Hi everyone,
IAS docs have thishttps://tf-m-user-guide.trustedfirmware.org/docs/integration_guide/services/tfm_attestation_integration_guide.html#:~:text=that%20data%20item.-,Note,-There%20is%20a note that says: There is a size field tlv_len which has different definitions in the upstream MCUboot repository and in its TF-M forked version:
* Upstream MCUboot: Covers only the length of data but not the header size. * TF-M MCUboot: Covers the size of the entry header and the data together. This difference is handled by TF-M code based on which bootloader is used along with TF-M runtime.
I was wondering where in code is this difference handled?
When calculating next TLV entry address attest_core.c line 213https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/secure_fw/partitions/initial_attestation/attest_core.c#n213 takes into account SHARED_DATA_ENTRY_HEADER_SIZE: tlv_curr = (*tlv_ptr) + SHARED_DATA_ENTRY_HEADER_SIZE + tlv_entry.tlv_len;
So tlv_entry.tlv_len then must cover only length of entry (without header). This way corresponds to: "Upstream MCUboot: Covers only the length of data but not the header size"
I was not able to find anything related to "TF-M MCUboot: Covers the size of the entry header and the data together". Is this difference handled in TF-M fork of MCUboot or is it just outdated IAS doc?
Best regards, Bohdan Hunko
Cypress Semiconductor Ukraine Engineer CSUKR CSS ICW SW FW Mobile: +38099 50 19 714 Bohdan.Hunko@infineon.commailto:Bohdan.Hunko@infineon.com
Hi Bohdan,
It is just that the IAS doc has not been updated. This distinction was removed from the code when we deleted the MCUboot fork from the TF-M repository (the commit hash is: e5cadb28ca650c16976bcf095d7259bc9717dbcc). Since then the TF-M code is aligned to the TLV header definitions of upstream MCUBoot.
Thank you for spotting this in the documentation. I'll push a patch to update it.
Best regards, David Vincze
From: TF-M tf-m-bounces@lists.trustedfirmware.org On Behalf Of Bohdan Hunko via TF-M Sent: Thursday, 7 October, 2021 15:46 To: tf-m@lists.trustedfirmware.org; Hennadiy.Kytsun@infineon.com Subject: [TF-M] Boot shared data TLV length
Hi everyone,
IAS docs have thishttps://tf-m-user-guide.trustedfirmware.org/docs/integration_guide/services/tfm_attestation_integration_guide.html#:~:text=that%20data%20item.-,Note,-There%20is%20a note that says: There is a size field tlv_len which has different definitions in the upstream MCUboot repository and in its TF-M forked version:
* Upstream MCUboot: Covers only the length of data but not the header size. * TF-M MCUboot: Covers the size of the entry header and the data together. This difference is handled by TF-M code based on which bootloader is used along with TF-M runtime.
I was wondering where in code is this difference handled?
When calculating next TLV entry address attest_core.c line 213https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/secure_fw/partitions/initial_attestation/attest_core.c#n213 takes into account SHARED_DATA_ENTRY_HEADER_SIZE: tlv_curr = (*tlv_ptr) + SHARED_DATA_ENTRY_HEADER_SIZE + tlv_entry.tlv_len;
So tlv_entry.tlv_len then must cover only length of entry (without header). This way corresponds to: "Upstream MCUboot: Covers only the length of data but not the header size"
I was not able to find anything related to "TF-M MCUboot: Covers the size of the entry header and the data together". Is this difference handled in TF-M fork of MCUboot or is it just outdated IAS doc?
Best regards, Bohdan Hunko
Cypress Semiconductor Ukraine Engineer CSUKR CSS ICW SW FW Mobile: +38099 50 19 714 Bohdan.Hunko@infineon.commailto:Bohdan.Hunko@infineon.com
tf-m@lists.trustedfirmware.org