1 /* 2 * Copyright (c) 2021-2022, Arm Limited. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <stdint.h> 8 9 #include <drivers/measured_boot/event_log/event_log.h> 10 #include <tools_share/tbbr_oid.h> 11 #include <fvp_critical_data.h> 12 13 #include <plat/arm/common/plat_arm.h> 14 #include <plat/common/common_def.h> 15 16 /* Event Log data */ 17 static uint64_t event_log_base; 18 19 /* FVP table with platform specific image IDs, names and PCRs */ 20 const event_log_metadata_t fvp_event_log_metadata[] = { 21 { BL31_IMAGE_ID, EVLOG_BL31_STRING, PCR_0 }, 22 { BL32_IMAGE_ID, EVLOG_BL32_STRING, PCR_0 }, 23 { BL32_EXTRA1_IMAGE_ID, EVLOG_BL32_EXTRA1_STRING, PCR_0 }, 24 { BL32_EXTRA2_IMAGE_ID, EVLOG_BL32_EXTRA2_STRING, PCR_0 }, 25 { BL33_IMAGE_ID, EVLOG_BL33_STRING, PCR_0 }, 26 { HW_CONFIG_ID, EVLOG_HW_CONFIG_STRING, PCR_0 }, 27 { NT_FW_CONFIG_ID, EVLOG_NT_FW_CONFIG_STRING, PCR_0 }, 28 { SCP_BL2_IMAGE_ID, EVLOG_SCP_BL2_STRING, PCR_0 }, 29 { SOC_FW_CONFIG_ID, EVLOG_SOC_FW_CONFIG_STRING, PCR_0 }, 30 { TOS_FW_CONFIG_ID, EVLOG_TOS_FW_CONFIG_STRING, PCR_0 }, 31 { RMM_IMAGE_ID, EVLOG_RMM_STRING, PCR_0}, 32 33 { CRITICAL_DATA_ID, EVLOG_CRITICAL_DATA_STRING, PCR_1 }, 34 35 { EVLOG_INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */ 36 }; 37 38 void bl2_plat_mboot_init(void) 39 { 40 uint8_t *event_log_start; 41 uint8_t *event_log_finish; 42 size_t bl1_event_log_size; 43 int rc; 44 45 rc = arm_get_tb_fw_info(&event_log_base, &bl1_event_log_size); 46 if (rc != 0) { 47 ERROR("%s(): Unable to get Event Log info from TB_FW_CONFIG\n", 48 __func__); 49 /* 50 * It is a fatal error because on FVP platform, BL2 software 51 * assumes that a valid Event Log buffer exist and it will use 52 * same Event Log buffer to append image measurements. 53 */ 54 panic(); 55 } 56 57 /* 58 * BL1 and BL2 share the same Event Log buffer and that BL2 will 59 * append its measurements after BL1's 60 */ 61 event_log_start = (uint8_t *)((uintptr_t)event_log_base + 62 bl1_event_log_size); 63 event_log_finish = (uint8_t *)((uintptr_t)event_log_base + 64 PLAT_ARM_EVENT_LOG_MAX_SIZE); 65 66 event_log_init((uint8_t *)event_log_start, event_log_finish); 67 } 68 69 int plat_mboot_measure_critical_data(unsigned int critical_data_id, 70 const void *base, size_t size) 71 { 72 /* 73 * It is very unlikely that the critical data size would be 74 * bigger than 2^32 bytes 75 */ 76 assert(size < UINT32_MAX); 77 assert(base != NULL); 78 79 /* Calculate image hash and record data in Event Log */ 80 int err = event_log_measure_and_record((uintptr_t)base, (uint32_t)size, 81 critical_data_id); 82 if (err != 0) { 83 ERROR("%s%s critical data (%i)\n", 84 "Failed to ", "record", err); 85 return err; 86 } 87 88 return 0; 89 } 90 91 #if TRUSTED_BOARD_BOOT 92 static int fvp_populate_critical_data(struct fvp_critical_data *critical_data) 93 { 94 char *nv_ctr_oids[MAX_NV_CTR_IDS] = { 95 [TRUSTED_NV_CTR_ID] = TRUSTED_FW_NVCOUNTER_OID, 96 [NON_TRUSTED_NV_CTR_ID] = NON_TRUSTED_FW_NVCOUNTER_OID, 97 }; 98 99 for (int i = 0; i < MAX_NV_CTR_IDS; i++) { 100 int rc = plat_get_nv_ctr(nv_ctr_oids[i], 101 &critical_data->nv_ctr[i]); 102 if (rc != 0) { 103 return rc; 104 } 105 } 106 107 return 0; 108 } 109 #endif /* TRUSTED_BOARD_BOOT */ 110 111 static int fvp_populate_and_measure_critical_data(void) 112 { 113 int rc = 0; 114 115 /* 116 * FVP platform only measures 'platform NV-counter' and hence its 117 * measurement makes sense during Trusted-Boot flow only. 118 */ 119 #if TRUSTED_BOARD_BOOT 120 struct fvp_critical_data populate_critical_data; 121 122 rc = fvp_populate_critical_data(&populate_critical_data); 123 if (rc == 0) { 124 rc = plat_mboot_measure_critical_data(CRITICAL_DATA_ID, 125 &populate_critical_data, 126 sizeof(populate_critical_data)); 127 } 128 #endif /* TRUSTED_BOARD_BOOT */ 129 130 return rc; 131 } 132 133 void bl2_plat_mboot_finish(void) 134 { 135 int rc; 136 137 /* Event Log address in Non-Secure memory */ 138 uintptr_t ns_log_addr; 139 140 /* Event Log filled size */ 141 size_t event_log_cur_size; 142 143 rc = fvp_populate_and_measure_critical_data(); 144 if (rc != 0) { 145 panic(); 146 } 147 148 event_log_cur_size = event_log_get_cur_size((uint8_t *)event_log_base); 149 150 rc = arm_set_nt_fw_info( 151 #ifdef SPD_opteed 152 (uintptr_t)event_log_base, 153 #endif 154 event_log_cur_size, &ns_log_addr); 155 if (rc != 0) { 156 ERROR("%s(): Unable to update %s_FW_CONFIG\n", 157 __func__, "NT"); 158 /* 159 * It is a fatal error because on FVP secure world software 160 * assumes that a valid event log exists and will use it to 161 * record the measurements into the fTPM. 162 * Note: In FVP platform, OP-TEE uses nt_fw_config to get the 163 * secure Event Log buffer address. 164 */ 165 panic(); 166 } 167 168 /* Copy Event Log to Non-secure memory */ 169 (void)memcpy((void *)ns_log_addr, (const void *)event_log_base, 170 event_log_cur_size); 171 172 /* Ensure that the Event Log is visible in Non-secure memory */ 173 flush_dcache_range(ns_log_addr, event_log_cur_size); 174 175 #if defined(SPD_tspd) || defined(SPD_spmd) 176 /* Set Event Log data in TOS_FW_CONFIG */ 177 rc = arm_set_tos_fw_info((uintptr_t)event_log_base, 178 event_log_cur_size); 179 if (rc != 0) { 180 ERROR("%s(): Unable to update %s_FW_CONFIG\n", 181 __func__, "TOS"); 182 panic(); 183 } 184 #endif /* defined(SPD_tspd) || defined(SPD_spmd) */ 185 186 dump_event_log((uint8_t *)event_log_base, event_log_cur_size); 187 } 188