| Lionel Debieve | 563e715 | 2022-10-06 08:51:32 +0200 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (c) 2020-2022, ARM Limited. All rights reserved. |
| 3 | * |
| 4 | * SPDX-License-Identifier: BSD-3-Clause |
| 5 | */ |
| 6 | |
| 7 | #include <common/nv_cntr_ids.h> |
| 8 | #include <common/tbbr/tbbr_img_def.h> |
| 9 | #include <tools_share/tbbr_oid.h> |
| 10 | |
| 11 | cot { |
| 12 | manifests { |
| 13 | compatible = "arm, cert-descs"; |
| 14 | |
| 15 | stm32mp_cfg_cert: stm32mp_cfg_cert { |
| 16 | root-certificate; |
| 17 | image-id = <STM32MP_CONFIG_CERT_ID>; |
| 18 | antirollback-counter = <&trusted_nv_counter>; |
| 19 | |
| 20 | hw_config_hash: hw_config_hash { |
| 21 | oid = HW_CONFIG_HASH_OID; |
| 22 | }; |
| 23 | |
| 24 | fw_config_hash: fw_config_hash { |
| 25 | oid = FW_CONFIG_HASH_OID; |
| 26 | }; |
| 27 | }; |
| 28 | |
| 29 | trusted_key_cert: trusted_key_cert { |
| 30 | root-certificate; |
| 31 | image-id = <TRUSTED_KEY_CERT_ID>; |
| 32 | antirollback-counter = <&trusted_nv_counter>; |
| 33 | |
| 34 | trusted_world_pk: trusted_world_pk { |
| 35 | oid = TRUSTED_WORLD_PK_OID; |
| 36 | }; |
| 37 | non_trusted_world_pk: non_trusted_world_pk { |
| 38 | oid = NON_TRUSTED_WORLD_PK_OID; |
| 39 | }; |
| 40 | }; |
| 41 | |
| 42 | trusted_os_fw_key_cert: trusted_os_fw_key_cert { |
| 43 | image-id = <TRUSTED_OS_FW_KEY_CERT_ID>; |
| 44 | parent = <&trusted_key_cert>; |
| 45 | signing-key = <&trusted_world_pk>; |
| 46 | antirollback-counter = <&trusted_nv_counter>; |
| 47 | |
| 48 | tos_fw_content_pk: tos_fw_content_pk { |
| 49 | oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID; |
| 50 | }; |
| 51 | }; |
| 52 | |
| 53 | trusted_os_fw_content_cert: trusted_os_fw_content_cert { |
| 54 | image-id = <TRUSTED_OS_FW_CONTENT_CERT_ID>; |
| 55 | parent = <&trusted_os_fw_key_cert>; |
| 56 | signing-key = <&tos_fw_content_pk>; |
| 57 | antirollback-counter = <&trusted_nv_counter>; |
| 58 | |
| 59 | tos_fw_hash: tos_fw_hash { |
| 60 | oid = TRUSTED_OS_FW_HASH_OID; |
| 61 | }; |
| 62 | tos_fw_extra1_hash: tos_fw_extra1_hash { |
| 63 | oid = TRUSTED_OS_FW_EXTRA1_HASH_OID; |
| 64 | }; |
| 65 | tos_fw_extra2_hash: tos_fw_extra2_hash { |
| 66 | oid = TRUSTED_OS_FW_EXTRA2_HASH_OID; |
| 67 | }; |
| 68 | tos_fw_config_hash: tos_fw_config_hash { |
| 69 | oid = TRUSTED_OS_FW_CONFIG_HASH_OID; |
| 70 | }; |
| 71 | }; |
| 72 | |
| 73 | non_trusted_fw_key_cert: non_trusted_fw_key_cert { |
| 74 | image-id = <NON_TRUSTED_FW_KEY_CERT_ID>; |
| 75 | parent = <&trusted_key_cert>; |
| 76 | signing-key = <&non_trusted_world_pk>; |
| 77 | antirollback-counter = <&non_trusted_nv_counter>; |
| 78 | |
| 79 | nt_fw_content_pk: nt_fw_content_pk { |
| 80 | oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID; |
| 81 | }; |
| 82 | }; |
| 83 | |
| 84 | non_trusted_fw_content_cert: non_trusted_fw_content_cert { |
| 85 | image-id = <NON_TRUSTED_FW_CONTENT_CERT_ID>; |
| 86 | parent = <&non_trusted_fw_key_cert>; |
| 87 | signing-key = <&nt_fw_content_pk>; |
| 88 | antirollback-counter = <&non_trusted_nv_counter>; |
| 89 | |
| 90 | nt_world_bl_hash: nt_world_bl_hash { |
| 91 | oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID; |
| 92 | }; |
| 93 | }; |
| 94 | }; |
| 95 | |
| 96 | images { |
| 97 | compatible = "arm, img-descs"; |
| 98 | |
| 99 | hw_config { |
| 100 | image-id = <HW_CONFIG_ID>; |
| 101 | parent = <&stm32mp_cfg_cert>; |
| 102 | hash = <&hw_config_hash>; |
| 103 | }; |
| 104 | |
| 105 | fw_config { |
| 106 | image-id = <FW_CONFIG_ID>; |
| 107 | parent = <&stm32mp_cfg_cert>; |
| 108 | hash = <&fw_config_hash>; |
| 109 | }; |
| 110 | |
| 111 | bl32_image { |
| 112 | image-id = <BL32_IMAGE_ID>; |
| 113 | parent = <&trusted_os_fw_content_cert>; |
| 114 | hash = <&tos_fw_hash>; |
| 115 | }; |
| 116 | |
| 117 | bl32_extra1_image { |
| 118 | image-id = <BL32_EXTRA1_IMAGE_ID>; |
| 119 | parent = <&trusted_os_fw_content_cert>; |
| 120 | hash = <&tos_fw_extra1_hash>; |
| 121 | }; |
| 122 | |
| 123 | bl32_extra2_image { |
| 124 | image-id = <BL32_EXTRA2_IMAGE_ID>; |
| 125 | parent = <&trusted_os_fw_content_cert>; |
| 126 | hash = <&tos_fw_extra2_hash>; |
| 127 | }; |
| 128 | |
| 129 | tos_fw_config { |
| 130 | image-id = <TOS_FW_CONFIG_ID>; |
| 131 | parent = <&trusted_os_fw_content_cert>; |
| 132 | hash = <&tos_fw_config_hash>; |
| 133 | }; |
| 134 | |
| 135 | bl33_image { |
| 136 | image-id = <BL33_IMAGE_ID>; |
| 137 | parent = <&non_trusted_fw_content_cert>; |
| 138 | hash = <&nt_world_bl_hash>; |
| 139 | }; |
| 140 | }; |
| 141 | }; |
| 142 | |
| 143 | non_volatile_counters: non_volatile_counters { |
| 144 | #address-cells = <1>; |
| 145 | #size-cells = <0>; |
| 146 | |
| 147 | trusted_nv_counter: trusted_nv_counter { |
| 148 | id = <TRUSTED_NV_CTR_ID>; |
| 149 | oid = TRUSTED_FW_NVCOUNTER_OID; |
| 150 | }; |
| 151 | |
| 152 | non_trusted_nv_counter: non_trusted_nv_counter { |
| 153 | id = <NON_TRUSTED_NV_CTR_ID>; |
| 154 | oid = NON_TRUSTED_FW_NVCOUNTER_OID; |
| 155 | }; |
| 156 | }; |