1/*
2 * Copyright (c) 2023-2024, Arm Limited. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7#include <tools_share/cca_oid.h>
8#include <common/tbbr/tbbr_img_def.h>
9#include <common/nv_cntr_ids.h>
10
11cot {
12	manifests {
13		compatible = "arm, cert-descs";
14
15		cca_content_cert: cca_content_cert {
16			root-certificate;
17			image-id =<CCA_CONTENT_CERT_ID>;
18			antirollback-counter = <&cca_nv_counter>;
19
20			tb_fw_hash: tb_fw_hash {
21				oid = TRUSTED_BOOT_FW_HASH_OID;
22			};
23			tb_fw_config_hash: tb_fw_config_hash {
24				oid = TRUSTED_BOOT_FW_CONFIG_HASH_OID;
25			};
26			hw_config_hash: hw_config_hash {
27				oid = HW_CONFIG_HASH_OID;
28			};
29			fw_config_hash: fw_config_hash {
30				oid = FW_CONFIG_HASH_OID;
31			};
32			soc_fw_hash: soc_fw_hash {
33				oid = SOC_AP_FW_HASH_OID;
34			};
35			soc_fw_config_hash: soc_fw_config_hash {
36				oid = SOC_FW_CONFIG_HASH_OID;
37			};
38			rmm_hash: rmm_hash {
39				oid = RMM_HASH_OID;
40			};
41		};
42
43		core_swd_key_cert: core_swd_key_cert {
44			root-certificate;
45			image-id = <CORE_SWD_KEY_CERT_ID>;
46			signing-key = <&swd_rot_pk>;
47			antirollback-counter = <&trusted_nv_counter>;
48
49			core_swd_pk: core_swd_pk {
50				oid = CORE_SWD_PK_OID;
51			};
52		};
53
54		trusted_os_fw_content_cert: trusted_os_fw_content_cert {
55			image-id = <TRUSTED_OS_FW_CONTENT_CERT_ID>;
56			parent = <&core_swd_key_cert>;
57			signing-key = <&core_swd_pk>;
58			antirollback-counter = <&trusted_nv_counter>;
59
60			tos_fw_hash: tos_fw_hash {
61				oid = TRUSTED_OS_FW_HASH_OID;
62			};
63			tos_fw_config_hash: tos_fw_config_hash {
64				oid = TRUSTED_OS_FW_CONFIG_HASH_OID;
65			};
66		};
67
68		plat_key_cert: plat_key_cert {
69			root-certificate;
70			image-id = <PLAT_KEY_CERT_ID>;
71			signing-key = <&prot_pk>;
72			antirollback-counter = <&non_trusted_nv_counter>;
73
74			plat_pk: plat_pk {
75				oid = PLAT_PK_OID;
76			};
77		};
78
79		non_trusted_fw_content_cert: non_trusted_fw_content_cert {
80			image-id = <NON_TRUSTED_FW_CONTENT_CERT_ID>;
81			parent = <&plat_key_cert>;
82			signing-key = <&plat_pk>;
83			antirollback-counter = <&non_trusted_nv_counter>;
84
85			nt_world_bl_hash: nt_world_bl_hash {
86				oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID;
87			};
88			nt_fw_config_hash: nt_fw_config_hash {
89				oid = NON_TRUSTED_FW_CONFIG_HASH_OID;
90			};
91		};
92
93#if defined(SPD_spmd)
94		sip_sp_content_cert: sip_sp_content_cert {
95			image-id = <SIP_SP_CONTENT_CERT_ID>;
96			parent = <&core_swd_key_cert>;
97			signing-key = <&core_swd_pk>;
98			antirollback-counter = <&trusted_nv_counter>;
99
100			sp_pkg1_hash: sp_pkg1_hash {
101				oid = SP_PKG1_HASH_OID;
102			};
103			sp_pkg2_hash: sp_pkg2_hash {
104				oid = SP_PKG2_HASH_OID;
105			};
106			sp_pkg3_hash: sp_pkg3_hash {
107				oid = SP_PKG3_HASH_OID;
108			};
109			sp_pkg4_hash: sp_pkg4_hash {
110				oid = SP_PKG4_HASH_OID;
111			};
112		};
113
114		plat_sp_content_cert: plat_sp_content_cert {
115			image-id = <PLAT_SP_CONTENT_CERT_ID>;
116			parent = <&plat_key_cert>;
117			signing-key = <&plat_pk>;
118			antirollback-counter = <&non_trusted_nv_counter>;
119
120			sp_pkg5_hash: sp_pkg5_hash {
121				oid = SP_PKG5_HASH_OID;
122			};
123			sp_pkg6_hash: sp_pkg6_hash {
124				oid = SP_PKG6_HASH_OID;
125			};
126			sp_pkg7_hash: sp_pkg7_hash {
127				oid = SP_PKG7_HASH_OID;
128			};
129			sp_pkg8_hash: sp_pkg8_hash {
130				oid = SP_PKG8_HASH_OID;
131			};
132		};
133#endif
134	};
135
136	images {
137		compatible = "arm, img-descs";
138
139		fw_config {
140			image-id = <FW_CONFIG_ID>;
141			parent = <&cca_content_cert>;
142			hash = <&fw_config_hash>;
143		};
144
145		hw_config {
146			image-id = <HW_CONFIG_ID>;
147			parent = <&cca_content_cert>;
148			hash = <&hw_config_hash>;
149		};
150
151		tb_fw_hash {
152			image-id = <BL2_IMAGE_ID>;
153			parent = <&cca_content_cert>;
154			hash = <&tb_fw_hash>;
155		};
156
157		tb_fw_config {
158			image-id = <TB_FW_CONFIG_ID>;
159			parent = <&cca_content_cert>;
160			hash = <&tb_fw_config_hash>;
161		};
162
163		bl31_image {
164			image-id = <BL31_IMAGE_ID>;
165			parent = <&cca_content_cert>;
166			hash = <&soc_fw_hash>;
167		};
168
169		soc_fw_config {
170			image-id = <SOC_FW_CONFIG_ID>;
171			parent = <&cca_content_cert>;
172			hash = <&soc_fw_config_hash>;
173		};
174
175		rmm_image {
176			image-id = <RMM_IMAGE_ID>;
177			parent = <&cca_content_cert>;
178			hash = <&rmm_hash>;
179		};
180
181		bl32_image {
182			image-id = <BL32_IMAGE_ID>;
183			parent = <&trusted_os_fw_content_cert>;
184			hash = <&tos_fw_hash>;
185		};
186
187		tos_fw_config {
188			image-id = <TOS_FW_CONFIG_ID>;
189			parent = <&trusted_os_fw_content_cert>;
190			hash = <&tos_fw_config_hash>;
191		};
192
193		bl33_image {
194			image-id = <BL33_IMAGE_ID>;
195			parent = <&non_trusted_fw_content_cert>;
196			hash = <&nt_world_bl_hash>;
197		};
198
199		nt_fw_config {
200			image-id = <NT_FW_CONFIG_ID>;
201			parent = <&non_trusted_fw_content_cert>;
202			hash = <&nt_fw_config_hash>;
203		};
204
205#if defined(SPD_spmd)
206		sp_pkg1 {
207			image-id = <SP_PKG1_ID>;
208			parent = <&sip_sp_content_cert>;
209			hash = <&sp_pkg1_hash>;
210		};
211
212		sp_pkg2 {
213			image-id = <SP_PKG2_ID>;
214			parent = <&sip_sp_content_cert>;
215			hash = <&sp_pkg2_hash>;
216		};
217
218		sp_pkg3 {
219			image-id = <SP_PKG3_ID>;
220			parent = <&sip_sp_content_cert>;
221			hash = <&sp_pkg3_hash>;
222		};
223
224		sp_pkg4 {
225			image-id = <SP_PKG4_ID>;
226			parent = <&sip_sp_content_cert>;
227			hash = <&sp_pkg4_hash>;
228		};
229
230		sp_pkg5 {
231			image-id = <SP_PKG5_ID>;
232			parent = <&plat_sp_content_cert>;
233			hash = <&sp_pkg5_hash>;
234		};
235
236		sp_pkg6 {
237			image-id = <SP_PKG6_ID>;
238			parent = <&plat_sp_content_cert>;
239			hash = <&sp_pkg6_hash>;
240		};
241
242		sp_pkg7 {
243			image-id = <SP_PKG7_ID>;
244			parent = <&plat_sp_content_cert>;
245			hash = <&sp_pkg7_hash>;
246		};
247
248		sp_pkg8 {
249			image-id = <SP_PKG8_ID>;
250			parent = <&plat_sp_content_cert>;
251			hash = <&sp_pkg8_hash>;
252		};
253#endif
254	};
255};
256
257non_volatile_counters: non_volatile_counters {
258	compatible = "arm, non-volatile-counter";
259
260	#address-cells = <1>;
261	#size-cells = <0>;
262
263	cca_nv_counter: cca_nv_counter {
264		id  = <TRUSTED_NV_CTR_ID>;
265		oid = CCA_FW_NVCOUNTER_OID;
266	};
267
268	trusted_nv_counter: trusted_nv_counter {
269		id  = <TRUSTED_NV_CTR_ID>;
270		oid = TRUSTED_FW_NVCOUNTER_OID;
271	};
272
273	non_trusted_nv_counter: non_trusted_nv_counter {
274		id  = <NON_TRUSTED_NV_CTR_ID>;
275		oid = NON_TRUSTED_FW_NVCOUNTER_OID;
276	};
277};
278
279rot_keys {
280	swd_rot_pk: swd_rot_pk {
281		oid = SWD_ROT_PK_OID;
282	};
283
284	prot_pk: prot_pk {
285		oid = PROT_PK_OID;
286	};
287};
288