blob: 63c18fae034f23b0754b3a64ad7a0450215e3b46 [file] [log] [blame]
Juan Castillo9b265a82015-05-07 14:52:44 +01001/*
Sandrine Bailleux41477e72020-02-17 13:41:59 +01002 * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
Juan Castillo9b265a82015-05-07 14:52:44 +01003 *
dp-armfa3cf0b2017-05-03 09:38:09 +01004 * SPDX-License-Identifier: BSD-3-Clause
Juan Castillo9b265a82015-05-07 14:52:44 +01005 */
6
Isla Mitchell99305012017-07-11 14:54:08 +01007#include <stddef.h>
8
Antonio Nino Diaze0f90632018-12-14 00:18:21 +00009#include <platform_def.h>
Justin Chadwellf9b32c12019-07-29 17:13:10 +010010#include <drivers/auth/mbedtls/mbedtls_config.h>
Antonio Nino Diaze0f90632018-12-14 00:18:21 +000011
12#include <drivers/auth/auth_mod.h>
Manish V Badarkhe043fd622020-05-16 16:36:39 +010013#include <drivers/auth/tbbr_cot_common.h>
Masahiro Yamadaa27c1662017-05-22 12:11:24 +090014#if USE_TBBR_DEFS
Antonio Nino Diaze0f90632018-12-14 00:18:21 +000015#include <tools_share/tbbr_oid.h>
Masahiro Yamadaa27c1662017-05-22 12:11:24 +090016#else
Juan Castillo9b265a82015-05-07 14:52:44 +010017#include <platform_oid.h>
Masahiro Yamadaa27c1662017-05-22 12:11:24 +090018#endif
Isla Mitchell99305012017-07-11 14:54:08 +010019
Juan Castillobe801202015-12-03 10:19:21 +000020static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
21static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
Summer Qin80726782017-04-20 16:28:39 +010022static unsigned char tos_fw_extra1_hash_buf[HASH_DER_LEN];
23static unsigned char tos_fw_extra2_hash_buf[HASH_DER_LEN];
Juan Castillobe801202015-12-03 10:19:21 +000024static unsigned char trusted_world_pk_buf[PK_DER_LEN];
25static unsigned char non_trusted_world_pk_buf[PK_DER_LEN];
26static unsigned char content_pk_buf[PK_DER_LEN];
Soby Mathew2bb78d32018-03-29 14:29:55 +010027static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN];
28static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN];
29static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN];
Manish Pandeyceea9992020-06-10 16:19:53 +010030#if defined(SPD_spmd)
31static unsigned char sp_pkg_hash_buf[MAX_SP_IDS][HASH_DER_LEN];
32#endif /* SPD_spmd */
Joel Huttone9919bb2019-02-20 11:56:46 +000033
Joel Huttone9919bb2019-02-20 11:56:46 +000034static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
35 AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID);
Juan Castillobe801202015-12-03 10:19:21 +000036static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC(
37 AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID);
38static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC(
39 AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID);
Juan Castillobe801202015-12-03 10:19:21 +000040static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC(
41 AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID);
42static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC(
43 AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID);
44static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC(
45 AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID);
46static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC(
47 AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID);
Juan Castillobe801202015-12-03 10:19:21 +000048static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC(
49 AUTH_PARAM_HASH, SCP_FW_HASH_OID);
50static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
51 AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
Soby Mathew2bb78d32018-03-29 14:29:55 +010052static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC(
53 AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID);
Juan Castillobe801202015-12-03 10:19:21 +000054static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
55 AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
Soby Mathew2bb78d32018-03-29 14:29:55 +010056static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC(
57 AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID);
Summer Qin80726782017-04-20 16:28:39 +010058static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC(
59 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID);
60static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC(
61 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID);
Juan Castillobe801202015-12-03 10:19:21 +000062static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
63 AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
Soby Mathew2bb78d32018-03-29 14:29:55 +010064static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC(
65 AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID);
Manish Pandeyceea9992020-06-10 16:19:53 +010066#if defined(SPD_spmd)
67static auth_param_type_desc_t sp_pkg1_hash = AUTH_PARAM_TYPE_DESC(
68 AUTH_PARAM_HASH, SP_PKG1_HASH_OID);
69static auth_param_type_desc_t sp_pkg2_hash = AUTH_PARAM_TYPE_DESC(
70 AUTH_PARAM_HASH, SP_PKG2_HASH_OID);
71static auth_param_type_desc_t sp_pkg3_hash = AUTH_PARAM_TYPE_DESC(
72 AUTH_PARAM_HASH, SP_PKG3_HASH_OID);
73static auth_param_type_desc_t sp_pkg4_hash = AUTH_PARAM_TYPE_DESC(
74 AUTH_PARAM_HASH, SP_PKG4_HASH_OID);
75static auth_param_type_desc_t sp_pkg5_hash = AUTH_PARAM_TYPE_DESC(
76 AUTH_PARAM_HASH, SP_PKG5_HASH_OID);
77static auth_param_type_desc_t sp_pkg6_hash = AUTH_PARAM_TYPE_DESC(
78 AUTH_PARAM_HASH, SP_PKG6_HASH_OID);
79static auth_param_type_desc_t sp_pkg7_hash = AUTH_PARAM_TYPE_DESC(
80 AUTH_PARAM_HASH, SP_PKG7_HASH_OID);
81static auth_param_type_desc_t sp_pkg8_hash = AUTH_PARAM_TYPE_DESC(
82 AUTH_PARAM_HASH, SP_PKG8_HASH_OID);
83#endif /* SPD_spmd */
Juan Castillo9b265a82015-05-07 14:52:44 +010084
Joel Huttone9919bb2019-02-20 11:56:46 +000085/*
86 * Trusted key certificate
87 */
88static const auth_img_desc_t trusted_key_cert = {
89 .img_id = TRUSTED_KEY_CERT_ID,
90 .img_type = IMG_CERT,
91 .parent = NULL,
Joel Hutton69931af2019-03-11 11:37:38 +000092 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +000093 [0] = {
94 .type = AUTH_METHOD_SIG,
95 .param.sig = {
96 .pk = &subject_pk,
97 .sig = &sig,
98 .alg = &sig_alg,
99 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100100 }
101 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000102 [1] = {
103 .type = AUTH_METHOD_NV_CTR,
104 .param.nv_ctr = {
105 .cert_nv_ctr = &trusted_nv_ctr,
106 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100107 }
108 }
109 },
Joel Hutton69931af2019-03-11 11:37:38 +0000110 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000111 [0] = {
112 .type_desc = &trusted_world_pk,
113 .data = {
114 .ptr = (void *)trusted_world_pk_buf,
115 .len = (unsigned int)PK_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100116 }
117 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000118 [1] = {
119 .type_desc = &non_trusted_world_pk,
120 .data = {
121 .ptr = (void *)non_trusted_world_pk_buf,
122 .len = (unsigned int)PK_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100123 }
124 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000125 }
126};
127/*
128 * SCP Firmware
129 */
130static const auth_img_desc_t scp_fw_key_cert = {
131 .img_id = SCP_FW_KEY_CERT_ID,
132 .img_type = IMG_CERT,
133 .parent = &trusted_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000134 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000135 [0] = {
136 .type = AUTH_METHOD_SIG,
137 .param.sig = {
138 .pk = &trusted_world_pk,
139 .sig = &sig,
140 .alg = &sig_alg,
141 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100142 }
143 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000144 [1] = {
145 .type = AUTH_METHOD_NV_CTR,
146 .param.nv_ctr = {
147 .cert_nv_ctr = &trusted_nv_ctr,
148 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100149 }
150 }
151 },
Joel Hutton69931af2019-03-11 11:37:38 +0000152 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000153 [0] = {
154 .type_desc = &scp_fw_content_pk,
155 .data = {
156 .ptr = (void *)content_pk_buf,
157 .len = (unsigned int)PK_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100158 }
159 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000160 }
161};
162static const auth_img_desc_t scp_fw_content_cert = {
163 .img_id = SCP_FW_CONTENT_CERT_ID,
164 .img_type = IMG_CERT,
165 .parent = &scp_fw_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000166 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000167 [0] = {
168 .type = AUTH_METHOD_SIG,
169 .param.sig = {
170 .pk = &scp_fw_content_pk,
171 .sig = &sig,
172 .alg = &sig_alg,
173 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100174 }
175 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000176 [1] = {
177 .type = AUTH_METHOD_NV_CTR,
178 .param.nv_ctr = {
179 .cert_nv_ctr = &trusted_nv_ctr,
180 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100181 }
182 }
183 },
Joel Hutton69931af2019-03-11 11:37:38 +0000184 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000185 [0] = {
186 .type_desc = &scp_fw_hash,
187 .data = {
188 .ptr = (void *)scp_fw_hash_buf,
189 .len = (unsigned int)HASH_DER_LEN
190 }
191 }
192 }
193};
194static const auth_img_desc_t scp_bl2_image = {
195 .img_id = SCP_BL2_IMAGE_ID,
196 .img_type = IMG_RAW,
197 .parent = &scp_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000198 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000199 [0] = {
200 .type = AUTH_METHOD_HASH,
201 .param.hash = {
202 .data = &raw_data,
203 .hash = &scp_fw_hash
204 }
205 }
206 }
207};
208/*
209 * SoC Firmware
210 */
211static const auth_img_desc_t soc_fw_key_cert = {
212 .img_id = SOC_FW_KEY_CERT_ID,
213 .img_type = IMG_CERT,
214 .parent = &trusted_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000215 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000216 [0] = {
217 .type = AUTH_METHOD_SIG,
218 .param.sig = {
219 .pk = &trusted_world_pk,
220 .sig = &sig,
221 .alg = &sig_alg,
222 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100223 }
224 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000225 [1] = {
226 .type = AUTH_METHOD_NV_CTR,
227 .param.nv_ctr = {
228 .cert_nv_ctr = &trusted_nv_ctr,
229 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100230 }
231 }
232 },
Joel Hutton69931af2019-03-11 11:37:38 +0000233 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000234 [0] = {
235 .type_desc = &soc_fw_content_pk,
236 .data = {
237 .ptr = (void *)content_pk_buf,
238 .len = (unsigned int)PK_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100239 }
240 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000241 }
242};
243static const auth_img_desc_t soc_fw_content_cert = {
244 .img_id = SOC_FW_CONTENT_CERT_ID,
245 .img_type = IMG_CERT,
246 .parent = &soc_fw_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000247 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000248 [0] = {
249 .type = AUTH_METHOD_SIG,
250 .param.sig = {
251 .pk = &soc_fw_content_pk,
252 .sig = &sig,
253 .alg = &sig_alg,
254 .data = &raw_data
255 }
256 },
257 [1] = {
258 .type = AUTH_METHOD_NV_CTR,
259 .param.nv_ctr = {
260 .cert_nv_ctr = &trusted_nv_ctr,
261 .plat_nv_ctr = &trusted_nv_ctr
Soby Mathew2bb78d32018-03-29 14:29:55 +0100262 }
263 }
264 },
Joel Hutton69931af2019-03-11 11:37:38 +0000265 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000266 [0] = {
267 .type_desc = &soc_fw_hash,
268 .data = {
269 .ptr = (void *)soc_fw_hash_buf,
270 .len = (unsigned int)HASH_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100271 }
272 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000273 [1] = {
274 .type_desc = &soc_fw_config_hash,
275 .data = {
276 .ptr = (void *)soc_fw_config_hash_buf,
277 .len = (unsigned int)HASH_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100278 }
279 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000280 }
281};
282static const auth_img_desc_t bl31_image = {
283 .img_id = BL31_IMAGE_ID,
284 .img_type = IMG_RAW,
285 .parent = &soc_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000286 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000287 [0] = {
288 .type = AUTH_METHOD_HASH,
289 .param.hash = {
290 .data = &raw_data,
291 .hash = &soc_fw_hash
292 }
293 }
294 }
295};
296/* SOC FW Config */
297static const auth_img_desc_t soc_fw_config = {
298 .img_id = SOC_FW_CONFIG_ID,
299 .img_type = IMG_RAW,
300 .parent = &soc_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000301 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000302 [0] = {
303 .type = AUTH_METHOD_HASH,
304 .param.hash = {
305 .data = &raw_data,
306 .hash = &soc_fw_config_hash
307 }
308 }
309 }
310};
311/*
312 * Trusted OS Firmware
313 */
314static const auth_img_desc_t trusted_os_fw_key_cert = {
315 .img_id = TRUSTED_OS_FW_KEY_CERT_ID,
316 .img_type = IMG_CERT,
317 .parent = &trusted_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000318 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000319 [0] = {
320 .type = AUTH_METHOD_SIG,
321 .param.sig = {
322 .pk = &trusted_world_pk,
323 .sig = &sig,
324 .alg = &sig_alg,
325 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100326 }
327 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000328 [1] = {
329 .type = AUTH_METHOD_NV_CTR,
330 .param.nv_ctr = {
331 .cert_nv_ctr = &trusted_nv_ctr,
332 .plat_nv_ctr = &trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100333 }
334 }
335 },
Joel Hutton69931af2019-03-11 11:37:38 +0000336 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000337 [0] = {
338 .type_desc = &tos_fw_content_pk,
339 .data = {
340 .ptr = (void *)content_pk_buf,
341 .len = (unsigned int)PK_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100342 }
343 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000344 }
345};
346static const auth_img_desc_t trusted_os_fw_content_cert = {
347 .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
348 .img_type = IMG_CERT,
349 .parent = &trusted_os_fw_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000350 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000351 [0] = {
352 .type = AUTH_METHOD_SIG,
353 .param.sig = {
354 .pk = &tos_fw_content_pk,
355 .sig = &sig,
356 .alg = &sig_alg,
357 .data = &raw_data
358 }
359 },
360 [1] = {
361 .type = AUTH_METHOD_NV_CTR,
362 .param.nv_ctr = {
363 .cert_nv_ctr = &trusted_nv_ctr,
364 .plat_nv_ctr = &trusted_nv_ctr
Summer Qin80726782017-04-20 16:28:39 +0100365 }
366 }
367 },
Joel Hutton69931af2019-03-11 11:37:38 +0000368 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000369 [0] = {
370 .type_desc = &tos_fw_hash,
371 .data = {
372 .ptr = (void *)tos_fw_hash_buf,
373 .len = (unsigned int)HASH_DER_LEN
374 }
375 },
376 [1] = {
377 .type_desc = &tos_fw_extra1_hash,
378 .data = {
379 .ptr = (void *)tos_fw_extra1_hash_buf,
380 .len = (unsigned int)HASH_DER_LEN
381 }
382 },
383 [2] = {
384 .type_desc = &tos_fw_extra2_hash,
385 .data = {
386 .ptr = (void *)tos_fw_extra2_hash_buf,
387 .len = (unsigned int)HASH_DER_LEN
388 }
389 },
390 [3] = {
391 .type_desc = &tos_fw_config_hash,
392 .data = {
393 .ptr = (void *)tos_fw_config_hash_buf,
394 .len = (unsigned int)HASH_DER_LEN
Summer Qin80726782017-04-20 16:28:39 +0100395 }
396 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000397 }
398};
399static const auth_img_desc_t bl32_image = {
400 .img_id = BL32_IMAGE_ID,
401 .img_type = IMG_RAW,
402 .parent = &trusted_os_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000403 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000404 [0] = {
405 .type = AUTH_METHOD_HASH,
406 .param.hash = {
407 .data = &raw_data,
408 .hash = &tos_fw_hash
Soby Mathew2bb78d32018-03-29 14:29:55 +0100409 }
410 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000411 }
412};
413static const auth_img_desc_t bl32_extra1_image = {
414 .img_id = BL32_EXTRA1_IMAGE_ID,
415 .img_type = IMG_RAW,
416 .parent = &trusted_os_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000417 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000418 [0] = {
419 .type = AUTH_METHOD_HASH,
420 .param.hash = {
421 .data = &raw_data,
422 .hash = &tos_fw_extra1_hash
423 }
424 }
425 }
426};
427static const auth_img_desc_t bl32_extra2_image = {
428 .img_id = BL32_EXTRA2_IMAGE_ID,
429 .img_type = IMG_RAW,
430 .parent = &trusted_os_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000431 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000432 [0] = {
433 .type = AUTH_METHOD_HASH,
434 .param.hash = {
435 .data = &raw_data,
436 .hash = &tos_fw_extra2_hash
437 }
438 }
439 }
440};
441/* TOS FW Config */
442static const auth_img_desc_t tos_fw_config = {
443 .img_id = TOS_FW_CONFIG_ID,
444 .img_type = IMG_RAW,
445 .parent = &trusted_os_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000446 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000447 [0] = {
448 .type = AUTH_METHOD_HASH,
449 .param.hash = {
450 .data = &raw_data,
451 .hash = &tos_fw_config_hash
452 }
453 }
454 }
455};
456/*
457 * Non-Trusted Firmware
458 */
459static const auth_img_desc_t non_trusted_fw_key_cert = {
460 .img_id = NON_TRUSTED_FW_KEY_CERT_ID,
461 .img_type = IMG_CERT,
462 .parent = &trusted_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000463 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000464 [0] = {
465 .type = AUTH_METHOD_SIG,
466 .param.sig = {
467 .pk = &non_trusted_world_pk,
468 .sig = &sig,
469 .alg = &sig_alg,
470 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100471 }
472 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000473 [1] = {
474 .type = AUTH_METHOD_NV_CTR,
475 .param.nv_ctr = {
476 .cert_nv_ctr = &non_trusted_nv_ctr,
477 .plat_nv_ctr = &non_trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100478 }
479 }
480 },
Joel Hutton69931af2019-03-11 11:37:38 +0000481 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000482 [0] = {
483 .type_desc = &nt_fw_content_pk,
484 .data = {
485 .ptr = (void *)content_pk_buf,
486 .len = (unsigned int)PK_DER_LEN
487 }
488 }
489 }
490};
491static const auth_img_desc_t non_trusted_fw_content_cert = {
492 .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
493 .img_type = IMG_CERT,
494 .parent = &non_trusted_fw_key_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000495 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000496 [0] = {
497 .type = AUTH_METHOD_SIG,
498 .param.sig = {
499 .pk = &nt_fw_content_pk,
500 .sig = &sig,
501 .alg = &sig_alg,
502 .data = &raw_data
Juan Castillo9b265a82015-05-07 14:52:44 +0100503 }
504 },
Joel Huttone9919bb2019-02-20 11:56:46 +0000505 [1] = {
506 .type = AUTH_METHOD_NV_CTR,
507 .param.nv_ctr = {
508 .cert_nv_ctr = &non_trusted_nv_ctr,
509 .plat_nv_ctr = &non_trusted_nv_ctr
Juan Castillo9b265a82015-05-07 14:52:44 +0100510 }
511 }
512 },
Joel Hutton69931af2019-03-11 11:37:38 +0000513 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000514 [0] = {
515 .type_desc = &nt_world_bl_hash,
516 .data = {
517 .ptr = (void *)nt_world_bl_hash_buf,
518 .len = (unsigned int)HASH_DER_LEN
519 }
520 },
521 [1] = {
522 .type_desc = &nt_fw_config_hash,
523 .data = {
524 .ptr = (void *)nt_fw_config_hash_buf,
525 .len = (unsigned int)HASH_DER_LEN
Juan Castillo9b265a82015-05-07 14:52:44 +0100526 }
527 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000528 }
529};
530static const auth_img_desc_t bl33_image = {
531 .img_id = BL33_IMAGE_ID,
532 .img_type = IMG_RAW,
533 .parent = &non_trusted_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000534 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000535 [0] = {
536 .type = AUTH_METHOD_HASH,
537 .param.hash = {
538 .data = &raw_data,
539 .hash = &nt_world_bl_hash
Soby Mathew2bb78d32018-03-29 14:29:55 +0100540 }
541 }
Joel Huttone9919bb2019-02-20 11:56:46 +0000542 }
543};
544/* NT FW Config */
545static const auth_img_desc_t nt_fw_config = {
546 .img_id = NT_FW_CONFIG_ID,
547 .img_type = IMG_RAW,
548 .parent = &non_trusted_fw_content_cert,
Joel Hutton69931af2019-03-11 11:37:38 +0000549 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
Joel Huttone9919bb2019-02-20 11:56:46 +0000550 [0] = {
551 .type = AUTH_METHOD_HASH,
552 .param.hash = {
553 .data = &raw_data,
554 .hash = &nt_fw_config_hash
555 }
556 }
557 }
558};
Manish Pandeyceea9992020-06-10 16:19:53 +0100559/* Secure Partitions */
560#if defined(SPD_spmd)
561static const auth_img_desc_t sp_content_cert = {
562 .img_id = SP_CONTENT_CERT_ID,
563 .img_type = IMG_CERT,
564 .parent = &trusted_key_cert,
565 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
566 [0] = {
567 .type = AUTH_METHOD_SIG,
568 .param.sig = {
569 .pk = &trusted_world_pk,
570 .sig = &sig,
571 .alg = &sig_alg,
572 .data = &raw_data
573 }
574 },
575 [1] = {
576 .type = AUTH_METHOD_NV_CTR,
577 .param.nv_ctr = {
578 .cert_nv_ctr = &trusted_nv_ctr,
579 .plat_nv_ctr = &trusted_nv_ctr
580 }
581 }
582 },
583 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
584 [0] = {
585 .type_desc = &sp_pkg1_hash,
586 .data = {
587 .ptr = (void *)sp_pkg_hash_buf[0],
588 .len = (unsigned int)HASH_DER_LEN
589 }
590 },
591 [1] = {
592 .type_desc = &sp_pkg2_hash,
593 .data = {
594 .ptr = (void *)sp_pkg_hash_buf[1],
595 .len = (unsigned int)HASH_DER_LEN
596 }
597 },
598 [2] = {
599 .type_desc = &sp_pkg3_hash,
600 .data = {
601 .ptr = (void *)sp_pkg_hash_buf[2],
602 .len = (unsigned int)HASH_DER_LEN
603 }
604 },
605 [3] = {
606 .type_desc = &sp_pkg4_hash,
607 .data = {
608 .ptr = (void *)sp_pkg_hash_buf[3],
609 .len = (unsigned int)HASH_DER_LEN
610 }
611 },
612 [4] = {
613 .type_desc = &sp_pkg5_hash,
614 .data = {
615 .ptr = (void *)sp_pkg_hash_buf[4],
616 .len = (unsigned int)HASH_DER_LEN
617 }
618 },
619 [5] = {
620 .type_desc = &sp_pkg6_hash,
621 .data = {
622 .ptr = (void *)sp_pkg_hash_buf[5],
623 .len = (unsigned int)HASH_DER_LEN
624 }
625 },
626 [6] = {
627 .type_desc = &sp_pkg7_hash,
628 .data = {
629 .ptr = (void *)sp_pkg_hash_buf[6],
630 .len = (unsigned int)HASH_DER_LEN
631 }
632 },
633 [7] = {
634 .type_desc = &sp_pkg8_hash,
635 .data = {
636 .ptr = (void *)sp_pkg_hash_buf[7],
637 .len = (unsigned int)HASH_DER_LEN
638 }
639 }
640 }
641};
642
643DEFINE_SP_PKG(1);
644DEFINE_SP_PKG(2);
645DEFINE_SP_PKG(3);
646DEFINE_SP_PKG(4);
647DEFINE_SP_PKG(5);
648DEFINE_SP_PKG(6);
649DEFINE_SP_PKG(7);
650DEFINE_SP_PKG(8);
651#endif /* SPD_spmd */
Joel Huttone9919bb2019-02-20 11:56:46 +0000652
Joel Huttone9919bb2019-02-20 11:56:46 +0000653static const auth_img_desc_t * const cot_desc[] = {
654 [TRUSTED_BOOT_FW_CERT_ID] = &trusted_boot_fw_cert,
Joel Huttone9919bb2019-02-20 11:56:46 +0000655 [HW_CONFIG_ID] = &hw_config,
656 [TRUSTED_KEY_CERT_ID] = &trusted_key_cert,
657 [SCP_FW_KEY_CERT_ID] = &scp_fw_key_cert,
658 [SCP_FW_CONTENT_CERT_ID] = &scp_fw_content_cert,
659 [SCP_BL2_IMAGE_ID] = &scp_bl2_image,
660 [SOC_FW_KEY_CERT_ID] = &soc_fw_key_cert,
661 [SOC_FW_CONTENT_CERT_ID] = &soc_fw_content_cert,
662 [BL31_IMAGE_ID] = &bl31_image,
663 [SOC_FW_CONFIG_ID] = &soc_fw_config,
664 [TRUSTED_OS_FW_KEY_CERT_ID] = &trusted_os_fw_key_cert,
665 [TRUSTED_OS_FW_CONTENT_CERT_ID] = &trusted_os_fw_content_cert,
666 [BL32_IMAGE_ID] = &bl32_image,
667 [BL32_EXTRA1_IMAGE_ID] = &bl32_extra1_image,
668 [BL32_EXTRA2_IMAGE_ID] = &bl32_extra2_image,
669 [TOS_FW_CONFIG_ID] = &tos_fw_config,
670 [NON_TRUSTED_FW_KEY_CERT_ID] = &non_trusted_fw_key_cert,
671 [NON_TRUSTED_FW_CONTENT_CERT_ID] = &non_trusted_fw_content_cert,
672 [BL33_IMAGE_ID] = &bl33_image,
673 [NT_FW_CONFIG_ID] = &nt_fw_config,
Manish Pandeyceea9992020-06-10 16:19:53 +0100674#if defined(SPD_spmd)
675 [SP_CONTENT_CERT_ID] = &sp_content_cert,
676 [SP_CONTENT_CERT_ID + 1] = &sp_pkg1,
677 [SP_CONTENT_CERT_ID + 2] = &sp_pkg2,
678 [SP_CONTENT_CERT_ID + 3] = &sp_pkg3,
679 [SP_CONTENT_CERT_ID + 4] = &sp_pkg4,
680 [SP_CONTENT_CERT_ID + 5] = &sp_pkg5,
681 [SP_CONTENT_CERT_ID + 6] = &sp_pkg6,
682 [SP_CONTENT_CERT_ID + 7] = &sp_pkg7,
683 [SP_CONTENT_CERT_ID + 8] = &sp_pkg8,
684#endif
Juan Castillo9b265a82015-05-07 14:52:44 +0100685};
Juan Castillo9b265a82015-05-07 14:52:44 +0100686
687/* Register the CoT in the authentication module */
688REGISTER_COT(cot_desc);