Manish V Badarkhe | 2688093 | 2020-06-29 11:12:12 +0100 | [diff] [blame] | 1 | /* |
laurenw-arm | c1aef7d | 2024-01-09 20:47:08 -0600 | [diff] [blame] | 2 | * Copyright (c) 2020-2024, Arm Limited. All rights reserved. |
Manish V Badarkhe | 2688093 | 2020-06-29 11:12:12 +0100 | [diff] [blame] | 3 | * |
| 4 | * SPDX-License-Identifier: BSD-3-Clause |
| 5 | */ |
| 6 | |
| 7 | #include <tools_share/tbbr_oid.h> |
| 8 | #include <common/tbbr/tbbr_img_def.h> |
Manish V Badarkhe | 4aab669 | 2020-08-23 09:47:02 +0100 | [diff] [blame] | 9 | #include <common/nv_cntr_ids.h> |
Manish V Badarkhe | 2688093 | 2020-06-29 11:12:12 +0100 | [diff] [blame] | 10 | |
| 11 | cot { |
| 12 | manifests { |
| 13 | compatible = "arm, cert-descs"; |
| 14 | |
| 15 | trusted_boot_fw_cert: trusted_boot_fw_cert { |
| 16 | root-certificate; |
| 17 | image-id =<TRUSTED_BOOT_FW_CERT_ID>; |
| 18 | antirollback-counter = <&trusted_nv_counter>; |
| 19 | |
| 20 | tb_fw_hash: tb_fw_hash { |
| 21 | oid = TRUSTED_BOOT_FW_HASH_OID; |
| 22 | }; |
| 23 | tb_fw_config_hash: tb_fw_config_hash { |
| 24 | oid = TRUSTED_BOOT_FW_CONFIG_HASH_OID; |
| 25 | }; |
| 26 | hw_config_hash: hw_config_hash { |
| 27 | oid = HW_CONFIG_HASH_OID; |
| 28 | }; |
| 29 | fw_config_hash: fw_config_hash { |
| 30 | oid = FW_CONFIG_HASH_OID; |
| 31 | }; |
| 32 | }; |
| 33 | |
| 34 | trusted_key_cert: trusted_key_cert { |
| 35 | root-certificate; |
| 36 | image-id = <TRUSTED_KEY_CERT_ID>; |
| 37 | antirollback-counter = <&trusted_nv_counter>; |
| 38 | |
| 39 | trusted_world_pk: trusted_world_pk { |
| 40 | oid = TRUSTED_WORLD_PK_OID; |
| 41 | }; |
| 42 | non_trusted_world_pk: non_trusted_world_pk { |
| 43 | oid = NON_TRUSTED_WORLD_PK_OID; |
| 44 | }; |
| 45 | }; |
| 46 | |
| 47 | scp_fw_key_cert: scp_fw_key_cert { |
| 48 | image-id = <SCP_FW_KEY_CERT_ID>; |
| 49 | parent = <&trusted_key_cert>; |
| 50 | signing-key = <&trusted_world_pk>; |
| 51 | antirollback-counter = <&trusted_nv_counter>; |
| 52 | |
| 53 | scp_fw_content_pk: scp_fw_content_pk { |
| 54 | oid = SCP_FW_CONTENT_CERT_PK_OID; |
| 55 | }; |
| 56 | }; |
| 57 | |
| 58 | scp_fw_content_cert: scp_fw_content_cert { |
| 59 | image-id = <SCP_FW_CONTENT_CERT_ID>; |
| 60 | parent = <&scp_fw_key_cert>; |
| 61 | signing-key = <&scp_fw_content_pk>; |
| 62 | antirollback-counter = <&trusted_nv_counter>; |
| 63 | |
| 64 | scp_fw_hash: scp_fw_hash { |
| 65 | oid = SCP_FW_HASH_OID; |
| 66 | }; |
| 67 | }; |
| 68 | |
| 69 | soc_fw_key_cert: soc_fw_key_cert { |
| 70 | image-id = <SOC_FW_KEY_CERT_ID>; |
| 71 | parent = <&trusted_key_cert>; |
| 72 | signing-key = <&trusted_world_pk>; |
| 73 | antirollback-counter = <&trusted_nv_counter>; |
| 74 | soc_fw_content_pk: soc_fw_content_pk { |
| 75 | oid = SOC_FW_CONTENT_CERT_PK_OID; |
| 76 | }; |
| 77 | }; |
| 78 | |
| 79 | soc_fw_content_cert: soc_fw_content_cert { |
| 80 | image-id = <SOC_FW_CONTENT_CERT_ID>; |
| 81 | parent = <&soc_fw_key_cert>; |
| 82 | signing-key = <&soc_fw_content_pk>; |
| 83 | antirollback-counter = <&trusted_nv_counter>; |
| 84 | |
| 85 | soc_fw_hash: soc_fw_hash { |
| 86 | oid = SOC_AP_FW_HASH_OID; |
| 87 | }; |
| 88 | soc_fw_config_hash: soc_fw_config_hash { |
| 89 | oid = SOC_FW_CONFIG_HASH_OID; |
| 90 | }; |
| 91 | }; |
| 92 | |
| 93 | trusted_os_fw_key_cert: trusted_os_fw_key_cert { |
| 94 | image-id = <TRUSTED_OS_FW_KEY_CERT_ID>; |
| 95 | parent = <&trusted_key_cert>; |
| 96 | signing-key = <&trusted_world_pk>; |
| 97 | antirollback-counter = <&trusted_nv_counter>; |
| 98 | |
| 99 | tos_fw_content_pk: tos_fw_content_pk { |
| 100 | oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID; |
| 101 | }; |
| 102 | }; |
| 103 | |
| 104 | trusted_os_fw_content_cert: trusted_os_fw_content_cert { |
| 105 | image-id = <TRUSTED_OS_FW_CONTENT_CERT_ID>; |
| 106 | parent = <&trusted_os_fw_key_cert>; |
| 107 | signing-key = <&tos_fw_content_pk>; |
| 108 | antirollback-counter = <&trusted_nv_counter>; |
| 109 | |
| 110 | tos_fw_hash: tos_fw_hash { |
| 111 | oid = TRUSTED_OS_FW_HASH_OID; |
| 112 | }; |
| 113 | tos_fw_extra1_hash: tos_fw_extra1_hash { |
| 114 | oid = TRUSTED_OS_FW_EXTRA1_HASH_OID; |
| 115 | }; |
| 116 | tos_fw_extra2_hash: tos_fw_extra2_hash { |
| 117 | oid = TRUSTED_OS_FW_EXTRA2_HASH_OID; |
| 118 | }; |
| 119 | tos_fw_config_hash: tos_fw_config_hash { |
| 120 | oid = TRUSTED_OS_FW_CONFIG_HASH_OID; |
| 121 | }; |
| 122 | }; |
| 123 | |
| 124 | non_trusted_fw_key_cert: non_trusted_fw_key_cert { |
| 125 | image-id = <NON_TRUSTED_FW_KEY_CERT_ID>; |
| 126 | parent = <&trusted_key_cert>; |
| 127 | signing-key = <&non_trusted_world_pk>; |
| 128 | antirollback-counter = <&non_trusted_nv_counter>; |
| 129 | |
| 130 | nt_fw_content_pk: nt_fw_content_pk { |
| 131 | oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID; |
| 132 | }; |
| 133 | }; |
| 134 | |
| 135 | non_trusted_fw_content_cert: non_trusted_fw_content_cert { |
| 136 | image-id = <NON_TRUSTED_FW_CONTENT_CERT_ID>; |
| 137 | parent = <&non_trusted_fw_key_cert>; |
| 138 | signing-key = <&nt_fw_content_pk>; |
| 139 | antirollback-counter = <&non_trusted_nv_counter>; |
| 140 | |
| 141 | nt_world_bl_hash: nt_world_bl_hash { |
| 142 | oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID; |
| 143 | }; |
| 144 | nt_fw_config_hash: nt_fw_config_hash { |
| 145 | oid = NON_TRUSTED_FW_CONFIG_HASH_OID; |
| 146 | }; |
| 147 | }; |
| 148 | |
| 149 | #if defined(SPD_spmd) |
Manish Pandey | d07d017 | 2020-07-23 16:54:30 +0100 | [diff] [blame] | 150 | sip_sp_content_cert: sip_sp_content_cert { |
| 151 | image-id = <SIP_SP_CONTENT_CERT_ID>; |
Manish V Badarkhe | 2688093 | 2020-06-29 11:12:12 +0100 | [diff] [blame] | 152 | parent = <&trusted_key_cert>; |
| 153 | signing-key = <&trusted_world_pk>; |
| 154 | antirollback-counter = <&trusted_nv_counter>; |
| 155 | |
| 156 | sp_pkg1_hash: sp_pkg1_hash { |
| 157 | oid = SP_PKG1_HASH_OID; |
| 158 | }; |
| 159 | sp_pkg2_hash: sp_pkg2_hash { |
| 160 | oid = SP_PKG2_HASH_OID; |
| 161 | }; |
| 162 | sp_pkg3_hash: sp_pkg3_hash { |
| 163 | oid = SP_PKG3_HASH_OID; |
| 164 | }; |
| 165 | sp_pkg4_hash: sp_pkg4_hash { |
| 166 | oid = SP_PKG4_HASH_OID; |
| 167 | }; |
| 168 | sp_pkg5_hash: sp_pkg5_hash { |
| 169 | oid = SP_PKG5_HASH_OID; |
| 170 | }; |
| 171 | sp_pkg6_hash: sp_pkg6_hash { |
| 172 | oid = SP_PKG6_HASH_OID; |
| 173 | }; |
| 174 | sp_pkg7_hash: sp_pkg7_hash { |
| 175 | oid = SP_PKG7_HASH_OID; |
| 176 | }; |
| 177 | sp_pkg8_hash: sp_pkg8_hash { |
| 178 | oid = SP_PKG8_HASH_OID; |
| 179 | }; |
| 180 | }; |
| 181 | #endif |
| 182 | }; |
| 183 | |
| 184 | images { |
| 185 | compatible = "arm, img-descs"; |
| 186 | |
| 187 | hw_config { |
| 188 | image-id = <HW_CONFIG_ID>; |
| 189 | parent = <&trusted_boot_fw_cert>; |
| 190 | hash = <&hw_config_hash>; |
| 191 | }; |
| 192 | |
| 193 | tb_fw_config { |
| 194 | image-id = <TB_FW_CONFIG_ID>; |
| 195 | parent = <&trusted_boot_fw_cert>; |
| 196 | hash = <&tb_fw_config_hash>; |
| 197 | }; |
| 198 | |
| 199 | scp_bl2_image { |
| 200 | image-id = <SCP_BL2_IMAGE_ID>; |
| 201 | parent = <&scp_fw_content_cert>; |
| 202 | hash = <&scp_fw_hash>; |
| 203 | }; |
| 204 | |
| 205 | bl31_image { |
| 206 | image-id = <BL31_IMAGE_ID>; |
| 207 | parent = <&soc_fw_content_cert>; |
| 208 | hash = <&soc_fw_hash>; |
| 209 | }; |
| 210 | |
| 211 | soc_fw_config { |
| 212 | image-id = <SOC_FW_CONFIG_ID>; |
| 213 | parent = <&soc_fw_content_cert>; |
| 214 | hash = <&soc_fw_config_hash>; |
| 215 | }; |
| 216 | |
| 217 | bl32_image { |
| 218 | image-id = <BL32_IMAGE_ID>; |
| 219 | parent = <&trusted_os_fw_content_cert>; |
| 220 | hash = <&tos_fw_hash>; |
| 221 | }; |
| 222 | |
| 223 | bl32_extra1_image { |
| 224 | image-id = <BL32_EXTRA1_IMAGE_ID>; |
| 225 | parent = <&trusted_os_fw_content_cert>; |
| 226 | hash = <&tos_fw_extra1_hash>; |
| 227 | }; |
| 228 | |
| 229 | bl32_extra2_image { |
| 230 | image-id = <BL32_EXTRA2_IMAGE_ID>; |
| 231 | parent = <&trusted_os_fw_content_cert>; |
| 232 | hash = <&tos_fw_extra2_hash>; |
| 233 | }; |
| 234 | |
| 235 | tos_fw_config { |
| 236 | image-id = <TOS_FW_CONFIG_ID>; |
| 237 | parent = <&trusted_os_fw_content_cert>; |
| 238 | hash = <&tos_fw_config_hash>; |
| 239 | }; |
| 240 | |
| 241 | bl33_image { |
| 242 | image-id = <BL33_IMAGE_ID>; |
| 243 | parent = <&non_trusted_fw_content_cert>; |
| 244 | hash = <&nt_world_bl_hash>; |
| 245 | }; |
| 246 | |
| 247 | nt_fw_config { |
| 248 | image-id = <NT_FW_CONFIG_ID>; |
| 249 | parent = <&non_trusted_fw_content_cert>; |
| 250 | hash = <&nt_fw_config_hash>; |
| 251 | }; |
| 252 | |
| 253 | #if defined(SPD_spmd) |
| 254 | sp_pkg1 { |
Manish Pandey | d07d017 | 2020-07-23 16:54:30 +0100 | [diff] [blame] | 255 | image-id = <SP_PKG1_ID>; |
| 256 | parent = <&sip_sp_content_cert>; |
Manish V Badarkhe | 2688093 | 2020-06-29 11:12:12 +0100 | [diff] [blame] | 257 | hash = <&sp_pkg1_hash>; |
| 258 | }; |
| 259 | |
| 260 | sp_pkg2 { |
Manish Pandey | d07d017 | 2020-07-23 16:54:30 +0100 | [diff] [blame] | 261 | image-id = <SP_PKG2_ID>; |
| 262 | parent = <&sip_sp_content_cert>; |
Manish V Badarkhe | 2688093 | 2020-06-29 11:12:12 +0100 | [diff] [blame] | 263 | hash = <&sp_pkg2_hash>; |
| 264 | }; |
| 265 | |
| 266 | sp_pkg3 { |
Manish Pandey | d07d017 | 2020-07-23 16:54:30 +0100 | [diff] [blame] | 267 | image-id = <SP_PKG3_ID>; |
| 268 | parent = <&sip_sp_content_cert>; |
Manish V Badarkhe | 2688093 | 2020-06-29 11:12:12 +0100 | [diff] [blame] | 269 | hash = <&sp_pkg3_hash>; |
| 270 | }; |
| 271 | |
| 272 | sp_pkg4 { |
Manish Pandey | d07d017 | 2020-07-23 16:54:30 +0100 | [diff] [blame] | 273 | image-id = <SP_PKG4_ID>; |
| 274 | parent = <&sip_sp_content_cert>; |
Manish V Badarkhe | 2688093 | 2020-06-29 11:12:12 +0100 | [diff] [blame] | 275 | hash = <&sp_pkg4_hash>; |
| 276 | }; |
| 277 | |
| 278 | sp_pkg5 { |
Manish Pandey | d07d017 | 2020-07-23 16:54:30 +0100 | [diff] [blame] | 279 | image-id = <SP_PKG5_ID>; |
| 280 | parent = <&sip_sp_content_cert>; |
Manish V Badarkhe | 2688093 | 2020-06-29 11:12:12 +0100 | [diff] [blame] | 281 | hash = <&sp_pkg5_hash>; |
| 282 | }; |
| 283 | |
| 284 | sp_pkg6 { |
Manish Pandey | d07d017 | 2020-07-23 16:54:30 +0100 | [diff] [blame] | 285 | image-id = <SP_PKG6_ID>; |
| 286 | parent = <&sip_sp_content_cert>; |
Manish V Badarkhe | 2688093 | 2020-06-29 11:12:12 +0100 | [diff] [blame] | 287 | hash = <&sp_pkg6_hash>; |
| 288 | }; |
| 289 | |
| 290 | sp_pkg7 { |
Manish Pandey | d07d017 | 2020-07-23 16:54:30 +0100 | [diff] [blame] | 291 | image-id = <SP_PKG7_ID>; |
| 292 | parent = <&sip_sp_content_cert>; |
Manish V Badarkhe | 2688093 | 2020-06-29 11:12:12 +0100 | [diff] [blame] | 293 | hash = <&sp_pkg7_hash>; |
| 294 | }; |
| 295 | |
| 296 | sp_pkg8 { |
Manish Pandey | d07d017 | 2020-07-23 16:54:30 +0100 | [diff] [blame] | 297 | image-id = <SP_PKG8_ID>; |
| 298 | parent = <&sip_sp_content_cert>; |
Manish V Badarkhe | 2688093 | 2020-06-29 11:12:12 +0100 | [diff] [blame] | 299 | hash = <&sp_pkg8_hash>; |
| 300 | }; |
| 301 | #endif |
| 302 | }; |
| 303 | }; |
| 304 | |
Manish V Badarkhe | 4aab669 | 2020-08-23 09:47:02 +0100 | [diff] [blame] | 305 | non_volatile_counters: non_volatile_counters { |
Manish V Badarkhe | 2688093 | 2020-06-29 11:12:12 +0100 | [diff] [blame] | 306 | compatible = "arm, non-volatile-counter"; |
| 307 | |
| 308 | #address-cells = <1>; |
| 309 | #size-cells = <0>; |
| 310 | |
Manish V Badarkhe | 4aab669 | 2020-08-23 09:47:02 +0100 | [diff] [blame] | 311 | trusted_nv_counter: trusted_nv_counter { |
| 312 | id = <TRUSTED_NV_CTR_ID>; |
| 313 | oid = TRUSTED_FW_NVCOUNTER_OID; |
| 314 | }; |
| 315 | |
| 316 | non_trusted_nv_counter: non_trusted_nv_counter { |
| 317 | id = <NON_TRUSTED_NV_CTR_ID>; |
| 318 | oid = NON_TRUSTED_FW_NVCOUNTER_OID; |
Manish V Badarkhe | 2688093 | 2020-06-29 11:12:12 +0100 | [diff] [blame] | 319 | }; |
| 320 | }; |