Changes for DRTM Alpha Release (#320)

* val: gic: moved gic function to common

Signed-off-by: Rajat Goyal <[email protected]>

* drtm: added DRTM Uefi Application

 - Added build scripts

Signed-off-by: Rajat Goyal <[email protected]>

* drtm: Added DRTM tests

 - Added drtm interface tests
 - Added Dynamic Launch tests

Signed-off-by: Rajat Goyal <[email protected]>

* drtm: val/pal changes for drtm

Signed-off-by: Rajat Goyal <[email protected]>

* drtm: Readme changes for DRTM

Signed-off-by: Rajat Goyal <[email protected]>

---------

Signed-off-by: Rajat Goyal <[email protected]>

drtm/README.md

@@ -0,0 +1,124 @@
+
+# DRTM Architecture For Arm - Architecture Compliance Suite
+
+## Dynamic Root of Trust for Measurement
+**DRTM Acrhitecture for Arm** (DRTM) specification defines an architecture for Dynamic Root of Trust for Measurement (DRTM) for processors based on the Arm A-profile architecture.
+
+For more information, download the [DRTM Architecture for Arm](https://developer.arm.com/documentation/den0113/latest).
+
+## Release details
+ - Code Quality: Alpha
+ - The tests are written for version 1.0 of the DRTM Architecture for Arm.
+ - For more details on tests implemented in this release, Please refer [DRTM Test Scenario Document](docs/arm_drtm_architecture_compliance_test_scenario.pdf).
+
+## Downloading DRTM ACS
+
+DRTM ACS code is present in a sub-directory in bsa-acs repository.
+
+$ git clone https://github.com/ARM-software/bsa-acs.git <br/>
+$ cd bsa-acs <br/>
+
+## Building DRTM ACS
+### UEFI application
+#### Prerequisites
+
+ACS build requires that the following requirements are met, Please skip this if you are using [DRTM Application Build Script](scripts/build_drtm_uefi.sh).
+
+- Any mainstream Linux based OS distribution.
+- git clone EDK2 tree.
+- git clone EDK2-libc tree.
+- Install GCC-ARM 13.2 [toolchain](https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads).
+- Install the build prerequisite packages to build EDK2. The details of the packages are beyond the scope of this document.
+
+#### Build Steps
+
+$ cd /path/to/bsa-acs/<br/>
+$ source drtm/scripts/build_drtm_uefi.sh
+
+#### Build Output
+
+The following output file is created in /path/to/bsa-acs/workspace/output/:
+
+- Drtm.efi
+
+#### Note : Steps to get toolchain
+- wget https://developer.arm.com/-/media/Files/downloads/gnu/13.2.rel1/binrel/arm-gnu-toolchain-13.2.rel1-x86_64-aarch64-none-linux-gnu.tar.xz
+- tar -xf arm-gnu-toolchain-13.2.rel1-x86_64-aarch64-none-linux-gnu.tar.xz
+- export GCC49_AARCH64_PREFIX= GCC 13.2 toolchain path pointing to arm-gnu-toolchain-13.2.rel1-x86_64-aarch64-none-linux-gnu/bin/aarch64-none-linux-gnu-
+
+## Test suite execution in UEFI
+
+### Post-Silicon
+
+On a system where a USB port is available and functional, perform the following steps:
+
+1. Copy 'Drtm.efi' to a USB Flash drive.
+2. Plug in the USB Flash drive to one of the functional USB ports on the system.
+3. Boot the system to UEFI shell.
+4. To determine the file system number of the plugged in USB drive, execute 'map -r' command.
+5. Type 'fsx' where 'x' is replaced by the number determined in step 4.
+6. To start the compliance tests, run the executable Drtm.efi with the appropriate arguments.
+
+### Emulation environment with secondary storage
+
+On an emulation environment with secondary storage, perform the following steps:
+
+1. Create an image file which contains the 'Drtm.efi' file. For Example: <br/>
+$ mkfs.vfat -C -n HD0 hda.img 2097152 <br/>
+$ sudo mount hda.img /mnt/drtm <br/>
+$ cd /path/to/bsa-acs/workspace/output/ <br/>
+$ sudo cp Drtm.efi /mnt/drtm/ <br/>
+$ sudo umount /mnt/drtm
+2. Load the image file to the secondary storage using a backdoor. The steps followed to load the image file are Emulation environment specific and beyond the scope of this document.
+3. Boot the system to UEFI shell.
+4. To determine the file system number of the secondary storage, execute 'map -r' command.
+5. Type 'fsx' where 'x' is replaced by the number determined in step 4.
+6. To start the compliance tests, run the executable Drtm.efi with the appropriate arguments.
+
+## Application arguments
+
+Command line arguments are similar for uefi application, with some exceptions.
+
+### UEFI
+
+Shell> Drtm.efi [-v &lt;verbosity&gt;] [-skip &lt;test_id&gt;] [-f &lt;filename&gt;]
+
+#### -v
+Choose the verbosity level.
+
+- 1 - ERROR
+- 2 - WARN and ERROR
+- 3 - TEST and above
+- 4 - DEBUG and above
+- 5 - INFO and above
+
+#### -skip
+Overrides the suite to skip the execution of a particular
+test. For example, <i>-skip 10</i> skips test 10.
+
+#### -f (Only for UEFI application)
+Save the test output into a file in secondary storage. For example <i>-f drtm.log</i> creates a file drtm.log with test output.
+
+### UEFI example
+
+Shell> Drtm.efi -v 5 -skip 15,20,30 -f drtm_uefi.log
+
+Runs DRTM ACS with verbosity INFO, skips test 15, 20 and 30 and saves the test results in <i>drtm_uefi.log</i>.
+
+## Limitations
+
+ - Since this is a Alpha quality release, contains limited number of tests based on DRTM Specification.
+
+## License
+DRTM ACS is distributed under Apache v2.0 License.
+
+## Feedback, contributions, and support
+
+ - For feedback, use the GitHub Issue Tracker that is associated with this repository.
+ - For support, send an email to "[email protected]" with details.
+ - Arm licensees may contact Arm directly through their partner managers.
+ - Arm welcomes code contributions through GitHub pull requests. See the GitHub documentation on how to raise pull requests.
+
+--------------
+
+*Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.*

drtm/scripts/build_drtm_uefi.sh

@@ -0,0 +1,76 @@
+## @file
+#  Copyright (c) 2024, Arm Limited or its affiliates. All rights reserved.
+#  SPDX-License-Identifier : Apache-2.0
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+##
+
+#!/bin/bash
+
+WORK_DIR=${PWD}/workspace
+HOME_DIR=${PWD}
+
+if [ ! -d workspace ]
+then
+    mkdir workspace
+fi
+cd ${WORK_DIR}
+if [ ! -d arm-gnu-toolchain-13.2.rel1-x86_64-aarch64-none-linux-gnu ]
+then
+    rm -f arm-gnu-toolchain-13.2.rel1-x86_64-aarch64-none-linux-gnu.tar.xz
+    wget https://developer.arm.com/-/media/Files/downloads/gnu/13.2.rel1/binrel/arm-gnu-toolchain-13.2.rel1-x86_64-aarch64-none-linux-gnu.tar.xz
+    tar -xf arm-gnu-toolchain-13.2.rel1-x86_64-aarch64-none-linux-gnu.tar.xz
+fi
+
+if [ ! -d output ]
+then
+    mkdir output
+fi
+
+echo "Building DRTM ACS for UEFI"
+if [ ! -d edk2 ]
+then
+    git clone --recursive --branch edk2-stable202402 https://github.com/tianocore/edk2.git
+    git clone https://github.com/tianocore/edk2-libc edk2/edk2-libc
+fi
+cd ${WORK_DIR}/edk2
+make -C BaseTools
+
+if ! grep -q DrtmPalLib "ShellPkg/ShellPkg.dsc"
+then
+    sed -i '/LibraryClasses.common/ a \ \ DrtmPalLib|ShellPkg/Application/bsa-acs/pal/uefi_acpi/DrtmPalLib.inf' ShellPkg/ShellPkg.dsc
+fi
+if ! grep -q DrtmValLib "ShellPkg/ShellPkg.dsc"
+then
+    sed -i '/LibraryClasses.common/ a \ \ DrtmValLib|ShellPkg/Application/bsa-acs/val/DrtmValLib.inf' ShellPkg/ShellPkg.dsc
+fi
+if ! grep -q DrtmAcs "ShellPkg/ShellPkg.dsc"
+then
+    sed -i '/Components/ a \ \ ShellPkg/Application/bsa-acs/drtm/uefi_app/DrtmAcs.inf' ShellPkg/ShellPkg.dsc
+fi
+
+
+rm -f ShellPkg/Application/bsa-acs
+rm -rf Build/Shell/DEBUG_GCC49/*
+
+ln -s ${HOME_DIR} ShellPkg/Application/bsa-acs
+export GCC49_AARCH64_PREFIX=${WORK_DIR}/arm-gnu-toolchain-13.2.Rel1-x86_64-aarch64-none-linux-gnu/bin/aarch64-none-linux-gnu-
+export PACKAGES_PATH=${WORK_DIR}/edk2/edk2-libc
+
+source edksetup.sh
+source ShellPkg/Application/bsa-acs/tools/scripts/acsbuild.sh ENABLE_DRTM
+cp Build/Shell/DEBUG_GCC49/AARCH64/Drtm.efi ${WORK_DIR}/output
+
+cd ${HOME_DIR}
+
+echo "Drtm EFI Application is available here : ${WORK_DIR}/output/Drtm.efi"

drtm/test_pool/dl/test_dl001.c

@@ -0,0 +1,150 @@
+/** @file
+ * Copyright (c) 2024, Arm Limited or its affiliates. All rights reserved.
+ * SPDX-License-Identifier : Apache-2.0
+
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ **/
+
+#include "val/common/include/acs_val.h"
+#include "val/common/include/acs_memory.h"
+#include "val/drtm/include/drtm_val_interface.h"
+
+#define TEST_NUM   (ACS_DRTM_DL_TEST_NUM_BASE  +  1)
+#define TEST_RULE  "R312010, R314010, R314020, R314030, R314040"
+#define TEST_DESC  "Check Dynamic Launch Invalid Parameter"
+
+static
+void
+payload(uint32_t num_pe)
+{
+
+  /* This test will verify the DRTM Dynamic Launch
+   * Input parameter will be 64 bit address of DRTM Parameters
+   * */
+  uint32_t index = val_pe_get_index_mpid(val_pe_get_mpid());
+  int64_t  status;
+
+  DRTM_PARAMETERS *drtm_params;
+  uint64_t drtm_params_size = DRTM_SIZE_4K;
+  uint64_t dlme_image_addr;
+  uint64_t temp;
+
+  /* Allocate Memory For DRTM Parameters 4KB Aligned */
+  drtm_params = (DRTM_PARAMETERS *)((uint64_t)val_aligned_alloc(DRTM_SIZE_4K, drtm_params_size));
+  if (!drtm_params) {
+    val_print(ACS_PRINT_ERR, "\n    Failed to allocate memory for DRTM Params", 0);
+    val_set_status(index, RESULT_FAIL(TEST_NUM, 3));
+    return;
+  }
+
+  status = val_drtm_init_drtm_params(drtm_params);
+  if (status != ACS_STATUS_PASS) {
+    val_print(ACS_PRINT_ERR, "\n       DRTM Init Params failed err=%d", status);
+    val_set_status(index, RESULT_FAIL(TEST_NUM, 4));
+    goto free_drtm_params;
+  }
+
+  /* DLME Image address is sum of region start and DLME image offset */
+  dlme_image_addr = drtm_params->dlme_region_address + drtm_params->dlme_image_start;
+  val_memcpy((void *)dlme_image_addr, (void *)g_drtm_acs_dlme, g_drtm_acs_dlme_size);
+
+  /* Invoke DRTM Dynamic Launch, This will return only in case of error */
+
+  /* Part 1 : R312010 : Unaligned DRTM Parameters Address */
+  status = val_drtm_dynamic_launch(drtm_params + 4);
+  /* This will return invalid parameter */
+  if (status != DRTM_ACS_INVALID_PARAMETERS) {
+    val_print(ACS_PRINT_ERR, "\n       Incorrect Status. Expected = -2 Found = %d", status);
+    val_set_status(index, RESULT_FAIL(TEST_NUM, 5));
+    goto free_dlme_region;
+  }
+
+  /* Part 2 : R314010 : Unaligned DLME Region Start */
+  drtm_params->dlme_region_address = drtm_params->dlme_region_address + 0x4;
+  status = val_drtm_dynamic_launch(drtm_params);
+  /* This will return invalid parameter */
+  if (status != DRTM_ACS_INVALID_PARAMETERS) {
+    val_print(ACS_PRINT_ERR, "\n       Incorrect Status. Expected = -2 Found = %d", status);
+    val_set_status(index, RESULT_FAIL(TEST_NUM, 6));
+    goto free_dlme_region;
+  }
+  drtm_params->dlme_region_address = drtm_params->dlme_region_address - 0x4;
+
+  /* Part 3 : R314020 : Unaligned DLME Image Start */
+  drtm_params->dlme_image_start = drtm_params->dlme_image_start + 0x4;
+  status = val_drtm_dynamic_launch(drtm_params);
+  /* This will return invalid parameter */
+  if (status != DRTM_ACS_INVALID_PARAMETERS) {
+    val_print(ACS_PRINT_ERR, "\n       Incorrect Status. Expected = -2 Found = %d", status);
+    val_set_status(index, RESULT_FAIL(TEST_NUM, 7));
+    goto free_dlme_region;
+  }
+  drtm_params->dlme_image_start = drtm_params->dlme_image_start - 0x4;
+
+  /* Part 4 : R314030 : Unaligned DLME Data Start */
+  drtm_params->dlme_data_offset = drtm_params->dlme_data_offset + 0x4;
+  status = val_drtm_dynamic_launch(drtm_params);
+  /* This will return invalid parameter */
+  if (status != DRTM_ACS_INVALID_PARAMETERS) {
+    val_print(ACS_PRINT_ERR, "\n       Incorrect Status. Expected = -2 Found = %d", status);
+    val_set_status(index, RESULT_FAIL(TEST_NUM, 8));
+    goto free_dlme_region;
+  }
+  drtm_params->dlme_data_offset = drtm_params->dlme_data_offset - 0x4;
+
+  /* Part 5 : R314040 : DLME image must come before the DLME data and must not overlap */
+  /* Swap DLME image address and DLME data, so that DLME Data is before DLME Image */
+  temp = drtm_params->dlme_image_start;
+  drtm_params->dlme_image_start = drtm_params->dlme_data_offset;
+  drtm_params->dlme_data_offset = temp;
+
+  status = val_drtm_dynamic_launch(drtm_params);
+  /* This will return invalid parameter */
+  if (status != DRTM_ACS_INVALID_PARAMETERS) {
+    val_print(ACS_PRINT_ERR, "\n       Incorrect Status. Expected = -2 Found = %d", status);
+    val_set_status(index, RESULT_FAIL(TEST_NUM, 9));
+    goto free_dlme_region;
+  }
+
+  temp = drtm_params->dlme_image_start;
+  drtm_params->dlme_image_start = drtm_params->dlme_data_offset;
+  drtm_params->dlme_data_offset = temp;
+
+  val_set_status(index, RESULT_PASS(TEST_NUM, 1));
+
+free_dlme_region:
+  val_memory_free_aligned((void *)drtm_params->dlme_region_address);
+free_drtm_params:
+  val_memory_free_aligned((void *)drtm_params);
+
+  return;
+}
+
+uint32_t dl001_entry(uint32_t num_pe)
+{
+
+  uint32_t status = ACS_STATUS_FAIL;
+
+  status = val_initialize_test(TEST_NUM, TEST_DESC, num_pe);
+
+  if (status != ACS_STATUS_SKIP)
+  /* execute payload, which will execute relevant functions on current and other PEs */
+      payload(num_pe);
+
+  /* get the result from all PE and check for failure */
+  status = val_check_for_error(TEST_NUM, num_pe, TEST_RULE);
+
+  val_report_status(0, ACS_END(TEST_NUM), NULL);
+
+  return status;
+}