blob: 459a1dda8312ed7d6b94963a4ba5012a0ce2d90f [file] [log] [blame]
laurenw-arm66959332024-05-14 12:41:59 -05001/*
2 * Copyright (c) 2024, Arm Limited. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7#include <tools_share/dualroot_oid.h>
8#include <common/tbbr/tbbr_img_def.h>
9#include <common/nv_cntr_ids.h>
10
11cot {
12 manifests {
13 compatible = "arm, cert-descs";
14
15 trusted_boot_fw_cert: trusted_boot_fw_cert {
16 root-certificate;
17 image-id =<TRUSTED_BOOT_FW_CERT_ID>;
18 antirollback-counter = <&trusted_nv_counter>;
19
20 tb_fw_hash: tb_fw_hash {
21 oid = TRUSTED_BOOT_FW_HASH_OID;
22 };
23 tb_fw_config_hash: tb_fw_config_hash {
24 oid = TRUSTED_BOOT_FW_CONFIG_HASH_OID;
25 };
26 hw_config_hash: hw_config_hash {
27 oid = HW_CONFIG_HASH_OID;
28 };
29 fw_config_hash: fw_config_hash {
30 oid = FW_CONFIG_HASH_OID;
31 };
32 };
33
34 trusted_key_cert: trusted_key_cert {
35 root-certificate;
36 image-id = <TRUSTED_KEY_CERT_ID>;
37 antirollback-counter = <&trusted_nv_counter>;
38
39 trusted_world_pk: trusted_world_pk {
40 oid = TRUSTED_WORLD_PK_OID;
41 };
42 };
43
44 scp_fw_key_cert: scp_fw_key_cert {
45 image-id = <SCP_FW_KEY_CERT_ID>;
46 parent = <&trusted_key_cert>;
47 signing-key = <&trusted_world_pk>;
48 antirollback-counter = <&trusted_nv_counter>;
49
50 scp_fw_content_pk: scp_fw_content_pk {
51 oid = SCP_FW_CONTENT_CERT_PK_OID;
52 };
53 };
54
55 scp_fw_content_cert: scp_fw_content_cert {
56 image-id = <SCP_FW_CONTENT_CERT_ID>;
57 parent = <&scp_fw_key_cert>;
58 signing-key = <&scp_fw_content_pk>;
59 antirollback-counter = <&trusted_nv_counter>;
60
61 scp_fw_hash: scp_fw_hash {
62 oid = SCP_FW_HASH_OID;
63 };
64 };
65
66 soc_fw_key_cert: soc_fw_key_cert {
67 image-id = <SOC_FW_KEY_CERT_ID>;
68 parent = <&trusted_key_cert>;
69 signing-key = <&trusted_world_pk>;
70 antirollback-counter = <&trusted_nv_counter>;
71 soc_fw_content_pk: soc_fw_content_pk {
72 oid = SOC_FW_CONTENT_CERT_PK_OID;
73 };
74 };
75
76 soc_fw_content_cert: soc_fw_content_cert {
77 image-id = <SOC_FW_CONTENT_CERT_ID>;
78 parent = <&soc_fw_key_cert>;
79 signing-key = <&soc_fw_content_pk>;
80 antirollback-counter = <&trusted_nv_counter>;
81
82 soc_fw_hash: soc_fw_hash {
83 oid = SOC_AP_FW_HASH_OID;
84 };
85 soc_fw_config_hash: soc_fw_config_hash {
86 oid = SOC_FW_CONFIG_HASH_OID;
87 };
88 };
89
90 trusted_os_fw_key_cert: trusted_os_fw_key_cert {
91 image-id = <TRUSTED_OS_FW_KEY_CERT_ID>;
92 parent = <&trusted_key_cert>;
93 signing-key = <&trusted_world_pk>;
94 antirollback-counter = <&trusted_nv_counter>;
95
96 tos_fw_content_pk: tos_fw_content_pk {
97 oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID;
98 };
99 };
100
101 trusted_os_fw_content_cert: trusted_os_fw_content_cert {
102 image-id = <TRUSTED_OS_FW_CONTENT_CERT_ID>;
103 parent = <&trusted_os_fw_key_cert>;
104 signing-key = <&tos_fw_content_pk>;
105 antirollback-counter = <&trusted_nv_counter>;
106
107 tos_fw_hash: tos_fw_hash {
108 oid = TRUSTED_OS_FW_HASH_OID;
109 };
110 tos_fw_extra1_hash: tos_fw_extra1_hash {
111 oid = TRUSTED_OS_FW_EXTRA1_HASH_OID;
112 };
113 tos_fw_extra2_hash: tos_fw_extra2_hash {
114 oid = TRUSTED_OS_FW_EXTRA2_HASH_OID;
115 };
116 tos_fw_config_hash: tos_fw_config_hash {
117 oid = TRUSTED_OS_FW_CONFIG_HASH_OID;
118 };
119 };
120
121 non_trusted_fw_content_cert: non_trusted_fw_content_cert {
122 root-certificate;
123 image-id = <NON_TRUSTED_FW_CONTENT_CERT_ID>;
124 signing-key = <&prot_pk>;
125 antirollback-counter = <&non_trusted_nv_counter>;
126
127 nt_world_bl_hash: nt_world_bl_hash {
128 oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID;
129 };
130 nt_fw_config_hash: nt_fw_config_hash {
131 oid = NON_TRUSTED_FW_CONFIG_HASH_OID;
132 };
133 };
134
135#if defined(SPD_spmd)
136 sip_sp_content_cert: sip_sp_content_cert {
137 image-id = <SIP_SP_CONTENT_CERT_ID>;
138 parent = <&trusted_key_cert>;
139 signing-key = <&trusted_world_pk>;
140 antirollback-counter = <&trusted_nv_counter>;
141
142 sp_pkg1_hash: sp_pkg1_hash {
143 oid = SP_PKG1_HASH_OID;
144 };
145 sp_pkg2_hash: sp_pkg2_hash {
146 oid = SP_PKG2_HASH_OID;
147 };
148 sp_pkg3_hash: sp_pkg3_hash {
149 oid = SP_PKG3_HASH_OID;
150 };
151 sp_pkg4_hash: sp_pkg4_hash {
152 oid = SP_PKG4_HASH_OID;
153 };
154 };
155
156 plat_sp_content_cert: plat_sp_content_cert {
157 root-certificate;
158 image-id = <PLAT_SP_CONTENT_CERT_ID>;
159 signing-key = <&prot_pk>;
160 antirollback-counter = <&non_trusted_nv_counter>;
161
162 sp_pkg5_hash: sp_pkg5_hash {
163 oid = SP_PKG5_HASH_OID;
164 };
165 sp_pkg6_hash: sp_pkg6_hash {
166 oid = SP_PKG6_HASH_OID;
167 };
168 sp_pkg7_hash: sp_pkg7_hash {
169 oid = SP_PKG7_HASH_OID;
170 };
171 sp_pkg8_hash: sp_pkg8_hash {
172 oid = SP_PKG8_HASH_OID;
173 };
174 };
175#endif
176 };
177
178 images {
179 compatible = "arm, img-descs";
180
181 hw_config {
182 image-id = <HW_CONFIG_ID>;
183 parent = <&trusted_boot_fw_cert>;
184 hash = <&hw_config_hash>;
185 };
186
187 scp_bl2_image {
188 image-id = <SCP_BL2_IMAGE_ID>;
189 parent = <&scp_fw_content_cert>;
190 hash = <&scp_fw_hash>;
191 };
192
193 bl31_image {
194 image-id = <BL31_IMAGE_ID>;
195 parent = <&soc_fw_content_cert>;
196 hash = <&soc_fw_hash>;
197 };
198
199 soc_fw_config {
200 image-id = <SOC_FW_CONFIG_ID>;
201 parent = <&soc_fw_content_cert>;
202 hash = <&soc_fw_config_hash>;
203 };
204
205 bl32_image {
206 image-id = <BL32_IMAGE_ID>;
207 parent = <&trusted_os_fw_content_cert>;
208 hash = <&tos_fw_hash>;
209 };
210
211 bl32_extra1_image {
212 image-id = <BL32_EXTRA1_IMAGE_ID>;
213 parent = <&trusted_os_fw_content_cert>;
214 hash = <&tos_fw_extra1_hash>;
215 };
216
217 bl32_extra2_image {
218 image-id = <BL32_EXTRA2_IMAGE_ID>;
219 parent = <&trusted_os_fw_content_cert>;
220 hash = <&tos_fw_extra2_hash>;
221 };
222
223 tos_fw_config {
224 image-id = <TOS_FW_CONFIG_ID>;
225 parent = <&trusted_os_fw_content_cert>;
226 hash = <&tos_fw_config_hash>;
227 };
228
229 bl33_image {
230 image-id = <BL33_IMAGE_ID>;
231 parent = <&non_trusted_fw_content_cert>;
232 hash = <&nt_world_bl_hash>;
233 };
234
235 nt_fw_config {
236 image-id = <NT_FW_CONFIG_ID>;
237 parent = <&non_trusted_fw_content_cert>;
238 hash = <&nt_fw_config_hash>;
239 };
240
241#if defined(SPD_spmd)
242 sp_pkg1 {
243 image-id = <SP_PKG1_ID>;
244 parent = <&sip_sp_content_cert>;
245 hash = <&sp_pkg1_hash>;
246 };
247
248 sp_pkg2 {
249 image-id = <SP_PKG2_ID>;
250 parent = <&sip_sp_content_cert>;
251 hash = <&sp_pkg2_hash>;
252 };
253
254 sp_pkg3 {
255 image-id = <SP_PKG3_ID>;
256 parent = <&sip_sp_content_cert>;
257 hash = <&sp_pkg3_hash>;
258 };
259
260 sp_pkg4 {
261 image-id = <SP_PKG4_ID>;
262 parent = <&sip_sp_content_cert>;
263 hash = <&sp_pkg4_hash>;
264 };
265
266 sp_pkg5 {
267 image-id = <SP_PKG5_ID>;
268 parent = <&plat_sp_content_cert>;
269 hash = <&sp_pkg5_hash>;
270 };
271
272 sp_pkg6 {
273 image-id = <SP_PKG6_ID>;
274 parent = <&plat_sp_content_cert>;
275 hash = <&sp_pkg6_hash>;
276 };
277
278 sp_pkg7 {
279 image-id = <SP_PKG7_ID>;
280 parent = <&plat_sp_content_cert>;
281 hash = <&sp_pkg7_hash>;
282 };
283
284 sp_pkg8 {
285 image-id = <SP_PKG8_ID>;
286 parent = <&plat_sp_content_cert>;
287 hash = <&sp_pkg8_hash>;
288 };
289#endif
290 };
291};
292
293non_volatile_counters: non_volatile_counters {
294 compatible = "arm, non-volatile-counter";
295
296 #address-cells = <1>;
297 #size-cells = <0>;
298
299 trusted_nv_counter: trusted_nv_counter {
300 id = <TRUSTED_NV_CTR_ID>;
301 oid = TRUSTED_FW_NVCOUNTER_OID;
302 };
303
304 non_trusted_nv_counter: non_trusted_nv_counter {
305 id = <NON_TRUSTED_NV_CTR_ID>;
306 oid = NON_TRUSTED_FW_NVCOUNTER_OID;
307 };
308};
309
310rot_keys {
311 prot_pk: prot_pk {
312 oid = PROT_PK_OID;
313 };
314};