Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / bfb7fa6db2699686b6a39ad91b9f47773b7c1667 / . / drivers / auth / tbbr / tbbr_cot.c
blob: dae35d13dd573da5c33bd3133b8ac8ec6028fd9b [file] [log] [blame]
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]1/*
2 * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
6 *
7 * Redistributions of source code must retain the above copyright notice, this
8 * list of conditions and the following disclaimer.
9 *
10 * Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 *
14 * Neither the name of ARM nor the names of its contributors may be used
15 * to endorse or promote products derived from this software without specific
16 * prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28 * POSSIBILITY OF SUCH DAMAGE.
29 */
30
31#include <auth_mod.h>
32#include <platform_def.h>
33#include <platform_oid.h>
34#include <stddef.h>
35
36/*
37 * Maximum key and hash sizes (in DER format)
38 */
39#define PK_DER_LEN 294
40#define HASH_DER_LEN 51
41
42/*
43 * The platform must allocate buffers to store the authentication parameters
44 * extracted from the certificates. In this case, because of the way the CoT is
45 * established, we can reuse some of the buffers on different stages
46 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]47static unsigned char tb_fw_hash_buf[HASH_DER_LEN];
48static unsigned char scp_fw_hash_buf[HASH_DER_LEN];
49static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
50static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
51static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN];
52static unsigned char trusted_world_pk_buf[PK_DER_LEN];
53static unsigned char non_trusted_world_pk_buf[PK_DER_LEN];
54static unsigned char content_pk_buf[PK_DER_LEN];
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]55
56/*
57 * Parameter type descriptors
58 */
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame^]59static auth_param_type_desc_t trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
60 AUTH_PARAM_NV_CTR, TRUSTED_FW_NVCOUNTER_OID);
61static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
62 AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID);
63
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]64static auth_param_type_desc_t subject_pk = AUTH_PARAM_TYPE_DESC(
65 AUTH_PARAM_PUB_KEY, 0);
66static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC(
67 AUTH_PARAM_SIG, 0);
68static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC(
69 AUTH_PARAM_SIG_ALG, 0);
70static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC(
71 AUTH_PARAM_RAW_DATA, 0);
72
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]73static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC(
74 AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID);
75static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC(
76 AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]77
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]78static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC(
79 AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID);
80static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC(
81 AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID);
82static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC(
83 AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID);
84static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC(
85 AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]86
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]87static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC(
88 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID);
89static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC(
90 AUTH_PARAM_HASH, SCP_FW_HASH_OID);
91static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
92 AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
93static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
94 AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
95static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
96 AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]97static auth_param_type_desc_t scp_bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]98 AUTH_PARAM_HASH, SCP_FWU_CFG_HASH_OID);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]99static auth_param_type_desc_t bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]100 AUTH_PARAM_HASH, AP_FWU_CFG_HASH_OID);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]101static auth_param_type_desc_t ns_bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]102 AUTH_PARAM_HASH, FWU_HASH_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]103
104/*
105 * TBBR Chain of trust definition
106 */
107static const auth_img_desc_t cot_desc[] = {
108 /*
109 * BL2
110 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]111 [TRUSTED_BOOT_FW_CERT_ID] = {
112 .img_id = TRUSTED_BOOT_FW_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]113 .img_type = IMG_CERT,
114 .parent = NULL,
115 .img_auth_methods = {
116 [0] = {
117 .type = AUTH_METHOD_SIG,
118 .param.sig = {
119 .pk = &subject_pk,
120 .sig = &sig,
121 .alg = &sig_alg,
122 .data = &raw_data,
123 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame^]124 },
125 [1] = {
126 .type = AUTH_METHOD_NV_CTR,
127 .param.nv_ctr = {
128 .cert_nv_ctr = &trusted_nv_ctr,
129 .plat_nv_ctr = &trusted_nv_ctr
130 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]131 }
132 },
133 .authenticated_data = {
134 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]135 .type_desc = &tb_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]136 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]137 .ptr = (void *)tb_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]138 .len = (unsigned int)HASH_DER_LEN
139 }
140 }
141 }
142 },
143 [BL2_IMAGE_ID] = {
144 .img_id = BL2_IMAGE_ID,
145 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]146 .parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]147 .img_auth_methods = {
148 [0] = {
149 .type = AUTH_METHOD_HASH,
150 .param.hash = {
151 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]152 .hash = &tb_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]153 }
154 }
155 }
156 },
157 /*
158 * Trusted key certificate
159 */
160 [TRUSTED_KEY_CERT_ID] = {
161 .img_id = TRUSTED_KEY_CERT_ID,
162 .img_type = IMG_CERT,
163 .parent = NULL,
164 .img_auth_methods = {
165 [0] = {
166 .type = AUTH_METHOD_SIG,
167 .param.sig = {
168 .pk = &subject_pk,
169 .sig = &sig,
170 .alg = &sig_alg,
171 .data = &raw_data,
172 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame^]173 },
174 [1] = {
175 .type = AUTH_METHOD_NV_CTR,
176 .param.nv_ctr = {
177 .cert_nv_ctr = &trusted_nv_ctr,
178 .plat_nv_ctr = &trusted_nv_ctr
179 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]180 }
181 },
182 .authenticated_data = {
183 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]184 .type_desc = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]185 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]186 .ptr = (void *)trusted_world_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]187 .len = (unsigned int)PK_DER_LEN
188 }
189 },
190 [1] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]191 .type_desc = &non_trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]192 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]193 .ptr = (void *)non_trusted_world_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]194 .len = (unsigned int)PK_DER_LEN
195 }
196 }
197 }
198 },
199 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]200 * SCP Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]201 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]202 [SCP_FW_KEY_CERT_ID] = {
203 .img_id = SCP_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]204 .img_type = IMG_CERT,
205 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
206 .img_auth_methods = {
207 [0] = {
208 .type = AUTH_METHOD_SIG,
209 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]210 .pk = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]211 .sig = &sig,
212 .alg = &sig_alg,
213 .data = &raw_data,
214 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame^]215 },
216 [1] = {
217 .type = AUTH_METHOD_NV_CTR,
218 .param.nv_ctr = {
219 .cert_nv_ctr = &trusted_nv_ctr,
220 .plat_nv_ctr = &trusted_nv_ctr
221 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]222 }
223 },
224 .authenticated_data = {
225 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]226 .type_desc = &scp_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]227 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]228 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]229 .len = (unsigned int)PK_DER_LEN
230 }
231 }
232 }
233 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]234 [SCP_FW_CONTENT_CERT_ID] = {
235 .img_id = SCP_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]236 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]237 .parent = &cot_desc[SCP_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]238 .img_auth_methods = {
239 [0] = {
240 .type = AUTH_METHOD_SIG,
241 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]242 .pk = &scp_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]243 .sig = &sig,
244 .alg = &sig_alg,
245 .data = &raw_data,
246 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame^]247 },
248 [1] = {
249 .type = AUTH_METHOD_NV_CTR,
250 .param.nv_ctr = {
251 .cert_nv_ctr = &trusted_nv_ctr,
252 .plat_nv_ctr = &trusted_nv_ctr
253 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]254 }
255 },
256 .authenticated_data = {
257 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]258 .type_desc = &scp_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]259 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]260 .ptr = (void *)scp_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]261 .len = (unsigned int)HASH_DER_LEN
262 }
263 }
264 }
265 },
Juan Castilloa72b6472015-12-10 15:49:17 +0000[diff] [blame]266 [SCP_BL2_IMAGE_ID] = {
267 .img_id = SCP_BL2_IMAGE_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]268 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]269 .parent = &cot_desc[SCP_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]270 .img_auth_methods = {
271 [0] = {
272 .type = AUTH_METHOD_HASH,
273 .param.hash = {
274 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]275 .hash = &scp_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]276 }
277 }
278 }
279 },
280 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]281 * SoC Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]282 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]283 [SOC_FW_KEY_CERT_ID] = {
284 .img_id = SOC_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]285 .img_type = IMG_CERT,
286 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
287 .img_auth_methods = {
288 [0] = {
289 .type = AUTH_METHOD_SIG,
290 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]291 .pk = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]292 .sig = &sig,
293 .alg = &sig_alg,
294 .data = &raw_data,
295 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame^]296 },
297 [1] = {
298 .type = AUTH_METHOD_NV_CTR,
299 .param.nv_ctr = {
300 .cert_nv_ctr = &trusted_nv_ctr,
301 .plat_nv_ctr = &trusted_nv_ctr
302 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]303 }
304 },
305 .authenticated_data = {
306 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]307 .type_desc = &soc_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]308 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]309 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]310 .len = (unsigned int)PK_DER_LEN
311 }
312 }
313 }
314 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]315 [SOC_FW_CONTENT_CERT_ID] = {
316 .img_id = SOC_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]317 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]318 .parent = &cot_desc[SOC_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]319 .img_auth_methods = {
320 [0] = {
321 .type = AUTH_METHOD_SIG,
322 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]323 .pk = &soc_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]324 .sig = &sig,
325 .alg = &sig_alg,
326 .data = &raw_data,
327 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame^]328 },
329 [1] = {
330 .type = AUTH_METHOD_NV_CTR,
331 .param.nv_ctr = {
332 .cert_nv_ctr = &trusted_nv_ctr,
333 .plat_nv_ctr = &trusted_nv_ctr
334 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]335 }
336 },
337 .authenticated_data = {
338 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]339 .type_desc = &soc_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]340 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]341 .ptr = (void *)soc_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]342 .len = (unsigned int)HASH_DER_LEN
343 }
344 }
345 }
346 },
347 [BL31_IMAGE_ID] = {
348 .img_id = BL31_IMAGE_ID,
349 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]350 .parent = &cot_desc[SOC_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]351 .img_auth_methods = {
352 [0] = {
353 .type = AUTH_METHOD_HASH,
354 .param.hash = {
355 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]356 .hash = &soc_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]357 }
358 }
359 }
360 },
361 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]362 * Trusted OS Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]363 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]364 [TRUSTED_OS_FW_KEY_CERT_ID] = {
365 .img_id = TRUSTED_OS_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]366 .img_type = IMG_CERT,
367 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
368 .img_auth_methods = {
369 [0] = {
370 .type = AUTH_METHOD_SIG,
371 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]372 .pk = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]373 .sig = &sig,
374 .alg = &sig_alg,
375 .data = &raw_data,
376 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame^]377 },
378 [1] = {
379 .type = AUTH_METHOD_NV_CTR,
380 .param.nv_ctr = {
381 .cert_nv_ctr = &trusted_nv_ctr,
382 .plat_nv_ctr = &trusted_nv_ctr
383 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]384 }
385 },
386 .authenticated_data = {
387 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]388 .type_desc = &tos_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]389 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]390 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]391 .len = (unsigned int)PK_DER_LEN
392 }
393 }
394 }
395 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]396 [TRUSTED_OS_FW_CONTENT_CERT_ID] = {
397 .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]398 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]399 .parent = &cot_desc[TRUSTED_OS_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]400 .img_auth_methods = {
401 [0] = {
402 .type = AUTH_METHOD_SIG,
403 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]404 .pk = &tos_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]405 .sig = &sig,
406 .alg = &sig_alg,
407 .data = &raw_data,
408 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame^]409 },
410 [1] = {
411 .type = AUTH_METHOD_NV_CTR,
412 .param.nv_ctr = {
413 .cert_nv_ctr = &trusted_nv_ctr,
414 .plat_nv_ctr = &trusted_nv_ctr
415 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]416 }
417 },
418 .authenticated_data = {
419 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]420 .type_desc = &tos_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]421 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]422 .ptr = (void *)tos_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]423 .len = (unsigned int)HASH_DER_LEN
424 }
425 }
426 }
427 },
428 [BL32_IMAGE_ID] = {
429 .img_id = BL32_IMAGE_ID,
430 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]431 .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]432 .img_auth_methods = {
433 [0] = {
434 .type = AUTH_METHOD_HASH,
435 .param.hash = {
436 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]437 .hash = &tos_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]438 }
439 }
440 }
441 },
442 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]443 * Non-Trusted Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]444 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]445 [NON_TRUSTED_FW_KEY_CERT_ID] = {
446 .img_id = NON_TRUSTED_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]447 .img_type = IMG_CERT,
448 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
449 .img_auth_methods = {
450 [0] = {
451 .type = AUTH_METHOD_SIG,
452 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]453 .pk = &non_trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]454 .sig = &sig,
455 .alg = &sig_alg,
456 .data = &raw_data,
457 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame^]458 },
459 [1] = {
460 .type = AUTH_METHOD_NV_CTR,
461 .param.nv_ctr = {
462 .cert_nv_ctr = &non_trusted_nv_ctr,
463 .plat_nv_ctr = &non_trusted_nv_ctr
464 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]465 }
466 },
467 .authenticated_data = {
468 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]469 .type_desc = &nt_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]470 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]471 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]472 .len = (unsigned int)PK_DER_LEN
473 }
474 }
475 }
476 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]477 [NON_TRUSTED_FW_CONTENT_CERT_ID] = {
478 .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]479 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]480 .parent = &cot_desc[NON_TRUSTED_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]481 .img_auth_methods = {
482 [0] = {
483 .type = AUTH_METHOD_SIG,
484 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]485 .pk = &nt_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]486 .sig = &sig,
487 .alg = &sig_alg,
488 .data = &raw_data,
489 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame^]490 },
491 [1] = {
492 .type = AUTH_METHOD_NV_CTR,
493 .param.nv_ctr = {
494 .cert_nv_ctr = &non_trusted_nv_ctr,
495 .plat_nv_ctr = &non_trusted_nv_ctr
496 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]497 }
498 },
499 .authenticated_data = {
500 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]501 .type_desc = &nt_world_bl_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]502 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]503 .ptr = (void *)nt_world_bl_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]504 .len = (unsigned int)HASH_DER_LEN
505 }
506 }
507 }
508 },
509 [BL33_IMAGE_ID] = {
510 .img_id = BL33_IMAGE_ID,
511 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]512 .parent = &cot_desc[NON_TRUSTED_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]513 .img_auth_methods = {
514 [0] = {
515 .type = AUTH_METHOD_HASH,
516 .param.hash = {
517 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]518 .hash = &nt_world_bl_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]519 }
520 }
521 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]522 },
523 /*
524 * FWU auth descriptor.
525 */
526 [FWU_CERT_ID] = {
527 .img_id = FWU_CERT_ID,
528 .img_type = IMG_CERT,
529 .parent = NULL,
530 .img_auth_methods = {
531 [0] = {
532 .type = AUTH_METHOD_SIG,
533 .param.sig = {
534 .pk = &subject_pk,
535 .sig = &sig,
536 .alg = &sig_alg,
537 .data = &raw_data,
538 }
539 }
540 },
541 .authenticated_data = {
542 [0] = {
543 .type_desc = &scp_bl2u_hash,
544 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]545 .ptr = (void *)scp_fw_hash_buf,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]546 .len = (unsigned int)HASH_DER_LEN
547 }
548 },
549 [1] = {
550 .type_desc = &bl2u_hash,
551 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]552 .ptr = (void *)tb_fw_hash_buf,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]553 .len = (unsigned int)HASH_DER_LEN
554 }
555 },
556 [2] = {
557 .type_desc = &ns_bl2u_hash,
558 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]559 .ptr = (void *)nt_world_bl_hash_buf,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]560 .len = (unsigned int)HASH_DER_LEN
561 }
562 }
563 }
564 },
565 /*
566 * SCP_BL2U
567 */
568 [SCP_BL2U_IMAGE_ID] = {
569 .img_id = SCP_BL2U_IMAGE_ID,
570 .img_type = IMG_RAW,
571 .parent = &cot_desc[FWU_CERT_ID],
572 .img_auth_methods = {
573 [0] = {
574 .type = AUTH_METHOD_HASH,
575 .param.hash = {
576 .data = &raw_data,
577 .hash = &scp_bl2u_hash,
578 }
579 }
580 }
581 },
582 /*
583 * BL2U
584 */
585 [BL2U_IMAGE_ID] = {
586 .img_id = BL2U_IMAGE_ID,
587 .img_type = IMG_RAW,
588 .parent = &cot_desc[FWU_CERT_ID],
589 .img_auth_methods = {
590 [0] = {
591 .type = AUTH_METHOD_HASH,
592 .param.hash = {
593 .data = &raw_data,
594 .hash = &bl2u_hash,
595 }
596 }
597 }
598 },
599 /*
600 * NS_BL2U
601 */
602 [NS_BL2U_IMAGE_ID] = {
603 .img_id = NS_BL2U_IMAGE_ID,
604 .img_type = IMG_RAW,
605 .parent = &cot_desc[FWU_CERT_ID],
606 .img_auth_methods = {
607 [0] = {
608 .type = AUTH_METHOD_HASH,
609 .param.hash = {
610 .data = &raw_data,
611 .hash = &ns_bl2u_hash,
612 }
613 }
614 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]615 }
616};
617
618/* Register the CoT in the authentication module */
619REGISTER_COT(cot_desc);