From 2541790f21a2db74ea556182210d5f4c608640e6 Mon Sep 17 00:00:00 2001 From: Daniel Jobson Date: Thu, 12 Sep 2024 13:19:40 +0200 Subject: [PATCH] WIP management app --- hw/application_fpga/Makefile | 9 ++-- hw/application_fpga/fw/tk1/mgmt_app.c | 75 +++++++++++++++++++++++++++ hw/application_fpga/fw/tk1/mgmt_app.h | 15 ++++++ 3 files changed, 96 insertions(+), 3 deletions(-) create mode 100644 hw/application_fpga/fw/tk1/mgmt_app.c create mode 100644 hw/application_fpga/fw/tk1/mgmt_app.h diff --git a/hw/application_fpga/Makefile b/hw/application_fpga/Makefile index ff375b9..337ad02 100644 --- a/hw/application_fpga/Makefile +++ b/hw/application_fpga/Makefile @@ -117,7 +117,8 @@ FIRMWARE_DEPS = \ $(P)/fw/tk1/preload_app.h \ $(P)/fw/tk1/auth_app.h \ $(P)/fw/tk1/htif.h \ - $(P)/fw/tk1/rng.h + $(P)/fw/tk1/rng.h \ + $(P)/fw/tk1/mgmt_app.h FIRMWARE_OBJS = \ $(P)/fw/tk1/main.o \ @@ -133,7 +134,8 @@ FIRMWARE_OBJS = \ $(P)/fw/tk1/preload_app.o \ $(P)/fw/tk1/auth_app.o \ $(P)/fw/tk1/htif.o \ - $(P)/fw/tk1/rng.o + $(P)/fw/tk1/rng.o \ + $(P)/fw/tk1/mgmt_app.o FIRMWARE_SOURCES = \ $(P)/fw/tk1/main.c \ @@ -148,7 +150,8 @@ FIRMWARE_SOURCES = \ $(P)/fw/tk1/preload_app.c \ $(P)/fw/tk1/auth_app.c \ $(P)/fw/tk1/htif.c \ - $(P)/fw/tk1/rng.c + $(P)/fw/tk1/rng.c \ + $(P)/fw/tk1/mgmt_app.c TESTFW_OBJS = \ $(P)/fw/testfw/main.o \ diff --git a/hw/application_fpga/fw/tk1/mgmt_app.c b/hw/application_fpga/fw/tk1/mgmt_app.c new file mode 100644 index 0000000..6d56e53 --- /dev/null +++ b/hw/application_fpga/fw/tk1/mgmt_app.c @@ -0,0 +1,75 @@ +// Copyright (C) 2024 - Tillitis AB +// SPDX-License-Identifier: GPL-2.0-only + +#include "mgmt_app.h" +#include "auth_app.h" +#include "lib.h" +#include "partition_table.h" + +#include + +/* Returns true if an management app is already registered */ +static bool mgmt_app_registered(management_app_metadata_t *mgmt_table) +{ + + if (mgmt_table->status == 0x00) { + /* No management app registered */ + return false; + // TODO: Should we also check nonce, authentication digest for + // non-zero? + } + + return true; +} + +/* Authenticate an management app */ +bool mgmt_app_authenticate(management_app_metadata_t *mgmt_table) +{ + if (!mgmt_app_registered(mgmt_table)) { + return false; + } + + return auth_app_authenticate(&mgmt_table->auth); +} + +/* Register an management app, returns zero on success */ +int mgmt_app_register(partition_table_t *part_table) +{ + /* Check if the current app is the mgmt app */ + if (mgmt_app_authenticate(&part_table->mgmt_app_data)) { + return 0; + } + + /* Check if another management app is registered */ + if (mgmt_app_registered(&part_table->mgmt_app_data)) { + return -1; + } + + auth_app_create(&part_table->mgmt_app_data.auth); + part_table->mgmt_app_data.status = 0x01; + + part_table_write(part_table); + + return 0; +} + +/* Unregister the currently registered app, returns zero on success */ +int mgmt_app_unregister(partition_table_t *part_table) +{ + /* Only the management app should be able to unregister itself */ + if (!mgmt_app_authenticate(&part_table->mgmt_app_data)) { + return -1; + } + + part_table->mgmt_app_data.status = 0; + + memset(part_table->mgmt_app_data.auth.nonce, 0x00, + sizeof(part_table->mgmt_app_data.auth.nonce)); + + memset(part_table->mgmt_app_data.auth.authentication_digest, 0x00, + sizeof(part_table->mgmt_app_data.auth.authentication_digest)); + + part_table_write(part_table); + + return 0; +} diff --git a/hw/application_fpga/fw/tk1/mgmt_app.h b/hw/application_fpga/fw/tk1/mgmt_app.h new file mode 100644 index 0000000..611f3f6 --- /dev/null +++ b/hw/application_fpga/fw/tk1/mgmt_app.h @@ -0,0 +1,15 @@ +// Copyright (C) 2024 - Tillitis AB +// SPDX-License-Identifier: GPL-2.0-only + +#ifndef MGMT_APP_H +#define MGMT_APP_H + +#include "partition_table.h" + +#include + +bool mgmt_app_authenticate(management_app_metadata_t *mgmt_table); +int mgmt_app_register(partition_table_t *part_table); +int mgmt_app_unregister(partition_table_t *part_table); + +#endif