Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 783fd7c488a85bd055b686e2ed1e036afa19dfea / . / drivers / auth / tbbr / tbbr_cot.c
blob: 8b6ca23b71f2c565c4f93999948d29a8fa9cb2a1 [file] [log] [blame]
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]1/*
2 * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
3 *
dp-armfa3cf0b2017-05-03 09:38:09 +0100[diff] [blame]4 * SPDX-License-Identifier: BSD-3-Clause
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]5 */
6
7#include <auth_mod.h>
8#include <platform_def.h>
9#include <platform_oid.h>
10#include <stddef.h>
11
12/*
13 * Maximum key and hash sizes (in DER format)
14 */
15#define PK_DER_LEN 294
16#define HASH_DER_LEN 51
17
18/*
19 * The platform must allocate buffers to store the authentication parameters
20 * extracted from the certificates. In this case, because of the way the CoT is
21 * established, we can reuse some of the buffers on different stages
22 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]23static unsigned char tb_fw_hash_buf[HASH_DER_LEN];
24static unsigned char scp_fw_hash_buf[HASH_DER_LEN];
25static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
26static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
27static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN];
28static unsigned char trusted_world_pk_buf[PK_DER_LEN];
29static unsigned char non_trusted_world_pk_buf[PK_DER_LEN];
30static unsigned char content_pk_buf[PK_DER_LEN];
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]31
32/*
33 * Parameter type descriptors
34 */
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]35static auth_param_type_desc_t trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
36 AUTH_PARAM_NV_CTR, TRUSTED_FW_NVCOUNTER_OID);
37static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
38 AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID);
39
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]40static auth_param_type_desc_t subject_pk = AUTH_PARAM_TYPE_DESC(
41 AUTH_PARAM_PUB_KEY, 0);
42static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC(
43 AUTH_PARAM_SIG, 0);
44static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC(
45 AUTH_PARAM_SIG_ALG, 0);
46static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC(
47 AUTH_PARAM_RAW_DATA, 0);
48
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]49static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC(
50 AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID);
51static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC(
52 AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]53
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]54static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC(
55 AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID);
56static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC(
57 AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID);
58static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC(
59 AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID);
60static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC(
61 AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]62
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]63static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC(
64 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID);
65static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC(
66 AUTH_PARAM_HASH, SCP_FW_HASH_OID);
67static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
68 AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
69static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
70 AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
71static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
72 AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]73static auth_param_type_desc_t scp_bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]74 AUTH_PARAM_HASH, SCP_FWU_CFG_HASH_OID);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]75static auth_param_type_desc_t bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]76 AUTH_PARAM_HASH, AP_FWU_CFG_HASH_OID);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]77static auth_param_type_desc_t ns_bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]78 AUTH_PARAM_HASH, FWU_HASH_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]79
80/*
81 * TBBR Chain of trust definition
82 */
83static const auth_img_desc_t cot_desc[] = {
84 /*
85 * BL2
86 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]87 [TRUSTED_BOOT_FW_CERT_ID] = {
88 .img_id = TRUSTED_BOOT_FW_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]89 .img_type = IMG_CERT,
90 .parent = NULL,
91 .img_auth_methods = {
92 [0] = {
93 .type = AUTH_METHOD_SIG,
94 .param.sig = {
95 .pk = &subject_pk,
96 .sig = &sig,
97 .alg = &sig_alg,
98 .data = &raw_data,
99 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]100 },
101 [1] = {
102 .type = AUTH_METHOD_NV_CTR,
103 .param.nv_ctr = {
104 .cert_nv_ctr = &trusted_nv_ctr,
105 .plat_nv_ctr = &trusted_nv_ctr
106 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]107 }
108 },
109 .authenticated_data = {
110 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]111 .type_desc = &tb_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]112 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]113 .ptr = (void *)tb_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]114 .len = (unsigned int)HASH_DER_LEN
115 }
116 }
117 }
118 },
119 [BL2_IMAGE_ID] = {
120 .img_id = BL2_IMAGE_ID,
121 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]122 .parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]123 .img_auth_methods = {
124 [0] = {
125 .type = AUTH_METHOD_HASH,
126 .param.hash = {
127 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]128 .hash = &tb_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]129 }
130 }
131 }
132 },
133 /*
134 * Trusted key certificate
135 */
136 [TRUSTED_KEY_CERT_ID] = {
137 .img_id = TRUSTED_KEY_CERT_ID,
138 .img_type = IMG_CERT,
139 .parent = NULL,
140 .img_auth_methods = {
141 [0] = {
142 .type = AUTH_METHOD_SIG,
143 .param.sig = {
144 .pk = &subject_pk,
145 .sig = &sig,
146 .alg = &sig_alg,
147 .data = &raw_data,
148 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]149 },
150 [1] = {
151 .type = AUTH_METHOD_NV_CTR,
152 .param.nv_ctr = {
153 .cert_nv_ctr = &trusted_nv_ctr,
154 .plat_nv_ctr = &trusted_nv_ctr
155 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]156 }
157 },
158 .authenticated_data = {
159 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]160 .type_desc = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]161 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]162 .ptr = (void *)trusted_world_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]163 .len = (unsigned int)PK_DER_LEN
164 }
165 },
166 [1] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]167 .type_desc = &non_trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]168 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]169 .ptr = (void *)non_trusted_world_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]170 .len = (unsigned int)PK_DER_LEN
171 }
172 }
173 }
174 },
175 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]176 * SCP Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]177 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]178 [SCP_FW_KEY_CERT_ID] = {
179 .img_id = SCP_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]180 .img_type = IMG_CERT,
181 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
182 .img_auth_methods = {
183 [0] = {
184 .type = AUTH_METHOD_SIG,
185 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]186 .pk = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]187 .sig = &sig,
188 .alg = &sig_alg,
189 .data = &raw_data,
190 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]191 },
192 [1] = {
193 .type = AUTH_METHOD_NV_CTR,
194 .param.nv_ctr = {
195 .cert_nv_ctr = &trusted_nv_ctr,
196 .plat_nv_ctr = &trusted_nv_ctr
197 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]198 }
199 },
200 .authenticated_data = {
201 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]202 .type_desc = &scp_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]203 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]204 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]205 .len = (unsigned int)PK_DER_LEN
206 }
207 }
208 }
209 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]210 [SCP_FW_CONTENT_CERT_ID] = {
211 .img_id = SCP_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]212 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]213 .parent = &cot_desc[SCP_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]214 .img_auth_methods = {
215 [0] = {
216 .type = AUTH_METHOD_SIG,
217 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]218 .pk = &scp_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]219 .sig = &sig,
220 .alg = &sig_alg,
221 .data = &raw_data,
222 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]223 },
224 [1] = {
225 .type = AUTH_METHOD_NV_CTR,
226 .param.nv_ctr = {
227 .cert_nv_ctr = &trusted_nv_ctr,
228 .plat_nv_ctr = &trusted_nv_ctr
229 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]230 }
231 },
232 .authenticated_data = {
233 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]234 .type_desc = &scp_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]235 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]236 .ptr = (void *)scp_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]237 .len = (unsigned int)HASH_DER_LEN
238 }
239 }
240 }
241 },
Juan Castilloa72b6472015-12-10 15:49:17 +0000[diff] [blame]242 [SCP_BL2_IMAGE_ID] = {
243 .img_id = SCP_BL2_IMAGE_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]244 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]245 .parent = &cot_desc[SCP_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]246 .img_auth_methods = {
247 [0] = {
248 .type = AUTH_METHOD_HASH,
249 .param.hash = {
250 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]251 .hash = &scp_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]252 }
253 }
254 }
255 },
256 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]257 * SoC Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]258 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]259 [SOC_FW_KEY_CERT_ID] = {
260 .img_id = SOC_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]261 .img_type = IMG_CERT,
262 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
263 .img_auth_methods = {
264 [0] = {
265 .type = AUTH_METHOD_SIG,
266 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]267 .pk = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]268 .sig = &sig,
269 .alg = &sig_alg,
270 .data = &raw_data,
271 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]272 },
273 [1] = {
274 .type = AUTH_METHOD_NV_CTR,
275 .param.nv_ctr = {
276 .cert_nv_ctr = &trusted_nv_ctr,
277 .plat_nv_ctr = &trusted_nv_ctr
278 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]279 }
280 },
281 .authenticated_data = {
282 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]283 .type_desc = &soc_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]284 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]285 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]286 .len = (unsigned int)PK_DER_LEN
287 }
288 }
289 }
290 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]291 [SOC_FW_CONTENT_CERT_ID] = {
292 .img_id = SOC_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]293 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]294 .parent = &cot_desc[SOC_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]295 .img_auth_methods = {
296 [0] = {
297 .type = AUTH_METHOD_SIG,
298 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]299 .pk = &soc_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]300 .sig = &sig,
301 .alg = &sig_alg,
302 .data = &raw_data,
303 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]304 },
305 [1] = {
306 .type = AUTH_METHOD_NV_CTR,
307 .param.nv_ctr = {
308 .cert_nv_ctr = &trusted_nv_ctr,
309 .plat_nv_ctr = &trusted_nv_ctr
310 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]311 }
312 },
313 .authenticated_data = {
314 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]315 .type_desc = &soc_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]316 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]317 .ptr = (void *)soc_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]318 .len = (unsigned int)HASH_DER_LEN
319 }
320 }
321 }
322 },
323 [BL31_IMAGE_ID] = {
324 .img_id = BL31_IMAGE_ID,
325 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]326 .parent = &cot_desc[SOC_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]327 .img_auth_methods = {
328 [0] = {
329 .type = AUTH_METHOD_HASH,
330 .param.hash = {
331 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]332 .hash = &soc_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]333 }
334 }
335 }
336 },
337 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]338 * Trusted OS Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]339 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]340 [TRUSTED_OS_FW_KEY_CERT_ID] = {
341 .img_id = TRUSTED_OS_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]342 .img_type = IMG_CERT,
343 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
344 .img_auth_methods = {
345 [0] = {
346 .type = AUTH_METHOD_SIG,
347 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]348 .pk = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]349 .sig = &sig,
350 .alg = &sig_alg,
351 .data = &raw_data,
352 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]353 },
354 [1] = {
355 .type = AUTH_METHOD_NV_CTR,
356 .param.nv_ctr = {
357 .cert_nv_ctr = &trusted_nv_ctr,
358 .plat_nv_ctr = &trusted_nv_ctr
359 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]360 }
361 },
362 .authenticated_data = {
363 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]364 .type_desc = &tos_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]365 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]366 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]367 .len = (unsigned int)PK_DER_LEN
368 }
369 }
370 }
371 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]372 [TRUSTED_OS_FW_CONTENT_CERT_ID] = {
373 .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]374 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]375 .parent = &cot_desc[TRUSTED_OS_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]376 .img_auth_methods = {
377 [0] = {
378 .type = AUTH_METHOD_SIG,
379 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]380 .pk = &tos_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]381 .sig = &sig,
382 .alg = &sig_alg,
383 .data = &raw_data,
384 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]385 },
386 [1] = {
387 .type = AUTH_METHOD_NV_CTR,
388 .param.nv_ctr = {
389 .cert_nv_ctr = &trusted_nv_ctr,
390 .plat_nv_ctr = &trusted_nv_ctr
391 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]392 }
393 },
394 .authenticated_data = {
395 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]396 .type_desc = &tos_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]397 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]398 .ptr = (void *)tos_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]399 .len = (unsigned int)HASH_DER_LEN
400 }
401 }
402 }
403 },
404 [BL32_IMAGE_ID] = {
405 .img_id = BL32_IMAGE_ID,
406 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]407 .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]408 .img_auth_methods = {
409 [0] = {
410 .type = AUTH_METHOD_HASH,
411 .param.hash = {
412 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]413 .hash = &tos_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]414 }
415 }
416 }
417 },
418 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]419 * Non-Trusted Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]420 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]421 [NON_TRUSTED_FW_KEY_CERT_ID] = {
422 .img_id = NON_TRUSTED_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]423 .img_type = IMG_CERT,
424 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
425 .img_auth_methods = {
426 [0] = {
427 .type = AUTH_METHOD_SIG,
428 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]429 .pk = &non_trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]430 .sig = &sig,
431 .alg = &sig_alg,
432 .data = &raw_data,
433 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]434 },
435 [1] = {
436 .type = AUTH_METHOD_NV_CTR,
437 .param.nv_ctr = {
438 .cert_nv_ctr = &non_trusted_nv_ctr,
439 .plat_nv_ctr = &non_trusted_nv_ctr
440 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]441 }
442 },
443 .authenticated_data = {
444 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]445 .type_desc = &nt_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]446 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]447 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]448 .len = (unsigned int)PK_DER_LEN
449 }
450 }
451 }
452 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]453 [NON_TRUSTED_FW_CONTENT_CERT_ID] = {
454 .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]455 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]456 .parent = &cot_desc[NON_TRUSTED_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]457 .img_auth_methods = {
458 [0] = {
459 .type = AUTH_METHOD_SIG,
460 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]461 .pk = &nt_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]462 .sig = &sig,
463 .alg = &sig_alg,
464 .data = &raw_data,
465 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]466 },
467 [1] = {
468 .type = AUTH_METHOD_NV_CTR,
469 .param.nv_ctr = {
470 .cert_nv_ctr = &non_trusted_nv_ctr,
471 .plat_nv_ctr = &non_trusted_nv_ctr
472 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]473 }
474 },
475 .authenticated_data = {
476 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]477 .type_desc = &nt_world_bl_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]478 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]479 .ptr = (void *)nt_world_bl_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]480 .len = (unsigned int)HASH_DER_LEN
481 }
482 }
483 }
484 },
485 [BL33_IMAGE_ID] = {
486 .img_id = BL33_IMAGE_ID,
487 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]488 .parent = &cot_desc[NON_TRUSTED_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]489 .img_auth_methods = {
490 [0] = {
491 .type = AUTH_METHOD_HASH,
492 .param.hash = {
493 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]494 .hash = &nt_world_bl_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]495 }
496 }
497 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]498 },
499 /*
500 * FWU auth descriptor.
501 */
502 [FWU_CERT_ID] = {
503 .img_id = FWU_CERT_ID,
504 .img_type = IMG_CERT,
505 .parent = NULL,
506 .img_auth_methods = {
507 [0] = {
508 .type = AUTH_METHOD_SIG,
509 .param.sig = {
510 .pk = &subject_pk,
511 .sig = &sig,
512 .alg = &sig_alg,
513 .data = &raw_data,
514 }
515 }
516 },
517 .authenticated_data = {
518 [0] = {
519 .type_desc = &scp_bl2u_hash,
520 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]521 .ptr = (void *)scp_fw_hash_buf,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]522 .len = (unsigned int)HASH_DER_LEN
523 }
524 },
525 [1] = {
526 .type_desc = &bl2u_hash,
527 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]528 .ptr = (void *)tb_fw_hash_buf,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]529 .len = (unsigned int)HASH_DER_LEN
530 }
531 },
532 [2] = {
533 .type_desc = &ns_bl2u_hash,
534 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]535 .ptr = (void *)nt_world_bl_hash_buf,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]536 .len = (unsigned int)HASH_DER_LEN
537 }
538 }
539 }
540 },
541 /*
542 * SCP_BL2U
543 */
544 [SCP_BL2U_IMAGE_ID] = {
545 .img_id = SCP_BL2U_IMAGE_ID,
546 .img_type = IMG_RAW,
547 .parent = &cot_desc[FWU_CERT_ID],
548 .img_auth_methods = {
549 [0] = {
550 .type = AUTH_METHOD_HASH,
551 .param.hash = {
552 .data = &raw_data,
553 .hash = &scp_bl2u_hash,
554 }
555 }
556 }
557 },
558 /*
559 * BL2U
560 */
561 [BL2U_IMAGE_ID] = {
562 .img_id = BL2U_IMAGE_ID,
563 .img_type = IMG_RAW,
564 .parent = &cot_desc[FWU_CERT_ID],
565 .img_auth_methods = {
566 [0] = {
567 .type = AUTH_METHOD_HASH,
568 .param.hash = {
569 .data = &raw_data,
570 .hash = &bl2u_hash,
571 }
572 }
573 }
574 },
575 /*
576 * NS_BL2U
577 */
578 [NS_BL2U_IMAGE_ID] = {
579 .img_id = NS_BL2U_IMAGE_ID,
580 .img_type = IMG_RAW,
581 .parent = &cot_desc[FWU_CERT_ID],
582 .img_auth_methods = {
583 [0] = {
584 .type = AUTH_METHOD_HASH,
585 .param.hash = {
586 .data = &raw_data,
587 .hash = &ns_bl2u_hash,
588 }
589 }
590 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]591 }
592};
593
594/* Register the CoT in the authentication module */
595REGISTER_COT(cot_desc);