1 /* 2 * Copyright (c) 2025, Arm Limited. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <assert.h> 8 #include <stdarg.h> 9 #include <stdint.h> 10 11 #include <plat/arm/common/plat_arm.h> 12 #include <plat/common/platform.h> 13 #include <platform_def.h> 14 15 #include <tpm2.h> 16 #include <tpm2_chip.h> 17 18 #include <common/desc_image_load.h> 19 #include <common/ep_info.h> 20 #include <drivers/auth/crypto_mod.h> 21 #include <drivers/delay_timer.h> 22 #include <drivers/gpio_spi.h> 23 #include <drivers/measured_boot/metadata.h> 24 #include <drivers/tpm/tpm2_slb9670/slb9670_gpio.h> 25 #include <event_measure.h> 26 #include <event_print.h> 27 #include <rpi_shared.h> 28 29 /* Event Log data */ 30 uint8_t event_log[PLAT_ARM_EVENT_LOG_MAX_SIZE]; 31 32 /* RPI3 table with platform specific image IDs, names and PCRs */ 33 const event_log_metadata_t rpi3_event_log_metadata[] = { 34 { FW_CONFIG_ID, MBOOT_FW_CONFIG_STRING, PCR_0 }, 35 { TB_FW_CONFIG_ID, MBOOT_TB_FW_CONFIG_STRING, PCR_0 }, 36 { BL2_IMAGE_ID, MBOOT_BL2_IMAGE_STRING, PCR_0 }, 37 38 { EVLOG_INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */ 39 }; 40 41 #if DISCRETE_TPM 42 extern struct tpm_chip_data tpm_chip_data; 43 #if (TPM_INTERFACE == FIFO_SPI) 44 45 #endif 46 47 static void rpi3_bl1_tpm_early_interface_setup(void) 48 { 49 #if TPM_INTERFACE_FIFO_SPI 50 int rc; 51 struct spi_plat *spidev; 52 const struct tpm_timeout_ops timeout_ops = { 53 .timeout_init_us = timeout_init_us, 54 .timeout_elapsed = timeout_elapsed 55 }; 56 const struct gpio_spi_config *tpm_rpi3_gpio_data = 57 tpm2_slb9670_get_config(); 58 59 tpm2_slb9670_gpio_init(tpm_rpi3_gpio_data); 60 61 tpm2_slb9670_reset_chip(tpm_rpi3_gpio_data); 62 63 spidev = gpio_spi_init(tpm_rpi3_gpio_data); 64 65 rc = tpm_interface_init(spidev, &timeout_ops, &tpm_chip_data, 0); 66 if (rc != 0) { 67 ERROR("BL1: TPM interface init failed\n"); 68 panic(); 69 } 70 71 #endif 72 } 73 #endif 74 75 void bl1_plat_mboot_init(void) 76 { 77 tpm_alg_id algorithms[] = { 78 #ifdef TPM_ALG_ID 79 TPM_ALG_ID 80 #else 81 /* 82 * TODO: with MEASURED_BOOT=1 several algorithms now compiled into Mbed-TLS, 83 * we ought to query the backend to figure out what algorithms to use. 84 */ 85 TPM_ALG_SHA256, 86 TPM_ALG_SHA384, 87 TPM_ALG_SHA512, 88 #endif 89 }; 90 int rc; 91 92 #if DISCRETE_TPM 93 94 rpi3_bl1_tpm_early_interface_setup(); 95 rc = tpm_startup(&tpm_chip_data, TPM_SU_CLEAR); 96 if (rc != 0) { 97 ERROR("BL1: TPM Startup failed\n"); 98 panic(); 99 } 100 #endif 101 102 rc = event_log_init_and_reg(event_log, event_log + sizeof(event_log), 103 0U, crypto_mod_tcg_hash); 104 if (rc < 0) { 105 ERROR("Failed to initialize event log (%d).\n", rc); 106 panic(); 107 } 108 109 rc = event_log_write_header(algorithms, ARRAY_SIZE(algorithms), 0, NULL, 110 0); 111 if (rc < 0) { 112 ERROR("Failed to write event log header (%d).\n", rc); 113 panic(); 114 } 115 } 116 117 void bl1_plat_mboot_finish(void) 118 { 119 size_t event_log_cur_size; 120 image_desc_t *image_desc; 121 entry_point_info_t *ep_info; 122 123 event_log_cur_size = event_log_get_cur_size(event_log); 124 image_desc = bl1_plat_get_image_desc(BL2_IMAGE_ID); 125 assert(image_desc != NULL); 126 127 /* Get the entry point info */ 128 ep_info = &image_desc->ep_info; 129 ep_info->args.arg2 = (uint64_t) event_log; 130 ep_info->args.arg3 = (uint32_t) event_log_cur_size; 131 132 #if DISCRETE_TPM 133 int rc; 134 135 /* relinquish control of TPM locality 0 and close interface */ 136 rc = tpm_interface_close(&tpm_chip_data, 0); 137 if (rc != 0) { 138 ERROR("BL1: TPM interface close failed\n"); 139 panic(); 140 } 141 #endif 142 143 /* Dump Event Log for user view */ 144 event_log_dump((uint8_t *)event_log, event_log_get_cur_size(event_log)); 145 } 146