1*ad43c49eSManish V Badarkhe /* 2*ad43c49eSManish V Badarkhe * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. 3*ad43c49eSManish V Badarkhe * 4*ad43c49eSManish V Badarkhe * SPDX-License-Identifier: BSD-3-Clause 5*ad43c49eSManish V Badarkhe */ 6*ad43c49eSManish V Badarkhe 7*ad43c49eSManish V Badarkhe #include <stddef.h> 8*ad43c49eSManish V Badarkhe 9*ad43c49eSManish V Badarkhe #include <platform_def.h> 10*ad43c49eSManish V Badarkhe #include <drivers/auth/mbedtls/mbedtls_config.h> 11*ad43c49eSManish V Badarkhe 12*ad43c49eSManish V Badarkhe #include <drivers/auth/auth_mod.h> 13*ad43c49eSManish V Badarkhe #include <drivers/auth/tbbr_cot_common.h> 14*ad43c49eSManish V Badarkhe #if USE_TBBR_DEFS 15*ad43c49eSManish V Badarkhe #include <tools_share/tbbr_oid.h> 16*ad43c49eSManish V Badarkhe #else 17*ad43c49eSManish V Badarkhe #include <platform_oid.h> 18*ad43c49eSManish V Badarkhe #endif 19*ad43c49eSManish V Badarkhe 20*ad43c49eSManish V Badarkhe /* 21*ad43c49eSManish V Badarkhe * The platform must allocate buffers to store the authentication parameters 22*ad43c49eSManish V Badarkhe * extracted from the certificates. In this case, because of the way the CoT is 23*ad43c49eSManish V Badarkhe * established, we can reuse some of the buffers on different stages 24*ad43c49eSManish V Badarkhe */ 25*ad43c49eSManish V Badarkhe 26*ad43c49eSManish V Badarkhe unsigned char tb_fw_hash_buf[HASH_DER_LEN]; 27*ad43c49eSManish V Badarkhe unsigned char tb_fw_config_hash_buf[HASH_DER_LEN]; 28*ad43c49eSManish V Badarkhe unsigned char hw_config_hash_buf[HASH_DER_LEN]; 29*ad43c49eSManish V Badarkhe unsigned char scp_fw_hash_buf[HASH_DER_LEN]; 30*ad43c49eSManish V Badarkhe unsigned char nt_world_bl_hash_buf[HASH_DER_LEN]; 31*ad43c49eSManish V Badarkhe 32*ad43c49eSManish V Badarkhe /* 33*ad43c49eSManish V Badarkhe * common Parameter type descriptors across BL1 and BL2 34*ad43c49eSManish V Badarkhe */ 35*ad43c49eSManish V Badarkhe auth_param_type_desc_t trusted_nv_ctr = AUTH_PARAM_TYPE_DESC( 36*ad43c49eSManish V Badarkhe AUTH_PARAM_NV_CTR, TRUSTED_FW_NVCOUNTER_OID); 37*ad43c49eSManish V Badarkhe auth_param_type_desc_t subject_pk = AUTH_PARAM_TYPE_DESC( 38*ad43c49eSManish V Badarkhe AUTH_PARAM_PUB_KEY, 0); 39*ad43c49eSManish V Badarkhe auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC( 40*ad43c49eSManish V Badarkhe AUTH_PARAM_SIG, 0); 41*ad43c49eSManish V Badarkhe auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC( 42*ad43c49eSManish V Badarkhe AUTH_PARAM_SIG_ALG, 0); 43*ad43c49eSManish V Badarkhe auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC( 44*ad43c49eSManish V Badarkhe AUTH_PARAM_RAW_DATA, 0); 45*ad43c49eSManish V Badarkhe 46*ad43c49eSManish V Badarkhe /* common hash used across BL1 and BL2 */ 47*ad43c49eSManish V Badarkhe auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC( 48*ad43c49eSManish V Badarkhe AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID); 49*ad43c49eSManish V Badarkhe auth_param_type_desc_t tb_fw_config_hash = AUTH_PARAM_TYPE_DESC( 50*ad43c49eSManish V Badarkhe AUTH_PARAM_HASH, TRUSTED_BOOT_FW_CONFIG_HASH_OID); 51*ad43c49eSManish V Badarkhe auth_param_type_desc_t hw_config_hash = AUTH_PARAM_TYPE_DESC( 52*ad43c49eSManish V Badarkhe AUTH_PARAM_HASH, HW_CONFIG_HASH_OID); 53*ad43c49eSManish V Badarkhe 54*ad43c49eSManish V Badarkhe /* trusted_boot_fw_cert */ 55*ad43c49eSManish V Badarkhe const auth_img_desc_t trusted_boot_fw_cert = { 56*ad43c49eSManish V Badarkhe .img_id = TRUSTED_BOOT_FW_CERT_ID, 57*ad43c49eSManish V Badarkhe .img_type = IMG_CERT, 58*ad43c49eSManish V Badarkhe .parent = NULL, 59*ad43c49eSManish V Badarkhe .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 60*ad43c49eSManish V Badarkhe [0] = { 61*ad43c49eSManish V Badarkhe .type = AUTH_METHOD_SIG, 62*ad43c49eSManish V Badarkhe .param.sig = { 63*ad43c49eSManish V Badarkhe .pk = &subject_pk, 64*ad43c49eSManish V Badarkhe .sig = &sig, 65*ad43c49eSManish V Badarkhe .alg = &sig_alg, 66*ad43c49eSManish V Badarkhe .data = &raw_data 67*ad43c49eSManish V Badarkhe } 68*ad43c49eSManish V Badarkhe }, 69*ad43c49eSManish V Badarkhe [1] = { 70*ad43c49eSManish V Badarkhe .type = AUTH_METHOD_NV_CTR, 71*ad43c49eSManish V Badarkhe .param.nv_ctr = { 72*ad43c49eSManish V Badarkhe .cert_nv_ctr = &trusted_nv_ctr, 73*ad43c49eSManish V Badarkhe .plat_nv_ctr = &trusted_nv_ctr 74*ad43c49eSManish V Badarkhe } 75*ad43c49eSManish V Badarkhe } 76*ad43c49eSManish V Badarkhe }, 77*ad43c49eSManish V Badarkhe .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 78*ad43c49eSManish V Badarkhe [0] = { 79*ad43c49eSManish V Badarkhe .type_desc = &tb_fw_hash, 80*ad43c49eSManish V Badarkhe .data = { 81*ad43c49eSManish V Badarkhe .ptr = (void *)tb_fw_hash_buf, 82*ad43c49eSManish V Badarkhe .len = (unsigned int)HASH_DER_LEN 83*ad43c49eSManish V Badarkhe } 84*ad43c49eSManish V Badarkhe }, 85*ad43c49eSManish V Badarkhe [1] = { 86*ad43c49eSManish V Badarkhe .type_desc = &tb_fw_config_hash, 87*ad43c49eSManish V Badarkhe .data = { 88*ad43c49eSManish V Badarkhe .ptr = (void *)tb_fw_config_hash_buf, 89*ad43c49eSManish V Badarkhe .len = (unsigned int)HASH_DER_LEN 90*ad43c49eSManish V Badarkhe } 91*ad43c49eSManish V Badarkhe }, 92*ad43c49eSManish V Badarkhe [2] = { 93*ad43c49eSManish V Badarkhe .type_desc = &hw_config_hash, 94*ad43c49eSManish V Badarkhe .data = { 95*ad43c49eSManish V Badarkhe .ptr = (void *)hw_config_hash_buf, 96*ad43c49eSManish V Badarkhe .len = (unsigned int)HASH_DER_LEN 97*ad43c49eSManish V Badarkhe } 98*ad43c49eSManish V Badarkhe } 99*ad43c49eSManish V Badarkhe } 100*ad43c49eSManish V Badarkhe }; 101*ad43c49eSManish V Badarkhe 102*ad43c49eSManish V Badarkhe /* HW Config */ 103*ad43c49eSManish V Badarkhe const auth_img_desc_t hw_config = { 104*ad43c49eSManish V Badarkhe .img_id = HW_CONFIG_ID, 105*ad43c49eSManish V Badarkhe .img_type = IMG_RAW, 106*ad43c49eSManish V Badarkhe .parent = &trusted_boot_fw_cert, 107*ad43c49eSManish V Badarkhe .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 108*ad43c49eSManish V Badarkhe [0] = { 109*ad43c49eSManish V Badarkhe .type = AUTH_METHOD_HASH, 110*ad43c49eSManish V Badarkhe .param.hash = { 111*ad43c49eSManish V Badarkhe .data = &raw_data, 112*ad43c49eSManish V Badarkhe .hash = &hw_config_hash 113*ad43c49eSManish V Badarkhe } 114*ad43c49eSManish V Badarkhe } 115*ad43c49eSManish V Badarkhe } 116*ad43c49eSManish V Badarkhe }; 117