blob: da3631bbf9cb59fec565f56bce4c7cab1fdb2451 [file] [log] [blame]
Juan Castillo9b265a82015-05-07 14:52:44 +01001/*
Joel Huttone9919bb2019-02-20 11:56:46 +00002 * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
Juan Castillo9b265a82015-05-07 14:52:44 +01003 *
dp-armfa3cf0b2017-05-03 09:38:09 +01004 * SPDX-License-Identifier: BSD-3-Clause
Juan Castillo9b265a82015-05-07 14:52:44 +01005 */
6
Isla Mitchell99305012017-07-11 14:54:08 +01007#include <stddef.h>
8
Antonio Nino Diaze0f90632018-12-14 00:18:21 +00009#include <platform_def.h>
10
11#include <drivers/auth/auth_mod.h>
Masahiro Yamadaa27c1662017-05-22 12:11:24 +090012#if USE_TBBR_DEFS
Antonio Nino Diaze0f90632018-12-14 00:18:21 +000013#include <tools_share/tbbr_oid.h>
Masahiro Yamadaa27c1662017-05-22 12:11:24 +090014#else
Juan Castillo9b265a82015-05-07 14:52:44 +010015#include <platform_oid.h>
Masahiro Yamadaa27c1662017-05-22 12:11:24 +090016#endif
Isla Mitchell99305012017-07-11 14:54:08 +010017
Juan Castillo9b265a82015-05-07 14:52:44 +010018
19/*
20 * Maximum key and hash sizes (in DER format)
21 */
22#define PK_DER_LEN 294
Qixiang Xu1a1f2912017-11-09 13:56:29 +080023#define HASH_DER_LEN 83
Juan Castillo9b265a82015-05-07 14:52:44 +010024
25/*
26 * The platform must allocate buffers to store the authentication parameters
27 * extracted from the certificates. In this case, because of the way the CoT is
28 * established, we can reuse some of the buffers on different stages
29 */
Joel Huttone9919bb2019-02-20 11:56:46 +000030
Juan Castillobe801202015-12-03 10:19:21 +000031static unsigned char tb_fw_hash_buf[HASH_DER_LEN];
Soby Mathew0bdfef02017-11-07 17:03:57 +000032static unsigned char tb_fw_config_hash_buf[HASH_DER_LEN];
33static unsigned char hw_config_hash_buf[HASH_DER_LEN];
Juan Castillobe801202015-12-03 10:19:21 +000034static unsigned char scp_fw_hash_buf[HASH_DER_LEN];
Joel Huttone9919bb2019-02-20 11:56:46 +000035static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN];
36
37#ifdef IMAGE_BL2
Juan Castillobe801202015-12-03 10:19:21 +000038static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
39static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
Summer Qin80726782017-04-20 16:28:39 +010040static unsigned char tos_fw_extra1_hash_buf[HASH_DER_LEN];
41static unsigned char tos_fw_extra2_hash_buf[HASH_DER_LEN];
Juan Castillobe801202015-12-03 10:19:21 +000042static unsigned char trusted_world_pk_buf[PK_DER_LEN];
43static unsigned char non_trusted_world_pk_buf[PK_DER_LEN];
44static unsigned char content_pk_buf[PK_DER_LEN];
Soby Mathew2bb78d32018-03-29 14:29:55 +010045static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN];
46static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN];
47static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN];
Joel Huttone9919bb2019-02-20 11:56:46 +000048#endif
Juan Castillo9b265a82015-05-07 14:52:44 +010049
50/*
51 * Parameter type descriptors
52 */
Juan Castillobfb7fa62016-01-22 11:05:57 +000053static auth_param_type_desc_t trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
54 AUTH_PARAM_NV_CTR, TRUSTED_FW_NVCOUNTER_OID);
Juan Castillobfb7fa62016-01-22 11:05:57 +000055
Juan Castillo9b265a82015-05-07 14:52:44 +010056static auth_param_type_desc_t subject_pk = AUTH_PARAM_TYPE_DESC(
57 AUTH_PARAM_PUB_KEY, 0);
58static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC(
59 AUTH_PARAM_SIG, 0);
60static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC(
61 AUTH_PARAM_SIG_ALG, 0);
62static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC(
63 AUTH_PARAM_RAW_DATA, 0);
64
Joel Huttone9919bb2019-02-20 11:56:46 +000065
66static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC(
67 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID);
68static auth_param_type_desc_t tb_fw_config_hash = AUTH_PARAM_TYPE_DESC(
69 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_CONFIG_HASH_OID);
70static auth_param_type_desc_t hw_config_hash = AUTH_PARAM_TYPE_DESC(
71 AUTH_PARAM_HASH, HW_CONFIG_HASH_OID);
72#ifdef IMAGE_BL1
73static auth_param_type_desc_t scp_bl2u_hash = AUTH_PARAM_TYPE_DESC(
74 AUTH_PARAM_HASH, SCP_FWU_CFG_HASH_OID);
75static auth_param_type_desc_t bl2u_hash = AUTH_PARAM_TYPE_DESC(
76 AUTH_PARAM_HASH, AP_FWU_CFG_HASH_OID);
77static auth_param_type_desc_t ns_bl2u_hash = AUTH_PARAM_TYPE_DESC(
78 AUTH_PARAM_HASH, FWU_HASH_OID);
79#endif /* IMAGE_BL1 */
80
81#ifdef IMAGE_BL2
82static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
83 AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID);
Juan Castillobe801202015-12-03 10:19:21 +000084static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC(
85 AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID);
86static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC(
87 AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID);
Juan Castillobe801202015-12-03 10:19:21 +000088static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC(
89 AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID);
90static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC(
91 AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID);
92static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC(
93 AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID);
94static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC(
95 AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID);
Juan Castillobe801202015-12-03 10:19:21 +000096static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC(
97 AUTH_PARAM_HASH, SCP_FW_HASH_OID);
98static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
99 AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
Soby Mathew2bb78d32018-03-29 14:29:55 +0100100static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC(
101 AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID);
Juan Castillobe801202015-12-03 10:19:21 +0000102static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
103 AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
Soby Mathew2bb78d32018-03-29 14:29:55 +0100104static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC(
105 AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID);
Summer Qin80726782017-04-20 16:28:39 +0100106static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC(
107 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID);
108static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC(
109 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID);
Juan Castillobe801202015-12-03 10:19:21 +0000110static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
111 AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
Soby Mathew2bb78d32018-03-29 14:29:55 +0100112static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC(
113 AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +0100114
Joel Huttone9919bb2019-02-20 11:56:46 +0000115#endif /* IMAGE_BL2 */
116
117
Juan Castillo9b265a82015-05-07 14:52:44 +0100118 /*
119 * BL2
120 */
Joel Huttone9919bb2019-02-20 11:56:46 +0000121static const auth_img_desc_t trusted_boot_fw_cert = {
122 .img_id = TRUSTED_BOOT_FW_CERT_ID,
123 .img_type = IMG_CERT,
124 .parent = NULL,
Joel Hutton69931af2019-03-11 11:37:38 +0000125 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000126 [0] = {
127 .type = AUTH_METHOD_SIG,
128 .param.sig = {
129 .pk = &subject_pk,
130 .sig = &sig,
131 .alg = &sig_alg,
132 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100133 }
134 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000135 [1] = {
136 .type = AUTH_METHOD_NV_CTR,
137 .param.nv_ctr = {
138 .cert_nv_ctr = &trusted_nv_ctr,
139 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100140 }
141 }
142 },
Joel Hutton69931af2019-03-11 11:37:38 +0000143 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000144 [0] = {
145 .type_desc = &tb_fw_hash,
146 .data = {
147 .ptr = (void *)tb_fw_hash_buf,
148 .len = (unsigned int)HASH_DER_LEN
149 }
150 },
151 [1] = {
152 .type_desc = &tb_fw_config_hash,
153 .data = {
154 .ptr = (void *)tb_fw_config_hash_buf,
155 .len = (unsigned int)HASH_DER_LEN
156 }
157 },
158 [2] = {
159 .type_desc = &hw_config_hash,
160 .data = {
161 .ptr = (void *)hw_config_hash_buf,
162 .len = (unsigned int)HASH_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100163 }
164 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000165 }
166 };
167#ifdef IMAGE_BL1
168static const auth_img_desc_t bl2_image = {
169 .img_id = BL2_IMAGE_ID,
170 .img_type = IMG_RAW,
171 .parent = &trusted_boot_fw_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000172 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000173 [0] = {
174 .type = AUTH_METHOD_HASH,
175 .param.hash = {
176 .data = &raw_data,
177 .hash = &tb_fw_hash
Soby Mathew0bdfef02017-11-07 17:03:57 +0000178 }
179 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000180 }
181};
182#endif /* IMAGE_BL1 */
183/* HW Config */
184static const auth_img_desc_t hw_config = {
185 .img_id = HW_CONFIG_ID,
186 .img_type = IMG_RAW,
187 .parent = &trusted_boot_fw_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000188 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000189 [0] = {
190 .type = AUTH_METHOD_HASH,
191 .param.hash = {
192 .data = &raw_data,
193 .hash = &hw_config_hash
Soby Mathew0bdfef02017-11-07 17:03:57 +0000194 }
195 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000196 }
197};
198/* TB FW Config */
199#ifdef IMAGE_BL1
200static const auth_img_desc_t tb_fw_config = {
201 .img_id = TB_FW_CONFIG_ID,
202 .img_type = IMG_RAW,
203 .parent = &trusted_boot_fw_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000204 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000205 [0] = {
206 .type = AUTH_METHOD_HASH,
207 .param.hash = {
208 .data = &raw_data,
209 .hash = &tb_fw_config_hash
210 }
211 }
212 }
213};
214#endif /* IMAGE_BL1 */
215#ifdef IMAGE_BL2
216/*
217 * Trusted key certificate
218 */
219static const auth_img_desc_t trusted_key_cert = {
220 .img_id = TRUSTED_KEY_CERT_ID,
221 .img_type = IMG_CERT,
222 .parent = NULL,
Joel Hutton69931af2019-03-11 11:37:38 +0000223 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000224 [0] = {
225 .type = AUTH_METHOD_SIG,
226 .param.sig = {
227 .pk = &subject_pk,
228 .sig = &sig,
229 .alg = &sig_alg,
230 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100231 }
232 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000233 [1] = {
234 .type = AUTH_METHOD_NV_CTR,
235 .param.nv_ctr = {
236 .cert_nv_ctr = &trusted_nv_ctr,
237 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100238 }
239 }
240 },
Joel Hutton69931af2019-03-11 11:37:38 +0000241 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000242 [0] = {
243 .type_desc = &trusted_world_pk,
244 .data = {
245 .ptr = (void *)trusted_world_pk_buf,
246 .len = (unsigned int)PK_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100247 }
248 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000249 [1] = {
250 .type_desc = &non_trusted_world_pk,
251 .data = {
252 .ptr = (void *)non_trusted_world_pk_buf,
253 .len = (unsigned int)PK_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100254 }
255 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000256 }
257};
258/*
259 * SCP Firmware
260 */
261static const auth_img_desc_t scp_fw_key_cert = {
262 .img_id = SCP_FW_KEY_CERT_ID,
263 .img_type = IMG_CERT,
264 .parent = &trusted_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000265 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000266 [0] = {
267 .type = AUTH_METHOD_SIG,
268 .param.sig = {
269 .pk = &trusted_world_pk,
270 .sig = &sig,
271 .alg = &sig_alg,
272 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100273 }
274 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000275 [1] = {
276 .type = AUTH_METHOD_NV_CTR,
277 .param.nv_ctr = {
278 .cert_nv_ctr = &trusted_nv_ctr,
279 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100280 }
281 }
282 },
Joel Hutton69931af2019-03-11 11:37:38 +0000283 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000284 [0] = {
285 .type_desc = &scp_fw_content_pk,
286 .data = {
287 .ptr = (void *)content_pk_buf,
288 .len = (unsigned int)PK_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100289 }
290 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000291 }
292};
293static const auth_img_desc_t scp_fw_content_cert = {
294 .img_id = SCP_FW_CONTENT_CERT_ID,
295 .img_type = IMG_CERT,
296 .parent = &scp_fw_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000297 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000298 [0] = {
299 .type = AUTH_METHOD_SIG,
300 .param.sig = {
301 .pk = &scp_fw_content_pk,
302 .sig = &sig,
303 .alg = &sig_alg,
304 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100305 }
306 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000307 [1] = {
308 .type = AUTH_METHOD_NV_CTR,
309 .param.nv_ctr = {
310 .cert_nv_ctr = &trusted_nv_ctr,
311 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100312 }
313 }
314 },
Joel Hutton69931af2019-03-11 11:37:38 +0000315 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000316 [0] = {
317 .type_desc = &scp_fw_hash,
318 .data = {
319 .ptr = (void *)scp_fw_hash_buf,
320 .len = (unsigned int)HASH_DER_LEN
321 }
322 }
323 }
324};
325static const auth_img_desc_t scp_bl2_image = {
326 .img_id = SCP_BL2_IMAGE_ID,
327 .img_type = IMG_RAW,
328 .parent = &scp_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000329 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000330 [0] = {
331 .type = AUTH_METHOD_HASH,
332 .param.hash = {
333 .data = &raw_data,
334 .hash = &scp_fw_hash
335 }
336 }
337 }
338};
339/*
340 * SoC Firmware
341 */
342static const auth_img_desc_t soc_fw_key_cert = {
343 .img_id = SOC_FW_KEY_CERT_ID,
344 .img_type = IMG_CERT,
345 .parent = &trusted_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000346 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000347 [0] = {
348 .type = AUTH_METHOD_SIG,
349 .param.sig = {
350 .pk = &trusted_world_pk,
351 .sig = &sig,
352 .alg = &sig_alg,
353 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100354 }
355 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000356 [1] = {
357 .type = AUTH_METHOD_NV_CTR,
358 .param.nv_ctr = {
359 .cert_nv_ctr = &trusted_nv_ctr,
360 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100361 }
362 }
363 },
Joel Hutton69931af2019-03-11 11:37:38 +0000364 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000365 [0] = {
366 .type_desc = &soc_fw_content_pk,
367 .data = {
368 .ptr = (void *)content_pk_buf,
369 .len = (unsigned int)PK_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100370 }
371 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000372 }
373};
374static const auth_img_desc_t soc_fw_content_cert = {
375 .img_id = SOC_FW_CONTENT_CERT_ID,
376 .img_type = IMG_CERT,
377 .parent = &soc_fw_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000378 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000379 [0] = {
380 .type = AUTH_METHOD_SIG,
381 .param.sig = {
382 .pk = &soc_fw_content_pk,
383 .sig = &sig,
384 .alg = &sig_alg,
385 .data = &raw_data
386 }
387 },
388 [1] = {
389 .type = AUTH_METHOD_NV_CTR,
390 .param.nv_ctr = {
391 .cert_nv_ctr = &trusted_nv_ctr,
392 .plat_nv_ctr = &trusted_nv_ctr
Soby Mathew2bb78d32018-03-29 14:29:55 +0100393 }
394 }
395 },
Joel Hutton69931af2019-03-11 11:37:38 +0000396 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000397 [0] = {
398 .type_desc = &soc_fw_hash,
399 .data = {
400 .ptr = (void *)soc_fw_hash_buf,
401 .len = (unsigned int)HASH_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100402 }
403 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000404 [1] = {
405 .type_desc = &soc_fw_config_hash,
406 .data = {
407 .ptr = (void *)soc_fw_config_hash_buf,
408 .len = (unsigned int)HASH_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100409 }
410 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000411 }
412};
413static const auth_img_desc_t bl31_image = {
414 .img_id = BL31_IMAGE_ID,
415 .img_type = IMG_RAW,
416 .parent = &soc_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000417 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000418 [0] = {
419 .type = AUTH_METHOD_HASH,
420 .param.hash = {
421 .data = &raw_data,
422 .hash = &soc_fw_hash
423 }
424 }
425 }
426};
427/* SOC FW Config */
428static const auth_img_desc_t soc_fw_config = {
429 .img_id = SOC_FW_CONFIG_ID,
430 .img_type = IMG_RAW,
431 .parent = &soc_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000432 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000433 [0] = {
434 .type = AUTH_METHOD_HASH,
435 .param.hash = {
436 .data = &raw_data,
437 .hash = &soc_fw_config_hash
438 }
439 }
440 }
441};
442/*
443 * Trusted OS Firmware
444 */
445static const auth_img_desc_t trusted_os_fw_key_cert = {
446 .img_id = TRUSTED_OS_FW_KEY_CERT_ID,
447 .img_type = IMG_CERT,
448 .parent = &trusted_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000449 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000450 [0] = {
451 .type = AUTH_METHOD_SIG,
452 .param.sig = {
453 .pk = &trusted_world_pk,
454 .sig = &sig,
455 .alg = &sig_alg,
456 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100457 }
458 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000459 [1] = {
460 .type = AUTH_METHOD_NV_CTR,
461 .param.nv_ctr = {
462 .cert_nv_ctr = &trusted_nv_ctr,
463 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100464 }
465 }
466 },
Joel Hutton69931af2019-03-11 11:37:38 +0000467 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000468 [0] = {
469 .type_desc = &tos_fw_content_pk,
470 .data = {
471 .ptr = (void *)content_pk_buf,
472 .len = (unsigned int)PK_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100473 }
474 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000475 }
476};
477static const auth_img_desc_t trusted_os_fw_content_cert = {
478 .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
479 .img_type = IMG_CERT,
480 .parent = &trusted_os_fw_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000481 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000482 [0] = {
483 .type = AUTH_METHOD_SIG,
484 .param.sig = {
485 .pk = &tos_fw_content_pk,
486 .sig = &sig,
487 .alg = &sig_alg,
488 .data = &raw_data
489 }
490 },
491 [1] = {
492 .type = AUTH_METHOD_NV_CTR,
493 .param.nv_ctr = {
494 .cert_nv_ctr = &trusted_nv_ctr,
495 .plat_nv_ctr = &trusted_nv_ctr
Summer Qin80726782017-04-20 16:28:39 +0100496 }
497 }
498 },
Joel Hutton69931af2019-03-11 11:37:38 +0000499 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000500 [0] = {
501 .type_desc = &tos_fw_hash,
502 .data = {
503 .ptr = (void *)tos_fw_hash_buf,
504 .len = (unsigned int)HASH_DER_LEN
505 }
506 },
507 [1] = {
508 .type_desc = &tos_fw_extra1_hash,
509 .data = {
510 .ptr = (void *)tos_fw_extra1_hash_buf,
511 .len = (unsigned int)HASH_DER_LEN
512 }
513 },
514 [2] = {
515 .type_desc = &tos_fw_extra2_hash,
516 .data = {
517 .ptr = (void *)tos_fw_extra2_hash_buf,
518 .len = (unsigned int)HASH_DER_LEN
519 }
520 },
521 [3] = {
522 .type_desc = &tos_fw_config_hash,
523 .data = {
524 .ptr = (void *)tos_fw_config_hash_buf,
525 .len = (unsigned int)HASH_DER_LEN
Summer Qin80726782017-04-20 16:28:39 +0100526 }
527 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000528 }
529};
530static const auth_img_desc_t bl32_image = {
531 .img_id = BL32_IMAGE_ID,
532 .img_type = IMG_RAW,
533 .parent = &trusted_os_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000534 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000535 [0] = {
536 .type = AUTH_METHOD_HASH,
537 .param.hash = {
538 .data = &raw_data,
539 .hash = &tos_fw_hash
Soby Mathew2bb78d32018-03-29 14:29:55 +0100540 }
541 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000542 }
543};
544static const auth_img_desc_t bl32_extra1_image = {
545 .img_id = BL32_EXTRA1_IMAGE_ID,
546 .img_type = IMG_RAW,
547 .parent = &trusted_os_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000548 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000549 [0] = {
550 .type = AUTH_METHOD_HASH,
551 .param.hash = {
552 .data = &raw_data,
553 .hash = &tos_fw_extra1_hash
554 }
555 }
556 }
557};
558static const auth_img_desc_t bl32_extra2_image = {
559 .img_id = BL32_EXTRA2_IMAGE_ID,
560 .img_type = IMG_RAW,
561 .parent = &trusted_os_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000562 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000563 [0] = {
564 .type = AUTH_METHOD_HASH,
565 .param.hash = {
566 .data = &raw_data,
567 .hash = &tos_fw_extra2_hash
568 }
569 }
570 }
571};
572/* TOS FW Config */
573static const auth_img_desc_t tos_fw_config = {
574 .img_id = TOS_FW_CONFIG_ID,
575 .img_type = IMG_RAW,
576 .parent = &trusted_os_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000577 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000578 [0] = {
579 .type = AUTH_METHOD_HASH,
580 .param.hash = {
581 .data = &raw_data,
582 .hash = &tos_fw_config_hash
583 }
584 }
585 }
586};
587/*
588 * Non-Trusted Firmware
589 */
590static const auth_img_desc_t non_trusted_fw_key_cert = {
591 .img_id = NON_TRUSTED_FW_KEY_CERT_ID,
592 .img_type = IMG_CERT,
593 .parent = &trusted_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000594 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000595 [0] = {
596 .type = AUTH_METHOD_SIG,
597 .param.sig = {
598 .pk = &non_trusted_world_pk,
599 .sig = &sig,
600 .alg = &sig_alg,
601 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100602 }
603 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000604 [1] = {
605 .type = AUTH_METHOD_NV_CTR,
606 .param.nv_ctr = {
607 .cert_nv_ctr = &non_trusted_nv_ctr,
608 .plat_nv_ctr = &non_trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100609 }
610 }
611 },
Joel Hutton69931af2019-03-11 11:37:38 +0000612 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000613 [0] = {
614 .type_desc = &nt_fw_content_pk,
615 .data = {
616 .ptr = (void *)content_pk_buf,
617 .len = (unsigned int)PK_DER_LEN
618 }
619 }
620 }
621};
622static const auth_img_desc_t non_trusted_fw_content_cert = {
623 .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
624 .img_type = IMG_CERT,
625 .parent = &non_trusted_fw_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000626 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000627 [0] = {
628 .type = AUTH_METHOD_SIG,
629 .param.sig = {
630 .pk = &nt_fw_content_pk,
631 .sig = &sig,
632 .alg = &sig_alg,
633 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100634 }
635 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000636 [1] = {
637 .type = AUTH_METHOD_NV_CTR,
638 .param.nv_ctr = {
639 .cert_nv_ctr = &non_trusted_nv_ctr,
640 .plat_nv_ctr = &non_trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100641 }
642 }
643 },
Joel Hutton69931af2019-03-11 11:37:38 +0000644 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000645 [0] = {
646 .type_desc = &nt_world_bl_hash,
647 .data = {
648 .ptr = (void *)nt_world_bl_hash_buf,
649 .len = (unsigned int)HASH_DER_LEN
650 }
651 },
652 [1] = {
653 .type_desc = &nt_fw_config_hash,
654 .data = {
655 .ptr = (void *)nt_fw_config_hash_buf,
656 .len = (unsigned int)HASH_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100657 }
658 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000659 }
660};
661static const auth_img_desc_t bl33_image = {
662 .img_id = BL33_IMAGE_ID,
663 .img_type = IMG_RAW,
664 .parent = &non_trusted_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000665 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000666 [0] = {
667 .type = AUTH_METHOD_HASH,
668 .param.hash = {
669 .data = &raw_data,
670 .hash = &nt_world_bl_hash
Soby Mathew2bb78d32018-03-29 14:29:55 +0100671 }
672 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000673 }
674};
675/* NT FW Config */
676static const auth_img_desc_t nt_fw_config = {
677 .img_id = NT_FW_CONFIG_ID,
678 .img_type = IMG_RAW,
679 .parent = &non_trusted_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000680 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000681 [0] = {
682 .type = AUTH_METHOD_HASH,
683 .param.hash = {
684 .data = &raw_data,
685 .hash = &nt_fw_config_hash
686 }
687 }
688 }
689};
690#else /* IMAGE_BL2 */
691/*
692 * FWU auth descriptor.
693 */
694static const auth_img_desc_t fwu_cert = {
695 .img_id = FWU_CERT_ID,
696 .img_type = IMG_CERT,
697 .parent = NULL,
Joel Hutton69931af2019-03-11 11:37:38 +0000698 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000699 [0] = {
700 .type = AUTH_METHOD_SIG,
701 .param.sig = {
702 .pk = &subject_pk,
703 .sig = &sig,
704 .alg = &sig_alg,
705 .data = &raw_data
706 }
707 }
Soby Mathew2bb78d32018-03-29 14:29:55 +0100708 },
Joel Hutton69931af2019-03-11 11:37:38 +0000709 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000710 [0] = {
711 .type_desc = &scp_bl2u_hash,
712 .data = {
713 .ptr = (void *)scp_fw_hash_buf,
714 .len = (unsigned int)HASH_DER_LEN
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100715 }
716 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000717 [1] = {
718 .type_desc = &bl2u_hash,
719 .data = {
720 .ptr = (void *)tb_fw_hash_buf,
721 .len = (unsigned int)HASH_DER_LEN
722 }
723 },
724 [2] = {
725 .type_desc = &ns_bl2u_hash,
726 .data = {
727 .ptr = (void *)nt_world_bl_hash_buf,
728 .len = (unsigned int)HASH_DER_LEN
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100729 }
730 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000731 }
732};
733/*
734 * SCP_BL2U
735 */
736static const auth_img_desc_t scp_bl2u_image = {
737 .img_id = SCP_BL2U_IMAGE_ID,
738 .img_type = IMG_RAW,
739 .parent = &fwu_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000740 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000741 [0] = {
742 .type = AUTH_METHOD_HASH,
743 .param.hash = {
744 .data = &raw_data,
745 .hash = &scp_bl2u_hash
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100746 }
747 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000748 }
749};
750/*
751 * BL2U
752 */
753static const auth_img_desc_t bl2u_image = {
754 .img_id = BL2U_IMAGE_ID,
755 .img_type = IMG_RAW,
756 .parent = &fwu_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000757 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000758 [0] = {
759 .type = AUTH_METHOD_HASH,
760 .param.hash = {
761 .data = &raw_data,
762 .hash = &bl2u_hash
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100763 }
764 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000765 }
766};
767/*
768 * NS_BL2U
769 */
770static const auth_img_desc_t ns_bl2u_image = {
771 .img_id = NS_BL2U_IMAGE_ID,
772 .img_type = IMG_RAW,
773 .parent = &fwu_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000774 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000775 [0] = {
776 .type = AUTH_METHOD_HASH,
777 .param.hash = {
778 .data = &raw_data,
779 .hash = &ns_bl2u_hash
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100780 }
781 }
782 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000783 };
784#endif /* IMAGE_BL2 */
785/*
786 * TBBR Chain of trust definition
787 */
788
789#ifdef IMAGE_BL1
790static const auth_img_desc_t * const cot_desc[] = {
791 [TRUSTED_BOOT_FW_CERT_ID] = &trusted_boot_fw_cert,
792 [BL2_IMAGE_ID] = &bl2_image,
793 [HW_CONFIG_ID] = &hw_config,
794 [TB_FW_CONFIG_ID] = &tb_fw_config,
795 [FWU_CERT_ID] = &fwu_cert,
796 [SCP_BL2U_IMAGE_ID] = &scp_bl2u_image,
797 [BL2U_IMAGE_ID] = &bl2u_image,
798 [NS_BL2U_IMAGE_ID] = &ns_bl2u_image
799};
800#else /* IMAGE_BL2 */
801static const auth_img_desc_t * const cot_desc[] = {
802 [TRUSTED_BOOT_FW_CERT_ID] = &trusted_boot_fw_cert,
803 [HW_CONFIG_ID] = &hw_config,
804 [TRUSTED_KEY_CERT_ID] = &trusted_key_cert,
805 [SCP_FW_KEY_CERT_ID] = &scp_fw_key_cert,
806 [SCP_FW_CONTENT_CERT_ID] = &scp_fw_content_cert,
807 [SCP_BL2_IMAGE_ID] = &scp_bl2_image,
808 [SOC_FW_KEY_CERT_ID] = &soc_fw_key_cert,
809 [SOC_FW_CONTENT_CERT_ID] = &soc_fw_content_cert,
810 [BL31_IMAGE_ID] = &bl31_image,
811 [SOC_FW_CONFIG_ID] = &soc_fw_config,
812 [TRUSTED_OS_FW_KEY_CERT_ID] = &trusted_os_fw_key_cert,
813 [TRUSTED_OS_FW_CONTENT_CERT_ID] = &trusted_os_fw_content_cert,
814 [BL32_IMAGE_ID] = &bl32_image,
815 [BL32_EXTRA1_IMAGE_ID] = &bl32_extra1_image,
816 [BL32_EXTRA2_IMAGE_ID] = &bl32_extra2_image,
817 [TOS_FW_CONFIG_ID] = &tos_fw_config,
818 [NON_TRUSTED_FW_KEY_CERT_ID] = &non_trusted_fw_key_cert,
819 [NON_TRUSTED_FW_CONTENT_CERT_ID] = &non_trusted_fw_content_cert,
820 [BL33_IMAGE_ID] = &bl33_image,
821 [NT_FW_CONFIG_ID] = &nt_fw_config,
Juan Castillo9b265a82015-05-07 14:52:44 +0100822};
Joel Huttone9919bb2019-02-20 11:56:46 +0000823#endif
Juan Castillo9b265a82015-05-07 14:52:44 +0100824
825/* Register the CoT in the authentication module */
826REGISTER_COT(cot_desc);