fix(tc): add SCP_BL2 to RSE measured boot
SCP_BL2 is part of CCA's TCB. The SCP_BL1 is loaded
by RSE. It has already added to the platform
attestation token. SCP_BL2 was missed, so it is
fixed now.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ic87743564136f03a901c90ff1ec614f5965b9a47
diff --git a/include/tools_share/cca_oid.h b/include/tools_share/cca_oid.h
index 8c53ef9..6f89c16 100644
--- a/include/tools_share/cca_oid.h
+++ b/include/tools_share/cca_oid.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -30,15 +30,17 @@
/*
* First undef previous definitions from tbbr_oid.h.
- * CCA ROTPK authenticates BL31 and its configuration image in
+ * CCA ROTPK authenticates BL31, SCP_BL2 and its configuration image in
* CCA CoT.
**/
#undef BL31_IMAGE_KEY_OID
#undef SOC_FW_CONFIG_KEY_OID
#undef HW_CONFIG_KEY_OID
+#undef SCP_BL2_IMAGE_KEY_OID
#define BL31_IMAGE_KEY_OID ZERO_OID
#define SOC_FW_CONFIG_KEY_OID ZERO_OID
#define HW_CONFIG_KEY_OID ZERO_OID
+#define SCP_BL2_IMAGE_KEY_OID ZERO_OID
#define RMM_IMAGE_KEY_OID ZERO_OID
#endif /* CCA_OID_H */
diff --git a/plat/arm/board/tc/tc_bl2_measured_boot.c b/plat/arm/board/tc/tc_bl2_measured_boot.c
index add871c..3957c90 100644
--- a/plat/arm/board/tc/tc_bl2_measured_boot.c
+++ b/plat/arm/board/tc/tc_bl2_measured_boot.c
@@ -40,6 +40,13 @@
.pk_oid = SOC_FW_CONFIG_KEY_OID,
.lock_measurement = true },
{
+ .id = SCP_BL2_IMAGE_ID,
+ .slot = U(12),
+ .signer_id_size = SIGNER_ID_MIN_SIZE,
+ .sw_type = MBOOT_SCP_BL2_IMAGE_STRING,
+ .pk_oid = SCP_BL2_IMAGE_KEY_OID,
+ .lock_measurement = true },
+ {
.id = RSE_MBOOT_INVALID_ID }
};