suit: Add support for MFST_VAR in check_content

tomchy · degjorva · commit 173dc6658b0f · 2025-01-08T16:42:19.000+01:00
Add a possibility to check content of manifest variables from both
application and SDFW platform code.

Ref: NCSDK-20807

Signed-off-by: Tomasz Chyrowicz &lt;tomasz.chyrowicz@nordicsemi.no&gt;
diff --git a/subsys/suit/platform/CMakeLists.txt b/subsys/suit/platform/CMakeLists.txt
@@ -17,6 +17,7 @@ zephyr_library_sources(src/suit_plat_version.c)
 zephyr_library_sources(src/suit_plat_fetch.c)
 zephyr_library_sources(src/suit_plat_retrieve_manifest.c)
 zephyr_library_sources(src/suit_plat_write.c)
+zephyr_library_sources(src/suit_plat_check_content.c)
 zephyr_library_sources_ifdef(CONFIG_SUIT_CHECK_IMAGE_MATCH src/suit_plat_check_image_match.c)
 zephyr_library_sources_ifdef(CONFIG_SUIT_MEMPTR_STORAGE src/suit_plat_memptr_size_update.c)
 zephyr_library_sources(src/suit_plat_error_convert.c)
diff --git a/subsys/suit/platform/app/CMakeLists.txt b/subsys/suit/platform/app/CMakeLists.txt
@@ -20,7 +20,7 @@ zephyr_library_sources(src/suit_plat_version_app_specific.c)
 zephyr_library_sources_ifdef(CONFIG_SUIT_CHECK_IMAGE_MATCH src/suit_plat_check_image_match_app_specific.c)
 zephyr_library_sources(src/suit_plat_authenticate.c)
 zephyr_library_sources(src/suit_plat_devconfig.c)
-zephyr_library_sources(src/suit_plat_check_content.c)
+zephyr_library_sources(src/suit_plat_check_content_app_specific.c)
 zephyr_library_sources(src/suit_plat_manifest_info.c)
 zephyr_library_sources(src/suit_plat_invoke.c)
 
diff --git a/subsys/suit/platform/app/src/suit_plat_check_content.c b/subsys/suit/platform/app/src/suit_plat_check_content.c
diff --git a/subsys/suit/platform/app/src/suit_plat_check_content_app_specific.c b/subsys/suit/platform/app/src/suit_plat_check_content_app_specific.c
@@ -0,0 +1,19 @@
+/*
+ * Copyright (c) 2024 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+#include <suit_plat_check_content_domain_specific.h>
+
+bool suit_plat_check_content_domain_specific_is_type_supported(suit_component_type_t component_type)
+{
+	return false;
+}
+
+int suit_plat_check_content_domain_specific(suit_component_t component,
+					    suit_component_type_t component_type,
+					    struct zcbor_string *content)
+{
+	return SUIT_ERR_UNSUPPORTED_COMMAND;
+}
diff --git a/subsys/suit/platform/include/suit_plat_check_content_domain_specific.h b/subsys/suit/platform/include/suit_plat_check_content_domain_specific.h
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2024 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+#ifndef SUIT_PLAT_CHECK_CONTENT_DOMAIN_SPECIFIC_H__
+#define SUIT_PLAT_CHECK_CONTENT_DOMAIN_SPECIFIC_H__
+
+#include <stdint.h>
+#include <suit_types.h>
+#include <suit_platform_internal.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief Check if component type is supported by suit_plat_check_content for the current domain.
+ */
+bool suit_plat_check_content_domain_specific_is_type_supported(
+	suit_component_type_t component_type);
+
+/**
+ * @brief Domain specific part of the core part of the suit_plat_check_content function.
+ */
+int suit_plat_check_content_domain_specific(suit_component_t handle,
+					    suit_component_type_t component_type,
+					    struct zcbor_string *content);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SUIT_PLAT_CHECK_CONTENT_DOMAIN_SPECIFIC_H__ */
diff --git a/subsys/suit/platform/sdfw/CMakeLists.txt b/subsys/suit/platform/sdfw/CMakeLists.txt
@@ -20,7 +20,7 @@ zephyr_library_sources(src/suit_plat_version_sdfw_specific.c)
 zephyr_library_sources_ifdef(CONFIG_SUIT_DIGEST_CACHE src/suit_plat_digest_cache.c)
 zephyr_library_sources_ifdef(CONFIG_SUIT_IPUC src/suit_plat_ipuc.c)
 zephyr_library_sources_ifdef(CONFIG_SUIT_CHECK_IMAGE_MATCH src/suit_plat_check_image_match_sdfw_specific.c)
-zephyr_library_sources(src/suit_plat_check_content.c)
+zephyr_library_sources(src/suit_plat_check_content_sdfw_specific.c)
 zephyr_library_sources_ifdef(CONFIG_SUIT_DEVCONFIG src/suit_plat_devconfig.c)
 zephyr_library_sources_ifdef(CONFIG_SUIT_AUTHENTICATE src/suit_plat_authenticate.c)
 zephyr_library_sources_ifdef(CONFIG_SUIT_PLAT_CHECK_COMPONENT_COMPATIBILITY src/suit_plat_component_compatibility.c)
diff --git a/subsys/suit/platform/sdfw/src/suit_plat_check_content_sdfw_specific.c b/subsys/suit/platform/sdfw/src/suit_plat_check_content_sdfw_specific.c
@@ -10,9 +10,10 @@
 #include <suit_memptr_storage.h>
 
 #include <zephyr/logging/log.h>
-LOG_MODULE_REGISTER(suit_plat_check_content, CONFIG_SUIT_LOG_LEVEL);
+LOG_MODULE_DECLARE(suit_plat_check_content, CONFIG_SUIT_LOG_LEVEL);
 
-int suit_plat_check_content_mem_mapped(suit_component_t component, struct zcbor_string *content)
+static int suit_plat_check_content_mem_mapped(suit_component_t component,
+					      struct zcbor_string *content)
 {
 	void *impl_data = NULL;
 	int err = suit_plat_component_impl_data_get(component, &impl_data);
@@ -49,22 +50,23 @@ int suit_plat_check_content_mem_mapped(suit_component_t component, struct zcbor_
 	return SUIT_SUCCESS;
 }
 
-int suit_plat_check_content(suit_component_t component, struct zcbor_string *content)
+bool suit_plat_check_content_domain_specific_is_type_supported(suit_component_type_t component_type)
 {
-	struct zcbor_string *component_id = NULL;
-	suit_component_type_t component_type = SUIT_COMPONENT_TYPE_UNSUPPORTED;
-
-	int err = suit_plat_component_id_get(component, &component_id);
-
-	if (err != SUIT_SUCCESS) {
-		LOG_ERR("Failed to get component id: %d", err);
-		return err;
+	switch (component_type) {
+	case SUIT_COMPONENT_TYPE_MEM:
+		return true;
+	default:
+		break;
 	}
 
-	if (suit_plat_decode_component_type(component_id, &component_type) != SUIT_PLAT_SUCCESS) {
-		LOG_ERR("Failed to decode component type");
-		return SUIT_ERR_UNSUPPORTED_COMPONENT_ID;
-	}
+	return false;
+}
+
+int suit_plat_check_content_domain_specific(suit_component_t component,
+					    suit_component_type_t component_type,
+					    struct zcbor_string *content)
+{
+	int err = SUIT_ERR_CRASH;
 
 	switch (component_type) {
 	case SUIT_COMPONENT_TYPE_UNSUPPORTED: {
diff --git a/subsys/suit/platform/src/suit_plat_check_content.c b/subsys/suit/platform/src/suit_plat_check_content.c
@@ -0,0 +1,95 @@
+/*
+ * Copyright (c) 2024 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+#include <suit_platform.h>
+#include <suit_plat_check_content_domain_specific.h>
+#include <suit_plat_decode_util.h>
+#ifdef CONFIG_SUIT_MANIFEST_VARIABLES
+#include <suit_manifest_variables.h>
+#endif /* CONFIG_SUIT_MANIFEST_VARIABLES */
+
+#include <zephyr/logging/log.h>
+LOG_MODULE_REGISTER(suit_plat_check_content, CONFIG_SUIT_LOG_LEVEL);
+
+#ifdef CONFIG_SUIT_MANIFEST_VARIABLES
+static int suit_plat_check_content_mfst_var(suit_component_t component,
+					    struct zcbor_string *content)
+{
+	struct zcbor_string *component_id = NULL;
+	suit_plat_err_t plat_ret;
+	uint32_t checked_val = 0;
+	uint32_t current_val = 0;
+	uint32_t id;
+	int ret;
+
+	plat_ret = suit_plat_decode_content_uint32(content, &checked_val);
+	if (plat_ret != SUIT_PLAT_SUCCESS) {
+		LOG_ERR("Failed to decode content value: %d", plat_ret);
+		return SUIT_ERR_UNSUPPORTED_PARAMETER;
+	}
+
+	ret = suit_plat_component_id_get(component, &component_id);
+	if (ret != SUIT_SUCCESS) {
+		LOG_ERR("Failed to get component ID: %d", ret);
+		return SUIT_ERR_CRASH;
+	}
+
+	plat_ret = suit_plat_decode_component_number(component_id, &id);
+	if (plat_ret != SUIT_PLAT_SUCCESS) {
+		LOG_ERR("Failed to decode variable ID: %d", plat_ret);
+		return SUIT_ERR_UNSUPPORTED_COMPONENT_ID;
+	}
+
+	plat_ret = suit_mfst_var_get(id, &current_val);
+	switch (plat_ret) {
+	case SUIT_PLAT_SUCCESS:
+		if (checked_val == current_val) {
+			return SUIT_SUCCESS;
+		}
+		return SUIT_FAIL_CONDITION;
+	case SUIT_PLAT_ERR_NOT_FOUND:
+		LOG_ERR("Failed to get manifest variable: ID %d not supported", id);
+		return SUIT_ERR_UNSUPPORTED_COMPONENT_ID;
+	case SUIT_PLAT_ERR_INVAL:
+	case SUIT_PLAT_ERR_IO:
+	default:
+		break;
+	}
+
+	LOG_ERR("Failed to get manifest variable: %d", plat_ret);
+
+	return SUIT_ERR_CRASH;
+}
+#endif /* CONFIG_SUIT_MANIFEST_VARIABLES */
+
+int suit_plat_check_content(suit_component_t component, struct zcbor_string *content)
+{
+	suit_component_type_t dst_component_type = SUIT_COMPONENT_TYPE_UNSUPPORTED;
+	int ret = SUIT_SUCCESS;
+
+	if (content == NULL) {
+		return SUIT_ERR_CRASH;
+	}
+
+	/* Get destination component type based on component handle. */
+	ret = suit_plat_component_type_get(component, &dst_component_type);
+	if (ret != SUIT_SUCCESS) {
+		LOG_ERR("Failed to decode destination component type");
+		return ret;
+	}
+
+#ifdef CONFIG_SUIT_MANIFEST_VARIABLES
+	if (dst_component_type == SUIT_COMPONENT_TYPE_MFST_VAR) {
+		return suit_plat_check_content_mfst_var(component, content);
+	}
+#endif /* CONFIG_SUIT_MANIFEST_VARIABLES */
+	if (suit_plat_check_content_domain_specific_is_type_supported(dst_component_type)) {
+		return suit_plat_check_content_domain_specific(component, dst_component_type,
+							       content);
+	}
+
+	return SUIT_ERR_UNSUPPORTED_COMPONENT_ID;
+}
