb2352a77..9bfaafd2b 100644 --- a/common/bl_common.c +++ b/common/bl_common.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2021, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -143,25 +143,6 @@ exit: return io_result; } -/* - * Load an image and flush it out to main memory so that it can be executed - * later by any CPU, regardless of cache and MMU state. - */ -static int load_image_flush(unsigned int image_id, - image_info_t *image_data) -{ - int rc; - - rc = load_image(image_id, image_data); - if (rc == 0) { - flush_dcache_range(image_data->image_base, - image_data->image_size); - } - - return rc; -} - - #if TRUSTED_BOARD_BOOT /* * This function uses recursion to authenticate the parent images up to the root @@ -202,30 +183,6 @@ static int load_auth_image_recursive(unsigned int image_id, return -EAUTH; } - if (is_parent_image == 0) { - /* - * Measure the image. - * We do not measure its parents because these only play a role - * in authentication, which is orthogonal to measured boot. - * - * TODO: Change this code if we change our minds about measuring - * certificates. - */ - rc = plat_mboot_measure_image(image_id, image_data); - if (rc != 0) { - return rc; - } - - /* - * Flush the image to main memory so that it can be executed - * later by any CPU, regardless of cache and MMU state. This - * is only needed for child images, not for the parents - * (certificates). - */ - flush_dcache_range(image_data->image_base, - image_data->image_size); - } - return 0; } #endif /* TRUSTED_BOARD_BOOT */ @@ -239,7 +196,7 @@ static int load_auth_image_internal(unsigned int image_id, } #endif - return load_image_flush(image_id, image_data); + return load_image(image_id, image_data); } /******************************************************************************* @@ -266,6 +223,25 @@ int load_auth_image(unsigned int image_id, image_info_t *image_data) } while ((err != 0) && (plat_try_next_boot_source() != 0)); #endif /* PSA_FWU_SUPPORT */ + if (err == 0) { + /* + * If loading of the image gets passed (along with its + * authentication in case of Trusted-Boot flow) then measure + * it (if MEASURED_BOOT flag is enabled). + */ + err = plat_mboot_measure_image(image_id, image_data); + if (err != 0) { + return err; + } + + /* + * Flush the image to main memory so that it can be executed + * later by any CPU, regardless of cache and MMU state. + */ + flush_dcache_range(image_data->image_base, + image_data->image_size); + } + return err; } diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst index d77875e2b..a34bb3cef 100644 --- a/docs/getting_started/build-options.rst +++ b/docs/getting_started/build-options.rst @@ -529,9 +529,9 @@ Common build options the build. The default value is 40 in debug builds and 20 in release builds. - ``MEASURED_BOOT``: Boolean flag to include support for the Measured Boot - feature. If this flag is enabled ``TRUSTED_BOARD_BOOT`` must be set as well - in order to provide trust that the code taking the measurements and recording - them has not been tampered with. + feature. This flag can be enabled with ``TRUSTED_BOARD_BOOT`` in order to + provide trust that the code taking the measurements and recording them has + not been tampered with. This option defaults to 0. diff --git a/drivers/auth/auth_mod.c b/drivers/auth/auth_mod.c index 917ee4a28..a99a2c70c 100644 --- a/drivers/auth/auth_mod.c +++ b/drivers/auth/auth_mod.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -339,9 +339,6 @@ void auth_mod_init(void) /* Check we have a valid CoT registered */ assert(cot_desc_ptr != NULL); - /* Crypto module */ - crypto_mod_init(); - /* Image parser module */ img_parser_init(); } diff --git a/drivers/auth/crypto_mod.c b/drivers/auth/crypto_mod.c index 127eb0df5..eada3579a 100644 --- a/drivers/auth/crypto_mod.c +++ b/drivers/auth/crypto_mod.c @@ -46,8 +46,13 @@ void crypto_mod_init(void) { assert(crypto_lib_desc.name != NULL); assert(crypto_lib_desc.init != NULL); +#if TRUSTED_BOARD_BOOT assert(crypto_lib_desc.verify_signature != NULL); assert(crypto_lib_desc.verify_hash != NULL); +#endif /* TRUSTED_BOARD_BOOT */ +#if MEASURED_BOOT + assert(crypto_lib_desc.calc_hash != NULL); +#endif /* MEASURED_BOOT */ /* Initialize the cryptographic library */ crypto_lib_desc.init(); diff --git a/drivers/auth/mbedtls/mbedtls_crypto.c b/drivers/auth/mbedtls/mbedtls_crypto.c index 114e6adf1..0901d045a 100644 --- a/drivers/auth/mbedtls/mbedtls_crypto.c +++ b/drivers/auth/mbedtls/mbedtls_crypto.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2021, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -60,6 +60,7 @@ static void init(void) mbedtls_init(); } +#if TRUSTED_BOARD_BOOT /* * Verify a signature. * @@ -218,6 +219,7 @@ static int verify_hash(void *data_ptr, unsigned int data_len, return CRYPTO_SUCCESS; } +#endif /* TRUSTED_BOARD_BOOT */ #if MEASURED_BOOT /* @@ -366,7 +368,7 @@ static int auth_decrypt(enum crypto_dec_algo dec_algo, void *data_ptr, /* * Register crypto library descriptor */ -#if MEASURED_BOOT +#if MEASURED_BOOT && TRUSTED_BOARD_BOOT #if TF_MBEDTLS_USE_AES_GCM REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash, auth_decrypt); @@ -374,11 +376,13 @@ REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash, REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash, NULL); #endif -#else /* MEASURED_BOOT */ +#elif TRUSTED_BOARD_BOOT #if TF_MBEDTLS_USE_AES_GCM REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, auth_decrypt); #else REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL); #endif -#endif /* MEASURED_BOOT */ +#elif MEASURED_BOOT +REGISTER_CRYPTO_LIB(LIB_NAME, init, calc_hash); +#endif /* MEASURED_BOOT && TRUSTED_BOARD_BOOT */ diff --git a/include/drivers/auth/auth_mod.h b/include/drivers/auth/auth_mod.h index d1fd52c86..94537f61a 100644 --- a/include/drivers/auth/auth_mod.h +++ b/include/drivers/auth/auth_mod.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -7,8 +7,6 @@ #ifndef AUTH_MOD_H #define AUTH_MOD_H -#if TRUSTED_BOARD_BOOT - #include <common/tbbr/cot_def.h> #include <common/tbbr/tbbr_img_def.h> #include <drivers/auth/auth_common.h> @@ -46,7 +44,13 @@ typedef struct auth_img_desc_s { #endif /* COT_DESC_IN_DTB && !IMAGE_BL1 */ /* Public functions */ +#if TRUSTED_BOARD_BOOT void auth_mod_init(void); +#else +static inline void auth_mod_init(void) +{ +} +#endif /* TRUSTED_BOARD_BOOT */ int auth_mod_get_parent_id(unsigned int img_id, unsigned int *parent_id); int auth_mod_verify_img(unsigned int img_id, void *img_ptr, @@ -85,6 +89,4 @@ extern unsigned int auth_img_flags[MAX_NUMBER_IDS]; #endif -#endif /* TRUSTED_BOARD_BOOT */ - #endif /* AUTH_MOD_H */ diff --git a/include/drivers/auth/crypto_mod.h b/include/drivers/auth/crypto_mod.h index cdcf50402..73b2b998c 100644 --- a/include/drivers/auth/crypto_mod.h +++ b/include/drivers/auth/crypto_mod.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2021, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -76,7 +76,14 @@ typedef struct crypto_lib_desc_s { } crypto_lib_desc_t; /* Public functions */ +#if CRYPTO_SUPPORT void crypto_mod_init(void); +#else +static inline void crypto_mod_init(void) +{ +} +#endif /* CRYPTO_SUPPORT */ + int crypto_mod_verify_signature(void *data_ptr, unsigned int data_len, void *sig_ptr, unsigned int sig_len, void *sig_alg_ptr, unsigned int sig_alg_len, @@ -93,7 +100,9 @@ int crypto_mod_auth_decrypt(enum crypto_dec_algo dec_algo, void *data_ptr, int crypto_mod_calc_hash(enum crypto_md_algo alg, void *data_ptr, unsigned int data_len, unsigned char output[CRYPTO_MD_MAX_SIZE]); +#endif /* MEASURED_BOOT */ +#if MEASURED_BOOT && TRUSTED_BOARD_BOOT /* Macro to register a cryptographic library */ #define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash, \ _calc_hash, _auth_decrypt) \ @@ -105,7 +114,7 @@ int crypto_mod_calc_hash(enum crypto_md_algo alg, void *data_ptr, .calc_hash = _calc_hash, \ .auth_decrypt = _auth_decrypt \ } -#else +#elif TRUSTED_BOARD_BOOT #define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash, \ _auth_decrypt) \ const crypto_lib_desc_t crypto_lib_desc = { \ @@ -115,7 +124,14 @@ int crypto_mod_calc_hash(enum crypto_md_algo alg, void *data_ptr, .verify_hash = _verify_hash, \ .auth_decrypt = _auth_decrypt \ } -#endif /* MEASURED_BOOT */ +#elif MEASURED_BOOT +#define REGISTER_CRYPTO_LIB(_name, _init, _calc_hash) \ + const crypto_lib_desc_t crypto_lib_desc = { \ + .name = _name, \ + .init = _init, \ + .calc_hash = _calc_hash, \ + } +#endif /* MEASURED_BOOT && TRUSTED_BOARD_BOOT */ extern const crypto_lib_desc_t crypto_lib_desc; |