tbbr: Fix updating of Non-Trusted NV counter
The previous code required that a certificate be signed with the ROT
key before the platform's NV counter could be updated with the value
in the certificate. This implies that the Non-Trusted NV counter was
not being updated for Non-Trusted content certificates, as they cannot
be signed with the ROT key in the TBBR CoT scheme.
The code is reworked to only allow updating the platform's Trusted NV
counter when a certificate protected by the Trusted NV counter is
signed with the ROT key.
Content certificates protected by the Non-Trusted NV counter are
allowed to update the platform's Non-Trusted NV counter, assuming
that the certificate value is higher than the platform's value.
A new optional platform API has been introduced, named
plat_set_nv_ctr2(). Platforms may choose to implement it and perform
additional checks based on the authentication image descriptor before
modifying the NV counters. A default weak implementation is available
that just calls into plat_set_nv_ctr().
Fixes ARM-software/tf-issues#426
Change-Id: I4fc978fd28a3007bc0cef972ff1f69ad0413b79c
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index 626b443..9b078ce 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -165,9 +165,11 @@
BL1_SOURCES += ${AUTH_SOURCES} \
bl1/tbbr/tbbr_img_desc.c \
- plat/arm/common/arm_bl1_fwu.c
+ plat/arm/common/arm_bl1_fwu.c \
+ plat/common/tbbr/plat_tbbr.c
- BL2_SOURCES += ${AUTH_SOURCES}
+ BL2_SOURCES += ${AUTH_SOURCES} \
+ plat/common/tbbr/plat_tbbr.c
$(eval $(call FWU_FIP_ADD_IMG,NS_BL2U,--fwu))