Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Measured boot on rk3399: Failed to map TPM log memory #6679

Closed
ZhanYF opened this issue Feb 10, 2024 · 3 comments
Closed

Measured boot on rk3399: Failed to map TPM log memory #6679

ZhanYF opened this issue Feb 10, 2024 · 3 comments
Labels
Stale

Comments

@ZhanYF
Copy link

ZhanYF commented Feb 10, 2024

I'm trying to setup measured boot on rk3399 but without much success, I expect TF-A to generate event log when MEASUERD_BOOT is enabled, but this does not happen. I suspect this is due to problems with memory mapping between the secure world and the non-secure world:

I/TC: No non-secure external DT                                                                                                                    
E/TC:0 0 get_tpm_phys_params:84 TPM: No DTB found                                                                                                  
D/TC:0 0 tpm_map_log_area:141 TPM Event log PA: 0                                                                                                  
D/TC:0 0 tpm_map_log_area:142 TPM Event log size: 0 Bytes                                                                                          
E/TC:0 0 tpm_map_log_area:149 TPM: Failed to map TPM log memory

Looking at get_tpm_phys_params it seems like the non-secure memory address and size for storing TPM Event Log is obtained from the arm,tpm_event_log node in the DTB, but I'm not sure:

  • How do I find the address I can use for storing TPM log?
  • Should I include the DTB via CFG_DT for OP-TEE? or there is a better approach?

Make env and flags: (full Makefile: https://github.com/ZhanYF/veritymobile/blob/dev-wip/Makefile)

TF-A:

TFA_FLAGS ?= -j ARCH=aarch64 \
                PLAT=rk3399 \
                SPD=opteed \
                LOG_LEVEL=40 \
                MEASURED_BOOT=1 \
                TRUSTED_BOARD_BOOT=1

fTPM:

FTPM_ENV_FLAGS ?= CFG_ARM64_core=y \
        CFG_FTPM_USE_WOLF=y \
        CFG_TEE_TA_LOG_LEVEL=4 \
        CFG_TA_DEBUG=y \
        CFG_TA_MEASURED_BOOT=y \
        TA_PLATFORM=rockchip-rk3399 \
        TA_CPU=cortex-a53 \
        TA_CROSS_COMPILE=$(CROSS_COMPILE_32) \
        TA_DEV_KIT_DIR=$(OPTEE_OS_TA_DEV_KIT_DIR)

optee with fTPM as early TA:

OPTEE_OS_WITH_TA_FLAGS ?= \
        $(OPTEE_OS_COMMON_EXTRA_FLAGS) \
        PLATFORM=rockchip-rk3399 \
        CROSS_COMPILE=$(CROSS_COMPILE_64) \
        CROSS_COMPILE_core=$(CROSS_COMPILE_64) \
        $(OPTEE_OS_TA_CROSS_COMPILE_FLAGS) \
        EARLY_TA_PATHS=$(FTPM_TA_PATH) \
        CFG_TEE_CORE_LOG_LEVEL=3 \
        CFG_TEE_TA_LOG_LEVEL=3 \
        CFG_EARLY_CONSOLE_BAUDRATE=115200 \
        CFG_CORE_TPM_EVENT_LOG=y

OPTEE_OS_ENV ?= \
        MEASURED_BOOT=y \
        MEASURED_BOOT_FTPM=y

Version info:

Mainline U-Boot SPL 2023.10
BL31: v2.9(release):v2.9.0-788-ga1377a89a
OP-TEE version: 3.22.0-233-g69a443d05-dev (gcc version 12.2.0 (Debian 12.2.0-14)) #1 Fri Feb 9 12:36:07 UTC 2024 aarch64
ftpm: https://github.com/ZhanYF/MSRSec/commits/master/

Full log:

U-Boot SPL 2023.10 (Feb 10 2024 - 02:16:34 -0500)                              
Trying to boot from MMC2                                                       
spl_load_fit_image: Skip load 'atf-5': image size is 0!                        
NOTICE:  BL31: v2.9(release):v2.9.0-788-ga1377a89a                             
NOTICE:  BL31: Built : 02:07:06, Feb 10 2024                                   
INFO:    GICv3 with legacy support detected.                                   
INFO:    ARM GICv3 driver initialized in EL3                                   
INFO:    Maximum SPI INTID supported: 287                                      
INFO:    plat_rockchip_pmu_init(1624): pd status 3e                            
INFO:    BL31: Initializing runtime services                                   
INFO:    BL31: Initializing BL32                                               
D/TC:0   get_aslr_seed:1332 No fdt                                             
D/TC:0   plat_get_aslr_seed:108 Warning: no ASLR seed                          
D/TC:0   add_phys_mem:667 VCORE_UNPG_RX_PA type TEE_RAM_RX 0x30000000 size 0x000ae000                                                                          
D/TC:0   add_phys_mem:667 VCORE_UNPG_RW_PA type TEE_RAM_RW 0x300ae000 size 0x00152000                                                                          
D/TC:0   add_phys_mem:667 ta_base type TA_RAM 0x30200000 size 0x01e00000       
D/TC:0   add_phys_mem:667 GIC_BASE type IO_SEC 0xfee00000 size 0x00200000      
D/TC:0   add_phys_mem:667 CFG_EARLY_CONSOLE_BASE type IO_NSEC 0xff000000 size 0x00200000                                                                       
D/TC:0   add_phys_mem:667 SGRF_BASE type IO_SEC 0xff200000 size 0x00200000                                                                                     
D/TC:0   add_phys_mem:667 TEE_SHMEM_START type NSEC_SHM 0x32000000 size 0x00400000                                                                             
D/TC:0   add_va_space:707 type RES_VASPACE size 0x00a00000                     
D/TC:0   add_va_space:707 type SHM_VASPACE size 0x02000000                     
D/TC:0   dump_mmap_table:835 type TEE_RAM_RX   va 0x30000000..0x300adfff pa 0x30000000..0x300adfff size 0x000ae000 (smallpg)                                   
D/TC:0   dump_mmap_table:835 type TEE_RAM_RW   va 0x300ae000..0x301fffff pa 0x300ae000..0x301fffff size 0x00152000 (smallpg)                                   
D/TC:0   dump_mmap_table:835 type SHM_VASPACE  va 0x30200000..0x321fffff pa 0x00000000..0x01ffffff size 0x02000000 (pgdir)                                     
D/TC:0   dump_mmap_table:835 type RES_VASPACE  va 0x32200000..0x32bfffff pa 0x00000000..0x009fffff size 0x00a00000 (pgdir)                                     
D/TC:0   dump_mmap_table:835 type TA_RAM       va 0x32c00000..0x349fffff pa 0x30200000..0x31ffffff size 0x01e00000 (pgdir)                                     
D/TC:0   dump_mmap_table:835 type NSEC_SHM     va 0x34a00000..0x34dfffff pa 0x32000000..0x323fffff size 0x00400000 (pgdir)                                     
D/TC:0   dump_mmap_table:835 type IO_SEC       va 0x34e00000..0x34ffffff pa 0xfee00000..0xfeffffff size 0x00200000 (pgdir)                                     
D/TC:0   dump_mmap_table:835 type IO_NSEC      va 0x35000000..0x351fffff pa 0xff000000..0xff1fffff size 0x00200000 (pgdir)                                     
D/TC:0   dump_mmap_table:835 type IO_SEC       va 0x35200000..0x353fffff pa 0xff200000..0xff3fffff size 0x00200000 (pgdir)                                     
D/TC:0   core_mmu_xlat_table_alloc:526 xlat tables used 1 / 5                  
D/TC:0   core_mmu_xlat_table_alloc:526 xlat tables used 2 / 5                  
I/TC:                                                                          
I/TC: No non-secure external DT                                                
E/TC:0 0 get_tpm_phys_params:84 TPM: No DTB found                              
D/TC:0 0 tpm_map_log_area:141 TPM Event log PA: 0                              
D/TC:0 0 tpm_map_log_area:142 TPM Event log size: 0 Bytes                      
E/TC:0 0 tpm_map_log_area:149 TPM: Failed to map TPM log memory                
D/TC:0 0 get_console_node_from_dt:74 No console directive from DTB             
I/TC: OP-TEE version: 3.22.0-233-g69a443d05 (gcc version 12.2.0 (Debian 12.2.0-14)) #1 Sat Feb 10 07:13:49 UTC 2024 aarch64                                    
I/TC: WARNING: This OP-TEE configuration might be insecure!                    
I/TC: WARNING: Please check https://optee.readthedocs.io/en/latest/architecture/porting_guidelines.html                                                        
I/TC: Primary CPU initializing                                                 
D/TC:0 0 boot_init_primary_late:1200 Executing at offset 0 with virtual load address 0x30000000                                                                
D/TC:0 0 call_preinitcalls:21 level 2 mobj_mapped_shm_init()                   
D/TC:0 0 mobj_mapped_shm_init:470 Shared memory address range: 30200000, 32200000                                                                              
D/TC:0 0 call_initcalls:40 level 1 register_time_source()                      
D/TC:0 0 call_initcalls:40 level 1 teecore_init_pub_ram()                      
D/TC:0 0 call_initcalls:40 level 2 probe_dt_drivers_early()                    
D/TC:0 0 call_initcalls:40 level 3 platform_init()                             
D/TC:0 0 platform_secure_ddr_region:35 protecting region 1: 0x30000000-0x32000000                                                                              
D/TC:0 0 call_initcalls:40 level 3 check_ta_store()                            
D/TC:0 0 check_ta_store:454 TA store: "early TA"                               
D/TC:0 0 check_ta_store:454 TA store: "Secure Storage TA"                      
D/TC:0 0 check_ta_store:454 TA store: "REE"                                    
D/TC:0 0 call_initcalls:40 level 3 early_ta_init()                             
D/TC:0 0 early_ta_init:56 Early TA bc50d971-d4c9-42c4-82cb-343fb7f37896 size 209095 (compressed, uncompressed 441580)                                          
D/TC:0 0 call_initcalls:40 level 3 verify_pseudo_tas_conformance()             
D/TC:0 0 call_initcalls:40 level 3 tee_cryp_init()                             
D/TC:0 0 call_initcalls:40 level 4 tee_fs_init_key_manager()                   
D/TC:0 0 call_initcalls:40 level 5 probe_dt_drivers()                          
D/TC:0 0 call_initcalls:40 level 6 mobj_init()                                 
D/TC:0 0 call_initcalls:40 level 6 default_mobj_init()                         
D/TC:0 0 call_initcalls:40 level 7 release_probe_lists()                       
D/TC:0 0 call_finalcalls:59 level 1 release_external_dt()                      
I/TC: Primary CPU switching to normal world boot                               
INFO:    BL31: Preparing for EL3 exit to normal world                          
INFO:    Entry point address = 0x200000                                        
INFO:    SPSR = 0x3c9                                                          
I/TC: Secondary CPU 1 initializing                                             
I/TC: Secondary CPU 1 switching to normal world boot                           
I/TC: Secondary CPU 2 initializing                                             
I/TC: Secondary CPU 2 switching to normal world boot                           
I/TC: Secondary CPU 3 initializing                                             
I/TC: Secondary CPU 3 switching to normal world boot                           
I/TC: Secondary CPU 4 initializing                                             
D/TC:4   select_vector_wa_spectre_v2:648 SMCCC_ARCH_WORKAROUND_1 (0x80008000) available                                                                        
D/TC:4   select_vector_wa_spectre_v2:650 SMC Workaround for CVE-2017-5715 used                                                                                 
I/TC: Secondary CPU 4 switching to normal world boot                           
I/TC: Secondary CPU 5 initializing                                             
D/TC:5   select_vector_wa_spectre_v2:648 SMCCC_ARCH_WORKAROUND_1 (0x80008000) available                                                                        
D/TC:5   select_vector_wa_spectre_v2:650 SMC Workaround for CVE-2017-5715 used                                                                                 
I/TC: Secondary CPU 5 switching to normal world boot
@github-actions GitHub Actions
Copy link

This issue has been marked as a stale issue because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this issue will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time.

@github-actions github-actions bot added the Stale label Mar 12, 2024
@jenswi-linaro
Copy link
Contributor

  • How do I find the address I can use for storing TPM log?

I guess TF-A already is using an address. Perhaps you can find it in some define or config variable?

  • Should I include the DTB via CFG_DT for OP-TEE? or there is a better approach?

That depends on how TF-A is configured on your platform. If it's configured to pass a DTB to OP-TEE then it should be quite easy to just update the DTB and let OP-TEE take the address from there. If not, then setting it in CFG_TPM_LOG_BASE_ADDR might be an option.

@github-actions github-actions bot removed the Stale label Mar 13, 2024
@github-actions GitHub Actions
Copy link

This issue has been marked as a stale issue because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this issue will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time.

@github-actions github-actions bot added the Stale label Apr 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jenswi-linaro @ZhanYF