From cc255b9f85c1bed5ad57dea9dfe896c2f4caaab7 Mon Sep 17 00:00:00 2001 From: Sandrine Bailleux Date: Thu, 10 Jun 2021 11:18:04 +0200 Subject: [PATCH 1/2] docs: explain Measured Boot dependency on Trusted Boot Change-Id: I04d9439d5967e93896dfdb0f3d7b0aec96c743f9 Signed-off-by: Sandrine Bailleux --- Makefile | 3 +++ docs/getting_started/build-options.rst | 5 ++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 017fc659e..2ec988e0b 100644 --- a/Makefile +++ b/Makefile @@ -735,6 +735,9 @@ ifeq ($(CTX_INCLUDE_MTE_REGS),1) endif endif +# Trusted Boot is a prerequisite for Measured Boot. It provides trust that the +# code taking the measurements and recording them has not been tampered +# with. This is referred to as the Root of Trust for Measurement. ifeq ($(MEASURED_BOOT),1) ifneq (${TRUSTED_BOARD_BOOT},1) $(error MEASURED_BOOT requires TRUSTED_BOARD_BOOT=1) diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst index 99fc21db3..6f60a8e38 100644 --- a/docs/getting_started/build-options.rst +++ b/docs/getting_started/build-options.rst @@ -463,7 +463,10 @@ Common build options the build. The default value is 40 in debug builds and 20 in release builds. - ``MEASURED_BOOT``: Boolean flag to include support for the Measured Boot - feature. If this flag is enabled ``TRUSTED_BOARD_BOOT`` must be set. + feature. If this flag is enabled ``TRUSTED_BOARD_BOOT`` must be set as well + in order to provide trust that the code taking the measurements and recording + them has not been tampered with. + This option defaults to 0 and is an experimental feature in the stage of development. From 64dd1dee2da507c0a686dacece81b07487a9a996 Mon Sep 17 00:00:00 2001 From: Sandrine Bailleux Date: Thu, 10 Jun 2021 12:51:14 +0200 Subject: [PATCH 2/2] refactor(plat/fvp): tidy up list of images to measure We don't ever expect to load a binary with an STM32 header on the Arm FVP platform so remove this type of image from the list of measurements. Also remove the GPT image type from the list, as it does not get measured. GPT is a container, just like FIP is. We don't measure the FIP but rather the images inside it. It would seem logical to treat GPT the same way. Besides, only images that get loaded through load_auth_image() get measured right now. GPT processing happens before that and is handled in a different way (see partition_init()). Change-Id: Iac4de75380ed625b228e69ee4564cf9e67e19336 Signed-off-by: Sandrine Bailleux --- plat/arm/board/fvp/fvp_measured_boot.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/plat/arm/board/fvp/fvp_measured_boot.c b/plat/arm/board/fvp/fvp_measured_boot.c index b145aae58..5dcadba36 100644 --- a/plat/arm/board/fvp/fvp_measured_boot.c +++ b/plat/arm/board/fvp/fvp_measured_boot.c @@ -15,12 +15,10 @@ static const image_data_t fvp_images_data[] = { { BL32_EXTRA1_IMAGE_ID, BL32_EXTRA1_IMAGE_STRING, PCR_0 }, { BL32_EXTRA2_IMAGE_ID, BL32_EXTRA2_IMAGE_STRING, PCR_0 }, { BL33_IMAGE_ID, BL33_STRING, PCR_0 }, - { GPT_IMAGE_ID, GPT_IMAGE_STRING, PCR_0 }, { HW_CONFIG_ID, HW_CONFIG_STRING, PCR_0 }, { NT_FW_CONFIG_ID, NT_FW_CONFIG_STRING, PCR_0 }, { SCP_BL2_IMAGE_ID, SCP_BL2_IMAGE_STRING, PCR_0 }, { SOC_FW_CONFIG_ID, SOC_FW_CONFIG_STRING, PCR_0 }, - { STM32_IMAGE_ID, STM32_IMAGE_STRING, PCR_0 }, { TOS_FW_CONFIG_ID, TOS_FW_CONFIG_STRING, PCR_0 }, { INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */ };