1 /* 2 * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <stddef.h> 8 9 #include <mbedtls/version.h> 10 11 #include <drivers/auth/auth_mod.h> 12 #include <drivers/auth/tbbr_cot_common.h> 13 14 #if USE_TBBR_DEFS 15 #include <tools_share/tbbr_oid.h> 16 #else 17 #include <platform_oid.h> 18 #endif 19 20 #include <platform_def.h> 21 22 static unsigned char soc_fw_hash_buf[HASH_DER_LEN]; 23 static unsigned char tos_fw_hash_buf[HASH_DER_LEN]; 24 static unsigned char tos_fw_extra1_hash_buf[HASH_DER_LEN]; 25 static unsigned char tos_fw_extra2_hash_buf[HASH_DER_LEN]; 26 static unsigned char trusted_world_pk_buf[PK_DER_LEN]; 27 static unsigned char non_trusted_world_pk_buf[PK_DER_LEN]; 28 static unsigned char content_pk_buf[PK_DER_LEN]; 29 static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN]; 30 static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN]; 31 static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN]; 32 #if defined(SPD_spmd) 33 static unsigned char sp_pkg_hash_buf[MAX_SP_IDS][HASH_DER_LEN]; 34 #endif /* SPD_spmd */ 35 36 static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC( 37 AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID); 38 static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC( 39 AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID); 40 static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC( 41 AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID); 42 static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC( 43 AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID); 44 static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC( 45 AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID); 46 static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC( 47 AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID); 48 static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC( 49 AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID); 50 static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC( 51 AUTH_PARAM_HASH, SCP_FW_HASH_OID); 52 static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC( 53 AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID); 54 static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC( 55 AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID); 56 static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC( 57 AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID); 58 static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC( 59 AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID); 60 static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC( 61 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID); 62 static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC( 63 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID); 64 static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC( 65 AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID); 66 static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC( 67 AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID); 68 #if defined(SPD_spmd) 69 static auth_param_type_desc_t sp_pkg1_hash = AUTH_PARAM_TYPE_DESC( 70 AUTH_PARAM_HASH, SP_PKG1_HASH_OID); 71 static auth_param_type_desc_t sp_pkg2_hash = AUTH_PARAM_TYPE_DESC( 72 AUTH_PARAM_HASH, SP_PKG2_HASH_OID); 73 static auth_param_type_desc_t sp_pkg3_hash = AUTH_PARAM_TYPE_DESC( 74 AUTH_PARAM_HASH, SP_PKG3_HASH_OID); 75 static auth_param_type_desc_t sp_pkg4_hash = AUTH_PARAM_TYPE_DESC( 76 AUTH_PARAM_HASH, SP_PKG4_HASH_OID); 77 static auth_param_type_desc_t sp_pkg5_hash = AUTH_PARAM_TYPE_DESC( 78 AUTH_PARAM_HASH, SP_PKG5_HASH_OID); 79 static auth_param_type_desc_t sp_pkg6_hash = AUTH_PARAM_TYPE_DESC( 80 AUTH_PARAM_HASH, SP_PKG6_HASH_OID); 81 static auth_param_type_desc_t sp_pkg7_hash = AUTH_PARAM_TYPE_DESC( 82 AUTH_PARAM_HASH, SP_PKG7_HASH_OID); 83 static auth_param_type_desc_t sp_pkg8_hash = AUTH_PARAM_TYPE_DESC( 84 AUTH_PARAM_HASH, SP_PKG8_HASH_OID); 85 #endif /* SPD_spmd */ 86 87 /* 88 * Trusted key certificate 89 */ 90 static const auth_img_desc_t trusted_key_cert = { 91 .img_id = TRUSTED_KEY_CERT_ID, 92 .img_type = IMG_CERT, 93 .parent = NULL, 94 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 95 [0] = { 96 .type = AUTH_METHOD_SIG, 97 .param.sig = { 98 .pk = &subject_pk, 99 .sig = &sig, 100 .alg = &sig_alg, 101 .data = &raw_data 102 } 103 }, 104 [1] = { 105 .type = AUTH_METHOD_NV_CTR, 106 .param.nv_ctr = { 107 .cert_nv_ctr = &trusted_nv_ctr, 108 .plat_nv_ctr = &trusted_nv_ctr 109 } 110 } 111 }, 112 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 113 [0] = { 114 .type_desc = &trusted_world_pk, 115 .data = { 116 .ptr = (void *)trusted_world_pk_buf, 117 .len = (unsigned int)PK_DER_LEN 118 } 119 }, 120 [1] = { 121 .type_desc = &non_trusted_world_pk, 122 .data = { 123 .ptr = (void *)non_trusted_world_pk_buf, 124 .len = (unsigned int)PK_DER_LEN 125 } 126 } 127 } 128 }; 129 /* 130 * SCP Firmware 131 */ 132 static const auth_img_desc_t scp_fw_key_cert = { 133 .img_id = SCP_FW_KEY_CERT_ID, 134 .img_type = IMG_CERT, 135 .parent = &trusted_key_cert, 136 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 137 [0] = { 138 .type = AUTH_METHOD_SIG, 139 .param.sig = { 140 .pk = &trusted_world_pk, 141 .sig = &sig, 142 .alg = &sig_alg, 143 .data = &raw_data 144 } 145 }, 146 [1] = { 147 .type = AUTH_METHOD_NV_CTR, 148 .param.nv_ctr = { 149 .cert_nv_ctr = &trusted_nv_ctr, 150 .plat_nv_ctr = &trusted_nv_ctr 151 } 152 } 153 }, 154 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 155 [0] = { 156 .type_desc = &scp_fw_content_pk, 157 .data = { 158 .ptr = (void *)content_pk_buf, 159 .len = (unsigned int)PK_DER_LEN 160 } 161 } 162 } 163 }; 164 static const auth_img_desc_t scp_fw_content_cert = { 165 .img_id = SCP_FW_CONTENT_CERT_ID, 166 .img_type = IMG_CERT, 167 .parent = &scp_fw_key_cert, 168 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 169 [0] = { 170 .type = AUTH_METHOD_SIG, 171 .param.sig = { 172 .pk = &scp_fw_content_pk, 173 .sig = &sig, 174 .alg = &sig_alg, 175 .data = &raw_data 176 } 177 }, 178 [1] = { 179 .type = AUTH_METHOD_NV_CTR, 180 .param.nv_ctr = { 181 .cert_nv_ctr = &trusted_nv_ctr, 182 .plat_nv_ctr = &trusted_nv_ctr 183 } 184 } 185 }, 186 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 187 [0] = { 188 .type_desc = &scp_fw_hash, 189 .data = { 190 .ptr = (void *)scp_fw_hash_buf, 191 .len = (unsigned int)HASH_DER_LEN 192 } 193 } 194 } 195 }; 196 static const auth_img_desc_t scp_bl2_image = { 197 .img_id = SCP_BL2_IMAGE_ID, 198 .img_type = IMG_RAW, 199 .parent = &scp_fw_content_cert, 200 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 201 [0] = { 202 .type = AUTH_METHOD_HASH, 203 .param.hash = { 204 .data = &raw_data, 205 .hash = &scp_fw_hash 206 } 207 } 208 } 209 }; 210 /* 211 * SoC Firmware 212 */ 213 static const auth_img_desc_t soc_fw_key_cert = { 214 .img_id = SOC_FW_KEY_CERT_ID, 215 .img_type = IMG_CERT, 216 .parent = &trusted_key_cert, 217 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 218 [0] = { 219 .type = AUTH_METHOD_SIG, 220 .param.sig = { 221 .pk = &trusted_world_pk, 222 .sig = &sig, 223 .alg = &sig_alg, 224 .data = &raw_data 225 } 226 }, 227 [1] = { 228 .type = AUTH_METHOD_NV_CTR, 229 .param.nv_ctr = { 230 .cert_nv_ctr = &trusted_nv_ctr, 231 .plat_nv_ctr = &trusted_nv_ctr 232 } 233 } 234 }, 235 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 236 [0] = { 237 .type_desc = &soc_fw_content_pk, 238 .data = { 239 .ptr = (void *)content_pk_buf, 240 .len = (unsigned int)PK_DER_LEN 241 } 242 } 243 } 244 }; 245 static const auth_img_desc_t soc_fw_content_cert = { 246 .img_id = SOC_FW_CONTENT_CERT_ID, 247 .img_type = IMG_CERT, 248 .parent = &soc_fw_key_cert, 249 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 250 [0] = { 251 .type = AUTH_METHOD_SIG, 252 .param.sig = { 253 .pk = &soc_fw_content_pk, 254 .sig = &sig, 255 .alg = &sig_alg, 256 .data = &raw_data 257 } 258 }, 259 [1] = { 260 .type = AUTH_METHOD_NV_CTR, 261 .param.nv_ctr = { 262 .cert_nv_ctr = &trusted_nv_ctr, 263 .plat_nv_ctr = &trusted_nv_ctr 264 } 265 } 266 }, 267 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 268 [0] = { 269 .type_desc = &soc_fw_hash, 270 .data = { 271 .ptr = (void *)soc_fw_hash_buf, 272 .len = (unsigned int)HASH_DER_LEN 273 } 274 }, 275 [1] = { 276 .type_desc = &soc_fw_config_hash, 277 .data = { 278 .ptr = (void *)soc_fw_config_hash_buf, 279 .len = (unsigned int)HASH_DER_LEN 280 } 281 } 282 } 283 }; 284 static const auth_img_desc_t bl31_image = { 285 .img_id = BL31_IMAGE_ID, 286 .img_type = IMG_RAW, 287 .parent = &soc_fw_content_cert, 288 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 289 [0] = { 290 .type = AUTH_METHOD_HASH, 291 .param.hash = { 292 .data = &raw_data, 293 .hash = &soc_fw_hash 294 } 295 } 296 } 297 }; 298 /* SOC FW Config */ 299 static const auth_img_desc_t soc_fw_config = { 300 .img_id = SOC_FW_CONFIG_ID, 301 .img_type = IMG_RAW, 302 .parent = &soc_fw_content_cert, 303 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 304 [0] = { 305 .type = AUTH_METHOD_HASH, 306 .param.hash = { 307 .data = &raw_data, 308 .hash = &soc_fw_config_hash 309 } 310 } 311 } 312 }; 313 /* 314 * Trusted OS Firmware 315 */ 316 static const auth_img_desc_t trusted_os_fw_key_cert = { 317 .img_id = TRUSTED_OS_FW_KEY_CERT_ID, 318 .img_type = IMG_CERT, 319 .parent = &trusted_key_cert, 320 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 321 [0] = { 322 .type = AUTH_METHOD_SIG, 323 .param.sig = { 324 .pk = &trusted_world_pk, 325 .sig = &sig, 326 .alg = &sig_alg, 327 .data = &raw_data 328 } 329 }, 330 [1] = { 331 .type = AUTH_METHOD_NV_CTR, 332 .param.nv_ctr = { 333 .cert_nv_ctr = &trusted_nv_ctr, 334 .plat_nv_ctr = &trusted_nv_ctr 335 } 336 } 337 }, 338 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 339 [0] = { 340 .type_desc = &tos_fw_content_pk, 341 .data = { 342 .ptr = (void *)content_pk_buf, 343 .len = (unsigned int)PK_DER_LEN 344 } 345 } 346 } 347 }; 348 static const auth_img_desc_t trusted_os_fw_content_cert = { 349 .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID, 350 .img_type = IMG_CERT, 351 .parent = &trusted_os_fw_key_cert, 352 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 353 [0] = { 354 .type = AUTH_METHOD_SIG, 355 .param.sig = { 356 .pk = &tos_fw_content_pk, 357 .sig = &sig, 358 .alg = &sig_alg, 359 .data = &raw_data 360 } 361 }, 362 [1] = { 363 .type = AUTH_METHOD_NV_CTR, 364 .param.nv_ctr = { 365 .cert_nv_ctr = &trusted_nv_ctr, 366 .plat_nv_ctr = &trusted_nv_ctr 367 } 368 } 369 }, 370 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 371 [0] = { 372 .type_desc = &tos_fw_hash, 373 .data = { 374 .ptr = (void *)tos_fw_hash_buf, 375 .len = (unsigned int)HASH_DER_LEN 376 } 377 }, 378 [1] = { 379 .type_desc = &tos_fw_extra1_hash, 380 .data = { 381 .ptr = (void *)tos_fw_extra1_hash_buf, 382 .len = (unsigned int)HASH_DER_LEN 383 } 384 }, 385 [2] = { 386 .type_desc = &tos_fw_extra2_hash, 387 .data = { 388 .ptr = (void *)tos_fw_extra2_hash_buf, 389 .len = (unsigned int)HASH_DER_LEN 390 } 391 }, 392 [3] = { 393 .type_desc = &tos_fw_config_hash, 394 .data = { 395 .ptr = (void *)tos_fw_config_hash_buf, 396 .len = (unsigned int)HASH_DER_LEN 397 } 398 } 399 } 400 }; 401 static const auth_img_desc_t bl32_image = { 402 .img_id = BL32_IMAGE_ID, 403 .img_type = IMG_RAW, 404 .parent = &trusted_os_fw_content_cert, 405 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 406 [0] = { 407 .type = AUTH_METHOD_HASH, 408 .param.hash = { 409 .data = &raw_data, 410 .hash = &tos_fw_hash 411 } 412 } 413 } 414 }; 415 static const auth_img_desc_t bl32_extra1_image = { 416 .img_id = BL32_EXTRA1_IMAGE_ID, 417 .img_type = IMG_RAW, 418 .parent = &trusted_os_fw_content_cert, 419 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 420 [0] = { 421 .type = AUTH_METHOD_HASH, 422 .param.hash = { 423 .data = &raw_data, 424 .hash = &tos_fw_extra1_hash 425 } 426 } 427 } 428 }; 429 static const auth_img_desc_t bl32_extra2_image = { 430 .img_id = BL32_EXTRA2_IMAGE_ID, 431 .img_type = IMG_RAW, 432 .parent = &trusted_os_fw_content_cert, 433 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 434 [0] = { 435 .type = AUTH_METHOD_HASH, 436 .param.hash = { 437 .data = &raw_data, 438 .hash = &tos_fw_extra2_hash 439 } 440 } 441 } 442 }; 443 /* TOS FW Config */ 444 static const auth_img_desc_t tos_fw_config = { 445 .img_id = TOS_FW_CONFIG_ID, 446 .img_type = IMG_RAW, 447 .parent = &trusted_os_fw_content_cert, 448 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 449 [0] = { 450 .type = AUTH_METHOD_HASH, 451 .param.hash = { 452 .data = &raw_data, 453 .hash = &tos_fw_config_hash 454 } 455 } 456 } 457 }; 458 /* 459 * Non-Trusted Firmware 460 */ 461 static const auth_img_desc_t non_trusted_fw_key_cert = { 462 .img_id = NON_TRUSTED_FW_KEY_CERT_ID, 463 .img_type = IMG_CERT, 464 .parent = &trusted_key_cert, 465 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 466 [0] = { 467 .type = AUTH_METHOD_SIG, 468 .param.sig = { 469 .pk = &non_trusted_world_pk, 470 .sig = &sig, 471 .alg = &sig_alg, 472 .data = &raw_data 473 } 474 }, 475 [1] = { 476 .type = AUTH_METHOD_NV_CTR, 477 .param.nv_ctr = { 478 .cert_nv_ctr = &non_trusted_nv_ctr, 479 .plat_nv_ctr = &non_trusted_nv_ctr 480 } 481 } 482 }, 483 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 484 [0] = { 485 .type_desc = &nt_fw_content_pk, 486 .data = { 487 .ptr = (void *)content_pk_buf, 488 .len = (unsigned int)PK_DER_LEN 489 } 490 } 491 } 492 }; 493 static const auth_img_desc_t non_trusted_fw_content_cert = { 494 .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID, 495 .img_type = IMG_CERT, 496 .parent = &non_trusted_fw_key_cert, 497 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 498 [0] = { 499 .type = AUTH_METHOD_SIG, 500 .param.sig = { 501 .pk = &nt_fw_content_pk, 502 .sig = &sig, 503 .alg = &sig_alg, 504 .data = &raw_data 505 } 506 }, 507 [1] = { 508 .type = AUTH_METHOD_NV_CTR, 509 .param.nv_ctr = { 510 .cert_nv_ctr = &non_trusted_nv_ctr, 511 .plat_nv_ctr = &non_trusted_nv_ctr 512 } 513 } 514 }, 515 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 516 [0] = { 517 .type_desc = &nt_world_bl_hash, 518 .data = { 519 .ptr = (void *)nt_world_bl_hash_buf, 520 .len = (unsigned int)HASH_DER_LEN 521 } 522 }, 523 [1] = { 524 .type_desc = &nt_fw_config_hash, 525 .data = { 526 .ptr = (void *)nt_fw_config_hash_buf, 527 .len = (unsigned int)HASH_DER_LEN 528 } 529 } 530 } 531 }; 532 static const auth_img_desc_t bl33_image = { 533 .img_id = BL33_IMAGE_ID, 534 .img_type = IMG_RAW, 535 .parent = &non_trusted_fw_content_cert, 536 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 537 [0] = { 538 .type = AUTH_METHOD_HASH, 539 .param.hash = { 540 .data = &raw_data, 541 .hash = &nt_world_bl_hash 542 } 543 } 544 } 545 }; 546 /* NT FW Config */ 547 static const auth_img_desc_t nt_fw_config = { 548 .img_id = NT_FW_CONFIG_ID, 549 .img_type = IMG_RAW, 550 .parent = &non_trusted_fw_content_cert, 551 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 552 [0] = { 553 .type = AUTH_METHOD_HASH, 554 .param.hash = { 555 .data = &raw_data, 556 .hash = &nt_fw_config_hash 557 } 558 } 559 } 560 }; 561 /* Secure Partitions */ 562 #if defined(SPD_spmd) 563 static const auth_img_desc_t sip_sp_content_cert = { 564 .img_id = SIP_SP_CONTENT_CERT_ID, 565 .img_type = IMG_CERT, 566 .parent = &trusted_key_cert, 567 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 568 [0] = { 569 .type = AUTH_METHOD_SIG, 570 .param.sig = { 571 .pk = &trusted_world_pk, 572 .sig = &sig, 573 .alg = &sig_alg, 574 .data = &raw_data 575 } 576 }, 577 [1] = { 578 .type = AUTH_METHOD_NV_CTR, 579 .param.nv_ctr = { 580 .cert_nv_ctr = &trusted_nv_ctr, 581 .plat_nv_ctr = &trusted_nv_ctr 582 } 583 } 584 }, 585 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 586 [0] = { 587 .type_desc = &sp_pkg1_hash, 588 .data = { 589 .ptr = (void *)sp_pkg_hash_buf[0], 590 .len = (unsigned int)HASH_DER_LEN 591 } 592 }, 593 [1] = { 594 .type_desc = &sp_pkg2_hash, 595 .data = { 596 .ptr = (void *)sp_pkg_hash_buf[1], 597 .len = (unsigned int)HASH_DER_LEN 598 } 599 }, 600 [2] = { 601 .type_desc = &sp_pkg3_hash, 602 .data = { 603 .ptr = (void *)sp_pkg_hash_buf[2], 604 .len = (unsigned int)HASH_DER_LEN 605 } 606 }, 607 [3] = { 608 .type_desc = &sp_pkg4_hash, 609 .data = { 610 .ptr = (void *)sp_pkg_hash_buf[3], 611 .len = (unsigned int)HASH_DER_LEN 612 } 613 }, 614 [4] = { 615 .type_desc = &sp_pkg5_hash, 616 .data = { 617 .ptr = (void *)sp_pkg_hash_buf[4], 618 .len = (unsigned int)HASH_DER_LEN 619 } 620 }, 621 [5] = { 622 .type_desc = &sp_pkg6_hash, 623 .data = { 624 .ptr = (void *)sp_pkg_hash_buf[5], 625 .len = (unsigned int)HASH_DER_LEN 626 } 627 }, 628 [6] = { 629 .type_desc = &sp_pkg7_hash, 630 .data = { 631 .ptr = (void *)sp_pkg_hash_buf[6], 632 .len = (unsigned int)HASH_DER_LEN 633 } 634 }, 635 [7] = { 636 .type_desc = &sp_pkg8_hash, 637 .data = { 638 .ptr = (void *)sp_pkg_hash_buf[7], 639 .len = (unsigned int)HASH_DER_LEN 640 } 641 } 642 } 643 }; 644 645 DEFINE_SIP_SP_PKG(1); 646 DEFINE_SIP_SP_PKG(2); 647 DEFINE_SIP_SP_PKG(3); 648 DEFINE_SIP_SP_PKG(4); 649 DEFINE_SIP_SP_PKG(5); 650 DEFINE_SIP_SP_PKG(6); 651 DEFINE_SIP_SP_PKG(7); 652 DEFINE_SIP_SP_PKG(8); 653 #endif /* SPD_spmd */ 654 655 static const auth_img_desc_t * const cot_desc[] = { 656 [TRUSTED_BOOT_FW_CERT_ID] = &trusted_boot_fw_cert, 657 [HW_CONFIG_ID] = &hw_config, 658 [TRUSTED_KEY_CERT_ID] = &trusted_key_cert, 659 [SCP_FW_KEY_CERT_ID] = &scp_fw_key_cert, 660 [SCP_FW_CONTENT_CERT_ID] = &scp_fw_content_cert, 661 [SCP_BL2_IMAGE_ID] = &scp_bl2_image, 662 [SOC_FW_KEY_CERT_ID] = &soc_fw_key_cert, 663 [SOC_FW_CONTENT_CERT_ID] = &soc_fw_content_cert, 664 [BL31_IMAGE_ID] = &bl31_image, 665 [SOC_FW_CONFIG_ID] = &soc_fw_config, 666 [TRUSTED_OS_FW_KEY_CERT_ID] = &trusted_os_fw_key_cert, 667 [TRUSTED_OS_FW_CONTENT_CERT_ID] = &trusted_os_fw_content_cert, 668 [BL32_IMAGE_ID] = &bl32_image, 669 [BL32_EXTRA1_IMAGE_ID] = &bl32_extra1_image, 670 [BL32_EXTRA2_IMAGE_ID] = &bl32_extra2_image, 671 [TOS_FW_CONFIG_ID] = &tos_fw_config, 672 [NON_TRUSTED_FW_KEY_CERT_ID] = &non_trusted_fw_key_cert, 673 [NON_TRUSTED_FW_CONTENT_CERT_ID] = &non_trusted_fw_content_cert, 674 [BL33_IMAGE_ID] = &bl33_image, 675 [NT_FW_CONFIG_ID] = &nt_fw_config, 676 #if defined(SPD_spmd) 677 [SIP_SP_CONTENT_CERT_ID] = &sip_sp_content_cert, 678 [SP_PKG1_ID] = &sp_pkg1, 679 [SP_PKG2_ID] = &sp_pkg2, 680 [SP_PKG3_ID] = &sp_pkg3, 681 [SP_PKG4_ID] = &sp_pkg4, 682 [SP_PKG5_ID] = &sp_pkg5, 683 [SP_PKG6_ID] = &sp_pkg6, 684 [SP_PKG7_ID] = &sp_pkg7, 685 [SP_PKG8_ID] = &sp_pkg8, 686 #endif 687 }; 688 689 /* Register the CoT in the authentication module */ 690 REGISTER_COT(cot_desc); 691