Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 3fdf5f3004bb710778430bfdfbcd233b6548be98 / . / drivers / auth / tbbr / tbbr_cot.c
blob: e88c7c26dc47a614c14b2ecab6f99bd1beb6896a [file] [log] [blame]
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]1/*
Masahiro Yamadaa27c1662017-05-22 12:11:24 +0900[diff] [blame]2 * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]3 *
dp-armfa3cf0b2017-05-03 09:38:09 +0100[diff] [blame]4 * SPDX-License-Identifier: BSD-3-Clause
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]5 */
6
7#include <auth_mod.h>
8#include <platform_def.h>
Masahiro Yamadaa27c1662017-05-22 12:11:24 +0900[diff] [blame]9#if USE_TBBR_DEFS
10#include <tbbr_oid.h>
11#else
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]12#include <platform_oid.h>
Masahiro Yamadaa27c1662017-05-22 12:11:24 +0900[diff] [blame]13#endif
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]14#include <stddef.h>
15
16/*
17 * Maximum key and hash sizes (in DER format)
18 */
19#define PK_DER_LEN 294
20#define HASH_DER_LEN 51
21
22/*
23 * The platform must allocate buffers to store the authentication parameters
24 * extracted from the certificates. In this case, because of the way the CoT is
25 * established, we can reuse some of the buffers on different stages
26 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]27static unsigned char tb_fw_hash_buf[HASH_DER_LEN];
28static unsigned char scp_fw_hash_buf[HASH_DER_LEN];
29static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
30static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
31static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN];
32static unsigned char trusted_world_pk_buf[PK_DER_LEN];
33static unsigned char non_trusted_world_pk_buf[PK_DER_LEN];
34static unsigned char content_pk_buf[PK_DER_LEN];
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]35
36/*
37 * Parameter type descriptors
38 */
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]39static auth_param_type_desc_t trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
40 AUTH_PARAM_NV_CTR, TRUSTED_FW_NVCOUNTER_OID);
41static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
42 AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID);
43
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]44static auth_param_type_desc_t subject_pk = AUTH_PARAM_TYPE_DESC(
45 AUTH_PARAM_PUB_KEY, 0);
46static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC(
47 AUTH_PARAM_SIG, 0);
48static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC(
49 AUTH_PARAM_SIG_ALG, 0);
50static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC(
51 AUTH_PARAM_RAW_DATA, 0);
52
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]53static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC(
54 AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID);
55static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC(
56 AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]57
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]58static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC(
59 AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID);
60static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC(
61 AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID);
62static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC(
63 AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID);
64static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC(
65 AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]66
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]67static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC(
68 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID);
69static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC(
70 AUTH_PARAM_HASH, SCP_FW_HASH_OID);
71static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
72 AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
73static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
74 AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
75static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
76 AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]77static auth_param_type_desc_t scp_bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]78 AUTH_PARAM_HASH, SCP_FWU_CFG_HASH_OID);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]79static auth_param_type_desc_t bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]80 AUTH_PARAM_HASH, AP_FWU_CFG_HASH_OID);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]81static auth_param_type_desc_t ns_bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]82 AUTH_PARAM_HASH, FWU_HASH_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]83
84/*
85 * TBBR Chain of trust definition
86 */
87static const auth_img_desc_t cot_desc[] = {
88 /*
89 * BL2
90 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]91 [TRUSTED_BOOT_FW_CERT_ID] = {
92 .img_id = TRUSTED_BOOT_FW_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]93 .img_type = IMG_CERT,
94 .parent = NULL,
95 .img_auth_methods = {
96 [0] = {
97 .type = AUTH_METHOD_SIG,
98 .param.sig = {
99 .pk = &subject_pk,
100 .sig = &sig,
101 .alg = &sig_alg,
102 .data = &raw_data,
103 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]104 },
105 [1] = {
106 .type = AUTH_METHOD_NV_CTR,
107 .param.nv_ctr = {
108 .cert_nv_ctr = &trusted_nv_ctr,
109 .plat_nv_ctr = &trusted_nv_ctr
110 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]111 }
112 },
113 .authenticated_data = {
114 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]115 .type_desc = &tb_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]116 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]117 .ptr = (void *)tb_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]118 .len = (unsigned int)HASH_DER_LEN
119 }
120 }
121 }
122 },
123 [BL2_IMAGE_ID] = {
124 .img_id = BL2_IMAGE_ID,
125 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]126 .parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]127 .img_auth_methods = {
128 [0] = {
129 .type = AUTH_METHOD_HASH,
130 .param.hash = {
131 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]132 .hash = &tb_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]133 }
134 }
135 }
136 },
137 /*
138 * Trusted key certificate
139 */
140 [TRUSTED_KEY_CERT_ID] = {
141 .img_id = TRUSTED_KEY_CERT_ID,
142 .img_type = IMG_CERT,
143 .parent = NULL,
144 .img_auth_methods = {
145 [0] = {
146 .type = AUTH_METHOD_SIG,
147 .param.sig = {
148 .pk = &subject_pk,
149 .sig = &sig,
150 .alg = &sig_alg,
151 .data = &raw_data,
152 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]153 },
154 [1] = {
155 .type = AUTH_METHOD_NV_CTR,
156 .param.nv_ctr = {
157 .cert_nv_ctr = &trusted_nv_ctr,
158 .plat_nv_ctr = &trusted_nv_ctr
159 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]160 }
161 },
162 .authenticated_data = {
163 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]164 .type_desc = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]165 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]166 .ptr = (void *)trusted_world_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]167 .len = (unsigned int)PK_DER_LEN
168 }
169 },
170 [1] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]171 .type_desc = &non_trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]172 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]173 .ptr = (void *)non_trusted_world_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]174 .len = (unsigned int)PK_DER_LEN
175 }
176 }
177 }
178 },
179 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]180 * SCP Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]181 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]182 [SCP_FW_KEY_CERT_ID] = {
183 .img_id = SCP_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]184 .img_type = IMG_CERT,
185 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
186 .img_auth_methods = {
187 [0] = {
188 .type = AUTH_METHOD_SIG,
189 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]190 .pk = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]191 .sig = &sig,
192 .alg = &sig_alg,
193 .data = &raw_data,
194 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]195 },
196 [1] = {
197 .type = AUTH_METHOD_NV_CTR,
198 .param.nv_ctr = {
199 .cert_nv_ctr = &trusted_nv_ctr,
200 .plat_nv_ctr = &trusted_nv_ctr
201 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]202 }
203 },
204 .authenticated_data = {
205 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]206 .type_desc = &scp_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]207 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]208 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]209 .len = (unsigned int)PK_DER_LEN
210 }
211 }
212 }
213 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]214 [SCP_FW_CONTENT_CERT_ID] = {
215 .img_id = SCP_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]216 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]217 .parent = &cot_desc[SCP_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]218 .img_auth_methods = {
219 [0] = {
220 .type = AUTH_METHOD_SIG,
221 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]222 .pk = &scp_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]223 .sig = &sig,
224 .alg = &sig_alg,
225 .data = &raw_data,
226 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]227 },
228 [1] = {
229 .type = AUTH_METHOD_NV_CTR,
230 .param.nv_ctr = {
231 .cert_nv_ctr = &trusted_nv_ctr,
232 .plat_nv_ctr = &trusted_nv_ctr
233 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]234 }
235 },
236 .authenticated_data = {
237 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]238 .type_desc = &scp_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]239 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]240 .ptr = (void *)scp_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]241 .len = (unsigned int)HASH_DER_LEN
242 }
243 }
244 }
245 },
Juan Castilloa72b6472015-12-10 15:49:17 +0000[diff] [blame]246 [SCP_BL2_IMAGE_ID] = {
247 .img_id = SCP_BL2_IMAGE_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]248 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]249 .parent = &cot_desc[SCP_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]250 .img_auth_methods = {
251 [0] = {
252 .type = AUTH_METHOD_HASH,
253 .param.hash = {
254 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]255 .hash = &scp_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]256 }
257 }
258 }
259 },
260 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]261 * SoC Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]262 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]263 [SOC_FW_KEY_CERT_ID] = {
264 .img_id = SOC_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]265 .img_type = IMG_CERT,
266 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
267 .img_auth_methods = {
268 [0] = {
269 .type = AUTH_METHOD_SIG,
270 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]271 .pk = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]272 .sig = &sig,
273 .alg = &sig_alg,
274 .data = &raw_data,
275 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]276 },
277 [1] = {
278 .type = AUTH_METHOD_NV_CTR,
279 .param.nv_ctr = {
280 .cert_nv_ctr = &trusted_nv_ctr,
281 .plat_nv_ctr = &trusted_nv_ctr
282 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]283 }
284 },
285 .authenticated_data = {
286 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]287 .type_desc = &soc_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]288 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]289 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]290 .len = (unsigned int)PK_DER_LEN
291 }
292 }
293 }
294 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]295 [SOC_FW_CONTENT_CERT_ID] = {
296 .img_id = SOC_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]297 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]298 .parent = &cot_desc[SOC_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]299 .img_auth_methods = {
300 [0] = {
301 .type = AUTH_METHOD_SIG,
302 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]303 .pk = &soc_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]304 .sig = &sig,
305 .alg = &sig_alg,
306 .data = &raw_data,
307 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]308 },
309 [1] = {
310 .type = AUTH_METHOD_NV_CTR,
311 .param.nv_ctr = {
312 .cert_nv_ctr = &trusted_nv_ctr,
313 .plat_nv_ctr = &trusted_nv_ctr
314 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]315 }
316 },
317 .authenticated_data = {
318 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]319 .type_desc = &soc_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]320 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]321 .ptr = (void *)soc_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]322 .len = (unsigned int)HASH_DER_LEN
323 }
324 }
325 }
326 },
327 [BL31_IMAGE_ID] = {
328 .img_id = BL31_IMAGE_ID,
329 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]330 .parent = &cot_desc[SOC_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]331 .img_auth_methods = {
332 [0] = {
333 .type = AUTH_METHOD_HASH,
334 .param.hash = {
335 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]336 .hash = &soc_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]337 }
338 }
339 }
340 },
341 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]342 * Trusted OS Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]343 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]344 [TRUSTED_OS_FW_KEY_CERT_ID] = {
345 .img_id = TRUSTED_OS_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]346 .img_type = IMG_CERT,
347 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
348 .img_auth_methods = {
349 [0] = {
350 .type = AUTH_METHOD_SIG,
351 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]352 .pk = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]353 .sig = &sig,
354 .alg = &sig_alg,
355 .data = &raw_data,
356 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]357 },
358 [1] = {
359 .type = AUTH_METHOD_NV_CTR,
360 .param.nv_ctr = {
361 .cert_nv_ctr = &trusted_nv_ctr,
362 .plat_nv_ctr = &trusted_nv_ctr
363 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]364 }
365 },
366 .authenticated_data = {
367 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]368 .type_desc = &tos_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]369 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]370 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]371 .len = (unsigned int)PK_DER_LEN
372 }
373 }
374 }
375 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]376 [TRUSTED_OS_FW_CONTENT_CERT_ID] = {
377 .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]378 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]379 .parent = &cot_desc[TRUSTED_OS_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]380 .img_auth_methods = {
381 [0] = {
382 .type = AUTH_METHOD_SIG,
383 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]384 .pk = &tos_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]385 .sig = &sig,
386 .alg = &sig_alg,
387 .data = &raw_data,
388 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]389 },
390 [1] = {
391 .type = AUTH_METHOD_NV_CTR,
392 .param.nv_ctr = {
393 .cert_nv_ctr = &trusted_nv_ctr,
394 .plat_nv_ctr = &trusted_nv_ctr
395 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]396 }
397 },
398 .authenticated_data = {
399 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]400 .type_desc = &tos_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]401 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]402 .ptr = (void *)tos_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]403 .len = (unsigned int)HASH_DER_LEN
404 }
405 }
406 }
407 },
408 [BL32_IMAGE_ID] = {
409 .img_id = BL32_IMAGE_ID,
410 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]411 .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]412 .img_auth_methods = {
413 [0] = {
414 .type = AUTH_METHOD_HASH,
415 .param.hash = {
416 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]417 .hash = &tos_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]418 }
419 }
420 }
421 },
422 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]423 * Non-Trusted Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]424 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]425 [NON_TRUSTED_FW_KEY_CERT_ID] = {
426 .img_id = NON_TRUSTED_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]427 .img_type = IMG_CERT,
428 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
429 .img_auth_methods = {
430 [0] = {
431 .type = AUTH_METHOD_SIG,
432 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]433 .pk = &non_trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]434 .sig = &sig,
435 .alg = &sig_alg,
436 .data = &raw_data,
437 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]438 },
439 [1] = {
440 .type = AUTH_METHOD_NV_CTR,
441 .param.nv_ctr = {
442 .cert_nv_ctr = &non_trusted_nv_ctr,
443 .plat_nv_ctr = &non_trusted_nv_ctr
444 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]445 }
446 },
447 .authenticated_data = {
448 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]449 .type_desc = &nt_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]450 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]451 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]452 .len = (unsigned int)PK_DER_LEN
453 }
454 }
455 }
456 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]457 [NON_TRUSTED_FW_CONTENT_CERT_ID] = {
458 .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]459 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]460 .parent = &cot_desc[NON_TRUSTED_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]461 .img_auth_methods = {
462 [0] = {
463 .type = AUTH_METHOD_SIG,
464 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]465 .pk = &nt_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]466 .sig = &sig,
467 .alg = &sig_alg,
468 .data = &raw_data,
469 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]470 },
471 [1] = {
472 .type = AUTH_METHOD_NV_CTR,
473 .param.nv_ctr = {
474 .cert_nv_ctr = &non_trusted_nv_ctr,
475 .plat_nv_ctr = &non_trusted_nv_ctr
476 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]477 }
478 },
479 .authenticated_data = {
480 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]481 .type_desc = &nt_world_bl_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]482 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]483 .ptr = (void *)nt_world_bl_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]484 .len = (unsigned int)HASH_DER_LEN
485 }
486 }
487 }
488 },
489 [BL33_IMAGE_ID] = {
490 .img_id = BL33_IMAGE_ID,
491 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]492 .parent = &cot_desc[NON_TRUSTED_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]493 .img_auth_methods = {
494 [0] = {
495 .type = AUTH_METHOD_HASH,
496 .param.hash = {
497 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]498 .hash = &nt_world_bl_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]499 }
500 }
501 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]502 },
503 /*
504 * FWU auth descriptor.
505 */
506 [FWU_CERT_ID] = {
507 .img_id = FWU_CERT_ID,
508 .img_type = IMG_CERT,
509 .parent = NULL,
510 .img_auth_methods = {
511 [0] = {
512 .type = AUTH_METHOD_SIG,
513 .param.sig = {
514 .pk = &subject_pk,
515 .sig = &sig,
516 .alg = &sig_alg,
517 .data = &raw_data,
518 }
519 }
520 },
521 .authenticated_data = {
522 [0] = {
523 .type_desc = &scp_bl2u_hash,
524 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]525 .ptr = (void *)scp_fw_hash_buf,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]526 .len = (unsigned int)HASH_DER_LEN
527 }
528 },
529 [1] = {
530 .type_desc = &bl2u_hash,
531 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]532 .ptr = (void *)tb_fw_hash_buf,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]533 .len = (unsigned int)HASH_DER_LEN
534 }
535 },
536 [2] = {
537 .type_desc = &ns_bl2u_hash,
538 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]539 .ptr = (void *)nt_world_bl_hash_buf,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]540 .len = (unsigned int)HASH_DER_LEN
541 }
542 }
543 }
544 },
545 /*
546 * SCP_BL2U
547 */
548 [SCP_BL2U_IMAGE_ID] = {
549 .img_id = SCP_BL2U_IMAGE_ID,
550 .img_type = IMG_RAW,
551 .parent = &cot_desc[FWU_CERT_ID],
552 .img_auth_methods = {
553 [0] = {
554 .type = AUTH_METHOD_HASH,
555 .param.hash = {
556 .data = &raw_data,
557 .hash = &scp_bl2u_hash,
558 }
559 }
560 }
561 },
562 /*
563 * BL2U
564 */
565 [BL2U_IMAGE_ID] = {
566 .img_id = BL2U_IMAGE_ID,
567 .img_type = IMG_RAW,
568 .parent = &cot_desc[FWU_CERT_ID],
569 .img_auth_methods = {
570 [0] = {
571 .type = AUTH_METHOD_HASH,
572 .param.hash = {
573 .data = &raw_data,
574 .hash = &bl2u_hash,
575 }
576 }
577 }
578 },
579 /*
580 * NS_BL2U
581 */
582 [NS_BL2U_IMAGE_ID] = {
583 .img_id = NS_BL2U_IMAGE_ID,
584 .img_type = IMG_RAW,
585 .parent = &cot_desc[FWU_CERT_ID],
586 .img_auth_methods = {
587 [0] = {
588 .type = AUTH_METHOD_HASH,
589 .param.hash = {
590 .data = &raw_data,
591 .hash = &ns_bl2u_hash,
592 }
593 }
594 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]595 }
596};
597
598/* Register the CoT in the authentication module */
599REGISTER_COT(cot_desc);