1 /*
2 * Copyright (c) 2022, Arm Limited. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
8 #include <string.h>
9
10 #include <common/debug.h>
11 #include <measured_boot.h>
12 #include <psa/client.h>
13 #include <psa_manifest/sid.h>
14
15 #include "measured_boot_private.h"
16
print_byte_array(const uint8_t * array __unused,size_t len __unused)17 static void print_byte_array(const uint8_t *array __unused, size_t len __unused)
18 {
19 #if LOG_LEVEL >= LOG_LEVEL_INFO
20 size_t i;
21
22 if (array == NULL || len == 0U) {
23 (void)printf("\n");
24 } else {
25 for (i = 0U; i < len; ++i) {
26 (void)printf(" %02x", array[i]);
27 if ((i & U(0xF)) == U(0xF)) {
28 (void)printf("\n");
29 if (i < (len - 1U)) {
30 INFO("\t\t:");
31 }
32 }
33 }
34 }
35 #endif
36 }
37
log_measurement(uint8_t index,const uint8_t * signer_id,size_t signer_id_size,const uint8_t * version,size_t version_size,const uint8_t * sw_type,size_t sw_type_size,uint32_t measurement_algo,const uint8_t * measurement_value,size_t measurement_value_size,bool lock_measurement)38 static void log_measurement(uint8_t index,
39 const uint8_t *signer_id,
40 size_t signer_id_size,
41 const uint8_t *version, /* string */
42 size_t version_size,
43 const uint8_t *sw_type, /* string */
44 size_t sw_type_size,
45 uint32_t measurement_algo,
46 const uint8_t *measurement_value,
47 size_t measurement_value_size,
48 bool lock_measurement)
49 {
50 INFO("Measured boot extend measurement:\n");
51 INFO(" - slot : %u\n", index);
52 INFO(" - signer_id :");
53 print_byte_array(signer_id, signer_id_size);
54 INFO(" - version : %s\n", version);
55 INFO(" - version_size: %zu\n", version_size);
56 INFO(" - sw_type : %s\n", sw_type);
57 INFO(" - sw_type_size: %zu\n", sw_type_size);
58 INFO(" - algorithm : %x\n", measurement_algo);
59 INFO(" - measurement :");
60 print_byte_array(measurement_value, measurement_value_size);
61 INFO(" - locking : %s\n", lock_measurement ? "true" : "false");
62 }
63
64 #if !PLAT_RSS_NOT_SUPPORTED
65 psa_status_t
rss_measured_boot_extend_measurement(uint8_t index,const uint8_t * signer_id,size_t signer_id_size,const uint8_t * version,size_t version_size,uint32_t measurement_algo,const uint8_t * sw_type,size_t sw_type_size,const uint8_t * measurement_value,size_t measurement_value_size,bool lock_measurement)66 rss_measured_boot_extend_measurement(uint8_t index,
67 const uint8_t *signer_id,
68 size_t signer_id_size,
69 const uint8_t *version,
70 size_t version_size,
71 uint32_t measurement_algo,
72 const uint8_t *sw_type,
73 size_t sw_type_size,
74 const uint8_t *measurement_value,
75 size_t measurement_value_size,
76 bool lock_measurement)
77 {
78 struct measured_boot_extend_iovec_t extend_iov = {
79 .index = index,
80 .lock_measurement = lock_measurement,
81 .measurement_algo = measurement_algo,
82 .sw_type = {0},
83 /* Removing \0 */
84 .sw_type_size = (sw_type_size > 0) ? (sw_type_size - 1) : 0,
85 };
86
87 psa_invec in_vec[] = {
88 {.base = &extend_iov,
89 .len = sizeof(struct measured_boot_extend_iovec_t)},
90 {.base = signer_id, .len = signer_id_size},
91 {.base = version,
92 .len = (version_size > 0) ? (version_size - 1) : 0},
93 {.base = measurement_value, .len = measurement_value_size}
94 };
95
96 if (sw_type != NULL) {
97 if (extend_iov.sw_type_size > SW_TYPE_MAX_SIZE) {
98 return PSA_ERROR_INVALID_ARGUMENT;
99 }
100 memcpy(extend_iov.sw_type, sw_type, extend_iov.sw_type_size);
101 }
102
103 log_measurement(index, signer_id, signer_id_size,
104 version, version_size, sw_type, sw_type_size,
105 measurement_algo, measurement_value,
106 measurement_value_size, lock_measurement);
107
108 return psa_call(RSS_MEASURED_BOOT_HANDLE,
109 RSS_MEASURED_BOOT_EXTEND,
110 in_vec, IOVEC_LEN(in_vec),
111 NULL, 0);
112 }
113
rss_measured_boot_read_measurement(uint8_t index,uint8_t * signer_id,size_t signer_id_size,size_t * signer_id_len,uint8_t * version,size_t version_size,size_t * version_len,uint32_t * measurement_algo,uint8_t * sw_type,size_t sw_type_size,size_t * sw_type_len,uint8_t * measurement_value,size_t measurement_value_size,size_t * measurement_value_len,bool * is_locked)114 psa_status_t rss_measured_boot_read_measurement(uint8_t index,
115 uint8_t *signer_id,
116 size_t signer_id_size,
117 size_t *signer_id_len,
118 uint8_t *version,
119 size_t version_size,
120 size_t *version_len,
121 uint32_t *measurement_algo,
122 uint8_t *sw_type,
123 size_t sw_type_size,
124 size_t *sw_type_len,
125 uint8_t *measurement_value,
126 size_t measurement_value_size,
127 size_t *measurement_value_len,
128 bool *is_locked)
129 {
130 psa_status_t status;
131 struct measured_boot_read_iovec_in_t read_iov_in = {
132 .index = index,
133 .sw_type_size = sw_type_size,
134 .version_size = version_size,
135 };
136
137 struct measured_boot_read_iovec_out_t read_iov_out;
138
139 psa_invec in_vec[] = {
140 {.base = &read_iov_in,
141 .len = sizeof(struct measured_boot_read_iovec_in_t)},
142 };
143
144 psa_outvec out_vec[] = {
145 {.base = &read_iov_out,
146 .len = sizeof(struct measured_boot_read_iovec_out_t)},
147 {.base = signer_id, .len = signer_id_size},
148 {.base = measurement_value, .len = measurement_value_size}
149 };
150
151 status = psa_call(RSS_MEASURED_BOOT_HANDLE, RSS_MEASURED_BOOT_READ,
152 in_vec, IOVEC_LEN(in_vec),
153 out_vec, IOVEC_LEN(out_vec));
154
155 if (status == PSA_SUCCESS) {
156 *is_locked = read_iov_out.is_locked;
157 *measurement_algo = read_iov_out.measurement_algo;
158 *sw_type_len = read_iov_out.sw_type_len;
159 *version_len = read_iov_out.version_len;
160 memcpy(sw_type, read_iov_out.sw_type, read_iov_out.sw_type_len);
161 memcpy(version, read_iov_out.version, read_iov_out.version_len);
162 *signer_id_len = out_vec[1].len;
163 *measurement_value_len = out_vec[2].len;
164 }
165
166 return status;
167 }
168
169 #else /* !PLAT_RSS_NOT_SUPPORTED */
170
171 psa_status_t
rss_measured_boot_extend_measurement(uint8_t index,const uint8_t * signer_id,size_t signer_id_size,const uint8_t * version,size_t version_size,uint32_t measurement_algo,const uint8_t * sw_type,size_t sw_type_size,const uint8_t * measurement_value,size_t measurement_value_size,bool lock_measurement)172 rss_measured_boot_extend_measurement(uint8_t index,
173 const uint8_t *signer_id,
174 size_t signer_id_size,
175 const uint8_t *version,
176 size_t version_size,
177 uint32_t measurement_algo,
178 const uint8_t *sw_type,
179 size_t sw_type_size,
180 const uint8_t *measurement_value,
181 size_t measurement_value_size,
182 bool lock_measurement)
183 {
184 log_measurement(index, signer_id, signer_id_size,
185 version, version_size, sw_type, sw_type_size,
186 measurement_algo, measurement_value,
187 measurement_value_size, lock_measurement);
188
189 return PSA_SUCCESS;
190 }
191
rss_measured_boot_read_measurement(uint8_t index,uint8_t * signer_id,size_t signer_id_size,size_t * signer_id_len,uint8_t * version,size_t version_size,size_t * version_len,uint32_t * measurement_algo,uint8_t * sw_type,size_t sw_type_size,size_t * sw_type_len,uint8_t * measurement_value,size_t measurement_value_size,size_t * measurement_value_len,bool * is_locked)192 psa_status_t rss_measured_boot_read_measurement(uint8_t index,
193 uint8_t *signer_id,
194 size_t signer_id_size,
195 size_t *signer_id_len,
196 uint8_t *version,
197 size_t version_size,
198 size_t *version_len,
199 uint32_t *measurement_algo,
200 uint8_t *sw_type,
201 size_t sw_type_size,
202 size_t *sw_type_len,
203 uint8_t *measurement_value,
204 size_t measurement_value_size,
205 size_t *measurement_value_len,
206 bool *is_locked)
207 {
208 return PSA_SUCCESS;
209 }
210
211 #endif /* !PLAT_RSS_NOT_SUPPORTED */
212
