| Manish V Badarkhe | 043fd62 | 2020-05-16 16:36:39 +0100 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. |
| 3 | * |
| 4 | * SPDX-License-Identifier: BSD-3-Clause |
| 5 | */ |
| 6 | |
| 7 | #include <stddef.h> |
| 8 | |
| 9 | #include <platform_def.h> |
| 10 | #include <drivers/auth/mbedtls/mbedtls_config.h> |
| 11 | |
| 12 | #include <drivers/auth/auth_mod.h> |
| 13 | #include <drivers/auth/tbbr_cot_common.h> |
| 14 | #if USE_TBBR_DEFS |
| 15 | #include <tools_share/tbbr_oid.h> |
| 16 | #else |
| 17 | #include <platform_oid.h> |
| 18 | #endif |
| 19 | |
| 20 | static auth_param_type_desc_t scp_bl2u_hash = AUTH_PARAM_TYPE_DESC( |
| 21 | AUTH_PARAM_HASH, SCP_FWU_CFG_HASH_OID); |
| 22 | static auth_param_type_desc_t bl2u_hash = AUTH_PARAM_TYPE_DESC( |
| 23 | AUTH_PARAM_HASH, AP_FWU_CFG_HASH_OID); |
| 24 | static auth_param_type_desc_t ns_bl2u_hash = AUTH_PARAM_TYPE_DESC( |
| 25 | AUTH_PARAM_HASH, FWU_HASH_OID); |
| 26 | |
| 27 | static const auth_img_desc_t bl2_image = { |
| 28 | .img_id = BL2_IMAGE_ID, |
| 29 | .img_type = IMG_RAW, |
| 30 | .parent = &trusted_boot_fw_cert, |
| 31 | .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { |
| 32 | [0] = { |
| 33 | .type = AUTH_METHOD_HASH, |
| 34 | .param.hash = { |
| 35 | .data = &raw_data, |
| 36 | .hash = &tb_fw_hash |
| 37 | } |
| 38 | } |
| 39 | } |
| 40 | }; |
| 41 | |
| 42 | /* |
| 43 | * FWU auth descriptor. |
| 44 | */ |
| 45 | static const auth_img_desc_t fwu_cert = { |
| 46 | .img_id = FWU_CERT_ID, |
| 47 | .img_type = IMG_CERT, |
| 48 | .parent = NULL, |
| 49 | .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { |
| 50 | [0] = { |
| 51 | .type = AUTH_METHOD_SIG, |
| 52 | .param.sig = { |
| 53 | .pk = &subject_pk, |
| 54 | .sig = &sig, |
| 55 | .alg = &sig_alg, |
| 56 | .data = &raw_data |
| 57 | } |
| 58 | } |
| 59 | }, |
| 60 | .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { |
| 61 | [0] = { |
| 62 | .type_desc = &scp_bl2u_hash, |
| 63 | .data = { |
| 64 | .ptr = (void *)scp_fw_hash_buf, |
| 65 | .len = (unsigned int)HASH_DER_LEN |
| 66 | } |
| 67 | }, |
| 68 | [1] = { |
| 69 | .type_desc = &bl2u_hash, |
| 70 | .data = { |
| 71 | .ptr = (void *)tb_fw_hash_buf, |
| 72 | .len = (unsigned int)HASH_DER_LEN |
| 73 | } |
| 74 | }, |
| 75 | [2] = { |
| 76 | .type_desc = &ns_bl2u_hash, |
| 77 | .data = { |
| 78 | .ptr = (void *)nt_world_bl_hash_buf, |
| 79 | .len = (unsigned int)HASH_DER_LEN |
| 80 | } |
| 81 | } |
| 82 | } |
| 83 | }; |
| 84 | /* |
| 85 | * SCP_BL2U |
| 86 | */ |
| 87 | static const auth_img_desc_t scp_bl2u_image = { |
| 88 | .img_id = SCP_BL2U_IMAGE_ID, |
| 89 | .img_type = IMG_RAW, |
| 90 | .parent = &fwu_cert, |
| 91 | .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { |
| 92 | [0] = { |
| 93 | .type = AUTH_METHOD_HASH, |
| 94 | .param.hash = { |
| 95 | .data = &raw_data, |
| 96 | .hash = &scp_bl2u_hash |
| 97 | } |
| 98 | } |
| 99 | } |
| 100 | }; |
| 101 | /* |
| 102 | * BL2U |
| 103 | */ |
| 104 | static const auth_img_desc_t bl2u_image = { |
| 105 | .img_id = BL2U_IMAGE_ID, |
| 106 | .img_type = IMG_RAW, |
| 107 | .parent = &fwu_cert, |
| 108 | .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { |
| 109 | [0] = { |
| 110 | .type = AUTH_METHOD_HASH, |
| 111 | .param.hash = { |
| 112 | .data = &raw_data, |
| 113 | .hash = &bl2u_hash |
| 114 | } |
| 115 | } |
| 116 | } |
| 117 | }; |
| 118 | /* |
| 119 | * NS_BL2U |
| 120 | */ |
| 121 | static const auth_img_desc_t ns_bl2u_image = { |
| 122 | .img_id = NS_BL2U_IMAGE_ID, |
| 123 | .img_type = IMG_RAW, |
| 124 | .parent = &fwu_cert, |
| 125 | .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { |
| 126 | [0] = { |
| 127 | .type = AUTH_METHOD_HASH, |
| 128 | .param.hash = { |
| 129 | .data = &raw_data, |
| 130 | .hash = &ns_bl2u_hash |
| 131 | } |
| 132 | } |
| 133 | } |
| 134 | }; |
| 135 | /* |
| 136 | * TB_FW_CONFIG |
| 137 | */ |
| 138 | static const auth_img_desc_t tb_fw_config = { |
| 139 | .img_id = TB_FW_CONFIG_ID, |
| 140 | .img_type = IMG_RAW, |
| 141 | .parent = &trusted_boot_fw_cert, |
| 142 | .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { |
| 143 | [0] = { |
| 144 | .type = AUTH_METHOD_HASH, |
| 145 | .param.hash = { |
| 146 | .data = &raw_data, |
| 147 | .hash = &tb_fw_config_hash |
| 148 | } |
| 149 | } |
| 150 | } |
| 151 | }; |
| 152 | |
| 153 | /* |
| 154 | * TBBR Chain of trust definition |
| 155 | */ |
| 156 | static const auth_img_desc_t * const cot_desc[] = { |
| 157 | [TRUSTED_BOOT_FW_CERT_ID] = &trusted_boot_fw_cert, |
| 158 | [BL2_IMAGE_ID] = &bl2_image, |
| 159 | [HW_CONFIG_ID] = &hw_config, |
| 160 | [TB_FW_CONFIG_ID] = &tb_fw_config, |
| 161 | [FWU_CERT_ID] = &fwu_cert, |
| 162 | [SCP_BL2U_IMAGE_ID] = &scp_bl2u_image, |
| 163 | [BL2U_IMAGE_ID] = &bl2u_image, |
| 164 | [NS_BL2U_IMAGE_ID] = &ns_bl2u_image |
| 165 | }; |
| 166 | |
| 167 | /* Register the CoT in the authentication module */ |
| 168 | REGISTER_COT(cot_desc); |