1 /*
2 * Copyright (c) 2025, Arm Limited. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8 #include <stdarg.h>
9 #include <stdint.h>
10
11 #include <plat/common/common_def.h>
12 #include <plat/common/platform.h>
13 #include <platform_def.h>
14
15 #include <tpm2.h>
16 #include <event_measure.h>
17 #include <event_print.h>
18 #include <rpi3_measured_boot.h>
19
20 /* RPI3 table with platform specific image IDs, names and PCRs */
21 extern const event_log_metadata_t rpi3_event_log_metadata[];
22
23 #if DISCRETE_TPM
24 extern struct tpm_chip_data tpm_chip_data;
25 #endif
26
plat_mboot_measure_image(unsigned int image_id,image_info_t * image_data)27 int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data)
28 {
29 int rc = 0;
30 const event_log_metadata_t *metadata_ptr;
31 uint8_t digest_buf[MAX_TPML_BUFFER_SIZE] __unused;
32 size_t digest_size __unused;
33 tpmt_ha *digest __unused;
34
35 metadata_ptr = mboot_find_event_log_metadata(rpi3_event_log_metadata,
36 image_id);
37 if (metadata_ptr == NULL) {
38 ERROR("Unable to find metadata for image %u.\n", image_id);
39 return -1;
40 }
41
42 #if !DISCRETE_TPM
43 /* Calculate image hash and record data in Event Log */
44 rc = event_log_measure_and_record(metadata_ptr->pcr,
45 image_data->image_base,
46 image_data->image_size,
47 metadata_ptr->name,
48 strlen(metadata_ptr->name) + 1U);
49 if (rc != 0) {
50 ERROR("Image measurement and recording failed (%d).\n", rc);
51 return rc;
52 }
53 #else
54 /* Calculate image hash and record data in Event Log */
55 rc = event_log_measure(image_data->image_base, image_data->image_size,
56 digest_buf, sizeof(digest_buf));
57 if (rc != 0) {
58 ERROR("Image measurement failed (%d).\n", rc);
59 return rc;
60 }
61
62 /* Extend measurement to Event Log. */
63 rc = event_log_write_pcr_event2(metadata_ptr->pcr, EV_POST_CODE,
64 (const tpml_digest_values *)digest_buf,
65 (const uint8_t *)metadata_ptr->name,
66 strlen(metadata_ptr->name) + 1);
67 if (rc != 0) {
68 ERROR("Failed to record image measurement to event log (%d).\n",
69 rc);
70 return rc;
71 }
72
73 /*
74 * TODO: The TPM library currently supports extending only a single digest
75 * at a time. In practice, we should query the TPM to determine which hash
76 * algorithms it supports, and update the library to allow submitting
77 * multiple digest extensions in one call.
78 */
79 digest = ((tpml_digest_values *)digest_buf)->digests;
80
81 rc = tpm_pcr_extend(&tpm_chip_data, PCR_0, digest->algorithm_id,
82 digest->digest, TCG_DIGEST_SIZE);
83 if (rc != 0) {
84 ERROR("BL2: TPM PCR-0 extend failed\n");
85 panic();
86 }
87 #endif /* !DISCRETE_TPM */
88
89 return rc;
90 }
91