Platform: Implement API to get ROTPK PSA Trusted Boot and Firmware Update specification requires the support of at least one immutable root of trust public key (ROTPK) for firmware verification. This key is provisioned to the SoC during manufacturing. This API makes possible to the bootloader to get the hash of ROTPK in order to validate the public key which is present in the image manifest. This is a dummy implementation not suitable for use in production! Change-Id: Ibf4d3d376f9e6fceaaabc9a1f11a46ef20f07a16 Signed-off-by: Tamas Ban <tamas.ban@arm.com>

commit: 5db575304df2ddcabaf27ff62ec6ce07542e13ea [log] [tgz]
author: Tamas Ban <tamas.ban@arm.com> Wed Jul 17 10:59:02 2019 +0100
committer: Tamas Ban <tamas.ban@arm.com> Fri Sep 06 06:59:34 2019 +0000
tree: 66ca640b84dc4b58b19daf16393ed41468264020
parent: 24f5598b3e53729a36b291c2fba250655757a532 [diff]
diff --git a/platform/include/tfm_plat_crypto_keys.h b/platform/include/tfm_plat_crypto_keys.h
index 01d2746..59b438b 100644
--- a/platform/include/tfm_plat_crypto_keys.h
+++ b/platform/include/tfm_plat_crypto_keys.h

@@ -62,6 +62,20 @@
 
 #define ECC_P_256_KEY_SIZE  (96u)  /* 3 x 32 = 96 bytes priv + pub-x + pub-y */
 
+#define ROTPK_HASH_LEN (32u) /* SHA256 */
+
+/**
+ * Structure to store the hard-coded (embedded in secure firmware) hash of ROTPK
+ * for firmware authentication.
+ *
+ * \note Just temporary solution, hard-coded key-hash values in firmware is not
+ *       suited for use in production!
+ */
+struct tfm_plat_rotpk_t {
+    const uint8_t *key_hash;
+    const uint8_t  hash_len;
+};
+
 /**
  * \brief Gets hardware unique key for encryption
  *
commit	5db575304df2ddcabaf27ff62ec6ce07542e13ea	[log] [tgz]
author	Tamas Ban <tamas.ban@arm.com>	Wed Jul 17 10:59:02 2019 +0100
committer	Tamas Ban <tamas.ban@arm.com>	Fri Sep 06 06:59:34 2019 +0000
tree	66ca640b84dc4b58b19daf16393ed41468264020
parent	24f5598b3e53729a36b291c2fba250655757a532 [diff]