diff --git a/docs/getting_started/porting-guide.rst b/docs/getting_started/porting-guide.rst index 7f10ca62c..3d3b2e3e3 100644 --- a/docs/getting_started/porting-guide.rst +++ b/docs/getting_started/porting-guide.rst @@ -2017,6 +2017,58 @@ state. This function must return a pointer to the ``entry_point_info`` structure (that was copied during ``bl31_early_platform_setup()``) if the image exists. It should return NULL otherwise. +Function : plat_get_cca_attest_token() [mandatory when ENABLE_RME == 1] +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +:: + + Argument : uintptr_t, size_t *, uintptr_t, size_t + Return : int + +This function returns the Platform attestation token. + +The parameters of the function are: + + arg0 - A pointer to the buffer where the Platform token should be copied by + this function. The buffer must be big enough to hold the Platform + token. + + arg1 - Contains the size (in bytes) of the buffer passed in arg0. The + function returns the platform token length in this parameter. + + arg2 - A pointer to the buffer where the challenge object is stored. + + arg3 - The length of the challenge object in bytes. Possible values are 32, + 48 and 64. + +The function returns 0 on success, -EINVAL on failure. + +Function : plat_get_cca_realm_attest_key() [mandatory when ENABLE_RME == 1] +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +:: + + Argument : uintptr_t, size_t *, unsigned int + Return : int + +This function returns the delegated realm attestation key which will be used to +sign Realm attestation token. The API currently only supports P-384 ECC curve +key. + +The parameters of the function are: + + arg0 - A pointer to the buffer where the attestation key should be copied + by this function. The buffer must be big enough to hold the + attestation key. + + arg1 - Contains the size (in bytes) of the buffer passed in arg0. The + function returns the attestation key length in this parameter. + + arg2 - The type of the elliptic curve to which the requested attestation key + belongs. + +The function returns 0 on success, -EINVAL on failure. + Function : bl31_plat_enable_mmu [optional] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -3154,7 +3206,7 @@ amount of open resources per driver. -------------- -*Copyright (c) 2013-2021, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.* .. _PSCI: http://infocenter.arm.com/help/topic/com.arm.doc.den0022c/DEN0022C_Power_State_Coordination_Interface.pdf .. _Arm Generic Interrupt Controller version 2.0 (GICv2): http://infocenter.arm.com/help/topic/com.arm.doc.ihi0048b/index.html diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h index 509fd581d..766450901 100644 --- a/include/plat/common/platform.h +++ b/include/plat/common/platform.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -302,6 +302,14 @@ plat_local_state_t plat_get_target_pwr_state(unsigned int lvl, const plat_local_state_t *states, unsigned int ncpu); +/******************************************************************************* + * Mandatory BL31 functions when ENABLE_RME=1 + ******************************************************************************/ +int plat_get_cca_attest_token(uintptr_t buf, size_t *len, + uintptr_t hash, size_t hash_size); +int plat_get_cca_realm_attest_key(uintptr_t buf, size_t *len, + unsigned int type); + /******************************************************************************* * Optional BL31 functions (may be overridden) ******************************************************************************/ diff --git a/include/services/rmmd_svc.h b/include/services/rmmd_svc.h index 8eb49c810..2fbdddd43 100644 --- a/include/services/rmmd_svc.h +++ b/include/services/rmmd_svc.h @@ -77,6 +77,45 @@ #define RMMD_ERR_INVAL -5 #define RMMD_ERR_UNK -6 +/* + * Retrieve Platform token from EL3. + * The arguments to this SMC are : + * arg0 - Function ID. + * arg1 - Platform attestation token buffer Physical address. (The challenge + * object is passed in this buffer.) + * arg2 - Platform attestation token buffer size (in bytes). + * arg3 - Challenge object size (in bytes). It has be one of the defined SHA hash + * sizes. + * The return arguments are : + * ret0 - Status / error. + * ret1 - Size of the platform token if successful. + */ +#define RMMD_ATTEST_GET_PLAT_TOKEN RMM_FID(SMC_64, ATTEST_GET_PLAT_TOKEN) + +/* Acceptable SHA sizes for Challenge object */ +#define SHA256_DIGEST_SIZE 32U +#define SHA384_DIGEST_SIZE 48U +#define SHA512_DIGEST_SIZE 64U + +/* + * Retrieve Realm attestation key from EL3. Only P-384 ECC curve key is + * supported. The arguments to this SMC are : + * arg0 - Function ID. + * arg1 - Realm attestation key buffer Physical address. + * arg2 - Realm attestation key buffer size (in bytes). + * arg3 - The type of the elliptic curve to which the requested + * attestation key belongs to. The value should be one of the + * defined curve types. + * The return arguments are : + * ret0 - Status / error. + * ret1 - Size of the realm attestation key if successful. + */ +#define RMMD_ATTEST_GET_REALM_KEY RMM_FID(SMC_64, ATTEST_GET_REALM_KEY) + +/* ECC Curve types for attest key generation */ +#define ATTEST_KEY_CURVE_ECC_SECP384R1 0 + + #ifndef __ASSEMBLER__ #include @@ -100,5 +139,4 @@ uint64_t rmmd_rmm_el3_handler(uint32_t smc_fid, uint64_t flags); #endif /* __ASSEMBLER__ */ - #endif /* RMMD_SVC_H */ diff --git a/plat/arm/board/fvp/fvp_plat_attest_token.c b/plat/arm/board/fvp/fvp_plat_attest_token.c new file mode 100644 index 000000000..5463f3374 --- /dev/null +++ b/plat/arm/board/fvp/fvp_plat_attest_token.c @@ -0,0 +1,317 @@ +/* + * Copyright (c) 2022, ARM Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include +#include +#include + +/* Using hardcoded token values for AEM FVP */ +static uint8_t platform_token[] = { + 0xD2, 0x84, 0x40, 0xA0, 0x59, 0x08, 0xB1, 0xD9, + 0x61, 0xA8, 0xA9, 0x0A, 0x58, 0x40, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0x3A, 0x00, + 0x01, 0x24, 0xFA, 0x58, 0x40, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0x3A, 0x00, 0x01, + 0x25, 0x00, 0x58, 0x41, 0x01, 0x0B, 0xBB, 0xBB, + 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, + 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, + 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, + 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, + 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, + 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, + 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, + 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0x12, 0x78, 0x1C, + 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x61, + 0x72, 0x6D, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x43, + 0x43, 0x41, 0x2D, 0x53, 0x53, 0x44, 0x2F, 0x31, + 0x2E, 0x30, 0x2E, 0x30, 0x0B, 0x58, 0x19, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0x3A, 0x00, 0x01, 0x24, 0xF7, 0x78, 0x1C, 0x68, + 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x61, 0x72, + 0x6D, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x43, 0x43, + 0x41, 0x2D, 0x53, 0x53, 0x44, 0x2F, 0x31, 0x2E, + 0x30, 0x2E, 0x30, 0x3A, 0x00, 0x01, 0x25, 0x01, + 0x78, 0x18, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3A, + 0x2F, 0x2F, 0x63, 0x63, 0x61, 0x5F, 0x76, 0x65, + 0x72, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2E, 0x6F, + 0x72, 0x67, 0x3A, 0x00, 0x01, 0x24, 0xF9, 0x19, + 0x30, 0x00, 0x3A, 0x00, 0x01, 0x24, 0xFD, 0x8D, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0x58, 0x40, 0xD3, 0x8A, 0x41, 0xA6, 0xC1, 0x29, + 0x98, 0x18, 0xB5, 0x16, 0x9C, 0x21, 0x78, 0xB7, + 0x92, 0xF8, 0x26, 0x82, 0x76, 0x2F, 0x26, 0x45, + 0x21, 0x6D, 0x0C, 0x21, 0x06, 0xF4, 0xB5, 0xE3, + 0xA8, 0x07, 0xD1, 0xD6, 0x8C, 0x73, 0xA5, 0xC8, + 0x16, 0xD8, 0x30, 0x68, 0xC0, 0xA4, 0x77, 0xE2, + 0x1E, 0xD2, 0x17, 0x86, 0xC3, 0x68, 0x82, 0xDD, + 0x21, 0x1B, 0xA3, 0xE2, 0xC7, 0xF7, 0x06, 0x33, + 0xB0, 0x3A +}; + +int plat_get_cca_attest_token(uintptr_t buf, size_t *len, + uintptr_t hash, size_t hash_size) +{ + (void)hash; + (void)hash_size; + + if (*len < sizeof(platform_token)) { + return -EINVAL; + } + + (void)memcpy((void *)buf, platform_token, sizeof(platform_token)); + *len = sizeof(platform_token); + + return 0; +} diff --git a/plat/arm/board/fvp/fvp_realm_attest_key.c b/plat/arm/board/fvp/fvp_realm_attest_key.c new file mode 100644 index 000000000..b32f557f5 --- /dev/null +++ b/plat/arm/board/fvp/fvp_realm_attest_key.c @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2022, ARM Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include +#include +#include +#include +#include +#include + +static uint8_t sample_attest_priv_key[] = { + 0x20, 0x11, 0xC7, 0xF0, 0x3C, 0xEE, 0x43, 0x25, 0x17, 0x6E, + 0x52, 0x4F, 0x03, 0x3C, 0x0C, 0xE1, 0xE2, 0x1A, 0x76, 0xE6, + 0xC1, 0xA4, 0xF0, 0xB8, 0x39, 0xAA, 0x1D, 0xF6, 0x1E, 0x0E, + 0x8A, 0x5C, 0x8A, 0x05, 0x74, 0x0F, 0x9B, 0x69, 0xEF, 0xA7, + 0xEB, 0x1A, 0x41, 0x85, 0xBD, 0x11, 0x7F, 0x68 +}; + +int plat_get_cca_realm_attest_key(uintptr_t buf, size_t *len, unsigned int type) +{ + assert(type == ATTEST_KEY_CURVE_ECC_SECP384R1); + + if (*len < sizeof(sample_attest_priv_key)) { + return -EINVAL; + } + + (void)memcpy((void *)buf, sample_attest_priv_key, + sizeof(sample_attest_priv_key)); + *len = sizeof(sample_attest_priv_key); + + return 0; +} diff --git a/plat/arm/board/fvp/include/platform_def.h b/plat/arm/board/fvp/include/platform_def.h index 77df610d1..5e5ddce0d 100644 --- a/plat/arm/board/fvp/include/platform_def.h +++ b/plat/arm/board/fvp/include/platform_def.h @@ -103,7 +103,7 @@ # if SPM_MM # define PLAT_ARM_MMAP_ENTRIES 10 # if ENABLE_RME -# define MAX_XLAT_TABLES 10 +# define MAX_XLAT_TABLES 11 # else # define MAX_XLAT_TABLES 9 # endif @@ -113,13 +113,13 @@ # define PLAT_ARM_MMAP_ENTRIES 9 # if USE_DEBUGFS # if ENABLE_RME -# define MAX_XLAT_TABLES 9 +# define MAX_XLAT_TABLES 10 # else # define MAX_XLAT_TABLES 8 # endif # else # if ENABLE_RME -# define MAX_XLAT_TABLES 8 +# define MAX_XLAT_TABLES 9 # else # define MAX_XLAT_TABLES 7 # endif diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk index acac88645..c9f555120 100644 --- a/plat/arm/board/fvp/platform.mk +++ b/plat/arm/board/fvp/platform.mk @@ -193,6 +193,8 @@ endif ifeq (${ENABLE_RME},1) BL2_SOURCES += plat/arm/board/fvp/aarch64/fvp_helpers.S +BL31_SOURCES += plat/arm/board/fvp/fvp_plat_attest_token.c \ + plat/arm/board/fvp/fvp_realm_attest_key.c endif ifeq (${BL2_AT_EL3},1) @@ -344,6 +346,10 @@ else # AArch64 endif endif +ifeq (${ENABLE_RME},1) + BL31_CPPFLAGS += -DPLAT_XLAT_TABLES_DYNAMIC +endif + ifeq (${ALLOW_RO_XLAT_TABLES}, 1) ifeq (${ARCH},aarch32) BL32_CPPFLAGS += -DPLAT_RO_XLAT_TABLES diff --git a/services/std_svc/rmmd/rmmd.mk b/services/std_svc/rmmd/rmmd.mk index bac0a9f28..bcf54e1b7 100644 --- a/services/std_svc/rmmd/rmmd.mk +++ b/services/std_svc/rmmd/rmmd.mk @@ -1,5 +1,5 @@ # -# Copyright (c) 2021, ARM Limited and Contributors. All rights reserved. +# Copyright (c) 2021-2022, ARM Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -12,7 +12,8 @@ include services/std_svc/rmmd/trp/trp.mk RMMD_SOURCES += $(addprefix services/std_svc/rmmd/, \ ${ARCH}/rmmd_helpers.S \ - rmmd_main.c) + rmmd_main.c \ + rmmd_attest.c) # Let the top-level Makefile know that we intend to include RMM image NEED_RMM := yes diff --git a/services/std_svc/rmmd/rmmd_attest.c b/services/std_svc/rmmd/rmmd_attest.c new file mode 100644 index 000000000..0432ec3a9 --- /dev/null +++ b/services/std_svc/rmmd/rmmd_attest.c @@ -0,0 +1,166 @@ +/* + * Copyright (c) 2022, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ +#include +#include +#include +#include +#include +#include +#include "rmmd_private.h" +#include + +static spinlock_t lock; + +/* For printing Realm attestation token hash */ +#define DIGITS_PER_BYTE 2UL +#define LENGTH_OF_TERMINATING_ZERO_IN_BYTES 1UL +#define BYTES_PER_LINE_BASE 4UL + +static void print_challenge(uint8_t *hash, size_t hash_size) +{ + size_t leftover; + /* + * bytes_per_line is always a power of two, so it can be used to + * construct mask with it when it is necessary to count remainder. + * + */ + const size_t bytes_per_line = 1 << BYTES_PER_LINE_BASE; + char hash_text[(1 << BYTES_PER_LINE_BASE) * DIGITS_PER_BYTE + + LENGTH_OF_TERMINATING_ZERO_IN_BYTES]; + const char hex_chars[] = {'0', '1', '2', '3', '4', '5', '6', '7', + '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'}; + unsigned int i; + + for (i = 0U; i < hash_size; ++i) { + hash_text[(i & (bytes_per_line - 1)) * DIGITS_PER_BYTE] = + hex_chars[hash[i] >> 4]; + hash_text[(i & (bytes_per_line - 1)) * DIGITS_PER_BYTE + 1] = + hex_chars[hash[i] & 0x0f]; + if (((i + 1) & (bytes_per_line - 1)) == 0U) { + hash_text[bytes_per_line * DIGITS_PER_BYTE] = '\0'; + VERBOSE("hash part %u = %s\n", + (i >> BYTES_PER_LINE_BASE) + 1, hash_text); + } + } + + leftover = (size_t)i & (bytes_per_line - 1); + + if (leftover != 0UL) { + hash_text[leftover * DIGITS_PER_BYTE] = '\0'; + VERBOSE("hash part %u = %s\n", (i >> BYTES_PER_LINE_BASE) + 1, + hash_text); + } +} + +/* + * TODO: Have different error codes for different errors so that the caller can + * differentiate various error cases. + */ +int rmmd_attest_get_platform_token(uint64_t buf_pa, uint64_t *buf_len, uint64_t challenge_hash_len) +{ + int err; + uintptr_t va; + uint8_t temp_buf[SHA512_DIGEST_SIZE]; + + /* + * TODO: Currently we don't validate incoming buf_pa. This is a + * prototype and we will need to allocate static buffer for EL3-RMM + * communication. + */ + + /* We need a page of buffer to pass data */ + if (*buf_len != PAGE_SIZE) { + ERROR("Invalid buffer length\n"); + return RMMD_ERR_INVAL; + } + + if ((challenge_hash_len != SHA256_DIGEST_SIZE) && + (challenge_hash_len != SHA384_DIGEST_SIZE) && + (challenge_hash_len != SHA512_DIGEST_SIZE)) { + ERROR("Invalid hash size: %lu\n", challenge_hash_len); + return RMMD_ERR_INVAL; + } + + spin_lock(&lock); + + /* Map the buffer that was provided by the RMM. */ + err = mmap_add_dynamic_region_alloc_va(buf_pa, &va, PAGE_SIZE, + MT_RW_DATA | MT_REALM); + if (err != 0) { + ERROR("mmap_add_dynamic_region_alloc_va failed: %d (%p).\n" + , err, (void *)buf_pa); + spin_unlock(&lock); + return RMMD_ERR_NOMEM; + } + + (void)memcpy(temp_buf, (void *)va, challenge_hash_len); + + print_challenge((uint8_t *)temp_buf, challenge_hash_len); + + /* Get the platform token. */ + err = plat_get_cca_attest_token(va, + buf_len, (uintptr_t)temp_buf, challenge_hash_len); + + if (err != 0) { + ERROR("Failed to get platform token: %d.\n", err); + err = RMMD_ERR_UNK; + } + + /* Unmap RMM memory. */ + (void)mmap_remove_dynamic_region(va, PAGE_SIZE); + spin_unlock(&lock); + + return err; +} + +int rmmd_attest_get_signing_key(uint64_t buf_pa, uint64_t *buf_len, + uint64_t ecc_curve) +{ + int err; + uintptr_t va; + + /* + * TODO: Currently we don't validate incoming buf_pa. This is a + * prototype and we will need to allocate static buffer for EL3-RMM + * communication. + */ + + /* We need a page of buffer to pass data */ + if (*buf_len != PAGE_SIZE) { + ERROR("Invalid buffer length\n"); + return RMMD_ERR_INVAL; + } + + if (ecc_curve != ATTEST_KEY_CURVE_ECC_SECP384R1) { + ERROR("Invalid ECC curve specified\n"); + return RMMD_ERR_INVAL; + } + + spin_lock(&lock); + + /* Map the buffer that was provided by the RMM. */ + err = mmap_add_dynamic_region_alloc_va(buf_pa, &va, PAGE_SIZE, + MT_RW_DATA | MT_REALM); + if (err != 0) { + ERROR("mmap_add_dynamic_region_alloc_va failed: %d (%p).\n" + , err, (void *)buf_pa); + spin_unlock(&lock); + return RMMD_ERR_NOMEM; + } + + /* Get the Realm attestation key. */ + err = plat_get_cca_realm_attest_key(va, buf_len, (unsigned int)ecc_curve); + if (err != 0) { + ERROR("Failed to get attestation key: %d.\n", err); + err = RMMD_ERR_UNK; + } + + /* Unmap RMM memory. */ + (void)mmap_remove_dynamic_region(va, PAGE_SIZE); + spin_unlock(&lock); + + return err; +} diff --git a/services/std_svc/rmmd/rmmd_main.c b/services/std_svc/rmmd/rmmd_main.c index 7f4a0109c..cf5ff7bf4 100644 --- a/services/std_svc/rmmd/rmmd_main.c +++ b/services/std_svc/rmmd/rmmd_main.c @@ -372,6 +372,12 @@ uint64_t rmmd_rmm_el3_handler(uint32_t smc_fid, uint64_t x1, uint64_t x2, case RMMD_GTSI_UNDELEGATE: ret = gpt_undelegate_pas(x1, PAGE_SIZE_4KB, SMC_FROM_REALM); SMC_RET1(handle, gpt_to_gts_error(ret, smc_fid, x1)); + case RMMD_ATTEST_GET_PLAT_TOKEN: + ret = rmmd_attest_get_platform_token(x1, &x2, x3); + SMC_RET2(handle, ret, x2); + case RMMD_ATTEST_GET_REALM_KEY: + ret = rmmd_attest_get_signing_key(x1, &x2, x3); + SMC_RET2(handle, ret, x2); default: WARN("RMMD: Unsupported RMM-EL3 call 0x%08x\n", smc_fid); SMC_RET1(handle, SMC_UNK); diff --git a/services/std_svc/rmmd/rmmd_private.h b/services/std_svc/rmmd/rmmd_private.h index ca2c37c7b..73df2b8bc 100644 --- a/services/std_svc/rmmd/rmmd_private.h +++ b/services/std_svc/rmmd/rmmd_private.h @@ -51,6 +51,12 @@ typedef struct rmmd_rmm_context { uint64_t rmmd_rmm_sync_entry(rmmd_rmm_context_t *ctx); __dead2 void rmmd_rmm_sync_exit(uint64_t rc); +/* Functions implementing attestation utilities for RMM */ +int rmmd_attest_get_platform_token(uint64_t buf_pa, uint64_t *buf_len, + uint64_t challenge_hash_len); +int rmmd_attest_get_signing_key(uint64_t buf_pa, uint64_t *buf_len, + uint64_t ecc_curve); + /* Assembly helpers */ uint64_t rmmd_rmm_enter(uint64_t *c_rt_ctx); void __dead2 rmmd_rmm_exit(uint64_t c_rt_ctx, uint64_t ret);