1 /*
2 * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
8 #include <string.h>
9
10 #include <common/debug.h>
11 #include <drivers/measured_boot/metadata.h>
12 #include <measured_boot.h>
13 #include <psa/client.h>
14 #include <psa_manifest/sid.h>
15
16 #include "measured_boot_private.h"
17
print_byte_array(const uint8_t * array __unused,size_t len __unused)18 static void print_byte_array(const uint8_t *array __unused, size_t len __unused)
19 {
20 #if LOG_LEVEL >= LOG_LEVEL_INFO
21 size_t i;
22
23 if (array == NULL || len == 0U) {
24 (void)printf("\n");
25 } else {
26 for (i = 0U; i < len; ++i) {
27 (void)printf(" %02x", array[i]);
28 if ((i & U(0xF)) == U(0xF)) {
29 (void)printf("\n");
30 if (i < (len - 1U)) {
31 INFO("\t\t:");
32 }
33 }
34 }
35 }
36 #endif
37 }
38
log_measurement(uint8_t index,const uint8_t * signer_id,size_t signer_id_size,const uint8_t * version,size_t version_size,const uint8_t * sw_type,size_t sw_type_size,uint32_t measurement_algo,const uint8_t * measurement_value,size_t measurement_value_size,bool lock_measurement)39 static void log_measurement(uint8_t index,
40 const uint8_t *signer_id,
41 size_t signer_id_size,
42 const uint8_t *version, /* string */
43 size_t version_size,
44 const uint8_t *sw_type, /* string */
45 size_t sw_type_size,
46 uint32_t measurement_algo,
47 const uint8_t *measurement_value,
48 size_t measurement_value_size,
49 bool lock_measurement)
50 {
51 INFO("Measured boot extend measurement:\n");
52 INFO(" - slot : %u\n", index);
53 INFO(" - signer_id :");
54 print_byte_array(signer_id, signer_id_size);
55 INFO(" - version : %s\n", version);
56 INFO(" - version_size: %zu\n", version_size);
57 INFO(" - sw_type : %s\n", sw_type);
58 INFO(" - sw_type_size: %zu\n", sw_type_size);
59 INFO(" - algorithm : %x\n", measurement_algo);
60 INFO(" - measurement :");
61 print_byte_array(measurement_value, measurement_value_size);
62 INFO(" - locking : %s\n", lock_measurement ? "true" : "false");
63 }
64
65 psa_status_t
rse_measured_boot_extend_measurement(uint8_t index,const uint8_t * signer_id,size_t signer_id_size,const uint8_t * version,size_t version_size,uint32_t measurement_algo,const uint8_t * sw_type,size_t sw_type_size,const uint8_t * measurement_value,size_t measurement_value_size,bool lock_measurement)66 rse_measured_boot_extend_measurement(uint8_t index,
67 const uint8_t *signer_id,
68 size_t signer_id_size,
69 const uint8_t *version,
70 size_t version_size,
71 uint32_t measurement_algo,
72 const uint8_t *sw_type,
73 size_t sw_type_size,
74 const uint8_t *measurement_value,
75 size_t measurement_value_size,
76 bool lock_measurement)
77 {
78 struct measured_boot_extend_iovec_t extend_iov = {
79 .index = index,
80 .lock_measurement = lock_measurement,
81 .measurement_algo = measurement_algo,
82 .sw_type = {0},
83 .sw_type_size = sw_type_size,
84 };
85
86 if (version_size > VERSION_MAX_SIZE) {
87 return PSA_ERROR_INVALID_ARGUMENT;
88 }
89
90
91 if (version_size > 0 && version[version_size - 1] == '\0') {
92 version_size--;
93 }
94
95 psa_invec in_vec[] = {
96 {.base = &extend_iov,
97 .len = sizeof(struct measured_boot_extend_iovec_t)},
98 {.base = signer_id, .len = signer_id_size},
99 {.base = version, .len = version_size },
100 {.base = measurement_value, .len = measurement_value_size}
101 };
102
103 if (sw_type != NULL) {
104 if (extend_iov.sw_type_size > SW_TYPE_MAX_SIZE) {
105 return PSA_ERROR_INVALID_ARGUMENT;
106 }
107 if (sw_type_size > 0 && sw_type[sw_type_size - 1] == '\0') {
108 extend_iov.sw_type_size--;
109 }
110 memcpy(extend_iov.sw_type, sw_type, extend_iov.sw_type_size);
111 }
112
113 log_measurement(index, signer_id, signer_id_size,
114 version, version_size, sw_type, sw_type_size,
115 measurement_algo, measurement_value,
116 measurement_value_size, lock_measurement);
117
118 return psa_call(RSE_MEASURED_BOOT_HANDLE,
119 RSE_MEASURED_BOOT_EXTEND,
120 in_vec, IOVEC_LEN(in_vec),
121 NULL, 0);
122 }
123
rse_measured_boot_read_measurement(uint8_t index,uint8_t * signer_id,size_t signer_id_size,size_t * signer_id_len,uint8_t * version,size_t version_size,size_t * version_len,uint32_t * measurement_algo,uint8_t * sw_type,size_t sw_type_size,size_t * sw_type_len,uint8_t * measurement_value,size_t measurement_value_size,size_t * measurement_value_len,bool * is_locked)124 psa_status_t rse_measured_boot_read_measurement(uint8_t index,
125 uint8_t *signer_id,
126 size_t signer_id_size,
127 size_t *signer_id_len,
128 uint8_t *version,
129 size_t version_size,
130 size_t *version_len,
131 uint32_t *measurement_algo,
132 uint8_t *sw_type,
133 size_t sw_type_size,
134 size_t *sw_type_len,
135 uint8_t *measurement_value,
136 size_t measurement_value_size,
137 size_t *measurement_value_len,
138 bool *is_locked)
139 {
140 psa_status_t status;
141 struct measured_boot_read_iovec_in_t read_iov_in = {
142 .index = index,
143 .sw_type_size = sw_type_size,
144 .version_size = version_size,
145 };
146
147 struct measured_boot_read_iovec_out_t read_iov_out;
148
149 psa_invec in_vec[] = {
150 {.base = &read_iov_in,
151 .len = sizeof(struct measured_boot_read_iovec_in_t)},
152 };
153
154 psa_outvec out_vec[] = {
155 {.base = &read_iov_out,
156 .len = sizeof(struct measured_boot_read_iovec_out_t)},
157 {.base = signer_id, .len = signer_id_size},
158 {.base = measurement_value, .len = measurement_value_size}
159 };
160
161 status = psa_call(RSE_MEASURED_BOOT_HANDLE, RSE_MEASURED_BOOT_READ,
162 in_vec, IOVEC_LEN(in_vec),
163 out_vec, IOVEC_LEN(out_vec));
164
165 if (status == PSA_SUCCESS) {
166 *is_locked = read_iov_out.is_locked;
167 *measurement_algo = read_iov_out.measurement_algo;
168 *sw_type_len = read_iov_out.sw_type_len;
169 *version_len = read_iov_out.version_len;
170 memcpy(sw_type, read_iov_out.sw_type, read_iov_out.sw_type_len);
171 memcpy(version, read_iov_out.version, read_iov_out.version_len);
172 *signer_id_len = out_vec[1].len;
173 *measurement_value_len = out_vec[2].len;
174 }
175
176 return status;
177 }
178