laurenw-arm | 6695933 | 2024-05-14 12:41:59 -0500 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright (c) 2024, Arm Limited. All rights reserved. |
| 3 | * |
| 4 | * SPDX-License-Identifier: BSD-3-Clause |
| 5 | */ |
| 6 | |
| 7 | #include <tools_share/dualroot_oid.h> |
| 8 | #include <common/tbbr/tbbr_img_def.h> |
| 9 | #include <common/nv_cntr_ids.h> |
| 10 | |
| 11 | cot { |
| 12 | manifests { |
| 13 | compatible = "arm, cert-descs"; |
| 14 | |
| 15 | trusted_boot_fw_cert: trusted_boot_fw_cert { |
| 16 | root-certificate; |
| 17 | image-id =<TRUSTED_BOOT_FW_CERT_ID>; |
| 18 | antirollback-counter = <&trusted_nv_counter>; |
| 19 | |
| 20 | tb_fw_hash: tb_fw_hash { |
| 21 | oid = TRUSTED_BOOT_FW_HASH_OID; |
| 22 | }; |
| 23 | tb_fw_config_hash: tb_fw_config_hash { |
| 24 | oid = TRUSTED_BOOT_FW_CONFIG_HASH_OID; |
| 25 | }; |
| 26 | hw_config_hash: hw_config_hash { |
| 27 | oid = HW_CONFIG_HASH_OID; |
| 28 | }; |
| 29 | fw_config_hash: fw_config_hash { |
| 30 | oid = FW_CONFIG_HASH_OID; |
| 31 | }; |
| 32 | }; |
| 33 | |
| 34 | trusted_key_cert: trusted_key_cert { |
| 35 | root-certificate; |
| 36 | image-id = <TRUSTED_KEY_CERT_ID>; |
| 37 | antirollback-counter = <&trusted_nv_counter>; |
| 38 | |
| 39 | trusted_world_pk: trusted_world_pk { |
| 40 | oid = TRUSTED_WORLD_PK_OID; |
| 41 | }; |
| 42 | }; |
| 43 | |
| 44 | scp_fw_key_cert: scp_fw_key_cert { |
| 45 | image-id = <SCP_FW_KEY_CERT_ID>; |
| 46 | parent = <&trusted_key_cert>; |
| 47 | signing-key = <&trusted_world_pk>; |
| 48 | antirollback-counter = <&trusted_nv_counter>; |
| 49 | |
| 50 | scp_fw_content_pk: scp_fw_content_pk { |
| 51 | oid = SCP_FW_CONTENT_CERT_PK_OID; |
| 52 | }; |
| 53 | }; |
| 54 | |
| 55 | scp_fw_content_cert: scp_fw_content_cert { |
| 56 | image-id = <SCP_FW_CONTENT_CERT_ID>; |
| 57 | parent = <&scp_fw_key_cert>; |
| 58 | signing-key = <&scp_fw_content_pk>; |
| 59 | antirollback-counter = <&trusted_nv_counter>; |
| 60 | |
| 61 | scp_fw_hash: scp_fw_hash { |
| 62 | oid = SCP_FW_HASH_OID; |
| 63 | }; |
| 64 | }; |
| 65 | |
| 66 | soc_fw_key_cert: soc_fw_key_cert { |
| 67 | image-id = <SOC_FW_KEY_CERT_ID>; |
| 68 | parent = <&trusted_key_cert>; |
| 69 | signing-key = <&trusted_world_pk>; |
| 70 | antirollback-counter = <&trusted_nv_counter>; |
| 71 | soc_fw_content_pk: soc_fw_content_pk { |
| 72 | oid = SOC_FW_CONTENT_CERT_PK_OID; |
| 73 | }; |
| 74 | }; |
| 75 | |
| 76 | soc_fw_content_cert: soc_fw_content_cert { |
| 77 | image-id = <SOC_FW_CONTENT_CERT_ID>; |
| 78 | parent = <&soc_fw_key_cert>; |
| 79 | signing-key = <&soc_fw_content_pk>; |
| 80 | antirollback-counter = <&trusted_nv_counter>; |
| 81 | |
| 82 | soc_fw_hash: soc_fw_hash { |
| 83 | oid = SOC_AP_FW_HASH_OID; |
| 84 | }; |
| 85 | soc_fw_config_hash: soc_fw_config_hash { |
| 86 | oid = SOC_FW_CONFIG_HASH_OID; |
| 87 | }; |
| 88 | }; |
| 89 | |
| 90 | trusted_os_fw_key_cert: trusted_os_fw_key_cert { |
| 91 | image-id = <TRUSTED_OS_FW_KEY_CERT_ID>; |
| 92 | parent = <&trusted_key_cert>; |
| 93 | signing-key = <&trusted_world_pk>; |
| 94 | antirollback-counter = <&trusted_nv_counter>; |
| 95 | |
| 96 | tos_fw_content_pk: tos_fw_content_pk { |
| 97 | oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID; |
| 98 | }; |
| 99 | }; |
| 100 | |
| 101 | trusted_os_fw_content_cert: trusted_os_fw_content_cert { |
| 102 | image-id = <TRUSTED_OS_FW_CONTENT_CERT_ID>; |
| 103 | parent = <&trusted_os_fw_key_cert>; |
| 104 | signing-key = <&tos_fw_content_pk>; |
| 105 | antirollback-counter = <&trusted_nv_counter>; |
| 106 | |
| 107 | tos_fw_hash: tos_fw_hash { |
| 108 | oid = TRUSTED_OS_FW_HASH_OID; |
| 109 | }; |
| 110 | tos_fw_extra1_hash: tos_fw_extra1_hash { |
| 111 | oid = TRUSTED_OS_FW_EXTRA1_HASH_OID; |
| 112 | }; |
| 113 | tos_fw_extra2_hash: tos_fw_extra2_hash { |
| 114 | oid = TRUSTED_OS_FW_EXTRA2_HASH_OID; |
| 115 | }; |
| 116 | tos_fw_config_hash: tos_fw_config_hash { |
| 117 | oid = TRUSTED_OS_FW_CONFIG_HASH_OID; |
| 118 | }; |
| 119 | }; |
| 120 | |
| 121 | non_trusted_fw_content_cert: non_trusted_fw_content_cert { |
| 122 | root-certificate; |
| 123 | image-id = <NON_TRUSTED_FW_CONTENT_CERT_ID>; |
| 124 | signing-key = <&prot_pk>; |
| 125 | antirollback-counter = <&non_trusted_nv_counter>; |
| 126 | |
| 127 | nt_world_bl_hash: nt_world_bl_hash { |
| 128 | oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID; |
| 129 | }; |
| 130 | nt_fw_config_hash: nt_fw_config_hash { |
| 131 | oid = NON_TRUSTED_FW_CONFIG_HASH_OID; |
| 132 | }; |
| 133 | }; |
| 134 | |
| 135 | #if defined(SPD_spmd) |
| 136 | sip_sp_content_cert: sip_sp_content_cert { |
| 137 | image-id = <SIP_SP_CONTENT_CERT_ID>; |
| 138 | parent = <&trusted_key_cert>; |
| 139 | signing-key = <&trusted_world_pk>; |
| 140 | antirollback-counter = <&trusted_nv_counter>; |
| 141 | |
| 142 | sp_pkg1_hash: sp_pkg1_hash { |
| 143 | oid = SP_PKG1_HASH_OID; |
| 144 | }; |
| 145 | sp_pkg2_hash: sp_pkg2_hash { |
| 146 | oid = SP_PKG2_HASH_OID; |
| 147 | }; |
| 148 | sp_pkg3_hash: sp_pkg3_hash { |
| 149 | oid = SP_PKG3_HASH_OID; |
| 150 | }; |
| 151 | sp_pkg4_hash: sp_pkg4_hash { |
| 152 | oid = SP_PKG4_HASH_OID; |
| 153 | }; |
| 154 | }; |
| 155 | |
| 156 | plat_sp_content_cert: plat_sp_content_cert { |
| 157 | root-certificate; |
| 158 | image-id = <PLAT_SP_CONTENT_CERT_ID>; |
| 159 | signing-key = <&prot_pk>; |
| 160 | antirollback-counter = <&non_trusted_nv_counter>; |
| 161 | |
| 162 | sp_pkg5_hash: sp_pkg5_hash { |
| 163 | oid = SP_PKG5_HASH_OID; |
| 164 | }; |
| 165 | sp_pkg6_hash: sp_pkg6_hash { |
| 166 | oid = SP_PKG6_HASH_OID; |
| 167 | }; |
| 168 | sp_pkg7_hash: sp_pkg7_hash { |
| 169 | oid = SP_PKG7_HASH_OID; |
| 170 | }; |
| 171 | sp_pkg8_hash: sp_pkg8_hash { |
| 172 | oid = SP_PKG8_HASH_OID; |
| 173 | }; |
| 174 | }; |
| 175 | #endif |
| 176 | }; |
| 177 | |
| 178 | images { |
| 179 | compatible = "arm, img-descs"; |
| 180 | |
| 181 | hw_config { |
| 182 | image-id = <HW_CONFIG_ID>; |
| 183 | parent = <&trusted_boot_fw_cert>; |
| 184 | hash = <&hw_config_hash>; |
| 185 | }; |
| 186 | |
| 187 | scp_bl2_image { |
| 188 | image-id = <SCP_BL2_IMAGE_ID>; |
| 189 | parent = <&scp_fw_content_cert>; |
| 190 | hash = <&scp_fw_hash>; |
| 191 | }; |
| 192 | |
| 193 | bl31_image { |
| 194 | image-id = <BL31_IMAGE_ID>; |
| 195 | parent = <&soc_fw_content_cert>; |
| 196 | hash = <&soc_fw_hash>; |
| 197 | }; |
| 198 | |
| 199 | soc_fw_config { |
| 200 | image-id = <SOC_FW_CONFIG_ID>; |
| 201 | parent = <&soc_fw_content_cert>; |
| 202 | hash = <&soc_fw_config_hash>; |
| 203 | }; |
| 204 | |
| 205 | bl32_image { |
| 206 | image-id = <BL32_IMAGE_ID>; |
| 207 | parent = <&trusted_os_fw_content_cert>; |
| 208 | hash = <&tos_fw_hash>; |
| 209 | }; |
| 210 | |
| 211 | bl32_extra1_image { |
| 212 | image-id = <BL32_EXTRA1_IMAGE_ID>; |
| 213 | parent = <&trusted_os_fw_content_cert>; |
| 214 | hash = <&tos_fw_extra1_hash>; |
| 215 | }; |
| 216 | |
| 217 | bl32_extra2_image { |
| 218 | image-id = <BL32_EXTRA2_IMAGE_ID>; |
| 219 | parent = <&trusted_os_fw_content_cert>; |
| 220 | hash = <&tos_fw_extra2_hash>; |
| 221 | }; |
| 222 | |
| 223 | tos_fw_config { |
| 224 | image-id = <TOS_FW_CONFIG_ID>; |
| 225 | parent = <&trusted_os_fw_content_cert>; |
| 226 | hash = <&tos_fw_config_hash>; |
| 227 | }; |
| 228 | |
| 229 | bl33_image { |
| 230 | image-id = <BL33_IMAGE_ID>; |
| 231 | parent = <&non_trusted_fw_content_cert>; |
| 232 | hash = <&nt_world_bl_hash>; |
| 233 | }; |
| 234 | |
| 235 | nt_fw_config { |
| 236 | image-id = <NT_FW_CONFIG_ID>; |
| 237 | parent = <&non_trusted_fw_content_cert>; |
| 238 | hash = <&nt_fw_config_hash>; |
| 239 | }; |
| 240 | |
| 241 | #if defined(SPD_spmd) |
| 242 | sp_pkg1 { |
| 243 | image-id = <SP_PKG1_ID>; |
| 244 | parent = <&sip_sp_content_cert>; |
| 245 | hash = <&sp_pkg1_hash>; |
| 246 | }; |
| 247 | |
| 248 | sp_pkg2 { |
| 249 | image-id = <SP_PKG2_ID>; |
| 250 | parent = <&sip_sp_content_cert>; |
| 251 | hash = <&sp_pkg2_hash>; |
| 252 | }; |
| 253 | |
| 254 | sp_pkg3 { |
| 255 | image-id = <SP_PKG3_ID>; |
| 256 | parent = <&sip_sp_content_cert>; |
| 257 | hash = <&sp_pkg3_hash>; |
| 258 | }; |
| 259 | |
| 260 | sp_pkg4 { |
| 261 | image-id = <SP_PKG4_ID>; |
| 262 | parent = <&sip_sp_content_cert>; |
| 263 | hash = <&sp_pkg4_hash>; |
| 264 | }; |
| 265 | |
| 266 | sp_pkg5 { |
| 267 | image-id = <SP_PKG5_ID>; |
| 268 | parent = <&plat_sp_content_cert>; |
| 269 | hash = <&sp_pkg5_hash>; |
| 270 | }; |
| 271 | |
| 272 | sp_pkg6 { |
| 273 | image-id = <SP_PKG6_ID>; |
| 274 | parent = <&plat_sp_content_cert>; |
| 275 | hash = <&sp_pkg6_hash>; |
| 276 | }; |
| 277 | |
| 278 | sp_pkg7 { |
| 279 | image-id = <SP_PKG7_ID>; |
| 280 | parent = <&plat_sp_content_cert>; |
| 281 | hash = <&sp_pkg7_hash>; |
| 282 | }; |
| 283 | |
| 284 | sp_pkg8 { |
| 285 | image-id = <SP_PKG8_ID>; |
| 286 | parent = <&plat_sp_content_cert>; |
| 287 | hash = <&sp_pkg8_hash>; |
| 288 | }; |
| 289 | #endif |
| 290 | }; |
| 291 | }; |
| 292 | |
| 293 | non_volatile_counters: non_volatile_counters { |
| 294 | compatible = "arm, non-volatile-counter"; |
| 295 | |
| 296 | #address-cells = <1>; |
| 297 | #size-cells = <0>; |
| 298 | |
| 299 | trusted_nv_counter: trusted_nv_counter { |
| 300 | id = <TRUSTED_NV_CTR_ID>; |
| 301 | oid = TRUSTED_FW_NVCOUNTER_OID; |
| 302 | }; |
| 303 | |
| 304 | non_trusted_nv_counter: non_trusted_nv_counter { |
| 305 | id = <NON_TRUSTED_NV_CTR_ID>; |
| 306 | oid = NON_TRUSTED_FW_NVCOUNTER_OID; |
| 307 | }; |
| 308 | }; |
| 309 | |
| 310 | rot_keys { |
| 311 | prot_pk: prot_pk { |
| 312 | oid = PROT_PK_OID; |
| 313 | }; |
| 314 | }; |