Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / d44df5e375619c60531655f1ff42df7f3b10b151 / . / drivers / auth / tbbr / tbbr_cot.c
blob: a9a4b37fe3df8e30c971c3387827afcc636260a6 [file] [log] [blame]
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]1/*
Masahiro Yamadaa27c1662017-05-22 12:11:24 +0900[diff] [blame]2 * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]3 *
dp-armfa3cf0b2017-05-03 09:38:09 +0100[diff] [blame]4 * SPDX-License-Identifier: BSD-3-Clause
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]5 */
6
7#include <auth_mod.h>
8#include <platform_def.h>
Isla Mitchell99305012017-07-11 14:54:08 +0100[diff] [blame]9#include <stddef.h>
10
Masahiro Yamadaa27c1662017-05-22 12:11:24 +0900[diff] [blame]11#if USE_TBBR_DEFS
12#include <tbbr_oid.h>
13#else
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]14#include <platform_oid.h>
Masahiro Yamadaa27c1662017-05-22 12:11:24 +0900[diff] [blame]15#endif
Isla Mitchell99305012017-07-11 14:54:08 +0100[diff] [blame]16
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]17
18/*
19 * Maximum key and hash sizes (in DER format)
20 */
21#define PK_DER_LEN 294
22#define HASH_DER_LEN 51
23
24/*
25 * The platform must allocate buffers to store the authentication parameters
26 * extracted from the certificates. In this case, because of the way the CoT is
27 * established, we can reuse some of the buffers on different stages
28 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]29static unsigned char tb_fw_hash_buf[HASH_DER_LEN];
30static unsigned char scp_fw_hash_buf[HASH_DER_LEN];
31static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
32static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
33static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN];
34static unsigned char trusted_world_pk_buf[PK_DER_LEN];
35static unsigned char non_trusted_world_pk_buf[PK_DER_LEN];
36static unsigned char content_pk_buf[PK_DER_LEN];
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]37
38/*
39 * Parameter type descriptors
40 */
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]41static auth_param_type_desc_t trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
42 AUTH_PARAM_NV_CTR, TRUSTED_FW_NVCOUNTER_OID);
43static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
44 AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID);
45
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]46static auth_param_type_desc_t subject_pk = AUTH_PARAM_TYPE_DESC(
47 AUTH_PARAM_PUB_KEY, 0);
48static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC(
49 AUTH_PARAM_SIG, 0);
50static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC(
51 AUTH_PARAM_SIG_ALG, 0);
52static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC(
53 AUTH_PARAM_RAW_DATA, 0);
54
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]55static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC(
56 AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID);
57static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC(
58 AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]59
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]60static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC(
61 AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID);
62static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC(
63 AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID);
64static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC(
65 AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID);
66static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC(
67 AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]68
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]69static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC(
70 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID);
71static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC(
72 AUTH_PARAM_HASH, SCP_FW_HASH_OID);
73static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
74 AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
75static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
76 AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
77static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
78 AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]79static auth_param_type_desc_t scp_bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]80 AUTH_PARAM_HASH, SCP_FWU_CFG_HASH_OID);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]81static auth_param_type_desc_t bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]82 AUTH_PARAM_HASH, AP_FWU_CFG_HASH_OID);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]83static auth_param_type_desc_t ns_bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]84 AUTH_PARAM_HASH, FWU_HASH_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]85
86/*
87 * TBBR Chain of trust definition
88 */
89static const auth_img_desc_t cot_desc[] = {
90 /*
91 * BL2
92 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]93 [TRUSTED_BOOT_FW_CERT_ID] = {
94 .img_id = TRUSTED_BOOT_FW_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]95 .img_type = IMG_CERT,
96 .parent = NULL,
97 .img_auth_methods = {
98 [0] = {
99 .type = AUTH_METHOD_SIG,
100 .param.sig = {
101 .pk = &subject_pk,
102 .sig = &sig,
103 .alg = &sig_alg,
104 .data = &raw_data,
105 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]106 },
107 [1] = {
108 .type = AUTH_METHOD_NV_CTR,
109 .param.nv_ctr = {
110 .cert_nv_ctr = &trusted_nv_ctr,
111 .plat_nv_ctr = &trusted_nv_ctr
112 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]113 }
114 },
115 .authenticated_data = {
116 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]117 .type_desc = &tb_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]118 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]119 .ptr = (void *)tb_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]120 .len = (unsigned int)HASH_DER_LEN
121 }
122 }
123 }
124 },
125 [BL2_IMAGE_ID] = {
126 .img_id = BL2_IMAGE_ID,
127 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]128 .parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]129 .img_auth_methods = {
130 [0] = {
131 .type = AUTH_METHOD_HASH,
132 .param.hash = {
133 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]134 .hash = &tb_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]135 }
136 }
137 }
138 },
139 /*
140 * Trusted key certificate
141 */
142 [TRUSTED_KEY_CERT_ID] = {
143 .img_id = TRUSTED_KEY_CERT_ID,
144 .img_type = IMG_CERT,
145 .parent = NULL,
146 .img_auth_methods = {
147 [0] = {
148 .type = AUTH_METHOD_SIG,
149 .param.sig = {
150 .pk = &subject_pk,
151 .sig = &sig,
152 .alg = &sig_alg,
153 .data = &raw_data,
154 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]155 },
156 [1] = {
157 .type = AUTH_METHOD_NV_CTR,
158 .param.nv_ctr = {
159 .cert_nv_ctr = &trusted_nv_ctr,
160 .plat_nv_ctr = &trusted_nv_ctr
161 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]162 }
163 },
164 .authenticated_data = {
165 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]166 .type_desc = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]167 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]168 .ptr = (void *)trusted_world_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]169 .len = (unsigned int)PK_DER_LEN
170 }
171 },
172 [1] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]173 .type_desc = &non_trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]174 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]175 .ptr = (void *)non_trusted_world_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]176 .len = (unsigned int)PK_DER_LEN
177 }
178 }
179 }
180 },
181 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]182 * SCP Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]183 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]184 [SCP_FW_KEY_CERT_ID] = {
185 .img_id = SCP_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]186 .img_type = IMG_CERT,
187 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
188 .img_auth_methods = {
189 [0] = {
190 .type = AUTH_METHOD_SIG,
191 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]192 .pk = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]193 .sig = &sig,
194 .alg = &sig_alg,
195 .data = &raw_data,
196 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]197 },
198 [1] = {
199 .type = AUTH_METHOD_NV_CTR,
200 .param.nv_ctr = {
201 .cert_nv_ctr = &trusted_nv_ctr,
202 .plat_nv_ctr = &trusted_nv_ctr
203 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]204 }
205 },
206 .authenticated_data = {
207 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]208 .type_desc = &scp_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]209 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]210 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]211 .len = (unsigned int)PK_DER_LEN
212 }
213 }
214 }
215 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]216 [SCP_FW_CONTENT_CERT_ID] = {
217 .img_id = SCP_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]218 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]219 .parent = &cot_desc[SCP_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]220 .img_auth_methods = {
221 [0] = {
222 .type = AUTH_METHOD_SIG,
223 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]224 .pk = &scp_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]225 .sig = &sig,
226 .alg = &sig_alg,
227 .data = &raw_data,
228 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]229 },
230 [1] = {
231 .type = AUTH_METHOD_NV_CTR,
232 .param.nv_ctr = {
233 .cert_nv_ctr = &trusted_nv_ctr,
234 .plat_nv_ctr = &trusted_nv_ctr
235 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]236 }
237 },
238 .authenticated_data = {
239 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]240 .type_desc = &scp_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]241 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]242 .ptr = (void *)scp_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]243 .len = (unsigned int)HASH_DER_LEN
244 }
245 }
246 }
247 },
Juan Castilloa72b6472015-12-10 15:49:17 +0000[diff] [blame]248 [SCP_BL2_IMAGE_ID] = {
249 .img_id = SCP_BL2_IMAGE_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]250 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]251 .parent = &cot_desc[SCP_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]252 .img_auth_methods = {
253 [0] = {
254 .type = AUTH_METHOD_HASH,
255 .param.hash = {
256 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]257 .hash = &scp_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]258 }
259 }
260 }
261 },
262 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]263 * SoC Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]264 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]265 [SOC_FW_KEY_CERT_ID] = {
266 .img_id = SOC_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]267 .img_type = IMG_CERT,
268 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
269 .img_auth_methods = {
270 [0] = {
271 .type = AUTH_METHOD_SIG,
272 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]273 .pk = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]274 .sig = &sig,
275 .alg = &sig_alg,
276 .data = &raw_data,
277 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]278 },
279 [1] = {
280 .type = AUTH_METHOD_NV_CTR,
281 .param.nv_ctr = {
282 .cert_nv_ctr = &trusted_nv_ctr,
283 .plat_nv_ctr = &trusted_nv_ctr
284 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]285 }
286 },
287 .authenticated_data = {
288 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]289 .type_desc = &soc_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]290 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]291 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]292 .len = (unsigned int)PK_DER_LEN
293 }
294 }
295 }
296 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]297 [SOC_FW_CONTENT_CERT_ID] = {
298 .img_id = SOC_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]299 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]300 .parent = &cot_desc[SOC_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]301 .img_auth_methods = {
302 [0] = {
303 .type = AUTH_METHOD_SIG,
304 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]305 .pk = &soc_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]306 .sig = &sig,
307 .alg = &sig_alg,
308 .data = &raw_data,
309 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]310 },
311 [1] = {
312 .type = AUTH_METHOD_NV_CTR,
313 .param.nv_ctr = {
314 .cert_nv_ctr = &trusted_nv_ctr,
315 .plat_nv_ctr = &trusted_nv_ctr
316 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]317 }
318 },
319 .authenticated_data = {
320 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]321 .type_desc = &soc_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]322 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]323 .ptr = (void *)soc_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]324 .len = (unsigned int)HASH_DER_LEN
325 }
326 }
327 }
328 },
329 [BL31_IMAGE_ID] = {
330 .img_id = BL31_IMAGE_ID,
331 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]332 .parent = &cot_desc[SOC_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]333 .img_auth_methods = {
334 [0] = {
335 .type = AUTH_METHOD_HASH,
336 .param.hash = {
337 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]338 .hash = &soc_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]339 }
340 }
341 }
342 },
343 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]344 * Trusted OS Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]345 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]346 [TRUSTED_OS_FW_KEY_CERT_ID] = {
347 .img_id = TRUSTED_OS_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]348 .img_type = IMG_CERT,
349 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
350 .img_auth_methods = {
351 [0] = {
352 .type = AUTH_METHOD_SIG,
353 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]354 .pk = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]355 .sig = &sig,
356 .alg = &sig_alg,
357 .data = &raw_data,
358 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]359 },
360 [1] = {
361 .type = AUTH_METHOD_NV_CTR,
362 .param.nv_ctr = {
363 .cert_nv_ctr = &trusted_nv_ctr,
364 .plat_nv_ctr = &trusted_nv_ctr
365 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]366 }
367 },
368 .authenticated_data = {
369 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]370 .type_desc = &tos_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]371 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]372 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]373 .len = (unsigned int)PK_DER_LEN
374 }
375 }
376 }
377 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]378 [TRUSTED_OS_FW_CONTENT_CERT_ID] = {
379 .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]380 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]381 .parent = &cot_desc[TRUSTED_OS_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]382 .img_auth_methods = {
383 [0] = {
384 .type = AUTH_METHOD_SIG,
385 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]386 .pk = &tos_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]387 .sig = &sig,
388 .alg = &sig_alg,
389 .data = &raw_data,
390 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]391 },
392 [1] = {
393 .type = AUTH_METHOD_NV_CTR,
394 .param.nv_ctr = {
395 .cert_nv_ctr = &trusted_nv_ctr,
396 .plat_nv_ctr = &trusted_nv_ctr
397 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]398 }
399 },
400 .authenticated_data = {
401 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]402 .type_desc = &tos_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]403 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]404 .ptr = (void *)tos_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]405 .len = (unsigned int)HASH_DER_LEN
406 }
407 }
408 }
409 },
410 [BL32_IMAGE_ID] = {
411 .img_id = BL32_IMAGE_ID,
412 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]413 .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]414 .img_auth_methods = {
415 [0] = {
416 .type = AUTH_METHOD_HASH,
417 .param.hash = {
418 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]419 .hash = &tos_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]420 }
421 }
422 }
423 },
424 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]425 * Non-Trusted Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]426 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]427 [NON_TRUSTED_FW_KEY_CERT_ID] = {
428 .img_id = NON_TRUSTED_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]429 .img_type = IMG_CERT,
430 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
431 .img_auth_methods = {
432 [0] = {
433 .type = AUTH_METHOD_SIG,
434 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]435 .pk = &non_trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]436 .sig = &sig,
437 .alg = &sig_alg,
438 .data = &raw_data,
439 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]440 },
441 [1] = {
442 .type = AUTH_METHOD_NV_CTR,
443 .param.nv_ctr = {
444 .cert_nv_ctr = &non_trusted_nv_ctr,
445 .plat_nv_ctr = &non_trusted_nv_ctr
446 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]447 }
448 },
449 .authenticated_data = {
450 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]451 .type_desc = &nt_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]452 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]453 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]454 .len = (unsigned int)PK_DER_LEN
455 }
456 }
457 }
458 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]459 [NON_TRUSTED_FW_CONTENT_CERT_ID] = {
460 .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]461 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]462 .parent = &cot_desc[NON_TRUSTED_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]463 .img_auth_methods = {
464 [0] = {
465 .type = AUTH_METHOD_SIG,
466 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]467 .pk = &nt_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]468 .sig = &sig,
469 .alg = &sig_alg,
470 .data = &raw_data,
471 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]472 },
473 [1] = {
474 .type = AUTH_METHOD_NV_CTR,
475 .param.nv_ctr = {
476 .cert_nv_ctr = &non_trusted_nv_ctr,
477 .plat_nv_ctr = &non_trusted_nv_ctr
478 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]479 }
480 },
481 .authenticated_data = {
482 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]483 .type_desc = &nt_world_bl_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]484 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]485 .ptr = (void *)nt_world_bl_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]486 .len = (unsigned int)HASH_DER_LEN
487 }
488 }
489 }
490 },
491 [BL33_IMAGE_ID] = {
492 .img_id = BL33_IMAGE_ID,
493 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]494 .parent = &cot_desc[NON_TRUSTED_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]495 .img_auth_methods = {
496 [0] = {
497 .type = AUTH_METHOD_HASH,
498 .param.hash = {
499 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]500 .hash = &nt_world_bl_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]501 }
502 }
503 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]504 },
505 /*
506 * FWU auth descriptor.
507 */
508 [FWU_CERT_ID] = {
509 .img_id = FWU_CERT_ID,
510 .img_type = IMG_CERT,
511 .parent = NULL,
512 .img_auth_methods = {
513 [0] = {
514 .type = AUTH_METHOD_SIG,
515 .param.sig = {
516 .pk = &subject_pk,
517 .sig = &sig,
518 .alg = &sig_alg,
519 .data = &raw_data,
520 }
521 }
522 },
523 .authenticated_data = {
524 [0] = {
525 .type_desc = &scp_bl2u_hash,
526 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]527 .ptr = (void *)scp_fw_hash_buf,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]528 .len = (unsigned int)HASH_DER_LEN
529 }
530 },
531 [1] = {
532 .type_desc = &bl2u_hash,
533 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]534 .ptr = (void *)tb_fw_hash_buf,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]535 .len = (unsigned int)HASH_DER_LEN
536 }
537 },
538 [2] = {
539 .type_desc = &ns_bl2u_hash,
540 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]541 .ptr = (void *)nt_world_bl_hash_buf,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]542 .len = (unsigned int)HASH_DER_LEN
543 }
544 }
545 }
546 },
547 /*
548 * SCP_BL2U
549 */
550 [SCP_BL2U_IMAGE_ID] = {
551 .img_id = SCP_BL2U_IMAGE_ID,
552 .img_type = IMG_RAW,
553 .parent = &cot_desc[FWU_CERT_ID],
554 .img_auth_methods = {
555 [0] = {
556 .type = AUTH_METHOD_HASH,
557 .param.hash = {
558 .data = &raw_data,
559 .hash = &scp_bl2u_hash,
560 }
561 }
562 }
563 },
564 /*
565 * BL2U
566 */
567 [BL2U_IMAGE_ID] = {
568 .img_id = BL2U_IMAGE_ID,
569 .img_type = IMG_RAW,
570 .parent = &cot_desc[FWU_CERT_ID],
571 .img_auth_methods = {
572 [0] = {
573 .type = AUTH_METHOD_HASH,
574 .param.hash = {
575 .data = &raw_data,
576 .hash = &bl2u_hash,
577 }
578 }
579 }
580 },
581 /*
582 * NS_BL2U
583 */
584 [NS_BL2U_IMAGE_ID] = {
585 .img_id = NS_BL2U_IMAGE_ID,
586 .img_type = IMG_RAW,
587 .parent = &cot_desc[FWU_CERT_ID],
588 .img_auth_methods = {
589 [0] = {
590 .type = AUTH_METHOD_HASH,
591 .param.hash = {
592 .data = &raw_data,
593 .hash = &ns_bl2u_hash,
594 }
595 }
596 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]597 }
598};
599
600/* Register the CoT in the authentication module */
601REGISTER_COT(cot_desc);