diff options
| -rw-r--r-- | Makefile | 19 | ||||
| -rw-r--r-- | bl1/bl1_main.c | 43 | ||||
| -rw-r--r-- | bl2/bl2_main.c | 296 | ||||
| -rw-r--r-- | common/auth.c | 61 | ||||
| -rw-r--r-- | common/bl_common.c | 54 | ||||
| -rw-r--r-- | docs/user-guide.md | 12 | ||||
| -rw-r--r-- | include/common/auth.h | 88 | ||||
| -rw-r--r-- | include/common/bl_common.h | 7 | ||||
| -rw-r--r-- | include/plat/arm/common/arm_def.h | 4 | ||||
| -rw-r--r-- | plat/arm/board/juno/platform.mk | 5 | ||||
| -rw-r--r-- | plat/arm/common/arm_common.mk | 28 |
11 files changed, 142 insertions, 475 deletions
@@ -76,7 +76,6 @@ CREATE_KEYS := 1 SAVE_KEYS := 0 # Flags to build TF with Trusted Boot support TRUSTED_BOARD_BOOT := 0 -AUTH_MOD := none # By default, consider that the platform's reset address is not programmable. # The platform Makefile is free to override this value. PROGRAMMABLE_RESET_ADDRESS := 0 @@ -215,6 +214,7 @@ INCLUDES += -Iinclude/bl31 \ -Iinclude/common \ -Iinclude/drivers \ -Iinclude/drivers/arm \ + -Iinclude/drivers/auth \ -Iinclude/drivers/io \ -Iinclude/drivers/ti/uart \ -Iinclude/lib \ @@ -340,23 +340,6 @@ ifneq (${GENERATE_COT},0) $(eval CRT_ARGS += $(if ${KEY_ALG}, --key-alg ${KEY_ALG})) endif -# Check Trusted Board Boot options -ifneq (${TRUSTED_BOARD_BOOT},0) - ifeq (${AUTH_MOD},none) - $(error Error: When TRUSTED_BOARD_BOOT=1, AUTH_MOD has to be the name of a valid authentication module) - else - # We expect to locate an *.mk file under the specified AUTH_MOD directory - AUTH_MAKE := $(shell m="common/auth/${AUTH_MOD}/${AUTH_MOD}.mk"; [ -f "$$m" ] && echo "$$m") - ifeq (${AUTH_MAKE},) - $(error Error: No common/auth/${AUTH_MOD}/${AUTH_MOD}.mk located) - endif - $(info Including ${AUTH_MAKE}) - include ${AUTH_MAKE} - endif - - BL_COMMON_SOURCES += common/auth.c -endif - # Check if -pedantic option should be used ifeq (${DISABLE_PEDANTIC},0) CFLAGS += -pedantic diff --git a/bl1/bl1_main.c b/bl1/bl1_main.c index c270cf49..e3225319 100644 --- a/bl1/bl1_main.c +++ b/bl1/bl1_main.c @@ -31,7 +31,7 @@ #include <arch.h> #include <arch_helpers.h> #include <assert.h> -#include <auth.h> +#include <auth_mod.h> #include <bl_common.h> #include <debug.h> #include <platform.h> @@ -161,38 +161,16 @@ void bl1_main(void) #if TRUSTED_BOARD_BOOT /* Initialize authentication module */ - auth_init(); - - /* - * Load the BL2 certificate into the BL2 region. This region will be - * overwritten by the image, so the authentication module is responsible - * for storing the relevant data from the certificate (keys, hashes, - * etc.) so it can be used later. - */ - err = load_image(bl1_tzram_layout, - BL2_CERT_ID, - BL2_BASE, - &bl2_image_info, - NULL); - if (err) { - ERROR("Failed to load BL2 certificate.\n"); - panic(); - } - - err = auth_verify_obj(AUTH_BL2_IMG_CERT, bl2_image_info.image_base, - bl2_image_info.image_size); - if (err) { - ERROR("Failed to validate BL2 certificate.\n"); - panic(); - } + auth_mod_init(); #endif /* TRUSTED_BOARD_BOOT */ /* Load the BL2 image */ - err = load_image(bl1_tzram_layout, + err = load_auth_image(bl1_tzram_layout, BL2_IMAGE_ID, BL2_BASE, &bl2_image_info, &bl2_ep); + if (err) { /* * TODO: print failure to load BL2 but also add a tzwdog timer @@ -202,19 +180,6 @@ void bl1_main(void) panic(); } -#if TRUSTED_BOARD_BOOT - err = auth_verify_obj(AUTH_BL2_IMG, bl2_image_info.image_base, - bl2_image_info.image_size); - if (err) { - ERROR("Failed to validate BL2 image.\n"); - panic(); - } - - /* After working with data, invalidate the data cache */ - inv_dcache_range(bl2_image_info.image_base, - (size_t)bl2_image_info.image_size); -#endif /* TRUSTED_BOARD_BOOT */ - /* * Create a new layout of memory for BL2 as seen by BL1 i.e. * tell it the amount of total and free memory available. diff --git a/bl2/bl2_main.c b/bl2/bl2_main.c index aba0afcf..4c190025 100644 --- a/bl2/bl2_main.c +++ b/bl2/bl2_main.c @@ -31,7 +31,7 @@ #include <arch.h> #include <arch_helpers.h> #include <assert.h> -#include <auth.h> +#include <auth_mod.h> #include <bl_common.h> #include <debug.h> #include <platform.h> @@ -39,147 +39,6 @@ #include <stdint.h> #include "bl2_private.h" -#if TRUSTED_BOARD_BOOT - -#ifdef BL32_BASE -static int bl32_cert_error; -#endif - -/* - * Load and authenticate the key and content certificates for a BL3-x image. - * The _blob values identify the authentication objects (an object may be seen - * as a single stage in the authentication process). See auth.h for the complete - * list of objects. The _id values are passed to the IO framework to identify - * the images to load. - * - * Parameters: - * key_cert_blob: key certificate blob id (see auth.h) - * key_cert_id: key certificate image identifier (for IO framework) - * cont_cert_blob: content certificate blob id (see auth.h) - * cont_cert_id: content certificate image identifier (for IO framework) - * mem_layout: Trusted SRAM memory layout - * load_addr: load the certificates at this address - * - * Return: 0 = success, Otherwise = error - */ -static int load_cert_bl3x(unsigned int key_cert_blob, unsigned int key_cert_id, - unsigned int cont_cert_blob, unsigned int cont_cert_id, - meminfo_t *mem_layout, uint64_t load_addr) -{ - image_info_t image_info; - int err; - - /* Load Key certificate */ - image_info.h.version = VERSION_1; - err = load_image(mem_layout, key_cert_id, load_addr, &image_info, NULL); - if (err) { - ERROR("Cannot load key certificate id=%u\n", key_cert_id); - return err; - } - - err = auth_verify_obj(key_cert_blob, image_info.image_base, - image_info.image_size); - if (err) { - ERROR("Invalid key certificate id=%u\n", key_cert_id); - return err; - } - - /* Load Content certificate */ - image_info.h.version = VERSION_1; - err = load_image(mem_layout, cont_cert_id, load_addr, &image_info, NULL); - if (err) { - ERROR("Cannot load content certificate id=%u\n", - cont_cert_id); - return err; - } - - err = auth_verify_obj(cont_cert_blob, image_info.image_base, - image_info.image_size); - if (err) { - ERROR("Invalid content certificate id=%u\n", cont_cert_id); - return err; - } - - return 0; -} - -/* - * Load and authenticate the Trusted Key certificate the key and content - * certificates for each of the BL3-x images. - * - * Return: 0 = success, Otherwise = error - */ -static int load_certs(void) -{ - const uint64_t load_addr = BL31_BASE; - image_info_t image_info; - meminfo_t *mem_layout; - int err; - - /* Find out how much free trusted ram remains after BL2 load */ - mem_layout = bl2_plat_sec_mem_layout(); - - /* Load the Trusted Key certificate in the BL31 region */ - image_info.h.version = VERSION_1; - err = load_image(mem_layout, TRUSTED_KEY_CERT_ID, load_addr, - &image_info, NULL); - if (err) { - ERROR("Failed to load Trusted Key certificate.\n"); - return err; - } - - /* Validate the certificate */ - err = auth_verify_obj(AUTH_TRUSTED_KEY_CERT, image_info.image_base, - image_info.image_size); - if (err) { - ERROR("Invalid Trusted Key certificate.\n"); - return err; - } - - /* Load and validate Key and Content certificates for BL3-x images */ -#ifdef BL30_BASE - err = load_cert_bl3x(AUTH_BL30_KEY_CERT, BL30_KEY_CERT_ID, - AUTH_BL30_IMG_CERT, BL30_CERT_ID, - mem_layout, load_addr); - if (err) { - ERROR("Failed to verify BL3-0 authenticity\n"); - return err; - } -#endif /* BL30_BASE */ - - err = load_cert_bl3x(AUTH_BL31_KEY_CERT, BL31_KEY_CERT_ID, - AUTH_BL31_IMG_CERT, BL31_CERT_ID, - mem_layout, load_addr); - if (err) { - ERROR("Failed to verify BL3-1 authenticity\n"); - return err; - } - -#ifdef BL32_BASE - /* BL3-2 image is optional, but keep the return value in case the - * image is present but the certificate is missing */ - err = load_cert_bl3x(AUTH_BL32_KEY_CERT, BL32_KEY_CERT_ID, - AUTH_BL32_IMG_CERT, BL32_CERT_ID, - mem_layout, load_addr); - if (err) { - WARN("Failed to verify BL3-2 authenticity\n"); - } - bl32_cert_error = err; -#endif /* BL32_BASE */ - - err = load_cert_bl3x(AUTH_BL33_KEY_CERT, BL33_KEY_CERT_ID, - AUTH_BL33_IMG_CERT, BL33_CERT_ID, - mem_layout, load_addr); - if (err) { - ERROR("Failed to verify BL3-3 authenticity\n"); - return err; - } - - return 0; -} - -#endif /* TRUSTED_BOARD_BOOT */ - /******************************************************************************* * Load the BL3-0 image if there's one. * If a platform does not want to attempt to load BL3-0 image it must leave @@ -205,34 +64,18 @@ static int load_bl30(void) INFO("BL2: Loading BL3-0\n"); bl2_plat_get_bl30_meminfo(&bl30_mem_info); bl30_image_info.h.version = VERSION_1; - e = load_image(&bl30_mem_info, - BL30_IMAGE_ID, - BL30_BASE, - &bl30_image_info, - NULL); - - if (e) - return e; - -#if TRUSTED_BOARD_BOOT - e = auth_verify_obj(AUTH_BL30_IMG, - bl30_image_info.image_base, - bl30_image_info.image_size); - if (e) { - ERROR("Failed to authenticate BL3-0 image.\n"); - return e; - } - - /* After working with data, invalidate the data cache */ - inv_dcache_range(bl30_image_info.image_base, - (size_t)bl30_image_info.image_size); -#endif /* TRUSTED_BOARD_BOOT */ - - /* The subsequent handling of BL3-0 is platform specific */ - e = bl2_plat_handle_bl30(&bl30_image_info); - if (e) { - ERROR("Failure in platform-specific handling of BL3-0 image.\n"); - return e; + e = load_auth_image(&bl30_mem_info, + BL30_IMAGE_ID, + BL30_BASE, + &bl30_image_info, + NULL); + + if (e == 0) { + /* The subsequent handling of BL3-0 is platform specific */ + e = bl2_plat_handle_bl30(&bl30_image_info); + if (e) { + ERROR("Failure in platform-specific handling of BL3-0 image.\n"); + } } #endif /* BL30_BASE */ @@ -262,31 +105,17 @@ static int load_bl31(bl31_params_t *bl2_to_bl31_params, bl31_ep_info->args.arg0 = (unsigned long)bl2_to_bl31_params; /* Load the BL3-1 image */ - e = load_image(bl2_tzram_layout, - BL31_IMAGE_ID, - BL31_BASE, - bl2_to_bl31_params->bl31_image_info, - bl31_ep_info); - if (e) - return e; - -#if TRUSTED_BOARD_BOOT - e = auth_verify_obj(AUTH_BL31_IMG, - bl2_to_bl31_params->bl31_image_info->image_base, - bl2_to_bl31_params->bl31_image_info->image_size); - if (e) { - ERROR("Failed to authenticate BL3-1 image.\n"); - return e; + e = load_auth_image(bl2_tzram_layout, + BL31_IMAGE_ID, + BL31_BASE, + bl2_to_bl31_params->bl31_image_info, + bl31_ep_info); + + if (e == 0) { + bl2_plat_set_bl31_ep_info(bl2_to_bl31_params->bl31_image_info, + bl31_ep_info); } - /* After working with data, invalidate the data cache */ - inv_dcache_range(bl2_to_bl31_params->bl31_image_info->image_base, - (size_t)bl2_to_bl31_params->bl31_image_info->image_size); -#endif /* TRUSTED_BOARD_BOOT */ - - bl2_plat_set_bl31_ep_info(bl2_to_bl31_params->bl31_image_info, - bl31_ep_info); - return e; } @@ -314,37 +143,17 @@ static int load_bl32(bl31_params_t *bl2_to_bl31_params) * completely different memory. */ bl2_plat_get_bl32_meminfo(&bl32_mem_info); - e = load_image(&bl32_mem_info, - BL32_IMAGE_ID, - BL32_BASE, - bl2_to_bl31_params->bl32_image_info, - bl2_to_bl31_params->bl32_ep_info); - - if (e) - return e; - -#if TRUSTED_BOARD_BOOT - /* Image is present. Check if there is a valid certificate */ - if (bl32_cert_error) { - ERROR("Failed to authenticate BL3-2 certificates.\n"); - return bl32_cert_error; - } - - e = auth_verify_obj(AUTH_BL32_IMG, - bl2_to_bl31_params->bl32_image_info->image_base, - bl2_to_bl31_params->bl32_image_info->image_size); - if (e) { - ERROR("Failed to authenticate BL3-2 image.\n"); - return e; + e = load_auth_image(&bl32_mem_info, + BL32_IMAGE_ID, + BL32_BASE, + bl2_to_bl31_params->bl32_image_info, + bl2_to_bl31_params->bl32_ep_info); + + if (e == 0) { + bl2_plat_set_bl32_ep_info( + bl2_to_bl31_params->bl32_image_info, + bl2_to_bl31_params->bl32_ep_info); } - /* After working with data, invalidate the data cache */ - inv_dcache_range(bl2_to_bl31_params->bl32_image_info->image_base, - (size_t)bl2_to_bl31_params->bl32_image_info->image_size); -#endif /* TRUSTED_BOARD_BOOT */ - - bl2_plat_set_bl32_ep_info( - bl2_to_bl31_params->bl32_image_info, - bl2_to_bl31_params->bl32_ep_info); #endif /* BL32_BASE */ return e; @@ -367,30 +176,16 @@ static int load_bl33(bl31_params_t *bl2_to_bl31_params) bl2_plat_get_bl33_meminfo(&bl33_mem_info); /* Load the BL3-3 image in non-secure memory provided by the platform */ - e = load_image(&bl33_mem_info, - BL33_IMAGE_ID, - plat_get_ns_image_entrypoint(), - bl2_to_bl31_params->bl33_image_info, - bl2_to_bl31_params->bl33_ep_info); - - if (e) - return e; - -#if TRUSTED_BOARD_BOOT - e = auth_verify_obj(AUTH_BL33_IMG, - bl2_to_bl31_params->bl33_image_info->image_base, - bl2_to_bl31_params->bl33_image_info->image_size); - if (e) { - ERROR("Failed to authenticate BL3-3 image.\n"); - return e; + e = load_auth_image(&bl33_mem_info, + BL33_IMAGE_ID, + plat_get_ns_image_entrypoint(), + bl2_to_bl31_params->bl33_image_info, + bl2_to_bl31_params->bl33_ep_info); + + if (e == 0) { + bl2_plat_set_bl33_ep_info(bl2_to_bl31_params->bl33_image_info, + bl2_to_bl31_params->bl33_ep_info); } - /* After working with data, invalidate the data cache */ - inv_dcache_range(bl2_to_bl31_params->bl33_image_info->image_base, - (size_t)bl2_to_bl31_params->bl33_image_info->image_size); -#endif /* TRUSTED_BOARD_BOOT */ - - bl2_plat_set_bl33_ep_info(bl2_to_bl31_params->bl33_image_info, - bl2_to_bl31_params->bl33_ep_info); return e; } @@ -414,14 +209,7 @@ void bl2_main(void) #if TRUSTED_BOARD_BOOT /* Initialize authentication module */ - auth_init(); - - /* Validate the certificates involved in the Chain of Trust */ - e = load_certs(); - if (e) { - ERROR("Chain of Trust invalid. Aborting...\n"); - panic(); - } + auth_mod_init(); #endif /* TRUSTED_BOARD_BOOT */ /* diff --git a/common/auth.c b/common/auth.c deleted file mode 100644 index 37234b8e..00000000 --- a/common/auth.c +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of ARM nor the names of its contributors may be used - * to endorse or promote products derived from this software without specific - * prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -#include <assert.h> -#include <auth.h> -#include <debug.h> - -/* - * Initialize the authentication module - */ -void auth_init(void) -{ - assert(auth_mod.name); - assert(auth_mod.init); - assert(auth_mod.verify); - - INFO("Using authentication module '%s'\n", auth_mod.name); - if (auth_mod.init() != 0) - assert(0); -} - -/* - * Authenticate a certificate/image - * - * Return: 0 = success, Otherwise = error - */ -int auth_verify_obj(unsigned int obj_id, uintptr_t obj_buf, size_t len) -{ - assert(obj_id < AUTH_NUM_OBJ); - assert(obj_buf != 0); - assert(auth_mod.verify); - - return auth_mod.verify(obj_id, obj_buf, len); -} diff --git a/common/bl_common.c b/common/bl_common.c index c8ec4e82..b8558a69 100644 --- a/common/bl_common.c +++ b/common/bl_common.c @@ -31,6 +31,7 @@ #include <arch.h> #include <arch_helpers.h> #include <assert.h> +#include <auth_mod.h> #include <bl_common.h> #include <debug.h> #include <errno.h> @@ -209,7 +210,7 @@ unsigned long image_size(unsigned int image_id) ******************************************************************************/ int load_image(meminfo_t *mem_layout, unsigned int image_id, - uint64_t image_base, + uintptr_t image_base, image_info_t *image_data, entry_point_info_t *entry_point_info) { @@ -308,3 +309,54 @@ exit: return io_result; } + +/******************************************************************************* + * Generic function to load and authenticate an image. The image is actually + * loaded by calling the 'load_image()' function. In addition, this function + * uses recursion to authenticate the parent images up to the root of trust. + ******************************************************************************/ +int load_auth_image(meminfo_t *mem_layout, + unsigned int image_id, + uintptr_t image_base, + image_info_t *image_data, + entry_point_info_t *entry_point_info) +{ + int rc; + +#if TRUSTED_BOARD_BOOT + unsigned int parent_id; + + /* Use recursion to authenticate parent images */ + rc = auth_mod_get_parent_id(image_id, &parent_id); + if (rc == 0) { + rc = load_auth_image(mem_layout, parent_id, image_base, + image_data, NULL); + if (rc != IO_SUCCESS) { + return rc; + } + } +#endif /* TRUSTED_BOARD_BOOT */ + + /* Load the image */ + rc = load_image(mem_layout, image_id, image_base, image_data, + entry_point_info); + if (rc != IO_SUCCESS) { + return rc; + } + +#if TRUSTED_BOARD_BOOT + /* Authenticate it */ + rc = auth_mod_verify_img(image_id, + (void *)image_data->image_base, + image_data->image_size); + if (rc != 0) { + return IO_FAIL; + } + + /* After working with data, invalidate the data cache */ + inv_dcache_range(image_data->image_base, + (size_t)image_data->image_size); +#endif /* TRUSTED_BOARD_BOOT */ + + return IO_SUCCESS; +} diff --git a/docs/user-guide.md b/docs/user-guide.md index 742f6165..b075eeb4 100644 --- a/docs/user-guide.md +++ b/docs/user-guide.md @@ -265,16 +265,8 @@ performed. * `TRUSTED_BOARD_BOOT`: Boolean flag to include support for the Trusted Board Boot feature. When set to '1', BL1 and BL2 images include support to load and verify the certificates and images in a FIP. The default value is '0'. - A successful build, when `TRUSTED_BOARD_BOOT=1`, depends upon the correct - initialization of the `AUTH_MOD` option. Generation and inclusion of - certificates in the FIP depends upon the value of the `GENERATE_COT` option. - -* `AUTH_MOD`: This option is used when `TRUSTED_BOARD_BOOT=1`. It specifies - the name of the authentication module that will be used in the Trusted Board - Boot sequence. The module must be located in `common/auth/<module name>` - directory. The directory must contain a makefile `<module name>.mk` which - will be used to build the module. More information can be found in - [Trusted Board Boot]. The default module name is 'none'. + Generation and inclusion of certificates in the FIP depends upon the value + of the `GENERATE_COT` option. * `GENERATE_COT`: Boolean flag used to build and execute the `cert_create` tool to create certificates as per the Chain of Trust described in diff --git a/include/common/auth.h b/include/common/auth.h deleted file mode 100644 index 3c3a6bd0..00000000 --- a/include/common/auth.h +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of ARM nor the names of its contributors may be used - * to endorse or promote products derived from this software without specific - * prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef AUTH_H_ -#define AUTH_H_ - -#include <stddef.h> -#include <stdint.h> - -/* - * Authentication infrastructure for Trusted Boot - * - * This infrastructure provides an API to access the authentication module. This - * module will implement the required operations for Trusted Boot by creating an - * instance of the structure 'auth_mod_t'. This instance must be called - * 'auth_mod' and must provide the functions to initialize the module and - * verify the authenticity of the images. - */ - -/* Objects (images and certificates) involved in the TBB process */ -enum { - AUTH_BL2_IMG_CERT, - AUTH_BL2_IMG, - AUTH_TRUSTED_KEY_CERT, - AUTH_BL30_KEY_CERT, - AUTH_BL30_IMG_CERT, - AUTH_BL30_IMG, - AUTH_BL31_KEY_CERT, - AUTH_BL31_IMG_CERT, - AUTH_BL31_IMG, - AUTH_BL32_KEY_CERT, - AUTH_BL32_IMG_CERT, - AUTH_BL32_IMG, - AUTH_BL33_KEY_CERT, - AUTH_BL33_IMG_CERT, - AUTH_BL33_IMG, - AUTH_NUM_OBJ -}; - -/* Authentication module structure */ -typedef struct auth_mod_s { - /* [mandatory] Module name. Printed to the log during initialization */ - const char *name; - - /* [mandatory] Initialize the authentication module */ - int (*init)(void); - - /* [mandatory] This function will be called to authenticate a new - * object loaded into memory. The obj_id corresponds to one of the - * values in the enumeration above */ - int (*verify)(unsigned int obj_id, uintptr_t obj_buf, size_t len); -} auth_mod_t; - -/* This variable must be instantiated by the authentication module */ -extern const auth_mod_t auth_mod; - -/* Public functions */ -void auth_init(void); -int auth_verify_obj(unsigned int obj_id, uintptr_t obj_buf, size_t len); - -#endif /* AUTH_H_ */ diff --git a/include/common/bl_common.h b/include/common/bl_common.h index 1e848969..b1a9c8f6 100644 --- a/include/common/bl_common.h +++ b/include/common/bl_common.h @@ -229,9 +229,14 @@ void change_security_state(unsigned int); unsigned long image_size(unsigned int image_id); int load_image(meminfo_t *mem_layout, unsigned int image_id, - uint64_t image_base, + uintptr_t image_base, image_info_t *image_data, entry_point_info_t *entry_point_info); +int load_auth_image(meminfo_t *mem_layout, + unsigned int image_name, + uintptr_t image_base, + image_info_t *image_data, + entry_point_info_t *entry_point_info); extern const char build_message[]; extern const char version_string[]; diff --git a/include/plat/arm/common/arm_def.h b/include/plat/arm/common/arm_def.h index 64dc683d..4447af2c 100644 --- a/include/plat/arm/common/arm_def.h +++ b/include/plat/arm/common/arm_def.h @@ -201,7 +201,7 @@ #if TRUSTED_BOARD_BOOT #define BL1_RW_BASE (ARM_BL_RAM_BASE + \ ARM_BL_RAM_SIZE - \ - 0x8000) + 0x9000) #else #define BL1_RW_BASE (ARM_BL_RAM_BASE + \ ARM_BL_RAM_SIZE - \ @@ -217,7 +217,7 @@ * size plus a little space for growth. */ #if TRUSTED_BOARD_BOOT -#define BL2_BASE (BL31_BASE - 0x1C000) +#define BL2_BASE (BL31_BASE - 0x1D000) #else #define BL2_BASE (BL31_BASE - 0xC000) #endif diff --git a/plat/arm/board/juno/platform.mk b/plat/arm/board/juno/platform.mk index d8d4f145..98834e7b 100644 --- a/plat/arm/board/juno/platform.mk +++ b/plat/arm/board/juno/platform.mk @@ -40,7 +40,6 @@ BL2_SOURCES += plat/arm/board/juno/juno_security.c \ BL31_SOURCES += lib/cpus/aarch64/cortex_a53.S \ lib/cpus/aarch64/cortex_a57.S - # Enable workarounds for selected Cortex-A57 erratas. ERRATA_A57_806969 := 0 ERRATA_A57_813420 := 1 @@ -53,3 +52,7 @@ include plat/arm/board/common/board_css.mk include plat/arm/common/arm_common.mk include plat/arm/soc/common/soc_css.mk include plat/arm/css/common/css_common.mk + +ifeq (${KEY_ALG},ecdsa) + $(error "ECDSA key algorithm is not fully supported on Juno.") +endif diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk index 5b26b6d4..bcc3833f 100644 --- a/plat/arm/common/arm_common.mk +++ b/plat/arm/common/arm_common.mk @@ -84,3 +84,31 @@ BL31_SOURCES += drivers/arm/cci/cci.c \ plat/arm/common/arm_topology.c \ plat/common/plat_gic.c \ plat/common/aarch64/platform_mp_stack.S + +ifneq (${TRUSTED_BOARD_BOOT},0) + + # By default, ARM platforms use RSA keys + KEY_ALG := rsa + + # Include common TBB sources + AUTH_SOURCES := drivers/auth/auth_mod.c \ + drivers/auth/crypto_mod.c \ + drivers/auth/img_parser_mod.c \ + drivers/auth/tbbr/tbbr_cot.c \ + + BL1_SOURCES += ${AUTH_SOURCES} + BL2_SOURCES += ${AUTH_SOURCES} + + MBEDTLS_KEY_ALG := ${KEY_ALG} + + # We expect to locate the *.mk files under the directories specified below + CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk + IMG_PARSER_LIB_MK := drivers/auth/mbedtls/mbedtls_x509.mk + + $(info Including ${CRYPTO_LIB_MK}) + include ${CRYPTO_LIB_MK} + + $(info Including ${IMG_PARSER_LIB_MK}) + include ${IMG_PARSER_LIB_MK} + +endif |