diff options
author | Soby Mathew <soby.mathew@arm.com> | 2016-05-24 15:05:15 +0100 |
---|---|---|
committer | Soby Mathew <soby.mathew@arm.com> | 2016-06-03 18:27:36 +0100 |
commit | 04943d33cf379868a1dfa3971c2c2250526f0670 (patch) | |
tree | e006817db9467446e932182739c9f25bcb702c3c /include/plat/common/platform.h | |
parent | a7e530331d7cf4b58618f0715e61b5a872176f07 (diff) | |
download | trusted-firmware-a-04943d33cf379868a1dfa3971c2c2250526f0670.tar.gz |
Allow dynamic overriding of ROTPK verification
A production ROM with TBB enabled must have the ability to boot test software
before a real ROTPK is deployed (e.g. manufacturing mode). Previously the
function plat_get_rotpk_info() must return a valid ROTPK for TBB to succeed.
This patch adds an additional bit `ROTPK_NOT_DEPLOYED` in the output `flags`
parameter from plat_get_rotpk_info(). If this bit is set, then the ROTPK
in certificate is used without verifying against the platform value.
Fixes ARM-software/tf-issues#381
Change-Id: Icbbffab6bff8ed76b72431ee21337f550d8fdbbb
Diffstat (limited to 'include/plat/common/platform.h')
-rw-r--r-- | include/plat/common/platform.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h index a08a12e40b..390721f291 100644 --- a/include/plat/common/platform.h +++ b/include/plat/common/platform.h @@ -49,6 +49,9 @@ struct image_desc; * plat_get_rotpk_info() flags ******************************************************************************/ #define ROTPK_IS_HASH (1 << 0) +/* Flag used to skip verification of the certificate ROTPK while the platform + ROTPK is not deployed */ +#define ROTPK_NOT_DEPLOYED (1 << 1) /******************************************************************************* * Function declarations |