Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 2ea0584e81d9a64583f0da98ea752a613a332248 / . / plat / arm / board / juno / juno_tbbr_cot_bl2.c
blob: 8930dbbd5ae7137b545d196131c3e19ca6703e06 [file] [log] [blame]
Rob Hughes9a2177a2023-01-17 16:10:26 +0000[diff] [blame]1/*
2 * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7#include <stddef.h>
8
9#include <mbedtls/version.h>
10
11#include <drivers/auth/auth_mod.h>
12#include <drivers/auth/tbbr_cot_common.h>
13
14#if USE_TBBR_DEFS
15#include <tools_share/tbbr_oid.h>
16#else
17#include <platform_oid.h>
18#endif
19
20#include <platform_def.h>
21
22static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
23static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
24static unsigned char tos_fw_extra1_hash_buf[HASH_DER_LEN];
25static unsigned char tos_fw_extra2_hash_buf[HASH_DER_LEN];
26static unsigned char trusted_world_pk_buf[PK_DER_LEN];
27static unsigned char non_trusted_world_pk_buf[PK_DER_LEN];
28static unsigned char content_pk_buf[PK_DER_LEN];
29static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN];
30static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN];
31static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN];
32#if defined(SPD_spmd)
33static unsigned char sp_pkg_hash_buf[MAX_SP_IDS][HASH_DER_LEN];
34#endif /* SPD_spmd */
Rajasekaran Kalidoss85999a82023-05-08 14:55:13 +0200[diff] [blame]35#if ETHOSN_NPU_TZMP1
Rob Hughes9a2177a2023-01-17 16:10:26 +0000[diff] [blame]36static unsigned char npu_fw_image_hash_buf[HASH_DER_LEN];
Rajasekaran Kalidoss85999a82023-05-08 14:55:13 +0200[diff] [blame]37#endif /* ETHOSN_NPU_TZMP1 */
Rob Hughes9a2177a2023-01-17 16:10:26 +0000[diff] [blame]38
39
40static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
41 AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID);
42static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC(
43 AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID);
44static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC(
45 AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID);
46static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC(
47 AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID);
48static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC(
49 AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID);
50static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC(
51 AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID);
52static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC(
53 AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID);
54static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC(
55 AUTH_PARAM_HASH, SCP_FW_HASH_OID);
56static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
57 AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
58static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC(
59 AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID);
60static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
61 AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
62static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC(
63 AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID);
64static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC(
65 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID);
66static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC(
67 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID);
68static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
69 AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
70static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC(
71 AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID);
72#if defined(SPD_spmd)
73static auth_param_type_desc_t sp_pkg1_hash = AUTH_PARAM_TYPE_DESC(
74 AUTH_PARAM_HASH, SP_PKG1_HASH_OID);
75static auth_param_type_desc_t sp_pkg2_hash = AUTH_PARAM_TYPE_DESC(
76 AUTH_PARAM_HASH, SP_PKG2_HASH_OID);
77static auth_param_type_desc_t sp_pkg3_hash = AUTH_PARAM_TYPE_DESC(
78 AUTH_PARAM_HASH, SP_PKG3_HASH_OID);
79static auth_param_type_desc_t sp_pkg4_hash = AUTH_PARAM_TYPE_DESC(
80 AUTH_PARAM_HASH, SP_PKG4_HASH_OID);
81static auth_param_type_desc_t sp_pkg5_hash = AUTH_PARAM_TYPE_DESC(
82 AUTH_PARAM_HASH, SP_PKG5_HASH_OID);
83static auth_param_type_desc_t sp_pkg6_hash = AUTH_PARAM_TYPE_DESC(
84 AUTH_PARAM_HASH, SP_PKG6_HASH_OID);
85static auth_param_type_desc_t sp_pkg7_hash = AUTH_PARAM_TYPE_DESC(
86 AUTH_PARAM_HASH, SP_PKG7_HASH_OID);
87static auth_param_type_desc_t sp_pkg8_hash = AUTH_PARAM_TYPE_DESC(
88 AUTH_PARAM_HASH, SP_PKG8_HASH_OID);
89#endif /* SPD_spmd */
Rajasekaran Kalidoss85999a82023-05-08 14:55:13 +0200[diff] [blame]90#if ETHOSN_NPU_TZMP1
Rob Hughes9a2177a2023-01-17 16:10:26 +0000[diff] [blame]91static auth_param_type_desc_t npu_fw_cert_pk = AUTH_PARAM_TYPE_DESC(
92 AUTH_PARAM_PUB_KEY, ETHOSN_NPU_FW_CONTENT_CERT_PK_OID);
93static auth_param_type_desc_t npu_fw_image_hash = AUTH_PARAM_TYPE_DESC(
94 AUTH_PARAM_HASH, ETHOSN_NPU_FW_BINARY_OID);
Rajasekaran Kalidoss85999a82023-05-08 14:55:13 +0200[diff] [blame]95#endif /* ETHOSN_NPU_TZMP1 */
Rob Hughes9a2177a2023-01-17 16:10:26 +0000[diff] [blame]96
97/*
98 * Trusted key certificate
99 */
100static const auth_img_desc_t trusted_key_cert = {
101 .img_id = TRUSTED_KEY_CERT_ID,
102 .img_type = IMG_CERT,
103 .parent = NULL,
104 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
105 [0] = {
106 .type = AUTH_METHOD_SIG,
107 .param.sig = {
108 .pk = &subject_pk,
109 .sig = &sig,
110 .alg = &sig_alg,
111 .data = &raw_data
112 }
113 },
114 [1] = {
115 .type = AUTH_METHOD_NV_CTR,
116 .param.nv_ctr = {
117 .cert_nv_ctr = &trusted_nv_ctr,
118 .plat_nv_ctr = &trusted_nv_ctr
119 }
120 }
121 },
122 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
123 [0] = {
124 .type_desc = &trusted_world_pk,
125 .data = {
126 .ptr = (void *)trusted_world_pk_buf,
127 .len = (unsigned int)PK_DER_LEN
128 }
129 },
130 [1] = {
131 .type_desc = &non_trusted_world_pk,
132 .data = {
133 .ptr = (void *)non_trusted_world_pk_buf,
134 .len = (unsigned int)PK_DER_LEN
135 }
136 }
137 }
138};
139/*
140 * SCP Firmware
141 */
142static const auth_img_desc_t scp_fw_key_cert = {
143 .img_id = SCP_FW_KEY_CERT_ID,
144 .img_type = IMG_CERT,
145 .parent = &trusted_key_cert,
146 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
147 [0] = {
148 .type = AUTH_METHOD_SIG,
149 .param.sig = {
150 .pk = &trusted_world_pk,
151 .sig = &sig,
152 .alg = &sig_alg,
153 .data = &raw_data
154 }
155 },
156 [1] = {
157 .type = AUTH_METHOD_NV_CTR,
158 .param.nv_ctr = {
159 .cert_nv_ctr = &trusted_nv_ctr,
160 .plat_nv_ctr = &trusted_nv_ctr
161 }
162 }
163 },
164 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
165 [0] = {
166 .type_desc = &scp_fw_content_pk,
167 .data = {
168 .ptr = (void *)content_pk_buf,
169 .len = (unsigned int)PK_DER_LEN
170 }
171 }
172 }
173};
174static const auth_img_desc_t scp_fw_content_cert = {
175 .img_id = SCP_FW_CONTENT_CERT_ID,
176 .img_type = IMG_CERT,
177 .parent = &scp_fw_key_cert,
178 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
179 [0] = {
180 .type = AUTH_METHOD_SIG,
181 .param.sig = {
182 .pk = &scp_fw_content_pk,
183 .sig = &sig,
184 .alg = &sig_alg,
185 .data = &raw_data
186 }
187 },
188 [1] = {
189 .type = AUTH_METHOD_NV_CTR,
190 .param.nv_ctr = {
191 .cert_nv_ctr = &trusted_nv_ctr,
192 .plat_nv_ctr = &trusted_nv_ctr
193 }
194 }
195 },
196 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
197 [0] = {
198 .type_desc = &scp_fw_hash,
199 .data = {
200 .ptr = (void *)scp_fw_hash_buf,
201 .len = (unsigned int)HASH_DER_LEN
202 }
203 }
204 }
205};
206static const auth_img_desc_t scp_bl2_image = {
207 .img_id = SCP_BL2_IMAGE_ID,
208 .img_type = IMG_RAW,
209 .parent = &scp_fw_content_cert,
210 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
211 [0] = {
212 .type = AUTH_METHOD_HASH,
213 .param.hash = {
214 .data = &raw_data,
215 .hash = &scp_fw_hash
216 }
217 }
218 }
219};
220/*
221 * SoC Firmware
222 */
223static const auth_img_desc_t soc_fw_key_cert = {
224 .img_id = SOC_FW_KEY_CERT_ID,
225 .img_type = IMG_CERT,
226 .parent = &trusted_key_cert,
227 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
228 [0] = {
229 .type = AUTH_METHOD_SIG,
230 .param.sig = {
231 .pk = &trusted_world_pk,
232 .sig = &sig,
233 .alg = &sig_alg,
234 .data = &raw_data
235 }
236 },
237 [1] = {
238 .type = AUTH_METHOD_NV_CTR,
239 .param.nv_ctr = {
240 .cert_nv_ctr = &trusted_nv_ctr,
241 .plat_nv_ctr = &trusted_nv_ctr
242 }
243 }
244 },
245 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
246 [0] = {
247 .type_desc = &soc_fw_content_pk,
248 .data = {
249 .ptr = (void *)content_pk_buf,
250 .len = (unsigned int)PK_DER_LEN
251 }
252 }
253 }
254};
255static const auth_img_desc_t soc_fw_content_cert = {
256 .img_id = SOC_FW_CONTENT_CERT_ID,
257 .img_type = IMG_CERT,
258 .parent = &soc_fw_key_cert,
259 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
260 [0] = {
261 .type = AUTH_METHOD_SIG,
262 .param.sig = {
263 .pk = &soc_fw_content_pk,
264 .sig = &sig,
265 .alg = &sig_alg,
266 .data = &raw_data
267 }
268 },
269 [1] = {
270 .type = AUTH_METHOD_NV_CTR,
271 .param.nv_ctr = {
272 .cert_nv_ctr = &trusted_nv_ctr,
273 .plat_nv_ctr = &trusted_nv_ctr
274 }
275 }
276 },
277 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
278 [0] = {
279 .type_desc = &soc_fw_hash,
280 .data = {
281 .ptr = (void *)soc_fw_hash_buf,
282 .len = (unsigned int)HASH_DER_LEN
283 }
284 },
285 [1] = {
286 .type_desc = &soc_fw_config_hash,
287 .data = {
288 .ptr = (void *)soc_fw_config_hash_buf,
289 .len = (unsigned int)HASH_DER_LEN
290 }
291 }
292 }
293};
294static const auth_img_desc_t bl31_image = {
295 .img_id = BL31_IMAGE_ID,
296 .img_type = IMG_RAW,
297 .parent = &soc_fw_content_cert,
298 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
299 [0] = {
300 .type = AUTH_METHOD_HASH,
301 .param.hash = {
302 .data = &raw_data,
303 .hash = &soc_fw_hash
304 }
305 }
306 }
307};
308/* SOC FW Config */
309static const auth_img_desc_t soc_fw_config = {
310 .img_id = SOC_FW_CONFIG_ID,
311 .img_type = IMG_RAW,
312 .parent = &soc_fw_content_cert,
313 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
314 [0] = {
315 .type = AUTH_METHOD_HASH,
316 .param.hash = {
317 .data = &raw_data,
318 .hash = &soc_fw_config_hash
319 }
320 }
321 }
322};
323/*
324 * Trusted OS Firmware
325 */
326static const auth_img_desc_t trusted_os_fw_key_cert = {
327 .img_id = TRUSTED_OS_FW_KEY_CERT_ID,
328 .img_type = IMG_CERT,
329 .parent = &trusted_key_cert,
330 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
331 [0] = {
332 .type = AUTH_METHOD_SIG,
333 .param.sig = {
334 .pk = &trusted_world_pk,
335 .sig = &sig,
336 .alg = &sig_alg,
337 .data = &raw_data
338 }
339 },
340 [1] = {
341 .type = AUTH_METHOD_NV_CTR,
342 .param.nv_ctr = {
343 .cert_nv_ctr = &trusted_nv_ctr,
344 .plat_nv_ctr = &trusted_nv_ctr
345 }
346 }
347 },
348 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
349 [0] = {
350 .type_desc = &tos_fw_content_pk,
351 .data = {
352 .ptr = (void *)content_pk_buf,
353 .len = (unsigned int)PK_DER_LEN
354 }
355 }
356 }
357};
358static const auth_img_desc_t trusted_os_fw_content_cert = {
359 .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
360 .img_type = IMG_CERT,
361 .parent = &trusted_os_fw_key_cert,
362 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
363 [0] = {
364 .type = AUTH_METHOD_SIG,
365 .param.sig = {
366 .pk = &tos_fw_content_pk,
367 .sig = &sig,
368 .alg = &sig_alg,
369 .data = &raw_data
370 }
371 },
372 [1] = {
373 .type = AUTH_METHOD_NV_CTR,
374 .param.nv_ctr = {
375 .cert_nv_ctr = &trusted_nv_ctr,
376 .plat_nv_ctr = &trusted_nv_ctr
377 }
378 }
379 },
380 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
381 [0] = {
382 .type_desc = &tos_fw_hash,
383 .data = {
384 .ptr = (void *)tos_fw_hash_buf,
385 .len = (unsigned int)HASH_DER_LEN
386 }
387 },
388 [1] = {
389 .type_desc = &tos_fw_extra1_hash,
390 .data = {
391 .ptr = (void *)tos_fw_extra1_hash_buf,
392 .len = (unsigned int)HASH_DER_LEN
393 }
394 },
395 [2] = {
396 .type_desc = &tos_fw_extra2_hash,
397 .data = {
398 .ptr = (void *)tos_fw_extra2_hash_buf,
399 .len = (unsigned int)HASH_DER_LEN
400 }
401 },
402 [3] = {
403 .type_desc = &tos_fw_config_hash,
404 .data = {
405 .ptr = (void *)tos_fw_config_hash_buf,
406 .len = (unsigned int)HASH_DER_LEN
407 }
408 }
409 }
410};
411static const auth_img_desc_t bl32_image = {
412 .img_id = BL32_IMAGE_ID,
413 .img_type = IMG_RAW,
414 .parent = &trusted_os_fw_content_cert,
415 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
416 [0] = {
417 .type = AUTH_METHOD_HASH,
418 .param.hash = {
419 .data = &raw_data,
420 .hash = &tos_fw_hash
421 }
422 }
423 }
424};
425static const auth_img_desc_t bl32_extra1_image = {
426 .img_id = BL32_EXTRA1_IMAGE_ID,
427 .img_type = IMG_RAW,
428 .parent = &trusted_os_fw_content_cert,
429 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
430 [0] = {
431 .type = AUTH_METHOD_HASH,
432 .param.hash = {
433 .data = &raw_data,
434 .hash = &tos_fw_extra1_hash
435 }
436 }
437 }
438};
439static const auth_img_desc_t bl32_extra2_image = {
440 .img_id = BL32_EXTRA2_IMAGE_ID,
441 .img_type = IMG_RAW,
442 .parent = &trusted_os_fw_content_cert,
443 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
444 [0] = {
445 .type = AUTH_METHOD_HASH,
446 .param.hash = {
447 .data = &raw_data,
448 .hash = &tos_fw_extra2_hash
449 }
450 }
451 }
452};
453/* TOS FW Config */
454static const auth_img_desc_t tos_fw_config = {
455 .img_id = TOS_FW_CONFIG_ID,
456 .img_type = IMG_RAW,
457 .parent = &trusted_os_fw_content_cert,
458 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
459 [0] = {
460 .type = AUTH_METHOD_HASH,
461 .param.hash = {
462 .data = &raw_data,
463 .hash = &tos_fw_config_hash
464 }
465 }
466 }
467};
468/*
469 * Non-Trusted Firmware
470 */
471static const auth_img_desc_t non_trusted_fw_key_cert = {
472 .img_id = NON_TRUSTED_FW_KEY_CERT_ID,
473 .img_type = IMG_CERT,
474 .parent = &trusted_key_cert,
475 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
476 [0] = {
477 .type = AUTH_METHOD_SIG,
478 .param.sig = {
479 .pk = &non_trusted_world_pk,
480 .sig = &sig,
481 .alg = &sig_alg,
482 .data = &raw_data
483 }
484 },
485 [1] = {
486 .type = AUTH_METHOD_NV_CTR,
487 .param.nv_ctr = {
488 .cert_nv_ctr = &non_trusted_nv_ctr,
489 .plat_nv_ctr = &non_trusted_nv_ctr
490 }
491 }
492 },
493 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
494 [0] = {
495 .type_desc = &nt_fw_content_pk,
496 .data = {
497 .ptr = (void *)content_pk_buf,
498 .len = (unsigned int)PK_DER_LEN
499 }
500 }
501 }
502};
503static const auth_img_desc_t non_trusted_fw_content_cert = {
504 .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
505 .img_type = IMG_CERT,
506 .parent = &non_trusted_fw_key_cert,
507 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
508 [0] = {
509 .type = AUTH_METHOD_SIG,
510 .param.sig = {
511 .pk = &nt_fw_content_pk,
512 .sig = &sig,
513 .alg = &sig_alg,
514 .data = &raw_data
515 }
516 },
517 [1] = {
518 .type = AUTH_METHOD_NV_CTR,
519 .param.nv_ctr = {
520 .cert_nv_ctr = &non_trusted_nv_ctr,
521 .plat_nv_ctr = &non_trusted_nv_ctr
522 }
523 }
524 },
525 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
526 [0] = {
527 .type_desc = &nt_world_bl_hash,
528 .data = {
529 .ptr = (void *)nt_world_bl_hash_buf,
530 .len = (unsigned int)HASH_DER_LEN
531 }
532 },
533 [1] = {
534 .type_desc = &nt_fw_config_hash,
535 .data = {
536 .ptr = (void *)nt_fw_config_hash_buf,
537 .len = (unsigned int)HASH_DER_LEN
538 }
539 }
540 }
541};
542static const auth_img_desc_t bl33_image = {
543 .img_id = BL33_IMAGE_ID,
544 .img_type = IMG_RAW,
545 .parent = &non_trusted_fw_content_cert,
546 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
547 [0] = {
548 .type = AUTH_METHOD_HASH,
549 .param.hash = {
550 .data = &raw_data,
551 .hash = &nt_world_bl_hash
552 }
553 }
554 }
555};
556/* NT FW Config */
557static const auth_img_desc_t nt_fw_config = {
558 .img_id = NT_FW_CONFIG_ID,
559 .img_type = IMG_RAW,
560 .parent = &non_trusted_fw_content_cert,
561 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
562 [0] = {
563 .type = AUTH_METHOD_HASH,
564 .param.hash = {
565 .data = &raw_data,
566 .hash = &nt_fw_config_hash
567 }
568 }
569 }
570};
571/* Secure Partitions */
572#if defined(SPD_spmd)
573static const auth_img_desc_t sip_sp_content_cert = {
574 .img_id = SIP_SP_CONTENT_CERT_ID,
575 .img_type = IMG_CERT,
576 .parent = &trusted_key_cert,
577 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
578 [0] = {
579 .type = AUTH_METHOD_SIG,
580 .param.sig = {
581 .pk = &trusted_world_pk,
582 .sig = &sig,
583 .alg = &sig_alg,
584 .data = &raw_data
585 }
586 },
587 [1] = {
588 .type = AUTH_METHOD_NV_CTR,
589 .param.nv_ctr = {
590 .cert_nv_ctr = &trusted_nv_ctr,
591 .plat_nv_ctr = &trusted_nv_ctr
592 }
593 }
594 },
595 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
596 [0] = {
597 .type_desc = &sp_pkg1_hash,
598 .data = {
599 .ptr = (void *)sp_pkg_hash_buf[0],
600 .len = (unsigned int)HASH_DER_LEN
601 }
602 },
603 [1] = {
604 .type_desc = &sp_pkg2_hash,
605 .data = {
606 .ptr = (void *)sp_pkg_hash_buf[1],
607 .len = (unsigned int)HASH_DER_LEN
608 }
609 },
610 [2] = {
611 .type_desc = &sp_pkg3_hash,
612 .data = {
613 .ptr = (void *)sp_pkg_hash_buf[2],
614 .len = (unsigned int)HASH_DER_LEN
615 }
616 },
617 [3] = {
618 .type_desc = &sp_pkg4_hash,
619 .data = {
620 .ptr = (void *)sp_pkg_hash_buf[3],
621 .len = (unsigned int)HASH_DER_LEN
622 }
623 },
624 [4] = {
625 .type_desc = &sp_pkg5_hash,
626 .data = {
627 .ptr = (void *)sp_pkg_hash_buf[4],
628 .len = (unsigned int)HASH_DER_LEN
629 }
630 },
631 [5] = {
632 .type_desc = &sp_pkg6_hash,
633 .data = {
634 .ptr = (void *)sp_pkg_hash_buf[5],
635 .len = (unsigned int)HASH_DER_LEN
636 }
637 },
638 [6] = {
639 .type_desc = &sp_pkg7_hash,
640 .data = {
641 .ptr = (void *)sp_pkg_hash_buf[6],
642 .len = (unsigned int)HASH_DER_LEN
643 }
644 },
645 [7] = {
646 .type_desc = &sp_pkg8_hash,
647 .data = {
648 .ptr = (void *)sp_pkg_hash_buf[7],
649 .len = (unsigned int)HASH_DER_LEN
650 }
651 }
652 }
653};
654
655DEFINE_SIP_SP_PKG(1);
656DEFINE_SIP_SP_PKG(2);
657DEFINE_SIP_SP_PKG(3);
658DEFINE_SIP_SP_PKG(4);
659DEFINE_SIP_SP_PKG(5);
660DEFINE_SIP_SP_PKG(6);
661DEFINE_SIP_SP_PKG(7);
662DEFINE_SIP_SP_PKG(8);
663#endif /* SPD_spmd */
664
Rajasekaran Kalidoss85999a82023-05-08 14:55:13 +0200[diff] [blame]665#if ETHOSN_NPU_TZMP1
Rob Hughes9a2177a2023-01-17 16:10:26 +0000[diff] [blame]666static const auth_img_desc_t npu_fw_key_cert = {
Rajasekaran Kalidoss85999a82023-05-08 14:55:13 +0200[diff] [blame]667 .img_id = ETHOSN_NPU_FW_KEY_CERT_ID,
Rob Hughes9a2177a2023-01-17 16:10:26 +0000[diff] [blame]668 .img_type = IMG_CERT,
669 .parent = &trusted_key_cert,
670 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
671 [0] = {
672 .type = AUTH_METHOD_SIG,
673 .param.sig = {
674 .pk = &non_trusted_world_pk,
675 .sig = &sig,
676 .alg = &sig_alg,
677 .data = &raw_data
678 }
679 },
680 [1] = {
681 .type = AUTH_METHOD_NV_CTR,
682 .param.nv_ctr = {
683 .cert_nv_ctr = &non_trusted_nv_ctr,
684 .plat_nv_ctr = &non_trusted_nv_ctr
685 }
686 }
687 },
688 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
689 [0] = {
690 .type_desc = &npu_fw_cert_pk,
691 .data = {
692 .ptr = (void *)content_pk_buf,
693 .len = (unsigned int)PK_DER_LEN
694 }
695 }
696 }
697};
698
699static const auth_img_desc_t npu_fw_content_cert = {
Rajasekaran Kalidoss85999a82023-05-08 14:55:13 +0200[diff] [blame]700 .img_id = ETHOSN_NPU_FW_CONTENT_CERT_ID,
Rob Hughes9a2177a2023-01-17 16:10:26 +0000[diff] [blame]701 .img_type = IMG_CERT,
702 .parent = &npu_fw_key_cert,
703 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
704 [0] = {
705 .type = AUTH_METHOD_SIG,
706 .param.sig = {
707 .pk = &npu_fw_cert_pk,
708 .sig = &sig,
709 .alg = &sig_alg,
710 .data = &raw_data
711 }
712 },
713 [1] = {
714 .type = AUTH_METHOD_NV_CTR,
715 .param.nv_ctr = {
716 .cert_nv_ctr = &non_trusted_nv_ctr,
717 .plat_nv_ctr = &non_trusted_nv_ctr
718 }
719 }
720 },
721 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
722 [0] = {
723 .type_desc = &npu_fw_image_hash,
724 .data = {
725 .ptr = (void *)npu_fw_image_hash_buf,
726 .len = (unsigned int)HASH_DER_LEN
727 }
728 },
729 }
730};
731
732static const auth_img_desc_t npu_fw_image = {
Rajasekaran Kalidoss85999a82023-05-08 14:55:13 +0200[diff] [blame]733 .img_id = ETHOSN_NPU_FW_IMAGE_ID,
Rob Hughes9a2177a2023-01-17 16:10:26 +0000[diff] [blame]734 .img_type = IMG_RAW,
735 .parent = &npu_fw_content_cert,
736 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
737 [0] = {
738 .type = AUTH_METHOD_HASH,
739 .param.hash = {
740 .data = &raw_data,
741 .hash = &npu_fw_image_hash
742 }
743 }
744 }
745};
Rajasekaran Kalidoss85999a82023-05-08 14:55:13 +0200[diff] [blame]746#endif /* ETHOSN_NPU_TZMP1 */
Rob Hughes9a2177a2023-01-17 16:10:26 +0000[diff] [blame]747
748
749static const auth_img_desc_t * const cot_desc[] = {
750 [TRUSTED_BOOT_FW_CERT_ID] = &trusted_boot_fw_cert,
751 [HW_CONFIG_ID] = &hw_config,
752 [TRUSTED_KEY_CERT_ID] = &trusted_key_cert,
753 [SCP_FW_KEY_CERT_ID] = &scp_fw_key_cert,
754 [SCP_FW_CONTENT_CERT_ID] = &scp_fw_content_cert,
755 [SCP_BL2_IMAGE_ID] = &scp_bl2_image,
756 [SOC_FW_KEY_CERT_ID] = &soc_fw_key_cert,
757 [SOC_FW_CONTENT_CERT_ID] = &soc_fw_content_cert,
758 [BL31_IMAGE_ID] = &bl31_image,
759 [SOC_FW_CONFIG_ID] = &soc_fw_config,
760 [TRUSTED_OS_FW_KEY_CERT_ID] = &trusted_os_fw_key_cert,
761 [TRUSTED_OS_FW_CONTENT_CERT_ID] = &trusted_os_fw_content_cert,
762 [BL32_IMAGE_ID] = &bl32_image,
763 [BL32_EXTRA1_IMAGE_ID] = &bl32_extra1_image,
764 [BL32_EXTRA2_IMAGE_ID] = &bl32_extra2_image,
765 [TOS_FW_CONFIG_ID] = &tos_fw_config,
766 [NON_TRUSTED_FW_KEY_CERT_ID] = &non_trusted_fw_key_cert,
767 [NON_TRUSTED_FW_CONTENT_CERT_ID] = &non_trusted_fw_content_cert,
768 [BL33_IMAGE_ID] = &bl33_image,
769 [NT_FW_CONFIG_ID] = &nt_fw_config,
770#if defined(SPD_spmd)
771 [SIP_SP_CONTENT_CERT_ID] = &sip_sp_content_cert,
772 [SP_PKG1_ID] = &sp_pkg1,
773 [SP_PKG2_ID] = &sp_pkg2,
774 [SP_PKG3_ID] = &sp_pkg3,
775 [SP_PKG4_ID] = &sp_pkg4,
776 [SP_PKG5_ID] = &sp_pkg5,
777 [SP_PKG6_ID] = &sp_pkg6,
778 [SP_PKG7_ID] = &sp_pkg7,
779 [SP_PKG8_ID] = &sp_pkg8,
780#endif
Rajasekaran Kalidoss85999a82023-05-08 14:55:13 +0200[diff] [blame]781#if ETHOSN_NPU_TZMP1
782 [ETHOSN_NPU_FW_KEY_CERT_ID] = &npu_fw_key_cert,
783 [ETHOSN_NPU_FW_CONTENT_CERT_ID] = &npu_fw_content_cert,
784 [ETHOSN_NPU_FW_IMAGE_ID] = &npu_fw_image,
785#endif /* ETHOSN_NPU_TZMP1 */
Rob Hughes9a2177a2023-01-17 16:10:26 +0000[diff] [blame]786};
787
788/* Register the CoT in the authentication module */
789REGISTER_COT(cot_desc);