Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / f939a6a06e3f2b08effffb4ebd380ab64c22f5fc / . / drivers / auth / tbbr / tbbr_cot.c
blob: a950a7a8d4c9de0fb3b6d1c0eb55b86431221b3a [file] [log] [blame]
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]1/*
Soby Mathew0bdfef02017-11-07 17:03:57 +0000[diff] [blame]2 * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]3 *
dp-armfa3cf0b2017-05-03 09:38:09 +0100[diff] [blame]4 * SPDX-License-Identifier: BSD-3-Clause
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]5 */
6
7#include <auth_mod.h>
8#include <platform_def.h>
Isla Mitchell99305012017-07-11 14:54:08 +0100[diff] [blame]9#include <stddef.h>
10
Masahiro Yamadaa27c1662017-05-22 12:11:24 +0900[diff] [blame]11#if USE_TBBR_DEFS
12#include <tbbr_oid.h>
13#else
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]14#include <platform_oid.h>
Masahiro Yamadaa27c1662017-05-22 12:11:24 +0900[diff] [blame]15#endif
Isla Mitchell99305012017-07-11 14:54:08 +0100[diff] [blame]16
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]17
18/*
19 * Maximum key and hash sizes (in DER format)
20 */
21#define PK_DER_LEN 294
Qixiang Xu1a1f2912017-11-09 13:56:29 +0800[diff] [blame]22#define HASH_DER_LEN 83
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]23
24/*
25 * The platform must allocate buffers to store the authentication parameters
26 * extracted from the certificates. In this case, because of the way the CoT is
27 * established, we can reuse some of the buffers on different stages
28 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]29static unsigned char tb_fw_hash_buf[HASH_DER_LEN];
Soby Mathew0bdfef02017-11-07 17:03:57 +0000[diff] [blame]30static unsigned char tb_fw_config_hash_buf[HASH_DER_LEN];
31static unsigned char hw_config_hash_buf[HASH_DER_LEN];
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]32static unsigned char scp_fw_hash_buf[HASH_DER_LEN];
33static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
34static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
Summer Qin80726782017-04-20 16:28:39 +0100[diff] [blame]35static unsigned char tos_fw_extra1_hash_buf[HASH_DER_LEN];
36static unsigned char tos_fw_extra2_hash_buf[HASH_DER_LEN];
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]37static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN];
38static unsigned char trusted_world_pk_buf[PK_DER_LEN];
39static unsigned char non_trusted_world_pk_buf[PK_DER_LEN];
40static unsigned char content_pk_buf[PK_DER_LEN];
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]41static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN];
42static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN];
43static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN];
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]44
45/*
46 * Parameter type descriptors
47 */
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]48static auth_param_type_desc_t trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
49 AUTH_PARAM_NV_CTR, TRUSTED_FW_NVCOUNTER_OID);
50static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
51 AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID);
52
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]53static auth_param_type_desc_t subject_pk = AUTH_PARAM_TYPE_DESC(
54 AUTH_PARAM_PUB_KEY, 0);
55static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC(
56 AUTH_PARAM_SIG, 0);
57static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC(
58 AUTH_PARAM_SIG_ALG, 0);
59static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC(
60 AUTH_PARAM_RAW_DATA, 0);
61
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]62static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC(
63 AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID);
64static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC(
65 AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]66
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]67static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC(
68 AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID);
69static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC(
70 AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID);
71static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC(
72 AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID);
73static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC(
74 AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]75
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]76static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC(
77 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID);
Soby Mathew0bdfef02017-11-07 17:03:57 +0000[diff] [blame]78static auth_param_type_desc_t tb_fw_config_hash = AUTH_PARAM_TYPE_DESC(
79 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_CONFIG_HASH_OID);
80static auth_param_type_desc_t hw_config_hash = AUTH_PARAM_TYPE_DESC(
81 AUTH_PARAM_HASH, HW_CONFIG_HASH_OID);
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]82static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC(
83 AUTH_PARAM_HASH, SCP_FW_HASH_OID);
84static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
85 AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]86static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC(
87 AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID);
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]88static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
89 AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]90static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC(
91 AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID);
Summer Qin80726782017-04-20 16:28:39 +0100[diff] [blame]92static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC(
93 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID);
94static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC(
95 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID);
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]96static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
97 AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]98static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC(
99 AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]100static auth_param_type_desc_t scp_bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]101 AUTH_PARAM_HASH, SCP_FWU_CFG_HASH_OID);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]102static auth_param_type_desc_t bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]103 AUTH_PARAM_HASH, AP_FWU_CFG_HASH_OID);
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]104static auth_param_type_desc_t ns_bl2u_hash = AUTH_PARAM_TYPE_DESC(
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]105 AUTH_PARAM_HASH, FWU_HASH_OID);
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]106
107/*
108 * TBBR Chain of trust definition
109 */
110static const auth_img_desc_t cot_desc[] = {
111 /*
112 * BL2
113 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]114 [TRUSTED_BOOT_FW_CERT_ID] = {
115 .img_id = TRUSTED_BOOT_FW_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]116 .img_type = IMG_CERT,
117 .parent = NULL,
118 .img_auth_methods = {
119 [0] = {
120 .type = AUTH_METHOD_SIG,
121 .param.sig = {
122 .pk = &subject_pk,
123 .sig = &sig,
124 .alg = &sig_alg,
125 .data = &raw_data,
126 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]127 },
128 [1] = {
129 .type = AUTH_METHOD_NV_CTR,
130 .param.nv_ctr = {
131 .cert_nv_ctr = &trusted_nv_ctr,
132 .plat_nv_ctr = &trusted_nv_ctr
133 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]134 }
135 },
136 .authenticated_data = {
137 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]138 .type_desc = &tb_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]139 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]140 .ptr = (void *)tb_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]141 .len = (unsigned int)HASH_DER_LEN
142 }
Soby Mathew0bdfef02017-11-07 17:03:57 +0000[diff] [blame]143 },
144 [1] = {
145 .type_desc = &tb_fw_config_hash,
146 .data = {
147 .ptr = (void *)tb_fw_config_hash_buf,
148 .len = (unsigned int)HASH_DER_LEN
149 }
150 },
151 [2] = {
152 .type_desc = &hw_config_hash,
153 .data = {
154 .ptr = (void *)hw_config_hash_buf,
155 .len = (unsigned int)HASH_DER_LEN
156 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]157 }
158 }
159 },
160 [BL2_IMAGE_ID] = {
161 .img_id = BL2_IMAGE_ID,
162 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]163 .parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]164 .img_auth_methods = {
165 [0] = {
166 .type = AUTH_METHOD_HASH,
167 .param.hash = {
168 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]169 .hash = &tb_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]170 }
171 }
172 }
173 },
Soby Mathew0bdfef02017-11-07 17:03:57 +0000[diff] [blame]174 /* HW Config */
175 [HW_CONFIG_ID] = {
176 .img_id = HW_CONFIG_ID,
177 .img_type = IMG_RAW,
178 .parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
179 .img_auth_methods = {
180 [0] = {
181 .type = AUTH_METHOD_HASH,
182 .param.hash = {
183 .data = &raw_data,
184 .hash = &hw_config_hash,
185 }
186 }
187 }
188 },
189 /* TB FW Config */
190 [TB_FW_CONFIG_ID] = {
191 .img_id = TB_FW_CONFIG_ID,
192 .img_type = IMG_RAW,
193 .parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
194 .img_auth_methods = {
195 [0] = {
196 .type = AUTH_METHOD_HASH,
197 .param.hash = {
198 .data = &raw_data,
199 .hash = &tb_fw_config_hash,
200 }
201 }
202 }
203 },
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]204 /*
205 * Trusted key certificate
206 */
207 [TRUSTED_KEY_CERT_ID] = {
208 .img_id = TRUSTED_KEY_CERT_ID,
209 .img_type = IMG_CERT,
210 .parent = NULL,
211 .img_auth_methods = {
212 [0] = {
213 .type = AUTH_METHOD_SIG,
214 .param.sig = {
215 .pk = &subject_pk,
216 .sig = &sig,
217 .alg = &sig_alg,
218 .data = &raw_data,
219 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]220 },
221 [1] = {
222 .type = AUTH_METHOD_NV_CTR,
223 .param.nv_ctr = {
224 .cert_nv_ctr = &trusted_nv_ctr,
225 .plat_nv_ctr = &trusted_nv_ctr
226 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]227 }
228 },
229 .authenticated_data = {
230 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]231 .type_desc = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]232 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]233 .ptr = (void *)trusted_world_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]234 .len = (unsigned int)PK_DER_LEN
235 }
236 },
237 [1] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]238 .type_desc = &non_trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]239 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]240 .ptr = (void *)non_trusted_world_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]241 .len = (unsigned int)PK_DER_LEN
242 }
243 }
244 }
245 },
246 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]247 * SCP Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]248 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]249 [SCP_FW_KEY_CERT_ID] = {
250 .img_id = SCP_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]251 .img_type = IMG_CERT,
252 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
253 .img_auth_methods = {
254 [0] = {
255 .type = AUTH_METHOD_SIG,
256 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]257 .pk = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]258 .sig = &sig,
259 .alg = &sig_alg,
260 .data = &raw_data,
261 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]262 },
263 [1] = {
264 .type = AUTH_METHOD_NV_CTR,
265 .param.nv_ctr = {
266 .cert_nv_ctr = &trusted_nv_ctr,
267 .plat_nv_ctr = &trusted_nv_ctr
268 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]269 }
270 },
271 .authenticated_data = {
272 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]273 .type_desc = &scp_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]274 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]275 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]276 .len = (unsigned int)PK_DER_LEN
277 }
278 }
279 }
280 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]281 [SCP_FW_CONTENT_CERT_ID] = {
282 .img_id = SCP_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]283 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]284 .parent = &cot_desc[SCP_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]285 .img_auth_methods = {
286 [0] = {
287 .type = AUTH_METHOD_SIG,
288 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]289 .pk = &scp_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]290 .sig = &sig,
291 .alg = &sig_alg,
292 .data = &raw_data,
293 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]294 },
295 [1] = {
296 .type = AUTH_METHOD_NV_CTR,
297 .param.nv_ctr = {
298 .cert_nv_ctr = &trusted_nv_ctr,
299 .plat_nv_ctr = &trusted_nv_ctr
300 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]301 }
302 },
303 .authenticated_data = {
304 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]305 .type_desc = &scp_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]306 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]307 .ptr = (void *)scp_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]308 .len = (unsigned int)HASH_DER_LEN
309 }
310 }
311 }
312 },
Juan Castilloa72b6472015-12-10 15:49:17 +0000[diff] [blame]313 [SCP_BL2_IMAGE_ID] = {
314 .img_id = SCP_BL2_IMAGE_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]315 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]316 .parent = &cot_desc[SCP_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]317 .img_auth_methods = {
318 [0] = {
319 .type = AUTH_METHOD_HASH,
320 .param.hash = {
321 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]322 .hash = &scp_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]323 }
324 }
325 }
326 },
327 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]328 * SoC Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]329 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]330 [SOC_FW_KEY_CERT_ID] = {
331 .img_id = SOC_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]332 .img_type = IMG_CERT,
333 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
334 .img_auth_methods = {
335 [0] = {
336 .type = AUTH_METHOD_SIG,
337 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]338 .pk = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]339 .sig = &sig,
340 .alg = &sig_alg,
341 .data = &raw_data,
342 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]343 },
344 [1] = {
345 .type = AUTH_METHOD_NV_CTR,
346 .param.nv_ctr = {
347 .cert_nv_ctr = &trusted_nv_ctr,
348 .plat_nv_ctr = &trusted_nv_ctr
349 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]350 }
351 },
352 .authenticated_data = {
353 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]354 .type_desc = &soc_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]355 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]356 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]357 .len = (unsigned int)PK_DER_LEN
358 }
359 }
360 }
361 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]362 [SOC_FW_CONTENT_CERT_ID] = {
363 .img_id = SOC_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]364 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]365 .parent = &cot_desc[SOC_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]366 .img_auth_methods = {
367 [0] = {
368 .type = AUTH_METHOD_SIG,
369 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]370 .pk = &soc_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]371 .sig = &sig,
372 .alg = &sig_alg,
373 .data = &raw_data,
374 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]375 },
376 [1] = {
377 .type = AUTH_METHOD_NV_CTR,
378 .param.nv_ctr = {
379 .cert_nv_ctr = &trusted_nv_ctr,
380 .plat_nv_ctr = &trusted_nv_ctr
381 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]382 }
383 },
384 .authenticated_data = {
385 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]386 .type_desc = &soc_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]387 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]388 .ptr = (void *)soc_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]389 .len = (unsigned int)HASH_DER_LEN
390 }
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]391 },
392 [1] = {
393 .type_desc = &soc_fw_config_hash,
394 .data = {
395 .ptr = (void *)soc_fw_config_hash_buf,
396 .len = (unsigned int)HASH_DER_LEN
397 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]398 }
399 }
400 },
401 [BL31_IMAGE_ID] = {
402 .img_id = BL31_IMAGE_ID,
403 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]404 .parent = &cot_desc[SOC_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]405 .img_auth_methods = {
406 [0] = {
407 .type = AUTH_METHOD_HASH,
408 .param.hash = {
409 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]410 .hash = &soc_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]411 }
412 }
413 }
414 },
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]415 /* SOC FW Config */
416 [SOC_FW_CONFIG_ID] = {
417 .img_id = SOC_FW_CONFIG_ID,
418 .img_type = IMG_RAW,
419 .parent = &cot_desc[SOC_FW_CONTENT_CERT_ID],
420 .img_auth_methods = {
421 [0] = {
422 .type = AUTH_METHOD_HASH,
423 .param.hash = {
424 .data = &raw_data,
425 .hash = &soc_fw_config_hash,
426 }
427 }
428 }
429 },
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]430 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]431 * Trusted OS Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]432 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]433 [TRUSTED_OS_FW_KEY_CERT_ID] = {
434 .img_id = TRUSTED_OS_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]435 .img_type = IMG_CERT,
436 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
437 .img_auth_methods = {
438 [0] = {
439 .type = AUTH_METHOD_SIG,
440 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]441 .pk = &trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]442 .sig = &sig,
443 .alg = &sig_alg,
444 .data = &raw_data,
445 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]446 },
447 [1] = {
448 .type = AUTH_METHOD_NV_CTR,
449 .param.nv_ctr = {
450 .cert_nv_ctr = &trusted_nv_ctr,
451 .plat_nv_ctr = &trusted_nv_ctr
452 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]453 }
454 },
455 .authenticated_data = {
456 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]457 .type_desc = &tos_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]458 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]459 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]460 .len = (unsigned int)PK_DER_LEN
461 }
462 }
463 }
464 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]465 [TRUSTED_OS_FW_CONTENT_CERT_ID] = {
466 .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]467 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]468 .parent = &cot_desc[TRUSTED_OS_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]469 .img_auth_methods = {
470 [0] = {
471 .type = AUTH_METHOD_SIG,
472 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]473 .pk = &tos_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]474 .sig = &sig,
475 .alg = &sig_alg,
476 .data = &raw_data,
477 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]478 },
479 [1] = {
480 .type = AUTH_METHOD_NV_CTR,
481 .param.nv_ctr = {
482 .cert_nv_ctr = &trusted_nv_ctr,
483 .plat_nv_ctr = &trusted_nv_ctr
484 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]485 }
486 },
487 .authenticated_data = {
488 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]489 .type_desc = &tos_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]490 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]491 .ptr = (void *)tos_fw_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]492 .len = (unsigned int)HASH_DER_LEN
493 }
Summer Qin80726782017-04-20 16:28:39 +0100[diff] [blame]494 },
495 [1] = {
496 .type_desc = &tos_fw_extra1_hash,
497 .data = {
498 .ptr = (void *)tos_fw_extra1_hash_buf,
499 .len = (unsigned int)HASH_DER_LEN
500 }
501 },
502 [2] = {
503 .type_desc = &tos_fw_extra2_hash,
504 .data = {
505 .ptr = (void *)tos_fw_extra2_hash_buf,
506 .len = (unsigned int)HASH_DER_LEN
507 }
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]508 },
509 [3] = {
510 .type_desc = &tos_fw_config_hash,
511 .data = {
512 .ptr = (void *)tos_fw_config_hash_buf,
513 .len = (unsigned int)HASH_DER_LEN
514 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]515 }
516 }
517 },
518 [BL32_IMAGE_ID] = {
519 .img_id = BL32_IMAGE_ID,
520 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]521 .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]522 .img_auth_methods = {
523 [0] = {
524 .type = AUTH_METHOD_HASH,
525 .param.hash = {
526 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]527 .hash = &tos_fw_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]528 }
529 }
530 }
531 },
Summer Qin80726782017-04-20 16:28:39 +0100[diff] [blame]532 [BL32_EXTRA1_IMAGE_ID] = {
533 .img_id = BL32_EXTRA1_IMAGE_ID,
534 .img_type = IMG_RAW,
535 .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
536 .img_auth_methods = {
537 [0] = {
538 .type = AUTH_METHOD_HASH,
539 .param.hash = {
540 .data = &raw_data,
541 .hash = &tos_fw_extra1_hash,
542 }
543 }
544 }
545 },
546 [BL32_EXTRA2_IMAGE_ID] = {
547 .img_id = BL32_EXTRA2_IMAGE_ID,
548 .img_type = IMG_RAW,
549 .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
550 .img_auth_methods = {
551 [0] = {
552 .type = AUTH_METHOD_HASH,
553 .param.hash = {
554 .data = &raw_data,
555 .hash = &tos_fw_extra2_hash,
556 }
557 }
558 }
559 },
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]560 /* TOS FW Config */
561 [TOS_FW_CONFIG_ID] = {
562 .img_id = TOS_FW_CONFIG_ID,
563 .img_type = IMG_RAW,
564 .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
565 .img_auth_methods = {
566 [0] = {
567 .type = AUTH_METHOD_HASH,
568 .param.hash = {
569 .data = &raw_data,
570 .hash = &tos_fw_config_hash,
571 }
572 }
573 }
574 },
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]575 /*
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]576 * Non-Trusted Firmware
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]577 */
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]578 [NON_TRUSTED_FW_KEY_CERT_ID] = {
579 .img_id = NON_TRUSTED_FW_KEY_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]580 .img_type = IMG_CERT,
581 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
582 .img_auth_methods = {
583 [0] = {
584 .type = AUTH_METHOD_SIG,
585 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]586 .pk = &non_trusted_world_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]587 .sig = &sig,
588 .alg = &sig_alg,
589 .data = &raw_data,
590 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]591 },
592 [1] = {
593 .type = AUTH_METHOD_NV_CTR,
594 .param.nv_ctr = {
595 .cert_nv_ctr = &non_trusted_nv_ctr,
596 .plat_nv_ctr = &non_trusted_nv_ctr
597 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]598 }
599 },
600 .authenticated_data = {
601 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]602 .type_desc = &nt_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]603 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]604 .ptr = (void *)content_pk_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]605 .len = (unsigned int)PK_DER_LEN
606 }
607 }
608 }
609 },
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]610 [NON_TRUSTED_FW_CONTENT_CERT_ID] = {
611 .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]612 .img_type = IMG_CERT,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]613 .parent = &cot_desc[NON_TRUSTED_FW_KEY_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]614 .img_auth_methods = {
615 [0] = {
616 .type = AUTH_METHOD_SIG,
617 .param.sig = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]618 .pk = &nt_fw_content_pk,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]619 .sig = &sig,
620 .alg = &sig_alg,
621 .data = &raw_data,
622 }
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]623 },
624 [1] = {
625 .type = AUTH_METHOD_NV_CTR,
626 .param.nv_ctr = {
627 .cert_nv_ctr = &non_trusted_nv_ctr,
628 .plat_nv_ctr = &non_trusted_nv_ctr
629 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]630 }
631 },
632 .authenticated_data = {
633 [0] = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]634 .type_desc = &nt_world_bl_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]635 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]636 .ptr = (void *)nt_world_bl_hash_buf,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]637 .len = (unsigned int)HASH_DER_LEN
638 }
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]639 },
640 [1] = {
641 .type_desc = &nt_fw_config_hash,
642 .data = {
643 .ptr = (void *)nt_fw_config_hash_buf,
644 .len = (unsigned int)HASH_DER_LEN
645 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]646 }
647 }
648 },
649 [BL33_IMAGE_ID] = {
650 .img_id = BL33_IMAGE_ID,
651 .img_type = IMG_RAW,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]652 .parent = &cot_desc[NON_TRUSTED_FW_CONTENT_CERT_ID],
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]653 .img_auth_methods = {
654 [0] = {
655 .type = AUTH_METHOD_HASH,
656 .param.hash = {
657 .data = &raw_data,
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]658 .hash = &nt_world_bl_hash,
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]659 }
660 }
661 }
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]662 },
Soby Mathew2bb78d32018-03-29 14:29:55 +0100[diff] [blame]663 /* NT FW Config */
664 [NT_FW_CONFIG_ID] = {
665 .img_id = NT_FW_CONFIG_ID,
666 .img_type = IMG_RAW,
667 .parent = &cot_desc[NON_TRUSTED_FW_CONTENT_CERT_ID],
668 .img_auth_methods = {
669 [0] = {
670 .type = AUTH_METHOD_HASH,
671 .param.hash = {
672 .data = &raw_data,
673 .hash = &nt_fw_config_hash,
674 }
675 }
676 }
677 },
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]678 /*
679 * FWU auth descriptor.
680 */
681 [FWU_CERT_ID] = {
682 .img_id = FWU_CERT_ID,
683 .img_type = IMG_CERT,
684 .parent = NULL,
685 .img_auth_methods = {
686 [0] = {
687 .type = AUTH_METHOD_SIG,
688 .param.sig = {
689 .pk = &subject_pk,
690 .sig = &sig,
691 .alg = &sig_alg,
692 .data = &raw_data,
693 }
694 }
695 },
696 .authenticated_data = {
697 [0] = {
698 .type_desc = &scp_bl2u_hash,
699 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]700 .ptr = (void *)scp_fw_hash_buf,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]701 .len = (unsigned int)HASH_DER_LEN
702 }
703 },
704 [1] = {
705 .type_desc = &bl2u_hash,
706 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]707 .ptr = (void *)tb_fw_hash_buf,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]708 .len = (unsigned int)HASH_DER_LEN
709 }
710 },
711 [2] = {
712 .type_desc = &ns_bl2u_hash,
713 .data = {
Juan Castillobe801202015-12-03 10:19:21 +0000[diff] [blame]714 .ptr = (void *)nt_world_bl_hash_buf,
Yatharth Kochar71c9a5e2015-10-10 19:06:53 +0100[diff] [blame]715 .len = (unsigned int)HASH_DER_LEN
716 }
717 }
718 }
719 },
720 /*
721 * SCP_BL2U
722 */
723 [SCP_BL2U_IMAGE_ID] = {
724 .img_id = SCP_BL2U_IMAGE_ID,
725 .img_type = IMG_RAW,
726 .parent = &cot_desc[FWU_CERT_ID],
727 .img_auth_methods = {
728 [0] = {
729 .type = AUTH_METHOD_HASH,
730 .param.hash = {
731 .data = &raw_data,
732 .hash = &scp_bl2u_hash,
733 }
734 }
735 }
736 },
737 /*
738 * BL2U
739 */
740 [BL2U_IMAGE_ID] = {
741 .img_id = BL2U_IMAGE_ID,
742 .img_type = IMG_RAW,
743 .parent = &cot_desc[FWU_CERT_ID],
744 .img_auth_methods = {
745 [0] = {
746 .type = AUTH_METHOD_HASH,
747 .param.hash = {
748 .data = &raw_data,
749 .hash = &bl2u_hash,
750 }
751 }
752 }
753 },
754 /*
755 * NS_BL2U
756 */
757 [NS_BL2U_IMAGE_ID] = {
758 .img_id = NS_BL2U_IMAGE_ID,
759 .img_type = IMG_RAW,
760 .parent = &cot_desc[FWU_CERT_ID],
761 .img_auth_methods = {
762 [0] = {
763 .type = AUTH_METHOD_HASH,
764 .param.hash = {
765 .data = &raw_data,
766 .hash = &ns_bl2u_hash,
767 }
768 }
769 }
Juan Castillo9b265a82015-05-07 14:52:44 +0100[diff] [blame]770 }
771};
772
773/* Register the CoT in the authentication module */
774REGISTER_COT(cot_desc);