1 /* 2 * Copyright (c) 2022-2023, Arm Limited. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <stddef.h> 8 9 #include <mbedtls/version.h> 10 11 #include <common/tbbr/cot_def.h> 12 #include <drivers/auth/auth_mod.h> 13 #include <tools_share/cca_oid.h> 14 15 #include <platform_def.h> 16 17 /* 18 * Allocate static buffers to store the authentication parameters extracted from 19 * the certificates. 20 */ 21 static unsigned char fw_config_hash_buf[HASH_DER_LEN]; 22 static unsigned char tb_fw_hash_buf[HASH_DER_LEN]; 23 static unsigned char tb_fw_config_hash_buf[HASH_DER_LEN]; 24 static unsigned char hw_config_hash_buf[HASH_DER_LEN]; 25 static unsigned char soc_fw_hash_buf[HASH_DER_LEN]; 26 static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN]; 27 static unsigned char rmm_hash_buf[HASH_DER_LEN]; 28 29 #ifdef IMAGE_BL2 30 static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN]; 31 static unsigned char tos_fw_hash_buf[HASH_DER_LEN]; 32 static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN]; 33 static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN]; 34 #if defined(SPD_spmd) 35 static unsigned char sp_pkg_hash_buf[MAX_SP_IDS][HASH_DER_LEN]; 36 #endif /* SPD_spmd */ 37 38 static unsigned char core_swd_pk_buf[PK_DER_LEN]; 39 static unsigned char plat_pk_buf[PK_DER_LEN]; 40 #endif /* IMAGE_BL2 */ 41 42 /* 43 * Parameter type descriptors. 44 */ 45 static auth_param_type_desc_t cca_nv_ctr = AUTH_PARAM_TYPE_DESC( 46 AUTH_PARAM_NV_CTR, CCA_FW_NVCOUNTER_OID); 47 static auth_param_type_desc_t subject_pk = AUTH_PARAM_TYPE_DESC( 48 AUTH_PARAM_PUB_KEY, 0); 49 static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC( 50 AUTH_PARAM_SIG, 0); 51 static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC( 52 AUTH_PARAM_SIG_ALG, 0); 53 static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC( 54 AUTH_PARAM_RAW_DATA, 0); 55 56 static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC( 57 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID); 58 static auth_param_type_desc_t tb_fw_config_hash = AUTH_PARAM_TYPE_DESC( 59 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_CONFIG_HASH_OID); 60 static auth_param_type_desc_t hw_config_hash = AUTH_PARAM_TYPE_DESC( 61 AUTH_PARAM_HASH, HW_CONFIG_HASH_OID); 62 static auth_param_type_desc_t fw_config_hash = AUTH_PARAM_TYPE_DESC( 63 AUTH_PARAM_HASH, FW_CONFIG_HASH_OID); 64 static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC( 65 AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID); 66 static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC( 67 AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID); 68 static auth_param_type_desc_t rmm_hash = AUTH_PARAM_TYPE_DESC( 69 AUTH_PARAM_HASH, RMM_HASH_OID); 70 71 #ifdef IMAGE_BL2 72 static auth_param_type_desc_t trusted_nv_ctr = AUTH_PARAM_TYPE_DESC( 73 AUTH_PARAM_NV_CTR, TRUSTED_FW_NVCOUNTER_OID); 74 static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC( 75 AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID); 76 77 static auth_param_type_desc_t prot_pk = AUTH_PARAM_TYPE_DESC( 78 AUTH_PARAM_PUB_KEY, PROT_PK_OID); 79 static auth_param_type_desc_t swd_rot_pk = AUTH_PARAM_TYPE_DESC( 80 AUTH_PARAM_PUB_KEY, SWD_ROT_PK_OID); 81 static auth_param_type_desc_t core_swd_pk = AUTH_PARAM_TYPE_DESC( 82 AUTH_PARAM_PUB_KEY, CORE_SWD_PK_OID); 83 static auth_param_type_desc_t plat_pk = AUTH_PARAM_TYPE_DESC( 84 AUTH_PARAM_PUB_KEY, PLAT_PK_OID); 85 86 static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC( 87 AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID); 88 static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC( 89 AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID); 90 static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC( 91 AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID); 92 static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC( 93 AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID); 94 #if defined(SPD_spmd) 95 static auth_param_type_desc_t sp_pkg1_hash = AUTH_PARAM_TYPE_DESC( 96 AUTH_PARAM_HASH, SP_PKG1_HASH_OID); 97 static auth_param_type_desc_t sp_pkg2_hash = AUTH_PARAM_TYPE_DESC( 98 AUTH_PARAM_HASH, SP_PKG2_HASH_OID); 99 static auth_param_type_desc_t sp_pkg3_hash = AUTH_PARAM_TYPE_DESC( 100 AUTH_PARAM_HASH, SP_PKG3_HASH_OID); 101 static auth_param_type_desc_t sp_pkg4_hash = AUTH_PARAM_TYPE_DESC( 102 AUTH_PARAM_HASH, SP_PKG4_HASH_OID); 103 static auth_param_type_desc_t sp_pkg5_hash = AUTH_PARAM_TYPE_DESC( 104 AUTH_PARAM_HASH, SP_PKG5_HASH_OID); 105 static auth_param_type_desc_t sp_pkg6_hash = AUTH_PARAM_TYPE_DESC( 106 AUTH_PARAM_HASH, SP_PKG6_HASH_OID); 107 static auth_param_type_desc_t sp_pkg7_hash = AUTH_PARAM_TYPE_DESC( 108 AUTH_PARAM_HASH, SP_PKG7_HASH_OID); 109 static auth_param_type_desc_t sp_pkg8_hash = AUTH_PARAM_TYPE_DESC( 110 AUTH_PARAM_HASH, SP_PKG8_HASH_OID); 111 #endif /* SPD_spmd */ 112 #endif /* IMAGE_BL2 */ 113 114 /* CCA Content Certificate */ 115 static const auth_img_desc_t cca_content_cert = { 116 .img_id = CCA_CONTENT_CERT_ID, 117 .img_type = IMG_CERT, 118 .parent = NULL, 119 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 120 [0] = { 121 .type = AUTH_METHOD_SIG, 122 .param.sig = { 123 .pk = &subject_pk, 124 .sig = &sig, 125 .alg = &sig_alg, 126 .data = &raw_data 127 } 128 }, 129 [1] = { 130 .type = AUTH_METHOD_NV_CTR, 131 .param.nv_ctr = { 132 .cert_nv_ctr = &cca_nv_ctr, 133 .plat_nv_ctr = &cca_nv_ctr 134 } 135 } 136 }, 137 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 138 [0] = { 139 .type_desc = &tb_fw_hash, 140 .data = { 141 .ptr = (void *)tb_fw_hash_buf, 142 .len = (unsigned int)HASH_DER_LEN 143 } 144 }, 145 [1] = { 146 .type_desc = &tb_fw_config_hash, 147 .data = { 148 .ptr = (void *)tb_fw_config_hash_buf, 149 .len = (unsigned int)HASH_DER_LEN 150 } 151 }, 152 [2] = { 153 .type_desc = &fw_config_hash, 154 .data = { 155 .ptr = (void *)fw_config_hash_buf, 156 .len = (unsigned int)HASH_DER_LEN 157 } 158 }, 159 [3] = { 160 .type_desc = &hw_config_hash, 161 .data = { 162 .ptr = (void *)hw_config_hash_buf, 163 .len = (unsigned int)HASH_DER_LEN 164 } 165 }, 166 [4] = { 167 .type_desc = &soc_fw_hash, 168 .data = { 169 .ptr = (void *)soc_fw_hash_buf, 170 .len = (unsigned int)HASH_DER_LEN 171 } 172 }, 173 [5] = { 174 .type_desc = &soc_fw_config_hash, 175 .data = { 176 .ptr = (void *)soc_fw_config_hash_buf, 177 .len = (unsigned int)HASH_DER_LEN 178 } 179 }, 180 [6] = { 181 .type_desc = &rmm_hash, 182 .data = { 183 .ptr = (void *)rmm_hash_buf, 184 .len = (unsigned int)HASH_DER_LEN 185 } 186 } 187 } 188 }; 189 190 #ifdef IMAGE_BL1 191 static const auth_img_desc_t bl2_image = { 192 .img_id = BL2_IMAGE_ID, 193 .img_type = IMG_RAW, 194 .parent = &cca_content_cert, 195 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 196 [0] = { 197 .type = AUTH_METHOD_HASH, 198 .param.hash = { 199 .data = &raw_data, 200 .hash = &tb_fw_hash 201 } 202 } 203 } 204 }; 205 206 static const auth_img_desc_t tb_fw_config = { 207 .img_id = TB_FW_CONFIG_ID, 208 .img_type = IMG_RAW, 209 .parent = &cca_content_cert, 210 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 211 [0] = { 212 .type = AUTH_METHOD_HASH, 213 .param.hash = { 214 .data = &raw_data, 215 .hash = &tb_fw_config_hash 216 } 217 } 218 } 219 }; 220 221 static const auth_img_desc_t fw_config = { 222 .img_id = FW_CONFIG_ID, 223 .img_type = IMG_RAW, 224 .parent = &cca_content_cert, 225 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 226 [0] = { 227 .type = AUTH_METHOD_HASH, 228 .param.hash = { 229 .data = &raw_data, 230 .hash = &fw_config_hash 231 } 232 } 233 } 234 }; 235 #endif /* IMAGE_BL1 */ 236 237 #ifdef IMAGE_BL2 238 /* HW Config */ 239 static const auth_img_desc_t hw_config = { 240 .img_id = HW_CONFIG_ID, 241 .img_type = IMG_RAW, 242 .parent = &cca_content_cert, 243 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 244 [0] = { 245 .type = AUTH_METHOD_HASH, 246 .param.hash = { 247 .data = &raw_data, 248 .hash = &hw_config_hash 249 } 250 } 251 } 252 }; 253 254 /* BL31 */ 255 static const auth_img_desc_t bl31_image = { 256 .img_id = BL31_IMAGE_ID, 257 .img_type = IMG_RAW, 258 .parent = &cca_content_cert, 259 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 260 [0] = { 261 .type = AUTH_METHOD_HASH, 262 .param.hash = { 263 .data = &raw_data, 264 .hash = &soc_fw_hash 265 } 266 } 267 } 268 }; 269 270 /* BL31 Config */ 271 static const auth_img_desc_t soc_fw_config = { 272 .img_id = SOC_FW_CONFIG_ID, 273 .img_type = IMG_RAW, 274 .parent = &cca_content_cert, 275 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 276 [0] = { 277 .type = AUTH_METHOD_HASH, 278 .param.hash = { 279 .data = &raw_data, 280 .hash = &soc_fw_config_hash 281 } 282 } 283 } 284 }; 285 286 /* RMM */ 287 static const auth_img_desc_t rmm_image = { 288 .img_id = RMM_IMAGE_ID, 289 .img_type = IMG_RAW, 290 .parent = &cca_content_cert, 291 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 292 [0] = { 293 .type = AUTH_METHOD_HASH, 294 .param.hash = { 295 .data = &raw_data, 296 .hash = &rmm_hash 297 } 298 } 299 } 300 }; 301 302 /* Core SWD Key Certificate */ 303 static const auth_img_desc_t core_swd_key_cert = { 304 .img_id = CORE_SWD_KEY_CERT_ID, 305 .img_type = IMG_CERT, 306 .parent = NULL, /* SWD ROOT CERT */ 307 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 308 [0] = { 309 .type = AUTH_METHOD_SIG, 310 .param.sig = { 311 .pk = &swd_rot_pk, 312 .sig = &sig, 313 .alg = &sig_alg, 314 .data = &raw_data 315 } 316 }, 317 [1] = { 318 .type = AUTH_METHOD_NV_CTR, 319 .param.nv_ctr = { 320 .cert_nv_ctr = &trusted_nv_ctr, 321 .plat_nv_ctr = &trusted_nv_ctr 322 } 323 } 324 }, 325 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 326 [0] = { 327 .type_desc = &core_swd_pk, 328 .data = { 329 .ptr = (void *)core_swd_pk_buf, 330 .len = (unsigned int)PK_DER_LEN 331 } 332 } 333 } 334 }; 335 336 /* SPMC Content Certificate */ 337 static const auth_img_desc_t trusted_os_fw_content_cert = { 338 .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID, 339 .img_type = IMG_CERT, 340 .parent = &core_swd_key_cert, 341 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 342 [0] = { 343 .type = AUTH_METHOD_SIG, 344 .param.sig = { 345 .pk = &core_swd_pk, 346 .sig = &sig, 347 .alg = &sig_alg, 348 .data = &raw_data 349 } 350 }, 351 [1] = { 352 .type = AUTH_METHOD_NV_CTR, 353 .param.nv_ctr = { 354 .cert_nv_ctr = &trusted_nv_ctr, 355 .plat_nv_ctr = &trusted_nv_ctr 356 } 357 } 358 }, 359 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 360 [0] = { 361 .type_desc = &tos_fw_hash, 362 .data = { 363 .ptr = (void *)tos_fw_hash_buf, 364 .len = (unsigned int)HASH_DER_LEN 365 } 366 }, 367 [1] = { 368 .type_desc = &tos_fw_config_hash, 369 .data = { 370 .ptr = (void *)tos_fw_config_hash_buf, 371 .len = (unsigned int)HASH_DER_LEN 372 } 373 } 374 } 375 }; 376 377 /* SPMC */ 378 static const auth_img_desc_t bl32_image = { 379 .img_id = BL32_IMAGE_ID, 380 .img_type = IMG_RAW, 381 .parent = &trusted_os_fw_content_cert, 382 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 383 [0] = { 384 .type = AUTH_METHOD_HASH, 385 .param.hash = { 386 .data = &raw_data, 387 .hash = &tos_fw_hash 388 } 389 } 390 } 391 }; 392 393 /* SPM Config */ 394 static const auth_img_desc_t tos_fw_config = { 395 .img_id = TOS_FW_CONFIG_ID, 396 .img_type = IMG_RAW, 397 .parent = &trusted_os_fw_content_cert, 398 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 399 [0] = { 400 .type = AUTH_METHOD_HASH, 401 .param.hash = { 402 .data = &raw_data, 403 .hash = &tos_fw_config_hash 404 } 405 } 406 } 407 }; 408 409 /* Platform Key Certificate */ 410 static const auth_img_desc_t plat_key_cert = { 411 .img_id = PLAT_KEY_CERT_ID, 412 .img_type = IMG_CERT, 413 .parent = NULL, /* PLATFORM ROOT CERT */ 414 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 415 [0] = { 416 .type = AUTH_METHOD_SIG, 417 .param.sig = { 418 .pk = &prot_pk, 419 .sig = &sig, 420 .alg = &sig_alg, 421 .data = &raw_data 422 } 423 }, 424 [1] = { 425 .type = AUTH_METHOD_NV_CTR, 426 .param.nv_ctr = { 427 .cert_nv_ctr = &non_trusted_nv_ctr, 428 .plat_nv_ctr = &non_trusted_nv_ctr 429 } 430 } 431 }, 432 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 433 [0] = { 434 .type_desc = &plat_pk, 435 .data = { 436 .ptr = (void *)plat_pk_buf, 437 .len = (unsigned int)PK_DER_LEN 438 } 439 } 440 } 441 }; 442 443 /* Non-Trusted Firmware */ 444 static const auth_img_desc_t non_trusted_fw_content_cert = { 445 .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID, 446 .img_type = IMG_CERT, 447 .parent = &plat_key_cert, 448 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 449 [0] = { 450 .type = AUTH_METHOD_SIG, 451 .param.sig = { 452 .pk = &plat_pk, 453 .sig = &sig, 454 .alg = &sig_alg, 455 .data = &raw_data 456 } 457 }, 458 [1] = { 459 .type = AUTH_METHOD_NV_CTR, 460 .param.nv_ctr = { 461 .cert_nv_ctr = &non_trusted_nv_ctr, 462 .plat_nv_ctr = &non_trusted_nv_ctr 463 } 464 } 465 }, 466 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 467 [0] = { 468 .type_desc = &nt_world_bl_hash, 469 .data = { 470 .ptr = (void *)nt_world_bl_hash_buf, 471 .len = (unsigned int)HASH_DER_LEN 472 } 473 }, 474 [1] = { 475 .type_desc = &nt_fw_config_hash, 476 .data = { 477 .ptr = (void *)nt_fw_config_hash_buf, 478 .len = (unsigned int)HASH_DER_LEN 479 } 480 } 481 } 482 }; 483 484 static const auth_img_desc_t bl33_image = { 485 .img_id = BL33_IMAGE_ID, 486 .img_type = IMG_RAW, 487 .parent = &non_trusted_fw_content_cert, 488 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 489 [0] = { 490 .type = AUTH_METHOD_HASH, 491 .param.hash = { 492 .data = &raw_data, 493 .hash = &nt_world_bl_hash 494 } 495 } 496 } 497 }; 498 499 /* NT FW Config */ 500 static const auth_img_desc_t nt_fw_config = { 501 .img_id = NT_FW_CONFIG_ID, 502 .img_type = IMG_RAW, 503 .parent = &non_trusted_fw_content_cert, 504 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 505 [0] = { 506 .type = AUTH_METHOD_HASH, 507 .param.hash = { 508 .data = &raw_data, 509 .hash = &nt_fw_config_hash 510 } 511 } 512 } 513 }; 514 515 /* 516 * Secure Partitions 517 */ 518 #if defined(SPD_spmd) 519 static const auth_img_desc_t sip_sp_content_cert = { 520 .img_id = SIP_SP_CONTENT_CERT_ID, 521 .img_type = IMG_CERT, 522 .parent = &core_swd_key_cert, 523 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 524 [0] = { 525 .type = AUTH_METHOD_SIG, 526 .param.sig = { 527 .pk = &core_swd_pk, 528 .sig = &sig, 529 .alg = &sig_alg, 530 .data = &raw_data 531 } 532 }, 533 [1] = { 534 .type = AUTH_METHOD_NV_CTR, 535 .param.nv_ctr = { 536 .cert_nv_ctr = &trusted_nv_ctr, 537 .plat_nv_ctr = &trusted_nv_ctr 538 } 539 } 540 }, 541 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 542 [0] = { 543 .type_desc = &sp_pkg1_hash, 544 .data = { 545 .ptr = (void *)sp_pkg_hash_buf[0], 546 .len = (unsigned int)HASH_DER_LEN 547 } 548 }, 549 [1] = { 550 .type_desc = &sp_pkg2_hash, 551 .data = { 552 .ptr = (void *)sp_pkg_hash_buf[1], 553 .len = (unsigned int)HASH_DER_LEN 554 } 555 }, 556 [2] = { 557 .type_desc = &sp_pkg3_hash, 558 .data = { 559 .ptr = (void *)sp_pkg_hash_buf[2], 560 .len = (unsigned int)HASH_DER_LEN 561 } 562 }, 563 [3] = { 564 .type_desc = &sp_pkg4_hash, 565 .data = { 566 .ptr = (void *)sp_pkg_hash_buf[3], 567 .len = (unsigned int)HASH_DER_LEN 568 } 569 } 570 } 571 }; 572 573 DEFINE_SIP_SP_PKG(1); 574 DEFINE_SIP_SP_PKG(2); 575 DEFINE_SIP_SP_PKG(3); 576 DEFINE_SIP_SP_PKG(4); 577 578 static const auth_img_desc_t plat_sp_content_cert = { 579 .img_id = PLAT_SP_CONTENT_CERT_ID, 580 .img_type = IMG_CERT, 581 .parent = &plat_key_cert, 582 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 583 [0] = { 584 .type = AUTH_METHOD_SIG, 585 .param.sig = { 586 .pk = &plat_pk, 587 .sig = &sig, 588 .alg = &sig_alg, 589 .data = &raw_data 590 } 591 }, 592 [1] = { 593 .type = AUTH_METHOD_NV_CTR, 594 .param.nv_ctr = { 595 .cert_nv_ctr = &non_trusted_nv_ctr, 596 .plat_nv_ctr = &non_trusted_nv_ctr 597 } 598 } 599 }, 600 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 601 [0] = { 602 .type_desc = &sp_pkg5_hash, 603 .data = { 604 .ptr = (void *)sp_pkg_hash_buf[4], 605 .len = (unsigned int)HASH_DER_LEN 606 } 607 }, 608 [1] = { 609 .type_desc = &sp_pkg6_hash, 610 .data = { 611 .ptr = (void *)sp_pkg_hash_buf[5], 612 .len = (unsigned int)HASH_DER_LEN 613 } 614 }, 615 [2] = { 616 .type_desc = &sp_pkg7_hash, 617 .data = { 618 .ptr = (void *)sp_pkg_hash_buf[6], 619 .len = (unsigned int)HASH_DER_LEN 620 } 621 }, 622 [3] = { 623 .type_desc = &sp_pkg8_hash, 624 .data = { 625 .ptr = (void *)sp_pkg_hash_buf[7], 626 .len = (unsigned int)HASH_DER_LEN 627 } 628 } 629 } 630 }; 631 632 DEFINE_PLAT_SP_PKG(5); 633 DEFINE_PLAT_SP_PKG(6); 634 DEFINE_PLAT_SP_PKG(7); 635 DEFINE_PLAT_SP_PKG(8); 636 #endif /* SPD_spmd */ 637 #endif /* IMAGE_BL2 */ 638 /* 639 * Chain of trust definition 640 */ 641 #ifdef IMAGE_BL1 642 static const auth_img_desc_t * const cot_desc[] = { 643 [CCA_CONTENT_CERT_ID] = &cca_content_cert, 644 [BL2_IMAGE_ID] = &bl2_image, 645 [TB_FW_CONFIG_ID] = &tb_fw_config, 646 [FW_CONFIG_ID] = &fw_config, 647 }; 648 #else /* IMAGE_BL2 */ 649 static const auth_img_desc_t * const cot_desc[] = { 650 [CCA_CONTENT_CERT_ID] = &cca_content_cert, 651 [HW_CONFIG_ID] = &hw_config, 652 [BL31_IMAGE_ID] = &bl31_image, 653 [SOC_FW_CONFIG_ID] = &soc_fw_config, 654 [RMM_IMAGE_ID] = &rmm_image, 655 [CORE_SWD_KEY_CERT_ID] = &core_swd_key_cert, 656 [TRUSTED_OS_FW_CONTENT_CERT_ID] = &trusted_os_fw_content_cert, 657 [BL32_IMAGE_ID] = &bl32_image, 658 [TOS_FW_CONFIG_ID] = &tos_fw_config, 659 [PLAT_KEY_CERT_ID] = &plat_key_cert, 660 [NON_TRUSTED_FW_CONTENT_CERT_ID] = &non_trusted_fw_content_cert, 661 [BL33_IMAGE_ID] = &bl33_image, 662 [NT_FW_CONFIG_ID] = &nt_fw_config, 663 #if defined(SPD_spmd) 664 [SIP_SP_CONTENT_CERT_ID] = &sip_sp_content_cert, 665 [PLAT_SP_CONTENT_CERT_ID] = &plat_sp_content_cert, 666 [SP_PKG1_ID] = &sp_pkg1, 667 [SP_PKG2_ID] = &sp_pkg2, 668 [SP_PKG3_ID] = &sp_pkg3, 669 [SP_PKG4_ID] = &sp_pkg4, 670 [SP_PKG5_ID] = &sp_pkg5, 671 [SP_PKG6_ID] = &sp_pkg6, 672 [SP_PKG7_ID] = &sp_pkg7, 673 [SP_PKG8_ID] = &sp_pkg8, 674 #endif 675 }; 676 #endif /* IMAGE_BL1 */ 677 678 /* Register the CoT in the authentication module */ 679 REGISTER_COT(cot_desc); 680