Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / c1be66fb65faa86d97d8cfc2283aafe5f785da4a / . / drivers / auth / tbbr / tbbr_cot_bl2.c
blob: ce2aa7e249f78ec092e736414cbf5bb0bf806b99 [file] [log] [blame]
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]1/*
Govindraj Raja9c7dfb02023-01-11 18:34:58 +0000[diff] [blame]2 * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]3 *
dp-armfa3cf0b2017-05-03 09:38:09 +0100[diff] [blame]4 * SPDX-License-Identifier: BSD-3-Clause
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]5 */
6
Isla Mitchell99305012017-07-11 14:54:08 +0100[diff] [blame]7#include <stddef.h>
8
Govindraj Raja9c7dfb02023-01-11 18:34:58 +0000[diff] [blame]9#include <mbedtls/version.h>
Antonio Nino Diaze0f90632018-12-14 00:18:21 +0000[diff] [blame]10
11#include <drivers/auth/auth_mod.h>
Manish V Badarkhe043fd622020-05-16 16:36:39 +0100[diff] [blame]12#include <drivers/auth/tbbr_cot_common.h>
Govindraj Raja9c7dfb02023-01-11 18:34:58 +0000[diff] [blame]13
Masahiro Yamadaa27c1662017-05-22 12:11:24 +0900[diff] [blame]14#if USE_TBBR_DEFS
Antonio Nino Diaze0f90632018-12-14 00:18:21 +0000[diff] [blame]15#include <tools_share/tbbr_oid.h>
Masahiro Yamadaa27c1662017-05-22 12:11:24 +0900[diff] [blame]16#else
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]17#include <platform_oid.h>
Masahiro Yamadaa27c1662017-05-22 12:11:24 +0900[diff] [blame]18#endif
Isla Mitchell99305012017-07-11 14:54:08 +0100[diff] [blame]19
Govindraj Raja9c7dfb02023-01-11 18:34:58 +0000[diff] [blame]20#include <platform_def.h>
21
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]22static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
23static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
Summer Qin80726782017-04-20 16:28:39 +0100[diff] [blame]24static unsigned char tos_fw_extra1_hash_buf[HASH_DER_LEN];
25static unsigned char tos_fw_extra2_hash_buf[HASH_DER_LEN];
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]26static unsigned char trusted_world_pk_buf[PK_DER_LEN];
27static unsigned char non_trusted_world_pk_buf[PK_DER_LEN];
28static unsigned char content_pk_buf[PK_DER_LEN];
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]29static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN];
30static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN];
31static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN];
Manish Pandeyceea9992020-06-10 16:19:53 +0100[diff] [blame]32#if defined(SPD_spmd)
33static unsigned char sp_pkg_hash_buf[MAX_SP_IDS][HASH_DER_LEN];
34#endif /* SPD_spmd */
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]35
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]36static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
37 AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID);
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]38static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC(
39 AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID);
40static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC(
41 AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID);
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]42static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC(
43 AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID);
44static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC(
45 AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID);
46static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC(
47 AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID);
48static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC(
49 AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID);
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]50static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC(
51 AUTH_PARAM_HASH, SCP_FW_HASH_OID);
52static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
53 AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]54static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC(
55 AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID);
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]56static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
57 AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]58static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC(
59 AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID);
Summer Qin80726782017-04-20 16:28:39 +0100[diff] [blame]60static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC(
61 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID);
62static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC(
63 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID);
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]64static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
65 AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]66static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC(
67 AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID);
Manish Pandeyceea9992020-06-10 16:19:53 +0100[diff] [blame]68#if defined(SPD_spmd)
69static auth_param_type_desc_t sp_pkg1_hash = AUTH_PARAM_TYPE_DESC(
70 AUTH_PARAM_HASH, SP_PKG1_HASH_OID);
71static auth_param_type_desc_t sp_pkg2_hash = AUTH_PARAM_TYPE_DESC(
72 AUTH_PARAM_HASH, SP_PKG2_HASH_OID);
73static auth_param_type_desc_t sp_pkg3_hash = AUTH_PARAM_TYPE_DESC(
74 AUTH_PARAM_HASH, SP_PKG3_HASH_OID);
75static auth_param_type_desc_t sp_pkg4_hash = AUTH_PARAM_TYPE_DESC(
76 AUTH_PARAM_HASH, SP_PKG4_HASH_OID);
77static auth_param_type_desc_t sp_pkg5_hash = AUTH_PARAM_TYPE_DESC(
78 AUTH_PARAM_HASH, SP_PKG5_HASH_OID);
79static auth_param_type_desc_t sp_pkg6_hash = AUTH_PARAM_TYPE_DESC(
80 AUTH_PARAM_HASH, SP_PKG6_HASH_OID);
81static auth_param_type_desc_t sp_pkg7_hash = AUTH_PARAM_TYPE_DESC(
82 AUTH_PARAM_HASH, SP_PKG7_HASH_OID);
83static auth_param_type_desc_t sp_pkg8_hash = AUTH_PARAM_TYPE_DESC(
84 AUTH_PARAM_HASH, SP_PKG8_HASH_OID);
85#endif /* SPD_spmd */
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]86
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]87/*
88 * Trusted key certificate
89 */
90static const auth_img_desc_t trusted_key_cert = {
91 .img_id = TRUSTED_KEY_CERT_ID,
92 .img_type = IMG_CERT,
93 .parent = NULL,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]94 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]95 [0] = {
96 .type = AUTH_METHOD_SIG,
97 .param.sig = {
98 .pk = &subject_pk,
99 .sig = &sig,
100 .alg = &sig_alg,
101 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]102 }
103 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]104 [1] = {
105 .type = AUTH_METHOD_NV_CTR,
106 .param.nv_ctr = {
107 .cert_nv_ctr = &trusted_nv_ctr,
108 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]109 }
110 }
111 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]112 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]113 [0] = {
114 .type_desc = &trusted_world_pk,
115 .data = {
116 .ptr = (void *)trusted_world_pk_buf,
117 .len = (unsigned int)PK_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]118 }
119 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]120 [1] = {
121 .type_desc = &non_trusted_world_pk,
122 .data = {
123 .ptr = (void *)non_trusted_world_pk_buf,
124 .len = (unsigned int)PK_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]125 }
126 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]127 }
128};
129/*
130 * SCP Firmware
131 */
132static const auth_img_desc_t scp_fw_key_cert = {
133 .img_id = SCP_FW_KEY_CERT_ID,
134 .img_type = IMG_CERT,
135 .parent = &trusted_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]136 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]137 [0] = {
138 .type = AUTH_METHOD_SIG,
139 .param.sig = {
140 .pk = &trusted_world_pk,
141 .sig = &sig,
142 .alg = &sig_alg,
143 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]144 }
145 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]146 [1] = {
147 .type = AUTH_METHOD_NV_CTR,
148 .param.nv_ctr = {
149 .cert_nv_ctr = &trusted_nv_ctr,
150 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]151 }
152 }
153 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]154 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]155 [0] = {
156 .type_desc = &scp_fw_content_pk,
157 .data = {
158 .ptr = (void *)content_pk_buf,
159 .len = (unsigned int)PK_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]160 }
161 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]162 }
163};
164static const auth_img_desc_t scp_fw_content_cert = {
165 .img_id = SCP_FW_CONTENT_CERT_ID,
166 .img_type = IMG_CERT,
167 .parent = &scp_fw_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]168 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]169 [0] = {
170 .type = AUTH_METHOD_SIG,
171 .param.sig = {
172 .pk = &scp_fw_content_pk,
173 .sig = &sig,
174 .alg = &sig_alg,
175 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]176 }
177 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]178 [1] = {
179 .type = AUTH_METHOD_NV_CTR,
180 .param.nv_ctr = {
181 .cert_nv_ctr = &trusted_nv_ctr,
182 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]183 }
184 }
185 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]186 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]187 [0] = {
188 .type_desc = &scp_fw_hash,
189 .data = {
190 .ptr = (void *)scp_fw_hash_buf,
191 .len = (unsigned int)HASH_DER_LEN
192 }
193 }
194 }
195};
196static const auth_img_desc_t scp_bl2_image = {
197 .img_id = SCP_BL2_IMAGE_ID,
198 .img_type = IMG_RAW,
199 .parent = &scp_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]200 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]201 [0] = {
202 .type = AUTH_METHOD_HASH,
203 .param.hash = {
204 .data = &raw_data,
205 .hash = &scp_fw_hash
206 }
207 }
208 }
209};
210/*
211 * SoC Firmware
212 */
213static const auth_img_desc_t soc_fw_key_cert = {
214 .img_id = SOC_FW_KEY_CERT_ID,
215 .img_type = IMG_CERT,
216 .parent = &trusted_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]217 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]218 [0] = {
219 .type = AUTH_METHOD_SIG,
220 .param.sig = {
221 .pk = &trusted_world_pk,
222 .sig = &sig,
223 .alg = &sig_alg,
224 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]225 }
226 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]227 [1] = {
228 .type = AUTH_METHOD_NV_CTR,
229 .param.nv_ctr = {
230 .cert_nv_ctr = &trusted_nv_ctr,
231 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]232 }
233 }
234 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]235 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]236 [0] = {
237 .type_desc = &soc_fw_content_pk,
238 .data = {
239 .ptr = (void *)content_pk_buf,
240 .len = (unsigned int)PK_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]241 }
242 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]243 }
244};
245static const auth_img_desc_t soc_fw_content_cert = {
246 .img_id = SOC_FW_CONTENT_CERT_ID,
247 .img_type = IMG_CERT,
248 .parent = &soc_fw_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]249 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]250 [0] = {
251 .type = AUTH_METHOD_SIG,
252 .param.sig = {
253 .pk = &soc_fw_content_pk,
254 .sig = &sig,
255 .alg = &sig_alg,
256 .data = &raw_data
257 }
258 },
259 [1] = {
260 .type = AUTH_METHOD_NV_CTR,
261 .param.nv_ctr = {
262 .cert_nv_ctr = &trusted_nv_ctr,
263 .plat_nv_ctr = &trusted_nv_ctr
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]264 }
265 }
266 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]267 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]268 [0] = {
269 .type_desc = &soc_fw_hash,
270 .data = {
271 .ptr = (void *)soc_fw_hash_buf,
272 .len = (unsigned int)HASH_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]273 }
274 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]275 [1] = {
276 .type_desc = &soc_fw_config_hash,
277 .data = {
278 .ptr = (void *)soc_fw_config_hash_buf,
279 .len = (unsigned int)HASH_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]280 }
281 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]282 }
283};
284static const auth_img_desc_t bl31_image = {
285 .img_id = BL31_IMAGE_ID,
286 .img_type = IMG_RAW,
287 .parent = &soc_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]288 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]289 [0] = {
290 .type = AUTH_METHOD_HASH,
291 .param.hash = {
292 .data = &raw_data,
293 .hash = &soc_fw_hash
294 }
295 }
296 }
297};
298/* SOC FW Config */
299static const auth_img_desc_t soc_fw_config = {
300 .img_id = SOC_FW_CONFIG_ID,
301 .img_type = IMG_RAW,
302 .parent = &soc_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]303 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]304 [0] = {
305 .type = AUTH_METHOD_HASH,
306 .param.hash = {
307 .data = &raw_data,
308 .hash = &soc_fw_config_hash
309 }
310 }
311 }
312};
313/*
314 * Trusted OS Firmware
315 */
316static const auth_img_desc_t trusted_os_fw_key_cert = {
317 .img_id = TRUSTED_OS_FW_KEY_CERT_ID,
318 .img_type = IMG_CERT,
319 .parent = &trusted_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]320 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]321 [0] = {
322 .type = AUTH_METHOD_SIG,
323 .param.sig = {
324 .pk = &trusted_world_pk,
325 .sig = &sig,
326 .alg = &sig_alg,
327 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]328 }
329 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]330 [1] = {
331 .type = AUTH_METHOD_NV_CTR,
332 .param.nv_ctr = {
333 .cert_nv_ctr = &trusted_nv_ctr,
334 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]335 }
336 }
337 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]338 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]339 [0] = {
340 .type_desc = &tos_fw_content_pk,
341 .data = {
342 .ptr = (void *)content_pk_buf,
343 .len = (unsigned int)PK_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]344 }
345 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]346 }
347};
348static const auth_img_desc_t trusted_os_fw_content_cert = {
349 .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
350 .img_type = IMG_CERT,
351 .parent = &trusted_os_fw_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]352 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]353 [0] = {
354 .type = AUTH_METHOD_SIG,
355 .param.sig = {
356 .pk = &tos_fw_content_pk,
357 .sig = &sig,
358 .alg = &sig_alg,
359 .data = &raw_data
360 }
361 },
362 [1] = {
363 .type = AUTH_METHOD_NV_CTR,
364 .param.nv_ctr = {
365 .cert_nv_ctr = &trusted_nv_ctr,
366 .plat_nv_ctr = &trusted_nv_ctr
Summer Qin80726782017-04-20 16:28:39 +0100[diff] [blame]367 }
368 }
369 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]370 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]371 [0] = {
372 .type_desc = &tos_fw_hash,
373 .data = {
374 .ptr = (void *)tos_fw_hash_buf,
375 .len = (unsigned int)HASH_DER_LEN
376 }
377 },
378 [1] = {
379 .type_desc = &tos_fw_extra1_hash,
380 .data = {
381 .ptr = (void *)tos_fw_extra1_hash_buf,
382 .len = (unsigned int)HASH_DER_LEN
383 }
384 },
385 [2] = {
386 .type_desc = &tos_fw_extra2_hash,
387 .data = {
388 .ptr = (void *)tos_fw_extra2_hash_buf,
389 .len = (unsigned int)HASH_DER_LEN
390 }
391 },
392 [3] = {
393 .type_desc = &tos_fw_config_hash,
394 .data = {
395 .ptr = (void *)tos_fw_config_hash_buf,
396 .len = (unsigned int)HASH_DER_LEN
Summer Qin80726782017-04-20 16:28:39 +0100[diff] [blame]397 }
398 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]399 }
400};
401static const auth_img_desc_t bl32_image = {
402 .img_id = BL32_IMAGE_ID,
403 .img_type = IMG_RAW,
404 .parent = &trusted_os_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]405 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]406 [0] = {
407 .type = AUTH_METHOD_HASH,
408 .param.hash = {
409 .data = &raw_data,
410 .hash = &tos_fw_hash
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]411 }
412 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]413 }
414};
415static const auth_img_desc_t bl32_extra1_image = {
416 .img_id = BL32_EXTRA1_IMAGE_ID,
417 .img_type = IMG_RAW,
418 .parent = &trusted_os_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]419 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]420 [0] = {
421 .type = AUTH_METHOD_HASH,
422 .param.hash = {
423 .data = &raw_data,
424 .hash = &tos_fw_extra1_hash
425 }
426 }
427 }
428};
429static const auth_img_desc_t bl32_extra2_image = {
430 .img_id = BL32_EXTRA2_IMAGE_ID,
431 .img_type = IMG_RAW,
432 .parent = &trusted_os_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]433 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]434 [0] = {
435 .type = AUTH_METHOD_HASH,
436 .param.hash = {
437 .data = &raw_data,
438 .hash = &tos_fw_extra2_hash
439 }
440 }
441 }
442};
443/* TOS FW Config */
444static const auth_img_desc_t tos_fw_config = {
445 .img_id = TOS_FW_CONFIG_ID,
446 .img_type = IMG_RAW,
447 .parent = &trusted_os_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]448 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]449 [0] = {
450 .type = AUTH_METHOD_HASH,
451 .param.hash = {
452 .data = &raw_data,
453 .hash = &tos_fw_config_hash
454 }
455 }
456 }
457};
458/*
459 * Non-Trusted Firmware
460 */
461static const auth_img_desc_t non_trusted_fw_key_cert = {
462 .img_id = NON_TRUSTED_FW_KEY_CERT_ID,
463 .img_type = IMG_CERT,
464 .parent = &trusted_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]465 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]466 [0] = {
467 .type = AUTH_METHOD_SIG,
468 .param.sig = {
469 .pk = &non_trusted_world_pk,
470 .sig = &sig,
471 .alg = &sig_alg,
472 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]473 }
474 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]475 [1] = {
476 .type = AUTH_METHOD_NV_CTR,
477 .param.nv_ctr = {
478 .cert_nv_ctr = &non_trusted_nv_ctr,
479 .plat_nv_ctr = &non_trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]480 }
481 }
482 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]483 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]484 [0] = {
485 .type_desc = &nt_fw_content_pk,
486 .data = {
487 .ptr = (void *)content_pk_buf,
488 .len = (unsigned int)PK_DER_LEN
489 }
490 }
491 }
492};
493static const auth_img_desc_t non_trusted_fw_content_cert = {
494 .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
495 .img_type = IMG_CERT,
496 .parent = &non_trusted_fw_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]497 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]498 [0] = {
499 .type = AUTH_METHOD_SIG,
500 .param.sig = {
501 .pk = &nt_fw_content_pk,
502 .sig = &sig,
503 .alg = &sig_alg,
504 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]505 }
506 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]507 [1] = {
508 .type = AUTH_METHOD_NV_CTR,
509 .param.nv_ctr = {
510 .cert_nv_ctr = &non_trusted_nv_ctr,
511 .plat_nv_ctr = &non_trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]512 }
513 }
514 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]515 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]516 [0] = {
517 .type_desc = &nt_world_bl_hash,
518 .data = {
519 .ptr = (void *)nt_world_bl_hash_buf,
520 .len = (unsigned int)HASH_DER_LEN
521 }
522 },
523 [1] = {
524 .type_desc = &nt_fw_config_hash,
525 .data = {
526 .ptr = (void *)nt_fw_config_hash_buf,
527 .len = (unsigned int)HASH_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]528 }
529 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]530 }
531};
532static const auth_img_desc_t bl33_image = {
533 .img_id = BL33_IMAGE_ID,
534 .img_type = IMG_RAW,
535 .parent = &non_trusted_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]536 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]537 [0] = {
538 .type = AUTH_METHOD_HASH,
539 .param.hash = {
540 .data = &raw_data,
541 .hash = &nt_world_bl_hash
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]542 }
543 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]544 }
545};
546/* NT FW Config */
547static const auth_img_desc_t nt_fw_config = {
548 .img_id = NT_FW_CONFIG_ID,
549 .img_type = IMG_RAW,
550 .parent = &non_trusted_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]551 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]552 [0] = {
553 .type = AUTH_METHOD_HASH,
554 .param.hash = {
555 .data = &raw_data,
556 .hash = &nt_fw_config_hash
557 }
558 }
559 }
560};
Manish Pandeyceea9992020-06-10 16:19:53 +0100[diff] [blame]561/* Secure Partitions */
562#if defined(SPD_spmd)
Manish Pandeyd07d0172020-07-23 16:54:30 +0100[diff] [blame]563static const auth_img_desc_t sip_sp_content_cert = {
564 .img_id = SIP_SP_CONTENT_CERT_ID,
Manish Pandeyceea9992020-06-10 16:19:53 +0100[diff] [blame]565 .img_type = IMG_CERT,
566 .parent = &trusted_key_cert,
567 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
568 [0] = {
569 .type = AUTH_METHOD_SIG,
570 .param.sig = {
571 .pk = &trusted_world_pk,
572 .sig = &sig,
573 .alg = &sig_alg,
574 .data = &raw_data
575 }
576 },
577 [1] = {
578 .type = AUTH_METHOD_NV_CTR,
579 .param.nv_ctr = {
580 .cert_nv_ctr = &trusted_nv_ctr,
581 .plat_nv_ctr = &trusted_nv_ctr
582 }
583 }
584 },
585 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
586 [0] = {
587 .type_desc = &sp_pkg1_hash,
588 .data = {
589 .ptr = (void *)sp_pkg_hash_buf[0],
590 .len = (unsigned int)HASH_DER_LEN
591 }
592 },
593 [1] = {
594 .type_desc = &sp_pkg2_hash,
595 .data = {
596 .ptr = (void *)sp_pkg_hash_buf[1],
597 .len = (unsigned int)HASH_DER_LEN
598 }
599 },
600 [2] = {
601 .type_desc = &sp_pkg3_hash,
602 .data = {
603 .ptr = (void *)sp_pkg_hash_buf[2],
604 .len = (unsigned int)HASH_DER_LEN
605 }
606 },
607 [3] = {
608 .type_desc = &sp_pkg4_hash,
609 .data = {
610 .ptr = (void *)sp_pkg_hash_buf[3],
611 .len = (unsigned int)HASH_DER_LEN
612 }
613 },
614 [4] = {
615 .type_desc = &sp_pkg5_hash,
616 .data = {
617 .ptr = (void *)sp_pkg_hash_buf[4],
618 .len = (unsigned int)HASH_DER_LEN
619 }
620 },
621 [5] = {
622 .type_desc = &sp_pkg6_hash,
623 .data = {
624 .ptr = (void *)sp_pkg_hash_buf[5],
625 .len = (unsigned int)HASH_DER_LEN
626 }
627 },
628 [6] = {
629 .type_desc = &sp_pkg7_hash,
630 .data = {
631 .ptr = (void *)sp_pkg_hash_buf[6],
632 .len = (unsigned int)HASH_DER_LEN
633 }
634 },
635 [7] = {
636 .type_desc = &sp_pkg8_hash,
637 .data = {
638 .ptr = (void *)sp_pkg_hash_buf[7],
639 .len = (unsigned int)HASH_DER_LEN
640 }
641 }
642 }
643};
644
Manish Pandeyd07d0172020-07-23 16:54:30 +0100[diff] [blame]645DEFINE_SIP_SP_PKG(1);
646DEFINE_SIP_SP_PKG(2);
647DEFINE_SIP_SP_PKG(3);
648DEFINE_SIP_SP_PKG(4);
649DEFINE_SIP_SP_PKG(5);
650DEFINE_SIP_SP_PKG(6);
651DEFINE_SIP_SP_PKG(7);
652DEFINE_SIP_SP_PKG(8);
Manish Pandeyceea9992020-06-10 16:19:53 +0100[diff] [blame]653#endif /* SPD_spmd */
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]654
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]655static const auth_img_desc_t * const cot_desc[] = {
656 [TRUSTED_BOOT_FW_CERT_ID] = &trusted_boot_fw_cert,
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]657 [HW_CONFIG_ID] = &hw_config,
658 [TRUSTED_KEY_CERT_ID] = &trusted_key_cert,
659 [SCP_FW_KEY_CERT_ID] = &scp_fw_key_cert,
660 [SCP_FW_CONTENT_CERT_ID] = &scp_fw_content_cert,
661 [SCP_BL2_IMAGE_ID] = &scp_bl2_image,
662 [SOC_FW_KEY_CERT_ID] = &soc_fw_key_cert,
663 [SOC_FW_CONTENT_CERT_ID] = &soc_fw_content_cert,
664 [BL31_IMAGE_ID] = &bl31_image,
665 [SOC_FW_CONFIG_ID] = &soc_fw_config,
666 [TRUSTED_OS_FW_KEY_CERT_ID] = &trusted_os_fw_key_cert,
667 [TRUSTED_OS_FW_CONTENT_CERT_ID] = &trusted_os_fw_content_cert,
668 [BL32_IMAGE_ID] = &bl32_image,
669 [BL32_EXTRA1_IMAGE_ID] = &bl32_extra1_image,
670 [BL32_EXTRA2_IMAGE_ID] = &bl32_extra2_image,
671 [TOS_FW_CONFIG_ID] = &tos_fw_config,
672 [NON_TRUSTED_FW_KEY_CERT_ID] = &non_trusted_fw_key_cert,
673 [NON_TRUSTED_FW_CONTENT_CERT_ID] = &non_trusted_fw_content_cert,
674 [BL33_IMAGE_ID] = &bl33_image,
675 [NT_FW_CONFIG_ID] = &nt_fw_config,
Manish Pandeyceea9992020-06-10 16:19:53 +0100[diff] [blame]676#if defined(SPD_spmd)
Manish Pandeyd07d0172020-07-23 16:54:30 +0100[diff] [blame]677 [SIP_SP_CONTENT_CERT_ID] = &sip_sp_content_cert,
678 [SP_PKG1_ID] = &sp_pkg1,
679 [SP_PKG2_ID] = &sp_pkg2,
680 [SP_PKG3_ID] = &sp_pkg3,
681 [SP_PKG4_ID] = &sp_pkg4,
682 [SP_PKG5_ID] = &sp_pkg5,
683 [SP_PKG6_ID] = &sp_pkg6,
684 [SP_PKG7_ID] = &sp_pkg7,
685 [SP_PKG8_ID] = &sp_pkg8,
Manish Pandeyceea9992020-06-10 16:19:53 +0100[diff] [blame]686#endif
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]687};
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]688
689/* Register the CoT in the authentication module */
690REGISTER_COT(cot_desc);