From 0f9159b7ebb7e784a8ed998869ff21095fa105b1 Mon Sep 17 00:00:00 2001 From: Soby Mathew Date: Tue, 22 Mar 2022 16:19:39 +0000 Subject: [PATCH 1/2] feat(rme): add dummy platform token to RMMD Add a dummy platform token to RMMD and return it on request. The platform token is requested with an SMC with the following parameters: * Fid (0xC40001B3). * Platform token PA (the platform token is copied at this address by the monitor). The challenge object needs to be passed by the caller in this buffer. * Platform token len. * Challenge object len. When calling the SMC, the platform token buffer received by EL3 contains the challenge object. It is not used on the FVP and is only printed to the log. Signed-off-by: Mate Toth-Pal Signed-off-by: Subhasish Ghosh Change-Id: I8b2f1d54426c04e76d7a3baa6b0fbc40b0116348 --- docs/getting_started/porting-guide.rst | 26 ++ include/plat/common/platform.h | 7 +- include/services/rmmd_svc.h | 20 ++ plat/arm/board/fvp/fvp_plat_attest_token.c | 317 +++++++++++++++++++++ plat/arm/board/fvp/include/platform_def.h | 6 +- plat/arm/board/fvp/platform.mk | 5 + services/std_svc/rmmd/rmmd.mk | 5 +- services/std_svc/rmmd/rmmd_attest.c | 118 ++++++++ services/std_svc/rmmd/rmmd_main.c | 3 + services/std_svc/rmmd/rmmd_private.h | 4 + 10 files changed, 505 insertions(+), 6 deletions(-) create mode 100644 plat/arm/board/fvp/fvp_plat_attest_token.c create mode 100644 services/std_svc/rmmd/rmmd_attest.c diff --git a/docs/getting_started/porting-guide.rst b/docs/getting_started/porting-guide.rst index 7f10ca62c..d935436b8 100644 --- a/docs/getting_started/porting-guide.rst +++ b/docs/getting_started/porting-guide.rst @@ -2017,6 +2017,32 @@ state. This function must return a pointer to the ``entry_point_info`` structure (that was copied during ``bl31_early_platform_setup()``) if the image exists. It should return NULL otherwise. +Function : plat_get_cca_attest_token() [mandatory when ENABLE_RME == 1] +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +:: + + Argument : uintptr_t, size_t *, uintptr_t, size_t + Return : int + +This function returns the Platform attestation token. + +The parameters of the function are: + + arg0 - A pointer to the buffer where the Platform token should be copied by + this function. The buffer must be big enough to hold the Platform + token. + + arg1 - Contains the size (in bytes) of the buffer passed in arg0. The + function returns the platform token length in this parameter. + + arg2 - A pointer to the buffer where the challenge object is stored. + + arg3 - The length of the challenge object in bytes. Possible values are 32, + 48 and 64. + +The function returns 0 on success, -EINVAL on failure. + Function : bl31_plat_enable_mmu [optional] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h index 509fd581d..9deb33dfd 100644 --- a/include/plat/common/platform.h +++ b/include/plat/common/platform.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -302,6 +302,11 @@ plat_local_state_t plat_get_target_pwr_state(unsigned int lvl, const plat_local_state_t *states, unsigned int ncpu); +/******************************************************************************* + * Mandatory BL31 functions when ENABLE_RME=1 + ******************************************************************************/ +int plat_get_cca_attest_token(uintptr_t buf, size_t *len, + uintptr_t hash, size_t hash_size); /******************************************************************************* * Optional BL31 functions (may be overridden) ******************************************************************************/ diff --git a/include/services/rmmd_svc.h b/include/services/rmmd_svc.h index 8eb49c810..9b4c39fc8 100644 --- a/include/services/rmmd_svc.h +++ b/include/services/rmmd_svc.h @@ -77,6 +77,26 @@ #define RMMD_ERR_INVAL -5 #define RMMD_ERR_UNK -6 +/* + * Retrieve Platform token from EL3. + * The arguments to this SMC are : + * arg0 - Function ID. + * arg1 - Platform attestation token buffer Physical address. (The challenge + * object is passed in this buffer.) + * arg2 - Platform attestation token buffer size (in bytes). + * arg3 - Challenge object size (in bytes). It has be one of the defined SHA hash + * sizes. + * The return arguments are : + * ret0 - Status / error. + * ret1 - Size of the platform token if successful. + */ +#define RMMD_ATTEST_GET_PLAT_TOKEN RMM_FID(SMC_64, ATTEST_GET_PLAT_TOKEN) + +/* Acceptable SHA sizes for Challenge object */ +#define SHA256_DIGEST_SIZE 32U +#define SHA384_DIGEST_SIZE 48U +#define SHA512_DIGEST_SIZE 64U + #ifndef __ASSEMBLER__ #include diff --git a/plat/arm/board/fvp/fvp_plat_attest_token.c b/plat/arm/board/fvp/fvp_plat_attest_token.c new file mode 100644 index 000000000..5463f3374 --- /dev/null +++ b/plat/arm/board/fvp/fvp_plat_attest_token.c @@ -0,0 +1,317 @@ +/* + * Copyright (c) 2022, ARM Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include +#include +#include + +/* Using hardcoded token values for AEM FVP */ +static uint8_t platform_token[] = { + 0xD2, 0x84, 0x40, 0xA0, 0x59, 0x08, 0xB1, 0xD9, + 0x61, 0xA8, 0xA9, 0x0A, 0x58, 0x40, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0x3A, 0x00, + 0x01, 0x24, 0xFA, 0x58, 0x40, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0x3A, 0x00, 0x01, + 0x25, 0x00, 0x58, 0x41, 0x01, 0x0B, 0xBB, 0xBB, + 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, + 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, + 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, + 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, + 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, + 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, + 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, + 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0x12, 0x78, 0x1C, + 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x61, + 0x72, 0x6D, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x43, + 0x43, 0x41, 0x2D, 0x53, 0x53, 0x44, 0x2F, 0x31, + 0x2E, 0x30, 0x2E, 0x30, 0x0B, 0x58, 0x19, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0x3A, 0x00, 0x01, 0x24, 0xF7, 0x78, 0x1C, 0x68, + 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x61, 0x72, + 0x6D, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x43, 0x43, + 0x41, 0x2D, 0x53, 0x53, 0x44, 0x2F, 0x31, 0x2E, + 0x30, 0x2E, 0x30, 0x3A, 0x00, 0x01, 0x25, 0x01, + 0x78, 0x18, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3A, + 0x2F, 0x2F, 0x63, 0x63, 0x61, 0x5F, 0x76, 0x65, + 0x72, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2E, 0x6F, + 0x72, 0x67, 0x3A, 0x00, 0x01, 0x24, 0xF9, 0x19, + 0x30, 0x00, 0x3A, 0x00, 0x01, 0x24, 0xFD, 0x8D, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0xA4, 0x02, 0x58, 0x40, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xCC, 0xCC, 0xCC, 0xCC, 0x05, 0x58, 0x40, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0x04, + 0x65, 0x31, 0x2E, 0x30, 0x2E, 0x30, 0x06, 0x08, + 0x58, 0x40, 0xD3, 0x8A, 0x41, 0xA6, 0xC1, 0x29, + 0x98, 0x18, 0xB5, 0x16, 0x9C, 0x21, 0x78, 0xB7, + 0x92, 0xF8, 0x26, 0x82, 0x76, 0x2F, 0x26, 0x45, + 0x21, 0x6D, 0x0C, 0x21, 0x06, 0xF4, 0xB5, 0xE3, + 0xA8, 0x07, 0xD1, 0xD6, 0x8C, 0x73, 0xA5, 0xC8, + 0x16, 0xD8, 0x30, 0x68, 0xC0, 0xA4, 0x77, 0xE2, + 0x1E, 0xD2, 0x17, 0x86, 0xC3, 0x68, 0x82, 0xDD, + 0x21, 0x1B, 0xA3, 0xE2, 0xC7, 0xF7, 0x06, 0x33, + 0xB0, 0x3A +}; + +int plat_get_cca_attest_token(uintptr_t buf, size_t *len, + uintptr_t hash, size_t hash_size) +{ + (void)hash; + (void)hash_size; + + if (*len < sizeof(platform_token)) { + return -EINVAL; + } + + (void)memcpy((void *)buf, platform_token, sizeof(platform_token)); + *len = sizeof(platform_token); + + return 0; +} diff --git a/plat/arm/board/fvp/include/platform_def.h b/plat/arm/board/fvp/include/platform_def.h index 77df610d1..5e5ddce0d 100644 --- a/plat/arm/board/fvp/include/platform_def.h +++ b/plat/arm/board/fvp/include/platform_def.h @@ -103,7 +103,7 @@ # if SPM_MM # define PLAT_ARM_MMAP_ENTRIES 10 # if ENABLE_RME -# define MAX_XLAT_TABLES 10 +# define MAX_XLAT_TABLES 11 # else # define MAX_XLAT_TABLES 9 # endif @@ -113,13 +113,13 @@ # define PLAT_ARM_MMAP_ENTRIES 9 # if USE_DEBUGFS # if ENABLE_RME -# define MAX_XLAT_TABLES 9 +# define MAX_XLAT_TABLES 10 # else # define MAX_XLAT_TABLES 8 # endif # else # if ENABLE_RME -# define MAX_XLAT_TABLES 8 +# define MAX_XLAT_TABLES 9 # else # define MAX_XLAT_TABLES 7 # endif diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk index acac88645..895d77309 100644 --- a/plat/arm/board/fvp/platform.mk +++ b/plat/arm/board/fvp/platform.mk @@ -193,6 +193,7 @@ endif ifeq (${ENABLE_RME},1) BL2_SOURCES += plat/arm/board/fvp/aarch64/fvp_helpers.S +BL31_SOURCES += plat/arm/board/fvp/fvp_plat_attest_token.c endif ifeq (${BL2_AT_EL3},1) @@ -344,6 +345,10 @@ else # AArch64 endif endif +ifeq (${ENABLE_RME},1) + BL31_CPPFLAGS += -DPLAT_XLAT_TABLES_DYNAMIC +endif + ifeq (${ALLOW_RO_XLAT_TABLES}, 1) ifeq (${ARCH},aarch32) BL32_CPPFLAGS += -DPLAT_RO_XLAT_TABLES diff --git a/services/std_svc/rmmd/rmmd.mk b/services/std_svc/rmmd/rmmd.mk index bac0a9f28..bcf54e1b7 100644 --- a/services/std_svc/rmmd/rmmd.mk +++ b/services/std_svc/rmmd/rmmd.mk @@ -1,5 +1,5 @@ # -# Copyright (c) 2021, ARM Limited and Contributors. All rights reserved. +# Copyright (c) 2021-2022, ARM Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -12,7 +12,8 @@ include services/std_svc/rmmd/trp/trp.mk RMMD_SOURCES += $(addprefix services/std_svc/rmmd/, \ ${ARCH}/rmmd_helpers.S \ - rmmd_main.c) + rmmd_main.c \ + rmmd_attest.c) # Let the top-level Makefile know that we intend to include RMM image NEED_RMM := yes diff --git a/services/std_svc/rmmd/rmmd_attest.c b/services/std_svc/rmmd/rmmd_attest.c new file mode 100644 index 000000000..d111b88b0 --- /dev/null +++ b/services/std_svc/rmmd/rmmd_attest.c @@ -0,0 +1,118 @@ +/* + * Copyright (c) 2022, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ +#include +#include +#include +#include +#include +#include +#include "rmmd_private.h" +#include + +static spinlock_t lock; + +/* For printing Realm attestation token hash */ +#define DIGITS_PER_BYTE 2UL +#define LENGTH_OF_TERMINATING_ZERO_IN_BYTES 1UL +#define BYTES_PER_LINE_BASE 4UL + +static void print_challenge(uint8_t *hash, size_t hash_size) +{ + size_t leftover; + /* + * bytes_per_line is always a power of two, so it can be used to + * construct mask with it when it is necessary to count remainder. + * + */ + const size_t bytes_per_line = 1 << BYTES_PER_LINE_BASE; + char hash_text[(1 << BYTES_PER_LINE_BASE) * DIGITS_PER_BYTE + + LENGTH_OF_TERMINATING_ZERO_IN_BYTES]; + const char hex_chars[] = {'0', '1', '2', '3', '4', '5', '6', '7', + '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'}; + unsigned int i; + + for (i = 0U; i < hash_size; ++i) { + hash_text[(i & (bytes_per_line - 1)) * DIGITS_PER_BYTE] = + hex_chars[hash[i] >> 4]; + hash_text[(i & (bytes_per_line - 1)) * DIGITS_PER_BYTE + 1] = + hex_chars[hash[i] & 0x0f]; + if (((i + 1) & (bytes_per_line - 1)) == 0U) { + hash_text[bytes_per_line * DIGITS_PER_BYTE] = '\0'; + VERBOSE("hash part %u = %s\n", + (i >> BYTES_PER_LINE_BASE) + 1, hash_text); + } + } + + leftover = (size_t)i & (bytes_per_line - 1); + + if (leftover != 0UL) { + hash_text[leftover * DIGITS_PER_BYTE] = '\0'; + VERBOSE("hash part %u = %s\n", (i >> BYTES_PER_LINE_BASE) + 1, + hash_text); + } +} + +/* + * TODO: Have different error codes for different errors so that the caller can + * differentiate various error cases. + */ +int rmmd_attest_get_platform_token(uint64_t buf_pa, uint64_t *buf_len, uint64_t challenge_hash_len) +{ + int err; + uintptr_t va; + uint8_t temp_buf[SHA512_DIGEST_SIZE]; + + /* + * TODO: Currently we don't validate incoming buf_pa. This is a + * prototype and we will need to allocate static buffer for EL3-RMM + * communication. + */ + + /* We need a page of buffer to pass data */ + if (*buf_len != PAGE_SIZE) { + ERROR("Invalid buffer length\n"); + return RMMD_ERR_INVAL; + } + + if ((challenge_hash_len != SHA256_DIGEST_SIZE) && + (challenge_hash_len != SHA384_DIGEST_SIZE) && + (challenge_hash_len != SHA512_DIGEST_SIZE)) { + ERROR("Invalid hash size: %lu\n", challenge_hash_len); + return RMMD_ERR_INVAL; + } + + spin_lock(&lock); + + /* Map the buffer that was provided by the RMM. */ + err = mmap_add_dynamic_region_alloc_va(buf_pa, &va, PAGE_SIZE, + MT_RW_DATA | MT_REALM); + if (err != 0) { + ERROR("mmap_add_dynamic_region_alloc_va failed: %d (%p).\n" + , err, (void *)buf_pa); + spin_unlock(&lock); + return RMMD_ERR_NOMEM; + } + + (void)memcpy(temp_buf, (void *)va, challenge_hash_len); + + print_challenge((uint8_t *)temp_buf, challenge_hash_len); + + /* Get the platform token. */ + err = plat_get_cca_attest_token(va, + buf_len, (uintptr_t)temp_buf, challenge_hash_len); + + if (err != 0) { + ERROR("Failed to get platform token: %d.\n", err); + err = RMMD_ERR_UNK; + } + + /* Unmap RMM memory. */ + (void)mmap_remove_dynamic_region(va, PAGE_SIZE); + spin_unlock(&lock); + + return err; +} + diff --git a/services/std_svc/rmmd/rmmd_main.c b/services/std_svc/rmmd/rmmd_main.c index 7f4a0109c..c59e68a6a 100644 --- a/services/std_svc/rmmd/rmmd_main.c +++ b/services/std_svc/rmmd/rmmd_main.c @@ -372,6 +372,9 @@ uint64_t rmmd_rmm_el3_handler(uint32_t smc_fid, uint64_t x1, uint64_t x2, case RMMD_GTSI_UNDELEGATE: ret = gpt_undelegate_pas(x1, PAGE_SIZE_4KB, SMC_FROM_REALM); SMC_RET1(handle, gpt_to_gts_error(ret, smc_fid, x1)); + case RMMD_ATTEST_GET_PLAT_TOKEN: + ret = rmmd_attest_get_platform_token(x1, &x2, x3); + SMC_RET2(handle, ret, x2); default: WARN("RMMD: Unsupported RMM-EL3 call 0x%08x\n", smc_fid); SMC_RET1(handle, SMC_UNK); diff --git a/services/std_svc/rmmd/rmmd_private.h b/services/std_svc/rmmd/rmmd_private.h index ca2c37c7b..d7ef4e1b3 100644 --- a/services/std_svc/rmmd/rmmd_private.h +++ b/services/std_svc/rmmd/rmmd_private.h @@ -51,6 +51,10 @@ typedef struct rmmd_rmm_context { uint64_t rmmd_rmm_sync_entry(rmmd_rmm_context_t *ctx); __dead2 void rmmd_rmm_sync_exit(uint64_t rc); +/* Functions implementing attestation utilities for RMM */ +int rmmd_attest_get_platform_token(uint64_t buf_pa, uint64_t *buf_len, + uint64_t challenge_hash_len); + /* Assembly helpers */ uint64_t rmmd_rmm_enter(uint64_t *c_rt_ctx); void __dead2 rmmd_rmm_exit(uint64_t c_rt_ctx, uint64_t ret); From a0435105f229a65c7861b5997793f905cf90b823 Mon Sep 17 00:00:00 2001 From: Soby Mathew Date: Tue, 22 Mar 2022 16:21:19 +0000 Subject: [PATCH 2/2] feat(rme): add dummy realm attestation key to RMMD Add a dummy realm attestation key to RMMD, and return it on request. The realm attestation key is requested with an SMC with the following parameters: * Fid (0xC400001B2). * Attestation key buffer PA (the realm attestation key is copied at this address by the monitor). * Attestation key buffer length as input and size of realm attesation key as output. * Type of elliptic curve. Signed-off-by: Tamas Ban Signed-off-by: Subhasish Ghosh Signed-off-by: Soby Mathew Change-Id: I12d8d98fd221f4638ef225c9383374ddf6e65eac --- docs/getting_started/porting-guide.rst | 28 ++++++++++++- include/plat/common/platform.h | 3 ++ include/services/rmmd_svc.h | 20 +++++++++- plat/arm/board/fvp/fvp_realm_attest_key.c | 35 +++++++++++++++++ plat/arm/board/fvp/platform.mk | 3 +- services/std_svc/rmmd/rmmd_attest.c | 48 +++++++++++++++++++++++ services/std_svc/rmmd/rmmd_main.c | 3 ++ services/std_svc/rmmd/rmmd_private.h | 2 + 8 files changed, 139 insertions(+), 3 deletions(-) create mode 100644 plat/arm/board/fvp/fvp_realm_attest_key.c diff --git a/docs/getting_started/porting-guide.rst b/docs/getting_started/porting-guide.rst index d935436b8..3d3b2e3e3 100644 --- a/docs/getting_started/porting-guide.rst +++ b/docs/getting_started/porting-guide.rst @@ -2043,6 +2043,32 @@ The parameters of the function are: The function returns 0 on success, -EINVAL on failure. +Function : plat_get_cca_realm_attest_key() [mandatory when ENABLE_RME == 1] +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +:: + + Argument : uintptr_t, size_t *, unsigned int + Return : int + +This function returns the delegated realm attestation key which will be used to +sign Realm attestation token. The API currently only supports P-384 ECC curve +key. + +The parameters of the function are: + + arg0 - A pointer to the buffer where the attestation key should be copied + by this function. The buffer must be big enough to hold the + attestation key. + + arg1 - Contains the size (in bytes) of the buffer passed in arg0. The + function returns the attestation key length in this parameter. + + arg2 - The type of the elliptic curve to which the requested attestation key + belongs. + +The function returns 0 on success, -EINVAL on failure. + Function : bl31_plat_enable_mmu [optional] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -3180,7 +3206,7 @@ amount of open resources per driver. -------------- -*Copyright (c) 2013-2021, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.* .. _PSCI: http://infocenter.arm.com/help/topic/com.arm.doc.den0022c/DEN0022C_Power_State_Coordination_Interface.pdf .. _Arm Generic Interrupt Controller version 2.0 (GICv2): http://infocenter.arm.com/help/topic/com.arm.doc.ihi0048b/index.html diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h index 9deb33dfd..766450901 100644 --- a/include/plat/common/platform.h +++ b/include/plat/common/platform.h @@ -307,6 +307,9 @@ plat_local_state_t plat_get_target_pwr_state(unsigned int lvl, ******************************************************************************/ int plat_get_cca_attest_token(uintptr_t buf, size_t *len, uintptr_t hash, size_t hash_size); +int plat_get_cca_realm_attest_key(uintptr_t buf, size_t *len, + unsigned int type); + /******************************************************************************* * Optional BL31 functions (may be overridden) ******************************************************************************/ diff --git a/include/services/rmmd_svc.h b/include/services/rmmd_svc.h index 9b4c39fc8..2fbdddd43 100644 --- a/include/services/rmmd_svc.h +++ b/include/services/rmmd_svc.h @@ -97,6 +97,25 @@ #define SHA384_DIGEST_SIZE 48U #define SHA512_DIGEST_SIZE 64U +/* + * Retrieve Realm attestation key from EL3. Only P-384 ECC curve key is + * supported. The arguments to this SMC are : + * arg0 - Function ID. + * arg1 - Realm attestation key buffer Physical address. + * arg2 - Realm attestation key buffer size (in bytes). + * arg3 - The type of the elliptic curve to which the requested + * attestation key belongs to. The value should be one of the + * defined curve types. + * The return arguments are : + * ret0 - Status / error. + * ret1 - Size of the realm attestation key if successful. + */ +#define RMMD_ATTEST_GET_REALM_KEY RMM_FID(SMC_64, ATTEST_GET_REALM_KEY) + +/* ECC Curve types for attest key generation */ +#define ATTEST_KEY_CURVE_ECC_SECP384R1 0 + + #ifndef __ASSEMBLER__ #include @@ -120,5 +139,4 @@ uint64_t rmmd_rmm_el3_handler(uint32_t smc_fid, uint64_t flags); #endif /* __ASSEMBLER__ */ - #endif /* RMMD_SVC_H */ diff --git a/plat/arm/board/fvp/fvp_realm_attest_key.c b/plat/arm/board/fvp/fvp_realm_attest_key.c new file mode 100644 index 000000000..b32f557f5 --- /dev/null +++ b/plat/arm/board/fvp/fvp_realm_attest_key.c @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2022, ARM Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include +#include +#include +#include +#include +#include + +static uint8_t sample_attest_priv_key[] = { + 0x20, 0x11, 0xC7, 0xF0, 0x3C, 0xEE, 0x43, 0x25, 0x17, 0x6E, + 0x52, 0x4F, 0x03, 0x3C, 0x0C, 0xE1, 0xE2, 0x1A, 0x76, 0xE6, + 0xC1, 0xA4, 0xF0, 0xB8, 0x39, 0xAA, 0x1D, 0xF6, 0x1E, 0x0E, + 0x8A, 0x5C, 0x8A, 0x05, 0x74, 0x0F, 0x9B, 0x69, 0xEF, 0xA7, + 0xEB, 0x1A, 0x41, 0x85, 0xBD, 0x11, 0x7F, 0x68 +}; + +int plat_get_cca_realm_attest_key(uintptr_t buf, size_t *len, unsigned int type) +{ + assert(type == ATTEST_KEY_CURVE_ECC_SECP384R1); + + if (*len < sizeof(sample_attest_priv_key)) { + return -EINVAL; + } + + (void)memcpy((void *)buf, sample_attest_priv_key, + sizeof(sample_attest_priv_key)); + *len = sizeof(sample_attest_priv_key); + + return 0; +} diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk index 895d77309..c9f555120 100644 --- a/plat/arm/board/fvp/platform.mk +++ b/plat/arm/board/fvp/platform.mk @@ -193,7 +193,8 @@ endif ifeq (${ENABLE_RME},1) BL2_SOURCES += plat/arm/board/fvp/aarch64/fvp_helpers.S -BL31_SOURCES += plat/arm/board/fvp/fvp_plat_attest_token.c +BL31_SOURCES += plat/arm/board/fvp/fvp_plat_attest_token.c \ + plat/arm/board/fvp/fvp_realm_attest_key.c endif ifeq (${BL2_AT_EL3},1) diff --git a/services/std_svc/rmmd/rmmd_attest.c b/services/std_svc/rmmd/rmmd_attest.c index d111b88b0..0432ec3a9 100644 --- a/services/std_svc/rmmd/rmmd_attest.c +++ b/services/std_svc/rmmd/rmmd_attest.c @@ -116,3 +116,51 @@ int rmmd_attest_get_platform_token(uint64_t buf_pa, uint64_t *buf_len, uint64_t return err; } +int rmmd_attest_get_signing_key(uint64_t buf_pa, uint64_t *buf_len, + uint64_t ecc_curve) +{ + int err; + uintptr_t va; + + /* + * TODO: Currently we don't validate incoming buf_pa. This is a + * prototype and we will need to allocate static buffer for EL3-RMM + * communication. + */ + + /* We need a page of buffer to pass data */ + if (*buf_len != PAGE_SIZE) { + ERROR("Invalid buffer length\n"); + return RMMD_ERR_INVAL; + } + + if (ecc_curve != ATTEST_KEY_CURVE_ECC_SECP384R1) { + ERROR("Invalid ECC curve specified\n"); + return RMMD_ERR_INVAL; + } + + spin_lock(&lock); + + /* Map the buffer that was provided by the RMM. */ + err = mmap_add_dynamic_region_alloc_va(buf_pa, &va, PAGE_SIZE, + MT_RW_DATA | MT_REALM); + if (err != 0) { + ERROR("mmap_add_dynamic_region_alloc_va failed: %d (%p).\n" + , err, (void *)buf_pa); + spin_unlock(&lock); + return RMMD_ERR_NOMEM; + } + + /* Get the Realm attestation key. */ + err = plat_get_cca_realm_attest_key(va, buf_len, (unsigned int)ecc_curve); + if (err != 0) { + ERROR("Failed to get attestation key: %d.\n", err); + err = RMMD_ERR_UNK; + } + + /* Unmap RMM memory. */ + (void)mmap_remove_dynamic_region(va, PAGE_SIZE); + spin_unlock(&lock); + + return err; +} diff --git a/services/std_svc/rmmd/rmmd_main.c b/services/std_svc/rmmd/rmmd_main.c index c59e68a6a..cf5ff7bf4 100644 --- a/services/std_svc/rmmd/rmmd_main.c +++ b/services/std_svc/rmmd/rmmd_main.c @@ -375,6 +375,9 @@ uint64_t rmmd_rmm_el3_handler(uint32_t smc_fid, uint64_t x1, uint64_t x2, case RMMD_ATTEST_GET_PLAT_TOKEN: ret = rmmd_attest_get_platform_token(x1, &x2, x3); SMC_RET2(handle, ret, x2); + case RMMD_ATTEST_GET_REALM_KEY: + ret = rmmd_attest_get_signing_key(x1, &x2, x3); + SMC_RET2(handle, ret, x2); default: WARN("RMMD: Unsupported RMM-EL3 call 0x%08x\n", smc_fid); SMC_RET1(handle, SMC_UNK); diff --git a/services/std_svc/rmmd/rmmd_private.h b/services/std_svc/rmmd/rmmd_private.h index d7ef4e1b3..73df2b8bc 100644 --- a/services/std_svc/rmmd/rmmd_private.h +++ b/services/std_svc/rmmd/rmmd_private.h @@ -54,6 +54,8 @@ __dead2 void rmmd_rmm_sync_exit(uint64_t rc); /* Functions implementing attestation utilities for RMM */ int rmmd_attest_get_platform_token(uint64_t buf_pa, uint64_t *buf_len, uint64_t challenge_hash_len); +int rmmd_attest_get_signing_key(uint64_t buf_pa, uint64_t *buf_len, + uint64_t ecc_curve); /* Assembly helpers */ uint64_t rmmd_rmm_enter(uint64_t *c_rt_ctx);