projects / project / bcm63xx / atf.git / blob
? search:


a950a7a8d4c9de0fb3b6d1c0eb55b86431221b3a
[project/bcm63xx/atf.git] / drivers / auth / tbbr / tbbr_cot.c
1 /*
2 * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <auth_mod.h>
8 #include <platform_def.h>
9 #include <stddef.h>
10
11 #if USE_TBBR_DEFS
12 #include <tbbr_oid.h>
13 #else
14 #include <platform_oid.h>
15 #endif
16
17
18 /*
19 * Maximum key and hash sizes (in DER format)
20 */
21 #define PK_DER_LEN 294
22 #define HASH_DER_LEN 83
23
24 /*
25 * The platform must allocate buffers to store the authentication parameters
26 * extracted from the certificates. In this case, because of the way the CoT is
27 * established, we can reuse some of the buffers on different stages
28 */
29 static unsigned char tb_fw_hash_buf[HASH_DER_LEN];
30 static unsigned char tb_fw_config_hash_buf[HASH_DER_LEN];
31 static unsigned char hw_config_hash_buf[HASH_DER_LEN];
32 static unsigned char scp_fw_hash_buf[HASH_DER_LEN];
33 static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
34 static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
35 static unsigned char tos_fw_extra1_hash_buf[HASH_DER_LEN];
36 static unsigned char tos_fw_extra2_hash_buf[HASH_DER_LEN];
37 static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN];
38 static unsigned char trusted_world_pk_buf[PK_DER_LEN];
39 static unsigned char non_trusted_world_pk_buf[PK_DER_LEN];
40 static unsigned char content_pk_buf[PK_DER_LEN];
41 static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN];
42 static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN];
43 static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN];
44
45 /*
46 * Parameter type descriptors
47 */
48 static auth_param_type_desc_t trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
49 AUTH_PARAM_NV_CTR, TRUSTED_FW_NVCOUNTER_OID);
50 static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
51 AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID);
52
53 static auth_param_type_desc_t subject_pk = AUTH_PARAM_TYPE_DESC(
54 AUTH_PARAM_PUB_KEY, 0);
55 static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC(
56 AUTH_PARAM_SIG, 0);
57 static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC(
58 AUTH_PARAM_SIG_ALG, 0);
59 static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC(
60 AUTH_PARAM_RAW_DATA, 0);
61
62 static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC(
63 AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID);
64 static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC(
65 AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID);
66
67 static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC(
68 AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID);
69 static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC(
70 AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID);
71 static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC(
72 AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID);
73 static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC(
74 AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID);
75
76 static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC(
77 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID);
78 static auth_param_type_desc_t tb_fw_config_hash = AUTH_PARAM_TYPE_DESC(
79 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_CONFIG_HASH_OID);
80 static auth_param_type_desc_t hw_config_hash = AUTH_PARAM_TYPE_DESC(
81 AUTH_PARAM_HASH, HW_CONFIG_HASH_OID);
82 static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC(
83 AUTH_PARAM_HASH, SCP_FW_HASH_OID);
84 static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
85 AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
86 static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC(
87 AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID);
88 static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
89 AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
90 static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC(
91 AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID);
92 static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC(
93 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID);
94 static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC(
95 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID);
96 static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
97 AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
98 static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC(
99 AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID);
100 static auth_param_type_desc_t scp_bl2u_hash = AUTH_PARAM_TYPE_DESC(
101 AUTH_PARAM_HASH, SCP_FWU_CFG_HASH_OID);
102 static auth_param_type_desc_t bl2u_hash = AUTH_PARAM_TYPE_DESC(
103 AUTH_PARAM_HASH, AP_FWU_CFG_HASH_OID);
104 static auth_param_type_desc_t ns_bl2u_hash = AUTH_PARAM_TYPE_DESC(
105 AUTH_PARAM_HASH, FWU_HASH_OID);
106
107 /*
108 * TBBR Chain of trust definition
109 */
110 static const auth_img_desc_t cot_desc[] = {
111 /*
112 * BL2
113 */
114 [TRUSTED_BOOT_FW_CERT_ID] = {
115 .img_id = TRUSTED_BOOT_FW_CERT_ID,
116 .img_type = IMG_CERT,
117 .parent = NULL,
118 .img_auth_methods = {
119 [0] = {
120 .type = AUTH_METHOD_SIG,
121 .param.sig = {
122 .pk = &subject_pk,
123 .sig = &sig,
124 .alg = &sig_alg,
125 .data = &raw_data,
126 }
127 },
128 [1] = {
129 .type = AUTH_METHOD_NV_CTR,
130 .param.nv_ctr = {
131 .cert_nv_ctr = &trusted_nv_ctr,
132 .plat_nv_ctr = &trusted_nv_ctr
133 }
134 }
135 },
136 .authenticated_data = {
137 [0] = {
138 .type_desc = &tb_fw_hash,
139 .data = {
140 .ptr = (void *)tb_fw_hash_buf,
141 .len = (unsigned int)HASH_DER_LEN
142 }
143 },
144 [1] = {
145 .type_desc = &tb_fw_config_hash,
146 .data = {
147 .ptr = (void *)tb_fw_config_hash_buf,
148 .len = (unsigned int)HASH_DER_LEN
149 }
150 },
151 [2] = {
152 .type_desc = &hw_config_hash,
153 .data = {
154 .ptr = (void *)hw_config_hash_buf,
155 .len = (unsigned int)HASH_DER_LEN
156 }
157 }
158 }
159 },
160 [BL2_IMAGE_ID] = {
161 .img_id = BL2_IMAGE_ID,
162 .img_type = IMG_RAW,
163 .parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
164 .img_auth_methods = {
165 [0] = {
166 .type = AUTH_METHOD_HASH,
167 .param.hash = {
168 .data = &raw_data,
169 .hash = &tb_fw_hash,
170 }
171 }
172 }
173 },
174 /* HW Config */
175 [HW_CONFIG_ID] = {
176 .img_id = HW_CONFIG_ID,
177 .img_type = IMG_RAW,
178 .parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
179 .img_auth_methods = {
180 [0] = {
181 .type = AUTH_METHOD_HASH,
182 .param.hash = {
183 .data = &raw_data,
184 .hash = &hw_config_hash,
185 }
186 }
187 }
188 },
189 /* TB FW Config */
190 [TB_FW_CONFIG_ID] = {
191 .img_id = TB_FW_CONFIG_ID,
192 .img_type = IMG_RAW,
193 .parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
194 .img_auth_methods = {
195 [0] = {
196 .type = AUTH_METHOD_HASH,
197 .param.hash = {
198 .data = &raw_data,
199 .hash = &tb_fw_config_hash,
200 }
201 }
202 }
203 },
204 /*
205 * Trusted key certificate
206 */
207 [TRUSTED_KEY_CERT_ID] = {
208 .img_id = TRUSTED_KEY_CERT_ID,
209 .img_type = IMG_CERT,
210 .parent = NULL,
211 .img_auth_methods = {
212 [0] = {
213 .type = AUTH_METHOD_SIG,
214 .param.sig = {
215 .pk = &subject_pk,
216 .sig = &sig,
217 .alg = &sig_alg,
218 .data = &raw_data,
219 }
220 },
221 [1] = {
222 .type = AUTH_METHOD_NV_CTR,
223 .param.nv_ctr = {
224 .cert_nv_ctr = &trusted_nv_ctr,
225 .plat_nv_ctr = &trusted_nv_ctr
226 }
227 }
228 },
229 .authenticated_data = {
230 [0] = {
231 .type_desc = &trusted_world_pk,
232 .data = {
233 .ptr = (void *)trusted_world_pk_buf,
234 .len = (unsigned int)PK_DER_LEN
235 }
236 },
237 [1] = {
238 .type_desc = &non_trusted_world_pk,
239 .data = {
240 .ptr = (void *)non_trusted_world_pk_buf,
241 .len = (unsigned int)PK_DER_LEN
242 }
243 }
244 }
245 },
246 /*
247 * SCP Firmware
248 */
249 [SCP_FW_KEY_CERT_ID] = {
250 .img_id = SCP_FW_KEY_CERT_ID,
251 .img_type = IMG_CERT,
252 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
253 .img_auth_methods = {
254 [0] = {
255 .type = AUTH_METHOD_SIG,
256 .param.sig = {
257 .pk = &trusted_world_pk,
258 .sig = &sig,
259 .alg = &sig_alg,
260 .data = &raw_data,
261 }
262 },
263 [1] = {
264 .type = AUTH_METHOD_NV_CTR,
265 .param.nv_ctr = {
266 .cert_nv_ctr = &trusted_nv_ctr,
267 .plat_nv_ctr = &trusted_nv_ctr
268 }
269 }
270 },
271 .authenticated_data = {
272 [0] = {
273 .type_desc = &scp_fw_content_pk,
274 .data = {
275 .ptr = (void *)content_pk_buf,
276 .len = (unsigned int)PK_DER_LEN
277 }
278 }
279 }
280 },
281 [SCP_FW_CONTENT_CERT_ID] = {
282 .img_id = SCP_FW_CONTENT_CERT_ID,
283 .img_type = IMG_CERT,
284 .parent = &cot_desc[SCP_FW_KEY_CERT_ID],
285 .img_auth_methods = {
286 [0] = {
287 .type = AUTH_METHOD_SIG,
288 .param.sig = {
289 .pk = &scp_fw_content_pk,
290 .sig = &sig,
291 .alg = &sig_alg,
292 .data = &raw_data,
293 }
294 },
295 [1] = {
296 .type = AUTH_METHOD_NV_CTR,
297 .param.nv_ctr = {
298 .cert_nv_ctr = &trusted_nv_ctr,
299 .plat_nv_ctr = &trusted_nv_ctr
300 }
301 }
302 },
303 .authenticated_data = {
304 [0] = {
305 .type_desc = &scp_fw_hash,
306 .data = {
307 .ptr = (void *)scp_fw_hash_buf,
308 .len = (unsigned int)HASH_DER_LEN
309 }
310 }
311 }
312 },
313 [SCP_BL2_IMAGE_ID] = {
314 .img_id = SCP_BL2_IMAGE_ID,
315 .img_type = IMG_RAW,
316 .parent = &cot_desc[SCP_FW_CONTENT_CERT_ID],
317 .img_auth_methods = {
318 [0] = {
319 .type = AUTH_METHOD_HASH,
320 .param.hash = {
321 .data = &raw_data,
322 .hash = &scp_fw_hash,
323 }
324 }
325 }
326 },
327 /*
328 * SoC Firmware
329 */
330 [SOC_FW_KEY_CERT_ID] = {
331 .img_id = SOC_FW_KEY_CERT_ID,
332 .img_type = IMG_CERT,
333 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
334 .img_auth_methods = {
335 [0] = {
336 .type = AUTH_METHOD_SIG,
337 .param.sig = {
338 .pk = &trusted_world_pk,
339 .sig = &sig,
340 .alg = &sig_alg,
341 .data = &raw_data,
342 }
343 },
344 [1] = {
345 .type = AUTH_METHOD_NV_CTR,
346 .param.nv_ctr = {
347 .cert_nv_ctr = &trusted_nv_ctr,
348 .plat_nv_ctr = &trusted_nv_ctr
349 }
350 }
351 },
352 .authenticated_data = {
353 [0] = {
354 .type_desc = &soc_fw_content_pk,
355 .data = {
356 .ptr = (void *)content_pk_buf,
357 .len = (unsigned int)PK_DER_LEN
358 }
359 }
360 }
361 },
362 [SOC_FW_CONTENT_CERT_ID] = {
363 .img_id = SOC_FW_CONTENT_CERT_ID,
364 .img_type = IMG_CERT,
365 .parent = &cot_desc[SOC_FW_KEY_CERT_ID],
366 .img_auth_methods = {
367 [0] = {
368 .type = AUTH_METHOD_SIG,
369 .param.sig = {
370 .pk = &soc_fw_content_pk,
371 .sig = &sig,
372 .alg = &sig_alg,
373 .data = &raw_data,
374 }
375 },
376 [1] = {
377 .type = AUTH_METHOD_NV_CTR,
378 .param.nv_ctr = {
379 .cert_nv_ctr = &trusted_nv_ctr,
380 .plat_nv_ctr = &trusted_nv_ctr
381 }
382 }
383 },
384 .authenticated_data = {
385 [0] = {
386 .type_desc = &soc_fw_hash,
387 .data = {
388 .ptr = (void *)soc_fw_hash_buf,
389 .len = (unsigned int)HASH_DER_LEN
390 }
391 },
392 [1] = {
393 .type_desc = &soc_fw_config_hash,
394 .data = {
395 .ptr = (void *)soc_fw_config_hash_buf,
396 .len = (unsigned int)HASH_DER_LEN
397 }
398 }
399 }
400 },
401 [BL31_IMAGE_ID] = {
402 .img_id = BL31_IMAGE_ID,
403 .img_type = IMG_RAW,
404 .parent = &cot_desc[SOC_FW_CONTENT_CERT_ID],
405 .img_auth_methods = {
406 [0] = {
407 .type = AUTH_METHOD_HASH,
408 .param.hash = {
409 .data = &raw_data,
410 .hash = &soc_fw_hash,
411 }
412 }
413 }
414 },
415 /* SOC FW Config */
416 [SOC_FW_CONFIG_ID] = {
417 .img_id = SOC_FW_CONFIG_ID,
418 .img_type = IMG_RAW,
419 .parent = &cot_desc[SOC_FW_CONTENT_CERT_ID],
420 .img_auth_methods = {
421 [0] = {
422 .type = AUTH_METHOD_HASH,
423 .param.hash = {
424 .data = &raw_data,
425 .hash = &soc_fw_config_hash,
426 }
427 }
428 }
429 },
430 /*
431 * Trusted OS Firmware
432 */
433 [TRUSTED_OS_FW_KEY_CERT_ID] = {
434 .img_id = TRUSTED_OS_FW_KEY_CERT_ID,
435 .img_type = IMG_CERT,
436 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
437 .img_auth_methods = {
438 [0] = {
439 .type = AUTH_METHOD_SIG,
440 .param.sig = {
441 .pk = &trusted_world_pk,
442 .sig = &sig,
443 .alg = &sig_alg,
444 .data = &raw_data,
445 }
446 },
447 [1] = {
448 .type = AUTH_METHOD_NV_CTR,
449 .param.nv_ctr = {
450 .cert_nv_ctr = &trusted_nv_ctr,
451 .plat_nv_ctr = &trusted_nv_ctr
452 }
453 }
454 },
455 .authenticated_data = {
456 [0] = {
457 .type_desc = &tos_fw_content_pk,
458 .data = {
459 .ptr = (void *)content_pk_buf,
460 .len = (unsigned int)PK_DER_LEN
461 }
462 }
463 }
464 },
465 [TRUSTED_OS_FW_CONTENT_CERT_ID] = {
466 .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
467 .img_type = IMG_CERT,
468 .parent = &cot_desc[TRUSTED_OS_FW_KEY_CERT_ID],
469 .img_auth_methods = {
470 [0] = {
471 .type = AUTH_METHOD_SIG,
472 .param.sig = {
473 .pk = &tos_fw_content_pk,
474 .sig = &sig,
475 .alg = &sig_alg,
476 .data = &raw_data,
477 }
478 },
479 [1] = {
480 .type = AUTH_METHOD_NV_CTR,
481 .param.nv_ctr = {
482 .cert_nv_ctr = &trusted_nv_ctr,
483 .plat_nv_ctr = &trusted_nv_ctr
484 }
485 }
486 },
487 .authenticated_data = {
488 [0] = {
489 .type_desc = &tos_fw_hash,
490 .data = {
491 .ptr = (void *)tos_fw_hash_buf,
492 .len = (unsigned int)HASH_DER_LEN
493 }
494 },
495 [1] = {
496 .type_desc = &tos_fw_extra1_hash,
497 .data = {
498 .ptr = (void *)tos_fw_extra1_hash_buf,
499 .len = (unsigned int)HASH_DER_LEN
500 }
501 },
502 [2] = {
503 .type_desc = &tos_fw_extra2_hash,
504 .data = {
505 .ptr = (void *)tos_fw_extra2_hash_buf,
506 .len = (unsigned int)HASH_DER_LEN
507 }
508 },
509 [3] = {
510 .type_desc = &tos_fw_config_hash,
511 .data = {
512 .ptr = (void *)tos_fw_config_hash_buf,
513 .len = (unsigned int)HASH_DER_LEN
514 }
515 }
516 }
517 },
518 [BL32_IMAGE_ID] = {
519 .img_id = BL32_IMAGE_ID,
520 .img_type = IMG_RAW,
521 .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
522 .img_auth_methods = {
523 [0] = {
524 .type = AUTH_METHOD_HASH,
525 .param.hash = {
526 .data = &raw_data,
527 .hash = &tos_fw_hash,
528 }
529 }
530 }
531 },
532 [BL32_EXTRA1_IMAGE_ID] = {
533 .img_id = BL32_EXTRA1_IMAGE_ID,
534 .img_type = IMG_RAW,
535 .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
536 .img_auth_methods = {
537 [0] = {
538 .type = AUTH_METHOD_HASH,
539 .param.hash = {
540 .data = &raw_data,
541 .hash = &tos_fw_extra1_hash,
542 }
543 }
544 }
545 },
546 [BL32_EXTRA2_IMAGE_ID] = {
547 .img_id = BL32_EXTRA2_IMAGE_ID,
548 .img_type = IMG_RAW,
549 .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
550 .img_auth_methods = {
551 [0] = {
552 .type = AUTH_METHOD_HASH,
553 .param.hash = {
554 .data = &raw_data,
555 .hash = &tos_fw_extra2_hash,
556 }
557 }
558 }
559 },
560 /* TOS FW Config */
561 [TOS_FW_CONFIG_ID] = {
562 .img_id = TOS_FW_CONFIG_ID,
563 .img_type = IMG_RAW,
564 .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
565 .img_auth_methods = {
566 [0] = {
567 .type = AUTH_METHOD_HASH,
568 .param.hash = {
569 .data = &raw_data,
570 .hash = &tos_fw_config_hash,
571 }
572 }
573 }
574 },
575 /*
576 * Non-Trusted Firmware
577 */
578 [NON_TRUSTED_FW_KEY_CERT_ID] = {
579 .img_id = NON_TRUSTED_FW_KEY_CERT_ID,
580 .img_type = IMG_CERT,
581 .parent = &cot_desc[TRUSTED_KEY_CERT_ID],
582 .img_auth_methods = {
583 [0] = {
584 .type = AUTH_METHOD_SIG,
585 .param.sig = {
586 .pk = &non_trusted_world_pk,
587 .sig = &sig,
588 .alg = &sig_alg,
589 .data = &raw_data,
590 }
591 },
592 [1] = {
593 .type = AUTH_METHOD_NV_CTR,
594 .param.nv_ctr = {
595 .cert_nv_ctr = &non_trusted_nv_ctr,
596 .plat_nv_ctr = &non_trusted_nv_ctr
597 }
598 }
599 },
600 .authenticated_data = {
601 [0] = {
602 .type_desc = &nt_fw_content_pk,
603 .data = {
604 .ptr = (void *)content_pk_buf,
605 .len = (unsigned int)PK_DER_LEN
606 }
607 }
608 }
609 },
610 [NON_TRUSTED_FW_CONTENT_CERT_ID] = {
611 .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
612 .img_type = IMG_CERT,
613 .parent = &cot_desc[NON_TRUSTED_FW_KEY_CERT_ID],
614 .img_auth_methods = {
615 [0] = {
616 .type = AUTH_METHOD_SIG,
617 .param.sig = {
618 .pk = &nt_fw_content_pk,
619 .sig = &sig,
620 .alg = &sig_alg,
621 .data = &raw_data,
622 }
623 },
624 [1] = {
625 .type = AUTH_METHOD_NV_CTR,
626 .param.nv_ctr = {
627 .cert_nv_ctr = &non_trusted_nv_ctr,
628 .plat_nv_ctr = &non_trusted_nv_ctr
629 }
630 }
631 },
632 .authenticated_data = {
633 [0] = {
634 .type_desc = &nt_world_bl_hash,
635 .data = {
636 .ptr = (void *)nt_world_bl_hash_buf,
637 .len = (unsigned int)HASH_DER_LEN
638 }
639 },
640 [1] = {
641 .type_desc = &nt_fw_config_hash,
642 .data = {
643 .ptr = (void *)nt_fw_config_hash_buf,
644 .len = (unsigned int)HASH_DER_LEN
645 }
646 }
647 }
648 },
649 [BL33_IMAGE_ID] = {
650 .img_id = BL33_IMAGE_ID,
651 .img_type = IMG_RAW,
652 .parent = &cot_desc[NON_TRUSTED_FW_CONTENT_CERT_ID],
653 .img_auth_methods = {
654 [0] = {
655 .type = AUTH_METHOD_HASH,
656 .param.hash = {
657 .data = &raw_data,
658 .hash = &nt_world_bl_hash,
659 }
660 }
661 }
662 },
663 /* NT FW Config */
664 [NT_FW_CONFIG_ID] = {
665 .img_id = NT_FW_CONFIG_ID,
666 .img_type = IMG_RAW,
667 .parent = &cot_desc[NON_TRUSTED_FW_CONTENT_CERT_ID],
668 .img_auth_methods = {
669 [0] = {
670 .type = AUTH_METHOD_HASH,
671 .param.hash = {
672 .data = &raw_data,
673 .hash = &nt_fw_config_hash,
674 }
675 }
676 }
677 },
678 /*
679 * FWU auth descriptor.
680 */
681 [FWU_CERT_ID] = {
682 .img_id = FWU_CERT_ID,
683 .img_type = IMG_CERT,
684 .parent = NULL,
685 .img_auth_methods = {
686 [0] = {
687 .type = AUTH_METHOD_SIG,
688 .param.sig = {
689 .pk = &subject_pk,
690 .sig = &sig,
691 .alg = &sig_alg,
692 .data = &raw_data,
693 }
694 }
695 },
696 .authenticated_data = {
697 [0] = {
698 .type_desc = &scp_bl2u_hash,
699 .data = {
700 .ptr = (void *)scp_fw_hash_buf,
701 .len = (unsigned int)HASH_DER_LEN
702 }
703 },
704 [1] = {
705 .type_desc = &bl2u_hash,
706 .data = {
707 .ptr = (void *)tb_fw_hash_buf,
708 .len = (unsigned int)HASH_DER_LEN
709 }
710 },
711 [2] = {
712 .type_desc = &ns_bl2u_hash,
713 .data = {
714 .ptr = (void *)nt_world_bl_hash_buf,
715 .len = (unsigned int)HASH_DER_LEN
716 }
717 }
718 }
719 },
720 /*
721 * SCP_BL2U
722 */
723 [SCP_BL2U_IMAGE_ID] = {
724 .img_id = SCP_BL2U_IMAGE_ID,
725 .img_type = IMG_RAW,
726 .parent = &cot_desc[FWU_CERT_ID],
727 .img_auth_methods = {
728 [0] = {
729 .type = AUTH_METHOD_HASH,
730 .param.hash = {
731 .data = &raw_data,
732 .hash = &scp_bl2u_hash,
733 }
734 }
735 }
736 },
737 /*
738 * BL2U
739 */
740 [BL2U_IMAGE_ID] = {
741 .img_id = BL2U_IMAGE_ID,
742 .img_type = IMG_RAW,
743 .parent = &cot_desc[FWU_CERT_ID],
744 .img_auth_methods = {
745 [0] = {
746 .type = AUTH_METHOD_HASH,
747 .param.hash = {
748 .data = &raw_data,
749 .hash = &bl2u_hash,
750 }
751 }
752 }
753 },
754 /*
755 * NS_BL2U
756 */
757 [NS_BL2U_IMAGE_ID] = {
758 .img_id = NS_BL2U_IMAGE_ID,
759 .img_type = IMG_RAW,
760 .parent = &cot_desc[FWU_CERT_ID],
761 .img_auth_methods = {
762 [0] = {
763 .type = AUTH_METHOD_HASH,
764 .param.hash = {
765 .data = &raw_data,
766 .hash = &ns_bl2u_hash,
767 }
768 }
769 }
770 }
771 };
772
773 /* Register the CoT in the authentication module */
774 REGISTER_COT(cot_desc);
Broadcom-s Trusted Firmware A