1*54fd6939SJiyong Park /* 2*54fd6939SJiyong Park * Copyright (c) 2020, Arm Limited. All rights reserved. 3*54fd6939SJiyong Park * 4*54fd6939SJiyong Park * SPDX-License-Identifier: BSD-3-Clause 5*54fd6939SJiyong Park */ 6*54fd6939SJiyong Park 7*54fd6939SJiyong Park #include <stddef.h> 8*54fd6939SJiyong Park 9*54fd6939SJiyong Park #include <platform_def.h> 10*54fd6939SJiyong Park 11*54fd6939SJiyong Park #include <drivers/auth/mbedtls/mbedtls_config.h> 12*54fd6939SJiyong Park #include <drivers/auth/auth_mod.h> 13*54fd6939SJiyong Park #include <tools_share/dualroot_oid.h> 14*54fd6939SJiyong Park 15*54fd6939SJiyong Park /* 16*54fd6939SJiyong Park * Allocate static buffers to store the authentication parameters extracted from 17*54fd6939SJiyong Park * the certificates. 18*54fd6939SJiyong Park */ 19*54fd6939SJiyong Park static unsigned char fw_config_hash_buf[HASH_DER_LEN]; 20*54fd6939SJiyong Park static unsigned char tb_fw_hash_buf[HASH_DER_LEN]; 21*54fd6939SJiyong Park static unsigned char tb_fw_config_hash_buf[HASH_DER_LEN]; 22*54fd6939SJiyong Park static unsigned char hw_config_hash_buf[HASH_DER_LEN]; 23*54fd6939SJiyong Park static unsigned char scp_fw_hash_buf[HASH_DER_LEN]; 24*54fd6939SJiyong Park static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN]; 25*54fd6939SJiyong Park 26*54fd6939SJiyong Park #ifdef IMAGE_BL2 27*54fd6939SJiyong Park static unsigned char soc_fw_hash_buf[HASH_DER_LEN]; 28*54fd6939SJiyong Park static unsigned char tos_fw_hash_buf[HASH_DER_LEN]; 29*54fd6939SJiyong Park static unsigned char tos_fw_extra1_hash_buf[HASH_DER_LEN]; 30*54fd6939SJiyong Park static unsigned char tos_fw_extra2_hash_buf[HASH_DER_LEN]; 31*54fd6939SJiyong Park static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN]; 32*54fd6939SJiyong Park static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN]; 33*54fd6939SJiyong Park static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN]; 34*54fd6939SJiyong Park #if defined(SPD_spmd) 35*54fd6939SJiyong Park static unsigned char sp_pkg_hash_buf[MAX_SP_IDS][HASH_DER_LEN]; 36*54fd6939SJiyong Park #endif /* SPD_spmd */ 37*54fd6939SJiyong Park 38*54fd6939SJiyong Park static unsigned char trusted_world_pk_buf[PK_DER_LEN]; 39*54fd6939SJiyong Park static unsigned char content_pk_buf[PK_DER_LEN]; 40*54fd6939SJiyong Park #endif 41*54fd6939SJiyong Park 42*54fd6939SJiyong Park /* 43*54fd6939SJiyong Park * Parameter type descriptors. 44*54fd6939SJiyong Park */ 45*54fd6939SJiyong Park static auth_param_type_desc_t trusted_nv_ctr = AUTH_PARAM_TYPE_DESC( 46*54fd6939SJiyong Park AUTH_PARAM_NV_CTR, TRUSTED_FW_NVCOUNTER_OID); 47*54fd6939SJiyong Park static auth_param_type_desc_t subject_pk = AUTH_PARAM_TYPE_DESC( 48*54fd6939SJiyong Park AUTH_PARAM_PUB_KEY, 0); 49*54fd6939SJiyong Park static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC( 50*54fd6939SJiyong Park AUTH_PARAM_SIG, 0); 51*54fd6939SJiyong Park static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC( 52*54fd6939SJiyong Park AUTH_PARAM_SIG_ALG, 0); 53*54fd6939SJiyong Park static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC( 54*54fd6939SJiyong Park AUTH_PARAM_RAW_DATA, 0); 55*54fd6939SJiyong Park 56*54fd6939SJiyong Park static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC( 57*54fd6939SJiyong Park AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID); 58*54fd6939SJiyong Park static auth_param_type_desc_t tb_fw_config_hash = AUTH_PARAM_TYPE_DESC( 59*54fd6939SJiyong Park AUTH_PARAM_HASH, TRUSTED_BOOT_FW_CONFIG_HASH_OID); 60*54fd6939SJiyong Park static auth_param_type_desc_t hw_config_hash = AUTH_PARAM_TYPE_DESC( 61*54fd6939SJiyong Park AUTH_PARAM_HASH, HW_CONFIG_HASH_OID); 62*54fd6939SJiyong Park static auth_param_type_desc_t fw_config_hash = AUTH_PARAM_TYPE_DESC( 63*54fd6939SJiyong Park AUTH_PARAM_HASH, FW_CONFIG_HASH_OID); 64*54fd6939SJiyong Park #ifdef IMAGE_BL1 65*54fd6939SJiyong Park static auth_param_type_desc_t scp_bl2u_hash = AUTH_PARAM_TYPE_DESC( 66*54fd6939SJiyong Park AUTH_PARAM_HASH, SCP_FWU_CFG_HASH_OID); 67*54fd6939SJiyong Park static auth_param_type_desc_t bl2u_hash = AUTH_PARAM_TYPE_DESC( 68*54fd6939SJiyong Park AUTH_PARAM_HASH, AP_FWU_CFG_HASH_OID); 69*54fd6939SJiyong Park static auth_param_type_desc_t ns_bl2u_hash = AUTH_PARAM_TYPE_DESC( 70*54fd6939SJiyong Park AUTH_PARAM_HASH, FWU_HASH_OID); 71*54fd6939SJiyong Park #endif /* IMAGE_BL1 */ 72*54fd6939SJiyong Park 73*54fd6939SJiyong Park #ifdef IMAGE_BL2 74*54fd6939SJiyong Park static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC( 75*54fd6939SJiyong Park AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID); 76*54fd6939SJiyong Park 77*54fd6939SJiyong Park static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC( 78*54fd6939SJiyong Park AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID); 79*54fd6939SJiyong Park static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC( 80*54fd6939SJiyong Park AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID); 81*54fd6939SJiyong Park static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC( 82*54fd6939SJiyong Park AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID); 83*54fd6939SJiyong Park static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC( 84*54fd6939SJiyong Park AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID); 85*54fd6939SJiyong Park static auth_param_type_desc_t prot_pk = AUTH_PARAM_TYPE_DESC( 86*54fd6939SJiyong Park AUTH_PARAM_PUB_KEY, PROT_PK_OID); 87*54fd6939SJiyong Park 88*54fd6939SJiyong Park static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC( 89*54fd6939SJiyong Park AUTH_PARAM_HASH, SCP_FW_HASH_OID); 90*54fd6939SJiyong Park static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC( 91*54fd6939SJiyong Park AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID); 92*54fd6939SJiyong Park static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC( 93*54fd6939SJiyong Park AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID); 94*54fd6939SJiyong Park static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC( 95*54fd6939SJiyong Park AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID); 96*54fd6939SJiyong Park static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC( 97*54fd6939SJiyong Park AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID); 98*54fd6939SJiyong Park static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC( 99*54fd6939SJiyong Park AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID); 100*54fd6939SJiyong Park static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC( 101*54fd6939SJiyong Park AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID); 102*54fd6939SJiyong Park static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC( 103*54fd6939SJiyong Park AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID); 104*54fd6939SJiyong Park static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC( 105*54fd6939SJiyong Park AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID); 106*54fd6939SJiyong Park #if defined(SPD_spmd) 107*54fd6939SJiyong Park static auth_param_type_desc_t sp_pkg1_hash = AUTH_PARAM_TYPE_DESC( 108*54fd6939SJiyong Park AUTH_PARAM_HASH, SP_PKG1_HASH_OID); 109*54fd6939SJiyong Park static auth_param_type_desc_t sp_pkg2_hash = AUTH_PARAM_TYPE_DESC( 110*54fd6939SJiyong Park AUTH_PARAM_HASH, SP_PKG2_HASH_OID); 111*54fd6939SJiyong Park static auth_param_type_desc_t sp_pkg3_hash = AUTH_PARAM_TYPE_DESC( 112*54fd6939SJiyong Park AUTH_PARAM_HASH, SP_PKG3_HASH_OID); 113*54fd6939SJiyong Park static auth_param_type_desc_t sp_pkg4_hash = AUTH_PARAM_TYPE_DESC( 114*54fd6939SJiyong Park AUTH_PARAM_HASH, SP_PKG4_HASH_OID); 115*54fd6939SJiyong Park static auth_param_type_desc_t sp_pkg5_hash = AUTH_PARAM_TYPE_DESC( 116*54fd6939SJiyong Park AUTH_PARAM_HASH, SP_PKG5_HASH_OID); 117*54fd6939SJiyong Park static auth_param_type_desc_t sp_pkg6_hash = AUTH_PARAM_TYPE_DESC( 118*54fd6939SJiyong Park AUTH_PARAM_HASH, SP_PKG6_HASH_OID); 119*54fd6939SJiyong Park static auth_param_type_desc_t sp_pkg7_hash = AUTH_PARAM_TYPE_DESC( 120*54fd6939SJiyong Park AUTH_PARAM_HASH, SP_PKG7_HASH_OID); 121*54fd6939SJiyong Park static auth_param_type_desc_t sp_pkg8_hash = AUTH_PARAM_TYPE_DESC( 122*54fd6939SJiyong Park AUTH_PARAM_HASH, SP_PKG8_HASH_OID); 123*54fd6939SJiyong Park #endif /* SPD_spmd */ 124*54fd6939SJiyong Park #endif /* IMAGE_BL2 */ 125*54fd6939SJiyong Park 126*54fd6939SJiyong Park 127*54fd6939SJiyong Park /* BL2 */ 128*54fd6939SJiyong Park static const auth_img_desc_t trusted_boot_fw_cert = { 129*54fd6939SJiyong Park .img_id = TRUSTED_BOOT_FW_CERT_ID, 130*54fd6939SJiyong Park .img_type = IMG_CERT, 131*54fd6939SJiyong Park .parent = NULL, 132*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 133*54fd6939SJiyong Park [0] = { 134*54fd6939SJiyong Park .type = AUTH_METHOD_SIG, 135*54fd6939SJiyong Park .param.sig = { 136*54fd6939SJiyong Park .pk = &subject_pk, 137*54fd6939SJiyong Park .sig = &sig, 138*54fd6939SJiyong Park .alg = &sig_alg, 139*54fd6939SJiyong Park .data = &raw_data 140*54fd6939SJiyong Park } 141*54fd6939SJiyong Park }, 142*54fd6939SJiyong Park [1] = { 143*54fd6939SJiyong Park .type = AUTH_METHOD_NV_CTR, 144*54fd6939SJiyong Park .param.nv_ctr = { 145*54fd6939SJiyong Park .cert_nv_ctr = &trusted_nv_ctr, 146*54fd6939SJiyong Park .plat_nv_ctr = &trusted_nv_ctr 147*54fd6939SJiyong Park } 148*54fd6939SJiyong Park } 149*54fd6939SJiyong Park }, 150*54fd6939SJiyong Park .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 151*54fd6939SJiyong Park [0] = { 152*54fd6939SJiyong Park .type_desc = &tb_fw_hash, 153*54fd6939SJiyong Park .data = { 154*54fd6939SJiyong Park .ptr = (void *)tb_fw_hash_buf, 155*54fd6939SJiyong Park .len = (unsigned int)HASH_DER_LEN 156*54fd6939SJiyong Park } 157*54fd6939SJiyong Park }, 158*54fd6939SJiyong Park [1] = { 159*54fd6939SJiyong Park .type_desc = &tb_fw_config_hash, 160*54fd6939SJiyong Park .data = { 161*54fd6939SJiyong Park .ptr = (void *)tb_fw_config_hash_buf, 162*54fd6939SJiyong Park .len = (unsigned int)HASH_DER_LEN 163*54fd6939SJiyong Park } 164*54fd6939SJiyong Park }, 165*54fd6939SJiyong Park [2] = { 166*54fd6939SJiyong Park .type_desc = &hw_config_hash, 167*54fd6939SJiyong Park .data = { 168*54fd6939SJiyong Park .ptr = (void *)hw_config_hash_buf, 169*54fd6939SJiyong Park .len = (unsigned int)HASH_DER_LEN 170*54fd6939SJiyong Park } 171*54fd6939SJiyong Park }, 172*54fd6939SJiyong Park [3] = { 173*54fd6939SJiyong Park .type_desc = &fw_config_hash, 174*54fd6939SJiyong Park .data = { 175*54fd6939SJiyong Park .ptr = (void *)fw_config_hash_buf, 176*54fd6939SJiyong Park .len = (unsigned int)HASH_DER_LEN 177*54fd6939SJiyong Park } 178*54fd6939SJiyong Park } 179*54fd6939SJiyong Park } 180*54fd6939SJiyong Park }; 181*54fd6939SJiyong Park 182*54fd6939SJiyong Park #ifdef IMAGE_BL1 183*54fd6939SJiyong Park static const auth_img_desc_t bl2_image = { 184*54fd6939SJiyong Park .img_id = BL2_IMAGE_ID, 185*54fd6939SJiyong Park .img_type = IMG_RAW, 186*54fd6939SJiyong Park .parent = &trusted_boot_fw_cert, 187*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 188*54fd6939SJiyong Park [0] = { 189*54fd6939SJiyong Park .type = AUTH_METHOD_HASH, 190*54fd6939SJiyong Park .param.hash = { 191*54fd6939SJiyong Park .data = &raw_data, 192*54fd6939SJiyong Park .hash = &tb_fw_hash 193*54fd6939SJiyong Park } 194*54fd6939SJiyong Park } 195*54fd6939SJiyong Park } 196*54fd6939SJiyong Park }; 197*54fd6939SJiyong Park #endif /* IMAGE_BL1 */ 198*54fd6939SJiyong Park 199*54fd6939SJiyong Park /* HW Config */ 200*54fd6939SJiyong Park static const auth_img_desc_t hw_config = { 201*54fd6939SJiyong Park .img_id = HW_CONFIG_ID, 202*54fd6939SJiyong Park .img_type = IMG_RAW, 203*54fd6939SJiyong Park .parent = &trusted_boot_fw_cert, 204*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 205*54fd6939SJiyong Park [0] = { 206*54fd6939SJiyong Park .type = AUTH_METHOD_HASH, 207*54fd6939SJiyong Park .param.hash = { 208*54fd6939SJiyong Park .data = &raw_data, 209*54fd6939SJiyong Park .hash = &hw_config_hash 210*54fd6939SJiyong Park } 211*54fd6939SJiyong Park } 212*54fd6939SJiyong Park } 213*54fd6939SJiyong Park }; 214*54fd6939SJiyong Park 215*54fd6939SJiyong Park /* TB FW Config */ 216*54fd6939SJiyong Park #ifdef IMAGE_BL1 217*54fd6939SJiyong Park static const auth_img_desc_t tb_fw_config = { 218*54fd6939SJiyong Park .img_id = TB_FW_CONFIG_ID, 219*54fd6939SJiyong Park .img_type = IMG_RAW, 220*54fd6939SJiyong Park .parent = &trusted_boot_fw_cert, 221*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 222*54fd6939SJiyong Park [0] = { 223*54fd6939SJiyong Park .type = AUTH_METHOD_HASH, 224*54fd6939SJiyong Park .param.hash = { 225*54fd6939SJiyong Park .data = &raw_data, 226*54fd6939SJiyong Park .hash = &tb_fw_config_hash 227*54fd6939SJiyong Park } 228*54fd6939SJiyong Park } 229*54fd6939SJiyong Park } 230*54fd6939SJiyong Park }; 231*54fd6939SJiyong Park 232*54fd6939SJiyong Park static const auth_img_desc_t fw_config = { 233*54fd6939SJiyong Park .img_id = FW_CONFIG_ID, 234*54fd6939SJiyong Park .img_type = IMG_RAW, 235*54fd6939SJiyong Park .parent = &trusted_boot_fw_cert, 236*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 237*54fd6939SJiyong Park [0] = { 238*54fd6939SJiyong Park .type = AUTH_METHOD_HASH, 239*54fd6939SJiyong Park .param.hash = { 240*54fd6939SJiyong Park .data = &raw_data, 241*54fd6939SJiyong Park .hash = &fw_config_hash 242*54fd6939SJiyong Park } 243*54fd6939SJiyong Park } 244*54fd6939SJiyong Park } 245*54fd6939SJiyong Park }; 246*54fd6939SJiyong Park 247*54fd6939SJiyong Park #endif /* IMAGE_BL1 */ 248*54fd6939SJiyong Park 249*54fd6939SJiyong Park #ifdef IMAGE_BL2 250*54fd6939SJiyong Park /* Trusted key certificate */ 251*54fd6939SJiyong Park static const auth_img_desc_t trusted_key_cert = { 252*54fd6939SJiyong Park .img_id = TRUSTED_KEY_CERT_ID, 253*54fd6939SJiyong Park .img_type = IMG_CERT, 254*54fd6939SJiyong Park .parent = NULL, 255*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 256*54fd6939SJiyong Park [0] = { 257*54fd6939SJiyong Park .type = AUTH_METHOD_SIG, 258*54fd6939SJiyong Park .param.sig = { 259*54fd6939SJiyong Park .pk = &subject_pk, 260*54fd6939SJiyong Park .sig = &sig, 261*54fd6939SJiyong Park .alg = &sig_alg, 262*54fd6939SJiyong Park .data = &raw_data 263*54fd6939SJiyong Park } 264*54fd6939SJiyong Park }, 265*54fd6939SJiyong Park [1] = { 266*54fd6939SJiyong Park .type = AUTH_METHOD_NV_CTR, 267*54fd6939SJiyong Park .param.nv_ctr = { 268*54fd6939SJiyong Park .cert_nv_ctr = &trusted_nv_ctr, 269*54fd6939SJiyong Park .plat_nv_ctr = &trusted_nv_ctr 270*54fd6939SJiyong Park } 271*54fd6939SJiyong Park } 272*54fd6939SJiyong Park }, 273*54fd6939SJiyong Park .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 274*54fd6939SJiyong Park [0] = { 275*54fd6939SJiyong Park .type_desc = &trusted_world_pk, 276*54fd6939SJiyong Park .data = { 277*54fd6939SJiyong Park .ptr = (void *)trusted_world_pk_buf, 278*54fd6939SJiyong Park .len = (unsigned int)PK_DER_LEN 279*54fd6939SJiyong Park } 280*54fd6939SJiyong Park }, 281*54fd6939SJiyong Park } 282*54fd6939SJiyong Park }; 283*54fd6939SJiyong Park 284*54fd6939SJiyong Park /* SCP Firmware */ 285*54fd6939SJiyong Park static const auth_img_desc_t scp_fw_key_cert = { 286*54fd6939SJiyong Park .img_id = SCP_FW_KEY_CERT_ID, 287*54fd6939SJiyong Park .img_type = IMG_CERT, 288*54fd6939SJiyong Park .parent = &trusted_key_cert, 289*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 290*54fd6939SJiyong Park [0] = { 291*54fd6939SJiyong Park .type = AUTH_METHOD_SIG, 292*54fd6939SJiyong Park .param.sig = { 293*54fd6939SJiyong Park .pk = &trusted_world_pk, 294*54fd6939SJiyong Park .sig = &sig, 295*54fd6939SJiyong Park .alg = &sig_alg, 296*54fd6939SJiyong Park .data = &raw_data 297*54fd6939SJiyong Park } 298*54fd6939SJiyong Park }, 299*54fd6939SJiyong Park [1] = { 300*54fd6939SJiyong Park .type = AUTH_METHOD_NV_CTR, 301*54fd6939SJiyong Park .param.nv_ctr = { 302*54fd6939SJiyong Park .cert_nv_ctr = &trusted_nv_ctr, 303*54fd6939SJiyong Park .plat_nv_ctr = &trusted_nv_ctr 304*54fd6939SJiyong Park } 305*54fd6939SJiyong Park } 306*54fd6939SJiyong Park }, 307*54fd6939SJiyong Park .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 308*54fd6939SJiyong Park [0] = { 309*54fd6939SJiyong Park .type_desc = &scp_fw_content_pk, 310*54fd6939SJiyong Park .data = { 311*54fd6939SJiyong Park .ptr = (void *)content_pk_buf, 312*54fd6939SJiyong Park .len = (unsigned int)PK_DER_LEN 313*54fd6939SJiyong Park } 314*54fd6939SJiyong Park } 315*54fd6939SJiyong Park } 316*54fd6939SJiyong Park }; 317*54fd6939SJiyong Park 318*54fd6939SJiyong Park static const auth_img_desc_t scp_fw_content_cert = { 319*54fd6939SJiyong Park .img_id = SCP_FW_CONTENT_CERT_ID, 320*54fd6939SJiyong Park .img_type = IMG_CERT, 321*54fd6939SJiyong Park .parent = &scp_fw_key_cert, 322*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 323*54fd6939SJiyong Park [0] = { 324*54fd6939SJiyong Park .type = AUTH_METHOD_SIG, 325*54fd6939SJiyong Park .param.sig = { 326*54fd6939SJiyong Park .pk = &scp_fw_content_pk, 327*54fd6939SJiyong Park .sig = &sig, 328*54fd6939SJiyong Park .alg = &sig_alg, 329*54fd6939SJiyong Park .data = &raw_data 330*54fd6939SJiyong Park } 331*54fd6939SJiyong Park }, 332*54fd6939SJiyong Park [1] = { 333*54fd6939SJiyong Park .type = AUTH_METHOD_NV_CTR, 334*54fd6939SJiyong Park .param.nv_ctr = { 335*54fd6939SJiyong Park .cert_nv_ctr = &trusted_nv_ctr, 336*54fd6939SJiyong Park .plat_nv_ctr = &trusted_nv_ctr 337*54fd6939SJiyong Park } 338*54fd6939SJiyong Park } 339*54fd6939SJiyong Park }, 340*54fd6939SJiyong Park .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 341*54fd6939SJiyong Park [0] = { 342*54fd6939SJiyong Park .type_desc = &scp_fw_hash, 343*54fd6939SJiyong Park .data = { 344*54fd6939SJiyong Park .ptr = (void *)scp_fw_hash_buf, 345*54fd6939SJiyong Park .len = (unsigned int)HASH_DER_LEN 346*54fd6939SJiyong Park } 347*54fd6939SJiyong Park } 348*54fd6939SJiyong Park } 349*54fd6939SJiyong Park }; 350*54fd6939SJiyong Park 351*54fd6939SJiyong Park static const auth_img_desc_t scp_bl2_image = { 352*54fd6939SJiyong Park .img_id = SCP_BL2_IMAGE_ID, 353*54fd6939SJiyong Park .img_type = IMG_RAW, 354*54fd6939SJiyong Park .parent = &scp_fw_content_cert, 355*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 356*54fd6939SJiyong Park [0] = { 357*54fd6939SJiyong Park .type = AUTH_METHOD_HASH, 358*54fd6939SJiyong Park .param.hash = { 359*54fd6939SJiyong Park .data = &raw_data, 360*54fd6939SJiyong Park .hash = &scp_fw_hash 361*54fd6939SJiyong Park } 362*54fd6939SJiyong Park } 363*54fd6939SJiyong Park } 364*54fd6939SJiyong Park }; 365*54fd6939SJiyong Park 366*54fd6939SJiyong Park /* SoC Firmware */ 367*54fd6939SJiyong Park static const auth_img_desc_t soc_fw_key_cert = { 368*54fd6939SJiyong Park .img_id = SOC_FW_KEY_CERT_ID, 369*54fd6939SJiyong Park .img_type = IMG_CERT, 370*54fd6939SJiyong Park .parent = &trusted_key_cert, 371*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 372*54fd6939SJiyong Park [0] = { 373*54fd6939SJiyong Park .type = AUTH_METHOD_SIG, 374*54fd6939SJiyong Park .param.sig = { 375*54fd6939SJiyong Park .pk = &trusted_world_pk, 376*54fd6939SJiyong Park .sig = &sig, 377*54fd6939SJiyong Park .alg = &sig_alg, 378*54fd6939SJiyong Park .data = &raw_data 379*54fd6939SJiyong Park } 380*54fd6939SJiyong Park }, 381*54fd6939SJiyong Park [1] = { 382*54fd6939SJiyong Park .type = AUTH_METHOD_NV_CTR, 383*54fd6939SJiyong Park .param.nv_ctr = { 384*54fd6939SJiyong Park .cert_nv_ctr = &trusted_nv_ctr, 385*54fd6939SJiyong Park .plat_nv_ctr = &trusted_nv_ctr 386*54fd6939SJiyong Park } 387*54fd6939SJiyong Park } 388*54fd6939SJiyong Park }, 389*54fd6939SJiyong Park .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 390*54fd6939SJiyong Park [0] = { 391*54fd6939SJiyong Park .type_desc = &soc_fw_content_pk, 392*54fd6939SJiyong Park .data = { 393*54fd6939SJiyong Park .ptr = (void *)content_pk_buf, 394*54fd6939SJiyong Park .len = (unsigned int)PK_DER_LEN 395*54fd6939SJiyong Park } 396*54fd6939SJiyong Park } 397*54fd6939SJiyong Park } 398*54fd6939SJiyong Park }; 399*54fd6939SJiyong Park 400*54fd6939SJiyong Park static const auth_img_desc_t soc_fw_content_cert = { 401*54fd6939SJiyong Park .img_id = SOC_FW_CONTENT_CERT_ID, 402*54fd6939SJiyong Park .img_type = IMG_CERT, 403*54fd6939SJiyong Park .parent = &soc_fw_key_cert, 404*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 405*54fd6939SJiyong Park [0] = { 406*54fd6939SJiyong Park .type = AUTH_METHOD_SIG, 407*54fd6939SJiyong Park .param.sig = { 408*54fd6939SJiyong Park .pk = &soc_fw_content_pk, 409*54fd6939SJiyong Park .sig = &sig, 410*54fd6939SJiyong Park .alg = &sig_alg, 411*54fd6939SJiyong Park .data = &raw_data 412*54fd6939SJiyong Park } 413*54fd6939SJiyong Park }, 414*54fd6939SJiyong Park [1] = { 415*54fd6939SJiyong Park .type = AUTH_METHOD_NV_CTR, 416*54fd6939SJiyong Park .param.nv_ctr = { 417*54fd6939SJiyong Park .cert_nv_ctr = &trusted_nv_ctr, 418*54fd6939SJiyong Park .plat_nv_ctr = &trusted_nv_ctr 419*54fd6939SJiyong Park } 420*54fd6939SJiyong Park } 421*54fd6939SJiyong Park }, 422*54fd6939SJiyong Park .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 423*54fd6939SJiyong Park [0] = { 424*54fd6939SJiyong Park .type_desc = &soc_fw_hash, 425*54fd6939SJiyong Park .data = { 426*54fd6939SJiyong Park .ptr = (void *)soc_fw_hash_buf, 427*54fd6939SJiyong Park .len = (unsigned int)HASH_DER_LEN 428*54fd6939SJiyong Park } 429*54fd6939SJiyong Park }, 430*54fd6939SJiyong Park [1] = { 431*54fd6939SJiyong Park .type_desc = &soc_fw_config_hash, 432*54fd6939SJiyong Park .data = { 433*54fd6939SJiyong Park .ptr = (void *)soc_fw_config_hash_buf, 434*54fd6939SJiyong Park .len = (unsigned int)HASH_DER_LEN 435*54fd6939SJiyong Park } 436*54fd6939SJiyong Park } 437*54fd6939SJiyong Park } 438*54fd6939SJiyong Park }; 439*54fd6939SJiyong Park 440*54fd6939SJiyong Park static const auth_img_desc_t bl31_image = { 441*54fd6939SJiyong Park .img_id = BL31_IMAGE_ID, 442*54fd6939SJiyong Park .img_type = IMG_RAW, 443*54fd6939SJiyong Park .parent = &soc_fw_content_cert, 444*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 445*54fd6939SJiyong Park [0] = { 446*54fd6939SJiyong Park .type = AUTH_METHOD_HASH, 447*54fd6939SJiyong Park .param.hash = { 448*54fd6939SJiyong Park .data = &raw_data, 449*54fd6939SJiyong Park .hash = &soc_fw_hash 450*54fd6939SJiyong Park } 451*54fd6939SJiyong Park } 452*54fd6939SJiyong Park } 453*54fd6939SJiyong Park }; 454*54fd6939SJiyong Park 455*54fd6939SJiyong Park /* SOC FW Config */ 456*54fd6939SJiyong Park static const auth_img_desc_t soc_fw_config = { 457*54fd6939SJiyong Park .img_id = SOC_FW_CONFIG_ID, 458*54fd6939SJiyong Park .img_type = IMG_RAW, 459*54fd6939SJiyong Park .parent = &soc_fw_content_cert, 460*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 461*54fd6939SJiyong Park [0] = { 462*54fd6939SJiyong Park .type = AUTH_METHOD_HASH, 463*54fd6939SJiyong Park .param.hash = { 464*54fd6939SJiyong Park .data = &raw_data, 465*54fd6939SJiyong Park .hash = &soc_fw_config_hash 466*54fd6939SJiyong Park } 467*54fd6939SJiyong Park } 468*54fd6939SJiyong Park } 469*54fd6939SJiyong Park }; 470*54fd6939SJiyong Park 471*54fd6939SJiyong Park /* Trusted OS Firmware */ 472*54fd6939SJiyong Park static const auth_img_desc_t trusted_os_fw_key_cert = { 473*54fd6939SJiyong Park .img_id = TRUSTED_OS_FW_KEY_CERT_ID, 474*54fd6939SJiyong Park .img_type = IMG_CERT, 475*54fd6939SJiyong Park .parent = &trusted_key_cert, 476*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 477*54fd6939SJiyong Park [0] = { 478*54fd6939SJiyong Park .type = AUTH_METHOD_SIG, 479*54fd6939SJiyong Park .param.sig = { 480*54fd6939SJiyong Park .pk = &trusted_world_pk, 481*54fd6939SJiyong Park .sig = &sig, 482*54fd6939SJiyong Park .alg = &sig_alg, 483*54fd6939SJiyong Park .data = &raw_data 484*54fd6939SJiyong Park } 485*54fd6939SJiyong Park }, 486*54fd6939SJiyong Park [1] = { 487*54fd6939SJiyong Park .type = AUTH_METHOD_NV_CTR, 488*54fd6939SJiyong Park .param.nv_ctr = { 489*54fd6939SJiyong Park .cert_nv_ctr = &trusted_nv_ctr, 490*54fd6939SJiyong Park .plat_nv_ctr = &trusted_nv_ctr 491*54fd6939SJiyong Park } 492*54fd6939SJiyong Park } 493*54fd6939SJiyong Park }, 494*54fd6939SJiyong Park .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 495*54fd6939SJiyong Park [0] = { 496*54fd6939SJiyong Park .type_desc = &tos_fw_content_pk, 497*54fd6939SJiyong Park .data = { 498*54fd6939SJiyong Park .ptr = (void *)content_pk_buf, 499*54fd6939SJiyong Park .len = (unsigned int)PK_DER_LEN 500*54fd6939SJiyong Park } 501*54fd6939SJiyong Park } 502*54fd6939SJiyong Park } 503*54fd6939SJiyong Park }; 504*54fd6939SJiyong Park 505*54fd6939SJiyong Park static const auth_img_desc_t trusted_os_fw_content_cert = { 506*54fd6939SJiyong Park .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID, 507*54fd6939SJiyong Park .img_type = IMG_CERT, 508*54fd6939SJiyong Park .parent = &trusted_os_fw_key_cert, 509*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 510*54fd6939SJiyong Park [0] = { 511*54fd6939SJiyong Park .type = AUTH_METHOD_SIG, 512*54fd6939SJiyong Park .param.sig = { 513*54fd6939SJiyong Park .pk = &tos_fw_content_pk, 514*54fd6939SJiyong Park .sig = &sig, 515*54fd6939SJiyong Park .alg = &sig_alg, 516*54fd6939SJiyong Park .data = &raw_data 517*54fd6939SJiyong Park } 518*54fd6939SJiyong Park }, 519*54fd6939SJiyong Park [1] = { 520*54fd6939SJiyong Park .type = AUTH_METHOD_NV_CTR, 521*54fd6939SJiyong Park .param.nv_ctr = { 522*54fd6939SJiyong Park .cert_nv_ctr = &trusted_nv_ctr, 523*54fd6939SJiyong Park .plat_nv_ctr = &trusted_nv_ctr 524*54fd6939SJiyong Park } 525*54fd6939SJiyong Park } 526*54fd6939SJiyong Park }, 527*54fd6939SJiyong Park .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 528*54fd6939SJiyong Park [0] = { 529*54fd6939SJiyong Park .type_desc = &tos_fw_hash, 530*54fd6939SJiyong Park .data = { 531*54fd6939SJiyong Park .ptr = (void *)tos_fw_hash_buf, 532*54fd6939SJiyong Park .len = (unsigned int)HASH_DER_LEN 533*54fd6939SJiyong Park } 534*54fd6939SJiyong Park }, 535*54fd6939SJiyong Park [1] = { 536*54fd6939SJiyong Park .type_desc = &tos_fw_extra1_hash, 537*54fd6939SJiyong Park .data = { 538*54fd6939SJiyong Park .ptr = (void *)tos_fw_extra1_hash_buf, 539*54fd6939SJiyong Park .len = (unsigned int)HASH_DER_LEN 540*54fd6939SJiyong Park } 541*54fd6939SJiyong Park }, 542*54fd6939SJiyong Park [2] = { 543*54fd6939SJiyong Park .type_desc = &tos_fw_extra2_hash, 544*54fd6939SJiyong Park .data = { 545*54fd6939SJiyong Park .ptr = (void *)tos_fw_extra2_hash_buf, 546*54fd6939SJiyong Park .len = (unsigned int)HASH_DER_LEN 547*54fd6939SJiyong Park } 548*54fd6939SJiyong Park }, 549*54fd6939SJiyong Park [3] = { 550*54fd6939SJiyong Park .type_desc = &tos_fw_config_hash, 551*54fd6939SJiyong Park .data = { 552*54fd6939SJiyong Park .ptr = (void *)tos_fw_config_hash_buf, 553*54fd6939SJiyong Park .len = (unsigned int)HASH_DER_LEN 554*54fd6939SJiyong Park } 555*54fd6939SJiyong Park } 556*54fd6939SJiyong Park } 557*54fd6939SJiyong Park }; 558*54fd6939SJiyong Park 559*54fd6939SJiyong Park static const auth_img_desc_t bl32_image = { 560*54fd6939SJiyong Park .img_id = BL32_IMAGE_ID, 561*54fd6939SJiyong Park .img_type = IMG_RAW, 562*54fd6939SJiyong Park .parent = &trusted_os_fw_content_cert, 563*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 564*54fd6939SJiyong Park [0] = { 565*54fd6939SJiyong Park .type = AUTH_METHOD_HASH, 566*54fd6939SJiyong Park .param.hash = { 567*54fd6939SJiyong Park .data = &raw_data, 568*54fd6939SJiyong Park .hash = &tos_fw_hash 569*54fd6939SJiyong Park } 570*54fd6939SJiyong Park } 571*54fd6939SJiyong Park } 572*54fd6939SJiyong Park }; 573*54fd6939SJiyong Park 574*54fd6939SJiyong Park static const auth_img_desc_t bl32_extra1_image = { 575*54fd6939SJiyong Park .img_id = BL32_EXTRA1_IMAGE_ID, 576*54fd6939SJiyong Park .img_type = IMG_RAW, 577*54fd6939SJiyong Park .parent = &trusted_os_fw_content_cert, 578*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 579*54fd6939SJiyong Park [0] = { 580*54fd6939SJiyong Park .type = AUTH_METHOD_HASH, 581*54fd6939SJiyong Park .param.hash = { 582*54fd6939SJiyong Park .data = &raw_data, 583*54fd6939SJiyong Park .hash = &tos_fw_extra1_hash 584*54fd6939SJiyong Park } 585*54fd6939SJiyong Park } 586*54fd6939SJiyong Park } 587*54fd6939SJiyong Park }; 588*54fd6939SJiyong Park 589*54fd6939SJiyong Park static const auth_img_desc_t bl32_extra2_image = { 590*54fd6939SJiyong Park .img_id = BL32_EXTRA2_IMAGE_ID, 591*54fd6939SJiyong Park .img_type = IMG_RAW, 592*54fd6939SJiyong Park .parent = &trusted_os_fw_content_cert, 593*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 594*54fd6939SJiyong Park [0] = { 595*54fd6939SJiyong Park .type = AUTH_METHOD_HASH, 596*54fd6939SJiyong Park .param.hash = { 597*54fd6939SJiyong Park .data = &raw_data, 598*54fd6939SJiyong Park .hash = &tos_fw_extra2_hash 599*54fd6939SJiyong Park } 600*54fd6939SJiyong Park } 601*54fd6939SJiyong Park } 602*54fd6939SJiyong Park }; 603*54fd6939SJiyong Park 604*54fd6939SJiyong Park /* TOS FW Config */ 605*54fd6939SJiyong Park static const auth_img_desc_t tos_fw_config = { 606*54fd6939SJiyong Park .img_id = TOS_FW_CONFIG_ID, 607*54fd6939SJiyong Park .img_type = IMG_RAW, 608*54fd6939SJiyong Park .parent = &trusted_os_fw_content_cert, 609*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 610*54fd6939SJiyong Park [0] = { 611*54fd6939SJiyong Park .type = AUTH_METHOD_HASH, 612*54fd6939SJiyong Park .param.hash = { 613*54fd6939SJiyong Park .data = &raw_data, 614*54fd6939SJiyong Park .hash = &tos_fw_config_hash 615*54fd6939SJiyong Park } 616*54fd6939SJiyong Park } 617*54fd6939SJiyong Park } 618*54fd6939SJiyong Park }; 619*54fd6939SJiyong Park 620*54fd6939SJiyong Park /* Non-Trusted Firmware */ 621*54fd6939SJiyong Park static const auth_img_desc_t non_trusted_fw_content_cert = { 622*54fd6939SJiyong Park .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID, 623*54fd6939SJiyong Park .img_type = IMG_CERT, 624*54fd6939SJiyong Park .parent = NULL, /* Root certificate. */ 625*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 626*54fd6939SJiyong Park [0] = { 627*54fd6939SJiyong Park .type = AUTH_METHOD_SIG, 628*54fd6939SJiyong Park .param.sig = { 629*54fd6939SJiyong Park .pk = &prot_pk, 630*54fd6939SJiyong Park .sig = &sig, 631*54fd6939SJiyong Park .alg = &sig_alg, 632*54fd6939SJiyong Park .data = &raw_data 633*54fd6939SJiyong Park } 634*54fd6939SJiyong Park }, 635*54fd6939SJiyong Park [1] = { 636*54fd6939SJiyong Park .type = AUTH_METHOD_NV_CTR, 637*54fd6939SJiyong Park .param.nv_ctr = { 638*54fd6939SJiyong Park .cert_nv_ctr = &non_trusted_nv_ctr, 639*54fd6939SJiyong Park .plat_nv_ctr = &non_trusted_nv_ctr 640*54fd6939SJiyong Park } 641*54fd6939SJiyong Park } 642*54fd6939SJiyong Park }, 643*54fd6939SJiyong Park .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 644*54fd6939SJiyong Park [0] = { 645*54fd6939SJiyong Park .type_desc = &nt_world_bl_hash, 646*54fd6939SJiyong Park .data = { 647*54fd6939SJiyong Park .ptr = (void *)nt_world_bl_hash_buf, 648*54fd6939SJiyong Park .len = (unsigned int)HASH_DER_LEN 649*54fd6939SJiyong Park } 650*54fd6939SJiyong Park }, 651*54fd6939SJiyong Park [1] = { 652*54fd6939SJiyong Park .type_desc = &nt_fw_config_hash, 653*54fd6939SJiyong Park .data = { 654*54fd6939SJiyong Park .ptr = (void *)nt_fw_config_hash_buf, 655*54fd6939SJiyong Park .len = (unsigned int)HASH_DER_LEN 656*54fd6939SJiyong Park } 657*54fd6939SJiyong Park } 658*54fd6939SJiyong Park } 659*54fd6939SJiyong Park }; 660*54fd6939SJiyong Park 661*54fd6939SJiyong Park static const auth_img_desc_t bl33_image = { 662*54fd6939SJiyong Park .img_id = BL33_IMAGE_ID, 663*54fd6939SJiyong Park .img_type = IMG_RAW, 664*54fd6939SJiyong Park .parent = &non_trusted_fw_content_cert, 665*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 666*54fd6939SJiyong Park [0] = { 667*54fd6939SJiyong Park .type = AUTH_METHOD_HASH, 668*54fd6939SJiyong Park .param.hash = { 669*54fd6939SJiyong Park .data = &raw_data, 670*54fd6939SJiyong Park .hash = &nt_world_bl_hash 671*54fd6939SJiyong Park } 672*54fd6939SJiyong Park } 673*54fd6939SJiyong Park } 674*54fd6939SJiyong Park }; 675*54fd6939SJiyong Park 676*54fd6939SJiyong Park /* NT FW Config */ 677*54fd6939SJiyong Park static const auth_img_desc_t nt_fw_config = { 678*54fd6939SJiyong Park .img_id = NT_FW_CONFIG_ID, 679*54fd6939SJiyong Park .img_type = IMG_RAW, 680*54fd6939SJiyong Park .parent = &non_trusted_fw_content_cert, 681*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 682*54fd6939SJiyong Park [0] = { 683*54fd6939SJiyong Park .type = AUTH_METHOD_HASH, 684*54fd6939SJiyong Park .param.hash = { 685*54fd6939SJiyong Park .data = &raw_data, 686*54fd6939SJiyong Park .hash = &nt_fw_config_hash 687*54fd6939SJiyong Park } 688*54fd6939SJiyong Park } 689*54fd6939SJiyong Park } 690*54fd6939SJiyong Park }; 691*54fd6939SJiyong Park 692*54fd6939SJiyong Park /* 693*54fd6939SJiyong Park * Secure Partitions 694*54fd6939SJiyong Park */ 695*54fd6939SJiyong Park #if defined(SPD_spmd) 696*54fd6939SJiyong Park static const auth_img_desc_t sip_sp_content_cert = { 697*54fd6939SJiyong Park .img_id = SIP_SP_CONTENT_CERT_ID, 698*54fd6939SJiyong Park .img_type = IMG_CERT, 699*54fd6939SJiyong Park .parent = &trusted_key_cert, 700*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 701*54fd6939SJiyong Park [0] = { 702*54fd6939SJiyong Park .type = AUTH_METHOD_SIG, 703*54fd6939SJiyong Park .param.sig = { 704*54fd6939SJiyong Park .pk = &trusted_world_pk, 705*54fd6939SJiyong Park .sig = &sig, 706*54fd6939SJiyong Park .alg = &sig_alg, 707*54fd6939SJiyong Park .data = &raw_data 708*54fd6939SJiyong Park } 709*54fd6939SJiyong Park }, 710*54fd6939SJiyong Park [1] = { 711*54fd6939SJiyong Park .type = AUTH_METHOD_NV_CTR, 712*54fd6939SJiyong Park .param.nv_ctr = { 713*54fd6939SJiyong Park .cert_nv_ctr = &trusted_nv_ctr, 714*54fd6939SJiyong Park .plat_nv_ctr = &trusted_nv_ctr 715*54fd6939SJiyong Park } 716*54fd6939SJiyong Park } 717*54fd6939SJiyong Park }, 718*54fd6939SJiyong Park .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 719*54fd6939SJiyong Park [0] = { 720*54fd6939SJiyong Park .type_desc = &sp_pkg1_hash, 721*54fd6939SJiyong Park .data = { 722*54fd6939SJiyong Park .ptr = (void *)sp_pkg_hash_buf[0], 723*54fd6939SJiyong Park .len = (unsigned int)HASH_DER_LEN 724*54fd6939SJiyong Park } 725*54fd6939SJiyong Park }, 726*54fd6939SJiyong Park [1] = { 727*54fd6939SJiyong Park .type_desc = &sp_pkg2_hash, 728*54fd6939SJiyong Park .data = { 729*54fd6939SJiyong Park .ptr = (void *)sp_pkg_hash_buf[1], 730*54fd6939SJiyong Park .len = (unsigned int)HASH_DER_LEN 731*54fd6939SJiyong Park } 732*54fd6939SJiyong Park }, 733*54fd6939SJiyong Park [2] = { 734*54fd6939SJiyong Park .type_desc = &sp_pkg3_hash, 735*54fd6939SJiyong Park .data = { 736*54fd6939SJiyong Park .ptr = (void *)sp_pkg_hash_buf[2], 737*54fd6939SJiyong Park .len = (unsigned int)HASH_DER_LEN 738*54fd6939SJiyong Park } 739*54fd6939SJiyong Park }, 740*54fd6939SJiyong Park [3] = { 741*54fd6939SJiyong Park .type_desc = &sp_pkg4_hash, 742*54fd6939SJiyong Park .data = { 743*54fd6939SJiyong Park .ptr = (void *)sp_pkg_hash_buf[3], 744*54fd6939SJiyong Park .len = (unsigned int)HASH_DER_LEN 745*54fd6939SJiyong Park } 746*54fd6939SJiyong Park } 747*54fd6939SJiyong Park } 748*54fd6939SJiyong Park }; 749*54fd6939SJiyong Park 750*54fd6939SJiyong Park DEFINE_SIP_SP_PKG(1); 751*54fd6939SJiyong Park DEFINE_SIP_SP_PKG(2); 752*54fd6939SJiyong Park DEFINE_SIP_SP_PKG(3); 753*54fd6939SJiyong Park DEFINE_SIP_SP_PKG(4); 754*54fd6939SJiyong Park 755*54fd6939SJiyong Park static const auth_img_desc_t plat_sp_content_cert = { 756*54fd6939SJiyong Park .img_id = PLAT_SP_CONTENT_CERT_ID, 757*54fd6939SJiyong Park .img_type = IMG_CERT, 758*54fd6939SJiyong Park .parent = NULL, 759*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 760*54fd6939SJiyong Park [0] = { 761*54fd6939SJiyong Park .type = AUTH_METHOD_SIG, 762*54fd6939SJiyong Park .param.sig = { 763*54fd6939SJiyong Park .pk = &prot_pk, 764*54fd6939SJiyong Park .sig = &sig, 765*54fd6939SJiyong Park .alg = &sig_alg, 766*54fd6939SJiyong Park .data = &raw_data 767*54fd6939SJiyong Park } 768*54fd6939SJiyong Park }, 769*54fd6939SJiyong Park [1] = { 770*54fd6939SJiyong Park .type = AUTH_METHOD_NV_CTR, 771*54fd6939SJiyong Park .param.nv_ctr = { 772*54fd6939SJiyong Park .cert_nv_ctr = &non_trusted_nv_ctr, 773*54fd6939SJiyong Park .plat_nv_ctr = &non_trusted_nv_ctr 774*54fd6939SJiyong Park } 775*54fd6939SJiyong Park } 776*54fd6939SJiyong Park }, 777*54fd6939SJiyong Park .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 778*54fd6939SJiyong Park [0] = { 779*54fd6939SJiyong Park .type_desc = &sp_pkg5_hash, 780*54fd6939SJiyong Park .data = { 781*54fd6939SJiyong Park .ptr = (void *)sp_pkg_hash_buf[4], 782*54fd6939SJiyong Park .len = (unsigned int)HASH_DER_LEN 783*54fd6939SJiyong Park } 784*54fd6939SJiyong Park }, 785*54fd6939SJiyong Park [1] = { 786*54fd6939SJiyong Park .type_desc = &sp_pkg6_hash, 787*54fd6939SJiyong Park .data = { 788*54fd6939SJiyong Park .ptr = (void *)sp_pkg_hash_buf[5], 789*54fd6939SJiyong Park .len = (unsigned int)HASH_DER_LEN 790*54fd6939SJiyong Park } 791*54fd6939SJiyong Park }, 792*54fd6939SJiyong Park [2] = { 793*54fd6939SJiyong Park .type_desc = &sp_pkg7_hash, 794*54fd6939SJiyong Park .data = { 795*54fd6939SJiyong Park .ptr = (void *)sp_pkg_hash_buf[6], 796*54fd6939SJiyong Park .len = (unsigned int)HASH_DER_LEN 797*54fd6939SJiyong Park } 798*54fd6939SJiyong Park }, 799*54fd6939SJiyong Park [3] = { 800*54fd6939SJiyong Park .type_desc = &sp_pkg8_hash, 801*54fd6939SJiyong Park .data = { 802*54fd6939SJiyong Park .ptr = (void *)sp_pkg_hash_buf[7], 803*54fd6939SJiyong Park .len = (unsigned int)HASH_DER_LEN 804*54fd6939SJiyong Park } 805*54fd6939SJiyong Park } 806*54fd6939SJiyong Park } 807*54fd6939SJiyong Park }; 808*54fd6939SJiyong Park 809*54fd6939SJiyong Park DEFINE_PLAT_SP_PKG(5); 810*54fd6939SJiyong Park DEFINE_PLAT_SP_PKG(6); 811*54fd6939SJiyong Park DEFINE_PLAT_SP_PKG(7); 812*54fd6939SJiyong Park DEFINE_PLAT_SP_PKG(8); 813*54fd6939SJiyong Park #endif /* SPD_spmd */ 814*54fd6939SJiyong Park 815*54fd6939SJiyong Park #else /* IMAGE_BL2 */ 816*54fd6939SJiyong Park 817*54fd6939SJiyong Park /* FWU auth descriptor */ 818*54fd6939SJiyong Park static const auth_img_desc_t fwu_cert = { 819*54fd6939SJiyong Park .img_id = FWU_CERT_ID, 820*54fd6939SJiyong Park .img_type = IMG_CERT, 821*54fd6939SJiyong Park .parent = NULL, 822*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 823*54fd6939SJiyong Park [0] = { 824*54fd6939SJiyong Park .type = AUTH_METHOD_SIG, 825*54fd6939SJiyong Park .param.sig = { 826*54fd6939SJiyong Park .pk = &subject_pk, 827*54fd6939SJiyong Park .sig = &sig, 828*54fd6939SJiyong Park .alg = &sig_alg, 829*54fd6939SJiyong Park .data = &raw_data 830*54fd6939SJiyong Park } 831*54fd6939SJiyong Park } 832*54fd6939SJiyong Park }, 833*54fd6939SJiyong Park .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 834*54fd6939SJiyong Park [0] = { 835*54fd6939SJiyong Park .type_desc = &scp_bl2u_hash, 836*54fd6939SJiyong Park .data = { 837*54fd6939SJiyong Park .ptr = (void *)scp_fw_hash_buf, 838*54fd6939SJiyong Park .len = (unsigned int)HASH_DER_LEN 839*54fd6939SJiyong Park } 840*54fd6939SJiyong Park }, 841*54fd6939SJiyong Park [1] = { 842*54fd6939SJiyong Park .type_desc = &bl2u_hash, 843*54fd6939SJiyong Park .data = { 844*54fd6939SJiyong Park .ptr = (void *)tb_fw_hash_buf, 845*54fd6939SJiyong Park .len = (unsigned int)HASH_DER_LEN 846*54fd6939SJiyong Park } 847*54fd6939SJiyong Park }, 848*54fd6939SJiyong Park [2] = { 849*54fd6939SJiyong Park .type_desc = &ns_bl2u_hash, 850*54fd6939SJiyong Park .data = { 851*54fd6939SJiyong Park .ptr = (void *)nt_world_bl_hash_buf, 852*54fd6939SJiyong Park .len = (unsigned int)HASH_DER_LEN 853*54fd6939SJiyong Park } 854*54fd6939SJiyong Park } 855*54fd6939SJiyong Park } 856*54fd6939SJiyong Park }; 857*54fd6939SJiyong Park 858*54fd6939SJiyong Park /* SCP_BL2U */ 859*54fd6939SJiyong Park static const auth_img_desc_t scp_bl2u_image = { 860*54fd6939SJiyong Park .img_id = SCP_BL2U_IMAGE_ID, 861*54fd6939SJiyong Park .img_type = IMG_RAW, 862*54fd6939SJiyong Park .parent = &fwu_cert, 863*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 864*54fd6939SJiyong Park [0] = { 865*54fd6939SJiyong Park .type = AUTH_METHOD_HASH, 866*54fd6939SJiyong Park .param.hash = { 867*54fd6939SJiyong Park .data = &raw_data, 868*54fd6939SJiyong Park .hash = &scp_bl2u_hash 869*54fd6939SJiyong Park } 870*54fd6939SJiyong Park } 871*54fd6939SJiyong Park } 872*54fd6939SJiyong Park }; 873*54fd6939SJiyong Park 874*54fd6939SJiyong Park /* BL2U */ 875*54fd6939SJiyong Park static const auth_img_desc_t bl2u_image = { 876*54fd6939SJiyong Park .img_id = BL2U_IMAGE_ID, 877*54fd6939SJiyong Park .img_type = IMG_RAW, 878*54fd6939SJiyong Park .parent = &fwu_cert, 879*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 880*54fd6939SJiyong Park [0] = { 881*54fd6939SJiyong Park .type = AUTH_METHOD_HASH, 882*54fd6939SJiyong Park .param.hash = { 883*54fd6939SJiyong Park .data = &raw_data, 884*54fd6939SJiyong Park .hash = &bl2u_hash 885*54fd6939SJiyong Park } 886*54fd6939SJiyong Park } 887*54fd6939SJiyong Park } 888*54fd6939SJiyong Park }; 889*54fd6939SJiyong Park 890*54fd6939SJiyong Park /* NS_BL2U */ 891*54fd6939SJiyong Park static const auth_img_desc_t ns_bl2u_image = { 892*54fd6939SJiyong Park .img_id = NS_BL2U_IMAGE_ID, 893*54fd6939SJiyong Park .img_type = IMG_RAW, 894*54fd6939SJiyong Park .parent = &fwu_cert, 895*54fd6939SJiyong Park .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 896*54fd6939SJiyong Park [0] = { 897*54fd6939SJiyong Park .type = AUTH_METHOD_HASH, 898*54fd6939SJiyong Park .param.hash = { 899*54fd6939SJiyong Park .data = &raw_data, 900*54fd6939SJiyong Park .hash = &ns_bl2u_hash 901*54fd6939SJiyong Park } 902*54fd6939SJiyong Park } 903*54fd6939SJiyong Park } 904*54fd6939SJiyong Park }; 905*54fd6939SJiyong Park #endif /* IMAGE_BL2 */ 906*54fd6939SJiyong Park 907*54fd6939SJiyong Park /* 908*54fd6939SJiyong Park * Chain of trust definition 909*54fd6939SJiyong Park */ 910*54fd6939SJiyong Park #ifdef IMAGE_BL1 911*54fd6939SJiyong Park static const auth_img_desc_t * const cot_desc[] = { 912*54fd6939SJiyong Park [TRUSTED_BOOT_FW_CERT_ID] = &trusted_boot_fw_cert, 913*54fd6939SJiyong Park [BL2_IMAGE_ID] = &bl2_image, 914*54fd6939SJiyong Park [HW_CONFIG_ID] = &hw_config, 915*54fd6939SJiyong Park [TB_FW_CONFIG_ID] = &tb_fw_config, 916*54fd6939SJiyong Park [FW_CONFIG_ID] = &fw_config, 917*54fd6939SJiyong Park [FWU_CERT_ID] = &fwu_cert, 918*54fd6939SJiyong Park [SCP_BL2U_IMAGE_ID] = &scp_bl2u_image, 919*54fd6939SJiyong Park [BL2U_IMAGE_ID] = &bl2u_image, 920*54fd6939SJiyong Park [NS_BL2U_IMAGE_ID] = &ns_bl2u_image 921*54fd6939SJiyong Park }; 922*54fd6939SJiyong Park #else /* IMAGE_BL2 */ 923*54fd6939SJiyong Park static const auth_img_desc_t * const cot_desc[] = { 924*54fd6939SJiyong Park [TRUSTED_BOOT_FW_CERT_ID] = &trusted_boot_fw_cert, 925*54fd6939SJiyong Park [HW_CONFIG_ID] = &hw_config, 926*54fd6939SJiyong Park [TRUSTED_KEY_CERT_ID] = &trusted_key_cert, 927*54fd6939SJiyong Park [SCP_FW_KEY_CERT_ID] = &scp_fw_key_cert, 928*54fd6939SJiyong Park [SCP_FW_CONTENT_CERT_ID] = &scp_fw_content_cert, 929*54fd6939SJiyong Park [SCP_BL2_IMAGE_ID] = &scp_bl2_image, 930*54fd6939SJiyong Park [SOC_FW_KEY_CERT_ID] = &soc_fw_key_cert, 931*54fd6939SJiyong Park [SOC_FW_CONTENT_CERT_ID] = &soc_fw_content_cert, 932*54fd6939SJiyong Park [BL31_IMAGE_ID] = &bl31_image, 933*54fd6939SJiyong Park [SOC_FW_CONFIG_ID] = &soc_fw_config, 934*54fd6939SJiyong Park [TRUSTED_OS_FW_KEY_CERT_ID] = &trusted_os_fw_key_cert, 935*54fd6939SJiyong Park [TRUSTED_OS_FW_CONTENT_CERT_ID] = &trusted_os_fw_content_cert, 936*54fd6939SJiyong Park [BL32_IMAGE_ID] = &bl32_image, 937*54fd6939SJiyong Park [BL32_EXTRA1_IMAGE_ID] = &bl32_extra1_image, 938*54fd6939SJiyong Park [BL32_EXTRA2_IMAGE_ID] = &bl32_extra2_image, 939*54fd6939SJiyong Park [TOS_FW_CONFIG_ID] = &tos_fw_config, 940*54fd6939SJiyong Park [NON_TRUSTED_FW_CONTENT_CERT_ID] = &non_trusted_fw_content_cert, 941*54fd6939SJiyong Park [BL33_IMAGE_ID] = &bl33_image, 942*54fd6939SJiyong Park [NT_FW_CONFIG_ID] = &nt_fw_config, 943*54fd6939SJiyong Park #if defined(SPD_spmd) 944*54fd6939SJiyong Park [SIP_SP_CONTENT_CERT_ID] = &sip_sp_content_cert, 945*54fd6939SJiyong Park [PLAT_SP_CONTENT_CERT_ID] = &plat_sp_content_cert, 946*54fd6939SJiyong Park [SP_PKG1_ID] = &sp_pkg1, 947*54fd6939SJiyong Park [SP_PKG2_ID] = &sp_pkg2, 948*54fd6939SJiyong Park [SP_PKG3_ID] = &sp_pkg3, 949*54fd6939SJiyong Park [SP_PKG4_ID] = &sp_pkg4, 950*54fd6939SJiyong Park [SP_PKG5_ID] = &sp_pkg5, 951*54fd6939SJiyong Park [SP_PKG6_ID] = &sp_pkg6, 952*54fd6939SJiyong Park [SP_PKG7_ID] = &sp_pkg7, 953*54fd6939SJiyong Park [SP_PKG8_ID] = &sp_pkg8, 954*54fd6939SJiyong Park #endif 955*54fd6939SJiyong Park }; 956*54fd6939SJiyong Park #endif 957*54fd6939SJiyong Park 958*54fd6939SJiyong Park /* Register the CoT in the authentication module */ 959*54fd6939SJiyong Park REGISTER_COT(cot_desc); 960