Hi all,
I have 3 patches on review (/2149https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/2149/, /2148https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/2148/, /2147https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/2147/) that will change the interface between MCUBoot and the runtime SW. Currently the bootloader passes the measured boot status data to the attestation service through a shared memory area as individual claims (in TLV format). With these changes the boot status data will be encoded to CBOR format at build time and will be added to the image manifest during the image signing process. The bootloader will share this data the same way as before (as a new type of TLV), however the attestation service will have to handle this data differently as it's already CBOR encoded. This can cause the attestation tests to fail if an older MCUBoot image has been used with a newer build of the secure image or vice versa. To address this issuse / provide backward compatibility the new 'ATTEST_BOOT_INTERFACE' variable will be introduced in the build system (in one of the above patches) to be able to get back the old behavior. For this the 'ATTEST_BOOT_INTERFACE' variable has to be set to "INDIVIDUAL_CLAIMS" in the CMake configuration step:
"cmake -G"Unix Makefiles" -DPROJ_CONFIG=../configs/ConfigRegression.cmake -DTARGET_PLATFORM=AN521 -DCOMPILER=GNUARM -DATTEST_BOOT_INTERFACE=INDIVIDUAL_CLAIMS ../"
The old behavior will be retained for a while, however we have an intention to remove it entirely from the code in the future. Please let me know if you have any questions or concerns. I'd also welcome any feedback on the reviews.
Best regards, David Vincze