1*0087b24fSHarrison Mutai /* 2*0087b24fSHarrison Mutai * Copyright (c) 2025, Arm Limited. All rights reserved. 3*0087b24fSHarrison Mutai * 4*0087b24fSHarrison Mutai * SPDX-License-Identifier: BSD-3-Clause 5*0087b24fSHarrison Mutai */ 6*0087b24fSHarrison Mutai 7*0087b24fSHarrison Mutai #include <assert.h> 8*0087b24fSHarrison Mutai #include <stdarg.h> 9*0087b24fSHarrison Mutai #include <stdint.h> 10*0087b24fSHarrison Mutai 11*0087b24fSHarrison Mutai #include <plat/common/common_def.h> 12*0087b24fSHarrison Mutai #include <plat/common/platform.h> 13*0087b24fSHarrison Mutai #include <platform_def.h> 14*0087b24fSHarrison Mutai 15*0087b24fSHarrison Mutai #include <tpm2.h> 16*0087b24fSHarrison Mutai #include <event_measure.h> 17*0087b24fSHarrison Mutai #include <event_print.h> 18*0087b24fSHarrison Mutai #include <rpi3_measured_boot.h> 19*0087b24fSHarrison Mutai 20*0087b24fSHarrison Mutai /* RPI3 table with platform specific image IDs, names and PCRs */ 21*0087b24fSHarrison Mutai extern const event_log_metadata_t rpi3_event_log_metadata[]; 22*0087b24fSHarrison Mutai 23*0087b24fSHarrison Mutai #if DISCRETE_TPM 24*0087b24fSHarrison Mutai extern struct tpm_chip_data tpm_chip_data; 25*0087b24fSHarrison Mutai #endif 26*0087b24fSHarrison Mutai 27*0087b24fSHarrison Mutai int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data) 28*0087b24fSHarrison Mutai { 29*0087b24fSHarrison Mutai int rc = 0; 30*0087b24fSHarrison Mutai const event_log_metadata_t *metadata_ptr; 31*0087b24fSHarrison Mutai uint8_t digest_buf[MAX_TPML_BUFFER_SIZE] __unused; 32*0087b24fSHarrison Mutai size_t digest_size __unused; 33*0087b24fSHarrison Mutai tpmt_ha *digest __unused; 34*0087b24fSHarrison Mutai 35*0087b24fSHarrison Mutai metadata_ptr = mboot_find_event_log_metadata(rpi3_event_log_metadata, 36*0087b24fSHarrison Mutai image_id); 37*0087b24fSHarrison Mutai if (metadata_ptr == NULL) { 38*0087b24fSHarrison Mutai ERROR("Unable to find metadata for image %u.\n", image_id); 39*0087b24fSHarrison Mutai return -1; 40*0087b24fSHarrison Mutai } 41*0087b24fSHarrison Mutai 42*0087b24fSHarrison Mutai #if !DISCRETE_TPM 43*0087b24fSHarrison Mutai /* Calculate image hash and record data in Event Log */ 44*0087b24fSHarrison Mutai rc = event_log_measure_and_record(metadata_ptr->pcr, 45*0087b24fSHarrison Mutai image_data->image_base, 46*0087b24fSHarrison Mutai image_data->image_size, 47*0087b24fSHarrison Mutai metadata_ptr->name, 48*0087b24fSHarrison Mutai strlen(metadata_ptr->name) + 1U); 49*0087b24fSHarrison Mutai if (rc != 0) { 50*0087b24fSHarrison Mutai ERROR("Image measurement and recording failed (%d).\n", rc); 51*0087b24fSHarrison Mutai return rc; 52*0087b24fSHarrison Mutai } 53*0087b24fSHarrison Mutai #else 54*0087b24fSHarrison Mutai /* Calculate image hash and record data in Event Log */ 55*0087b24fSHarrison Mutai rc = event_log_measure(image_data->image_base, image_data->image_size, 56*0087b24fSHarrison Mutai digest_buf, sizeof(digest_buf)); 57*0087b24fSHarrison Mutai if (rc != 0) { 58*0087b24fSHarrison Mutai ERROR("Image measurement failed (%d).\n", rc); 59*0087b24fSHarrison Mutai return rc; 60*0087b24fSHarrison Mutai } 61*0087b24fSHarrison Mutai 62*0087b24fSHarrison Mutai /* Extend measurement to Event Log. */ 63*0087b24fSHarrison Mutai rc = event_log_write_pcr_event2(metadata_ptr->pcr, EV_POST_CODE, 64*0087b24fSHarrison Mutai (const tpml_digest_values *)digest_buf, 65*0087b24fSHarrison Mutai (const uint8_t *)metadata_ptr->name, 66*0087b24fSHarrison Mutai strlen(metadata_ptr->name) + 1); 67*0087b24fSHarrison Mutai if (rc != 0) { 68*0087b24fSHarrison Mutai ERROR("Failed to record image measurement to event log (%d).\n", 69*0087b24fSHarrison Mutai rc); 70*0087b24fSHarrison Mutai return rc; 71*0087b24fSHarrison Mutai } 72*0087b24fSHarrison Mutai 73*0087b24fSHarrison Mutai /* 74*0087b24fSHarrison Mutai * TODO: The TPM library currently supports extending only a single digest 75*0087b24fSHarrison Mutai * at a time. In practice, we should query the TPM to determine which hash 76*0087b24fSHarrison Mutai * algorithms it supports, and update the library to allow submitting 77*0087b24fSHarrison Mutai * multiple digest extensions in one call. 78*0087b24fSHarrison Mutai */ 79*0087b24fSHarrison Mutai digest = ((tpml_digest_values *)digest_buf)->digests; 80*0087b24fSHarrison Mutai 81*0087b24fSHarrison Mutai rc = tpm_pcr_extend(&tpm_chip_data, PCR_0, digest->algorithm_id, 82*0087b24fSHarrison Mutai digest->digest, TCG_DIGEST_SIZE); 83*0087b24fSHarrison Mutai if (rc != 0) { 84*0087b24fSHarrison Mutai ERROR("BL2: TPM PCR-0 extend failed\n"); 85*0087b24fSHarrison Mutai panic(); 86*0087b24fSHarrison Mutai } 87*0087b24fSHarrison Mutai #endif /* !DISCRETE_TPM */ 88*0087b24fSHarrison Mutai 89*0087b24fSHarrison Mutai return rc; 90*0087b24fSHarrison Mutai } 91