1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
/*
* Copyright (c) 2022, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
#include <stdint.h>
#include <string.h>
#include <common/debug.h>
#include <drivers/auth/crypto_mod.h>
#include <drivers/measured_boot/rss/rss_measured_boot.h>
#include <lib/psa/measured_boot.h>
#include <psa/crypto_types.h>
#include <psa/crypto_values.h>
#include <psa/error.h>
#define MBOOT_ALG_SHA512 0
#define MBOOT_ALG_SHA384 1
#define MBOOT_ALG_SHA256 2
#if MBOOT_ALG_ID == MBOOT_ALG_SHA512
#define CRYPTO_MD_ID CRYPTO_MD_SHA512
#define PSA_CRYPTO_MD_ID PSA_ALG_SHA_512
#elif MBOOT_ALG_ID == MBOOT_ALG_SHA384
#define CRYPTO_MD_ID CRYPTO_MD_SHA384
#define PSA_CRYPTO_MD_ID PSA_ALG_SHA_384
#elif MBOOT_ALG_ID == MBOOT_ALG_SHA256
#define CRYPTO_MD_ID CRYPTO_MD_SHA256
#define PSA_CRYPTO_MD_ID PSA_ALG_SHA_256
#else
# error Invalid Measured Boot algorithm.
#endif /* MBOOT_ALG_ID */
/* Pointer to struct rss_mboot_metadata */
static struct rss_mboot_metadata *plat_metadata_ptr;
/* Functions' declarations */
void rss_measured_boot_init(void)
{
/* At this point it is expected that communication channel over MHU
* is already initialised by platform init.
*/
struct rss_mboot_metadata *metadata_ptr;
/* Get pointer to platform's struct rss_mboot_metadata structure */
plat_metadata_ptr = plat_rss_mboot_get_metadata();
assert(plat_metadata_ptr != NULL);
/* Use a local variable to preserve the value of the global pointer */
metadata_ptr = plat_metadata_ptr;
/* Init the non-const members of the metadata structure */
while (metadata_ptr->id != RSS_MBOOT_INVALID_ID) {
metadata_ptr->sw_type_size =
strlen((const char *)&metadata_ptr->sw_type) + 1;
metadata_ptr++;
}
}
int rss_mboot_measure_and_record(uintptr_t data_base, uint32_t data_size,
uint32_t data_id)
{
unsigned char hash_data[CRYPTO_MD_MAX_SIZE];
int rc;
psa_status_t ret;
const struct rss_mboot_metadata *metadata_ptr = plat_metadata_ptr;
/* Get the metadata associated with this image. */
while ((metadata_ptr->id != RSS_MBOOT_INVALID_ID) &&
(metadata_ptr->id != data_id)) {
metadata_ptr++;
}
/* If image is not present in metadata array then skip */
if (metadata_ptr->id == RSS_MBOOT_INVALID_ID) {
return 0;
}
/* Calculate hash */
rc = crypto_mod_calc_hash(CRYPTO_MD_ID,
(void *)data_base, data_size, hash_data);
if (rc != 0) {
return rc;
}
ret = rss_measured_boot_extend_measurement(
metadata_ptr->slot,
metadata_ptr->signer_id,
metadata_ptr->signer_id_size,
metadata_ptr->version,
metadata_ptr->version_size,
PSA_CRYPTO_MD_ID,
metadata_ptr->sw_type,
metadata_ptr->sw_type_size,
hash_data,
MBOOT_DIGEST_SIZE,
metadata_ptr->lock_measurement);
if (ret != PSA_SUCCESS) {
return ret;
}
return 0;
}
int rss_mboot_set_signer_id(unsigned int img_id,
const void *pk_ptr,
size_t pk_len)
{
unsigned char hash_data[CRYPTO_MD_MAX_SIZE];
struct rss_mboot_metadata *metadata_ptr = plat_metadata_ptr;
int rc;
/* Get the metadata associated with this image. */
while ((metadata_ptr->id != RSS_MBOOT_INVALID_ID) &&
(metadata_ptr->id != img_id)) {
metadata_ptr++;
}
/* If image is not present in metadata array then skip */
if (metadata_ptr->id == RSS_MBOOT_INVALID_ID) {
return 0;
}
/* Calculate public key hash */
rc = crypto_mod_calc_hash(CRYPTO_MD_ID, (void *)pk_ptr,
pk_len, hash_data);
if (rc != 0) {
return rc;
}
/* Update metadata struct with the received signer_id */
(void)memcpy(metadata_ptr->signer_id, hash_data, MBOOT_DIGEST_SIZE);
metadata_ptr->signer_id_size = MBOOT_DIGEST_SIZE;
return 0;
}
|
