Run uncrustify on cerberus-core repo
Uncrustify Configuration file run from cerberus-core root directory,
Uncructify format run cerberus-core except below directories,
external\
projects\
cmake\
Related work items: #3970
The manifest verification flow needs to support keys other than RSA. Decouple the manifest key management and verification handling from the specific type of signature used for the verification. This allows RSA, ECC, or any other type of key to be used for manifest verification.
The generic signature_verification API has been enhanced with additional APIs and status codes to allow for proper abstraction of verification flows. Also, generally decouple any users of these APIs from underlying crypto engine status codes to make it easy to scale to different implementations.
Currently any CFM activation request will result in resetting of all the attestation statuses of components, and restarting attestation to all components, even before new CFM is activated. If the CFM activation request is done as part of a CFM update, then re-attestation would have started before the new CFM was activated. With this change, the following happens:
1) If CFM activation is sent outside of a CFM update, to signal to Cerberus to restart attestation, then a notification is sent to attestation_requester when CFM activation fails
2) If CFM activation is sent as part of a CFM update, then a notification is sent to attestation_requester when CFM update is complete and new CFM is activated
Related work items: #1696
1) Enable component attestation in image using both SPDM and Cerberus Challenge Protocol
2) Rewrite attestation_master so that it is no longer an interface.
3) Add SPDM command interface
4) Rename attestation modules
5) Add SPDM requester code
Related work items: #305, #430, #516
Workflows that involved a PCD or clearing out PFMs to revert a device to bypass mode previously have required either a device reset (PCD) or an AC cycle (bypass mode). This update modifies these workflows to allow them to be applied at run-time.
1. When updating or clearing a PCD, the device will automatically reset to apply the new configuration. This is similar to how the device resets after a firmware update.
2. Support clearing out a PCD using an 'empty' manifest in the same way that a device can be put into bypass mode using an 'empty' PFM.
3. Modify host processor reset workflows to handle an 'empty' PFM. In these cases, erase all PFMs for the port and configure the SPI filter for bypass mode.
4. Remove assumptions in host processor reset workflows about SPI filter configuration based on PFM state. This is necessary to support token-based revert to bypass flows without an AC cycle.
5. Refactored the system reset handling to decouple it from the firmware update flow.
This PR adds new pcr measurements to the TCG log. A measurement of PFM, CFM and PCD IDs is added to the PCR store.
Also, measurements of PFM and PCD platform IDs is added to PCR store.
Related work items: #457, #481
Ashvinkumar Parmar
Christopher Weimer
Akram Hamdy
Atul Shah