Blame - drivers/auth/tbbr/tbbr_cot.c - filogic/atf

blob: 6ad00592d45acfc52612d6d11e7b68c01aa07703 [file] [log] [blame]

Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	1	/*
Soby Mathew	0bdfef0	2017-11-07 17:03:57 +0000	[diff] [blame^]	2	* Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	3	*
dp-arm	fa3cf0b	2017-05-03 09:38:09 +0100	[diff] [blame]	4	* SPDX-License-Identifier: BSD-3-Clause
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	5	*/
				6
				7	#include <auth_mod.h>
				8	#include <platform_def.h>
Isla Mitchell	9930501	2017-07-11 14:54:08 +0100	[diff] [blame]	9	#include <stddef.h>
				10
Masahiro Yamada	a27c166	2017-05-22 12:11:24 +0900	[diff] [blame]	11	#if USE_TBBR_DEFS
				12	#include <tbbr_oid.h>
				13	#else
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	14	#include <platform_oid.h>
Masahiro Yamada	a27c166	2017-05-22 12:11:24 +0900	[diff] [blame]	15	#endif
Isla Mitchell	9930501	2017-07-11 14:54:08 +0100	[diff] [blame]	16
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	17
				18	/*
				19	* Maximum key and hash sizes (in DER format)
				20	*/
				21	#define PK_DER_LEN 294
Qixiang Xu	1a1f291	2017-11-09 13:56:29 +0800	[diff] [blame]	22	#define HASH_DER_LEN 83
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	23
				24	/*
				25	* The platform must allocate buffers to store the authentication parameters
				26	* extracted from the certificates. In this case, because of the way the CoT is
				27	* established, we can reuse some of the buffers on different stages
				28	*/
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	29	static unsigned char tb_fw_hash_buf[HASH_DER_LEN];
Soby Mathew	0bdfef0	2017-11-07 17:03:57 +0000	[diff] [blame^]	30	static unsigned char tb_fw_config_hash_buf[HASH_DER_LEN];
				31	static unsigned char hw_config_hash_buf[HASH_DER_LEN];
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	32	static unsigned char scp_fw_hash_buf[HASH_DER_LEN];
				33	static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
				34	static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
Summer Qin	8072678	2017-04-20 16:28:39 +0100	[diff] [blame]	35	static unsigned char tos_fw_extra1_hash_buf[HASH_DER_LEN];
				36	static unsigned char tos_fw_extra2_hash_buf[HASH_DER_LEN];
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	37	static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN];
				38	static unsigned char trusted_world_pk_buf[PK_DER_LEN];
				39	static unsigned char non_trusted_world_pk_buf[PK_DER_LEN];
				40	static unsigned char content_pk_buf[PK_DER_LEN];
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	41
				42	/*
				43	* Parameter type descriptors
				44	*/
Juan Castillo	bfb7fa6	2016-01-22 11:05:57 +0000	[diff] [blame]	45	static auth_param_type_desc_t trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
				46	AUTH_PARAM_NV_CTR, TRUSTED_FW_NVCOUNTER_OID);
				47	static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
				48	AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID);
				49
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	50	static auth_param_type_desc_t subject_pk = AUTH_PARAM_TYPE_DESC(
				51	AUTH_PARAM_PUB_KEY, 0);
				52	static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC(
				53	AUTH_PARAM_SIG, 0);
				54	static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC(
				55	AUTH_PARAM_SIG_ALG, 0);
				56	static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC(
				57	AUTH_PARAM_RAW_DATA, 0);
				58
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	59	static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC(
				60	AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID);
				61	static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC(
				62	AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID);
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	63
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	64	static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC(
				65	AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID);
				66	static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC(
				67	AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID);
				68	static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC(
				69	AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID);
				70	static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC(
				71	AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID);
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	72
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	73	static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC(
				74	AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID);
Soby Mathew	0bdfef0	2017-11-07 17:03:57 +0000	[diff] [blame^]	75	static auth_param_type_desc_t tb_fw_config_hash = AUTH_PARAM_TYPE_DESC(
				76	AUTH_PARAM_HASH, TRUSTED_BOOT_FW_CONFIG_HASH_OID);
				77	static auth_param_type_desc_t hw_config_hash = AUTH_PARAM_TYPE_DESC(
				78	AUTH_PARAM_HASH, HW_CONFIG_HASH_OID);
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	79	static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC(
				80	AUTH_PARAM_HASH, SCP_FW_HASH_OID);
				81	static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
				82	AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
				83	static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
				84	AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
Summer Qin	8072678	2017-04-20 16:28:39 +0100	[diff] [blame]	85	static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC(
				86	AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID);
				87	static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC(
				88	AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID);
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	89	static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
				90	AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
Yatharth Kochar	71c9a5e	2015-10-10 19:06:53 +0100	[diff] [blame]	91	static auth_param_type_desc_t scp_bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	92	AUTH_PARAM_HASH, SCP_FWU_CFG_HASH_OID);
Yatharth Kochar	71c9a5e	2015-10-10 19:06:53 +0100	[diff] [blame]	93	static auth_param_type_desc_t bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	94	AUTH_PARAM_HASH, AP_FWU_CFG_HASH_OID);
Yatharth Kochar	71c9a5e	2015-10-10 19:06:53 +0100	[diff] [blame]	95	static auth_param_type_desc_t ns_bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	96	AUTH_PARAM_HASH, FWU_HASH_OID);
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	97
				98	/*
				99	* TBBR Chain of trust definition
				100	*/
				101	static const auth_img_desc_t cot_desc[] = {
				102	/*
				103	* BL2
				104	*/
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	105	[TRUSTED_BOOT_FW_CERT_ID] = {
				106	.img_id = TRUSTED_BOOT_FW_CERT_ID,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	107	.img_type = IMG_CERT,
				108	.parent = NULL,
				109	.img_auth_methods = {
				110	[0] = {
				111	.type = AUTH_METHOD_SIG,
				112	.param.sig = {
				113	.pk = &subject_pk,
				114	.sig = &sig,
				115	.alg = &sig_alg,
				116	.data = &raw_data,
				117	}
Juan Castillo	bfb7fa6	2016-01-22 11:05:57 +0000	[diff] [blame]	118	},
				119	[1] = {
				120	.type = AUTH_METHOD_NV_CTR,
				121	.param.nv_ctr = {
				122	.cert_nv_ctr = &trusted_nv_ctr,
				123	.plat_nv_ctr = &trusted_nv_ctr
				124	}
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	125	}
				126	},
				127	.authenticated_data = {
				128	[0] = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	129	.type_desc = &tb_fw_hash,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	130	.data = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	131	.ptr = (void *)tb_fw_hash_buf,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	132	.len = (unsigned int)HASH_DER_LEN
				133	}
Soby Mathew	0bdfef0	2017-11-07 17:03:57 +0000	[diff] [blame^]	134	},
				135	[1] = {
				136	.type_desc = &tb_fw_config_hash,
				137	.data = {
				138	.ptr = (void *)tb_fw_config_hash_buf,
				139	.len = (unsigned int)HASH_DER_LEN
				140	}
				141	},
				142	[2] = {
				143	.type_desc = &hw_config_hash,
				144	.data = {
				145	.ptr = (void *)hw_config_hash_buf,
				146	.len = (unsigned int)HASH_DER_LEN
				147	}
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	148	}
				149	}
				150	},
				151	[BL2_IMAGE_ID] = {
				152	.img_id = BL2_IMAGE_ID,
				153	.img_type = IMG_RAW,
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	154	.parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	155	.img_auth_methods = {
				156	[0] = {
				157	.type = AUTH_METHOD_HASH,
				158	.param.hash = {
				159	.data = &raw_data,
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	160	.hash = &tb_fw_hash,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	161	}
				162	}
				163	}
				164	},
Soby Mathew	0bdfef0	2017-11-07 17:03:57 +0000	[diff] [blame^]	165	/* HW Config */
				166	[HW_CONFIG_ID] = {
				167	.img_id = HW_CONFIG_ID,
				168	.img_type = IMG_RAW,
				169	.parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
				170	.img_auth_methods = {
				171	[0] = {
				172	.type = AUTH_METHOD_HASH,
				173	.param.hash = {
				174	.data = &raw_data,
				175	.hash = &hw_config_hash,
				176	}
				177	}
				178	}
				179	},
				180	/* TB FW Config */
				181	[TB_FW_CONFIG_ID] = {
				182	.img_id = TB_FW_CONFIG_ID,
				183	.img_type = IMG_RAW,
				184	.parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
				185	.img_auth_methods = {
				186	[0] = {
				187	.type = AUTH_METHOD_HASH,
				188	.param.hash = {
				189	.data = &raw_data,
				190	.hash = &tb_fw_config_hash,
				191	}
				192	}
				193	}
				194	},
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	195	/*
				196	* Trusted key certificate
				197	*/
				198	[TRUSTED_KEY_CERT_ID] = {
				199	.img_id = TRUSTED_KEY_CERT_ID,
				200	.img_type = IMG_CERT,
				201	.parent = NULL,
				202	.img_auth_methods = {
				203	[0] = {
				204	.type = AUTH_METHOD_SIG,
				205	.param.sig = {
				206	.pk = &subject_pk,
				207	.sig = &sig,
				208	.alg = &sig_alg,
				209	.data = &raw_data,
				210	}
Juan Castillo	bfb7fa6	2016-01-22 11:05:57 +0000	[diff] [blame]	211	},
				212	[1] = {
				213	.type = AUTH_METHOD_NV_CTR,
				214	.param.nv_ctr = {
				215	.cert_nv_ctr = &trusted_nv_ctr,
				216	.plat_nv_ctr = &trusted_nv_ctr
				217	}
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	218	}
				219	},
				220	.authenticated_data = {
				221	[0] = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	222	.type_desc = &trusted_world_pk,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	223	.data = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	224	.ptr = (void *)trusted_world_pk_buf,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	225	.len = (unsigned int)PK_DER_LEN
				226	}
				227	},
				228	[1] = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	229	.type_desc = &non_trusted_world_pk,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	230	.data = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	231	.ptr = (void *)non_trusted_world_pk_buf,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	232	.len = (unsigned int)PK_DER_LEN
				233	}
				234	}
				235	}
				236	},
				237	/*
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	238	* SCP Firmware
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	239	*/
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	240	[SCP_FW_KEY_CERT_ID] = {
				241	.img_id = SCP_FW_KEY_CERT_ID,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	242	.img_type = IMG_CERT,
				243	.parent = &cot_desc[TRUSTED_KEY_CERT_ID],
				244	.img_auth_methods = {
				245	[0] = {
				246	.type = AUTH_METHOD_SIG,
				247	.param.sig = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	248	.pk = &trusted_world_pk,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	249	.sig = &sig,
				250	.alg = &sig_alg,
				251	.data = &raw_data,
				252	}
Juan Castillo	bfb7fa6	2016-01-22 11:05:57 +0000	[diff] [blame]	253	},
				254	[1] = {
				255	.type = AUTH_METHOD_NV_CTR,
				256	.param.nv_ctr = {
				257	.cert_nv_ctr = &trusted_nv_ctr,
				258	.plat_nv_ctr = &trusted_nv_ctr
				259	}
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	260	}
				261	},
				262	.authenticated_data = {
				263	[0] = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	264	.type_desc = &scp_fw_content_pk,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	265	.data = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	266	.ptr = (void *)content_pk_buf,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	267	.len = (unsigned int)PK_DER_LEN
				268	}
				269	}
				270	}
				271	},
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	272	[SCP_FW_CONTENT_CERT_ID] = {
				273	.img_id = SCP_FW_CONTENT_CERT_ID,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	274	.img_type = IMG_CERT,
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	275	.parent = &cot_desc[SCP_FW_KEY_CERT_ID],
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	276	.img_auth_methods = {
				277	[0] = {
				278	.type = AUTH_METHOD_SIG,
				279	.param.sig = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	280	.pk = &scp_fw_content_pk,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	281	.sig = &sig,
				282	.alg = &sig_alg,
				283	.data = &raw_data,
				284	}
Juan Castillo	bfb7fa6	2016-01-22 11:05:57 +0000	[diff] [blame]	285	},
				286	[1] = {
				287	.type = AUTH_METHOD_NV_CTR,
				288	.param.nv_ctr = {
				289	.cert_nv_ctr = &trusted_nv_ctr,
				290	.plat_nv_ctr = &trusted_nv_ctr
				291	}
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	292	}
				293	},
				294	.authenticated_data = {
				295	[0] = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	296	.type_desc = &scp_fw_hash,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	297	.data = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	298	.ptr = (void *)scp_fw_hash_buf,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	299	.len = (unsigned int)HASH_DER_LEN
				300	}
				301	}
				302	}
				303	},
Juan Castillo	a72b647	2015-12-10 15:49:17 +0000	[diff] [blame]	304	[SCP_BL2_IMAGE_ID] = {
				305	.img_id = SCP_BL2_IMAGE_ID,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	306	.img_type = IMG_RAW,
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	307	.parent = &cot_desc[SCP_FW_CONTENT_CERT_ID],
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	308	.img_auth_methods = {
				309	[0] = {
				310	.type = AUTH_METHOD_HASH,
				311	.param.hash = {
				312	.data = &raw_data,
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	313	.hash = &scp_fw_hash,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	314	}
				315	}
				316	}
				317	},
				318	/*
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	319	* SoC Firmware
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	320	*/
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	321	[SOC_FW_KEY_CERT_ID] = {
				322	.img_id = SOC_FW_KEY_CERT_ID,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	323	.img_type = IMG_CERT,
				324	.parent = &cot_desc[TRUSTED_KEY_CERT_ID],
				325	.img_auth_methods = {
				326	[0] = {
				327	.type = AUTH_METHOD_SIG,
				328	.param.sig = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	329	.pk = &trusted_world_pk,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	330	.sig = &sig,
				331	.alg = &sig_alg,
				332	.data = &raw_data,
				333	}
Juan Castillo	bfb7fa6	2016-01-22 11:05:57 +0000	[diff] [blame]	334	},
				335	[1] = {
				336	.type = AUTH_METHOD_NV_CTR,
				337	.param.nv_ctr = {
				338	.cert_nv_ctr = &trusted_nv_ctr,
				339	.plat_nv_ctr = &trusted_nv_ctr
				340	}
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	341	}
				342	},
				343	.authenticated_data = {
				344	[0] = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	345	.type_desc = &soc_fw_content_pk,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	346	.data = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	347	.ptr = (void *)content_pk_buf,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	348	.len = (unsigned int)PK_DER_LEN
				349	}
				350	}
				351	}
				352	},
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	353	[SOC_FW_CONTENT_CERT_ID] = {
				354	.img_id = SOC_FW_CONTENT_CERT_ID,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	355	.img_type = IMG_CERT,
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	356	.parent = &cot_desc[SOC_FW_KEY_CERT_ID],
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	357	.img_auth_methods = {
				358	[0] = {
				359	.type = AUTH_METHOD_SIG,
				360	.param.sig = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	361	.pk = &soc_fw_content_pk,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	362	.sig = &sig,
				363	.alg = &sig_alg,
				364	.data = &raw_data,
				365	}
Juan Castillo	bfb7fa6	2016-01-22 11:05:57 +0000	[diff] [blame]	366	},
				367	[1] = {
				368	.type = AUTH_METHOD_NV_CTR,
				369	.param.nv_ctr = {
				370	.cert_nv_ctr = &trusted_nv_ctr,
				371	.plat_nv_ctr = &trusted_nv_ctr
				372	}
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	373	}
				374	},
				375	.authenticated_data = {
				376	[0] = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	377	.type_desc = &soc_fw_hash,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	378	.data = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	379	.ptr = (void *)soc_fw_hash_buf,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	380	.len = (unsigned int)HASH_DER_LEN
				381	}
				382	}
				383	}
				384	},
				385	[BL31_IMAGE_ID] = {
				386	.img_id = BL31_IMAGE_ID,
				387	.img_type = IMG_RAW,
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	388	.parent = &cot_desc[SOC_FW_CONTENT_CERT_ID],
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	389	.img_auth_methods = {
				390	[0] = {
				391	.type = AUTH_METHOD_HASH,
				392	.param.hash = {
				393	.data = &raw_data,
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	394	.hash = &soc_fw_hash,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	395	}
				396	}
				397	}
				398	},
				399	/*
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	400	* Trusted OS Firmware
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	401	*/
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	402	[TRUSTED_OS_FW_KEY_CERT_ID] = {
				403	.img_id = TRUSTED_OS_FW_KEY_CERT_ID,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	404	.img_type = IMG_CERT,
				405	.parent = &cot_desc[TRUSTED_KEY_CERT_ID],
				406	.img_auth_methods = {
				407	[0] = {
				408	.type = AUTH_METHOD_SIG,
				409	.param.sig = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	410	.pk = &trusted_world_pk,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	411	.sig = &sig,
				412	.alg = &sig_alg,
				413	.data = &raw_data,
				414	}
Juan Castillo	bfb7fa6	2016-01-22 11:05:57 +0000	[diff] [blame]	415	},
				416	[1] = {
				417	.type = AUTH_METHOD_NV_CTR,
				418	.param.nv_ctr = {
				419	.cert_nv_ctr = &trusted_nv_ctr,
				420	.plat_nv_ctr = &trusted_nv_ctr
				421	}
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	422	}
				423	},
				424	.authenticated_data = {
				425	[0] = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	426	.type_desc = &tos_fw_content_pk,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	427	.data = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	428	.ptr = (void *)content_pk_buf,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	429	.len = (unsigned int)PK_DER_LEN
				430	}
				431	}
				432	}
				433	},
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	434	[TRUSTED_OS_FW_CONTENT_CERT_ID] = {
				435	.img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	436	.img_type = IMG_CERT,
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	437	.parent = &cot_desc[TRUSTED_OS_FW_KEY_CERT_ID],
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	438	.img_auth_methods = {
				439	[0] = {
				440	.type = AUTH_METHOD_SIG,
				441	.param.sig = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	442	.pk = &tos_fw_content_pk,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	443	.sig = &sig,
				444	.alg = &sig_alg,
				445	.data = &raw_data,
				446	}
Juan Castillo	bfb7fa6	2016-01-22 11:05:57 +0000	[diff] [blame]	447	},
				448	[1] = {
				449	.type = AUTH_METHOD_NV_CTR,
				450	.param.nv_ctr = {
				451	.cert_nv_ctr = &trusted_nv_ctr,
				452	.plat_nv_ctr = &trusted_nv_ctr
				453	}
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	454	}
				455	},
				456	.authenticated_data = {
				457	[0] = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	458	.type_desc = &tos_fw_hash,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	459	.data = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	460	.ptr = (void *)tos_fw_hash_buf,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	461	.len = (unsigned int)HASH_DER_LEN
				462	}
Summer Qin	8072678	2017-04-20 16:28:39 +0100	[diff] [blame]	463	},
				464	[1] = {
				465	.type_desc = &tos_fw_extra1_hash,
				466	.data = {
				467	.ptr = (void *)tos_fw_extra1_hash_buf,
				468	.len = (unsigned int)HASH_DER_LEN
				469	}
				470	},
				471	[2] = {
				472	.type_desc = &tos_fw_extra2_hash,
				473	.data = {
				474	.ptr = (void *)tos_fw_extra2_hash_buf,
				475	.len = (unsigned int)HASH_DER_LEN
				476	}
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	477	}
				478	}
				479	},
				480	[BL32_IMAGE_ID] = {
				481	.img_id = BL32_IMAGE_ID,
				482	.img_type = IMG_RAW,
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	483	.parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	484	.img_auth_methods = {
				485	[0] = {
				486	.type = AUTH_METHOD_HASH,
				487	.param.hash = {
				488	.data = &raw_data,
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	489	.hash = &tos_fw_hash,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	490	}
				491	}
				492	}
				493	},
Summer Qin	8072678	2017-04-20 16:28:39 +0100	[diff] [blame]	494	[BL32_EXTRA1_IMAGE_ID] = {
				495	.img_id = BL32_EXTRA1_IMAGE_ID,
				496	.img_type = IMG_RAW,
				497	.parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
				498	.img_auth_methods = {
				499	[0] = {
				500	.type = AUTH_METHOD_HASH,
				501	.param.hash = {
				502	.data = &raw_data,
				503	.hash = &tos_fw_extra1_hash,
				504	}
				505	}
				506	}
				507	},
				508	[BL32_EXTRA2_IMAGE_ID] = {
				509	.img_id = BL32_EXTRA2_IMAGE_ID,
				510	.img_type = IMG_RAW,
				511	.parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
				512	.img_auth_methods = {
				513	[0] = {
				514	.type = AUTH_METHOD_HASH,
				515	.param.hash = {
				516	.data = &raw_data,
				517	.hash = &tos_fw_extra2_hash,
				518	}
				519	}
				520	}
				521	},
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	522	/*
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	523	* Non-Trusted Firmware
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	524	*/
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	525	[NON_TRUSTED_FW_KEY_CERT_ID] = {
				526	.img_id = NON_TRUSTED_FW_KEY_CERT_ID,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	527	.img_type = IMG_CERT,
				528	.parent = &cot_desc[TRUSTED_KEY_CERT_ID],
				529	.img_auth_methods = {
				530	[0] = {
				531	.type = AUTH_METHOD_SIG,
				532	.param.sig = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	533	.pk = &non_trusted_world_pk,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	534	.sig = &sig,
				535	.alg = &sig_alg,
				536	.data = &raw_data,
				537	}
Juan Castillo	bfb7fa6	2016-01-22 11:05:57 +0000	[diff] [blame]	538	},
				539	[1] = {
				540	.type = AUTH_METHOD_NV_CTR,
				541	.param.nv_ctr = {
				542	.cert_nv_ctr = &non_trusted_nv_ctr,
				543	.plat_nv_ctr = &non_trusted_nv_ctr
				544	}
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	545	}
				546	},
				547	.authenticated_data = {
				548	[0] = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	549	.type_desc = &nt_fw_content_pk,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	550	.data = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	551	.ptr = (void *)content_pk_buf,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	552	.len = (unsigned int)PK_DER_LEN
				553	}
				554	}
				555	}
				556	},
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	557	[NON_TRUSTED_FW_CONTENT_CERT_ID] = {
				558	.img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	559	.img_type = IMG_CERT,
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	560	.parent = &cot_desc[NON_TRUSTED_FW_KEY_CERT_ID],
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	561	.img_auth_methods = {
				562	[0] = {
				563	.type = AUTH_METHOD_SIG,
				564	.param.sig = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	565	.pk = &nt_fw_content_pk,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	566	.sig = &sig,
				567	.alg = &sig_alg,
				568	.data = &raw_data,
				569	}
Juan Castillo	bfb7fa6	2016-01-22 11:05:57 +0000	[diff] [blame]	570	},
				571	[1] = {
				572	.type = AUTH_METHOD_NV_CTR,
				573	.param.nv_ctr = {
				574	.cert_nv_ctr = &non_trusted_nv_ctr,
				575	.plat_nv_ctr = &non_trusted_nv_ctr
				576	}
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	577	}
				578	},
				579	.authenticated_data = {
				580	[0] = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	581	.type_desc = &nt_world_bl_hash,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	582	.data = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	583	.ptr = (void *)nt_world_bl_hash_buf,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	584	.len = (unsigned int)HASH_DER_LEN
				585	}
				586	}
				587	}
				588	},
				589	[BL33_IMAGE_ID] = {
				590	.img_id = BL33_IMAGE_ID,
				591	.img_type = IMG_RAW,
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	592	.parent = &cot_desc[NON_TRUSTED_FW_CONTENT_CERT_ID],
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	593	.img_auth_methods = {
				594	[0] = {
				595	.type = AUTH_METHOD_HASH,
				596	.param.hash = {
				597	.data = &raw_data,
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	598	.hash = &nt_world_bl_hash,
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	599	}
				600	}
				601	}
Yatharth Kochar	71c9a5e	2015-10-10 19:06:53 +0100	[diff] [blame]	602	},
				603	/*
				604	* FWU auth descriptor.
				605	*/
				606	[FWU_CERT_ID] = {
				607	.img_id = FWU_CERT_ID,
				608	.img_type = IMG_CERT,
				609	.parent = NULL,
				610	.img_auth_methods = {
				611	[0] = {
				612	.type = AUTH_METHOD_SIG,
				613	.param.sig = {
				614	.pk = &subject_pk,
				615	.sig = &sig,
				616	.alg = &sig_alg,
				617	.data = &raw_data,
				618	}
				619	}
				620	},
				621	.authenticated_data = {
				622	[0] = {
				623	.type_desc = &scp_bl2u_hash,
				624	.data = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	625	.ptr = (void *)scp_fw_hash_buf,
Yatharth Kochar	71c9a5e	2015-10-10 19:06:53 +0100	[diff] [blame]	626	.len = (unsigned int)HASH_DER_LEN
				627	}
				628	},
				629	[1] = {
				630	.type_desc = &bl2u_hash,
				631	.data = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	632	.ptr = (void *)tb_fw_hash_buf,
Yatharth Kochar	71c9a5e	2015-10-10 19:06:53 +0100	[diff] [blame]	633	.len = (unsigned int)HASH_DER_LEN
				634	}
				635	},
				636	[2] = {
				637	.type_desc = &ns_bl2u_hash,
				638	.data = {
Juan Castillo	be80120	2015-12-03 10:19:21 +0000	[diff] [blame]	639	.ptr = (void *)nt_world_bl_hash_buf,
Yatharth Kochar	71c9a5e	2015-10-10 19:06:53 +0100	[diff] [blame]	640	.len = (unsigned int)HASH_DER_LEN
				641	}
				642	}
				643	}
				644	},
				645	/*
				646	* SCP_BL2U
				647	*/
				648	[SCP_BL2U_IMAGE_ID] = {
				649	.img_id = SCP_BL2U_IMAGE_ID,
				650	.img_type = IMG_RAW,
				651	.parent = &cot_desc[FWU_CERT_ID],
				652	.img_auth_methods = {
				653	[0] = {
				654	.type = AUTH_METHOD_HASH,
				655	.param.hash = {
				656	.data = &raw_data,
				657	.hash = &scp_bl2u_hash,
				658	}
				659	}
				660	}
				661	},
				662	/*
				663	* BL2U
				664	*/
				665	[BL2U_IMAGE_ID] = {
				666	.img_id = BL2U_IMAGE_ID,
				667	.img_type = IMG_RAW,
				668	.parent = &cot_desc[FWU_CERT_ID],
				669	.img_auth_methods = {
				670	[0] = {
				671	.type = AUTH_METHOD_HASH,
				672	.param.hash = {
				673	.data = &raw_data,
				674	.hash = &bl2u_hash,
				675	}
				676	}
				677	}
				678	},
				679	/*
				680	* NS_BL2U
				681	*/
				682	[NS_BL2U_IMAGE_ID] = {
				683	.img_id = NS_BL2U_IMAGE_ID,
				684	.img_type = IMG_RAW,
				685	.parent = &cot_desc[FWU_CERT_ID],
				686	.img_auth_methods = {
				687	[0] = {
				688	.type = AUTH_METHOD_HASH,
				689	.param.hash = {
				690	.data = &raw_data,
				691	.hash = &ns_bl2u_hash,
				692	}
				693	}
				694	}
Juan Castillo	9b265a8	2015-05-07 14:52:44 +0100	[diff] [blame]	695	}
				696	};
				697
				698	/* Register the CoT in the authentication module */
				699	REGISTER_COT(cot_desc);