diff options
author | Tamas Ban <tamas.ban@arm.com> | 2019-07-17 10:51:15 +0100 |
---|---|---|
committer | Tamas Ban <tamas.ban@arm.com> | 2019-09-06 06:59:34 +0000 |
commit | 24f5598b3e53729a36b291c2fba250655757a532 (patch) | |
tree | fdb56ed03f613a32a794829102c8098c910855fd /platform/include/tfm_plat_crypto_keys.h | |
parent | f466a8a7f82c6080cb57c35d3f7d169dd8ecdf62 (diff) | |
download | trusted-firmware-m-24f5598b3e53729a36b291c2fba250655757a532.tar.gz |
Platform: Define API to get ROTPK
PSA Trusted Boot and Firmware Update specification requires
the support of at least one immutable root of trust public key
(ROTPK) for firmware verification. This key is provisioned to
the SoC during manufacturing. This API makes possible to
the bootloader to get the hash of ROTPK from the SoC in order
to validate the public key which is present in the image manifest.
Change-Id: Ica8cb52417e5dc022800b04470dba64f4fe05b22
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Diffstat (limited to 'platform/include/tfm_plat_crypto_keys.h')
-rw-r--r-- | platform/include/tfm_plat_crypto_keys.h | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/platform/include/tfm_plat_crypto_keys.h b/platform/include/tfm_plat_crypto_keys.h index 386d61f81f..01d274653c 100644 --- a/platform/include/tfm_plat_crypto_keys.h +++ b/platform/include/tfm_plat_crypto_keys.h @@ -106,6 +106,20 @@ tfm_plat_get_initial_attest_key(uint8_t *key_buf, struct ecc_key_t *ecc_key, enum ecc_curve_t *curve_type); +/** + * \brief Get the hash of the corresponding Root of Trust Public Key for + * firmware authentication. + * + * \param[in] image_id The identifier of firmware image + * \param[out] rotpk_hash Buffer to store the key-hash in + * \param[in,out] rotpk_hash_size As input the size of the buffer. As output + * the actual key-hash length. + */ +enum tfm_plat_err_t +tfm_plat_get_rotpk_hash(uint8_t image_id, + uint8_t *rotpk_hash, + uint32_t *rotpk_hash_size); + #ifdef __cplusplus } #endif |