openclaw/tqma6-yocto-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Complete Yocto mirror with license table for TQMa6UL (2038-compliance)

Browse Source 
- 264 license table entries with exact download URLs (224/264 resolved)
- Complete sources/ directory with all BitBake recipes
- Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl)
- Full traceability for Softwarefreigabeantrag
- GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4
- License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
This commit is contained in:
Siggi (OpenClaw Agent)
2026-03-01 20:58:18 +00:00
commit 16accb6b24
15086 changed files with 1292356 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
sources/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-Handle-logging-syscall.patch Normal file
View File

@@ -0,0 +1,32 @@
From d6ee50f581b43b16733b8731369b071d609d5048 Mon Sep 17 00:00:00 2001
From: Emekcan Aras <emekcan.aras@arm.com>
Date: Thu, 31 Aug 2023 10:51:54 +0100
Subject: [PATCH] Handle logging syscall
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Upstream-Status: Pending [upstreamed differently in 280b6a3]
---
core/arch/arm/kernel/spmc_sp_handler.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/core/arch/arm/kernel/spmc_sp_handler.c b/core/arch/arm/kernel/spmc_sp_handler.c
index 1f218a0df..0676e8898 100644
--- a/core/arch/arm/kernel/spmc_sp_handler.c
+++ b/core/arch/arm/kernel/spmc_sp_handler.c
@@ -1276,7 +1276,12 @@ void spmc_sp_msg_handler(struct thread_smc_args *args,
handle_console_log(args);
sp_enter(args, caller_sp);
break;
-
+ case 0xdeadbeef:
+ ts_push_current_session(&caller_sp->ts_sess);
+ IMSG("%s", (char *)args->a1);
+ ts_pop_current_session();
+ sp_enter(args, caller_sp);
+ break;
default:
EMSG("Unhandled FFA function ID %#"PRIx32,
(uint32_t)args->a0);
--
2.17.1

28
sources/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0002-increase-tzdram-size.patch Normal file
View File

@@ -0,0 +1,28 @@
From 1410d9e9c3e73b1319b98be67ad00c7630c4cb2e Mon Sep 17 00:00:00 2001
From: Emekcan Aras <Emekcan.Aras@arm.com>
Date: Wed, 3 Apr 2024 16:05:07 +0100
Subject: [PATCH] increase tzdram size
Upstream-Status: Pending
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
---
core/arch/arm/plat-corstone1000/conf.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/core/arch/arm/plat-corstone1000/conf.mk b/core/arch/arm/plat-corstone1000/conf.mk
index 98347b143..c2dd71f05 100644
--- a/core/arch/arm/plat-corstone1000/conf.mk
+++ b/core/arch/arm/plat-corstone1000/conf.mk
@@ -34,7 +34,7 @@ CFG_TEE_CORE_NB_CORE ?= 1
CFG_TZDRAM_START ?= 0x02002000
# TEE_RAM (OPTEE kernel + DATA) + TA_RAM = 3MB
-CFG_TZDRAM_SIZE ?= 0x300000
+CFG_TZDRAM_SIZE ?= 0x340000
CFG_SHMEM_START ?= 0x86000000
CFG_SHMEM_SIZE ?= 0x00200000
--
2.25.1

237
sources/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0001-plat-n1sdp-add-N1SDP-platform-support.patch Normal file
View File

@@ -0,0 +1,237 @@
From 56f2afcd10e8404a3c4efed6277a005fc4099e48 Mon Sep 17 00:00:00 2001
From: Vishnu Banavath <vishnu.banavath@arm.com>
Date: Thu, 30 Jun 2022 18:36:26 +0100
Subject: [PATCH] plat-n1sdp: add N1SDP platform support
Upstream-Status: Pending [Not submitted to upstream yet]
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
These changes are to add N1SDP platform to optee-os
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
---
core/arch/arm/plat-n1sdp/conf.mk | 41 +++++++++++++++++
core/arch/arm/plat-n1sdp/main.c | 53 ++++++++++++++++++++++
core/arch/arm/plat-n1sdp/n1sdp_core_pos.S | 32 +++++++++++++
core/arch/arm/plat-n1sdp/platform_config.h | 49 ++++++++++++++++++++
core/arch/arm/plat-n1sdp/sub.mk | 3 ++
5 files changed, 178 insertions(+)
create mode 100644 core/arch/arm/plat-n1sdp/conf.mk
create mode 100644 core/arch/arm/plat-n1sdp/main.c
create mode 100644 core/arch/arm/plat-n1sdp/n1sdp_core_pos.S
create mode 100644 core/arch/arm/plat-n1sdp/platform_config.h
create mode 100644 core/arch/arm/plat-n1sdp/sub.mk
diff --git a/core/arch/arm/plat-n1sdp/conf.mk b/core/arch/arm/plat-n1sdp/conf.mk
new file mode 100644
index 000000000..3dc79fe20
--- /dev/null
+++ b/core/arch/arm/plat-n1sdp/conf.mk
@@ -0,0 +1,41 @@
+include core/arch/arm/cpu/cortex-armv8-0.mk
+
+CFG_DEBUG_INFO = y
+CFG_TEE_CORE_LOG_LEVEL = 4
+
+# Workaround 808870: Unconditional VLDM instructions might cause an
+# alignment fault even though the address is aligned
+# Either hard float must be disabled for AArch32 or strict alignment checks
+# must be disabled
+ifeq ($(CFG_SCTLR_ALIGNMENT_CHECK),y)
+$(call force,CFG_TA_ARM32_NO_HARD_FLOAT_SUPPORT,y)
+else
+$(call force,CFG_SCTLR_ALIGNMENT_CHECK,n)
+endif
+
+CFG_ARM64_core ?= y
+
+CFG_ARM_GICV3 = y
+
+# ARM debugger needs this
+platform-cflags-debug-info = -gdwarf-4
+platform-aflags-debug-info = -gdwarf-4
+
+CFG_CORE_SEL1_SPMC = y
+CFG_WITH_ARM_TRUSTED_FW = y
+
+$(call force,CFG_GIC,y)
+$(call force,CFG_PL011,y)
+$(call force,CFG_SECURE_TIME_SOURCE_CNTPCT,y)
+
+CFG_CORE_HEAP_SIZE = 0x32000 # 200kb
+
+CFG_TEE_CORE_NB_CORE = 4
+CFG_TZDRAM_START ?= 0xDE000000
+CFG_TZDRAM_SIZE ?= 0x02000000
+
+CFG_SHMEM_START ?= 0x83000000
+CFG_SHMEM_SIZE ?= 0x00210000
+# DRAM1 is defined above 4G
+$(call force,CFG_CORE_LARGE_PHYS_ADDR,y)
+$(call force,CFG_CORE_ARM64_PA_BITS,36)
diff --git a/core/arch/arm/plat-n1sdp/main.c b/core/arch/arm/plat-n1sdp/main.c
new file mode 100644
index 000000000..38212d84c
--- /dev/null
+++ b/core/arch/arm/plat-n1sdp/main.c
@@ -0,0 +1,53 @@
+// SPDX-License-Identifier: BSD-2-Clause
+/*
+ * Copyright (c) 2022, Arm Limited.
+ */
+
+#include <arm.h>
+#include <console.h>
+#include <drivers/gic.h>
+#include <drivers/pl011.h>
+#include <drivers/tzc400.h>
+#include <initcall.h>
+#include <keep.h>
+#include <kernel/boot.h>
+#include <kernel/interrupt.h>
+#include <kernel/misc.h>
+#include <kernel/notif.h>
+#include <kernel/panic.h>
+#include <kernel/spinlock.h>
+#include <kernel/tee_time.h>
+#include <mm/core_memprot.h>
+#include <mm/core_mmu.h>
+#include <platform_config.h>
+#include <sm/psci.h>
+#include <stdint.h>
+#include <string.h>
+#include <trace.h>
+
+static struct pl011_data console_data __nex_bss;
+
+register_phys_mem_pgdir(MEM_AREA_IO_SEC, CONSOLE_UART_BASE, PL011_REG_SIZE);
+
+register_ddr(DRAM0_BASE, DRAM0_SIZE);
+
+register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICD_BASE, GIC_DIST_REG_SIZE);
+register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICC_BASE, GIC_DIST_REG_SIZE);
+register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICR_BASE, GIC_DIST_REG_SIZE);
+
+void main_init_gic(void)
+{
+ gic_init(GICC_BASE, GICD_BASE);
+}
+
+void main_secondary_init_gic(void)
+{
+ gic_init_per_cpu();
+}
+
+void console_init(void)
+{
+ pl011_init(&console_data, CONSOLE_UART_BASE, CONSOLE_UART_CLK_IN_HZ,
+ CONSOLE_BAUDRATE);
+ register_serial_console(&console_data.chip);
+}
diff --git a/core/arch/arm/plat-n1sdp/n1sdp_core_pos.S b/core/arch/arm/plat-n1sdp/n1sdp_core_pos.S
new file mode 100644
index 000000000..439d4e675
--- /dev/null
+++ b/core/arch/arm/plat-n1sdp/n1sdp_core_pos.S
@@ -0,0 +1,32 @@
+/* SPDX-License-Identifier: BSD-2-Clause */
+/*
+ * Copyright (c) 2022, Arm Limited
+ */
+
+#include <asm.S>
+#include <arm.h>
+#include "platform_config.h"
+
+FUNC get_core_pos_mpidr , :
+ mov x4, x0
+
+ /*
+ * The MT bit in MPIDR is always set for n1sdp and the
+ * affinity level 0 corresponds to thread affinity level.
+ */
+
+ /* Extract individual affinity fields from MPIDR */
+ ubfx x0, x4, #MPIDR_AFF0_SHIFT, #MPIDR_AFFINITY_BITS
+ ubfx x1, x4, #MPIDR_AFF1_SHIFT, #MPIDR_AFFINITY_BITS
+ ubfx x2, x4, #MPIDR_AFF2_SHIFT, #MPIDR_AFFINITY_BITS
+ ubfx x3, x4, #MPIDR_AFF3_SHIFT, #MPIDR_AFFINITY_BITS
+
+ /* Compute linear position */
+ mov x4, #N1SDP_MAX_CLUSTERS_PER_CHIP
+ madd x2, x3, x4, x2
+ mov x4, #N1SDP_MAX_CPUS_PER_CLUSTER
+ madd x1, x2, x4, x1
+ mov x4, #N1SDP_MAX_PE_PER_CPU
+ madd x0, x1, x4, x0
+ ret
+END_FUNC get_core_pos_mpidr
diff --git a/core/arch/arm/plat-n1sdp/platform_config.h b/core/arch/arm/plat-n1sdp/platform_config.h
new file mode 100644
index 000000000..81b994091
--- /dev/null
+++ b/core/arch/arm/plat-n1sdp/platform_config.h
@@ -0,0 +1,49 @@
+/* SPDX-License-Identifier: BSD-2-Clause */
+/*
+ * Copyright (c) 2022, Arm Limited
+ */
+
+#ifndef PLATFORM_CONFIG_H
+#define PLATFORM_CONFIG_H
+
+#include <mm/generic_ram_layout.h>
+#include <stdint.h>
+
+/* Make stacks aligned to data cache line length */
+#define STACK_ALIGNMENT 64
+
+ /* N1SDP topology related constants */
+#define N1SDP_MAX_CPUS_PER_CLUSTER U(2)
+#define PLAT_ARM_CLUSTER_COUNT U(2)
+#define PLAT_N1SDP_CHIP_COUNT U(2)
+#define N1SDP_MAX_CLUSTERS_PER_CHIP U(2)
+#define N1SDP_MAX_PE_PER_CPU U(1)
+
+#define PLATFORM_CORE_COUNT (PLAT_N1SDP_CHIP_COUNT * \
+ PLAT_ARM_CLUSTER_COUNT * \
+ N1SDP_MAX_CPUS_PER_CLUSTER * \
+ N1SDP_MAX_PE_PER_CPU)
+
+#define GIC_BASE 0x2c010000
+
+#define UART1_BASE 0x1C0A0000
+#define UART1_CLK_IN_HZ 24000000 /*24MHz*/
+
+#define CONSOLE_UART_BASE UART1_BASE
+#define CONSOLE_UART_CLK_IN_HZ UART1_CLK_IN_HZ
+
+#define DRAM0_BASE 0x80000000
+#define DRAM0_SIZE 0x80000000
+
+#define GICD_BASE 0x30000000
+#define GICC_BASE 0x2C000000
+#define GICR_BASE 0x300C0000
+
+#ifndef UART_BAUDRATE
+#define UART_BAUDRATE 115200
+#endif
+#ifndef CONSOLE_BAUDRATE
+#define CONSOLE_BAUDRATE UART_BAUDRATE
+#endif
+
+#endif /*PLATFORM_CONFIG_H*/
diff --git a/core/arch/arm/plat-n1sdp/sub.mk b/core/arch/arm/plat-n1sdp/sub.mk
new file mode 100644
index 000000000..a0b49da14
--- /dev/null
+++ b/core/arch/arm/plat-n1sdp/sub.mk
@@ -0,0 +1,3 @@
+global-incdirs-y += .
+srcs-y += main.c
+srcs-y += n1sdp_core_pos.S
--
2.25.1

32
sources/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0002-Handle-logging-syscall.patch Normal file
View File

@@ -0,0 +1,32 @@
Upstream-Status: Pending [upstreamed differently in 280b6a3]
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
From b3fde6c2e1a950214f760ab9f194f3a6572292a8 Mon Sep 17 00:00:00 2001
From: Balint Dobszay <balint.dobszay@arm.com>
Date: Fri, 15 Jul 2022 13:45:54 +0200
Subject: [PATCH] Handle logging syscall
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Change-Id: Ib8151cc9c66aea8bcc8fe8b1ecdc3f9f9c5f14e4
diff --git a/core/arch/arm/kernel/spmc_sp_handler.c b/core/arch/arm/kernel/spmc_sp_handler.c
index e0fa0aa6..c7a45387 100644
--- a/core/arch/arm/kernel/spmc_sp_handler.c
+++ b/core/arch/arm/kernel/spmc_sp_handler.c
@@ -1277,6 +1277,13 @@ void spmc_sp_msg_handler(struct thread_smc_args *args,
sp_enter(args, caller_sp);
break;
+ case 0xdeadbeef:
+ ts_push_current_session(&caller_sp->ts_sess);
+ IMSG("%s", (char *)args->a1);
+ ts_pop_current_session();
+ sp_enter(args, caller_sp);
+ break;
+
default:
EMSG("Unhandled FFA function ID %#"PRIx32,
(uint32_t)args->a0);
--
2.17.1

52
sources/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0003-plat-n1sdp-register-DRAM1-to-optee-os.patch Normal file
View File

@@ -0,0 +1,52 @@
Upstream-Status: Pending [Not submitted to upstream yet]
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
From 2eb1da30564428551ca687d456d848129105abac Mon Sep 17 00:00:00 2001
From: Vishnu Banavath <vishnu.banavath@arm.com>
Date: Tue, 25 Oct 2022 19:08:49 +0100
Subject: [PATCH] plat-n1sdp: register DRAM1 to optee-os
N1SDP supports two DRAM's. This change is to add 2nd DRAM
starting at 0x8080000000 address.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
diff --git a/core/arch/arm/plat-n1sdp/conf.mk b/core/arch/arm/plat-n1sdp/conf.mk
index 06b4975a..5374e406 100644
--- a/core/arch/arm/plat-n1sdp/conf.mk
+++ b/core/arch/arm/plat-n1sdp/conf.mk
@@ -38,4 +38,4 @@ CFG_SHMEM_START ?= 0x83000000
CFG_SHMEM_SIZE ?= 0x00210000
# DRAM1 is defined above 4G
$(call force,CFG_CORE_LARGE_PHYS_ADDR,y)
-$(call force,CFG_CORE_ARM64_PA_BITS,36)
+$(call force,CFG_CORE_ARM64_PA_BITS,42)
diff --git a/core/arch/arm/plat-n1sdp/main.c b/core/arch/arm/plat-n1sdp/main.c
index cfb7f19b..bb951ce6 100644
--- a/core/arch/arm/plat-n1sdp/main.c
+++ b/core/arch/arm/plat-n1sdp/main.c
@@ -33,6 +33,7 @@ static struct pl011_data console_data __nex_bss;
register_phys_mem_pgdir(MEM_AREA_IO_SEC, CONSOLE_UART_BASE, PL011_REG_SIZE);
register_ddr(DRAM0_BASE, DRAM0_SIZE);
+register_ddr(DRAM1_BASE, DRAM1_SIZE);
register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICD_BASE, GIC_DIST_REG_SIZE);
register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICC_BASE, GIC_DIST_REG_SIZE);
diff --git a/core/arch/arm/plat-n1sdp/platform_config.h b/core/arch/arm/plat-n1sdp/platform_config.h
index 81b99409..bf0a3c83 100644
--- a/core/arch/arm/plat-n1sdp/platform_config.h
+++ b/core/arch/arm/plat-n1sdp/platform_config.h
@@ -35,6 +35,9 @@
#define DRAM0_BASE 0x80000000
#define DRAM0_SIZE 0x80000000
+#define DRAM1_BASE 0x8080000000ULL
+#define DRAM1_SIZE 0x80000000ULL
+
#define GICD_BASE 0x30000000
#define GICC_BASE 0x2C000000
#define GICR_BASE 0x300C0000
--
2.17.1

44
sources/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0004-plat-n1sdp-add-external-device-tree-base-and-size.patch Normal file
View File

@@ -0,0 +1,44 @@
Upstream-Status: Pending [Not submitted to upstream yet]
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
From 1a9aeedda58228893add545e49d2d6cd4c316b4f Mon Sep 17 00:00:00 2001
From: Emekcan <emekcan.aras@arm.com>
Date: Tue, 13 Dec 2022 13:45:06 +0000
Subject: [PATCH] plat-n1sdp: add external device tree base and size
Adds external device tree address and size. It also
register this physical memory so optee can read the device tree.
---
core/arch/arm/plat-n1sdp/main.c | 1 +
core/arch/arm/plat-n1sdp/platform_config.h | 3 +++
2 files changed, 4 insertions(+)
diff --git a/core/arch/arm/plat-n1sdp/main.c b/core/arch/arm/plat-n1sdp/main.c
index bb951ce6b..ab76f60c6 100644
--- a/core/arch/arm/plat-n1sdp/main.c
+++ b/core/arch/arm/plat-n1sdp/main.c
@@ -31,6 +31,7 @@ static struct gic_data gic_data __nex_bss;
static struct pl011_data console_data __nex_bss;
register_phys_mem_pgdir(MEM_AREA_IO_SEC, CONSOLE_UART_BASE, PL011_REG_SIZE);
+register_phys_mem_pgdir(MEM_AREA_EXT_DT, EXT_DT_BASE, EXT_DT_SIZE);
register_ddr(DRAM0_BASE, DRAM0_SIZE);
register_ddr(DRAM1_BASE, DRAM1_SIZE);
diff --git a/core/arch/arm/plat-n1sdp/platform_config.h b/core/arch/arm/plat-n1sdp/platform_config.h
index bf0a3c834..8741a2503 100644
--- a/core/arch/arm/plat-n1sdp/platform_config.h
+++ b/core/arch/arm/plat-n1sdp/platform_config.h
@@ -42,6 +42,9 @@
#define GICC_BASE 0x2C000000
#define GICR_BASE 0x300C0000
+#define EXT_DT_BASE 0x04001600
+#define EXT_DT_SIZE 0x200
+
#ifndef UART_BAUDRATE
#define UART_BAUDRATE 115200
#endif
--
2.17.1

6
sources/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/sp_layout.json Normal file
View File

@@ -0,0 +1,6 @@
{
"op-tee" : {
"image": "tee-pager_v2.bin",
"pm": "optee_sp_manifest.dts"
}
}

3
sources/meta-arm/meta-arm-bsp/recipes-security/optee/optee-examples_3.18.0.bb Normal file
View File

@@ -0,0 +1,3 @@
require recipes-security/optee/optee-examples.inc
SRCREV = "f301ee9df2129c0db683e726c91dc2cefe4cdb65"

3
sources/meta-arm/meta-arm-bsp/recipes-security/optee/optee-examples_3.20.0.bb Normal file
View File

@@ -0,0 +1,3 @@
require recipes-security/optee/optee-examples.inc
SRCREV = "a98d01e1b9168eaed96bcd0bac0df67c44a81081"

3
sources/meta-arm/meta-arm-bsp/recipes-security/optee/optee-examples_4.0.0.bb Normal file
View File

@@ -0,0 +1,3 @@
require recipes-security/optee/optee-examples.inc
SRCREV = "378dc0db2d5dd279f58a3b6cb3f78ffd6b165035"

1
sources/meta-arm/meta-arm-bsp/recipes-security/optee/optee-ftpm_%.bbappend Normal file
View File

@@ -0,0 +1 @@
COMPATIBLE_MACHINE:sbsa-ref = "sbsa-ref"

18
sources/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc Normal file
View File

@@ -0,0 +1,18 @@
FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/corstone1000:"
SRC_URI:append = " \
file://0001-Handle-logging-syscall.patch \
file://0002-increase-tzdram-size.patch \
"
COMPATIBLE_MACHINE = "corstone1000"
OPTEEMACHINE = "corstone1000"
# Enable optee memory layout and boot logs
EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4"
# default disable latency benchmarks (over all OP-TEE layers)
EXTRA_OEMAKE += " CFG_TEE_BENCHMARK=n"
EXTRA_OEMAKE += " CFG_CORE_SEL1_SPMC=y CFG_CORE_FFA=y"
EXTRA_OEMAKE += " CFG_WITH_SP=y"

13
sources/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-fvp-base.inc Normal file
View File

@@ -0,0 +1,13 @@
COMPATIBLE_MACHINE = "fvp-base"
OPTEEMACHINE = "vexpress-fvp"
# Enable boot logs
EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4"
# default disable latency benchmarks (over all OP-TEE layers)
EXTRA_OEMAKE += " CFG_TEE_BENCHMARK=n"
# If FF-A is enabled configure to be the SPMC.
EXTRA_OEMAKE += "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', ' CFG_CORE_HEAP_SIZE=131072 CFG_CORE_SEL1_SPMC=y CFG_DT=y', '' ,d)}"
EXTRA_OEMAKE += " CFG_ARM_GICV3=y"

2
sources/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-generic-n1sdp.inc Normal file
View File

@@ -0,0 +1,2 @@
COMPATIBLE_MACHINE:n1sdp = "n1sdp"
OPTEEMACHINE:n1sdp = "n1sdp"

29
sources/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc Normal file
View File

@@ -0,0 +1,29 @@
# N1 SDP specific configuration for optee-os
require optee-os-generic-n1sdp.inc
TS_INSTALL_PREFIX_PATH = "${RECIPE_SYSROOT}/firmware/sp/opteesp"
FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/n1sdp:"
SRC_URI:append = " \
file://0001-plat-n1sdp-add-N1SDP-platform-support.patch \
file://0002-Handle-logging-syscall.patch \
file://0003-plat-n1sdp-register-DRAM1-to-optee-os.patch \
file://0004-plat-n1sdp-add-external-device-tree-base-and-size.patch \
"
EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4"
EXTRA_OEMAKE += " CFG_TEE_BENCHMARK=n"
EXTRA_OEMAKE += " CFG_CORE_SEL1_SPMC=y CFG_CORE_FFA=y"
EXTRA_OEMAKE += " CFG_WITH_SP=y"
EXTRA_OEMAKE += " CFG_DT=y"
EXTRA_OEMAKE += " CFG_SECURE_PARTITION=y"
EXTRA_OEMAKE += " CFG_MAP_EXT_DT_SECURE=y"
EXTRA_OEMAKE += " CFG_ENABLE_EMBEDDED_TESTS=y"

1
sources/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-sbsa-ref.inc Normal file
View File

@@ -0,0 +1 @@
COMPATIBLE_MACHINE:sbsa-ref = "sbsa-ref"

7
sources/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_4.%.bbappend Normal file
View File

@@ -0,0 +1,7 @@
# Machine specific configurations
MACHINE_OPTEE_OS_TADEVKIT_REQUIRE ?= ""
MACHINE_OPTEE_OS_TADEVKIT_REQUIRE:n1sdp = "optee-os-n1sdp.inc"
MACHINE_OPTEE_OS_TADEVKIT_REQUIRE:fvp-base = "optee-os-fvp-base.inc"
require ${MACHINE_OPTEE_OS_TADEVKIT_REQUIRE}

9
sources/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_4.%.bbappend Normal file
View File

@@ -0,0 +1,9 @@
# Machine specific configurations
MACHINE_OPTEE_OS_REQUIRE ?= ""
MACHINE_OPTEE_OS_REQUIRE:corstone1000 = "optee-os-corstone1000-common.inc"
MACHINE_OPTEE_OS_REQUIRE:fvp-base = "optee-os-fvp-base.inc"
MACHINE_OPTEE_OS_REQUIRE:n1sdp = "optee-os-n1sdp.inc"
MACHINE_OPTEE_OS_REQUIRE:sbsa-ref = "optee-os-sbsa-ref.inc"
require ${MACHINE_OPTEE_OS_REQUIRE}

3
sources/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test-fvp-base.inc Normal file
View File

@@ -0,0 +1,3 @@
# fvp-base specific configuration
COMPATIBLE_MACHINE = "fvp-base"

52
sources/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test/run-ptest Executable file
View File

@@ -0,0 +1,52 @@
#!/bin/sh
xtest | awk '
# Escapes the special characters in a string so that, when
# included in a regex, it represents a literal match
function regx_escape_literal(str, ret) {
ret = str
gsub(/[\[\]\^\$\.\*\?\+\{\}\\\(\)\|]/ , "\\\\&", str)
return str
}
# Returns the simple test formatted name
function name(n, ret) {
ret = n
gsub(/\./, " ", ret)
return ret
}
# Returns the simple test formatted result
function result(res) {
if(res ~ /OK/) {
return "PASS"
} else if(res ~ /FAILED/) {
return "FAIL"
}
}
function parse(name, description, has_subtests, result_line) {
has_subtests = 0
# Consume every line up to the result line
result_line = " " regx_escape_literal(name) " (OK|FAILED)"
do {
getline
# If this is a subtest (denoted by an "o" bullet) then subparse
if($0 ~ /^o /) {
parse($2, description " : " substr($0, index($0, $3)))
has_subtests = 1
}
} while ($0 !~ result_line)
# Only print the results for the deepest nested subtests
if(!has_subtests) {
print result($2) ": " name(name) " - " description
}
}
# Start parsing at the beginning of every test (denoted by a "*" bullet)
/^\* / { parse($2, substr($0, index($0, $3))) }
'

7
sources/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_4.%.bbappend Normal file
View File

@@ -0,0 +1,7 @@
# Machine specific configurations
MACHINE_OPTEE_TEST_REQUIRE ?= ""
MACHINE_OPTEE_TEST_REQUIRE:n1sdp = "optee-os-generic-n1sdp.inc"
MACHINE_OPTEE_TEST_REQUIRE:fvp-base = "optee-test-fvp-base.inc"
require ${MACHINE_OPTEE_TEST_REQUIRE}

3
sources/meta-arm/meta-arm-bsp/recipes-security/packagegroups/packagegroup-ts-tests.bbappend Normal file
View File

@@ -0,0 +1,3 @@
COMPATIBLE_MACHINE:corstone1000 = "corstone1000"
COMPATIBLE_MACHINE:n1sdp = "n1sdp"
COMPATIBLE_MACHINE:fvp-base = "fvp-base"

378
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch Normal file
View File

@@ -0,0 +1,378 @@
From 1ba2a22575c1b73b5ab09e040a00f370eca4b758 Mon Sep 17 00:00:00 2001
From: Julian Hall <julian.hall@arm.com>
Date: Tue, 12 Oct 2021 15:45:41 +0100
Subject: [PATCH 1/8] Add stub capsule update service components
To facilitate development of a capsule update service provider,
stub components are added to provide a starting point for an
implementation. The capsule update service provider is integrated
into the se-proxy/common deployment.
Upstream-Status: Pending
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Julian Hall <julian.hall@arm.com>
Change-Id: I0d4049bb4de5af7ca80806403301692507085d28
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
.../backend/capsule_update_backend.h | 24 ++++
.../provider/capsule_update_provider.c | 135 ++++++++++++++++++
.../provider/capsule_update_provider.h | 51 +++++++
.../capsule_update/provider/component.cmake | 13 ++
.../se-proxy/infra/corstone1000/infra.cmake | 1 +
deployments/se-proxy/se_proxy_interfaces.h | 9 +-
.../capsule_update/capsule_update_proto.h | 13 ++
protocols/service/capsule_update/opcodes.h | 17 +++
protocols/service/capsule_update/parameters.h | 15 ++
9 files changed, 274 insertions(+), 4 deletions(-)
create mode 100644 components/service/capsule_update/backend/capsule_update_backend.h
create mode 100644 components/service/capsule_update/provider/capsule_update_provider.c
create mode 100644 components/service/capsule_update/provider/capsule_update_provider.h
create mode 100644 components/service/capsule_update/provider/component.cmake
create mode 100644 protocols/service/capsule_update/capsule_update_proto.h
create mode 100644 protocols/service/capsule_update/opcodes.h
create mode 100644 protocols/service/capsule_update/parameters.h
diff --git a/components/service/capsule_update/backend/capsule_update_backend.h b/components/service/capsule_update/backend/capsule_update_backend.h
new file mode 100644
index 000000000..f3144ff1d
--- /dev/null
+++ b/components/service/capsule_update/backend/capsule_update_backend.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef CAPSULE_UPDATE_BACKEND_H
+#define CAPSULE_UPDATE_BACKEND_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Defines the common capsule update backend interface. Concrete backends
+ * implement this interface for different types of platform.
+ */
+
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* CAPSULE_UPDATE_BACKEND_H */
diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
new file mode 100644
index 000000000..f35c272d2
--- /dev/null
+++ b/components/service/capsule_update/provider/capsule_update_provider.c
@@ -0,0 +1,135 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <psa/client.h>
+#include <psa/sid.h>
+#include <trace.h>
+
+#include <protocols/service/capsule_update/capsule_update_proto.h>
+#include <protocols/rpc/common/packed-c/status.h>
+#include "capsule_update_provider.h"
+
+
+#define CAPSULE_UPDATE_REQUEST (0x1)
+#define KERNEL_STARTED_EVENT (0x2)
+
+enum corstone1000_ioctl_id_t {
+ IOCTL_CORSTONE1000_FWU_FLASH_IMAGES = 0,
+ IOCTL_CORSTONE1000_FWU_HOST_ACK,
+};
+
+/* Service request handlers */
+static rpc_status_t update_capsule_handler(void *context, struct rpc_request *req);
+static rpc_status_t boot_confirmed_handler(void *context, struct rpc_request *req);
+
+/* Handler mapping table for service */
+static const struct service_handler handler_table[] = {
+ {CAPSULE_UPDATE_OPCODE_UPDATE_CAPSULE, update_capsule_handler},
+ {CAPSULE_UPDATE_OPCODE_BOOT_CONFIRMED, boot_confirmed_handler}
+};
+
+struct rpc_service_interface *capsule_update_provider_init(
+ struct capsule_update_provider *context)
+{
+ struct rpc_service_interface *rpc_interface = NULL;
+ const struct rpc_uuid dummy_uuid = { .uuid = { 0 }};
+ if (!context)
+ return NULL;
+
+ service_provider_init(
+ &context->base_provider,
+ context,
+ &dummy_uuid,
+ handler_table,
+ sizeof(handler_table)/sizeof(struct service_handler));
+
+ rpc_interface = service_provider_get_rpc_interface(&context->base_provider);
+
+
+ return rpc_interface;
+}
+
+void capsule_update_provider_deinit(struct capsule_update_provider *context)
+{
+ (void)context;
+}
+
+static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller_interface *caller)
+{
+ uint32_t ioctl_id;
+ psa_handle_t handle;
+ rpc_status_t rpc_status = TS_RPC_CALL_ACCEPTED;
+
+ struct psa_invec in_vec[] = {
+ { .base = &ioctl_id, .len = sizeof(ioctl_id) }
+ };
+
+ if(!caller) {
+ EMSG("event_handler rpc_caller is NULL");
+ rpc_status = TS_RPC_ERROR_RESOURCE_FAILURE;
+ return rpc_status;
+ }
+
+ IMSG("event handler opcode %x", opcode);
+ switch(opcode) {
+ case CAPSULE_UPDATE_REQUEST:
+ /* Openamp call with IOCTL for firmware update*/
+ ioctl_id = IOCTL_CORSTONE1000_FWU_FLASH_IMAGES;
+ handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
+ TFM_SP_PLATFORM_IOCTL_VERSION);
+ if (handle <= 0) {
+ EMSG("%s Invalid handle", __func__);
+ rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
+ return rpc_status;
+ }
+ psa_call(caller,handle, PSA_IPC_CALL,
+ in_vec,IOVEC_LEN(in_vec), NULL, 0);
+ break;
+
+ case KERNEL_STARTED_EVENT:
+ ioctl_id = IOCTL_CORSTONE1000_FWU_HOST_ACK;
+ /*openamp call with IOCTL for kernel start*/
+ handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
+ TFM_SP_PLATFORM_IOCTL_VERSION);
+ if (handle <= 0) {
+ EMSG("%s Invalid handle", __func__);
+ rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
+ return rpc_status;
+ }
+ psa_call(caller,handle, PSA_IPC_CALL,
+ in_vec,IOVEC_LEN(in_vec), NULL, 0);
+ break;
+ default:
+ EMSG("%s unsupported opcode", __func__);
+ rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
+ return rpc_status;
+ }
+ return rpc_status;
+
+}
+
+static rpc_status_t update_capsule_handler(void *context, struct rpc_request *req)
+{
+ struct capsule_update_provider *this_instance = (struct capsule_update_provider*)context;
+ struct rpc_caller_interface *caller = this_instance->client.session->caller;
+ uint32_t opcode = req->opcode;
+ rpc_status_t rpc_status = TS_RPC_ERROR_NOT_READY;
+
+ rpc_status = event_handler(opcode, caller);
+ return rpc_status;
+}
+
+static rpc_status_t boot_confirmed_handler(void *context, struct rpc_request *req)
+{
+ struct capsule_update_provider *this_instance = (struct capsule_update_provider*)context;
+ struct rpc_caller_interface *caller = this_instance->client.session->caller;
+ uint32_t opcode = req->opcode;
+ rpc_status_t rpc_status = TS_RPC_ERROR_NOT_READY;
+
+ rpc_status = event_handler(opcode, caller);
+
+ return rpc_status;
+}
diff --git a/components/service/capsule_update/provider/capsule_update_provider.h b/components/service/capsule_update/provider/capsule_update_provider.h
new file mode 100644
index 000000000..5dc5535d6
--- /dev/null
+++ b/components/service/capsule_update/provider/capsule_update_provider.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef CAPSULE_UPDATE_PROVIDER_H
+#define CAPSULE_UPDATE_PROVIDER_H
+
+#include <rpc/common/endpoint/rpc_service_interface.h>
+#include <service/common/provider/service_provider.h>
+#include <service/common/client/service_client.h>
+#include <service/capsule_update/backend/capsule_update_backend.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * The capsule_update_provider is a service provider that accepts update capsule
+ * requests and delegates them to a suitable backend that applies the update.
+ */
+struct capsule_update_provider
+{
+ struct service_provider base_provider;
+ struct service_client client;
+};
+
+/**
+ * \brief Initialize an instance of the capsule update service provider
+ *
+ * @param[in] context The instance to initialize
+ *
+ * \return An rpc_service_interface or NULL on failure
+ */
+struct rpc_service_interface *capsule_update_provider_init(
+ struct capsule_update_provider *context);
+
+/**
+ * \brief Cleans up when the instance is no longer needed
+ *
+ * \param[in] context The instance to de-initialize
+ */
+void capsule_update_provider_deinit(
+ struct capsule_update_provider *context);
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* CAPSULE_UPDATE_PROVIDER_H */
diff --git a/components/service/capsule_update/provider/component.cmake b/components/service/capsule_update/provider/component.cmake
new file mode 100644
index 000000000..1d412eb23
--- /dev/null
+++ b/components/service/capsule_update/provider/component.cmake
@@ -0,0 +1,13 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+if (NOT DEFINED TGT)
+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
+endif()
+
+target_sources(${TGT} PRIVATE
+ "${CMAKE_CURRENT_LIST_DIR}/capsule_update_provider.c"
+ )
diff --git a/deployments/se-proxy/infra/corstone1000/infra.cmake b/deployments/se-proxy/infra/corstone1000/infra.cmake
index a52a1b711..4658c9662 100644
--- a/deployments/se-proxy/infra/corstone1000/infra.cmake
+++ b/deployments/se-proxy/infra/corstone1000/infra.cmake
@@ -21,6 +21,7 @@ add_components(TARGET "se-proxy"
"components/service/attestation/key_mngr/local"
"components/service/attestation/reporter/psa_ipc"
"components/service/crypto/backend/psa_ipc"
+ "components/service/capsule_update/provider"
"components/service/secure_storage/backend/secure_storage_ipc"
)
diff --git a/deployments/se-proxy/se_proxy_interfaces.h b/deployments/se-proxy/se_proxy_interfaces.h
index 48908f846..3d4a7c204 100644
--- a/deployments/se-proxy/se_proxy_interfaces.h
+++ b/deployments/se-proxy/se_proxy_interfaces.h
@@ -8,9 +8,10 @@
#define SE_PROXY_INTERFACES_H
/* Interface IDs from service endpoints available from an se-proxy deployment */
-#define SE_PROXY_INTERFACE_ID_ITS (0)
-#define SE_PROXY_INTERFACE_ID_PS (1)
-#define SE_PROXY_INTERFACE_ID_CRYPTO (2)
-#define SE_PROXY_INTERFACE_ID_ATTEST (3)
+#define SE_PROXY_INTERFACE_ID_ITS (0)
+#define SE_PROXY_INTERFACE_ID_PS (1)
+#define SE_PROXY_INTERFACE_ID_CRYPTO (2)
+#define SE_PROXY_INTERFACE_ID_ATTEST (3)
+#define SE_PROXY_INTERFACE_ID_CAPSULE_UPDATE (4)
#endif /* SE_PROXY_INTERFACES_H */
diff --git a/protocols/service/capsule_update/capsule_update_proto.h b/protocols/service/capsule_update/capsule_update_proto.h
new file mode 100644
index 000000000..8f326cd38
--- /dev/null
+++ b/protocols/service/capsule_update/capsule_update_proto.h
@@ -0,0 +1,13 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef CAPSULE_UPDATE_PROTO_H
+#define CAPSULE_UPDATE_PROTO_H
+
+#include <protocols/service/capsule_update/opcodes.h>
+#include <protocols/service/capsule_update/parameters.h>
+
+#endif /* CAPSULE_UPDATE_PROTO_H */
diff --git a/protocols/service/capsule_update/opcodes.h b/protocols/service/capsule_update/opcodes.h
new file mode 100644
index 000000000..8185a0902
--- /dev/null
+++ b/protocols/service/capsule_update/opcodes.h
@@ -0,0 +1,17 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef CAPSULE_UPDATE_OPCODES_H
+#define CAPSULE_UPDATE_OPCODES_H
+
+/**
+ * Opcode definitions for the capsule update service
+ */
+
+#define CAPSULE_UPDATE_OPCODE_UPDATE_CAPSULE 1
+#define CAPSULE_UPDATE_OPCODE_BOOT_CONFIRMED 2
+
+#endif /* CAPSULE_UPDATE_OPCODES_H */
diff --git a/protocols/service/capsule_update/parameters.h b/protocols/service/capsule_update/parameters.h
new file mode 100644
index 000000000..285d92418
--- /dev/null
+++ b/protocols/service/capsule_update/parameters.h
@@ -0,0 +1,15 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef CAPSULE_UPDATE_PARAMETERS_H
+#define CAPSULE_UPDATE_PARAMETERS_H
+
+/**
+ * Operation parameter definitions for the capsule update service access protocol.
+ */
+
+
+#endif /* CAPSULE_UPDATE_PARAMETERS_H */
--
2.25.1

121
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch Normal file
View File

@@ -0,0 +1,121 @@
From 1923e1f4dbd8f912701c2870822fa4b61eb6082d Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Mon, 14 Feb 2022 08:22:25 +0000
Subject: [PATCH 2/8] Fixes in AEAD for psa-arch test 54 and 58.
Upstream-Status: Pending [Not submitted to upstream yet]
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
.../crypto/client/caller/packed-c/crypto_caller_aead.h | 1 +
components/service/crypto/include/psa/crypto_sizes.h | 2 +-
.../crypto/provider/extension/aead/aead_provider.c | 8 ++++++--
.../extension/aead/serializer/aead_provider_serializer.h | 1 +
.../packed-c/packedc_aead_provider_serializer.c | 2 ++
protocols/service/crypto/packed-c/aead.h | 1 +
6 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h
index bf39762b0..27ffbc66e 100644
--- a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h
+++ b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h
@@ -314,6 +314,7 @@ static inline psa_status_t crypto_caller_aead_update(struct service_client *cont
size_t req_len = req_fixed_len;
*output_length = 0;
+ req_msg.output_size = output_size;
req_msg.op_handle = op_handle;
/* Mandatory input data parameter */
diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h
index 30aa102da..130d27295 100644
--- a/components/service/crypto/include/psa/crypto_sizes.h
+++ b/components/service/crypto/include/psa/crypto_sizes.h
@@ -351,7 +351,7 @@
* just the largest size that may be generated by
* #psa_aead_generate_nonce().
*/
-#define PSA_AEAD_NONCE_MAX_SIZE 12
+#define PSA_AEAD_NONCE_MAX_SIZE 16
/** A sufficient output buffer size for psa_aead_update().
*
diff --git a/components/service/crypto/provider/extension/aead/aead_provider.c b/components/service/crypto/provider/extension/aead/aead_provider.c
index b73d88d32..6a0f96c3c 100644
--- a/components/service/crypto/provider/extension/aead/aead_provider.c
+++ b/components/service/crypto/provider/extension/aead/aead_provider.c
@@ -283,10 +283,11 @@ static rpc_status_t aead_update_handler(void *context, struct rpc_request *req)
uint32_t op_handle;
const uint8_t *input;
size_t input_len;
+ uint32_t recv_output_size;
if (serializer)
rpc_status = serializer->deserialize_aead_update_req(req_buf, &op_handle,
- &input, &input_len);
+ &recv_output_size, &input, &input_len);
if (rpc_status == RPC_SUCCESS) {
@@ -300,9 +301,12 @@ static rpc_status_t aead_update_handler(void *context, struct rpc_request *req)
if (crypto_context) {
size_t output_len = 0;
- size_t output_size = PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_len);
+ size_t output_size = PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(24);
uint8_t *output = malloc(output_size);
+ if (recv_output_size < output_size) {
+ output_size = recv_output_size;
+ }
if (output) {
psa_status = psa_aead_update(&crypto_context->op.aead,
diff --git a/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h b/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h
index be76d2bc6..590973048 100644
--- a/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h
+++ b/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h
@@ -51,6 +51,7 @@ struct aead_provider_serializer {
/* Operation: aead_update */
rpc_status_t (*deserialize_aead_update_req)(const struct rpc_buffer *req_buf,
uint32_t *op_handle,
+ uint32_t *output_size,
const uint8_t **input, size_t *input_len);
rpc_status_t (*serialize_aead_update_resp)(struct rpc_buffer *resp_buf,
diff --git a/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c b/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c
index 8f8c3c7f2..922a7b651 100644
--- a/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c
+++ b/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c
@@ -192,6 +192,7 @@ static rpc_status_t deserialize_aead_update_ad_req(const struct rpc_buffer *req_
/* Operation: aead_update */
static rpc_status_t deserialize_aead_update_req(const struct rpc_buffer *req_buf,
uint32_t *op_handle,
+ uint32_t *output_size,
const uint8_t **input, size_t *input_len)
{
rpc_status_t rpc_status = RPC_ERROR_INVALID_REQUEST_BODY;
@@ -208,6 +209,7 @@ static rpc_status_t deserialize_aead_update_req(const struct rpc_buffer *req_buf
memcpy(&recv_msg, req_buf->data, expected_fixed_len);
*op_handle = recv_msg.op_handle;
+ *output_size = recv_msg.output_size;
tlv_const_iterator_begin(&req_iter,
(uint8_t*)req_buf->data + expected_fixed_len,
diff --git a/protocols/service/crypto/packed-c/aead.h b/protocols/service/crypto/packed-c/aead.h
index 0be266b52..435fd3b52 100644
--- a/protocols/service/crypto/packed-c/aead.h
+++ b/protocols/service/crypto/packed-c/aead.h
@@ -98,6 +98,7 @@ enum
struct __attribute__ ((__packed__)) ts_crypto_aead_update_in
{
uint32_t op_handle;
+ uint32_t output_size;
};
/* Variable length input parameter tags */
--
2.25.1

418
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch Normal file
View File

@@ -0,0 +1,418 @@
From ef6b4fef7b7a740d6df8dab12aa7c73d06bb9f3b Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Fri, 8 Jul 2022 09:48:06 +0100
Subject: [PATCH 3/8] FMP Support in Corstone1000.
The FMP support is used by u-boot to pupolate ESRT information
for the kernel.
The solution is platform specific and needs to be revisted.
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Upstream-Status: Inappropriate [The solution is platform specific and needs to be revisted]
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
.../provider/capsule_update_provider.c | 5 +
.../capsule_update/provider/component.cmake | 1 +
.../provider/corstone1000_fmp_service.c | 307 ++++++++++++++++++
.../provider/corstone1000_fmp_service.h | 26 ++
4 files changed, 339 insertions(+)
create mode 100644 components/service/capsule_update/provider/corstone1000_fmp_service.c
create mode 100644 components/service/capsule_update/provider/corstone1000_fmp_service.h
diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
index f35c272d2..bfeb7301a 100644
--- a/components/service/capsule_update/provider/capsule_update_provider.c
+++ b/components/service/capsule_update/provider/capsule_update_provider.c
@@ -11,6 +11,7 @@
#include <protocols/service/capsule_update/capsule_update_proto.h>
#include <protocols/rpc/common/packed-c/status.h>
#include "capsule_update_provider.h"
+#include "corstone1000_fmp_service.h"
#define CAPSULE_UPDATE_REQUEST (0x1)
@@ -49,6 +50,8 @@ struct rpc_service_interface *capsule_update_provider_init(
rpc_interface = service_provider_get_rpc_interface(&context->base_provider);
+ provision_fmp_variables_metadata(context->client.session->caller);
+
return rpc_interface;
}
@@ -87,6 +90,7 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller_interface *
}
psa_call(caller,handle, PSA_IPC_CALL,
in_vec,IOVEC_LEN(in_vec), NULL, 0);
+ set_fmp_image_info(caller, handle);
break;
case KERNEL_STARTED_EVENT:
@@ -101,6 +105,7 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller_interface *
}
psa_call(caller,handle, PSA_IPC_CALL,
in_vec,IOVEC_LEN(in_vec), NULL, 0);
+ set_fmp_image_info(caller, handle);
break;
default:
EMSG("%s unsupported opcode", __func__);
diff --git a/components/service/capsule_update/provider/component.cmake b/components/service/capsule_update/provider/component.cmake
index 1d412eb23..6b0601494 100644
--- a/components/service/capsule_update/provider/component.cmake
+++ b/components/service/capsule_update/provider/component.cmake
@@ -10,4 +10,5 @@ endif()
target_sources(${TGT} PRIVATE
"${CMAKE_CURRENT_LIST_DIR}/capsule_update_provider.c"
+ "${CMAKE_CURRENT_LIST_DIR}/corstone1000_fmp_service.c"
)
diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c
new file mode 100644
index 000000000..56ce38579
--- /dev/null
+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c
@@ -0,0 +1,307 @@
+/*
+ * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include "corstone1000_fmp_service.h"
+#include <psa/client.h>
+#include <psa/sid.h>
+#include <psa/storage_common.h>
+#include <trace.h>
+
+#include <service/uefi/smm_variable/backend/variable_index.h>
+
+#define VARIABLE_INDEX_STORAGE_UID (0x787)
+
+/**
+ * Variable attributes
+ */
+#define EFI_VARIABLE_NON_VOLATILE (0x00000001)
+#define EFI_VARIABLE_BOOTSERVICE_ACCESS (0x00000002)
+#define EFI_VARIABLE_RUNTIME_ACCESS (0x00000004)
+#define EFI_VARIABLE_HARDWARE_ERROR_RECORD (0x00000008)
+#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS (0x00000010)
+#define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS (0x00000020)
+#define EFI_VARIABLE_APPEND_WRITE (0x00000040)
+#define EFI_VARIABLE_MASK \
+ (EFI_VARIABLE_NON_VOLATILE | \
+ EFI_VARIABLE_BOOTSERVICE_ACCESS | \
+ EFI_VARIABLE_RUNTIME_ACCESS | \
+ EFI_VARIABLE_HARDWARE_ERROR_RECORD | \
+ EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \
+ EFI_VARIABLE_APPEND_WRITE)
+
+#define FMP_VARIABLES_COUNT 6
+
+static struct variable_metadata fmp_variables_metadata[FMP_VARIABLES_COUNT] = {
+ {
+ { 0x86c77a67, 0x0b97, 0x4633, \
+ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
+ /* name size = (variable_name + \0) * sizeof(u16) */
+ .name_size = 42, { 'F', 'm', 'p', 'D', 'e', 's', 'c', 'r', 'i', 'p', 't', 'o', 'r', 'V', 'e', 'r', 's', 'i', 'o', 'n' },
+ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
+ },
+ {
+ { 0x86c77a67, 0x0b97, 0x4633, \
+ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
+ /* name size = (variable_name + \0) * sizeof(u16) */
+ .name_size = 34, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'I', 'n', 'f', 'o', 'S', 'i', 'z', 'e' },
+ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
+ },
+ {
+ { 0x86c77a67, 0x0b97, 0x4633, \
+ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
+ /* name size = (variable_name + \0) * sizeof(u16) */
+ .name_size = 38, { 'F', 'm', 'p', 'D', 'e', 's', 'c', 'r', 'i', 'p', 't', 'o', 'r', 'C', 'o', 'u', 'n', 't' },
+ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
+ },
+ {
+ { 0x86c77a67, 0x0b97, 0x4633, \
+ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
+ /* name size = (variable_name + \0) * sizeof(u16) */
+ .name_size = 26, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'I', 'n', 'f', 'o' },
+ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
+ },
+ {
+ { 0x86c77a67, 0x0b97, 0x4633, \
+ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
+ /* name size = (variable_name + \0) * sizeof(u16) */
+ .name_size = 28, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'N', 'a', 'm', 'e', '1' },
+ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
+ },
+ {
+ { 0x86c77a67, 0x0b97, 0x4633, \
+ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
+ /* name size = (variable_name + \0) * sizeof(u16) */
+ .name_size = 32, { 'F', 'm', 'p', 'V', 'e', 'r', 's', 'i', 'o', 'n', 'N', 'a', 'm', 'e', '1' },
+ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
+ },
+};
+
+static psa_status_t protected_storage_set(struct rpc_caller_interface *caller,
+ psa_storage_uid_t uid, size_t data_length, const void *p_data)
+{
+ psa_status_t psa_status;
+ psa_storage_create_flags_t create_flags = PSA_STORAGE_FLAG_NONE;
+
+ struct psa_invec in_vec[] = {
+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
+ { .base = psa_ptr_const_to_u32(p_data), .len = data_length },
+ { .base = psa_ptr_to_u32(&create_flags), .len = sizeof(create_flags) },
+ };
+
+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_ITS_SET,
+ in_vec, IOVEC_LEN(in_vec), NULL, 0);
+ if (psa_status < 0)
+ EMSG("ipc_set: psa_call failed: %d", psa_status);
+
+ return psa_status;
+}
+
+static psa_status_t protected_storage_get(struct rpc_caller_interface *caller,
+ psa_storage_uid_t uid, size_t data_size, void *p_data)
+{
+ psa_status_t psa_status;
+ uint32_t offset = 0;
+
+ struct psa_invec in_vec[] = {
+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
+ { .base = psa_ptr_to_u32(&offset), .len = sizeof(offset) },
+ };
+
+ struct psa_outvec out_vec[] = {
+ { .base = psa_ptr_to_u32(p_data), .len = data_size },
+ };
+
+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
+ TFM_PS_ITS_GET, in_vec, IOVEC_LEN(in_vec),
+ out_vec, IOVEC_LEN(out_vec));
+
+ if (psa_status == PSA_SUCCESS && out_vec[0].len != data_size) {
+ EMSG("Return size does not match with expected size.");
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
+
+ return psa_status;
+}
+
+static uint64_t name_hash(EFI_GUID *guid, size_t name_size,
+ const int16_t *name)
+{
+ /* Using djb2 hash by Dan Bernstein */
+ uint64_t hash = 5381;
+
+ /* Calculate hash over GUID */
+ hash = ((hash << 5) + hash) + guid->Data1;
+ hash = ((hash << 5) + hash) + guid->Data2;
+ hash = ((hash << 5) + hash) + guid->Data3;
+
+ for (int i = 0; i < 8; ++i) {
+
+ hash = ((hash << 5) + hash) + guid->Data4[i];
+ }
+
+ /* Extend to cover name up to but not including null terminator */
+ for (int i = 0; i < name_size / sizeof(int16_t); ++i) {
+
+ if (!name[i]) break;
+ hash = ((hash << 5) + hash) + name[i];
+ }
+
+ return hash;
+}
+
+
+static void initialize_metadata(void)
+{
+ for (int i = 0; i < FMP_VARIABLES_COUNT; i++) {
+
+ fmp_variables_metadata[i].uid = name_hash(
+ &fmp_variables_metadata[i].guid,
+ fmp_variables_metadata[i].name_size,
+ fmp_variables_metadata[i].name);
+ }
+}
+
+
+void provision_fmp_variables_metadata(struct rpc_caller_interface *caller)
+{
+ struct variable_metadata metadata;
+ psa_status_t status;
+ uint32_t dummy_values = 0xDEAD;
+
+ EMSG("Provisioning FMP metadata.");
+
+ initialize_metadata();
+
+ status = protected_storage_get(caller, VARIABLE_INDEX_STORAGE_UID,
+ sizeof(struct variable_metadata), &metadata);
+
+ if (status == PSA_SUCCESS) {
+ EMSG("UEFI variables store is already provisioned.");
+ return;
+ }
+
+ /* Provision FMP variables with dummy values. */
+ for (int i = 0; i < FMP_VARIABLES_COUNT; i++) {
+ protected_storage_set(caller, fmp_variables_metadata[i].uid,
+ sizeof(dummy_values), &dummy_values);
+ }
+
+ status = protected_storage_set(caller, VARIABLE_INDEX_STORAGE_UID,
+ sizeof(struct variable_metadata) * FMP_VARIABLES_COUNT,
+ fmp_variables_metadata);
+
+ if (status != EFI_SUCCESS) {
+ return;
+ }
+
+ EMSG("FMP metadata is provisioned");
+}
+
+typedef struct {
+ void *base;
+ int len;
+} variable_data_t;
+
+static variable_data_t fmp_variables_data[FMP_VARIABLES_COUNT];
+
+#define IMAGE_INFO_BUFFER_SIZE 256
+static char image_info_buffer[IMAGE_INFO_BUFFER_SIZE];
+#define IOCTL_CORSTONE1000_FMP_IMAGE_INFO 2
+
+static psa_status_t unpack_image_info(void *buffer, uint32_t size)
+{
+ typedef struct __attribute__ ((__packed__)) {
+ uint32_t variable_count;
+ uint32_t variable_size[FMP_VARIABLES_COUNT];
+ uint8_t variable[];
+ } packed_buffer_t;
+
+ packed_buffer_t *packed_buffer = buffer;
+ int runner = 0;
+
+ if (packed_buffer->variable_count != FMP_VARIABLES_COUNT) {
+ EMSG("Expected fmp varaibles = %u, but received = %u",
+ FMP_VARIABLES_COUNT, packed_buffer->variable_count);
+ return PSA_ERROR_PROGRAMMER_ERROR;
+ }
+
+ for (int i = 0; i < packed_buffer->variable_count; i++) {
+ EMSG("FMP variable %d : size %u", i, packed_buffer->variable_size[i]);
+ fmp_variables_data[i].base = &packed_buffer->variable[runner];
+ fmp_variables_data[i].len= packed_buffer->variable_size[i];
+ runner += packed_buffer->variable_size[i];
+ }
+
+ return PSA_SUCCESS;
+}
+
+static psa_status_t get_image_info(struct rpc_caller_interface *caller,
+ psa_handle_t platform_service_handle)
+{
+ psa_status_t status;
+ psa_handle_t handle;
+ uint32_t ioctl_id = IOCTL_CORSTONE1000_FMP_IMAGE_INFO;
+
+ struct psa_invec in_vec[] = {
+ { .base = &ioctl_id, .len = sizeof(ioctl_id) },
+ };
+
+ struct psa_outvec out_vec[] = {
+ { .base = image_info_buffer, .len = IMAGE_INFO_BUFFER_SIZE },
+ };
+
+ memset(image_info_buffer, 0, IMAGE_INFO_BUFFER_SIZE);
+
+ psa_call(caller, platform_service_handle, PSA_IPC_CALL,
+ in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
+
+ status = unpack_image_info(image_info_buffer, IMAGE_INFO_BUFFER_SIZE);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+
+ return PSA_SUCCESS;
+}
+
+static psa_status_t set_image_info(struct rpc_caller_interface *caller)
+{
+ psa_status_t status;
+
+ for (int i = 0; i < FMP_VARIABLES_COUNT; i++) {
+
+ status = protected_storage_set(caller,
+ fmp_variables_metadata[i].uid,
+ fmp_variables_data[i].len, fmp_variables_data[i].base);
+
+ if (status != PSA_SUCCESS) {
+
+ EMSG("FMP variable %d set unsuccessful", i);
+ return status;
+ }
+
+ EMSG("FMP variable %d set success", i);
+ }
+
+ return PSA_SUCCESS;
+}
+
+void set_fmp_image_info(struct rpc_caller_interface *caller,
+ psa_handle_t platform_service_handle)
+{
+ psa_status_t status;
+
+ status = get_image_info(caller, platform_service_handle);
+ if (status != PSA_SUCCESS) {
+ return;
+ }
+
+ status = set_image_info(caller);
+ if (status != PSA_SUCCESS) {
+ return;
+ }
+
+ return;
+}
diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h
new file mode 100644
index 000000000..d0023dc07
--- /dev/null
+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef CORSTONE1000_FMP_SERVICE_H
+#define CORSTONE1000_FMP_SERVICE_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <rpc_caller.h>
+#include <psa/client.h>
+
+void provision_fmp_variables_metadata(struct rpc_caller_interface *caller);
+
+void set_fmp_image_info(struct rpc_caller_interface *caller,
+ psa_handle_t platform_service_handle);
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* CORSTONE1000_FMP_SERVICE_H */
--
2.25.1

45
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-smm_gateway-GetNextVariableName-Fix.patch Normal file
View File

@@ -0,0 +1,45 @@
From 660658e9f974126fae15d9d8839415a76e8d6663 Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Wed, 10 Apr 2024 09:16:47 +0200
Subject: [PATCH 4/9] smm_gateway: GetNextVariableName Fix
GetNextVariableName() should return EFI_BUFFER_TOO_SMALL
when requested NameSize is smaller than the actual. It
currently returns EFI_BUFFER_OUT_OF_RESOURCES due to setting
max_name_len incorrectly. This change fixes the error by
using clamping the maximum size to the NameSize requested by
the client.
Upstream-Status: Pending
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
---
.../uefi/smm_variable/provider/smm_variable_provider.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/components/service/uefi/smm_variable/provider/smm_variable_provider.c b/components/service/uefi/smm_variable/provider/smm_variable_provider.c
index 1875397..ca3f7e5 100644
--- a/components/service/uefi/smm_variable/provider/smm_variable_provider.c
+++ b/components/service/uefi/smm_variable/provider/smm_variable_provider.c
@@ -176,16 +176,14 @@ static rpc_status_t get_next_variable_name_handler(void *context, struct rpc_req
if (resp_buf->size >= param_len) {
struct rpc_buffer *req_buf = &req->request;
- size_t max_name_len =
- resp_buf->size -
- SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME_NAME_OFFSET;
memmove(resp_buf->data, req_buf->data, param_len);
efi_status = uefi_variable_store_get_next_variable_name(
&this_instance->variable_store,
(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *)resp_buf->data,
- max_name_len, &resp_buf->data_length);
+ ((SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data)->NameSize,
+ &resp_buf->data_length);
} else {
/* Reponse buffer not big enough */
efi_status = EFI_BAD_BUFFER_SIZE;
--
2.25.1

28
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-plat-corstone1000-add-compile-definitions-for-ECP_DP.patch Normal file
View File

@@ -0,0 +1,28 @@
From a7818585e1113aabf310a94eea802ff79234b0db Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Wed, 10 Apr 2024 09:17:39 +0200
Subject: [PATCH 5/8] plat: corstone1000: add compile definitions for
ECP_DP_SECP512R1
Corstone1000 runs PSA-API tests which requires this ECC algorithm.
Without setting this, corstone1000 fails psa-api-crypto-test no 243.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Upstream-Status: Pending
---
platform/providers/arm/corstone1000/platform.cmake | 2 ++
1 file changed, 2 insertions(+)
diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
index 663226740..83350f788 100644
--- a/platform/providers/arm/corstone1000/platform.cmake
+++ b/platform/providers/arm/corstone1000/platform.cmake
@@ -26,3 +26,5 @@ get_property(_platform_driver_dependencies TARGET ${TGT}
if ("mhu" IN_LIST _platform_driver_dependencies)
include(${TS_ROOT}/platform/drivers/arm/mhu_driver/mhu_v2_x/driver.cmake)
endif()
+
+add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
--
2.25.1

141
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-plat-corstone1000-Use-the-stateless-platform-service.patch Normal file
View File

@@ -0,0 +1,141 @@
From c2edcd8bd3d8817765f280708eae894d6cd8d974 Mon Sep 17 00:00:00 2001
From: Emekcan Aras <emekcan.aras@arm.com>
Date: Sun, 18 Jun 2023 14:38:42 +0100
Subject: [PATCH 6/8] plat: corstone1000: Use the stateless platform service
calls Calls to psa_connect is not needed and psa_call can be called directly
with a pre defined handle.
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Upstream-Status: Inappropriate [Design is to revisted]
---
.../provider/capsule_update_provider.c | 24 ++++---------------
.../provider/corstone1000_fmp_service.c | 10 ++++----
.../provider/corstone1000_fmp_service.h | 3 +--
components/service/common/include/psa/sid.h | 7 ++++++
4 files changed, 17 insertions(+), 27 deletions(-)
diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
index bfeb7301a..12c552dae 100644
--- a/components/service/capsule_update/provider/capsule_update_provider.c
+++ b/components/service/capsule_update/provider/capsule_update_provider.c
@@ -63,7 +63,6 @@ void capsule_update_provider_deinit(struct capsule_update_provider *context)
static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller_interface *caller)
{
uint32_t ioctl_id;
- psa_handle_t handle;
rpc_status_t rpc_status = TS_RPC_CALL_ACCEPTED;
struct psa_invec in_vec[] = {
@@ -81,31 +80,18 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller_interface *
case CAPSULE_UPDATE_REQUEST:
/* Openamp call with IOCTL for firmware update*/
ioctl_id = IOCTL_CORSTONE1000_FWU_FLASH_IMAGES;
- handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
- TFM_SP_PLATFORM_IOCTL_VERSION);
- if (handle <= 0) {
- EMSG("%s Invalid handle", __func__);
- rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
- return rpc_status;
- }
- psa_call(caller,handle, PSA_IPC_CALL,
+ psa_call(caller,TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
in_vec,IOVEC_LEN(in_vec), NULL, 0);
- set_fmp_image_info(caller, handle);
+ set_fmp_image_info(caller);
break;
case KERNEL_STARTED_EVENT:
ioctl_id = IOCTL_CORSTONE1000_FWU_HOST_ACK;
/*openamp call with IOCTL for kernel start*/
- handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
- TFM_SP_PLATFORM_IOCTL_VERSION);
- if (handle <= 0) {
- EMSG("%s Invalid handle", __func__);
- rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
- return rpc_status;
- }
- psa_call(caller,handle, PSA_IPC_CALL,
+
+ psa_call(caller,TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
in_vec,IOVEC_LEN(in_vec), NULL, 0);
- set_fmp_image_info(caller, handle);
+ set_fmp_image_info(caller);
break;
default:
EMSG("%s unsupported opcode", __func__);
diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c
index 56ce38579..bebdf859f 100644
--- a/components/service/capsule_update/provider/corstone1000_fmp_service.c
+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c
@@ -238,8 +238,7 @@ static psa_status_t unpack_image_info(void *buffer, uint32_t size)
return PSA_SUCCESS;
}
-static psa_status_t get_image_info(struct rpc_caller_interface *caller,
- psa_handle_t platform_service_handle)
+static psa_status_t get_image_info(struct rpc_caller_interface *caller)
{
psa_status_t status;
psa_handle_t handle;
@@ -255,7 +254,7 @@ static psa_status_t get_image_info(struct rpc_caller_interface *caller,
memset(image_info_buffer, 0, IMAGE_INFO_BUFFER_SIZE);
- psa_call(caller, platform_service_handle, PSA_IPC_CALL,
+ psa_call(caller, TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
status = unpack_image_info(image_info_buffer, IMAGE_INFO_BUFFER_SIZE);
@@ -288,12 +287,11 @@ static psa_status_t set_image_info(struct rpc_caller_interface *caller)
return PSA_SUCCESS;
}
-void set_fmp_image_info(struct rpc_caller_interface *caller,
- psa_handle_t platform_service_handle)
+void set_fmp_image_info(struct rpc_caller_interface *caller)
{
psa_status_t status;
- status = get_image_info(caller, platform_service_handle);
+ status = get_image_info(caller);
if (status != PSA_SUCCESS) {
return;
}
diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h
index d0023dc07..486fa10b4 100644
--- a/components/service/capsule_update/provider/corstone1000_fmp_service.h
+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h
@@ -16,8 +16,7 @@ extern "C" {
void provision_fmp_variables_metadata(struct rpc_caller_interface *caller);
-void set_fmp_image_info(struct rpc_caller_interface *caller,
- psa_handle_t platform_service_handle);
+void set_fmp_image_info(struct rpc_caller_interface *caller);
#ifdef __cplusplus
} /* extern "C" */
diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
index 5aaa659d4..fc3a4fb06 100644
--- a/components/service/common/include/psa/sid.h
+++ b/components/service/common/include/psa/sid.h
@@ -40,6 +40,13 @@ extern "C" {
#define TFM_CRYPTO_VERSION (1U)
#define TFM_CRYPTO_HANDLE (0x40000100U)
+/******** TFM_PLATFORM_SERVICE *******/
+#define TFM_PLATFORM_API_ID_IOCTL (1013)
+#define TFM_PLATFORM_SERVICE_HANDLE (0x40000105U)
+
+/**
+ * \brief Define a progressive numerical value for each SID which can be used
+ * when dispatching the requests to the service
/******** TFM_SP_PLATFORM ********/
#define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U)
#define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U)
--
2.25.1

106
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-Initialize-capsule-update-provider.patch Normal file
View File

@@ -0,0 +1,106 @@
From 925a07093fa571ee1d2f2e59affcd2c52f1d5b54 Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Wed, 29 Nov 2023 15:40:21 +0100
Subject: [PATCH 7/8] plat: corstone1000: Initialize capsule update provider
Initializes the capsule update service provider in se-proxy-sp.c deployment
for corstone1000.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Upstream-Status: Inappropriate [Design is to revisted]
---
.../se-proxy/env/commonsp/se_proxy_sp.c | 14 +++++++++-
.../corstone1000/service_proxy_factory.c | 28 +++++++++++++++++++
.../se-proxy/infra/service_proxy_factory.h | 1 +
3 files changed, 42 insertions(+), 1 deletion(-)
diff --git a/deployments/se-proxy/env/commonsp/se_proxy_sp.c b/deployments/se-proxy/env/commonsp/se_proxy_sp.c
index 155e94863..a0eb03b6f 100644
--- a/deployments/se-proxy/env/commonsp/se_proxy_sp.c
+++ b/deployments/se-proxy/env/commonsp/se_proxy_sp.c
@@ -39,7 +39,7 @@ void __noreturn sp_main(union ffa_boot_info *boot_info)
goto fatal_error;
}
- rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 4, 16);
+ rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 5, 16);
if (rpc_status != RPC_SUCCESS) {
EMSG("Failed to initialize RPC endpoint: %d", rpc_status);
goto fatal_error;
@@ -94,6 +94,18 @@ void __noreturn sp_main(union ffa_boot_info *boot_info)
goto fatal_error;
}
+ rpc_iface = capsule_update_proxy_create();
+ if (!rpc_iface) {
+ EMSG("Failed to create Capsule Update proxy");
+ goto fatal_error;
+ }
+
+ rpc_status = ts_rpc_endpoint_sp_add_service(&rpc_endpoint, rpc_iface);
+ if (rpc_status != RPC_SUCCESS) {
+ EMSG("Failed to add service to RPC endpoint: %d", rpc_status);
+ goto fatal_error;
+ }
+
/* End of boot phase */
result = sp_msg_wait(&req_msg);
if (result != SP_RESULT_OK) {
diff --git a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
index b3b93cfd6..fc179b3c1 100644
--- a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
+++ b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
@@ -11,6 +11,7 @@
#include <rpc/rss_comms/caller/sp/rss_comms_caller.h>
#include <service/attestation/provider/attest_provider.h>
#include <service/attestation/provider/serializer/packed-c/packedc_attest_provider_serializer.h>
+#include <service/capsule_update/provider/capsule_update_provider.h>
#include <service/crypto/factory/crypto_provider_factory.h>
#include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
#include "service/secure_storage/frontend/secure_storage_provider/secure_storage_uuid.h"
@@ -129,3 +130,30 @@ struct rpc_service_interface *its_proxy_create(void)
return secure_storage_provider_init(&its_provider, backend, &its_uuid);
}
+
+struct rpc_service_interface *capsule_update_proxy_create(void)
+{
+ static struct capsule_update_provider capsule_update_provider;
+ static struct secure_storage_ipc capsule_update_backend;
+ rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
+
+ /* Static objects for proxy instance */
+ static struct rpc_caller_interface rss_comms = { 0 };
+ static struct rpc_caller_session rpc_session = { 0 };
+
+ rpc_status = rss_comms_caller_init(&rss_comms);
+ if (rpc_status != RPC_SUCCESS)
+ return NULL;
+
+ rpc_status = rpc_caller_session_open(&rpc_session, &rss_comms, &dummy_uuid, 0, 0);
+ if (rpc_status != RPC_SUCCESS)
+ return NULL;
+
+
+ capsule_update_provider.client.session = &rpc_session;
+ capsule_update_provider.client.rpc_status = RPC_SUCCESS;
+ capsule_update_provider.client.service_info.supported_encodings = 0;
+ capsule_update_provider.client.service_info.max_payload = 4096;
+
+ return capsule_update_provider_init(&capsule_update_provider);
+}
diff --git a/deployments/se-proxy/infra/service_proxy_factory.h b/deployments/se-proxy/infra/service_proxy_factory.h
index caaea79ed..b981754b7 100644
--- a/deployments/se-proxy/infra/service_proxy_factory.h
+++ b/deployments/se-proxy/infra/service_proxy_factory.h
@@ -17,6 +17,7 @@ struct rpc_service_interface *attest_proxy_create(void);
struct rpc_service_interface *crypto_proxy_create(void);
struct rpc_service_interface *ps_proxy_create(void);
struct rpc_service_interface *its_proxy_create(void);
+struct rpc_service_interface *capsule_update_proxy_create(void);
#ifdef __cplusplus
}
--
2.25.1

49
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-plat-corstone1000-add-client_id-for-FMP-service.patch Normal file
View File

@@ -0,0 +1,49 @@
From f6ed75939f0b57e6b0e50ab11cdc3304098456dd Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Fri, 5 Apr 2024 17:31:03 +0200
Subject: [PATCH 8/8] plat: corstone1000: add client_id for FMP service
Corstone1000 uses trusted-firmware-m as secure enclave software component. Due
to the changes in TF-M 2.0, psa services requires a seperate client_id now.
This commit adds smm-gateway-sp client id to the FMP services since FMP structure
accessed by u-boot via smm-gateway-sp.
Signed-off-by: emeara01 <emekcan.aras@arm.com>
Upstream-Status: Inappropriate [Design is to revisted]
---
.../capsule_update/provider/corstone1000_fmp_service.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c
index bebdf859f..1b4813d62 100644
--- a/components/service/capsule_update/provider/corstone1000_fmp_service.c
+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c
@@ -33,6 +33,7 @@
EFI_VARIABLE_APPEND_WRITE)
#define FMP_VARIABLES_COUNT 6
+#define SMM_GW_SP_ID 0x8003
static struct variable_metadata fmp_variables_metadata[FMP_VARIABLES_COUNT] = {
{
@@ -91,7 +92,7 @@ static psa_status_t protected_storage_set(struct rpc_caller_interface *caller,
{ .base = psa_ptr_to_u32(&create_flags), .len = sizeof(create_flags) },
};
- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_ITS_SET,
+ psa_status = psa_call_client_id(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, SMM_GW_SP_ID,TFM_PS_ITS_SET,
in_vec, IOVEC_LEN(in_vec), NULL, 0);
if (psa_status < 0)
EMSG("ipc_set: psa_call failed: %d", psa_status);
@@ -114,7 +115,7 @@ static psa_status_t protected_storage_get(struct rpc_caller_interface *caller,
{ .base = psa_ptr_to_u32(p_data), .len = data_size },
};
- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
+ psa_status = psa_call_client_id(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, SMM_GW_SP_ID,
TFM_PS_ITS_GET, in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
--
2.25.1

84
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Remove-Werror-flag.patch Normal file
View File

@@ -0,0 +1,84 @@
From 6d140b21c22dda58f596bb513a1cd6bc08e914eb Mon Sep 17 00:00:00 2001
From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Date: Wed, 3 Apr 2024 10:18:16 +0100
Subject: [PATCH] Remove Werror flag
Remove Werror flag due to compilation issues for TS in yocto
Upstream-Status: Inappropriate [Only for meta-arm]
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
---
deployments/smm-gateway/config/default-opteesp/CMakeLists.txt | 1 -
deployments/smm-gateway/config/default-sp/CMakeLists.txt | 1 -
environments/arm-linux/default_toolchain_file.cmake | 2 +-
environments/linux-pc/default_toolchain_file.cmake | 2 +-
environments/opteesp/default_toolchain_file.cmake | 2 +-
5 files changed, 3 insertions(+), 5 deletions(-)
diff --git a/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt b/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt
index 5521467..88048a2 100644
--- a/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt
+++ b/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt
@@ -99,7 +99,6 @@ target_compile_definitions(smm-gateway PRIVATE
if(CMAKE_C_COMPILER_ID STREQUAL "GNU")
target_compile_options(smm-gateway PRIVATE
-std=c11
- -Werror
)
endif()
diff --git a/deployments/smm-gateway/config/default-sp/CMakeLists.txt b/deployments/smm-gateway/config/default-sp/CMakeLists.txt
index ca563c0..4b43653 100644
--- a/deployments/smm-gateway/config/default-sp/CMakeLists.txt
+++ b/deployments/smm-gateway/config/default-sp/CMakeLists.txt
@@ -97,7 +97,6 @@ target_compile_definitions(smm-gateway PRIVATE
if(CMAKE_C_COMPILER_ID STREQUAL "GNU")
target_compile_options(smm-gateway PRIVATE
-std=c11
- -Werror
)
endif()
diff --git a/environments/arm-linux/default_toolchain_file.cmake b/environments/arm-linux/default_toolchain_file.cmake
index 1da144e..6909db6 100644
--- a/environments/arm-linux/default_toolchain_file.cmake
+++ b/environments/arm-linux/default_toolchain_file.cmake
@@ -19,7 +19,7 @@ set(CMAKE_SYSTEM_PROCESSOR arm)
set(TS_DEBUG_INFO_FLAGS "-fdiagnostics-show-option -gdwarf-2" CACHE STRING "Compiler flags to add debug information.")
set(TS_MANDATORY_AARCH_FLAGS "-mstrict-align -march=armv8-a+crc -DARM64=1" CACHE STRING "Compiler flags configuring architecture specific ")
-set(TS_WARNING_FLAGS "-Wall -Werror" CACHE STRING "Compiler flags affecting generating warning messages.")
+set(TS_WARNING_FLAGS "-Wall" CACHE STRING "Compiler flags affecting generating warning messages.")
set(TS_MANDATORY_LINKER_FLAGS "" CACHE STRING "Linker flags needed for correct builds.")
# Set flags affecting all build types
diff --git a/environments/linux-pc/default_toolchain_file.cmake b/environments/linux-pc/default_toolchain_file.cmake
index 58f29bc..e23bb79 100644
--- a/environments/linux-pc/default_toolchain_file.cmake
+++ b/environments/linux-pc/default_toolchain_file.cmake
@@ -11,7 +11,7 @@ include_guard(GLOBAL)
set(TS_DEBUG_INFO_FLAGS "-fdiagnostics-show-option -gdwarf-2" CACHE STRING "Compiler flags to add debug information.")
set(TS_MANDATORY_AARCH_FLAGS "" CACHE STRING "Compiler flags configuring architecture specific ")
-set(TS_WARNING_FLAGS "-Wall -Werror" CACHE STRING "Compiler flags affecting generating warning messages.")
+set(TS_WARNING_FLAGS "-Wall" CACHE STRING "Compiler flags affecting generating warning messages.")
set(TS_MANDATORY_LINKER_FLAGS "" CACHE STRING "Linker flags needed for correct builds.")
# Set flags affecting all build types
diff --git a/environments/opteesp/default_toolchain_file.cmake b/environments/opteesp/default_toolchain_file.cmake
index 43c19c5..90a9418 100644
--- a/environments/opteesp/default_toolchain_file.cmake
+++ b/environments/opteesp/default_toolchain_file.cmake
@@ -21,7 +21,7 @@ set(CMAKE_POSITION_INDEPENDENT_CODE True)
set(TS_DEBUG_INFO_FLAGS "-fdiagnostics-show-option -gdwarf-2" CACHE STRING "Compiler flags to add debug information.")
set(TS_MANDATORY_AARCH_FLAGS "-fpic -mstrict-align -march=armv8-a+crc" CACHE STRING "Compiler flags configuring architecture specific ")
-set(TS_WARNING_FLAGS "-Wall -Werror" CACHE STRING "Compiler flags affecting generating warning messages.")
+set(TS_WARNING_FLAGS "-Wall" CACHE STRING "Compiler flags affecting generating warning messages.")
set(TS_MANDATORY_LINKER_FLAGS "-pie -Wl,--as-needed -Wl,--sort-section=alignment -zmax-page-size=4096"
CACHE STRING "Linker flags needed for correct builds.")
--
2.25.1

27
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch Normal file
View File

@@ -0,0 +1,27 @@
From a94bcd8af80c42adf99a7114174afea4000e6647 Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Tue, 14 May 2024 15:58:15 +0200
Subject: [PATCH] Remove PLATFORM_HAS_ATTEST_PK define from IAT test
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Upstream-Status: Inappropriate [Should remove the flag only for CS1000]
---
deployments/psa-api-test/initial_attestation/iat-api-test.cmake | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/deployments/psa-api-test/initial_attestation/iat-api-test.cmake b/deployments/psa-api-test/initial_attestation/iat-api-test.cmake
index 4d1d2b1a9..eb4db223c 100644
--- a/deployments/psa-api-test/initial_attestation/iat-api-test.cmake
+++ b/deployments/psa-api-test/initial_attestation/iat-api-test.cmake
@@ -15,7 +15,7 @@ set(TS_ARCH_TEST_SUITE INITIAL_ATTESTATION CACHE STRING "Arch test suite")
# Set additional defines needed for build.
#-------------------------------------------------------------------------------
list(APPEND PSA_ARCH_TEST_EXTERNAL_DEFS
- -DPSA_ALG_MD4=0x02000002 -DPLATFORM_HAS_ATTEST_PK)
+ -DPSA_ALG_MD4=0x02000002)
#-------------------------------------------------------------------------------
# The arch test build system puts its build output under a test suite specific
--
2.25.1

28
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Fix-Avoid-redefinition-of-variables.patch Normal file
View File

@@ -0,0 +1,28 @@
From c7f2861e5c5ee209373a8dba15a608f78a97078b Mon Sep 17 00:00:00 2001
From: Gabor Toth <gabor.toth2@arm.com>
Date: Wed, 10 Apr 2024 11:17:50 +0200
Subject: [PATCH 1/3] Fix: Avoid redefinition of variables
Remove variable redefinition which shadows the original one.
Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/27954]
---
.../service/uefi/smm_variable/client/cpp/smm_variable_client.cpp | 1 -
1 file changed, 1 deletion(-)
diff --git a/components/service/uefi/smm_variable/client/cpp/smm_variable_client.cpp b/components/service/uefi/smm_variable/client/cpp/smm_variable_client.cpp
index f71d0c864..d39448900 100644
--- a/components/service/uefi/smm_variable/client/cpp/smm_variable_client.cpp
+++ b/components/service/uefi/smm_variable/client/cpp/smm_variable_client.cpp
@@ -166,7 +166,6 @@ efi_status_t smm_variable_client::get_variable(const EFI_GUID &guid, const std::
if (call_handle) {
uint8_t *resp_buf;
- size_t resp_len;
service_status_t service_status;
SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *access_var =
--
2.25.1

495
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-Fix-GetNextVariableName-NameSize-input.patch Normal file
View File

@@ -0,0 +1,495 @@
From cc4cc9f3f5f02f713cf4da1854f3085bf31e71cf Mon Sep 17 00:00:00 2001
From: Gabor Toth <gabor.toth2@arm.com>
Date: Sat, 13 Apr 2024 14:52:23 +0200
Subject: [PATCH 2/3] Fix GetNextVariableName NameSize input
Based on the specification the NameSize shall be set to the available
buffer size at the first call instead of the NameSize of the
provided variable.
Change smm-gateway and the tests according this. Also remove
sanitize_get_next_var_name_param utility function, which is not
compilant with this solution.
Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/28022]
---
.../backend/test/variable_store_tests.cpp | 48 +++++++--------
.../backend/uefi_variable_store.c | 60 ++++++++++++-------
.../backend/uefi_variable_store.h | 5 +-
.../smm_variable/backend/variable_index.c | 3 +
.../provider/smm_variable_provider.c | 59 +++++-------------
.../service/smm_variable_attack_tests.cpp | 29 ++++-----
.../service/smm_variable_service_tests.cpp | 7 ++-
7 files changed, 98 insertions(+), 113 deletions(-)
diff --git a/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp b/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp
index fd48f13fb..72772821c 100644
--- a/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp
+++ b/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp
@@ -501,15 +501,13 @@ TEST(UefiVariableStoreTests, bootServiceAccess)
std::vector<uint8_t> msg_buffer(VARIABLE_BUFFER_SIZE);
SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *next_name =
(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *) msg_buffer.data();
- size_t max_name_len =
- VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET;
size_t total_len = 0;
- next_name->NameSize = sizeof(int16_t);
+ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET;
next_name->Name[0] = 0;
status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name,
- max_name_len, &total_len);
+ &total_len);
UNSIGNED_LONGLONGS_EQUAL(EFI_NOT_FOUND, status);
}
@@ -574,47 +572,48 @@ TEST(UefiVariableStoreTests, enumerateStoreContents)
std::vector<uint8_t> msg_buffer(VARIABLE_BUFFER_SIZE);
SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *next_name =
(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *) msg_buffer.data();
- size_t max_name_len =
- VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET;
/* First check handling of invalid variable name */
std::u16string bogus_name = to_variable_name(u"bogus_variable");
size_t bogus_name_size = string_get_size_in_bytes(bogus_name);
next_name->Guid = m_common_guid;
- next_name->NameSize = bogus_name_size;
+ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET;
memcpy(next_name->Name, bogus_name.data(), bogus_name_size);
status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name,
- max_name_len, &total_len);
+ &total_len);
UNSIGNED_LONGLONGS_EQUAL(EFI_INVALID_PARAMETER, status);
/* Enumerate store contents */
next_name->NameSize = sizeof(int16_t);
next_name->Name[0] = 0;
- /* Check if the correct NameSize is returned if max_name_len is too small */
+ /* Check if the correct NameSize is returned if namesize is too small */
status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name,
- 0, &total_len);
+ &total_len);
UNSIGNED_LONGLONGS_EQUAL(EFI_BUFFER_TOO_SMALL, status);
UNSIGNED_LONGLONGS_EQUAL(sizeof(var_name_1), next_name->NameSize);
- /* And then used the previously received next_name->NameSize as max_name_len */
+ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET;
status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name,
- next_name->NameSize, &total_len);
+ &total_len);
UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
CHECK_TRUE(compare_variable_name(var_name_1, next_name->Name, next_name->NameSize));
+ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET;
status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name,
- max_name_len, &total_len);
+ &total_len);
UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
CHECK_TRUE(compare_variable_name(var_name_2, next_name->Name, next_name->NameSize));
+ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET;
status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name,
- max_name_len, &total_len);
+ &total_len);
UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
CHECK_TRUE(compare_variable_name(var_name_3, next_name->Name, next_name->NameSize));
+ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET;
status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name,
- max_name_len, &total_len);
+ &total_len);
UNSIGNED_LONGLONGS_EQUAL(EFI_NOT_FOUND, status);
power_cycle();
@@ -622,21 +621,23 @@ TEST(UefiVariableStoreTests, enumerateStoreContents)
/* Enumerate again - should be left with just NV variables.
* Use a different but equally valid null name.
*/
- next_name->NameSize = 10 * sizeof(int16_t);
+ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET;
memset(next_name->Name, 0, next_name->NameSize);
status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name,
- max_name_len, &total_len);
+ &total_len);
UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
CHECK_TRUE(compare_variable_name(var_name_1, next_name->Name, next_name->NameSize));
+ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET;
status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name,
- max_name_len, &total_len);
+ &total_len);
UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
CHECK_TRUE(compare_variable_name(var_name_3, next_name->Name, next_name->NameSize));
+ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET;
status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name,
- max_name_len, &total_len);
+ &total_len);
UNSIGNED_LONGLONGS_EQUAL(EFI_NOT_FOUND, status);
}
@@ -672,21 +673,20 @@ TEST(UefiVariableStoreTests, failedNvSet)
std::vector<uint8_t> msg_buffer(VARIABLE_BUFFER_SIZE);
SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *next_name =
(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *) msg_buffer.data();
- size_t max_name_len =
- VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET;
/* Enumerate store contents */
size_t total_len = 0;
- next_name->NameSize = sizeof(int16_t);
+ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET;
next_name->Name[0] = 0;
status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name,
- max_name_len, &total_len);
+ &total_len);
UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
CHECK_TRUE(compare_variable_name(var_name_1, next_name->Name, next_name->NameSize));
+ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET;
status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name,
- max_name_len, &total_len);
+ &total_len);
UNSIGNED_LONGLONGS_EQUAL(EFI_NOT_FOUND, status);
}
diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.c b/components/service/uefi/smm_variable/backend/uefi_variable_store.c
index 5b46c1371..caf6698aa 100644
--- a/components/service/uefi/smm_variable/backend/uefi_variable_store.c
+++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.c
@@ -404,9 +404,27 @@ efi_status_t uefi_variable_store_get_variable(const struct uefi_variable_store *
efi_status_t
uefi_variable_store_get_next_variable_name(const struct uefi_variable_store *context,
SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *cur,
- size_t max_name_len, size_t *total_length)
+ size_t *total_length)
{
- efi_status_t status = check_name_terminator(cur->Name, cur->NameSize);
+ efi_status_t status = EFI_SUCCESS;
+ size_t buffer_size = 0;
+
+ if (!cur)
+ return EFI_INVALID_PARAMETER;
+ /*
+ * NameSize is set to the buffer size to store the names,
+ * let's calculate the size actually being used.
+ */
+ buffer_size = cur->NameSize;
+ for (int i = 0; i < buffer_size / sizeof(int16_t); i++) {
+ if (cur->Name[i] == 0) {
+ /* With null terminator */
+ cur->NameSize = 2*(i+1);
+ break;
+ }
+ }
+
+ status = check_name_terminator(cur->Name, cur->NameSize);
if (status != EFI_SUCCESS)
return status;
@@ -418,21 +436,11 @@ uefi_variable_store_get_next_variable_name(const struct uefi_variable_store *con
&context->variable_index, &cur->Guid, cur->NameSize, cur->Name, &status);
if (info && (status == EFI_SUCCESS)) {
- /* The NameSize has to be set in every case according to the UEFI specs.
- * In case of EFI_BUFFER_TOO_SMALL it has to reflect the size of buffer
- * needed.
- */
- cur->NameSize = info->metadata.name_size;
- *total_length = sizeof(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME);
-
- if (info->metadata.name_size <= max_name_len) {
+ if (info->metadata.name_size <= buffer_size) {
cur->Guid = info->metadata.guid;
+ cur->NameSize = info->metadata.name_size;
memcpy(cur->Name, info->metadata.name, info->metadata.name_size);
- *total_length =
- SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME_TOTAL_SIZE(
- cur);
-
/*
* Check if variable is accessible (e.g boot variable is not
* accessible at runtime)
@@ -442,6 +450,10 @@ uefi_variable_store_get_next_variable_name(const struct uefi_variable_store *con
if (status == EFI_SUCCESS)
break;
} else {
+ /* The VariableNameSize is updated to reflect the size of buffer needed */
+ cur->NameSize = info->metadata.name_size;
+ memset(cur->Name, 0, buffer_size);
+ memset(&cur->Guid, 0, sizeof(EFI_GUID));
status = EFI_BUFFER_TOO_SMALL;
break;
}
@@ -450,18 +462,24 @@ uefi_variable_store_get_next_variable_name(const struct uefi_variable_store *con
/* Do not hide original error if there is any */
if (status == EFI_SUCCESS)
status = EFI_NOT_FOUND;
+
+ memset(cur->Name, 0, buffer_size);
+ memset(&cur->Guid, 0, sizeof(EFI_GUID));
+ cur->NameSize = 0;
break;
}
}
- /* If we found no accessible variable clear the fields for security */
- if (status != EFI_SUCCESS) {
- memset(cur->Name, 0, max_name_len);
- memset(&cur->Guid, 0, sizeof(EFI_GUID));
- if (status != EFI_BUFFER_TOO_SMALL)
- cur->NameSize = 0;
+ if (status == EFI_SUCCESS) {
+ /* Store everything including the name */
+ *total_length =
+ SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME_TOTAL_SIZE(
+ cur);
+ } else {
+ /* Do not store the name, only the size */
+ *total_length =
+ SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME_NAME_OFFSET;
}
-
return status;
}
diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.h b/components/service/uefi/smm_variable/backend/uefi_variable_store.h
index 8be5f36e6..2493ff6b4 100644
--- a/components/service/uefi/smm_variable/backend/uefi_variable_store.h
+++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.h
@@ -134,8 +134,7 @@ efi_status_t uefi_variable_store_get_variable(const struct uefi_variable_store *
* Used for enumerating the store contents
*
* @param[in] context uefi_variable_store instance
- * @param[out] cur Current variable name
- * @param[in] max_name_len The maximum variable name length
+ * @param[inout] cur The size of the VariableName buffer
* @param[out] total_len The total length of the output
*
* @return EFI_SUCCESS if successful
@@ -143,7 +142,7 @@ efi_status_t uefi_variable_store_get_variable(const struct uefi_variable_store *
efi_status_t
uefi_variable_store_get_next_variable_name(const struct uefi_variable_store *context,
SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *cur,
- size_t max_name_len, size_t *total_length);
+ size_t *total_length);
/**
* @brief Query for variable info
diff --git a/components/service/uefi/smm_variable/backend/variable_index.c b/components/service/uefi/smm_variable/backend/variable_index.c
index d850dbe18..e2fe6dd38 100644
--- a/components/service/uefi/smm_variable/backend/variable_index.c
+++ b/components/service/uefi/smm_variable/backend/variable_index.c
@@ -27,6 +27,9 @@ static uint64_t name_hash(const EFI_GUID *guid, size_t name_size, const int16_t
/* Extend to cover name up to but not including null terminator */
for (size_t i = 0; i < (name_size - sizeof(int16_t)) / sizeof(int16_t); ++i) {
+ /* Only hash till the first null terminator */
+ if (name[i] == 0)
+ break;
hash = ((hash << 5) + hash) + name[i];
}
diff --git a/components/service/uefi/smm_variable/provider/smm_variable_provider.c b/components/service/uefi/smm_variable/provider/smm_variable_provider.c
index ca3f7e5e5..1a5269338 100644
--- a/components/service/uefi/smm_variable/provider/smm_variable_provider.c
+++ b/components/service/uefi/smm_variable/provider/smm_variable_provider.c
@@ -81,30 +81,6 @@ static efi_status_t sanitize_access_variable_param(struct rpc_request *req, size
return efi_status;
}
-static efi_status_t sanitize_get_next_var_name_param(struct rpc_request *req, size_t *param_len)
-{
- efi_status_t efi_status = EFI_INVALID_PARAMETER;
- *param_len = 0;
- const struct rpc_buffer *req_buf = &req->request;
-
- if (req_buf->data_length >= SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME_NAME_OFFSET) {
- const SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *param =
- (const SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *)req_buf->data;
-
- size_t max_space_for_name =
- req_buf->data_length -
- SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME_NAME_OFFSET;
-
- if (param->NameSize <= max_space_for_name) {
- *param_len =
- SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME_TOTAL_SIZE(param);
- efi_status = EFI_SUCCESS;
- }
- }
-
- return efi_status;
-}
-
static efi_status_t sanitize_var_check_property_param(struct rpc_request *req, size_t *param_len)
{
efi_status_t efi_status = EFI_INVALID_PARAMETER;
@@ -146,7 +122,7 @@ static rpc_status_t get_variable_handler(void *context, struct rpc_request *req)
struct rpc_buffer *req_buf = &req->request;
size_t max_data_len = resp_buf->size - param_len;
- memmove(resp_buf->data, req_buf->data, param_len);
+ memcpy(resp_buf->data, req_buf->data, param_len);
efi_status = uefi_variable_store_get_variable(
&this_instance->variable_store,
@@ -167,28 +143,21 @@ static rpc_status_t get_next_variable_name_handler(void *context, struct rpc_req
{
struct smm_variable_provider *this_instance = (struct smm_variable_provider *)context;
- size_t param_len = 0;
- efi_status_t efi_status = sanitize_get_next_var_name_param(req, &param_len);
+ efi_status_t efi_status = EFI_SUCCESS;
+ size_t variable_size = 0;
- if (efi_status == EFI_SUCCESS) {
- /* Valid get next variable name header */
- struct rpc_buffer *resp_buf = &req->response;
+ /* Valid get next variable name header */
+ struct rpc_buffer *resp_buf = &req->response;
+ struct rpc_buffer *req_buf = &req->request;
- if (resp_buf->size >= param_len) {
- struct rpc_buffer *req_buf = &req->request;
+ memcpy(resp_buf->data, req_buf->data, req_buf->data_length);
- memmove(resp_buf->data, req_buf->data, param_len);
+ efi_status = uefi_variable_store_get_next_variable_name(
+ &this_instance->variable_store,
+ (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *)resp_buf->data,
+ &variable_size);
- efi_status = uefi_variable_store_get_next_variable_name(
- &this_instance->variable_store,
- (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *)resp_buf->data,
- ((SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data)->NameSize,
- &resp_buf->data_length);
- } else {
- /* Reponse buffer not big enough */
- efi_status = EFI_BAD_BUFFER_SIZE;
- }
- }
+ resp_buf->data_length = variable_size;
req->service_status = efi_status;
@@ -240,7 +209,7 @@ static rpc_status_t query_variable_info_handler(void *context, struct rpc_reques
struct rpc_buffer *resp_buf = &req->response;
if (resp_buf->size >= req_buf->data_length) {
- memmove(resp_buf->data, req_buf->data, req_buf->data_length);
+ memcpy(resp_buf->data, req_buf->data, req_buf->data_length);
efi_status = uefi_variable_store_query_variable_info(
&this_instance->variable_store,
@@ -308,7 +277,7 @@ static rpc_status_t get_var_check_property_handler(void *context, struct rpc_req
if (resp_buf->size >= param_len) {
struct rpc_buffer *req_buf = &req->request;
- memmove(resp_buf->data, req_buf->data, param_len);
+ memcpy(resp_buf->data, req_buf->data, param_len);
resp_buf->data_length = param_len;
efi_status = uefi_variable_store_get_var_check_property(
diff --git a/components/service/uefi/smm_variable/test/service/smm_variable_attack_tests.cpp b/components/service/uefi/smm_variable/test/service/smm_variable_attack_tests.cpp
index 76b62fd35..98e61fec0 100644
--- a/components/service/uefi/smm_variable/test/service/smm_variable_attack_tests.cpp
+++ b/components/service/uefi/smm_variable/test/service/smm_variable_attack_tests.cpp
@@ -176,19 +176,6 @@ TEST(SmmVariableAttackTests, setAndGetWithSizeMaxNameSize)
UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
}
-TEST(SmmVariableAttackTests, enumerateWithOversizeName)
-{
- efi_status_t efi_status = EFI_SUCCESS;
- std::u16string var_name = null_name;
- EFI_GUID guid;
- memset(&guid, 0, sizeof(guid));
-
- efi_status = m_client->get_next_variable_name(guid, var_name,
- (var_name.size() + 1) * sizeof(int16_t) + 1);
-
- UNSIGNED_LONGLONGS_EQUAL(EFI_INVALID_PARAMETER, efi_status);
-}
-
TEST(SmmVariableAttackTests, enumerateWithSizeMaxNameSize)
{
efi_status_t efi_status = EFI_SUCCESS;
@@ -202,17 +189,23 @@ TEST(SmmVariableAttackTests, enumerateWithSizeMaxNameSize)
UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
- /* Initial iteration uses good name length */
- efi_status = m_client->get_next_variable_name(guid, var_name);
+ /* Initial iteration uses good name length for next variable */
+ efi_status = m_client->get_next_variable_name(guid, var_name, std::numeric_limits<size_t>::max());
UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
- /* Next iteration uses invalid name length */
- efi_status = m_client->get_next_variable_name(guid, var_name,
- std::numeric_limits<size_t>::max());
+ /* Next iteration uses invalid name length, so a null terminator can not fit */
+ var_name = null_name;
+ efi_status = m_client->get_next_variable_name(guid, var_name, 1);
UNSIGNED_LONGLONGS_EQUAL(EFI_INVALID_PARAMETER, efi_status);
+ /* Next iteration uses invalid name length, so a null terminator can not fit */
+ var_name = null_name;
+ efi_status = m_client->get_next_variable_name(guid, var_name, 2);
+
+ UNSIGNED_LONGLONGS_EQUAL(EFI_BUFFER_TOO_SMALL, efi_status);
+
/* Expect to be able to remove the variable */
efi_status = m_client->remove_variable(m_common_guid, var_name_1);
UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
diff --git a/components/service/uefi/smm_variable/test/service/smm_variable_service_tests.cpp b/components/service/uefi/smm_variable/test/service/smm_variable_service_tests.cpp
index e82a90c37..8fa4f8077 100644
--- a/components/service/uefi/smm_variable/test/service/smm_variable_service_tests.cpp
+++ b/components/service/uefi/smm_variable/test/service/smm_variable_service_tests.cpp
@@ -9,6 +9,7 @@
#include <cstring>
#include <locale>
#include <sstream>
+#include <limits>
#include "util.h"
@@ -154,7 +155,7 @@ TEST_GROUP(SmmVariableServiceTests)
#endif
do {
- status = m_client->get_next_variable_name(guid, var_name);
+ status = m_client->get_next_variable_name(guid, var_name, max_variable_size);
/* There are no more variables in the persistent store */
if (status == EFI_NOT_FOUND) {
@@ -223,6 +224,8 @@ TEST_GROUP(SmmVariableServiceTests)
std::u16string m_ro_variable = to_variable_name(u"ro_variable");
std::u16string m_boot_finished_var_name = to_variable_name(u"finished");
+ uint32_t max_variable_size = 4096;
+
/* Cleanup skips these variables */
std::vector<std::u16string *> m_non_rm_vars{ &m_ro_variable, &m_boot_finished_var_name };
@@ -654,7 +657,7 @@ TEST(SmmVariableServiceTests, enumerateStoreContents)
std::u16string *expected_variables[] = { &var_name_1, &var_name_2, &var_name_3 };
do {
- efi_status = m_client->get_next_variable_name(guid, var_name);
+ efi_status = m_client->get_next_variable_name(guid, var_name, max_variable_size);
if (efi_status != EFI_SUCCESS)
break;
--
2.25.1

82
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Fix-error-handling-of-variable-index-loading.patch Normal file
View File

@@ -0,0 +1,82 @@
From c62e728bb86981219984c8b39819fb8926a41e10 Mon Sep 17 00:00:00 2001
From: Gabor Toth <gabor.toth2@arm.com>
Date: Fri, 19 Apr 2024 18:25:23 +0200
Subject: [PATCH 3/3] Fix error handling of variable index loading
If loading of the variable index from Protected Storage fails, SmmGW
will silently continue with empty variable store. This is a serious
fault and a potential security risk.
Change the code to produce a log output when this happens and stop
loading the SP.
Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/28300]
---
.../backend/uefi_variable_store.c | 28 ++++++++++++++-----
1 file changed, 21 insertions(+), 7 deletions(-)
diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.c b/components/service/uefi/smm_variable/backend/uefi_variable_store.c
index caf6698aa..c1691dc8f 100644
--- a/components/service/uefi/smm_variable/backend/uefi_variable_store.c
+++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.c
@@ -27,7 +27,7 @@
#include "service/crypto/client/psa/crypto_client.h"
#endif
-static void load_variable_index(struct uefi_variable_store *context);
+static efi_status_t load_variable_index(struct uefi_variable_store *context);
static efi_status_t sync_variable_index(const struct uefi_variable_store *context);
@@ -165,8 +165,10 @@ efi_status_t uefi_variable_store_init(struct uefi_variable_store *context, uint3
/* Load the variable index with NV variable info from the persistent store */
if (context->index_sync_buffer) {
- load_variable_index(context);
- purge_orphan_index_entries(context);
+ status = load_variable_index(context);
+
+ if (status == EFI_SUCCESS)
+ purge_orphan_index_entries(context);
}
}
@@ -571,7 +573,7 @@ efi_status_t uefi_variable_store_get_var_check_property(
return status;
}
-static void load_variable_index(struct uefi_variable_store *context)
+static efi_status_t load_variable_index(struct uefi_variable_store *context)
{
struct storage_backend *persistent_store = context->persistent_store.storage_backend;
@@ -583,11 +585,23 @@ static void load_variable_index(struct uefi_variable_store *context)
SMM_VARIABLE_INDEX_STORAGE_UID, 0, context->index_sync_buffer_size,
context->index_sync_buffer, &data_len);
- if (psa_status == PSA_SUCCESS) {
- variable_index_restore(&context->variable_index, data_len,
- context->index_sync_buffer);
+ switch(psa_status) {
+ case PSA_SUCCESS:
+ (void) variable_index_restore(&context->variable_index, data_len,
+ context->index_sync_buffer);
+ break;
+
+ case PSA_ERROR_DOES_NOT_EXIST:
+ IMSG("Index variable does not exist in NV store, continuing with empty index");
+ break;
+
+ default:
+ EMSG("Loading variable index failed: %d", psa_status);
+ return EFI_LOAD_ERROR;
}
}
+
+ return EFI_SUCCESS;
}
static efi_status_t sync_variable_index(const struct uefi_variable_store *context)
--
2.25.1

758
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Provide-crypto-api-to-create-uefi-priv-var-fingerpri.patch Normal file
View File

@@ -0,0 +1,758 @@
From 370811420cfa1c14146f45de308bbccf70408eb8 Mon Sep 17 00:00:00 2001
From: Gabor Toth <gabor.toth2@arm.com>
Date: Fri, 5 Apr 2024 11:19:37 +0200
Subject: [PATCH] Provide crypto api to create uefi priv var fingerprint
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Add new call to the crypto backend to calculate a hash of the common
name of the signing certificates Subject and the tbsCertificate
of the top-level issuer certificate.
Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/27953]
---
.../client/caller/packed-c/crypto_caller.h | 1 +
...aller_get_uefi_priv_auth_var_fingerprint.h | 90 ++++++++
.../packed-c/packedc_crypto_client.cpp | 8 +
.../protocol/packed-c/packedc_crypto_client.h | 4 +
.../service/crypto/client/psa/component.cmake | 1 +
.../service/crypto/client/psa/crypto_client.h | 5 +
.../psa/get_uefi_priv_auth_var_fingerprint.c | 21 ++
.../service/crypto/provider/crypto_provider.c | 212 +++++++++++++++---
.../serializer/crypto_provider_serializer.h | 8 +
.../packedc_crypto_provider_serializer.c | 54 +++++
.../backend/direct/uefi_direct_backend.c | 90 ++++++++
deployments/smm-gateway/smm-gateway.cmake | 5 +
.../get_uefi_priv_auth_var_fingerprint.h | 21 ++
protocols/service/crypto/packed-c/opcodes.h | 1 +
14 files changed, 488 insertions(+), 33 deletions(-)
create mode 100644 components/service/crypto/client/caller/packed-c/crypto_caller_get_uefi_priv_auth_var_fingerprint.h
create mode 100644 components/service/crypto/client/psa/get_uefi_priv_auth_var_fingerprint.c
create mode 100644 protocols/service/crypto/packed-c/get_uefi_priv_auth_var_fingerprint.h
diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller.h b/components/service/crypto/client/caller/packed-c/crypto_caller.h
index d834bc207..d5dd0f70d 100644
--- a/components/service/crypto/client/caller/packed-c/crypto_caller.h
+++ b/components/service/crypto/client/caller/packed-c/crypto_caller.h
@@ -31,5 +31,6 @@
#include "crypto_caller_sign_hash.h"
#include "crypto_caller_verify_hash.h"
#include "crypto_caller_verify_pkcs7_signature.h"
+#include "crypto_caller_get_uefi_priv_auth_var_fingerprint.h"
#endif /* PACKEDC_CRYPTO_CALLER_H */
diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_get_uefi_priv_auth_var_fingerprint.h b/components/service/crypto/client/caller/packed-c/crypto_caller_get_uefi_priv_auth_var_fingerprint.h
new file mode 100644
index 000000000..d3446e445
--- /dev/null
+++ b/components/service/crypto/client/caller/packed-c/crypto_caller_get_uefi_priv_auth_var_fingerprint.h
@@ -0,0 +1,90 @@
+/*
+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef PACKEDC_CRYPTO_CALLER_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_H
+#define PACKEDC_CRYPTO_CALLER_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_H
+
+#include <common/tlv/tlv.h>
+#include <protocols/common/efi/efi_status.h>
+#include <protocols/rpc/common/packed-c/status.h>
+#include <protocols/service/crypto/packed-c/opcodes.h>
+#include <protocols/service/crypto/packed-c/get_uefi_priv_auth_var_fingerprint.h>
+#include <service/common/client/service_client.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+static inline int crypto_caller_get_uefi_priv_auth_var_fingerprint(struct service_client *context,
+ const uint8_t *signature_cert,
+ uint64_t signature_cert_len,
+ uint8_t *output)
+{
+ efi_status_t efi_status = EFI_SUCCESS;
+ size_t req_len = 0;
+
+ if (signature_cert_len > UINT16_MAX)
+ return RPC_ERROR_INVALID_VALUE;
+
+ struct tlv_record signature_record = {
+ .tag = TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_IN_TAG_SIGNATURE,
+ .length = (uint16_t)signature_cert_len,
+ .value = signature_cert
+ };
+
+ req_len += tlv_required_space(signature_record.length);
+
+ rpc_call_handle call_handle;
+ uint8_t *req_buf;
+
+ call_handle = rpc_caller_session_begin(context->session, &req_buf, req_len, 0);
+
+ if (call_handle) {
+ uint8_t *resp_buf;
+ size_t resp_len;
+ service_status_t service_status;
+ struct tlv_iterator req_iter;
+
+ tlv_iterator_begin(&req_iter, req_buf, req_len);
+ tlv_encode(&req_iter, &signature_record);
+
+ context->rpc_status = rpc_caller_session_invoke(
+ call_handle, TS_CRYPTO_OPCODE_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT, &resp_buf, &resp_len,
+ &service_status);
+
+ if (context->rpc_status == RPC_SUCCESS) {
+
+ if (service_status == EFI_SUCCESS) {
+
+ struct tlv_const_iterator resp_iter;
+ struct tlv_record decoded_record;
+ tlv_const_iterator_begin(&resp_iter, resp_buf, resp_len);
+
+ if (tlv_find_decode(&resp_iter,
+ TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_OUT_TAG_IDENTIFIER, &decoded_record)) {
+
+ memcpy(output, decoded_record.value, PSA_HASH_MAX_SIZE);
+ }
+ else {
+ /* Mandatory response parameter missing */
+ efi_status = EFI_INVALID_PARAMETER;
+ }
+ }
+ }
+
+ rpc_caller_session_end(call_handle);
+ }
+
+ return efi_status;
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* PACKEDC_CRYPTO_CALLER_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_H */
diff --git a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp
index aaa71f0c8..e0f6a15a8 100644
--- a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp
+++ b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp
@@ -428,3 +428,11 @@ int packedc_crypto_client::verify_pkcs7_signature(const uint8_t *signature_cert,
hash, hash_len, public_key_cert,
public_key_cert_len);
}
+
+int packedc_crypto_client::get_uefi_priv_auth_var_fingerprint(const uint8_t *signature_cert,
+ uint64_t signature_cert_len,
+ uint8_t *output)
+{
+ return crypto_caller_get_uefi_priv_auth_var_fingerprint(&m_client, signature_cert, signature_cert_len,
+ output);
+}
diff --git a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h
index 8d4f60cf9..ec6c51c7f 100644
--- a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h
+++ b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h
@@ -236,6 +236,10 @@ public:
int verify_pkcs7_signature(const uint8_t *signature_cert, uint64_t signature_cert_len,
const uint8_t *hash, uint64_t hash_len,
const uint8_t *public_key_cert, uint64_t public_key_cert_len);
+
+ int get_uefi_priv_auth_var_fingerprint(const uint8_t *signature_cert,
+ uint64_t signature_cert_len,
+ uint8_t *output);
};
#endif /* PACKEDC_CRYPTO_CLIENT_H */
diff --git a/components/service/crypto/client/psa/component.cmake b/components/service/crypto/client/psa/component.cmake
index 359db3b4a..5bee0c652 100644
--- a/components/service/crypto/client/psa/component.cmake
+++ b/components/service/crypto/client/psa/component.cmake
@@ -32,4 +32,5 @@ target_sources(${TGT} PRIVATE
"${CMAKE_CURRENT_LIST_DIR}/psa_sign_message.c"
"${CMAKE_CURRENT_LIST_DIR}/psa_verify_message.c"
"${CMAKE_CURRENT_LIST_DIR}/verify_pkcs7_signature.c"
+ "${CMAKE_CURRENT_LIST_DIR}/get_uefi_priv_auth_var_fingerprint.c"
)
diff --git a/components/service/crypto/client/psa/crypto_client.h b/components/service/crypto/client/psa/crypto_client.h
index 4b59bbe32..af04df11e 100644
--- a/components/service/crypto/client/psa/crypto_client.h
+++ b/components/service/crypto/client/psa/crypto_client.h
@@ -7,10 +7,15 @@
#ifndef CRYPTO_CLIENT_H
#define CRYPTO_CLIENT_H
+#include <stddef.h>
#include <stdint.h>
int verify_pkcs7_signature(const uint8_t *signature_cert, uint64_t signature_cert_len,
const uint8_t *hash, uint64_t hash_len, const uint8_t *public_key_cert,
uint64_t public_key_cert_len);
+int get_uefi_priv_auth_var_fingerprint_handler(const uint8_t *signature_cert,
+ uint64_t signature_cert_len,
+ uint8_t *output);
+
#endif /* CRYPTO_CLIENT_H */
diff --git a/components/service/crypto/client/psa/get_uefi_priv_auth_var_fingerprint.c b/components/service/crypto/client/psa/get_uefi_priv_auth_var_fingerprint.c
new file mode 100644
index 000000000..702aaa0c4
--- /dev/null
+++ b/components/service/crypto/client/psa/get_uefi_priv_auth_var_fingerprint.c
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include "crypto_caller_selector.h"
+#include "crypto_client.h"
+#include "psa_crypto_client.h"
+
+int get_uefi_priv_auth_var_fingerprint_handler(const uint8_t *signature_cert,
+ uint64_t signature_cert_len,
+ uint8_t *output)
+{
+ if (psa_crypto_client_instance.init_status != PSA_SUCCESS)
+ return psa_crypto_client_instance.init_status;
+
+ return crypto_caller_get_uefi_priv_auth_var_fingerprint(&psa_crypto_client_instance.base,
+ signature_cert, signature_cert_len,
+ output);
+}
diff --git a/components/service/crypto/provider/crypto_provider.c b/components/service/crypto/provider/crypto_provider.c
index 9cd520859..4535d6dbe 100644
--- a/components/service/crypto/provider/crypto_provider.c
+++ b/components/service/crypto/provider/crypto_provider.c
@@ -3,12 +3,15 @@
*
* SPDX-License-Identifier: BSD-3-Clause
*/
+#include <protocols/common/efi/efi_status.h>
#include <protocols/rpc/common/packed-c/status.h>
#include <protocols/service/crypto/packed-c/opcodes.h>
#include <service/crypto/backend/crypto_backend.h>
#include <service/crypto/provider/crypto_provider.h>
+#include <compiler.h>
#include <stdint.h>
#include <stdlib.h>
+#include <string.h>
#include "crypto_partition.h"
#include "crypto_uuid.h"
@@ -28,25 +31,27 @@ static rpc_status_t copy_key_handler(void *context, struct rpc_request *req);
static rpc_status_t purge_key_handler(void *context, struct rpc_request *req);
static rpc_status_t get_key_attributes_handler(void *context, struct rpc_request *req);
static rpc_status_t verify_pkcs7_signature_handler(void *context, struct rpc_request *req);
+static rpc_status_t get_uefi_priv_auth_var_fingerprint_handler(void *context, struct rpc_request *req);
/* Handler mapping table for service */
static const struct service_handler handler_table[] = {
- { TS_CRYPTO_OPCODE_GENERATE_KEY, generate_key_handler },
- { TS_CRYPTO_OPCODE_DESTROY_KEY, destroy_key_handler },
- { TS_CRYPTO_OPCODE_EXPORT_KEY, export_key_handler },
- { TS_CRYPTO_OPCODE_EXPORT_PUBLIC_KEY, export_public_key_handler },
- { TS_CRYPTO_OPCODE_IMPORT_KEY, import_key_handler },
- { TS_CRYPTO_OPCODE_SIGN_HASH, asymmetric_sign_handler },
- { TS_CRYPTO_OPCODE_VERIFY_HASH, asymmetric_verify_handler },
- { TS_CRYPTO_OPCODE_ASYMMETRIC_DECRYPT, asymmetric_decrypt_handler },
- { TS_CRYPTO_OPCODE_ASYMMETRIC_ENCRYPT, asymmetric_encrypt_handler },
- { TS_CRYPTO_OPCODE_GENERATE_RANDOM, generate_random_handler },
- { TS_CRYPTO_OPCODE_COPY_KEY, copy_key_handler },
- { TS_CRYPTO_OPCODE_PURGE_KEY, purge_key_handler },
- { TS_CRYPTO_OPCODE_GET_KEY_ATTRIBUTES, get_key_attributes_handler },
- { TS_CRYPTO_OPCODE_SIGN_MESSAGE, asymmetric_sign_handler },
- { TS_CRYPTO_OPCODE_VERIFY_MESSAGE, asymmetric_verify_handler },
- { TS_CRYPTO_OPCODE_VERIFY_PKCS7_SIGNATURE, verify_pkcs7_signature_handler },
+ { TS_CRYPTO_OPCODE_GENERATE_KEY, generate_key_handler },
+ { TS_CRYPTO_OPCODE_DESTROY_KEY, destroy_key_handler },
+ { TS_CRYPTO_OPCODE_EXPORT_KEY, export_key_handler },
+ { TS_CRYPTO_OPCODE_EXPORT_PUBLIC_KEY, export_public_key_handler },
+ { TS_CRYPTO_OPCODE_IMPORT_KEY, import_key_handler },
+ { TS_CRYPTO_OPCODE_SIGN_HASH, asymmetric_sign_handler },
+ { TS_CRYPTO_OPCODE_VERIFY_HASH, asymmetric_verify_handler },
+ { TS_CRYPTO_OPCODE_ASYMMETRIC_DECRYPT, asymmetric_decrypt_handler },
+ { TS_CRYPTO_OPCODE_ASYMMETRIC_ENCRYPT, asymmetric_encrypt_handler },
+ { TS_CRYPTO_OPCODE_GENERATE_RANDOM, generate_random_handler },
+ { TS_CRYPTO_OPCODE_COPY_KEY, copy_key_handler },
+ { TS_CRYPTO_OPCODE_PURGE_KEY, purge_key_handler },
+ { TS_CRYPTO_OPCODE_GET_KEY_ATTRIBUTES, get_key_attributes_handler },
+ { TS_CRYPTO_OPCODE_SIGN_MESSAGE, asymmetric_sign_handler },
+ { TS_CRYPTO_OPCODE_VERIFY_MESSAGE, asymmetric_verify_handler },
+ { TS_CRYPTO_OPCODE_VERIFY_PKCS7_SIGNATURE, verify_pkcs7_signature_handler },
+ { TS_CRYPTO_OPCODE_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT, get_uefi_priv_auth_var_fingerprint_handler },
};
struct rpc_service_interface *
@@ -664,33 +669,44 @@ static rpc_status_t verify_pkcs7_signature_handler(void *context, struct rpc_req
}
if (rpc_status == RPC_SUCCESS) {
- /* Parse the public key certificate */
- mbedtls_x509_crt signer_certificate;
+ /* Parse the PKCS#7 DER encoded signature block */
+ mbedtls_pkcs7 pkcs7_structure;
- mbedtls_x509_crt_init(&signer_certificate);
+ mbedtls_pkcs7_init(&pkcs7_structure);
- mbedtls_status = mbedtls_x509_crt_parse_der(&signer_certificate, public_key_cert,
- public_key_cert_len);
+ mbedtls_status = mbedtls_pkcs7_parse_der(&pkcs7_structure, signature_cert,
+ signature_cert_len);
- if (mbedtls_status == 0) {
- /* Parse the PKCS#7 DER encoded signature block */
- mbedtls_pkcs7 pkcs7_structure;
+ if (mbedtls_status == MBEDTLS_PKCS7_SIGNED_DATA) {
- mbedtls_pkcs7_init(&pkcs7_structure);
+ /*
+ * If a separate public key is provided, verify the signature with it,
+ * else use the key from the pkcs7 signature structure, because it is
+ * a self-signed certificate.
+ */
+ if(public_key_cert_len) {
+ /* Parse the public key certificate */
+ mbedtls_x509_crt signer_certificate;
- mbedtls_status = mbedtls_pkcs7_parse_der(&pkcs7_structure, signature_cert,
- signature_cert_len);
+ mbedtls_x509_crt_init(&signer_certificate);
- if (mbedtls_status == MBEDTLS_PKCS7_SIGNED_DATA) {
- /* Verify hash against signed hash */
+ mbedtls_status = mbedtls_x509_crt_parse_der(&signer_certificate, public_key_cert,
+ public_key_cert_len);
+
+ if (mbedtls_status == 0) {
+ /* Verify hash against signed hash */
+ mbedtls_status = mbedtls_pkcs7_signed_hash_verify(
+ &pkcs7_structure, &signer_certificate, hash, hash_len);
+ }
+
+ mbedtls_x509_crt_free(&signer_certificate);
+ } else {
mbedtls_status = mbedtls_pkcs7_signed_hash_verify(
- &pkcs7_structure, &signer_certificate, hash, hash_len);
+ &pkcs7_structure, &pkcs7_structure.private_signed_data.private_certs, hash, hash_len);
}
-
- mbedtls_pkcs7_free(&pkcs7_structure);
}
- mbedtls_x509_crt_free(&signer_certificate);
+ mbedtls_pkcs7_free(&pkcs7_structure);
}
free(signature_cert);
@@ -702,6 +718,128 @@ static rpc_status_t verify_pkcs7_signature_handler(void *context, struct rpc_req
return rpc_status;
}
+
+/*
+ * Official value: http://www.oid-info.com/get/2.5.4.3
+ * Hex converter: https://misc.daniel-marschall.de/asn.1/oid-converter/online.php
+ */
+static const mbedtls_asn1_buf* findCommonName(const mbedtls_x509_name *name)
+{
+ uint8_t CN_oid_tag = 0x06;
+ uint8_t CN_oid_len = 0x03;
+ uint8_t CN_oid_val[3] = {0x55, 0x04, 0x03};
+
+ while (name)
+ {
+ if (name->oid.tag == CN_oid_tag && name->oid.len == CN_oid_len) {
+ if (name->oid.p != NULL) {
+ if (!memcmp(name->oid.p, CN_oid_val, CN_oid_len))
+ return &name->val;
+ }
+ }
+
+ name = name->next;
+ }
+
+ return NULL;
+}
+
+static rpc_status_t get_uefi_priv_auth_var_fingerprint_handler(void *context, struct rpc_request *req)
+{
+ rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
+ struct rpc_buffer *req_buf = &req->request;
+ const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
+
+ int mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL;
+
+ uint8_t *signature_cert = NULL;
+ uint64_t signature_cert_len = 0;
+
+ if (serializer) {
+ /* First collect the lengths of the field */
+ rpc_status = serializer->deserialize_get_uefi_priv_auth_var_fingerprint_req(
+ req_buf, NULL, &signature_cert_len);
+
+ if (rpc_status == RPC_SUCCESS) {
+ /* Allocate the needed space and get the data */
+ signature_cert = (uint8_t *)malloc(signature_cert_len);
+
+ if (signature_cert) {
+ rpc_status = serializer->deserialize_get_uefi_priv_auth_var_fingerprint_req(
+ req_buf, signature_cert, &signature_cert_len);
+ } else {
+ rpc_status = RPC_ERROR_RESOURCE_FAILURE;
+ }
+ }
+ }
+
+ if (rpc_status == RPC_SUCCESS) {
+ /* Parse the PKCS#7 DER encoded signature block */
+ mbedtls_pkcs7 pkcs7_structure;
+
+ mbedtls_pkcs7_init(&pkcs7_structure);
+
+ mbedtls_status = mbedtls_pkcs7_parse_der(&pkcs7_structure, signature_cert,
+ signature_cert_len);
+
+ if (mbedtls_status == MBEDTLS_PKCS7_SIGNED_DATA) {
+
+ uint8_t output_buffer[PSA_HASH_MAX_SIZE] = { 0 };
+ size_t __maybe_unused output_size = 0;
+ const mbedtls_asn1_buf *signerCertCN = NULL;
+ const mbedtls_x509_crt *topLevelCert = &pkcs7_structure.private_signed_data.private_certs;
+ const mbedtls_x509_buf *toplevelCertTbs = NULL;
+ struct rpc_buffer *resp_buf = &req->response;;
+ psa_hash_operation_t op = PSA_HASH_OPERATION_INIT;
+
+ /* Find common name field of the signing certificate, which is the first in the chain */
+ signerCertCN = findCommonName(&topLevelCert->subject);
+ if (!signerCertCN)
+ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL;
+
+ /* Get the TopLevel certificate which is the last in the chain */
+ while(topLevelCert->next)
+ topLevelCert = topLevelCert->next;
+ toplevelCertTbs = &topLevelCert->tbs;
+
+ /* Hash the data to create the fingerprint */
+ op = psa_hash_operation_init();
+
+ if (psa_hash_setup(&op, PSA_ALG_SHA_256) != PSA_SUCCESS)
+ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL;
+
+ if (psa_hash_update(&op, signerCertCN->p, signerCertCN->len)) {
+ psa_hash_abort(&op);
+ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL;
+ }
+
+ if (psa_hash_update(&op, toplevelCertTbs->p, toplevelCertTbs->len)) {
+ psa_hash_abort(&op);
+ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL;
+ }
+
+ if (psa_hash_finish(&op, (uint8_t*)&output_buffer, PSA_HASH_MAX_SIZE, &output_size)) {
+ psa_hash_abort(&op);
+ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL;
+ }
+
+ /* Clear the remaining part of the buffer for consistency */
+ memset(&output_buffer[output_size], 0, PSA_HASH_MAX_SIZE - output_size);
+
+ rpc_status = serializer->serialize_get_uefi_priv_auth_var_fingerprint_resp(
+ resp_buf, (uint8_t*)&output_buffer);
+ }
+
+ mbedtls_pkcs7_free(&pkcs7_structure);
+ }
+
+ free(signature_cert);
+
+ /* Provide the result of the verification */
+ req->service_status = (mbedtls_status == MBEDTLS_PKCS7_SIGNED_DATA) ? EFI_SUCCESS : EFI_COMPROMISED_DATA;
+
+ return rpc_status;
+}
#else
static rpc_status_t verify_pkcs7_signature_handler(void *context, struct rpc_request *req)
{
@@ -710,4 +848,12 @@ static rpc_status_t verify_pkcs7_signature_handler(void *context, struct rpc_req
return RPC_ERROR_INTERNAL;
}
+
+static rpc_status_t get_uefi_priv_auth_var_fingerprint_handler(void *context, struct rpc_request *req)
+{
+ (void)context;
+ (void)req;
+
+ return RPC_ERROR_INTERNAL;
+}
#endif
diff --git a/components/service/crypto/provider/serializer/crypto_provider_serializer.h b/components/service/crypto/provider/serializer/crypto_provider_serializer.h
index bd5336c3d..2b965afdb 100644
--- a/components/service/crypto/provider/serializer/crypto_provider_serializer.h
+++ b/components/service/crypto/provider/serializer/crypto_provider_serializer.h
@@ -126,6 +126,14 @@ struct crypto_provider_serializer {
uint8_t *hash, uint64_t *hash_len,
uint8_t *public_key_cert,
uint64_t *public_key_cert_len);
+
+ /* Operation: get_uefi_priv_auth_var_fingerprintentifier */
+ rpc_status_t (*deserialize_get_uefi_priv_auth_var_fingerprint_req)(const struct rpc_buffer *req_buf,
+ uint8_t *signed_data,
+ uint64_t *signed_data_len);
+
+ rpc_status_t (*serialize_get_uefi_priv_auth_var_fingerprint_resp)(struct rpc_buffer *resp_buf,
+ const uint8_t *output);
};
#endif /* CRYPTO_PROVIDER_SERIALIZER_H */
diff --git a/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c b/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c
index 050ef2f7d..89e07e2c8 100644
--- a/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c
+++ b/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c
@@ -22,6 +22,7 @@
#include <protocols/service/crypto/packed-c/sign_hash.h>
#include <protocols/service/crypto/packed-c/verify_hash.h>
#include <protocols/service/crypto/packed-c/verify_pkcs7_signature.h>
+#include <protocols/service/crypto/packed-c/get_uefi_priv_auth_var_fingerprint.h>
#include <service/crypto/backend/crypto_backend.h>
#include <stdlib.h>
#include <string.h>
@@ -675,6 +676,57 @@ static rpc_status_t deserialize_verify_pkcs7_signature_req(
return rpc_status;
}
+/* Operation: get_uefi_priv_auth_var_fingerprintentifier */
+static rpc_status_t deserialize_get_uefi_priv_auth_var_fingerprint_req(const struct rpc_buffer *req_buf,
+ uint8_t *signed_data,
+ uint64_t *signed_data_len)
+{
+ rpc_status_t rpc_status = RPC_ERROR_INVALID_REQUEST_BODY;
+
+ if (req_buf->data_length) {
+ struct tlv_const_iterator req_iter;
+ struct tlv_record decoded_record;
+
+ rpc_status = RPC_SUCCESS;
+
+ tlv_const_iterator_begin(&req_iter, (uint8_t *)req_buf->data, req_buf->data_length);
+
+ if (tlv_find_decode(&req_iter, TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_IN_TAG_SIGNATURE,
+ &decoded_record)) {
+ *signed_data_len = decoded_record.length;
+
+ if (signed_data)
+ memcpy(signed_data, decoded_record.value, decoded_record.length);
+ } else {
+ /* Default to a zero length */
+ *signed_data_len = 0;
+ }
+ }
+
+ return rpc_status;
+}
+
+static rpc_status_t serialize_get_uefi_priv_auth_var_fingerprint_resp(struct rpc_buffer *resp_buf,
+ const uint8_t *output)
+{
+ rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
+ struct tlv_iterator resp_iter;
+ struct tlv_record out_record;
+
+ out_record.tag = TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_OUT_TAG_IDENTIFIER;
+ out_record.length = PSA_HASH_MAX_SIZE;
+ out_record.value = output;
+
+ tlv_iterator_begin(&resp_iter, resp_buf->data, resp_buf->size);
+
+ if (tlv_encode(&resp_iter, &out_record)) {
+ resp_buf->data_length = tlv_required_space(PSA_HASH_MAX_SIZE);
+ rpc_status = RPC_SUCCESS;
+ }
+
+ return rpc_status;
+}
+
/* Singleton method to provide access to the serializer instance */
const struct crypto_provider_serializer *packedc_crypto_provider_serializer_instance(void)
{
@@ -704,6 +756,8 @@ const struct crypto_provider_serializer *packedc_crypto_provider_serializer_inst
deserialize_generate_random_req,
serialize_generate_random_resp,
deserialize_verify_pkcs7_signature_req,
+ deserialize_get_uefi_priv_auth_var_fingerprint_req,
+ serialize_get_uefi_priv_auth_var_fingerprint_resp
};
return &instance;
diff --git a/components/service/uefi/smm_variable/backend/direct/uefi_direct_backend.c b/components/service/uefi/smm_variable/backend/direct/uefi_direct_backend.c
index bf978c5dd..c7ca07254 100644
--- a/components/service/uefi/smm_variable/backend/direct/uefi_direct_backend.c
+++ b/components/service/uefi/smm_variable/backend/direct/uefi_direct_backend.c
@@ -9,6 +9,8 @@
#include <mbedtls/pkcs7.h>
#include <mbedtls/x509_crt.h>
#include <stdint.h>
+#include <string.h>
+#include <compiler.h>
int verify_pkcs7_signature(const uint8_t *signature_cert, uint64_t signature_cert_len,
const uint8_t *hash, uint64_t hash_len, const uint8_t *public_key_cert,
@@ -46,3 +48,91 @@ int verify_pkcs7_signature(const uint8_t *signature_cert, uint64_t signature_cer
return mbedtls_status;
}
+
+/*
+ * Official value: http://www.oid-info.com/get/2.5.4.3
+ * Hex converter: https://misc.daniel-marschall.de/asn.1/oid-converter/online.php
+ */
+static const mbedtls_asn1_buf* findCommonName(const mbedtls_x509_name *name)
+{
+ uint8_t CN_oid_tag = 0x06;
+ uint8_t CN_oid_len = 0x03;
+ uint8_t CN_oid_val[3] = {0x55, 0x04, 0x03};
+
+ while (name)
+ {
+ if (name->oid.tag == CN_oid_tag && name->oid.len == CN_oid_len) {
+ if (name->oid.p != NULL) {
+ if (!memcmp(name->oid.p, CN_oid_val, CN_oid_len))
+ return &name->val;
+ }
+ }
+
+ name = name->next;
+ }
+
+ return NULL;
+}
+
+int get_uefi_priv_auth_var_fingerprint_handler(const uint8_t *signature_cert,
+ uint64_t signature_cert_len,
+ uint8_t *output)
+{
+ int mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL;
+
+ /* Parse the PKCS#7 DER encoded signature block */
+ mbedtls_pkcs7 pkcs7_structure;
+
+ mbedtls_pkcs7_init(&pkcs7_structure);
+
+ mbedtls_status = mbedtls_pkcs7_parse_der(&pkcs7_structure, signature_cert,
+ signature_cert_len);
+
+ if (mbedtls_status == MBEDTLS_PKCS7_SIGNED_DATA) {
+
+ uint8_t output_buffer[PSA_HASH_MAX_SIZE] = { 0 };
+ size_t __maybe_unused output_size = 0;
+ const mbedtls_asn1_buf *signerCertCN = NULL;
+ const mbedtls_x509_crt *topLevelCert = &pkcs7_structure.private_signed_data.private_certs;
+ const mbedtls_x509_buf *toplevelCertTbs = NULL;
+ psa_hash_operation_t op = PSA_HASH_OPERATION_INIT;
+
+ /* Find common name field of the signing certificate, which is the first in the chain */
+ signerCertCN = findCommonName(&topLevelCert->subject);
+ if (!signerCertCN)
+ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL;
+
+ /* Get the TopLevel certificate which is the last in the chain */
+ while(topLevelCert->next)
+ topLevelCert = topLevelCert->next;
+ toplevelCertTbs = &topLevelCert->tbs;
+
+ /* Hash the data to create the fingerprint */
+ op = psa_hash_operation_init();
+
+ if (psa_hash_setup(&op, PSA_ALG_SHA_256) != PSA_SUCCESS)
+ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL;
+
+ if (psa_hash_update(&op, signerCertCN->p, signerCertCN->len)) {
+ psa_hash_abort(&op);
+ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL;
+ }
+
+ if (psa_hash_update(&op, toplevelCertTbs->p, toplevelCertTbs->len)) {
+ psa_hash_abort(&op);
+ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL;
+ }
+
+ if (psa_hash_finish(&op, (uint8_t*)&output_buffer, PSA_HASH_MAX_SIZE, &output_size)) {
+ psa_hash_abort(&op);
+ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL;
+ }
+
+ /* Clear the remaining part of the buffer for consistency */
+ memset(&output_buffer[output_size], 0, PSA_HASH_MAX_SIZE - output_size);
+ }
+
+ mbedtls_pkcs7_free(&pkcs7_structure);
+
+ return mbedtls_status;
+}
diff --git a/deployments/smm-gateway/smm-gateway.cmake b/deployments/smm-gateway/smm-gateway.cmake
index e5ee03b60..de519892d 100644
--- a/deployments/smm-gateway/smm-gateway.cmake
+++ b/deployments/smm-gateway/smm-gateway.cmake
@@ -17,6 +17,11 @@ include(${TS_ROOT}/external/MbedTLS/MbedTLS.cmake)
target_link_libraries(smm-gateway PRIVATE MbedTLS::mbedcrypto)
target_link_libraries(smm-gateway PRIVATE MbedTLS::mbedx509)
+# Pass the location of the mbedtls config file to C preprocessor.
+target_compile_definitions(smm-gateway PRIVATE
+ MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}"
+)
+
target_compile_definitions(smm-gateway PRIVATE
-DUEFI_INTERNAL_CRYPTO
)
diff --git a/protocols/service/crypto/packed-c/get_uefi_priv_auth_var_fingerprint.h b/protocols/service/crypto/packed-c/get_uefi_priv_auth_var_fingerprint.h
new file mode 100644
index 000000000..29964b33c
--- /dev/null
+++ b/protocols/service/crypto/packed-c/get_uefi_priv_auth_var_fingerprint.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_H
+#define TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_H
+
+#include <stdint.h>
+
+/* Variable length output parameter tags */
+enum {
+ TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_OUT_TAG_IDENTIFIER = 1,
+};
+
+/* Variable length input parameter tags */
+enum {
+ TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_IN_TAG_SIGNATURE = 1,
+};
+
+#endif /* TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_H */
diff --git a/protocols/service/crypto/packed-c/opcodes.h b/protocols/service/crypto/packed-c/opcodes.h
index 35b81599b..8bc2b49b0 100644
--- a/protocols/service/crypto/packed-c/opcodes.h
+++ b/protocols/service/crypto/packed-c/opcodes.h
@@ -28,6 +28,7 @@
#define TS_CRYPTO_OPCODE_SIGN_MESSAGE (TS_CRYPTO_OPCODE_BASE + 16)
#define TS_CRYPTO_OPCODE_VERIFY_MESSAGE (TS_CRYPTO_OPCODE_BASE + 17)
#define TS_CRYPTO_OPCODE_VERIFY_PKCS7_SIGNATURE (TS_CRYPTO_OPCODE_BASE + 18)
+#define TS_CRYPTO_OPCODE_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT (TS_CRYPTO_OPCODE_BASE + 19)
/* Hash operations */
#define TS_CRYPTO_OPCODE_HASH_BASE (0x0200)
--
2.25.1

146
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Add-timestamp-validation-for-uefi-variables.patch Normal file
View File

@@ -0,0 +1,146 @@
From 5b418e141aadcb6604406f75e156317bd143d898 Mon Sep 17 00:00:00 2001
From: Gabor Toth <gabor.toth2@arm.com>
Date: Fri, 5 Apr 2024 11:27:15 +0200
Subject: [PATCH 1/3] Add timestamp validation for uefi variables
Return failure if uefi variable creation or update is not
requested with newer timestamp.
Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/27955]
---
.../backend/uefi_variable_store.c | 35 +++++++++++++++----
.../smm_variable/backend/variable_index.c | 1 +
.../smm_variable/backend/variable_index.h | 1 +
3 files changed, 30 insertions(+), 7 deletions(-)
diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.c b/components/service/uefi/smm_variable/backend/uefi_variable_store.c
index c1691dc8f..1b624f0c9 100644
--- a/components/service/uefi/smm_variable/backend/uefi_variable_store.c
+++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.c
@@ -76,6 +76,7 @@ static efi_status_t verify_var_by_key_var(const efi_data_map *new_var,
const uint8_t *hash_buffer, size_t hash_len);
static efi_status_t authenticate_variable(const struct uefi_variable_store *context,
+ EFI_TIME *timestamp,
SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var);
#endif
@@ -197,6 +198,7 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store *
const SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var)
{
bool should_sync_index = false;
+ EFI_TIME timestamp = { 0 };
/* Validate incoming request */
efi_status_t status = check_name_terminator(var->Name, var->NameSize);
@@ -225,6 +227,9 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store *
return EFI_OUT_OF_RESOURCES;
}
+ /* Save the timestamp into a buffer, which can be overwritten by the authentication function */
+ memcpy(&timestamp, &info->metadata.timestamp, sizeof(EFI_TIME));
+
/* Control access */
status = check_access_permitted_on_set(context, info, var);
@@ -240,7 +245,7 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store *
if (info->metadata.attributes &
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) {
status = authenticate_variable(
- context, (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)var);
+ context, &timestamp, (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)var);
if (status != EFI_SUCCESS)
return status;
@@ -326,7 +331,7 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store *
*/
if (var->Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) {
status = authenticate_variable(
- context, (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)var);
+ context, &timestamp, (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)var);
if (status != EFI_SUCCESS)
return status;
@@ -358,9 +363,11 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store *
if (should_sync_index)
status = sync_variable_index(context);
- /* Store any variable data to the storage backend */
- if (info->is_variable_set && (status == EFI_SUCCESS))
+ /* Store any variable data to the storage backend with the updated metadata */
+ if (info->is_variable_set && (status == EFI_SUCCESS)) {
+ memcpy(&info->metadata.timestamp, &timestamp, sizeof(EFI_TIME));
status = store_variable_data(context, info, var);
+ }
}
variable_index_remove_unused_entry(&context->variable_index, info);
@@ -1106,6 +1113,7 @@ static efi_status_t verify_var_by_key_var(const efi_data_map *new_var,
* then verifies it.
*/
static efi_status_t authenticate_variable(const struct uefi_variable_store *context,
+ EFI_TIME *timestamp,
SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var)
{
efi_status_t status = EFI_SUCCESS;
@@ -1223,9 +1231,7 @@ static efi_status_t authenticate_variable(const struct uefi_variable_store *cont
*
* UEFI: Page 253
* 2. Verify that Pad1, Nanosecond, TimeZone, Daylight and Pad2 components
- * of the TimeStamp value are set to zero. Unless the EFI_VARIABLE_APPEND_WRITE
- * attribute is set, verify that the TimeStamp value is later than the current
- * timestamp value associated with the variable
+ * of the TimeStamp value are set to zero.
*/
if ((var_map.efi_auth_descriptor->TimeStamp.Pad1 != 0) ||
(var_map.efi_auth_descriptor->TimeStamp.Pad2 != 0) ||
@@ -1235,6 +1241,21 @@ static efi_status_t authenticate_variable(const struct uefi_variable_store *cont
return EFI_SECURITY_VIOLATION;
}
+ /**
+ * UEFI: Page 253
+ * Unless the EFI_VARIABLE_APPEND_WRITE attribute is set, verify
+ * that the TimeStamp value is later than the current
+ * timestamp value associated with the variable
+ */
+ if (!(var->Attributes & EFI_VARIABLE_APPEND_WRITE)) {
+ if (memcmp(&var_map.efi_auth_descriptor->TimeStamp, timestamp, sizeof(EFI_GUID)) <= 0) {
+ EMSG("Timestamp violation");
+ return EFI_SECURITY_VIOLATION;
+ }
+
+ /* Save new timestamp */
+ memcpy(timestamp, &var_map.efi_auth_descriptor->TimeStamp, sizeof(EFI_TIME));
+ }
/* Calculate hash for the variable only once */
hash_result = calc_variable_hash(&var_map, (uint8_t *)&hash_buffer, sizeof(hash_buffer),
&hash_len);
diff --git a/components/service/uefi/smm_variable/backend/variable_index.c b/components/service/uefi/smm_variable/backend/variable_index.c
index e2fe6dd38..f4194d2d3 100644
--- a/components/service/uefi/smm_variable/backend/variable_index.c
+++ b/components/service/uefi/smm_variable/backend/variable_index.c
@@ -198,6 +198,7 @@ static struct variable_entry *add_entry(const struct variable_index *context, co
/* Initialize metadata */
info->metadata.uid = generate_uid(context, guid, name_size, name);
info->metadata.guid = *guid;
+ memset(&info->metadata.timestamp, 0, sizeof(EFI_TIME));
info->metadata.attributes = 0;
info->metadata.name_size = name_size;
memcpy(info->metadata.name, name, name_size);
diff --git a/components/service/uefi/smm_variable/backend/variable_index.h b/components/service/uefi/smm_variable/backend/variable_index.h
index 5d3b7a7c6..7eef7b86b 100644
--- a/components/service/uefi/smm_variable/backend/variable_index.h
+++ b/components/service/uefi/smm_variable/backend/variable_index.h
@@ -32,6 +32,7 @@ extern "C" {
*/
struct variable_metadata {
EFI_GUID guid;
+ EFI_TIME timestamp;
size_t name_size;
int16_t name[VARIABLE_INDEX_MAX_NAME_SIZE];
uint32_t attributes;
--
2.25.1

282
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Isolate-common-uefi-variable-authentication-steps.patch Normal file
View File

@@ -0,0 +1,282 @@
From 19e79008e0fa3193b54bf6499516dc75cb10f6ec Mon Sep 17 00:00:00 2001
From: Gabor Toth <gabor.toth2@arm.com>
Date: Thu, 11 Apr 2024 13:42:03 +0200
Subject: [PATCH 2/3] Isolate common uefi variable authentication steps
Currently all auth variables are authenticated with the secure boot
keys. To introduce corrent check for Private Authenticated Variables
first separate the common steps from the secure boot related steps.
Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/27956]
---
.../backend/uefi_variable_store.c | 191 ++++++++++--------
1 file changed, 103 insertions(+), 88 deletions(-)
diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.c b/components/service/uefi/smm_variable/backend/uefi_variable_store.c
index 1b624f0c9..1384d0def 100644
--- a/components/service/uefi/smm_variable/backend/uefi_variable_store.c
+++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.c
@@ -78,6 +78,12 @@ static efi_status_t verify_var_by_key_var(const efi_data_map *new_var,
static efi_status_t authenticate_variable(const struct uefi_variable_store *context,
EFI_TIME *timestamp,
SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var);
+
+static efi_status_t authenticate_secure_boot_variable(const struct uefi_variable_store *context,
+ efi_data_map* var_map,
+ uint8_t* hash_buffer,
+ size_t hash_len,
+ uint64_t max_variable_size);
#endif
static efi_status_t store_variable_data(const struct uefi_variable_store *context,
@@ -1118,30 +1124,109 @@ static efi_status_t authenticate_variable(const struct uefi_variable_store *cont
{
efi_status_t status = EFI_SUCCESS;
EFI_GUID pkcs7_guid = EFI_CERT_TYPE_PKCS7_GUID;
- EFI_GUID global_variable_guid = EFI_GLOBAL_VARIABLE;
- EFI_GUID security_database_guid = EFI_IMAGE_SECURITY_DATABASE_GUID;
SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO variable_info = { 0, 0, 0, 0 };
- SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *pk_variable = NULL;
- size_t pk_payload_size = 0;
efi_data_map var_map = { NULL, NULL, NULL, 0, 0, NULL, 0, NULL };
uint8_t hash_buffer[PSA_HASH_MAX_SIZE];
size_t hash_len = 0;
- bool hash_result = false;
/* Create a map of the fields of the new variable including the auth header */
if (!init_efi_data_map(var, true, &var_map))
return EFI_SECURITY_VIOLATION;
- /* database variables can be verified by either PK or KEK while images
- * should be checked by db and dbx so the length of two will be enough.
- */
- SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *allowed_key_store_variables[] = { NULL, NULL };
-
/* Find the maximal size of variables for the GetVariable operation */
status = uefi_variable_store_query_variable_info(context, &variable_info);
if (status != EFI_SUCCESS)
return EFI_SECURITY_VIOLATION;
+ /**
+ * UEFI: Page 246
+ * If the EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute is set in a
+ * SetVariable() call, and firmware does not support signature type of the certificate
+ * included in the EFI_VARIABLE_AUTHENTICATION_2 descriptor, then the SetVariable() call
+ * shall return EFI_INVALID_PARAMETER. The list of signature types supported by the
+ * firmware is defined by the SignatureSupport variable. Signature type of the certificate
+ * is defined by its digest and encryption algorithms.
+ */
+ /* TODO: Should support WIN_CERT_TYPE_PKCS_SIGNED_DATA and WIN_CERT_TYPE_EFI_PKCS115 */
+ if (var_map.efi_auth_descriptor->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID)
+ return EFI_INVALID_PARAMETER;
+
+ /* Only a CertType of EFI_CERT_TYPE_PKCS7_GUID is accepted */
+ if (!compare_guid(&var_map.efi_auth_descriptor->AuthInfo.CertType, &pkcs7_guid))
+ return EFI_SECURITY_VIOLATION;
+
+ /**
+ * Time associated with the authentication descriptor. For the TimeStamp value,
+ * components Pad1, Nanosecond, TimeZone, Daylight and Pad2 shall be set to 0.
+ * This means that the time shall always be expressed in GMT.
+ *
+ * UEFI: Page 253
+ * 2. Verify that Pad1, Nanosecond, TimeZone, Daylight and Pad2 components
+ * of the TimeStamp value are set to zero.
+ */
+ if ((var_map.efi_auth_descriptor->TimeStamp.Pad1 != 0) ||
+ (var_map.efi_auth_descriptor->TimeStamp.Pad2 != 0) ||
+ (var_map.efi_auth_descriptor->TimeStamp.Nanosecond != 0) ||
+ (var_map.efi_auth_descriptor->TimeStamp.TimeZone != 0) ||
+ (var_map.efi_auth_descriptor->TimeStamp.Daylight != 0)) {
+ return EFI_SECURITY_VIOLATION;
+ }
+
+ /**
+ * UEFI: Page 253
+ * Unless the EFI_VARIABLE_APPEND_WRITE attribute is set, verify
+ * that the TimeStamp value is later than the current
+ * timestamp value associated with the variable
+ */
+ if (!(var->Attributes & EFI_VARIABLE_APPEND_WRITE)) {
+ if (memcmp(&var_map.efi_auth_descriptor->TimeStamp, timestamp, sizeof(EFI_GUID)) <= 0) {
+ EMSG("Timestamp violation");
+ return EFI_SECURITY_VIOLATION;
+ }
+
+ /* Save new timestamp */
+ memcpy(timestamp, &var_map.efi_auth_descriptor->TimeStamp, sizeof(EFI_TIME));
+ }
+ /* Calculate hash for the variable only once */
+ if (calc_variable_hash(&var_map, (uint8_t *)&hash_buffer, sizeof(hash_buffer), &hash_len) == 0) {
+ status = EFI_SECURITY_VIOLATION;
+ }
+
+ /* Run Secure Boot related authentication steps */
+ status = authenticate_secure_boot_variable(context, &var_map, (uint8_t*) &hash_buffer, hash_len, variable_info.MaximumVariableSize);
+
+ /* Remove the authentication header from the variable if the authentication is successful */
+ if (status == EFI_SUCCESS) {
+ uint8_t *smm_payload =
+ (uint8_t *)var + SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(var);
+
+ memmove(smm_payload, var_map.payload, var_map.payload_len);
+ memset((uint8_t *)smm_payload + var_map.payload_len, 0,
+ var_map.efi_auth_descriptor_len);
+
+ var->DataSize -= var_map.efi_auth_descriptor_len;
+ }
+
+ return status;
+}
+
+static efi_status_t authenticate_secure_boot_variable(const struct uefi_variable_store *context,
+ efi_data_map* var_map,
+ uint8_t* hash_buffer,
+ size_t hash_len,
+ uint64_t max_variable_size)
+{
+ efi_status_t status = EFI_SUCCESS;
+ EFI_GUID global_variable_guid = EFI_GLOBAL_VARIABLE;
+ EFI_GUID security_database_guid = EFI_IMAGE_SECURITY_DATABASE_GUID;
+ SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *pk_variable = NULL;
+ size_t pk_payload_size = 0;
+
+ /* database variables can be verified by either PK or KEK while images
+ * should be checked by db and dbx so the length of two will be enough.
+ */
+ SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *allowed_key_store_variables[] = { NULL, NULL };
+
/**
* UEFI: Page 253
* 3. If the variable SetupMode==1, and the variable is a secure
@@ -1166,14 +1251,14 @@ static efi_status_t authenticate_variable(const struct uefi_variable_store *cont
* Platform Key is checked to enable or disable authentication.
*/
create_smm_variable(&pk_variable, sizeof(EFI_PLATFORM_KEY_NAME),
- variable_info.MaximumVariableSize, (uint8_t *)EFI_PLATFORM_KEY_NAME,
+ max_variable_size, (uint8_t *)EFI_PLATFORM_KEY_NAME,
&global_variable_guid);
if (!pk_variable)
return EFI_OUT_OF_RESOURCES;
status = uefi_variable_store_get_variable(
- context, pk_variable, variable_info.MaximumVariableSize, &pk_payload_size);
+ context, pk_variable, max_variable_size, &pk_payload_size);
/* If PK does not exist authentication is disabled */
if (status != EFI_SUCCESS) {
@@ -1207,66 +1292,8 @@ static efi_status_t authenticate_variable(const struct uefi_variable_store *cont
goto end;
}
- /**
- * UEFI: Page 246
- * If the EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute is set in a
- * SetVariable() call, and firmware does not support signature type of the certificate
- * included in the EFI_VARIABLE_AUTHENTICATION_2 descriptor, then the SetVariable() call
- * shall return EFI_INVALID_PARAMETER. The list of signature types supported by the
- * firmware is defined by the SignatureSupport variable. Signature type of the certificate
- * is defined by its digest and encryption algorithms.
- */
- /* TODO: Should support WIN_CERT_TYPE_PKCS_SIGNED_DATA and WIN_CERT_TYPE_EFI_PKCS115 */
- if (var_map.efi_auth_descriptor->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID)
- return EFI_INVALID_PARAMETER;
-
- /* Only a CertType of EFI_CERT_TYPE_PKCS7_GUID is accepted */
- if (!compare_guid(&var_map.efi_auth_descriptor->AuthInfo.CertType, &pkcs7_guid))
- return EFI_SECURITY_VIOLATION;
-
- /**
- * Time associated with the authentication descriptor. For the TimeStamp value,
- * components Pad1, Nanosecond, TimeZone, Daylight and Pad2 shall be set to 0.
- * This means that the time shall always be expressed in GMT.
- *
- * UEFI: Page 253
- * 2. Verify that Pad1, Nanosecond, TimeZone, Daylight and Pad2 components
- * of the TimeStamp value are set to zero.
- */
- if ((var_map.efi_auth_descriptor->TimeStamp.Pad1 != 0) ||
- (var_map.efi_auth_descriptor->TimeStamp.Pad2 != 0) ||
- (var_map.efi_auth_descriptor->TimeStamp.Nanosecond != 0) ||
- (var_map.efi_auth_descriptor->TimeStamp.TimeZone != 0) ||
- (var_map.efi_auth_descriptor->TimeStamp.Daylight != 0)) {
- return EFI_SECURITY_VIOLATION;
- }
-
- /**
- * UEFI: Page 253
- * Unless the EFI_VARIABLE_APPEND_WRITE attribute is set, verify
- * that the TimeStamp value is later than the current
- * timestamp value associated with the variable
- */
- if (!(var->Attributes & EFI_VARIABLE_APPEND_WRITE)) {
- if (memcmp(&var_map.efi_auth_descriptor->TimeStamp, timestamp, sizeof(EFI_GUID)) <= 0) {
- EMSG("Timestamp violation");
- return EFI_SECURITY_VIOLATION;
- }
-
- /* Save new timestamp */
- memcpy(timestamp, &var_map.efi_auth_descriptor->TimeStamp, sizeof(EFI_TIME));
- }
- /* Calculate hash for the variable only once */
- hash_result = calc_variable_hash(&var_map, (uint8_t *)&hash_buffer, sizeof(hash_buffer),
- &hash_len);
-
- if (!hash_result) {
- status = EFI_SECURITY_VIOLATION;
- goto end;
- }
-
- status = select_verification_keys(var_map, global_variable_guid, security_database_guid,
- variable_info.MaximumVariableSize,
+ status = select_verification_keys(*var_map, global_variable_guid, security_database_guid,
+ max_variable_size,
&allowed_key_store_variables[0]);
if (status != EFI_SUCCESS)
@@ -1280,8 +1307,8 @@ static efi_status_t authenticate_variable(const struct uefi_variable_store *cont
continue;
status = uefi_variable_store_get_variable(context, allowed_key_store_variables[i],
- variable_info.MaximumVariableSize,
- &actual_variable_length);
+ max_variable_size,
+ &actual_variable_length);
if (status) {
/* When the parent does not exist it is considered verification failure */
@@ -1297,8 +1324,8 @@ static efi_status_t authenticate_variable(const struct uefi_variable_store *cont
goto end;
}
- status = verify_var_by_key_var(&var_map, &allowed_key_store_var_map,
- (uint8_t *)&hash_buffer, hash_len);
+ status = verify_var_by_key_var(var_map, &allowed_key_store_var_map,
+ hash_buffer, hash_len);
if (status == EFI_SUCCESS)
goto end;
@@ -1311,18 +1338,6 @@ end:
free(allowed_key_store_variables[i]);
}
- /* Remove the authentication header from the variable if the authentication is successful */
- if (status == EFI_SUCCESS) {
- uint8_t *smm_payload =
- (uint8_t *)var + SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(var);
-
- memmove(smm_payload, var_map.payload, var_map.payload_len);
- memset((uint8_t *)smm_payload + var_map.payload_len, 0,
- var_map.efi_auth_descriptor_len);
-
- var->DataSize -= var_map.efi_auth_descriptor_len;
- }
-
return status;
}
#endif
--
2.25.1

292
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Implement-Private-Authenticated-Variable-verificatio.patch Normal file
View File

@@ -0,0 +1,292 @@
From a172c6e8269915db1b25e2749bae06dc0220cfb8 Mon Sep 17 00:00:00 2001
From: Gabor Toth <gabor.toth2@arm.com>
Date: Thu, 11 Apr 2024 13:48:14 +0200
Subject: [PATCH 3/3] Implement Private Authenticated Variable verification
Refactor the implementation to only use the PK, KEK, DB authentication
chain for boot variables, and implement the self authentication for
private authenticated variables.
Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/27957]
---
.../backend/uefi_variable_store.c | 126 +++++++++++++++---
.../smm_variable/backend/variable_index.c | 1 +
.../smm_variable/backend/variable_index.h | 2 +
.../config/default-opteesp/CMakeLists.txt | 2 +-
.../config/default-sp/CMakeLists.txt | 2 +-
5 files changed, 112 insertions(+), 21 deletions(-)
diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.c b/components/service/uefi/smm_variable/backend/uefi_variable_store.c
index 1384d0def..97c43dc74 100644
--- a/components/service/uefi/smm_variable/backend/uefi_variable_store.c
+++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.c
@@ -75,15 +75,25 @@ static efi_status_t verify_var_by_key_var(const efi_data_map *new_var,
const efi_data_map *key_store_var,
const uint8_t *hash_buffer, size_t hash_len);
+static bool isPrivateAuthVar(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var);
+
static efi_status_t authenticate_variable(const struct uefi_variable_store *context,
- EFI_TIME *timestamp,
- SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var);
+ EFI_TIME *timestamp, uint8_t (*fingerprint)[FINGERPRINT_SIZE],
+ bool new_variable, SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var);
static efi_status_t authenticate_secure_boot_variable(const struct uefi_variable_store *context,
efi_data_map* var_map,
uint8_t* hash_buffer,
size_t hash_len,
uint64_t max_variable_size);
+
+static efi_status_t authenticate_private_variable(const struct uefi_variable_store *context,
+ efi_data_map* var_map,
+ uint8_t* hash_buffer,
+ size_t hash_len,
+ uint64_t max_variable_size,
+ bool new_variable,
+ uint8_t (*fingerprint)[FINGERPRINT_SIZE]);
#endif
static efi_status_t store_variable_data(const struct uefi_variable_store *context,
@@ -205,6 +215,7 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store *
{
bool should_sync_index = false;
EFI_TIME timestamp = { 0 };
+ uint8_t fingerprint[FINGERPRINT_SIZE] = { 0 };
/* Validate incoming request */
efi_status_t status = check_name_terminator(var->Name, var->NameSize);
@@ -233,8 +244,9 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store *
return EFI_OUT_OF_RESOURCES;
}
- /* Save the timestamp into a buffer, which can be overwritten by the authentication function */
+ /* Save the timestamp and fingerprints into a buffer, which can be overwritten by the authentication function */
memcpy(&timestamp, &info->metadata.timestamp, sizeof(EFI_TIME));
+ memcpy(&fingerprint, &info->metadata.fingerprint, FINGERPRINT_SIZE);
/* Control access */
status = check_access_permitted_on_set(context, info, var);
@@ -251,7 +263,8 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store *
if (info->metadata.attributes &
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) {
status = authenticate_variable(
- context, &timestamp, (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)var);
+ context, &timestamp, &fingerprint, false,
+ (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)var);
if (status != EFI_SUCCESS)
return status;
@@ -337,7 +350,8 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store *
*/
if (var->Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) {
status = authenticate_variable(
- context, &timestamp, (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)var);
+ context, &timestamp, &fingerprint, true,
+ (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)var);
if (status != EFI_SUCCESS)
return status;
@@ -372,6 +386,7 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store *
/* Store any variable data to the storage backend with the updated metadata */
if (info->is_variable_set && (status == EFI_SUCCESS)) {
memcpy(&info->metadata.timestamp, &timestamp, sizeof(EFI_TIME));
+ memcpy(&info->metadata.fingerprint, &fingerprint, FINGERPRINT_SIZE);
status = store_variable_data(context, info, var);
}
}
@@ -1030,15 +1045,6 @@ select_verification_keys(const efi_data_map new_var, EFI_GUID global_variable_gu
create_smm_variable(&(allowed_key_store_variables[1]),
sizeof(EFI_KEY_EXCHANGE_KEY_NAME), maximum_variable_size,
(uint8_t *)EFI_KEY_EXCHANGE_KEY_NAME, &global_variable_guid);
- } else {
- /*
- * Any other variable is considered Private Authenticated Variable.
- * These are verified by db
- */
- create_smm_variable(&(allowed_key_store_variables[0]),
- sizeof(EFI_IMAGE_SECURITY_DATABASE), maximum_variable_size,
- (uint8_t *)EFI_IMAGE_SECURITY_DATABASE,
- &security_database_guid);
}
return EFI_SUCCESS;
@@ -1114,13 +1120,39 @@ static efi_status_t verify_var_by_key_var(const efi_data_map *new_var,
return EFI_SECURITY_VIOLATION;
}
-/* Basic verification of the authentication header of the new variable.
+static bool isPrivateAuthVar(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var)
+{
+ if (compare_name_to_key_store_name(var->Name,
+ var->NameSize, EFI_PLATFORM_KEY_NAME,
+ sizeof(EFI_PLATFORM_KEY_NAME)) ||
+ compare_name_to_key_store_name(
+ var->Name, var->NameSize,
+ EFI_KEY_EXCHANGE_KEY_NAME, sizeof(EFI_KEY_EXCHANGE_KEY_NAME)) ||
+ compare_name_to_key_store_name(
+ var->Name, var->NameSize,
+ EFI_IMAGE_SECURITY_DATABASE, sizeof(EFI_IMAGE_SECURITY_DATABASE)) ||
+ compare_name_to_key_store_name(
+ var->Name, var->NameSize,
+ EFI_IMAGE_SECURITY_DATABASE1, sizeof(EFI_IMAGE_SECURITY_DATABASE1)) ||
+ compare_name_to_key_store_name(
+ var->Name, var->NameSize,
+ EFI_IMAGE_SECURITY_DATABASE2, sizeof(EFI_IMAGE_SECURITY_DATABASE2)) ||
+ compare_name_to_key_store_name(
+ var->Name, var->NameSize,
+ EFI_IMAGE_SECURITY_DATABASE3, sizeof(EFI_IMAGE_SECURITY_DATABASE3)))
+ return false;
+
+ return true;
+}
+
+/*
+ * Basic verification of the authentication header of the new variable.
* First finds the key variable responsible for the authentication of the new variable,
* then verifies it.
*/
static efi_status_t authenticate_variable(const struct uefi_variable_store *context,
- EFI_TIME *timestamp,
- SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var)
+ EFI_TIME *timestamp, uint8_t (*fingerprint)[FINGERPRINT_SIZE],
+ bool new_variable, SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var)
{
efi_status_t status = EFI_SUCCESS;
EFI_GUID pkcs7_guid = EFI_CERT_TYPE_PKCS7_GUID;
@@ -1192,8 +1224,13 @@ static efi_status_t authenticate_variable(const struct uefi_variable_store *cont
status = EFI_SECURITY_VIOLATION;
}
- /* Run Secure Boot related authentication steps */
- status = authenticate_secure_boot_variable(context, &var_map, (uint8_t*) &hash_buffer, hash_len, variable_info.MaximumVariableSize);
+ if (isPrivateAuthVar(var)) {
+ /* Run Private Authenticated Variable related authentication steps */
+ status = authenticate_private_variable(context, &var_map, (uint8_t*) &hash_buffer, hash_len, variable_info.MaximumVariableSize, new_variable, fingerprint);
+ } else {
+ /* Run Secure Boot related authentication steps */
+ status = authenticate_secure_boot_variable(context, &var_map, (uint8_t*) &hash_buffer, hash_len, variable_info.MaximumVariableSize);
+ }
/* Remove the authentication header from the variable if the authentication is successful */
if (status == EFI_SUCCESS) {
@@ -1340,6 +1377,57 @@ end:
return status;
}
+
+static efi_status_t authenticate_private_variable(const struct uefi_variable_store *context,
+ efi_data_map* var_map,
+ uint8_t* hash_buffer,
+ size_t hash_len,
+ uint64_t max_variable_size,
+ bool new_variable,
+ uint8_t (*fingerprint)[FINGERPRINT_SIZE])
+{
+ efi_status_t status = EFI_SUCCESS;
+ uint8_t new_fingerprint[PSA_HASH_MAX_SIZE] = { 0 };
+
+ /* Verify the signature of the variable */
+ if (verify_pkcs7_signature(
+ var_map->efi_auth_descriptor->AuthInfo.CertData,
+ var_map->efi_auth_descriptor_certdata_len, hash_buffer,
+ hash_len, NULL, 0) == 0)
+ status = EFI_SUCCESS;
+ else
+ return EFI_SECURITY_VIOLATION;
+
+ /**
+ * UEFI: Page 254
+ * CN of the signing certificates Subject and the hash of the tbsCertificate of the top-level issuer certificate
+ * (or the signing certificate itself if no other certificates are present or the certificate chain is of length 1)
+ * in SignedData.certificates is registered for use in subsequent verifications of this variable. Implementations
+ * may store just a single hash of these two elements to reduce storage requirements.
+ */
+ if (get_uefi_priv_auth_var_fingerprint_handler(var_map->efi_auth_descriptor->AuthInfo.CertData,
+ var_map->efi_auth_descriptor_certdata_len,
+ (uint8_t*)&new_fingerprint)) {
+ EMSG("Failed to querry variable fingerprint input");
+ return EFI_SECURITY_VIOLATION;
+ }
+
+ /*
+ * The hash is SHA256 so only 32 bytes contain non zero values.
+ * Use only that part to decrease metadata size.
+ */
+ if (!new_variable) {
+ if (memcmp(&new_fingerprint, fingerprint, FINGERPRINT_SIZE)) {
+ EMSG("Fingerprint verification failed");
+ return EFI_SECURITY_VIOLATION;
+ }
+ } else {
+ /* Save fingerprint */
+ memcpy(fingerprint, &new_fingerprint, FINGERPRINT_SIZE);
+ }
+
+ return status;
+}
#endif
static efi_status_t store_variable_data(const struct uefi_variable_store *context,
diff --git a/components/service/uefi/smm_variable/backend/variable_index.c b/components/service/uefi/smm_variable/backend/variable_index.c
index f4194d2d3..7f2fbe0ba 100644
--- a/components/service/uefi/smm_variable/backend/variable_index.c
+++ b/components/service/uefi/smm_variable/backend/variable_index.c
@@ -199,6 +199,7 @@ static struct variable_entry *add_entry(const struct variable_index *context, co
info->metadata.uid = generate_uid(context, guid, name_size, name);
info->metadata.guid = *guid;
memset(&info->metadata.timestamp, 0, sizeof(EFI_TIME));
+ memset(&info->metadata.fingerprint, 0, sizeof(FINGERPRINT_SIZE));
info->metadata.attributes = 0;
info->metadata.name_size = name_size;
memcpy(info->metadata.name, name, name_size);
diff --git a/components/service/uefi/smm_variable/backend/variable_index.h b/components/service/uefi/smm_variable/backend/variable_index.h
index 7eef7b86b..726bc985a 100644
--- a/components/service/uefi/smm_variable/backend/variable_index.h
+++ b/components/service/uefi/smm_variable/backend/variable_index.h
@@ -24,6 +24,7 @@ extern "C" {
* Implementation limits
*/
#define VARIABLE_INDEX_MAX_NAME_SIZE (64)
+#define FINGERPRINT_SIZE (32)
/**
* \brief variable_metadata structure definition
@@ -33,6 +34,7 @@ extern "C" {
struct variable_metadata {
EFI_GUID guid;
EFI_TIME timestamp;
+ uint8_t fingerprint[FINGERPRINT_SIZE];
size_t name_size;
int16_t name[VARIABLE_INDEX_MAX_NAME_SIZE];
uint32_t attributes;
diff --git a/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt b/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt
index 0e281a377..d3df61ded 100644
--- a/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt
+++ b/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt
@@ -42,7 +42,7 @@ set(SP_BOOT_ORDER "8" CACHE STRING "Boot order of the SP")
add_platform(TARGET "smm-gateway")
# SMM variable and RPC caller settings
-set(SMM_GATEWAY_MAX_UEFI_VARIABLES 40 CACHE STRING "Maximum UEFI variable count")
+set(SMM_GATEWAY_MAX_UEFI_VARIABLES 35 CACHE STRING "Maximum UEFI variable count")
set(SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE 2*4096 CACHE STRING "RPC caller buffer size in SMMGW")
if (UEFI_AUTH_VAR)
set(SMM_SP_HEAP_SIZE 64*1024 CACHE STRING "SMM gateway SP heap size")
diff --git a/deployments/smm-gateway/config/default-sp/CMakeLists.txt b/deployments/smm-gateway/config/default-sp/CMakeLists.txt
index 8df9256e4..bb97cf8e3 100644
--- a/deployments/smm-gateway/config/default-sp/CMakeLists.txt
+++ b/deployments/smm-gateway/config/default-sp/CMakeLists.txt
@@ -47,7 +47,7 @@ set(SP_BOOT_ORDER "8" CACHE STRING "Boot order of the SP")
add_platform(TARGET "smm-gateway")
# SMM variable and RPC caller settings
-set(SMM_GATEWAY_MAX_UEFI_VARIABLES 40 CACHE STRING "Maximum UEFI variable count")
+set(SMM_GATEWAY_MAX_UEFI_VARIABLES 35 CACHE STRING "Maximum UEFI variable count")
set(SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE 2*4096 CACHE STRING "RPC caller buffer size in SMMGW")
if (UEFI_AUTH_VAR)
set(SMM_SP_HEAP_SIZE 64*1024 CACHE STRING "SMM gateway SP heap size")
--
2.25.1

37
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Change-RSS_COMMS-cmake-variables-to-cahce-vars.patch Normal file
View File

@@ -0,0 +1,37 @@
From e8b577d02d1d4ed2492bb0b6c3a5bb7d2656f13a Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Fri, 17 May 2024 13:21:07 +0200
Subject: [PATCH] Change RSS_COMMS cmake variables to cahce vars
This way they can be set externally as well for the corstone1000
platform.
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Upstream-Status: Pending
---
platform/providers/arm/corstone1000/platform.cmake | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
index 16139c80e..82ac14f0b 100644
--- a/platform/providers/arm/corstone1000/platform.cmake
+++ b/platform/providers/arm/corstone1000/platform.cmake
@@ -9,11 +9,13 @@
set(SMM_GATEWAY_MAX_UEFI_VARIABLES 80 CACHE STRING "Maximum UEFI variable count")
set(SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE 4*4096 CACHE STRING "RPC caller buffer size in SMMGW")
set(SMM_SP_HEAP_SIZE 80*1024 CACHE STRING "SMM gateway SP heap size")
+set(PLAT_RSS_COMMS_PAYLOAD_MAX_SIZE 0x43C0 CACHE STRING "Size of the RSS_COMMS_PAYLOAD buffer")
+set(COMMS_MHU_MSG_SIZE 0x4500 CACHE STRING "Max message size that can be transfered via MHU")
target_compile_definitions(${TGT} PRIVATE
SMM_VARIABLE_INDEX_STORAGE_UID=0x787
- PLAT_RSS_COMMS_PAYLOAD_MAX_SIZE=0x2080
- COMMS_MHU_MSG_SIZE=0x3500
+ PLAT_RSS_COMMS_PAYLOAD_MAX_SIZE=${PLAT_RSS_COMMS_PAYLOAD_MAX_SIZE}
+ COMMS_MHU_MSG_SIZE=${COMMS_MHU_MSG_SIZE}
)
get_property(_platform_driver_dependencies TARGET ${TGT}
--
2.25.1

229
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/psa-apitest/0001-corstone1000-port-crypto-config.patch Normal file
View File

@@ -0,0 +1,229 @@
Upstream-Status: Pending [Not submitted to upstream yet]
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
From c1bcab09bb5b73e0f7131d9433f5e23c3943f007 Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Sat, 11 Dec 2021 11:06:57 +0000
Subject: [PATCH] corstone1000: port crypto config
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
.../nspe/pal_crypto_config.h | 81 +++++++++++++++----
1 file changed, 65 insertions(+), 16 deletions(-)
diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
index 218a94c69502..c6d4aadd8476 100755
--- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
+++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
@@ -34,10 +34,14 @@
*
* Comment macros to disable the types
*/
+#ifndef TF_M_PROFILE_SMALL
+#ifndef TF_M_PROFILE_MEDIUM
#define ARCH_TEST_RSA
#define ARCH_TEST_RSA_1024
#define ARCH_TEST_RSA_2048
#define ARCH_TEST_RSA_3072
+#endif
+#endif
/**
* \def ARCH_TEST_ECC
@@ -50,11 +54,17 @@
* Requires: ARCH_TEST_ECC
* Comment macros to disable the curve
*/
+#ifndef TF_M_PROFILE_SMALL
#define ARCH_TEST_ECC
#define ARCH_TEST_ECC_CURVE_SECP192R1
+#ifndef TF_M_PROFILE_MEDIUM
#define ARCH_TEST_ECC_CURVE_SECP224R1
+#endif
#define ARCH_TEST_ECC_CURVE_SECP256R1
+#ifndef TF_M_PROFILE_MEDIUM
#define ARCH_TEST_ECC_CURVE_SECP384R1
+#endif
+#endif
/**
* \def ARCH_TEST_AES
@@ -78,10 +88,10 @@
*
* Comment macros to disable the types
*/
-#define ARCH_TEST_DES
-#define ARCH_TEST_DES_1KEY
-#define ARCH_TEST_DES_2KEY
-#define ARCH_TEST_DES_3KEY
+//#define ARCH_TEST_DES
+//#define ARCH_TEST_DES_1KEY
+//#define ARCH_TEST_DES_2KEY
+//#define ARCH_TEST_DES_3KEY
/**
* \def ARCH_TEST_RAW
@@ -104,7 +114,7 @@
*
* Enable the ARC4 key type.
*/
-#define ARCH_TEST_ARC4
+//#define ARCH_TEST_ARC4
/**
* \def ARCH_TEST_CIPHER_MODE_CTR
@@ -113,7 +123,11 @@
*
* Requires: ARCH_TEST_CIPHER
*/
+#ifndef TF_M_PROFILE_SMALL
+#ifndef TF_M_PROFILE_MEDIUM
#define ARCH_TEST_CIPHER_MODE_CTR
+#endif
+#endif
/**
* \def ARCH_TEST_CIPHER_MODE_CFB
@@ -138,7 +152,11 @@
*
* Requires: ARCH_TEST_CIPHER, ARCH_TEST_AES, ARCH_TEST_CIPHER_MODE_CTR
*/
+#ifndef TF_M_PROFILE_SMALL
+#ifndef TF_M_PROFILE_MEDIUM
#define ARCH_TEST_CTR_AES
+#endif
+#endif
/**
* \def ARCH_TEST_CBC_AES
@@ -157,7 +175,11 @@
*
* Comment macros to disable the types
*/
+#ifndef TF_M_PROFILE_SMALL
+#ifndef TF_M_PROFILE_MEDIUM
#define ARCH_TEST_CBC_NO_PADDING
+#endif
+#endif
/**
* \def ARCH_TEST_CFB_AES
@@ -177,11 +199,15 @@
*
* Comment macros to disable the types
*/
+#ifndef TF_M_PROFILE_SMALL
+#ifndef TF_M_PROFILE_MEDIUM
#define ARCH_TEST_PKCS1V15
#define ARCH_TEST_RSA_PKCS1V15_SIGN
#define ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
#define ARCH_TEST_RSA_PKCS1V15_CRYPT
#define ARCH_TEST_RSA_OAEP
+#endif
+#endif
/**
* \def ARCH_TEST_CBC_PKCS7
@@ -190,7 +216,11 @@
*
* Comment macros to disable the types
*/
+#ifndef TF_M_PROFILE_SMALL
+#ifndef TF_M_PROFILE_MEDIUM
#define ARCH_TEST_CBC_PKCS7
+#endif
+#endif
/**
* \def ARCH_TEST_ASYMMETRIC_ENCRYPTION
@@ -227,21 +257,27 @@
*
* Comment macros to disable the types
*/
-// #define ARCH_TEST_MD2
-// #define ARCH_TEST_MD4
-#define ARCH_TEST_MD5
-#define ARCH_TEST_RIPEMD160
-#define ARCH_TEST_SHA1
+//#define ARCH_TEST_MD2
+//#define ARCH_TEST_MD4
+//#define ARCH_TEST_MD5
+//#define ARCH_TEST_RIPEMD160
+//#define ARCH_TEST_SHA1
+#ifndef TF_M_PROFILE_SMALL
#define ARCH_TEST_SHA224
+#endif
#define ARCH_TEST_SHA256
+#ifndef TF_M_PROFILE_SMALL
+#ifndef TF_M_PROFILE_MEDIUM
#define ARCH_TEST_SHA384
#define ARCH_TEST_SHA512
-// #define ARCH_TEST_SHA512_224
-// #define ARCH_TEST_SHA512_256
-// #define ARCH_TEST_SHA3_224
-// #define ARCH_TEST_SHA3_256
-// #define ARCH_TEST_SHA3_384
-// #define ARCH_TEST_SHA3_512
+#endif
+#endif
+//#define ARCH_TEST_SHA512_224
+//#define ARCH_TEST_SHA512_256
+//#define ARCH_TEST_SHA3_224
+//#define ARCH_TEST_SHA3_256
+//#define ARCH_TEST_SHA3_384
+//#define ARCH_TEST_SHA3_512
/**
* \def ARCH_TEST_HKDF
@@ -270,7 +306,12 @@
*
* Comment macros to disable the types
*/
+#ifndef TF_M_PROFILE_SMALL
+#ifndef TF_M_PROFILE_MEDIUM
#define ARCH_TEST_CMAC
+#endif
+#endif
+//#define ARCH_TEST_GMAC
#define ARCH_TEST_HMAC
/**
@@ -290,7 +331,11 @@
* Requires: ARCH_TEST_AES
*
*/
+#ifndef TF_M_PROFILE_SMALL
+#ifndef TF_M_PROFILE_MEDIUM
#define ARCH_TEST_GCM
+#endif
+#endif
/**
* \def ARCH_TEST_TRUNCATED_MAC
@@ -309,7 +354,9 @@
*
* Requires: ARCH_TEST_ECC
*/
+#ifndef TF_M_PROFILE_SMALL
#define ARCH_TEST_ECDH
+#endif
/**
* \def ARCH_TEST_ECDSA
@@ -317,7 +364,9 @@
* Enable the elliptic curve DSA library.
* Requires: ARCH_TEST_ECC
*/
+#ifndef TF_M_PROFILE_SMALL
#define ARCH_TEST_ECDSA
+#endif
/**
* \def ARCH_TEST_DETERMINISTIC_ECDSA
--
2.38.0

32
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/psa-apitest/0002-corstone1000-Disable-obsolete-algorithms.patch Normal file
View File

@@ -0,0 +1,32 @@
From 1bc041813df89a1be953d0ba3471e608f6fa7ed8 Mon Sep 17 00:00:00 2001
From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Date: Thu, 9 Feb 2023 20:54:40 +0000
Subject: [PATCH] corstone1000: Disable obsolete algorithms
curves of size <255 are obsolete algorithms
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Upstream-Status: Inappropriate [Discussions of having these configs
in a separate target is ongoing]
---
.../targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
index c6d4aad..1d9b356 100755
--- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
+++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
@@ -66,6 +66,10 @@
#endif
#endif
+/* curves of size <255 are obsolete algorithms, should be disabled. */
+#undef ARCH_TEST_ECC_CURVE_SECP192R1
+#undef ARCH_TEST_ECC_CURVE_SECP224R1
+
/**
* \def ARCH_TEST_AES
*
--
2.25.1

32
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/psa-apitest/0003-corstone1000-Disable-SHA512-384.patch Normal file
View File

@@ -0,0 +1,32 @@
From abdea43f1de61a0e76b13890cb403f7955998b02 Mon Sep 17 00:00:00 2001
From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Date: Thu, 9 Feb 2023 21:06:22 +0000
Subject: [PATCH] corstone1000: Disable SHA512/384
SHA512 and SHA384 is not available on Cryptocell (hardware accelerator)
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Upstream-Status: Inappropriate [Discussions of having these configs
in a separate target is ongoing]
---
.../targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
index 1d9b356..d6d552a 100755
--- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
+++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
@@ -272,8 +272,8 @@
#define ARCH_TEST_SHA256
#ifndef TF_M_PROFILE_SMALL
#ifndef TF_M_PROFILE_MEDIUM
-#define ARCH_TEST_SHA384
-#define ARCH_TEST_SHA512
+// #define ARCH_TEST_SHA384
+// #define ARCH_TEST_SHA512
#endif
#endif
//#define ARCH_TEST_SHA512_224
--
2.25.1

210
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-newlib/0001-newlib-memcpy-remove-optimized-version.patch Normal file
View File

@@ -0,0 +1,210 @@
From 03d97c104f2d68cffd1bfc48cd62727e13a64712 Mon Sep 17 00:00:00 2001
From: Rui Miguel Silva <rui.silva@linaro.org>
Date: Fri, 14 Oct 2022 17:42:52 +0100
Subject: [PATCH] newlib: memcpy: remove optimized version
When creating messages packed to send over openamp we may need
to do some copy in unaligned address, because of that we may
not always use the assembler optimized version, which will
trough a data-abort on aligned address exception.
So, we may just use the version in string.h (the same used in
optee-os) that will take care to check and use different
optimization based on given source or destination address's.
Upstream-Status: Pending
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
newlib/libc/machine/aarch64/memcpy-stub.c | 2 +-
newlib/libc/machine/aarch64/memcpy.S | 166 ----------------------
2 files changed, 1 insertion(+), 167 deletions(-)
diff --git a/newlib/libc/machine/aarch64/memcpy-stub.c b/newlib/libc/machine/aarch64/memcpy-stub.c
index cd6d72a8b8af..5f2b7968c7fc 100644
--- a/newlib/libc/machine/aarch64/memcpy-stub.c
+++ b/newlib/libc/machine/aarch64/memcpy-stub.c
@@ -27,5 +27,5 @@
#if (defined (__OPTIMIZE_SIZE__) || defined (PREFER_SIZE_OVER_SPEED))
# include "../../string/memcpy.c"
#else
-/* See memcpy.S */
+# include "../../string/memcpy.c"
#endif
diff --git a/newlib/libc/machine/aarch64/memcpy.S b/newlib/libc/machine/aarch64/memcpy.S
index 463bad0a1816..2a1460546374 100644
--- a/newlib/libc/machine/aarch64/memcpy.S
+++ b/newlib/libc/machine/aarch64/memcpy.S
@@ -61,170 +61,4 @@
#if (defined (__OPTIMIZE_SIZE__) || defined (PREFER_SIZE_OVER_SPEED))
/* See memcpy-stub.c */
#else
-
-#define dstin x0
-#define src x1
-#define count x2
-#define dst x3
-#define srcend x4
-#define dstend x5
-#define A_l x6
-#define A_lw w6
-#define A_h x7
-#define A_hw w7
-#define B_l x8
-#define B_lw w8
-#define B_h x9
-#define C_l x10
-#define C_h x11
-#define D_l x12
-#define D_h x13
-#define E_l src
-#define E_h count
-#define F_l srcend
-#define F_h dst
-#define tmp1 x9
-
-#define L(l) .L ## l
-
- .macro def_fn f p2align=0
- .text
- .p2align \p2align
- .global \f
- .type \f, %function
-\f:
- .endm
-
-/* Copies are split into 3 main cases: small copies of up to 16 bytes,
- medium copies of 17..96 bytes which are fully unrolled. Large copies
- of more than 96 bytes align the destination and use an unrolled loop
- processing 64 bytes per iteration.
- Small and medium copies read all data before writing, allowing any
- kind of overlap, and memmove tailcalls memcpy for these cases as
- well as non-overlapping copies.
-*/
-
-def_fn memcpy p2align=6
- prfm PLDL1KEEP, [src]
- add srcend, src, count
- add dstend, dstin, count
- cmp count, 16
- b.ls L(copy16)
- cmp count, 96
- b.hi L(copy_long)
-
- /* Medium copies: 17..96 bytes. */
- sub tmp1, count, 1
- ldp A_l, A_h, [src]
- tbnz tmp1, 6, L(copy96)
- ldp D_l, D_h, [srcend, -16]
- tbz tmp1, 5, 1f
- ldp B_l, B_h, [src, 16]
- ldp C_l, C_h, [srcend, -32]
- stp B_l, B_h, [dstin, 16]
- stp C_l, C_h, [dstend, -32]
-1:
- stp A_l, A_h, [dstin]
- stp D_l, D_h, [dstend, -16]
- ret
-
- .p2align 4
- /* Small copies: 0..16 bytes. */
-L(copy16):
- cmp count, 8
- b.lo 1f
- ldr A_l, [src]
- ldr A_h, [srcend, -8]
- str A_l, [dstin]
- str A_h, [dstend, -8]
- ret
- .p2align 4
-1:
- tbz count, 2, 1f
- ldr A_lw, [src]
- ldr A_hw, [srcend, -4]
- str A_lw, [dstin]
- str A_hw, [dstend, -4]
- ret
-
- /* Copy 0..3 bytes. Use a branchless sequence that copies the same
- byte 3 times if count==1, or the 2nd byte twice if count==2. */
-1:
- cbz count, 2f
- lsr tmp1, count, 1
- ldrb A_lw, [src]
- ldrb A_hw, [srcend, -1]
- ldrb B_lw, [src, tmp1]
- strb A_lw, [dstin]
- strb B_lw, [dstin, tmp1]
- strb A_hw, [dstend, -1]
-2: ret
-
- .p2align 4
- /* Copy 64..96 bytes. Copy 64 bytes from the start and
- 32 bytes from the end. */
-L(copy96):
- ldp B_l, B_h, [src, 16]
- ldp C_l, C_h, [src, 32]
- ldp D_l, D_h, [src, 48]
- ldp E_l, E_h, [srcend, -32]
- ldp F_l, F_h, [srcend, -16]
- stp A_l, A_h, [dstin]
- stp B_l, B_h, [dstin, 16]
- stp C_l, C_h, [dstin, 32]
- stp D_l, D_h, [dstin, 48]
- stp E_l, E_h, [dstend, -32]
- stp F_l, F_h, [dstend, -16]
- ret
-
- /* Align DST to 16 byte alignment so that we don't cross cache line
- boundaries on both loads and stores. There are at least 96 bytes
- to copy, so copy 16 bytes unaligned and then align. The loop
- copies 64 bytes per iteration and prefetches one iteration ahead. */
-
- .p2align 4
-L(copy_long):
- and tmp1, dstin, 15
- bic dst, dstin, 15
- ldp D_l, D_h, [src]
- sub src, src, tmp1
- add count, count, tmp1 /* Count is now 16 too large. */
- ldp A_l, A_h, [src, 16]
- stp D_l, D_h, [dstin]
- ldp B_l, B_h, [src, 32]
- ldp C_l, C_h, [src, 48]
- ldp D_l, D_h, [src, 64]!
- subs count, count, 128 + 16 /* Test and readjust count. */
- b.ls 2f
-1:
- stp A_l, A_h, [dst, 16]
- ldp A_l, A_h, [src, 16]
- stp B_l, B_h, [dst, 32]
- ldp B_l, B_h, [src, 32]
- stp C_l, C_h, [dst, 48]
- ldp C_l, C_h, [src, 48]
- stp D_l, D_h, [dst, 64]!
- ldp D_l, D_h, [src, 64]!
- subs count, count, 64
- b.hi 1b
-
- /* Write the last full set of 64 bytes. The remainder is at most 64
- bytes, so it is safe to always copy 64 bytes from the end even if
- there is just 1 byte left. */
-2:
- ldp E_l, E_h, [srcend, -64]
- stp A_l, A_h, [dst, 16]
- ldp A_l, A_h, [srcend, -48]
- stp B_l, B_h, [dst, 32]
- ldp B_l, B_h, [srcend, -32]
- stp C_l, C_h, [dst, 48]
- ldp C_l, C_h, [srcend, -16]
- stp D_l, D_h, [dst, 64]
- stp E_l, E_h, [dstend, -64]
- stp A_l, A_h, [dstend, -48]
- stp B_l, B_h, [dstend, -32]
- stp C_l, C_h, [dstend, -16]
- ret
-
- .size memcpy, . - memcpy
#endif
--
2.38.0

9
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend Normal file
View File

@@ -0,0 +1,9 @@
require ts-arm-platforms.inc
EXTRA_OECMAKE:append:corstone1000 = "-DMM_COMM_BUFFER_ADDRESS=0x81FFF000 \
-DMM_COMM_BUFFER_PAGE_COUNT=1 \
"
EXTRA_OECMAKE:append:fvp-base = " -DMM_COMM_BUFFER_ADDRESS=0x81000000 \
-DMM_COMM_BUFFER_PAGE_COUNT=8 \
"

29
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc Normal file
View File

@@ -0,0 +1,29 @@
FILESEXTRAPATHS:prepend:corstone1000 := "${THISDIR}/corstone1000:"
COMPATIBLE_MACHINE:corstone1000 = "corstone1000"
SRC_URI:append:corstone1000 = " \
file://0001-Add-stub-capsule-update-service-components.patch \
file://0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch \
file://0003-FMP-Support-in-Corstone1000.patch \
file://0004-smm_gateway-GetNextVariableName-Fix.patch \
file://0005-plat-corstone1000-add-compile-definitions-for-ECP_DP.patch \
file://0006-plat-corstone1000-Use-the-stateless-platform-service.patch \
file://0007-plat-corstone1000-Initialize-capsule-update-provider.patch \
file://0008-plat-corstone1000-add-client_id-for-FMP-service.patch \
file://0009-Remove-Werror-flag.patch \
file://0010-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch \
file://0011-Fix-Avoid-redefinition-of-variables.patch \
file://0012-Fix-GetNextVariableName-NameSize-input.patch \
file://0013-Fix-error-handling-of-variable-index-loading.patch \
file://0014-Provide-crypto-api-to-create-uefi-priv-var-fingerpri.patch \
file://0015-Add-timestamp-validation-for-uefi-variables.patch \
file://0016-Isolate-common-uefi-variable-authentication-steps.patch \
file://0017-Implement-Private-Authenticated-Variable-verificatio.patch \
file://0018-Change-RSS_COMMS-cmake-variables-to-cahce-vars.patch \
"
COMPATIBLE_MACHINE:n1sdp = "n1sdp"
COMPATIBLE_MACHINE:fvp-base = "fvp-base"
TS_PLATFORM:fvp-base = "arm/fvp/fvp_base_revc-2xaemv8a"

1
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-demo_%.bbappend Normal file
View File

@@ -0,0 +1 @@
require ts-arm-platforms.inc

9
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-newlib_%.bbappend Normal file
View File

@@ -0,0 +1,9 @@
FILESEXTRAPATHS:prepend:corstone1000 := "${THISDIR}/corstone1000/${PN}:"
COMPATIBLE_MACHINE:corstone1000 = "corstone1000"
SRC_URI:append:corstone1000 = " \
file://0001-newlib-memcpy-remove-optimized-version.patch;patchdir=../newlib \
"
COMPATIBLE_MACHINE:n1sdp = "n1sdp"
COMPATIBLE_MACHINE:fvp-base = "fvp-base"

9
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-api-test.inc Normal file
View File

@@ -0,0 +1,9 @@
FILESEXTRAPATHS:prepend:corstone1000 := "${THISDIR}/corstone1000/psa-apitest:"
include ts-arm-platforms.inc
SRC_URI:append:corstone1000 = " \
file://0001-corstone1000-port-crypto-config.patch;patchdir=../psatest \
file://0002-corstone1000-Disable-obsolete-algorithms.patch;patchdir=../psatest \
file://0003-corstone1000-Disable-SHA512-384.patch;patchdir=../psatest \
"

1
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_%.bbappend Normal file
View File

@@ -0,0 +1 @@
require ts-psa-api-test.inc

1
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-iat-api-test_%.bbappend Normal file
View File

@@ -0,0 +1 @@
require ts-psa-api-test.inc

1
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-its-api-test_%.bbappend Normal file
View File

@@ -0,0 +1 @@
require ts-psa-api-test.inc

1
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-ps-api-test_%.bbappend Normal file
View File

@@ -0,0 +1 @@
require ts-psa-api-test.inc

1
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-service-test_%.bbappend Normal file
View File

@@ -0,0 +1 @@
require ts-arm-platforms.inc

1
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-attestation_%.bbappend Normal file
View File

@@ -0,0 +1 @@
require ts-arm-platforms.inc

1
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-block-storage_%.bbappend Normal file
View File

@@ -0,0 +1 @@
require ts-arm-platforms.inc

1
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-crypto_%.bbappend Normal file
View File

@@ -0,0 +1 @@
require ts-arm-platforms.inc

1
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-fwu_%.bbappend Normal file
View File

@@ -0,0 +1 @@
require ts-arm-platforms.inc

1
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-its_%.bbappend Normal file
View File

@@ -0,0 +1 @@
require ts-arm-platforms.inc

10
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend Normal file
View File

@@ -0,0 +1,10 @@
require ts-arm-platforms.inc
EXTRA_OECMAKE:append:corstone1000 = " -DMM_COMM_BUFFER_ADDRESS="0x00000000 0x81FFF000" \
-DMM_COMM_BUFFER_PAGE_COUNT="1" \
-DSP_HEAP_SIZE=70*1024 \
"
# Proxy is pointless on fvp-base as there is no dedicated security subsystem. It could be
# deployed configured to have dummy service providers for build testing purposes.
COMPATIBLE_MACHINE:remove:fvp-base = "fvp-base"

12
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend Normal file
View File

@@ -0,0 +1,12 @@
require ts-arm-platforms.inc
EXTRA_OECMAKE:append:corstone1000 = " -DMM_COMM_BUFFER_ADDRESS="0x00000000 0x81FFF000" \
-DMM_COMM_BUFFER_PAGE_COUNT="1" \
-DUEFI_AUTH_VAR=ON \
-DUEFI_INTERNAL_CRYPTO=ON \
-DSMM_GATEWAY_MAX_UEFI_VARIABLES=60 \
"
EXTRA_OECMAKE:append:fvp-base = " -DMM_COMM_BUFFER_ADDRESS="0x00000000 0x81000000" \
-DMM_COMM_BUFFER_PAGE_COUNT="8" \
"

1
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test1_%.bbappend Normal file
View File

@@ -0,0 +1 @@
require ts-arm-platforms.inc

1
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test2_%.bbappend Normal file
View File

@@ -0,0 +1 @@
require ts-arm-platforms.inc

1
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test3_%.bbappend Normal file
View File

@@ -0,0 +1 @@
require ts-arm-platforms.inc

1
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test4_%.bbappend Normal file
View File

@@ -0,0 +1 @@
require ts-arm-platforms.inc

1
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-storage_%.bbappend Normal file
View File

@@ -0,0 +1 @@
require ts-arm-platforms.inc

1
sources/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-uefi-test_%.bbappend Normal file
View File

@@ -0,0 +1 @@
require ts-arm-platforms.inc