Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / e0d036b4f542fa3ead33e8c9083475309383bce7 / . / drivers / auth / cca / cot.c
blob: 2a0360455f6eebed6b4f4acec5564163b2d5d10d [file] [log] [blame]
laurenw-arm483e5ac2022-04-21 15:49:00 -0500[diff] [blame]1/*
Govindraj Raja9c7dfb02023-01-11 18:34:58 +0000[diff] [blame]2 * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
laurenw-arm483e5ac2022-04-21 15:49:00 -0500[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7#include <stddef.h>
8
Govindraj Raja9c7dfb02023-01-11 18:34:58 +0000[diff] [blame]9#include <mbedtls/version.h>
10
11#include <common/tbbr/cot_def.h>
laurenw-arm483e5ac2022-04-21 15:49:00 -0500[diff] [blame]12#include <drivers/auth/auth_mod.h>
laurenw-arm483e5ac2022-04-21 15:49:00 -0500[diff] [blame]13#include <tools_share/cca_oid.h>
14
15#include <platform_def.h>
16
17/*
18 * Allocate static buffers to store the authentication parameters extracted from
19 * the certificates.
20 */
21static unsigned char fw_config_hash_buf[HASH_DER_LEN];
22static unsigned char tb_fw_hash_buf[HASH_DER_LEN];
23static unsigned char tb_fw_config_hash_buf[HASH_DER_LEN];
24static unsigned char hw_config_hash_buf[HASH_DER_LEN];
25static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
26static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN];
27static unsigned char rmm_hash_buf[HASH_DER_LEN];
28
29#ifdef IMAGE_BL2
30static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN];
31static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
32static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN];
33static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN];
34#if defined(SPD_spmd)
35static unsigned char sp_pkg_hash_buf[MAX_SP_IDS][HASH_DER_LEN];
36#endif /* SPD_spmd */
37
38static unsigned char core_swd_pk_buf[PK_DER_LEN];
39static unsigned char plat_pk_buf[PK_DER_LEN];
40#endif /* IMAGE_BL2 */
41
42/*
43 * Parameter type descriptors.
44 */
laurenw-arma79a2852023-05-02 14:40:15 -0500[diff] [blame]45static auth_param_type_desc_t cca_nv_ctr = AUTH_PARAM_TYPE_DESC(
46 AUTH_PARAM_NV_CTR, CCA_FW_NVCOUNTER_OID);
laurenw-arm483e5ac2022-04-21 15:49:00 -0500[diff] [blame]47static auth_param_type_desc_t subject_pk = AUTH_PARAM_TYPE_DESC(
48 AUTH_PARAM_PUB_KEY, 0);
49static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC(
50 AUTH_PARAM_SIG, 0);
51static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC(
52 AUTH_PARAM_SIG_ALG, 0);
53static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC(
54 AUTH_PARAM_RAW_DATA, 0);
55
56static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC(
57 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID);
58static auth_param_type_desc_t tb_fw_config_hash = AUTH_PARAM_TYPE_DESC(
59 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_CONFIG_HASH_OID);
60static auth_param_type_desc_t hw_config_hash = AUTH_PARAM_TYPE_DESC(
61 AUTH_PARAM_HASH, HW_CONFIG_HASH_OID);
62static auth_param_type_desc_t fw_config_hash = AUTH_PARAM_TYPE_DESC(
63 AUTH_PARAM_HASH, FW_CONFIG_HASH_OID);
64static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
65 AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
66static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC(
67 AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID);
68static auth_param_type_desc_t rmm_hash = AUTH_PARAM_TYPE_DESC(
69 AUTH_PARAM_HASH, RMM_HASH_OID);
70
71#ifdef IMAGE_BL2
laurenw-arma79a2852023-05-02 14:40:15 -0500[diff] [blame]72static auth_param_type_desc_t trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
73 AUTH_PARAM_NV_CTR, TRUSTED_FW_NVCOUNTER_OID);
laurenw-arm483e5ac2022-04-21 15:49:00 -0500[diff] [blame]74static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
75 AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID);
76
77static auth_param_type_desc_t prot_pk = AUTH_PARAM_TYPE_DESC(
78 AUTH_PARAM_PUB_KEY, PROT_PK_OID);
79static auth_param_type_desc_t swd_rot_pk = AUTH_PARAM_TYPE_DESC(
80 AUTH_PARAM_PUB_KEY, SWD_ROT_PK_OID);
81static auth_param_type_desc_t core_swd_pk = AUTH_PARAM_TYPE_DESC(
82 AUTH_PARAM_PUB_KEY, CORE_SWD_PK_OID);
83static auth_param_type_desc_t plat_pk = AUTH_PARAM_TYPE_DESC(
84 AUTH_PARAM_PUB_KEY, PLAT_PK_OID);
85
86static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
87 AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
88static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC(
89 AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID);
90static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
91 AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
92static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC(
93 AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID);
94#if defined(SPD_spmd)
95static auth_param_type_desc_t sp_pkg1_hash = AUTH_PARAM_TYPE_DESC(
96 AUTH_PARAM_HASH, SP_PKG1_HASH_OID);
97static auth_param_type_desc_t sp_pkg2_hash = AUTH_PARAM_TYPE_DESC(
98 AUTH_PARAM_HASH, SP_PKG2_HASH_OID);
99static auth_param_type_desc_t sp_pkg3_hash = AUTH_PARAM_TYPE_DESC(
100 AUTH_PARAM_HASH, SP_PKG3_HASH_OID);
101static auth_param_type_desc_t sp_pkg4_hash = AUTH_PARAM_TYPE_DESC(
102 AUTH_PARAM_HASH, SP_PKG4_HASH_OID);
103static auth_param_type_desc_t sp_pkg5_hash = AUTH_PARAM_TYPE_DESC(
104 AUTH_PARAM_HASH, SP_PKG5_HASH_OID);
105static auth_param_type_desc_t sp_pkg6_hash = AUTH_PARAM_TYPE_DESC(
106 AUTH_PARAM_HASH, SP_PKG6_HASH_OID);
107static auth_param_type_desc_t sp_pkg7_hash = AUTH_PARAM_TYPE_DESC(
108 AUTH_PARAM_HASH, SP_PKG7_HASH_OID);
109static auth_param_type_desc_t sp_pkg8_hash = AUTH_PARAM_TYPE_DESC(
110 AUTH_PARAM_HASH, SP_PKG8_HASH_OID);
111#endif /* SPD_spmd */
112#endif /* IMAGE_BL2 */
113
114/* CCA Content Certificate */
115static const auth_img_desc_t cca_content_cert = {
116 .img_id = CCA_CONTENT_CERT_ID,
117 .img_type = IMG_CERT,
118 .parent = NULL,
119 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
120 [0] = {
121 .type = AUTH_METHOD_SIG,
122 .param.sig = {
123 .pk = &subject_pk,
124 .sig = &sig,
125 .alg = &sig_alg,
126 .data = &raw_data
127 }
128 },
129 [1] = {
130 .type = AUTH_METHOD_NV_CTR,
131 .param.nv_ctr = {
laurenw-arma79a2852023-05-02 14:40:15 -0500[diff] [blame]132 .cert_nv_ctr = &cca_nv_ctr,
133 .plat_nv_ctr = &cca_nv_ctr
laurenw-arm483e5ac2022-04-21 15:49:00 -0500[diff] [blame]134 }
135 }
136 },
137 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
138 [0] = {
139 .type_desc = &tb_fw_hash,
140 .data = {
141 .ptr = (void *)tb_fw_hash_buf,
142 .len = (unsigned int)HASH_DER_LEN
143 }
144 },
145 [1] = {
146 .type_desc = &tb_fw_config_hash,
147 .data = {
148 .ptr = (void *)tb_fw_config_hash_buf,
149 .len = (unsigned int)HASH_DER_LEN
150 }
151 },
152 [2] = {
153 .type_desc = &fw_config_hash,
154 .data = {
155 .ptr = (void *)fw_config_hash_buf,
156 .len = (unsigned int)HASH_DER_LEN
157 }
158 },
159 [3] = {
160 .type_desc = &hw_config_hash,
161 .data = {
162 .ptr = (void *)hw_config_hash_buf,
163 .len = (unsigned int)HASH_DER_LEN
164 }
165 },
166 [4] = {
167 .type_desc = &soc_fw_hash,
168 .data = {
169 .ptr = (void *)soc_fw_hash_buf,
170 .len = (unsigned int)HASH_DER_LEN
171 }
172 },
173 [5] = {
174 .type_desc = &soc_fw_config_hash,
175 .data = {
176 .ptr = (void *)soc_fw_config_hash_buf,
177 .len = (unsigned int)HASH_DER_LEN
178 }
179 },
180 [6] = {
181 .type_desc = &rmm_hash,
182 .data = {
183 .ptr = (void *)rmm_hash_buf,
184 .len = (unsigned int)HASH_DER_LEN
185 }
186 }
187 }
188};
189
190#ifdef IMAGE_BL1
191static const auth_img_desc_t bl2_image = {
192 .img_id = BL2_IMAGE_ID,
193 .img_type = IMG_RAW,
194 .parent = &cca_content_cert,
195 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
196 [0] = {
197 .type = AUTH_METHOD_HASH,
198 .param.hash = {
199 .data = &raw_data,
200 .hash = &tb_fw_hash
201 }
202 }
203 }
204};
205
206static const auth_img_desc_t tb_fw_config = {
207 .img_id = TB_FW_CONFIG_ID,
208 .img_type = IMG_RAW,
209 .parent = &cca_content_cert,
210 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
211 [0] = {
212 .type = AUTH_METHOD_HASH,
213 .param.hash = {
214 .data = &raw_data,
215 .hash = &tb_fw_config_hash
216 }
217 }
218 }
219};
220
221static const auth_img_desc_t fw_config = {
222 .img_id = FW_CONFIG_ID,
223 .img_type = IMG_RAW,
224 .parent = &cca_content_cert,
225 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
226 [0] = {
227 .type = AUTH_METHOD_HASH,
228 .param.hash = {
229 .data = &raw_data,
230 .hash = &fw_config_hash
231 }
232 }
233 }
234};
235#endif /* IMAGE_BL1 */
236
237#ifdef IMAGE_BL2
238/* HW Config */
239static const auth_img_desc_t hw_config = {
240 .img_id = HW_CONFIG_ID,
241 .img_type = IMG_RAW,
242 .parent = &cca_content_cert,
243 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
244 [0] = {
245 .type = AUTH_METHOD_HASH,
246 .param.hash = {
247 .data = &raw_data,
248 .hash = &hw_config_hash
249 }
250 }
251 }
252};
253
254/* BL31 */
255static const auth_img_desc_t bl31_image = {
256 .img_id = BL31_IMAGE_ID,
257 .img_type = IMG_RAW,
258 .parent = &cca_content_cert,
259 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
260 [0] = {
261 .type = AUTH_METHOD_HASH,
262 .param.hash = {
263 .data = &raw_data,
264 .hash = &soc_fw_hash
265 }
266 }
267 }
268};
269
270/* BL31 Config */
271static const auth_img_desc_t soc_fw_config = {
272 .img_id = SOC_FW_CONFIG_ID,
273 .img_type = IMG_RAW,
274 .parent = &cca_content_cert,
275 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
276 [0] = {
277 .type = AUTH_METHOD_HASH,
278 .param.hash = {
279 .data = &raw_data,
280 .hash = &soc_fw_config_hash
281 }
282 }
283 }
284};
285
286/* RMM */
287static const auth_img_desc_t rmm_image = {
288 .img_id = RMM_IMAGE_ID,
289 .img_type = IMG_RAW,
290 .parent = &cca_content_cert,
291 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
292 [0] = {
293 .type = AUTH_METHOD_HASH,
294 .param.hash = {
295 .data = &raw_data,
296 .hash = &rmm_hash
297 }
298 }
299 }
300};
301
302/* Core SWD Key Certificate */
303static const auth_img_desc_t core_swd_key_cert = {
304 .img_id = CORE_SWD_KEY_CERT_ID,
305 .img_type = IMG_CERT,
306 .parent = NULL, /* SWD ROOT CERT */
307 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
308 [0] = {
309 .type = AUTH_METHOD_SIG,
310 .param.sig = {
311 .pk = &swd_rot_pk,
312 .sig = &sig,
313 .alg = &sig_alg,
314 .data = &raw_data
315 }
316 },
317 [1] = {
318 .type = AUTH_METHOD_NV_CTR,
319 .param.nv_ctr = {
320 .cert_nv_ctr = &trusted_nv_ctr,
321 .plat_nv_ctr = &trusted_nv_ctr
322 }
323 }
324 },
325 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
326 [0] = {
327 .type_desc = &core_swd_pk,
328 .data = {
329 .ptr = (void *)core_swd_pk_buf,
330 .len = (unsigned int)PK_DER_LEN
331 }
332 }
333 }
334};
335
336/* SPMC Content Certificate */
337static const auth_img_desc_t trusted_os_fw_content_cert = {
338 .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
339 .img_type = IMG_CERT,
340 .parent = &core_swd_key_cert,
341 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
342 [0] = {
343 .type = AUTH_METHOD_SIG,
344 .param.sig = {
345 .pk = &core_swd_pk,
346 .sig = &sig,
347 .alg = &sig_alg,
348 .data = &raw_data
349 }
350 },
351 [1] = {
352 .type = AUTH_METHOD_NV_CTR,
353 .param.nv_ctr = {
354 .cert_nv_ctr = &trusted_nv_ctr,
355 .plat_nv_ctr = &trusted_nv_ctr
356 }
357 }
358 },
359 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
360 [0] = {
361 .type_desc = &tos_fw_hash,
362 .data = {
363 .ptr = (void *)tos_fw_hash_buf,
364 .len = (unsigned int)HASH_DER_LEN
365 }
366 },
367 [1] = {
368 .type_desc = &tos_fw_config_hash,
369 .data = {
370 .ptr = (void *)tos_fw_config_hash_buf,
371 .len = (unsigned int)HASH_DER_LEN
372 }
373 }
374 }
375};
376
377/* SPMC */
378static const auth_img_desc_t bl32_image = {
379 .img_id = BL32_IMAGE_ID,
380 .img_type = IMG_RAW,
381 .parent = &trusted_os_fw_content_cert,
382 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
383 [0] = {
384 .type = AUTH_METHOD_HASH,
385 .param.hash = {
386 .data = &raw_data,
387 .hash = &tos_fw_hash
388 }
389 }
390 }
391};
392
393/* SPM Config */
394static const auth_img_desc_t tos_fw_config = {
395 .img_id = TOS_FW_CONFIG_ID,
396 .img_type = IMG_RAW,
397 .parent = &trusted_os_fw_content_cert,
398 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
399 [0] = {
400 .type = AUTH_METHOD_HASH,
401 .param.hash = {
402 .data = &raw_data,
403 .hash = &tos_fw_config_hash
404 }
405 }
406 }
407};
408
409/* Platform Key Certificate */
410static const auth_img_desc_t plat_key_cert = {
411 .img_id = PLAT_KEY_CERT_ID,
412 .img_type = IMG_CERT,
413 .parent = NULL, /* PLATFORM ROOT CERT */
414 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
415 [0] = {
416 .type = AUTH_METHOD_SIG,
417 .param.sig = {
418 .pk = &prot_pk,
419 .sig = &sig,
420 .alg = &sig_alg,
421 .data = &raw_data
422 }
423 },
424 [1] = {
425 .type = AUTH_METHOD_NV_CTR,
426 .param.nv_ctr = {
427 .cert_nv_ctr = &non_trusted_nv_ctr,
428 .plat_nv_ctr = &non_trusted_nv_ctr
429 }
430 }
431 },
432 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
433 [0] = {
434 .type_desc = &plat_pk,
435 .data = {
436 .ptr = (void *)plat_pk_buf,
437 .len = (unsigned int)PK_DER_LEN
438 }
439 }
440 }
441};
442
443/* Non-Trusted Firmware */
444static const auth_img_desc_t non_trusted_fw_content_cert = {
445 .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
446 .img_type = IMG_CERT,
447 .parent = &plat_key_cert,
448 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
449 [0] = {
450 .type = AUTH_METHOD_SIG,
451 .param.sig = {
452 .pk = &plat_pk,
453 .sig = &sig,
454 .alg = &sig_alg,
455 .data = &raw_data
456 }
457 },
458 [1] = {
459 .type = AUTH_METHOD_NV_CTR,
460 .param.nv_ctr = {
461 .cert_nv_ctr = &non_trusted_nv_ctr,
462 .plat_nv_ctr = &non_trusted_nv_ctr
463 }
464 }
465 },
466 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
467 [0] = {
468 .type_desc = &nt_world_bl_hash,
469 .data = {
470 .ptr = (void *)nt_world_bl_hash_buf,
471 .len = (unsigned int)HASH_DER_LEN
472 }
473 },
474 [1] = {
475 .type_desc = &nt_fw_config_hash,
476 .data = {
477 .ptr = (void *)nt_fw_config_hash_buf,
478 .len = (unsigned int)HASH_DER_LEN
479 }
480 }
481 }
482};
483
484static const auth_img_desc_t bl33_image = {
485 .img_id = BL33_IMAGE_ID,
486 .img_type = IMG_RAW,
487 .parent = &non_trusted_fw_content_cert,
488 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
489 [0] = {
490 .type = AUTH_METHOD_HASH,
491 .param.hash = {
492 .data = &raw_data,
493 .hash = &nt_world_bl_hash
494 }
495 }
496 }
497};
498
499/* NT FW Config */
500static const auth_img_desc_t nt_fw_config = {
501 .img_id = NT_FW_CONFIG_ID,
502 .img_type = IMG_RAW,
503 .parent = &non_trusted_fw_content_cert,
504 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
505 [0] = {
506 .type = AUTH_METHOD_HASH,
507 .param.hash = {
508 .data = &raw_data,
509 .hash = &nt_fw_config_hash
510 }
511 }
512 }
513};
514
515/*
516 * Secure Partitions
517 */
518#if defined(SPD_spmd)
519static const auth_img_desc_t sip_sp_content_cert = {
520 .img_id = SIP_SP_CONTENT_CERT_ID,
521 .img_type = IMG_CERT,
522 .parent = &core_swd_key_cert,
523 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
524 [0] = {
525 .type = AUTH_METHOD_SIG,
526 .param.sig = {
527 .pk = &core_swd_pk,
528 .sig = &sig,
529 .alg = &sig_alg,
530 .data = &raw_data
531 }
532 },
533 [1] = {
534 .type = AUTH_METHOD_NV_CTR,
535 .param.nv_ctr = {
536 .cert_nv_ctr = &trusted_nv_ctr,
537 .plat_nv_ctr = &trusted_nv_ctr
538 }
539 }
540 },
541 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
542 [0] = {
543 .type_desc = &sp_pkg1_hash,
544 .data = {
545 .ptr = (void *)sp_pkg_hash_buf[0],
546 .len = (unsigned int)HASH_DER_LEN
547 }
548 },
549 [1] = {
550 .type_desc = &sp_pkg2_hash,
551 .data = {
552 .ptr = (void *)sp_pkg_hash_buf[1],
553 .len = (unsigned int)HASH_DER_LEN
554 }
555 },
556 [2] = {
557 .type_desc = &sp_pkg3_hash,
558 .data = {
559 .ptr = (void *)sp_pkg_hash_buf[2],
560 .len = (unsigned int)HASH_DER_LEN
561 }
562 },
563 [3] = {
564 .type_desc = &sp_pkg4_hash,
565 .data = {
566 .ptr = (void *)sp_pkg_hash_buf[3],
567 .len = (unsigned int)HASH_DER_LEN
568 }
569 }
570 }
571};
572
573DEFINE_SIP_SP_PKG(1);
574DEFINE_SIP_SP_PKG(2);
575DEFINE_SIP_SP_PKG(3);
576DEFINE_SIP_SP_PKG(4);
577
578static const auth_img_desc_t plat_sp_content_cert = {
579 .img_id = PLAT_SP_CONTENT_CERT_ID,
580 .img_type = IMG_CERT,
581 .parent = &plat_key_cert,
582 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
583 [0] = {
584 .type = AUTH_METHOD_SIG,
585 .param.sig = {
586 .pk = &plat_pk,
587 .sig = &sig,
588 .alg = &sig_alg,
589 .data = &raw_data
590 }
591 },
592 [1] = {
593 .type = AUTH_METHOD_NV_CTR,
594 .param.nv_ctr = {
595 .cert_nv_ctr = &non_trusted_nv_ctr,
596 .plat_nv_ctr = &non_trusted_nv_ctr
597 }
598 }
599 },
600 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
601 [0] = {
602 .type_desc = &sp_pkg5_hash,
603 .data = {
604 .ptr = (void *)sp_pkg_hash_buf[4],
605 .len = (unsigned int)HASH_DER_LEN
606 }
607 },
608 [1] = {
609 .type_desc = &sp_pkg6_hash,
610 .data = {
611 .ptr = (void *)sp_pkg_hash_buf[5],
612 .len = (unsigned int)HASH_DER_LEN
613 }
614 },
615 [2] = {
616 .type_desc = &sp_pkg7_hash,
617 .data = {
618 .ptr = (void *)sp_pkg_hash_buf[6],
619 .len = (unsigned int)HASH_DER_LEN
620 }
621 },
622 [3] = {
623 .type_desc = &sp_pkg8_hash,
624 .data = {
625 .ptr = (void *)sp_pkg_hash_buf[7],
626 .len = (unsigned int)HASH_DER_LEN
627 }
628 }
629 }
630};
631
632DEFINE_PLAT_SP_PKG(5);
633DEFINE_PLAT_SP_PKG(6);
634DEFINE_PLAT_SP_PKG(7);
635DEFINE_PLAT_SP_PKG(8);
636#endif /* SPD_spmd */
637#endif /* IMAGE_BL2 */
638/*
639 * Chain of trust definition
640 */
641#ifdef IMAGE_BL1
642static const auth_img_desc_t * const cot_desc[] = {
643 [CCA_CONTENT_CERT_ID] = &cca_content_cert,
644 [BL2_IMAGE_ID] = &bl2_image,
645 [TB_FW_CONFIG_ID] = &tb_fw_config,
646 [FW_CONFIG_ID] = &fw_config,
647};
648#else /* IMAGE_BL2 */
649static const auth_img_desc_t * const cot_desc[] = {
650 [CCA_CONTENT_CERT_ID] = &cca_content_cert,
651 [HW_CONFIG_ID] = &hw_config,
652 [BL31_IMAGE_ID] = &bl31_image,
653 [SOC_FW_CONFIG_ID] = &soc_fw_config,
654 [RMM_IMAGE_ID] = &rmm_image,
655 [CORE_SWD_KEY_CERT_ID] = &core_swd_key_cert,
656 [TRUSTED_OS_FW_CONTENT_CERT_ID] = &trusted_os_fw_content_cert,
657 [BL32_IMAGE_ID] = &bl32_image,
658 [TOS_FW_CONFIG_ID] = &tos_fw_config,
659 [PLAT_KEY_CERT_ID] = &plat_key_cert,
660 [NON_TRUSTED_FW_CONTENT_CERT_ID] = &non_trusted_fw_content_cert,
661 [BL33_IMAGE_ID] = &bl33_image,
662 [NT_FW_CONFIG_ID] = &nt_fw_config,
663#if defined(SPD_spmd)
664 [SIP_SP_CONTENT_CERT_ID] = &sip_sp_content_cert,
665 [PLAT_SP_CONTENT_CERT_ID] = &plat_sp_content_cert,
666 [SP_PKG1_ID] = &sp_pkg1,
667 [SP_PKG2_ID] = &sp_pkg2,
668 [SP_PKG3_ID] = &sp_pkg3,
669 [SP_PKG4_ID] = &sp_pkg4,
670 [SP_PKG5_ID] = &sp_pkg5,
671 [SP_PKG6_ID] = &sp_pkg6,
672 [SP_PKG7_ID] = &sp_pkg7,
673 [SP_PKG8_ID] = &sp_pkg8,
674#endif
675};
676#endif /* IMAGE_BL1 */
677
678/* Register the CoT in the authentication module */
679REGISTER_COT(cot_desc);