TBB: authenticate BL2 image and certificate
This patch adds support to authenticate the BL2 content certificate
and image using the authentication module in BL1.
The FIP driver has been extended to include the BL2 certificate
UUID.
FVP and Juno ports include the BL2 certificate FIP file
definition.
Change-Id: I32680e9bd123c8db4a4193c14448c9b32b0e9325
diff --git a/plat/juno/include/platform_def.h b/plat/juno/include/platform_def.h
index c64b682..748b32d 100644
--- a/plat/juno/include/platform_def.h
+++ b/plat/juno/include/platform_def.h
@@ -71,6 +71,11 @@
/* Firmware Image Package */
#define FIP_IMAGE_NAME "fip.bin"
+#if TRUSTED_BOARD_BOOT
+/* Certificates */
+# define BL2_CERT_NAME "bl2.crt"
+#endif /* TRUSTED_BOARD_BOOT */
+
#define PLATFORM_CACHE_LINE_SIZE 64
#define PLATFORM_CLUSTER_COUNT 2
#define PLATFORM_CORE_COUNT 6
diff --git a/plat/juno/plat_io_storage.c b/plat/juno/plat_io_storage.c
index 83d7e43..dd9f048 100644
--- a/plat/juno/plat_io_storage.c
+++ b/plat/juno/plat_io_storage.c
@@ -77,6 +77,13 @@
.mode = FOPEN_MODE_RB
};
+#if TRUSTED_BOARD_BOOT
+static const io_file_spec_t bl2_cert_file_spec = {
+ .path = BL2_CERT_NAME,
+ .mode = FOPEN_MODE_RB
+};
+#endif /* TRUSTED_BOARD_BOOT */
+
static int open_fip(const uintptr_t spec);
static int open_memmap(const uintptr_t spec);
@@ -119,6 +126,13 @@
(uintptr_t)&bl33_file_spec,
open_fip
}, {
+#if TRUSTED_BOARD_BOOT
+ BL2_CERT_NAME,
+ &fip_dev_handle,
+ (uintptr_t)&bl2_cert_file_spec,
+ open_fip
+ }, {
+#endif /* TRUSTED_BOARD_BOOT */
0, 0, 0
}
};