plat/common/tbbr/plat_tbbr.c

   1 /*
   2  * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved.
   3  *
   4  * SPDX-License-Identifier: BSD-3-Clause
   5  */
   6
   7 #include <assert.h>
   8 #include <string.h>
   9
  10 #include <drivers/auth/auth_mod.h>
  11 #include <plat/common/platform.h>
  12 #if USE_TBBR_DEFS
  13 #include <tools_share/tbbr_oid.h>
  14 #else
  15 #include <platform_oid.h>
  16 #endif
  17
  18 /*
  19  * Store a new non-volatile counter value. This implementation
  20  * only allows updating of the platform's Trusted NV counter when a
  21  * certificate protected by the Trusted NV counter is signed with
  22  * the ROT key. This avoids a compromised secondary certificate from
  23  * updating the platform's Trusted NV counter, which could lead to the
  24  * platform becoming unusable. The function is suitable for all TBBR
  25  * compliant platforms.
  26  *
  27  * Return: 0 = success, Otherwise = error
  28  */
  29 int plat_set_nv_ctr2(void *cookie, const auth_img_desc_t *img_desc,
  30                 unsigned int nv_ctr)
  31 {
  32         int trusted_nv_ctr;
  33
  34         assert(cookie != NULL);
  35         assert(img_desc != NULL);
  36
  37         trusted_nv_ctr = strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0;
  38
  39         /*
  40          * Only update the Trusted NV Counter if the certificate
  41          * has been signed with the ROT key. Non Trusted NV counter
  42          * updates are unconditional.
  43          */
  44         if (!trusted_nv_ctr || img_desc->parent == NULL)
  45                 return plat_set_nv_ctr(cookie, nv_ctr);
  46
  47         /*
  48          * Trusted certificates not signed with the ROT key are not
  49          * allowed to update the Trusted NV Counter.
  50          */
  51         return 1;
  52 }