aboutsummaryrefslogtreecommitdiff
path: root/drivers/auth
diff options
context:
space:
mode:
authordp-arm <dimitris.papastamos@arm.com>2016-12-12 14:48:13 +0000
committerdp-arm <dimitris.papastamos@arm.com>2016-12-15 14:12:35 +0000
commitd35dee23b68366af90502c04da4f3eb29d5fe92a (patch)
treefcd8e5144a9646fe439cc7a69b3a241b2fb1776f /drivers/auth
parenta4af0c2e8409696667695f3781a22cba2eafbd2c (diff)
downloadtrusted-firmware-a-d35dee23b68366af90502c04da4f3eb29d5fe92a.tar.gz
tbbr: Fix updating of Non-Trusted NV counter
The previous code required that a certificate be signed with the ROT key before the platform's NV counter could be updated with the value in the certificate. This implies that the Non-Trusted NV counter was not being updated for Non-Trusted content certificates, as they cannot be signed with the ROT key in the TBBR CoT scheme. The code is reworked to only allow updating the platform's Trusted NV counter when a certificate protected by the Trusted NV counter is signed with the ROT key. Content certificates protected by the Non-Trusted NV counter are allowed to update the platform's Non-Trusted NV counter, assuming that the certificate value is higher than the platform's value. A new optional platform API has been introduced, named plat_set_nv_ctr2(). Platforms may choose to implement it and perform additional checks based on the authentication image descriptor before modifying the NV counters. A default weak implementation is available that just calls into plat_set_nv_ctr(). Fixes ARM-software/tf-issues#426 Change-Id: I4fc978fd28a3007bc0cef972ff1f69ad0413b79c Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Diffstat (limited to 'drivers/auth')
-rw-r--r--drivers/auth/auth_mod.c23
1 files changed, 12 insertions, 11 deletions
diff --git a/drivers/auth/auth_mod.c b/drivers/auth/auth_mod.c
index 88ef0b026f..2c8643f405 100644
--- a/drivers/auth/auth_mod.c
+++ b/drivers/auth/auth_mod.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2016, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -50,6 +50,8 @@
} \
} while (0)
+#pragma weak plat_set_nv_ctr2
+
/* Pointer to CoT */
extern const auth_img_desc_t *const cot_desc_ptr;
extern unsigned int auth_img_flags[];
@@ -297,21 +299,20 @@ static int auth_nvctr(const auth_method_param_nv_ctr_t *param,
/* Invalid NV-counter */
return 1;
} else if (cert_nv_ctr > plat_nv_ctr) {
- if (img_desc->parent == NULL) {
- /* This certificate has been signed with the ROT key.
- * Update the platform counter value */
- rc = plat_set_nv_ctr(param->plat_nv_ctr->cookie,
- cert_nv_ctr);
- return_if_error(rc);
- } else {
- /* Secondary certificates cannot modify the counter */
- return 1;
- }
+ rc = plat_set_nv_ctr2(param->plat_nv_ctr->cookie,
+ img_desc, cert_nv_ctr);
+ return_if_error(rc);
}
return 0;
}
+int plat_set_nv_ctr2(void *cookie, const auth_img_desc_t *img_desc __unused,
+ unsigned int nv_ctr)
+{
+ return plat_set_nv_ctr(cookie, nv_ctr);
+}
+
/*
* Return the parent id in the output parameter '*parent_id'
*