aboutsummaryrefslogtreecommitdiff
path: root/include/plat/common/platform.h
diff options
context:
space:
mode:
authorSoby Mathew <soby.mathew@arm.com>2016-05-24 15:05:15 +0100
committerSoby Mathew <soby.mathew@arm.com>2016-06-03 18:27:36 +0100
commit04943d33cf379868a1dfa3971c2c2250526f0670 (patch)
treee006817db9467446e932182739c9f25bcb702c3c /include/plat/common/platform.h
parenta7e530331d7cf4b58618f0715e61b5a872176f07 (diff)
downloadtrusted-firmware-a-04943d33cf379868a1dfa3971c2c2250526f0670.tar.gz
Allow dynamic overriding of ROTPK verification
A production ROM with TBB enabled must have the ability to boot test software before a real ROTPK is deployed (e.g. manufacturing mode). Previously the function plat_get_rotpk_info() must return a valid ROTPK for TBB to succeed. This patch adds an additional bit `ROTPK_NOT_DEPLOYED` in the output `flags` parameter from plat_get_rotpk_info(). If this bit is set, then the ROTPK in certificate is used without verifying against the platform value. Fixes ARM-software/tf-issues#381 Change-Id: Icbbffab6bff8ed76b72431ee21337f550d8fdbbb
Diffstat (limited to 'include/plat/common/platform.h')
-rw-r--r--include/plat/common/platform.h3
1 files changed, 3 insertions, 0 deletions
diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h
index a08a12e40b..390721f291 100644
--- a/include/plat/common/platform.h
+++ b/include/plat/common/platform.h
@@ -49,6 +49,9 @@ struct image_desc;
* plat_get_rotpk_info() flags
******************************************************************************/
#define ROTPK_IS_HASH (1 << 0)
+/* Flag used to skip verification of the certificate ROTPK while the platform
+ ROTPK is not deployed */
+#define ROTPK_NOT_DEPLOYED (1 << 1)
/*******************************************************************************
* Function declarations