From 6cb5d3268fa41d15480c4e070a51577b333767fe Mon Sep 17 00:00:00 2001
From: Tamas Ban <tamas.ban@arm.com>
Date: Fri, 16 Sep 2022 16:26:15 +0200
Subject: [PATCH] feat(tc): enable RSS backend based measured boot

Measurements taken during boot are stored in RSS.
These measurements are included in the platform
attestation token.

Change-Id: Iac3356f813fb417315681c718839319832a76191
Signed-off-by: David Vincze <david.vincze@arm.com>
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
---
 plat/arm/board/tc/platform.mk               | 27 +++++++++-
 plat/arm/board/tc/tc_bl1_measured_boot.c    | 55 +++++++++++++++++++++
 plat/arm/board/tc/tc_bl2_measured_boot.c    | 54 ++++++++++++++++++++
 plat/arm/board/tc/tc_common_measured_boot.c | 35 +++++++++++++
 plat/arm/board/tc/tc_plat.c                 |  2 +-
 5 files changed, 171 insertions(+), 2 deletions(-)
 create mode 100644 plat/arm/board/tc/tc_bl1_measured_boot.c
 create mode 100644 plat/arm/board/tc/tc_bl2_measured_boot.c
 create mode 100644 plat/arm/board/tc/tc_common_measured_boot.c

diff --git a/plat/arm/board/tc/platform.mk b/plat/arm/board/tc/platform.mk
index 1a1bc567b..4f962cd6b 100644
--- a/plat/arm/board/tc/platform.mk
+++ b/plat/arm/board/tc/platform.mk
@@ -94,7 +94,6 @@ BL1_SOURCES		+=	${INTERCONNECT_SOURCES}	\
 				${TC_BASE}/tc_err.c	\
 				drivers/arm/sbsa/sbsa.c
 
-
 BL2_SOURCES		+=	${TC_BASE}/tc_security.c	\
 				${TC_BASE}/tc_err.c		\
 				${TC_BASE}/tc_trusted_boot.c		\
@@ -162,6 +161,32 @@ override ENABLE_AMU_FCONF := 1
 override ENABLE_MPMM := 1
 override ENABLE_MPMM_FCONF := 1
 
+# Include Measured Boot makefile before any Crypto library makefile.
+# Crypto library makefile may need default definitions of Measured Boot build
+# flags present in Measured Boot makefile.
+ifeq (${MEASURED_BOOT},1)
+    MEASURED_BOOT_MK := drivers/measured_boot/rss/rss_measured_boot.mk
+    $(info Including ${MEASURED_BOOT_MK})
+    include ${MEASURED_BOOT_MK}
+    $(info Including rss_comms.mk)
+    include drivers/arm/rss/rss_comms.mk
+
+    BL1_SOURCES		+=	${MEASURED_BOOT_SOURCES} \
+				plat/arm/board/tc/tc_common_measured_boot.c \
+				plat/arm/board/tc/tc_bl1_measured_boot.c \
+				lib/psa/measured_boot.c			 \
+				${RSS_COMMS_SOURCES}
+
+    BL2_SOURCES		+=	${MEASURED_BOOT_SOURCES} \
+				plat/arm/board/tc/tc_common_measured_boot.c \
+				plat/arm/board/tc/tc_bl2_measured_boot.c \
+				lib/psa/measured_boot.c			 \
+				${RSS_COMMS_SOURCES}
+
+PLAT_INCLUDES		+=	-Iinclude/lib/psa
+
+endif
+
 include plat/arm/common/arm_common.mk
 include plat/arm/css/common/css_common.mk
 include plat/arm/soc/common/soc_css.mk
diff --git a/plat/arm/board/tc/tc_bl1_measured_boot.c b/plat/arm/board/tc/tc_bl1_measured_boot.c
new file mode 100644
index 000000000..0d29c5114
--- /dev/null
+++ b/plat/arm/board/tc/tc_bl1_measured_boot.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stdint.h>
+
+#include <drivers/arm/rss_comms.h>
+#include <drivers/measured_boot/rss/rss_measured_boot.h>
+#include <lib/psa/measured_boot.h>
+
+#include <plat/arm/common/plat_arm.h>
+#include <platform_def.h>
+
+/* Table with platform specific image IDs and metadata. Intentionally not a
+ * const struct, some members might set by bootloaders during trusted boot.
+ */
+struct rss_mboot_metadata tc_rss_mboot_metadata[] = {
+	{
+		.id = FW_CONFIG_ID,
+		.slot = U(6),
+		.signer_id_size = SIGNER_ID_MIN_SIZE,
+		.sw_type = RSS_MBOOT_FW_CONFIG_STRING,
+		.lock_measurement = true },
+	{
+		.id = TB_FW_CONFIG_ID,
+		.slot = U(7),
+		.signer_id_size = SIGNER_ID_MIN_SIZE,
+		.sw_type = RSS_MBOOT_TB_FW_CONFIG_STRING,
+		.lock_measurement = true },
+	{
+		.id = BL2_IMAGE_ID,
+		.slot = U(8),
+		.signer_id_size = SIGNER_ID_MIN_SIZE,
+		.sw_type = RSS_MBOOT_BL2_STRING,
+		.lock_measurement = true },
+
+	{
+		.id = RSS_MBOOT_INVALID_ID }
+};
+
+void bl1_plat_mboot_init(void)
+{
+	/* Initialize the communication channel between AP and RSS */
+	(void)rss_comms_init(PLAT_RSS_AP_SND_MHU_BASE,
+			     PLAT_RSS_AP_RCV_MHU_BASE);
+
+	rss_measured_boot_init();
+}
+
+void bl1_plat_mboot_finish(void)
+{
+	/* Nothing to do. */
+}
diff --git a/plat/arm/board/tc/tc_bl2_measured_boot.c b/plat/arm/board/tc/tc_bl2_measured_boot.c
new file mode 100644
index 000000000..7ea2c2ec4
--- /dev/null
+++ b/plat/arm/board/tc/tc_bl2_measured_boot.c
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stdint.h>
+
+#include <drivers/arm/rss_comms.h>
+#include <drivers/measured_boot/rss/rss_measured_boot.h>
+#include <lib/psa/measured_boot.h>
+
+#include <plat/common/common_def.h>
+#include <platform_def.h>
+
+/* TC specific table with image IDs and metadata. Intentionally not a
+ * const struct, some members might set by bootloaders during trusted boot.
+ */
+struct rss_mboot_metadata tc_rss_mboot_metadata[] = {
+	{
+		.id = BL31_IMAGE_ID,
+		.slot = U(9),
+		.signer_id_size = SIGNER_ID_MIN_SIZE,
+		.sw_type = RSS_MBOOT_BL31_STRING,
+		.lock_measurement = true },
+	{
+		.id = HW_CONFIG_ID,
+		.slot = U(10),
+		.signer_id_size = SIGNER_ID_MIN_SIZE,
+		.sw_type = RSS_MBOOT_HW_CONFIG_STRING,
+		.lock_measurement = true },
+	{
+		.id = SOC_FW_CONFIG_ID,
+		.slot = U(11),
+		.signer_id_size = SIGNER_ID_MIN_SIZE,
+		.sw_type = RSS_MBOOT_SOC_FW_CONFIG_STRING,
+		.lock_measurement = true },
+	{
+		.id = RSS_MBOOT_INVALID_ID }
+};
+
+void bl2_plat_mboot_init(void)
+{
+	/* Initialize the communication channel between AP and RSS */
+	(void)rss_comms_init(PLAT_RSS_AP_SND_MHU_BASE,
+			     PLAT_RSS_AP_RCV_MHU_BASE);
+
+	rss_measured_boot_init();
+}
+
+void bl2_plat_mboot_finish(void)
+{
+	/* Nothing to do. */
+}
diff --git a/plat/arm/board/tc/tc_common_measured_boot.c b/plat/arm/board/tc/tc_common_measured_boot.c
new file mode 100644
index 000000000..fe718995a
--- /dev/null
+++ b/plat/arm/board/tc/tc_common_measured_boot.c
@@ -0,0 +1,35 @@
+
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <stdint.h>
+
+#include <common/desc_image_load.h>
+#include <drivers/measured_boot/rss/rss_measured_boot.h>
+
+extern struct rss_mboot_metadata tc_rss_mboot_metadata[];
+
+struct rss_mboot_metadata *plat_rss_mboot_get_metadata(void)
+{
+	return tc_rss_mboot_metadata;
+}
+
+int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data)
+{
+	int err;
+
+	/* Calculate image hash and record data in RSS */
+	err = rss_mboot_measure_and_record(image_data->image_base,
+					   image_data->image_size,
+					   image_id);
+	if (err != 0) {
+		ERROR("%s%s image id %u (%i)\n",
+		      "Failed to ", "record in RSS", image_id, err);
+	}
+
+	return err;
+}
diff --git a/plat/arm/board/tc/tc_plat.c b/plat/arm/board/tc/tc_plat.c
index a9668e117..77db023fd 100644
--- a/plat/arm/board/tc/tc_plat.c
+++ b/plat/arm/board/tc/tc_plat.c
@@ -135,7 +135,7 @@ const struct spm_mm_boot_info *plat_get_secure_partition_boot_info(
 }
 #endif /* SPM_MM && defined(IMAGE_BL31) */
 
-#if TRUSTED_BOARD_BOOT
+#if TRUSTED_BOARD_BOOT || MEASURED_BOOT
 int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size)
 {
 	assert(heap_addr != NULL);
-- 
2.39.5