1 /* 2 * Copyright (c) 2022-2025, Arm Limited. All rights reserved. 3 * Copyright (c) 2022, Linaro. 4 * 5 * SPDX-License-Identifier: BSD-3-Clause 6 */ 7 8 #include <string.h> 9 10 #include <plat/arm/common/plat_arm.h> 11 12 #include <common/measured_boot.h> 13 #include <drivers/auth/crypto_mod.h> 14 #include <drivers/measured_boot/metadata.h> 15 #include <event_measure.h> 16 #include <event_print.h> 17 18 #include "./include/imx8m_measured_boot.h" 19 20 /* Event Log data */ 21 static uint8_t event_log[PLAT_IMX_EVENT_LOG_MAX_SIZE]; 22 23 /* FVP table with platform specific image IDs, names and PCRs */ 24 static const event_log_metadata_t imx8m_event_log_metadata[] = { 25 { BL31_IMAGE_ID, MBOOT_BL31_IMAGE_STRING, PCR_0 }, 26 { BL32_IMAGE_ID, MBOOT_BL32_IMAGE_STRING, PCR_0 }, 27 { BL32_EXTRA1_IMAGE_ID, MBOOT_BL32_EXTRA1_IMAGE_STRING, PCR_0 }, 28 { BL32_EXTRA2_IMAGE_ID, MBOOT_BL32_EXTRA2_IMAGE_STRING, PCR_0 }, 29 { BL33_IMAGE_ID, MBOOT_BL33_IMAGE_STRING, PCR_0 }, 30 { EVLOG_INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */ 31 }; 32 33 int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data) 34 { 35 const event_log_metadata_t *metadata_ptr; 36 int err; 37 38 metadata_ptr = mboot_find_event_log_metadata(imx8m_event_log_metadata, 39 image_id); 40 if (metadata_ptr == NULL) { 41 ERROR("Unable to find metadata for image %u.\n", image_id); 42 return -1; 43 } 44 45 /* Calculate image hash and record data in Event Log */ 46 err = event_log_measure_and_record(metadata_ptr->pcr, 47 image_data->image_base, 48 image_data->image_size, 49 metadata_ptr->name, 50 strlen(metadata_ptr->name) + 1U); 51 if (err != 0) { 52 ERROR("%s%s image id %u (%i)\n", 53 "Failed to ", "record", image_id, err); 54 return err; 55 } 56 57 return 0; 58 } 59 60 void bl2_plat_mboot_init(void) 61 { 62 int rc; 63 tpm_alg_id algos[] = { 64 #ifdef TPM_ALG_ID 65 TPM_ALG_ID, 66 #else 67 /* 68 * TODO: with MEASURED_BOOT=1 several algorithms are now compiled into 69 * Mbed-TLS, we ought to query the backend to figure out what algorithms 70 * to use. 71 */ 72 TPM_ALG_SHA256, 73 TPM_ALG_SHA384, 74 TPM_ALG_SHA512, 75 #endif 76 }; 77 78 rc = event_log_init_and_reg(event_log, event_log + sizeof(event_log), 79 0U, crypto_mod_tcg_hash); 80 if (rc < 0) { 81 ERROR("Failed to initialize event log (%d).\n", rc); 82 panic(); 83 } 84 85 rc = event_log_write_header(algos, ARRAY_SIZE(algos), 0, NULL, 0); 86 if (rc < 0) { 87 ERROR("Failed to write event log header (%d).\n", rc); 88 panic(); 89 } 90 } 91 92 void bl2_plat_mboot_finish(void) 93 { 94 int rc = 0; 95 96 /* Event Log address in Non-Secure memory */ 97 uintptr_t ns_log_addr; 98 99 /* Event Log filled size */ 100 size_t event_log_cur_size; 101 102 event_log_cur_size = event_log_get_cur_size(event_log); 103 104 rc = imx8m_set_nt_fw_info(event_log_cur_size, &ns_log_addr); 105 if (rc != 0) { 106 ERROR("%s(): Unable to update %s_FW_CONFIG\n", 107 __func__, "NT"); 108 /* 109 * It is a fatal error because on i.MX U-boot assumes that 110 * a valid event log exists and will use it to record the 111 * measurements into the fTPM. 112 */ 113 panic(); 114 } 115 116 /* Copy Event Log to Non-secure memory */ 117 (void)memcpy((void *)ns_log_addr, (const void *)event_log, 118 event_log_cur_size); 119 120 /* Ensure that the Event Log is visible in Non-secure memory */ 121 flush_dcache_range(ns_log_addr, event_log_cur_size); 122 123 event_log_dump((uint8_t *)event_log, event_log_cur_size); 124 } 125 126 int plat_mboot_measure_key(const void *pk_oid, const void *pk_ptr, 127 size_t pk_len) 128 { 129 return 0; 130 } 131