1 /*
2 * Copyright (c) 2022-2025, Arm Limited. All rights reserved.
3 * Copyright (c) 2022, Linaro.
4 *
5 * SPDX-License-Identifier: BSD-3-Clause
6 */
7
8 #include <string.h>
9
10 #include <plat/arm/common/plat_arm.h>
11
12 #include <drivers/auth/crypto_mod.h>
13 #include <drivers/measured_boot/metadata.h>
14 #include <event_measure.h>
15 #include <event_print.h>
16
17 #include "./include/imx8m_measured_boot.h"
18
19 /* Event Log data */
20 static uint8_t event_log[PLAT_IMX_EVENT_LOG_MAX_SIZE];
21 static const struct event_log_hash_info crypto_hash_info = {
22 .func = crypto_mod_calc_hash,
23 .ids = (const uint32_t[]){ CRYPTO_MD_ID },
24 .count = 1U,
25 };
26
27 /* FVP table with platform specific image IDs, names and PCRs */
28 static const event_log_metadata_t imx8m_event_log_metadata[] = {
29 { BL31_IMAGE_ID, MBOOT_BL31_IMAGE_STRING, PCR_0 },
30 { BL32_IMAGE_ID, MBOOT_BL32_IMAGE_STRING, PCR_0 },
31 { BL32_EXTRA1_IMAGE_ID, MBOOT_BL32_EXTRA1_IMAGE_STRING, PCR_0 },
32 { BL32_EXTRA2_IMAGE_ID, MBOOT_BL32_EXTRA2_IMAGE_STRING, PCR_0 },
33 { BL33_IMAGE_ID, MBOOT_BL33_IMAGE_STRING, PCR_0 },
34 { EVLOG_INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */
35 };
36
plat_mboot_measure_image(unsigned int image_id,image_info_t * image_data)37 int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data)
38 {
39 /* Calculate image hash and record data in Event Log */
40 int err = event_log_measure_and_record(image_data->image_base,
41 image_data->image_size,
42 image_id,
43 imx8m_event_log_metadata);
44 if (err != 0) {
45 ERROR("%s%s image id %u (%i)\n",
46 "Failed to ", "record", image_id, err);
47 return err;
48 }
49
50 return 0;
51 }
52
bl2_plat_mboot_init(void)53 void bl2_plat_mboot_init(void)
54 {
55 int rc = event_log_init_and_reg(
56 event_log, event_log + sizeof(event_log), &crypto_hash_info);
57 if (rc < 0) {
58 ERROR("Failed to initialize event log (%d).\n", rc);
59 panic();
60 }
61
62 rc = event_log_write_header();
63 if (rc < 0) {
64 ERROR("Failed to write event log header (%d).\n", rc);
65 panic();
66 }
67 }
68
bl2_plat_mboot_finish(void)69 void bl2_plat_mboot_finish(void)
70 {
71 int rc = 0;
72
73 /* Event Log address in Non-Secure memory */
74 uintptr_t ns_log_addr;
75
76 /* Event Log filled size */
77 size_t event_log_cur_size;
78
79 event_log_cur_size = event_log_get_cur_size(event_log);
80
81 rc = imx8m_set_nt_fw_info(event_log_cur_size, &ns_log_addr);
82 if (rc != 0) {
83 ERROR("%s(): Unable to update %s_FW_CONFIG\n",
84 __func__, "NT");
85 /*
86 * It is a fatal error because on i.MX U-boot assumes that
87 * a valid event log exists and will use it to record the
88 * measurements into the fTPM.
89 */
90 panic();
91 }
92
93 /* Copy Event Log to Non-secure memory */
94 (void)memcpy((void *)ns_log_addr, (const void *)event_log,
95 event_log_cur_size);
96
97 /* Ensure that the Event Log is visible in Non-secure memory */
98 flush_dcache_range(ns_log_addr, event_log_cur_size);
99
100 event_log_dump((uint8_t *)event_log, event_log_cur_size);
101 }
102
plat_mboot_measure_key(const void * pk_oid,const void * pk_ptr,size_t pk_len)103 int plat_mboot_measure_key(const void *pk_oid, const void *pk_ptr,
104 size_t pk_len)
105 {
106 return 0;
107 }
108