1 /*
2 * Copyright (c) 2022-2025, Arm Limited. All rights reserved.
3 * Copyright (c) 2022, Linaro.
4 *
5 * SPDX-License-Identifier: BSD-3-Clause
6 */
7
8 #include <string.h>
9
10 #include <plat/arm/common/plat_arm.h>
11
12 #include <common/measured_boot.h>
13 #include <drivers/auth/crypto_mod.h>
14 #include <drivers/measured_boot/metadata.h>
15 #include <event_measure.h>
16 #include <event_print.h>
17
18 #include "./include/imx8m_measured_boot.h"
19
20 /* Event Log data */
21 static uint8_t event_log[PLAT_IMX_EVENT_LOG_MAX_SIZE];
22
23 /* FVP table with platform specific image IDs, names and PCRs */
24 static const event_log_metadata_t imx8m_event_log_metadata[] = {
25 { BL31_IMAGE_ID, MBOOT_BL31_IMAGE_STRING, PCR_0 },
26 { BL32_IMAGE_ID, MBOOT_BL32_IMAGE_STRING, PCR_0 },
27 { BL32_EXTRA1_IMAGE_ID, MBOOT_BL32_EXTRA1_IMAGE_STRING, PCR_0 },
28 { BL32_EXTRA2_IMAGE_ID, MBOOT_BL32_EXTRA2_IMAGE_STRING, PCR_0 },
29 { BL33_IMAGE_ID, MBOOT_BL33_IMAGE_STRING, PCR_0 },
30 { EVLOG_INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */
31 };
32
plat_mboot_measure_image(unsigned int image_id,image_info_t * image_data)33 int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data)
34 {
35 const event_log_metadata_t *metadata_ptr;
36 int err;
37
38 metadata_ptr = mboot_find_event_log_metadata(imx8m_event_log_metadata,
39 image_id);
40 if (metadata_ptr == NULL) {
41 ERROR("Unable to find metadata for image %u.\n", image_id);
42 return -1;
43 }
44
45 /* Calculate image hash and record data in Event Log */
46 err = event_log_measure_and_record(metadata_ptr->pcr,
47 image_data->image_base,
48 image_data->image_size,
49 metadata_ptr->name,
50 strlen(metadata_ptr->name) + 1U);
51 if (err != 0) {
52 ERROR("%s%s image id %u (%i)\n",
53 "Failed to ", "record", image_id, err);
54 return err;
55 }
56
57 return 0;
58 }
59
bl2_plat_mboot_init(void)60 void bl2_plat_mboot_init(void)
61 {
62 int rc;
63 tpm_alg_id algos[] = {
64 #ifdef TPM_ALG_ID
65 TPM_ALG_ID,
66 #else
67 /*
68 * TODO: with MEASURED_BOOT=1 several algorithms are now compiled into
69 * Mbed-TLS, we ought to query the backend to figure out what algorithms
70 * to use.
71 */
72 TPM_ALG_SHA256,
73 TPM_ALG_SHA384,
74 TPM_ALG_SHA512,
75 #endif
76 };
77
78 rc = event_log_init_and_reg(event_log, event_log + sizeof(event_log),
79 0U, crypto_mod_tcg_hash);
80 if (rc < 0) {
81 ERROR("Failed to initialize event log (%d).\n", rc);
82 panic();
83 }
84
85 rc = event_log_write_header(algos, ARRAY_SIZE(algos), 0, NULL, 0);
86 if (rc < 0) {
87 ERROR("Failed to write event log header (%d).\n", rc);
88 panic();
89 }
90 }
91
bl2_plat_mboot_finish(void)92 void bl2_plat_mboot_finish(void)
93 {
94 int rc = 0;
95
96 /* Event Log address in Non-Secure memory */
97 uintptr_t ns_log_addr;
98
99 /* Event Log filled size */
100 size_t event_log_cur_size;
101
102 event_log_cur_size = event_log_get_cur_size(event_log);
103
104 rc = imx8m_set_nt_fw_info(event_log_cur_size, &ns_log_addr);
105 if (rc != 0) {
106 ERROR("%s(): Unable to update %s_FW_CONFIG\n",
107 __func__, "NT");
108 /*
109 * It is a fatal error because on i.MX U-boot assumes that
110 * a valid event log exists and will use it to record the
111 * measurements into the fTPM.
112 */
113 panic();
114 }
115
116 /* Copy Event Log to Non-secure memory */
117 (void)memcpy((void *)ns_log_addr, (const void *)event_log,
118 event_log_cur_size);
119
120 /* Ensure that the Event Log is visible in Non-secure memory */
121 flush_dcache_range(ns_log_addr, event_log_cur_size);
122
123 event_log_dump((uint8_t *)event_log, event_log_cur_size);
124 }
125
plat_mboot_measure_key(const void * pk_oid,const void * pk_ptr,size_t pk_len)126 int plat_mboot_measure_key(const void *pk_oid, const void *pk_ptr,
127 size_t pk_len)
128 {
129 return 0;
130 }
131