blob: 31e5d65f4dd37476627c651a079001259326db48 [file] [log] [blame]
Sandrine Bailleux6ae00742020-02-06 14:59:14 +01001/*
2 * Copyright (c) 2020, Arm Limited. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7#include <stddef.h>
8
9#include <platform_def.h>
10
11#include <drivers/auth/mbedtls/mbedtls_config.h>
12#include <drivers/auth/auth_mod.h>
13#include <tools_share/dualroot_oid.h>
14
15/*
Sandrine Bailleux6ae00742020-02-06 14:59:14 +010016 * Allocate static buffers to store the authentication parameters extracted from
17 * the certificates.
18 */
Louis Mayencourt244027d2020-06-11 21:15:15 +010019static unsigned char fw_config_hash_buf[HASH_DER_LEN];
Sandrine Bailleux6ae00742020-02-06 14:59:14 +010020static unsigned char tb_fw_hash_buf[HASH_DER_LEN];
21static unsigned char tb_fw_config_hash_buf[HASH_DER_LEN];
22static unsigned char hw_config_hash_buf[HASH_DER_LEN];
23static unsigned char scp_fw_hash_buf[HASH_DER_LEN];
24static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN];
25
26#ifdef IMAGE_BL2
27static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
28static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
29static unsigned char tos_fw_extra1_hash_buf[HASH_DER_LEN];
30static unsigned char tos_fw_extra2_hash_buf[HASH_DER_LEN];
31static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN];
32static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN];
33static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN];
Manish Pandey5f8e1a02020-05-27 22:40:10 +010034#if defined(SPD_spmd)
35static unsigned char sp_pkg_hash_buf[MAX_SP_IDS][HASH_DER_LEN];
36#endif /* SPD_spmd */
Sandrine Bailleux6ae00742020-02-06 14:59:14 +010037
38static unsigned char trusted_world_pk_buf[PK_DER_LEN];
39static unsigned char content_pk_buf[PK_DER_LEN];
40#endif
41
42/*
43 * Parameter type descriptors.
44 */
45static auth_param_type_desc_t trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
46 AUTH_PARAM_NV_CTR, TRUSTED_FW_NVCOUNTER_OID);
47static auth_param_type_desc_t subject_pk = AUTH_PARAM_TYPE_DESC(
48 AUTH_PARAM_PUB_KEY, 0);
49static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC(
50 AUTH_PARAM_SIG, 0);
51static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC(
52 AUTH_PARAM_SIG_ALG, 0);
53static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC(
54 AUTH_PARAM_RAW_DATA, 0);
55
56static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC(
57 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID);
58static auth_param_type_desc_t tb_fw_config_hash = AUTH_PARAM_TYPE_DESC(
59 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_CONFIG_HASH_OID);
60static auth_param_type_desc_t hw_config_hash = AUTH_PARAM_TYPE_DESC(
61 AUTH_PARAM_HASH, HW_CONFIG_HASH_OID);
Louis Mayencourt244027d2020-06-11 21:15:15 +010062static auth_param_type_desc_t fw_config_hash = AUTH_PARAM_TYPE_DESC(
63 AUTH_PARAM_HASH, FW_CONFIG_HASH_OID);
Sandrine Bailleux6ae00742020-02-06 14:59:14 +010064#ifdef IMAGE_BL1
65static auth_param_type_desc_t scp_bl2u_hash = AUTH_PARAM_TYPE_DESC(
66 AUTH_PARAM_HASH, SCP_FWU_CFG_HASH_OID);
67static auth_param_type_desc_t bl2u_hash = AUTH_PARAM_TYPE_DESC(
68 AUTH_PARAM_HASH, AP_FWU_CFG_HASH_OID);
69static auth_param_type_desc_t ns_bl2u_hash = AUTH_PARAM_TYPE_DESC(
70 AUTH_PARAM_HASH, FWU_HASH_OID);
71#endif /* IMAGE_BL1 */
72
73#ifdef IMAGE_BL2
74static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
75 AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID);
76
77static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC(
78 AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID);
79static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC(
80 AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID);
81static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC(
82 AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID);
83static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC(
84 AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID);
85static auth_param_type_desc_t prot_pk = AUTH_PARAM_TYPE_DESC(
86 AUTH_PARAM_PUB_KEY, PROT_PK_OID);
87
88static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC(
89 AUTH_PARAM_HASH, SCP_FW_HASH_OID);
90static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
91 AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
92static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC(
93 AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID);
94static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
95 AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
96static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC(
97 AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID);
98static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC(
99 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID);
100static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC(
101 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID);
102static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
103 AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
104static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC(
105 AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID);
Manish Pandey5f8e1a02020-05-27 22:40:10 +0100106#if defined(SPD_spmd)
107static auth_param_type_desc_t sp_pkg1_hash = AUTH_PARAM_TYPE_DESC(
108 AUTH_PARAM_HASH, SP_PKG1_HASH_OID);
109static auth_param_type_desc_t sp_pkg2_hash = AUTH_PARAM_TYPE_DESC(
110 AUTH_PARAM_HASH, SP_PKG2_HASH_OID);
111static auth_param_type_desc_t sp_pkg3_hash = AUTH_PARAM_TYPE_DESC(
112 AUTH_PARAM_HASH, SP_PKG3_HASH_OID);
113static auth_param_type_desc_t sp_pkg4_hash = AUTH_PARAM_TYPE_DESC(
114 AUTH_PARAM_HASH, SP_PKG4_HASH_OID);
115static auth_param_type_desc_t sp_pkg5_hash = AUTH_PARAM_TYPE_DESC(
116 AUTH_PARAM_HASH, SP_PKG5_HASH_OID);
117static auth_param_type_desc_t sp_pkg6_hash = AUTH_PARAM_TYPE_DESC(
118 AUTH_PARAM_HASH, SP_PKG6_HASH_OID);
119static auth_param_type_desc_t sp_pkg7_hash = AUTH_PARAM_TYPE_DESC(
120 AUTH_PARAM_HASH, SP_PKG7_HASH_OID);
121static auth_param_type_desc_t sp_pkg8_hash = AUTH_PARAM_TYPE_DESC(
122 AUTH_PARAM_HASH, SP_PKG8_HASH_OID);
123#endif /* SPD_spmd */
Sandrine Bailleux6ae00742020-02-06 14:59:14 +0100124#endif /* IMAGE_BL2 */
125
126
127/* BL2 */
128static const auth_img_desc_t trusted_boot_fw_cert = {
129 .img_id = TRUSTED_BOOT_FW_CERT_ID,
130 .img_type = IMG_CERT,
131 .parent = NULL,
132 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
133 [0] = {
134 .type = AUTH_METHOD_SIG,
135 .param.sig = {
136 .pk = &subject_pk,
137 .sig = &sig,
138 .alg = &sig_alg,
139 .data = &raw_data
140 }
141 },
142 [1] = {
143 .type = AUTH_METHOD_NV_CTR,
144 .param.nv_ctr = {
145 .cert_nv_ctr = &trusted_nv_ctr,
146 .plat_nv_ctr = &trusted_nv_ctr
147 }
148 }
149 },
150 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
151 [0] = {
152 .type_desc = &tb_fw_hash,
153 .data = {
154 .ptr = (void *)tb_fw_hash_buf,
155 .len = (unsigned int)HASH_DER_LEN
156 }
157 },
158 [1] = {
159 .type_desc = &tb_fw_config_hash,
160 .data = {
161 .ptr = (void *)tb_fw_config_hash_buf,
162 .len = (unsigned int)HASH_DER_LEN
163 }
164 },
165 [2] = {
166 .type_desc = &hw_config_hash,
167 .data = {
168 .ptr = (void *)hw_config_hash_buf,
169 .len = (unsigned int)HASH_DER_LEN
170 }
Louis Mayencourt244027d2020-06-11 21:15:15 +0100171 },
172 [3] = {
173 .type_desc = &fw_config_hash,
174 .data = {
175 .ptr = (void *)fw_config_hash_buf,
176 .len = (unsigned int)HASH_DER_LEN
177 }
Sandrine Bailleux6ae00742020-02-06 14:59:14 +0100178 }
179 }
180};
181
182#ifdef IMAGE_BL1
183static const auth_img_desc_t bl2_image = {
184 .img_id = BL2_IMAGE_ID,
185 .img_type = IMG_RAW,
186 .parent = &trusted_boot_fw_cert,
187 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
188 [0] = {
189 .type = AUTH_METHOD_HASH,
190 .param.hash = {
191 .data = &raw_data,
192 .hash = &tb_fw_hash
193 }
194 }
195 }
196};
197#endif /* IMAGE_BL1 */
198
199/* HW Config */
200static const auth_img_desc_t hw_config = {
201 .img_id = HW_CONFIG_ID,
202 .img_type = IMG_RAW,
203 .parent = &trusted_boot_fw_cert,
204 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
205 [0] = {
206 .type = AUTH_METHOD_HASH,
207 .param.hash = {
208 .data = &raw_data,
209 .hash = &hw_config_hash
210 }
211 }
212 }
213};
214
215/* TB FW Config */
216#ifdef IMAGE_BL1
217static const auth_img_desc_t tb_fw_config = {
218 .img_id = TB_FW_CONFIG_ID,
219 .img_type = IMG_RAW,
220 .parent = &trusted_boot_fw_cert,
221 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
222 [0] = {
223 .type = AUTH_METHOD_HASH,
224 .param.hash = {
225 .data = &raw_data,
226 .hash = &tb_fw_config_hash
227 }
228 }
229 }
230};
Louis Mayencourt244027d2020-06-11 21:15:15 +0100231
232static const auth_img_desc_t fw_config = {
233 .img_id = FW_CONFIG_ID,
234 .img_type = IMG_RAW,
235 .parent = &trusted_boot_fw_cert,
236 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
237 [0] = {
238 .type = AUTH_METHOD_HASH,
239 .param.hash = {
240 .data = &raw_data,
241 .hash = &fw_config_hash
242 }
243 }
244 }
245};
246
Sandrine Bailleux6ae00742020-02-06 14:59:14 +0100247#endif /* IMAGE_BL1 */
248
249#ifdef IMAGE_BL2
250/* Trusted key certificate */
251static const auth_img_desc_t trusted_key_cert = {
252 .img_id = TRUSTED_KEY_CERT_ID,
253 .img_type = IMG_CERT,
254 .parent = NULL,
255 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
256 [0] = {
257 .type = AUTH_METHOD_SIG,
258 .param.sig = {
259 .pk = &subject_pk,
260 .sig = &sig,
261 .alg = &sig_alg,
262 .data = &raw_data
263 }
264 },
265 [1] = {
266 .type = AUTH_METHOD_NV_CTR,
267 .param.nv_ctr = {
268 .cert_nv_ctr = &trusted_nv_ctr,
269 .plat_nv_ctr = &trusted_nv_ctr
270 }
271 }
272 },
273 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
274 [0] = {
275 .type_desc = &trusted_world_pk,
276 .data = {
277 .ptr = (void *)trusted_world_pk_buf,
278 .len = (unsigned int)PK_DER_LEN
279 }
280 },
281 }
282};
283
284/* SCP Firmware */
285static const auth_img_desc_t scp_fw_key_cert = {
286 .img_id = SCP_FW_KEY_CERT_ID,
287 .img_type = IMG_CERT,
288 .parent = &trusted_key_cert,
289 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
290 [0] = {
291 .type = AUTH_METHOD_SIG,
292 .param.sig = {
293 .pk = &trusted_world_pk,
294 .sig = &sig,
295 .alg = &sig_alg,
296 .data = &raw_data
297 }
298 },
299 [1] = {
300 .type = AUTH_METHOD_NV_CTR,
301 .param.nv_ctr = {
302 .cert_nv_ctr = &trusted_nv_ctr,
303 .plat_nv_ctr = &trusted_nv_ctr
304 }
305 }
306 },
307 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
308 [0] = {
309 .type_desc = &scp_fw_content_pk,
310 .data = {
311 .ptr = (void *)content_pk_buf,
312 .len = (unsigned int)PK_DER_LEN
313 }
314 }
315 }
316};
317
318static const auth_img_desc_t scp_fw_content_cert = {
319 .img_id = SCP_FW_CONTENT_CERT_ID,
320 .img_type = IMG_CERT,
321 .parent = &scp_fw_key_cert,
322 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
323 [0] = {
324 .type = AUTH_METHOD_SIG,
325 .param.sig = {
326 .pk = &scp_fw_content_pk,
327 .sig = &sig,
328 .alg = &sig_alg,
329 .data = &raw_data
330 }
331 },
332 [1] = {
333 .type = AUTH_METHOD_NV_CTR,
334 .param.nv_ctr = {
335 .cert_nv_ctr = &trusted_nv_ctr,
336 .plat_nv_ctr = &trusted_nv_ctr
337 }
338 }
339 },
340 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
341 [0] = {
342 .type_desc = &scp_fw_hash,
343 .data = {
344 .ptr = (void *)scp_fw_hash_buf,
345 .len = (unsigned int)HASH_DER_LEN
346 }
347 }
348 }
349};
350
351static const auth_img_desc_t scp_bl2_image = {
352 .img_id = SCP_BL2_IMAGE_ID,
353 .img_type = IMG_RAW,
354 .parent = &scp_fw_content_cert,
355 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
356 [0] = {
357 .type = AUTH_METHOD_HASH,
358 .param.hash = {
359 .data = &raw_data,
360 .hash = &scp_fw_hash
361 }
362 }
363 }
364};
365
366/* SoC Firmware */
367static const auth_img_desc_t soc_fw_key_cert = {
368 .img_id = SOC_FW_KEY_CERT_ID,
369 .img_type = IMG_CERT,
370 .parent = &trusted_key_cert,
371 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
372 [0] = {
373 .type = AUTH_METHOD_SIG,
374 .param.sig = {
375 .pk = &trusted_world_pk,
376 .sig = &sig,
377 .alg = &sig_alg,
378 .data = &raw_data
379 }
380 },
381 [1] = {
382 .type = AUTH_METHOD_NV_CTR,
383 .param.nv_ctr = {
384 .cert_nv_ctr = &trusted_nv_ctr,
385 .plat_nv_ctr = &trusted_nv_ctr
386 }
387 }
388 },
389 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
390 [0] = {
391 .type_desc = &soc_fw_content_pk,
392 .data = {
393 .ptr = (void *)content_pk_buf,
394 .len = (unsigned int)PK_DER_LEN
395 }
396 }
397 }
398};
399
400static const auth_img_desc_t soc_fw_content_cert = {
401 .img_id = SOC_FW_CONTENT_CERT_ID,
402 .img_type = IMG_CERT,
403 .parent = &soc_fw_key_cert,
404 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
405 [0] = {
406 .type = AUTH_METHOD_SIG,
407 .param.sig = {
408 .pk = &soc_fw_content_pk,
409 .sig = &sig,
410 .alg = &sig_alg,
411 .data = &raw_data
412 }
413 },
414 [1] = {
415 .type = AUTH_METHOD_NV_CTR,
416 .param.nv_ctr = {
417 .cert_nv_ctr = &trusted_nv_ctr,
418 .plat_nv_ctr = &trusted_nv_ctr
419 }
420 }
421 },
422 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
423 [0] = {
424 .type_desc = &soc_fw_hash,
425 .data = {
426 .ptr = (void *)soc_fw_hash_buf,
427 .len = (unsigned int)HASH_DER_LEN
428 }
429 },
430 [1] = {
431 .type_desc = &soc_fw_config_hash,
432 .data = {
433 .ptr = (void *)soc_fw_config_hash_buf,
434 .len = (unsigned int)HASH_DER_LEN
435 }
436 }
437 }
438};
439
440static const auth_img_desc_t bl31_image = {
441 .img_id = BL31_IMAGE_ID,
442 .img_type = IMG_RAW,
443 .parent = &soc_fw_content_cert,
444 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
445 [0] = {
446 .type = AUTH_METHOD_HASH,
447 .param.hash = {
448 .data = &raw_data,
449 .hash = &soc_fw_hash
450 }
451 }
452 }
453};
454
455/* SOC FW Config */
456static const auth_img_desc_t soc_fw_config = {
457 .img_id = SOC_FW_CONFIG_ID,
458 .img_type = IMG_RAW,
459 .parent = &soc_fw_content_cert,
460 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
461 [0] = {
462 .type = AUTH_METHOD_HASH,
463 .param.hash = {
464 .data = &raw_data,
465 .hash = &soc_fw_config_hash
466 }
467 }
468 }
469};
470
471/* Trusted OS Firmware */
472static const auth_img_desc_t trusted_os_fw_key_cert = {
473 .img_id = TRUSTED_OS_FW_KEY_CERT_ID,
474 .img_type = IMG_CERT,
475 .parent = &trusted_key_cert,
476 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
477 [0] = {
478 .type = AUTH_METHOD_SIG,
479 .param.sig = {
480 .pk = &trusted_world_pk,
481 .sig = &sig,
482 .alg = &sig_alg,
483 .data = &raw_data
484 }
485 },
486 [1] = {
487 .type = AUTH_METHOD_NV_CTR,
488 .param.nv_ctr = {
489 .cert_nv_ctr = &trusted_nv_ctr,
490 .plat_nv_ctr = &trusted_nv_ctr
491 }
492 }
493 },
494 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
495 [0] = {
496 .type_desc = &tos_fw_content_pk,
497 .data = {
498 .ptr = (void *)content_pk_buf,
499 .len = (unsigned int)PK_DER_LEN
500 }
501 }
502 }
503};
504
505static const auth_img_desc_t trusted_os_fw_content_cert = {
506 .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
507 .img_type = IMG_CERT,
508 .parent = &trusted_os_fw_key_cert,
509 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
510 [0] = {
511 .type = AUTH_METHOD_SIG,
512 .param.sig = {
513 .pk = &tos_fw_content_pk,
514 .sig = &sig,
515 .alg = &sig_alg,
516 .data = &raw_data
517 }
518 },
519 [1] = {
520 .type = AUTH_METHOD_NV_CTR,
521 .param.nv_ctr = {
522 .cert_nv_ctr = &trusted_nv_ctr,
523 .plat_nv_ctr = &trusted_nv_ctr
524 }
525 }
526 },
527 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
528 [0] = {
529 .type_desc = &tos_fw_hash,
530 .data = {
531 .ptr = (void *)tos_fw_hash_buf,
532 .len = (unsigned int)HASH_DER_LEN
533 }
534 },
535 [1] = {
536 .type_desc = &tos_fw_extra1_hash,
537 .data = {
538 .ptr = (void *)tos_fw_extra1_hash_buf,
539 .len = (unsigned int)HASH_DER_LEN
540 }
541 },
542 [2] = {
543 .type_desc = &tos_fw_extra2_hash,
544 .data = {
545 .ptr = (void *)tos_fw_extra2_hash_buf,
546 .len = (unsigned int)HASH_DER_LEN
547 }
548 },
549 [3] = {
550 .type_desc = &tos_fw_config_hash,
551 .data = {
552 .ptr = (void *)tos_fw_config_hash_buf,
553 .len = (unsigned int)HASH_DER_LEN
554 }
555 }
556 }
557};
558
559static const auth_img_desc_t bl32_image = {
560 .img_id = BL32_IMAGE_ID,
561 .img_type = IMG_RAW,
562 .parent = &trusted_os_fw_content_cert,
563 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
564 [0] = {
565 .type = AUTH_METHOD_HASH,
566 .param.hash = {
567 .data = &raw_data,
568 .hash = &tos_fw_hash
569 }
570 }
571 }
572};
573
574static const auth_img_desc_t bl32_extra1_image = {
575 .img_id = BL32_EXTRA1_IMAGE_ID,
576 .img_type = IMG_RAW,
577 .parent = &trusted_os_fw_content_cert,
578 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
579 [0] = {
580 .type = AUTH_METHOD_HASH,
581 .param.hash = {
582 .data = &raw_data,
583 .hash = &tos_fw_extra1_hash
584 }
585 }
586 }
587};
588
589static const auth_img_desc_t bl32_extra2_image = {
590 .img_id = BL32_EXTRA2_IMAGE_ID,
591 .img_type = IMG_RAW,
592 .parent = &trusted_os_fw_content_cert,
593 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
594 [0] = {
595 .type = AUTH_METHOD_HASH,
596 .param.hash = {
597 .data = &raw_data,
598 .hash = &tos_fw_extra2_hash
599 }
600 }
601 }
602};
603
604/* TOS FW Config */
605static const auth_img_desc_t tos_fw_config = {
606 .img_id = TOS_FW_CONFIG_ID,
607 .img_type = IMG_RAW,
608 .parent = &trusted_os_fw_content_cert,
609 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
610 [0] = {
611 .type = AUTH_METHOD_HASH,
612 .param.hash = {
613 .data = &raw_data,
614 .hash = &tos_fw_config_hash
615 }
616 }
617 }
618};
619
620/* Non-Trusted Firmware */
621static const auth_img_desc_t non_trusted_fw_content_cert = {
622 .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
623 .img_type = IMG_CERT,
624 .parent = NULL, /* Root certificate. */
625 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
626 [0] = {
627 .type = AUTH_METHOD_SIG,
628 .param.sig = {
629 .pk = &prot_pk,
630 .sig = &sig,
631 .alg = &sig_alg,
632 .data = &raw_data
633 }
634 },
635 [1] = {
636 .type = AUTH_METHOD_NV_CTR,
637 .param.nv_ctr = {
638 .cert_nv_ctr = &non_trusted_nv_ctr,
639 .plat_nv_ctr = &non_trusted_nv_ctr
640 }
641 }
642 },
643 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
644 [0] = {
645 .type_desc = &nt_world_bl_hash,
646 .data = {
647 .ptr = (void *)nt_world_bl_hash_buf,
648 .len = (unsigned int)HASH_DER_LEN
649 }
650 },
651 [1] = {
652 .type_desc = &nt_fw_config_hash,
653 .data = {
654 .ptr = (void *)nt_fw_config_hash_buf,
655 .len = (unsigned int)HASH_DER_LEN
656 }
657 }
658 }
659};
660
661static const auth_img_desc_t bl33_image = {
662 .img_id = BL33_IMAGE_ID,
663 .img_type = IMG_RAW,
664 .parent = &non_trusted_fw_content_cert,
665 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
666 [0] = {
667 .type = AUTH_METHOD_HASH,
668 .param.hash = {
669 .data = &raw_data,
670 .hash = &nt_world_bl_hash
671 }
672 }
673 }
674};
675
676/* NT FW Config */
677static const auth_img_desc_t nt_fw_config = {
678 .img_id = NT_FW_CONFIG_ID,
679 .img_type = IMG_RAW,
680 .parent = &non_trusted_fw_content_cert,
681 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
682 [0] = {
683 .type = AUTH_METHOD_HASH,
684 .param.hash = {
685 .data = &raw_data,
686 .hash = &nt_fw_config_hash
687 }
688 }
689 }
690};
691
Manish Pandey5f8e1a02020-05-27 22:40:10 +0100692/*
693 * Secure Partitions
694 */
695#if defined(SPD_spmd)
696static const auth_img_desc_t sp_content_cert = {
697 .img_id = SP_CONTENT_CERT_ID,
698 .img_type = IMG_CERT,
699 .parent = &trusted_key_cert,
700 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
701 [0] = {
702 .type = AUTH_METHOD_SIG,
703 .param.sig = {
704 .pk = &trusted_world_pk,
705 .sig = &sig,
706 .alg = &sig_alg,
707 .data = &raw_data
708 }
709 },
710 [1] = {
711 .type = AUTH_METHOD_NV_CTR,
712 .param.nv_ctr = {
713 .cert_nv_ctr = &trusted_nv_ctr,
714 .plat_nv_ctr = &trusted_nv_ctr
715 }
716 }
717 },
718 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
719 [0] = {
720 .type_desc = &sp_pkg1_hash,
721 .data = {
722 .ptr = (void *)sp_pkg_hash_buf[0],
723 .len = (unsigned int)HASH_DER_LEN
724 }
725 },
726 [1] = {
727 .type_desc = &sp_pkg2_hash,
728 .data = {
729 .ptr = (void *)sp_pkg_hash_buf[1],
730 .len = (unsigned int)HASH_DER_LEN
731 }
732 },
733 [2] = {
734 .type_desc = &sp_pkg3_hash,
735 .data = {
736 .ptr = (void *)sp_pkg_hash_buf[2],
737 .len = (unsigned int)HASH_DER_LEN
738 }
739 },
740 [3] = {
741 .type_desc = &sp_pkg4_hash,
742 .data = {
743 .ptr = (void *)sp_pkg_hash_buf[3],
744 .len = (unsigned int)HASH_DER_LEN
745 }
746 },
747 [4] = {
748 .type_desc = &sp_pkg5_hash,
749 .data = {
750 .ptr = (void *)sp_pkg_hash_buf[4],
751 .len = (unsigned int)HASH_DER_LEN
752 }
753 },
754 [5] = {
755 .type_desc = &sp_pkg6_hash,
756 .data = {
757 .ptr = (void *)sp_pkg_hash_buf[5],
758 .len = (unsigned int)HASH_DER_LEN
759 }
760 },
761 [6] = {
762 .type_desc = &sp_pkg7_hash,
763 .data = {
764 .ptr = (void *)sp_pkg_hash_buf[6],
765 .len = (unsigned int)HASH_DER_LEN
766 }
767 },
768 [7] = {
769 .type_desc = &sp_pkg8_hash,
770 .data = {
771 .ptr = (void *)sp_pkg_hash_buf[7],
772 .len = (unsigned int)HASH_DER_LEN
773 }
774 }
775 }
776};
777
778DEFINE_SP_PKG(1);
779DEFINE_SP_PKG(2);
780DEFINE_SP_PKG(3);
781DEFINE_SP_PKG(4);
782DEFINE_SP_PKG(5);
783DEFINE_SP_PKG(6);
784DEFINE_SP_PKG(7);
785DEFINE_SP_PKG(8);
786#endif /* SPD_spmd */
787
Sandrine Bailleux6ae00742020-02-06 14:59:14 +0100788#else /* IMAGE_BL2 */
789
790/* FWU auth descriptor */
791static const auth_img_desc_t fwu_cert = {
792 .img_id = FWU_CERT_ID,
793 .img_type = IMG_CERT,
794 .parent = NULL,
795 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
796 [0] = {
797 .type = AUTH_METHOD_SIG,
798 .param.sig = {
799 .pk = &subject_pk,
800 .sig = &sig,
801 .alg = &sig_alg,
802 .data = &raw_data
803 }
804 }
805 },
806 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
807 [0] = {
808 .type_desc = &scp_bl2u_hash,
809 .data = {
810 .ptr = (void *)scp_fw_hash_buf,
811 .len = (unsigned int)HASH_DER_LEN
812 }
813 },
814 [1] = {
815 .type_desc = &bl2u_hash,
816 .data = {
817 .ptr = (void *)tb_fw_hash_buf,
818 .len = (unsigned int)HASH_DER_LEN
819 }
820 },
821 [2] = {
822 .type_desc = &ns_bl2u_hash,
823 .data = {
824 .ptr = (void *)nt_world_bl_hash_buf,
825 .len = (unsigned int)HASH_DER_LEN
826 }
827 }
828 }
829};
830
831/* SCP_BL2U */
832static const auth_img_desc_t scp_bl2u_image = {
833 .img_id = SCP_BL2U_IMAGE_ID,
834 .img_type = IMG_RAW,
835 .parent = &fwu_cert,
836 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
837 [0] = {
838 .type = AUTH_METHOD_HASH,
839 .param.hash = {
840 .data = &raw_data,
841 .hash = &scp_bl2u_hash
842 }
843 }
844 }
845};
846
847/* BL2U */
848static const auth_img_desc_t bl2u_image = {
849 .img_id = BL2U_IMAGE_ID,
850 .img_type = IMG_RAW,
851 .parent = &fwu_cert,
852 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
853 [0] = {
854 .type = AUTH_METHOD_HASH,
855 .param.hash = {
856 .data = &raw_data,
857 .hash = &bl2u_hash
858 }
859 }
860 }
861};
862
863/* NS_BL2U */
864static const auth_img_desc_t ns_bl2u_image = {
865 .img_id = NS_BL2U_IMAGE_ID,
866 .img_type = IMG_RAW,
867 .parent = &fwu_cert,
868 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
869 [0] = {
870 .type = AUTH_METHOD_HASH,
871 .param.hash = {
872 .data = &raw_data,
873 .hash = &ns_bl2u_hash
874 }
875 }
876 }
877};
878#endif /* IMAGE_BL2 */
879
880/*
881 * Chain of trust definition
882 */
883#ifdef IMAGE_BL1
884static const auth_img_desc_t * const cot_desc[] = {
885 [TRUSTED_BOOT_FW_CERT_ID] = &trusted_boot_fw_cert,
886 [BL2_IMAGE_ID] = &bl2_image,
887 [HW_CONFIG_ID] = &hw_config,
888 [TB_FW_CONFIG_ID] = &tb_fw_config,
Louis Mayencourt244027d2020-06-11 21:15:15 +0100889 [FW_CONFIG_ID] = &fw_config,
Sandrine Bailleux6ae00742020-02-06 14:59:14 +0100890 [FWU_CERT_ID] = &fwu_cert,
891 [SCP_BL2U_IMAGE_ID] = &scp_bl2u_image,
892 [BL2U_IMAGE_ID] = &bl2u_image,
893 [NS_BL2U_IMAGE_ID] = &ns_bl2u_image
894};
895#else /* IMAGE_BL2 */
896static const auth_img_desc_t * const cot_desc[] = {
897 [TRUSTED_BOOT_FW_CERT_ID] = &trusted_boot_fw_cert,
898 [HW_CONFIG_ID] = &hw_config,
899 [TRUSTED_KEY_CERT_ID] = &trusted_key_cert,
900 [SCP_FW_KEY_CERT_ID] = &scp_fw_key_cert,
901 [SCP_FW_CONTENT_CERT_ID] = &scp_fw_content_cert,
902 [SCP_BL2_IMAGE_ID] = &scp_bl2_image,
903 [SOC_FW_KEY_CERT_ID] = &soc_fw_key_cert,
904 [SOC_FW_CONTENT_CERT_ID] = &soc_fw_content_cert,
905 [BL31_IMAGE_ID] = &bl31_image,
906 [SOC_FW_CONFIG_ID] = &soc_fw_config,
907 [TRUSTED_OS_FW_KEY_CERT_ID] = &trusted_os_fw_key_cert,
908 [TRUSTED_OS_FW_CONTENT_CERT_ID] = &trusted_os_fw_content_cert,
909 [BL32_IMAGE_ID] = &bl32_image,
910 [BL32_EXTRA1_IMAGE_ID] = &bl32_extra1_image,
911 [BL32_EXTRA2_IMAGE_ID] = &bl32_extra2_image,
912 [TOS_FW_CONFIG_ID] = &tos_fw_config,
913 [NON_TRUSTED_FW_CONTENT_CERT_ID] = &non_trusted_fw_content_cert,
914 [BL33_IMAGE_ID] = &bl33_image,
915 [NT_FW_CONFIG_ID] = &nt_fw_config,
Manish Pandey5f8e1a02020-05-27 22:40:10 +0100916#if defined(SPD_spmd)
917 [SP_CONTENT_CERT_ID] = &sp_content_cert,
918 [SP_CONTENT_CERT_ID + 1] = &sp_pkg1,
919 [SP_CONTENT_CERT_ID + 2] = &sp_pkg2,
920 [SP_CONTENT_CERT_ID + 3] = &sp_pkg3,
921 [SP_CONTENT_CERT_ID + 4] = &sp_pkg4,
922 [SP_CONTENT_CERT_ID + 5] = &sp_pkg5,
923 [SP_CONTENT_CERT_ID + 6] = &sp_pkg6,
924 [SP_CONTENT_CERT_ID + 7] = &sp_pkg7,
925 [SP_CONTENT_CERT_ID + 8] = &sp_pkg8,
926#endif
Sandrine Bailleux6ae00742020-02-06 14:59:14 +0100927};
928#endif
929
930/* Register the CoT in the authentication module */
931REGISTER_COT(cot_desc);