CTCaer/switch-l4t-atf
1
0
Fork 0
mirror of https://github.com/CTCaer/switch-l4t-atf.git synced 2024-11-24 18:29:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge "Measured Boot: add function for hash calculation" into integration

Browse Source
This commit is contained in:
Mark Dykes 2020-01-28 19:57:51 +00:00 committed by TrustedFirmware Code Review
commit b012454d82
6 changed files with 90 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Makefile
View File

@ -604,6 +604,14 @@ ifeq ($(CTX_INCLUDE_MTE_REGS),1)
endif endif
endif endif
ifeq ($(MEASURED_BOOT),1)
ifneq (${TRUSTED_BOARD_BOOT},1)
$(error MEASURED_BOOT requires TRUSTED_BOARD_BOOT=1")
else
$(info MEASURED_BOOT is an experimental feature)
endif
endif
################################################################################ ################################################################################
# Process platform overrideable behaviour # Process platform overrideable behaviour
################################################################################ ################################################################################
@ -751,6 +759,7 @@ $(eval $(call assert_boolean,GENERATE_COT))
$(eval $(call assert_boolean,GICV2_G0_FOR_EL3)) $(eval $(call assert_boolean,GICV2_G0_FOR_EL3))
$(eval $(call assert_boolean,HANDLE_EA_EL3_FIRST)) $(eval $(call assert_boolean,HANDLE_EA_EL3_FIRST))
$(eval $(call assert_boolean,HW_ASSISTED_COHERENCY)) $(eval $(call assert_boolean,HW_ASSISTED_COHERENCY))
$(eval $(call assert_boolean,MEASURED_BOOT))
$(eval $(call assert_boolean,NS_TIMER_SWITCH)) $(eval $(call assert_boolean,NS_TIMER_SWITCH))
$(eval $(call assert_boolean,OVERRIDE_LIBC)) $(eval $(call assert_boolean,OVERRIDE_LIBC))
$(eval $(call assert_boolean,PL011_GENERIC_UART)) $(eval $(call assert_boolean,PL011_GENERIC_UART))
@ -817,6 +826,7 @@ $(eval $(call add_define,GICV2_G0_FOR_EL3))
$(eval $(call add_define,HANDLE_EA_EL3_FIRST)) $(eval $(call add_define,HANDLE_EA_EL3_FIRST))
$(eval $(call add_define,HW_ASSISTED_COHERENCY)) $(eval $(call add_define,HW_ASSISTED_COHERENCY))
$(eval $(call add_define,LOG_LEVEL)) $(eval $(call add_define,LOG_LEVEL))
$(eval $(call add_define,MEASURED_BOOT))
$(eval $(call add_define,NS_TIMER_SWITCH)) $(eval $(call add_define,NS_TIMER_SWITCH))
$(eval $(call add_define,PL011_GENERIC_UART)) $(eval $(call add_define,PL011_GENERIC_UART))
$(eval $(call add_define,PLAT_${PLAT})) $(eval $(call add_define,PLAT_${PLAT}))

5
docs/getting_started/build-options.rst
View File

@ -387,6 +387,11 @@ Common build options
All log output up to and including the selected log level is compiled into All log output up to and including the selected log level is compiled into
the build. The default value is 40 in debug builds and 20 in release builds. the build. The default value is 40 in debug builds and 20 in release builds.
- ``MEASURED_BOOT``: Boolean flag to include support for the Measured Boot
feature. If this flag is enabled ``TRUSTED_BOARD_BOOT`` must be set.
This option defaults to 0 and is an experimental feature in the stage of
development.
- ``NON_TRUSTED_WORLD_KEY``: This option is used when ``GENERATE_COT=1``. It - ``NON_TRUSTED_WORLD_KEY``: This option is used when ``GENERATE_COT=1``. It
specifies the file that contains the Non-Trusted World private key in PEM specifies the file that contains the Non-Trusted World private key in PEM
format. If ``SAVE_KEYS=1``, this file name will be used to save the key. format. If ``SAVE_KEYS=1``, this file name will be used to save the key.

23
drivers/auth/crypto_mod.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved. * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
* *
* SPDX-License-Identifier: BSD-3-Clause * SPDX-License-Identifier: BSD-3-Clause
*/ */
@ -103,3 +103,24 @@ int crypto_mod_verify_hash(void *data_ptr, unsigned int data_len,
return crypto_lib_desc.verify_hash(data_ptr, data_len, return crypto_lib_desc.verify_hash(data_ptr, data_len,
digest_info_ptr, digest_info_len); digest_info_ptr, digest_info_len);
} }
#if MEASURED_BOOT
/*
* Calculate a hash
*
* Parameters:
*
* alg: message digest algorithm
* data_ptr, data_len: data to be hashed
* output: resulting hash
*/
int crypto_mod_calc_hash(unsigned int alg, void *data_ptr,
unsigned int data_len, unsigned char *output)
{
assert(data_ptr != NULL);
assert(data_len != 0);
assert(output != NULL);
return crypto_lib_desc.calc_hash(alg, data_ptr, data_len, output);
}
#endif /* MEASURED_BOOT */

27
drivers/auth/mbedtls/mbedtls_crypto.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
* *
* SPDX-License-Identifier: BSD-3-Clause * SPDX-License-Identifier: BSD-3-Clause
*/ */
@ -205,7 +205,32 @@ static int verify_hash(void *data_ptr, unsigned int data_len,
return CRYPTO_SUCCESS; return CRYPTO_SUCCESS;
} }
#if MEASURED_BOOT
/*
* Calculate a hash
*
* output points to the computed hash
*/
int calc_hash(unsigned int alg, void *data_ptr,
unsigned int data_len, unsigned char *output)
{
const mbedtls_md_info_t *md_info;
md_info = mbedtls_md_info_from_type((mbedtls_md_type_t)alg);
if (md_info == NULL) {
return CRYPTO_ERR_HASH;
}
/* Calculate the hash of the data */
return mbedtls_md(md_info, data_ptr, data_len, output);
}
#endif /* MEASURED_BOOT */
/* /*
* Register crypto library descriptor * Register crypto library descriptor
*/ */
#if MEASURED_BOOT
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash);
#else
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash); REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash);
#endif /* MEASURED_BOOT */

24
include/drivers/auth/crypto_mod.h
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved. * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
* *
* SPDX-License-Identifier: BSD-3-Clause * SPDX-License-Identifier: BSD-3-Clause
*/ */
@ -37,6 +37,13 @@ typedef struct crypto_lib_desc_s {
/* Verify a hash. Return one of the 'enum crypto_ret_value' options */ /* Verify a hash. Return one of the 'enum crypto_ret_value' options */
int (*verify_hash)(void *data_ptr, unsigned int data_len, int (*verify_hash)(void *data_ptr, unsigned int data_len,
void *digest_info_ptr, unsigned int digest_info_len); void *digest_info_ptr, unsigned int digest_info_len);
#if MEASURED_BOOT
/* Calculate a hash. Return hash value */
int (*calc_hash)(unsigned int alg, void *data_ptr,
unsigned int data_len, unsigned char *output);
#endif /* MEASURED_BOOT */
} crypto_lib_desc_t; } crypto_lib_desc_t;
/* Public functions */ /* Public functions */
@ -48,7 +55,21 @@ int crypto_mod_verify_signature(void *data_ptr, unsigned int data_len,
int crypto_mod_verify_hash(void *data_ptr, unsigned int data_len, int crypto_mod_verify_hash(void *data_ptr, unsigned int data_len,
void *digest_info_ptr, unsigned int digest_info_len); void *digest_info_ptr, unsigned int digest_info_len);
#if MEASURED_BOOT
int crypto_mod_calc_hash(unsigned int alg, void *data_ptr,
unsigned int data_len, unsigned char *output);
/* Macro to register a cryptographic library */ /* Macro to register a cryptographic library */
#define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash, \
_calc_hash) \
const crypto_lib_desc_t crypto_lib_desc = { \
.name = _name, \
.init = _init, \
.verify_signature = _verify_signature, \
.verify_hash = _verify_hash, \
.calc_hash = _calc_hash \
}
#else
#define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash) \ #define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash) \
const crypto_lib_desc_t crypto_lib_desc = { \ const crypto_lib_desc_t crypto_lib_desc = { \
.name = _name, \ .name = _name, \
@ -56,6 +77,7 @@ int crypto_mod_verify_hash(void *data_ptr, unsigned int data_len,
.verify_signature = _verify_signature, \ .verify_signature = _verify_signature, \
.verify_hash = _verify_hash \ .verify_hash = _verify_hash \
} }
#endif /* MEASURED_BOOT */
extern const crypto_lib_desc_t crypto_lib_desc; extern const crypto_lib_desc_t crypto_lib_desc;

5
make_helpers/defaults.mk
View File

@ -1,5 +1,5 @@
# #
# Copyright (c) 2016-2019, ARM Limited and Contributors. All rights reserved. # Copyright (c) 2016-2020, ARM Limited and Contributors. All rights reserved.
# #
# SPDX-License-Identifier: BSD-3-Clause # SPDX-License-Identifier: BSD-3-Clause
# #
@ -139,6 +139,9 @@ HW_ASSISTED_COHERENCY := 0
# Set the default algorithm for the generation of Trusted Board Boot keys # Set the default algorithm for the generation of Trusted Board Boot keys
KEY_ALG := rsa KEY_ALG := rsa
# Option to build TF with Measured Boot support
MEASURED_BOOT := 0
# NS timer register save and restore # NS timer register save and restore
NS_TIMER_SWITCH := 0 NS_TIMER_SWITCH := 0