Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / d4c92a82211313bfc55ef45cb4f6f02ee702c910 / . / drivers / auth / tbbr / tbbr_cot_bl2.c
blob: 8dccaeceaf0b002dcd3d9060b7af60d885dbe502 [file] [log] [blame]
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]1/*
Manish V Badarkhed4c92a82024-06-05 10:20:36 +0100[diff] [blame^]2 * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]3 *
dp-armfa3cf0b2017-05-03 09:38:09 +0100[diff] [blame]4 * SPDX-License-Identifier: BSD-3-Clause
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]5 */
6
Isla Mitchell99305012017-07-11 14:54:08 +0100[diff] [blame]7#include <stddef.h>
8
Govindraj Raja9c7dfb02023-01-11 18:34:58 +0000[diff] [blame]9#include <mbedtls/version.h>
Antonio Nino Diaze0f90632018-12-14 00:18:21 +0000[diff] [blame]10
11#include <drivers/auth/auth_mod.h>
Manish V Badarkhe043fd622020-05-16 16:36:39 +0100[diff] [blame]12#include <drivers/auth/tbbr_cot_common.h>
Govindraj Raja9c7dfb02023-01-11 18:34:58 +0000[diff] [blame]13
Masahiro Yamadaa27c1662017-05-22 12:11:24 +0900[diff] [blame]14#if USE_TBBR_DEFS
Antonio Nino Diaze0f90632018-12-14 00:18:21 +0000[diff] [blame]15#include <tools_share/tbbr_oid.h>
Masahiro Yamadaa27c1662017-05-22 12:11:24 +0900[diff] [blame]16#else
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]17#include <platform_oid.h>
Masahiro Yamadaa27c1662017-05-22 12:11:24 +0900[diff] [blame]18#endif
Isla Mitchell99305012017-07-11 14:54:08 +0100[diff] [blame]19
Govindraj Raja9c7dfb02023-01-11 18:34:58 +0000[diff] [blame]20#include <platform_def.h>
21
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]22static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
23static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
Summer Qin80726782017-04-20 16:28:39 +0100[diff] [blame]24static unsigned char tos_fw_extra1_hash_buf[HASH_DER_LEN];
25static unsigned char tos_fw_extra2_hash_buf[HASH_DER_LEN];
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]26static unsigned char trusted_world_pk_buf[PK_DER_LEN];
27static unsigned char non_trusted_world_pk_buf[PK_DER_LEN];
28static unsigned char content_pk_buf[PK_DER_LEN];
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]29static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN];
30static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN];
31static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN];
Manish Pandeyceea9992020-06-10 16:19:53 +0100[diff] [blame]32#if defined(SPD_spmd)
33static unsigned char sp_pkg_hash_buf[MAX_SP_IDS][HASH_DER_LEN];
34#endif /* SPD_spmd */
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]35
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]36static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
37 AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID);
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]38static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC(
39 AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID);
40static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC(
41 AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID);
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]42static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC(
43 AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID);
44static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC(
45 AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID);
46static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC(
47 AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID);
48static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC(
49 AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID);
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]50static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC(
51 AUTH_PARAM_HASH, SCP_FW_HASH_OID);
52static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
53 AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]54static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC(
55 AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID);
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]56static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
57 AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]58static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC(
59 AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID);
Summer Qin80726782017-04-20 16:28:39 +0100[diff] [blame]60static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC(
61 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID);
62static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC(
63 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID);
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]64static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
65 AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]66static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC(
67 AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID);
Manish Pandeyceea9992020-06-10 16:19:53 +0100[diff] [blame]68#if defined(SPD_spmd)
69static auth_param_type_desc_t sp_pkg1_hash = AUTH_PARAM_TYPE_DESC(
70 AUTH_PARAM_HASH, SP_PKG1_HASH_OID);
71static auth_param_type_desc_t sp_pkg2_hash = AUTH_PARAM_TYPE_DESC(
72 AUTH_PARAM_HASH, SP_PKG2_HASH_OID);
73static auth_param_type_desc_t sp_pkg3_hash = AUTH_PARAM_TYPE_DESC(
74 AUTH_PARAM_HASH, SP_PKG3_HASH_OID);
75static auth_param_type_desc_t sp_pkg4_hash = AUTH_PARAM_TYPE_DESC(
76 AUTH_PARAM_HASH, SP_PKG4_HASH_OID);
77static auth_param_type_desc_t sp_pkg5_hash = AUTH_PARAM_TYPE_DESC(
78 AUTH_PARAM_HASH, SP_PKG5_HASH_OID);
79static auth_param_type_desc_t sp_pkg6_hash = AUTH_PARAM_TYPE_DESC(
80 AUTH_PARAM_HASH, SP_PKG6_HASH_OID);
81static auth_param_type_desc_t sp_pkg7_hash = AUTH_PARAM_TYPE_DESC(
82 AUTH_PARAM_HASH, SP_PKG7_HASH_OID);
83static auth_param_type_desc_t sp_pkg8_hash = AUTH_PARAM_TYPE_DESC(
84 AUTH_PARAM_HASH, SP_PKG8_HASH_OID);
85#endif /* SPD_spmd */
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]86
Manish V Badarkhed4c92a82024-06-05 10:20:36 +0100[diff] [blame^]87/* HW Config */
88static const auth_img_desc_t hw_config = {
89 .img_id = HW_CONFIG_ID,
90 .img_type = IMG_RAW,
91 .parent = &trusted_boot_fw_cert,
92 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
93 [0] = {
94 .type = AUTH_METHOD_HASH,
95 .param.hash = {
96 .data = &raw_data,
97 .hash = &hw_config_hash
98 }
99 }
100 }
101};
102
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]103/*
104 * Trusted key certificate
105 */
106static const auth_img_desc_t trusted_key_cert = {
107 .img_id = TRUSTED_KEY_CERT_ID,
108 .img_type = IMG_CERT,
109 .parent = NULL,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]110 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]111 [0] = {
112 .type = AUTH_METHOD_SIG,
113 .param.sig = {
114 .pk = &subject_pk,
115 .sig = &sig,
116 .alg = &sig_alg,
117 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]118 }
119 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]120 [1] = {
121 .type = AUTH_METHOD_NV_CTR,
122 .param.nv_ctr = {
123 .cert_nv_ctr = &trusted_nv_ctr,
124 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]125 }
126 }
127 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]128 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]129 [0] = {
130 .type_desc = &trusted_world_pk,
131 .data = {
132 .ptr = (void *)trusted_world_pk_buf,
133 .len = (unsigned int)PK_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]134 }
135 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]136 [1] = {
137 .type_desc = &non_trusted_world_pk,
138 .data = {
139 .ptr = (void *)non_trusted_world_pk_buf,
140 .len = (unsigned int)PK_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]141 }
142 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]143 }
144};
145/*
146 * SCP Firmware
147 */
148static const auth_img_desc_t scp_fw_key_cert = {
149 .img_id = SCP_FW_KEY_CERT_ID,
150 .img_type = IMG_CERT,
151 .parent = &trusted_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]152 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]153 [0] = {
154 .type = AUTH_METHOD_SIG,
155 .param.sig = {
156 .pk = &trusted_world_pk,
157 .sig = &sig,
158 .alg = &sig_alg,
159 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]160 }
161 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]162 [1] = {
163 .type = AUTH_METHOD_NV_CTR,
164 .param.nv_ctr = {
165 .cert_nv_ctr = &trusted_nv_ctr,
166 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]167 }
168 }
169 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]170 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]171 [0] = {
172 .type_desc = &scp_fw_content_pk,
173 .data = {
174 .ptr = (void *)content_pk_buf,
175 .len = (unsigned int)PK_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]176 }
177 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]178 }
179};
180static const auth_img_desc_t scp_fw_content_cert = {
181 .img_id = SCP_FW_CONTENT_CERT_ID,
182 .img_type = IMG_CERT,
183 .parent = &scp_fw_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]184 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]185 [0] = {
186 .type = AUTH_METHOD_SIG,
187 .param.sig = {
188 .pk = &scp_fw_content_pk,
189 .sig = &sig,
190 .alg = &sig_alg,
191 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]192 }
193 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]194 [1] = {
195 .type = AUTH_METHOD_NV_CTR,
196 .param.nv_ctr = {
197 .cert_nv_ctr = &trusted_nv_ctr,
198 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]199 }
200 }
201 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]202 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]203 [0] = {
204 .type_desc = &scp_fw_hash,
205 .data = {
206 .ptr = (void *)scp_fw_hash_buf,
207 .len = (unsigned int)HASH_DER_LEN
208 }
209 }
210 }
211};
212static const auth_img_desc_t scp_bl2_image = {
213 .img_id = SCP_BL2_IMAGE_ID,
214 .img_type = IMG_RAW,
215 .parent = &scp_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]216 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]217 [0] = {
218 .type = AUTH_METHOD_HASH,
219 .param.hash = {
220 .data = &raw_data,
221 .hash = &scp_fw_hash
222 }
223 }
224 }
225};
226/*
227 * SoC Firmware
228 */
229static const auth_img_desc_t soc_fw_key_cert = {
230 .img_id = SOC_FW_KEY_CERT_ID,
231 .img_type = IMG_CERT,
232 .parent = &trusted_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]233 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]234 [0] = {
235 .type = AUTH_METHOD_SIG,
236 .param.sig = {
237 .pk = &trusted_world_pk,
238 .sig = &sig,
239 .alg = &sig_alg,
240 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]241 }
242 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]243 [1] = {
244 .type = AUTH_METHOD_NV_CTR,
245 .param.nv_ctr = {
246 .cert_nv_ctr = &trusted_nv_ctr,
247 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]248 }
249 }
250 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]251 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]252 [0] = {
253 .type_desc = &soc_fw_content_pk,
254 .data = {
255 .ptr = (void *)content_pk_buf,
256 .len = (unsigned int)PK_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]257 }
258 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]259 }
260};
261static const auth_img_desc_t soc_fw_content_cert = {
262 .img_id = SOC_FW_CONTENT_CERT_ID,
263 .img_type = IMG_CERT,
264 .parent = &soc_fw_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]265 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]266 [0] = {
267 .type = AUTH_METHOD_SIG,
268 .param.sig = {
269 .pk = &soc_fw_content_pk,
270 .sig = &sig,
271 .alg = &sig_alg,
272 .data = &raw_data
273 }
274 },
275 [1] = {
276 .type = AUTH_METHOD_NV_CTR,
277 .param.nv_ctr = {
278 .cert_nv_ctr = &trusted_nv_ctr,
279 .plat_nv_ctr = &trusted_nv_ctr
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]280 }
281 }
282 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]283 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]284 [0] = {
285 .type_desc = &soc_fw_hash,
286 .data = {
287 .ptr = (void *)soc_fw_hash_buf,
288 .len = (unsigned int)HASH_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]289 }
290 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]291 [1] = {
292 .type_desc = &soc_fw_config_hash,
293 .data = {
294 .ptr = (void *)soc_fw_config_hash_buf,
295 .len = (unsigned int)HASH_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]296 }
297 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]298 }
299};
300static const auth_img_desc_t bl31_image = {
301 .img_id = BL31_IMAGE_ID,
302 .img_type = IMG_RAW,
303 .parent = &soc_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]304 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]305 [0] = {
306 .type = AUTH_METHOD_HASH,
307 .param.hash = {
308 .data = &raw_data,
309 .hash = &soc_fw_hash
310 }
311 }
312 }
313};
314/* SOC FW Config */
315static const auth_img_desc_t soc_fw_config = {
316 .img_id = SOC_FW_CONFIG_ID,
317 .img_type = IMG_RAW,
318 .parent = &soc_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]319 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]320 [0] = {
321 .type = AUTH_METHOD_HASH,
322 .param.hash = {
323 .data = &raw_data,
324 .hash = &soc_fw_config_hash
325 }
326 }
327 }
328};
329/*
330 * Trusted OS Firmware
331 */
332static const auth_img_desc_t trusted_os_fw_key_cert = {
333 .img_id = TRUSTED_OS_FW_KEY_CERT_ID,
334 .img_type = IMG_CERT,
335 .parent = &trusted_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]336 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]337 [0] = {
338 .type = AUTH_METHOD_SIG,
339 .param.sig = {
340 .pk = &trusted_world_pk,
341 .sig = &sig,
342 .alg = &sig_alg,
343 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]344 }
345 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]346 [1] = {
347 .type = AUTH_METHOD_NV_CTR,
348 .param.nv_ctr = {
349 .cert_nv_ctr = &trusted_nv_ctr,
350 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]351 }
352 }
353 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]354 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]355 [0] = {
356 .type_desc = &tos_fw_content_pk,
357 .data = {
358 .ptr = (void *)content_pk_buf,
359 .len = (unsigned int)PK_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]360 }
361 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]362 }
363};
364static const auth_img_desc_t trusted_os_fw_content_cert = {
365 .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
366 .img_type = IMG_CERT,
367 .parent = &trusted_os_fw_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]368 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]369 [0] = {
370 .type = AUTH_METHOD_SIG,
371 .param.sig = {
372 .pk = &tos_fw_content_pk,
373 .sig = &sig,
374 .alg = &sig_alg,
375 .data = &raw_data
376 }
377 },
378 [1] = {
379 .type = AUTH_METHOD_NV_CTR,
380 .param.nv_ctr = {
381 .cert_nv_ctr = &trusted_nv_ctr,
382 .plat_nv_ctr = &trusted_nv_ctr
Summer Qin80726782017-04-20 16:28:39 +0100[diff] [blame]383 }
384 }
385 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]386 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]387 [0] = {
388 .type_desc = &tos_fw_hash,
389 .data = {
390 .ptr = (void *)tos_fw_hash_buf,
391 .len = (unsigned int)HASH_DER_LEN
392 }
393 },
394 [1] = {
395 .type_desc = &tos_fw_extra1_hash,
396 .data = {
397 .ptr = (void *)tos_fw_extra1_hash_buf,
398 .len = (unsigned int)HASH_DER_LEN
399 }
400 },
401 [2] = {
402 .type_desc = &tos_fw_extra2_hash,
403 .data = {
404 .ptr = (void *)tos_fw_extra2_hash_buf,
405 .len = (unsigned int)HASH_DER_LEN
406 }
407 },
408 [3] = {
409 .type_desc = &tos_fw_config_hash,
410 .data = {
411 .ptr = (void *)tos_fw_config_hash_buf,
412 .len = (unsigned int)HASH_DER_LEN
Summer Qin80726782017-04-20 16:28:39 +0100[diff] [blame]413 }
414 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]415 }
416};
417static const auth_img_desc_t bl32_image = {
418 .img_id = BL32_IMAGE_ID,
419 .img_type = IMG_RAW,
420 .parent = &trusted_os_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]421 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]422 [0] = {
423 .type = AUTH_METHOD_HASH,
424 .param.hash = {
425 .data = &raw_data,
426 .hash = &tos_fw_hash
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]427 }
428 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]429 }
430};
431static const auth_img_desc_t bl32_extra1_image = {
432 .img_id = BL32_EXTRA1_IMAGE_ID,
433 .img_type = IMG_RAW,
434 .parent = &trusted_os_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]435 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]436 [0] = {
437 .type = AUTH_METHOD_HASH,
438 .param.hash = {
439 .data = &raw_data,
440 .hash = &tos_fw_extra1_hash
441 }
442 }
443 }
444};
445static const auth_img_desc_t bl32_extra2_image = {
446 .img_id = BL32_EXTRA2_IMAGE_ID,
447 .img_type = IMG_RAW,
448 .parent = &trusted_os_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]449 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]450 [0] = {
451 .type = AUTH_METHOD_HASH,
452 .param.hash = {
453 .data = &raw_data,
454 .hash = &tos_fw_extra2_hash
455 }
456 }
457 }
458};
459/* TOS FW Config */
460static const auth_img_desc_t tos_fw_config = {
461 .img_id = TOS_FW_CONFIG_ID,
462 .img_type = IMG_RAW,
463 .parent = &trusted_os_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]464 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]465 [0] = {
466 .type = AUTH_METHOD_HASH,
467 .param.hash = {
468 .data = &raw_data,
469 .hash = &tos_fw_config_hash
470 }
471 }
472 }
473};
474/*
475 * Non-Trusted Firmware
476 */
477static const auth_img_desc_t non_trusted_fw_key_cert = {
478 .img_id = NON_TRUSTED_FW_KEY_CERT_ID,
479 .img_type = IMG_CERT,
480 .parent = &trusted_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]481 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]482 [0] = {
483 .type = AUTH_METHOD_SIG,
484 .param.sig = {
485 .pk = &non_trusted_world_pk,
486 .sig = &sig,
487 .alg = &sig_alg,
488 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]489 }
490 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]491 [1] = {
492 .type = AUTH_METHOD_NV_CTR,
493 .param.nv_ctr = {
494 .cert_nv_ctr = &non_trusted_nv_ctr,
495 .plat_nv_ctr = &non_trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]496 }
497 }
498 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]499 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]500 [0] = {
501 .type_desc = &nt_fw_content_pk,
502 .data = {
503 .ptr = (void *)content_pk_buf,
504 .len = (unsigned int)PK_DER_LEN
505 }
506 }
507 }
508};
509static const auth_img_desc_t non_trusted_fw_content_cert = {
510 .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
511 .img_type = IMG_CERT,
512 .parent = &non_trusted_fw_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]513 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]514 [0] = {
515 .type = AUTH_METHOD_SIG,
516 .param.sig = {
517 .pk = &nt_fw_content_pk,
518 .sig = &sig,
519 .alg = &sig_alg,
520 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]521 }
522 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]523 [1] = {
524 .type = AUTH_METHOD_NV_CTR,
525 .param.nv_ctr = {
526 .cert_nv_ctr = &non_trusted_nv_ctr,
527 .plat_nv_ctr = &non_trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]528 }
529 }
530 },
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]531 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]532 [0] = {
533 .type_desc = &nt_world_bl_hash,
534 .data = {
535 .ptr = (void *)nt_world_bl_hash_buf,
536 .len = (unsigned int)HASH_DER_LEN
537 }
538 },
539 [1] = {
540 .type_desc = &nt_fw_config_hash,
541 .data = {
542 .ptr = (void *)nt_fw_config_hash_buf,
543 .len = (unsigned int)HASH_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]544 }
545 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]546 }
547};
548static const auth_img_desc_t bl33_image = {
549 .img_id = BL33_IMAGE_ID,
550 .img_type = IMG_RAW,
551 .parent = &non_trusted_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]552 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]553 [0] = {
554 .type = AUTH_METHOD_HASH,
555 .param.hash = {
556 .data = &raw_data,
557 .hash = &nt_world_bl_hash
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]558 }
559 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]560 }
561};
562/* NT FW Config */
563static const auth_img_desc_t nt_fw_config = {
564 .img_id = NT_FW_CONFIG_ID,
565 .img_type = IMG_RAW,
566 .parent = &non_trusted_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000[diff] [blame]567 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]568 [0] = {
569 .type = AUTH_METHOD_HASH,
570 .param.hash = {
571 .data = &raw_data,
572 .hash = &nt_fw_config_hash
573 }
574 }
575 }
576};
Manish Pandeyceea9992020-06-10 16:19:53 +0100[diff] [blame]577/* Secure Partitions */
578#if defined(SPD_spmd)
Manish Pandeyd07d0172020-07-23 16:54:30 +0100[diff] [blame]579static const auth_img_desc_t sip_sp_content_cert = {
580 .img_id = SIP_SP_CONTENT_CERT_ID,
Manish Pandeyceea9992020-06-10 16:19:53 +0100[diff] [blame]581 .img_type = IMG_CERT,
582 .parent = &trusted_key_cert,
583 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
584 [0] = {
585 .type = AUTH_METHOD_SIG,
586 .param.sig = {
587 .pk = &trusted_world_pk,
588 .sig = &sig,
589 .alg = &sig_alg,
590 .data = &raw_data
591 }
592 },
593 [1] = {
594 .type = AUTH_METHOD_NV_CTR,
595 .param.nv_ctr = {
596 .cert_nv_ctr = &trusted_nv_ctr,
597 .plat_nv_ctr = &trusted_nv_ctr
598 }
599 }
600 },
601 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
602 [0] = {
603 .type_desc = &sp_pkg1_hash,
604 .data = {
605 .ptr = (void *)sp_pkg_hash_buf[0],
606 .len = (unsigned int)HASH_DER_LEN
607 }
608 },
609 [1] = {
610 .type_desc = &sp_pkg2_hash,
611 .data = {
612 .ptr = (void *)sp_pkg_hash_buf[1],
613 .len = (unsigned int)HASH_DER_LEN
614 }
615 },
616 [2] = {
617 .type_desc = &sp_pkg3_hash,
618 .data = {
619 .ptr = (void *)sp_pkg_hash_buf[2],
620 .len = (unsigned int)HASH_DER_LEN
621 }
622 },
623 [3] = {
624 .type_desc = &sp_pkg4_hash,
625 .data = {
626 .ptr = (void *)sp_pkg_hash_buf[3],
627 .len = (unsigned int)HASH_DER_LEN
628 }
629 },
630 [4] = {
631 .type_desc = &sp_pkg5_hash,
632 .data = {
633 .ptr = (void *)sp_pkg_hash_buf[4],
634 .len = (unsigned int)HASH_DER_LEN
635 }
636 },
637 [5] = {
638 .type_desc = &sp_pkg6_hash,
639 .data = {
640 .ptr = (void *)sp_pkg_hash_buf[5],
641 .len = (unsigned int)HASH_DER_LEN
642 }
643 },
644 [6] = {
645 .type_desc = &sp_pkg7_hash,
646 .data = {
647 .ptr = (void *)sp_pkg_hash_buf[6],
648 .len = (unsigned int)HASH_DER_LEN
649 }
650 },
651 [7] = {
652 .type_desc = &sp_pkg8_hash,
653 .data = {
654 .ptr = (void *)sp_pkg_hash_buf[7],
655 .len = (unsigned int)HASH_DER_LEN
656 }
657 }
658 }
659};
660
Manish Pandeyd07d0172020-07-23 16:54:30 +0100[diff] [blame]661DEFINE_SIP_SP_PKG(1);
662DEFINE_SIP_SP_PKG(2);
663DEFINE_SIP_SP_PKG(3);
664DEFINE_SIP_SP_PKG(4);
665DEFINE_SIP_SP_PKG(5);
666DEFINE_SIP_SP_PKG(6);
667DEFINE_SIP_SP_PKG(7);
668DEFINE_SIP_SP_PKG(8);
Manish Pandeyceea9992020-06-10 16:19:53 +0100[diff] [blame]669#endif /* SPD_spmd */
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]670
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]671static const auth_img_desc_t * const cot_desc[] = {
672 [TRUSTED_BOOT_FW_CERT_ID] = &trusted_boot_fw_cert,
Joel Huttone9919bb2019-02-20 11:56:46 +0000[diff] [blame]673 [HW_CONFIG_ID] = &hw_config,
674 [TRUSTED_KEY_CERT_ID] = &trusted_key_cert,
675 [SCP_FW_KEY_CERT_ID] = &scp_fw_key_cert,
676 [SCP_FW_CONTENT_CERT_ID] = &scp_fw_content_cert,
677 [SCP_BL2_IMAGE_ID] = &scp_bl2_image,
678 [SOC_FW_KEY_CERT_ID] = &soc_fw_key_cert,
679 [SOC_FW_CONTENT_CERT_ID] = &soc_fw_content_cert,
680 [BL31_IMAGE_ID] = &bl31_image,
681 [SOC_FW_CONFIG_ID] = &soc_fw_config,
682 [TRUSTED_OS_FW_KEY_CERT_ID] = &trusted_os_fw_key_cert,
683 [TRUSTED_OS_FW_CONTENT_CERT_ID] = &trusted_os_fw_content_cert,
684 [BL32_IMAGE_ID] = &bl32_image,
685 [BL32_EXTRA1_IMAGE_ID] = &bl32_extra1_image,
686 [BL32_EXTRA2_IMAGE_ID] = &bl32_extra2_image,
687 [TOS_FW_CONFIG_ID] = &tos_fw_config,
688 [NON_TRUSTED_FW_KEY_CERT_ID] = &non_trusted_fw_key_cert,
689 [NON_TRUSTED_FW_CONTENT_CERT_ID] = &non_trusted_fw_content_cert,
690 [BL33_IMAGE_ID] = &bl33_image,
691 [NT_FW_CONFIG_ID] = &nt_fw_config,
Manish Pandeyceea9992020-06-10 16:19:53 +0100[diff] [blame]692#if defined(SPD_spmd)
Manish Pandeyd07d0172020-07-23 16:54:30 +0100[diff] [blame]693 [SIP_SP_CONTENT_CERT_ID] = &sip_sp_content_cert,
694 [SP_PKG1_ID] = &sp_pkg1,
695 [SP_PKG2_ID] = &sp_pkg2,
696 [SP_PKG3_ID] = &sp_pkg3,
697 [SP_PKG4_ID] = &sp_pkg4,
698 [SP_PKG5_ID] = &sp_pkg5,
699 [SP_PKG6_ID] = &sp_pkg6,
700 [SP_PKG7_ID] = &sp_pkg7,
701 [SP_PKG8_ID] = &sp_pkg8,
Manish Pandeyceea9992020-06-10 16:19:53 +0100[diff] [blame]702#endif
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]703};
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]704
705/* Register the CoT in the authentication module */
706REGISTER_COT(cot_desc);