Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / b10ef1c11127b3a827ca4d79e482fff06ae62ee6 / . / drivers / auth / cca / cot.c
blob: d3f3087b9bb1cdd59f2f0f30138eeb10ad92db2b [file] [log] [blame]
laurenw-arm483e5ac2022-04-21 15:49:00 -0500[diff] [blame]1/*
2 * Copyright (c) 2022, Arm Limited. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7#include <stddef.h>
8
9#include <drivers/auth/auth_mod.h>
10#include MBEDTLS_CONFIG_FILE
11#include <tools_share/cca_oid.h>
12
13#include <platform_def.h>
14
15/*
16 * Allocate static buffers to store the authentication parameters extracted from
17 * the certificates.
18 */
19static unsigned char fw_config_hash_buf[HASH_DER_LEN];
20static unsigned char tb_fw_hash_buf[HASH_DER_LEN];
21static unsigned char tb_fw_config_hash_buf[HASH_DER_LEN];
22static unsigned char hw_config_hash_buf[HASH_DER_LEN];
23static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
24static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN];
25static unsigned char rmm_hash_buf[HASH_DER_LEN];
26
27#ifdef IMAGE_BL2
28static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN];
29static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
30static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN];
31static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN];
32#if defined(SPD_spmd)
33static unsigned char sp_pkg_hash_buf[MAX_SP_IDS][HASH_DER_LEN];
34#endif /* SPD_spmd */
35
36static unsigned char core_swd_pk_buf[PK_DER_LEN];
37static unsigned char plat_pk_buf[PK_DER_LEN];
38#endif /* IMAGE_BL2 */
39
40/*
41 * Parameter type descriptors.
42 */
43static auth_param_type_desc_t trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
44 AUTH_PARAM_NV_CTR, TRUSTED_FW_NVCOUNTER_OID);
45static auth_param_type_desc_t subject_pk = AUTH_PARAM_TYPE_DESC(
46 AUTH_PARAM_PUB_KEY, 0);
47static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC(
48 AUTH_PARAM_SIG, 0);
49static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC(
50 AUTH_PARAM_SIG_ALG, 0);
51static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC(
52 AUTH_PARAM_RAW_DATA, 0);
53
54static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC(
55 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID);
56static auth_param_type_desc_t tb_fw_config_hash = AUTH_PARAM_TYPE_DESC(
57 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_CONFIG_HASH_OID);
58static auth_param_type_desc_t hw_config_hash = AUTH_PARAM_TYPE_DESC(
59 AUTH_PARAM_HASH, HW_CONFIG_HASH_OID);
60static auth_param_type_desc_t fw_config_hash = AUTH_PARAM_TYPE_DESC(
61 AUTH_PARAM_HASH, FW_CONFIG_HASH_OID);
62static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
63 AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
64static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC(
65 AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID);
66static auth_param_type_desc_t rmm_hash = AUTH_PARAM_TYPE_DESC(
67 AUTH_PARAM_HASH, RMM_HASH_OID);
68
69#ifdef IMAGE_BL2
70static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
71 AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID);
72
73static auth_param_type_desc_t prot_pk = AUTH_PARAM_TYPE_DESC(
74 AUTH_PARAM_PUB_KEY, PROT_PK_OID);
75static auth_param_type_desc_t swd_rot_pk = AUTH_PARAM_TYPE_DESC(
76 AUTH_PARAM_PUB_KEY, SWD_ROT_PK_OID);
77static auth_param_type_desc_t core_swd_pk = AUTH_PARAM_TYPE_DESC(
78 AUTH_PARAM_PUB_KEY, CORE_SWD_PK_OID);
79static auth_param_type_desc_t plat_pk = AUTH_PARAM_TYPE_DESC(
80 AUTH_PARAM_PUB_KEY, PLAT_PK_OID);
81
82static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
83 AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
84static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC(
85 AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID);
86static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
87 AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
88static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC(
89 AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID);
90#if defined(SPD_spmd)
91static auth_param_type_desc_t sp_pkg1_hash = AUTH_PARAM_TYPE_DESC(
92 AUTH_PARAM_HASH, SP_PKG1_HASH_OID);
93static auth_param_type_desc_t sp_pkg2_hash = AUTH_PARAM_TYPE_DESC(
94 AUTH_PARAM_HASH, SP_PKG2_HASH_OID);
95static auth_param_type_desc_t sp_pkg3_hash = AUTH_PARAM_TYPE_DESC(
96 AUTH_PARAM_HASH, SP_PKG3_HASH_OID);
97static auth_param_type_desc_t sp_pkg4_hash = AUTH_PARAM_TYPE_DESC(
98 AUTH_PARAM_HASH, SP_PKG4_HASH_OID);
99static auth_param_type_desc_t sp_pkg5_hash = AUTH_PARAM_TYPE_DESC(
100 AUTH_PARAM_HASH, SP_PKG5_HASH_OID);
101static auth_param_type_desc_t sp_pkg6_hash = AUTH_PARAM_TYPE_DESC(
102 AUTH_PARAM_HASH, SP_PKG6_HASH_OID);
103static auth_param_type_desc_t sp_pkg7_hash = AUTH_PARAM_TYPE_DESC(
104 AUTH_PARAM_HASH, SP_PKG7_HASH_OID);
105static auth_param_type_desc_t sp_pkg8_hash = AUTH_PARAM_TYPE_DESC(
106 AUTH_PARAM_HASH, SP_PKG8_HASH_OID);
107#endif /* SPD_spmd */
108#endif /* IMAGE_BL2 */
109
110/* CCA Content Certificate */
111static const auth_img_desc_t cca_content_cert = {
112 .img_id = CCA_CONTENT_CERT_ID,
113 .img_type = IMG_CERT,
114 .parent = NULL,
115 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
116 [0] = {
117 .type = AUTH_METHOD_SIG,
118 .param.sig = {
119 .pk = &subject_pk,
120 .sig = &sig,
121 .alg = &sig_alg,
122 .data = &raw_data
123 }
124 },
125 [1] = {
126 .type = AUTH_METHOD_NV_CTR,
127 .param.nv_ctr = {
128 .cert_nv_ctr = &trusted_nv_ctr,
129 .plat_nv_ctr = &trusted_nv_ctr
130 }
131 }
132 },
133 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
134 [0] = {
135 .type_desc = &tb_fw_hash,
136 .data = {
137 .ptr = (void *)tb_fw_hash_buf,
138 .len = (unsigned int)HASH_DER_LEN
139 }
140 },
141 [1] = {
142 .type_desc = &tb_fw_config_hash,
143 .data = {
144 .ptr = (void *)tb_fw_config_hash_buf,
145 .len = (unsigned int)HASH_DER_LEN
146 }
147 },
148 [2] = {
149 .type_desc = &fw_config_hash,
150 .data = {
151 .ptr = (void *)fw_config_hash_buf,
152 .len = (unsigned int)HASH_DER_LEN
153 }
154 },
155 [3] = {
156 .type_desc = &hw_config_hash,
157 .data = {
158 .ptr = (void *)hw_config_hash_buf,
159 .len = (unsigned int)HASH_DER_LEN
160 }
161 },
162 [4] = {
163 .type_desc = &soc_fw_hash,
164 .data = {
165 .ptr = (void *)soc_fw_hash_buf,
166 .len = (unsigned int)HASH_DER_LEN
167 }
168 },
169 [5] = {
170 .type_desc = &soc_fw_config_hash,
171 .data = {
172 .ptr = (void *)soc_fw_config_hash_buf,
173 .len = (unsigned int)HASH_DER_LEN
174 }
175 },
176 [6] = {
177 .type_desc = &rmm_hash,
178 .data = {
179 .ptr = (void *)rmm_hash_buf,
180 .len = (unsigned int)HASH_DER_LEN
181 }
182 }
183 }
184};
185
186#ifdef IMAGE_BL1
187static const auth_img_desc_t bl2_image = {
188 .img_id = BL2_IMAGE_ID,
189 .img_type = IMG_RAW,
190 .parent = &cca_content_cert,
191 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
192 [0] = {
193 .type = AUTH_METHOD_HASH,
194 .param.hash = {
195 .data = &raw_data,
196 .hash = &tb_fw_hash
197 }
198 }
199 }
200};
201
202static const auth_img_desc_t tb_fw_config = {
203 .img_id = TB_FW_CONFIG_ID,
204 .img_type = IMG_RAW,
205 .parent = &cca_content_cert,
206 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
207 [0] = {
208 .type = AUTH_METHOD_HASH,
209 .param.hash = {
210 .data = &raw_data,
211 .hash = &tb_fw_config_hash
212 }
213 }
214 }
215};
216
217static const auth_img_desc_t fw_config = {
218 .img_id = FW_CONFIG_ID,
219 .img_type = IMG_RAW,
220 .parent = &cca_content_cert,
221 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
222 [0] = {
223 .type = AUTH_METHOD_HASH,
224 .param.hash = {
225 .data = &raw_data,
226 .hash = &fw_config_hash
227 }
228 }
229 }
230};
231#endif /* IMAGE_BL1 */
232
233#ifdef IMAGE_BL2
234/* HW Config */
235static const auth_img_desc_t hw_config = {
236 .img_id = HW_CONFIG_ID,
237 .img_type = IMG_RAW,
238 .parent = &cca_content_cert,
239 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
240 [0] = {
241 .type = AUTH_METHOD_HASH,
242 .param.hash = {
243 .data = &raw_data,
244 .hash = &hw_config_hash
245 }
246 }
247 }
248};
249
250/* BL31 */
251static const auth_img_desc_t bl31_image = {
252 .img_id = BL31_IMAGE_ID,
253 .img_type = IMG_RAW,
254 .parent = &cca_content_cert,
255 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
256 [0] = {
257 .type = AUTH_METHOD_HASH,
258 .param.hash = {
259 .data = &raw_data,
260 .hash = &soc_fw_hash
261 }
262 }
263 }
264};
265
266/* BL31 Config */
267static const auth_img_desc_t soc_fw_config = {
268 .img_id = SOC_FW_CONFIG_ID,
269 .img_type = IMG_RAW,
270 .parent = &cca_content_cert,
271 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
272 [0] = {
273 .type = AUTH_METHOD_HASH,
274 .param.hash = {
275 .data = &raw_data,
276 .hash = &soc_fw_config_hash
277 }
278 }
279 }
280};
281
282/* RMM */
283static const auth_img_desc_t rmm_image = {
284 .img_id = RMM_IMAGE_ID,
285 .img_type = IMG_RAW,
286 .parent = &cca_content_cert,
287 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
288 [0] = {
289 .type = AUTH_METHOD_HASH,
290 .param.hash = {
291 .data = &raw_data,
292 .hash = &rmm_hash
293 }
294 }
295 }
296};
297
298/* Core SWD Key Certificate */
299static const auth_img_desc_t core_swd_key_cert = {
300 .img_id = CORE_SWD_KEY_CERT_ID,
301 .img_type = IMG_CERT,
302 .parent = NULL, /* SWD ROOT CERT */
303 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
304 [0] = {
305 .type = AUTH_METHOD_SIG,
306 .param.sig = {
307 .pk = &swd_rot_pk,
308 .sig = &sig,
309 .alg = &sig_alg,
310 .data = &raw_data
311 }
312 },
313 [1] = {
314 .type = AUTH_METHOD_NV_CTR,
315 .param.nv_ctr = {
316 .cert_nv_ctr = &trusted_nv_ctr,
317 .plat_nv_ctr = &trusted_nv_ctr
318 }
319 }
320 },
321 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
322 [0] = {
323 .type_desc = &core_swd_pk,
324 .data = {
325 .ptr = (void *)core_swd_pk_buf,
326 .len = (unsigned int)PK_DER_LEN
327 }
328 }
329 }
330};
331
332/* SPMC Content Certificate */
333static const auth_img_desc_t trusted_os_fw_content_cert = {
334 .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
335 .img_type = IMG_CERT,
336 .parent = &core_swd_key_cert,
337 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
338 [0] = {
339 .type = AUTH_METHOD_SIG,
340 .param.sig = {
341 .pk = &core_swd_pk,
342 .sig = &sig,
343 .alg = &sig_alg,
344 .data = &raw_data
345 }
346 },
347 [1] = {
348 .type = AUTH_METHOD_NV_CTR,
349 .param.nv_ctr = {
350 .cert_nv_ctr = &trusted_nv_ctr,
351 .plat_nv_ctr = &trusted_nv_ctr
352 }
353 }
354 },
355 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
356 [0] = {
357 .type_desc = &tos_fw_hash,
358 .data = {
359 .ptr = (void *)tos_fw_hash_buf,
360 .len = (unsigned int)HASH_DER_LEN
361 }
362 },
363 [1] = {
364 .type_desc = &tos_fw_config_hash,
365 .data = {
366 .ptr = (void *)tos_fw_config_hash_buf,
367 .len = (unsigned int)HASH_DER_LEN
368 }
369 }
370 }
371};
372
373/* SPMC */
374static const auth_img_desc_t bl32_image = {
375 .img_id = BL32_IMAGE_ID,
376 .img_type = IMG_RAW,
377 .parent = &trusted_os_fw_content_cert,
378 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
379 [0] = {
380 .type = AUTH_METHOD_HASH,
381 .param.hash = {
382 .data = &raw_data,
383 .hash = &tos_fw_hash
384 }
385 }
386 }
387};
388
389/* SPM Config */
390static const auth_img_desc_t tos_fw_config = {
391 .img_id = TOS_FW_CONFIG_ID,
392 .img_type = IMG_RAW,
393 .parent = &trusted_os_fw_content_cert,
394 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
395 [0] = {
396 .type = AUTH_METHOD_HASH,
397 .param.hash = {
398 .data = &raw_data,
399 .hash = &tos_fw_config_hash
400 }
401 }
402 }
403};
404
405/* Platform Key Certificate */
406static const auth_img_desc_t plat_key_cert = {
407 .img_id = PLAT_KEY_CERT_ID,
408 .img_type = IMG_CERT,
409 .parent = NULL, /* PLATFORM ROOT CERT */
410 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
411 [0] = {
412 .type = AUTH_METHOD_SIG,
413 .param.sig = {
414 .pk = &prot_pk,
415 .sig = &sig,
416 .alg = &sig_alg,
417 .data = &raw_data
418 }
419 },
420 [1] = {
421 .type = AUTH_METHOD_NV_CTR,
422 .param.nv_ctr = {
423 .cert_nv_ctr = &non_trusted_nv_ctr,
424 .plat_nv_ctr = &non_trusted_nv_ctr
425 }
426 }
427 },
428 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
429 [0] = {
430 .type_desc = &plat_pk,
431 .data = {
432 .ptr = (void *)plat_pk_buf,
433 .len = (unsigned int)PK_DER_LEN
434 }
435 }
436 }
437};
438
439/* Non-Trusted Firmware */
440static const auth_img_desc_t non_trusted_fw_content_cert = {
441 .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
442 .img_type = IMG_CERT,
443 .parent = &plat_key_cert,
444 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
445 [0] = {
446 .type = AUTH_METHOD_SIG,
447 .param.sig = {
448 .pk = &plat_pk,
449 .sig = &sig,
450 .alg = &sig_alg,
451 .data = &raw_data
452 }
453 },
454 [1] = {
455 .type = AUTH_METHOD_NV_CTR,
456 .param.nv_ctr = {
457 .cert_nv_ctr = &non_trusted_nv_ctr,
458 .plat_nv_ctr = &non_trusted_nv_ctr
459 }
460 }
461 },
462 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
463 [0] = {
464 .type_desc = &nt_world_bl_hash,
465 .data = {
466 .ptr = (void *)nt_world_bl_hash_buf,
467 .len = (unsigned int)HASH_DER_LEN
468 }
469 },
470 [1] = {
471 .type_desc = &nt_fw_config_hash,
472 .data = {
473 .ptr = (void *)nt_fw_config_hash_buf,
474 .len = (unsigned int)HASH_DER_LEN
475 }
476 }
477 }
478};
479
480static const auth_img_desc_t bl33_image = {
481 .img_id = BL33_IMAGE_ID,
482 .img_type = IMG_RAW,
483 .parent = &non_trusted_fw_content_cert,
484 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
485 [0] = {
486 .type = AUTH_METHOD_HASH,
487 .param.hash = {
488 .data = &raw_data,
489 .hash = &nt_world_bl_hash
490 }
491 }
492 }
493};
494
495/* NT FW Config */
496static const auth_img_desc_t nt_fw_config = {
497 .img_id = NT_FW_CONFIG_ID,
498 .img_type = IMG_RAW,
499 .parent = &non_trusted_fw_content_cert,
500 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
501 [0] = {
502 .type = AUTH_METHOD_HASH,
503 .param.hash = {
504 .data = &raw_data,
505 .hash = &nt_fw_config_hash
506 }
507 }
508 }
509};
510
511/*
512 * Secure Partitions
513 */
514#if defined(SPD_spmd)
515static const auth_img_desc_t sip_sp_content_cert = {
516 .img_id = SIP_SP_CONTENT_CERT_ID,
517 .img_type = IMG_CERT,
518 .parent = &core_swd_key_cert,
519 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
520 [0] = {
521 .type = AUTH_METHOD_SIG,
522 .param.sig = {
523 .pk = &core_swd_pk,
524 .sig = &sig,
525 .alg = &sig_alg,
526 .data = &raw_data
527 }
528 },
529 [1] = {
530 .type = AUTH_METHOD_NV_CTR,
531 .param.nv_ctr = {
532 .cert_nv_ctr = &trusted_nv_ctr,
533 .plat_nv_ctr = &trusted_nv_ctr
534 }
535 }
536 },
537 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
538 [0] = {
539 .type_desc = &sp_pkg1_hash,
540 .data = {
541 .ptr = (void *)sp_pkg_hash_buf[0],
542 .len = (unsigned int)HASH_DER_LEN
543 }
544 },
545 [1] = {
546 .type_desc = &sp_pkg2_hash,
547 .data = {
548 .ptr = (void *)sp_pkg_hash_buf[1],
549 .len = (unsigned int)HASH_DER_LEN
550 }
551 },
552 [2] = {
553 .type_desc = &sp_pkg3_hash,
554 .data = {
555 .ptr = (void *)sp_pkg_hash_buf[2],
556 .len = (unsigned int)HASH_DER_LEN
557 }
558 },
559 [3] = {
560 .type_desc = &sp_pkg4_hash,
561 .data = {
562 .ptr = (void *)sp_pkg_hash_buf[3],
563 .len = (unsigned int)HASH_DER_LEN
564 }
565 }
566 }
567};
568
569DEFINE_SIP_SP_PKG(1);
570DEFINE_SIP_SP_PKG(2);
571DEFINE_SIP_SP_PKG(3);
572DEFINE_SIP_SP_PKG(4);
573
574static const auth_img_desc_t plat_sp_content_cert = {
575 .img_id = PLAT_SP_CONTENT_CERT_ID,
576 .img_type = IMG_CERT,
577 .parent = &plat_key_cert,
578 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
579 [0] = {
580 .type = AUTH_METHOD_SIG,
581 .param.sig = {
582 .pk = &plat_pk,
583 .sig = &sig,
584 .alg = &sig_alg,
585 .data = &raw_data
586 }
587 },
588 [1] = {
589 .type = AUTH_METHOD_NV_CTR,
590 .param.nv_ctr = {
591 .cert_nv_ctr = &non_trusted_nv_ctr,
592 .plat_nv_ctr = &non_trusted_nv_ctr
593 }
594 }
595 },
596 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
597 [0] = {
598 .type_desc = &sp_pkg5_hash,
599 .data = {
600 .ptr = (void *)sp_pkg_hash_buf[4],
601 .len = (unsigned int)HASH_DER_LEN
602 }
603 },
604 [1] = {
605 .type_desc = &sp_pkg6_hash,
606 .data = {
607 .ptr = (void *)sp_pkg_hash_buf[5],
608 .len = (unsigned int)HASH_DER_LEN
609 }
610 },
611 [2] = {
612 .type_desc = &sp_pkg7_hash,
613 .data = {
614 .ptr = (void *)sp_pkg_hash_buf[6],
615 .len = (unsigned int)HASH_DER_LEN
616 }
617 },
618 [3] = {
619 .type_desc = &sp_pkg8_hash,
620 .data = {
621 .ptr = (void *)sp_pkg_hash_buf[7],
622 .len = (unsigned int)HASH_DER_LEN
623 }
624 }
625 }
626};
627
628DEFINE_PLAT_SP_PKG(5);
629DEFINE_PLAT_SP_PKG(6);
630DEFINE_PLAT_SP_PKG(7);
631DEFINE_PLAT_SP_PKG(8);
632#endif /* SPD_spmd */
633#endif /* IMAGE_BL2 */
634/*
635 * Chain of trust definition
636 */
637#ifdef IMAGE_BL1
638static const auth_img_desc_t * const cot_desc[] = {
639 [CCA_CONTENT_CERT_ID] = &cca_content_cert,
640 [BL2_IMAGE_ID] = &bl2_image,
641 [TB_FW_CONFIG_ID] = &tb_fw_config,
642 [FW_CONFIG_ID] = &fw_config,
643};
644#else /* IMAGE_BL2 */
645static const auth_img_desc_t * const cot_desc[] = {
646 [CCA_CONTENT_CERT_ID] = &cca_content_cert,
647 [HW_CONFIG_ID] = &hw_config,
648 [BL31_IMAGE_ID] = &bl31_image,
649 [SOC_FW_CONFIG_ID] = &soc_fw_config,
650 [RMM_IMAGE_ID] = &rmm_image,
651 [CORE_SWD_KEY_CERT_ID] = &core_swd_key_cert,
652 [TRUSTED_OS_FW_CONTENT_CERT_ID] = &trusted_os_fw_content_cert,
653 [BL32_IMAGE_ID] = &bl32_image,
654 [TOS_FW_CONFIG_ID] = &tos_fw_config,
655 [PLAT_KEY_CERT_ID] = &plat_key_cert,
656 [NON_TRUSTED_FW_CONTENT_CERT_ID] = &non_trusted_fw_content_cert,
657 [BL33_IMAGE_ID] = &bl33_image,
658 [NT_FW_CONFIG_ID] = &nt_fw_config,
659#if defined(SPD_spmd)
660 [SIP_SP_CONTENT_CERT_ID] = &sip_sp_content_cert,
661 [PLAT_SP_CONTENT_CERT_ID] = &plat_sp_content_cert,
662 [SP_PKG1_ID] = &sp_pkg1,
663 [SP_PKG2_ID] = &sp_pkg2,
664 [SP_PKG3_ID] = &sp_pkg3,
665 [SP_PKG4_ID] = &sp_pkg4,
666 [SP_PKG5_ID] = &sp_pkg5,
667 [SP_PKG6_ID] = &sp_pkg6,
668 [SP_PKG7_ID] = &sp_pkg7,
669 [SP_PKG8_ID] = &sp_pkg8,
670#endif
671};
672#endif /* IMAGE_BL1 */
673
674/* Register the CoT in the authentication module */
675REGISTER_COT(cot_desc);