Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 3237955942dc634563ac1252b788116ab1e5553d / . / drivers / auth / tbbr / tbbr_cot.c
blob: ec14a185d17aebcb396b96564bfd89175e48091f [file] [log] [blame]
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]1/*
Soby Mathew0bdfef02017-11-07 17:03:57 +0000[diff] [blame]2 * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]3 *
dp-armfa3cf0b2017-05-03 09:38:09 +0100[diff] [blame]4 * SPDX-License-Identifier: BSD-3-Clause
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]5 */
6
Isla Mitchell99305012017-07-11 14:54:08 +0100[diff] [blame]7#include <stddef.h>
8
Antonio Nino Diaze0f90632018-12-14 00:18:21 +0000[diff] [blame]9#include <platform_def.h>
10
11#include <drivers/auth/auth_mod.h>
Masahiro Yamadaa27c1662017-05-22 12:11:24 +0900[diff] [blame]12#if USE_TBBR_DEFS
Antonio Nino Diaze0f90632018-12-14 00:18:21 +0000[diff] [blame]13#include <tools_share/tbbr_oid.h>
Masahiro Yamadaa27c1662017-05-22 12:11:24 +0900[diff] [blame]14#else
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]15#include <platform_oid.h>
Masahiro Yamadaa27c1662017-05-22 12:11:24 +0900[diff] [blame]16#endif
Isla Mitchell99305012017-07-11 14:54:08 +0100[diff] [blame]17
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]18
19/*
20 * Maximum key and hash sizes (in DER format)
21 */
22#define PK_DER_LEN 294
Qixiang Xu1a1f2912017-11-09 13:56:29 +0800[diff] [blame]23#define HASH_DER_LEN 83
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]24
25/*
26 * The platform must allocate buffers to store the authentication parameters
27 * extracted from the certificates. In this case, because of the way the CoT is
28 * established, we can reuse some of the buffers on different stages
29 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]30static unsigned char tb_fw_hash_buf[HASH_DER_LEN];
Soby Mathew0bdfef02017-11-07 17:03:57 +0000[diff] [blame]31static unsigned char tb_fw_config_hash_buf[HASH_DER_LEN];
32static unsigned char hw_config_hash_buf[HASH_DER_LEN];
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]33static unsigned char scp_fw_hash_buf[HASH_DER_LEN];
34static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
35static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
Summer Qin80726782017-04-20 16:28:39 +0100[diff] [blame]36static unsigned char tos_fw_extra1_hash_buf[HASH_DER_LEN];
37static unsigned char tos_fw_extra2_hash_buf[HASH_DER_LEN];
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]38static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN];
39static unsigned char trusted_world_pk_buf[PK_DER_LEN];
40static unsigned char non_trusted_world_pk_buf[PK_DER_LEN];
41static unsigned char content_pk_buf[PK_DER_LEN];
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]42static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN];
43static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN];
44static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN];
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]45
46/*
47 * Parameter type descriptors
48 */
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]49static auth_param_type_desc_t trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
50 AUTH_PARAM_NV_CTR, TRUSTED_FW_NVCOUNTER_OID);
51static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
52 AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID);
53
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]54static auth_param_type_desc_t subject_pk = AUTH_PARAM_TYPE_DESC(
55 AUTH_PARAM_PUB_KEY, 0);
56static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC(
57 AUTH_PARAM_SIG, 0);
58static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC(
59 AUTH_PARAM_SIG_ALG, 0);
60static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC(
61 AUTH_PARAM_RAW_DATA, 0);
62
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]63static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC(
64 AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID);
65static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC(
66 AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]67
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]68static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC(
69 AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID);
70static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC(
71 AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID);
72static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC(
73 AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID);
74static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC(
75 AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]76
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]77static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC(
78 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID);
Soby Mathew0bdfef02017-11-07 17:03:57 +0000[diff] [blame]79static auth_param_type_desc_t tb_fw_config_hash = AUTH_PARAM_TYPE_DESC(
80 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_CONFIG_HASH_OID);
81static auth_param_type_desc_t hw_config_hash = AUTH_PARAM_TYPE_DESC(
82 AUTH_PARAM_HASH, HW_CONFIG_HASH_OID);
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]83static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC(
84 AUTH_PARAM_HASH, SCP_FW_HASH_OID);
85static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
86 AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]87static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC(
88 AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID);
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]89static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
90 AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]91static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC(
92 AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID);
Summer Qin80726782017-04-20 16:28:39 +0100[diff] [blame]93static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC(
94 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID);
95static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC(
96 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID);
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]97static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
98 AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]99static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC(
100 AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]101static auth_param_type_desc_t scp_bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]102 AUTH_PARAM_HASH, SCP_FWU_CFG_HASH_OID);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]103static auth_param_type_desc_t bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]104 AUTH_PARAM_HASH, AP_FWU_CFG_HASH_OID);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]105static auth_param_type_desc_t ns_bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]106 AUTH_PARAM_HASH, FWU_HASH_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]107
108/*
109 * TBBR Chain of trust definition
110 */
111static const auth_img_desc_t cot_desc[] = {
112 /*
113 * BL2
114 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]115 [TRUSTED_BOOT_FW_CERT_ID] = {
116 .img_id = TRUSTED_BOOT_FW_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]117 .img_type = IMG_CERT,
118 .parent = NULL,
119 .img_auth_methods = {
120 [0] = {
121 .type = AUTH_METHOD_SIG,
122 .param.sig = {
123 .pk = &subject_pk,
124 .sig = &sig,
125 .alg = &sig_alg,
126 .data = &raw_data,
127 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]128 },
129 [1] = {
130 .type = AUTH_METHOD_NV_CTR,
131 .param.nv_ctr = {
132 .cert_nv_ctr = &trusted_nv_ctr,
133 .plat_nv_ctr = &trusted_nv_ctr
134 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]135 }
136 },
137 .authenticated_data = {
138 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]139 .type_desc = &tb_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]140 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]141 .ptr = (void *)tb_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]142 .len = (unsigned int)HASH_DER_LEN
143 }
Soby Mathew0bdfef02017-11-07 17:03:57 +0000[diff] [blame]144 },
145 [1] = {
146 .type_desc = &tb_fw_config_hash,
147 .data = {
148 .ptr = (void *)tb_fw_config_hash_buf,
149 .len = (unsigned int)HASH_DER_LEN
150 }
151 },
152 [2] = {
153 .type_desc = &hw_config_hash,
154 .data = {
155 .ptr = (void *)hw_config_hash_buf,
156 .len = (unsigned int)HASH_DER_LEN
157 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]158 }
159 }
160 },
161 [BL2_IMAGE_ID] = {
162 .img_id = BL2_IMAGE_ID,
163 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]164 .parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]165 .img_auth_methods = {
166 [0] = {
167 .type = AUTH_METHOD_HASH,
168 .param.hash = {
169 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]170 .hash = &tb_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]171 }
172 }
173 }
174 },
Soby Mathew0bdfef02017-11-07 17:03:57 +0000[diff] [blame]175 /* HW Config */
176 [HW_CONFIG_ID] = {
177 .img_id = HW_CONFIG_ID,
178 .img_type = IMG_RAW,
179 .parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
180 .img_auth_methods = {
181 [0] = {
182 .type = AUTH_METHOD_HASH,
183 .param.hash = {
184 .data = &raw_data,
185 .hash = &hw_config_hash,
186 }
187 }
188 }
189 },
190 /* TB FW Config */
191 [TB_FW_CONFIG_ID] = {
192 .img_id = TB_FW_CONFIG_ID,
193 .img_type = IMG_RAW,
194 .parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
195 .img_auth_methods = {
196 [0] = {
197 .type = AUTH_METHOD_HASH,
198 .param.hash = {
199 .data = &raw_data,
200 .hash = &tb_fw_config_hash,
201 }
202 }
203 }
204 },
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]205 /*
206 * Trusted key certificate
207 */
208 [TRUSTED_KEY_CERT_ID] = {
209 .img_id = TRUSTED_KEY_CERT_ID,
210 .img_type = IMG_CERT,
211 .parent = NULL,
212 .img_auth_methods = {
213 [0] = {
214 .type = AUTH_METHOD_SIG,
215 .param.sig = {
216 .pk = &subject_pk,
217 .sig = &sig,
218 .alg = &sig_alg,
219 .data = &raw_data,
220 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]221 },
222 [1] = {
223 .type = AUTH_METHOD_NV_CTR,
224 .param.nv_ctr = {
225 .cert_nv_ctr = &trusted_nv_ctr,
226 .plat_nv_ctr = &trusted_nv_ctr
227 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]228 }
229 },
230 .authenticated_data = {
231 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]232 .type_desc = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]233 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]234 .ptr = (void *)trusted_world_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]235 .len = (unsigned int)PK_DER_LEN
236 }
237 },
238 [1] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]239 .type_desc = &non_trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]240 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]241 .ptr = (void *)non_trusted_world_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]242 .len = (unsigned int)PK_DER_LEN
243 }
244 }
245 }
246 },
247 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]248 * SCP Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]249 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]250 [SCP_FW_KEY_CERT_ID] = {
251 .img_id = SCP_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]252 .img_type = IMG_CERT,
253 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
254 .img_auth_methods = {
255 [0] = {
256 .type = AUTH_METHOD_SIG,
257 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]258 .pk = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]259 .sig = &sig,
260 .alg = &sig_alg,
261 .data = &raw_data,
262 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]263 },
264 [1] = {
265 .type = AUTH_METHOD_NV_CTR,
266 .param.nv_ctr = {
267 .cert_nv_ctr = &trusted_nv_ctr,
268 .plat_nv_ctr = &trusted_nv_ctr
269 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]270 }
271 },
272 .authenticated_data = {
273 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]274 .type_desc = &scp_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]275 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]276 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]277 .len = (unsigned int)PK_DER_LEN
278 }
279 }
280 }
281 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]282 [SCP_FW_CONTENT_CERT_ID] = {
283 .img_id = SCP_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]284 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]285 .parent = &cot_desc[SCP_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]286 .img_auth_methods = {
287 [0] = {
288 .type = AUTH_METHOD_SIG,
289 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]290 .pk = &scp_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]291 .sig = &sig,
292 .alg = &sig_alg,
293 .data = &raw_data,
294 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]295 },
296 [1] = {
297 .type = AUTH_METHOD_NV_CTR,
298 .param.nv_ctr = {
299 .cert_nv_ctr = &trusted_nv_ctr,
300 .plat_nv_ctr = &trusted_nv_ctr
301 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]302 }
303 },
304 .authenticated_data = {
305 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]306 .type_desc = &scp_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]307 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]308 .ptr = (void *)scp_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]309 .len = (unsigned int)HASH_DER_LEN
310 }
311 }
312 }
313 },
Juan Castilloa72b6472015-12-10 15:49:17 +0000[diff] [blame]314 [SCP_BL2_IMAGE_ID] = {
315 .img_id = SCP_BL2_IMAGE_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]316 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]317 .parent = &cot_desc[SCP_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]318 .img_auth_methods = {
319 [0] = {
320 .type = AUTH_METHOD_HASH,
321 .param.hash = {
322 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]323 .hash = &scp_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]324 }
325 }
326 }
327 },
328 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]329 * SoC Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]330 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]331 [SOC_FW_KEY_CERT_ID] = {
332 .img_id = SOC_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]333 .img_type = IMG_CERT,
334 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
335 .img_auth_methods = {
336 [0] = {
337 .type = AUTH_METHOD_SIG,
338 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]339 .pk = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]340 .sig = &sig,
341 .alg = &sig_alg,
342 .data = &raw_data,
343 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]344 },
345 [1] = {
346 .type = AUTH_METHOD_NV_CTR,
347 .param.nv_ctr = {
348 .cert_nv_ctr = &trusted_nv_ctr,
349 .plat_nv_ctr = &trusted_nv_ctr
350 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]351 }
352 },
353 .authenticated_data = {
354 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]355 .type_desc = &soc_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]356 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]357 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]358 .len = (unsigned int)PK_DER_LEN
359 }
360 }
361 }
362 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]363 [SOC_FW_CONTENT_CERT_ID] = {
364 .img_id = SOC_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]365 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]366 .parent = &cot_desc[SOC_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]367 .img_auth_methods = {
368 [0] = {
369 .type = AUTH_METHOD_SIG,
370 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]371 .pk = &soc_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]372 .sig = &sig,
373 .alg = &sig_alg,
374 .data = &raw_data,
375 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]376 },
377 [1] = {
378 .type = AUTH_METHOD_NV_CTR,
379 .param.nv_ctr = {
380 .cert_nv_ctr = &trusted_nv_ctr,
381 .plat_nv_ctr = &trusted_nv_ctr
382 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]383 }
384 },
385 .authenticated_data = {
386 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]387 .type_desc = &soc_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]388 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]389 .ptr = (void *)soc_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]390 .len = (unsigned int)HASH_DER_LEN
391 }
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]392 },
393 [1] = {
394 .type_desc = &soc_fw_config_hash,
395 .data = {
396 .ptr = (void *)soc_fw_config_hash_buf,
397 .len = (unsigned int)HASH_DER_LEN
398 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]399 }
400 }
401 },
402 [BL31_IMAGE_ID] = {
403 .img_id = BL31_IMAGE_ID,
404 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]405 .parent = &cot_desc[SOC_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]406 .img_auth_methods = {
407 [0] = {
408 .type = AUTH_METHOD_HASH,
409 .param.hash = {
410 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]411 .hash = &soc_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]412 }
413 }
414 }
415 },
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]416 /* SOC FW Config */
417 [SOC_FW_CONFIG_ID] = {
418 .img_id = SOC_FW_CONFIG_ID,
419 .img_type = IMG_RAW,
420 .parent = &cot_desc[SOC_FW_CONTENT_CERT_ID],
421 .img_auth_methods = {
422 [0] = {
423 .type = AUTH_METHOD_HASH,
424 .param.hash = {
425 .data = &raw_data,
426 .hash = &soc_fw_config_hash,
427 }
428 }
429 }
430 },
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]431 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]432 * Trusted OS Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]433 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]434 [TRUSTED_OS_FW_KEY_CERT_ID] = {
435 .img_id = TRUSTED_OS_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]436 .img_type = IMG_CERT,
437 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
438 .img_auth_methods = {
439 [0] = {
440 .type = AUTH_METHOD_SIG,
441 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]442 .pk = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]443 .sig = &sig,
444 .alg = &sig_alg,
445 .data = &raw_data,
446 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]447 },
448 [1] = {
449 .type = AUTH_METHOD_NV_CTR,
450 .param.nv_ctr = {
451 .cert_nv_ctr = &trusted_nv_ctr,
452 .plat_nv_ctr = &trusted_nv_ctr
453 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]454 }
455 },
456 .authenticated_data = {
457 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]458 .type_desc = &tos_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]459 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]460 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]461 .len = (unsigned int)PK_DER_LEN
462 }
463 }
464 }
465 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]466 [TRUSTED_OS_FW_CONTENT_CERT_ID] = {
467 .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]468 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]469 .parent = &cot_desc[TRUSTED_OS_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]470 .img_auth_methods = {
471 [0] = {
472 .type = AUTH_METHOD_SIG,
473 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]474 .pk = &tos_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]475 .sig = &sig,
476 .alg = &sig_alg,
477 .data = &raw_data,
478 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]479 },
480 [1] = {
481 .type = AUTH_METHOD_NV_CTR,
482 .param.nv_ctr = {
483 .cert_nv_ctr = &trusted_nv_ctr,
484 .plat_nv_ctr = &trusted_nv_ctr
485 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]486 }
487 },
488 .authenticated_data = {
489 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]490 .type_desc = &tos_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]491 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]492 .ptr = (void *)tos_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]493 .len = (unsigned int)HASH_DER_LEN
494 }
Summer Qin80726782017-04-20 16:28:39 +0100[diff] [blame]495 },
496 [1] = {
497 .type_desc = &tos_fw_extra1_hash,
498 .data = {
499 .ptr = (void *)tos_fw_extra1_hash_buf,
500 .len = (unsigned int)HASH_DER_LEN
501 }
502 },
503 [2] = {
504 .type_desc = &tos_fw_extra2_hash,
505 .data = {
506 .ptr = (void *)tos_fw_extra2_hash_buf,
507 .len = (unsigned int)HASH_DER_LEN
508 }
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]509 },
510 [3] = {
511 .type_desc = &tos_fw_config_hash,
512 .data = {
513 .ptr = (void *)tos_fw_config_hash_buf,
514 .len = (unsigned int)HASH_DER_LEN
515 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]516 }
517 }
518 },
519 [BL32_IMAGE_ID] = {
520 .img_id = BL32_IMAGE_ID,
521 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]522 .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]523 .img_auth_methods = {
524 [0] = {
525 .type = AUTH_METHOD_HASH,
526 .param.hash = {
527 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]528 .hash = &tos_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]529 }
530 }
531 }
532 },
Summer Qin80726782017-04-20 16:28:39 +0100[diff] [blame]533 [BL32_EXTRA1_IMAGE_ID] = {
534 .img_id = BL32_EXTRA1_IMAGE_ID,
535 .img_type = IMG_RAW,
536 .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
537 .img_auth_methods = {
538 [0] = {
539 .type = AUTH_METHOD_HASH,
540 .param.hash = {
541 .data = &raw_data,
542 .hash = &tos_fw_extra1_hash,
543 }
544 }
545 }
546 },
547 [BL32_EXTRA2_IMAGE_ID] = {
548 .img_id = BL32_EXTRA2_IMAGE_ID,
549 .img_type = IMG_RAW,
550 .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
551 .img_auth_methods = {
552 [0] = {
553 .type = AUTH_METHOD_HASH,
554 .param.hash = {
555 .data = &raw_data,
556 .hash = &tos_fw_extra2_hash,
557 }
558 }
559 }
560 },
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]561 /* TOS FW Config */
562 [TOS_FW_CONFIG_ID] = {
563 .img_id = TOS_FW_CONFIG_ID,
564 .img_type = IMG_RAW,
565 .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
566 .img_auth_methods = {
567 [0] = {
568 .type = AUTH_METHOD_HASH,
569 .param.hash = {
570 .data = &raw_data,
571 .hash = &tos_fw_config_hash,
572 }
573 }
574 }
575 },
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]576 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]577 * Non-Trusted Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]578 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]579 [NON_TRUSTED_FW_KEY_CERT_ID] = {
580 .img_id = NON_TRUSTED_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]581 .img_type = IMG_CERT,
582 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
583 .img_auth_methods = {
584 [0] = {
585 .type = AUTH_METHOD_SIG,
586 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]587 .pk = &non_trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]588 .sig = &sig,
589 .alg = &sig_alg,
590 .data = &raw_data,
591 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]592 },
593 [1] = {
594 .type = AUTH_METHOD_NV_CTR,
595 .param.nv_ctr = {
596 .cert_nv_ctr = &non_trusted_nv_ctr,
597 .plat_nv_ctr = &non_trusted_nv_ctr
598 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]599 }
600 },
601 .authenticated_data = {
602 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]603 .type_desc = &nt_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]604 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]605 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]606 .len = (unsigned int)PK_DER_LEN
607 }
608 }
609 }
610 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]611 [NON_TRUSTED_FW_CONTENT_CERT_ID] = {
612 .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]613 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]614 .parent = &cot_desc[NON_TRUSTED_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]615 .img_auth_methods = {
616 [0] = {
617 .type = AUTH_METHOD_SIG,
618 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]619 .pk = &nt_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]620 .sig = &sig,
621 .alg = &sig_alg,
622 .data = &raw_data,
623 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]624 },
625 [1] = {
626 .type = AUTH_METHOD_NV_CTR,
627 .param.nv_ctr = {
628 .cert_nv_ctr = &non_trusted_nv_ctr,
629 .plat_nv_ctr = &non_trusted_nv_ctr
630 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]631 }
632 },
633 .authenticated_data = {
634 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]635 .type_desc = &nt_world_bl_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]636 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]637 .ptr = (void *)nt_world_bl_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]638 .len = (unsigned int)HASH_DER_LEN
639 }
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]640 },
641 [1] = {
642 .type_desc = &nt_fw_config_hash,
643 .data = {
644 .ptr = (void *)nt_fw_config_hash_buf,
645 .len = (unsigned int)HASH_DER_LEN
646 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]647 }
648 }
649 },
650 [BL33_IMAGE_ID] = {
651 .img_id = BL33_IMAGE_ID,
652 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]653 .parent = &cot_desc[NON_TRUSTED_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]654 .img_auth_methods = {
655 [0] = {
656 .type = AUTH_METHOD_HASH,
657 .param.hash = {
658 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]659 .hash = &nt_world_bl_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]660 }
661 }
662 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]663 },
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]664 /* NT FW Config */
665 [NT_FW_CONFIG_ID] = {
666 .img_id = NT_FW_CONFIG_ID,
667 .img_type = IMG_RAW,
668 .parent = &cot_desc[NON_TRUSTED_FW_CONTENT_CERT_ID],
669 .img_auth_methods = {
670 [0] = {
671 .type = AUTH_METHOD_HASH,
672 .param.hash = {
673 .data = &raw_data,
674 .hash = &nt_fw_config_hash,
675 }
676 }
677 }
678 },
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]679 /*
680 * FWU auth descriptor.
681 */
682 [FWU_CERT_ID] = {
683 .img_id = FWU_CERT_ID,
684 .img_type = IMG_CERT,
685 .parent = NULL,
686 .img_auth_methods = {
687 [0] = {
688 .type = AUTH_METHOD_SIG,
689 .param.sig = {
690 .pk = &subject_pk,
691 .sig = &sig,
692 .alg = &sig_alg,
693 .data = &raw_data,
694 }
695 }
696 },
697 .authenticated_data = {
698 [0] = {
699 .type_desc = &scp_bl2u_hash,
700 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]701 .ptr = (void *)scp_fw_hash_buf,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]702 .len = (unsigned int)HASH_DER_LEN
703 }
704 },
705 [1] = {
706 .type_desc = &bl2u_hash,
707 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]708 .ptr = (void *)tb_fw_hash_buf,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]709 .len = (unsigned int)HASH_DER_LEN
710 }
711 },
712 [2] = {
713 .type_desc = &ns_bl2u_hash,
714 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]715 .ptr = (void *)nt_world_bl_hash_buf,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]716 .len = (unsigned int)HASH_DER_LEN
717 }
718 }
719 }
720 },
721 /*
722 * SCP_BL2U
723 */
724 [SCP_BL2U_IMAGE_ID] = {
725 .img_id = SCP_BL2U_IMAGE_ID,
726 .img_type = IMG_RAW,
727 .parent = &cot_desc[FWU_CERT_ID],
728 .img_auth_methods = {
729 [0] = {
730 .type = AUTH_METHOD_HASH,
731 .param.hash = {
732 .data = &raw_data,
733 .hash = &scp_bl2u_hash,
734 }
735 }
736 }
737 },
738 /*
739 * BL2U
740 */
741 [BL2U_IMAGE_ID] = {
742 .img_id = BL2U_IMAGE_ID,
743 .img_type = IMG_RAW,
744 .parent = &cot_desc[FWU_CERT_ID],
745 .img_auth_methods = {
746 [0] = {
747 .type = AUTH_METHOD_HASH,
748 .param.hash = {
749 .data = &raw_data,
750 .hash = &bl2u_hash,
751 }
752 }
753 }
754 },
755 /*
756 * NS_BL2U
757 */
758 [NS_BL2U_IMAGE_ID] = {
759 .img_id = NS_BL2U_IMAGE_ID,
760 .img_type = IMG_RAW,
761 .parent = &cot_desc[FWU_CERT_ID],
762 .img_auth_methods = {
763 [0] = {
764 .type = AUTH_METHOD_HASH,
765 .param.hash = {
766 .data = &raw_data,
767 .hash = &ns_bl2u_hash,
768 }
769 }
770 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]771 }
772};
773
774/* Register the CoT in the authentication module */
775REGISTER_COT(cot_desc);