1c4c9e2bcSAbhi Singh /* 2c4c9e2bcSAbhi Singh * Copyright (c) 2025, Arm Limited. All rights reserved. 3c4c9e2bcSAbhi Singh * 4c4c9e2bcSAbhi Singh * SPDX-License-Identifier: BSD-3-Clause 5c4c9e2bcSAbhi Singh */ 6c4c9e2bcSAbhi Singh 7c4c9e2bcSAbhi Singh #include <assert.h> 8c4c9e2bcSAbhi Singh #include <stdarg.h> 9c4c9e2bcSAbhi Singh #include <stdint.h> 10c4c9e2bcSAbhi Singh 11*b67e9846SHarrison Mutai #include <plat/common/common_def.h> 12*b67e9846SHarrison Mutai #include <plat/common/platform.h> 13*b67e9846SHarrison Mutai #include <platform_def.h> 14c4c9e2bcSAbhi Singh 15c4c9e2bcSAbhi Singh #include <drivers/auth/crypto_mod.h> 164f9894dbSAbhi Singh #include <drivers/gpio_spi.h> 17c4c9e2bcSAbhi Singh #include <drivers/measured_boot/metadata.h> 184f9894dbSAbhi Singh #include <drivers/tpm/tpm2.h> 194f9894dbSAbhi Singh #include <drivers/tpm/tpm2_chip.h> 204f9894dbSAbhi Singh #include <drivers/tpm/tpm2_slb9670/slb9670_gpio.h> 21*b67e9846SHarrison Mutai #include <event_measure.h> 22*b67e9846SHarrison Mutai #include <event_print.h> 23c4c9e2bcSAbhi Singh #include <tools_share/tbbr_oid.h> 24c4c9e2bcSAbhi Singh 25*b67e9846SHarrison Mutai #include "./include/rpi3_measured_boot.h" 26*b67e9846SHarrison Mutai 27c4c9e2bcSAbhi Singh /* RPI3 table with platform specific image IDs, names and PCRs */ 28c4c9e2bcSAbhi Singh const event_log_metadata_t rpi3_event_log_metadata[] = { 29c4c9e2bcSAbhi Singh { BL31_IMAGE_ID, MBOOT_BL31_IMAGE_STRING, PCR_0 }, 30c4c9e2bcSAbhi Singh { BL33_IMAGE_ID, MBOOT_BL33_IMAGE_STRING, PCR_0 }, 31c4c9e2bcSAbhi Singh { NT_FW_CONFIG_ID, MBOOT_NT_FW_CONFIG_STRING, PCR_0 }, 32c4c9e2bcSAbhi Singh 33c4c9e2bcSAbhi Singh { EVLOG_INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */ 34c4c9e2bcSAbhi Singh }; 35c4c9e2bcSAbhi Singh 36*b67e9846SHarrison Mutai static const struct event_log_hash_info crypto_hash_info = { 37*b67e9846SHarrison Mutai .func = crypto_mod_calc_hash, 38*b67e9846SHarrison Mutai .ids = (const uint32_t[]){ CRYPTO_MD_ID }, 39*b67e9846SHarrison Mutai .count = 1U, 40*b67e9846SHarrison Mutai }; 41*b67e9846SHarrison Mutai 424f9894dbSAbhi Singh #if DISCRETE_TPM 434f9894dbSAbhi Singh extern struct tpm_chip_data tpm_chip_data; 444f9894dbSAbhi Singh #if (TPM_INTERFACE == FIFO_SPI) 454f9894dbSAbhi Singh extern struct gpio_spi_data tpm_rpi3_gpio_data; 464f9894dbSAbhi Singh struct spi_plat *spidev; 474f9894dbSAbhi Singh #endif 484f9894dbSAbhi Singh 494f9894dbSAbhi Singh static void rpi3_bl2_tpm_early_interface_setup(void) 504f9894dbSAbhi Singh { 514f9894dbSAbhi Singh #if (TPM_INTERFACE == FIFO_SPI) 524f9894dbSAbhi Singh tpm2_slb9670_gpio_init(&tpm_rpi3_gpio_data); 534f9894dbSAbhi Singh 544f9894dbSAbhi Singh spidev = gpio_spi_init(&tpm_rpi3_gpio_data); 554f9894dbSAbhi Singh #endif 564f9894dbSAbhi Singh } 574f9894dbSAbhi Singh #endif 584f9894dbSAbhi Singh 59c4c9e2bcSAbhi Singh static uint8_t *event_log_start; 60c4c9e2bcSAbhi Singh static size_t event_log_size; 61c4c9e2bcSAbhi Singh 62c4c9e2bcSAbhi Singh void bl2_plat_mboot_init(void) 63c4c9e2bcSAbhi Singh { 64c4c9e2bcSAbhi Singh uint8_t *bl2_event_log_start; 65c4c9e2bcSAbhi Singh uint8_t *bl2_event_log_finish; 664f9894dbSAbhi Singh int rc; 674f9894dbSAbhi Singh 68*b67e9846SHarrison Mutai #if DISCRETE_TPM 694f9894dbSAbhi Singh rpi3_bl2_tpm_early_interface_setup(); 704f9894dbSAbhi Singh rc = tpm_interface_init(&tpm_chip_data, 0); 714f9894dbSAbhi Singh if (rc != 0) { 724f9894dbSAbhi Singh ERROR("BL2: TPM interface init failed\n"); 734f9894dbSAbhi Singh panic(); 744f9894dbSAbhi Singh } 754f9894dbSAbhi Singh #endif 764f9894dbSAbhi Singh 77c4c9e2bcSAbhi Singh rpi3_mboot_fetch_eventlog_info(&event_log_start, &event_log_size); 78c4c9e2bcSAbhi Singh bl2_event_log_start = event_log_start + event_log_size; 79c4c9e2bcSAbhi Singh bl2_event_log_finish = event_log_start + PLAT_ARM_EVENT_LOG_MAX_SIZE; 80*b67e9846SHarrison Mutai 81*b67e9846SHarrison Mutai rc = event_log_init_and_reg(bl2_event_log_start, bl2_event_log_finish, 82*b67e9846SHarrison Mutai &crypto_hash_info); 83*b67e9846SHarrison Mutai if (rc < 0) { 84*b67e9846SHarrison Mutai ERROR("Failed to initialize event log (%d).\n", rc); 85*b67e9846SHarrison Mutai panic(); 86*b67e9846SHarrison Mutai } 87c4c9e2bcSAbhi Singh } 88c4c9e2bcSAbhi Singh 89c4c9e2bcSAbhi Singh void bl2_plat_mboot_finish(void) 90c4c9e2bcSAbhi Singh { 916dfcf4e1SAbhi Singh int rc; 926dfcf4e1SAbhi Singh 936dfcf4e1SAbhi Singh /* Event Log address in Non-Secure memory */ 946dfcf4e1SAbhi Singh uintptr_t ns_log_addr; 956dfcf4e1SAbhi Singh 96c4c9e2bcSAbhi Singh /* Event Log filled size */ 97c4c9e2bcSAbhi Singh size_t event_log_cur_size; 98c4c9e2bcSAbhi Singh 99c4c9e2bcSAbhi Singh event_log_cur_size = event_log_get_cur_size((uint8_t *)event_log_start); 100c4c9e2bcSAbhi Singh 1016dfcf4e1SAbhi Singh /* write the eventlog addr and size to NT_FW_CONFIG TPM entry */ 1026dfcf4e1SAbhi Singh rc = rpi3_set_nt_fw_info(event_log_cur_size, &ns_log_addr); 1036dfcf4e1SAbhi Singh if (rc != 0) { 1046dfcf4e1SAbhi Singh ERROR("%s(): Unable to update %s_FW_CONFIG\n", 1056dfcf4e1SAbhi Singh __func__, "NT"); 1066dfcf4e1SAbhi Singh /* 1076dfcf4e1SAbhi Singh * fatal error due to Bl33 maintaining the assumption 1086dfcf4e1SAbhi Singh * that the eventlog is successfully passed via 1096dfcf4e1SAbhi Singh * NT_FW_CONFIG. 1106dfcf4e1SAbhi Singh */ 1116dfcf4e1SAbhi Singh panic(); 1126dfcf4e1SAbhi Singh } 1136dfcf4e1SAbhi Singh 1146dfcf4e1SAbhi Singh /* Copy Event Log to Non-secure memory */ 1156dfcf4e1SAbhi Singh (void)memcpy((void *)ns_log_addr, (const void *)event_log_start, 1166dfcf4e1SAbhi Singh event_log_cur_size); 1176dfcf4e1SAbhi Singh 1186dfcf4e1SAbhi Singh /* Ensure that the Event Log is visible in Non-secure memory */ 1196dfcf4e1SAbhi Singh flush_dcache_range(ns_log_addr, event_log_cur_size); 1206dfcf4e1SAbhi Singh 121c4c9e2bcSAbhi Singh /* Dump Event Log for user view */ 122126f278fSHarrison Mutai event_log_dump((uint8_t *)event_log_start, event_log_cur_size); 1234f9894dbSAbhi Singh 1244f9894dbSAbhi Singh #if DISCRETE_TPM 1254f9894dbSAbhi Singh /* relinquish control of TPM locality 0 and close interface */ 1264f9894dbSAbhi Singh rc = tpm_interface_close(&tpm_chip_data, 0); 1274f9894dbSAbhi Singh if (rc != 0) { 1284f9894dbSAbhi Singh ERROR("BL2: TPM interface close failed\n"); 1294f9894dbSAbhi Singh panic(); 1304f9894dbSAbhi Singh } 1314f9894dbSAbhi Singh #endif 132c4c9e2bcSAbhi Singh } 133c4c9e2bcSAbhi Singh 134c4c9e2bcSAbhi Singh int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data) 135c4c9e2bcSAbhi Singh { 136c4c9e2bcSAbhi Singh int rc = 0; 137c4c9e2bcSAbhi Singh 138c4c9e2bcSAbhi Singh unsigned char hash_data[CRYPTO_MD_MAX_SIZE]; 139c4c9e2bcSAbhi Singh const event_log_metadata_t *metadata_ptr = rpi3_event_log_metadata; 140c4c9e2bcSAbhi Singh 141c4c9e2bcSAbhi Singh /* Measure the payload with algorithm selected by EventLog driver */ 142c4c9e2bcSAbhi Singh rc = event_log_measure(image_data->image_base, image_data->image_size, hash_data); 143c4c9e2bcSAbhi Singh if (rc != 0) { 144c4c9e2bcSAbhi Singh return rc; 145c4c9e2bcSAbhi Singh } 146c4c9e2bcSAbhi Singh 1474f9894dbSAbhi Singh #if DISCRETE_TPM 1484f9894dbSAbhi Singh rc = tpm_pcr_extend(&tpm_chip_data, 0, TPM_ALG_ID, hash_data, TCG_DIGEST_SIZE); 1494f9894dbSAbhi Singh if (rc != 0) { 1504f9894dbSAbhi Singh ERROR("BL2: TPM PCR-0 extend failed\n"); 1514f9894dbSAbhi Singh panic(); 1524f9894dbSAbhi Singh } 1534f9894dbSAbhi Singh #endif 1544f9894dbSAbhi Singh 155c4c9e2bcSAbhi Singh while ((metadata_ptr->id != EVLOG_INVALID_ID) && 156c4c9e2bcSAbhi Singh (metadata_ptr->id != image_id)) { 157c4c9e2bcSAbhi Singh metadata_ptr++; 158c4c9e2bcSAbhi Singh } 159c4c9e2bcSAbhi Singh assert(metadata_ptr->id != EVLOG_INVALID_ID); 160c4c9e2bcSAbhi Singh 161c4c9e2bcSAbhi Singh event_log_record(hash_data, EV_POST_CODE, metadata_ptr); 162c4c9e2bcSAbhi Singh 163c4c9e2bcSAbhi Singh return rc; 164c4c9e2bcSAbhi Singh } 165