From 01df3c14677db0eab68f088f2721542f88ea4004 Mon Sep 17 00:00:00 2001
From: Juan Castillo <juan.castillo@arm.com>
Date: Wed, 7 Jan 2015 13:49:59 +0000
Subject: [PATCH] TBB: authenticate BL2 image and certificate

This patch adds support to authenticate the BL2 content certificate
and image using the authentication module in BL1.

The FIP driver has been extended to include the BL2 certificate
UUID.

FVP and Juno ports include the BL2 certificate FIP file
definition.

Change-Id: I32680e9bd123c8db4a4193c14448c9b32b0e9325
---
 bl1/bl1_main.c                   | 43 ++++++++++++++++++++++++++++++++
 drivers/io/io_fip.c              |  4 +++
 plat/fvp/fvp_io_storage.c        | 14 +++++++++++
 plat/fvp/include/platform_def.h  |  5 ++++
 plat/juno/include/platform_def.h |  5 ++++
 plat/juno/plat_io_storage.c      | 14 +++++++++++
 6 files changed, 85 insertions(+)

diff --git a/bl1/bl1_main.c b/bl1/bl1_main.c
index a5bd648c0..491fd5cfc 100644
--- a/bl1/bl1_main.c
+++ b/bl1/bl1_main.c
@@ -31,6 +31,7 @@
 #include <arch.h>
 #include <arch_helpers.h>
 #include <assert.h>
+#include <auth.h>
 #include <bl_common.h>
 #include <debug.h>
 #include <platform.h>
@@ -141,6 +142,34 @@ void bl1_main(void)
 	/* Find out how much free trusted ram remains after BL1 load */
 	bl1_tzram_layout = bl1_plat_sec_mem_layout();
 
+#if TRUSTED_BOARD_BOOT
+	/* Initialize authentication module */
+	auth_init();
+
+	/*
+	 * Load the BL2 certificate into the BL2 region. This region will be
+	 * overwritten by the image, so the authentication module is responsible
+	 * for storing the relevant data from the certificate (keys, hashes,
+	 * etc.) so it can be used later.
+	 */
+	err = load_image(bl1_tzram_layout,
+			 BL2_CERT_NAME,
+			 BL2_BASE,
+			 &bl2_image_info,
+			 NULL);
+	if (err) {
+		ERROR("Failed to load BL2 certificate.\n");
+		panic();
+	}
+
+	err = auth_verify_obj(AUTH_BL2_IMG_CERT, bl2_image_info.image_base,
+			bl2_image_info.image_size);
+	if (err) {
+		ERROR("Failed to validate BL2 certificate.\n");
+		panic();
+	}
+#endif /* TRUSTED_BOARD_BOOT */
+
 	/* Load the BL2 image */
 	err = load_image(bl1_tzram_layout,
 			 BL2_IMAGE_NAME,
@@ -155,6 +184,20 @@ void bl1_main(void)
 		ERROR("Failed to load BL2 firmware.\n");
 		panic();
 	}
+
+#if TRUSTED_BOARD_BOOT
+	err = auth_verify_obj(AUTH_BL2_IMG, bl2_image_info.image_base,
+				bl2_image_info.image_size);
+	if (err) {
+		ERROR("Failed to validate BL2 image.\n");
+		panic();
+	}
+
+	/* After working with data, invalidate the data cache */
+	inv_dcache_range(bl2_image_info.image_base,
+			(size_t)bl2_image_info.image_size);
+#endif /* TRUSTED_BOARD_BOOT */
+
 	/*
 	 * Create a new layout of memory for BL2 as seen by BL1 i.e.
 	 * tell it the amount of total and free memory available.
diff --git a/drivers/io/io_fip.c b/drivers/io/io_fip.c
index 4262a9de4..7d2059076 100644
--- a/drivers/io/io_fip.c
+++ b/drivers/io/io_fip.c
@@ -76,6 +76,10 @@ static const plat_fip_name_uuid_t name_uuid[] = {
 	{BL32_IMAGE_NAME, UUID_SECURE_PAYLOAD_BL32},
 #endif /* BL32_IMAGE_NAME */
 	{BL33_IMAGE_NAME, UUID_NON_TRUSTED_FIRMWARE_BL33},
+#if TRUSTED_BOARD_BOOT
+	/* Certificates */
+	{BL2_CERT_NAME, UUID_TRUSTED_BOOT_FIRMWARE_BL2_CERT},
+#endif /* TRUSTED_BOARD_BOOT */
 };
 
 static const uuid_t uuid_null = {0};
diff --git a/plat/fvp/fvp_io_storage.c b/plat/fvp/fvp_io_storage.c
index b4a04f19c..b1e033ee4 100644
--- a/plat/fvp/fvp_io_storage.c
+++ b/plat/fvp/fvp_io_storage.c
@@ -77,6 +77,13 @@ static const io_file_spec_t bl33_file_spec = {
 	.mode = FOPEN_MODE_RB
 };
 
+#if TRUSTED_BOARD_BOOT
+static const io_file_spec_t bl2_cert_file_spec = {
+	.path = BL2_CERT_NAME,
+	.mode = FOPEN_MODE_RB
+};
+#endif /* TRUSTED_BOARD_BOOT */
+
 static int open_fip(const uintptr_t spec);
 static int open_memmap(const uintptr_t spec);
 
@@ -114,6 +121,13 @@ static const struct plat_io_policy policies[] = {
 		(uintptr_t)&bl33_file_spec,
 		open_fip
 	}, {
+#if TRUSTED_BOARD_BOOT
+		BL2_CERT_NAME,
+		&fip_dev_handle,
+		(uintptr_t)&bl2_cert_file_spec,
+		open_fip
+	}, {
+#endif /* TRUSTED_BOARD_BOOT */
 		0, 0, 0
 	}
 };
diff --git a/plat/fvp/include/platform_def.h b/plat/fvp/include/platform_def.h
index bd53bc7b7..edbbdf31a 100644
--- a/plat/fvp/include/platform_def.h
+++ b/plat/fvp/include/platform_def.h
@@ -80,6 +80,11 @@
 /* Non-Trusted Firmware BL33 */
 #define BL33_IMAGE_NAME			"bl33.bin" /* e.g. UEFI */
 
+#if TRUSTED_BOARD_BOOT
+/* Certificates */
+# define BL2_CERT_NAME			"bl2.crt"
+#endif /* TRUSTED_BOARD_BOOT */
+
 #define PLATFORM_CACHE_LINE_SIZE	64
 #define PLATFORM_CLUSTER_COUNT		2ull
 #define PLATFORM_CLUSTER0_CORE_COUNT	4
diff --git a/plat/juno/include/platform_def.h b/plat/juno/include/platform_def.h
index c64b68297..748b32d9f 100644
--- a/plat/juno/include/platform_def.h
+++ b/plat/juno/include/platform_def.h
@@ -71,6 +71,11 @@
 /* Firmware Image Package */
 #define FIP_IMAGE_NAME			"fip.bin"
 
+#if TRUSTED_BOARD_BOOT
+/* Certificates */
+# define BL2_CERT_NAME			"bl2.crt"
+#endif /* TRUSTED_BOARD_BOOT */
+
 #define PLATFORM_CACHE_LINE_SIZE	64
 #define PLATFORM_CLUSTER_COUNT		2
 #define PLATFORM_CORE_COUNT             6
diff --git a/plat/juno/plat_io_storage.c b/plat/juno/plat_io_storage.c
index 83d7e43ba..dd9f048af 100644
--- a/plat/juno/plat_io_storage.c
+++ b/plat/juno/plat_io_storage.c
@@ -77,6 +77,13 @@ static const io_file_spec_t bl33_file_spec = {
 	.mode = FOPEN_MODE_RB
 };
 
+#if TRUSTED_BOARD_BOOT
+static const io_file_spec_t bl2_cert_file_spec = {
+	.path = BL2_CERT_NAME,
+	.mode = FOPEN_MODE_RB
+};
+#endif /* TRUSTED_BOARD_BOOT */
+
 static int open_fip(const uintptr_t spec);
 static int open_memmap(const uintptr_t spec);
 
@@ -119,6 +126,13 @@ static const struct plat_io_policy policies[] = {
 		(uintptr_t)&bl33_file_spec,
 		open_fip
 	}, {
+#if TRUSTED_BOARD_BOOT
+		BL2_CERT_NAME,
+		&fip_dev_handle,
+		(uintptr_t)&bl2_cert_file_spec,
+		open_fip
+	}, {
+#endif /* TRUSTED_BOARD_BOOT */
 		0, 0, 0
 	}
 };