Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding the stash measurement functionality to AuthorizeAndStashCmd #1763

Merged
merged 3 commits into from
Nov 4, 2024
+36 −11
Merged

Adding the stash measurement functionality to AuthorizeAndStashCmd #1763

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c939edf
Adding the stash measurement functionality to AuthorizeAndStashCmd
mhatrevi Nov 1, 2024
ffa9286
Removing leftover comment
mhatrevi Nov 2, 2024
c0d0386
Not stashing the measurement if hash is not authorized
mhatrevi Nov 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions error/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -441,6 +441,8 @@ impl CaliptraError {
pub const RUNTIME_AUTH_AND_STASH_UNSUPPORTED_IMAGE_SOURCE: CaliptraError =
CaliptraError::new_const(0x000E004E);
pub const RUNTIME_CMD_RESERVED_PAUSER: CaliptraError = CaliptraError::new_const(0x000E004F);
pub const RUNTIME_AUTH_AND_STASH_MEASUREMENT_DPE_ERROR: CaliptraError =
CaliptraError::new_const(0x000E0050);

/// FMC Errors
pub const FMC_GLOBAL_NMI: CaliptraError = CaliptraError::new_const(0x000F0001);
Expand Down
16 changes: 13 additions & 3 deletions runtime/src/authorize_and_stash.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ Abstract:
use core::cmp::min;
use core::mem::size_of;

use crate::{dpe_crypto::DpeCrypto, CptraDpeTypes, DpePlatform, Drivers};
use crate::{dpe_crypto::DpeCrypto, CptraDpeTypes, DpePlatform, Drivers, StashMeasurementCmd};
use caliptra_auth_man_types::{
AuthManifestImageMetadataCollection, AuthManifestImageMetadataCollectionHeader,
AuthManifestPreamble, AUTH_MANIFEST_MARKER,
Expand Down Expand Up @@ -78,8 +78,18 @@ impl AuthorizeAndStashCmd {

let flags: AuthAndStashFlags = cmd.flags.into();
if !flags.contains(AuthAndStashFlags::SKIP_STASH) {
// TODO: Stash the image hash
Err(CaliptraError::RUNTIME_UNIMPLEMENTED_COMMAND)?;
// TODO do we need to return this?
let dpe_result = StashMeasurementCmd::stash_measurement(
drivers,
&cmd.metadata,
&cmd.measurement,
)?;
if dpe_result != DpeErrorCode::NoError {
drivers
.soc_ifc
.set_fw_extended_error(dpe_result.get_error_code());
Err(CaliptraError::RUNTIME_AUTH_AND_STASH_MEASUREMENT_DPE_ERROR)?;
}
}

Ok(MailboxResp::AuthorizeAndStash(AuthorizeAndStashResp {
Expand Down
23 changes: 17 additions & 6 deletions runtime/src/stash_measurement.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,11 @@ pub struct StashMeasurementCmd;
impl StashMeasurementCmd {
#[cfg_attr(not(feature = "no-cfi"), cfi_impl_fn)]
#[inline(never)]
pub(crate) fn execute(drivers: &mut Drivers, cmd_args: &[u8]) -> CaliptraResult<MailboxResp> {
let cmd = StashMeasurementReq::read_from(cmd_args)
.ok_or(CaliptraError::RUNTIME_INSUFFICIENT_MEMORY)?;
pub(crate) fn stash_measurement(
drivers: &mut Drivers,
metadata: &[u8; 4],
measurement: &[u8; 48],
) -> CaliptraResult<DpeErrorCode> {
let dpe_result = {
match drivers.caller_privilege_level() {
// Only PL0 can call STASH_MEASUREMENT
Expand Down Expand Up @@ -78,12 +80,12 @@ impl StashMeasurementCmd {

let derive_context_resp = DeriveContextCmd {
handle: ContextHandle::default(),
data: cmd.measurement,
data: *measurement,
flags: DeriveContextFlags::MAKE_DEFAULT
| DeriveContextFlags::CHANGE_LOCALITY
| DeriveContextFlags::INPUT_ALLOW_CA
| DeriveContextFlags::INPUT_ALLOW_X509,
tci_type: u32::from_ne_bytes(cmd.metadata),
tci_type: u32::from_ne_bytes(*metadata),
target_locality: locality,
}
.execute(&mut pdata.dpe, &mut env, locality);
Expand All @@ -105,10 +107,19 @@ impl StashMeasurementCmd {
drivers.pcr_bank.extend_pcr(
PCR_ID_STASH_MEASUREMENT,
&mut drivers.sha384,
cmd.measurement.as_bytes(),
measurement.as_bytes(),
)?;
}

Ok(dpe_result)
}

pub(crate) fn execute(drivers: &mut Drivers, cmd_args: &[u8]) -> CaliptraResult<MailboxResp> {
let cmd = StashMeasurementReq::read_from(cmd_args)
.ok_or(CaliptraError::RUNTIME_INSUFFICIENT_MEMORY)?;

let dpe_result = Self::stash_measurement(drivers, &cmd.metadata, &cmd.measurement)?;

Ok(MailboxResp::StashMeasurement(StashMeasurementResp {
hdr: MailboxRespHeader::default(),
dpe_result: dpe_result.get_error_code(),
Expand Down
Loading