Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 975a06f9a4c471adefa88ac82a1559b6463dba1d / . / meta-arm / meta-arm-bsp / recipes-security / trusted-services / corstone1000 / 0010-Add-psa-ipc-attestation-to-se-proxy.patch
blob: d47b0decf5e6b9385ea948a1101b21f09fc7d277 [file] [log] [blame]
Patrick Williams975a06f2022-10-21 14:42:47 -0500[diff] [blame^]1From afdeb8e098a1f2822adf2ea83ded8dd9e2d021ba Mon Sep 17 00:00:00 2001
2From: Rui Miguel Silva <rui.silva@linaro.org>
3Date: Tue, 7 Dec 2021 11:50:00 +0000
4Subject: [PATCH 10/19] Add psa ipc attestation to se proxy
5
6Implement attestation client API as psa ipc and include it to
7se proxy deployment.
8
9Upstream-Status: Pending
10Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
11Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
12---
13 .../client/psa_ipc/component.cmake | 13 +++
14 .../client/psa_ipc/iat_ipc_client.c | 86 +++++++++++++++++++
15 .../reporter/psa_ipc/component.cmake | 13 +++
16 .../reporter/psa_ipc/psa_ipc_attest_report.c | 45 ++++++++++
17 components/service/common/include/psa/sid.h | 4 +
18 .../se-proxy/common/service_proxy_factory.c | 6 ++
19 deployments/se-proxy/se-proxy.cmake | 3 +-
20 7 files changed, 169 insertions(+), 1 deletion(-)
21 create mode 100644 components/service/attestation/client/psa_ipc/component.cmake
22 create mode 100644 components/service/attestation/client/psa_ipc/iat_ipc_client.c
23 create mode 100644 components/service/attestation/reporter/psa_ipc/component.cmake
24 create mode 100644 components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c
25
26diff --git a/components/service/attestation/client/psa_ipc/component.cmake b/components/service/attestation/client/psa_ipc/component.cmake
27new file mode 100644
28index 000000000000..a5bc6b4a387e
29--- /dev/null
30+++ b/components/service/attestation/client/psa_ipc/component.cmake
31@@ -0,0 +1,13 @@
32+#-------------------------------------------------------------------------------
33+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
34+#
35+# SPDX-License-Identifier: BSD-3-Clause
36+#
37+#-------------------------------------------------------------------------------
38+if (NOT DEFINED TGT)
39+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
40+endif()
41+
42+target_sources(${TGT} PRIVATE
43+ "${CMAKE_CURRENT_LIST_DIR}/iat_ipc_client.c"
44+ )
45diff --git a/components/service/attestation/client/psa_ipc/iat_ipc_client.c b/components/service/attestation/client/psa_ipc/iat_ipc_client.c
46new file mode 100644
47index 000000000000..30bd0a13a385
48--- /dev/null
49+++ b/components/service/attestation/client/psa_ipc/iat_ipc_client.c
50@@ -0,0 +1,86 @@
51+/*
52+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
53+ *
54+ * SPDX-License-Identifier: BSD-3-Clause
55+ */
56+
57+#include <stddef.h>
58+#include <string.h>
59+
60+#include "../psa/iat_client.h"
61+#include <protocols/rpc/common/packed-c/status.h>
62+#include <psa/initial_attestation.h>
63+#include <psa/client.h>
64+#include <psa/sid.h>
65+#include <service/common/client/service_client.h>
66+
67+/**
68+ * @brief The singleton psa_iat_client instance
69+ *
70+ * The psa attestation C API assumes a single backend service provider.
71+ */
72+static struct service_client instance;
73+
74+
75+psa_status_t psa_iat_client_init(struct rpc_caller *caller)
76+{
77+ return service_client_init(&instance, caller);
78+}
79+
80+void psa_iat_client_deinit(void)
81+{
82+ service_client_deinit(&instance);
83+}
84+
85+int psa_iat_client_rpc_status(void)
86+{
87+ return instance.rpc_status;
88+}
89+
90+psa_status_t psa_initial_attest_get_token(const uint8_t *auth_challenge,
91+ size_t challenge_size,
92+ uint8_t *token_buf,
93+ size_t token_buf_size,
94+ size_t *token_size)
95+{
96+ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
97+ struct rpc_caller *caller = instance.caller;
98+ struct psa_invec in_vec[] = {
99+ { .base = psa_ptr_const_to_u32(auth_challenge), .len = challenge_size},
100+ };
101+ struct psa_outvec out_vec[] = {
102+ { .base = psa_ptr_to_u32(token_buf), .len = token_buf_size},
103+ };
104+
105+ if (!token_buf || !token_buf_size)
106+ return PSA_ERROR_INVALID_ARGUMENT;
107+
108+ status = psa_call(caller, TFM_ATTESTATION_SERVICE_HANDLE,
109+ TFM_ATTEST_GET_TOKEN, in_vec, IOVEC_LEN(in_vec),
110+ out_vec, IOVEC_LEN(out_vec));
111+ if (status == PSA_SUCCESS) {
112+ *token_size = out_vec[0].len;
113+ }
114+
115+ return status;
116+}
117+
118+psa_status_t psa_initial_attest_get_token_size(size_t challenge_size,
119+ size_t *token_size)
120+{
121+ struct rpc_caller *caller = instance.caller;
122+ psa_status_t status;
123+ struct psa_invec in_vec[] = {
124+ { .base = psa_ptr_to_u32(&challenge_size), .len = sizeof(uint32_t)}
125+ };
126+ struct psa_outvec out_vec[] = {
127+ { .base = psa_ptr_to_u32(token_size), .len = sizeof(uint32_t)}
128+ };
129+
130+ status = psa_call(caller, TFM_ATTESTATION_SERVICE_HANDLE,
131+ TFM_ATTEST_GET_TOKEN_SIZE,
132+ in_vec, IOVEC_LEN(in_vec),
133+ out_vec, IOVEC_LEN(out_vec));
134+
135+ return status;
136+}
137diff --git a/components/service/attestation/reporter/psa_ipc/component.cmake b/components/service/attestation/reporter/psa_ipc/component.cmake
138new file mode 100644
139index 000000000000..b37830c618fe
140--- /dev/null
141+++ b/components/service/attestation/reporter/psa_ipc/component.cmake
142@@ -0,0 +1,13 @@
143+#-------------------------------------------------------------------------------
144+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
145+#
146+# SPDX-License-Identifier: BSD-3-Clause
147+#
148+#-------------------------------------------------------------------------------
149+if (NOT DEFINED TGT)
150+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
151+endif()
152+
153+target_sources(${TGT} PRIVATE
154+ "${CMAKE_CURRENT_LIST_DIR}/psa_ipc_attest_report.c"
155+ )
156diff --git a/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c b/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c
157new file mode 100644
158index 000000000000..15805e8ed4b1
159--- /dev/null
160+++ b/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c
161@@ -0,0 +1,45 @@
162+/*
163+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
164+ *
165+ * SPDX-License-Identifier: BSD-3-Clause
166+ */
167+
168+/**
169+ * A attestation reporter for psa ipc
170+ */
171+
172+#include <stddef.h>
173+#include <psa/error.h>
174+#include <service/attestation/reporter/attest_report.h>
175+#include <psa/initial_attestation.h>
176+
177+#define TOKEN_BUF_SIZE 1024
178+
179+static uint8_t token_buf[TOKEN_BUF_SIZE];
180+
181+int attest_report_create(int32_t client_id, const uint8_t *auth_challenge_data,
182+ size_t auth_challenge_len, const uint8_t **report,
183+ size_t *report_len)
184+{
185+ *report = token_buf;
186+ psa_status_t ret;
187+ size_t token_size = 0;
188+
189+ ret = psa_initial_attest_get_token(auth_challenge_data,
190+ auth_challenge_len, token_buf,
191+ TOKEN_BUF_SIZE, &token_size);
192+ if (ret != PSA_SUCCESS) {
193+ *report = NULL;
194+ *report_len = 0;
195+ return ret;
196+ }
197+
198+ *report_len = token_size;
199+
200+ return PSA_SUCCESS;
201+}
202+
203+void attest_report_destroy(const uint8_t *report)
204+{
205+ (void)report;
206+}
207diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
208index aaa973c6e987..833f5039425f 100644
209--- a/components/service/common/include/psa/sid.h
210+++ b/components/service/common/include/psa/sid.h
211@@ -50,6 +50,10 @@ extern "C" {
212 #define TFM_ATTESTATION_SERVICE_VERSION (1U)
213 #define TFM_ATTESTATION_SERVICE_HANDLE (0x40000103U)
214
215+/* Initial Attestation message types that distinguish Attest services. */
216+#define TFM_ATTEST_GET_TOKEN 1001
217+#define TFM_ATTEST_GET_TOKEN_SIZE 1002
218+
219 /******** TFM_SP_FWU ********/
220 #define TFM_FWU_WRITE_SID (0x000000A0U)
221 #define TFM_FWU_WRITE_VERSION (1U)
222diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
223index 57290056d614..4b8cceccbe4d 100644
224--- a/deployments/se-proxy/common/service_proxy_factory.c
225+++ b/deployments/se-proxy/common/service_proxy_factory.c
226@@ -23,12 +23,18 @@ struct openamp_caller openamp;
227 struct rpc_interface *attest_proxy_create(void)
228 {
229 struct rpc_interface *attest_iface;
230+ struct rpc_caller *attest_caller;
231
232 /* Static objects for proxy instance */
233 static struct attest_provider attest_provider;
234
235+ attest_caller = openamp_caller_init(&openamp);
236+ if (!attest_caller)
237+ return NULL;
238+
239 /* Initialize the service provider */
240 attest_iface = attest_provider_init(&attest_provider);
241+ psa_iat_client_init(&openamp.rpc_caller);
242
243 attest_provider_register_serializer(&attest_provider,
244 TS_RPC_ENCODING_PACKED_C, packedc_attest_provider_serializer_instance());
245diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
246index cd51460406ca..38d26821d44d 100644
247--- a/deployments/se-proxy/se-proxy.cmake
248+++ b/deployments/se-proxy/se-proxy.cmake
249@@ -49,12 +49,13 @@ add_components(TARGET "se-proxy"
250 "components/service/attestation/include"
251 "components/service/attestation/provider"
252 "components/service/attestation/provider/serializer/packed-c"
253+ "components/service/attestation/reporter/psa_ipc"
254+ "components/service/attestation/client/psa_ipc"
255 "components/rpc/openamp/caller/sp"
256
257 # Stub service provider backends
258 "components/rpc/dummy"
259 "components/rpc/common/caller"
260- "components/service/attestation/reporter/stub"
261 "components/service/attestation/key_mngr/stub"
262 "components/service/crypto/backend/stub"
263 "components/service/crypto/client/psa"
264--
2652.38.0
266