From 140d9cb3e7d25c856e6186bd4bc773b17e22f609 Mon Sep 17 00:00:00 2001
From: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Date: Mon, 20 Sep 2021 09:06:02 +0100
Subject: [PATCH] refactor(measured boot): move image measurement to generic
 layer

Right now, the assumption is that the platform post-load hook takes
care of measuring the image that just got loaded. This is how it's
implemented on FVP.

This patch moves the measurement into the generic code
instead. load_auth_image() now calls plat_mboot_measure_image(),
which is a new platform interface introduced in this patch to measure
an image. This is called just after authenticating the image.

Implement plat_mboot_measure_image() for the Arm FVP platform. The code
is copied straight from the post-load hook.

As a result, the FVP specific implementation of
arm_bl2_plat_handle_post_image_load() is no longer needed. We can go
back to using the Arm generic implementation of it.

Change-Id: I7b4b8d28941a865e10af9d0eadaf2e4850942090
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
---
 common/bl_common.c                     | 27 +++++++++++++----
 include/plat/common/platform.h         |  5 +++
 plat/arm/board/fvp/fvp_bl2_setup.c     | 42 --------------------------
 plat/arm/board/fvp/fvp_measured_boot.c | 27 +++++++++++++++++
 4 files changed, 53 insertions(+), 48 deletions(-)

diff --git a/common/bl_common.c b/common/bl_common.c
index a7e28168d..3c37bcfa2 100644
--- a/common/bl_common.c
+++ b/common/bl_common.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2021, Arm Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -202,12 +202,27 @@ static int load_auth_image_recursive(unsigned int image_id,
 		return -EAUTH;
 	}
 
-	/*
-	 * Flush the image to main memory so that it can be executed later by
-	 * any CPU, regardless of cache and MMU state. This is only needed for
-	 * child images, not for the parents (certificates).
-	 */
 	if (is_parent_image == 0) {
+#if IMAGE_BL2
+		/*
+		 * Measure the image.
+		 * We do not measure its parents because these only play a role
+		 * in authentication, which is orthogonal to measured boot.
+		 *
+		 * TODO: Change this code if we change our minds about measuring
+		 * certificates.
+		 */
+		rc = plat_mboot_measure_image(image_id);
+		if (rc != 0) {
+			return rc;
+		}
+#endif
+		/*
+		 * Flush the image to main memory so that it can be executed
+		 * later by any CPU, regardless of cache and MMU state. This
+		 * is only needed for child images, not for the parents
+		 * (certificates).
+		 */
 		flush_dcache_range(image_data->image_base,
 				   image_data->image_size);
 	}
diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h
index 5fc21a57d..bbf8ee80c 100644
--- a/include/plat/common/platform.h
+++ b/include/plat/common/platform.h
@@ -213,6 +213,7 @@ void bl2_plat_get_hash(void *data);
 
 void bl2_plat_mboot_init(void);
 void bl2_plat_mboot_finish(void);
+int plat_mboot_measure_image(unsigned int image_id);
 #else
 static inline void bl2_plat_mboot_init(void)
 {
@@ -220,6 +221,10 @@ static inline void bl2_plat_mboot_init(void)
 static inline void bl2_plat_mboot_finish(void)
 {
 }
+static inline int plat_mboot_measure_image(unsigned int image_id __unused)
+{
+	return 0;
+}
 #endif /* MEASURED_BOOT */
 
 /*******************************************************************************
diff --git a/plat/arm/board/fvp/fvp_bl2_setup.c b/plat/arm/board/fvp/fvp_bl2_setup.c
index 634210bcc..5a17a0dca 100644
--- a/plat/arm/board/fvp/fvp_bl2_setup.c
+++ b/plat/arm/board/fvp/fvp_bl2_setup.c
@@ -70,45 +70,3 @@ struct bl_params *plat_get_next_bl_params(void)
 
 	return arm_bl_params;
 }
-#if MEASURED_BOOT
-static int fvp_bl2_plat_handle_post_image_load(unsigned int image_id)
-{
-	const bl_mem_params_node_t *bl_mem_params =
-				get_bl_mem_params_node(image_id);
-
-	assert(bl_mem_params != NULL);
-
-	image_info_t info = bl_mem_params->image_info;
-	int err;
-
-	if ((info.h.attr & IMAGE_ATTRIB_SKIP_LOADING) == 0U) {
-		/* Calculate image hash and record data in Event Log */
-		err = event_log_measure_and_record(info.image_base,
-						   info.image_size, image_id);
-		if (err != 0) {
-			ERROR("%s%s image id %u (%i)\n",
-				"BL2: Failed to ", "record", image_id, err);
-			return err;
-		}
-	}
-
-	err = arm_bl2_handle_post_image_load(image_id);
-	if (err != 0) {
-		ERROR("%s%s image id %u (%i)\n",
-			"BL2: Failed to ", "handle", image_id, err);
-	}
-
-	return err;
-}
-
-int arm_bl2_plat_handle_post_image_load(unsigned int image_id)
-{
-	int err = fvp_bl2_plat_handle_post_image_load(image_id);
-
-	if (err != 0) {
-		ERROR("%s() returns %i\n", __func__, err);
-	}
-
-	return err;
-}
-#endif	/* MEASURED_BOOT */
diff --git a/plat/arm/board/fvp/fvp_measured_boot.c b/plat/arm/board/fvp/fvp_measured_boot.c
index 3697c3fe9..64d4a858a 100644
--- a/plat/arm/board/fvp/fvp_measured_boot.c
+++ b/plat/arm/board/fvp/fvp_measured_boot.c
@@ -4,9 +4,12 @@
  * SPDX-License-Identifier: BSD-3-Clause
  */
 
+#include <assert.h>
 #include <stdint.h>
 
+#include <common/desc_image_load.h>
 #include <drivers/measured_boot/event_log/event_log.h>
+
 #include <plat/arm/common/plat_arm.h>
 
 /* FVP table with platform specific image IDs, names and PCRs */
@@ -62,3 +65,27 @@ void bl2_plat_mboot_finish(void)
 
 	dump_event_log(log_addr, log_size);
 }
+
+int plat_mboot_measure_image(unsigned int image_id)
+{
+	const bl_mem_params_node_t *bl_mem_params =
+		get_bl_mem_params_node(image_id);
+
+	assert(bl_mem_params != NULL);
+
+	image_info_t info = bl_mem_params->image_info;
+	int err;
+
+	if ((info.h.attr & IMAGE_ATTRIB_SKIP_LOADING) == 0U) {
+		/* Calculate image hash and record data in Event Log */
+		err = event_log_measure_record(info.image_base,
+					       info.image_size, image_id);
+		if (err != 0) {
+			ERROR("%s%s image id %u (%i)\n",
+			      "BL2: Failed to ", "record", image_id, err);
+			return err;
+		}
+	}
+
+	return 0;
+}