I'm preparing the next set of patches for Measured Boot support in TF-A,

please find some details on design and implementation below.

1. SHA256/384/512 hash algorithm for Measured Boot related hash calculations

   is passed as an existing build 'HASH_ALG' build parameter.

2. BL1 calculates BL2 image hash and passes these data to BL2 via

   FW_CONFIG/TB_FW_CONFIG device tree in new 'bl2_hash_data' byte array added

   in 'fvp_fw_config.dts'.

   

These changes are part of the patch under review, please see

   https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3555

     

3. Event Log is calculated by BL2 in Secure Memory and copied to

   Non-secure memory. Address in Non-secure memory is calculated as:

     "nt_fw_config_addr + nt_fw_config_max_size"

     with values obtained from 'tb_fw_config':

     nt_fw_config_addr = <0x0 0x80000000>;

     nt_fw_config_max_size = <0x200>;

4. Event Log address and size is passed by TOS_FW_CONFIG and NT_FW_CONFIG

   device tree in 2 new added properties:

   Property name:  'tpm_event_log_addr'

   Value type is an unsigned 64-bit integer specifying the physical address

   of the Event Log.

   Property name:  'tpm_event_log_size'

   Value type is an unsigned 32-bit integer specifying the size of the Event Log.

   /* TPM Event Log Config */

   tpm_event_log {

       compatible = "arm,nt_fw";

       tpm_event_log_addr = <0x0 0x0>;

       tpm_event_log_size = <0x0>;

   };

5. TF-A provides Event Log to the BL33 (TFTF/UEFI/U-boot) in 'nt_fw_config'

   device tree, which address is passed by BL31 as 'arg0' parameter, see TFTF patch:

   https://review.trustedfirmware.org/c/TF-A/tf-a-tests/+/3327

   

6. A new test which validates and prints Event Log data passed

   in 'nt_fw_config' to BL33 will be added to TFTF.

Please review and provide your comments on the proposed design.

Regards.