From a91f89026cd48eefb561aa200cdbde9f8070d6ac Mon Sep 17 00:00:00 2001 From: Laukik Hase Date: Thu, 19 Dec 2024 17:42:22 +0530 Subject: [PATCH] feat(esp_tee): Make the attestation service configurable --- components/esp_tee/Kconfig.projbuild | 72 +++++++++++-------- .../scripts/esp32c6/secure_service.tbl | 1 - components/esp_tee/subproject/CMakeLists.txt | 2 +- .../private_include/esp_attestation_utils.h | 2 +- .../components/tee_attestation/CMakeLists.txt | 14 ++-- .../tee_attestation/esp_tee_att.cmake | 5 ++ .../tee_attestation/esp_tee_att.tbl | 2 + .../tee_attestation/esp_tee_attestation.c | 30 +++++++- .../main/core/esp_secure_services.c | 20 +----- .../test_apps/tee_cli_app/CMakeLists.txt | 4 ++ .../test_apps/tee_test_fw/CMakeLists.txt | 1 + .../components/test_sec_srv/test.tbl | 34 ++++----- .../test_apps/tee_test_fw/main/CMakeLists.txt | 5 +- docs/en/security/tee/tee-attestation.rst | 8 ++- .../tee/tee_attestation/CMakeLists.txt | 4 ++ .../security/tee/tee_basic/CMakeLists.txt | 1 + .../security/tee/tee_basic/sdkconfig.defaults | 1 + 17 files changed, 129 insertions(+), 77 deletions(-) create mode 100644 components/esp_tee/subproject/components/tee_attestation/esp_tee_att.cmake create mode 100644 components/esp_tee/subproject/components/tee_attestation/esp_tee_att.tbl diff --git a/components/esp_tee/Kconfig.projbuild b/components/esp_tee/Kconfig.projbuild index 5037dcdd44..69886842bd 100644 --- a/components/esp_tee/Kconfig.projbuild +++ b/components/esp_tee/Kconfig.projbuild @@ -59,44 +59,56 @@ menu "ESP-TEE (Trusted Execution Environment)" endmenu - choice SECURE_TEE_SEC_STG_MODE - prompt "Secure Storage: Mode" + menu "Secure Services" depends on SECURE_ENABLE_TEE - default SECURE_TEE_SEC_STG_MODE_DEVELOPMENT - help - Select the TEE secure storage mode - config SECURE_TEE_SEC_STG_MODE_DEVELOPMENT - bool "Development" + choice SECURE_TEE_SEC_STG_MODE + prompt "Secure Storage: Mode" + depends on SECURE_ENABLE_TEE + default SECURE_TEE_SEC_STG_MODE_DEVELOPMENT help - Secure storage will be encrypted by the data stored in eFuse BLK2 + Select the TEE secure storage mode - config SECURE_TEE_SEC_STG_MODE_RELEASE - depends on IDF_TARGET_ESP32C6 - bool "Release" + config SECURE_TEE_SEC_STG_MODE_DEVELOPMENT + bool "Development" + help + Secure storage will be encrypted by the data stored in eFuse BLK2 + + config SECURE_TEE_SEC_STG_MODE_RELEASE + depends on IDF_TARGET_ESP32C6 + bool "Release" + help + Secure storage will be encrypted by the data stored in eFuse block + configured through the SECURE_TEE_SEC_STG_KEY_EFUSE_BLK option + + endchoice + + config SECURE_TEE_SEC_STG_KEY_EFUSE_BLK + int "Secure Storage: Encryption key eFuse block" + depends on SECURE_TEE_SEC_STG_MODE_RELEASE + range 4 10 + default 10 help - Secure storage will be encrypted by the data stored in eFuse block - configured through the SECURE_TEE_SEC_STG_KEY_EFUSE_BLK option + eFuse block ID storing the TEE secure storage encryption key - endchoice + config SECURE_TEE_ATTESTATION + bool "Enable Attestation" + default y + help + This configuration enables the support for the Attestation service. - config SECURE_TEE_SEC_STG_KEY_EFUSE_BLK - int "Secure Storage: Encryption key eFuse block" - depends on SECURE_TEE_SEC_STG_MODE_RELEASE - range 4 10 - default 10 - help - eFuse block ID storing the TEE secure storage encryption key - config SECURE_TEE_ATT_KEY_SLOT_ID - depends on SECURE_ENABLE_TEE - int "Attestation: Secure Storage slot ID for EAT signing" - default 0 - range 0 14 - help - This configuration sets the slot ID from the TEE secure storage - storing the ECDSA keypair for executing sign/verify operations - from the TEE side (E.g. Attestation) + config SECURE_TEE_ATT_KEY_SLOT_ID + depends on SECURE_TEE_ATTESTATION + int "Attestation: Secure Storage slot ID for EAT signing" + default 0 + range 0 14 + help + This configuration sets the slot ID from the TEE secure storage + storing the ECDSA keypair for executing sign/verify operations + from the TEE side for attestation. + + endmenu config SECURE_TEE_DEBUG_MODE bool "Enable Debug Mode" diff --git a/components/esp_tee/scripts/esp32c6/secure_service.tbl b/components/esp_tee/scripts/esp32c6/secure_service.tbl index 41364ff629..09e36b7a97 100644 --- a/components/esp_tee/scripts/esp32c6/secure_service.tbl +++ b/components/esp_tee/scripts/esp32c6/secure_service.tbl @@ -43,4 +43,3 @@ 41 custom esp_tee_sec_storage_decrypt 8 42 custom esp_tee_sec_storage_is_slot_empty 1 43 custom esp_tee_sec_storage_clear_slot 1 -44 custom esp_tee_att_generate_token 6 diff --git a/components/esp_tee/subproject/CMakeLists.txt b/components/esp_tee/subproject/CMakeLists.txt index a475a9ba9a..07c0feb5ab 100644 --- a/components/esp_tee/subproject/CMakeLists.txt +++ b/components/esp_tee/subproject/CMakeLists.txt @@ -25,7 +25,7 @@ set(ESP_TEE_BUILD 1) set(NON_OS_BUILD 1) # TEE-specific components -list(APPEND COMPONENTS tee_flash_mgr tee_ota_ops tee_sec_storage attestation) +list(APPEND COMPONENTS tee_flash_mgr tee_ota_ops tee_sec_storage tee_attestation) # Include sdkconfig.h derived from the parent build. include_directories(${CONFIG_DIR}) diff --git a/components/esp_tee/subproject/components/attestation/private_include/esp_attestation_utils.h b/components/esp_tee/subproject/components/attestation/private_include/esp_attestation_utils.h index a5d2b2dac6..cb025e02e8 100644 --- a/components/esp_tee/subproject/components/attestation/private_include/esp_attestation_utils.h +++ b/components/esp_tee/subproject/components/attestation/private_include/esp_attestation_utils.h @@ -41,7 +41,7 @@ extern "C" { #define ESP_ATT_TK_MIN_SIZE (ESP_ATT_HDR_JSON_MAX_SZ + ESP_ATT_EAT_JSON_MAX_SZ + ESP_ATT_PUBKEY_JSON_MAX_SZ + ESP_ATT_SIGN_JSON_MAX_SZ) -#if ESP_TEE_BUILD +#if ESP_TEE_BUILD && CONFIG_SECURE_TEE_ATTESTATION #define ESP_ATT_TK_KEY_ID (CONFIG_SECURE_TEE_ATT_KEY_SLOT_ID) #else #define ESP_ATT_TK_KEY_ID (-1) diff --git a/components/esp_tee/subproject/components/tee_attestation/CMakeLists.txt b/components/esp_tee/subproject/components/tee_attestation/CMakeLists.txt index ed3d3b4449..02b16475e0 100644 --- a/components/esp_tee/subproject/components/tee_attestation/CMakeLists.txt +++ b/components/esp_tee/subproject/components/tee_attestation/CMakeLists.txt @@ -1,13 +1,17 @@ idf_build_get_property(esp_tee_build ESP_TEE_BUILD) -if(esp_tee_build) - return() -endif() - -set(srcs "esp_tee_attestation.c") +set(srcs) set(include_dirs ".") set(priv_requires esp_tee) +if(esp_tee_build) + list(APPEND priv_requires attestation main) +endif() + +if(CONFIG_SECURE_TEE_ATTESTATION) + list(APPEND srcs "esp_tee_attestation.c") +endif() + idf_component_register(SRCS ${srcs} INCLUDE_DIRS ${include_dirs} PRIV_REQUIRES ${priv_requires}) diff --git a/components/esp_tee/subproject/components/tee_attestation/esp_tee_att.cmake b/components/esp_tee/subproject/components/tee_attestation/esp_tee_att.cmake new file mode 100644 index 0000000000..b99f4aaf7f --- /dev/null +++ b/components/esp_tee/subproject/components/tee_attestation/esp_tee_att.cmake @@ -0,0 +1,5 @@ +# This file must be manually included in the project's top level CMakeLists.txt before project() +# This ensures that the variables are set before TEE starts building + +# Append secure service table consisting of secure services +idf_build_set_property(CUSTOM_SECURE_SERVICE_TBL ${CMAKE_CURRENT_LIST_DIR}/esp_tee_att.tbl APPEND) diff --git a/components/esp_tee/subproject/components/tee_attestation/esp_tee_att.tbl b/components/esp_tee/subproject/components/tee_attestation/esp_tee_att.tbl new file mode 100644 index 0000000000..03c4bf3ebc --- /dev/null +++ b/components/esp_tee/subproject/components/tee_attestation/esp_tee_att.tbl @@ -0,0 +1,2 @@ +# SS no. API type Function Args +101 custom esp_tee_att_generate_token 6 diff --git a/components/esp_tee/subproject/components/tee_attestation/esp_tee_attestation.c b/components/esp_tee/subproject/components/tee_attestation/esp_tee_attestation.c index 1f1c27e97c..741e8d16c3 100644 --- a/components/esp_tee/subproject/components/tee_attestation/esp_tee_attestation.c +++ b/components/esp_tee/subproject/components/tee_attestation/esp_tee_attestation.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -12,6 +12,12 @@ #include "esp_log.h" #include "esp_err.h" +#if ESP_TEE_BUILD +#include "esp_fault.h" +#include "esp_tee_memory_utils.h" +#include "esp_attestation.h" +#endif + #include "esp_tee.h" #include "secure_service_num.h" @@ -19,9 +25,31 @@ static __attribute__((unused)) const char *TAG = "esp_tee_att"; +#if ESP_TEE_BUILD + +esp_err_t _ss_esp_tee_att_generate_token(const uint32_t nonce, const uint32_t client_id, const char *psa_cert_ref, + uint8_t *token_buf, const size_t token_buf_size, uint32_t *token_len) +{ + bool valid_addr = (esp_tee_ptr_in_ree((void *)psa_cert_ref) && + esp_tee_ptr_in_ree((void *)token_buf) && + esp_tee_ptr_in_ree((void *)token_len)); + valid_addr &= (esp_tee_ptr_in_ree((void *)((char *)psa_cert_ref + 20)) && + esp_tee_ptr_in_ree((void *)((char *)token_buf + token_buf_size))); + + if (!valid_addr) { + return ESP_ERR_INVALID_ARG; + } + ESP_FAULT_ASSERT(valid_addr); + + return esp_att_generate_token(nonce, client_id, psa_cert_ref, token_buf, token_buf_size, token_len); +} + +#else + esp_err_t esp_tee_att_generate_token(const uint32_t nonce, const uint32_t client_id, const char *psa_cert_ref, uint8_t *token_buf, const size_t token_buf_size, uint32_t *token_len) { return (esp_err_t)esp_tee_service_call_with_noniram_intr_disabled(7, SS_ESP_TEE_ATT_GENERATE_TOKEN, nonce, client_id, psa_cert_ref, token_buf, token_buf_size, token_len); } +#endif diff --git a/components/esp_tee/subproject/main/core/esp_secure_services.c b/components/esp_tee/subproject/main/core/esp_secure_services.c index 0ea3b31598..d91192f691 100644 --- a/components/esp_tee/subproject/main/core/esp_secure_services.c +++ b/components/esp_tee/subproject/main/core/esp_secure_services.c @@ -434,26 +434,8 @@ esp_err_t _ss_esp_tee_sec_storage_clear_slot(uint16_t slot_id) return esp_tee_sec_storage_clear_slot(slot_id); } -/* ---------------------------------------------- Attestation ------------------------------------------------- */ - -esp_err_t _ss_esp_tee_att_generate_token(const uint32_t nonce, const uint32_t client_id, const char *psa_cert_ref, - uint8_t *token_buf, const size_t token_buf_size, uint32_t *token_len) -{ - bool valid_addr = (is_valid_ree_address((void *)psa_cert_ref) && is_valid_ree_address((void *)token_buf) && - is_valid_ree_address((void *)token_len)); - - valid_addr &= (is_valid_ree_address((void *)((char *)psa_cert_ref + 32)) && is_valid_ree_address((void *)((char *)token_buf + token_buf_size))); - - if (!valid_addr) { - return ESP_ERR_INVALID_ARG; - } - - ESP_FAULT_ASSERT(valid_addr); - - return esp_att_generate_token(nonce, client_id, psa_cert_ref, token_buf, token_buf_size, token_len); -} - /* ---------------------------------------------- MMU HAL ------------------------------------------------- */ + void _ss_mmu_hal_map_region(uint32_t mmu_id, mmu_target_t mem_type, uint32_t vaddr, uint32_t paddr, uint32_t len, uint32_t *out_len) { diff --git a/components/esp_tee/test_apps/tee_cli_app/CMakeLists.txt b/components/esp_tee/test_apps/tee_cli_app/CMakeLists.txt index 09fa1b505e..a87732fdbb 100644 --- a/components/esp_tee/test_apps/tee_cli_app/CMakeLists.txt +++ b/components/esp_tee/test_apps/tee_cli_app/CMakeLists.txt @@ -13,4 +13,8 @@ list(APPEND EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/components/esp_tee/subproject/co $ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_sec_storage) include($ENV{IDF_PATH}/tools/cmake/project.cmake) + +# Including the attestation service calls +include($ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_attestation/esp_tee_att.cmake) + project(tee_cli) diff --git a/components/esp_tee/test_apps/tee_test_fw/CMakeLists.txt b/components/esp_tee/test_apps/tee_test_fw/CMakeLists.txt index ac89d5cec6..87cacafa2e 100644 --- a/components/esp_tee/test_apps/tee_test_fw/CMakeLists.txt +++ b/components/esp_tee/test_apps/tee_test_fw/CMakeLists.txt @@ -14,5 +14,6 @@ list(APPEND EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/tools/unit-test-app/components include($ENV{IDF_PATH}/tools/cmake/project.cmake) include(${CMAKE_CURRENT_LIST_DIR}/components/test_sec_srv/test_tee_project.cmake) +include($ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_attestation/esp_tee_att.cmake) project(esp_tee_test) diff --git a/components/esp_tee/test_apps/tee_test_fw/components/test_sec_srv/test.tbl b/components/esp_tee/test_apps/tee_test_fw/components/test_sec_srv/test.tbl index 08f27b7b4f..5a6c311103 100644 --- a/components/esp_tee/test_apps/tee_test_fw/components/test_sec_srv/test.tbl +++ b/components/esp_tee/test_apps/tee_test_fw/components/test_sec_srv/test.tbl @@ -1,18 +1,18 @@ # SS no. API type Function Args -101 custom esp_tee_service_add 6 -102 custom esp_tee_service_sub 6 -103 custom esp_tee_service_mul 6 -104 custom esp_tee_service_div 6 -105 custom esp_tee_test_timer_init 6 -106 custom esp_tee_secure_int_test 6 -107 custom esp_tee_non_secure_int_test 6 -108 custom esp_tee_test_int_count 6 -109 custom esp_tee_test_resv_reg1_write_violation 0 -110 custom esp_tee_test_resv_reg1_exec_violation 0 -111 custom esp_tee_test_iram_reg1_write_violation 0 -112 custom esp_tee_test_iram_reg2_write_violation 0 -113 custom esp_tee_test_dram_reg1_exec_violation 0 -114 custom esp_tee_test_dram_reg2_exec_violation 0 -115 custom esp_tee_test_illegal_instruction 0 -201 custom dummy_secure_service 6 -202 custom add_in_loop 6 +201 custom esp_tee_service_add 6 +202 custom esp_tee_service_sub 6 +203 custom esp_tee_service_mul 6 +204 custom esp_tee_service_div 6 +205 custom esp_tee_test_timer_init 6 +206 custom esp_tee_secure_int_test 6 +207 custom esp_tee_non_secure_int_test 6 +208 custom esp_tee_test_int_count 6 +209 custom esp_tee_test_resv_reg1_write_violation 0 +210 custom esp_tee_test_resv_reg1_exec_violation 0 +211 custom esp_tee_test_iram_reg1_write_violation 0 +212 custom esp_tee_test_iram_reg2_write_violation 0 +213 custom esp_tee_test_dram_reg1_exec_violation 0 +214 custom esp_tee_test_dram_reg2_exec_violation 0 +215 custom esp_tee_test_illegal_instruction 0 +216 custom dummy_secure_service 6 +217 custom add_in_loop 6 diff --git a/components/esp_tee/test_apps/tee_test_fw/main/CMakeLists.txt b/components/esp_tee/test_apps/tee_test_fw/main/CMakeLists.txt index 995380b79d..0b5c34e6cd 100644 --- a/components/esp_tee/test_apps/tee_test_fw/main/CMakeLists.txt +++ b/components/esp_tee/test_apps/tee_test_fw/main/CMakeLists.txt @@ -13,9 +13,12 @@ list(APPEND srcs "test_esp_tee_ctx_switch.c" "test_esp_tee_panic.c" "test_esp_tee_sec_stg.c" "test_esp_tee_ota.c" - "test_esp_tee_att.c" "test_esp_tee_flash_prot.c") +if(CONFIG_SECURE_TEE_ATTESTATION) + list(APPEND srcs "test_esp_tee_att.c") +endif() + set(mbedtls_test_srcs_dir "${idf_path}/components/mbedtls/test_apps/main") # AES diff --git a/docs/en/security/tee/tee-attestation.rst b/docs/en/security/tee/tee-attestation.rst index 1830dc7ebd..4d57274d92 100644 --- a/docs/en/security/tee/tee-attestation.rst +++ b/docs/en/security/tee/tee-attestation.rst @@ -10,6 +10,10 @@ Thus, the attestation service is employed by the device to communicate evidence To ensure security, the EAT is cryptographically protected. The remote relying party can then verify the authenticity of the EAT and make decisions about engaging with the device based on its contents. +.. note:: + + - Support for Attestation can be toggled using the option :ref:`CONFIG_SECURE_TEE_ATTESTATION` (enabled by default). + Attestation Flow ---------------- @@ -251,6 +255,8 @@ API Reference .. note:: - To use the TEE Attestation APIs into your project, ensure the :component:`tee_attestation ` component is included by setting ``EXTRA_COMPONENT_DIRS`` in your project's ``CMakeLists.txt`` file, as shown in the :example:`tee_attestation ` example. For more information, refer to the :ref:`optional_project_variable` section from the :doc:`Build System ` documentation. + - To use the TEE Attestation APIs into your project, ensure the :component:`tee_attestation ` component is included by setting ``EXTRA_COMPONENT_DIRS`` in your project's ``CMakeLists.txt`` file, as shown in the :example:`tee_attestation ` example. For more information, refer to the :ref:`optional_project_variable` section from the :doc:`Build System ` documentation. + + - Additionally, the component-specific :component_file:`CMake ` file needs to be included in the top-level ``CMakeLists.txt`` of your project before calling the ``project()`` command to integrate the corresponding service calls into the project. .. include-build-file:: inc/esp_tee_attestation.inc diff --git a/examples/security/tee/tee_attestation/CMakeLists.txt b/examples/security/tee/tee_attestation/CMakeLists.txt index 6d208374ec..2bd98f78a4 100644 --- a/examples/security/tee/tee_attestation/CMakeLists.txt +++ b/examples/security/tee/tee_attestation/CMakeLists.txt @@ -8,4 +8,8 @@ cmake_minimum_required(VERSION 3.16) list(APPEND EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_attestation) include($ENV{IDF_PATH}/tools/cmake/project.cmake) + +# Including the attestation service calls +include($ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_attestation/esp_tee_att.cmake) + project(tee_attestation) diff --git a/examples/security/tee/tee_basic/CMakeLists.txt b/examples/security/tee/tee_basic/CMakeLists.txt index 91f996c02e..12a1e84ce9 100644 --- a/examples/security/tee/tee_basic/CMakeLists.txt +++ b/examples/security/tee/tee_basic/CMakeLists.txt @@ -4,6 +4,7 @@ cmake_minimum_required(VERSION 3.16) include($ENV{IDF_PATH}/tools/cmake/project.cmake) +# Including the example service calls include(${CMAKE_CURRENT_LIST_DIR}/components/example_secure_service/tee_project.cmake) project(tee_basic) diff --git a/examples/security/tee/tee_basic/sdkconfig.defaults b/examples/security/tee/tee_basic/sdkconfig.defaults index 053f38a496..ed1842d64c 100644 --- a/examples/security/tee/tee_basic/sdkconfig.defaults +++ b/examples/security/tee/tee_basic/sdkconfig.defaults @@ -1,3 +1,4 @@ # Enabling TEE CONFIG_SECURE_ENABLE_TEE=y CONFIG_PARTITION_TABLE_SINGLE_APP_TEE=y +CONFIG_SECURE_TEE_ATTESTATION=n