commit 24f5598b3e53729a36b291c2fba250655757a532
author Tamas Ban <tamas.ban@arm.com> Wed Jul 17 10:51:15 2019 +0100
committer Tamas Ban <tamas.ban@arm.com> Fri Sep 06 06:59:34 2019 +0000
tree fdb56ed03f613a32a794829102c8098c910855fd
parent f466a8a7f82c6080cb57c35d3f7d169dd8ecdf62

Platform: Define API to get ROTPK

PSA Trusted Boot and Firmware Update specification requires
the support of at least one immutable root of trust public key
(ROTPK) for firmware verification. This key is provisioned to
the SoC during manufacturing. This API makes possible to
the bootloader to get the hash of ROTPK from the SoC in order
to validate the public key which is present in the image manifest.

Change-Id: Ica8cb52417e5dc022800b04470dba64f4fe05b22
Signed-off-by: Tamas Ban <tamas.ban@arm.com>

platform/include/tfm_plat_crypto_keys.h

diff --git a/platform/include/tfm_plat_crypto_keys.h b/platform/include/tfm_plat_crypto_keys.h
index 386d61f..01d2746 100644
--- a/platform/include/tfm_plat_crypto_keys.h
+++ b/platform/include/tfm_plat_crypto_keys.h
@@ -106,6 +106,20 @@
                                 struct ecc_key_t *ecc_key,
                                 enum ecc_curve_t *curve_type);
 
+/**
+ * \brief Get the hash of the corresponding Root of Trust Public Key for
+ *        firmware authentication.
+ *
+ * \param[in]      image_id         The identifier of firmware image
+ * \param[out]     rotpk_hash       Buffer to store the key-hash in
+ * \param[in,out]  rotpk_hash_size  As input the size of the buffer. As output
+ *                                  the actual key-hash length.
+ */
+enum tfm_plat_err_t
+tfm_plat_get_rotpk_hash(uint8_t image_id,
+                        uint8_t *rotpk_hash,
+                        uint32_t *rotpk_hash_size);
+
 #ifdef __cplusplus
 }
 #endif