TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / sandbox / arthur / trustedfirmware-a / 479c833afcfce3afebefdc8eecefea71c09f0bf1 / . / drivers / auth / dualroot / bl2_cot.c
blob: f8a518a4e4f3db3d9d49168d0807f5b5091d6b7a [file] [log] [blame]
Sandrine Bailleux5ab8b712020-02-06 14:59:14 +0100[diff] [blame]1/*
Xialin Liu3146a702024-06-27 12:07:10 -0500[diff] [blame]2 * Copyright (c) 2020-2024, Arm Limited. All rights reserved.
Sandrine Bailleux5ab8b712020-02-06 14:59:14 +0100[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7#include <stddef.h>
8
Govindraj Rajaa8eadc52023-01-11 18:34:58 +0000[diff] [blame]9#include <mbedtls/version.h>
Sandrine Bailleux5ab8b712020-02-06 14:59:14 +0100[diff] [blame]10
Govindraj Rajaa8eadc52023-01-11 18:34:58 +0000[diff] [blame]11#include <common/tbbr/cot_def.h>
Sandrine Bailleux5ab8b712020-02-06 14:59:14 +0100[diff] [blame]12#include <drivers/auth/auth_mod.h>
Govindraj Rajaa8eadc52023-01-11 18:34:58 +0000[diff] [blame]13
Sandrine Bailleux5ab8b712020-02-06 14:59:14 +0100[diff] [blame]14#include <tools_share/dualroot_oid.h>
15
Govindraj Rajaa8eadc52023-01-11 18:34:58 +0000[diff] [blame]16#include <platform_def.h>
17
Sandrine Bailleux5ab8b712020-02-06 14:59:14 +0100[diff] [blame]18/*
Sandrine Bailleux5ab8b712020-02-06 14:59:14 +0100[diff] [blame]19 * Allocate static buffers to store the authentication parameters extracted from
20 * the certificates.
21 */
Sandrine Bailleux5ab8b712020-02-06 14:59:14 +0100[diff] [blame]22static unsigned char hw_config_hash_buf[HASH_DER_LEN];
23static unsigned char scp_fw_hash_buf[HASH_DER_LEN];
24static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN];
25
Sandrine Bailleux5ab8b712020-02-06 14:59:14 +0100[diff] [blame]26static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
27static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
28static unsigned char tos_fw_extra1_hash_buf[HASH_DER_LEN];
29static unsigned char tos_fw_extra2_hash_buf[HASH_DER_LEN];
30static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN];
31static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN];
32static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN];
Manish Pandey44f1aa82020-05-27 22:40:10 +0100[diff] [blame]33#if defined(SPD_spmd)
34static unsigned char sp_pkg_hash_buf[MAX_SP_IDS][HASH_DER_LEN];
35#endif /* SPD_spmd */
Sandrine Bailleux5ab8b712020-02-06 14:59:14 +0100[diff] [blame]36
37static unsigned char trusted_world_pk_buf[PK_DER_LEN];
38static unsigned char content_pk_buf[PK_DER_LEN];
Sandrine Bailleux5ab8b712020-02-06 14:59:14 +0100[diff] [blame]39
40/*
41 * Parameter type descriptors.
42 */
43static auth_param_type_desc_t trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
44 AUTH_PARAM_NV_CTR, TRUSTED_FW_NVCOUNTER_OID);
45static auth_param_type_desc_t subject_pk = AUTH_PARAM_TYPE_DESC(
46 AUTH_PARAM_PUB_KEY, 0);
47static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC(
48 AUTH_PARAM_SIG, 0);
49static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC(
50 AUTH_PARAM_SIG_ALG, 0);
51static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC(
52 AUTH_PARAM_RAW_DATA, 0);
53
Sandrine Bailleux5ab8b712020-02-06 14:59:14 +0100[diff] [blame]54static auth_param_type_desc_t hw_config_hash = AUTH_PARAM_TYPE_DESC(
55 AUTH_PARAM_HASH, HW_CONFIG_HASH_OID);
Sandrine Bailleux5ab8b712020-02-06 14:59:14 +0100[diff] [blame]56
Xialin Liu3146a702024-06-27 12:07:10 -0500[diff] [blame]57
Sandrine Bailleux5ab8b712020-02-06 14:59:14 +0100[diff] [blame]58static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
59 AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID);
60
61static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC(
62 AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID);
63static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC(
64 AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID);
65static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC(
66 AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID);
67static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC(
68 AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID);
69static auth_param_type_desc_t prot_pk = AUTH_PARAM_TYPE_DESC(
70 AUTH_PARAM_PUB_KEY, PROT_PK_OID);
71
72static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC(
73 AUTH_PARAM_HASH, SCP_FW_HASH_OID);
74static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
75 AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
76static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC(
77 AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID);
78static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
79 AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
80static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC(
81 AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID);
82static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC(
83 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID);
84static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC(
85 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID);
86static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
87 AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
88static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC(
89 AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID);
Manish Pandey44f1aa82020-05-27 22:40:10 +0100[diff] [blame]90#if defined(SPD_spmd)
91static auth_param_type_desc_t sp_pkg1_hash = AUTH_PARAM_TYPE_DESC(
92 AUTH_PARAM_HASH, SP_PKG1_HASH_OID);
93static auth_param_type_desc_t sp_pkg2_hash = AUTH_PARAM_TYPE_DESC(
94 AUTH_PARAM_HASH, SP_PKG2_HASH_OID);
95static auth_param_type_desc_t sp_pkg3_hash = AUTH_PARAM_TYPE_DESC(
96 AUTH_PARAM_HASH, SP_PKG3_HASH_OID);
97static auth_param_type_desc_t sp_pkg4_hash = AUTH_PARAM_TYPE_DESC(
98 AUTH_PARAM_HASH, SP_PKG4_HASH_OID);
99static auth_param_type_desc_t sp_pkg5_hash = AUTH_PARAM_TYPE_DESC(
100 AUTH_PARAM_HASH, SP_PKG5_HASH_OID);
101static auth_param_type_desc_t sp_pkg6_hash = AUTH_PARAM_TYPE_DESC(
102 AUTH_PARAM_HASH, SP_PKG6_HASH_OID);
103static auth_param_type_desc_t sp_pkg7_hash = AUTH_PARAM_TYPE_DESC(
104 AUTH_PARAM_HASH, SP_PKG7_HASH_OID);
105static auth_param_type_desc_t sp_pkg8_hash = AUTH_PARAM_TYPE_DESC(
106 AUTH_PARAM_HASH, SP_PKG8_HASH_OID);
107#endif /* SPD_spmd */
Sandrine Bailleux5ab8b712020-02-06 14:59:14 +0100[diff] [blame]108
109
110/* BL2 */
111static const auth_img_desc_t trusted_boot_fw_cert = {
112 .img_id = TRUSTED_BOOT_FW_CERT_ID,
113 .img_type = IMG_CERT,
114 .parent = NULL,
115 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
116 [0] = {
117 .type = AUTH_METHOD_SIG,
118 .param.sig = {
119 .pk = &subject_pk,
120 .sig = &sig,
121 .alg = &sig_alg,
122 .data = &raw_data
123 }
124 },
125 [1] = {
126 .type = AUTH_METHOD_NV_CTR,
127 .param.nv_ctr = {
128 .cert_nv_ctr = &trusted_nv_ctr,
129 .plat_nv_ctr = &trusted_nv_ctr
130 }
131 }
132 },
133 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
134 [0] = {
Sandrine Bailleux5ab8b712020-02-06 14:59:14 +0100[diff] [blame]135 .type_desc = &hw_config_hash,
136 .data = {
137 .ptr = (void *)hw_config_hash_buf,
138 .len = (unsigned int)HASH_DER_LEN
139 }
140 }
141 }
142};
143
Sandrine Bailleux5ab8b712020-02-06 14:59:14 +0100[diff] [blame]144/* HW Config */
145static const auth_img_desc_t hw_config = {
146 .img_id = HW_CONFIG_ID,
147 .img_type = IMG_RAW,
148 .parent = &trusted_boot_fw_cert,
149 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
150 [0] = {
151 .type = AUTH_METHOD_HASH,
152 .param.hash = {
153 .data = &raw_data,
154 .hash = &hw_config_hash
155 }
156 }
157 }
158};
159
Sandrine Bailleux5ab8b712020-02-06 14:59:14 +0100[diff] [blame]160/* Trusted key certificate */
161static const auth_img_desc_t trusted_key_cert = {
162 .img_id = TRUSTED_KEY_CERT_ID,
163 .img_type = IMG_CERT,
164 .parent = NULL,
165 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
166 [0] = {
167 .type = AUTH_METHOD_SIG,
168 .param.sig = {
169 .pk = &subject_pk,
170 .sig = &sig,
171 .alg = &sig_alg,
172 .data = &raw_data
173 }
174 },
175 [1] = {
176 .type = AUTH_METHOD_NV_CTR,
177 .param.nv_ctr = {
178 .cert_nv_ctr = &trusted_nv_ctr,
179 .plat_nv_ctr = &trusted_nv_ctr
180 }
181 }
182 },
183 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
184 [0] = {
185 .type_desc = &trusted_world_pk,
186 .data = {
187 .ptr = (void *)trusted_world_pk_buf,
188 .len = (unsigned int)PK_DER_LEN
189 }
190 },
191 }
192};
193
194/* SCP Firmware */
195static const auth_img_desc_t scp_fw_key_cert = {
196 .img_id = SCP_FW_KEY_CERT_ID,
197 .img_type = IMG_CERT,
198 .parent = &trusted_key_cert,
199 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
200 [0] = {
201 .type = AUTH_METHOD_SIG,
202 .param.sig = {
203 .pk = &trusted_world_pk,
204 .sig = &sig,
205 .alg = &sig_alg,
206 .data = &raw_data
207 }
208 },
209 [1] = {
210 .type = AUTH_METHOD_NV_CTR,
211 .param.nv_ctr = {
212 .cert_nv_ctr = &trusted_nv_ctr,
213 .plat_nv_ctr = &trusted_nv_ctr
214 }
215 }
216 },
217 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
218 [0] = {
219 .type_desc = &scp_fw_content_pk,
220 .data = {
221 .ptr = (void *)content_pk_buf,
222 .len = (unsigned int)PK_DER_LEN
223 }
224 }
225 }
226};
227
228static const auth_img_desc_t scp_fw_content_cert = {
229 .img_id = SCP_FW_CONTENT_CERT_ID,
230 .img_type = IMG_CERT,
231 .parent = &scp_fw_key_cert,
232 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
233 [0] = {
234 .type = AUTH_METHOD_SIG,
235 .param.sig = {
236 .pk = &scp_fw_content_pk,
237 .sig = &sig,
238 .alg = &sig_alg,
239 .data = &raw_data
240 }
241 },
242 [1] = {
243 .type = AUTH_METHOD_NV_CTR,
244 .param.nv_ctr = {
245 .cert_nv_ctr = &trusted_nv_ctr,
246 .plat_nv_ctr = &trusted_nv_ctr
247 }
248 }
249 },
250 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
251 [0] = {
252 .type_desc = &scp_fw_hash,
253 .data = {
254 .ptr = (void *)scp_fw_hash_buf,
255 .len = (unsigned int)HASH_DER_LEN
256 }
257 }
258 }
259};
260
261static const auth_img_desc_t scp_bl2_image = {
262 .img_id = SCP_BL2_IMAGE_ID,
263 .img_type = IMG_RAW,
264 .parent = &scp_fw_content_cert,
265 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
266 [0] = {
267 .type = AUTH_METHOD_HASH,
268 .param.hash = {
269 .data = &raw_data,
270 .hash = &scp_fw_hash
271 }
272 }
273 }
274};
275
276/* SoC Firmware */
277static const auth_img_desc_t soc_fw_key_cert = {
278 .img_id = SOC_FW_KEY_CERT_ID,
279 .img_type = IMG_CERT,
280 .parent = &trusted_key_cert,
281 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
282 [0] = {
283 .type = AUTH_METHOD_SIG,
284 .param.sig = {
285 .pk = &trusted_world_pk,
286 .sig = &sig,
287 .alg = &sig_alg,
288 .data = &raw_data
289 }
290 },
291 [1] = {
292 .type = AUTH_METHOD_NV_CTR,
293 .param.nv_ctr = {
294 .cert_nv_ctr = &trusted_nv_ctr,
295 .plat_nv_ctr = &trusted_nv_ctr
296 }
297 }
298 },
299 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
300 [0] = {
301 .type_desc = &soc_fw_content_pk,
302 .data = {
303 .ptr = (void *)content_pk_buf,
304 .len = (unsigned int)PK_DER_LEN
305 }
306 }
307 }
308};
309
310static const auth_img_desc_t soc_fw_content_cert = {
311 .img_id = SOC_FW_CONTENT_CERT_ID,
312 .img_type = IMG_CERT,
313 .parent = &soc_fw_key_cert,
314 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
315 [0] = {
316 .type = AUTH_METHOD_SIG,
317 .param.sig = {
318 .pk = &soc_fw_content_pk,
319 .sig = &sig,
320 .alg = &sig_alg,
321 .data = &raw_data
322 }
323 },
324 [1] = {
325 .type = AUTH_METHOD_NV_CTR,
326 .param.nv_ctr = {
327 .cert_nv_ctr = &trusted_nv_ctr,
328 .plat_nv_ctr = &trusted_nv_ctr
329 }
330 }
331 },
332 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
333 [0] = {
334 .type_desc = &soc_fw_hash,
335 .data = {
336 .ptr = (void *)soc_fw_hash_buf,
337 .len = (unsigned int)HASH_DER_LEN
338 }
339 },
340 [1] = {
341 .type_desc = &soc_fw_config_hash,
342 .data = {
343 .ptr = (void *)soc_fw_config_hash_buf,
344 .len = (unsigned int)HASH_DER_LEN
345 }
346 }
347 }
348};
349
350static const auth_img_desc_t bl31_image = {
351 .img_id = BL31_IMAGE_ID,
352 .img_type = IMG_RAW,
353 .parent = &soc_fw_content_cert,
354 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
355 [0] = {
356 .type = AUTH_METHOD_HASH,
357 .param.hash = {
358 .data = &raw_data,
359 .hash = &soc_fw_hash
360 }
361 }
362 }
363};
364
365/* SOC FW Config */
366static const auth_img_desc_t soc_fw_config = {
367 .img_id = SOC_FW_CONFIG_ID,
368 .img_type = IMG_RAW,
369 .parent = &soc_fw_content_cert,
370 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
371 [0] = {
372 .type = AUTH_METHOD_HASH,
373 .param.hash = {
374 .data = &raw_data,
375 .hash = &soc_fw_config_hash
376 }
377 }
378 }
379};
380
381/* Trusted OS Firmware */
382static const auth_img_desc_t trusted_os_fw_key_cert = {
383 .img_id = TRUSTED_OS_FW_KEY_CERT_ID,
384 .img_type = IMG_CERT,
385 .parent = &trusted_key_cert,
386 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
387 [0] = {
388 .type = AUTH_METHOD_SIG,
389 .param.sig = {
390 .pk = &trusted_world_pk,
391 .sig = &sig,
392 .alg = &sig_alg,
393 .data = &raw_data
394 }
395 },
396 [1] = {
397 .type = AUTH_METHOD_NV_CTR,
398 .param.nv_ctr = {
399 .cert_nv_ctr = &trusted_nv_ctr,
400 .plat_nv_ctr = &trusted_nv_ctr
401 }
402 }
403 },
404 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
405 [0] = {
406 .type_desc = &tos_fw_content_pk,
407 .data = {
408 .ptr = (void *)content_pk_buf,
409 .len = (unsigned int)PK_DER_LEN
410 }
411 }
412 }
413};
414
415static const auth_img_desc_t trusted_os_fw_content_cert = {
416 .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
417 .img_type = IMG_CERT,
418 .parent = &trusted_os_fw_key_cert,
419 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
420 [0] = {
421 .type = AUTH_METHOD_SIG,
422 .param.sig = {
423 .pk = &tos_fw_content_pk,
424 .sig = &sig,
425 .alg = &sig_alg,
426 .data = &raw_data
427 }
428 },
429 [1] = {
430 .type = AUTH_METHOD_NV_CTR,
431 .param.nv_ctr = {
432 .cert_nv_ctr = &trusted_nv_ctr,
433 .plat_nv_ctr = &trusted_nv_ctr
434 }
435 }
436 },
437 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
438 [0] = {
439 .type_desc = &tos_fw_hash,
440 .data = {
441 .ptr = (void *)tos_fw_hash_buf,
442 .len = (unsigned int)HASH_DER_LEN
443 }
444 },
445 [1] = {
446 .type_desc = &tos_fw_extra1_hash,
447 .data = {
448 .ptr = (void *)tos_fw_extra1_hash_buf,
449 .len = (unsigned int)HASH_DER_LEN
450 }
451 },
452 [2] = {
453 .type_desc = &tos_fw_extra2_hash,
454 .data = {
455 .ptr = (void *)tos_fw_extra2_hash_buf,
456 .len = (unsigned int)HASH_DER_LEN
457 }
458 },
459 [3] = {
460 .type_desc = &tos_fw_config_hash,
461 .data = {
462 .ptr = (void *)tos_fw_config_hash_buf,
463 .len = (unsigned int)HASH_DER_LEN
464 }
465 }
466 }
467};
468
469static const auth_img_desc_t bl32_image = {
470 .img_id = BL32_IMAGE_ID,
471 .img_type = IMG_RAW,
472 .parent = &trusted_os_fw_content_cert,
473 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
474 [0] = {
475 .type = AUTH_METHOD_HASH,
476 .param.hash = {
477 .data = &raw_data,
478 .hash = &tos_fw_hash
479 }
480 }
481 }
482};
483
484static const auth_img_desc_t bl32_extra1_image = {
485 .img_id = BL32_EXTRA1_IMAGE_ID,
486 .img_type = IMG_RAW,
487 .parent = &trusted_os_fw_content_cert,
488 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
489 [0] = {
490 .type = AUTH_METHOD_HASH,
491 .param.hash = {
492 .data = &raw_data,
493 .hash = &tos_fw_extra1_hash
494 }
495 }
496 }
497};
498
499static const auth_img_desc_t bl32_extra2_image = {
500 .img_id = BL32_EXTRA2_IMAGE_ID,
501 .img_type = IMG_RAW,
502 .parent = &trusted_os_fw_content_cert,
503 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
504 [0] = {
505 .type = AUTH_METHOD_HASH,
506 .param.hash = {
507 .data = &raw_data,
508 .hash = &tos_fw_extra2_hash
509 }
510 }
511 }
512};
513
514/* TOS FW Config */
515static const auth_img_desc_t tos_fw_config = {
516 .img_id = TOS_FW_CONFIG_ID,
517 .img_type = IMG_RAW,
518 .parent = &trusted_os_fw_content_cert,
519 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
520 [0] = {
521 .type = AUTH_METHOD_HASH,
522 .param.hash = {
523 .data = &raw_data,
524 .hash = &tos_fw_config_hash
525 }
526 }
527 }
528};
529
530/* Non-Trusted Firmware */
531static const auth_img_desc_t non_trusted_fw_content_cert = {
532 .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
533 .img_type = IMG_CERT,
534 .parent = NULL, /* Root certificate. */
535 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
536 [0] = {
537 .type = AUTH_METHOD_SIG,
538 .param.sig = {
539 .pk = &prot_pk,
540 .sig = &sig,
541 .alg = &sig_alg,
542 .data = &raw_data
543 }
544 },
545 [1] = {
546 .type = AUTH_METHOD_NV_CTR,
547 .param.nv_ctr = {
548 .cert_nv_ctr = &non_trusted_nv_ctr,
549 .plat_nv_ctr = &non_trusted_nv_ctr
550 }
551 }
552 },
553 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
554 [0] = {
555 .type_desc = &nt_world_bl_hash,
556 .data = {
557 .ptr = (void *)nt_world_bl_hash_buf,
558 .len = (unsigned int)HASH_DER_LEN
559 }
560 },
561 [1] = {
562 .type_desc = &nt_fw_config_hash,
563 .data = {
564 .ptr = (void *)nt_fw_config_hash_buf,
565 .len = (unsigned int)HASH_DER_LEN
566 }
567 }
568 }
569};
570
571static const auth_img_desc_t bl33_image = {
572 .img_id = BL33_IMAGE_ID,
573 .img_type = IMG_RAW,
574 .parent = &non_trusted_fw_content_cert,
575 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
576 [0] = {
577 .type = AUTH_METHOD_HASH,
578 .param.hash = {
579 .data = &raw_data,
580 .hash = &nt_world_bl_hash
581 }
582 }
583 }
584};
585
586/* NT FW Config */
587static const auth_img_desc_t nt_fw_config = {
588 .img_id = NT_FW_CONFIG_ID,
589 .img_type = IMG_RAW,
590 .parent = &non_trusted_fw_content_cert,
591 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
592 [0] = {
593 .type = AUTH_METHOD_HASH,
594 .param.hash = {
595 .data = &raw_data,
596 .hash = &nt_fw_config_hash
597 }
598 }
599 }
600};
601
Manish Pandey44f1aa82020-05-27 22:40:10 +0100[diff] [blame]602/*
603 * Secure Partitions
604 */
605#if defined(SPD_spmd)
Manish Pandey03a52252020-07-23 16:54:30 +0100[diff] [blame]606static const auth_img_desc_t sip_sp_content_cert = {
607 .img_id = SIP_SP_CONTENT_CERT_ID,
Manish Pandey44f1aa82020-05-27 22:40:10 +0100[diff] [blame]608 .img_type = IMG_CERT,
609 .parent = &trusted_key_cert,
610 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
611 [0] = {
612 .type = AUTH_METHOD_SIG,
613 .param.sig = {
614 .pk = &trusted_world_pk,
615 .sig = &sig,
616 .alg = &sig_alg,
617 .data = &raw_data
618 }
619 },
620 [1] = {
621 .type = AUTH_METHOD_NV_CTR,
622 .param.nv_ctr = {
623 .cert_nv_ctr = &trusted_nv_ctr,
624 .plat_nv_ctr = &trusted_nv_ctr
625 }
626 }
627 },
628 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
629 [0] = {
630 .type_desc = &sp_pkg1_hash,
631 .data = {
632 .ptr = (void *)sp_pkg_hash_buf[0],
633 .len = (unsigned int)HASH_DER_LEN
634 }
635 },
636 [1] = {
637 .type_desc = &sp_pkg2_hash,
638 .data = {
639 .ptr = (void *)sp_pkg_hash_buf[1],
640 .len = (unsigned int)HASH_DER_LEN
641 }
642 },
643 [2] = {
644 .type_desc = &sp_pkg3_hash,
645 .data = {
646 .ptr = (void *)sp_pkg_hash_buf[2],
647 .len = (unsigned int)HASH_DER_LEN
648 }
649 },
650 [3] = {
651 .type_desc = &sp_pkg4_hash,
652 .data = {
653 .ptr = (void *)sp_pkg_hash_buf[3],
654 .len = (unsigned int)HASH_DER_LEN
655 }
Manish Pandey29474122020-07-31 16:25:17 +0100[diff] [blame]656 }
657 }
658};
659
660DEFINE_SIP_SP_PKG(1);
661DEFINE_SIP_SP_PKG(2);
662DEFINE_SIP_SP_PKG(3);
663DEFINE_SIP_SP_PKG(4);
664
665static const auth_img_desc_t plat_sp_content_cert = {
666 .img_id = PLAT_SP_CONTENT_CERT_ID,
667 .img_type = IMG_CERT,
668 .parent = NULL,
669 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
670 [0] = {
671 .type = AUTH_METHOD_SIG,
672 .param.sig = {
673 .pk = &prot_pk,
674 .sig = &sig,
675 .alg = &sig_alg,
676 .data = &raw_data
677 }
Manish Pandey44f1aa82020-05-27 22:40:10 +0100[diff] [blame]678 },
Manish Pandey29474122020-07-31 16:25:17 +0100[diff] [blame]679 [1] = {
680 .type = AUTH_METHOD_NV_CTR,
681 .param.nv_ctr = {
682 .cert_nv_ctr = &non_trusted_nv_ctr,
683 .plat_nv_ctr = &non_trusted_nv_ctr
684 }
685 }
686 },
687 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
688 [0] = {
Manish Pandey44f1aa82020-05-27 22:40:10 +0100[diff] [blame]689 .type_desc = &sp_pkg5_hash,
690 .data = {
691 .ptr = (void *)sp_pkg_hash_buf[4],
692 .len = (unsigned int)HASH_DER_LEN
693 }
694 },
Manish Pandey29474122020-07-31 16:25:17 +0100[diff] [blame]695 [1] = {
Manish Pandey44f1aa82020-05-27 22:40:10 +0100[diff] [blame]696 .type_desc = &sp_pkg6_hash,
697 .data = {
698 .ptr = (void *)sp_pkg_hash_buf[5],
699 .len = (unsigned int)HASH_DER_LEN
700 }
701 },
Manish Pandey29474122020-07-31 16:25:17 +0100[diff] [blame]702 [2] = {
Manish Pandey44f1aa82020-05-27 22:40:10 +0100[diff] [blame]703 .type_desc = &sp_pkg7_hash,
704 .data = {
705 .ptr = (void *)sp_pkg_hash_buf[6],
706 .len = (unsigned int)HASH_DER_LEN
707 }
708 },
Manish Pandey29474122020-07-31 16:25:17 +0100[diff] [blame]709 [3] = {
Manish Pandey44f1aa82020-05-27 22:40:10 +0100[diff] [blame]710 .type_desc = &sp_pkg8_hash,
711 .data = {
712 .ptr = (void *)sp_pkg_hash_buf[7],
713 .len = (unsigned int)HASH_DER_LEN
714 }
715 }
716 }
717};
718
Manish Pandey29474122020-07-31 16:25:17 +0100[diff] [blame]719DEFINE_PLAT_SP_PKG(5);
720DEFINE_PLAT_SP_PKG(6);
721DEFINE_PLAT_SP_PKG(7);
722DEFINE_PLAT_SP_PKG(8);
Manish Pandey44f1aa82020-05-27 22:40:10 +0100[diff] [blame]723#endif /* SPD_spmd */
724
Sandrine Bailleux5ab8b712020-02-06 14:59:14 +0100[diff] [blame]725/*
726 * Chain of trust definition
727 */
Sandrine Bailleux5ab8b712020-02-06 14:59:14 +0100[diff] [blame]728static const auth_img_desc_t * const cot_desc[] = {
729 [TRUSTED_BOOT_FW_CERT_ID] = &trusted_boot_fw_cert,
730 [HW_CONFIG_ID] = &hw_config,
731 [TRUSTED_KEY_CERT_ID] = &trusted_key_cert,
732 [SCP_FW_KEY_CERT_ID] = &scp_fw_key_cert,
733 [SCP_FW_CONTENT_CERT_ID] = &scp_fw_content_cert,
734 [SCP_BL2_IMAGE_ID] = &scp_bl2_image,
735 [SOC_FW_KEY_CERT_ID] = &soc_fw_key_cert,
736 [SOC_FW_CONTENT_CERT_ID] = &soc_fw_content_cert,
737 [BL31_IMAGE_ID] = &bl31_image,
738 [SOC_FW_CONFIG_ID] = &soc_fw_config,
739 [TRUSTED_OS_FW_KEY_CERT_ID] = &trusted_os_fw_key_cert,
740 [TRUSTED_OS_FW_CONTENT_CERT_ID] = &trusted_os_fw_content_cert,
741 [BL32_IMAGE_ID] = &bl32_image,
742 [BL32_EXTRA1_IMAGE_ID] = &bl32_extra1_image,
743 [BL32_EXTRA2_IMAGE_ID] = &bl32_extra2_image,
744 [TOS_FW_CONFIG_ID] = &tos_fw_config,
745 [NON_TRUSTED_FW_CONTENT_CERT_ID] = &non_trusted_fw_content_cert,
746 [BL33_IMAGE_ID] = &bl33_image,
747 [NT_FW_CONFIG_ID] = &nt_fw_config,
Manish Pandey44f1aa82020-05-27 22:40:10 +0100[diff] [blame]748#if defined(SPD_spmd)
Manish Pandey03a52252020-07-23 16:54:30 +0100[diff] [blame]749 [SIP_SP_CONTENT_CERT_ID] = &sip_sp_content_cert,
Manish Pandey29474122020-07-31 16:25:17 +0100[diff] [blame]750 [PLAT_SP_CONTENT_CERT_ID] = &plat_sp_content_cert,
Manish Pandey03a52252020-07-23 16:54:30 +0100[diff] [blame]751 [SP_PKG1_ID] = &sp_pkg1,
752 [SP_PKG2_ID] = &sp_pkg2,
753 [SP_PKG3_ID] = &sp_pkg3,
754 [SP_PKG4_ID] = &sp_pkg4,
755 [SP_PKG5_ID] = &sp_pkg5,
756 [SP_PKG6_ID] = &sp_pkg6,
757 [SP_PKG7_ID] = &sp_pkg7,
758 [SP_PKG8_ID] = &sp_pkg8,
Manish Pandey44f1aa82020-05-27 22:40:10 +0100[diff] [blame]759#endif
Sandrine Bailleux5ab8b712020-02-06 14:59:14 +0100[diff] [blame]760};
Sandrine Bailleux5ab8b712020-02-06 14:59:14 +0100[diff] [blame]761
762/* Register the CoT in the authentication module */
763REGISTER_COT(cot_desc);