Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 8348acdebcb361f4f3fc35bf58b2d0385d5f01ae / . / drivers / auth / cca / cot.c
blob: e8f4d9caefa67ef84633d8403c7654463a42b2fa [file] [log] [blame]
laurenw-arm483e5ac2022-04-21 15:49:00 -0500[diff] [blame]1/*
Govindraj Raja9c7dfb02023-01-11 18:34:58 +0000[diff] [blame]2 * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
laurenw-arm483e5ac2022-04-21 15:49:00 -0500[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7#include <stddef.h>
8
Govindraj Raja9c7dfb02023-01-11 18:34:58 +0000[diff] [blame]9#include <mbedtls/version.h>
10
11#include <common/tbbr/cot_def.h>
laurenw-arm483e5ac2022-04-21 15:49:00 -0500[diff] [blame]12#include <drivers/auth/auth_mod.h>
laurenw-arm483e5ac2022-04-21 15:49:00 -0500[diff] [blame]13#include <tools_share/cca_oid.h>
14
15#include <platform_def.h>
16
17/*
18 * Allocate static buffers to store the authentication parameters extracted from
19 * the certificates.
20 */
21static unsigned char fw_config_hash_buf[HASH_DER_LEN];
22static unsigned char tb_fw_hash_buf[HASH_DER_LEN];
23static unsigned char tb_fw_config_hash_buf[HASH_DER_LEN];
24static unsigned char hw_config_hash_buf[HASH_DER_LEN];
25static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
26static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN];
27static unsigned char rmm_hash_buf[HASH_DER_LEN];
28
29#ifdef IMAGE_BL2
30static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN];
31static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
32static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN];
33static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN];
34#if defined(SPD_spmd)
35static unsigned char sp_pkg_hash_buf[MAX_SP_IDS][HASH_DER_LEN];
36#endif /* SPD_spmd */
37
38static unsigned char core_swd_pk_buf[PK_DER_LEN];
39static unsigned char plat_pk_buf[PK_DER_LEN];
40#endif /* IMAGE_BL2 */
41
42/*
43 * Parameter type descriptors.
44 */
45static auth_param_type_desc_t trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
46 AUTH_PARAM_NV_CTR, TRUSTED_FW_NVCOUNTER_OID);
47static auth_param_type_desc_t subject_pk = AUTH_PARAM_TYPE_DESC(
48 AUTH_PARAM_PUB_KEY, 0);
49static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC(
50 AUTH_PARAM_SIG, 0);
51static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC(
52 AUTH_PARAM_SIG_ALG, 0);
53static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC(
54 AUTH_PARAM_RAW_DATA, 0);
55
56static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC(
57 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID);
58static auth_param_type_desc_t tb_fw_config_hash = AUTH_PARAM_TYPE_DESC(
59 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_CONFIG_HASH_OID);
60static auth_param_type_desc_t hw_config_hash = AUTH_PARAM_TYPE_DESC(
61 AUTH_PARAM_HASH, HW_CONFIG_HASH_OID);
62static auth_param_type_desc_t fw_config_hash = AUTH_PARAM_TYPE_DESC(
63 AUTH_PARAM_HASH, FW_CONFIG_HASH_OID);
64static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
65 AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
66static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC(
67 AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID);
68static auth_param_type_desc_t rmm_hash = AUTH_PARAM_TYPE_DESC(
69 AUTH_PARAM_HASH, RMM_HASH_OID);
70
71#ifdef IMAGE_BL2
72static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
73 AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID);
74
75static auth_param_type_desc_t prot_pk = AUTH_PARAM_TYPE_DESC(
76 AUTH_PARAM_PUB_KEY, PROT_PK_OID);
77static auth_param_type_desc_t swd_rot_pk = AUTH_PARAM_TYPE_DESC(
78 AUTH_PARAM_PUB_KEY, SWD_ROT_PK_OID);
79static auth_param_type_desc_t core_swd_pk = AUTH_PARAM_TYPE_DESC(
80 AUTH_PARAM_PUB_KEY, CORE_SWD_PK_OID);
81static auth_param_type_desc_t plat_pk = AUTH_PARAM_TYPE_DESC(
82 AUTH_PARAM_PUB_KEY, PLAT_PK_OID);
83
84static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
85 AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
86static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC(
87 AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID);
88static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
89 AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
90static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC(
91 AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID);
92#if defined(SPD_spmd)
93static auth_param_type_desc_t sp_pkg1_hash = AUTH_PARAM_TYPE_DESC(
94 AUTH_PARAM_HASH, SP_PKG1_HASH_OID);
95static auth_param_type_desc_t sp_pkg2_hash = AUTH_PARAM_TYPE_DESC(
96 AUTH_PARAM_HASH, SP_PKG2_HASH_OID);
97static auth_param_type_desc_t sp_pkg3_hash = AUTH_PARAM_TYPE_DESC(
98 AUTH_PARAM_HASH, SP_PKG3_HASH_OID);
99static auth_param_type_desc_t sp_pkg4_hash = AUTH_PARAM_TYPE_DESC(
100 AUTH_PARAM_HASH, SP_PKG4_HASH_OID);
101static auth_param_type_desc_t sp_pkg5_hash = AUTH_PARAM_TYPE_DESC(
102 AUTH_PARAM_HASH, SP_PKG5_HASH_OID);
103static auth_param_type_desc_t sp_pkg6_hash = AUTH_PARAM_TYPE_DESC(
104 AUTH_PARAM_HASH, SP_PKG6_HASH_OID);
105static auth_param_type_desc_t sp_pkg7_hash = AUTH_PARAM_TYPE_DESC(
106 AUTH_PARAM_HASH, SP_PKG7_HASH_OID);
107static auth_param_type_desc_t sp_pkg8_hash = AUTH_PARAM_TYPE_DESC(
108 AUTH_PARAM_HASH, SP_PKG8_HASH_OID);
109#endif /* SPD_spmd */
110#endif /* IMAGE_BL2 */
111
112/* CCA Content Certificate */
113static const auth_img_desc_t cca_content_cert = {
114 .img_id = CCA_CONTENT_CERT_ID,
115 .img_type = IMG_CERT,
116 .parent = NULL,
117 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
118 [0] = {
119 .type = AUTH_METHOD_SIG,
120 .param.sig = {
121 .pk = &subject_pk,
122 .sig = &sig,
123 .alg = &sig_alg,
124 .data = &raw_data
125 }
126 },
127 [1] = {
128 .type = AUTH_METHOD_NV_CTR,
129 .param.nv_ctr = {
130 .cert_nv_ctr = &trusted_nv_ctr,
131 .plat_nv_ctr = &trusted_nv_ctr
132 }
133 }
134 },
135 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
136 [0] = {
137 .type_desc = &tb_fw_hash,
138 .data = {
139 .ptr = (void *)tb_fw_hash_buf,
140 .len = (unsigned int)HASH_DER_LEN
141 }
142 },
143 [1] = {
144 .type_desc = &tb_fw_config_hash,
145 .data = {
146 .ptr = (void *)tb_fw_config_hash_buf,
147 .len = (unsigned int)HASH_DER_LEN
148 }
149 },
150 [2] = {
151 .type_desc = &fw_config_hash,
152 .data = {
153 .ptr = (void *)fw_config_hash_buf,
154 .len = (unsigned int)HASH_DER_LEN
155 }
156 },
157 [3] = {
158 .type_desc = &hw_config_hash,
159 .data = {
160 .ptr = (void *)hw_config_hash_buf,
161 .len = (unsigned int)HASH_DER_LEN
162 }
163 },
164 [4] = {
165 .type_desc = &soc_fw_hash,
166 .data = {
167 .ptr = (void *)soc_fw_hash_buf,
168 .len = (unsigned int)HASH_DER_LEN
169 }
170 },
171 [5] = {
172 .type_desc = &soc_fw_config_hash,
173 .data = {
174 .ptr = (void *)soc_fw_config_hash_buf,
175 .len = (unsigned int)HASH_DER_LEN
176 }
177 },
178 [6] = {
179 .type_desc = &rmm_hash,
180 .data = {
181 .ptr = (void *)rmm_hash_buf,
182 .len = (unsigned int)HASH_DER_LEN
183 }
184 }
185 }
186};
187
188#ifdef IMAGE_BL1
189static const auth_img_desc_t bl2_image = {
190 .img_id = BL2_IMAGE_ID,
191 .img_type = IMG_RAW,
192 .parent = &cca_content_cert,
193 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
194 [0] = {
195 .type = AUTH_METHOD_HASH,
196 .param.hash = {
197 .data = &raw_data,
198 .hash = &tb_fw_hash
199 }
200 }
201 }
202};
203
204static const auth_img_desc_t tb_fw_config = {
205 .img_id = TB_FW_CONFIG_ID,
206 .img_type = IMG_RAW,
207 .parent = &cca_content_cert,
208 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
209 [0] = {
210 .type = AUTH_METHOD_HASH,
211 .param.hash = {
212 .data = &raw_data,
213 .hash = &tb_fw_config_hash
214 }
215 }
216 }
217};
218
219static const auth_img_desc_t fw_config = {
220 .img_id = FW_CONFIG_ID,
221 .img_type = IMG_RAW,
222 .parent = &cca_content_cert,
223 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
224 [0] = {
225 .type = AUTH_METHOD_HASH,
226 .param.hash = {
227 .data = &raw_data,
228 .hash = &fw_config_hash
229 }
230 }
231 }
232};
233#endif /* IMAGE_BL1 */
234
235#ifdef IMAGE_BL2
236/* HW Config */
237static const auth_img_desc_t hw_config = {
238 .img_id = HW_CONFIG_ID,
239 .img_type = IMG_RAW,
240 .parent = &cca_content_cert,
241 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
242 [0] = {
243 .type = AUTH_METHOD_HASH,
244 .param.hash = {
245 .data = &raw_data,
246 .hash = &hw_config_hash
247 }
248 }
249 }
250};
251
252/* BL31 */
253static const auth_img_desc_t bl31_image = {
254 .img_id = BL31_IMAGE_ID,
255 .img_type = IMG_RAW,
256 .parent = &cca_content_cert,
257 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
258 [0] = {
259 .type = AUTH_METHOD_HASH,
260 .param.hash = {
261 .data = &raw_data,
262 .hash = &soc_fw_hash
263 }
264 }
265 }
266};
267
268/* BL31 Config */
269static const auth_img_desc_t soc_fw_config = {
270 .img_id = SOC_FW_CONFIG_ID,
271 .img_type = IMG_RAW,
272 .parent = &cca_content_cert,
273 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
274 [0] = {
275 .type = AUTH_METHOD_HASH,
276 .param.hash = {
277 .data = &raw_data,
278 .hash = &soc_fw_config_hash
279 }
280 }
281 }
282};
283
284/* RMM */
285static const auth_img_desc_t rmm_image = {
286 .img_id = RMM_IMAGE_ID,
287 .img_type = IMG_RAW,
288 .parent = &cca_content_cert,
289 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
290 [0] = {
291 .type = AUTH_METHOD_HASH,
292 .param.hash = {
293 .data = &raw_data,
294 .hash = &rmm_hash
295 }
296 }
297 }
298};
299
300/* Core SWD Key Certificate */
301static const auth_img_desc_t core_swd_key_cert = {
302 .img_id = CORE_SWD_KEY_CERT_ID,
303 .img_type = IMG_CERT,
304 .parent = NULL, /* SWD ROOT CERT */
305 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
306 [0] = {
307 .type = AUTH_METHOD_SIG,
308 .param.sig = {
309 .pk = &swd_rot_pk,
310 .sig = &sig,
311 .alg = &sig_alg,
312 .data = &raw_data
313 }
314 },
315 [1] = {
316 .type = AUTH_METHOD_NV_CTR,
317 .param.nv_ctr = {
318 .cert_nv_ctr = &trusted_nv_ctr,
319 .plat_nv_ctr = &trusted_nv_ctr
320 }
321 }
322 },
323 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
324 [0] = {
325 .type_desc = &core_swd_pk,
326 .data = {
327 .ptr = (void *)core_swd_pk_buf,
328 .len = (unsigned int)PK_DER_LEN
329 }
330 }
331 }
332};
333
334/* SPMC Content Certificate */
335static const auth_img_desc_t trusted_os_fw_content_cert = {
336 .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
337 .img_type = IMG_CERT,
338 .parent = &core_swd_key_cert,
339 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
340 [0] = {
341 .type = AUTH_METHOD_SIG,
342 .param.sig = {
343 .pk = &core_swd_pk,
344 .sig = &sig,
345 .alg = &sig_alg,
346 .data = &raw_data
347 }
348 },
349 [1] = {
350 .type = AUTH_METHOD_NV_CTR,
351 .param.nv_ctr = {
352 .cert_nv_ctr = &trusted_nv_ctr,
353 .plat_nv_ctr = &trusted_nv_ctr
354 }
355 }
356 },
357 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
358 [0] = {
359 .type_desc = &tos_fw_hash,
360 .data = {
361 .ptr = (void *)tos_fw_hash_buf,
362 .len = (unsigned int)HASH_DER_LEN
363 }
364 },
365 [1] = {
366 .type_desc = &tos_fw_config_hash,
367 .data = {
368 .ptr = (void *)tos_fw_config_hash_buf,
369 .len = (unsigned int)HASH_DER_LEN
370 }
371 }
372 }
373};
374
375/* SPMC */
376static const auth_img_desc_t bl32_image = {
377 .img_id = BL32_IMAGE_ID,
378 .img_type = IMG_RAW,
379 .parent = &trusted_os_fw_content_cert,
380 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
381 [0] = {
382 .type = AUTH_METHOD_HASH,
383 .param.hash = {
384 .data = &raw_data,
385 .hash = &tos_fw_hash
386 }
387 }
388 }
389};
390
391/* SPM Config */
392static const auth_img_desc_t tos_fw_config = {
393 .img_id = TOS_FW_CONFIG_ID,
394 .img_type = IMG_RAW,
395 .parent = &trusted_os_fw_content_cert,
396 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
397 [0] = {
398 .type = AUTH_METHOD_HASH,
399 .param.hash = {
400 .data = &raw_data,
401 .hash = &tos_fw_config_hash
402 }
403 }
404 }
405};
406
407/* Platform Key Certificate */
408static const auth_img_desc_t plat_key_cert = {
409 .img_id = PLAT_KEY_CERT_ID,
410 .img_type = IMG_CERT,
411 .parent = NULL, /* PLATFORM ROOT CERT */
412 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
413 [0] = {
414 .type = AUTH_METHOD_SIG,
415 .param.sig = {
416 .pk = &prot_pk,
417 .sig = &sig,
418 .alg = &sig_alg,
419 .data = &raw_data
420 }
421 },
422 [1] = {
423 .type = AUTH_METHOD_NV_CTR,
424 .param.nv_ctr = {
425 .cert_nv_ctr = &non_trusted_nv_ctr,
426 .plat_nv_ctr = &non_trusted_nv_ctr
427 }
428 }
429 },
430 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
431 [0] = {
432 .type_desc = &plat_pk,
433 .data = {
434 .ptr = (void *)plat_pk_buf,
435 .len = (unsigned int)PK_DER_LEN
436 }
437 }
438 }
439};
440
441/* Non-Trusted Firmware */
442static const auth_img_desc_t non_trusted_fw_content_cert = {
443 .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
444 .img_type = IMG_CERT,
445 .parent = &plat_key_cert,
446 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
447 [0] = {
448 .type = AUTH_METHOD_SIG,
449 .param.sig = {
450 .pk = &plat_pk,
451 .sig = &sig,
452 .alg = &sig_alg,
453 .data = &raw_data
454 }
455 },
456 [1] = {
457 .type = AUTH_METHOD_NV_CTR,
458 .param.nv_ctr = {
459 .cert_nv_ctr = &non_trusted_nv_ctr,
460 .plat_nv_ctr = &non_trusted_nv_ctr
461 }
462 }
463 },
464 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
465 [0] = {
466 .type_desc = &nt_world_bl_hash,
467 .data = {
468 .ptr = (void *)nt_world_bl_hash_buf,
469 .len = (unsigned int)HASH_DER_LEN
470 }
471 },
472 [1] = {
473 .type_desc = &nt_fw_config_hash,
474 .data = {
475 .ptr = (void *)nt_fw_config_hash_buf,
476 .len = (unsigned int)HASH_DER_LEN
477 }
478 }
479 }
480};
481
482static const auth_img_desc_t bl33_image = {
483 .img_id = BL33_IMAGE_ID,
484 .img_type = IMG_RAW,
485 .parent = &non_trusted_fw_content_cert,
486 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
487 [0] = {
488 .type = AUTH_METHOD_HASH,
489 .param.hash = {
490 .data = &raw_data,
491 .hash = &nt_world_bl_hash
492 }
493 }
494 }
495};
496
497/* NT FW Config */
498static const auth_img_desc_t nt_fw_config = {
499 .img_id = NT_FW_CONFIG_ID,
500 .img_type = IMG_RAW,
501 .parent = &non_trusted_fw_content_cert,
502 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
503 [0] = {
504 .type = AUTH_METHOD_HASH,
505 .param.hash = {
506 .data = &raw_data,
507 .hash = &nt_fw_config_hash
508 }
509 }
510 }
511};
512
513/*
514 * Secure Partitions
515 */
516#if defined(SPD_spmd)
517static const auth_img_desc_t sip_sp_content_cert = {
518 .img_id = SIP_SP_CONTENT_CERT_ID,
519 .img_type = IMG_CERT,
520 .parent = &core_swd_key_cert,
521 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
522 [0] = {
523 .type = AUTH_METHOD_SIG,
524 .param.sig = {
525 .pk = &core_swd_pk,
526 .sig = &sig,
527 .alg = &sig_alg,
528 .data = &raw_data
529 }
530 },
531 [1] = {
532 .type = AUTH_METHOD_NV_CTR,
533 .param.nv_ctr = {
534 .cert_nv_ctr = &trusted_nv_ctr,
535 .plat_nv_ctr = &trusted_nv_ctr
536 }
537 }
538 },
539 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
540 [0] = {
541 .type_desc = &sp_pkg1_hash,
542 .data = {
543 .ptr = (void *)sp_pkg_hash_buf[0],
544 .len = (unsigned int)HASH_DER_LEN
545 }
546 },
547 [1] = {
548 .type_desc = &sp_pkg2_hash,
549 .data = {
550 .ptr = (void *)sp_pkg_hash_buf[1],
551 .len = (unsigned int)HASH_DER_LEN
552 }
553 },
554 [2] = {
555 .type_desc = &sp_pkg3_hash,
556 .data = {
557 .ptr = (void *)sp_pkg_hash_buf[2],
558 .len = (unsigned int)HASH_DER_LEN
559 }
560 },
561 [3] = {
562 .type_desc = &sp_pkg4_hash,
563 .data = {
564 .ptr = (void *)sp_pkg_hash_buf[3],
565 .len = (unsigned int)HASH_DER_LEN
566 }
567 }
568 }
569};
570
571DEFINE_SIP_SP_PKG(1);
572DEFINE_SIP_SP_PKG(2);
573DEFINE_SIP_SP_PKG(3);
574DEFINE_SIP_SP_PKG(4);
575
576static const auth_img_desc_t plat_sp_content_cert = {
577 .img_id = PLAT_SP_CONTENT_CERT_ID,
578 .img_type = IMG_CERT,
579 .parent = &plat_key_cert,
580 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
581 [0] = {
582 .type = AUTH_METHOD_SIG,
583 .param.sig = {
584 .pk = &plat_pk,
585 .sig = &sig,
586 .alg = &sig_alg,
587 .data = &raw_data
588 }
589 },
590 [1] = {
591 .type = AUTH_METHOD_NV_CTR,
592 .param.nv_ctr = {
593 .cert_nv_ctr = &non_trusted_nv_ctr,
594 .plat_nv_ctr = &non_trusted_nv_ctr
595 }
596 }
597 },
598 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
599 [0] = {
600 .type_desc = &sp_pkg5_hash,
601 .data = {
602 .ptr = (void *)sp_pkg_hash_buf[4],
603 .len = (unsigned int)HASH_DER_LEN
604 }
605 },
606 [1] = {
607 .type_desc = &sp_pkg6_hash,
608 .data = {
609 .ptr = (void *)sp_pkg_hash_buf[5],
610 .len = (unsigned int)HASH_DER_LEN
611 }
612 },
613 [2] = {
614 .type_desc = &sp_pkg7_hash,
615 .data = {
616 .ptr = (void *)sp_pkg_hash_buf[6],
617 .len = (unsigned int)HASH_DER_LEN
618 }
619 },
620 [3] = {
621 .type_desc = &sp_pkg8_hash,
622 .data = {
623 .ptr = (void *)sp_pkg_hash_buf[7],
624 .len = (unsigned int)HASH_DER_LEN
625 }
626 }
627 }
628};
629
630DEFINE_PLAT_SP_PKG(5);
631DEFINE_PLAT_SP_PKG(6);
632DEFINE_PLAT_SP_PKG(7);
633DEFINE_PLAT_SP_PKG(8);
634#endif /* SPD_spmd */
635#endif /* IMAGE_BL2 */
636/*
637 * Chain of trust definition
638 */
639#ifdef IMAGE_BL1
640static const auth_img_desc_t * const cot_desc[] = {
641 [CCA_CONTENT_CERT_ID] = &cca_content_cert,
642 [BL2_IMAGE_ID] = &bl2_image,
643 [TB_FW_CONFIG_ID] = &tb_fw_config,
644 [FW_CONFIG_ID] = &fw_config,
645};
646#else /* IMAGE_BL2 */
647static const auth_img_desc_t * const cot_desc[] = {
648 [CCA_CONTENT_CERT_ID] = &cca_content_cert,
649 [HW_CONFIG_ID] = &hw_config,
650 [BL31_IMAGE_ID] = &bl31_image,
651 [SOC_FW_CONFIG_ID] = &soc_fw_config,
652 [RMM_IMAGE_ID] = &rmm_image,
653 [CORE_SWD_KEY_CERT_ID] = &core_swd_key_cert,
654 [TRUSTED_OS_FW_CONTENT_CERT_ID] = &trusted_os_fw_content_cert,
655 [BL32_IMAGE_ID] = &bl32_image,
656 [TOS_FW_CONFIG_ID] = &tos_fw_config,
657 [PLAT_KEY_CERT_ID] = &plat_key_cert,
658 [NON_TRUSTED_FW_CONTENT_CERT_ID] = &non_trusted_fw_content_cert,
659 [BL33_IMAGE_ID] = &bl33_image,
660 [NT_FW_CONFIG_ID] = &nt_fw_config,
661#if defined(SPD_spmd)
662 [SIP_SP_CONTENT_CERT_ID] = &sip_sp_content_cert,
663 [PLAT_SP_CONTENT_CERT_ID] = &plat_sp_content_cert,
664 [SP_PKG1_ID] = &sp_pkg1,
665 [SP_PKG2_ID] = &sp_pkg2,
666 [SP_PKG3_ID] = &sp_pkg3,
667 [SP_PKG4_ID] = &sp_pkg4,
668 [SP_PKG5_ID] = &sp_pkg5,
669 [SP_PKG6_ID] = &sp_pkg6,
670 [SP_PKG7_ID] = &sp_pkg7,
671 [SP_PKG8_ID] = &sp_pkg8,
672#endif
673};
674#endif /* IMAGE_BL1 */
675
676/* Register the CoT in the authentication module */
677REGISTER_COT(cot_desc);