aboutsummaryrefslogtreecommitdiff
path: root/include/drivers
diff options
context:
space:
mode:
authorManish Pandey <manish.pandey2@arm.com>2020-05-27 22:40:10 +0100
committerManish Pandey <manish.pandey2@arm.com>2020-06-09 16:22:26 +0100
commit44f1aa8efe627e578c38fbc0623b083223109342 (patch)
treedce088ceefdde4d9bbfba72135535306607fd177 /include/drivers
parent07c4447588ed53b526563d0a9f61e401d24d0952 (diff)
downloadtrusted-firmware-a-44f1aa8efe627e578c38fbc0623b083223109342.tar.gz
dualroot: add chain of trust for secure partitions
A new certificate "sip-sp-cert" has been added for Silicon Provider(SiP) owned Secure Partitions(SP). A similar support for Platform owned SP can be added in future. The certificate is also protected against anti- rollback using the trusted Non-Volatile counter. To avoid deviating from TBBR spec, support for SP CoT is only provided in dualroot. Secure Partition content certificate is assigned image ID 31 and SP images follows after it. The CoT for secure partition look like below. +------------------+ +-------------------+ | ROTPK/ROTPK Hash |------>| Trusted Key | +------------------+ | Certificate | | (Auth Image) | /+-------------------+ / | / | / | / | L v +------------------+ +-------------------+ | Trusted World |------>| SiP owned SPs | | Public Key | | Content Cert | +------------------+ | (Auth Image) | / +-------------------+ / | / v| +------------------+ L +-------------------+ | SP_PKG1 Hash |------>| SP_PKG1 | | | | (Data Image) | +------------------+ +-------------------+ . . . . . . +------------------+ +-------------------+ | SP_PKG8 Hash |------>| SP_PKG8 | | | | (Data Image) | +------------------+ +-------------------+ Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ia31546bac1327a3e0b5d37e8b99c808442d5e53f
Diffstat (limited to 'include/drivers')
-rw-r--r--include/drivers/auth/auth_mod.h18
1 files changed, 18 insertions, 0 deletions
diff --git a/include/drivers/auth/auth_mod.h b/include/drivers/auth/auth_mod.h
index 1dc9ff441d..01d144d2cb 100644
--- a/include/drivers/auth/auth_mod.h
+++ b/include/drivers/auth/auth_mod.h
@@ -50,6 +50,24 @@ extern const auth_img_desc_t *const *const cot_desc_ptr;
extern const size_t cot_desc_size;
extern unsigned int auth_img_flags[MAX_NUMBER_IDS];
+#if defined(SPD_spmd)
+#define DEFINE_SP_PKG(n) \
+ static const auth_img_desc_t sp_pkg##n = { \
+ .img_id = SP_CONTENT_CERT_ID + (n), \
+ .img_type = IMG_RAW, \
+ .parent = &sp_content_cert, \
+ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { \
+ [0] = { \
+ .type = AUTH_METHOD_HASH, \
+ .param.hash = { \
+ .data = &raw_data, \
+ .hash = &sp_pkg##n##_hash \
+ } \
+ } \
+ } \
+ }
+#endif
+
#endif /* TRUSTED_BOARD_BOOT */
#endif /* AUTH_MOD_H */