1*35988193SPankaj Gupta /* 2*35988193SPankaj Gupta * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. 3*35988193SPankaj Gupta * 4*35988193SPankaj Gupta * Copyright 2020 NXP 5*35988193SPankaj Gupta * 6*35988193SPankaj Gupta * SPDX-License-Identifier: BSD-3-Clause 7*35988193SPankaj Gupta */ 8*35988193SPankaj Gupta 9*35988193SPankaj Gupta #include <stddef.h> 10*35988193SPankaj Gupta 11*35988193SPankaj Gupta #include <drivers/auth/auth_mod.h> 12*35988193SPankaj Gupta 13*35988193SPankaj Gupta #if USE_TBBR_DEFS 14*35988193SPankaj Gupta #include <tools_share/tbbr_oid.h> 15*35988193SPankaj Gupta #else 16*35988193SPankaj Gupta #include <platform_oid.h> 17*35988193SPankaj Gupta #endif 18*35988193SPankaj Gupta 19*35988193SPankaj Gupta 20*35988193SPankaj Gupta static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC( 21*35988193SPankaj Gupta AUTH_PARAM_SIG, 0); 22*35988193SPankaj Gupta static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC( 23*35988193SPankaj Gupta AUTH_PARAM_SIG_ALG, 0); 24*35988193SPankaj Gupta static auth_param_type_desc_t sig_hash = AUTH_PARAM_TYPE_DESC( 25*35988193SPankaj Gupta AUTH_PARAM_HASH, 0); 26*35988193SPankaj Gupta 27*35988193SPankaj Gupta static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC( 28*35988193SPankaj Gupta AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID); 29*35988193SPankaj Gupta 30*35988193SPankaj Gupta /* 31*35988193SPankaj Gupta * TBBR Chain of trust definition 32*35988193SPankaj Gupta */ 33*35988193SPankaj Gupta static const auth_img_desc_t bl31_image = { 34*35988193SPankaj Gupta .img_id = BL31_IMAGE_ID, 35*35988193SPankaj Gupta .img_type = IMG_PLAT, 36*35988193SPankaj Gupta .parent = NULL, 37*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 38*35988193SPankaj Gupta [0] = { 39*35988193SPankaj Gupta .type = AUTH_METHOD_SIG, 40*35988193SPankaj Gupta .param.sig = { 41*35988193SPankaj Gupta .pk = &non_trusted_world_pk, 42*35988193SPankaj Gupta .sig = &sig, 43*35988193SPankaj Gupta .alg = &sig_alg, 44*35988193SPankaj Gupta .data = &sig_hash 45*35988193SPankaj Gupta } 46*35988193SPankaj Gupta } 47*35988193SPankaj Gupta } 48*35988193SPankaj Gupta }; 49*35988193SPankaj Gupta static const auth_img_desc_t scp_bl2_image = { 50*35988193SPankaj Gupta .img_id = SCP_BL2_IMAGE_ID, 51*35988193SPankaj Gupta .img_type = IMG_PLAT, 52*35988193SPankaj Gupta .parent = NULL, 53*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 54*35988193SPankaj Gupta [0] = { 55*35988193SPankaj Gupta .type = AUTH_METHOD_SIG, 56*35988193SPankaj Gupta .param.sig = { 57*35988193SPankaj Gupta .pk = &non_trusted_world_pk, 58*35988193SPankaj Gupta .sig = &sig, 59*35988193SPankaj Gupta .alg = &sig_alg, 60*35988193SPankaj Gupta .data = &sig_hash 61*35988193SPankaj Gupta } 62*35988193SPankaj Gupta } 63*35988193SPankaj Gupta } 64*35988193SPankaj Gupta }; 65*35988193SPankaj Gupta static const auth_img_desc_t bl32_image = { 66*35988193SPankaj Gupta .img_id = BL32_IMAGE_ID, 67*35988193SPankaj Gupta .img_type = IMG_PLAT, 68*35988193SPankaj Gupta .parent = NULL, 69*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 70*35988193SPankaj Gupta [0] = { 71*35988193SPankaj Gupta .type = AUTH_METHOD_SIG, 72*35988193SPankaj Gupta .param.sig = { 73*35988193SPankaj Gupta .pk = &non_trusted_world_pk, 74*35988193SPankaj Gupta .sig = &sig, 75*35988193SPankaj Gupta .alg = &sig_alg, 76*35988193SPankaj Gupta .data = &sig_hash 77*35988193SPankaj Gupta } 78*35988193SPankaj Gupta } 79*35988193SPankaj Gupta } 80*35988193SPankaj Gupta }; 81*35988193SPankaj Gupta static const auth_img_desc_t bl33_image = { 82*35988193SPankaj Gupta .img_id = BL33_IMAGE_ID, 83*35988193SPankaj Gupta .img_type = IMG_PLAT, 84*35988193SPankaj Gupta .parent = NULL, 85*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 86*35988193SPankaj Gupta [0] = { 87*35988193SPankaj Gupta .type = AUTH_METHOD_SIG, 88*35988193SPankaj Gupta .param.sig = { 89*35988193SPankaj Gupta .pk = &non_trusted_world_pk, 90*35988193SPankaj Gupta .sig = &sig, 91*35988193SPankaj Gupta .alg = &sig_alg, 92*35988193SPankaj Gupta .data = &sig_hash 93*35988193SPankaj Gupta } 94*35988193SPankaj Gupta } 95*35988193SPankaj Gupta } 96*35988193SPankaj Gupta }; 97*35988193SPankaj Gupta #ifdef POLICY_FUSE_PROVISION 98*35988193SPankaj Gupta static const auth_img_desc_t fuse_prov_img = { 99*35988193SPankaj Gupta .img_id = FUSE_PROV_IMAGE_ID, 100*35988193SPankaj Gupta .img_type = IMG_PLAT, 101*35988193SPankaj Gupta .parent = NULL, 102*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 103*35988193SPankaj Gupta [0] = { 104*35988193SPankaj Gupta .type = AUTH_METHOD_SIG, 105*35988193SPankaj Gupta .param.sig = { 106*35988193SPankaj Gupta .pk = &non_trusted_world_pk, 107*35988193SPankaj Gupta .sig = &sig, 108*35988193SPankaj Gupta .alg = &sig_alg, 109*35988193SPankaj Gupta .data = &sig_hash 110*35988193SPankaj Gupta } 111*35988193SPankaj Gupta } 112*35988193SPankaj Gupta } 113*35988193SPankaj Gupta }; 114*35988193SPankaj Gupta static const auth_img_desc_t fuse_upgrade_img = { 115*35988193SPankaj Gupta .img_id = FUSE_UP_IMAGE_ID, 116*35988193SPankaj Gupta .img_type = IMG_PLAT, 117*35988193SPankaj Gupta .parent = NULL, 118*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 119*35988193SPankaj Gupta [0] = { 120*35988193SPankaj Gupta .type = AUTH_METHOD_SIG, 121*35988193SPankaj Gupta .param.sig = { 122*35988193SPankaj Gupta .pk = &non_trusted_world_pk, 123*35988193SPankaj Gupta .sig = &sig, 124*35988193SPankaj Gupta .alg = &sig_alg, 125*35988193SPankaj Gupta .data = &sig_hash 126*35988193SPankaj Gupta } 127*35988193SPankaj Gupta } 128*35988193SPankaj Gupta } 129*35988193SPankaj Gupta }; 130*35988193SPankaj Gupta #endif 131*35988193SPankaj Gupta #ifdef CONFIG_DDR_FIP_IMAGE 132*35988193SPankaj Gupta static const auth_img_desc_t ddr_imem_udimm_1d_img = { 133*35988193SPankaj Gupta .img_id = DDR_IMEM_UDIMM_1D_IMAGE_ID, 134*35988193SPankaj Gupta .img_type = IMG_PLAT, 135*35988193SPankaj Gupta .parent = NULL, 136*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 137*35988193SPankaj Gupta [0] = { 138*35988193SPankaj Gupta .type = AUTH_METHOD_SIG, 139*35988193SPankaj Gupta .param.sig = { 140*35988193SPankaj Gupta .pk = &non_trusted_world_pk, 141*35988193SPankaj Gupta .sig = &sig, 142*35988193SPankaj Gupta .alg = &sig_alg, 143*35988193SPankaj Gupta .data = &sig_hash 144*35988193SPankaj Gupta } 145*35988193SPankaj Gupta } 146*35988193SPankaj Gupta } 147*35988193SPankaj Gupta }; 148*35988193SPankaj Gupta static const auth_img_desc_t ddr_imem_udimm_2d_img = { 149*35988193SPankaj Gupta .img_id = DDR_IMEM_UDIMM_2D_IMAGE_ID, 150*35988193SPankaj Gupta .img_type = IMG_PLAT, 151*35988193SPankaj Gupta .parent = NULL, 152*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 153*35988193SPankaj Gupta [0] = { 154*35988193SPankaj Gupta .type = AUTH_METHOD_SIG, 155*35988193SPankaj Gupta .param.sig = { 156*35988193SPankaj Gupta .pk = &non_trusted_world_pk, 157*35988193SPankaj Gupta .sig = &sig, 158*35988193SPankaj Gupta .alg = &sig_alg, 159*35988193SPankaj Gupta .data = &sig_hash 160*35988193SPankaj Gupta } 161*35988193SPankaj Gupta } 162*35988193SPankaj Gupta } 163*35988193SPankaj Gupta }; 164*35988193SPankaj Gupta static const auth_img_desc_t ddr_dmem_udimm_1d_img = { 165*35988193SPankaj Gupta .img_id = DDR_DMEM_UDIMM_1D_IMAGE_ID, 166*35988193SPankaj Gupta .img_type = IMG_PLAT, 167*35988193SPankaj Gupta .parent = NULL, 168*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 169*35988193SPankaj Gupta [0] = { 170*35988193SPankaj Gupta .type = AUTH_METHOD_SIG, 171*35988193SPankaj Gupta .param.sig = { 172*35988193SPankaj Gupta .pk = &non_trusted_world_pk, 173*35988193SPankaj Gupta .sig = &sig, 174*35988193SPankaj Gupta .alg = &sig_alg, 175*35988193SPankaj Gupta .data = &sig_hash 176*35988193SPankaj Gupta } 177*35988193SPankaj Gupta } 178*35988193SPankaj Gupta } 179*35988193SPankaj Gupta }; 180*35988193SPankaj Gupta static const auth_img_desc_t ddr_dmem_udimm_2d_img = { 181*35988193SPankaj Gupta .img_id = DDR_DMEM_UDIMM_2D_IMAGE_ID, 182*35988193SPankaj Gupta .img_type = IMG_PLAT, 183*35988193SPankaj Gupta .parent = NULL, 184*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 185*35988193SPankaj Gupta [0] = { 186*35988193SPankaj Gupta .type = AUTH_METHOD_SIG, 187*35988193SPankaj Gupta .param.sig = { 188*35988193SPankaj Gupta .pk = &non_trusted_world_pk, 189*35988193SPankaj Gupta .sig = &sig, 190*35988193SPankaj Gupta .alg = &sig_alg, 191*35988193SPankaj Gupta .data = &sig_hash 192*35988193SPankaj Gupta } 193*35988193SPankaj Gupta } 194*35988193SPankaj Gupta } 195*35988193SPankaj Gupta }; 196*35988193SPankaj Gupta static const auth_img_desc_t ddr_imem_rdimm_1d_img = { 197*35988193SPankaj Gupta .img_id = DDR_IMEM_RDIMM_1D_IMAGE_ID, 198*35988193SPankaj Gupta .img_type = IMG_PLAT, 199*35988193SPankaj Gupta .parent = NULL, 200*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 201*35988193SPankaj Gupta [0] = { 202*35988193SPankaj Gupta .type = AUTH_METHOD_SIG, 203*35988193SPankaj Gupta .param.sig = { 204*35988193SPankaj Gupta .pk = &non_trusted_world_pk, 205*35988193SPankaj Gupta .sig = &sig, 206*35988193SPankaj Gupta .alg = &sig_alg, 207*35988193SPankaj Gupta .data = &sig_hash 208*35988193SPankaj Gupta } 209*35988193SPankaj Gupta } 210*35988193SPankaj Gupta } 211*35988193SPankaj Gupta }; 212*35988193SPankaj Gupta static const auth_img_desc_t ddr_imem_rdimm_2d_img = { 213*35988193SPankaj Gupta .img_id = DDR_IMEM_RDIMM_2D_IMAGE_ID, 214*35988193SPankaj Gupta .img_type = IMG_PLAT, 215*35988193SPankaj Gupta .parent = NULL, 216*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 217*35988193SPankaj Gupta [0] = { 218*35988193SPankaj Gupta .type = AUTH_METHOD_SIG, 219*35988193SPankaj Gupta .param.sig = { 220*35988193SPankaj Gupta .pk = &non_trusted_world_pk, 221*35988193SPankaj Gupta .sig = &sig, 222*35988193SPankaj Gupta .alg = &sig_alg, 223*35988193SPankaj Gupta .data = &sig_hash 224*35988193SPankaj Gupta } 225*35988193SPankaj Gupta } 226*35988193SPankaj Gupta } 227*35988193SPankaj Gupta }; 228*35988193SPankaj Gupta static const auth_img_desc_t ddr_dmem_rdimm_1d_img = { 229*35988193SPankaj Gupta .img_id = DDR_DMEM_RDIMM_1D_IMAGE_ID, 230*35988193SPankaj Gupta .img_type = IMG_PLAT, 231*35988193SPankaj Gupta .parent = NULL, 232*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 233*35988193SPankaj Gupta [0] = { 234*35988193SPankaj Gupta .type = AUTH_METHOD_SIG, 235*35988193SPankaj Gupta .param.sig = { 236*35988193SPankaj Gupta .pk = &non_trusted_world_pk, 237*35988193SPankaj Gupta .sig = &sig, 238*35988193SPankaj Gupta .alg = &sig_alg, 239*35988193SPankaj Gupta .data = &sig_hash 240*35988193SPankaj Gupta } 241*35988193SPankaj Gupta } 242*35988193SPankaj Gupta } 243*35988193SPankaj Gupta }; 244*35988193SPankaj Gupta static const auth_img_desc_t ddr_dmem_rdimm_2d_img = { 245*35988193SPankaj Gupta .img_id = DDR_DMEM_RDIMM_2D_IMAGE_ID, 246*35988193SPankaj Gupta .img_type = IMG_PLAT, 247*35988193SPankaj Gupta .parent = NULL, 248*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 249*35988193SPankaj Gupta [0] = { 250*35988193SPankaj Gupta .type = AUTH_METHOD_SIG, 251*35988193SPankaj Gupta .param.sig = { 252*35988193SPankaj Gupta .pk = &non_trusted_world_pk, 253*35988193SPankaj Gupta .sig = &sig, 254*35988193SPankaj Gupta .alg = &sig_alg, 255*35988193SPankaj Gupta .data = &sig_hash 256*35988193SPankaj Gupta } 257*35988193SPankaj Gupta } 258*35988193SPankaj Gupta } 259*35988193SPankaj Gupta }; 260*35988193SPankaj Gupta #endif 261*35988193SPankaj Gupta 262*35988193SPankaj Gupta static const auth_img_desc_t * const cot_desc[] = { 263*35988193SPankaj Gupta [BL31_IMAGE_ID] = &bl31_image, 264*35988193SPankaj Gupta [SCP_BL2_IMAGE_ID] = &scp_bl2_image, 265*35988193SPankaj Gupta [BL32_IMAGE_ID] = &bl32_image, 266*35988193SPankaj Gupta [BL33_IMAGE_ID] = &bl33_image, 267*35988193SPankaj Gupta #ifdef POLICY_FUSE_PROVISION 268*35988193SPankaj Gupta [FUSE_PROV_IMAGE_ID] = &fuse_prov_img, 269*35988193SPankaj Gupta [FUSE_UP_IMAGE_ID] = &fuse_upgrade_img, 270*35988193SPankaj Gupta #endif 271*35988193SPankaj Gupta #ifdef CONFIG_DDR_FIP_IMAGE 272*35988193SPankaj Gupta [DDR_IMEM_UDIMM_1D_IMAGE_ID] = &ddr_imem_udimm_1d_img, 273*35988193SPankaj Gupta [DDR_IMEM_UDIMM_2D_IMAGE_ID] = &ddr_imem_udimm_2d_img, 274*35988193SPankaj Gupta [DDR_DMEM_UDIMM_1D_IMAGE_ID] = &ddr_dmem_udimm_1d_img, 275*35988193SPankaj Gupta [DDR_DMEM_UDIMM_2D_IMAGE_ID] = &ddr_dmem_udimm_2d_img, 276*35988193SPankaj Gupta [DDR_IMEM_RDIMM_1D_IMAGE_ID] = &ddr_imem_rdimm_1d_img, 277*35988193SPankaj Gupta [DDR_IMEM_RDIMM_2D_IMAGE_ID] = &ddr_imem_rdimm_2d_img, 278*35988193SPankaj Gupta [DDR_DMEM_RDIMM_1D_IMAGE_ID] = &ddr_dmem_rdimm_1d_img, 279*35988193SPankaj Gupta [DDR_DMEM_RDIMM_2D_IMAGE_ID] = &ddr_dmem_rdimm_2d_img, 280*35988193SPankaj Gupta #endif 281*35988193SPankaj Gupta }; 282*35988193SPankaj Gupta 283*35988193SPankaj Gupta /* Register the CoT in the authentication module */ 284*35988193SPankaj Gupta REGISTER_COT(cot_desc); 285