Made measurement strings compliant to Server Base Security Guide
(SBSG, Arm DEN 0086) hence updated measurement strings for BL32, BL31,
and SCP_BL2 images. As the GPT image is not get measured by BL2 so
removed its measurement string.
Also, namespaced measurement string defines that were looking quite
generic.
Change-Id: Iaa17c0cfeee3d06dc822eff2bd553da23bd99b76
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Introduced functions to set and get Event log information
(tpm_event_log address and its size).
In FVP platform case, measured boot with Event Log backend flow
work as below
1. event_log_init function called by BL1 to initialize Event Log
module
2. arm_set_tb_fw_info function called by BL1 to set the
'tpm_event_log_addr' and 'tpm_event_log_size' properties
in tb_fw_config
3. arm_get_tb_fw_info function called by BL2 to get tpm Event Log
parameters set by BL1. These parameters used by the BL2 to
extend the tpm Event Log records, and use these parameters
to initialize Event Log using event_log_init function
4. arm_set_nt_fw_info and arm_set_tos_fw_info function called by
BL2 to set 'tpm_event_log' address and its size properties in
nt_fw_config and tos_fw_config respectively
Alongside, this patch created a separate instances of plat_mboot_init
and plat_mboot_finish APIs for BL1 and BL2.
This patch is tested using the existing measured boot test configuration
in jenkins CI.
Change-Id: Ib9eca092afe580df014541c937868f921dff9c37
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Making tb_fw_config ready to pass the Event Log base address
and size information to BL2.
Change-Id: I5dd0e79007e3848b5d6d0e69275a46c2e9807a98
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
It looks safer and cleaner approach to record the measurement taken by
BL1 straightaway in TCG Event Log instead of deferring these recordings
to BL2.
Hence pull in the full-fledged measured boot driver into BL1 that
replaces the former ad-hoc platform interfaces i.e.
bl1_plat_set_bl2_hash, bl2_plat_get_hash.
As a result of this change the BL1 of Arm FVP platform now do the
measurements and recordings of below images:
1. FW_CONFIG
2. TB_FW_CONFIG
3. BL2
Change-Id: I798c20336308b5e91b547da4f8ed57c24d490731
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Currently, the Event Log driver does platform layer work by invoking
a few platform functions in the 'event_log_finalise' call. Doing
platform work does not seem to be the driver's responsibility, hence
moved 'event_log_finalise' function's implementation to the platform
layer.
Alongside, introduced few Event Log driver functions and done
some cosmetic changes.
Change-Id: I486160e17e5b0677c734fd202af7ccd85476a551
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Subsequent patches will provide a solution to do the BL2 hash measurement
and recording in BL1 itself, hence in preparation to adopt that solution
remove the logic of passing BL2 hash measurement to BL2 component
via TB_FW config.
Change-Id: Iff9b3d4c6a236a33b942898fcdf799cbab89b724
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Right now, event_log_init() does 2 things:
1) It writes all the necessary TCG data structures in the event log buffer.
2) It writes the first measurement (BL2's).
Step 2) introduces in the TCG event log driver an assumption on what
is getting measured and in what order. Ideally, the driver should only
be concerned about generic operations, such as initializing the event
log or recording a measurement in it. As much as possible, we should
design the driver such that it could be reused in another project that
has a different measure boot flow.
For these reasons, move step 2) up to the caller, plat_mboot_init() in
this case. Make event_log_record() a public function for this purpose.
This refactoring will also help when we make BL1 record BL2's
measurement into the event log (instead of BL2). Both BL1 and BL2 will
need to call the driver's init function but only BL1 will need
recording BL2's measurement. We can handle this through different
implementations of plat_mboot_init() for BL1 and BL2, leaving the TCG
event log driver unchanged.
Change-Id: I358e097c1eedb54f82b866548dfc6bcade83d519
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
To a layman in TCG linguo, add_event2() is not straight forward to
understand. Rename the function into event_log_record().
Change-Id: I75d53a656425cd78a41ebf2c4c4e4e57687adc0d
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Right now, the assumption is that the platform post-load hook takes
care of measuring the image that just got loaded. This is how it's
implemented on FVP.
This patch moves the measurement into the generic code
instead. load_auth_image() now calls plat_mboot_measure_image(),
which is a new platform interface introduced in this patch to measure
an image. This is called just after authenticating the image.
Implement plat_mboot_measure_image() for the Arm FVP platform. The code
is copied straight from the post-load hook.
As a result, the FVP specific implementation of
arm_bl2_plat_handle_post_image_load() is no longer needed. We can go
back to using the Arm generic implementation of it.
Change-Id: I7b4b8d28941a865e10af9d0eadaf2e4850942090
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
With the removal of the generic functions measured_boot_init()/finish(),
measured_boot.mk becomes specific to the TCG event log backend. Change
its file name to event_log.mk.
Also, the Event Log driver is one of the backend of measured boot hence
created a separate folder for it under the measured_boot directory.
Alongside done some cosmetic changes (adding a comment and fixing
identation).
Change-Id: I4ce3300e6958728dc15ca5cced09eaa01510606c
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Right now, the measured boot driver is strongly coupled with the TCG
event log driver. It would not be possible to push the measurements
somewhere else, for instance to a physical TPM.
To enable this latter use case, turn the driver's init and teardown
functions into platform hooks. Call them bl2_plat_mboot_init()/finish().
This allows each platform to implement them appropriately, depending on
the type of measured boot backend they use. For example, on a platform
with a physical TPM, the plat_mboot_init() hook would startup the TPM
and setup it underlying bus (e.g. SPI).
Move the current implementation of the init and teardown function to the
FVP platform layer.
Finally move the conditional compilation logic (#if MEASURED_BOOT) out
of bl2_main() to improve its readability. Provide a dummy implementation
in the case measured boot is not included in the build.
Change-Id: Ib6474cb5a9c1e3d4a30c7f228431b22d1a6e85e3
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
tpm_record_measurement() function name suggests that:
- It only records a measurement but does not compute it.
This is not the case, the function does both.
- It stores this measurement into a TPM (discrete chip or fTPM).
This is not the case either, the measurement is just stored into
the event log, which is a data structure hold in memory, there is
no TPM involvement here.
To better convey the intent of the function, rename it into
event_log_measure_and_record().
Change-Id: I0102eeda477d6c6761151ac96759b31b6997e9fb
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
The mvebu_a3700_comphy_pcie_power_on() function does not configure the
PHY selector explicitly, it relies on the register default value.
Configure the PHY selector just in case someone changed the default
value.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I54048b4bb7a5eced36f7fe6592ebe108f978fff0
Use low to high gpio sequence to reboot/shutdown qemu machine.
Use low to high gpio pins level change which will cause an interrupt
in qemu virt platform. This change will supported with next qemu 6.1
release once patchset:
hw/arm: Make virt board secure powerdown/reset work
will be merged.
Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
CC: Peter Maydell <peter.maydell@linaro.org>
Change-Id: I70979517358c3b587722b2dcb33f63d29bf79d9b
Add support for Globalscale MOCHAbin board.
Its based on Armada 7040 SoC and ships in multiple DRAM options:
* 2GB DDR4 (1CS)
* 4GB DDR4 (1CS)
* 8GB DDR4 (2CS)
Since it ships in multiple DRAM configurations, an
Armada 3k style DDR_TOPOLOGY variable is added.
Currently, this only has effect on the MOCHAbin, but
I expect more boards with multiple DRAM sizes to be
supported.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Change-Id: I8a1ec9268fed34f6a81c5cbf1e891f638d461305
In order to enable OCRAM ECC, it need to be initialized
with 64-bit writes and then a write performed to address
0x0010_0534 with the value 0x0000_0008.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Id7d4f5df65ca52f24e9251c08a75ad2006451b95
Fix the error that no "gpio_init_data" is defined when
build with "FUSE_PROG=1".
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I0ba8005725fe33c6d8e68b4d52539f5d5d749f1a
Fix compile warning that ‘mask’ may be used uninitialized.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I75a443dbc36d7bd174fe317616fd95cd096306fc
Avoid compilation errors with -Wsign-compare :
"comparison of integer expressions of different signedness"
by changing type of num to uint32_t.
And change init_load_addr check.
Change-Id: I891e4a288a964ffdb52129813ba8652c5bcf85b2
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Commit 434d0491c5 ("refactor(makefile): remove BL prefixes in build
macros") changed the MAKE_S macro to expect "bl31" instead of just "31".
Adjust our calls to MAKE_S and MAKE_LD to fix the build for arm_fpga.
Change-Id: I2743e421c10eaecb39bfa4515ea049a1b8d18fcb
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Due to patch [1], the bl prefix was removed from the build macros.
It should then add explicitly when compiling stm32mp1.ld.S.
[1] 434d0491c5 ("refactor(makefile): remove BL prefixes in build macros")
Change-Id: I298dba2a7c958dd4ea6429c83ed4b1ee97e1735f
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add casts where required to avoid compialtion error when enabling
-Wsign-compare in shared resources file.
The assert is also corrected to match the correct range (change ||
to &&).
Change-Id: Ie4c9c0c935d39ff9a2165b909172aacb3e94ab4d
Signed-off-by: Yann Gautier <yann.gautier@st.com>
* changes:
refactor(gpt): productize and refactor GPT library
feat(rme): disable Watchdog for Arm platforms if FEAT_RME enabled
docs(rme): add build and run instructions for FEAT_RME
fix(plat/fvp): bump BL2 stack size
fix(plat/fvp): allow changing the kernel DTB load address
refactor(plat/arm): rename ARM_DTB_DRAM_NS region macros
refactor(plat/fvp): update FVP platform DTS for FEAT_RME
feat(plat/arm): add GPT initialization code for Arm platforms
feat(plat/fvp): add memory map for FVP platform for FEAT_RME
refactor(plat/arm): modify memory region attributes to account for FEAT_RME
feat(plat/fvp): add RMM image support for FVP platform
feat(rme): add GPT Library
feat(rme): add ENABLE_RME build option and support for RMM image
refactor(makefile): remove BL prefixes in build macros
feat(rme): add context management changes for FEAT_RME
feat(rme): add Test Realm Payload (TRP)
feat(rme): add RMM dispatcher (RMMD)
feat(rme): run BL2 in root world when FEAT_RME is enabled
feat(rme): add xlat table library changes for FEAT_RME
feat(rme): add Realm security state definition
feat(rme): add register definitions and helper functions for FEAT_RME
Following system registers are modified before exiting EL2 to allow
u-boot/Linux to boot
1. CNTHCTL_EL2.EL1PCTEN -> 1
Allows U-boot to use physical counters at EL1
2. VTCR_EL2.MSA -> 1
Enables VMSA at EL1, which is required by U-Boot and Linux.
3. HCR_EL2.APK = 1 & HCR_EL2.API = 1
Disables PAuth instruction and register traps in EL1
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I58f45b6669a9ad1debb80265b243015c054a9bb1
fvp_r is a unique platform which does not have BL2 binary and image
loading functionality is performed by BL1 itself. To avoid
generating certificate for BL2 there was platform specific check
added which looks bit ugly, replacing that check.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I11360fa753f847768906c42dce652296245b4a63
In later patch tbbr_tools.mk requires NEED_BL2 definition which is
defined after inclusion of this mk file.
Move NEED_<IMAGE> definitions earlier to their use
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ieff999b255690755779d0cd35d5aba2d3794873c
Now lx2 which use MT35XU512A supports warm boot, fix the macro
define caused by the commit:
feat(driver/nxp/xspi): add MT35XU02G flash info
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I83eb8cb9a30ac7c7efd5a010acbd03eddebed52b
An STM32 image with the awaited header major version shouldn't be forbid
to boot. If the minor differs, then it means only non-mandatory options
have been added in the reserved fields, and the header remains backward
compatible.
Change-Id: Iff16b67f95c728e2f1d128bd1760a4be497c5ca3
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add enable bit mask description because power switches
are not all enabled by bit 0.
Signed-off-by: Pascal Paillet <p.paillet@st.com>
Change-Id: If7c9ae7d800adee8e25416ca35db1be20452741f
Use errno values, or the return of called functions, instead of -1.
Correct some MISRA issues, like braces.
Change-Id: If7b53de5cbfb4d2c9979bce0e594dd92bf07a77a
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Use BIT and GENMASK macros to ease stpmic1.h reading.
Change-Id: I808a62818d4188bb2f3686ab37518d369b6c41cb
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
On battery powered systems the RTC keeps the date/time across
system reboot.
The RTC clock should not be disabled otherwise the date/time
counter gets stopped.
Tag RTC clock as always on.
Signed-off-by: HE Shushan <shushan.he@st.com>
Signed-off-by: Antonio Borneo <antonio.borneo@foss.st.com>
Change-Id: I6455c3c740d2e5add28255eb84f8ebaf2870d9d8
Manish V Badarkhe
Sandrine Bailleux
Pali Rohár
Usama Arif
Manish Pandey
Maxim Uvarov
Robert Marko
André Przywara
Jiafei Pan
Mark Dykes
Joanna Farley
Yann Gautier
Bipin Ravi
Soby Mathew
Pankaj Gupta
Nicolas Le Bayon
Pascal Paillet
Yann Gautier
HE Shushan