blob: 12ab0a9e0de765bbe65a53039ec99e9ed5e3cf11 [file] [log] [blame]
dp-armb3e85802016-12-12 14:48:13 +00001/*
Masahiro Yamadaa27c1662017-05-22 12:11:24 +09002 * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved.
dp-armb3e85802016-12-12 14:48:13 +00003 *
dp-armfa3cf0b2017-05-03 09:38:09 +01004 * SPDX-License-Identifier: BSD-3-Clause
dp-armb3e85802016-12-12 14:48:13 +00005 */
6
7#include <assert.h>
Antonio Nino Diaze0f90632018-12-14 00:18:21 +00008#include <string.h>
9
10#include <drivers/auth/auth_mod.h>
11#include <plat/common/platform.h>
Masahiro Yamadaa27c1662017-05-22 12:11:24 +090012#if USE_TBBR_DEFS
Antonio Nino Diaze0f90632018-12-14 00:18:21 +000013#include <tools_share/tbbr_oid.h>
Masahiro Yamadaa27c1662017-05-22 12:11:24 +090014#else
dp-armb3e85802016-12-12 14:48:13 +000015#include <platform_oid.h>
Masahiro Yamadaa27c1662017-05-22 12:11:24 +090016#endif
dp-armb3e85802016-12-12 14:48:13 +000017
18/*
19 * Store a new non-volatile counter value. This implementation
20 * only allows updating of the platform's Trusted NV counter when a
21 * certificate protected by the Trusted NV counter is signed with
22 * the ROT key. This avoids a compromised secondary certificate from
23 * updating the platform's Trusted NV counter, which could lead to the
24 * platform becoming unusable. The function is suitable for all TBBR
25 * compliant platforms.
26 *
27 * Return: 0 = success, Otherwise = error
28 */
29int plat_set_nv_ctr2(void *cookie, const auth_img_desc_t *img_desc,
30 unsigned int nv_ctr)
31{
32 int trusted_nv_ctr;
33
34 assert(cookie != NULL);
35 assert(img_desc != NULL);
36
37 trusted_nv_ctr = strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0;
38
39 /*
40 * Only update the Trusted NV Counter if the certificate
41 * has been signed with the ROT key. Non Trusted NV counter
42 * updates are unconditional.
43 */
dp-arm3d1b8a62017-01-31 10:54:39 +000044 if (!trusted_nv_ctr || img_desc->parent == NULL)
dp-armb3e85802016-12-12 14:48:13 +000045 return plat_set_nv_ctr(cookie, nv_ctr);
46
47 /*
48 * Trusted certificates not signed with the ROT key are not
49 * allowed to update the Trusted NV Counter.
50 */
51 return 1;
52}