refactor(measured boot): make measurement strings compliant with SBSG

Made measurement strings compliant to Server Base Security Guide
(SBSG, Arm DEN 0086) hence updated measurement strings for BL32, BL31,
and SCP_BL2 images. As the GPT image is not get measured by BL2 so
removed its measurement string.
Also, namespaced measurement string defines that were looking quite
generic.

Change-Id: Iaa17c0cfeee3d06dc822eff2bd553da23bd99b76
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This commit is contained in:
Manish V Badarkhe 2021-09-08 20:04:24 +01:00
parent 0500f4479e
commit 8a89e1898b
3 changed files with 48 additions and 28 deletions

View File

@ -42,21 +42,41 @@
#define MEMBER_SIZE(type, member) sizeof(((type *)0)->member)
#define BL2_STRING "BL_2"
#define BL31_STRING "BL_31"
#define BL32_STRING "BL_32"
#define BL32_EXTRA1_IMAGE_STRING "BL32_EXTRA1_IMAGE"
#define BL32_EXTRA2_IMAGE_STRING "BL32_EXTRA2_IMAGE"
#define BL33_STRING "BL_33"
#define FW_CONFIG_STRING "FW_CONFIG"
#define GPT_IMAGE_STRING "GPT"
#define HW_CONFIG_STRING "HW_CONFIG"
#define NT_FW_CONFIG_STRING "NT_FW_CONFIG"
#define SCP_BL2_IMAGE_STRING "SCP_BL2_IMAGE"
#define SOC_FW_CONFIG_STRING "SOC_FW_CONFIG"
#define STM32_IMAGE_STRING "STM32"
#define TB_FW_CONFIG_STRING "TB_FW_CONFIG"
#define TOS_FW_CONFIG_STRING "TOS_FW_CONFIG"
/*
* Each event log entry has some metadata (i.e. a string) that identifies
* what is measured.These macros define these strings.
* Note that these strings follow the standardization recommendations
* defined in the Arm Server Base Security Guide (a.k.a. SBSG, Arm DEN 0086),
* where applicable. They should not be changed in the code.
* Where the SBSG does not make recommendations, we are free to choose any
* naming convention.
* The key thing is to choose meaningful strings so that when the TPM event
* log is used in attestation, the different components can be identified.
*/
#define EVLOG_BL2_STRING "BL_2"
#define EVLOG_BL31_STRING "SECURE_RT_EL3"
#if defined(SPD_opteed)
#define EVLOG_BL32_STRING "SECURE_RT_EL1_OPTEE"
#elif defined(SPD_tspd)
#define EVLOG_BL32_STRING "SECURE_RT_EL1_TSPD"
#elif defined(SPD_tlkd)
#define EVLOG_BL32_STRING "SECURE_RT_EL1_TLKD"
#elif defined(SPD_trusty)
#define EVLOG_BL32_STRING "SECURE_RT_EL1_TRUSTY"
#else
#define EVLOG_BL32_STRING "SECURE_RT_EL1_UNKNOWN"
#endif
#define EVLOG_BL32_EXTRA1_STRING "SECURE_RT_EL1_OPTEE_EXTRA1"
#define EVLOG_BL32_EXTRA2_STRING "SECURE_RT_EL1_OPTEE_EXTRA2"
#define EVLOG_BL33_STRING "BL_33"
#define EVLOG_FW_CONFIG_STRING "FW_CONFIG"
#define EVLOG_HW_CONFIG_STRING "HW_CONFIG"
#define EVLOG_NT_FW_CONFIG_STRING "NT_FW_CONFIG"
#define EVLOG_SCP_BL2_STRING "SYS_CTRL_2"
#define EVLOG_SOC_FW_CONFIG_STRING "SOC_FW_CONFIG"
#define EVLOG_STM32_STRING "STM32"
#define EVLOG_TB_FW_CONFIG_STRING "TB_FW_CONFIG"
#define EVLOG_TOS_FW_CONFIG_STRING "TOS_FW_CONFIG"
typedef struct {
unsigned int id;

View File

@ -14,9 +14,9 @@ static uint8_t event_log[PLAT_ARM_EVENT_LOG_MAX_SIZE];
/* FVP table with platform specific image IDs, names and PCRs */
const event_log_metadata_t fvp_event_log_metadata[] = {
{ FW_CONFIG_ID, FW_CONFIG_STRING, PCR_0 },
{ TB_FW_CONFIG_ID, TB_FW_CONFIG_STRING, PCR_0 },
{ BL2_IMAGE_ID, BL2_STRING, PCR_0 },
{ FW_CONFIG_ID, EVLOG_FW_CONFIG_STRING, PCR_0 },
{ TB_FW_CONFIG_ID, EVLOG_TB_FW_CONFIG_STRING, PCR_0 },
{ BL2_IMAGE_ID, EVLOG_BL2_STRING, PCR_0 },
{ INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */
};

View File

@ -14,16 +14,16 @@ static uint64_t event_log_base;
/* FVP table with platform specific image IDs, names and PCRs */
const event_log_metadata_t fvp_event_log_metadata[] = {
{ BL31_IMAGE_ID, BL31_STRING, PCR_0 },
{ BL32_IMAGE_ID, BL32_STRING, PCR_0 },
{ BL32_EXTRA1_IMAGE_ID, BL32_EXTRA1_IMAGE_STRING, PCR_0 },
{ BL32_EXTRA2_IMAGE_ID, BL32_EXTRA2_IMAGE_STRING, PCR_0 },
{ BL33_IMAGE_ID, BL33_STRING, PCR_0 },
{ HW_CONFIG_ID, HW_CONFIG_STRING, PCR_0 },
{ NT_FW_CONFIG_ID, NT_FW_CONFIG_STRING, PCR_0 },
{ SCP_BL2_IMAGE_ID, SCP_BL2_IMAGE_STRING, PCR_0 },
{ SOC_FW_CONFIG_ID, SOC_FW_CONFIG_STRING, PCR_0 },
{ TOS_FW_CONFIG_ID, TOS_FW_CONFIG_STRING, PCR_0 },
{ BL31_IMAGE_ID, EVLOG_BL31_STRING, PCR_0 },
{ BL32_IMAGE_ID, EVLOG_BL32_STRING, PCR_0 },
{ BL32_EXTRA1_IMAGE_ID, EVLOG_BL32_EXTRA1_STRING, PCR_0 },
{ BL32_EXTRA2_IMAGE_ID, EVLOG_BL32_EXTRA2_STRING, PCR_0 },
{ BL33_IMAGE_ID, EVLOG_BL33_STRING, PCR_0 },
{ HW_CONFIG_ID, EVLOG_HW_CONFIG_STRING, PCR_0 },
{ NT_FW_CONFIG_ID, EVLOG_NT_FW_CONFIG_STRING, PCR_0 },
{ SCP_BL2_IMAGE_ID, EVLOG_SCP_BL2_STRING, PCR_0 },
{ SOC_FW_CONFIG_ID, EVLOG_SOC_FW_CONFIG_STRING, PCR_0 },
{ TOS_FW_CONFIG_ID, EVLOG_TOS_FW_CONFIG_STRING, PCR_0 },
{ INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */
};