FVP: Add BL2 hash calculation in BL1
This patch provides support for measured boot by adding calculation
of BL2 image hash in BL1 and writing these data in TB_FW_CONFIG DTB.
Change-Id: Ic074a7ed19b14956719c271c805b35d147b7cec1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
diff --git a/plat/arm/common/arm_dyn_cfg_helpers.c b/plat/arm/common/arm_dyn_cfg_helpers.c
index 909c4a6..f110e3b 100644
--- a/plat/arm/common/arm_dyn_cfg_helpers.c
+++ b/plat/arm/common/arm_dyn_cfg_helpers.c
@@ -15,6 +15,12 @@
#define DTB_PROP_MBEDTLS_HEAP_ADDR "mbedtls_heap_addr"
#define DTB_PROP_MBEDTLS_HEAP_SIZE "mbedtls_heap_size"
+#if MEASURED_BOOT
+#define DTB_PROP_BL2_HASH_DATA "bl2_hash_data"
+
+static int dtb_root = -1;
+#endif /* MEASURED_BOOT */
+
/*******************************************************************************
* Validate the tb_fw_config is a valid DTB file and returns the node offset
* to "arm,tb_fw" property.
@@ -57,17 +63,18 @@
*
* Returns:
* 0 = success
- * 1 = error
+ * -1 = error
*/
int arm_set_dtb_mbedtls_heap_info(void *dtb, void *heap_addr, size_t heap_size)
{
- int err, dtb_root;
-
+#if !MEASURED_BOOT
+ int dtb_root;
+#endif
/*
* Verify that the DTB is valid, before attempting to write to it,
* and get the DTB root node.
*/
- err = arm_dyn_tb_fw_cfg_init(dtb, &dtb_root);
+ int err = arm_dyn_tb_fw_cfg_init(dtb, &dtb_root);
if (err < 0) {
ERROR("Invalid TB_FW_CONFIG loaded. Unable to get root node\n");
return -1;
@@ -98,3 +105,26 @@
return 0;
}
+
+#if MEASURED_BOOT
+/*
+ * This function writes the BL2 hash data in HW_FW_CONFIG DTB.
+ * When it is called, it is guaranteed that a DTB is available.
+ *
+ * This function is supposed to be called only by BL1.
+ *
+ * Returns:
+ * 0 = success
+ * < 0 = error
+ */
+int arm_set_bl2_hash_info(void *dtb, void *data)
+{
+ assert(dtb_root >= 0);
+
+ /*
+ * Write the BL2 hash data in the DTB.
+ */
+ return fdtw_write_inplace_bytes(dtb, dtb_root, DTB_PROP_BL2_HASH_DATA,
+ TCG_DIGEST_SIZE, data);
+}
+#endif /* MEASURED_BOOT */