blob: 4aaab390fb4b9643e43349719305bf765fabfe17 [file] [log] [blame]
Juan Castillo9b265a82015-05-07 14:52:44 +01001/*
Masahiro Yamadaa27c1662017-05-22 12:11:24 +09002 * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
Juan Castillo9b265a82015-05-07 14:52:44 +01003 *
dp-armfa3cf0b2017-05-03 09:38:09 +01004 * SPDX-License-Identifier: BSD-3-Clause
Juan Castillo9b265a82015-05-07 14:52:44 +01005 */
6
7#include <auth_mod.h>
8#include <platform_def.h>
Isla Mitchell99305012017-07-11 14:54:08 +01009#include <stddef.h>
10
Masahiro Yamadaa27c1662017-05-22 12:11:24 +090011#if USE_TBBR_DEFS
12#include <tbbr_oid.h>
13#else
Juan Castillo9b265a82015-05-07 14:52:44 +010014#include <platform_oid.h>
Masahiro Yamadaa27c1662017-05-22 12:11:24 +090015#endif
Isla Mitchell99305012017-07-11 14:54:08 +010016
Juan Castillo9b265a82015-05-07 14:52:44 +010017
18/*
19 * Maximum key and hash sizes (in DER format)
20 */
21#define PK_DER_LEN 294
22#define HASH_DER_LEN 51
23
24/*
25 * The platform must allocate buffers to store the authentication parameters
26 * extracted from the certificates. In this case, because of the way the CoT is
27 * established, we can reuse some of the buffers on different stages
28 */
Juan Castillobe801202015-12-03 10:19:21 +000029static unsigned char tb_fw_hash_buf[HASH_DER_LEN];
30static unsigned char scp_fw_hash_buf[HASH_DER_LEN];
31static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
32static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
Summer Qin80726782017-04-20 16:28:39 +010033static unsigned char tos_fw_extra1_hash_buf[HASH_DER_LEN];
34static unsigned char tos_fw_extra2_hash_buf[HASH_DER_LEN];
Juan Castillobe801202015-12-03 10:19:21 +000035static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN];
36static unsigned char trusted_world_pk_buf[PK_DER_LEN];
37static unsigned char non_trusted_world_pk_buf[PK_DER_LEN];
38static unsigned char content_pk_buf[PK_DER_LEN];
Juan Castillo9b265a82015-05-07 14:52:44 +010039
40/*
41 * Parameter type descriptors
42 */
Juan Castillobfb7fa62016-01-22 11:05:57 +000043static auth_param_type_desc_t trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
44 AUTH_PARAM_NV_CTR, TRUSTED_FW_NVCOUNTER_OID);
45static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
46 AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID);
47
Juan Castillo9b265a82015-05-07 14:52:44 +010048static auth_param_type_desc_t subject_pk = AUTH_PARAM_TYPE_DESC(
49 AUTH_PARAM_PUB_KEY, 0);
50static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC(
51 AUTH_PARAM_SIG, 0);
52static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC(
53 AUTH_PARAM_SIG_ALG, 0);
54static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC(
55 AUTH_PARAM_RAW_DATA, 0);
56
Juan Castillobe801202015-12-03 10:19:21 +000057static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC(
58 AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID);
59static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC(
60 AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +010061
Juan Castillobe801202015-12-03 10:19:21 +000062static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC(
63 AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID);
64static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC(
65 AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID);
66static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC(
67 AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID);
68static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC(
69 AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +010070
Juan Castillobe801202015-12-03 10:19:21 +000071static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC(
72 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID);
73static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC(
74 AUTH_PARAM_HASH, SCP_FW_HASH_OID);
75static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
76 AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
77static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
78 AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
Summer Qin80726782017-04-20 16:28:39 +010079static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC(
80 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID);
81static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC(
82 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID);
Juan Castillobe801202015-12-03 10:19:21 +000083static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
84 AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010085static auth_param_type_desc_t scp_bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillobe801202015-12-03 10:19:21 +000086 AUTH_PARAM_HASH, SCP_FWU_CFG_HASH_OID);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010087static auth_param_type_desc_t bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillobe801202015-12-03 10:19:21 +000088 AUTH_PARAM_HASH, AP_FWU_CFG_HASH_OID);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +010089static auth_param_type_desc_t ns_bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillobe801202015-12-03 10:19:21 +000090 AUTH_PARAM_HASH, FWU_HASH_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +010091
92/*
93 * TBBR Chain of trust definition
94 */
95static const auth_img_desc_t cot_desc[] = {
96 /*
97 * BL2
98 */
Juan Castillobe801202015-12-03 10:19:21 +000099 [TRUSTED_BOOT_FW_CERT_ID] = {
100 .img_id = TRUSTED_BOOT_FW_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100101 .img_type = IMG_CERT,
102 .parent = NULL,
103 .img_auth_methods = {
104 [0] = {
105 .type = AUTH_METHOD_SIG,
106 .param.sig = {
107 .pk = &subject_pk,
108 .sig = &sig,
109 .alg = &sig_alg,
110 .data = &raw_data,
111 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000112 },
113 [1] = {
114 .type = AUTH_METHOD_NV_CTR,
115 .param.nv_ctr = {
116 .cert_nv_ctr = &trusted_nv_ctr,
117 .plat_nv_ctr = &trusted_nv_ctr
118 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100119 }
120 },
121 .authenticated_data = {
122 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000123 .type_desc = &tb_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100124 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000125 .ptr = (void *)tb_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100126 .len = (unsigned int)HASH_DER_LEN
127 }
128 }
129 }
130 },
131 [BL2_IMAGE_ID] = {
132 .img_id = BL2_IMAGE_ID,
133 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000134 .parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100135 .img_auth_methods = {
136 [0] = {
137 .type = AUTH_METHOD_HASH,
138 .param.hash = {
139 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000140 .hash = &tb_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100141 }
142 }
143 }
144 },
145 /*
146 * Trusted key certificate
147 */
148 [TRUSTED_KEY_CERT_ID] = {
149 .img_id = TRUSTED_KEY_CERT_ID,
150 .img_type = IMG_CERT,
151 .parent = NULL,
152 .img_auth_methods = {
153 [0] = {
154 .type = AUTH_METHOD_SIG,
155 .param.sig = {
156 .pk = &subject_pk,
157 .sig = &sig,
158 .alg = &sig_alg,
159 .data = &raw_data,
160 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000161 },
162 [1] = {
163 .type = AUTH_METHOD_NV_CTR,
164 .param.nv_ctr = {
165 .cert_nv_ctr = &trusted_nv_ctr,
166 .plat_nv_ctr = &trusted_nv_ctr
167 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100168 }
169 },
170 .authenticated_data = {
171 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000172 .type_desc = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100173 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000174 .ptr = (void *)trusted_world_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100175 .len = (unsigned int)PK_DER_LEN
176 }
177 },
178 [1] = {
Juan Castillobe801202015-12-03 10:19:21 +0000179 .type_desc = &non_trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100180 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000181 .ptr = (void *)non_trusted_world_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100182 .len = (unsigned int)PK_DER_LEN
183 }
184 }
185 }
186 },
187 /*
Juan Castillobe801202015-12-03 10:19:21 +0000188 * SCP Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100189 */
Juan Castillobe801202015-12-03 10:19:21 +0000190 [SCP_FW_KEY_CERT_ID] = {
191 .img_id = SCP_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100192 .img_type = IMG_CERT,
193 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
194 .img_auth_methods = {
195 [0] = {
196 .type = AUTH_METHOD_SIG,
197 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000198 .pk = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100199 .sig = &sig,
200 .alg = &sig_alg,
201 .data = &raw_data,
202 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000203 },
204 [1] = {
205 .type = AUTH_METHOD_NV_CTR,
206 .param.nv_ctr = {
207 .cert_nv_ctr = &trusted_nv_ctr,
208 .plat_nv_ctr = &trusted_nv_ctr
209 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100210 }
211 },
212 .authenticated_data = {
213 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000214 .type_desc = &scp_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100215 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000216 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100217 .len = (unsigned int)PK_DER_LEN
218 }
219 }
220 }
221 },
Juan Castillobe801202015-12-03 10:19:21 +0000222 [SCP_FW_CONTENT_CERT_ID] = {
223 .img_id = SCP_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100224 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000225 .parent = &cot_desc[SCP_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100226 .img_auth_methods = {
227 [0] = {
228 .type = AUTH_METHOD_SIG,
229 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000230 .pk = &scp_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100231 .sig = &sig,
232 .alg = &sig_alg,
233 .data = &raw_data,
234 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000235 },
236 [1] = {
237 .type = AUTH_METHOD_NV_CTR,
238 .param.nv_ctr = {
239 .cert_nv_ctr = &trusted_nv_ctr,
240 .plat_nv_ctr = &trusted_nv_ctr
241 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100242 }
243 },
244 .authenticated_data = {
245 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000246 .type_desc = &scp_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100247 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000248 .ptr = (void *)scp_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100249 .len = (unsigned int)HASH_DER_LEN
250 }
251 }
252 }
253 },
Juan Castilloa72b6472015-12-10 15:49:17 +0000254 [SCP_BL2_IMAGE_ID] = {
255 .img_id = SCP_BL2_IMAGE_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100256 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000257 .parent = &cot_desc[SCP_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100258 .img_auth_methods = {
259 [0] = {
260 .type = AUTH_METHOD_HASH,
261 .param.hash = {
262 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000263 .hash = &scp_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100264 }
265 }
266 }
267 },
268 /*
Juan Castillobe801202015-12-03 10:19:21 +0000269 * SoC Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100270 */
Juan Castillobe801202015-12-03 10:19:21 +0000271 [SOC_FW_KEY_CERT_ID] = {
272 .img_id = SOC_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100273 .img_type = IMG_CERT,
274 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
275 .img_auth_methods = {
276 [0] = {
277 .type = AUTH_METHOD_SIG,
278 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000279 .pk = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100280 .sig = &sig,
281 .alg = &sig_alg,
282 .data = &raw_data,
283 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000284 },
285 [1] = {
286 .type = AUTH_METHOD_NV_CTR,
287 .param.nv_ctr = {
288 .cert_nv_ctr = &trusted_nv_ctr,
289 .plat_nv_ctr = &trusted_nv_ctr
290 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100291 }
292 },
293 .authenticated_data = {
294 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000295 .type_desc = &soc_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100296 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000297 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100298 .len = (unsigned int)PK_DER_LEN
299 }
300 }
301 }
302 },
Juan Castillobe801202015-12-03 10:19:21 +0000303 [SOC_FW_CONTENT_CERT_ID] = {
304 .img_id = SOC_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100305 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000306 .parent = &cot_desc[SOC_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100307 .img_auth_methods = {
308 [0] = {
309 .type = AUTH_METHOD_SIG,
310 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000311 .pk = &soc_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100312 .sig = &sig,
313 .alg = &sig_alg,
314 .data = &raw_data,
315 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000316 },
317 [1] = {
318 .type = AUTH_METHOD_NV_CTR,
319 .param.nv_ctr = {
320 .cert_nv_ctr = &trusted_nv_ctr,
321 .plat_nv_ctr = &trusted_nv_ctr
322 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100323 }
324 },
325 .authenticated_data = {
326 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000327 .type_desc = &soc_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100328 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000329 .ptr = (void *)soc_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100330 .len = (unsigned int)HASH_DER_LEN
331 }
332 }
333 }
334 },
335 [BL31_IMAGE_ID] = {
336 .img_id = BL31_IMAGE_ID,
337 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000338 .parent = &cot_desc[SOC_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100339 .img_auth_methods = {
340 [0] = {
341 .type = AUTH_METHOD_HASH,
342 .param.hash = {
343 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000344 .hash = &soc_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100345 }
346 }
347 }
348 },
349 /*
Juan Castillobe801202015-12-03 10:19:21 +0000350 * Trusted OS Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100351 */
Juan Castillobe801202015-12-03 10:19:21 +0000352 [TRUSTED_OS_FW_KEY_CERT_ID] = {
353 .img_id = TRUSTED_OS_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100354 .img_type = IMG_CERT,
355 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
356 .img_auth_methods = {
357 [0] = {
358 .type = AUTH_METHOD_SIG,
359 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000360 .pk = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100361 .sig = &sig,
362 .alg = &sig_alg,
363 .data = &raw_data,
364 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000365 },
366 [1] = {
367 .type = AUTH_METHOD_NV_CTR,
368 .param.nv_ctr = {
369 .cert_nv_ctr = &trusted_nv_ctr,
370 .plat_nv_ctr = &trusted_nv_ctr
371 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100372 }
373 },
374 .authenticated_data = {
375 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000376 .type_desc = &tos_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100377 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000378 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100379 .len = (unsigned int)PK_DER_LEN
380 }
381 }
382 }
383 },
Juan Castillobe801202015-12-03 10:19:21 +0000384 [TRUSTED_OS_FW_CONTENT_CERT_ID] = {
385 .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100386 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000387 .parent = &cot_desc[TRUSTED_OS_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100388 .img_auth_methods = {
389 [0] = {
390 .type = AUTH_METHOD_SIG,
391 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000392 .pk = &tos_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100393 .sig = &sig,
394 .alg = &sig_alg,
395 .data = &raw_data,
396 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000397 },
398 [1] = {
399 .type = AUTH_METHOD_NV_CTR,
400 .param.nv_ctr = {
401 .cert_nv_ctr = &trusted_nv_ctr,
402 .plat_nv_ctr = &trusted_nv_ctr
403 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100404 }
405 },
406 .authenticated_data = {
407 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000408 .type_desc = &tos_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100409 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000410 .ptr = (void *)tos_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100411 .len = (unsigned int)HASH_DER_LEN
412 }
Summer Qin80726782017-04-20 16:28:39 +0100413 },
414 [1] = {
415 .type_desc = &tos_fw_extra1_hash,
416 .data = {
417 .ptr = (void *)tos_fw_extra1_hash_buf,
418 .len = (unsigned int)HASH_DER_LEN
419 }
420 },
421 [2] = {
422 .type_desc = &tos_fw_extra2_hash,
423 .data = {
424 .ptr = (void *)tos_fw_extra2_hash_buf,
425 .len = (unsigned int)HASH_DER_LEN
426 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100427 }
428 }
429 },
430 [BL32_IMAGE_ID] = {
431 .img_id = BL32_IMAGE_ID,
432 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000433 .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100434 .img_auth_methods = {
435 [0] = {
436 .type = AUTH_METHOD_HASH,
437 .param.hash = {
438 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000439 .hash = &tos_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100440 }
441 }
442 }
443 },
Summer Qin80726782017-04-20 16:28:39 +0100444 [BL32_EXTRA1_IMAGE_ID] = {
445 .img_id = BL32_EXTRA1_IMAGE_ID,
446 .img_type = IMG_RAW,
447 .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
448 .img_auth_methods = {
449 [0] = {
450 .type = AUTH_METHOD_HASH,
451 .param.hash = {
452 .data = &raw_data,
453 .hash = &tos_fw_extra1_hash,
454 }
455 }
456 }
457 },
458 [BL32_EXTRA2_IMAGE_ID] = {
459 .img_id = BL32_EXTRA2_IMAGE_ID,
460 .img_type = IMG_RAW,
461 .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
462 .img_auth_methods = {
463 [0] = {
464 .type = AUTH_METHOD_HASH,
465 .param.hash = {
466 .data = &raw_data,
467 .hash = &tos_fw_extra2_hash,
468 }
469 }
470 }
471 },
Juan Castillo9b265a82015-05-07 14:52:44 +0100472 /*
Juan Castillobe801202015-12-03 10:19:21 +0000473 * Non-Trusted Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100474 */
Juan Castillobe801202015-12-03 10:19:21 +0000475 [NON_TRUSTED_FW_KEY_CERT_ID] = {
476 .img_id = NON_TRUSTED_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100477 .img_type = IMG_CERT,
478 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
479 .img_auth_methods = {
480 [0] = {
481 .type = AUTH_METHOD_SIG,
482 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000483 .pk = &non_trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100484 .sig = &sig,
485 .alg = &sig_alg,
486 .data = &raw_data,
487 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000488 },
489 [1] = {
490 .type = AUTH_METHOD_NV_CTR,
491 .param.nv_ctr = {
492 .cert_nv_ctr = &non_trusted_nv_ctr,
493 .plat_nv_ctr = &non_trusted_nv_ctr
494 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100495 }
496 },
497 .authenticated_data = {
498 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000499 .type_desc = &nt_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100500 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000501 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100502 .len = (unsigned int)PK_DER_LEN
503 }
504 }
505 }
506 },
Juan Castillobe801202015-12-03 10:19:21 +0000507 [NON_TRUSTED_FW_CONTENT_CERT_ID] = {
508 .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100509 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000510 .parent = &cot_desc[NON_TRUSTED_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100511 .img_auth_methods = {
512 [0] = {
513 .type = AUTH_METHOD_SIG,
514 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000515 .pk = &nt_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100516 .sig = &sig,
517 .alg = &sig_alg,
518 .data = &raw_data,
519 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000520 },
521 [1] = {
522 .type = AUTH_METHOD_NV_CTR,
523 .param.nv_ctr = {
524 .cert_nv_ctr = &non_trusted_nv_ctr,
525 .plat_nv_ctr = &non_trusted_nv_ctr
526 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100527 }
528 },
529 .authenticated_data = {
530 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000531 .type_desc = &nt_world_bl_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100532 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000533 .ptr = (void *)nt_world_bl_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100534 .len = (unsigned int)HASH_DER_LEN
535 }
536 }
537 }
538 },
539 [BL33_IMAGE_ID] = {
540 .img_id = BL33_IMAGE_ID,
541 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000542 .parent = &cot_desc[NON_TRUSTED_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100543 .img_auth_methods = {
544 [0] = {
545 .type = AUTH_METHOD_HASH,
546 .param.hash = {
547 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000548 .hash = &nt_world_bl_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100549 }
550 }
551 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100552 },
553 /*
554 * FWU auth descriptor.
555 */
556 [FWU_CERT_ID] = {
557 .img_id = FWU_CERT_ID,
558 .img_type = IMG_CERT,
559 .parent = NULL,
560 .img_auth_methods = {
561 [0] = {
562 .type = AUTH_METHOD_SIG,
563 .param.sig = {
564 .pk = &subject_pk,
565 .sig = &sig,
566 .alg = &sig_alg,
567 .data = &raw_data,
568 }
569 }
570 },
571 .authenticated_data = {
572 [0] = {
573 .type_desc = &scp_bl2u_hash,
574 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000575 .ptr = (void *)scp_fw_hash_buf,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100576 .len = (unsigned int)HASH_DER_LEN
577 }
578 },
579 [1] = {
580 .type_desc = &bl2u_hash,
581 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000582 .ptr = (void *)tb_fw_hash_buf,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100583 .len = (unsigned int)HASH_DER_LEN
584 }
585 },
586 [2] = {
587 .type_desc = &ns_bl2u_hash,
588 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000589 .ptr = (void *)nt_world_bl_hash_buf,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100590 .len = (unsigned int)HASH_DER_LEN
591 }
592 }
593 }
594 },
595 /*
596 * SCP_BL2U
597 */
598 [SCP_BL2U_IMAGE_ID] = {
599 .img_id = SCP_BL2U_IMAGE_ID,
600 .img_type = IMG_RAW,
601 .parent = &cot_desc[FWU_CERT_ID],
602 .img_auth_methods = {
603 [0] = {
604 .type = AUTH_METHOD_HASH,
605 .param.hash = {
606 .data = &raw_data,
607 .hash = &scp_bl2u_hash,
608 }
609 }
610 }
611 },
612 /*
613 * BL2U
614 */
615 [BL2U_IMAGE_ID] = {
616 .img_id = BL2U_IMAGE_ID,
617 .img_type = IMG_RAW,
618 .parent = &cot_desc[FWU_CERT_ID],
619 .img_auth_methods = {
620 [0] = {
621 .type = AUTH_METHOD_HASH,
622 .param.hash = {
623 .data = &raw_data,
624 .hash = &bl2u_hash,
625 }
626 }
627 }
628 },
629 /*
630 * NS_BL2U
631 */
632 [NS_BL2U_IMAGE_ID] = {
633 .img_id = NS_BL2U_IMAGE_ID,
634 .img_type = IMG_RAW,
635 .parent = &cot_desc[FWU_CERT_ID],
636 .img_auth_methods = {
637 [0] = {
638 .type = AUTH_METHOD_HASH,
639 .param.hash = {
640 .data = &raw_data,
641 .hash = &ns_bl2u_hash,
642 }
643 }
644 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100645 }
646};
647
648/* Register the CoT in the authentication module */
649REGISTER_COT(cot_desc);