diff options
| -rw-r--r-- | Makefile | 6 | ||||
| -rw-r--r-- | docs/porting-guide.md | 11 | ||||
| -rw-r--r-- | include/plat/common/platform.h | 5 | ||||
| -rw-r--r-- | plat/fvp/fvp_trusted_boot.c | 45 | ||||
| -rw-r--r-- | plat/fvp/platform.mk | 5 | ||||
| -rw-r--r-- | plat/juno/juno_trusted_boot.c | 45 | ||||
| -rw-r--r-- | plat/juno/platform.mk | 5 |
7 files changed, 122 insertions, 0 deletions
@@ -70,6 +70,8 @@ FIP_NAME := fip.bin # Flags to generate the Chain of Trust GENERATE_COT := 0 CREATE_KEYS := 1 +# Flags to build TF with Trusted Boot support +TRUSTED_BOARD_BOOT := 0 # Checkpatch ignores CHECK_IGNORE = --ignore COMPLEX_MACRO @@ -243,6 +245,10 @@ $(eval $(call add_define,USE_COHERENT_MEM)) $(eval $(call assert_boolean,GENERATE_COT)) $(eval $(call assert_boolean,CREATE_KEYS)) +# Process TRUSTED_BOARD_BOOT flag +$(eval $(call assert_boolean,TRUSTED_BOARD_BOOT)) +$(eval $(call add_define,TRUSTED_BOARD_BOOT)) + ASFLAGS += -nostdinc -ffreestanding -Wa,--fatal-warnings \ -Werror -Wmissing-include-dirs \ -mgeneral-regs-only -D__ASSEMBLY__ \ diff --git a/docs/porting-guide.md b/docs/porting-guide.md index 747cb005..a30535d7 100644 --- a/docs/porting-guide.md +++ b/docs/porting-guide.md @@ -392,6 +392,17 @@ The ARM FVP port uses this function to initialize the mailbox memory used for providing the warm-boot entry-point addresses. +### Function: plat_match_rotpk() + + Argument : const unsigned char *, unsigned int + Return : int + +This function is mandatory when Trusted Board Boot is enabled. It receives a +pointer to a buffer containing a signing key and its size as parameters and +returns 0 (success) if that key matches the ROT (Root Of Trust) key stored in +the platform. Any other return value means a mismatch. + + 2.3 Common optional modifications --------------------------------- diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h index 69bb749a..18b7eae2 100644 --- a/include/plat/common/platform.h +++ b/include/plat/common/platform.h @@ -191,4 +191,9 @@ void bl31_plat_enable_mmu(uint32_t flags); ******************************************************************************/ void bl32_plat_enable_mmu(uint32_t flags); +/******************************************************************************* + * Trusted Boot functions + ******************************************************************************/ +int plat_match_rotpk(const unsigned char *, unsigned int); + #endif /* __PLATFORM_H__ */ diff --git a/plat/fvp/fvp_trusted_boot.c b/plat/fvp/fvp_trusted_boot.c new file mode 100644 index 00000000..e7dcc019 --- /dev/null +++ b/plat/fvp/fvp_trusted_boot.c @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of ARM nor the names of its contributors may be used + * to endorse or promote products derived from this software without specific + * prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include <assert.h> +#include <debug.h> +#include "fvp_def.h" +#include "fvp_private.h" + +/* + * Check the validity of the key + * + * 0 = success, Otherwise = error + */ +int plat_match_rotpk(const unsigned char *key_buf, unsigned int key_len) +{ + /* TODO: check against the ROT key stored in the platform */ + return 0; +} diff --git a/plat/fvp/platform.mk b/plat/fvp/platform.mk index 892e43ca..bcee3286 100644 --- a/plat/fvp/platform.mk +++ b/plat/fvp/platform.mk @@ -89,3 +89,8 @@ BL31_SOURCES += drivers/arm/cci400/cci400.c \ plat/fvp/aarch64/fvp_helpers.S \ plat/fvp/aarch64/fvp_common.c \ plat/fvp/drivers/pwrc/fvp_pwrc.c + +ifneq (${TRUSTED_BOARD_BOOT},0) + BL1_SOURCES += plat/fvp/fvp_trusted_boot.c + BL2_SOURCES += plat/fvp/fvp_trusted_boot.c +endif diff --git a/plat/juno/juno_trusted_boot.c b/plat/juno/juno_trusted_boot.c new file mode 100644 index 00000000..e63d4b24 --- /dev/null +++ b/plat/juno/juno_trusted_boot.c @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of ARM nor the names of its contributors may be used + * to endorse or promote products derived from this software without specific + * prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include <assert.h> +#include <debug.h> +#include "juno_def.h" +#include "juno_private.h" + +/* + * Check the validity of the key + * + * 0 = success, Otherwise = error + */ +int plat_match_rotpk(const unsigned char *key_buf, unsigned int key_len) +{ + /* TODO: check against the ROT key stored in the platform */ + return 0; +} diff --git a/plat/juno/platform.mk b/plat/juno/platform.mk index 158e3ace..8beaecf0 100644 --- a/plat/juno/platform.mk +++ b/plat/juno/platform.mk @@ -90,6 +90,11 @@ BL31_SOURCES += drivers/arm/cci400/cci400.c \ plat/juno/plat_topology.c \ plat/juno/scpi.c +ifneq (${TRUSTED_BOARD_BOOT},0) + BL1_SOURCES += plat/juno/juno_trusted_boot.c + BL2_SOURCES += plat/juno/juno_trusted_boot.c +endif + ifneq (${RESET_TO_BL31},0) $(error "Using BL3-1 as the reset vector is not supported on Juno. \ Please set RESET_TO_BL31 to 0.") |