Mbed OS Reference
Loading...
Searching...
No Matches
tfm_boot_status.h
1
/*
2
* Copyright (c) 2018-2019, Arm Limited. All rights reserved.
3
*
4
* SPDX-License-Identifier: BSD-3-Clause
5
*
6
*/
7
8
#ifndef __TFM_BOOT_STATUS_H__
9
#define __TFM_BOOT_STATUS_H__
10
11
#include <stdint.h>
12
#include <stddef.h>
13
14
15
#ifdef __cplusplus
16
extern
"C"
{
17
#endif
18
19
/* Major numbers (4 bit) to identify
20
* the consumer of shared data in runtime SW
21
*/
22
#define TLV_MAJOR_CORE 0x0
23
#define TLV_MAJOR_IAS 0x1
24
25
/**
26
* The shared data between boot loader and runtime SW is TLV encoded. The
27
* shared data is stored in a well known location in secure memory and this is
28
* a contract between boot loader and runtime SW.
29
*
30
* The structure of shared data must be the following:
31
* - At the beginning there must be a header: struct shared_data_tlv_header
32
* This contains a magic number and a size field which covers the entire
33
* size of the shared data area including this header.
34
* - After the header there come the entries which are composed from an entry
35
* header structure: struct shared_data_tlv_entry and the data. In the entry
36
* header is a type field (tly_type) which identify the consumer of the
37
* entry in the runtime SW and specify the subtype of that data item. There
38
* is a size field (tlv_len) which covers the size of the entry header and
39
* the data. After this structure comes the actual data.
40
* - Arbitrary number and size of data entry can be in the shared memory area.
41
*
42
* This table gives of overview about the tlv_type field in the entry header.
43
* The tlv_type always composed from a major and minor number. Major number
44
* identifies the addressee in runtime SW, who should process the data entry.
45
* Minor number used to encode more info about the data entry. The actual
46
* definition of minor number could change per major number. In case of boot
47
* status data, which is going to be processed by initial attestation service
48
* the minor number is split further to two part: sw_module and claim. The
49
* sw_module identifies the SW component in the system which the data item
50
* belongs to and the claim part identifies the exact type of the data.
51
*
52
* |---------------------------------------|
53
* | tlv_type (16) |
54
* |---------------------------------------|
55
* | tlv_major(4)| tlv_minor(12) |
56
* |---------------------------------------|
57
* | MAJOR_IAS | sw_module(6) | claim(6) |
58
* |---------------------------------------|
59
* | MAJOR_CORE | TBD |
60
* |---------------------------------------|
61
*/
62
63
/* Initial attestation: SW components / SW modules
64
* This list is intended to be adjusted per device. It contains more SW
65
* components than currently available in TF-M project. It serves as an example,
66
* what kind of SW components might be available.
67
*/
68
#define SW_GENERAL 0x00
69
#define SW_BL2 0x01
70
#define SW_PROT 0x02
71
#define SW_AROT 0x03
72
#define SW_SPE 0x04
73
#define SW_NSPE 0x05
74
#define SW_S_NS 0x06
75
#define SW_MAX 0x07
76
77
/* Initial attestation: Claim per SW components / SW modules */
78
/* Bits: 0-2 */
79
#define SW_VERSION 0x00
80
#define SW_SIGNER_ID 0x01
81
#define SW_EPOCH 0x02
82
#define SW_TYPE 0x03
83
/* Bits: 3-5 */
84
#define SW_MEASURE_VALUE 0x08
85
#define SW_MEASURE_TYPE 0x09
86
87
/* Initial attestation: General claim does not belong any particular SW
88
* component. But they might be part of the boot status.
89
*/
90
#define BOOT_SEED 0x00
91
#define HW_VERSION 0x01
92
#define SECURITY_LIFECYCLE 0x02
93
94
/* Minor numbers (12 bit) to identify attestation service related data */
95
#define TLV_MINOR_IAS_BOOT_SEED ((SW_GENERAL << 6) | BOOT_SEED)
96
#define TLV_MINOR_IAS_HW_VERSION ((SW_GENERAL << 6) | HW_VERSION)
97
#define TLV_MINOR_IAS_SLC ((SW_GENERAL << 6) | SECURITY_LIFECYCLE)
98
99
/* Bootloader - It can be more stage */
100
#define TLV_MINOR_IAS_BL2_MEASURE_VALUE ((SW_BL2 << 6) | SW_MEASURE_VALUE)
101
#define TLV_MINOR_IAS_BL2_MEASURE_TYPE ((SW_BL2 << 6) | SW_MEASURE_TYPE)
102
#define TLV_MINOR_IAS_BL2_VERSION ((SW_BL2 << 6) | SW_VERSION)
103
#define TLV_MINOR_IAS_BL2_SIGNER_ID ((SW_BL2 << 6) | SW_SIGNER_ID)
104
#define TLV_MINOR_IAS_BL2_EPOCH ((SW_BL2 << 6) | SW_EPOCH)
105
#define TLV_MINOR_IAS_BL2_TYPE ((SW_BL2 << 6) | SW_TYPE)
106
107
/* PROT: PSA Root of Trust */
108
#define TLV_MINOR_IAS_PROT_MEASURE_VALUE ((SW_PROT << 6) | SW_MEASURE_VALUE)
109
#define TLV_MINOR_IAS_PROT_MEASURE_TYPE ((SW_PROT << 6) | SW_MEASURE_TYPE)
110
#define TLV_MINOR_IAS_PROT_VERSION ((SW_PROT << 6) | SW_VERSION)
111
#define TLV_MINOR_IAS_PROT_SIGNER_ID ((SW_PROT << 6) | SW_SIGNER_ID)
112
#define TLV_MINOR_IAS_PROT_EPOCH ((SW_PROT << 6) | SW_EPOCH)
113
#define TLV_MINOR_IAS_PROT_TYPE ((SW_PROT << 6) | SW_TYPE)
114
115
/* AROT: Application Root of Trust */
116
#define TLV_MINOR_IAS_AROT_MEASURE_VALUE ((SW_AROT << 6) | SW_MEASURE_VALUE)
117
#define TLV_MINOR_IAS_AROT_MEASURE_TYPE ((SW_AROT << 6) | SW_MEASURE_TYPE)
118
#define TLV_MINOR_IAS_AROT_VERSION ((SW_AROT << 6) | SW_VERSION)
119
#define TLV_MINOR_IAS_AROT_SIGNER_ID ((SW_AROT << 6) | SW_SIGNER_ID)
120
#define TLV_MINOR_IAS_AROT_EPOCH ((SW_AROT << 6) | SW_EPOCH)
121
#define TLV_MINOR_IAS_AROT_TYPE ((SW_AROT << 6) | SW_TYPE)
122
123
/* Non-secure processing environment - single non-secure image */
124
#define TLV_MINOR_IAS_NSPE_MEASURE_VALUE ((SW_NSPE << 6) | SW_MEASURE_VALUE)
125
#define TLV_MINOR_IAS_NSPE_MEASURE_TYPE ((SW_NSPE << 6) | SW_MEASURE_TYPE)
126
#define TLV_MINOR_IAS_NSPE_VERSION ((SW_NSPE << 6) | SW_VERSION)
127
#define TLV_MINOR_IAS_NSPE_SIGNER_ID ((SW_NSPE << 6) | SW_SIGNER_ID)
128
#define TLV_MINOR_IAS_NSPE_EPOCH ((SW_NSPE << 6) | SW_EPOCH)
129
#define TLV_MINOR_IAS_NSPE_TYPE ((SW_NSPE << 6) | SW_TYPE)
130
131
/* Secure processing environment (ARoT + PRoT) - single secure image */
132
#define TLV_MINOR_IAS_SPE_MEASURE_VALUE ((SW_SPE << 6) | SW_MEASURE_VALUE)
133
#define TLV_MINOR_IAS_SPE_MEASURE_TYPE ((SW_SPE << 6) | SW_MEASURE_TYPE)
134
#define TLV_MINOR_IAS_SPE_VERSION ((SW_SPE << 6) | SW_VERSION)
135
#define TLV_MINOR_IAS_SPE_SIGNER_ID ((SW_SPE << 6) | SW_SIGNER_ID)
136
#define TLV_MINOR_IAS_SPE_EPOCH ((SW_SPE << 6) | SW_EPOCH)
137
#define TLV_MINOR_IAS_SPE_TYPE ((SW_SPE << 6) | SW_TYPE)
138
139
/* SPE + NSPE - combined secure and non-secure image */
140
#define TLV_MINOR_IAS_S_NS_MEASURE_VALUE ((SW_S_NS << 6) | SW_MEASURE_VALUE)
141
#define TLV_MINOR_IAS_S_NS_MEASURE_TYPE ((SW_S_NS << 6) | SW_MEASURE_TYPE)
142
#define TLV_MINOR_IAS_S_NS_VERSION ((SW_S_NS << 6) | SW_VERSION)
143
#define TLV_MINOR_IAS_S_NS_SIGNER_ID ((SW_S_NS << 6) | SW_SIGNER_ID)
144
#define TLV_MINOR_IAS_S_NS_EPOCH ((SW_S_NS << 6) | SW_EPOCH)
145
#define TLV_MINOR_IAS_S_NS_TYPE ((SW_S_NS << 6) | SW_TYPE)
146
147
/* General macros to handle TLV type */
148
#define MAJOR_MASK 0xF
/* 4 bit */
149
#define MAJOR_POS 12
/* 12 bit */
150
#define MINOR_MASK 0xFFF
/* 12 bit */
151
152
#define SET_TLV_TYPE(major, minor) \
153
((((major) & MAJOR_MASK) << MAJOR_POS) | ((minor) & MINOR_MASK))
154
#define GET_MAJOR(tlv_type) ((tlv_type) >> MAJOR_POS)
155
#define GET_MINOR(tlv_type) ((tlv_type) & MINOR_MASK)
156
157
/* Initial attestation specific macros */
158
#define MODULE_POS 6
/* 6 bit */
159
#define CLAIM_MASK 0x3F
/* 6 bit */
160
#define MEASUREMENT_CLAIM_POS 3
/* 3 bit */
161
162
#define GET_IAS_MODULE(tlv_type) (GET_MINOR(tlv_type) >> MODULE_POS)
163
#define GET_IAS_CLAIM(tlv_type) (GET_MINOR(tlv_type) & CLAIM_MASK)
164
#define SET_IAS_MINOR(sw_module, claim) (((sw_module) << 6) | (claim))
165
166
#define GET_IAS_MEASUREMENT_CLAIM(ias_claim) ((ias_claim) >> \
167
MEASUREMENT_CLAIM_POS)
168
169
/* Magic value which marks the beginning of shared data area in memory */
170
#define SHARED_DATA_TLV_INFO_MAGIC 0x2016
171
172
/**
173
* Shared data TLV header. All fields in little endian.
174
*
175
* -----------------------------------
176
* | tlv_magic(16) | tlv_tot_len(16) |
177
* -----------------------------------
178
*/
179
struct
shared_data_tlv_header
{
180
uint16_t tlv_magic;
181
uint16_t tlv_tot_len;
/* size of whole TLV area (including this header) */
182
};
183
184
#define SHARED_DATA_HEADER_SIZE sizeof(struct shared_data_tlv_header)
185
186
/**
187
* Shared data TLV entry header format. All fields in little endian.
188
*
189
* -------------------------------
190
* | tlv_type(16) | tlv_len(16) |
191
* -------------------------------
192
* | Raw data |
193
* -------------------------------
194
*/
195
struct
shared_data_tlv_entry
{
196
uint16_t tlv_type;
197
uint16_t tlv_len;
/* size of single TLV entry (including this header). */
198
};
199
200
#define SHARED_DATA_ENTRY_HEADER_SIZE sizeof(struct shared_data_tlv_entry)
201
#define SHARED_DATA_ENTRY_SIZE(size) (size + SHARED_DATA_ENTRY_HEADER_SIZE)
202
203
#ifdef __cplusplus
204
}
205
#endif
206
207
#endif
/* __TFM_BOOT_STATUS_H__ */
shared_data_tlv_entry
Shared data TLV entry header format.
Definition:
tfm_boot_status.h:195
shared_data_tlv_header
Shared data TLV header.
Definition:
tfm_boot_status.h:179
platform
FEATURE_EXPERIMENTAL_API
FEATURE_PSA
TARGET_MBED_PSA_SRV
services
attestation
tfm_impl
tfm_boot_status.h
Generated by
1.9.5
1.9.5