tpm_record_measurement() function name suggests that:
- It only records a measurement but does not compute it.
This is not the case, the function does both.
- It stores this measurement into a TPM (discrete chip or fTPM).
This is not the case either, the measurement is just stored into
the event log, which is a data structure hold in memory, there is
no TPM involvement here.
To better convey the intent of the function, rename it into
event_log_measure_and_record().
Change-Id: I0102eeda477d6c6761151ac96759b31b6997e9fb
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
- In add_event2():
Turn the first error condition checking whether there is room for an
extra event2 data structure into an assertion. The platform layer is
responsible for choosing an appropriate event log buffer size based
on the number of measurements it expects. If this assertion fires,
the platform macro EVENT_LOG_SIZE should be adjusted and the
firmware recompiled.
Call this assumption out in the function documentation.
Also remove the second error condition check, which is a subset of
the first one and thus is redundant.
As a result of these changes, add_event2() can no longer fail. Thus,
change its return type from int to void.
Also, the 'size_of_event' local variable is now unused in release
builds so remove it and move its value into the assertion.
Change-Id: I113fc141de59708b20435a0c7126255561ab7786
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
- In event_log_init():
Throughout the function, we are incrementing a pointer by some fixed
amounts of bytes (corresponding to the size of some data structure or
to some constant number of bytes), there is no variable-size
increments in the picture. Thus it seems pointless to verify that the
pointer has indeed been incremented by this fixed amount of bytes
afterwards.
For this reason, remove these checks altogether. As a result, the
start_ptr local variable is now unused so remove it as well.
Change-Id: I612e2278cd3a63d1417427e45d81e285503f5efe
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Weak definitions are confusing and should be avoided if possible.
Thus, turn plat_get_measured_boot_data() into a strong definition that
platforms must provide (if they need measured boot).
We could have moved the old weak implementation under plat/common as a
sane, default implementation that platforms may pull in if it suits
them. However, this implementation right now simply measures BL2,
which is not enough to get a complete measured boot flow, so this
patch just removes it.
This change only affects the Arm FVP platform, as no other upstream
platform implements measured boot at the moment.
Change-Id: If8680a39ae0ef1044ee981315439d5e0c8461229
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Builds in Debug mode with Measured Boot enabled might run out of trusted
SRAM. This patch allows to change the Log Level at which the Measured Boot
driver will dump the event log, so the latter can be accessed even on
Release builds if necessary, saving space on RAM.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I133689e313776cb3f231b774c26cbca4760fa120
Loop macros make it easier for developers to include new variables to
assert or define and also help code code readability on makefiles.
Change-Id: I0d21d6e67b3eca8976c4d856ac8ccc02c8bb5ffa
Signed-off-by: Leonardo Sandoval <leonardo.sandoval@linaro.org>
This patch adds support for Event Log generation required
for Measured Boot functionality.
Change-Id: I34f05a33565e6659e78499d62cc6fb00b7d6c2dc
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Sandrine Bailleux
Madhukar Pappireddy
Alexei Fedorov
Javier Almansa Sobrino
Leonardo Sandoval