105799ae0SJuan Castillo /* 20aa0b3afSManish V Badarkhe * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved. 305799ae0SJuan Castillo * 482cb2c1aSdp-arm * SPDX-License-Identifier: BSD-3-Clause 505799ae0SJuan Castillo */ 605799ae0SJuan Castillo 705799ae0SJuan Castillo #include <assert.h> 805799ae0SJuan Castillo #include <stdint.h> 905799ae0SJuan Castillo #include <string.h> 1005799ae0SJuan Castillo 1109d40e0eSAntonio Nino Diaz #include <platform_def.h> 1209d40e0eSAntonio Nino Diaz 1309d40e0eSAntonio Nino Diaz #include <common/debug.h> 1409d40e0eSAntonio Nino Diaz #include <common/tbbr/cot_def.h> 1509d40e0eSAntonio Nino Diaz #include <drivers/auth/auth_common.h> 1609d40e0eSAntonio Nino Diaz #include <drivers/auth/auth_mod.h> 1709d40e0eSAntonio Nino Diaz #include <drivers/auth/crypto_mod.h> 1809d40e0eSAntonio Nino Diaz #include <drivers/auth/img_parser_mod.h> 19c0bfc88fSManish V Badarkhe #include <drivers/fwu/fwu.h> 20ab1981dbSLouis Mayencourt #include <lib/fconf/fconf_tbbr_getter.h> 2109d40e0eSAntonio Nino Diaz #include <plat/common/platform.h> 2209d40e0eSAntonio Nino Diaz 2348279d52SJuan Castillo /* ASN.1 tags */ 2448279d52SJuan Castillo #define ASN1_INTEGER 0x02 2548279d52SJuan Castillo 2605799ae0SJuan Castillo #define return_if_error(rc) \ 2705799ae0SJuan Castillo do { \ 2805799ae0SJuan Castillo if (rc != 0) { \ 2905799ae0SJuan Castillo return rc; \ 3005799ae0SJuan Castillo } \ 3105799ae0SJuan Castillo } while (0) 3205799ae0SJuan Castillo 33d35dee23Sdp-arm #pragma weak plat_set_nv_ctr2 34*40f9f644SNicolas Toromanoff #pragma weak plat_convert_pk 35d35dee23Sdp-arm 360b6377d1SJoel Hutton 3705799ae0SJuan Castillo static int cmp_auth_param_type_desc(const auth_param_type_desc_t *a, 3805799ae0SJuan Castillo const auth_param_type_desc_t *b) 3905799ae0SJuan Castillo { 4005799ae0SJuan Castillo if ((a->type == b->type) && (a->cookie == b->cookie)) { 4105799ae0SJuan Castillo return 0; 4205799ae0SJuan Castillo } 4305799ae0SJuan Castillo return 1; 4405799ae0SJuan Castillo } 4505799ae0SJuan Castillo 4605799ae0SJuan Castillo /* 4705799ae0SJuan Castillo * This function obtains the requested authentication parameter data from the 4805799ae0SJuan Castillo * information extracted from the parent image after its authentication. 4905799ae0SJuan Castillo */ 5005799ae0SJuan Castillo static int auth_get_param(const auth_param_type_desc_t *param_type_desc, 5105799ae0SJuan Castillo const auth_img_desc_t *img_desc, 5205799ae0SJuan Castillo void **param, unsigned int *len) 5305799ae0SJuan Castillo { 5405799ae0SJuan Castillo int i; 5505799ae0SJuan Castillo 5630070427SJoel Hutton if (img_desc->authenticated_data == NULL) 5730070427SJoel Hutton return 1; 5830070427SJoel Hutton 5905799ae0SJuan Castillo for (i = 0 ; i < COT_MAX_VERIFIED_PARAMS ; i++) { 6005799ae0SJuan Castillo if (0 == cmp_auth_param_type_desc(param_type_desc, 6105799ae0SJuan Castillo img_desc->authenticated_data[i].type_desc)) { 6205799ae0SJuan Castillo *param = img_desc->authenticated_data[i].data.ptr; 6305799ae0SJuan Castillo *len = img_desc->authenticated_data[i].data.len; 6405799ae0SJuan Castillo return 0; 6505799ae0SJuan Castillo } 6605799ae0SJuan Castillo } 6705799ae0SJuan Castillo 6805799ae0SJuan Castillo return 1; 6905799ae0SJuan Castillo } 7005799ae0SJuan Castillo 7105799ae0SJuan Castillo /* 7205799ae0SJuan Castillo * Authenticate an image by matching the data hash 7305799ae0SJuan Castillo * 7405799ae0SJuan Castillo * This function implements 'AUTH_METHOD_HASH'. To authenticate an image using 7505799ae0SJuan Castillo * this method, the image must contain: 7605799ae0SJuan Castillo * 7705799ae0SJuan Castillo * - The data to calculate the hash from 7805799ae0SJuan Castillo * 7905799ae0SJuan Castillo * The parent image must contain: 8005799ae0SJuan Castillo * 8105799ae0SJuan Castillo * - The hash to be matched with (including hash algorithm) 8205799ae0SJuan Castillo * 8305799ae0SJuan Castillo * For a successful authentication, both hashes must match. The function calls 8405799ae0SJuan Castillo * the crypto-module to check this matching. 8505799ae0SJuan Castillo * 8605799ae0SJuan Castillo * Parameters: 8705799ae0SJuan Castillo * param: parameters to perform the hash authentication 8805799ae0SJuan Castillo * img_desc: pointer to image descriptor so we can know the image type 8905799ae0SJuan Castillo * and parent image 9005799ae0SJuan Castillo * img: pointer to image in memory 9105799ae0SJuan Castillo * img_len: length of image (in bytes) 9205799ae0SJuan Castillo * 9305799ae0SJuan Castillo * Return: 9405799ae0SJuan Castillo * 0 = success, Otherwise = error 9505799ae0SJuan Castillo */ 9605799ae0SJuan Castillo static int auth_hash(const auth_method_param_hash_t *param, 9705799ae0SJuan Castillo const auth_img_desc_t *img_desc, 9805799ae0SJuan Castillo void *img, unsigned int img_len) 9905799ae0SJuan Castillo { 10005799ae0SJuan Castillo void *data_ptr, *hash_der_ptr; 10105799ae0SJuan Castillo unsigned int data_len, hash_der_len; 10205799ae0SJuan Castillo int rc = 0; 10305799ae0SJuan Castillo 10405799ae0SJuan Castillo /* Get the hash from the parent image. This hash will be DER encoded 10505799ae0SJuan Castillo * and contain the hash algorithm */ 10605799ae0SJuan Castillo rc = auth_get_param(param->hash, img_desc->parent, 10705799ae0SJuan Castillo &hash_der_ptr, &hash_der_len); 10805799ae0SJuan Castillo return_if_error(rc); 10905799ae0SJuan Castillo 11005799ae0SJuan Castillo /* Get the data to be hashed from the current image */ 11105799ae0SJuan Castillo rc = img_parser_get_auth_param(img_desc->img_type, param->data, 11205799ae0SJuan Castillo img, img_len, &data_ptr, &data_len); 11305799ae0SJuan Castillo return_if_error(rc); 11405799ae0SJuan Castillo 11505799ae0SJuan Castillo /* Ask the crypto module to verify this hash */ 11605799ae0SJuan Castillo rc = crypto_mod_verify_hash(data_ptr, data_len, 11705799ae0SJuan Castillo hash_der_ptr, hash_der_len); 11805799ae0SJuan Castillo 11905799ae0SJuan Castillo return rc; 12005799ae0SJuan Castillo } 12105799ae0SJuan Castillo 12205799ae0SJuan Castillo /* 12305799ae0SJuan Castillo * Authenticate by digital signature 12405799ae0SJuan Castillo * 12505799ae0SJuan Castillo * This function implements 'AUTH_METHOD_SIG'. To authenticate an image using 12605799ae0SJuan Castillo * this method, the image must contain: 12705799ae0SJuan Castillo * 12805799ae0SJuan Castillo * - Data to be signed 12905799ae0SJuan Castillo * - Signature 13005799ae0SJuan Castillo * - Signature algorithm 13105799ae0SJuan Castillo * 13205799ae0SJuan Castillo * We rely on the image parser module to extract this data from the image. 13305799ae0SJuan Castillo * The parent image must contain: 13405799ae0SJuan Castillo * 13505799ae0SJuan Castillo * - Public key (or a hash of it) 13605799ae0SJuan Castillo * 13705799ae0SJuan Castillo * If the parent image contains only a hash of the key, we will try to obtain 13805799ae0SJuan Castillo * the public key from the image itself (i.e. self-signed certificates). In that 13905799ae0SJuan Castillo * case, the signature verification is considered just an integrity check and 14005799ae0SJuan Castillo * the authentication is established by calculating the hash of the key and 14105799ae0SJuan Castillo * comparing it with the hash obtained from the parent. 14205799ae0SJuan Castillo * 14305799ae0SJuan Castillo * If the image has no parent (NULL), it means it has to be authenticated using 14405799ae0SJuan Castillo * the ROTPK stored in the platform. Again, this ROTPK could be the key itself 14505799ae0SJuan Castillo * or a hash of it. 14605799ae0SJuan Castillo * 14705799ae0SJuan Castillo * Return: 0 = success, Otherwise = error 14805799ae0SJuan Castillo */ 14905799ae0SJuan Castillo static int auth_signature(const auth_method_param_sig_t *param, 15005799ae0SJuan Castillo const auth_img_desc_t *img_desc, 15105799ae0SJuan Castillo void *img, unsigned int img_len) 15205799ae0SJuan Castillo { 15305799ae0SJuan Castillo void *data_ptr, *pk_ptr, *pk_hash_ptr, *sig_ptr, *sig_alg_ptr; 15405799ae0SJuan Castillo unsigned int data_len, pk_len, pk_hash_len, sig_len, sig_alg_len; 15505799ae0SJuan Castillo unsigned int flags = 0; 15605799ae0SJuan Castillo int rc = 0; 15705799ae0SJuan Castillo 15805799ae0SJuan Castillo /* Get the data to be signed from current image */ 15905799ae0SJuan Castillo rc = img_parser_get_auth_param(img_desc->img_type, param->data, 16005799ae0SJuan Castillo img, img_len, &data_ptr, &data_len); 16105799ae0SJuan Castillo return_if_error(rc); 16205799ae0SJuan Castillo 16305799ae0SJuan Castillo /* Get the signature from current image */ 16405799ae0SJuan Castillo rc = img_parser_get_auth_param(img_desc->img_type, param->sig, 16505799ae0SJuan Castillo img, img_len, &sig_ptr, &sig_len); 16605799ae0SJuan Castillo return_if_error(rc); 16705799ae0SJuan Castillo 16805799ae0SJuan Castillo /* Get the signature algorithm from current image */ 16905799ae0SJuan Castillo rc = img_parser_get_auth_param(img_desc->img_type, param->alg, 17005799ae0SJuan Castillo img, img_len, &sig_alg_ptr, &sig_alg_len); 17105799ae0SJuan Castillo return_if_error(rc); 17205799ae0SJuan Castillo 17305799ae0SJuan Castillo /* Get the public key from the parent. If there is no parent (NULL), 17405799ae0SJuan Castillo * the certificate has been signed with the ROTPK, so we have to get 17505799ae0SJuan Castillo * the PK from the platform */ 17605799ae0SJuan Castillo if (img_desc->parent) { 17705799ae0SJuan Castillo rc = auth_get_param(param->pk, img_desc->parent, 17805799ae0SJuan Castillo &pk_ptr, &pk_len); 17905799ae0SJuan Castillo } else { 18005799ae0SJuan Castillo rc = plat_get_rotpk_info(param->pk->cookie, &pk_ptr, &pk_len, 18105799ae0SJuan Castillo &flags); 18205799ae0SJuan Castillo } 18305799ae0SJuan Castillo return_if_error(rc); 18405799ae0SJuan Castillo 18504943d33SSoby Mathew if (flags & (ROTPK_IS_HASH | ROTPK_NOT_DEPLOYED)) { 18604943d33SSoby Mathew /* If the PK is a hash of the key or if the ROTPK is not 18704943d33SSoby Mathew deployed on the platform, retrieve the key from the image */ 18805799ae0SJuan Castillo pk_hash_ptr = pk_ptr; 18905799ae0SJuan Castillo pk_hash_len = pk_len; 19005799ae0SJuan Castillo rc = img_parser_get_auth_param(img_desc->img_type, 19105799ae0SJuan Castillo param->pk, img, img_len, 19205799ae0SJuan Castillo &pk_ptr, &pk_len); 19305799ae0SJuan Castillo return_if_error(rc); 19405799ae0SJuan Castillo 19505799ae0SJuan Castillo /* Ask the crypto module to verify the signature */ 19605799ae0SJuan Castillo rc = crypto_mod_verify_signature(data_ptr, data_len, 19705799ae0SJuan Castillo sig_ptr, sig_len, 19805799ae0SJuan Castillo sig_alg_ptr, sig_alg_len, 19905799ae0SJuan Castillo pk_ptr, pk_len); 20005799ae0SJuan Castillo return_if_error(rc); 20105799ae0SJuan Castillo 20204943d33SSoby Mathew if (flags & ROTPK_NOT_DEPLOYED) { 20304943d33SSoby Mathew NOTICE("ROTPK is not deployed on platform. " 20404943d33SSoby Mathew "Skipping ROTPK verification.\n"); 20504943d33SSoby Mathew } else { 206*40f9f644SNicolas Toromanoff /* platform may store the hash of a prefixed, suffixed or modified pk */ 207*40f9f644SNicolas Toromanoff rc = plat_convert_pk(pk_ptr, pk_len, &pk_ptr, &pk_len); 208*40f9f644SNicolas Toromanoff return_if_error(rc); 209*40f9f644SNicolas Toromanoff 21005799ae0SJuan Castillo /* Ask the crypto-module to verify the key hash */ 21105799ae0SJuan Castillo rc = crypto_mod_verify_hash(pk_ptr, pk_len, 21205799ae0SJuan Castillo pk_hash_ptr, pk_hash_len); 21304943d33SSoby Mathew } 21405799ae0SJuan Castillo } else { 21505799ae0SJuan Castillo /* Ask the crypto module to verify the signature */ 21605799ae0SJuan Castillo rc = crypto_mod_verify_signature(data_ptr, data_len, 21705799ae0SJuan Castillo sig_ptr, sig_len, 21805799ae0SJuan Castillo sig_alg_ptr, sig_alg_len, 21905799ae0SJuan Castillo pk_ptr, pk_len); 22005799ae0SJuan Castillo } 22105799ae0SJuan Castillo 22205799ae0SJuan Castillo return rc; 22305799ae0SJuan Castillo } 22405799ae0SJuan Castillo 22505799ae0SJuan Castillo /* 22648279d52SJuan Castillo * Authenticate by Non-Volatile counter 22748279d52SJuan Castillo * 22848279d52SJuan Castillo * To protect the system against rollback, the platform includes a non-volatile 22948279d52SJuan Castillo * counter whose value can only be increased. All certificates include a counter 23048279d52SJuan Castillo * value that should not be lower than the value stored in the platform. If the 231a2a5a945SManish V Badarkhe * value is larger, the counter in the platform must be updated to the new value 232a2a5a945SManish V Badarkhe * (provided it has been authenticated). 23348279d52SJuan Castillo * 23448279d52SJuan Castillo * Return: 0 = success, Otherwise = error 235a2a5a945SManish V Badarkhe * Returns additionally, 236a2a5a945SManish V Badarkhe * cert_nv_ctr -> NV counter value present in the certificate 237a2a5a945SManish V Badarkhe * need_nv_ctr_upgrade = 0 -> platform NV counter upgrade is not needed 238a2a5a945SManish V Badarkhe * need_nv_ctr_upgrade = 1 -> platform NV counter upgrade is needed 23948279d52SJuan Castillo */ 24048279d52SJuan Castillo static int auth_nvctr(const auth_method_param_nv_ctr_t *param, 24148279d52SJuan Castillo const auth_img_desc_t *img_desc, 242a2a5a945SManish V Badarkhe void *img, unsigned int img_len, 243a2a5a945SManish V Badarkhe unsigned int *cert_nv_ctr, 244a2a5a945SManish V Badarkhe bool *need_nv_ctr_upgrade) 24548279d52SJuan Castillo { 24648279d52SJuan Castillo char *p; 24748279d52SJuan Castillo void *data_ptr = NULL; 24848279d52SJuan Castillo unsigned int data_len, len, i; 249a2a5a945SManish V Badarkhe unsigned int plat_nv_ctr; 25048279d52SJuan Castillo int rc = 0; 251c0bfc88fSManish V Badarkhe bool is_trial_run = false; 25248279d52SJuan Castillo 25348279d52SJuan Castillo /* Get the counter value from current image. The AM expects the IPM 25448279d52SJuan Castillo * to return the counter value as a DER encoded integer */ 25548279d52SJuan Castillo rc = img_parser_get_auth_param(img_desc->img_type, param->cert_nv_ctr, 25648279d52SJuan Castillo img, img_len, &data_ptr, &data_len); 25748279d52SJuan Castillo return_if_error(rc); 25848279d52SJuan Castillo 25948279d52SJuan Castillo /* Parse the DER encoded integer */ 26048279d52SJuan Castillo assert(data_ptr); 26148279d52SJuan Castillo p = (char *)data_ptr; 26248279d52SJuan Castillo if (*p != ASN1_INTEGER) { 26348279d52SJuan Castillo /* Invalid ASN.1 integer */ 26448279d52SJuan Castillo return 1; 26548279d52SJuan Castillo } 26648279d52SJuan Castillo p++; 26748279d52SJuan Castillo 26848279d52SJuan Castillo /* NV-counters are unsigned integers up to 32-bit */ 26948279d52SJuan Castillo len = (unsigned int)(*p & 0x7f); 27048279d52SJuan Castillo if ((*p & 0x80) || (len > 4)) { 27148279d52SJuan Castillo return 1; 27248279d52SJuan Castillo } 27348279d52SJuan Castillo p++; 27448279d52SJuan Castillo 27548279d52SJuan Castillo /* Check the number is not negative */ 27648279d52SJuan Castillo if (*p & 0x80) { 27748279d52SJuan Castillo return 1; 27848279d52SJuan Castillo } 27948279d52SJuan Castillo 28048279d52SJuan Castillo /* Convert to unsigned int. This code is for a little-endian CPU */ 281a2a5a945SManish V Badarkhe *cert_nv_ctr = 0; 28248279d52SJuan Castillo for (i = 0; i < len; i++) { 283a2a5a945SManish V Badarkhe *cert_nv_ctr = (*cert_nv_ctr << 8) | *p++; 28448279d52SJuan Castillo } 28548279d52SJuan Castillo 28648279d52SJuan Castillo /* Get the counter from the platform */ 28748279d52SJuan Castillo rc = plat_get_nv_ctr(param->plat_nv_ctr->cookie, &plat_nv_ctr); 28848279d52SJuan Castillo return_if_error(rc); 28948279d52SJuan Castillo 290a2a5a945SManish V Badarkhe if (*cert_nv_ctr < plat_nv_ctr) { 29148279d52SJuan Castillo /* Invalid NV-counter */ 29248279d52SJuan Castillo return 1; 293a2a5a945SManish V Badarkhe } else if (*cert_nv_ctr > plat_nv_ctr) { 294c0bfc88fSManish V Badarkhe #if PSA_FWU_SUPPORT && IMAGE_BL2 295c0bfc88fSManish V Badarkhe is_trial_run = fwu_is_trial_run_state(); 296c0bfc88fSManish V Badarkhe #endif /* PSA_FWU_SUPPORT && IMAGE_BL2 */ 297c0bfc88fSManish V Badarkhe *need_nv_ctr_upgrade = !is_trial_run; 29848279d52SJuan Castillo } 29948279d52SJuan Castillo 30048279d52SJuan Castillo return 0; 30148279d52SJuan Castillo } 30248279d52SJuan Castillo 303d35dee23Sdp-arm int plat_set_nv_ctr2(void *cookie, const auth_img_desc_t *img_desc __unused, 304d35dee23Sdp-arm unsigned int nv_ctr) 305d35dee23Sdp-arm { 306d35dee23Sdp-arm return plat_set_nv_ctr(cookie, nv_ctr); 307d35dee23Sdp-arm } 308d35dee23Sdp-arm 309*40f9f644SNicolas Toromanoff int plat_convert_pk(void *full_pk_ptr, unsigned int full_pk_len, 310*40f9f644SNicolas Toromanoff void **hashed_pk_ptr, unsigned int *hashed_pk_len) 311*40f9f644SNicolas Toromanoff { 312*40f9f644SNicolas Toromanoff *hashed_pk_ptr = full_pk_ptr; 313*40f9f644SNicolas Toromanoff *hashed_pk_len = full_pk_len; 314*40f9f644SNicolas Toromanoff 315*40f9f644SNicolas Toromanoff return 0; 316*40f9f644SNicolas Toromanoff } 317*40f9f644SNicolas Toromanoff 31848279d52SJuan Castillo /* 31905799ae0SJuan Castillo * Return the parent id in the output parameter '*parent_id' 32005799ae0SJuan Castillo * 32105799ae0SJuan Castillo * Return value: 32205799ae0SJuan Castillo * 0 = Image has parent, 1 = Image has no parent or parent is authenticated 32305799ae0SJuan Castillo */ 32405799ae0SJuan Castillo int auth_mod_get_parent_id(unsigned int img_id, unsigned int *parent_id) 32505799ae0SJuan Castillo { 32605799ae0SJuan Castillo const auth_img_desc_t *img_desc = NULL; 32705799ae0SJuan Castillo 32805799ae0SJuan Castillo assert(parent_id != NULL); 32905799ae0SJuan Castillo /* Get the image descriptor */ 330ab1981dbSLouis Mayencourt img_desc = FCONF_GET_PROPERTY(tbbr, cot, img_id); 33105799ae0SJuan Castillo 33205799ae0SJuan Castillo /* Check if the image has no parent (ROT) */ 33305799ae0SJuan Castillo if (img_desc->parent == NULL) { 33405799ae0SJuan Castillo *parent_id = 0; 33505799ae0SJuan Castillo return 1; 33605799ae0SJuan Castillo } 33705799ae0SJuan Castillo 33805799ae0SJuan Castillo /* Check if the parent has already been authenticated */ 33905799ae0SJuan Castillo if (auth_img_flags[img_desc->parent->img_id] & IMG_FLAG_AUTHENTICATED) { 34005799ae0SJuan Castillo *parent_id = 0; 34105799ae0SJuan Castillo return 1; 34205799ae0SJuan Castillo } 34305799ae0SJuan Castillo 34405799ae0SJuan Castillo *parent_id = img_desc->parent->img_id; 34505799ae0SJuan Castillo return 0; 34605799ae0SJuan Castillo } 34705799ae0SJuan Castillo 34805799ae0SJuan Castillo /* 34905799ae0SJuan Castillo * Initialize the different modules in the authentication framework 35005799ae0SJuan Castillo */ 35105799ae0SJuan Castillo void auth_mod_init(void) 35205799ae0SJuan Castillo { 35305799ae0SJuan Castillo /* Check we have a valid CoT registered */ 35405799ae0SJuan Castillo assert(cot_desc_ptr != NULL); 35505799ae0SJuan Castillo 35605799ae0SJuan Castillo /* Image parser module */ 35705799ae0SJuan Castillo img_parser_init(); 35805799ae0SJuan Castillo } 35905799ae0SJuan Castillo 36005799ae0SJuan Castillo /* 36105799ae0SJuan Castillo * Authenticate a certificate/image 36205799ae0SJuan Castillo * 36305799ae0SJuan Castillo * Return: 0 = success, Otherwise = error 36405799ae0SJuan Castillo */ 36505799ae0SJuan Castillo int auth_mod_verify_img(unsigned int img_id, 36605799ae0SJuan Castillo void *img_ptr, 36705799ae0SJuan Castillo unsigned int img_len) 36805799ae0SJuan Castillo { 36905799ae0SJuan Castillo const auth_img_desc_t *img_desc = NULL; 37005799ae0SJuan Castillo const auth_method_desc_t *auth_method = NULL; 37105799ae0SJuan Castillo void *param_ptr; 37205799ae0SJuan Castillo unsigned int param_len; 37305799ae0SJuan Castillo int rc, i; 374a2a5a945SManish V Badarkhe unsigned int cert_nv_ctr = 0; 375a2a5a945SManish V Badarkhe bool need_nv_ctr_upgrade = false; 376a2a5a945SManish V Badarkhe bool sig_auth_done = false; 377a2a5a945SManish V Badarkhe const auth_method_param_nv_ctr_t *nv_ctr_param = NULL; 37805799ae0SJuan Castillo 37905799ae0SJuan Castillo /* Get the image descriptor from the chain of trust */ 380ab1981dbSLouis Mayencourt img_desc = FCONF_GET_PROPERTY(tbbr, cot, img_id); 38105799ae0SJuan Castillo 38205799ae0SJuan Castillo /* Ask the parser to check the image integrity */ 38305799ae0SJuan Castillo rc = img_parser_check_integrity(img_desc->img_type, img_ptr, img_len); 38405799ae0SJuan Castillo return_if_error(rc); 38505799ae0SJuan Castillo 38605799ae0SJuan Castillo /* Authenticate the image using the methods indicated in the image 38705799ae0SJuan Castillo * descriptor. */ 38830070427SJoel Hutton if (img_desc->img_auth_methods == NULL) 38930070427SJoel Hutton return 1; 39005799ae0SJuan Castillo for (i = 0 ; i < AUTH_METHOD_NUM ; i++) { 39105799ae0SJuan Castillo auth_method = &img_desc->img_auth_methods[i]; 39205799ae0SJuan Castillo switch (auth_method->type) { 39305799ae0SJuan Castillo case AUTH_METHOD_NONE: 39405799ae0SJuan Castillo rc = 0; 39505799ae0SJuan Castillo break; 39605799ae0SJuan Castillo case AUTH_METHOD_HASH: 39705799ae0SJuan Castillo rc = auth_hash(&auth_method->param.hash, 39805799ae0SJuan Castillo img_desc, img_ptr, img_len); 39905799ae0SJuan Castillo break; 40005799ae0SJuan Castillo case AUTH_METHOD_SIG: 40105799ae0SJuan Castillo rc = auth_signature(&auth_method->param.sig, 40205799ae0SJuan Castillo img_desc, img_ptr, img_len); 403a2a5a945SManish V Badarkhe sig_auth_done = true; 40405799ae0SJuan Castillo break; 40548279d52SJuan Castillo case AUTH_METHOD_NV_CTR: 406a2a5a945SManish V Badarkhe nv_ctr_param = &auth_method->param.nv_ctr; 407a2a5a945SManish V Badarkhe rc = auth_nvctr(nv_ctr_param, 408a2a5a945SManish V Badarkhe img_desc, img_ptr, img_len, 409a2a5a945SManish V Badarkhe &cert_nv_ctr, &need_nv_ctr_upgrade); 41048279d52SJuan Castillo break; 41105799ae0SJuan Castillo default: 41205799ae0SJuan Castillo /* Unknown authentication method */ 41305799ae0SJuan Castillo rc = 1; 41405799ae0SJuan Castillo break; 41505799ae0SJuan Castillo } 41605799ae0SJuan Castillo return_if_error(rc); 41705799ae0SJuan Castillo } 41805799ae0SJuan Castillo 419a2a5a945SManish V Badarkhe /* 420a2a5a945SManish V Badarkhe * Do platform NV counter upgrade only if the certificate gets 421a2a5a945SManish V Badarkhe * authenticated, and platform NV-counter upgrade is needed. 422a2a5a945SManish V Badarkhe */ 423a2a5a945SManish V Badarkhe if (need_nv_ctr_upgrade && sig_auth_done) { 424a2a5a945SManish V Badarkhe rc = plat_set_nv_ctr2(nv_ctr_param->plat_nv_ctr->cookie, 425a2a5a945SManish V Badarkhe img_desc, cert_nv_ctr); 426a2a5a945SManish V Badarkhe return_if_error(rc); 427a2a5a945SManish V Badarkhe } 428a2a5a945SManish V Badarkhe 42905799ae0SJuan Castillo /* Extract the parameters indicated in the image descriptor to 43005799ae0SJuan Castillo * authenticate the children images. */ 43130070427SJoel Hutton if (img_desc->authenticated_data != NULL) { 43205799ae0SJuan Castillo for (i = 0 ; i < COT_MAX_VERIFIED_PARAMS ; i++) { 43305799ae0SJuan Castillo if (img_desc->authenticated_data[i].type_desc == NULL) { 43405799ae0SJuan Castillo continue; 43505799ae0SJuan Castillo } 43605799ae0SJuan Castillo 43705799ae0SJuan Castillo /* Get the parameter from the image parser module */ 43805799ae0SJuan Castillo rc = img_parser_get_auth_param(img_desc->img_type, 43905799ae0SJuan Castillo img_desc->authenticated_data[i].type_desc, 44005799ae0SJuan Castillo img_ptr, img_len, ¶m_ptr, ¶m_len); 44105799ae0SJuan Castillo return_if_error(rc); 44205799ae0SJuan Castillo 44305799ae0SJuan Castillo /* Check parameter size */ 44405799ae0SJuan Castillo if (param_len > img_desc->authenticated_data[i].data.len) { 44505799ae0SJuan Castillo return 1; 44605799ae0SJuan Castillo } 44705799ae0SJuan Castillo 44805799ae0SJuan Castillo /* Copy the parameter for later use */ 44905799ae0SJuan Castillo memcpy((void *)img_desc->authenticated_data[i].data.ptr, 45005799ae0SJuan Castillo (void *)param_ptr, param_len); 45105799ae0SJuan Castillo } 45230070427SJoel Hutton } 45305799ae0SJuan Castillo 45405799ae0SJuan Castillo /* Mark image as authenticated */ 45505799ae0SJuan Castillo auth_img_flags[img_desc->img_id] |= IMG_FLAG_AUTHENTICATED; 45605799ae0SJuan Castillo 45705799ae0SJuan Castillo return 0; 45805799ae0SJuan Castillo } 459