From patchwork Tue May 20 17:27:39 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Szing X-Patchwork-Id: 63314 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 45920C3DA6D for ; Tue, 20 May 2025 17:28:04 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.26822.1747762081962429538 for ; Tue, 20 May 2025 10:28:02 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: gyorgy.szing@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id D14FA1516; Tue, 20 May 2025 10:27:47 -0700 (PDT) Received: from gyoszi01-yocto.budapest.arm.com (ubul2.budapest.arm.com [10.45.25.25]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id BA1B93F5A1; Tue, 20 May 2025 10:28:00 -0700 (PDT) From: Gyorgy Szing To: meta-arm@lists.yoctoproject.org Cc: Gyorgy Szing Subject: [PATCH 1/9] arm/trusted-services: update to newer version Date: Tue, 20 May 2025 19:27:39 +0200 Message-ID: <20250520172748.3439803-1-gyorgy.szing@arm.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 May 2025 17:28:04 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6508 Bump the TS SHA to latest integration. Set the version of TS dependencies as required. Signed-off-by: Gyorgy Szing --- .../0001-Relax-pyelftools-dependency.patch | 31 +++ ...MbedTLS-3.6-and-GCC-14-compatibility.patch | 57 +++++ ...Remove-TEE-driver-external-component.patch | 223 ------------------ .../trusted-services/libts_git.bb | 2 - .../trusted-services/trusted-services-src.inc | 21 +- 5 files changed, 97 insertions(+), 237 deletions(-) create mode 100644 meta-arm/recipes-security/trusted-services/files/0001-Relax-pyelftools-dependency.patch create mode 100644 meta-arm/recipes-security/trusted-services/files/0002-Fix-MbedTLS-3.6-and-GCC-14-compatibility.patch delete mode 100644 meta-arm/recipes-security/trusted-services/libts/0001-Remove-TEE-driver-external-component.patch diff --git a/meta-arm/recipes-security/trusted-services/files/0001-Relax-pyelftools-dependency.patch b/meta-arm/recipes-security/trusted-services/files/0001-Relax-pyelftools-dependency.patch new file mode 100644 index 00000000..5b54e234 --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/files/0001-Relax-pyelftools-dependency.patch @@ -0,0 +1,31 @@ +From f2f867d3d84415f82c1750fa8d1f47842a7b7287 Mon Sep 17 00:00:00 2001 +From: kas User +Date: Tue, 11 Mar 2025 15:19:58 +0000 +Subject: [PATCH 1/1] Relax pyelftools dependency + +tools/python/elf_segments_to_manifest.py was only accpeting pyelftools v0.31. +Relax this requirement to accept v0.31 and newer versions. + +Upstream-Status: Pending +Signed-off-by: Gyorgy Szing + +--- + tools/python/elf_segments_to_manifest.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/python/elf_segments_to_manifest.py b/tools/python/elf_segments_to_manifest.py +index 378c318d4..52c12e0f4 100644 +--- a/tools/python/elf_segments_to_manifest.py ++++ b/tools/python/elf_segments_to_manifest.py +@@ -16,7 +16,7 @@ from elftools import __version__ as module_version + from elftools.elf.elffile import ELFFile + from elftools.elf.constants import P_FLAGS + +-assert module_version == "0.31" ++assert module_version >= "0.31" + + class ElfSegmentsToManifest: + """ +-- +2.43.0 + diff --git a/meta-arm/recipes-security/trusted-services/files/0002-Fix-MbedTLS-3.6-and-GCC-14-compatibility.patch b/meta-arm/recipes-security/trusted-services/files/0002-Fix-MbedTLS-3.6-and-GCC-14-compatibility.patch new file mode 100644 index 00000000..ecd45abd --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/files/0002-Fix-MbedTLS-3.6-and-GCC-14-compatibility.patch @@ -0,0 +1,57 @@ +From 919015a92dc0b98bbef81fb68cd9f90b89abb2dd Mon Sep 17 00:00:00 2001 +From: Gyorgy Szing +Date: Thu, 17 Oct 2024 09:46:58 +0000 +Subject: [PATCH 1/1] Fix MbedTLS 3.6 and GCC 14 compatibility + +For details please see the patch file. + +Upstream-Status: Pending + +Signed-off-by: Gyorgy Szing +--- + ...or-triggered-build-issue-with-gcc-14.patch | 33 +++++++++++++++++++ + 1 file changed, 33 insertions(+) + create mode 100644 external/MbedTLS/0002-Fix-Werror-triggered-build-issue-with-gcc-14.patch + +diff --git a/external/MbedTLS/0002-Fix-Werror-triggered-build-issue-with-gcc-14.patch b/external/MbedTLS/0002-Fix-Werror-triggered-build-issue-with-gcc-14.patch +new file mode 100644 +index 000000000..6e195f927 +--- /dev/null ++++ b/external/MbedTLS/0002-Fix-Werror-triggered-build-issue-with-gcc-14.patch +@@ -0,0 +1,33 @@ ++From 390c4bd9822b44b1f4c366e62634d328e8baf9a1 Mon Sep 17 00:00:00 2001 ++From: Gyorgy Szing ++Date: Thu, 17 Oct 2024 08:54:22 +0000 ++Subject: [PATCH 1/1] Fix -Werror triggered build issue with gcc 14 ++ ++GCC 14 emits new warnings when compiling MbedTLS v3.6. This is ++a known issue (see [1]) and I am taking the proposed fix. ++ ++https://github.com/Mbed-TLS/mbedtls/issues/9003#issuecomment-2108239255 ++ ++Upstream-Status: Pending ++ ++Signed-off-by: Gyorgy Szing ++--- ++ library/common.h | 2 +- ++ 1 file changed, 1 insertion(+), 1 deletion(-) ++ ++diff --git a/library/common.h b/library/common.h ++index 3936ffdfe1..d8c4073198 100644 ++--- a/library/common.h +++++ b/library/common.h ++@@ -199,7 +199,7 @@ static inline void mbedtls_xor(unsigned char *r, ++ uint8x16_t x = veorq_u8(v1, v2); ++ vst1q_u8(r + i, x); ++ } ++-#if defined(__IAR_SYSTEMS_ICC__) +++#if defined(__IAR_SYSTEMS_ICC__) || defined(MBEDTLS_COMPILER_IS_GCC) ++ /* This if statement helps some compilers (e.g., IAR) optimise out the byte-by-byte tail case ++ * where n is a constant multiple of 16. ++ * For other compilers (e.g. recent gcc and clang) it makes no difference if n is a compile-time ++-- ++2.43.0 ++ +-- +2.43.0 + diff --git a/meta-arm/recipes-security/trusted-services/libts/0001-Remove-TEE-driver-external-component.patch b/meta-arm/recipes-security/trusted-services/libts/0001-Remove-TEE-driver-external-component.patch deleted file mode 100644 index 79a20229..00000000 --- a/meta-arm/recipes-security/trusted-services/libts/0001-Remove-TEE-driver-external-component.patch +++ /dev/null @@ -1,223 +0,0 @@ -From cc9589c03cb0fcd9c3248b95f05cce1afaa37d0f Mon Sep 17 00:00:00 2001 -From: Balint Dobszay -Date: Thu, 19 Oct 2023 16:35:05 +0200 -Subject: [PATCH] Remove TEE driver external component - -The TSTEE driver has been merged to Linux kernel v6.10, which makes the -out-of-tree version deprecated. Remove the external component that was -downloading it. Also, the in-tree version doesn't have a module version -field defined, so the sanity check for reading the out-of-tree module's -version is removed too. - -Signed-off-by: Balint Dobszay -Change-Id: I57ee44293c5e940ee7fa944d1420ebcba624fc56 -Upstream-Status: Backport ---- - .../rpc/ts_rpc/caller/linux/component.cmake | 6 -- - .../ts_rpc/caller/linux/ts_rpc_caller_linux.c | 56 +++---------------- - .../spm/optee/userspace-programs-on-fvp.rst | 3 +- - docs/quickstart/optee-testing.rst | 1 - - .../LinuxFfaTeeDriver/LinuxFfaTeeDriver.cmake | 54 ------------------ - 5 files changed, 9 insertions(+), 111 deletions(-) - delete mode 100644 external/LinuxFfaTeeDriver/LinuxFfaTeeDriver.cmake - -diff --git a/components/rpc/ts_rpc/caller/linux/component.cmake b/components/rpc/ts_rpc/caller/linux/component.cmake -index c9f439e20da4..f8e4a52fb70c 100644 ---- a/components/rpc/ts_rpc/caller/linux/component.cmake -+++ b/components/rpc/ts_rpc/caller/linux/component.cmake -@@ -8,8 +8,6 @@ if (NOT DEFINED TGT) - message(FATAL_ERROR "mandatory parameter TGT is not defined.") - endif() - --include(${TS_ROOT}/external/LinuxFfaTeeDriver/LinuxFfaTeeDriver.cmake) -- - set_property(TARGET ${TGT} APPEND PROPERTY PUBLIC_HEADER - "${CMAKE_CURRENT_LIST_DIR}/ts_rpc_caller_linux.h" - ) -@@ -17,7 +15,3 @@ set_property(TARGET ${TGT} APPEND PROPERTY PUBLIC_HEADER - target_sources(${TGT} PRIVATE - "${CMAKE_CURRENT_LIST_DIR}/ts_rpc_caller_linux.c" - ) -- --target_include_directories(${TGT} PRIVATE -- "${LINUX_FFA_TEE_DRIVER_INCLUDE_DIR}" -- ) -diff --git a/components/rpc/ts_rpc/caller/linux/ts_rpc_caller_linux.c b/components/rpc/ts_rpc/caller/linux/ts_rpc_caller_linux.c -index 7c4606e56f09..3402a9f6ae2b 100644 ---- a/components/rpc/ts_rpc/caller/linux/ts_rpc_caller_linux.c -+++ b/components/rpc/ts_rpc/caller/linux/ts_rpc_caller_linux.c -@@ -6,7 +6,6 @@ - - #include "ts_rpc_caller_linux.h" - --#include - #include - #include - #include -@@ -24,11 +23,16 @@ - - #define INVALID_SESS_ID 0 - #define MAX_TEE_DEV_NUM 16 --#define TS_TEE_DRV_REQ_VER_MAJOR 2 --#define TS_TEE_DRV_REQ_VER_MINOR 0 --#define TS_TEE_DRV_REQ_VER_PATCH 0 - #define TS_TEE_DRV_INVALID_SHM_ID (0) - -+/* -+ * This define is part of linux/tee.h starting from Linux v6.10 -+ * Let's keep a copy here in case the kernel headers come from an older version -+ */ -+#ifndef TEE_IMPL_ID_TSTEE -+#define TEE_IMPL_ID_TSTEE 3 -+#endif -+ - struct ts_tee_dev { - uint16_t endpoint_id; - char path[16]; -@@ -236,47 +240,6 @@ static rpc_status_t call(void *context, uint16_t opcode, - return RPC_SUCCESS; - } - --static bool ts_tee_drv_check_version(void) --{ -- unsigned int major = 0; -- unsigned int minor = 0; -- unsigned int patch = 0; -- FILE *f = NULL; -- int cnt = 0; -- -- f = fopen("/sys/module/arm_tstee/version", "r"); -- if (f) { -- cnt = fscanf(f, "%u.%u.%u", &major, &minor, &patch); -- fclose(f); -- -- if (cnt != 3) { -- printf("error: cannot read TS TEE driver version\n"); -- return false; -- } -- } else { -- printf("error: TS TEE driver not available\n"); -- return false; -- } -- -- if (major != TS_TEE_DRV_REQ_VER_MAJOR) -- goto err; -- -- if (minor < TS_TEE_DRV_REQ_VER_MINOR) -- goto err; -- -- if (minor == TS_TEE_DRV_REQ_VER_MINOR) -- if (patch < TS_TEE_DRV_REQ_VER_PATCH) -- goto err; -- -- return true; -- --err: -- printf("error: TS TEE driver is v%u.%u.%u but required v%u.%u.%u\n", major, minor, patch, -- TS_TEE_DRV_REQ_VER_MAJOR, TS_TEE_DRV_REQ_VER_MINOR, TS_TEE_DRV_REQ_VER_PATCH); -- -- return false; --} -- - static void ts_tee_drv_discover(struct ts_tee_dev *ts_tee_devs, size_t count) - { - struct tee_ioctl_version_data vers = { 0 }; -@@ -314,9 +277,6 @@ rpc_status_t ts_rpc_caller_linux_init(struct rpc_caller_interface *rpc_caller) - if (!rpc_caller || rpc_caller->context) - return RPC_ERROR_INVALID_VALUE; - -- if (!ts_tee_drv_check_version()) -- return RPC_ERROR_INTERNAL; -- - context = (struct ts_rpc_caller_linux_context *)calloc( - 1, sizeof(struct ts_rpc_caller_linux_context)); - if (!context) -diff --git a/docs/environments/secure-partitions/spm/optee/userspace-programs-on-fvp.rst b/docs/environments/secure-partitions/spm/optee/userspace-programs-on-fvp.rst -index f81e1dff3264..aeb26fb3462a 100644 ---- a/docs/environments/secure-partitions/spm/optee/userspace-programs-on-fvp.rst -+++ b/docs/environments/secure-partitions/spm/optee/userspace-programs-on-fvp.rst -@@ -59,8 +59,7 @@ Once it boots to the login prompt, log in as root and from the FVP terminal, ent - # Install the shared library and executables - cp -vat /usr out/ts-install/arm-linux/lib out/ts-install/arm-linux/bin - -- # Load the kernel modules -- out/linux-arm-ffa-tee/load_module.sh -+ # Load the kernel module - out/linux-arm-ffa-user/load_module.sh - - # Run the test application -diff --git a/docs/quickstart/optee-testing.rst b/docs/quickstart/optee-testing.rst -index 7eccf7ab9031..9ff2421d5565 100644 ---- a/docs/quickstart/optee-testing.rst -+++ b/docs/quickstart/optee-testing.rst -@@ -47,7 +47,6 @@ Once it boots to the login prompt, log in as root and from the FVP terminal, ent - - cd /mnt/host - cp -vat /usr out/ts-install/arm-linux/lib out/ts-install/arm-linux/bin -- out/linux-arm-ffa-tee/load_module.sh - out/linux-arm-ffa-user/load_module.sh - ts-service-test -v - -diff --git a/external/LinuxFfaTeeDriver/LinuxFfaTeeDriver.cmake b/external/LinuxFfaTeeDriver/LinuxFfaTeeDriver.cmake -deleted file mode 100644 -index da0a5b3def7e..000000000000 ---- a/external/LinuxFfaTeeDriver/LinuxFfaTeeDriver.cmake -+++ /dev/null -@@ -1,54 +0,0 @@ --#------------------------------------------------------------------------------- --# Copyright (c) 2020-2023, Arm Limited and Contributors. All rights reserved. --# --# SPDX-License-Identifier: BSD-3-Clause --# --#------------------------------------------------------------------------------- -- --# If the driver is already installed, try to find that --find_path(LINUX_FFA_TEE_DRIVER_INCLUDE_DIR -- NAMES arm_tstee.h -- DOC "Linux FF-A TEE driver include directory" --) -- --# If not found, download it --if(NOT LINUX_FFA_TEE_DRIVER_INCLUDE_DIR) -- set(LINUX_FFA_TEE_DRIVER_URL "https://git.gitlab.arm.com/linux-arm/linux-trusted-services.git" -- CACHE STRING "Linux FF-A TEE driver repository URL") -- -- # Note: the aim of this external component is to make the header file defining the IOCTL API -- # available. Fetching a moving reference is ok as long as API compatibility is guaranteed. -- set(LINUX_FFA_TEE_DRIVER_REFSPEC "origin/tee-v2" -- CACHE STRING "Linux FF-A TEE driver git refspec") -- -- set(LINUX_FFA_TEE_DRIVER_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/linux_ffa_tee_driver-src" -- CACHE PATH "Location of Linux TEE driver source.") -- -- if (DEFINED ENV{LINUX_FFA_TEE_DRIVER_SOURCE_DIR}) -- set(LINUX_FFA_TEE_DRIVER_SOURCE_DIR $ENV{LINUX_FFA_TEE_DRIVER_SOURCE_DIR} -- CACHE PATH "Location of Linux TEE driver source." FORCE) -- endif() -- -- set(GIT_OPTIONS -- GIT_REPOSITORY ${LINUX_FFA_TEE_DRIVER_URL} -- GIT_TAG ${LINUX_FFA_TEE_DRIVER_REFSPEC} -- GIT_SHALLOW TRUE -- ) -- include(${TS_ROOT}/tools/cmake/common/LazyFetch.cmake REQUIRED) -- LazyFetch_MakeAvailable( -- DEP_NAME linux_ffa_tee_driver -- FETCH_OPTIONS "${GIT_OPTIONS}" -- SOURCE_DIR ${LINUX_FFA_TEE_DRIVER_SOURCE_DIR} -- ) -- -- find_path(LINUX_FFA_TEE_DRIVER_INCLUDE_DIR -- NAMES arm_tstee.h -- PATHS ${LINUX_FFA_TEE_DRIVER_SOURCE_DIR}/uapi -- NO_DEFAULT_PATH -- REQUIRED -- DOC "Linux FF-A TEE driver include directory" -- ) --endif() -- --set_property(DIRECTORY APPEND PROPERTY CMAKE_CONFIGURE_DEPENDS -- "${LINUX_FFA_TEE_DRIVER_INCLUDE_DIR}/arm_tstee.h") --- -2.39.2 - diff --git a/meta-arm/recipes-security/trusted-services/libts_git.bb b/meta-arm/recipes-security/trusted-services/libts_git.bb index 0c874e66..6bc19b66 100644 --- a/meta-arm/recipes-security/trusted-services/libts_git.bb +++ b/meta-arm/recipes-security/trusted-services/libts_git.bb @@ -5,8 +5,6 @@ TS_ENV = "arm-linux" require trusted-services.inc -SRC_URI += "file://0001-Remove-TEE-driver-external-component.patch \ - " # If optee-client is not included, take care of udev and related configuration. require ${@bb.utils.contains('IMAGE_INSTALL', 'optee-client', '', 'libts-udev.inc', d)} diff --git a/meta-arm/recipes-security/trusted-services/trusted-services-src.inc b/meta-arm/recipes-security/trusted-services/trusted-services-src.inc index b3e01315..c321c1c1 100644 --- a/meta-arm/recipes-security/trusted-services/trusted-services-src.inc +++ b/meta-arm/recipes-security/trusted-services/trusted-services-src.inc @@ -9,10 +9,12 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/files:" SRC_URI:append = "\ file://0001-Allow-configuring-flash-image-files-compile-time.patch \ + file://0002-Fix-MbedTLS-3.6-and-GCC-14-compatibility.patch \ + file://0001-Relax-pyelftools-dependency.patch \ " -# Trusted Services; aka. 2024 April 19 -SRCREV_trusted-services = "602be607198ea784bc5ab1c0c9d3ac4e2c67f1d9" +# Trusted Services; aka. v1.1.0 +SRCREV_trusted-services = "83bd53b6689ebb071bc13fcd4e01618bab2e74ca" LIC_FILES_CHKSUM = "file://${S}/license.rst;md5=ea160bac7f690a069c608516b17997f4" S = "${WORKDIR}/git/trusted-services" @@ -24,14 +26,14 @@ SRC_URI += "git://github.com/dgibson/dtc;name=dtc;protocol=https;branch=main;des SRCREV_dtc = "b6910bec11614980a21e46fbccc35934b671bd81" LIC_FILES_CHKSUM += "file://../dtc/README.license;md5=a1eb22e37f09df5b5511b8a278992d0e" -# MbedTLS, tag "v3.5.1" -SRC_URI += "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;branch=main;destsuffix=git/mbedtls" -SRCREV_mbedtls = "15254759342494c7e969766d5424d78d7deb9bfa" +# MbedTLS, tag "v3.6.0" +SRC_URI += "gitsm://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;branch=master;destsuffix=git/mbedtls" +SRCREV_mbedtls = "2ca6c285a0dd3f33982dd57299012dacab1ff206" LIC_FILES_CHKSUM += "file://../mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d341e026d" -# Nanopb, tag "nanopb-0.4.7" plus some further fixes +# Nanopb, tag "nanopb-0.4.8" plus some further fixes SRC_URI += "git://github.com/nanopb/nanopb.git;name=nanopb;protocol=https;branch=master;destsuffix=git/nanopb" -SRCREV_nanopb = "dbbf5d8992295aae669b8071eadad02f87d5faf0" +SRCREV_nanopb = "6cfe48d6f1593f8fa5c0f90437f5e6522587745e" LIC_FILES_CHKSUM += "file://../nanopb/LICENSE.txt;md5=9db4b73a55a3994384112efcdb37c01f" # qcbor, tag "v1.0.0" @@ -63,11 +65,6 @@ do_apply_local_src_patches() { apply_local_src_patches ${S}/external/nanopb ${WORKDIR}/git/nanopb } -do_config:append:() { - # Fine tune MbedTLS configuration for crypto only operation. - sh -c "cd ${WORKDIR}/git/mbedtls; python3 scripts/config.py crypto" -} - # Paths to dependencies required by some TS SPs/tools EXTRA_OECMAKE += "-DDTC_SOURCE_DIR=${WORKDIR}/git/dtc \ -DCPPUTEST_SOURCE_DIR=${WORKDIR}/git/cpputest \ From patchwork Tue May 20 17:27:40 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Szing X-Patchwork-Id: 63316 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E8D82C54756 for ; Tue, 20 May 2025 17:28:13 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.26828.1747762087951519973 for ; Tue, 20 May 2025 10:28:08 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: gyorgy.szing@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 0AA311516; Tue, 20 May 2025 10:27:54 -0700 (PDT) Received: from gyoszi01-yocto.budapest.arm.com (ubul2.budapest.arm.com [10.45.25.25]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id E9C263F5A1; Tue, 20 May 2025 10:28:06 -0700 (PDT) From: Gyorgy Szing To: meta-arm@lists.yoctoproject.org Cc: Gyorgy Szing Subject: [PATCH 2/9] arm/trusted-services: drop newlib Date: Tue, 20 May 2025 19:27:40 +0200 Message-ID: <20250520172748.3439803-2-gyorgy.szing@arm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250520172748.3439803-1-gyorgy.szing@arm.com> References: <20250520172748.3439803-1-gyorgy.szing@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 May 2025 17:28:13 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6509 Trusted Services introduced its own libc implementation and has no dependency on newlib anymore. Remove TS specific newlib recipes and patch files. Signed-off-by: Gyorgy Szing --- ...wlib-memcpy-remove-optimized-version.patch | 210 ------------------ .../trusted-services/ts-newlib_%.bbappend | 8 - .../trusted-services/trusted-services.inc | 2 +- .../trusted-services/ts-newlib_4.1.0.bb | 39 ---- .../trusted-services/ts-sp-common.inc | 2 +- 5 files changed, 2 insertions(+), 259 deletions(-) delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-newlib/0001-newlib-memcpy-remove-optimized-version.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/ts-newlib_%.bbappend delete mode 100644 meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-newlib/0001-newlib-memcpy-remove-optimized-version.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-newlib/0001-newlib-memcpy-remove-optimized-version.patch deleted file mode 100644 index 7d8504d9..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-newlib/0001-newlib-memcpy-remove-optimized-version.patch +++ /dev/null @@ -1,210 +0,0 @@ -From 03d97c104f2d68cffd1bfc48cd62727e13a64712 Mon Sep 17 00:00:00 2001 -From: Rui Miguel Silva -Date: Fri, 14 Oct 2022 17:42:52 +0100 -Subject: [PATCH] newlib: memcpy: remove optimized version - -When creating messages packed to send over openamp we may need -to do some copy in unaligned address, because of that we may -not always use the assembler optimized version, which will -trough a data-abort on aligned address exception. - -So, we may just use the version in string.h (the same used in -optee-os) that will take care to check and use different -optimization based on given source or destination address's. - -Upstream-Status: Pending -Signed-off-by: Rui Miguel Silva ---- - newlib/libc/machine/aarch64/memcpy-stub.c | 2 +- - newlib/libc/machine/aarch64/memcpy.S | 166 ---------------------- - 2 files changed, 1 insertion(+), 167 deletions(-) - -diff --git a/newlib/libc/machine/aarch64/memcpy-stub.c b/newlib/libc/machine/aarch64/memcpy-stub.c -index cd6d72a8b8af..5f2b7968c7fc 100644 ---- a/newlib/libc/machine/aarch64/memcpy-stub.c -+++ b/newlib/libc/machine/aarch64/memcpy-stub.c -@@ -27,5 +27,5 @@ - #if (defined (__OPTIMIZE_SIZE__) || defined (PREFER_SIZE_OVER_SPEED)) - # include "../../string/memcpy.c" - #else --/* See memcpy.S */ -+# include "../../string/memcpy.c" - #endif -diff --git a/newlib/libc/machine/aarch64/memcpy.S b/newlib/libc/machine/aarch64/memcpy.S -index 463bad0a1816..2a1460546374 100644 ---- a/newlib/libc/machine/aarch64/memcpy.S -+++ b/newlib/libc/machine/aarch64/memcpy.S -@@ -61,170 +61,4 @@ - #if (defined (__OPTIMIZE_SIZE__) || defined (PREFER_SIZE_OVER_SPEED)) - /* See memcpy-stub.c */ - #else -- --#define dstin x0 --#define src x1 --#define count x2 --#define dst x3 --#define srcend x4 --#define dstend x5 --#define A_l x6 --#define A_lw w6 --#define A_h x7 --#define A_hw w7 --#define B_l x8 --#define B_lw w8 --#define B_h x9 --#define C_l x10 --#define C_h x11 --#define D_l x12 --#define D_h x13 --#define E_l src --#define E_h count --#define F_l srcend --#define F_h dst --#define tmp1 x9 -- --#define L(l) .L ## l -- -- .macro def_fn f p2align=0 -- .text -- .p2align \p2align -- .global \f -- .type \f, %function --\f: -- .endm -- --/* Copies are split into 3 main cases: small copies of up to 16 bytes, -- medium copies of 17..96 bytes which are fully unrolled. Large copies -- of more than 96 bytes align the destination and use an unrolled loop -- processing 64 bytes per iteration. -- Small and medium copies read all data before writing, allowing any -- kind of overlap, and memmove tailcalls memcpy for these cases as -- well as non-overlapping copies. --*/ -- --def_fn memcpy p2align=6 -- prfm PLDL1KEEP, [src] -- add srcend, src, count -- add dstend, dstin, count -- cmp count, 16 -- b.ls L(copy16) -- cmp count, 96 -- b.hi L(copy_long) -- -- /* Medium copies: 17..96 bytes. */ -- sub tmp1, count, 1 -- ldp A_l, A_h, [src] -- tbnz tmp1, 6, L(copy96) -- ldp D_l, D_h, [srcend, -16] -- tbz tmp1, 5, 1f -- ldp B_l, B_h, [src, 16] -- ldp C_l, C_h, [srcend, -32] -- stp B_l, B_h, [dstin, 16] -- stp C_l, C_h, [dstend, -32] --1: -- stp A_l, A_h, [dstin] -- stp D_l, D_h, [dstend, -16] -- ret -- -- .p2align 4 -- /* Small copies: 0..16 bytes. */ --L(copy16): -- cmp count, 8 -- b.lo 1f -- ldr A_l, [src] -- ldr A_h, [srcend, -8] -- str A_l, [dstin] -- str A_h, [dstend, -8] -- ret -- .p2align 4 --1: -- tbz count, 2, 1f -- ldr A_lw, [src] -- ldr A_hw, [srcend, -4] -- str A_lw, [dstin] -- str A_hw, [dstend, -4] -- ret -- -- /* Copy 0..3 bytes. Use a branchless sequence that copies the same -- byte 3 times if count==1, or the 2nd byte twice if count==2. */ --1: -- cbz count, 2f -- lsr tmp1, count, 1 -- ldrb A_lw, [src] -- ldrb A_hw, [srcend, -1] -- ldrb B_lw, [src, tmp1] -- strb A_lw, [dstin] -- strb B_lw, [dstin, tmp1] -- strb A_hw, [dstend, -1] --2: ret -- -- .p2align 4 -- /* Copy 64..96 bytes. Copy 64 bytes from the start and -- 32 bytes from the end. */ --L(copy96): -- ldp B_l, B_h, [src, 16] -- ldp C_l, C_h, [src, 32] -- ldp D_l, D_h, [src, 48] -- ldp E_l, E_h, [srcend, -32] -- ldp F_l, F_h, [srcend, -16] -- stp A_l, A_h, [dstin] -- stp B_l, B_h, [dstin, 16] -- stp C_l, C_h, [dstin, 32] -- stp D_l, D_h, [dstin, 48] -- stp E_l, E_h, [dstend, -32] -- stp F_l, F_h, [dstend, -16] -- ret -- -- /* Align DST to 16 byte alignment so that we don't cross cache line -- boundaries on both loads and stores. There are at least 96 bytes -- to copy, so copy 16 bytes unaligned and then align. The loop -- copies 64 bytes per iteration and prefetches one iteration ahead. */ -- -- .p2align 4 --L(copy_long): -- and tmp1, dstin, 15 -- bic dst, dstin, 15 -- ldp D_l, D_h, [src] -- sub src, src, tmp1 -- add count, count, tmp1 /* Count is now 16 too large. */ -- ldp A_l, A_h, [src, 16] -- stp D_l, D_h, [dstin] -- ldp B_l, B_h, [src, 32] -- ldp C_l, C_h, [src, 48] -- ldp D_l, D_h, [src, 64]! -- subs count, count, 128 + 16 /* Test and readjust count. */ -- b.ls 2f --1: -- stp A_l, A_h, [dst, 16] -- ldp A_l, A_h, [src, 16] -- stp B_l, B_h, [dst, 32] -- ldp B_l, B_h, [src, 32] -- stp C_l, C_h, [dst, 48] -- ldp C_l, C_h, [src, 48] -- stp D_l, D_h, [dst, 64]! -- ldp D_l, D_h, [src, 64]! -- subs count, count, 64 -- b.hi 1b -- -- /* Write the last full set of 64 bytes. The remainder is at most 64 -- bytes, so it is safe to always copy 64 bytes from the end even if -- there is just 1 byte left. */ --2: -- ldp E_l, E_h, [srcend, -64] -- stp A_l, A_h, [dst, 16] -- ldp A_l, A_h, [srcend, -48] -- stp B_l, B_h, [dst, 32] -- ldp B_l, B_h, [srcend, -32] -- stp C_l, C_h, [dst, 48] -- ldp C_l, C_h, [srcend, -16] -- stp D_l, D_h, [dst, 64] -- stp E_l, E_h, [dstend, -64] -- stp A_l, A_h, [dstend, -48] -- stp B_l, B_h, [dstend, -32] -- stp C_l, C_h, [dstend, -16] -- ret -- -- .size memcpy, . - memcpy - #endif --- -2.38.0 - diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-newlib_%.bbappend b/meta-arm-bsp/recipes-security/trusted-services/ts-newlib_%.bbappend deleted file mode 100644 index 708f5986..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/ts-newlib_%.bbappend +++ /dev/null @@ -1,8 +0,0 @@ -FILESEXTRAPATHS:prepend:corstone1000 := "${THISDIR}/corstone1000/${PN}:" - -COMPATIBLE_MACHINE:corstone1000 = "corstone1000" -SRC_URI:append:corstone1000 = " \ - file://0001-newlib-memcpy-remove-optimized-version.patch;patchdir=../newlib \ -" - -COMPATIBLE_MACHINE:fvp-base = "fvp-base" diff --git a/meta-arm/recipes-security/trusted-services/trusted-services.inc b/meta-arm/recipes-security/trusted-services/trusted-services.inc index 17064f74..a35f93c0 100644 --- a/meta-arm/recipes-security/trusted-services/trusted-services.inc +++ b/meta-arm/recipes-security/trusted-services/trusted-services.inc @@ -54,5 +54,5 @@ EXTRA_OECMAKE += "${@get_ts_toolchain_option(d)}" # Paths to pre-built dependencies required by some TS SPs/tools EXTRA_OECMAKE += "-Dlibts_ROOT=${STAGING_DIR_HOST}${TS_INSTALL}/lib/cmake/libts/ \ - -DNEWLIB_INSTALL_DIR=${STAGING_DIR_HOST}/usr/opteesp/newlib \ + " diff --git a/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb b/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb deleted file mode 100644 index 1fda415a..00000000 --- a/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb +++ /dev/null @@ -1,39 +0,0 @@ -SUMMARY = "Newlib static libraries built with Trusted Services opteesp deployment options" - -TS_ENV = "opteesp" - -require trusted-services.inc - -SRC_URI += "git://sourceware.org/git/newlib-cygwin.git;name=newlib;protocol=https;branch=master;destsuffix=git/newlib \ -" - -# tag "newlib-4.1.0" -SRCREV_newlib = "415fdd4279b85eeec9d54775ce13c5c412451e08" -LIC_FILES_CHKSUM += "file://../newlib/COPYING.NEWLIB;md5=b8dda70da54e0efb49b1074f349d7749" - -# Newlib does not compile with clang -TOOLCHAIN = "gcc" - -EXTRA_OECMAKE += '-DNEWLIB_SOURCE_DIR=${WORKDIR}/git/newlib \ - -DNEWLIB_CFLAGS="--sysroot=${STAGING_DIR_HOST}" \ - ' - -OECMAKE_SOURCEPATH = "${S}/deployments/newlib/${TS_ENV}/" - -# Silence compilation errors from GCC 14.1 due to stricter code validation -export NEWLIB_CFLAGS_TARGET = "-Wno-implicit-function-declaration -Wno-int-conversion" - -# TS ships a patch that needs to be applied to newlib -apply_ts_patch() { - set -ex - cd ${WORKDIR}/git/newlib - check_git_config - git stash - git branch -f bf_am - git am ${S}/external/newlib/*.patch - git reset bf_am -} -do_patch[postfuncs] += "apply_ts_patch" - -FILES:${PN}-dev = "${TS_INSTALL}/newlib" -FILES:${PN}-staticdev = "${TS_INSTALL}/newlib/*/lib/*.a" diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-common.inc b/meta-arm/recipes-security/trusted-services/ts-sp-common.inc index 83cac6ea..65065880 100644 --- a/meta-arm/recipes-security/trusted-services/ts-sp-common.inc +++ b/meta-arm/recipes-security/trusted-services/ts-sp-common.inc @@ -5,7 +5,7 @@ TS_ENV ?= "opteesp" require trusted-services.inc require ts-uuid.inc -DEPENDS += "dtc-native ts-newlib" +DEPENDS += "dtc-native" DEPENDS += "${@oe.utils.conditional('TS_ENV','sp','python3-pyelftools-native','', d)}" FILES:${PN}-dev = "${TS_INSTALL}" From patchwork Tue May 20 17:27:41 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Szing X-Patchwork-Id: 63315 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E9EC3C3ABDD for ; Tue, 20 May 2025 17:28:13 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.27021.1747762088805431859 for ; Tue, 20 May 2025 10:28:08 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: gyorgy.szing@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id EDC08152B; Tue, 20 May 2025 10:27:54 -0700 (PDT) Received: from gyoszi01-yocto.budapest.arm.com (ubul2.budapest.arm.com [10.45.25.25]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id D8D123F5A1; Tue, 20 May 2025 10:28:07 -0700 (PDT) From: Gyorgy Szing To: meta-arm@lists.yoctoproject.org Cc: Gyorgy Szing Subject: [PATCH 3/9] arm/trusted-services: add libpsats recipe Date: Tue, 20 May 2025 19:27:41 +0200 Message-ID: <20250520172748.3439803-3-gyorgy.szing@arm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250520172748.3439803-1-gyorgy.szing@arm.com> References: <20250520172748.3439803-1-gyorgy.szing@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 May 2025 17:28:13 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6510 TS upstream introduced a new library which carries PSA clients. This library is to be used by linux user-space applications interfacing to PSA providers running in the SWd. Modify dependee to use the new library. Signed-off-by: Gyorgy Szing --- .../trusted-services/libpsats_%.bbappend | 1 + .../trusted-services/libpsats_git.bb | 29 +++++++++++++++++++ .../trusted-services/trusted-services.inc | 2 +- .../trusted-services/ts-demo_git.bb | 4 +-- .../ts-psa-api-test-common_git.inc | 4 +-- 5 files changed, 35 insertions(+), 5 deletions(-) create mode 100644 meta-arm-bsp/recipes-security/trusted-services/libpsats_%.bbappend create mode 100644 meta-arm/recipes-security/trusted-services/libpsats_git.bb diff --git a/meta-arm-bsp/recipes-security/trusted-services/libpsats_%.bbappend b/meta-arm-bsp/recipes-security/trusted-services/libpsats_%.bbappend new file mode 100644 index 00000000..5c9ef210 --- /dev/null +++ b/meta-arm-bsp/recipes-security/trusted-services/libpsats_%.bbappend @@ -0,0 +1 @@ +require ts-arm-platforms.inc diff --git a/meta-arm/recipes-security/trusted-services/libpsats_git.bb b/meta-arm/recipes-security/trusted-services/libpsats_git.bb new file mode 100644 index 00000000..06799e61 --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/libpsats_git.bb @@ -0,0 +1,29 @@ +DESCRIPTION = "Trusted Services libpsats library for the arm-linux enviroment. \ + Libpsats carries psa client implementations to be used by linux user-space applications." + +TS_ENV = "arm-linux" + +require trusted-services.inc + +OECMAKE_SOURCEPATH="${S}/deployments/libpsats/${TS_ENV}" + +DEPENDS += "libts" + +do_install:append () { + # Move the dynamic libraries into the standard place. + install -d ${D}${libdir} + mv ${D}${TS_INSTALL}/lib/libpsats* ${D}${libdir} + + # Update generated cmake file to use correct paths. + target_cmake=$(find ${D}${TS_INSTALL}/lib/cmake/libpsats -type f -iname "libpsatsTargets-*.cmake") + if [ ! -z "$target_cmake" ]; then + sed -i -e "s#/${TS_ENV}##g" $target_cmake + fi + + # Remove files installed by libts too. + rm ${D}${TS_INSTALL}/include/util.h + rm ${D}${TS_INSTALL}/include/compiler.h +} + +FILES:${PN} = "${libdir}/libpsats*.so.* ${nonarch_base_libdir}/udev/rules.d/" +FILES:${PN}-dev = "${TS_INSTALL}/lib/cmake ${TS_INSTALL}/include ${libdir}/libpsats*.so" diff --git a/meta-arm/recipes-security/trusted-services/trusted-services.inc b/meta-arm/recipes-security/trusted-services/trusted-services.inc index a35f93c0..2ba64af8 100644 --- a/meta-arm/recipes-security/trusted-services/trusted-services.inc +++ b/meta-arm/recipes-security/trusted-services/trusted-services.inc @@ -54,5 +54,5 @@ EXTRA_OECMAKE += "${@get_ts_toolchain_option(d)}" # Paths to pre-built dependencies required by some TS SPs/tools EXTRA_OECMAKE += "-Dlibts_ROOT=${STAGING_DIR_HOST}${TS_INSTALL}/lib/cmake/libts/ \ - + -Dlibpsats_ROOT=${STAGING_DIR_HOST}${TS_INSTALL}/lib/cmake/libpsats/ \ " diff --git a/meta-arm/recipes-security/trusted-services/ts-demo_git.bb b/meta-arm/recipes-security/trusted-services/ts-demo_git.bb index ddd3764e..2f6b9f45 100644 --- a/meta-arm/recipes-security/trusted-services/ts-demo_git.bb +++ b/meta-arm/recipes-security/trusted-services/ts-demo_git.bb @@ -7,8 +7,8 @@ TS_ENV = "arm-linux" require trusted-services.inc DEPENDS += "python3-jsonschema-native python3-jinja2-native" -DEPENDS += "libts" -RDEPENDS:${PN} += "libts" +DEPENDS += "libpsats" +RDEPENDS:${PN} += "libpsats" OECMAKE_SOURCEPATH = "${S}/deployments/ts-demo/${TS_ENV}" diff --git a/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc b/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc index 93051bf3..e2f61feb 100644 --- a/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc +++ b/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc @@ -6,8 +6,8 @@ require trusted-services.inc DEPENDS += "python3-jsonschema-native python3-jinja2-native" -DEPENDS += "libts" -RDEPENDS:${PN} += "libts" +DEPENDS += "libpsats" +RDEPENDS:${PN} += "libpsats" SRC_URI += "git://github.com/ARM-software/psa-arch-tests.git;name=psatest;protocol=https;branch=main;destsuffix=git/psatest \ file://0001-Pass-Yocto-build-settings-to-psa-arch-tests-native.patch;patchdir=../psatest \ From patchwork Tue May 20 17:27:42 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Szing X-Patchwork-Id: 63317 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F0F8CC3DA6D for ; Tue, 20 May 2025 17:28:13 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.27024.1747762089697576867 for ; Tue, 20 May 2025 10:28:09 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: gyorgy.szing@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id DD3E11516; Tue, 20 May 2025 10:27:55 -0700 (PDT) Received: from gyoszi01-yocto.budapest.arm.com (ubul2.budapest.arm.com [10.45.25.25]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id C7D123F5A1; Tue, 20 May 2025 10:28:08 -0700 (PDT) From: Gyorgy Szing To: meta-arm@lists.yoctoproject.org Cc: Gyorgy Szing Subject: [PATCH 4/9] arm/trusted-services: simplify SmmGW configuration Date: Tue, 20 May 2025 19:27:42 +0200 Message-ID: <20250520172748.3439803-4-gyorgy.szing@arm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250520172748.3439803-1-gyorgy.szing@arm.com> References: <20250520172748.3439803-1-gyorgy.szing@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 May 2025 17:28:13 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6511 Bound Authenticated Variable configuration related settings to yocto variables. The aim is easier configuration by hiding SmmGW build system internals at the yocto recipe level. For details please see documentation/trusted-services.md Signed-off-by: Gyorgy Szing --- ci/fvp-base-ts.yml | 2 ++ documentation/trusted-services.md | 12 ++++++++++++ meta-arm-bsp/conf/machine/include/corstone1000.inc | 5 +++++ .../trusted-services/ts-sp-smm-gateway_%.bbappend | 2 -- .../trusted-services/ts-sp-smm-gateway_git.bb | 3 +++ 5 files changed, 22 insertions(+), 2 deletions(-) diff --git a/ci/fvp-base-ts.yml b/ci/fvp-base-ts.yml index 9f13bac7..89a3e1f2 100644 --- a/ci/fvp-base-ts.yml +++ b/ci/fvp-base-ts.yml @@ -15,6 +15,8 @@ local_conf_header: MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its" MACHINE_FEATURES:append = " ts-attestation ts-smm-gateway optee-spmc-test" MACHINE_FEATURES:append = " ts-block-storage ts-fwu" + MACHINE_FEATURES:append = " arm-branch-protection" + SMMGW_AUTH_VAR = "1" # Include TS demo/test tools into image IMAGE_INSTALL:append = " packagegroup-ts-tests" # Include TS PSA Arch tests into image diff --git a/documentation/trusted-services.md b/documentation/trusted-services.md index 636ccbf3..3dd045c7 100644 --- a/documentation/trusted-services.md +++ b/documentation/trusted-services.md @@ -57,6 +57,18 @@ Optionally for testing purposes you can add `packagegroup-ts-tests` into your im meta-arm also includes Trusted Service OEQA tests which can be used for automated testing. See `ci/trusted-services.yml` for an example how to include them into an image. +## Configuration options + +Some TS recipes support yocto variables to set build configuration. These variables can be set in .conf files (machine +specific or local.conf), or .bbappend files. + +SmmGW SP recipe supports the following configuration variables + +| Variable name | Type | Description | +|-----------------------|------|--------------------------------------------------------------------------------------------------------| +| SMMGW_AUTH_VAR | Bool | Enable Authenticated variable support | +| SMMGW_INTERNAL_CRYPTO | Bool | Use MbedTLS build into SmmGW for authentication related crypto operations. Depends on SMMGW_AUTH_VAR=1 | + ------ [^1]: https://trusted-services.readthedocs.io/en/integration/overview/index.html diff --git a/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm-bsp/conf/machine/include/corstone1000.inc index 57207499..80ff9bbe 100644 --- a/meta-arm-bsp/conf/machine/include/corstone1000.inc +++ b/meta-arm-bsp/conf/machine/include/corstone1000.inc @@ -67,3 +67,8 @@ ARM_SYSTEMREADY_ACS_CONSOLE ?= "default" # Workaround IMAGE_ROOTFS_EXTRA_SPACE being ignored when images are repacked IMAGE_ROOTFS_EXTRA_ARGS += "--extra-space ${@${IMAGE_ROOTFS_EXTRA_SPACE}}K" + +# Enable Authenticated variable support in SmmGW +SMMGW_AUTH_VAR="1" +# Use MbedTLS build into SmmGW for authentication related crypto operations. +SMMGW_INTERNAL_CRYPTO="1" diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend index 628dfb48..3d8f0d25 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend +++ b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend @@ -2,8 +2,6 @@ require ts-arm-platforms.inc EXTRA_OECMAKE:append:corstone1000 = " -DMM_COMM_BUFFER_ADDRESS="0x00000000 0x81FFF000" \ -DMM_COMM_BUFFER_PAGE_COUNT="1" \ - -DUEFI_AUTH_VAR=ON \ - -DUEFI_INTERNAL_CRYPTO=ON \ -DSMM_GATEWAY_MAX_UEFI_VARIABLES=60 \ " diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb index d72e8946..2ca43c78 100644 --- a/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb +++ b/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb @@ -6,3 +6,6 @@ SP_UUID = "${SMM_GATEWAY_UUID}" TS_SP_SMM_GATEWAY_CONFIG ?= "default" OECMAKE_SOURCEPATH = "${S}/deployments/smm-gateway/config/${TS_SP_SMM_GATEWAY_CONFIG}-${TS_ENV}" + +EXTRA_OECMAKE:append = "${@oe.utils.vartrue("SMMGW_AUTH_VAR", " -DUEFI_AUTH_VAR=ON ", "", d)}" +EXTRA_OECMAKE:append = "${@oe.utils.ifelse(oe.types.boolean(d.getVar("SMMGW_AUTH_VAR")) and oe.types.boolean(d.getVar("SMMGW_INTERNAL_CRYPTO")), " -DUEFI_INTERNAL_CRYPTO=On ", "")}" From patchwork Tue May 20 17:27:43 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Szing X-Patchwork-Id: 63320 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0CBBBC3ABDD for ; Tue, 20 May 2025 17:28:24 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.26829.1747762090804981086 for ; Tue, 20 May 2025 10:28:10 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: gyorgy.szing@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id CD1C91BCB; Tue, 20 May 2025 10:27:56 -0700 (PDT) Received: from gyoszi01-yocto.budapest.arm.com (ubul2.budapest.arm.com [10.45.25.25]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id B70BF3F5A1; Tue, 20 May 2025 10:28:09 -0700 (PDT) From: Gyorgy Szing To: meta-arm@lists.yoctoproject.org Cc: Gyorgy Szing Subject: [PATCH 5/9] base-fvp: enable branch protection in firmware Date: Tue, 20 May 2025 19:27:43 +0200 Message-ID: <20250520172748.3439803-5-gyorgy.szing@arm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250520172748.3439803-1-gyorgy.szing@arm.com> References: <20250520172748.3439803-1-gyorgy.szing@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 May 2025 17:28:24 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6512 Introduce a new machine feature called "arm-branch-protection". When set TF-A, optee and Trusted Services SPs will be configured to enable PAC and BTI. In addition the fvp-is configured to emulate arm-v8.5 and PAC+BTI. Signed-off-by: Gyorgy Szing --- .../trusted-firmware-a/trusted-firmware-a-fvp-base.inc | 3 +++ meta-arm/recipes-security/optee/optee-os.inc | 3 +++ meta-arm/recipes-security/trusted-services/ts-sp-common.inc | 2 ++ 3 files changed, 8 insertions(+) diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp-base.inc b/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp-base.inc index 4f0d34ea..bdf51f64 100644 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp-base.inc +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp-base.inc @@ -46,6 +46,9 @@ BL32 = "${@oe.utils.conditional('SPMC_IS_OPTEE', '1',\ EXTRA_OEMAKE += "${@oe.utils.conditional('SPMC_IS_OPTEE', '1', \ ' BL32=${BL32}', '', d)}" +# Enable memory safety in TF-A if machine supports it. +EXTRA_OEMAKE += "${@bb.utils.contains('MACHINE_FEATURES', 'arm-branch-protection', ' BRANCH_PROTECTION=1', '', d)}" + # Generic configuration COMPATIBLE_MACHINE = "fvp-base" TFA_PLATFORM = "fvp" diff --git a/meta-arm/recipes-security/optee/optee-os.inc b/meta-arm/recipes-security/optee/optee-os.inc index 5a89e5ba..7f515cb4 100644 --- a/meta-arm/recipes-security/optee/optee-os.inc +++ b/meta-arm/recipes-security/optee/optee-os.inc @@ -31,6 +31,9 @@ EXTRA_OEMAKE += " \ EXTRA_OEMAKE += " HOST_PREFIX=${HOST_PREFIX}" EXTRA_OEMAKE += " CROSS_COMPILE64=${HOST_PREFIX}" +# Enable BTI in optee +EXTREA_OEMAKE += "${@bb.utils.contains('MACHINE_FEATURES', 'arm-branch-protection', ' CFG_CORE_BTI=1 CFG_TA_BTI=1 CFG_CORE_PAUTH=y CFG_TA_PAUTH=y', '', d)}" + LDFLAGS[unexport] = "1" CPPFLAGS[unexport] = "1" AS[unexport] = "1" diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-common.inc b/meta-arm/recipes-security/trusted-services/ts-sp-common.inc index 65065880..eb89127b 100644 --- a/meta-arm/recipes-security/trusted-services/ts-sp-common.inc +++ b/meta-arm/recipes-security/trusted-services/ts-sp-common.inc @@ -41,3 +41,5 @@ OECMAKE_CXX_FLAGS:remove = "-D_FORTIFY_SOURCE=2" # will add a proper tooclhain option. OECMAKE_ARGS:remove = "-DCMAKE_TOOLCHAIN_FILE:FILEPATH=${WORKDIR}/toolchain.cmake" +# Set BranchProtection to standard +EXTRA_OECMAKE += "${@bb.utils.contains('MACHINE_FEATURES', 'arm-branch-protection', ' -DBRANCH_PROTECTION=1', '', d)}" From patchwork Tue May 20 17:27:44 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Szing X-Patchwork-Id: 63319 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0E8D8C54E71 for ; Tue, 20 May 2025 17:28:24 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.26830.1747762091869119699 for ; Tue, 20 May 2025 10:28:12 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: gyorgy.szing@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id BC021152B; Tue, 20 May 2025 10:27:57 -0700 (PDT) Received: from gyoszi01-yocto.budapest.arm.com (ubul2.budapest.arm.com [10.45.25.25]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id A71AF3F5A1; Tue, 20 May 2025 10:28:10 -0700 (PDT) From: Gyorgy Szing To: meta-arm@lists.yoctoproject.org Cc: Gyorgy Szing Subject: [PATCH 6/9] arm/trusted-services: enable the logging SP Date: Tue, 20 May 2025 19:27:44 +0200 Message-ID: <20250520172748.3439803-6-gyorgy.szing@arm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250520172748.3439803-1-gyorgy.szing@arm.com> References: <20250520172748.3439803-1-gyorgy.szing@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 May 2025 17:28:24 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6513 The logging service provides an SPMC agonistic to create log messages. The current version will simply dump the incoming log messages to a setial line. Future versions could provide access to log messages from the NWd, could encrypt the essages and perform more efficient when logging large messages. This change enables the logging SP on the fvp_base platform. All log messages made by SPs after the boot phase will be sent to UART3. Signed-off-by: Gyorgy Szing --- ci/fvp-base-ts.yml | 2 +- documentation/trusted-services.md | 1 + .../trusted-services/ts-sp-logging_%.bbappend | 1 + meta-arm/recipes-security/optee/optee-os-ts.inc | 7 +++++++ .../trusted-services/ts-sp-logging_git.bb | 8 ++++++++ meta-arm/recipes-security/trusted-services/ts-uuid.inc | 1 + 6 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 meta-arm-bsp/recipes-security/trusted-services/ts-sp-logging_%.bbappend create mode 100644 meta-arm/recipes-security/trusted-services/ts-sp-logging_git.bb diff --git a/ci/fvp-base-ts.yml b/ci/fvp-base-ts.yml index 89a3e1f2..62d7995b 100644 --- a/ci/fvp-base-ts.yml +++ b/ci/fvp-base-ts.yml @@ -14,7 +14,7 @@ local_conf_header: # Include all Secure Partitions into the image MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its" MACHINE_FEATURES:append = " ts-attestation ts-smm-gateway optee-spmc-test" - MACHINE_FEATURES:append = " ts-block-storage ts-fwu" + MACHINE_FEATURES:append = " ts-block-storage ts-fwu ts-logging" MACHINE_FEATURES:append = " arm-branch-protection" SMMGW_AUTH_VAR = "1" # Include TS demo/test tools into image diff --git a/documentation/trusted-services.md b/documentation/trusted-services.md index 3dd045c7..8b7f795a 100644 --- a/documentation/trusted-services.md +++ b/documentation/trusted-services.md @@ -24,6 +24,7 @@ features for each [Secure Partition][^2] you would like to include: | se-proxy | ts-se-proxy | | smm-gateway | ts-smm-gateway | | spm-test[1-4] | optee-spmc-test | +| Logging | ts-logging | Other steps depend on your machine/platform definition: diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-sp-logging_%.bbappend b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-logging_%.bbappend new file mode 100644 index 00000000..5c9ef210 --- /dev/null +++ b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-logging_%.bbappend @@ -0,0 +1 @@ +require ts-arm-platforms.inc diff --git a/meta-arm/recipes-security/optee/optee-os-ts.inc b/meta-arm/recipes-security/optee/optee-os-ts.inc index 82545ccb..be4bf5bb 100644 --- a/meta-arm/recipes-security/optee/optee-os-ts.inc +++ b/meta-arm/recipes-security/optee/optee-os-ts.inc @@ -80,6 +80,13 @@ DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage', SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage', \ ' ${TS_BIN}/${BLOCK_STORAGE_UUID}${SP_EXT}', '', d)}" +# Logging SP +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-logging', \ + ' ts-sp-logging', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-logging', \ + ' ${TS_BIN}/${LOGGING_SP_UUID}${SP_EXT}', '', d)}" + + EXTRA_OEMAKE:append = "${@oe.utils.conditional('SP_PATHS', '', '', \ ' CFG_MAP_EXT_DT_SECURE=y CFG_SECURE_PARTITION=y \ SP_PATHS="${SP_PATHS}" ', d)}" diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-logging_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-logging_git.bb new file mode 100644 index 00000000..e40349ae --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-sp-logging_git.bb @@ -0,0 +1,8 @@ +DESCRIPTION = "Trusted Services logging service provider" + +require ts-sp-common.inc + +SP_UUID = "${LOGGING_SP_UUID}" +TS_SP_LOGGING_CONFIG ?= "default" + +OECMAKE_SOURCEPATH="${S}/deployments/logging/config/${TS_SP_LOGGING_CONFIG}-${TS_ENV}" diff --git a/meta-arm/recipes-security/trusted-services/ts-uuid.inc b/meta-arm/recipes-security/trusted-services/ts-uuid.inc index 810ffa5e..bcf0ee97 100644 --- a/meta-arm/recipes-security/trusted-services/ts-uuid.inc +++ b/meta-arm/recipes-security/trusted-services/ts-uuid.inc @@ -13,3 +13,4 @@ SPM_TEST3_UUID = "23eb0100-e32a-4497-9052-2f11e584afa6" SPM_TEST4_UUID = "423762ed-7772-406f-99d8-0c27da0abbf8" FWU_UUID = "6823a838-1b06-470e-9774-0cce8bfb53fd" BLOCK_STORAGE_UUID = "63646e80-eb52-462f-ac4f-8cdf3987519c" +LOGGING_SP_UUID = "da9dffbd-d590-40ed-975f-19c65a3d52d3" From patchwork Tue May 20 17:27:45 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Gyorgy Szing X-Patchwork-Id: 63322 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0EF59C54E92 for ; Tue, 20 May 2025 17:28:24 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.26831.1747762092981213420 for ; Tue, 20 May 2025 10:28:13 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: gyorgy.szing@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 2A97C1F91; Tue, 20 May 2025 10:27:59 -0700 (PDT) Received: from gyoszi01-yocto.budapest.arm.com (ubul2.budapest.arm.com [10.45.25.25]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 9749D3F5A1; Tue, 20 May 2025 10:28:11 -0700 (PDT) From: Gyorgy Szing To: meta-arm@lists.yoctoproject.org Cc: Gyorgy Szing , Bence Balogh Subject: [PATCH 7/9] arm-bsp/trusted-services: corstone1000: rebase patches Date: Tue, 20 May 2025 19:27:45 +0200 Message-ID: <20250520172748.3439803-7-gyorgy.szing@arm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250520172748.3439803-1-gyorgy.szing@arm.com> References: <20250520172748.3439803-1-gyorgy.szing@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 May 2025 17:28:24 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6514 The patches needed rebasing to the latest Trusted Services version so they can be applied cleanly. Signed-off-by: Gyorgy Szing Signed-off-by: Bence Balogh --- ...ub-capsule-update-service-components.patch | 14 +- ...02-Fix-in-AEAD-for-psa-arch-test-254.patch | 18 +- .../0003-FMP-Support-in-Corstone1000.patch | 6 +- ...0004-Fix-psa-api-crypto-test-no-243.patch} | 8 +- ...-smm_gateway-GetNextVariableName-Fix.patch | 45 -- ...-Use-the-stateless-platform-service.patch} | 6 +- ...-Initialize-capsule-update-provider.patch} | 40 +- ...e1000-add-client_id-for-FMP-service.patch} | 6 +- ...ag.patch => 0008-Remove-Werror-flag.patch} | 25 +- ..._HAS_ATTEST_PK-define-from-IAT-test.patch} | 6 +- ...sizes-compile-time-definitions-user.patch} | 22 +- ...0011-Align-PSA-Crypto-with-TF-Mv2.1.patch} | 28 +- ...-Fix-Avoid-redefinition-of-variables.patch | 28 - ...x-GetNextVariableName-NameSize-input.patch | 495 ------------ ...r-handling-of-variable-index-loading.patch | 82 -- ...pi-to-create-uefi-priv-var-fingerpri.patch | 758 ------------------ ...estamp-validation-for-uefi-variables.patch | 146 ---- ...ch => 0015-se-proxy-protobuf-change.patch} | 21 +- ...n-uefi-variable-authentication-steps.patch | 282 ------- ...e-Authenticated-Variable-verificatio.patch | 292 ------- .../trusted-services/ts-arm-platforms.inc | 27 +- 21 files changed, 107 insertions(+), 2248 deletions(-) rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0005-Fix-psa-api-crypto-test-no-243.patch => 0004-Fix-psa-api-crypto-test-no-243.patch} (83%) delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-smm_gateway-GetNextVariableName-Fix.patch rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0006-plat-corstone1000-Use-the-stateless-platform-service.patch => 0005-plat-corstone1000-Use-the-stateless-platform-service.patch} (97%) rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0007-plat-corstone1000-Initialize-capsule-update-provider.patch => 0006-plat-corstone1000-Initialize-capsule-update-provider.patch} (74%) rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0008-plat-corstone1000-add-client_id-for-FMP-service.patch => 0007-plat-corstone1000-add-client_id-for-FMP-service.patch} (92%) rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0009-Remove-Werror-flag.patch => 0008-Remove-Werror-flag.patch} (87%) rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0010-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch => 0009-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch} (86%) rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0018-Make-RSS-and-MHU-sizes-compile-time-definitions-user.patch => 0010-Make-RSS-and-MHU-sizes-compile-time-definitions-user.patch} (68%) rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0019-Align-PSA-Crypto-with-TF-Mv2.1.patch => 0011-Align-PSA-Crypto-with-TF-Mv2.1.patch} (94%) delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Fix-Avoid-redefinition-of-variables.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-Fix-GetNextVariableName-NameSize-input.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Fix-error-handling-of-variable-index-loading.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Provide-crypto-api-to-create-uefi-priv-var-fingerpri.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Add-timestamp-validation-for-uefi-variables.patch rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0020-se-proxy-protobuf-change.patch => 0015-se-proxy-protobuf-change.patch} (81%) delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Isolate-common-uefi-variable-authentication-steps.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Implement-Private-Authenticated-Variable-verificatio.patch diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch index fa33f78c..8910364a 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch +++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch @@ -1,7 +1,7 @@ -From 1ba2a22575c1b73b5ab09e040a00f370eca4b758 Mon Sep 17 00:00:00 2001 +From fd171007b073a4cff7c3deabfdff233c0a9ed507 Mon Sep 17 00:00:00 2001 From: Julian Hall Date: Tue, 12 Oct 2021 15:45:41 +0100 -Subject: [PATCH 1/8] Add stub capsule update service components +Subject: [PATCH 01/12] Add stub capsule update service components To facilitate development of a capsule update service provider, stub components are added to provide a starting point for an @@ -280,13 +280,13 @@ index 000000000..1d412eb23 + "${CMAKE_CURRENT_LIST_DIR}/capsule_update_provider.c" + ) diff --git a/deployments/se-proxy/infra/corstone1000/infra.cmake b/deployments/se-proxy/infra/corstone1000/infra.cmake -index a52a1b711..4658c9662 100644 +index 3830f9d61..27af8a333 100644 --- a/deployments/se-proxy/infra/corstone1000/infra.cmake +++ b/deployments/se-proxy/infra/corstone1000/infra.cmake -@@ -21,6 +21,7 @@ add_components(TARGET "se-proxy" - "components/service/attestation/key_mngr/local" - "components/service/attestation/reporter/psa_ipc" - "components/service/crypto/backend/psa_ipc" +@@ -27,6 +27,7 @@ add_components(TARGET "se-proxy" + "components/service/fwu/provider/serializer" + "components/service/fwu/psa_fwu_m/agent" + "components/service/fwu/psa_fwu_m/interface/stub" + "components/service/capsule_update/provider" "components/service/secure_storage/backend/secure_storage_ipc" ) diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fix-in-AEAD-for-psa-arch-test-254.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fix-in-AEAD-for-psa-arch-test-254.patch index 02c9c668..a2e72b79 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fix-in-AEAD-for-psa-arch-test-254.patch +++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fix-in-AEAD-for-psa-arch-test-254.patch @@ -1,14 +1,14 @@ -From 834d5184902341414eb147204eeda8b0ff01f38c Mon Sep 17 00:00:00 2001 +From 74a07ccbb4eb573269672a0c1f61b9165a592b44 Mon Sep 17 00:00:00 2001 From: Satish Kumar Date: Mon, 14 Feb 2022 08:22:25 +0000 -Subject: [PATCH 2/8] Fix in AEAD for psa-arch test 254 +Subject: [PATCH 02/12] Fix in AEAD for psa-arch test 254 PSA crypto test 254 fails at checkpoint 6. Fix output arguments in various crypto AEAD functions to match crypto service implementation in TF-M. AEAD API's in TF-M start expecting output size as an argument. -Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/31176] +Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/31176] Signed-off-by: Emekcan Aras Signed-off-by: Satish Kumar Signed-off-by: Rui Miguel Silva @@ -23,7 +23,7 @@ Signed-off-by: Harsimran Singh Tungal 6 files changed, 14 insertions(+), 3 deletions(-) diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h -index 417189e..236d3e2 100644 +index 417189e87..236d3e258 100644 --- a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h +++ b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h @@ -314,6 +314,7 @@ static inline psa_status_t crypto_caller_aead_update(struct service_client *cont @@ -35,7 +35,7 @@ index 417189e..236d3e2 100644 /* Mandatory input data parameter */ diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h -index 30aa102..130d272 100644 +index 30aa102da..130d27295 100644 --- a/components/service/crypto/include/psa/crypto_sizes.h +++ b/components/service/crypto/include/psa/crypto_sizes.h @@ -351,7 +351,7 @@ @@ -48,7 +48,7 @@ index 30aa102..130d272 100644 /** A sufficient output buffer size for psa_aead_update(). * diff --git a/components/service/crypto/provider/extension/aead/aead_provider.c b/components/service/crypto/provider/extension/aead/aead_provider.c -index b73d88d..510cffa 100644 +index b73d88d32..510cffa34 100644 --- a/components/service/crypto/provider/extension/aead/aead_provider.c +++ b/components/service/crypto/provider/extension/aead/aead_provider.c @@ -283,10 +283,11 @@ static rpc_status_t aead_update_handler(void *context, struct rpc_request *req) @@ -81,7 +81,7 @@ index b73d88d..510cffa 100644 psa_status = psa_aead_update(&crypto_context->op.aead, diff --git a/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h b/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h -index be76d2b..5909730 100644 +index be76d2bc6..590973048 100644 --- a/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h +++ b/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h @@ -51,6 +51,7 @@ struct aead_provider_serializer { @@ -93,7 +93,7 @@ index be76d2b..5909730 100644 rpc_status_t (*serialize_aead_update_resp)(struct rpc_buffer *resp_buf, diff --git a/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c b/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c -index 8f8c3c7..922a7b6 100644 +index 8f8c3c7f2..922a7b651 100644 --- a/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c +++ b/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c @@ -192,6 +192,7 @@ static rpc_status_t deserialize_aead_update_ad_req(const struct rpc_buffer *req_ @@ -113,7 +113,7 @@ index 8f8c3c7..922a7b6 100644 tlv_const_iterator_begin(&req_iter, (uint8_t*)req_buf->data + expected_fixed_len, diff --git a/protocols/service/crypto/packed-c/aead.h b/protocols/service/crypto/packed-c/aead.h -index 0be266b..435fd3b 100644 +index 0be266b52..435fd3b52 100644 --- a/protocols/service/crypto/packed-c/aead.h +++ b/protocols/service/crypto/packed-c/aead.h @@ -98,6 +98,7 @@ enum diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch index dff9b7ff..cd2cf5fc 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch +++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch @@ -1,7 +1,7 @@ -From ef6b4fef7b7a740d6df8dab12aa7c73d06bb9f3b Mon Sep 17 00:00:00 2001 +From fea499f48d07638417511f194c2977133fd75b4d Mon Sep 17 00:00:00 2001 From: Satish Kumar Date: Fri, 8 Jul 2022 09:48:06 +0100 -Subject: [PATCH 3/8] FMP Support in Corstone1000. +Subject: [PATCH 03/12] FMP Support in Corstone1000. The FMP support is used by u-boot to pupolate ESRT information for the kernel. @@ -70,7 +70,7 @@ index 1d412eb23..6b0601494 100644 ) diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c new file mode 100644 -index 000000000..56ce38579 +index 000000000..2222251a7 --- /dev/null +++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c @@ -0,0 +1,307 @@ diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Fix-psa-api-crypto-test-no-243.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-Fix-psa-api-crypto-test-no-243.patch similarity index 83% rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Fix-psa-api-crypto-test-no-243.patch rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-Fix-psa-api-crypto-test-no-243.patch index bb30a766..9253d8ec 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Fix-psa-api-crypto-test-no-243.patch +++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-Fix-psa-api-crypto-test-no-243.patch @@ -1,7 +1,7 @@ -From 372d6e9e5827486841ffe15a1b050569fff762b6 Mon Sep 17 00:00:00 2001 +From c74d0d62fede8ef0207a909fb4157dbbb4830dc9 Mon Sep 17 00:00:00 2001 From: Bence Balogh Date: Wed, 10 Apr 2024 09:17:39 +0200 -Subject: [PATCH 5/8] Fix psa-api-crypto-test no 243 +Subject: [PATCH 04/12] Fix psa-api-crypto-test no 243 Enable MbedTLS ECP DP SECP521R1 ECC algorithm to pass PSA-API tests's `psa-api-crypto-test` number 243 as it is @@ -15,12 +15,12 @@ Signed-off-by: Harsimran Singh Tungal 1 file changed, 1 insertion(+) diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake -index d944acf..e811c25 100644 +index d39b79033..0c7c51b6e 100644 --- a/platform/providers/arm/corstone1000/platform.cmake +++ b/platform/providers/arm/corstone1000/platform.cmake @@ -14,6 +14,7 @@ target_compile_definitions(${TGT} PRIVATE SMM_VARIABLE_INDEX_STORAGE_UID=0x787 - PLAT_RSS_COMMS_PAYLOAD_MAX_SIZE=0x2080 + PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE=0x2080 COMMS_MHU_MSG_SIZE=0x3500 + MBEDTLS_ECP_DP_SECP521R1_ENABLED ) diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-smm_gateway-GetNextVariableName-Fix.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-smm_gateway-GetNextVariableName-Fix.patch deleted file mode 100644 index 51337b2f..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-smm_gateway-GetNextVariableName-Fix.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 660658e9f974126fae15d9d8839415a76e8d6663 Mon Sep 17 00:00:00 2001 -From: Bence Balogh -Date: Wed, 10 Apr 2024 09:16:47 +0200 -Subject: [PATCH 4/9] smm_gateway: GetNextVariableName Fix - -GetNextVariableName() should return EFI_BUFFER_TOO_SMALL -when requested NameSize is smaller than the actual. It -currently returns EFI_BUFFER_OUT_OF_RESOURCES due to setting -max_name_len incorrectly. This change fixes the error by -using clamping the maximum size to the NameSize requested by -the client. - -Upstream-Status: Pending -Signed-off-by: Emekcan Aras -Signed-off-by: Gyorgy Szing ---- - .../uefi/smm_variable/provider/smm_variable_provider.c | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/components/service/uefi/smm_variable/provider/smm_variable_provider.c b/components/service/uefi/smm_variable/provider/smm_variable_provider.c -index 1875397..ca3f7e5 100644 ---- a/components/service/uefi/smm_variable/provider/smm_variable_provider.c -+++ b/components/service/uefi/smm_variable/provider/smm_variable_provider.c -@@ -176,16 +176,14 @@ static rpc_status_t get_next_variable_name_handler(void *context, struct rpc_req - - if (resp_buf->size >= param_len) { - struct rpc_buffer *req_buf = &req->request; -- size_t max_name_len = -- resp_buf->size - -- SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME_NAME_OFFSET; - - memmove(resp_buf->data, req_buf->data, param_len); - - efi_status = uefi_variable_store_get_next_variable_name( - &this_instance->variable_store, - (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *)resp_buf->data, -- max_name_len, &resp_buf->data_length); -+ ((SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data)->NameSize, -+ &resp_buf->data_length); - } else { - /* Reponse buffer not big enough */ - efi_status = EFI_BAD_BUFFER_SIZE; --- -2.25.1 - diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-plat-corstone1000-Use-the-stateless-platform-service.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-plat-corstone1000-Use-the-stateless-platform-service.patch similarity index 97% rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-plat-corstone1000-Use-the-stateless-platform-service.patch rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-plat-corstone1000-Use-the-stateless-platform-service.patch index 44e2dd85..8324e9e0 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-plat-corstone1000-Use-the-stateless-platform-service.patch +++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-plat-corstone1000-Use-the-stateless-platform-service.patch @@ -1,7 +1,7 @@ -From c2edcd8bd3d8817765f280708eae894d6cd8d974 Mon Sep 17 00:00:00 2001 +From 81d1dbe3f04195c0ad26790e127d61149e4f5b78 Mon Sep 17 00:00:00 2001 From: Emekcan Aras Date: Sun, 18 Jun 2023 14:38:42 +0100 -Subject: [PATCH 6/8] plat: corstone1000: Use the stateless platform service +Subject: [PATCH 05/12] plat: corstone1000: Use the stateless platform service calls Calls to psa_connect is not needed and psa_call can be called directly with a pre defined handle. @@ -67,7 +67,7 @@ index bfeb7301a..12c552dae 100644 default: EMSG("%s unsupported opcode", __func__); diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c -index 56ce38579..bebdf859f 100644 +index 2222251a7..2ed0f33c5 100644 --- a/components/service/capsule_update/provider/corstone1000_fmp_service.c +++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c @@ -238,8 +238,7 @@ static psa_status_t unpack_image_info(void *buffer, uint32_t size) diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-Initialize-capsule-update-provider.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-plat-corstone1000-Initialize-capsule-update-provider.patch similarity index 74% rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-Initialize-capsule-update-provider.patch rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-plat-corstone1000-Initialize-capsule-update-provider.patch index 738b5af0..8b1e44ba 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-Initialize-capsule-update-provider.patch +++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-plat-corstone1000-Initialize-capsule-update-provider.patch @@ -1,7 +1,7 @@ -From 925a07093fa571ee1d2f2e59affcd2c52f1d5b54 Mon Sep 17 00:00:00 2001 +From 8a6542231613d5f1b60bc209a7ad8f8cf72bc95a Mon Sep 17 00:00:00 2001 From: Bence Balogh Date: Wed, 29 Nov 2023 15:40:21 +0100 -Subject: [PATCH 7/8] plat: corstone1000: Initialize capsule update provider +Subject: [PATCH 06/12] plat: corstone1000: Initialize capsule update provider Initializes the capsule update service provider in se-proxy-sp.c deployment for corstone1000. @@ -15,15 +15,15 @@ Upstream-Status: Inappropriate [Design is to revisted] 3 files changed, 42 insertions(+), 1 deletion(-) diff --git a/deployments/se-proxy/env/commonsp/se_proxy_sp.c b/deployments/se-proxy/env/commonsp/se_proxy_sp.c -index 155e94863..a0eb03b6f 100644 +index 485d76493..88e4cf17e 100644 --- a/deployments/se-proxy/env/commonsp/se_proxy_sp.c +++ b/deployments/se-proxy/env/commonsp/se_proxy_sp.c @@ -39,7 +39,7 @@ void __noreturn sp_main(union ffa_boot_info *boot_info) goto fatal_error; } -- rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 4, 16); -+ rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 5, 16); +- rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 5, 16); ++ rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 6, 16); if (rpc_status != RPC_SUCCESS) { EMSG("Failed to initialize RPC endpoint: %d", rpc_status); goto fatal_error; @@ -43,24 +43,24 @@ index 155e94863..a0eb03b6f 100644 + goto fatal_error; + } + - /* End of boot phase */ - result = sp_msg_wait(&req_msg); - if (result != SP_RESULT_OK) { + rpc_iface = fwu_proxy_create(); + if (!rpc_iface) { + EMSG("Failed to create FWU proxy"); diff --git a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c -index b3b93cfd6..fc179b3c1 100644 +index 759983b46..185a6cd97 100644 --- a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c +++ b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c @@ -11,6 +11,7 @@ - #include + #include #include #include +#include #include - #include - #include "service/secure_storage/frontend/secure_storage_provider/secure_storage_uuid.h" -@@ -129,3 +130,30 @@ struct rpc_service_interface *its_proxy_create(void) + #include "service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.h" + #include "service/fwu/provider/fwu_provider.h" +@@ -141,3 +142,30 @@ struct rpc_service_interface *fwu_proxy_create(void) - return secure_storage_provider_init(&its_provider, backend, &its_uuid); + return fwu_provider_init(&fwu_provider, agent); } + +struct rpc_service_interface *capsule_update_proxy_create(void) @@ -70,14 +70,14 @@ index b3b93cfd6..fc179b3c1 100644 + rpc_status_t rpc_status = RPC_ERROR_INTERNAL; + + /* Static objects for proxy instance */ -+ static struct rpc_caller_interface rss_comms = { 0 }; ++ static struct rpc_caller_interface rse_comms = { 0 }; + static struct rpc_caller_session rpc_session = { 0 }; + -+ rpc_status = rss_comms_caller_init(&rss_comms); ++ rpc_status = rse_comms_caller_init(&rse_comms); + if (rpc_status != RPC_SUCCESS) + return NULL; + -+ rpc_status = rpc_caller_session_open(&rpc_session, &rss_comms, &dummy_uuid, 0, 0); ++ rpc_status = rpc_caller_session_open(&rpc_session, &rse_comms, &dummy_uuid, 0, 0); + if (rpc_status != RPC_SUCCESS) + return NULL; + @@ -90,13 +90,13 @@ index b3b93cfd6..fc179b3c1 100644 + return capsule_update_provider_init(&capsule_update_provider); +} diff --git a/deployments/se-proxy/infra/service_proxy_factory.h b/deployments/se-proxy/infra/service_proxy_factory.h -index caaea79ed..b981754b7 100644 +index be83319b8..88b377063 100644 --- a/deployments/se-proxy/infra/service_proxy_factory.h +++ b/deployments/se-proxy/infra/service_proxy_factory.h -@@ -17,6 +17,7 @@ struct rpc_service_interface *attest_proxy_create(void); - struct rpc_service_interface *crypto_proxy_create(void); +@@ -18,6 +18,7 @@ struct rpc_service_interface *crypto_proxy_create(void); struct rpc_service_interface *ps_proxy_create(void); struct rpc_service_interface *its_proxy_create(void); + struct rpc_service_interface *fwu_proxy_create(void); +struct rpc_service_interface *capsule_update_proxy_create(void); #ifdef __cplusplus diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-plat-corstone1000-add-client_id-for-FMP-service.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-add-client_id-for-FMP-service.patch similarity index 92% rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-plat-corstone1000-add-client_id-for-FMP-service.patch rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-add-client_id-for-FMP-service.patch index 3e927000..f56c3578 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-plat-corstone1000-add-client_id-for-FMP-service.patch +++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-add-client_id-for-FMP-service.patch @@ -1,7 +1,7 @@ -From f6ed75939f0b57e6b0e50ab11cdc3304098456dd Mon Sep 17 00:00:00 2001 +From eddadb001463495307fb33f99e8cb41b9722ace1 Mon Sep 17 00:00:00 2001 From: Bence Balogh Date: Fri, 5 Apr 2024 17:31:03 +0200 -Subject: [PATCH 8/8] plat: corstone1000: add client_id for FMP service +Subject: [PATCH 07/12] plat: corstone1000: add client_id for FMP service Corstone1000 uses trusted-firmware-m as secure enclave software component. Due to the changes in TF-M 2.0, psa services requires a seperate client_id now. @@ -15,7 +15,7 @@ Upstream-Status: Inappropriate [Design is to revisted] 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c -index bebdf859f..1b4813d62 100644 +index 2ed0f33c5..58c2cceaf 100644 --- a/components/service/capsule_update/provider/corstone1000_fmp_service.c +++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c @@ -33,6 +33,7 @@ diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Remove-Werror-flag.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Remove-Werror-flag.patch similarity index 87% rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Remove-Werror-flag.patch rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Remove-Werror-flag.patch index d08ebe9f..cbb9780c 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Remove-Werror-flag.patch +++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Remove-Werror-flag.patch @@ -1,7 +1,7 @@ -From 6d140b21c22dda58f596bb513a1cd6bc08e914eb Mon Sep 17 00:00:00 2001 -From: Harsimran Singh Tungal -Date: Wed, 3 Apr 2024 10:18:16 +0100 -Subject: [PATCH] Remove Werror flag +From 5456cf76e45fc4b06d67b31b53f66a96833c67d9 Mon Sep 17 00:00:00 2001 +From: Gyorgy Szing +Date: Fri, 18 Oct 2024 11:50:32 +0000 +Subject: [PATCH 08/12] Remove Werror flag Remove Werror flag due to compilation issues for TS in yocto @@ -16,10 +16,10 @@ Signed-off-by: Harsimran Singh Tungal 5 files changed, 3 insertions(+), 5 deletions(-) diff --git a/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt b/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt -index 5521467..88048a2 100644 +index 94ff14c2c..42385635d 100644 --- a/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt +++ b/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt -@@ -99,7 +99,6 @@ target_compile_definitions(smm-gateway PRIVATE +@@ -92,7 +92,6 @@ target_compile_definitions(smm-gateway PRIVATE if(CMAKE_C_COMPILER_ID STREQUAL "GNU") target_compile_options(smm-gateway PRIVATE -std=c11 @@ -28,10 +28,10 @@ index 5521467..88048a2 100644 endif() diff --git a/deployments/smm-gateway/config/default-sp/CMakeLists.txt b/deployments/smm-gateway/config/default-sp/CMakeLists.txt -index ca563c0..4b43653 100644 +index e92f16384..578027163 100644 --- a/deployments/smm-gateway/config/default-sp/CMakeLists.txt +++ b/deployments/smm-gateway/config/default-sp/CMakeLists.txt -@@ -97,7 +97,6 @@ target_compile_definitions(smm-gateway PRIVATE +@@ -89,7 +89,6 @@ target_compile_definitions(smm-gateway PRIVATE if(CMAKE_C_COMPILER_ID STREQUAL "GNU") target_compile_options(smm-gateway PRIVATE -std=c11 @@ -40,7 +40,7 @@ index ca563c0..4b43653 100644 endif() diff --git a/environments/arm-linux/default_toolchain_file.cmake b/environments/arm-linux/default_toolchain_file.cmake -index 1da144e..6909db6 100644 +index 7e565dd20..ad11248b3 100644 --- a/environments/arm-linux/default_toolchain_file.cmake +++ b/environments/arm-linux/default_toolchain_file.cmake @@ -19,7 +19,7 @@ set(CMAKE_SYSTEM_PROCESSOR arm) @@ -51,9 +51,9 @@ index 1da144e..6909db6 100644 +set(TS_WARNING_FLAGS "-Wall" CACHE STRING "Compiler flags affecting generating warning messages.") set(TS_MANDATORY_LINKER_FLAGS "" CACHE STRING "Linker flags needed for correct builds.") - # Set flags affecting all build types + # branch-protection enables bti/pac while compile force-bti tells the linker to diff --git a/environments/linux-pc/default_toolchain_file.cmake b/environments/linux-pc/default_toolchain_file.cmake -index 58f29bc..e23bb79 100644 +index 2215d6b5d..74d8b6806 100644 --- a/environments/linux-pc/default_toolchain_file.cmake +++ b/environments/linux-pc/default_toolchain_file.cmake @@ -11,7 +11,7 @@ include_guard(GLOBAL) @@ -66,7 +66,7 @@ index 58f29bc..e23bb79 100644 # Set flags affecting all build types diff --git a/environments/opteesp/default_toolchain_file.cmake b/environments/opteesp/default_toolchain_file.cmake -index 43c19c5..90a9418 100644 +index b150b8528..297b5f886 100644 --- a/environments/opteesp/default_toolchain_file.cmake +++ b/environments/opteesp/default_toolchain_file.cmake @@ -21,7 +21,7 @@ set(CMAKE_POSITION_INDEPENDENT_CODE True) @@ -81,4 +81,3 @@ index 43c19c5..90a9418 100644 -- 2.25.1 - diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch similarity index 86% rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch index addf879f..e95fe821 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch +++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch @@ -1,7 +1,7 @@ -From a94bcd8af80c42adf99a7114174afea4000e6647 Mon Sep 17 00:00:00 2001 +From cee283641224d2a6660cde0ad83e59bdddbc2f37 Mon Sep 17 00:00:00 2001 From: Bence Balogh Date: Tue, 14 May 2024 15:58:15 +0200 -Subject: [PATCH] Remove PLATFORM_HAS_ATTEST_PK define from IAT test +Subject: [PATCH 09/12] Remove PLATFORM_HAS_ATTEST_PK define from IAT test Signed-off-by: Bence Balogh Upstream-Status: Inappropriate [Should remove the flag only for CS1000] @@ -10,7 +10,7 @@ Upstream-Status: Inappropriate [Should remove the flag only for CS1000] 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/psa-api-test/initial_attestation/iat-api-test.cmake b/deployments/psa-api-test/initial_attestation/iat-api-test.cmake -index 4d1d2b1a9..eb4db223c 100644 +index 807faf67a..c1b2ba6ed 100644 --- a/deployments/psa-api-test/initial_attestation/iat-api-test.cmake +++ b/deployments/psa-api-test/initial_attestation/iat-api-test.cmake @@ -15,7 +15,7 @@ set(TS_ARCH_TEST_SUITE INITIAL_ATTESTATION CACHE STRING "Arch test suite") diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Make-RSS-and-MHU-sizes-compile-time-definitions-user.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Make-RSS-and-MHU-sizes-compile-time-definitions-user.patch similarity index 68% rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Make-RSS-and-MHU-sizes-compile-time-definitions-user.patch rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Make-RSS-and-MHU-sizes-compile-time-definitions-user.patch index e503efe5..90dadc6c 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Make-RSS-and-MHU-sizes-compile-time-definitions-user.patch +++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Make-RSS-and-MHU-sizes-compile-time-definitions-user.patch @@ -1,11 +1,11 @@ -From 6e7e3f2f1cb96eb1c895e8573fae8c141e9b64c8 Mon Sep 17 00:00:00 2001 -From: Bence Balogh -Date: Fri, 17 May 2024 13:21:07 +0200 -Subject: [PATCH] Make RSS and MHU sizes compile-time definitions +From 1c8b1d017cbdd26c9b75580936017eecd2b1f70c Mon Sep 17 00:00:00 2001 +From: Gyorgy Szing +Date: Fri, 18 Oct 2024 12:08:21 +0000 +Subject: [PATCH 10/12] Make RSE and MHU sizes compile-time definitions user-configurable -Replace the hardcoded RSS and MHU compile definitions values with CMake -cache variables that users can configure to change the size of the RSS +Replace the hardcoded RSE and MHU compile definitions values with CMake +cache variables that users can configure to change the size of the RSE communication payload and the MHU message. Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/31178/1] @@ -16,22 +16,22 @@ Signed-off-by: Harsimran Singh Tungal 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake -index e811c25..8997155 100644 +index 0c7c51b6e..66a55ab85 100644 --- a/platform/providers/arm/corstone1000/platform.cmake +++ b/platform/providers/arm/corstone1000/platform.cmake @@ -9,11 +9,13 @@ set(SMM_GATEWAY_MAX_UEFI_VARIABLES 80 CACHE STRING "Maximum UEFI variable count") set(SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE 4*4096 CACHE STRING "RPC caller buffer size in SMMGW") set(SMM_SP_HEAP_SIZE 80*1024 CACHE STRING "SMM gateway SP heap size") -+set(PLAT_RSS_COMMS_PAYLOAD_MAX_SIZE 0x43C0 CACHE STRING "Size of the RSS_COMMS_PAYLOAD buffer") ++set(PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE 0x43C0 CACHE STRING "Size of the RSE_COMMS_PAYLOAD buffer") +set(COMMS_MHU_MSG_SIZE 0x4500 CACHE STRING "Max message size that can be transfered via MHU") target_compile_definitions(${TGT} PRIVATE SMM_VARIABLE_INDEX_STORAGE_UID=0x787 -- PLAT_RSS_COMMS_PAYLOAD_MAX_SIZE=0x2080 +- PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE=0x2080 - COMMS_MHU_MSG_SIZE=0x3500 -+ PLAT_RSS_COMMS_PAYLOAD_MAX_SIZE=${PLAT_RSS_COMMS_PAYLOAD_MAX_SIZE} -+ COMMS_MHU_MSG_SIZE=${COMMS_MHU_MSG_SIZE} ++ PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE=${PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE} ++ COMMS_MHU_MSG_SIZE=${COMMS_MHU_MSG_SIZE} MBEDTLS_ECP_DP_SECP521R1_ENABLED ) diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-Align-PSA-Crypto-with-TF-Mv2.1.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Align-PSA-Crypto-with-TF-Mv2.1.patch similarity index 94% rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-Align-PSA-Crypto-with-TF-Mv2.1.patch rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Align-PSA-Crypto-with-TF-Mv2.1.patch index 88413dd3..906a27d2 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-Align-PSA-Crypto-with-TF-Mv2.1.patch +++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Align-PSA-Crypto-with-TF-Mv2.1.patch @@ -1,7 +1,7 @@ -From 3bb579379bcfe32ae0b81f721b370afcb58e9693 Mon Sep 17 00:00:00 2001 -From: Bence Balogh -Date: Wed, 10 Jul 2024 11:07:09 +0200 -Subject: [PATCH] Align PSA Crypto with TF-Mv2.1 +From 111c15d7bf79e023bfb8bdcf631dfa95503f5f4e Mon Sep 17 00:00:00 2001 +From: Gyorgy Szing +Date: Fri, 18 Oct 2024 11:40:29 +0000 +Subject: [PATCH 11/12] Align PSA Crypto with TF-Mv2.1 Update following files using the TF-Mv2.1 release (0c4c99b) commit. @@ -23,20 +23,19 @@ psa_key_attributes_s struct in TF-M. (psa_crypto.c) Signed-off-by: Bence Balogh Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/31179/1] --- - .../service/common/include/psa/crypto_sid.h | 168 +++++------------- + .../service/common/include/psa/crypto_sid.h | 166 +++++------------- .../backend/psa_ipc/crypto_ipc_backend.h | 9 +- .../crypto/include/psa/crypto_client_struct.h | 4 +- - 3 files changed, 55 insertions(+), 126 deletions(-) + 3 files changed, 54 insertions(+), 125 deletions(-) diff --git a/components/service/common/include/psa/crypto_sid.h b/components/service/common/include/psa/crypto_sid.h -index 5b05f46d7..fe057ce40 100644 +index 5b05f46d7..e1fbb15e2 100644 --- a/components/service/common/include/psa/crypto_sid.h +++ b/components/service/common/include/psa/crypto_sid.h -@@ -18,22 +18,24 @@ extern "C" { - * nine groups (Random, Key management, Hash, MAC, Cipher, AEAD, +@@ -19,21 +19,23 @@ extern "C" { * Asym sign, Asym encrypt, Key derivation). */ --enum tfm_crypto_group_id { + enum tfm_crypto_group_id { - TFM_CRYPTO_GROUP_ID_RANDOM = 0x0, - TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT, - TFM_CRYPTO_GROUP_ID_HASH, @@ -46,7 +45,6 @@ index 5b05f46d7..fe057ce40 100644 - TFM_CRYPTO_GROUP_ID_ASYM_SIGN, - TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT, - TFM_CRYPTO_GROUP_ID_KEY_DERIVATION, -+enum tfm_crypto_group_id_t { + TFM_CRYPTO_GROUP_ID_RANDOM = UINT8_C(1), + TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT = UINT8_C(2), + TFM_CRYPTO_GROUP_ID_HASH = UINT8_C(3), @@ -74,14 +72,14 @@ index 5b05f46d7..fe057ce40 100644 X(TFM_CRYPTO_AEAD_ABORT) -#define ASYMMETRIC_SIGN_FUNCS \ -+#define ASYM_SIGN_FUNCS \ ++#define ASYM_SIGN_FUNCS \ X(TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE) \ X(TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE) \ X(TFM_CRYPTO_ASYMMETRIC_SIGN_HASH) \ X(TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH) -#define AYSMMETRIC_ENCRYPT_FUNCS \ -+#define ASYM_ENCRYPT_FUNCS \ ++#define ASYM_ENCRYPT_FUNCS \ X(TFM_CRYPTO_ASYMMETRIC_ENCRYPT) \ X(TFM_CRYPTO_ASYMMETRIC_DECRYPT) @@ -250,7 +248,7 @@ index 5b05f46d7..fe057ce40 100644 #ifdef __cplusplus } diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -index 27ac59837..d7e733b89 100644 +index f9bbf84d6..27fe3496a 100644 --- a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h +++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h @@ -30,10 +30,9 @@ struct psa_ipc_crypto_aead_pack_input { @@ -269,7 +267,7 @@ index 27ac59837..d7e733b89 100644 * See tfm_crypto_func_sid for detail */ uint16_t step; /*!< Key derivation step */ --}__packed; +-} __attribute__((__packed__)); + union { + size_t capacity; /*!< Key derivation capacity */ + uint64_t value; /*!< Key derivation integer for update*/ diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Fix-Avoid-redefinition-of-variables.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Fix-Avoid-redefinition-of-variables.patch deleted file mode 100644 index d5c43bd5..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Fix-Avoid-redefinition-of-variables.patch +++ /dev/null @@ -1,28 +0,0 @@ -From c7f2861e5c5ee209373a8dba15a608f78a97078b Mon Sep 17 00:00:00 2001 -From: Gabor Toth -Date: Wed, 10 Apr 2024 11:17:50 +0200 -Subject: [PATCH 1/3] Fix: Avoid redefinition of variables - -Remove variable redefinition which shadows the original one. - -Signed-off-by: Gabor Toth -Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/27954] ---- - .../service/uefi/smm_variable/client/cpp/smm_variable_client.cpp | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/components/service/uefi/smm_variable/client/cpp/smm_variable_client.cpp b/components/service/uefi/smm_variable/client/cpp/smm_variable_client.cpp -index f71d0c864..d39448900 100644 ---- a/components/service/uefi/smm_variable/client/cpp/smm_variable_client.cpp -+++ b/components/service/uefi/smm_variable/client/cpp/smm_variable_client.cpp -@@ -166,7 +166,6 @@ efi_status_t smm_variable_client::get_variable(const EFI_GUID &guid, const std:: - - if (call_handle) { - uint8_t *resp_buf; -- size_t resp_len; - service_status_t service_status; - - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *access_var = --- -2.25.1 - diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-Fix-GetNextVariableName-NameSize-input.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-Fix-GetNextVariableName-NameSize-input.patch deleted file mode 100644 index 06efbb0e..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-Fix-GetNextVariableName-NameSize-input.patch +++ /dev/null @@ -1,495 +0,0 @@ -From cc4cc9f3f5f02f713cf4da1854f3085bf31e71cf Mon Sep 17 00:00:00 2001 -From: Gabor Toth -Date: Sat, 13 Apr 2024 14:52:23 +0200 -Subject: [PATCH 2/3] Fix GetNextVariableName NameSize input - -Based on the specification the NameSize shall be set to the available -buffer size at the first call instead of the NameSize of the -provided variable. -Change smm-gateway and the tests according this. Also remove -sanitize_get_next_var_name_param utility function, which is not -compilant with this solution. - -Signed-off-by: Gabor Toth -Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/28022] ---- - .../backend/test/variable_store_tests.cpp | 48 +++++++-------- - .../backend/uefi_variable_store.c | 60 ++++++++++++------- - .../backend/uefi_variable_store.h | 5 +- - .../smm_variable/backend/variable_index.c | 3 + - .../provider/smm_variable_provider.c | 59 +++++------------- - .../service/smm_variable_attack_tests.cpp | 29 ++++----- - .../service/smm_variable_service_tests.cpp | 7 ++- - 7 files changed, 98 insertions(+), 113 deletions(-) - -diff --git a/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp b/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp -index fd48f13fb..72772821c 100644 ---- a/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp -+++ b/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp -@@ -501,15 +501,13 @@ TEST(UefiVariableStoreTests, bootServiceAccess) - std::vector msg_buffer(VARIABLE_BUFFER_SIZE); - SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *next_name = - (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *) msg_buffer.data(); -- size_t max_name_len = -- VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; - - size_t total_len = 0; -- next_name->NameSize = sizeof(int16_t); -+ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; - next_name->Name[0] = 0; - - status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name, -- max_name_len, &total_len); -+ &total_len); - - UNSIGNED_LONGLONGS_EQUAL(EFI_NOT_FOUND, status); - } -@@ -574,47 +572,48 @@ TEST(UefiVariableStoreTests, enumerateStoreContents) - std::vector msg_buffer(VARIABLE_BUFFER_SIZE); - SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *next_name = - (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *) msg_buffer.data(); -- size_t max_name_len = -- VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; - - /* First check handling of invalid variable name */ - std::u16string bogus_name = to_variable_name(u"bogus_variable"); - size_t bogus_name_size = string_get_size_in_bytes(bogus_name); - next_name->Guid = m_common_guid; -- next_name->NameSize = bogus_name_size; -+ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; - memcpy(next_name->Name, bogus_name.data(), bogus_name_size); - - status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name, -- max_name_len, &total_len); -+ &total_len); - UNSIGNED_LONGLONGS_EQUAL(EFI_INVALID_PARAMETER, status); - - /* Enumerate store contents */ - next_name->NameSize = sizeof(int16_t); - next_name->Name[0] = 0; -- /* Check if the correct NameSize is returned if max_name_len is too small */ -+ /* Check if the correct NameSize is returned if namesize is too small */ - status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name, -- 0, &total_len); -+ &total_len); - UNSIGNED_LONGLONGS_EQUAL(EFI_BUFFER_TOO_SMALL, status); - UNSIGNED_LONGLONGS_EQUAL(sizeof(var_name_1), next_name->NameSize); - -- /* And then used the previously received next_name->NameSize as max_name_len */ -+ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; - status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name, -- next_name->NameSize, &total_len); -+ &total_len); - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); - CHECK_TRUE(compare_variable_name(var_name_1, next_name->Name, next_name->NameSize)); - -+ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; - status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name, -- max_name_len, &total_len); -+ &total_len); - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); - CHECK_TRUE(compare_variable_name(var_name_2, next_name->Name, next_name->NameSize)); - -+ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; - status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name, -- max_name_len, &total_len); -+ &total_len); - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); - CHECK_TRUE(compare_variable_name(var_name_3, next_name->Name, next_name->NameSize)); - -+ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; - status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name, -- max_name_len, &total_len); -+ &total_len); - UNSIGNED_LONGLONGS_EQUAL(EFI_NOT_FOUND, status); - - power_cycle(); -@@ -622,21 +621,23 @@ TEST(UefiVariableStoreTests, enumerateStoreContents) - /* Enumerate again - should be left with just NV variables. - * Use a different but equally valid null name. - */ -- next_name->NameSize = 10 * sizeof(int16_t); -+ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; - memset(next_name->Name, 0, next_name->NameSize); - - status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name, -- max_name_len, &total_len); -+ &total_len); - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); - CHECK_TRUE(compare_variable_name(var_name_1, next_name->Name, next_name->NameSize)); - -+ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; - status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name, -- max_name_len, &total_len); -+ &total_len); - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); - CHECK_TRUE(compare_variable_name(var_name_3, next_name->Name, next_name->NameSize)); - -+ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; - status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name, -- max_name_len, &total_len); -+ &total_len); - UNSIGNED_LONGLONGS_EQUAL(EFI_NOT_FOUND, status); - } - -@@ -672,21 +673,20 @@ TEST(UefiVariableStoreTests, failedNvSet) - std::vector msg_buffer(VARIABLE_BUFFER_SIZE); - SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *next_name = - (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *) msg_buffer.data(); -- size_t max_name_len = -- VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; - - /* Enumerate store contents */ - size_t total_len = 0; -- next_name->NameSize = sizeof(int16_t); -+ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; - next_name->Name[0] = 0; - - status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name, -- max_name_len, &total_len); -+ &total_len); - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); - CHECK_TRUE(compare_variable_name(var_name_1, next_name->Name, next_name->NameSize)); - -+ next_name->NameSize = VARIABLE_BUFFER_SIZE - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET; - status = uefi_variable_store_get_next_variable_name(&m_uefi_variable_store, next_name, -- max_name_len, &total_len); -+ &total_len); - UNSIGNED_LONGLONGS_EQUAL(EFI_NOT_FOUND, status); - } - -diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.c b/components/service/uefi/smm_variable/backend/uefi_variable_store.c -index 5b46c1371..caf6698aa 100644 ---- a/components/service/uefi/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.c -@@ -404,9 +404,27 @@ efi_status_t uefi_variable_store_get_variable(const struct uefi_variable_store * - efi_status_t - uefi_variable_store_get_next_variable_name(const struct uefi_variable_store *context, - SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *cur, -- size_t max_name_len, size_t *total_length) -+ size_t *total_length) - { -- efi_status_t status = check_name_terminator(cur->Name, cur->NameSize); -+ efi_status_t status = EFI_SUCCESS; -+ size_t buffer_size = 0; -+ -+ if (!cur) -+ return EFI_INVALID_PARAMETER; -+ /* -+ * NameSize is set to the buffer size to store the names, -+ * let's calculate the size actually being used. -+ */ -+ buffer_size = cur->NameSize; -+ for (int i = 0; i < buffer_size / sizeof(int16_t); i++) { -+ if (cur->Name[i] == 0) { -+ /* With null terminator */ -+ cur->NameSize = 2*(i+1); -+ break; -+ } -+ } -+ -+ status = check_name_terminator(cur->Name, cur->NameSize); - - if (status != EFI_SUCCESS) - return status; -@@ -418,21 +436,11 @@ uefi_variable_store_get_next_variable_name(const struct uefi_variable_store *con - &context->variable_index, &cur->Guid, cur->NameSize, cur->Name, &status); - - if (info && (status == EFI_SUCCESS)) { -- /* The NameSize has to be set in every case according to the UEFI specs. -- * In case of EFI_BUFFER_TOO_SMALL it has to reflect the size of buffer -- * needed. -- */ -- cur->NameSize = info->metadata.name_size; -- *total_length = sizeof(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME); -- -- if (info->metadata.name_size <= max_name_len) { -+ if (info->metadata.name_size <= buffer_size) { - cur->Guid = info->metadata.guid; -+ cur->NameSize = info->metadata.name_size; - memcpy(cur->Name, info->metadata.name, info->metadata.name_size); - -- *total_length = -- SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME_TOTAL_SIZE( -- cur); -- - /* - * Check if variable is accessible (e.g boot variable is not - * accessible at runtime) -@@ -442,6 +450,10 @@ uefi_variable_store_get_next_variable_name(const struct uefi_variable_store *con - if (status == EFI_SUCCESS) - break; - } else { -+ /* The VariableNameSize is updated to reflect the size of buffer needed */ -+ cur->NameSize = info->metadata.name_size; -+ memset(cur->Name, 0, buffer_size); -+ memset(&cur->Guid, 0, sizeof(EFI_GUID)); - status = EFI_BUFFER_TOO_SMALL; - break; - } -@@ -450,18 +462,24 @@ uefi_variable_store_get_next_variable_name(const struct uefi_variable_store *con - /* Do not hide original error if there is any */ - if (status == EFI_SUCCESS) - status = EFI_NOT_FOUND; -+ -+ memset(cur->Name, 0, buffer_size); -+ memset(&cur->Guid, 0, sizeof(EFI_GUID)); -+ cur->NameSize = 0; - break; - } - } - -- /* If we found no accessible variable clear the fields for security */ -- if (status != EFI_SUCCESS) { -- memset(cur->Name, 0, max_name_len); -- memset(&cur->Guid, 0, sizeof(EFI_GUID)); -- if (status != EFI_BUFFER_TOO_SMALL) -- cur->NameSize = 0; -+ if (status == EFI_SUCCESS) { -+ /* Store everything including the name */ -+ *total_length = -+ SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME_TOTAL_SIZE( -+ cur); -+ } else { -+ /* Do not store the name, only the size */ -+ *total_length = -+ SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME_NAME_OFFSET; - } -- - return status; - } - -diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.h b/components/service/uefi/smm_variable/backend/uefi_variable_store.h -index 8be5f36e6..2493ff6b4 100644 ---- a/components/service/uefi/smm_variable/backend/uefi_variable_store.h -+++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.h -@@ -134,8 +134,7 @@ efi_status_t uefi_variable_store_get_variable(const struct uefi_variable_store * - * Used for enumerating the store contents - * - * @param[in] context uefi_variable_store instance -- * @param[out] cur Current variable name -- * @param[in] max_name_len The maximum variable name length -+ * @param[inout] cur The size of the VariableName buffer - * @param[out] total_len The total length of the output - * - * @return EFI_SUCCESS if successful -@@ -143,7 +142,7 @@ efi_status_t uefi_variable_store_get_variable(const struct uefi_variable_store * - efi_status_t - uefi_variable_store_get_next_variable_name(const struct uefi_variable_store *context, - SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *cur, -- size_t max_name_len, size_t *total_length); -+ size_t *total_length); - - /** - * @brief Query for variable info -diff --git a/components/service/uefi/smm_variable/backend/variable_index.c b/components/service/uefi/smm_variable/backend/variable_index.c -index d850dbe18..e2fe6dd38 100644 ---- a/components/service/uefi/smm_variable/backend/variable_index.c -+++ b/components/service/uefi/smm_variable/backend/variable_index.c -@@ -27,6 +27,9 @@ static uint64_t name_hash(const EFI_GUID *guid, size_t name_size, const int16_t - - /* Extend to cover name up to but not including null terminator */ - for (size_t i = 0; i < (name_size - sizeof(int16_t)) / sizeof(int16_t); ++i) { -+ /* Only hash till the first null terminator */ -+ if (name[i] == 0) -+ break; - hash = ((hash << 5) + hash) + name[i]; - } - -diff --git a/components/service/uefi/smm_variable/provider/smm_variable_provider.c b/components/service/uefi/smm_variable/provider/smm_variable_provider.c -index ca3f7e5e5..1a5269338 100644 ---- a/components/service/uefi/smm_variable/provider/smm_variable_provider.c -+++ b/components/service/uefi/smm_variable/provider/smm_variable_provider.c -@@ -81,30 +81,6 @@ static efi_status_t sanitize_access_variable_param(struct rpc_request *req, size - return efi_status; - } - --static efi_status_t sanitize_get_next_var_name_param(struct rpc_request *req, size_t *param_len) --{ -- efi_status_t efi_status = EFI_INVALID_PARAMETER; -- *param_len = 0; -- const struct rpc_buffer *req_buf = &req->request; -- -- if (req_buf->data_length >= SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME_NAME_OFFSET) { -- const SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *param = -- (const SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *)req_buf->data; -- -- size_t max_space_for_name = -- req_buf->data_length - -- SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME_NAME_OFFSET; -- -- if (param->NameSize <= max_space_for_name) { -- *param_len = -- SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME_TOTAL_SIZE(param); -- efi_status = EFI_SUCCESS; -- } -- } -- -- return efi_status; --} -- - static efi_status_t sanitize_var_check_property_param(struct rpc_request *req, size_t *param_len) - { - efi_status_t efi_status = EFI_INVALID_PARAMETER; -@@ -146,7 +122,7 @@ static rpc_status_t get_variable_handler(void *context, struct rpc_request *req) - struct rpc_buffer *req_buf = &req->request; - size_t max_data_len = resp_buf->size - param_len; - -- memmove(resp_buf->data, req_buf->data, param_len); -+ memcpy(resp_buf->data, req_buf->data, param_len); - - efi_status = uefi_variable_store_get_variable( - &this_instance->variable_store, -@@ -167,28 +143,21 @@ static rpc_status_t get_next_variable_name_handler(void *context, struct rpc_req - { - struct smm_variable_provider *this_instance = (struct smm_variable_provider *)context; - -- size_t param_len = 0; -- efi_status_t efi_status = sanitize_get_next_var_name_param(req, ¶m_len); -+ efi_status_t efi_status = EFI_SUCCESS; -+ size_t variable_size = 0; - -- if (efi_status == EFI_SUCCESS) { -- /* Valid get next variable name header */ -- struct rpc_buffer *resp_buf = &req->response; -+ /* Valid get next variable name header */ -+ struct rpc_buffer *resp_buf = &req->response; -+ struct rpc_buffer *req_buf = &req->request; - -- if (resp_buf->size >= param_len) { -- struct rpc_buffer *req_buf = &req->request; -+ memcpy(resp_buf->data, req_buf->data, req_buf->data_length); - -- memmove(resp_buf->data, req_buf->data, param_len); -+ efi_status = uefi_variable_store_get_next_variable_name( -+ &this_instance->variable_store, -+ (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *)resp_buf->data, -+ &variable_size); - -- efi_status = uefi_variable_store_get_next_variable_name( -- &this_instance->variable_store, -- (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *)resp_buf->data, -- ((SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data)->NameSize, -- &resp_buf->data_length); -- } else { -- /* Reponse buffer not big enough */ -- efi_status = EFI_BAD_BUFFER_SIZE; -- } -- } -+ resp_buf->data_length = variable_size; - - req->service_status = efi_status; - -@@ -240,7 +209,7 @@ static rpc_status_t query_variable_info_handler(void *context, struct rpc_reques - struct rpc_buffer *resp_buf = &req->response; - - if (resp_buf->size >= req_buf->data_length) { -- memmove(resp_buf->data, req_buf->data, req_buf->data_length); -+ memcpy(resp_buf->data, req_buf->data, req_buf->data_length); - - efi_status = uefi_variable_store_query_variable_info( - &this_instance->variable_store, -@@ -308,7 +277,7 @@ static rpc_status_t get_var_check_property_handler(void *context, struct rpc_req - - if (resp_buf->size >= param_len) { - struct rpc_buffer *req_buf = &req->request; -- memmove(resp_buf->data, req_buf->data, param_len); -+ memcpy(resp_buf->data, req_buf->data, param_len); - resp_buf->data_length = param_len; - - efi_status = uefi_variable_store_get_var_check_property( -diff --git a/components/service/uefi/smm_variable/test/service/smm_variable_attack_tests.cpp b/components/service/uefi/smm_variable/test/service/smm_variable_attack_tests.cpp -index 76b62fd35..98e61fec0 100644 ---- a/components/service/uefi/smm_variable/test/service/smm_variable_attack_tests.cpp -+++ b/components/service/uefi/smm_variable/test/service/smm_variable_attack_tests.cpp -@@ -176,19 +176,6 @@ TEST(SmmVariableAttackTests, setAndGetWithSizeMaxNameSize) - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); - } - --TEST(SmmVariableAttackTests, enumerateWithOversizeName) --{ -- efi_status_t efi_status = EFI_SUCCESS; -- std::u16string var_name = null_name; -- EFI_GUID guid; -- memset(&guid, 0, sizeof(guid)); -- -- efi_status = m_client->get_next_variable_name(guid, var_name, -- (var_name.size() + 1) * sizeof(int16_t) + 1); -- -- UNSIGNED_LONGLONGS_EQUAL(EFI_INVALID_PARAMETER, efi_status); --} -- - TEST(SmmVariableAttackTests, enumerateWithSizeMaxNameSize) - { - efi_status_t efi_status = EFI_SUCCESS; -@@ -202,17 +189,23 @@ TEST(SmmVariableAttackTests, enumerateWithSizeMaxNameSize) - - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); - -- /* Initial iteration uses good name length */ -- efi_status = m_client->get_next_variable_name(guid, var_name); -+ /* Initial iteration uses good name length for next variable */ -+ efi_status = m_client->get_next_variable_name(guid, var_name, std::numeric_limits::max()); - - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); - -- /* Next iteration uses invalid name length */ -- efi_status = m_client->get_next_variable_name(guid, var_name, -- std::numeric_limits::max()); -+ /* Next iteration uses invalid name length, so a null terminator can not fit */ -+ var_name = null_name; -+ efi_status = m_client->get_next_variable_name(guid, var_name, 1); - - UNSIGNED_LONGLONGS_EQUAL(EFI_INVALID_PARAMETER, efi_status); - -+ /* Next iteration uses invalid name length, so a null terminator can not fit */ -+ var_name = null_name; -+ efi_status = m_client->get_next_variable_name(guid, var_name, 2); -+ -+ UNSIGNED_LONGLONGS_EQUAL(EFI_BUFFER_TOO_SMALL, efi_status); -+ - /* Expect to be able to remove the variable */ - efi_status = m_client->remove_variable(m_common_guid, var_name_1); - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -diff --git a/components/service/uefi/smm_variable/test/service/smm_variable_service_tests.cpp b/components/service/uefi/smm_variable/test/service/smm_variable_service_tests.cpp -index e82a90c37..8fa4f8077 100644 ---- a/components/service/uefi/smm_variable/test/service/smm_variable_service_tests.cpp -+++ b/components/service/uefi/smm_variable/test/service/smm_variable_service_tests.cpp -@@ -9,6 +9,7 @@ - #include - #include - #include -+#include - - #include "util.h" - -@@ -154,7 +155,7 @@ TEST_GROUP(SmmVariableServiceTests) - #endif - - do { -- status = m_client->get_next_variable_name(guid, var_name); -+ status = m_client->get_next_variable_name(guid, var_name, max_variable_size); - - /* There are no more variables in the persistent store */ - if (status == EFI_NOT_FOUND) { -@@ -223,6 +224,8 @@ TEST_GROUP(SmmVariableServiceTests) - std::u16string m_ro_variable = to_variable_name(u"ro_variable"); - std::u16string m_boot_finished_var_name = to_variable_name(u"finished"); - -+ uint32_t max_variable_size = 4096; -+ - /* Cleanup skips these variables */ - std::vector m_non_rm_vars{ &m_ro_variable, &m_boot_finished_var_name }; - -@@ -654,7 +657,7 @@ TEST(SmmVariableServiceTests, enumerateStoreContents) - std::u16string *expected_variables[] = { &var_name_1, &var_name_2, &var_name_3 }; - - do { -- efi_status = m_client->get_next_variable_name(guid, var_name); -+ efi_status = m_client->get_next_variable_name(guid, var_name, max_variable_size); - if (efi_status != EFI_SUCCESS) - break; - --- -2.25.1 - diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Fix-error-handling-of-variable-index-loading.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Fix-error-handling-of-variable-index-loading.patch deleted file mode 100644 index 978f2e52..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Fix-error-handling-of-variable-index-loading.patch +++ /dev/null @@ -1,82 +0,0 @@ -From c62e728bb86981219984c8b39819fb8926a41e10 Mon Sep 17 00:00:00 2001 -From: Gabor Toth -Date: Fri, 19 Apr 2024 18:25:23 +0200 -Subject: [PATCH 3/3] Fix error handling of variable index loading - -If loading of the variable index from Protected Storage fails, SmmGW -will silently continue with empty variable store. This is a serious -fault and a potential security risk. -Change the code to produce a log output when this happens and stop -loading the SP. - -Signed-off-by: Gabor Toth -Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/28300] ---- - .../backend/uefi_variable_store.c | 28 ++++++++++++++----- - 1 file changed, 21 insertions(+), 7 deletions(-) - -diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.c b/components/service/uefi/smm_variable/backend/uefi_variable_store.c -index caf6698aa..c1691dc8f 100644 ---- a/components/service/uefi/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.c -@@ -27,7 +27,7 @@ - #include "service/crypto/client/psa/crypto_client.h" - #endif - --static void load_variable_index(struct uefi_variable_store *context); -+static efi_status_t load_variable_index(struct uefi_variable_store *context); - - static efi_status_t sync_variable_index(const struct uefi_variable_store *context); - -@@ -165,8 +165,10 @@ efi_status_t uefi_variable_store_init(struct uefi_variable_store *context, uint3 - - /* Load the variable index with NV variable info from the persistent store */ - if (context->index_sync_buffer) { -- load_variable_index(context); -- purge_orphan_index_entries(context); -+ status = load_variable_index(context); -+ -+ if (status == EFI_SUCCESS) -+ purge_orphan_index_entries(context); - } - } - -@@ -571,7 +573,7 @@ efi_status_t uefi_variable_store_get_var_check_property( - return status; - } - --static void load_variable_index(struct uefi_variable_store *context) -+static efi_status_t load_variable_index(struct uefi_variable_store *context) - { - struct storage_backend *persistent_store = context->persistent_store.storage_backend; - -@@ -583,11 +585,23 @@ static void load_variable_index(struct uefi_variable_store *context) - SMM_VARIABLE_INDEX_STORAGE_UID, 0, context->index_sync_buffer_size, - context->index_sync_buffer, &data_len); - -- if (psa_status == PSA_SUCCESS) { -- variable_index_restore(&context->variable_index, data_len, -- context->index_sync_buffer); -+ switch(psa_status) { -+ case PSA_SUCCESS: -+ (void) variable_index_restore(&context->variable_index, data_len, -+ context->index_sync_buffer); -+ break; -+ -+ case PSA_ERROR_DOES_NOT_EXIST: -+ IMSG("Index variable does not exist in NV store, continuing with empty index"); -+ break; -+ -+ default: -+ EMSG("Loading variable index failed: %d", psa_status); -+ return EFI_LOAD_ERROR; - } - } -+ -+ return EFI_SUCCESS; - } - - static efi_status_t sync_variable_index(const struct uefi_variable_store *context) --- -2.25.1 - diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Provide-crypto-api-to-create-uefi-priv-var-fingerpri.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Provide-crypto-api-to-create-uefi-priv-var-fingerpri.patch deleted file mode 100644 index ae9a53fa..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Provide-crypto-api-to-create-uefi-priv-var-fingerpri.patch +++ /dev/null @@ -1,758 +0,0 @@ -From 370811420cfa1c14146f45de308bbccf70408eb8 Mon Sep 17 00:00:00 2001 -From: Gabor Toth -Date: Fri, 5 Apr 2024 11:19:37 +0200 -Subject: [PATCH] Provide crypto api to create uefi priv var fingerprint -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Add new call to the crypto backend to calculate a hash of the common -name of the signing certificate’s Subject and the tbsCertificate -of the top-level issuer certificate. - -Signed-off-by: Gabor Toth -Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/27953] ---- - .../client/caller/packed-c/crypto_caller.h | 1 + - ...aller_get_uefi_priv_auth_var_fingerprint.h | 90 ++++++++ - .../packed-c/packedc_crypto_client.cpp | 8 + - .../protocol/packed-c/packedc_crypto_client.h | 4 + - .../service/crypto/client/psa/component.cmake | 1 + - .../service/crypto/client/psa/crypto_client.h | 5 + - .../psa/get_uefi_priv_auth_var_fingerprint.c | 21 ++ - .../service/crypto/provider/crypto_provider.c | 212 +++++++++++++++--- - .../serializer/crypto_provider_serializer.h | 8 + - .../packedc_crypto_provider_serializer.c | 54 +++++ - .../backend/direct/uefi_direct_backend.c | 90 ++++++++ - deployments/smm-gateway/smm-gateway.cmake | 5 + - .../get_uefi_priv_auth_var_fingerprint.h | 21 ++ - protocols/service/crypto/packed-c/opcodes.h | 1 + - 14 files changed, 488 insertions(+), 33 deletions(-) - create mode 100644 components/service/crypto/client/caller/packed-c/crypto_caller_get_uefi_priv_auth_var_fingerprint.h - create mode 100644 components/service/crypto/client/psa/get_uefi_priv_auth_var_fingerprint.c - create mode 100644 protocols/service/crypto/packed-c/get_uefi_priv_auth_var_fingerprint.h - -diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller.h b/components/service/crypto/client/caller/packed-c/crypto_caller.h -index d834bc207..d5dd0f70d 100644 ---- a/components/service/crypto/client/caller/packed-c/crypto_caller.h -+++ b/components/service/crypto/client/caller/packed-c/crypto_caller.h -@@ -31,5 +31,6 @@ - #include "crypto_caller_sign_hash.h" - #include "crypto_caller_verify_hash.h" - #include "crypto_caller_verify_pkcs7_signature.h" -+#include "crypto_caller_get_uefi_priv_auth_var_fingerprint.h" - - #endif /* PACKEDC_CRYPTO_CALLER_H */ -diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_get_uefi_priv_auth_var_fingerprint.h b/components/service/crypto/client/caller/packed-c/crypto_caller_get_uefi_priv_auth_var_fingerprint.h -new file mode 100644 -index 000000000..d3446e445 ---- /dev/null -+++ b/components/service/crypto/client/caller/packed-c/crypto_caller_get_uefi_priv_auth_var_fingerprint.h -@@ -0,0 +1,90 @@ -+/* -+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PACKEDC_CRYPTO_CALLER_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_H -+#define PACKEDC_CRYPTO_CALLER_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_H -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline int crypto_caller_get_uefi_priv_auth_var_fingerprint(struct service_client *context, -+ const uint8_t *signature_cert, -+ uint64_t signature_cert_len, -+ uint8_t *output) -+{ -+ efi_status_t efi_status = EFI_SUCCESS; -+ size_t req_len = 0; -+ -+ if (signature_cert_len > UINT16_MAX) -+ return RPC_ERROR_INVALID_VALUE; -+ -+ struct tlv_record signature_record = { -+ .tag = TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_IN_TAG_SIGNATURE, -+ .length = (uint16_t)signature_cert_len, -+ .value = signature_cert -+ }; -+ -+ req_len += tlv_required_space(signature_record.length); -+ -+ rpc_call_handle call_handle; -+ uint8_t *req_buf; -+ -+ call_handle = rpc_caller_session_begin(context->session, &req_buf, req_len, 0); -+ -+ if (call_handle) { -+ uint8_t *resp_buf; -+ size_t resp_len; -+ service_status_t service_status; -+ struct tlv_iterator req_iter; -+ -+ tlv_iterator_begin(&req_iter, req_buf, req_len); -+ tlv_encode(&req_iter, &signature_record); -+ -+ context->rpc_status = rpc_caller_session_invoke( -+ call_handle, TS_CRYPTO_OPCODE_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT, &resp_buf, &resp_len, -+ &service_status); -+ -+ if (context->rpc_status == RPC_SUCCESS) { -+ -+ if (service_status == EFI_SUCCESS) { -+ -+ struct tlv_const_iterator resp_iter; -+ struct tlv_record decoded_record; -+ tlv_const_iterator_begin(&resp_iter, resp_buf, resp_len); -+ -+ if (tlv_find_decode(&resp_iter, -+ TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_OUT_TAG_IDENTIFIER, &decoded_record)) { -+ -+ memcpy(output, decoded_record.value, PSA_HASH_MAX_SIZE); -+ } -+ else { -+ /* Mandatory response parameter missing */ -+ efi_status = EFI_INVALID_PARAMETER; -+ } -+ } -+ } -+ -+ rpc_caller_session_end(call_handle); -+ } -+ -+ return efi_status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PACKEDC_CRYPTO_CALLER_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_H */ -diff --git a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp -index aaa71f0c8..e0f6a15a8 100644 ---- a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp -+++ b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp -@@ -428,3 +428,11 @@ int packedc_crypto_client::verify_pkcs7_signature(const uint8_t *signature_cert, - hash, hash_len, public_key_cert, - public_key_cert_len); - } -+ -+int packedc_crypto_client::get_uefi_priv_auth_var_fingerprint(const uint8_t *signature_cert, -+ uint64_t signature_cert_len, -+ uint8_t *output) -+{ -+ return crypto_caller_get_uefi_priv_auth_var_fingerprint(&m_client, signature_cert, signature_cert_len, -+ output); -+} -diff --git a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h -index 8d4f60cf9..ec6c51c7f 100644 ---- a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h -+++ b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h -@@ -236,6 +236,10 @@ public: - int verify_pkcs7_signature(const uint8_t *signature_cert, uint64_t signature_cert_len, - const uint8_t *hash, uint64_t hash_len, - const uint8_t *public_key_cert, uint64_t public_key_cert_len); -+ -+ int get_uefi_priv_auth_var_fingerprint(const uint8_t *signature_cert, -+ uint64_t signature_cert_len, -+ uint8_t *output); - }; - - #endif /* PACKEDC_CRYPTO_CLIENT_H */ -diff --git a/components/service/crypto/client/psa/component.cmake b/components/service/crypto/client/psa/component.cmake -index 359db3b4a..5bee0c652 100644 ---- a/components/service/crypto/client/psa/component.cmake -+++ b/components/service/crypto/client/psa/component.cmake -@@ -32,4 +32,5 @@ target_sources(${TGT} PRIVATE - "${CMAKE_CURRENT_LIST_DIR}/psa_sign_message.c" - "${CMAKE_CURRENT_LIST_DIR}/psa_verify_message.c" - "${CMAKE_CURRENT_LIST_DIR}/verify_pkcs7_signature.c" -+ "${CMAKE_CURRENT_LIST_DIR}/get_uefi_priv_auth_var_fingerprint.c" - ) -diff --git a/components/service/crypto/client/psa/crypto_client.h b/components/service/crypto/client/psa/crypto_client.h -index 4b59bbe32..af04df11e 100644 ---- a/components/service/crypto/client/psa/crypto_client.h -+++ b/components/service/crypto/client/psa/crypto_client.h -@@ -7,10 +7,15 @@ - #ifndef CRYPTO_CLIENT_H - #define CRYPTO_CLIENT_H - -+#include - #include - - int verify_pkcs7_signature(const uint8_t *signature_cert, uint64_t signature_cert_len, - const uint8_t *hash, uint64_t hash_len, const uint8_t *public_key_cert, - uint64_t public_key_cert_len); - -+int get_uefi_priv_auth_var_fingerprint_handler(const uint8_t *signature_cert, -+ uint64_t signature_cert_len, -+ uint8_t *output); -+ - #endif /* CRYPTO_CLIENT_H */ -diff --git a/components/service/crypto/client/psa/get_uefi_priv_auth_var_fingerprint.c b/components/service/crypto/client/psa/get_uefi_priv_auth_var_fingerprint.c -new file mode 100644 -index 000000000..702aaa0c4 ---- /dev/null -+++ b/components/service/crypto/client/psa/get_uefi_priv_auth_var_fingerprint.c -@@ -0,0 +1,21 @@ -+/* -+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include "crypto_caller_selector.h" -+#include "crypto_client.h" -+#include "psa_crypto_client.h" -+ -+int get_uefi_priv_auth_var_fingerprint_handler(const uint8_t *signature_cert, -+ uint64_t signature_cert_len, -+ uint8_t *output) -+{ -+ if (psa_crypto_client_instance.init_status != PSA_SUCCESS) -+ return psa_crypto_client_instance.init_status; -+ -+ return crypto_caller_get_uefi_priv_auth_var_fingerprint(&psa_crypto_client_instance.base, -+ signature_cert, signature_cert_len, -+ output); -+} -diff --git a/components/service/crypto/provider/crypto_provider.c b/components/service/crypto/provider/crypto_provider.c -index 9cd520859..4535d6dbe 100644 ---- a/components/service/crypto/provider/crypto_provider.c -+++ b/components/service/crypto/provider/crypto_provider.c -@@ -3,12 +3,15 @@ - * - * SPDX-License-Identifier: BSD-3-Clause - */ -+#include - #include - #include - #include - #include -+#include - #include - #include -+#include - - #include "crypto_partition.h" - #include "crypto_uuid.h" -@@ -28,25 +31,27 @@ static rpc_status_t copy_key_handler(void *context, struct rpc_request *req); - static rpc_status_t purge_key_handler(void *context, struct rpc_request *req); - static rpc_status_t get_key_attributes_handler(void *context, struct rpc_request *req); - static rpc_status_t verify_pkcs7_signature_handler(void *context, struct rpc_request *req); -+static rpc_status_t get_uefi_priv_auth_var_fingerprint_handler(void *context, struct rpc_request *req); - - /* Handler mapping table for service */ - static const struct service_handler handler_table[] = { -- { TS_CRYPTO_OPCODE_GENERATE_KEY, generate_key_handler }, -- { TS_CRYPTO_OPCODE_DESTROY_KEY, destroy_key_handler }, -- { TS_CRYPTO_OPCODE_EXPORT_KEY, export_key_handler }, -- { TS_CRYPTO_OPCODE_EXPORT_PUBLIC_KEY, export_public_key_handler }, -- { TS_CRYPTO_OPCODE_IMPORT_KEY, import_key_handler }, -- { TS_CRYPTO_OPCODE_SIGN_HASH, asymmetric_sign_handler }, -- { TS_CRYPTO_OPCODE_VERIFY_HASH, asymmetric_verify_handler }, -- { TS_CRYPTO_OPCODE_ASYMMETRIC_DECRYPT, asymmetric_decrypt_handler }, -- { TS_CRYPTO_OPCODE_ASYMMETRIC_ENCRYPT, asymmetric_encrypt_handler }, -- { TS_CRYPTO_OPCODE_GENERATE_RANDOM, generate_random_handler }, -- { TS_CRYPTO_OPCODE_COPY_KEY, copy_key_handler }, -- { TS_CRYPTO_OPCODE_PURGE_KEY, purge_key_handler }, -- { TS_CRYPTO_OPCODE_GET_KEY_ATTRIBUTES, get_key_attributes_handler }, -- { TS_CRYPTO_OPCODE_SIGN_MESSAGE, asymmetric_sign_handler }, -- { TS_CRYPTO_OPCODE_VERIFY_MESSAGE, asymmetric_verify_handler }, -- { TS_CRYPTO_OPCODE_VERIFY_PKCS7_SIGNATURE, verify_pkcs7_signature_handler }, -+ { TS_CRYPTO_OPCODE_GENERATE_KEY, generate_key_handler }, -+ { TS_CRYPTO_OPCODE_DESTROY_KEY, destroy_key_handler }, -+ { TS_CRYPTO_OPCODE_EXPORT_KEY, export_key_handler }, -+ { TS_CRYPTO_OPCODE_EXPORT_PUBLIC_KEY, export_public_key_handler }, -+ { TS_CRYPTO_OPCODE_IMPORT_KEY, import_key_handler }, -+ { TS_CRYPTO_OPCODE_SIGN_HASH, asymmetric_sign_handler }, -+ { TS_CRYPTO_OPCODE_VERIFY_HASH, asymmetric_verify_handler }, -+ { TS_CRYPTO_OPCODE_ASYMMETRIC_DECRYPT, asymmetric_decrypt_handler }, -+ { TS_CRYPTO_OPCODE_ASYMMETRIC_ENCRYPT, asymmetric_encrypt_handler }, -+ { TS_CRYPTO_OPCODE_GENERATE_RANDOM, generate_random_handler }, -+ { TS_CRYPTO_OPCODE_COPY_KEY, copy_key_handler }, -+ { TS_CRYPTO_OPCODE_PURGE_KEY, purge_key_handler }, -+ { TS_CRYPTO_OPCODE_GET_KEY_ATTRIBUTES, get_key_attributes_handler }, -+ { TS_CRYPTO_OPCODE_SIGN_MESSAGE, asymmetric_sign_handler }, -+ { TS_CRYPTO_OPCODE_VERIFY_MESSAGE, asymmetric_verify_handler }, -+ { TS_CRYPTO_OPCODE_VERIFY_PKCS7_SIGNATURE, verify_pkcs7_signature_handler }, -+ { TS_CRYPTO_OPCODE_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT, get_uefi_priv_auth_var_fingerprint_handler }, - }; - - struct rpc_service_interface * -@@ -664,33 +669,44 @@ static rpc_status_t verify_pkcs7_signature_handler(void *context, struct rpc_req - } - - if (rpc_status == RPC_SUCCESS) { -- /* Parse the public key certificate */ -- mbedtls_x509_crt signer_certificate; -+ /* Parse the PKCS#7 DER encoded signature block */ -+ mbedtls_pkcs7 pkcs7_structure; - -- mbedtls_x509_crt_init(&signer_certificate); -+ mbedtls_pkcs7_init(&pkcs7_structure); - -- mbedtls_status = mbedtls_x509_crt_parse_der(&signer_certificate, public_key_cert, -- public_key_cert_len); -+ mbedtls_status = mbedtls_pkcs7_parse_der(&pkcs7_structure, signature_cert, -+ signature_cert_len); - -- if (mbedtls_status == 0) { -- /* Parse the PKCS#7 DER encoded signature block */ -- mbedtls_pkcs7 pkcs7_structure; -+ if (mbedtls_status == MBEDTLS_PKCS7_SIGNED_DATA) { - -- mbedtls_pkcs7_init(&pkcs7_structure); -+ /* -+ * If a separate public key is provided, verify the signature with it, -+ * else use the key from the pkcs7 signature structure, because it is -+ * a self-signed certificate. -+ */ -+ if(public_key_cert_len) { -+ /* Parse the public key certificate */ -+ mbedtls_x509_crt signer_certificate; - -- mbedtls_status = mbedtls_pkcs7_parse_der(&pkcs7_structure, signature_cert, -- signature_cert_len); -+ mbedtls_x509_crt_init(&signer_certificate); - -- if (mbedtls_status == MBEDTLS_PKCS7_SIGNED_DATA) { -- /* Verify hash against signed hash */ -+ mbedtls_status = mbedtls_x509_crt_parse_der(&signer_certificate, public_key_cert, -+ public_key_cert_len); -+ -+ if (mbedtls_status == 0) { -+ /* Verify hash against signed hash */ -+ mbedtls_status = mbedtls_pkcs7_signed_hash_verify( -+ &pkcs7_structure, &signer_certificate, hash, hash_len); -+ } -+ -+ mbedtls_x509_crt_free(&signer_certificate); -+ } else { - mbedtls_status = mbedtls_pkcs7_signed_hash_verify( -- &pkcs7_structure, &signer_certificate, hash, hash_len); -+ &pkcs7_structure, &pkcs7_structure.private_signed_data.private_certs, hash, hash_len); - } -- -- mbedtls_pkcs7_free(&pkcs7_structure); - } - -- mbedtls_x509_crt_free(&signer_certificate); -+ mbedtls_pkcs7_free(&pkcs7_structure); - } - - free(signature_cert); -@@ -702,6 +718,128 @@ static rpc_status_t verify_pkcs7_signature_handler(void *context, struct rpc_req - - return rpc_status; - } -+ -+/* -+ * Official value: http://www.oid-info.com/get/2.5.4.3 -+ * Hex converter: https://misc.daniel-marschall.de/asn.1/oid-converter/online.php -+ */ -+static const mbedtls_asn1_buf* findCommonName(const mbedtls_x509_name *name) -+{ -+ uint8_t CN_oid_tag = 0x06; -+ uint8_t CN_oid_len = 0x03; -+ uint8_t CN_oid_val[3] = {0x55, 0x04, 0x03}; -+ -+ while (name) -+ { -+ if (name->oid.tag == CN_oid_tag && name->oid.len == CN_oid_len) { -+ if (name->oid.p != NULL) { -+ if (!memcmp(name->oid.p, CN_oid_val, CN_oid_len)) -+ return &name->val; -+ } -+ } -+ -+ name = name->next; -+ } -+ -+ return NULL; -+} -+ -+static rpc_status_t get_uefi_priv_auth_var_fingerprint_handler(void *context, struct rpc_request *req) -+{ -+ rpc_status_t rpc_status = RPC_ERROR_INTERNAL; -+ struct rpc_buffer *req_buf = &req->request; -+ const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req); -+ -+ int mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; -+ -+ uint8_t *signature_cert = NULL; -+ uint64_t signature_cert_len = 0; -+ -+ if (serializer) { -+ /* First collect the lengths of the field */ -+ rpc_status = serializer->deserialize_get_uefi_priv_auth_var_fingerprint_req( -+ req_buf, NULL, &signature_cert_len); -+ -+ if (rpc_status == RPC_SUCCESS) { -+ /* Allocate the needed space and get the data */ -+ signature_cert = (uint8_t *)malloc(signature_cert_len); -+ -+ if (signature_cert) { -+ rpc_status = serializer->deserialize_get_uefi_priv_auth_var_fingerprint_req( -+ req_buf, signature_cert, &signature_cert_len); -+ } else { -+ rpc_status = RPC_ERROR_RESOURCE_FAILURE; -+ } -+ } -+ } -+ -+ if (rpc_status == RPC_SUCCESS) { -+ /* Parse the PKCS#7 DER encoded signature block */ -+ mbedtls_pkcs7 pkcs7_structure; -+ -+ mbedtls_pkcs7_init(&pkcs7_structure); -+ -+ mbedtls_status = mbedtls_pkcs7_parse_der(&pkcs7_structure, signature_cert, -+ signature_cert_len); -+ -+ if (mbedtls_status == MBEDTLS_PKCS7_SIGNED_DATA) { -+ -+ uint8_t output_buffer[PSA_HASH_MAX_SIZE] = { 0 }; -+ size_t __maybe_unused output_size = 0; -+ const mbedtls_asn1_buf *signerCertCN = NULL; -+ const mbedtls_x509_crt *topLevelCert = &pkcs7_structure.private_signed_data.private_certs; -+ const mbedtls_x509_buf *toplevelCertTbs = NULL; -+ struct rpc_buffer *resp_buf = &req->response;; -+ psa_hash_operation_t op = PSA_HASH_OPERATION_INIT; -+ -+ /* Find common name field of the signing certificate, which is the first in the chain */ -+ signerCertCN = findCommonName(&topLevelCert->subject); -+ if (!signerCertCN) -+ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; -+ -+ /* Get the TopLevel certificate which is the last in the chain */ -+ while(topLevelCert->next) -+ topLevelCert = topLevelCert->next; -+ toplevelCertTbs = &topLevelCert->tbs; -+ -+ /* Hash the data to create the fingerprint */ -+ op = psa_hash_operation_init(); -+ -+ if (psa_hash_setup(&op, PSA_ALG_SHA_256) != PSA_SUCCESS) -+ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; -+ -+ if (psa_hash_update(&op, signerCertCN->p, signerCertCN->len)) { -+ psa_hash_abort(&op); -+ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; -+ } -+ -+ if (psa_hash_update(&op, toplevelCertTbs->p, toplevelCertTbs->len)) { -+ psa_hash_abort(&op); -+ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; -+ } -+ -+ if (psa_hash_finish(&op, (uint8_t*)&output_buffer, PSA_HASH_MAX_SIZE, &output_size)) { -+ psa_hash_abort(&op); -+ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; -+ } -+ -+ /* Clear the remaining part of the buffer for consistency */ -+ memset(&output_buffer[output_size], 0, PSA_HASH_MAX_SIZE - output_size); -+ -+ rpc_status = serializer->serialize_get_uefi_priv_auth_var_fingerprint_resp( -+ resp_buf, (uint8_t*)&output_buffer); -+ } -+ -+ mbedtls_pkcs7_free(&pkcs7_structure); -+ } -+ -+ free(signature_cert); -+ -+ /* Provide the result of the verification */ -+ req->service_status = (mbedtls_status == MBEDTLS_PKCS7_SIGNED_DATA) ? EFI_SUCCESS : EFI_COMPROMISED_DATA; -+ -+ return rpc_status; -+} - #else - static rpc_status_t verify_pkcs7_signature_handler(void *context, struct rpc_request *req) - { -@@ -710,4 +848,12 @@ static rpc_status_t verify_pkcs7_signature_handler(void *context, struct rpc_req - - return RPC_ERROR_INTERNAL; - } -+ -+static rpc_status_t get_uefi_priv_auth_var_fingerprint_handler(void *context, struct rpc_request *req) -+{ -+ (void)context; -+ (void)req; -+ -+ return RPC_ERROR_INTERNAL; -+} - #endif -diff --git a/components/service/crypto/provider/serializer/crypto_provider_serializer.h b/components/service/crypto/provider/serializer/crypto_provider_serializer.h -index bd5336c3d..2b965afdb 100644 ---- a/components/service/crypto/provider/serializer/crypto_provider_serializer.h -+++ b/components/service/crypto/provider/serializer/crypto_provider_serializer.h -@@ -126,6 +126,14 @@ struct crypto_provider_serializer { - uint8_t *hash, uint64_t *hash_len, - uint8_t *public_key_cert, - uint64_t *public_key_cert_len); -+ -+ /* Operation: get_uefi_priv_auth_var_fingerprintentifier */ -+ rpc_status_t (*deserialize_get_uefi_priv_auth_var_fingerprint_req)(const struct rpc_buffer *req_buf, -+ uint8_t *signed_data, -+ uint64_t *signed_data_len); -+ -+ rpc_status_t (*serialize_get_uefi_priv_auth_var_fingerprint_resp)(struct rpc_buffer *resp_buf, -+ const uint8_t *output); - }; - - #endif /* CRYPTO_PROVIDER_SERIALIZER_H */ -diff --git a/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c b/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c -index 050ef2f7d..89e07e2c8 100644 ---- a/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c -+++ b/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c -@@ -22,6 +22,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -675,6 +676,57 @@ static rpc_status_t deserialize_verify_pkcs7_signature_req( - return rpc_status; - } - -+/* Operation: get_uefi_priv_auth_var_fingerprintentifier */ -+static rpc_status_t deserialize_get_uefi_priv_auth_var_fingerprint_req(const struct rpc_buffer *req_buf, -+ uint8_t *signed_data, -+ uint64_t *signed_data_len) -+{ -+ rpc_status_t rpc_status = RPC_ERROR_INVALID_REQUEST_BODY; -+ -+ if (req_buf->data_length) { -+ struct tlv_const_iterator req_iter; -+ struct tlv_record decoded_record; -+ -+ rpc_status = RPC_SUCCESS; -+ -+ tlv_const_iterator_begin(&req_iter, (uint8_t *)req_buf->data, req_buf->data_length); -+ -+ if (tlv_find_decode(&req_iter, TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_IN_TAG_SIGNATURE, -+ &decoded_record)) { -+ *signed_data_len = decoded_record.length; -+ -+ if (signed_data) -+ memcpy(signed_data, decoded_record.value, decoded_record.length); -+ } else { -+ /* Default to a zero length */ -+ *signed_data_len = 0; -+ } -+ } -+ -+ return rpc_status; -+} -+ -+static rpc_status_t serialize_get_uefi_priv_auth_var_fingerprint_resp(struct rpc_buffer *resp_buf, -+ const uint8_t *output) -+{ -+ rpc_status_t rpc_status = RPC_ERROR_INTERNAL; -+ struct tlv_iterator resp_iter; -+ struct tlv_record out_record; -+ -+ out_record.tag = TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_OUT_TAG_IDENTIFIER; -+ out_record.length = PSA_HASH_MAX_SIZE; -+ out_record.value = output; -+ -+ tlv_iterator_begin(&resp_iter, resp_buf->data, resp_buf->size); -+ -+ if (tlv_encode(&resp_iter, &out_record)) { -+ resp_buf->data_length = tlv_required_space(PSA_HASH_MAX_SIZE); -+ rpc_status = RPC_SUCCESS; -+ } -+ -+ return rpc_status; -+} -+ - /* Singleton method to provide access to the serializer instance */ - const struct crypto_provider_serializer *packedc_crypto_provider_serializer_instance(void) - { -@@ -704,6 +756,8 @@ const struct crypto_provider_serializer *packedc_crypto_provider_serializer_inst - deserialize_generate_random_req, - serialize_generate_random_resp, - deserialize_verify_pkcs7_signature_req, -+ deserialize_get_uefi_priv_auth_var_fingerprint_req, -+ serialize_get_uefi_priv_auth_var_fingerprint_resp - }; - - return &instance; -diff --git a/components/service/uefi/smm_variable/backend/direct/uefi_direct_backend.c b/components/service/uefi/smm_variable/backend/direct/uefi_direct_backend.c -index bf978c5dd..c7ca07254 100644 ---- a/components/service/uefi/smm_variable/backend/direct/uefi_direct_backend.c -+++ b/components/service/uefi/smm_variable/backend/direct/uefi_direct_backend.c -@@ -9,6 +9,8 @@ - #include - #include - #include -+#include -+#include - - int verify_pkcs7_signature(const uint8_t *signature_cert, uint64_t signature_cert_len, - const uint8_t *hash, uint64_t hash_len, const uint8_t *public_key_cert, -@@ -46,3 +48,91 @@ int verify_pkcs7_signature(const uint8_t *signature_cert, uint64_t signature_cer - - return mbedtls_status; - } -+ -+/* -+ * Official value: http://www.oid-info.com/get/2.5.4.3 -+ * Hex converter: https://misc.daniel-marschall.de/asn.1/oid-converter/online.php -+ */ -+static const mbedtls_asn1_buf* findCommonName(const mbedtls_x509_name *name) -+{ -+ uint8_t CN_oid_tag = 0x06; -+ uint8_t CN_oid_len = 0x03; -+ uint8_t CN_oid_val[3] = {0x55, 0x04, 0x03}; -+ -+ while (name) -+ { -+ if (name->oid.tag == CN_oid_tag && name->oid.len == CN_oid_len) { -+ if (name->oid.p != NULL) { -+ if (!memcmp(name->oid.p, CN_oid_val, CN_oid_len)) -+ return &name->val; -+ } -+ } -+ -+ name = name->next; -+ } -+ -+ return NULL; -+} -+ -+int get_uefi_priv_auth_var_fingerprint_handler(const uint8_t *signature_cert, -+ uint64_t signature_cert_len, -+ uint8_t *output) -+{ -+ int mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; -+ -+ /* Parse the PKCS#7 DER encoded signature block */ -+ mbedtls_pkcs7 pkcs7_structure; -+ -+ mbedtls_pkcs7_init(&pkcs7_structure); -+ -+ mbedtls_status = mbedtls_pkcs7_parse_der(&pkcs7_structure, signature_cert, -+ signature_cert_len); -+ -+ if (mbedtls_status == MBEDTLS_PKCS7_SIGNED_DATA) { -+ -+ uint8_t output_buffer[PSA_HASH_MAX_SIZE] = { 0 }; -+ size_t __maybe_unused output_size = 0; -+ const mbedtls_asn1_buf *signerCertCN = NULL; -+ const mbedtls_x509_crt *topLevelCert = &pkcs7_structure.private_signed_data.private_certs; -+ const mbedtls_x509_buf *toplevelCertTbs = NULL; -+ psa_hash_operation_t op = PSA_HASH_OPERATION_INIT; -+ -+ /* Find common name field of the signing certificate, which is the first in the chain */ -+ signerCertCN = findCommonName(&topLevelCert->subject); -+ if (!signerCertCN) -+ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; -+ -+ /* Get the TopLevel certificate which is the last in the chain */ -+ while(topLevelCert->next) -+ topLevelCert = topLevelCert->next; -+ toplevelCertTbs = &topLevelCert->tbs; -+ -+ /* Hash the data to create the fingerprint */ -+ op = psa_hash_operation_init(); -+ -+ if (psa_hash_setup(&op, PSA_ALG_SHA_256) != PSA_SUCCESS) -+ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; -+ -+ if (psa_hash_update(&op, signerCertCN->p, signerCertCN->len)) { -+ psa_hash_abort(&op); -+ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; -+ } -+ -+ if (psa_hash_update(&op, toplevelCertTbs->p, toplevelCertTbs->len)) { -+ psa_hash_abort(&op); -+ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; -+ } -+ -+ if (psa_hash_finish(&op, (uint8_t*)&output_buffer, PSA_HASH_MAX_SIZE, &output_size)) { -+ psa_hash_abort(&op); -+ mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; -+ } -+ -+ /* Clear the remaining part of the buffer for consistency */ -+ memset(&output_buffer[output_size], 0, PSA_HASH_MAX_SIZE - output_size); -+ } -+ -+ mbedtls_pkcs7_free(&pkcs7_structure); -+ -+ return mbedtls_status; -+} -diff --git a/deployments/smm-gateway/smm-gateway.cmake b/deployments/smm-gateway/smm-gateway.cmake -index e5ee03b60..de519892d 100644 ---- a/deployments/smm-gateway/smm-gateway.cmake -+++ b/deployments/smm-gateway/smm-gateway.cmake -@@ -17,6 +17,11 @@ include(${TS_ROOT}/external/MbedTLS/MbedTLS.cmake) - target_link_libraries(smm-gateway PRIVATE MbedTLS::mbedcrypto) - target_link_libraries(smm-gateway PRIVATE MbedTLS::mbedx509) - -+# Pass the location of the mbedtls config file to C preprocessor. -+target_compile_definitions(smm-gateway PRIVATE -+ MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}" -+) -+ - target_compile_definitions(smm-gateway PRIVATE - -DUEFI_INTERNAL_CRYPTO - ) -diff --git a/protocols/service/crypto/packed-c/get_uefi_priv_auth_var_fingerprint.h b/protocols/service/crypto/packed-c/get_uefi_priv_auth_var_fingerprint.h -new file mode 100644 -index 000000000..29964b33c ---- /dev/null -+++ b/protocols/service/crypto/packed-c/get_uefi_priv_auth_var_fingerprint.h -@@ -0,0 +1,21 @@ -+/* -+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved. -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_H -+#define TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_H -+ -+#include -+ -+/* Variable length output parameter tags */ -+enum { -+ TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_OUT_TAG_IDENTIFIER = 1, -+}; -+ -+/* Variable length input parameter tags */ -+enum { -+ TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_IN_TAG_SIGNATURE = 1, -+}; -+ -+#endif /* TS_CRYPTO_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT_H */ -diff --git a/protocols/service/crypto/packed-c/opcodes.h b/protocols/service/crypto/packed-c/opcodes.h -index 35b81599b..8bc2b49b0 100644 ---- a/protocols/service/crypto/packed-c/opcodes.h -+++ b/protocols/service/crypto/packed-c/opcodes.h -@@ -28,6 +28,7 @@ - #define TS_CRYPTO_OPCODE_SIGN_MESSAGE (TS_CRYPTO_OPCODE_BASE + 16) - #define TS_CRYPTO_OPCODE_VERIFY_MESSAGE (TS_CRYPTO_OPCODE_BASE + 17) - #define TS_CRYPTO_OPCODE_VERIFY_PKCS7_SIGNATURE (TS_CRYPTO_OPCODE_BASE + 18) -+#define TS_CRYPTO_OPCODE_GET_UEFI_PRIV_AUTH_VAR_FINGERPRINT (TS_CRYPTO_OPCODE_BASE + 19) - - /* Hash operations */ - #define TS_CRYPTO_OPCODE_HASH_BASE (0x0200) --- -2.25.1 - diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Add-timestamp-validation-for-uefi-variables.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Add-timestamp-validation-for-uefi-variables.patch deleted file mode 100644 index 26e7df5f..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Add-timestamp-validation-for-uefi-variables.patch +++ /dev/null @@ -1,146 +0,0 @@ -From 5b418e141aadcb6604406f75e156317bd143d898 Mon Sep 17 00:00:00 2001 -From: Gabor Toth -Date: Fri, 5 Apr 2024 11:27:15 +0200 -Subject: [PATCH 1/3] Add timestamp validation for uefi variables - -Return failure if uefi variable creation or update is not -requested with newer timestamp. - -Signed-off-by: Gabor Toth -Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/27955] ---- - .../backend/uefi_variable_store.c | 35 +++++++++++++++---- - .../smm_variable/backend/variable_index.c | 1 + - .../smm_variable/backend/variable_index.h | 1 + - 3 files changed, 30 insertions(+), 7 deletions(-) - -diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.c b/components/service/uefi/smm_variable/backend/uefi_variable_store.c -index c1691dc8f..1b624f0c9 100644 ---- a/components/service/uefi/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.c -@@ -76,6 +76,7 @@ static efi_status_t verify_var_by_key_var(const efi_data_map *new_var, - const uint8_t *hash_buffer, size_t hash_len); - - static efi_status_t authenticate_variable(const struct uefi_variable_store *context, -+ EFI_TIME *timestamp, - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var); - #endif - -@@ -197,6 +198,7 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store * - const SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var) - { - bool should_sync_index = false; -+ EFI_TIME timestamp = { 0 }; - - /* Validate incoming request */ - efi_status_t status = check_name_terminator(var->Name, var->NameSize); -@@ -225,6 +227,9 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store * - return EFI_OUT_OF_RESOURCES; - } - -+ /* Save the timestamp into a buffer, which can be overwritten by the authentication function */ -+ memcpy(×tamp, &info->metadata.timestamp, sizeof(EFI_TIME)); -+ - /* Control access */ - status = check_access_permitted_on_set(context, info, var); - -@@ -240,7 +245,7 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store * - if (info->metadata.attributes & - EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) { - status = authenticate_variable( -- context, (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)var); -+ context, ×tamp, (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)var); - - if (status != EFI_SUCCESS) - return status; -@@ -326,7 +331,7 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store * - */ - if (var->Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) { - status = authenticate_variable( -- context, (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)var); -+ context, ×tamp, (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)var); - - if (status != EFI_SUCCESS) - return status; -@@ -358,9 +363,11 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store * - if (should_sync_index) - status = sync_variable_index(context); - -- /* Store any variable data to the storage backend */ -- if (info->is_variable_set && (status == EFI_SUCCESS)) -+ /* Store any variable data to the storage backend with the updated metadata */ -+ if (info->is_variable_set && (status == EFI_SUCCESS)) { -+ memcpy(&info->metadata.timestamp, ×tamp, sizeof(EFI_TIME)); - status = store_variable_data(context, info, var); -+ } - } - - variable_index_remove_unused_entry(&context->variable_index, info); -@@ -1106,6 +1113,7 @@ static efi_status_t verify_var_by_key_var(const efi_data_map *new_var, - * then verifies it. - */ - static efi_status_t authenticate_variable(const struct uefi_variable_store *context, -+ EFI_TIME *timestamp, - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var) - { - efi_status_t status = EFI_SUCCESS; -@@ -1223,9 +1231,7 @@ static efi_status_t authenticate_variable(const struct uefi_variable_store *cont - * - * UEFI: Page 253 - * 2. Verify that Pad1, Nanosecond, TimeZone, Daylight and Pad2 components -- * of the TimeStamp value are set to zero. Unless the EFI_VARIABLE_APPEND_WRITE -- * attribute is set, verify that the TimeStamp value is later than the current -- * timestamp value associated with the variable -+ * of the TimeStamp value are set to zero. - */ - if ((var_map.efi_auth_descriptor->TimeStamp.Pad1 != 0) || - (var_map.efi_auth_descriptor->TimeStamp.Pad2 != 0) || -@@ -1235,6 +1241,21 @@ static efi_status_t authenticate_variable(const struct uefi_variable_store *cont - return EFI_SECURITY_VIOLATION; - } - -+ /** -+ * UEFI: Page 253 -+ * Unless the EFI_VARIABLE_APPEND_WRITE attribute is set, verify -+ * that the TimeStamp value is later than the current -+ * timestamp value associated with the variable -+ */ -+ if (!(var->Attributes & EFI_VARIABLE_APPEND_WRITE)) { -+ if (memcmp(&var_map.efi_auth_descriptor->TimeStamp, timestamp, sizeof(EFI_GUID)) <= 0) { -+ EMSG("Timestamp violation"); -+ return EFI_SECURITY_VIOLATION; -+ } -+ -+ /* Save new timestamp */ -+ memcpy(timestamp, &var_map.efi_auth_descriptor->TimeStamp, sizeof(EFI_TIME)); -+ } - /* Calculate hash for the variable only once */ - hash_result = calc_variable_hash(&var_map, (uint8_t *)&hash_buffer, sizeof(hash_buffer), - &hash_len); -diff --git a/components/service/uefi/smm_variable/backend/variable_index.c b/components/service/uefi/smm_variable/backend/variable_index.c -index e2fe6dd38..f4194d2d3 100644 ---- a/components/service/uefi/smm_variable/backend/variable_index.c -+++ b/components/service/uefi/smm_variable/backend/variable_index.c -@@ -198,6 +198,7 @@ static struct variable_entry *add_entry(const struct variable_index *context, co - /* Initialize metadata */ - info->metadata.uid = generate_uid(context, guid, name_size, name); - info->metadata.guid = *guid; -+ memset(&info->metadata.timestamp, 0, sizeof(EFI_TIME)); - info->metadata.attributes = 0; - info->metadata.name_size = name_size; - memcpy(info->metadata.name, name, name_size); -diff --git a/components/service/uefi/smm_variable/backend/variable_index.h b/components/service/uefi/smm_variable/backend/variable_index.h -index 5d3b7a7c6..7eef7b86b 100644 ---- a/components/service/uefi/smm_variable/backend/variable_index.h -+++ b/components/service/uefi/smm_variable/backend/variable_index.h -@@ -32,6 +32,7 @@ extern "C" { - */ - struct variable_metadata { - EFI_GUID guid; -+ EFI_TIME timestamp; - size_t name_size; - int16_t name[VARIABLE_INDEX_MAX_NAME_SIZE]; - uint32_t attributes; --- -2.25.1 - diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-se-proxy-protobuf-change.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-se-proxy-protobuf-change.patch similarity index 81% rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-se-proxy-protobuf-change.patch rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-se-proxy-protobuf-change.patch index cfe0e693..11896556 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-se-proxy-protobuf-change.patch +++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-se-proxy-protobuf-change.patch @@ -1,6 +1,6 @@ -From e5a4487e2b757d0063148691c7d06ae1c7e15b9a Mon Sep 17 00:00:00 2001 +From dd9a51bde0608989e01de5369eaa0eef2bab7c43 Mon Sep 17 00:00:00 2001 From: Emekcan Aras -Date: Tue, 18 Jun 2024 11:52:43 +0100 +Date: Wed, 22 Jan 2025 00:54:30 +0000 Subject: [PATCH] protobuf fix Upstream-Status: Pending (not yet submitted to upstream) @@ -10,7 +10,7 @@ Signed-off-by: Emekcan Aras 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/deployments/se-proxy/env/commonsp/se_proxy_sp.c b/deployments/se-proxy/env/commonsp/se_proxy_sp.c -index a0eb03b6f..e2774c135 100644 +index 88e4cf17e..7da489ca8 100644 --- a/deployments/se-proxy/env/commonsp/se_proxy_sp.c +++ b/deployments/se-proxy/env/commonsp/se_proxy_sp.c @@ -13,6 +13,7 @@ @@ -25,12 +25,12 @@ index a0eb03b6f..e2774c135 100644 goto fatal_error; } -- rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 5, 16); -+ rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 6, 16); +- rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 6, 16); ++ rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 7, 16); if (rpc_status != RPC_SUCCESS) { EMSG("Failed to initialize RPC endpoint: %d", rpc_status); goto fatal_error; -@@ -129,6 +130,28 @@ void __noreturn sp_main(union ffa_boot_info *boot_info) +@@ -118,6 +119,28 @@ void __noreturn sp_main(union ffa_boot_info *boot_info) goto fatal_error; } @@ -56,10 +56,9 @@ index a0eb03b6f..e2774c135 100644 + goto fatal_error; + } + - while (1) { - ts_rpc_endpoint_sp_receive(&rpc_endpoint, &req_msg, &resp_msg); - + /* End of boot phase */ + result = sp_msg_wait(&req_msg); + if (result != SP_RESULT_OK) { -- -2.25.1 - +2.43.0 diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Isolate-common-uefi-variable-authentication-steps.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Isolate-common-uefi-variable-authentication-steps.patch deleted file mode 100644 index 16ca63b3..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Isolate-common-uefi-variable-authentication-steps.patch +++ /dev/null @@ -1,282 +0,0 @@ -From 19e79008e0fa3193b54bf6499516dc75cb10f6ec Mon Sep 17 00:00:00 2001 -From: Gabor Toth -Date: Thu, 11 Apr 2024 13:42:03 +0200 -Subject: [PATCH 2/3] Isolate common uefi variable authentication steps - -Currently all auth variables are authenticated with the secure boot -keys. To introduce corrent check for Private Authenticated Variables -first separate the common steps from the secure boot related steps. - -Signed-off-by: Gabor Toth -Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/27956] ---- - .../backend/uefi_variable_store.c | 191 ++++++++++-------- - 1 file changed, 103 insertions(+), 88 deletions(-) - -diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.c b/components/service/uefi/smm_variable/backend/uefi_variable_store.c -index 1b624f0c9..1384d0def 100644 ---- a/components/service/uefi/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.c -@@ -78,6 +78,12 @@ static efi_status_t verify_var_by_key_var(const efi_data_map *new_var, - static efi_status_t authenticate_variable(const struct uefi_variable_store *context, - EFI_TIME *timestamp, - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var); -+ -+static efi_status_t authenticate_secure_boot_variable(const struct uefi_variable_store *context, -+ efi_data_map* var_map, -+ uint8_t* hash_buffer, -+ size_t hash_len, -+ uint64_t max_variable_size); - #endif - - static efi_status_t store_variable_data(const struct uefi_variable_store *context, -@@ -1118,30 +1124,109 @@ static efi_status_t authenticate_variable(const struct uefi_variable_store *cont - { - efi_status_t status = EFI_SUCCESS; - EFI_GUID pkcs7_guid = EFI_CERT_TYPE_PKCS7_GUID; -- EFI_GUID global_variable_guid = EFI_GLOBAL_VARIABLE; -- EFI_GUID security_database_guid = EFI_IMAGE_SECURITY_DATABASE_GUID; - SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO variable_info = { 0, 0, 0, 0 }; -- SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *pk_variable = NULL; -- size_t pk_payload_size = 0; - efi_data_map var_map = { NULL, NULL, NULL, 0, 0, NULL, 0, NULL }; - uint8_t hash_buffer[PSA_HASH_MAX_SIZE]; - size_t hash_len = 0; -- bool hash_result = false; - - /* Create a map of the fields of the new variable including the auth header */ - if (!init_efi_data_map(var, true, &var_map)) - return EFI_SECURITY_VIOLATION; - -- /* database variables can be verified by either PK or KEK while images -- * should be checked by db and dbx so the length of two will be enough. -- */ -- SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *allowed_key_store_variables[] = { NULL, NULL }; -- - /* Find the maximal size of variables for the GetVariable operation */ - status = uefi_variable_store_query_variable_info(context, &variable_info); - if (status != EFI_SUCCESS) - return EFI_SECURITY_VIOLATION; - -+ /** -+ * UEFI: Page 246 -+ * If the EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute is set in a -+ * SetVariable() call, and firmware does not support signature type of the certificate -+ * included in the EFI_VARIABLE_AUTHENTICATION_2 descriptor, then the SetVariable() call -+ * shall return EFI_INVALID_PARAMETER. The list of signature types supported by the -+ * firmware is defined by the SignatureSupport variable. Signature type of the certificate -+ * is defined by its digest and encryption algorithms. -+ */ -+ /* TODO: Should support WIN_CERT_TYPE_PKCS_SIGNED_DATA and WIN_CERT_TYPE_EFI_PKCS115 */ -+ if (var_map.efi_auth_descriptor->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) -+ return EFI_INVALID_PARAMETER; -+ -+ /* Only a CertType of EFI_CERT_TYPE_PKCS7_GUID is accepted */ -+ if (!compare_guid(&var_map.efi_auth_descriptor->AuthInfo.CertType, &pkcs7_guid)) -+ return EFI_SECURITY_VIOLATION; -+ -+ /** -+ * Time associated with the authentication descriptor. For the TimeStamp value, -+ * components Pad1, Nanosecond, TimeZone, Daylight and Pad2 shall be set to 0. -+ * This means that the time shall always be expressed in GMT. -+ * -+ * UEFI: Page 253 -+ * 2. Verify that Pad1, Nanosecond, TimeZone, Daylight and Pad2 components -+ * of the TimeStamp value are set to zero. -+ */ -+ if ((var_map.efi_auth_descriptor->TimeStamp.Pad1 != 0) || -+ (var_map.efi_auth_descriptor->TimeStamp.Pad2 != 0) || -+ (var_map.efi_auth_descriptor->TimeStamp.Nanosecond != 0) || -+ (var_map.efi_auth_descriptor->TimeStamp.TimeZone != 0) || -+ (var_map.efi_auth_descriptor->TimeStamp.Daylight != 0)) { -+ return EFI_SECURITY_VIOLATION; -+ } -+ -+ /** -+ * UEFI: Page 253 -+ * Unless the EFI_VARIABLE_APPEND_WRITE attribute is set, verify -+ * that the TimeStamp value is later than the current -+ * timestamp value associated with the variable -+ */ -+ if (!(var->Attributes & EFI_VARIABLE_APPEND_WRITE)) { -+ if (memcmp(&var_map.efi_auth_descriptor->TimeStamp, timestamp, sizeof(EFI_GUID)) <= 0) { -+ EMSG("Timestamp violation"); -+ return EFI_SECURITY_VIOLATION; -+ } -+ -+ /* Save new timestamp */ -+ memcpy(timestamp, &var_map.efi_auth_descriptor->TimeStamp, sizeof(EFI_TIME)); -+ } -+ /* Calculate hash for the variable only once */ -+ if (calc_variable_hash(&var_map, (uint8_t *)&hash_buffer, sizeof(hash_buffer), &hash_len) == 0) { -+ status = EFI_SECURITY_VIOLATION; -+ } -+ -+ /* Run Secure Boot related authentication steps */ -+ status = authenticate_secure_boot_variable(context, &var_map, (uint8_t*) &hash_buffer, hash_len, variable_info.MaximumVariableSize); -+ -+ /* Remove the authentication header from the variable if the authentication is successful */ -+ if (status == EFI_SUCCESS) { -+ uint8_t *smm_payload = -+ (uint8_t *)var + SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(var); -+ -+ memmove(smm_payload, var_map.payload, var_map.payload_len); -+ memset((uint8_t *)smm_payload + var_map.payload_len, 0, -+ var_map.efi_auth_descriptor_len); -+ -+ var->DataSize -= var_map.efi_auth_descriptor_len; -+ } -+ -+ return status; -+} -+ -+static efi_status_t authenticate_secure_boot_variable(const struct uefi_variable_store *context, -+ efi_data_map* var_map, -+ uint8_t* hash_buffer, -+ size_t hash_len, -+ uint64_t max_variable_size) -+{ -+ efi_status_t status = EFI_SUCCESS; -+ EFI_GUID global_variable_guid = EFI_GLOBAL_VARIABLE; -+ EFI_GUID security_database_guid = EFI_IMAGE_SECURITY_DATABASE_GUID; -+ SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *pk_variable = NULL; -+ size_t pk_payload_size = 0; -+ -+ /* database variables can be verified by either PK or KEK while images -+ * should be checked by db and dbx so the length of two will be enough. -+ */ -+ SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *allowed_key_store_variables[] = { NULL, NULL }; -+ - /** - * UEFI: Page 253 - * 3. If the variable SetupMode==1, and the variable is a secure -@@ -1166,14 +1251,14 @@ static efi_status_t authenticate_variable(const struct uefi_variable_store *cont - * Platform Key is checked to enable or disable authentication. - */ - create_smm_variable(&pk_variable, sizeof(EFI_PLATFORM_KEY_NAME), -- variable_info.MaximumVariableSize, (uint8_t *)EFI_PLATFORM_KEY_NAME, -+ max_variable_size, (uint8_t *)EFI_PLATFORM_KEY_NAME, - &global_variable_guid); - - if (!pk_variable) - return EFI_OUT_OF_RESOURCES; - - status = uefi_variable_store_get_variable( -- context, pk_variable, variable_info.MaximumVariableSize, &pk_payload_size); -+ context, pk_variable, max_variable_size, &pk_payload_size); - - /* If PK does not exist authentication is disabled */ - if (status != EFI_SUCCESS) { -@@ -1207,66 +1292,8 @@ static efi_status_t authenticate_variable(const struct uefi_variable_store *cont - goto end; - } - -- /** -- * UEFI: Page 246 -- * If the EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute is set in a -- * SetVariable() call, and firmware does not support signature type of the certificate -- * included in the EFI_VARIABLE_AUTHENTICATION_2 descriptor, then the SetVariable() call -- * shall return EFI_INVALID_PARAMETER. The list of signature types supported by the -- * firmware is defined by the SignatureSupport variable. Signature type of the certificate -- * is defined by its digest and encryption algorithms. -- */ -- /* TODO: Should support WIN_CERT_TYPE_PKCS_SIGNED_DATA and WIN_CERT_TYPE_EFI_PKCS115 */ -- if (var_map.efi_auth_descriptor->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) -- return EFI_INVALID_PARAMETER; -- -- /* Only a CertType of EFI_CERT_TYPE_PKCS7_GUID is accepted */ -- if (!compare_guid(&var_map.efi_auth_descriptor->AuthInfo.CertType, &pkcs7_guid)) -- return EFI_SECURITY_VIOLATION; -- -- /** -- * Time associated with the authentication descriptor. For the TimeStamp value, -- * components Pad1, Nanosecond, TimeZone, Daylight and Pad2 shall be set to 0. -- * This means that the time shall always be expressed in GMT. -- * -- * UEFI: Page 253 -- * 2. Verify that Pad1, Nanosecond, TimeZone, Daylight and Pad2 components -- * of the TimeStamp value are set to zero. -- */ -- if ((var_map.efi_auth_descriptor->TimeStamp.Pad1 != 0) || -- (var_map.efi_auth_descriptor->TimeStamp.Pad2 != 0) || -- (var_map.efi_auth_descriptor->TimeStamp.Nanosecond != 0) || -- (var_map.efi_auth_descriptor->TimeStamp.TimeZone != 0) || -- (var_map.efi_auth_descriptor->TimeStamp.Daylight != 0)) { -- return EFI_SECURITY_VIOLATION; -- } -- -- /** -- * UEFI: Page 253 -- * Unless the EFI_VARIABLE_APPEND_WRITE attribute is set, verify -- * that the TimeStamp value is later than the current -- * timestamp value associated with the variable -- */ -- if (!(var->Attributes & EFI_VARIABLE_APPEND_WRITE)) { -- if (memcmp(&var_map.efi_auth_descriptor->TimeStamp, timestamp, sizeof(EFI_GUID)) <= 0) { -- EMSG("Timestamp violation"); -- return EFI_SECURITY_VIOLATION; -- } -- -- /* Save new timestamp */ -- memcpy(timestamp, &var_map.efi_auth_descriptor->TimeStamp, sizeof(EFI_TIME)); -- } -- /* Calculate hash for the variable only once */ -- hash_result = calc_variable_hash(&var_map, (uint8_t *)&hash_buffer, sizeof(hash_buffer), -- &hash_len); -- -- if (!hash_result) { -- status = EFI_SECURITY_VIOLATION; -- goto end; -- } -- -- status = select_verification_keys(var_map, global_variable_guid, security_database_guid, -- variable_info.MaximumVariableSize, -+ status = select_verification_keys(*var_map, global_variable_guid, security_database_guid, -+ max_variable_size, - &allowed_key_store_variables[0]); - - if (status != EFI_SUCCESS) -@@ -1280,8 +1307,8 @@ static efi_status_t authenticate_variable(const struct uefi_variable_store *cont - continue; - - status = uefi_variable_store_get_variable(context, allowed_key_store_variables[i], -- variable_info.MaximumVariableSize, -- &actual_variable_length); -+ max_variable_size, -+ &actual_variable_length); - - if (status) { - /* When the parent does not exist it is considered verification failure */ -@@ -1297,8 +1324,8 @@ static efi_status_t authenticate_variable(const struct uefi_variable_store *cont - goto end; - } - -- status = verify_var_by_key_var(&var_map, &allowed_key_store_var_map, -- (uint8_t *)&hash_buffer, hash_len); -+ status = verify_var_by_key_var(var_map, &allowed_key_store_var_map, -+ hash_buffer, hash_len); - - if (status == EFI_SUCCESS) - goto end; -@@ -1311,18 +1338,6 @@ end: - free(allowed_key_store_variables[i]); - } - -- /* Remove the authentication header from the variable if the authentication is successful */ -- if (status == EFI_SUCCESS) { -- uint8_t *smm_payload = -- (uint8_t *)var + SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(var); -- -- memmove(smm_payload, var_map.payload, var_map.payload_len); -- memset((uint8_t *)smm_payload + var_map.payload_len, 0, -- var_map.efi_auth_descriptor_len); -- -- var->DataSize -= var_map.efi_auth_descriptor_len; -- } -- - return status; - } - #endif --- -2.25.1 - diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Implement-Private-Authenticated-Variable-verificatio.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Implement-Private-Authenticated-Variable-verificatio.patch deleted file mode 100644 index eb7852f0..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Implement-Private-Authenticated-Variable-verificatio.patch +++ /dev/null @@ -1,292 +0,0 @@ -From a172c6e8269915db1b25e2749bae06dc0220cfb8 Mon Sep 17 00:00:00 2001 -From: Gabor Toth -Date: Thu, 11 Apr 2024 13:48:14 +0200 -Subject: [PATCH 3/3] Implement Private Authenticated Variable verification - -Refactor the implementation to only use the PK, KEK, DB authentication -chain for boot variables, and implement the self authentication for -private authenticated variables. - -Signed-off-by: Gabor Toth -Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/27957] ---- - .../backend/uefi_variable_store.c | 126 +++++++++++++++--- - .../smm_variable/backend/variable_index.c | 1 + - .../smm_variable/backend/variable_index.h | 2 + - .../config/default-opteesp/CMakeLists.txt | 2 +- - .../config/default-sp/CMakeLists.txt | 2 +- - 5 files changed, 112 insertions(+), 21 deletions(-) - -diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.c b/components/service/uefi/smm_variable/backend/uefi_variable_store.c -index 1384d0def..97c43dc74 100644 ---- a/components/service/uefi/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.c -@@ -75,15 +75,25 @@ static efi_status_t verify_var_by_key_var(const efi_data_map *new_var, - const efi_data_map *key_store_var, - const uint8_t *hash_buffer, size_t hash_len); - -+static bool isPrivateAuthVar(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var); -+ - static efi_status_t authenticate_variable(const struct uefi_variable_store *context, -- EFI_TIME *timestamp, -- SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var); -+ EFI_TIME *timestamp, uint8_t (*fingerprint)[FINGERPRINT_SIZE], -+ bool new_variable, SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var); - - static efi_status_t authenticate_secure_boot_variable(const struct uefi_variable_store *context, - efi_data_map* var_map, - uint8_t* hash_buffer, - size_t hash_len, - uint64_t max_variable_size); -+ -+static efi_status_t authenticate_private_variable(const struct uefi_variable_store *context, -+ efi_data_map* var_map, -+ uint8_t* hash_buffer, -+ size_t hash_len, -+ uint64_t max_variable_size, -+ bool new_variable, -+ uint8_t (*fingerprint)[FINGERPRINT_SIZE]); - #endif - - static efi_status_t store_variable_data(const struct uefi_variable_store *context, -@@ -205,6 +215,7 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store * - { - bool should_sync_index = false; - EFI_TIME timestamp = { 0 }; -+ uint8_t fingerprint[FINGERPRINT_SIZE] = { 0 }; - - /* Validate incoming request */ - efi_status_t status = check_name_terminator(var->Name, var->NameSize); -@@ -233,8 +244,9 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store * - return EFI_OUT_OF_RESOURCES; - } - -- /* Save the timestamp into a buffer, which can be overwritten by the authentication function */ -+ /* Save the timestamp and fingerprints into a buffer, which can be overwritten by the authentication function */ - memcpy(×tamp, &info->metadata.timestamp, sizeof(EFI_TIME)); -+ memcpy(&fingerprint, &info->metadata.fingerprint, FINGERPRINT_SIZE); - - /* Control access */ - status = check_access_permitted_on_set(context, info, var); -@@ -251,7 +263,8 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store * - if (info->metadata.attributes & - EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) { - status = authenticate_variable( -- context, ×tamp, (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)var); -+ context, ×tamp, &fingerprint, false, -+ (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)var); - - if (status != EFI_SUCCESS) - return status; -@@ -337,7 +350,8 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store * - */ - if (var->Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) { - status = authenticate_variable( -- context, ×tamp, (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)var); -+ context, ×tamp, &fingerprint, true, -+ (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)var); - - if (status != EFI_SUCCESS) - return status; -@@ -372,6 +386,7 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store * - /* Store any variable data to the storage backend with the updated metadata */ - if (info->is_variable_set && (status == EFI_SUCCESS)) { - memcpy(&info->metadata.timestamp, ×tamp, sizeof(EFI_TIME)); -+ memcpy(&info->metadata.fingerprint, &fingerprint, FINGERPRINT_SIZE); - status = store_variable_data(context, info, var); - } - } -@@ -1030,15 +1045,6 @@ select_verification_keys(const efi_data_map new_var, EFI_GUID global_variable_gu - create_smm_variable(&(allowed_key_store_variables[1]), - sizeof(EFI_KEY_EXCHANGE_KEY_NAME), maximum_variable_size, - (uint8_t *)EFI_KEY_EXCHANGE_KEY_NAME, &global_variable_guid); -- } else { -- /* -- * Any other variable is considered Private Authenticated Variable. -- * These are verified by db -- */ -- create_smm_variable(&(allowed_key_store_variables[0]), -- sizeof(EFI_IMAGE_SECURITY_DATABASE), maximum_variable_size, -- (uint8_t *)EFI_IMAGE_SECURITY_DATABASE, -- &security_database_guid); - } - - return EFI_SUCCESS; -@@ -1114,13 +1120,39 @@ static efi_status_t verify_var_by_key_var(const efi_data_map *new_var, - return EFI_SECURITY_VIOLATION; - } - --/* Basic verification of the authentication header of the new variable. -+static bool isPrivateAuthVar(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var) -+{ -+ if (compare_name_to_key_store_name(var->Name, -+ var->NameSize, EFI_PLATFORM_KEY_NAME, -+ sizeof(EFI_PLATFORM_KEY_NAME)) || -+ compare_name_to_key_store_name( -+ var->Name, var->NameSize, -+ EFI_KEY_EXCHANGE_KEY_NAME, sizeof(EFI_KEY_EXCHANGE_KEY_NAME)) || -+ compare_name_to_key_store_name( -+ var->Name, var->NameSize, -+ EFI_IMAGE_SECURITY_DATABASE, sizeof(EFI_IMAGE_SECURITY_DATABASE)) || -+ compare_name_to_key_store_name( -+ var->Name, var->NameSize, -+ EFI_IMAGE_SECURITY_DATABASE1, sizeof(EFI_IMAGE_SECURITY_DATABASE1)) || -+ compare_name_to_key_store_name( -+ var->Name, var->NameSize, -+ EFI_IMAGE_SECURITY_DATABASE2, sizeof(EFI_IMAGE_SECURITY_DATABASE2)) || -+ compare_name_to_key_store_name( -+ var->Name, var->NameSize, -+ EFI_IMAGE_SECURITY_DATABASE3, sizeof(EFI_IMAGE_SECURITY_DATABASE3))) -+ return false; -+ -+ return true; -+} -+ -+/* -+ * Basic verification of the authentication header of the new variable. - * First finds the key variable responsible for the authentication of the new variable, - * then verifies it. - */ - static efi_status_t authenticate_variable(const struct uefi_variable_store *context, -- EFI_TIME *timestamp, -- SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var) -+ EFI_TIME *timestamp, uint8_t (*fingerprint)[FINGERPRINT_SIZE], -+ bool new_variable, SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var) - { - efi_status_t status = EFI_SUCCESS; - EFI_GUID pkcs7_guid = EFI_CERT_TYPE_PKCS7_GUID; -@@ -1192,8 +1224,13 @@ static efi_status_t authenticate_variable(const struct uefi_variable_store *cont - status = EFI_SECURITY_VIOLATION; - } - -- /* Run Secure Boot related authentication steps */ -- status = authenticate_secure_boot_variable(context, &var_map, (uint8_t*) &hash_buffer, hash_len, variable_info.MaximumVariableSize); -+ if (isPrivateAuthVar(var)) { -+ /* Run Private Authenticated Variable related authentication steps */ -+ status = authenticate_private_variable(context, &var_map, (uint8_t*) &hash_buffer, hash_len, variable_info.MaximumVariableSize, new_variable, fingerprint); -+ } else { -+ /* Run Secure Boot related authentication steps */ -+ status = authenticate_secure_boot_variable(context, &var_map, (uint8_t*) &hash_buffer, hash_len, variable_info.MaximumVariableSize); -+ } - - /* Remove the authentication header from the variable if the authentication is successful */ - if (status == EFI_SUCCESS) { -@@ -1340,6 +1377,57 @@ end: - - return status; - } -+ -+static efi_status_t authenticate_private_variable(const struct uefi_variable_store *context, -+ efi_data_map* var_map, -+ uint8_t* hash_buffer, -+ size_t hash_len, -+ uint64_t max_variable_size, -+ bool new_variable, -+ uint8_t (*fingerprint)[FINGERPRINT_SIZE]) -+{ -+ efi_status_t status = EFI_SUCCESS; -+ uint8_t new_fingerprint[PSA_HASH_MAX_SIZE] = { 0 }; -+ -+ /* Verify the signature of the variable */ -+ if (verify_pkcs7_signature( -+ var_map->efi_auth_descriptor->AuthInfo.CertData, -+ var_map->efi_auth_descriptor_certdata_len, hash_buffer, -+ hash_len, NULL, 0) == 0) -+ status = EFI_SUCCESS; -+ else -+ return EFI_SECURITY_VIOLATION; -+ -+ /** -+ * UEFI: Page 254 -+ * CN of the signing certificate’s Subject and the hash of the tbsCertificate of the top-level issuer certificate -+ * (or the signing certificate itself if no other certificates are present or the certificate chain is of length 1) -+ * in SignedData.certificates is registered for use in subsequent verifications of this variable. Implementations -+ * may store just a single hash of these two elements to reduce storage requirements. -+ */ -+ if (get_uefi_priv_auth_var_fingerprint_handler(var_map->efi_auth_descriptor->AuthInfo.CertData, -+ var_map->efi_auth_descriptor_certdata_len, -+ (uint8_t*)&new_fingerprint)) { -+ EMSG("Failed to querry variable fingerprint input"); -+ return EFI_SECURITY_VIOLATION; -+ } -+ -+ /* -+ * The hash is SHA256 so only 32 bytes contain non zero values. -+ * Use only that part to decrease metadata size. -+ */ -+ if (!new_variable) { -+ if (memcmp(&new_fingerprint, fingerprint, FINGERPRINT_SIZE)) { -+ EMSG("Fingerprint verification failed"); -+ return EFI_SECURITY_VIOLATION; -+ } -+ } else { -+ /* Save fingerprint */ -+ memcpy(fingerprint, &new_fingerprint, FINGERPRINT_SIZE); -+ } -+ -+ return status; -+} - #endif - - static efi_status_t store_variable_data(const struct uefi_variable_store *context, -diff --git a/components/service/uefi/smm_variable/backend/variable_index.c b/components/service/uefi/smm_variable/backend/variable_index.c -index f4194d2d3..7f2fbe0ba 100644 ---- a/components/service/uefi/smm_variable/backend/variable_index.c -+++ b/components/service/uefi/smm_variable/backend/variable_index.c -@@ -199,6 +199,7 @@ static struct variable_entry *add_entry(const struct variable_index *context, co - info->metadata.uid = generate_uid(context, guid, name_size, name); - info->metadata.guid = *guid; - memset(&info->metadata.timestamp, 0, sizeof(EFI_TIME)); -+ memset(&info->metadata.fingerprint, 0, sizeof(FINGERPRINT_SIZE)); - info->metadata.attributes = 0; - info->metadata.name_size = name_size; - memcpy(info->metadata.name, name, name_size); -diff --git a/components/service/uefi/smm_variable/backend/variable_index.h b/components/service/uefi/smm_variable/backend/variable_index.h -index 7eef7b86b..726bc985a 100644 ---- a/components/service/uefi/smm_variable/backend/variable_index.h -+++ b/components/service/uefi/smm_variable/backend/variable_index.h -@@ -24,6 +24,7 @@ extern "C" { - * Implementation limits - */ - #define VARIABLE_INDEX_MAX_NAME_SIZE (64) -+#define FINGERPRINT_SIZE (32) - - /** - * \brief variable_metadata structure definition -@@ -33,6 +34,7 @@ extern "C" { - struct variable_metadata { - EFI_GUID guid; - EFI_TIME timestamp; -+ uint8_t fingerprint[FINGERPRINT_SIZE]; - size_t name_size; - int16_t name[VARIABLE_INDEX_MAX_NAME_SIZE]; - uint32_t attributes; -diff --git a/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt b/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt -index 0e281a377..d3df61ded 100644 ---- a/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt -+++ b/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt -@@ -42,7 +42,7 @@ set(SP_BOOT_ORDER "8" CACHE STRING "Boot order of the SP") - add_platform(TARGET "smm-gateway") - - # SMM variable and RPC caller settings --set(SMM_GATEWAY_MAX_UEFI_VARIABLES 40 CACHE STRING "Maximum UEFI variable count") -+set(SMM_GATEWAY_MAX_UEFI_VARIABLES 35 CACHE STRING "Maximum UEFI variable count") - set(SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE 2*4096 CACHE STRING "RPC caller buffer size in SMMGW") - if (UEFI_AUTH_VAR) - set(SMM_SP_HEAP_SIZE 64*1024 CACHE STRING "SMM gateway SP heap size") -diff --git a/deployments/smm-gateway/config/default-sp/CMakeLists.txt b/deployments/smm-gateway/config/default-sp/CMakeLists.txt -index 8df9256e4..bb97cf8e3 100644 ---- a/deployments/smm-gateway/config/default-sp/CMakeLists.txt -+++ b/deployments/smm-gateway/config/default-sp/CMakeLists.txt -@@ -47,7 +47,7 @@ set(SP_BOOT_ORDER "8" CACHE STRING "Boot order of the SP") - add_platform(TARGET "smm-gateway") - - # SMM variable and RPC caller settings --set(SMM_GATEWAY_MAX_UEFI_VARIABLES 40 CACHE STRING "Maximum UEFI variable count") -+set(SMM_GATEWAY_MAX_UEFI_VARIABLES 35 CACHE STRING "Maximum UEFI variable count") - set(SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE 2*4096 CACHE STRING "RPC caller buffer size in SMMGW") - if (UEFI_AUTH_VAR) - set(SMM_SP_HEAP_SIZE 64*1024 CACHE STRING "SMM gateway SP heap size") --- -2.25.1 - diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc index 84f4c07f..89362ead 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc +++ b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc @@ -5,24 +5,15 @@ SRC_URI:append:corstone1000 = " \ file://0001-Add-stub-capsule-update-service-components.patch \ file://0002-Fix-in-AEAD-for-psa-arch-test-254.patch \ file://0003-FMP-Support-in-Corstone1000.patch \ - file://0004-smm_gateway-GetNextVariableName-Fix.patch \ - file://0005-Fix-psa-api-crypto-test-no-243.patch \ - file://0006-plat-corstone1000-Use-the-stateless-platform-service.patch \ - file://0007-plat-corstone1000-Initialize-capsule-update-provider.patch \ - file://0008-plat-corstone1000-add-client_id-for-FMP-service.patch \ - file://0009-Remove-Werror-flag.patch \ - file://0010-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch \ - file://0011-Fix-Avoid-redefinition-of-variables.patch \ - file://0012-Fix-GetNextVariableName-NameSize-input.patch \ - file://0013-Fix-error-handling-of-variable-index-loading.patch \ - file://0014-Provide-crypto-api-to-create-uefi-priv-var-fingerpri.patch \ - file://0015-Add-timestamp-validation-for-uefi-variables.patch \ - file://0016-Isolate-common-uefi-variable-authentication-steps.patch \ - file://0017-Implement-Private-Authenticated-Variable-verificatio.patch \ - file://0018-Make-RSS-and-MHU-sizes-compile-time-definitions-user.patch \ - file://0019-Align-PSA-Crypto-with-TF-Mv2.1.patch \ - file://0020-se-proxy-protobuf-change.patch \ - file://0021-Align-PSA-Crypto-structs-with-TF-Mv2.1.1.patch \ + file://0004-Fix-psa-api-crypto-test-no-243.patch \ + file://0005-plat-corstone1000-Use-the-stateless-platform-service.patch \ + file://0006-plat-corstone1000-Initialize-capsule-update-provider.patch \ + file://0007-plat-corstone1000-add-client_id-for-FMP-service.patch \ + file://0008-Remove-Werror-flag.patch \ + file://0009-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch \ + file://0010-Make-RSS-and-MHU-sizes-compile-time-definitions-user.patch \ + file://0011-Align-PSA-Crypto-with-TF-Mv2.1.patch \ + file://0015-se-proxy-protobuf-change.patch \ " # The patches above introduce errors with GCC 14.1, silence them for now From patchwork Tue May 20 17:27:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Szing X-Patchwork-Id: 63321 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F05B5C54756 for ; Tue, 20 May 2025 17:28:23 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.27026.1747762093986550585 for ; Tue, 20 May 2025 10:28:14 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: gyorgy.szing@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 199EE152B; Tue, 20 May 2025 10:28:00 -0700 (PDT) Received: from gyoszi01-yocto.budapest.arm.com (ubul2.budapest.arm.com [10.45.25.25]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 04E243F5A1; Tue, 20 May 2025 10:28:12 -0700 (PDT) From: Gyorgy Szing To: meta-arm@lists.yoctoproject.org Cc: Bence Balogh Subject: [PATCH 8/9] arm-bsp/trusted-services: corstone1000: revert features that conflict with capsule update Date: Tue, 20 May 2025 19:27:46 +0200 Message-ID: <20250520172748.3439803-8-gyorgy.szing@arm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250520172748.3439803-1-gyorgy.szing@arm.com> References: <20250520172748.3439803-1-gyorgy.szing@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 May 2025 17:28:23 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6515 From: Bence Balogh Three commits had to be removed in order to make the inappropriate capsule update implementation work with the new Trusted Services version. The "Make variable index usage robust with redundancy" commit needs to be reverted because the FMP support only works if the SMM_VARIABLE_INDEX_STORAGE_UID is 0x787. The "Load and store UEFI variable index in chunks" commit needs to be reverted because the optional create() and set_extended() APIs are not supported for Corstone-1000. The "Make constraints of NV UEFI variables persistent" commit needs to be reverted because the FMP support is not compatible with these changes. Signed-off-by: Bence Balogh --- ...able-index-usage-robust-with-redunda.patch | 716 ++++++++++++++++++ ...-store-UEFI-variable-index-in-chunks.patch | 291 +++++++ ...traints-of-NV-UEFI-variables-persist.patch | 387 ++++++++++ .../trusted-services/ts-arm-platforms.inc | 4 +- 4 files changed, 1397 insertions(+), 1 deletion(-) create mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-Revert-Make-variable-index-usage-robust-with-redunda.patch create mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Revert-Load-and-store-UEFI-variable-index-in-chunks.patch create mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Revert-Make-constraints-of-NV-UEFI-variables-persist.patch diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-Revert-Make-variable-index-usage-robust-with-redunda.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-Revert-Make-variable-index-usage-robust-with-redunda.patch new file mode 100644 index 00000000..8b5f062f --- /dev/null +++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-Revert-Make-variable-index-usage-robust-with-redunda.patch @@ -0,0 +1,716 @@ +From f0c1c15fc8886349f7aeb04e1328472894b674d7 Mon Sep 17 00:00:00 2001 +From: Bence Balogh +Date: Mon, 25 Nov 2024 22:11:33 +0100 +Subject: [PATCH 1/3] Revert "Make variable index usage robust with redundancy" + +This reverts commit 8e394bbfae1dccf86a6a5428471e1b10fdaa74ec. +This revert is needed because the FMP support added for Corstone-1000 only +works if the SMM_VARIABLE_INDEX_STORAGE_UID is 0x787. See the implementation +in the 0003-FMP-Support-in-Corstone1000.patch file. + +The 0003-FMP-Support-in-Corstone1000.patch is also inappropriate and will be +redesigned. Instead of fixing that patch, revert this redundancy feature until +the FMP support is redesigned. + +Upstream-Status: Inappropriate [To be removed after new FWU design] +Signed-off-by: Bence Balogh +--- + .../backend/test/variable_index_tests.cpp | 50 ++--- + .../backend/test/variable_store_tests.cpp | 166 ---------------- + .../backend/uefi_variable_store.c | 181 +++--------------- + .../backend/uefi_variable_store.h | 1 - + .../smm_variable/backend/variable_index.c | 29 +-- + .../smm_variable/backend/variable_index.h | 3 +- + 6 files changed, 46 insertions(+), 384 deletions(-) + +diff --git a/components/service/uefi/smm_variable/backend/test/variable_index_tests.cpp b/components/service/uefi/smm_variable/backend/test/variable_index_tests.cpp +index cf0f6a12e..a52cfbf76 100644 +--- a/components/service/uefi/smm_variable/backend/test/variable_index_tests.cpp ++++ b/components/service/uefi/smm_variable/backend/test/variable_index_tests.cpp +@@ -208,8 +208,7 @@ TEST(UefiVariableIndexTests, enumerateStore) + + TEST(UefiVariableIndexTests, dumpLoadRoadtrip) + { +- uint8_t buffer[sizeof(uint32_t) + +- MAX_VARIABLES * (sizeof(struct variable_metadata) + sizeof(bool))]; ++ uint8_t buffer[MAX_VARIABLES * sizeof(struct variable_metadata)]; + + create_variables(); + +@@ -223,13 +222,7 @@ TEST(UefiVariableIndexTests, dumpLoadRoadtrip) + + CHECK_TRUE(is_dirty); + UNSIGNED_LONGS_EQUAL(EFI_SUCCESS, status); +- /* +- * Variable index counter is at the beginning, which is followed by metadata and +- * constraint status byte of both NV variables +- */ +- UNSIGNED_LONGS_EQUAL(sizeof(uint32_t) + +- ((sizeof(struct variable_metadata) + sizeof(bool)) * 2), +- dump_len); ++ UNSIGNED_LONGS_EQUAL(((sizeof(struct variable_metadata) + sizeof(bool)) * 2), dump_len); + + /* Expect no records to be dirty when the dump is repeated */ + dump_len = 0; +@@ -238,9 +231,7 @@ TEST(UefiVariableIndexTests, dumpLoadRoadtrip) + + UNSIGNED_LONGS_EQUAL(EFI_SUCCESS, status); + CHECK_FALSE(is_dirty); +- UNSIGNED_LONGS_EQUAL(sizeof(uint32_t) + +- ((sizeof(struct variable_metadata) + sizeof(bool)) * 2), +- dump_len); ++ UNSIGNED_LONGS_EQUAL(((sizeof(struct variable_metadata) + sizeof(bool)) * 2), dump_len); + + /* Tear down and reinitialize to simulate a reboot */ + variable_index_deinit(&m_variable_index); +@@ -279,8 +270,7 @@ TEST(UefiVariableIndexTests, dumpLoadRoadtrip) + + TEST(UefiVariableIndexTests, dumpLoadConstrainedVariable) + { +- uint8_t buffer[sizeof(uint32_t) + +- MAX_VARIABLES * (sizeof(struct variable_metadata) + sizeof(bool))]; ++ uint8_t buffer[MAX_VARIABLES * sizeof(struct variable_metadata)]; + + create_variables(); + +@@ -314,13 +304,8 @@ TEST(UefiVariableIndexTests, dumpLoadConstrainedVariable) + UNSIGNED_LONGS_EQUAL(EFI_SUCCESS, status); + CHECK_TRUE(is_dirty); + +- /* +- * Variable index counter is at the beginning, which is followed by metadata and +- * constraint status byte of both NV variables, but only one of them has +- * constraints +- */ +- UNSIGNED_LONGS_EQUAL(sizeof(uint32_t) + +- (sizeof(struct variable_metadata) + sizeof(bool)) * 2 + ++ /* metadata and constraint status byte are stored for both NV variables, but only one of them has constraints */ ++ UNSIGNED_LONGS_EQUAL((sizeof(struct variable_metadata) + sizeof(bool)) * 2 + + sizeof(struct variable_constraints), + dump_len); + +@@ -331,11 +316,7 @@ TEST(UefiVariableIndexTests, dumpLoadConstrainedVariable) + + TEST(UefiVariableIndexTests, dumpBufferTooSmall) + { +- /* +- * Enough to fit the variable index counter and the metadata and constraint +- * status of a single variable +- */ +- uint8_t buffer[sizeof(uint32_t) + sizeof(struct variable_metadata) + sizeof(bool)]; ++ uint8_t buffer[1 * sizeof(struct variable_metadata) + 1]; + + create_variables(); + +@@ -357,8 +338,7 @@ TEST(UefiVariableIndexTests, dumpBufferTooSmall) + + TEST(UefiVariableIndexTests, removeVariable) + { +- uint8_t buffer[sizeof(uint32_t) + +- MAX_VARIABLES * (sizeof(struct variable_metadata) + sizeof(bool))]; ++ uint8_t buffer[MAX_VARIABLES * sizeof(struct variable_metadata)]; + struct variable_info *info = NULL; + + create_variables(); +@@ -378,12 +358,7 @@ TEST(UefiVariableIndexTests, removeVariable) + + CHECK_TRUE(is_dirty); + UNSIGNED_LONGS_EQUAL(EFI_SUCCESS, status); +- /* +- * Dump to now contains the variable index counter and metadata, +- * constraint status data of a variable +- */ +- UNSIGNED_LONGS_EQUAL(sizeof(uint32_t) + sizeof(struct variable_metadata) + sizeof(bool), +- dump_len); ++ UNSIGNED_LONGS_EQUAL(sizeof(struct variable_metadata) + sizeof(bool), dump_len); + + /* Remove the volatile variable */ + info = variable_index_find(&m_variable_index, &guid_1, string_get_size_in_bytes(name_1), +@@ -398,8 +373,7 @@ TEST(UefiVariableIndexTests, removeVariable) + + CHECK_FALSE(is_dirty); + UNSIGNED_LONGS_EQUAL(EFI_SUCCESS, status); +- UNSIGNED_LONGS_EQUAL(sizeof(uint32_t) + sizeof(struct variable_metadata) + sizeof(bool), +- dump_len); ++ UNSIGNED_LONGS_EQUAL(sizeof(struct variable_metadata) + sizeof(bool), dump_len); + + /* Remove the remaining NV variable */ + info = variable_index_find(&m_variable_index, &guid_1, string_get_size_in_bytes(name_3), +@@ -407,14 +381,14 @@ TEST(UefiVariableIndexTests, removeVariable) + + variable_index_clear_variable(&m_variable_index, info); + +- /* Expect index to be dirty and dump to now contains only the variable index counter */ ++ /* Expect index to be dirty and dump to now be empty */ + dump_len = 0; + status = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len, + &is_dirty); + + CHECK_TRUE(is_dirty); + UNSIGNED_LONGS_EQUAL(EFI_SUCCESS, status); +- UNSIGNED_LONGS_EQUAL(sizeof(uint32_t), dump_len); ++ UNSIGNED_LONGS_EQUAL(0, dump_len); + + /* Enumerate and now expect an empty index */ + info = NULL; +diff --git a/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp b/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp +index 0f962f206..e0f21f77a 100644 +--- a/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp ++++ b/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp +@@ -5,7 +5,6 @@ + */ + + #include +-#include + #include + #include + #include +@@ -270,17 +269,8 @@ TEST_GROUP(UefiVariableStoreTests) + static const size_t MAX_VARIABLES = 5; + static const size_t MAX_VARIABLE_SIZE = 3000; + static const size_t STORE_CAPACITY = MAX_VARIABLES * MAX_VARIABLE_SIZE; +- static const size_t VARIABLE_INDEX_MAX_SIZE = +- sizeof(uint32_t) + +- MAX_VARIABLES * (sizeof(struct variable_metadata) + +- sizeof(struct variable_constraints) + sizeof(bool)); + + static const uint32_t OWNER_ID = 100; +- +- /* Synchronize these with the variables with the store */ +- uint64_t DEFAULT_VARIABLE_INDEX_STORAGE_A_UID = 0x8000000000000001; +- uint64_t DEFAULT_VARIABLE_INDEX_STORAGE_B_UID = 0x8000000000000002; +- + /* + * Make sure the variable buffer in the test is way above the limit + * so the buffer problems will be handled by the component +@@ -873,159 +863,3 @@ TEST(UefiVariableStoreTests, fillIndex) + LONGS_EQUAL(0, input_data.compare(output_data)); + } + } +- +-TEST(UefiVariableStoreTests, variableIndexCounterOverflow) +-{ +- efi_status_t efi_status = EFI_SUCCESS; +- psa_status_t psa_status = PSA_SUCCESS; +- std::u16string var_name = u"var"; +- std::string input_data = "a"; +- uint32_t attributes = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | +- EFI_VARIABLE_RUNTIME_ACCESS; +- /* There are no variables set in the index, only the counter is there */ +- uint8_t buffer[sizeof(uint32_t)] = { 0 }; +- +- mock_store_reset(&m_persistent_store); +- +- /* Counter of index A is 0 */ +- psa_status = m_persistent_store.backend.interface->set( +- m_persistent_store.backend.context, OWNER_ID, DEFAULT_VARIABLE_INDEX_STORAGE_A_UID, +- sizeof(buffer), &buffer, PSA_STORAGE_FLAG_NONE); +- UNSIGNED_LONGLONGS_EQUAL(PSA_SUCCESS, psa_status); +- +- /* Set max counter value */ +- buffer[0] = 0xFF; +- buffer[1] = 0xFF; +- buffer[2] = 0xFF; +- buffer[3] = 0xFF; +- +- /* Counter of index B is max value */ +- psa_status = m_persistent_store.backend.interface->set( +- m_persistent_store.backend.context, OWNER_ID, DEFAULT_VARIABLE_INDEX_STORAGE_B_UID, +- sizeof(buffer), &buffer, PSA_STORAGE_FLAG_NONE); +- UNSIGNED_LONGLONGS_EQUAL(PSA_SUCCESS, psa_status); +- +- /* At next initialization of the store index A should be the latest index with counter value 0 */ +- uefi_variable_store_deinit(&m_uefi_variable_store); +- +- efi_status = uefi_variable_store_init(&m_uefi_variable_store, OWNER_ID, MAX_VARIABLES, +- m_persistent_backend, m_volatile_backend); +- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); +- +- UNSIGNED_LONGLONGS_EQUAL(m_uefi_variable_store.active_variable_index_uid, +- DEFAULT_VARIABLE_INDEX_STORAGE_A_UID); +- UNSIGNED_LONGLONGS_EQUAL(m_uefi_variable_store.variable_index.counter, 0); +- +- /* After setting a variable to trigger sync and rebooting index B should be the latest index with counter value 1*/ +- efi_status = set_variable(var_name, input_data, attributes); +- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); +- +- power_cycle(); +- +- UNSIGNED_LONGLONGS_EQUAL(m_uefi_variable_store.active_variable_index_uid, +- DEFAULT_VARIABLE_INDEX_STORAGE_B_UID); +- UNSIGNED_LONGLONGS_EQUAL(m_uefi_variable_store.variable_index.counter, 1); +-} +- +-TEST(UefiVariableStoreTests, oneEmptyVariableIndexExists) +-{ +- psa_status_t status = PSA_SUCCESS; +- +- /* Only, variable index A exists, but it is empty */ +- mock_store_reset(&m_persistent_store); +- +- status = m_persistent_store.backend.interface->create(m_persistent_store.backend.context, +- OWNER_ID, +- DEFAULT_VARIABLE_INDEX_STORAGE_A_UID, +- 100, PSA_STORAGE_FLAG_NONE); +- UNSIGNED_LONGLONGS_EQUAL(PSA_SUCCESS, status); +- +- power_cycle(); +- +- /* Empty index is considered non-existing so default index (A) is selected */ +- UNSIGNED_LONGLONGS_EQUAL(m_uefi_variable_store.active_variable_index_uid, +- DEFAULT_VARIABLE_INDEX_STORAGE_A_UID); +- UNSIGNED_LONGLONGS_EQUAL(m_uefi_variable_store.variable_index.counter, 0); +- +- /* Only, variable index B exists, but it is empty*/ +- mock_store_reset(&m_persistent_store); +- +- status = m_persistent_store.backend.interface->create(m_persistent_store.backend.context, +- OWNER_ID, +- DEFAULT_VARIABLE_INDEX_STORAGE_B_UID, +- 100, PSA_STORAGE_FLAG_NONE); +- UNSIGNED_LONGLONGS_EQUAL(PSA_SUCCESS, status); +- +- power_cycle(); +- +- /* Empty index is considered non-existing so default index (A) is selected */ +- UNSIGNED_LONGLONGS_EQUAL(m_uefi_variable_store.active_variable_index_uid, +- DEFAULT_VARIABLE_INDEX_STORAGE_A_UID); +- UNSIGNED_LONGLONGS_EQUAL(m_uefi_variable_store.variable_index.counter, 0); +-} +- +-TEST(UefiVariableStoreTests, oneVariableIndexAlreadySet) +-{ +- efi_status_t status = EFI_SUCCESS; +- /* Empty variable index with zero counter value */ +- uint8_t buffer[VARIABLE_INDEX_MAX_SIZE] = { 0 }; +- +- /* Set index A in the store with some data, so it will be found as the currently active index */ +- mock_store_reset(&m_persistent_store); +- +- status = m_persistent_store.backend.interface->set( +- m_persistent_store.backend.context, OWNER_ID, DEFAULT_VARIABLE_INDEX_STORAGE_A_UID, +- sizeof(buffer), &buffer, PSA_STORAGE_FLAG_NONE); +- UNSIGNED_LONGLONGS_EQUAL(PSA_SUCCESS, status); +- +- power_cycle(); +- +- UNSIGNED_LONGLONGS_EQUAL(m_uefi_variable_store.active_variable_index_uid, +- DEFAULT_VARIABLE_INDEX_STORAGE_A_UID); +- UNSIGNED_LONGLONGS_EQUAL(m_uefi_variable_store.variable_index.counter, 0); +- +- /* Set index B in the store with some data, so it will be found as the currently active index */ +- mock_store_reset(&m_persistent_store); +- +- status = m_persistent_store.backend.interface->set( +- m_persistent_store.backend.context, OWNER_ID, DEFAULT_VARIABLE_INDEX_STORAGE_B_UID, +- sizeof(buffer), &buffer, PSA_STORAGE_FLAG_NONE); +- UNSIGNED_LONGLONGS_EQUAL(PSA_SUCCESS, status); +- +- power_cycle(); +- +- UNSIGNED_LONGLONGS_EQUAL(m_uefi_variable_store.active_variable_index_uid, +- DEFAULT_VARIABLE_INDEX_STORAGE_B_UID); +- UNSIGNED_LONGLONGS_EQUAL(m_uefi_variable_store.variable_index.counter, 0); +-} +- +-TEST(UefiVariableStoreTests, variableIndexesWithSameData) +-{ +- psa_status_t psa_status = PSA_SUCCESS; +- efi_status_t efi_status = EFI_SUCCESS; +- /* Empty variable index with zero counter value */ +- uint8_t buffer[VARIABLE_INDEX_MAX_SIZE] = { 0 }; +- +- /* Set both indexes to the same data and counter value */ +- mock_store_reset(&m_persistent_store); +- +- psa_status = m_persistent_store.backend.interface->set( +- m_persistent_store.backend.context, OWNER_ID, DEFAULT_VARIABLE_INDEX_STORAGE_A_UID, +- sizeof(buffer), &buffer, PSA_STORAGE_FLAG_NONE); +- UNSIGNED_LONGLONGS_EQUAL(PSA_SUCCESS, psa_status); +- +- psa_status = m_persistent_store.backend.interface->set( +- m_persistent_store.backend.context, OWNER_ID, DEFAULT_VARIABLE_INDEX_STORAGE_B_UID, +- sizeof(buffer), &buffer, PSA_STORAGE_FLAG_NONE); +- UNSIGNED_LONGLONGS_EQUAL(PSA_SUCCESS, psa_status); +- +- /* +- * Initializing the store should fail, because if there are two indexes with the same counter it cannot be decided +- * which has the valid data. +- */ +- uefi_variable_store_deinit(&m_uefi_variable_store); +- +- efi_status = uefi_variable_store_init(&m_uefi_variable_store, OWNER_ID, MAX_VARIABLES, +- m_persistent_backend, m_volatile_backend); +- UNSIGNED_LONGLONGS_EQUAL(EFI_LOAD_ERROR, efi_status); +-} +diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.c b/components/service/uefi/smm_variable/backend/uefi_variable_store.c +index 48b81ff37..459ca4566 100644 +--- a/components/service/uefi/smm_variable/backend/uefi_variable_store.c ++++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.c +@@ -28,12 +28,9 @@ + #include "service/crypto/client/psa/crypto_client.h" + #endif + +-static psa_status_t get_active_variable_uid(struct uefi_variable_store *context, +- uint64_t *active_index_uid, uint32_t *counter); +- + static efi_status_t load_variable_index(struct uefi_variable_store *context); + +-static efi_status_t sync_variable_index(struct uefi_variable_store *context); ++static efi_status_t sync_variable_index(const struct uefi_variable_store *context); + + static efi_status_t check_capabilities(const SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var); + +@@ -138,14 +135,6 @@ static bool compare_name_to_key_store_name(const int16_t *name1, size_t size1, + const uint16_t *name2, size_t size2); + #endif + +-/* Private UID for storing the variable index */ +-#define SMM_VARIABLE_INDEX_STORAGE_A_UID UINT64_C(0x8000000000000001) +-#define SMM_VARIABLE_INDEX_STORAGE_B_UID UINT64_C(0x8000000000000002) +- +-_Static_assert(SMM_VARIABLE_INDEX_STORAGE_A_UID != SMM_VARIABLE_INDEX_STORAGE_B_UID, +- "SMM_VARIABLE_INDEX_STORAGE_A_UID must not be the same value as " +- "SMM_VARIABLE_INDEX_STORAGE_B_UID"); +- + /* Default maximum variable size - + * may be overridden using uefi_variable_store_set_storage_limits() + */ +@@ -398,7 +387,7 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store * + * index entry. + */ + if (should_sync_index) +- status = sync_variable_index((struct uefi_variable_store *)context); ++ status = sync_variable_index(context); + + /* Store any variable data to the storage backend with the updated metadata */ + if (info->is_variable_set && (status == EFI_SUCCESS)) { +@@ -620,148 +609,40 @@ efi_status_t uefi_variable_store_get_var_check_property( + return status; + } + +-/* Checks which index contains the latest data, which shall be loaded */ +-static psa_status_t get_active_variable_uid(struct uefi_variable_store *context, +- uint64_t *active_index_uid, uint32_t *counter) +-{ +- uint32_t counter_A = 0; +- uint32_t counter_B = 0; +- size_t data_len = 0; +- psa_status_t psa_status_A = PSA_SUCCESS; +- psa_status_t psa_status_B = PSA_SUCCESS; +- struct storage_backend *persistent_store = context->persistent_store.storage_backend; +- +- /* Set default value for the case when the index does not exist yet */ +- *active_index_uid = SMM_VARIABLE_INDEX_STORAGE_A_UID; +- *counter = 0; +- +- if (persistent_store) { +- psa_status_A = persistent_store->interface->get(persistent_store->context, +- context->owner_id, +- SMM_VARIABLE_INDEX_STORAGE_A_UID, 0, +- sizeof(counter_A), &counter_A, +- &data_len); +- +- if (psa_status_A == PSA_SUCCESS && data_len == 0) { +- psa_status_A = persistent_store->interface->remove( +- persistent_store->context, context->owner_id, +- SMM_VARIABLE_INDEX_STORAGE_A_UID); +- +- if (psa_status_A == PSA_SUCCESS) +- psa_status_A = PSA_ERROR_DOES_NOT_EXIST; +- else { +- EMSG("Erronous state of variable index"); +- return PSA_ERROR_STORAGE_FAILURE; +- } +- } +- +- psa_status_B = persistent_store->interface->get(persistent_store->context, +- context->owner_id, +- SMM_VARIABLE_INDEX_STORAGE_B_UID, 0, +- sizeof(counter_B), &counter_B, +- &data_len); +- +- if (psa_status_B == PSA_SUCCESS && data_len == 0) { +- psa_status_B = persistent_store->interface->remove( +- persistent_store->context, context->owner_id, +- SMM_VARIABLE_INDEX_STORAGE_B_UID); +- +- if (psa_status_B == PSA_SUCCESS) +- psa_status_B = PSA_ERROR_DOES_NOT_EXIST; +- else { +- EMSG("Erronous state of variable index"); +- return PSA_ERROR_STORAGE_FAILURE; +- } +- } +- +- if ((psa_status_A != PSA_SUCCESS && psa_status_A != PSA_ERROR_DOES_NOT_EXIST) || +- (psa_status_B != PSA_SUCCESS && psa_status_B != PSA_ERROR_DOES_NOT_EXIST)) +- return PSA_ERROR_STORAGE_FAILURE; +- +- if (psa_status_A == PSA_ERROR_DOES_NOT_EXIST) { +- if (psa_status_B == PSA_ERROR_DOES_NOT_EXIST) +- return PSA_ERROR_DOES_NOT_EXIST; +- +- *active_index_uid = SMM_VARIABLE_INDEX_STORAGE_B_UID; +- *counter = counter_B; +- +- return PSA_SUCCESS; +- } else if (psa_status_B == PSA_ERROR_DOES_NOT_EXIST) { +- *active_index_uid = SMM_VARIABLE_INDEX_STORAGE_A_UID; +- *counter = counter_A; +- +- return PSA_SUCCESS; +- } +- +- if (counter_A + 1 == counter_B) { +- *active_index_uid = SMM_VARIABLE_INDEX_STORAGE_B_UID; +- *counter = counter_B; +- return PSA_SUCCESS; +- } else if (counter_B + 1 == counter_A) { +- *active_index_uid = SMM_VARIABLE_INDEX_STORAGE_A_UID; +- *counter = counter_A; +- return PSA_SUCCESS; +- } else { +- EMSG("UEFI metadata variable index is invalid."); +- return PSA_ERROR_STORAGE_FAILURE; +- } +- } else { +- EMSG("Store backend is not accessible"); +- return PSA_ERROR_STORAGE_FAILURE; +- } +- +- return PSA_ERROR_STORAGE_FAILURE; +-} +- + static efi_status_t load_variable_index(struct uefi_variable_store *context) + { + struct storage_backend *persistent_store = context->persistent_store.storage_backend; +- psa_status_t psa_status = PSA_SUCCESS; + + if (persistent_store) { + size_t data_len = 0; + size_t data_offset = 0; +- struct psa_storage_info_t variable_index_info = { 0 }; +- +- psa_status = get_active_variable_uid(context, &context->active_variable_index_uid, +- &context->variable_index.counter); +- switch (psa_status) { +- case PSA_SUCCESS: +- break; +- +- case PSA_ERROR_DOES_NOT_EXIST: +- IMSG("Variable index does not exist in NV store, continuing with empty index"); +- return EFI_SUCCESS; +- +- default: +- EMSG("Loading variable index failed: %d", psa_status); +- return EFI_LOAD_ERROR; +- } +- +- /* Make sure the variable index fits the buffer */ +- persistent_store->interface->get_info(persistent_store->context, context->owner_id, +- context->active_variable_index_uid, +- &variable_index_info); +- +- if (variable_index_info.size > context->index_sync_buffer_size) { +- EMSG("Variable index cannot fit the sync buffer"); +- return EFI_LOAD_ERROR; +- } + + do { +- psa_status = persistent_store->interface->get( ++ psa_status_t psa_status = persistent_store->interface->get( + persistent_store->context, context->owner_id, +- context->active_variable_index_uid, data_offset, ++ SMM_VARIABLE_INDEX_STORAGE_UID, data_offset, + RPC_CALLER_SESSION_SHARED_MEMORY_SIZE, + context->index_sync_buffer + data_offset, &data_len); + +- if (psa_status != PSA_SUCCESS) { ++ switch (psa_status) { ++ case PSA_SUCCESS: ++ data_offset += data_len; ++ ++ if (data_offset > context->index_sync_buffer_size) { ++ EMSG("Variable index cannot fit the sync buffer"); ++ return EFI_LOAD_ERROR; ++ } ++ ++ break; ++ ++ case PSA_ERROR_DOES_NOT_EXIST: ++ IMSG("Index variable does not exist in NV store, continuing with empty index"); ++ return EFI_SUCCESS; ++ ++ default: + EMSG("Loading variable index failed: %d", psa_status); + return EFI_LOAD_ERROR; + } +- +- data_offset += data_len; +- + } while (data_len == RPC_CALLER_SESSION_SHARED_MEMORY_SIZE); + + variable_index_restore(&context->variable_index, data_offset, +@@ -774,7 +655,7 @@ static efi_status_t load_variable_index(struct uefi_variable_store *context) + return EFI_SUCCESS; + } + +-static efi_status_t sync_variable_index(struct uefi_variable_store *context) ++static efi_status_t sync_variable_index(const struct uefi_variable_store *context) + { + efi_status_t status = EFI_SUCCESS; + psa_status_t psa_status = PSA_SUCCESS; +@@ -794,24 +675,19 @@ static efi_status_t sync_variable_index(struct uefi_variable_store *context) + + if (persistent_store) { + size_t data_offset = 0; +- uint64_t next_index_uid = 0; +- +- /* Write the older one */ +- next_index_uid = (context->active_variable_index_uid == +- SMM_VARIABLE_INDEX_STORAGE_A_UID ? +- SMM_VARIABLE_INDEX_STORAGE_B_UID : +- SMM_VARIABLE_INDEX_STORAGE_A_UID); + + psa_status = persistent_store->interface->remove( +- persistent_store->context, context->owner_id, next_index_uid); ++ persistent_store->context, context->owner_id, ++ SMM_VARIABLE_INDEX_STORAGE_UID); + + if (psa_status != PSA_SUCCESS && psa_status != PSA_ERROR_DOES_NOT_EXIST) + goto end; + + /* Check if the index exists and create if not yet */ + psa_status = persistent_store->interface->create( +- persistent_store->context, context->owner_id, next_index_uid, +- remaining_data_len, PSA_STORAGE_FLAG_NONE); ++ persistent_store->context, context->owner_id, ++ SMM_VARIABLE_INDEX_STORAGE_UID, remaining_data_len, ++ PSA_STORAGE_FLAG_NONE); + + if (psa_status != PSA_SUCCESS) + goto end; +@@ -822,7 +698,8 @@ static efi_status_t sync_variable_index(struct uefi_variable_store *context) + + psa_status = persistent_store->interface->set_extended( + persistent_store->context, context->owner_id, +- next_index_uid, data_offset, data_of_this_iteration, ++ SMM_VARIABLE_INDEX_STORAGE_UID, data_offset, ++ data_of_this_iteration, + context->index_sync_buffer + data_offset); + + if (psa_status != PSA_SUCCESS) +@@ -1827,7 +1704,7 @@ static void purge_orphan_index_entries(const struct uefi_variable_store *context + } + + if (any_orphans) +- sync_variable_index((struct uefi_variable_store *)context); ++ sync_variable_index(context); + } + + static struct delegate_variable_store * +diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.h b/components/service/uefi/smm_variable/backend/uefi_variable_store.h +index 9f2c4a00c..2493ff6b4 100644 +--- a/components/service/uefi/smm_variable/backend/uefi_variable_store.h ++++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.h +@@ -52,7 +52,6 @@ struct uefi_variable_store { + uint32_t owner_id; + uint8_t *index_sync_buffer; + size_t index_sync_buffer_size; +- uint64_t active_variable_index_uid; + struct variable_index variable_index; + struct delegate_variable_store persistent_store; + struct delegate_variable_store volatile_store; +diff --git a/components/service/uefi/smm_variable/backend/variable_index.c b/components/service/uefi/smm_variable/backend/variable_index.c +index 90230426f..5fb6d08c5 100644 +--- a/components/service/uefi/smm_variable/backend/variable_index.c ++++ b/components/service/uefi/smm_variable/backend/variable_index.c +@@ -91,7 +91,6 @@ static struct variable_entry *containing_entry(const struct variable_info *info) + efi_status_t variable_index_init(struct variable_index *context, size_t max_variables) + { + context->max_variables = max_variables; +- context->counter = 0; + context->entries = + (struct variable_entry *)malloc(sizeof(struct variable_entry) * max_variables); + +@@ -109,9 +108,9 @@ void variable_index_deinit(struct variable_index *context) + + size_t variable_index_max_dump_size(struct variable_index *context) + { +- return sizeof(context->counter) + (sizeof(struct variable_metadata) + sizeof(bool) + +- sizeof(struct variable_constraints)) * +- context->max_variables; ++ return (sizeof(struct variable_metadata) + sizeof(bool) + ++ sizeof(struct variable_constraints)) * ++ context->max_variables; + } + + struct variable_info *variable_index_find(const struct variable_index *context, +@@ -288,16 +287,6 @@ efi_status_t variable_index_dump(const struct variable_index *context, size_t bu + *data_len = 0; + *any_dirty = false; + +- /* +- * Intentionally letting the counter overflow. +- * The buffer (index_sync_buffer) is provided by malloc, which allocates memory to a boundary +- * suitable for any default data type of the system (e.g uint32_t) +- */ +- *((uint32_t *)dump_pos) = context->counter + 1; +- bytes_dumped += sizeof(context->counter); +- dump_pos += sizeof(context->counter); +- +- /* Store variables */ + for (size_t pos = 0; pos < context->max_variables; pos++) { + struct variable_entry *entry = &context->entries[pos]; + struct variable_metadata *metadata = &entry->info.metadata; +@@ -344,24 +333,14 @@ efi_status_t variable_index_dump(const struct variable_index *context, size_t bu + return EFI_SUCCESS; + } + +-void variable_index_confirm_write(struct variable_index *context) +-{ +- context->counter++; +-} + +-size_t variable_index_restore(struct variable_index *context, size_t data_len, ++size_t variable_index_restore(const struct variable_index *context, size_t data_len, + const uint8_t *buffer) + { + size_t bytes_loaded = 0; + const uint8_t *load_pos = buffer; + int pos = 0; + +- if (data_len >= sizeof(context->counter)) { +- context->counter = *((uint32_t *)load_pos); +- bytes_loaded += sizeof(context->counter); +- load_pos += sizeof(context->counter); +- } +- + while (bytes_loaded < data_len) { + struct variable_entry *entry = &context->entries[pos]; + +diff --git a/components/service/uefi/smm_variable/backend/variable_index.h b/components/service/uefi/smm_variable/backend/variable_index.h +index 592dddc83..0151d636a 100644 +--- a/components/service/uefi/smm_variable/backend/variable_index.h ++++ b/components/service/uefi/smm_variable/backend/variable_index.h +@@ -75,7 +75,6 @@ struct variable_entry { + */ + struct variable_index { + size_t max_variables; +- uint32_t counter; + struct variable_entry *entries; + }; + +@@ -229,7 +228,7 @@ void variable_index_confirm_write(struct variable_index *context); + * + * @return Number of bytes loaded + */ +-size_t variable_index_restore(struct variable_index *context, size_t data_len, ++size_t variable_index_restore(const struct variable_index *context, size_t data_len, + const uint8_t *buffer); + + #ifdef __cplusplus +-- +2.25.1 + diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Revert-Load-and-store-UEFI-variable-index-in-chunks.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Revert-Load-and-store-UEFI-variable-index-in-chunks.patch new file mode 100644 index 00000000..09fa94fc --- /dev/null +++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Revert-Load-and-store-UEFI-variable-index-in-chunks.patch @@ -0,0 +1,291 @@ +From c490956e50e721c8f2db5934ae5af365ba92e55a Mon Sep 17 00:00:00 2001 +From: Bence Balogh +Date: Mon, 25 Nov 2024 22:13:15 +0100 +Subject: [PATCH 2/3] Revert "Load and store UEFI variable index in chunks" + +This reverts commit a0a08571084238af2a24d4e6e580308f86ab59a2. +The PSA IPC backend for the Protected Storage doesn't support the optional +create() and set_extended() APIs. This feature has to be reverted because +of this. +Keep this inappropriate patch until the usage of create() and set_extended() +APIs are not optional in the SMM-Gateway. + +Upstream-Status: Inappropriate [To be redesigned] +Signed-off-by: Bence Balogh +--- + .../backend/test/variable_store_tests.cpp | 100 +----------------- + .../backend/uefi_variable_store.c | 84 +++------------ + deployments/smm-gateway/common/smm_gateway.c | 4 + + 3 files changed, 22 insertions(+), 166 deletions(-) + +diff --git a/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp b/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp +index e0f21f77a..2a8c8eb94 100644 +--- a/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp ++++ b/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp +@@ -56,12 +56,6 @@ TEST_GROUP(UefiVariableStoreTests) + return var_name; + } + +- std::u16string intToChar16(const int i) +- { +- auto s = std::to_string(i); +- return { s.begin(), s.end() }; +- } +- + size_t string_get_size_in_bytes(const std::u16string &string) + { + return string.size() * sizeof(uint16_t); +@@ -266,9 +260,9 @@ TEST_GROUP(UefiVariableStoreTests) + MAX_VARIABLE_SIZE); + } + +- static const size_t MAX_VARIABLES = 5; ++ static const size_t MAX_VARIABLES = 10; + static const size_t MAX_VARIABLE_SIZE = 3000; +- static const size_t STORE_CAPACITY = MAX_VARIABLES * MAX_VARIABLE_SIZE; ++ static const size_t STORE_CAPACITY = 10000; + + static const uint32_t OWNER_ID = 100; + /* +@@ -773,93 +767,3 @@ TEST(UefiVariableStoreTests, noRemoveCheck) + EFI_VARIABLE_NON_VOLATILE); + UNSIGNED_LONGLONGS_EQUAL(EFI_INVALID_PARAMETER, status); + } +- +-TEST(UefiVariableStoreTests, fillStore) +-{ +- efi_status_t status = EFI_SUCCESS; +- +- /* Fill the variable store with max size variables */ +- for (size_t i = 0; i < MAX_VARIABLES; i++) { +- std::u16string current_var = u"var_"; +- std::string input_data(MAX_VARIABLE_SIZE, 'a'); +- std::string output_data; +- current_var += intToChar16(i); +- +- status = set_variable(current_var, input_data, +- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | +- EFI_VARIABLE_RUNTIME_ACCESS); +- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); +- +- /* Verify the write */ +- status = get_variable(current_var, output_data); +- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); +- +- /* Expect got variable data to be the same as the set value */ +- UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size()); +- LONGS_EQUAL(0, input_data.compare(output_data)); +- } +- +- /* Try adding a small variable to an already full store */ +- status = set_variable(u"var", "a", +- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | +- EFI_VARIABLE_RUNTIME_ACCESS); +- UNSIGNED_LONGLONGS_EQUAL(EFI_OUT_OF_RESOURCES, status); +-} +- +-TEST(UefiVariableStoreTests, fillIndex) +-{ +- efi_status_t status = EFI_SUCCESS; +- std::u16string var_name = u"var"; +- std::string input_data = "a"; +- std::string output_data; +- +- /* +- * Fill the variable store with small variables so the index +- * will be filled, but the store does not +- */ +- for (size_t i = 0; i < MAX_VARIABLES; i++) { +- std::u16string current_var = u"var_"; +- current_var += intToChar16(i); +- +- status = set_variable(current_var, input_data, +- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | +- EFI_VARIABLE_RUNTIME_ACCESS); +- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); +- +- /* Verify the write */ +- status = get_variable(current_var, output_data); +- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); +- +- /* Expect got variable data to be the same as the set value */ +- UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size()); +- LONGS_EQUAL(0, input_data.compare(output_data)); +- } +- +- /* Try adding a small variable to an already full store */ +- input_data.resize(1, 'a'); +- +- status = set_variable(u"var", input_data, +- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | +- EFI_VARIABLE_RUNTIME_ACCESS); +- UNSIGNED_LONGLONGS_EQUAL(EFI_OUT_OF_RESOURCES, status); +- +- /* Simulate a power-cycle without deleting the NV store content */ +- uefi_variable_store_deinit(&m_uefi_variable_store); +- +- /* Try loading the non-volatile variables */ +- status = uefi_variable_store_init(&m_uefi_variable_store, OWNER_ID, MAX_VARIABLES, +- m_persistent_backend, m_volatile_backend); +- +- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); +- +- /* Try reading the previously set variables */ +- for (size_t i = 0; i < MAX_VARIABLES; i++) { +- std::u16string current_var = u"var_"; +- current_var += intToChar16(i); +- +- status = get_variable(current_var, output_data); +- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); +- UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size()); +- LONGS_EQUAL(0, input_data.compare(output_data)); +- } +-} +diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.c b/components/service/uefi/smm_variable/backend/uefi_variable_store.c +index 459ca4566..e5fc32864 100644 +--- a/components/service/uefi/smm_variable/backend/uefi_variable_store.c ++++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.c +@@ -615,41 +615,26 @@ static efi_status_t load_variable_index(struct uefi_variable_store *context) + + if (persistent_store) { + size_t data_len = 0; +- size_t data_offset = 0; + +- do { +- psa_status_t psa_status = persistent_store->interface->get( +- persistent_store->context, context->owner_id, +- SMM_VARIABLE_INDEX_STORAGE_UID, data_offset, +- RPC_CALLER_SESSION_SHARED_MEMORY_SIZE, +- context->index_sync_buffer + data_offset, &data_len); ++ psa_status_t psa_status = persistent_store->interface->get( ++ persistent_store->context, context->owner_id, ++ SMM_VARIABLE_INDEX_STORAGE_UID, 0, context->index_sync_buffer_size, ++ context->index_sync_buffer, &data_len); + +- switch (psa_status) { ++ switch(psa_status) { + case PSA_SUCCESS: +- data_offset += data_len; +- +- if (data_offset > context->index_sync_buffer_size) { +- EMSG("Variable index cannot fit the sync buffer"); +- return EFI_LOAD_ERROR; +- } +- ++ (void) variable_index_restore(&context->variable_index, data_len, ++ context->index_sync_buffer); + break; + + case PSA_ERROR_DOES_NOT_EXIST: + IMSG("Index variable does not exist in NV store, continuing with empty index"); +- return EFI_SUCCESS; ++ break; + + default: + EMSG("Loading variable index failed: %d", psa_status); + return EFI_LOAD_ERROR; +- } +- } while (data_len == RPC_CALLER_SESSION_SHARED_MEMORY_SIZE); +- +- variable_index_restore(&context->variable_index, data_offset, +- context->index_sync_buffer); +- } else { +- EMSG("Loading variable index failed, store backend is not accessible"); +- return EFI_LOAD_ERROR; ++ } + } + + return EFI_SUCCESS; +@@ -658,14 +643,13 @@ static efi_status_t load_variable_index(struct uefi_variable_store *context) + static efi_status_t sync_variable_index(const struct uefi_variable_store *context) + { + efi_status_t status = EFI_SUCCESS; +- psa_status_t psa_status = PSA_SUCCESS; + bool is_dirty = false; + + /* Sync the variable index to storage if anything is dirty */ +- size_t remaining_data_len = 0; ++ size_t data_len = 0; + + status = variable_index_dump(&context->variable_index, context->index_sync_buffer_size, +- context->index_sync_buffer, &remaining_data_len, &is_dirty); ++ context->index_sync_buffer, &data_len, &is_dirty); + if (status != EFI_SUCCESS) + return status; + +@@ -674,52 +658,16 @@ static efi_status_t sync_variable_index(const struct uefi_variable_store *contex + context->persistent_store.storage_backend; + + if (persistent_store) { +- size_t data_offset = 0; +- +- psa_status = persistent_store->interface->remove( ++ psa_status_t psa_status = persistent_store->interface->set( + persistent_store->context, context->owner_id, +- SMM_VARIABLE_INDEX_STORAGE_UID); +- +- if (psa_status != PSA_SUCCESS && psa_status != PSA_ERROR_DOES_NOT_EXIST) +- goto end; ++ SMM_VARIABLE_INDEX_STORAGE_UID, data_len, ++ context->index_sync_buffer, PSA_STORAGE_FLAG_NONE); + +- /* Check if the index exists and create if not yet */ +- psa_status = persistent_store->interface->create( +- persistent_store->context, context->owner_id, +- SMM_VARIABLE_INDEX_STORAGE_UID, remaining_data_len, +- PSA_STORAGE_FLAG_NONE); +- +- if (psa_status != PSA_SUCCESS) +- goto end; +- +- do { +- size_t data_of_this_iteration = MIN( +- remaining_data_len, RPC_CALLER_SESSION_SHARED_MEMORY_SIZE); +- +- psa_status = persistent_store->interface->set_extended( +- persistent_store->context, context->owner_id, +- SMM_VARIABLE_INDEX_STORAGE_UID, data_offset, +- data_of_this_iteration, +- context->index_sync_buffer + data_offset); +- +- if (psa_status != PSA_SUCCESS) +- goto end; +- +- data_offset += RPC_CALLER_SESSION_SHARED_MEMORY_SIZE; +- remaining_data_len -= data_of_this_iteration; +- +- } while (remaining_data_len); +- +- variable_index_confirm_write(&context->variable_index); +- context->active_variable_index_uid = next_index_uid; +- } else { +- EMSG("Syncing variable index failed, store backend is not accessible"); +- return EFI_LOAD_ERROR; ++ status = psa_to_efi_storage_status(psa_status); + } + } + +- end: +- return psa_to_efi_storage_status(psa_status); ++ return status; + } + + /* Check attribute usage rules */ +diff --git a/deployments/smm-gateway/common/smm_gateway.c b/deployments/smm-gateway/common/smm_gateway.c +index 3ab45ccf5..eaa861370 100644 +--- a/deployments/smm-gateway/common/smm_gateway.c ++++ b/deployments/smm-gateway/common/smm_gateway.c +@@ -40,6 +40,10 @@ + #define SMM_UEFI_VARIABLE_STORE_INDEX_SIZE \ + UEFI_VARIABLE_STORE_INDEX_SIZE(SMM_GATEWAY_MAX_UEFI_VARIABLES) + ++_Static_assert(SMM_UEFI_VARIABLE_STORE_INDEX_SIZE < RPC_CALLER_SESSION_SHARED_MEMORY_SIZE, ++ "The UEFI variable index does not fit into the RPC shared memory, please increase " \ ++ "RPC_CALLER_SESSION_SHARED_MEMORY_SIZE"); ++ + /** + * The SP heap must be large enough for storing the UEFI variable index, the RPC shared memory and + * ~16kB of miscellaneous data. +-- +2.25.1 + diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Revert-Make-constraints-of-NV-UEFI-variables-persist.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Revert-Make-constraints-of-NV-UEFI-variables-persist.patch new file mode 100644 index 00000000..3f0ae436 --- /dev/null +++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Revert-Make-constraints-of-NV-UEFI-variables-persist.patch @@ -0,0 +1,387 @@ +From c0ffa57e7628f23747d7ee947358f8a538fa5d4c Mon Sep 17 00:00:00 2001 +From: Bence Balogh +Date: Mon, 25 Nov 2024 22:17:51 +0100 +Subject: [PATCH 3/3] Revert "Make constraints of NV UEFI variables persistent" + +This reverts commit 64bbde5d9950413cf724ffb792d4d1637892fa8b. +The FMP support didn't work with this commit. See the implementation in the +0003-FMP-Support-in-Corstone1000.patch file. The +0003-FMP-Support-in-Corstone1000.patch will be redesigned but until that, this +commit has to be reverted. + +Upstream-Status: Inappropriate [To be removed after new FWU design] +Signed-off-by: Bence Balogh +--- + .../backend/test/variable_index_tests.cpp | 93 +++---------------- + .../backend/uefi_variable_store.c | 12 +-- + .../smm_variable/backend/variable_index.c | 90 +++--------------- + .../smm_variable/backend/variable_index.h | 7 +- + 4 files changed, 36 insertions(+), 166 deletions(-) + +diff --git a/components/service/uefi/smm_variable/backend/test/variable_index_tests.cpp b/components/service/uefi/smm_variable/backend/test/variable_index_tests.cpp +index a52cfbf76..1b7a6b879 100644 +--- a/components/service/uefi/smm_variable/backend/test/variable_index_tests.cpp ++++ b/components/service/uefi/smm_variable/backend/test/variable_index_tests.cpp +@@ -214,28 +214,21 @@ TEST(UefiVariableIndexTests, dumpLoadRoadtrip) + + /* Expect the info for two NV variables to have been dumped */ + size_t dump_len = 0; +- bool is_dirty = false; +- efi_status_t status = EFI_SUCCESS; +- +- status = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len, +- &is_dirty); ++ bool is_dirty = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len); + + CHECK_TRUE(is_dirty); +- UNSIGNED_LONGS_EQUAL(EFI_SUCCESS, status); +- UNSIGNED_LONGS_EQUAL(((sizeof(struct variable_metadata) + sizeof(bool)) * 2), dump_len); ++ UNSIGNED_LONGS_EQUAL((sizeof(struct variable_metadata) * 2), dump_len); + + /* Expect no records to be dirty when the dump is repeated */ + dump_len = 0; +- status = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len, +- &is_dirty); ++ is_dirty = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len); + +- UNSIGNED_LONGS_EQUAL(EFI_SUCCESS, status); + CHECK_FALSE(is_dirty); +- UNSIGNED_LONGS_EQUAL(((sizeof(struct variable_metadata) + sizeof(bool)) * 2), dump_len); ++ UNSIGNED_LONGS_EQUAL((sizeof(struct variable_metadata) * 2), dump_len); + + /* Tear down and reinitialize to simulate a reboot */ + variable_index_deinit(&m_variable_index); +- status = variable_index_init(&m_variable_index, MAX_VARIABLES); ++ efi_status_t status = variable_index_init(&m_variable_index, MAX_VARIABLES); + UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); + + /* Load the dumped contents */ +@@ -268,52 +261,6 @@ TEST(UefiVariableIndexTests, dumpLoadRoadtrip) + UNSIGNED_LONGLONGS_EQUAL(EFI_NOT_FOUND, status); + } + +-TEST(UefiVariableIndexTests, dumpLoadConstrainedVariable) +-{ +- uint8_t buffer[MAX_VARIABLES * sizeof(struct variable_metadata)]; +- +- create_variables(); +- +- struct variable_constraints constraints; +- constraints.revision = 10; +- constraints.property = VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY; +- constraints.attributes = 0; +- constraints.min_size = 1; +- constraints.max_size = 100; +- +- /* Set check constraints on one of the variables */ +- struct variable_info *info = variable_index_find(&m_variable_index, &guid_2, +- string_get_size_in_bytes(name_2), +- (const int16_t *)name_2.data()); +- +- CHECK_TRUE(info); +- CHECK_TRUE(info->is_variable_set); +- CHECK_FALSE(info->is_constraints_set); +- +- variable_index_set_constraints(info, &constraints); +- +- CHECK_TRUE(info->is_constraints_set); +- CHECK_TRUE(info->is_variable_set); +- +- size_t dump_len = 0; +- bool is_dirty = false; +- efi_status_t status = EFI_SUCCESS; +- status = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len, +- &is_dirty); +- +- UNSIGNED_LONGS_EQUAL(EFI_SUCCESS, status); +- CHECK_TRUE(is_dirty); +- +- /* metadata and constraint status byte are stored for both NV variables, but only one of them has constraints */ +- UNSIGNED_LONGS_EQUAL((sizeof(struct variable_metadata) + sizeof(bool)) * 2 + +- sizeof(struct variable_constraints), +- dump_len); +- +- /* Load the dumped contents */ +- size_t load_len = variable_index_restore(&m_variable_index, dump_len, buffer); +- UNSIGNED_LONGS_EQUAL(dump_len, load_len); +-} +- + TEST(UefiVariableIndexTests, dumpBufferTooSmall) + { + uint8_t buffer[1 * sizeof(struct variable_metadata) + 1]; +@@ -325,15 +272,10 @@ TEST(UefiVariableIndexTests, dumpBufferTooSmall) + * exceed the length of the buffer. + */ + size_t dump_len = 0; +- bool is_dirty = false; +- efi_status_t status = EFI_SUCCESS; +- +- status = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len, +- &is_dirty); ++ bool is_dirty = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len); + + CHECK_TRUE(is_dirty); +- UNSIGNED_LONGS_EQUAL(EFI_BUFFER_TOO_SMALL, status); +- UNSIGNED_LONGS_EQUAL(0, dump_len); ++ UNSIGNED_LONGS_EQUAL(sizeof(struct variable_metadata) * 1, dump_len); + } + + TEST(UefiVariableIndexTests, removeVariable) +@@ -351,14 +293,10 @@ TEST(UefiVariableIndexTests, removeVariable) + + /* Expect index to be dirty and for only one NV variable to be left */ + size_t dump_len = 0; +- bool is_dirty = false; +- efi_status_t status = EFI_SUCCESS; +- status = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len, +- &is_dirty); ++ bool is_dirty = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len); + + CHECK_TRUE(is_dirty); +- UNSIGNED_LONGS_EQUAL(EFI_SUCCESS, status); +- UNSIGNED_LONGS_EQUAL(sizeof(struct variable_metadata) + sizeof(bool), dump_len); ++ UNSIGNED_LONGS_EQUAL((sizeof(struct variable_metadata) * 1), dump_len); + + /* Remove the volatile variable */ + info = variable_index_find(&m_variable_index, &guid_1, string_get_size_in_bytes(name_1), +@@ -368,12 +306,10 @@ TEST(UefiVariableIndexTests, removeVariable) + + /* Expect index not to be dirty because there was no change to any NV variable */ + dump_len = 0; +- status = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len, +- &is_dirty); ++ is_dirty = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len); + + CHECK_FALSE(is_dirty); +- UNSIGNED_LONGS_EQUAL(EFI_SUCCESS, status); +- UNSIGNED_LONGS_EQUAL(sizeof(struct variable_metadata) + sizeof(bool), dump_len); ++ UNSIGNED_LONGS_EQUAL((sizeof(struct variable_metadata) * 1), dump_len); + + /* Remove the remaining NV variable */ + info = variable_index_find(&m_variable_index, &guid_1, string_get_size_in_bytes(name_3), +@@ -383,15 +319,14 @@ TEST(UefiVariableIndexTests, removeVariable) + + /* Expect index to be dirty and dump to now be empty */ + dump_len = 0; +- status = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len, +- &is_dirty); ++ is_dirty = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len); + + CHECK_TRUE(is_dirty); +- UNSIGNED_LONGS_EQUAL(EFI_SUCCESS, status); +- UNSIGNED_LONGS_EQUAL(0, dump_len); ++ UNSIGNED_LONGS_EQUAL((sizeof(struct variable_metadata) * 0), dump_len); + + /* Enumerate and now expect an empty index */ + info = NULL; ++ efi_status_t status = EFI_SUCCESS; + + info = variable_index_find_next(&m_variable_index, &guid_1, + string_get_size_in_bytes(null_name), (const int16_t *) null_name.data(), +diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.c b/components/service/uefi/smm_variable/backend/uefi_variable_store.c +index e5fc32864..7da2d1e71 100644 +--- a/components/service/uefi/smm_variable/backend/uefi_variable_store.c ++++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.c +@@ -575,10 +575,8 @@ efi_status_t uefi_variable_store_set_var_check_property( + status = variable_checker_set_constraints(&constraints, info->is_constraints_set, + &property->VariableProperty); + +- if (status == EFI_SUCCESS) { ++ if (status == EFI_SUCCESS) + variable_index_set_constraints(info, &constraints); +- status = sync_variable_index(context); +- } + + variable_index_remove_unused_entry(&context->variable_index, info); + +@@ -643,15 +641,13 @@ static efi_status_t load_variable_index(struct uefi_variable_store *context) + static efi_status_t sync_variable_index(const struct uefi_variable_store *context) + { + efi_status_t status = EFI_SUCCESS; +- bool is_dirty = false; + + /* Sync the variable index to storage if anything is dirty */ + size_t data_len = 0; + +- status = variable_index_dump(&context->variable_index, context->index_sync_buffer_size, +- context->index_sync_buffer, &data_len, &is_dirty); +- if (status != EFI_SUCCESS) +- return status; ++ bool is_dirty = variable_index_dump(&context->variable_index, ++ context->index_sync_buffer_size, ++ context->index_sync_buffer, &data_len); + + if (is_dirty) { + struct storage_backend *persistent_store = +diff --git a/components/service/uefi/smm_variable/backend/variable_index.c b/components/service/uefi/smm_variable/backend/variable_index.c +index 5fb6d08c5..c39f7394b 100644 +--- a/components/service/uefi/smm_variable/backend/variable_index.c ++++ b/components/service/uefi/smm_variable/backend/variable_index.c +@@ -108,9 +108,7 @@ void variable_index_deinit(struct variable_index *context) + + size_t variable_index_max_dump_size(struct variable_index *context) + { +- return (sizeof(struct variable_metadata) + sizeof(bool) + +- sizeof(struct variable_constraints)) * +- context->max_variables; ++ return sizeof(struct variable_metadata) * context->max_variables; + } + + struct variable_info *variable_index_find(const struct variable_index *context, +@@ -269,68 +267,37 @@ void variable_index_set_constraints(struct variable_info *info, + const struct variable_constraints *constraints) + { + if (info) { +- struct variable_entry *entry = containing_entry(info); +- + info->check_constraints = *constraints; + info->is_constraints_set = true; +- +- mark_dirty(entry); + } + } + +-efi_status_t variable_index_dump(const struct variable_index *context, size_t buffer_size, +- uint8_t *buffer, size_t *data_len, bool *any_dirty) ++bool variable_index_dump(const struct variable_index *context, size_t buffer_size, uint8_t *buffer, ++ size_t *data_len) + { ++ bool any_dirty = false; + uint8_t *dump_pos = buffer; + size_t bytes_dumped = 0; + +- *data_len = 0; +- *any_dirty = false; +- + for (size_t pos = 0; pos < context->max_variables; pos++) { + struct variable_entry *entry = &context->entries[pos]; + struct variable_metadata *metadata = &entry->info.metadata; +- struct variable_constraints *constraints = &entry->info.check_constraints; + + if (entry->in_use && entry->info.is_variable_set && +- (metadata->attributes & EFI_VARIABLE_NON_VOLATILE)) { +- /* Store metadata */ +- if (bytes_dumped + sizeof(struct variable_metadata) > buffer_size) +- return EFI_BUFFER_TOO_SMALL; +- ++ (metadata->attributes & EFI_VARIABLE_NON_VOLATILE) && ++ ((bytes_dumped + sizeof(struct variable_metadata)) <= buffer_size)) { + memcpy(dump_pos, metadata, sizeof(struct variable_metadata)); + bytes_dumped += sizeof(struct variable_metadata); + dump_pos += sizeof(struct variable_metadata); +- +- /* Store constraints' status */ +- if (bytes_dumped + sizeof(entry->info.is_constraints_set) > buffer_size) +- return EFI_BUFFER_TOO_SMALL; +- +- memcpy(dump_pos, &entry->info.is_constraints_set, +- sizeof(entry->info.is_constraints_set)); +- bytes_dumped += sizeof(entry->info.is_constraints_set); +- dump_pos += sizeof(entry->info.is_constraints_set); +- +- /* Store constraints, if they are set */ +- if (entry->info.is_constraints_set) { +- if (bytes_dumped + sizeof(entry->info.check_constraints) > +- buffer_size) +- return EFI_BUFFER_TOO_SMALL; +- +- memcpy(dump_pos, constraints, +- sizeof(entry->info.check_constraints)); +- bytes_dumped += sizeof(entry->info.check_constraints); +- dump_pos += sizeof(entry->info.check_constraints); +- } + } + +- *any_dirty |= entry->dirty; ++ any_dirty |= entry->dirty; + entry->dirty = false; + } + + *data_len = bytes_dumped; + +- return EFI_SUCCESS; ++ return any_dirty; + } + + +@@ -342,50 +309,23 @@ size_t variable_index_restore(const struct variable_index *context, size_t data_ + int pos = 0; + + while (bytes_loaded < data_len) { +- struct variable_entry *entry = &context->entries[pos]; +- + if ((data_len - bytes_loaded) >= sizeof(struct variable_metadata)) { ++ struct variable_entry *entry = &context->entries[pos]; + struct variable_metadata *metadata = &entry->info.metadata; + +- /* Load metadata */ + memcpy(metadata, load_pos, sizeof(struct variable_metadata)); ++ ++ entry->info.is_variable_set = true; ++ entry->in_use = true; ++ + bytes_loaded += sizeof(struct variable_metadata); + load_pos += sizeof(struct variable_metadata); +- } else { +- /* Not a whole number of variable_metadata structs! */ +- break; +- } + +- if ((data_len - bytes_loaded) >= sizeof(entry->info.is_constraints_set)) { +- /* Load constraints' status */ +- memcpy(&entry->info.is_constraints_set, load_pos, +- sizeof(entry->info.is_constraints_set)); +- bytes_loaded += sizeof(entry->info.is_constraints_set); +- load_pos += sizeof(entry->info.is_constraints_set); ++ ++pos; + } else { +- /* Not enough space for constraints' status! */ ++ /* Not a whole number of variable_metadata structs! */ + break; + } +- +- if (entry->info.is_constraints_set) { +- if ((data_len - bytes_loaded) >= sizeof(struct variable_constraints)) { +- struct variable_constraints *constraints = +- &entry->info.check_constraints; +- +- /* Load constraints if they are set */ +- memcpy(constraints, load_pos, sizeof(struct variable_constraints)); +- bytes_loaded += sizeof(struct variable_constraints); +- load_pos += sizeof(struct variable_constraints); +- } else { +- /* Not a whole number of variable_constraints structs! */ +- break; +- } +- } +- +- entry->info.is_variable_set = true; +- entry->in_use = true; +- +- ++pos; + } + + return bytes_loaded; +diff --git a/components/service/uefi/smm_variable/backend/variable_index.h b/components/service/uefi/smm_variable/backend/variable_index.h +index 0151d636a..da6ed2476 100644 +--- a/components/service/uefi/smm_variable/backend/variable_index.h ++++ b/components/service/uefi/smm_variable/backend/variable_index.h +@@ -201,12 +201,11 @@ void variable_index_set_constraints(struct variable_info *info, + * @param[in] buffer_size Size of destination buffer + * @param[in] buffer Dump to this buffer + * @param[out] data_len Length of serialized data +- * @param[out] any_dirty True if there is unsaved data + * +- * @return EFI_SUCCESS if all the changes are dumped successfully ++ * @return True if there is unsaved data + */ +-efi_status_t variable_index_dump(const struct variable_index *context, size_t buffer_size, +- uint8_t *buffer, size_t *data_len, bool *any_dirty); ++bool variable_index_dump(const struct variable_index *context, size_t buffer_size, uint8_t *buffer, ++ size_t *data_len); + + /** + * @brief Confirms the successful write of the variable index into the storage +-- +2.25.1 + diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc index 89362ead..d9a73bc7 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc +++ b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc @@ -13,9 +13,11 @@ SRC_URI:append:corstone1000 = " \ file://0009-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch \ file://0010-Make-RSS-and-MHU-sizes-compile-time-definitions-user.patch \ file://0011-Align-PSA-Crypto-with-TF-Mv2.1.patch \ + file://0012-Revert-Make-variable-index-usage-robust-with-redunda.patch \ + file://0013-Revert-Load-and-store-UEFI-variable-index-in-chunks.patch \ + file://0014-Revert-Make-constraints-of-NV-UEFI-variables-persist.patch \ file://0015-se-proxy-protobuf-change.patch \ " - # The patches above introduce errors with GCC 14.1, silence them for now CFLAGS:append:corstone1000 = " -Wno-int-conversion -Wno-implicit-function-declaration" From patchwork Tue May 20 17:27:47 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Szing X-Patchwork-Id: 63318 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F02DBC3DA6D for ; Tue, 20 May 2025 17:28:23 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.27027.1747762094849828472 for ; Tue, 20 May 2025 10:28:14 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: gyorgy.szing@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 0D3C41516; Tue, 20 May 2025 10:28:01 -0700 (PDT) Received: from gyoszi01-yocto.budapest.arm.com (ubul2.budapest.arm.com [10.45.25.25]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id E7F2B3F5A1; Tue, 20 May 2025 10:28:13 -0700 (PDT) From: Gyorgy Szing To: meta-arm@lists.yoctoproject.org Cc: Bence Balogh Subject: [PATCH 9/9] arm-bsp/trusted-services: pass MM_COMM_BUFFER_SIZE to the libts build Date: Tue, 20 May 2025 19:27:47 +0200 Message-ID: <20250520172748.3439803-9-gyorgy.szing@arm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250520172748.3439803-1-gyorgy.szing@arm.com> References: <20250520172748.3439803-1-gyorgy.szing@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 May 2025 17:28:23 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6516 From: Bence Balogh The libts deployment expects the MM Communication buffer size to be provided using the "MM_COMM_BUFFER_SIZE" variable. Previously the default value which is set in the [1] was not overridden here in the recipe because of this. The size of the MM Communication buffers are not changed in this commit, the page size is 0x1000. [1] https://git.trustedfirmware.org/plugins/gitiles/TS/trusted-services.git/+/refs/tags/v1.1.0/deployments/libts/arm-linux/CMakeLists.txt#24 Signed-off-by: Bence Balogh --- .../recipes-security/trusted-services/libts_%.bbappend | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend b/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend index 2ae28c89..7871b1e5 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend +++ b/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend @@ -1,9 +1,9 @@ require ts-arm-platforms.inc EXTRA_OECMAKE:append:corstone1000 = "-DMM_COMM_BUFFER_ADDRESS=0x81FFF000 \ - -DMM_COMM_BUFFER_PAGE_COUNT=1 \ + -DMM_COMM_BUFFER_SIZE=0x1000 \ " EXTRA_OECMAKE:append:fvp-base = " -DMM_COMM_BUFFER_ADDRESS=0x81000000 \ - -DMM_COMM_BUFFER_PAGE_COUNT=8 \ + -DMM_COMM_BUFFER_SIZE=0x8000 \ "