diff --git a/include/lib/fconf/fconf_tbbr_getter.h b/include/lib/fconf/fconf_tbbr_getter.h index 6066af6df..db98b68b0 100644 --- a/include/lib/fconf/fconf_tbbr_getter.h +++ b/include/lib/fconf/fconf_tbbr_getter.h @@ -23,9 +23,6 @@ struct tbbr_dyn_config_t { uint32_t disable_auth; void *mbedtls_heap_addr; size_t mbedtls_heap_size; -#if MEASURED_BOOT - uint8_t bl2_hash_data[TCG_DIGEST_SIZE]; -#endif }; extern struct tbbr_dyn_config_t tbbr_dyn_config; diff --git a/include/plat/arm/common/arm_dyn_cfg_helpers.h b/include/plat/arm/common/arm_dyn_cfg_helpers.h index 34bf07c0d..ff00fe7be 100644 --- a/include/plat/arm/common/arm_dyn_cfg_helpers.h +++ b/include/plat/arm/common/arm_dyn_cfg_helpers.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2018-2021, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -14,8 +14,4 @@ int arm_dyn_tb_fw_cfg_init(void *dtb, int *node); int arm_set_dtb_mbedtls_heap_info(void *dtb, void *heap_addr, size_t heap_size); -#if MEASURED_BOOT -int arm_set_bl2_hash_info(void *dtb, void *data); -#endif - #endif /* ARM_DYN_CFG_HELPERS_H */ diff --git a/include/plat/arm/common/plat_arm.h b/include/plat/arm/common/plat_arm.h index 1500ed379..57e6953ab 100644 --- a/include/plat/arm/common/plat_arm.h +++ b/include/plat/arm/common/plat_arm.h @@ -250,9 +250,6 @@ void arm_bl1_set_mbedtls_heap(void); int arm_get_mbedtls_heap(void **heap_addr, size_t *heap_size); #if MEASURED_BOOT -/* Measured boot related functions */ -void arm_bl1_set_bl2_hash(const image_desc_t *image_desc); -void arm_bl2_get_hash(void *data); int arm_set_tos_fw_info(uintptr_t config_base, uintptr_t log_addr, size_t log_size); int arm_set_nt_fw_info(uintptr_t config_base, diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h index bbf8ee80c..c7c4dcb39 100644 --- a/include/plat/common/platform.h +++ b/include/plat/common/platform.h @@ -181,14 +181,6 @@ __dead2 void bl1_plat_fwu_done(void *client_cookie, void *reserved); int bl1_plat_handle_pre_image_load(unsigned int image_id); int bl1_plat_handle_post_image_load(unsigned int image_id); -#if MEASURED_BOOT -/* - * Calculates and writes BL2 hash data to the platform's defined location. - * For ARM platforms the data are written to TB_FW_CONFIG DTB. - */ -void bl1_plat_set_bl2_hash(const image_desc_t *image_desc); -#endif - /******************************************************************************* * Mandatory BL2 functions ******************************************************************************/ @@ -208,9 +200,6 @@ int bl2_plat_handle_post_image_load(unsigned int image_id); * Optional BL2 functions (may be overridden) ******************************************************************************/ #if MEASURED_BOOT -/* Read TCG_DIGEST_SIZE bytes of BL2 hash data */ -void bl2_plat_get_hash(void *data); - void bl2_plat_mboot_init(void); void bl2_plat_mboot_finish(void); int plat_mboot_measure_image(unsigned int image_id); diff --git a/lib/fconf/fconf_tbbr_getter.c b/lib/fconf/fconf_tbbr_getter.c index 9a20ced4e..6f043e645 100644 --- a/lib/fconf/fconf_tbbr_getter.c +++ b/lib/fconf/fconf_tbbr_getter.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019-2020, ARM Limited. All rights reserved. + * Copyright (c) 2019-2021, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -71,26 +71,13 @@ int fconf_populate_tbbr_dyn_config(uintptr_t config) } tbbr_dyn_config.mbedtls_heap_size = val32; -#if MEASURED_BOOT - /* Retrieve BL2 hash data details from the DTB */ - err = fdtw_read_bytes(dtb, node, "bl2_hash_data", TCG_DIGEST_SIZE, - &tbbr_dyn_config.bl2_hash_data); - if (err < 0) { - ERROR("FCONF: Read %s failed for '%s'\n", - "bytes", "bl2_hash_data"); - return err; - } -#endif VERBOSE("%s%s%s %d\n", "FCONF: `tbbr.", "disable_auth", "` cell found with value =", tbbr_dyn_config.disable_auth); VERBOSE("%s%s%s %p\n", "FCONF: `tbbr.", "mbedtls_heap_addr", "` cell found with value =", tbbr_dyn_config.mbedtls_heap_addr); VERBOSE("%s%s%s %zu\n", "FCONF: `tbbr.", "mbedtls_heap_size", "` cell found with value =", tbbr_dyn_config.mbedtls_heap_size); -#if MEASURED_BOOT - VERBOSE("%s%s%s %p\n", "FCONF: `tbbr.", "bl2_hash_data", - "` array found at address =", tbbr_dyn_config.bl2_hash_data); -#endif + return 0; } diff --git a/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts b/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts index 08d3c32ea..9e5b59a71 100644 --- a/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts +++ b/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts @@ -26,19 +26,6 @@ */ mbedtls_heap_addr = <0x0 0x0>; mbedtls_heap_size = <0x0>; - -#if MEASURED_BOOT - /* BL2 image hash calculated by BL1 */ - bl2_hash_data = [ - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 -#if BL2_HASH_SIZE > 32 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 -#if BL2_HASH_SIZE > 48 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 -#endif /* > 48 */ -#endif /* > 32 */ - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00]; -#endif /* MEASURED_BOOT */ }; /* diff --git a/plat/arm/board/fvp/fvp_bl1_setup.c b/plat/arm/board/fvp/fvp_bl1_setup.c index 06ee037dc..59fc0f326 100644 --- a/plat/arm/board/fvp/fvp_bl1_setup.c +++ b/plat/arm/board/fvp/fvp_bl1_setup.c @@ -76,63 +76,6 @@ __dead2 void bl1_plat_fwu_done(void *client_cookie, void *reserved) wfi(); } -#if MEASURED_BOOT -/* - * Calculates and writes BL2 hash data to TB_FW_CONFIG DTB. - */ -void bl1_plat_set_bl2_hash(const image_desc_t *image_desc) -{ - arm_bl1_set_bl2_hash(image_desc); -} - -/* - * Implementation for bl1_plat_handle_post_image_load(). This function - * populates the default arguments to BL2. The BL2 memory layout structure - * is allocated and the calculated layout is populated in arg1 to BL2. - */ -int bl1_plat_handle_post_image_load(unsigned int image_id) -{ - meminfo_t *bl2_tzram_layout; - meminfo_t *bl1_tzram_layout; - image_desc_t *image_desc; - entry_point_info_t *ep_info; - - if (image_id != BL2_IMAGE_ID) { - return 0; - } - - /* Get the image descriptor */ - image_desc = bl1_plat_get_image_desc(BL2_IMAGE_ID); - assert(image_desc != NULL); - - /* Calculate BL2 hash and set it in TB_FW_CONFIG */ - bl1_plat_set_bl2_hash(image_desc); - - /* Get the entry point info */ - ep_info = &image_desc->ep_info; - - /* Find out how much free trusted ram remains after BL1 load */ - bl1_tzram_layout = bl1_plat_sec_mem_layout(); - - /* - * Create a new layout of memory for BL2 as seen by BL1 i.e. - * tell it the amount of total and free memory available. - * This layout is created at the first free address visible - * to BL2. BL2 will read the memory layout before using its - * memory for other purposes. - */ - bl2_tzram_layout = (meminfo_t *)bl1_tzram_layout->total_base; - - bl1_calc_bl2_mem_layout(bl1_tzram_layout, bl2_tzram_layout); - - ep_info->args.arg1 = (uintptr_t)bl2_tzram_layout; - - VERBOSE("BL1: BL2 memory layout address = %p\n", - (void *)bl2_tzram_layout); - return 0; -} -#endif /* MEASURED_BOOT */ - /******************************************************************************* * The following function checks if Firmware update is needed by checking error * reported in NV flag. diff --git a/plat/arm/board/fvp/fvp_measured_boot.c b/plat/arm/board/fvp/fvp_measured_boot.c index 24885f502..f0de7521e 100644 --- a/plat/arm/board/fvp/fvp_measured_boot.c +++ b/plat/arm/board/fvp/fvp_measured_boot.c @@ -45,16 +45,7 @@ const measured_boot_data_t *plat_get_measured_boot_data(void) void bl2_plat_mboot_init(void) { - uint8_t bl2_hash[TCG_DIGEST_SIZE]; - event_log_init(); - - /* Get BL2 hash from DTB */ - /* TODO: Avoid the extra copy of the hash buffer */ - bl2_plat_get_hash(bl2_hash); - - /* Add BL2 event */ - event_log_record(bl2_hash, &fvp_images_data[0]); } void bl2_plat_mboot_finish(void) diff --git a/plat/arm/common/arm_bl2_setup.c b/plat/arm/common/arm_bl2_setup.c index 2871b1bf0..08c014d8e 100644 --- a/plat/arm/common/arm_bl2_setup.c +++ b/plat/arm/common/arm_bl2_setup.c @@ -48,9 +48,6 @@ CASSERT(BL2_BASE >= ARM_FW_CONFIG_LIMIT, assert_bl2_base_overflows); #pragma weak bl2_platform_setup #pragma weak bl2_plat_arch_setup #pragma weak bl2_plat_sec_mem_layout -#if MEASURED_BOOT -#pragma weak bl2_plat_get_hash -#endif #if ENABLE_RME #define MAP_BL2_TOTAL MAP_REGION_FLAT( \ @@ -323,11 +320,3 @@ int bl2_plat_handle_post_image_load(unsigned int image_id) { return arm_bl2_plat_handle_post_image_load(image_id); } - -#if MEASURED_BOOT -/* Read TCG_DIGEST_SIZE bytes of BL2 hash data */ -void bl2_plat_get_hash(void *data) -{ - arm_bl2_get_hash(data); -} -#endif diff --git a/plat/arm/common/arm_dyn_cfg.c b/plat/arm/common/arm_dyn_cfg.c index 30473be31..6aae9ae59 100644 --- a/plat/arm/common/arm_dyn_cfg.c +++ b/plat/arm/common/arm_dyn_cfg.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2018-2021, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -15,10 +15,6 @@ #include #if TRUSTED_BOARD_BOOT #include -#if MEASURED_BOOT -#include -#include -#endif #endif #include #include @@ -115,82 +111,13 @@ void arm_bl1_set_mbedtls_heap(void) * images. It's critical because BL2 won't be able to proceed * without the heap info. * - * In MEASURED_BOOT case flushing is done in - * arm_bl1_set_bl2_hash() function which is called after heap - * information is written in the DTB. + * In MEASURED_BOOT case flushing is done in a function which + * is called after heap information is written in the DTB. */ flush_dcache_range(tb_fw_cfg_dtb, fdt_totalsize(dtb)); #endif /* !MEASURED_BOOT */ } } - -#if MEASURED_BOOT -/* - * Calculates and writes BL2 hash data to TB_FW_CONFIG DTB. - * Executed only from BL1. - */ -void arm_bl1_set_bl2_hash(const image_desc_t *image_desc) -{ - unsigned char hash_data[MBEDTLS_MD_MAX_SIZE]; - const image_info_t image_info = image_desc->image_info; - uintptr_t tb_fw_cfg_dtb; - int err; - const struct dyn_cfg_dtb_info_t *tb_fw_config_info; - - tb_fw_config_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, TB_FW_CONFIG_ID); - assert(tb_fw_config_info != NULL); - - tb_fw_cfg_dtb = tb_fw_config_info->config_addr; - - /* - * If tb_fw_cfg_dtb==NULL then DTB is not present for the current - * platform. As such, we cannot write to the DTB at all and pass - * measured data. - */ - if (tb_fw_cfg_dtb == 0UL) { - panic(); - } - - /* Calculate hash */ - err = crypto_mod_calc_hash(MBEDTLS_MD_ID, - (void *)image_info.image_base, - image_info.image_size, hash_data); - if (err != 0) { - ERROR("%scalculate%s\n", "BL1: unable to ", - " BL2 hash"); - panic(); - } - - err = arm_set_bl2_hash_info((void *)tb_fw_cfg_dtb, hash_data); - if (err < 0) { - ERROR("%swrite%sdata%s\n", "BL1: unable to ", - " BL2 hash ", "to DTB\n"); - panic(); - } - - /* - * Ensure that the info written to the DTB is visible to other - * images. It's critical because BL2 won't be able to proceed - * without the heap info and its hash data. - */ - flush_dcache_range(tb_fw_cfg_dtb, fdt_totalsize((void *)tb_fw_cfg_dtb)); -} - -/* - * Reads TCG_DIGEST_SIZE bytes of BL2 hash data from the DTB. - * Executed only from BL2. - */ -void arm_bl2_get_hash(void *data) -{ - const void *bl2_hash; - - assert(data != NULL); - - /* Retrieve TCG_DIGEST_SIZE bytes of BL2 hash data from the DTB */ - bl2_hash = FCONF_GET_PROPERTY(tbbr, dyn_config, bl2_hash_data); - (void)memcpy(data, bl2_hash, TCG_DIGEST_SIZE); -} -#endif /* MEASURED_BOOT */ #endif /* TRUSTED_BOARD_BOOT */ /* diff --git a/plat/arm/common/arm_dyn_cfg_helpers.c b/plat/arm/common/arm_dyn_cfg_helpers.c index 5f20c8d48..8ebb6d602 100644 --- a/plat/arm/common/arm_dyn_cfg_helpers.c +++ b/plat/arm/common/arm_dyn_cfg_helpers.c @@ -20,18 +20,15 @@ #define DTB_PROP_MBEDTLS_HEAP_SIZE "mbedtls_heap_size" #if MEASURED_BOOT -#define DTB_PROP_BL2_HASH_DATA "bl2_hash_data" #ifdef SPD_opteed /* * Currently OP-TEE does not support reading DTBs from Secure memory * and this property should be removed when this feature is supported. */ #define DTB_PROP_HW_SM_LOG_ADDR "tpm_event_log_sm_addr" -#endif +#endif /* SPD_opteed */ #define DTB_PROP_HW_LOG_ADDR "tpm_event_log_addr" #define DTB_PROP_HW_LOG_SIZE "tpm_event_log_size" - -static int dtb_root = -1; #endif /* MEASURED_BOOT */ /******************************************************************************* @@ -81,9 +78,8 @@ int arm_dyn_tb_fw_cfg_init(void *dtb, int *node) */ int arm_set_dtb_mbedtls_heap_info(void *dtb, void *heap_addr, size_t heap_size) { -#if !MEASURED_BOOT int dtb_root; -#endif + /* * Verify that the DTB is valid, before attempting to write to it, * and get the DTB root node. @@ -122,28 +118,6 @@ int arm_set_dtb_mbedtls_heap_info(void *dtb, void *heap_addr, size_t heap_size) } #if MEASURED_BOOT -/* - * This function writes the BL2 hash data in HW_FW_CONFIG DTB. - * When it is called, it is guaranteed that a DTB is available. - * - * This function is supposed to be called only by BL1. - * - * Returns: - * 0 = success - * < 0 = error - */ -int arm_set_bl2_hash_info(void *dtb, void *data) -{ - assert(dtb_root >= 0); - - /* - * Write the BL2 hash data in the DTB. - */ - return fdtw_write_inplace_bytes(dtb, dtb_root, - DTB_PROP_BL2_HASH_DATA, - TCG_DIGEST_SIZE, data); -} - /* * Write the Event Log address and its size in the DTB. * diff --git a/plat/common/plat_bl1_common.c b/plat/common/plat_bl1_common.c index 1c6d68b2b..bcf9f8956 100644 --- a/plat/common/plat_bl1_common.c +++ b/plat/common/plat_bl1_common.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2021, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -27,9 +27,6 @@ #pragma weak bl1_plat_fwu_done #pragma weak bl1_plat_handle_pre_image_load #pragma weak bl1_plat_handle_post_image_load -#if MEASURED_BOOT -#pragma weak bl1_plat_set_bl2_hash -#endif unsigned int bl1_plat_get_next_image_id(void) { @@ -118,12 +115,3 @@ int bl1_plat_handle_post_image_load(unsigned int image_id) (void *) bl2_secram_layout); return 0; } - -#if MEASURED_BOOT -/* - * Calculates and writes BL2 hash data to TB_FW_CONFIG DTB. - */ -void bl1_plat_set_bl2_hash(const image_desc_t *image_desc) -{ -} -#endif