Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / c5baddf6408f1d6e11e35ed98a6f07395271c250 / . / drivers / auth / tbbr / tbbr_cot_bl2.c
blob: c47bf1aca4302d94368618c220117da883a982f5 [file] [log] [blame]
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]1/*
Sandrine Bailleux41477e72020-02-17 13:41:59 +0100[diff] [blame]2 * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]3 *
dp-armfa3cf0b2017-05-03 09:38:09 +0100[diff] [blame]4 * SPDX-License-Identifier: BSD-3-Clause
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]5 */
6
Isla Mitchell99305012017-07-11 14:54:08 +0100[diff] [blame]7#include <stddef.h>
8
Antonio Nino Diaze0f90632018-12-14 00:18:21 +0000[diff] [blame]9#include <platform_def.h>
Justin Chadwellf9b32c12019-07-29 17:13:10 +0100[diff] [blame]10#include <drivers/auth/mbedtls/mbedtls_config.h>
Antonio Nino Diaze0f90632018-12-14 00:18:21 +0000[diff] [blame]11
12#include <drivers/auth/auth_mod.h>
Manish V Badarkhe043fd622020-05-16 16:36:39 +0100[diff] [blame]13#include <drivers/auth/tbbr_cot_common.h>
Masahiro Yamadaa27c1662017-05-22 12:11:24 +0900[diff] [blame]14#if USE_TBBR_DEFS
Antonio Nino Diaze0f90632018-12-14 00:18:21 +0000[diff] [blame]15#include <tools_share/tbbr_oid.h>
Masahiro Yamadaa27c1662017-05-22 12:11:24 +0900[diff] [blame]16#else
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]17#include <platform_oid.h>
Masahiro Yamadaa27c1662017-05-22 12:11:24 +0900[diff] [blame]18#endif
Isla Mitchell99305012017-07-11 14:54:08 +0100[diff] [blame]19
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]20static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
21static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
Summer Qin80726782017-04-20 16:28:39 +0100[diff] [blame]22static unsigned char tos_fw_extra1_hash_buf[HASH_DER_LEN];
23static unsigned char tos_fw_extra2_hash_buf[HASH_DER_LEN];
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]24static unsigned char trusted_world_pk_buf[PK_DER_LEN];
25static unsigned char non_trusted_world_pk_buf[PK_DER_LEN];
26static unsigned char content_pk_buf[PK_DER_LEN];
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]27static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN];
28static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN];
29static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN];
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]30
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]31static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
32 AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID);
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]33static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC(
34 AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID);
35static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC(
36 AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID);
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]37static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC(
38 AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID);
39static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC(
40 AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID);
41static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC(
42 AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID);
43static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC(
44 AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID);
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]45static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC(
46 AUTH_PARAM_HASH, SCP_FW_HASH_OID);
47static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
48 AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]49static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC(
50 AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID);
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]51static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
52 AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]53static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC(
54 AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID);
Summer Qin80726782017-04-20 16:28:39 +0100[diff] [blame]55static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC(
56 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID);
57static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC(
58 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID);
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]59static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
60 AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]61static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC(
62 AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]63
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]64/*
65 * Trusted key certificate
66 */
67static const auth_img_desc_t trusted_key_cert = {
68 .img_id = TRUSTED_KEY_CERT_ID,
69 .img_type = IMG_CERT,
70 .parent = NULL,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]71 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]72 [0] = {
73 .type = AUTH_METHOD_SIG,
74 .param.sig = {
75 .pk = &subject_pk,
76 .sig = &sig,
77 .alg = &sig_alg,
78 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]79 }
80 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]81 [1] = {
82 .type = AUTH_METHOD_NV_CTR,
83 .param.nv_ctr = {
84 .cert_nv_ctr = &trusted_nv_ctr,
85 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]86 }
87 }
88 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]89 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]90 [0] = {
91 .type_desc = &trusted_world_pk,
92 .data = {
93 .ptr = (void *)trusted_world_pk_buf,
94 .len = (unsigned int)PK_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]95 }
96 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]97 [1] = {
98 .type_desc = &non_trusted_world_pk,
99 .data = {
100 .ptr = (void *)non_trusted_world_pk_buf,
101 .len = (unsigned int)PK_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]102 }
103 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]104 }
105};
106/*
107 * SCP Firmware
108 */
109static const auth_img_desc_t scp_fw_key_cert = {
110 .img_id = SCP_FW_KEY_CERT_ID,
111 .img_type = IMG_CERT,
112 .parent = &trusted_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]113 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]114 [0] = {
115 .type = AUTH_METHOD_SIG,
116 .param.sig = {
117 .pk = &trusted_world_pk,
118 .sig = &sig,
119 .alg = &sig_alg,
120 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]121 }
122 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]123 [1] = {
124 .type = AUTH_METHOD_NV_CTR,
125 .param.nv_ctr = {
126 .cert_nv_ctr = &trusted_nv_ctr,
127 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]128 }
129 }
130 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]131 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]132 [0] = {
133 .type_desc = &scp_fw_content_pk,
134 .data = {
135 .ptr = (void *)content_pk_buf,
136 .len = (unsigned int)PK_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]137 }
138 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]139 }
140};
141static const auth_img_desc_t scp_fw_content_cert = {
142 .img_id = SCP_FW_CONTENT_CERT_ID,
143 .img_type = IMG_CERT,
144 .parent = &scp_fw_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]145 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]146 [0] = {
147 .type = AUTH_METHOD_SIG,
148 .param.sig = {
149 .pk = &scp_fw_content_pk,
150 .sig = &sig,
151 .alg = &sig_alg,
152 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]153 }
154 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]155 [1] = {
156 .type = AUTH_METHOD_NV_CTR,
157 .param.nv_ctr = {
158 .cert_nv_ctr = &trusted_nv_ctr,
159 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]160 }
161 }
162 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]163 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]164 [0] = {
165 .type_desc = &scp_fw_hash,
166 .data = {
167 .ptr = (void *)scp_fw_hash_buf,
168 .len = (unsigned int)HASH_DER_LEN
169 }
170 }
171 }
172};
173static const auth_img_desc_t scp_bl2_image = {
174 .img_id = SCP_BL2_IMAGE_ID,
175 .img_type = IMG_RAW,
176 .parent = &scp_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]177 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]178 [0] = {
179 .type = AUTH_METHOD_HASH,
180 .param.hash = {
181 .data = &raw_data,
182 .hash = &scp_fw_hash
183 }
184 }
185 }
186};
187/*
188 * SoC Firmware
189 */
190static const auth_img_desc_t soc_fw_key_cert = {
191 .img_id = SOC_FW_KEY_CERT_ID,
192 .img_type = IMG_CERT,
193 .parent = &trusted_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]194 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]195 [0] = {
196 .type = AUTH_METHOD_SIG,
197 .param.sig = {
198 .pk = &trusted_world_pk,
199 .sig = &sig,
200 .alg = &sig_alg,
201 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]202 }
203 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]204 [1] = {
205 .type = AUTH_METHOD_NV_CTR,
206 .param.nv_ctr = {
207 .cert_nv_ctr = &trusted_nv_ctr,
208 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]209 }
210 }
211 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]212 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]213 [0] = {
214 .type_desc = &soc_fw_content_pk,
215 .data = {
216 .ptr = (void *)content_pk_buf,
217 .len = (unsigned int)PK_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]218 }
219 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]220 }
221};
222static const auth_img_desc_t soc_fw_content_cert = {
223 .img_id = SOC_FW_CONTENT_CERT_ID,
224 .img_type = IMG_CERT,
225 .parent = &soc_fw_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]226 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]227 [0] = {
228 .type = AUTH_METHOD_SIG,
229 .param.sig = {
230 .pk = &soc_fw_content_pk,
231 .sig = &sig,
232 .alg = &sig_alg,
233 .data = &raw_data
234 }
235 },
236 [1] = {
237 .type = AUTH_METHOD_NV_CTR,
238 .param.nv_ctr = {
239 .cert_nv_ctr = &trusted_nv_ctr,
240 .plat_nv_ctr = &trusted_nv_ctr
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]241 }
242 }
243 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]244 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]245 [0] = {
246 .type_desc = &soc_fw_hash,
247 .data = {
248 .ptr = (void *)soc_fw_hash_buf,
249 .len = (unsigned int)HASH_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]250 }
251 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]252 [1] = {
253 .type_desc = &soc_fw_config_hash,
254 .data = {
255 .ptr = (void *)soc_fw_config_hash_buf,
256 .len = (unsigned int)HASH_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]257 }
258 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]259 }
260};
261static const auth_img_desc_t bl31_image = {
262 .img_id = BL31_IMAGE_ID,
263 .img_type = IMG_RAW,
264 .parent = &soc_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]265 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]266 [0] = {
267 .type = AUTH_METHOD_HASH,
268 .param.hash = {
269 .data = &raw_data,
270 .hash = &soc_fw_hash
271 }
272 }
273 }
274};
275/* SOC FW Config */
276static const auth_img_desc_t soc_fw_config = {
277 .img_id = SOC_FW_CONFIG_ID,
278 .img_type = IMG_RAW,
279 .parent = &soc_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]280 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]281 [0] = {
282 .type = AUTH_METHOD_HASH,
283 .param.hash = {
284 .data = &raw_data,
285 .hash = &soc_fw_config_hash
286 }
287 }
288 }
289};
290/*
291 * Trusted OS Firmware
292 */
293static const auth_img_desc_t trusted_os_fw_key_cert = {
294 .img_id = TRUSTED_OS_FW_KEY_CERT_ID,
295 .img_type = IMG_CERT,
296 .parent = &trusted_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]297 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]298 [0] = {
299 .type = AUTH_METHOD_SIG,
300 .param.sig = {
301 .pk = &trusted_world_pk,
302 .sig = &sig,
303 .alg = &sig_alg,
304 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]305 }
306 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]307 [1] = {
308 .type = AUTH_METHOD_NV_CTR,
309 .param.nv_ctr = {
310 .cert_nv_ctr = &trusted_nv_ctr,
311 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]312 }
313 }
314 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]315 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]316 [0] = {
317 .type_desc = &tos_fw_content_pk,
318 .data = {
319 .ptr = (void *)content_pk_buf,
320 .len = (unsigned int)PK_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]321 }
322 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]323 }
324};
325static const auth_img_desc_t trusted_os_fw_content_cert = {
326 .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
327 .img_type = IMG_CERT,
328 .parent = &trusted_os_fw_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]329 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]330 [0] = {
331 .type = AUTH_METHOD_SIG,
332 .param.sig = {
333 .pk = &tos_fw_content_pk,
334 .sig = &sig,
335 .alg = &sig_alg,
336 .data = &raw_data
337 }
338 },
339 [1] = {
340 .type = AUTH_METHOD_NV_CTR,
341 .param.nv_ctr = {
342 .cert_nv_ctr = &trusted_nv_ctr,
343 .plat_nv_ctr = &trusted_nv_ctr
Summer Qin80726782017-04-20 16:28:39 +0100[diff] [blame]344 }
345 }
346 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]347 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]348 [0] = {
349 .type_desc = &tos_fw_hash,
350 .data = {
351 .ptr = (void *)tos_fw_hash_buf,
352 .len = (unsigned int)HASH_DER_LEN
353 }
354 },
355 [1] = {
356 .type_desc = &tos_fw_extra1_hash,
357 .data = {
358 .ptr = (void *)tos_fw_extra1_hash_buf,
359 .len = (unsigned int)HASH_DER_LEN
360 }
361 },
362 [2] = {
363 .type_desc = &tos_fw_extra2_hash,
364 .data = {
365 .ptr = (void *)tos_fw_extra2_hash_buf,
366 .len = (unsigned int)HASH_DER_LEN
367 }
368 },
369 [3] = {
370 .type_desc = &tos_fw_config_hash,
371 .data = {
372 .ptr = (void *)tos_fw_config_hash_buf,
373 .len = (unsigned int)HASH_DER_LEN
Summer Qin80726782017-04-20 16:28:39 +0100[diff] [blame]374 }
375 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]376 }
377};
378static const auth_img_desc_t bl32_image = {
379 .img_id = BL32_IMAGE_ID,
380 .img_type = IMG_RAW,
381 .parent = &trusted_os_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]382 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]383 [0] = {
384 .type = AUTH_METHOD_HASH,
385 .param.hash = {
386 .data = &raw_data,
387 .hash = &tos_fw_hash
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]388 }
389 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]390 }
391};
392static const auth_img_desc_t bl32_extra1_image = {
393 .img_id = BL32_EXTRA1_IMAGE_ID,
394 .img_type = IMG_RAW,
395 .parent = &trusted_os_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]396 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]397 [0] = {
398 .type = AUTH_METHOD_HASH,
399 .param.hash = {
400 .data = &raw_data,
401 .hash = &tos_fw_extra1_hash
402 }
403 }
404 }
405};
406static const auth_img_desc_t bl32_extra2_image = {
407 .img_id = BL32_EXTRA2_IMAGE_ID,
408 .img_type = IMG_RAW,
409 .parent = &trusted_os_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]410 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]411 [0] = {
412 .type = AUTH_METHOD_HASH,
413 .param.hash = {
414 .data = &raw_data,
415 .hash = &tos_fw_extra2_hash
416 }
417 }
418 }
419};
420/* TOS FW Config */
421static const auth_img_desc_t tos_fw_config = {
422 .img_id = TOS_FW_CONFIG_ID,
423 .img_type = IMG_RAW,
424 .parent = &trusted_os_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]425 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]426 [0] = {
427 .type = AUTH_METHOD_HASH,
428 .param.hash = {
429 .data = &raw_data,
430 .hash = &tos_fw_config_hash
431 }
432 }
433 }
434};
435/*
436 * Non-Trusted Firmware
437 */
438static const auth_img_desc_t non_trusted_fw_key_cert = {
439 .img_id = NON_TRUSTED_FW_KEY_CERT_ID,
440 .img_type = IMG_CERT,
441 .parent = &trusted_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]442 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]443 [0] = {
444 .type = AUTH_METHOD_SIG,
445 .param.sig = {
446 .pk = &non_trusted_world_pk,
447 .sig = &sig,
448 .alg = &sig_alg,
449 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]450 }
451 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]452 [1] = {
453 .type = AUTH_METHOD_NV_CTR,
454 .param.nv_ctr = {
455 .cert_nv_ctr = &non_trusted_nv_ctr,
456 .plat_nv_ctr = &non_trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]457 }
458 }
459 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]460 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]461 [0] = {
462 .type_desc = &nt_fw_content_pk,
463 .data = {
464 .ptr = (void *)content_pk_buf,
465 .len = (unsigned int)PK_DER_LEN
466 }
467 }
468 }
469};
470static const auth_img_desc_t non_trusted_fw_content_cert = {
471 .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
472 .img_type = IMG_CERT,
473 .parent = &non_trusted_fw_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]474 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]475 [0] = {
476 .type = AUTH_METHOD_SIG,
477 .param.sig = {
478 .pk = &nt_fw_content_pk,
479 .sig = &sig,
480 .alg = &sig_alg,
481 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]482 }
483 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]484 [1] = {
485 .type = AUTH_METHOD_NV_CTR,
486 .param.nv_ctr = {
487 .cert_nv_ctr = &non_trusted_nv_ctr,
488 .plat_nv_ctr = &non_trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]489 }
490 }
491 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]492 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]493 [0] = {
494 .type_desc = &nt_world_bl_hash,
495 .data = {
496 .ptr = (void *)nt_world_bl_hash_buf,
497 .len = (unsigned int)HASH_DER_LEN
498 }
499 },
500 [1] = {
501 .type_desc = &nt_fw_config_hash,
502 .data = {
503 .ptr = (void *)nt_fw_config_hash_buf,
504 .len = (unsigned int)HASH_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]505 }
506 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]507 }
508};
509static const auth_img_desc_t bl33_image = {
510 .img_id = BL33_IMAGE_ID,
511 .img_type = IMG_RAW,
512 .parent = &non_trusted_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]513 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]514 [0] = {
515 .type = AUTH_METHOD_HASH,
516 .param.hash = {
517 .data = &raw_data,
518 .hash = &nt_world_bl_hash
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]519 }
520 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]521 }
522};
523/* NT FW Config */
524static const auth_img_desc_t nt_fw_config = {
525 .img_id = NT_FW_CONFIG_ID,
526 .img_type = IMG_RAW,
527 .parent = &non_trusted_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]528 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]529 [0] = {
530 .type = AUTH_METHOD_HASH,
531 .param.hash = {
532 .data = &raw_data,
533 .hash = &nt_fw_config_hash
534 }
535 }
536 }
537};
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]538
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]539static const auth_img_desc_t * const cot_desc[] = {
540 [TRUSTED_BOOT_FW_CERT_ID] = &trusted_boot_fw_cert,
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]541 [HW_CONFIG_ID] = &hw_config,
542 [TRUSTED_KEY_CERT_ID] = &trusted_key_cert,
543 [SCP_FW_KEY_CERT_ID] = &scp_fw_key_cert,
544 [SCP_FW_CONTENT_CERT_ID] = &scp_fw_content_cert,
545 [SCP_BL2_IMAGE_ID] = &scp_bl2_image,
546 [SOC_FW_KEY_CERT_ID] = &soc_fw_key_cert,
547 [SOC_FW_CONTENT_CERT_ID] = &soc_fw_content_cert,
548 [BL31_IMAGE_ID] = &bl31_image,
549 [SOC_FW_CONFIG_ID] = &soc_fw_config,
550 [TRUSTED_OS_FW_KEY_CERT_ID] = &trusted_os_fw_key_cert,
551 [TRUSTED_OS_FW_CONTENT_CERT_ID] = &trusted_os_fw_content_cert,
552 [BL32_IMAGE_ID] = &bl32_image,
553 [BL32_EXTRA1_IMAGE_ID] = &bl32_extra1_image,
554 [BL32_EXTRA2_IMAGE_ID] = &bl32_extra2_image,
555 [TOS_FW_CONFIG_ID] = &tos_fw_config,
556 [NON_TRUSTED_FW_KEY_CERT_ID] = &non_trusted_fw_key_cert,
557 [NON_TRUSTED_FW_CONTENT_CERT_ID] = &non_trusted_fw_content_cert,
558 [BL33_IMAGE_ID] = &bl33_image,
559 [NT_FW_CONFIG_ID] = &nt_fw_config,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]560};
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]561
562/* Register the CoT in the authentication module */
563REGISTER_COT(cot_desc);