Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 4352998ddf7856f3152a359d1e5c6f0588fe686d / . / drivers / auth / tbbr / tbbr_cot.c
blob: 6023c7849a59b4da5edc6bf5614f38bfe6045e1a [file] [log] [blame]
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]1/*
2 * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
6 *
7 * Redistributions of source code must retain the above copyright notice, this
8 * list of conditions and the following disclaimer.
9 *
10 * Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 *
14 * Neither the name of ARM nor the names of its contributors may be used
15 * to endorse or promote products derived from this software without specific
16 * prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28 * POSSIBILITY OF SUCH DAMAGE.
29 */
30
31#include <auth_mod.h>
32#include <platform_def.h>
33#include <platform_oid.h>
34#include <stddef.h>
35
36/*
37 * Maximum key and hash sizes (in DER format)
38 */
39#define PK_DER_LEN 294
40#define HASH_DER_LEN 51
41
42/*
43 * The platform must allocate buffers to store the authentication parameters
44 * extracted from the certificates. In this case, because of the way the CoT is
45 * established, we can reuse some of the buffers on different stages
46 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]47static unsigned char tb_fw_hash_buf[HASH_DER_LEN];
48static unsigned char scp_fw_hash_buf[HASH_DER_LEN];
49static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
50static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
51static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN];
52static unsigned char trusted_world_pk_buf[PK_DER_LEN];
53static unsigned char non_trusted_world_pk_buf[PK_DER_LEN];
54static unsigned char content_pk_buf[PK_DER_LEN];
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]55
56/*
57 * Parameter type descriptors
58 */
59static auth_param_type_desc_t subject_pk = AUTH_PARAM_TYPE_DESC(
60 AUTH_PARAM_PUB_KEY, 0);
61static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC(
62 AUTH_PARAM_SIG, 0);
63static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC(
64 AUTH_PARAM_SIG_ALG, 0);
65static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC(
66 AUTH_PARAM_RAW_DATA, 0);
67
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]68static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC(
69 AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID);
70static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC(
71 AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]72
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]73static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC(
74 AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID);
75static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC(
76 AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID);
77static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC(
78 AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID);
79static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC(
80 AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]81
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]82static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC(
83 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID);
84static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC(
85 AUTH_PARAM_HASH, SCP_FW_HASH_OID);
86static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
87 AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
88static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
89 AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
90static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
91 AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]92static auth_param_type_desc_t scp_bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]93 AUTH_PARAM_HASH, SCP_FWU_CFG_HASH_OID);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]94static auth_param_type_desc_t bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]95 AUTH_PARAM_HASH, AP_FWU_CFG_HASH_OID);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]96static auth_param_type_desc_t ns_bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]97 AUTH_PARAM_HASH, FWU_HASH_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]98
99/*
100 * TBBR Chain of trust definition
101 */
102static const auth_img_desc_t cot_desc[] = {
103 /*
104 * BL2
105 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]106 [TRUSTED_BOOT_FW_CERT_ID] = {
107 .img_id = TRUSTED_BOOT_FW_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]108 .img_type = IMG_CERT,
109 .parent = NULL,
110 .img_auth_methods = {
111 [0] = {
112 .type = AUTH_METHOD_SIG,
113 .param.sig = {
114 .pk = &subject_pk,
115 .sig = &sig,
116 .alg = &sig_alg,
117 .data = &raw_data,
118 }
119 }
120 },
121 .authenticated_data = {
122 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]123 .type_desc = &tb_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]124 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]125 .ptr = (void *)tb_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]126 .len = (unsigned int)HASH_DER_LEN
127 }
128 }
129 }
130 },
131 [BL2_IMAGE_ID] = {
132 .img_id = BL2_IMAGE_ID,
133 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]134 .parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]135 .img_auth_methods = {
136 [0] = {
137 .type = AUTH_METHOD_HASH,
138 .param.hash = {
139 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]140 .hash = &tb_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]141 }
142 }
143 }
144 },
145 /*
146 * Trusted key certificate
147 */
148 [TRUSTED_KEY_CERT_ID] = {
149 .img_id = TRUSTED_KEY_CERT_ID,
150 .img_type = IMG_CERT,
151 .parent = NULL,
152 .img_auth_methods = {
153 [0] = {
154 .type = AUTH_METHOD_SIG,
155 .param.sig = {
156 .pk = &subject_pk,
157 .sig = &sig,
158 .alg = &sig_alg,
159 .data = &raw_data,
160 }
161 }
162 },
163 .authenticated_data = {
164 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]165 .type_desc = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]166 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]167 .ptr = (void *)trusted_world_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]168 .len = (unsigned int)PK_DER_LEN
169 }
170 },
171 [1] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]172 .type_desc = &non_trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]173 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]174 .ptr = (void *)non_trusted_world_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]175 .len = (unsigned int)PK_DER_LEN
176 }
177 }
178 }
179 },
180 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]181 * SCP Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]182 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]183 [SCP_FW_KEY_CERT_ID] = {
184 .img_id = SCP_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]185 .img_type = IMG_CERT,
186 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
187 .img_auth_methods = {
188 [0] = {
189 .type = AUTH_METHOD_SIG,
190 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]191 .pk = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]192 .sig = &sig,
193 .alg = &sig_alg,
194 .data = &raw_data,
195 }
196 }
197 },
198 .authenticated_data = {
199 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]200 .type_desc = &scp_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]201 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]202 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]203 .len = (unsigned int)PK_DER_LEN
204 }
205 }
206 }
207 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]208 [SCP_FW_CONTENT_CERT_ID] = {
209 .img_id = SCP_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]210 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]211 .parent = &cot_desc[SCP_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]212 .img_auth_methods = {
213 [0] = {
214 .type = AUTH_METHOD_SIG,
215 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]216 .pk = &scp_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]217 .sig = &sig,
218 .alg = &sig_alg,
219 .data = &raw_data,
220 }
221 }
222 },
223 .authenticated_data = {
224 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]225 .type_desc = &scp_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]226 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]227 .ptr = (void *)scp_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]228 .len = (unsigned int)HASH_DER_LEN
229 }
230 }
231 }
232 },
Juan Castilloa72b6472015-12-10 15:49:17 +0000[diff] [blame]233 [SCP_BL2_IMAGE_ID] = {
234 .img_id = SCP_BL2_IMAGE_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]235 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]236 .parent = &cot_desc[SCP_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]237 .img_auth_methods = {
238 [0] = {
239 .type = AUTH_METHOD_HASH,
240 .param.hash = {
241 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]242 .hash = &scp_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]243 }
244 }
245 }
246 },
247 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]248 * SoC Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]249 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]250 [SOC_FW_KEY_CERT_ID] = {
251 .img_id = SOC_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]252 .img_type = IMG_CERT,
253 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
254 .img_auth_methods = {
255 [0] = {
256 .type = AUTH_METHOD_SIG,
257 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]258 .pk = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]259 .sig = &sig,
260 .alg = &sig_alg,
261 .data = &raw_data,
262 }
263 }
264 },
265 .authenticated_data = {
266 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]267 .type_desc = &soc_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]268 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]269 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]270 .len = (unsigned int)PK_DER_LEN
271 }
272 }
273 }
274 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]275 [SOC_FW_CONTENT_CERT_ID] = {
276 .img_id = SOC_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]277 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]278 .parent = &cot_desc[SOC_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]279 .img_auth_methods = {
280 [0] = {
281 .type = AUTH_METHOD_SIG,
282 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]283 .pk = &soc_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]284 .sig = &sig,
285 .alg = &sig_alg,
286 .data = &raw_data,
287 }
288 }
289 },
290 .authenticated_data = {
291 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]292 .type_desc = &soc_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]293 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]294 .ptr = (void *)soc_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]295 .len = (unsigned int)HASH_DER_LEN
296 }
297 }
298 }
299 },
300 [BL31_IMAGE_ID] = {
301 .img_id = BL31_IMAGE_ID,
302 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]303 .parent = &cot_desc[SOC_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]304 .img_auth_methods = {
305 [0] = {
306 .type = AUTH_METHOD_HASH,
307 .param.hash = {
308 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]309 .hash = &soc_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]310 }
311 }
312 }
313 },
314 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]315 * Trusted OS Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]316 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]317 [TRUSTED_OS_FW_KEY_CERT_ID] = {
318 .img_id = TRUSTED_OS_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]319 .img_type = IMG_CERT,
320 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
321 .img_auth_methods = {
322 [0] = {
323 .type = AUTH_METHOD_SIG,
324 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]325 .pk = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]326 .sig = &sig,
327 .alg = &sig_alg,
328 .data = &raw_data,
329 }
330 }
331 },
332 .authenticated_data = {
333 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]334 .type_desc = &tos_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]335 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]336 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]337 .len = (unsigned int)PK_DER_LEN
338 }
339 }
340 }
341 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]342 [TRUSTED_OS_FW_CONTENT_CERT_ID] = {
343 .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]344 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]345 .parent = &cot_desc[TRUSTED_OS_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]346 .img_auth_methods = {
347 [0] = {
348 .type = AUTH_METHOD_SIG,
349 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]350 .pk = &tos_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]351 .sig = &sig,
352 .alg = &sig_alg,
353 .data = &raw_data,
354 }
355 }
356 },
357 .authenticated_data = {
358 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]359 .type_desc = &tos_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]360 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]361 .ptr = (void *)tos_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]362 .len = (unsigned int)HASH_DER_LEN
363 }
364 }
365 }
366 },
367 [BL32_IMAGE_ID] = {
368 .img_id = BL32_IMAGE_ID,
369 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]370 .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]371 .img_auth_methods = {
372 [0] = {
373 .type = AUTH_METHOD_HASH,
374 .param.hash = {
375 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]376 .hash = &tos_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]377 }
378 }
379 }
380 },
381 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]382 * Non-Trusted Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]383 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]384 [NON_TRUSTED_FW_KEY_CERT_ID] = {
385 .img_id = NON_TRUSTED_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]386 .img_type = IMG_CERT,
387 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
388 .img_auth_methods = {
389 [0] = {
390 .type = AUTH_METHOD_SIG,
391 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]392 .pk = &non_trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]393 .sig = &sig,
394 .alg = &sig_alg,
395 .data = &raw_data,
396 }
397 }
398 },
399 .authenticated_data = {
400 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]401 .type_desc = &nt_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]402 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]403 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]404 .len = (unsigned int)PK_DER_LEN
405 }
406 }
407 }
408 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]409 [NON_TRUSTED_FW_CONTENT_CERT_ID] = {
410 .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]411 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]412 .parent = &cot_desc[NON_TRUSTED_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]413 .img_auth_methods = {
414 [0] = {
415 .type = AUTH_METHOD_SIG,
416 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]417 .pk = &nt_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]418 .sig = &sig,
419 .alg = &sig_alg,
420 .data = &raw_data,
421 }
422 }
423 },
424 .authenticated_data = {
425 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]426 .type_desc = &nt_world_bl_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]427 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]428 .ptr = (void *)nt_world_bl_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]429 .len = (unsigned int)HASH_DER_LEN
430 }
431 }
432 }
433 },
434 [BL33_IMAGE_ID] = {
435 .img_id = BL33_IMAGE_ID,
436 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]437 .parent = &cot_desc[NON_TRUSTED_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]438 .img_auth_methods = {
439 [0] = {
440 .type = AUTH_METHOD_HASH,
441 .param.hash = {
442 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]443 .hash = &nt_world_bl_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]444 }
445 }
446 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]447 },
448 /*
449 * FWU auth descriptor.
450 */
451 [FWU_CERT_ID] = {
452 .img_id = FWU_CERT_ID,
453 .img_type = IMG_CERT,
454 .parent = NULL,
455 .img_auth_methods = {
456 [0] = {
457 .type = AUTH_METHOD_SIG,
458 .param.sig = {
459 .pk = &subject_pk,
460 .sig = &sig,
461 .alg = &sig_alg,
462 .data = &raw_data,
463 }
464 }
465 },
466 .authenticated_data = {
467 [0] = {
468 .type_desc = &scp_bl2u_hash,
469 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]470 .ptr = (void *)scp_fw_hash_buf,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]471 .len = (unsigned int)HASH_DER_LEN
472 }
473 },
474 [1] = {
475 .type_desc = &bl2u_hash,
476 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]477 .ptr = (void *)tb_fw_hash_buf,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]478 .len = (unsigned int)HASH_DER_LEN
479 }
480 },
481 [2] = {
482 .type_desc = &ns_bl2u_hash,
483 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]484 .ptr = (void *)nt_world_bl_hash_buf,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]485 .len = (unsigned int)HASH_DER_LEN
486 }
487 }
488 }
489 },
490 /*
491 * SCP_BL2U
492 */
493 [SCP_BL2U_IMAGE_ID] = {
494 .img_id = SCP_BL2U_IMAGE_ID,
495 .img_type = IMG_RAW,
496 .parent = &cot_desc[FWU_CERT_ID],
497 .img_auth_methods = {
498 [0] = {
499 .type = AUTH_METHOD_HASH,
500 .param.hash = {
501 .data = &raw_data,
502 .hash = &scp_bl2u_hash,
503 }
504 }
505 }
506 },
507 /*
508 * BL2U
509 */
510 [BL2U_IMAGE_ID] = {
511 .img_id = BL2U_IMAGE_ID,
512 .img_type = IMG_RAW,
513 .parent = &cot_desc[FWU_CERT_ID],
514 .img_auth_methods = {
515 [0] = {
516 .type = AUTH_METHOD_HASH,
517 .param.hash = {
518 .data = &raw_data,
519 .hash = &bl2u_hash,
520 }
521 }
522 }
523 },
524 /*
525 * NS_BL2U
526 */
527 [NS_BL2U_IMAGE_ID] = {
528 .img_id = NS_BL2U_IMAGE_ID,
529 .img_type = IMG_RAW,
530 .parent = &cot_desc[FWU_CERT_ID],
531 .img_auth_methods = {
532 [0] = {
533 .type = AUTH_METHOD_HASH,
534 .param.hash = {
535 .data = &raw_data,
536 .hash = &ns_bl2u_hash,
537 }
538 }
539 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]540 }
541};
542
543/* Register the CoT in the authentication module */
544REGISTER_COT(cot_desc);