105799ae0SJuan Castillo /* 2*c0bfc88fSManish V Badarkhe * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved. 305799ae0SJuan Castillo * 482cb2c1aSdp-arm * SPDX-License-Identifier: BSD-3-Clause 505799ae0SJuan Castillo */ 605799ae0SJuan Castillo 705799ae0SJuan Castillo #include <assert.h> 805799ae0SJuan Castillo #include <stdint.h> 905799ae0SJuan Castillo #include <string.h> 1005799ae0SJuan Castillo 1109d40e0eSAntonio Nino Diaz #include <platform_def.h> 1209d40e0eSAntonio Nino Diaz 1309d40e0eSAntonio Nino Diaz #include <common/debug.h> 1409d40e0eSAntonio Nino Diaz #include <common/tbbr/cot_def.h> 1509d40e0eSAntonio Nino Diaz #include <drivers/auth/auth_common.h> 1609d40e0eSAntonio Nino Diaz #include <drivers/auth/auth_mod.h> 1709d40e0eSAntonio Nino Diaz #include <drivers/auth/crypto_mod.h> 1809d40e0eSAntonio Nino Diaz #include <drivers/auth/img_parser_mod.h> 19*c0bfc88fSManish V Badarkhe #include <drivers/fwu/fwu.h> 20ab1981dbSLouis Mayencourt #include <lib/fconf/fconf_tbbr_getter.h> 2109d40e0eSAntonio Nino Diaz #include <plat/common/platform.h> 2209d40e0eSAntonio Nino Diaz 2348279d52SJuan Castillo /* ASN.1 tags */ 2448279d52SJuan Castillo #define ASN1_INTEGER 0x02 2548279d52SJuan Castillo 2605799ae0SJuan Castillo #define return_if_error(rc) \ 2705799ae0SJuan Castillo do { \ 2805799ae0SJuan Castillo if (rc != 0) { \ 2905799ae0SJuan Castillo return rc; \ 3005799ae0SJuan Castillo } \ 3105799ae0SJuan Castillo } while (0) 3205799ae0SJuan Castillo 33d35dee23Sdp-arm #pragma weak plat_set_nv_ctr2 34d35dee23Sdp-arm 350b6377d1SJoel Hutton 3605799ae0SJuan Castillo static int cmp_auth_param_type_desc(const auth_param_type_desc_t *a, 3705799ae0SJuan Castillo const auth_param_type_desc_t *b) 3805799ae0SJuan Castillo { 3905799ae0SJuan Castillo if ((a->type == b->type) && (a->cookie == b->cookie)) { 4005799ae0SJuan Castillo return 0; 4105799ae0SJuan Castillo } 4205799ae0SJuan Castillo return 1; 4305799ae0SJuan Castillo } 4405799ae0SJuan Castillo 4505799ae0SJuan Castillo /* 4605799ae0SJuan Castillo * This function obtains the requested authentication parameter data from the 4705799ae0SJuan Castillo * information extracted from the parent image after its authentication. 4805799ae0SJuan Castillo */ 4905799ae0SJuan Castillo static int auth_get_param(const auth_param_type_desc_t *param_type_desc, 5005799ae0SJuan Castillo const auth_img_desc_t *img_desc, 5105799ae0SJuan Castillo void **param, unsigned int *len) 5205799ae0SJuan Castillo { 5305799ae0SJuan Castillo int i; 5405799ae0SJuan Castillo 5530070427SJoel Hutton if (img_desc->authenticated_data == NULL) 5630070427SJoel Hutton return 1; 5730070427SJoel Hutton 5805799ae0SJuan Castillo for (i = 0 ; i < COT_MAX_VERIFIED_PARAMS ; i++) { 5905799ae0SJuan Castillo if (0 == cmp_auth_param_type_desc(param_type_desc, 6005799ae0SJuan Castillo img_desc->authenticated_data[i].type_desc)) { 6105799ae0SJuan Castillo *param = img_desc->authenticated_data[i].data.ptr; 6205799ae0SJuan Castillo *len = img_desc->authenticated_data[i].data.len; 6305799ae0SJuan Castillo return 0; 6405799ae0SJuan Castillo } 6505799ae0SJuan Castillo } 6605799ae0SJuan Castillo 6705799ae0SJuan Castillo return 1; 6805799ae0SJuan Castillo } 6905799ae0SJuan Castillo 7005799ae0SJuan Castillo /* 7105799ae0SJuan Castillo * Authenticate an image by matching the data hash 7205799ae0SJuan Castillo * 7305799ae0SJuan Castillo * This function implements 'AUTH_METHOD_HASH'. To authenticate an image using 7405799ae0SJuan Castillo * this method, the image must contain: 7505799ae0SJuan Castillo * 7605799ae0SJuan Castillo * - The data to calculate the hash from 7705799ae0SJuan Castillo * 7805799ae0SJuan Castillo * The parent image must contain: 7905799ae0SJuan Castillo * 8005799ae0SJuan Castillo * - The hash to be matched with (including hash algorithm) 8105799ae0SJuan Castillo * 8205799ae0SJuan Castillo * For a successful authentication, both hashes must match. The function calls 8305799ae0SJuan Castillo * the crypto-module to check this matching. 8405799ae0SJuan Castillo * 8505799ae0SJuan Castillo * Parameters: 8605799ae0SJuan Castillo * param: parameters to perform the hash authentication 8705799ae0SJuan Castillo * img_desc: pointer to image descriptor so we can know the image type 8805799ae0SJuan Castillo * and parent image 8905799ae0SJuan Castillo * img: pointer to image in memory 9005799ae0SJuan Castillo * img_len: length of image (in bytes) 9105799ae0SJuan Castillo * 9205799ae0SJuan Castillo * Return: 9305799ae0SJuan Castillo * 0 = success, Otherwise = error 9405799ae0SJuan Castillo */ 9505799ae0SJuan Castillo static int auth_hash(const auth_method_param_hash_t *param, 9605799ae0SJuan Castillo const auth_img_desc_t *img_desc, 9705799ae0SJuan Castillo void *img, unsigned int img_len) 9805799ae0SJuan Castillo { 9905799ae0SJuan Castillo void *data_ptr, *hash_der_ptr; 10005799ae0SJuan Castillo unsigned int data_len, hash_der_len; 10105799ae0SJuan Castillo int rc = 0; 10205799ae0SJuan Castillo 10305799ae0SJuan Castillo /* Get the hash from the parent image. This hash will be DER encoded 10405799ae0SJuan Castillo * and contain the hash algorithm */ 10505799ae0SJuan Castillo rc = auth_get_param(param->hash, img_desc->parent, 10605799ae0SJuan Castillo &hash_der_ptr, &hash_der_len); 10705799ae0SJuan Castillo return_if_error(rc); 10805799ae0SJuan Castillo 10905799ae0SJuan Castillo /* Get the data to be hashed from the current image */ 11005799ae0SJuan Castillo rc = img_parser_get_auth_param(img_desc->img_type, param->data, 11105799ae0SJuan Castillo img, img_len, &data_ptr, &data_len); 11205799ae0SJuan Castillo return_if_error(rc); 11305799ae0SJuan Castillo 11405799ae0SJuan Castillo /* Ask the crypto module to verify this hash */ 11505799ae0SJuan Castillo rc = crypto_mod_verify_hash(data_ptr, data_len, 11605799ae0SJuan Castillo hash_der_ptr, hash_der_len); 11705799ae0SJuan Castillo 11805799ae0SJuan Castillo return rc; 11905799ae0SJuan Castillo } 12005799ae0SJuan Castillo 12105799ae0SJuan Castillo /* 12205799ae0SJuan Castillo * Authenticate by digital signature 12305799ae0SJuan Castillo * 12405799ae0SJuan Castillo * This function implements 'AUTH_METHOD_SIG'. To authenticate an image using 12505799ae0SJuan Castillo * this method, the image must contain: 12605799ae0SJuan Castillo * 12705799ae0SJuan Castillo * - Data to be signed 12805799ae0SJuan Castillo * - Signature 12905799ae0SJuan Castillo * - Signature algorithm 13005799ae0SJuan Castillo * 13105799ae0SJuan Castillo * We rely on the image parser module to extract this data from the image. 13205799ae0SJuan Castillo * The parent image must contain: 13305799ae0SJuan Castillo * 13405799ae0SJuan Castillo * - Public key (or a hash of it) 13505799ae0SJuan Castillo * 13605799ae0SJuan Castillo * If the parent image contains only a hash of the key, we will try to obtain 13705799ae0SJuan Castillo * the public key from the image itself (i.e. self-signed certificates). In that 13805799ae0SJuan Castillo * case, the signature verification is considered just an integrity check and 13905799ae0SJuan Castillo * the authentication is established by calculating the hash of the key and 14005799ae0SJuan Castillo * comparing it with the hash obtained from the parent. 14105799ae0SJuan Castillo * 14205799ae0SJuan Castillo * If the image has no parent (NULL), it means it has to be authenticated using 14305799ae0SJuan Castillo * the ROTPK stored in the platform. Again, this ROTPK could be the key itself 14405799ae0SJuan Castillo * or a hash of it. 14505799ae0SJuan Castillo * 14605799ae0SJuan Castillo * Return: 0 = success, Otherwise = error 14705799ae0SJuan Castillo */ 14805799ae0SJuan Castillo static int auth_signature(const auth_method_param_sig_t *param, 14905799ae0SJuan Castillo const auth_img_desc_t *img_desc, 15005799ae0SJuan Castillo void *img, unsigned int img_len) 15105799ae0SJuan Castillo { 15205799ae0SJuan Castillo void *data_ptr, *pk_ptr, *pk_hash_ptr, *sig_ptr, *sig_alg_ptr; 15305799ae0SJuan Castillo unsigned int data_len, pk_len, pk_hash_len, sig_len, sig_alg_len; 15405799ae0SJuan Castillo unsigned int flags = 0; 15505799ae0SJuan Castillo int rc = 0; 15605799ae0SJuan Castillo 15705799ae0SJuan Castillo /* Get the data to be signed from current image */ 15805799ae0SJuan Castillo rc = img_parser_get_auth_param(img_desc->img_type, param->data, 15905799ae0SJuan Castillo img, img_len, &data_ptr, &data_len); 16005799ae0SJuan Castillo return_if_error(rc); 16105799ae0SJuan Castillo 16205799ae0SJuan Castillo /* Get the signature from current image */ 16305799ae0SJuan Castillo rc = img_parser_get_auth_param(img_desc->img_type, param->sig, 16405799ae0SJuan Castillo img, img_len, &sig_ptr, &sig_len); 16505799ae0SJuan Castillo return_if_error(rc); 16605799ae0SJuan Castillo 16705799ae0SJuan Castillo /* Get the signature algorithm from current image */ 16805799ae0SJuan Castillo rc = img_parser_get_auth_param(img_desc->img_type, param->alg, 16905799ae0SJuan Castillo img, img_len, &sig_alg_ptr, &sig_alg_len); 17005799ae0SJuan Castillo return_if_error(rc); 17105799ae0SJuan Castillo 17205799ae0SJuan Castillo /* Get the public key from the parent. If there is no parent (NULL), 17305799ae0SJuan Castillo * the certificate has been signed with the ROTPK, so we have to get 17405799ae0SJuan Castillo * the PK from the platform */ 17505799ae0SJuan Castillo if (img_desc->parent) { 17605799ae0SJuan Castillo rc = auth_get_param(param->pk, img_desc->parent, 17705799ae0SJuan Castillo &pk_ptr, &pk_len); 17805799ae0SJuan Castillo } else { 17905799ae0SJuan Castillo rc = plat_get_rotpk_info(param->pk->cookie, &pk_ptr, &pk_len, 18005799ae0SJuan Castillo &flags); 18105799ae0SJuan Castillo } 18205799ae0SJuan Castillo return_if_error(rc); 18305799ae0SJuan Castillo 18404943d33SSoby Mathew if (flags & (ROTPK_IS_HASH | ROTPK_NOT_DEPLOYED)) { 18504943d33SSoby Mathew /* If the PK is a hash of the key or if the ROTPK is not 18604943d33SSoby Mathew deployed on the platform, retrieve the key from the image */ 18705799ae0SJuan Castillo pk_hash_ptr = pk_ptr; 18805799ae0SJuan Castillo pk_hash_len = pk_len; 18905799ae0SJuan Castillo rc = img_parser_get_auth_param(img_desc->img_type, 19005799ae0SJuan Castillo param->pk, img, img_len, 19105799ae0SJuan Castillo &pk_ptr, &pk_len); 19205799ae0SJuan Castillo return_if_error(rc); 19305799ae0SJuan Castillo 19405799ae0SJuan Castillo /* Ask the crypto module to verify the signature */ 19505799ae0SJuan Castillo rc = crypto_mod_verify_signature(data_ptr, data_len, 19605799ae0SJuan Castillo sig_ptr, sig_len, 19705799ae0SJuan Castillo sig_alg_ptr, sig_alg_len, 19805799ae0SJuan Castillo pk_ptr, pk_len); 19905799ae0SJuan Castillo return_if_error(rc); 20005799ae0SJuan Castillo 20104943d33SSoby Mathew if (flags & ROTPK_NOT_DEPLOYED) { 20204943d33SSoby Mathew NOTICE("ROTPK is not deployed on platform. " 20304943d33SSoby Mathew "Skipping ROTPK verification.\n"); 20404943d33SSoby Mathew } else { 20505799ae0SJuan Castillo /* Ask the crypto-module to verify the key hash */ 20605799ae0SJuan Castillo rc = crypto_mod_verify_hash(pk_ptr, pk_len, 20705799ae0SJuan Castillo pk_hash_ptr, pk_hash_len); 20804943d33SSoby Mathew } 20905799ae0SJuan Castillo } else { 21005799ae0SJuan Castillo /* Ask the crypto module to verify the signature */ 21105799ae0SJuan Castillo rc = crypto_mod_verify_signature(data_ptr, data_len, 21205799ae0SJuan Castillo sig_ptr, sig_len, 21305799ae0SJuan Castillo sig_alg_ptr, sig_alg_len, 21405799ae0SJuan Castillo pk_ptr, pk_len); 21505799ae0SJuan Castillo } 21605799ae0SJuan Castillo 21705799ae0SJuan Castillo return rc; 21805799ae0SJuan Castillo } 21905799ae0SJuan Castillo 22005799ae0SJuan Castillo /* 22148279d52SJuan Castillo * Authenticate by Non-Volatile counter 22248279d52SJuan Castillo * 22348279d52SJuan Castillo * To protect the system against rollback, the platform includes a non-volatile 22448279d52SJuan Castillo * counter whose value can only be increased. All certificates include a counter 22548279d52SJuan Castillo * value that should not be lower than the value stored in the platform. If the 226a2a5a945SManish V Badarkhe * value is larger, the counter in the platform must be updated to the new value 227a2a5a945SManish V Badarkhe * (provided it has been authenticated). 22848279d52SJuan Castillo * 22948279d52SJuan Castillo * Return: 0 = success, Otherwise = error 230a2a5a945SManish V Badarkhe * Returns additionally, 231a2a5a945SManish V Badarkhe * cert_nv_ctr -> NV counter value present in the certificate 232a2a5a945SManish V Badarkhe * need_nv_ctr_upgrade = 0 -> platform NV counter upgrade is not needed 233a2a5a945SManish V Badarkhe * need_nv_ctr_upgrade = 1 -> platform NV counter upgrade is needed 23448279d52SJuan Castillo */ 23548279d52SJuan Castillo static int auth_nvctr(const auth_method_param_nv_ctr_t *param, 23648279d52SJuan Castillo const auth_img_desc_t *img_desc, 237a2a5a945SManish V Badarkhe void *img, unsigned int img_len, 238a2a5a945SManish V Badarkhe unsigned int *cert_nv_ctr, 239a2a5a945SManish V Badarkhe bool *need_nv_ctr_upgrade) 24048279d52SJuan Castillo { 24148279d52SJuan Castillo char *p; 24248279d52SJuan Castillo void *data_ptr = NULL; 24348279d52SJuan Castillo unsigned int data_len, len, i; 244a2a5a945SManish V Badarkhe unsigned int plat_nv_ctr; 24548279d52SJuan Castillo int rc = 0; 246*c0bfc88fSManish V Badarkhe bool is_trial_run = false; 24748279d52SJuan Castillo 24848279d52SJuan Castillo /* Get the counter value from current image. The AM expects the IPM 24948279d52SJuan Castillo * to return the counter value as a DER encoded integer */ 25048279d52SJuan Castillo rc = img_parser_get_auth_param(img_desc->img_type, param->cert_nv_ctr, 25148279d52SJuan Castillo img, img_len, &data_ptr, &data_len); 25248279d52SJuan Castillo return_if_error(rc); 25348279d52SJuan Castillo 25448279d52SJuan Castillo /* Parse the DER encoded integer */ 25548279d52SJuan Castillo assert(data_ptr); 25648279d52SJuan Castillo p = (char *)data_ptr; 25748279d52SJuan Castillo if (*p != ASN1_INTEGER) { 25848279d52SJuan Castillo /* Invalid ASN.1 integer */ 25948279d52SJuan Castillo return 1; 26048279d52SJuan Castillo } 26148279d52SJuan Castillo p++; 26248279d52SJuan Castillo 26348279d52SJuan Castillo /* NV-counters are unsigned integers up to 32-bit */ 26448279d52SJuan Castillo len = (unsigned int)(*p & 0x7f); 26548279d52SJuan Castillo if ((*p & 0x80) || (len > 4)) { 26648279d52SJuan Castillo return 1; 26748279d52SJuan Castillo } 26848279d52SJuan Castillo p++; 26948279d52SJuan Castillo 27048279d52SJuan Castillo /* Check the number is not negative */ 27148279d52SJuan Castillo if (*p & 0x80) { 27248279d52SJuan Castillo return 1; 27348279d52SJuan Castillo } 27448279d52SJuan Castillo 27548279d52SJuan Castillo /* Convert to unsigned int. This code is for a little-endian CPU */ 276a2a5a945SManish V Badarkhe *cert_nv_ctr = 0; 27748279d52SJuan Castillo for (i = 0; i < len; i++) { 278a2a5a945SManish V Badarkhe *cert_nv_ctr = (*cert_nv_ctr << 8) | *p++; 27948279d52SJuan Castillo } 28048279d52SJuan Castillo 28148279d52SJuan Castillo /* Get the counter from the platform */ 28248279d52SJuan Castillo rc = plat_get_nv_ctr(param->plat_nv_ctr->cookie, &plat_nv_ctr); 28348279d52SJuan Castillo return_if_error(rc); 28448279d52SJuan Castillo 285a2a5a945SManish V Badarkhe if (*cert_nv_ctr < plat_nv_ctr) { 28648279d52SJuan Castillo /* Invalid NV-counter */ 28748279d52SJuan Castillo return 1; 288a2a5a945SManish V Badarkhe } else if (*cert_nv_ctr > plat_nv_ctr) { 289*c0bfc88fSManish V Badarkhe #if PSA_FWU_SUPPORT && IMAGE_BL2 290*c0bfc88fSManish V Badarkhe is_trial_run = fwu_is_trial_run_state(); 291*c0bfc88fSManish V Badarkhe #endif /* PSA_FWU_SUPPORT && IMAGE_BL2 */ 292*c0bfc88fSManish V Badarkhe *need_nv_ctr_upgrade = !is_trial_run; 29348279d52SJuan Castillo } 29448279d52SJuan Castillo 29548279d52SJuan Castillo return 0; 29648279d52SJuan Castillo } 29748279d52SJuan Castillo 298d35dee23Sdp-arm int plat_set_nv_ctr2(void *cookie, const auth_img_desc_t *img_desc __unused, 299d35dee23Sdp-arm unsigned int nv_ctr) 300d35dee23Sdp-arm { 301d35dee23Sdp-arm return plat_set_nv_ctr(cookie, nv_ctr); 302d35dee23Sdp-arm } 303d35dee23Sdp-arm 30448279d52SJuan Castillo /* 30505799ae0SJuan Castillo * Return the parent id in the output parameter '*parent_id' 30605799ae0SJuan Castillo * 30705799ae0SJuan Castillo * Return value: 30805799ae0SJuan Castillo * 0 = Image has parent, 1 = Image has no parent or parent is authenticated 30905799ae0SJuan Castillo */ 31005799ae0SJuan Castillo int auth_mod_get_parent_id(unsigned int img_id, unsigned int *parent_id) 31105799ae0SJuan Castillo { 31205799ae0SJuan Castillo const auth_img_desc_t *img_desc = NULL; 31305799ae0SJuan Castillo 31405799ae0SJuan Castillo assert(parent_id != NULL); 31505799ae0SJuan Castillo /* Get the image descriptor */ 316ab1981dbSLouis Mayencourt img_desc = FCONF_GET_PROPERTY(tbbr, cot, img_id); 31705799ae0SJuan Castillo 31805799ae0SJuan Castillo /* Check if the image has no parent (ROT) */ 31905799ae0SJuan Castillo if (img_desc->parent == NULL) { 32005799ae0SJuan Castillo *parent_id = 0; 32105799ae0SJuan Castillo return 1; 32205799ae0SJuan Castillo } 32305799ae0SJuan Castillo 32405799ae0SJuan Castillo /* Check if the parent has already been authenticated */ 32505799ae0SJuan Castillo if (auth_img_flags[img_desc->parent->img_id] & IMG_FLAG_AUTHENTICATED) { 32605799ae0SJuan Castillo *parent_id = 0; 32705799ae0SJuan Castillo return 1; 32805799ae0SJuan Castillo } 32905799ae0SJuan Castillo 33005799ae0SJuan Castillo *parent_id = img_desc->parent->img_id; 33105799ae0SJuan Castillo return 0; 33205799ae0SJuan Castillo } 33305799ae0SJuan Castillo 33405799ae0SJuan Castillo /* 33505799ae0SJuan Castillo * Initialize the different modules in the authentication framework 33605799ae0SJuan Castillo */ 33705799ae0SJuan Castillo void auth_mod_init(void) 33805799ae0SJuan Castillo { 33905799ae0SJuan Castillo /* Check we have a valid CoT registered */ 34005799ae0SJuan Castillo assert(cot_desc_ptr != NULL); 34105799ae0SJuan Castillo 34205799ae0SJuan Castillo /* Crypto module */ 34305799ae0SJuan Castillo crypto_mod_init(); 34405799ae0SJuan Castillo 34505799ae0SJuan Castillo /* Image parser module */ 34605799ae0SJuan Castillo img_parser_init(); 34705799ae0SJuan Castillo } 34805799ae0SJuan Castillo 34905799ae0SJuan Castillo /* 35005799ae0SJuan Castillo * Authenticate a certificate/image 35105799ae0SJuan Castillo * 35205799ae0SJuan Castillo * Return: 0 = success, Otherwise = error 35305799ae0SJuan Castillo */ 35405799ae0SJuan Castillo int auth_mod_verify_img(unsigned int img_id, 35505799ae0SJuan Castillo void *img_ptr, 35605799ae0SJuan Castillo unsigned int img_len) 35705799ae0SJuan Castillo { 35805799ae0SJuan Castillo const auth_img_desc_t *img_desc = NULL; 35905799ae0SJuan Castillo const auth_method_desc_t *auth_method = NULL; 36005799ae0SJuan Castillo void *param_ptr; 36105799ae0SJuan Castillo unsigned int param_len; 36205799ae0SJuan Castillo int rc, i; 363a2a5a945SManish V Badarkhe unsigned int cert_nv_ctr = 0; 364a2a5a945SManish V Badarkhe bool need_nv_ctr_upgrade = false; 365a2a5a945SManish V Badarkhe bool sig_auth_done = false; 366a2a5a945SManish V Badarkhe const auth_method_param_nv_ctr_t *nv_ctr_param = NULL; 36705799ae0SJuan Castillo 36805799ae0SJuan Castillo /* Get the image descriptor from the chain of trust */ 369ab1981dbSLouis Mayencourt img_desc = FCONF_GET_PROPERTY(tbbr, cot, img_id); 37005799ae0SJuan Castillo 37105799ae0SJuan Castillo /* Ask the parser to check the image integrity */ 37205799ae0SJuan Castillo rc = img_parser_check_integrity(img_desc->img_type, img_ptr, img_len); 37305799ae0SJuan Castillo return_if_error(rc); 37405799ae0SJuan Castillo 37505799ae0SJuan Castillo /* Authenticate the image using the methods indicated in the image 37605799ae0SJuan Castillo * descriptor. */ 37730070427SJoel Hutton if (img_desc->img_auth_methods == NULL) 37830070427SJoel Hutton return 1; 37905799ae0SJuan Castillo for (i = 0 ; i < AUTH_METHOD_NUM ; i++) { 38005799ae0SJuan Castillo auth_method = &img_desc->img_auth_methods[i]; 38105799ae0SJuan Castillo switch (auth_method->type) { 38205799ae0SJuan Castillo case AUTH_METHOD_NONE: 38305799ae0SJuan Castillo rc = 0; 38405799ae0SJuan Castillo break; 38505799ae0SJuan Castillo case AUTH_METHOD_HASH: 38605799ae0SJuan Castillo rc = auth_hash(&auth_method->param.hash, 38705799ae0SJuan Castillo img_desc, img_ptr, img_len); 38805799ae0SJuan Castillo break; 38905799ae0SJuan Castillo case AUTH_METHOD_SIG: 39005799ae0SJuan Castillo rc = auth_signature(&auth_method->param.sig, 39105799ae0SJuan Castillo img_desc, img_ptr, img_len); 392a2a5a945SManish V Badarkhe sig_auth_done = true; 39305799ae0SJuan Castillo break; 39448279d52SJuan Castillo case AUTH_METHOD_NV_CTR: 395a2a5a945SManish V Badarkhe nv_ctr_param = &auth_method->param.nv_ctr; 396a2a5a945SManish V Badarkhe rc = auth_nvctr(nv_ctr_param, 397a2a5a945SManish V Badarkhe img_desc, img_ptr, img_len, 398a2a5a945SManish V Badarkhe &cert_nv_ctr, &need_nv_ctr_upgrade); 39948279d52SJuan Castillo break; 40005799ae0SJuan Castillo default: 40105799ae0SJuan Castillo /* Unknown authentication method */ 40205799ae0SJuan Castillo rc = 1; 40305799ae0SJuan Castillo break; 40405799ae0SJuan Castillo } 40505799ae0SJuan Castillo return_if_error(rc); 40605799ae0SJuan Castillo } 40705799ae0SJuan Castillo 408a2a5a945SManish V Badarkhe /* 409a2a5a945SManish V Badarkhe * Do platform NV counter upgrade only if the certificate gets 410a2a5a945SManish V Badarkhe * authenticated, and platform NV-counter upgrade is needed. 411a2a5a945SManish V Badarkhe */ 412a2a5a945SManish V Badarkhe if (need_nv_ctr_upgrade && sig_auth_done) { 413a2a5a945SManish V Badarkhe rc = plat_set_nv_ctr2(nv_ctr_param->plat_nv_ctr->cookie, 414a2a5a945SManish V Badarkhe img_desc, cert_nv_ctr); 415a2a5a945SManish V Badarkhe return_if_error(rc); 416a2a5a945SManish V Badarkhe } 417a2a5a945SManish V Badarkhe 41805799ae0SJuan Castillo /* Extract the parameters indicated in the image descriptor to 41905799ae0SJuan Castillo * authenticate the children images. */ 42030070427SJoel Hutton if (img_desc->authenticated_data != NULL) { 42105799ae0SJuan Castillo for (i = 0 ; i < COT_MAX_VERIFIED_PARAMS ; i++) { 42205799ae0SJuan Castillo if (img_desc->authenticated_data[i].type_desc == NULL) { 42305799ae0SJuan Castillo continue; 42405799ae0SJuan Castillo } 42505799ae0SJuan Castillo 42605799ae0SJuan Castillo /* Get the parameter from the image parser module */ 42705799ae0SJuan Castillo rc = img_parser_get_auth_param(img_desc->img_type, 42805799ae0SJuan Castillo img_desc->authenticated_data[i].type_desc, 42905799ae0SJuan Castillo img_ptr, img_len, ¶m_ptr, ¶m_len); 43005799ae0SJuan Castillo return_if_error(rc); 43105799ae0SJuan Castillo 43205799ae0SJuan Castillo /* Check parameter size */ 43305799ae0SJuan Castillo if (param_len > img_desc->authenticated_data[i].data.len) { 43405799ae0SJuan Castillo return 1; 43505799ae0SJuan Castillo } 43605799ae0SJuan Castillo 43705799ae0SJuan Castillo /* Copy the parameter for later use */ 43805799ae0SJuan Castillo memcpy((void *)img_desc->authenticated_data[i].data.ptr, 43905799ae0SJuan Castillo (void *)param_ptr, param_len); 44005799ae0SJuan Castillo } 44130070427SJoel Hutton } 44205799ae0SJuan Castillo 44305799ae0SJuan Castillo /* Mark image as authenticated */ 44405799ae0SJuan Castillo auth_img_flags[img_desc->img_id] |= IMG_FLAG_AUTHENTICATED; 44505799ae0SJuan Castillo 44605799ae0SJuan Castillo return 0; 44705799ae0SJuan Castillo } 448