1*35988193SPankaj Gupta /* 2*35988193SPankaj Gupta * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. 3*35988193SPankaj Gupta * 4*35988193SPankaj Gupta * Copyright 2020 NXP 5*35988193SPankaj Gupta * 6*35988193SPankaj Gupta * SPDX-License-Identifier: BSD-3-Clause 7*35988193SPankaj Gupta */ 8*35988193SPankaj Gupta 9*35988193SPankaj Gupta #include <stddef.h> 10*35988193SPankaj Gupta 11*35988193SPankaj Gupta #include <drivers/auth/auth_mod.h> 12*35988193SPankaj Gupta 13*35988193SPankaj Gupta #if USE_TBBR_DEFS 14*35988193SPankaj Gupta #include <tools_share/tbbr_oid.h> 15*35988193SPankaj Gupta #else 16*35988193SPankaj Gupta #include <platform_oid.h> 17*35988193SPankaj Gupta #endif 18*35988193SPankaj Gupta 19*35988193SPankaj Gupta 20*35988193SPankaj Gupta #if TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA256 21*35988193SPankaj Gupta #define HASH_DER_LEN 51 22*35988193SPankaj Gupta #elif TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA384 23*35988193SPankaj Gupta #define HASH_DER_LEN 67 24*35988193SPankaj Gupta #elif TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA512 25*35988193SPankaj Gupta #define HASH_DER_LEN 83 26*35988193SPankaj Gupta #else 27*35988193SPankaj Gupta #error "Invalid value for TF_MBEDTLS_HASH_ALG_ID" 28*35988193SPankaj Gupta #endif 29*35988193SPankaj Gupta 30*35988193SPankaj Gupta /* 31*35988193SPankaj Gupta * The platform must allocate buffers to store the authentication parameters 32*35988193SPankaj Gupta * extracted from the certificates. In this case, because of the way the CoT is 33*35988193SPankaj Gupta * established, we can reuse some of the buffers on different stages 34*35988193SPankaj Gupta */ 35*35988193SPankaj Gupta 36*35988193SPankaj Gupta static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN]; 37*35988193SPankaj Gupta 38*35988193SPankaj Gupta static unsigned char soc_fw_hash_buf[HASH_DER_LEN]; 39*35988193SPankaj Gupta static unsigned char tos_fw_hash_buf[HASH_DER_LEN]; 40*35988193SPankaj Gupta static unsigned char tos_fw_extra1_hash_buf[HASH_DER_LEN]; 41*35988193SPankaj Gupta static unsigned char tos_fw_extra2_hash_buf[HASH_DER_LEN]; 42*35988193SPankaj Gupta static unsigned char trusted_world_pk_buf[PK_DER_LEN]; 43*35988193SPankaj Gupta static unsigned char non_trusted_world_pk_buf[PK_DER_LEN]; 44*35988193SPankaj Gupta static unsigned char content_pk_buf[PK_DER_LEN]; 45*35988193SPankaj Gupta static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN]; 46*35988193SPankaj Gupta static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN]; 47*35988193SPankaj Gupta static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN]; 48*35988193SPankaj Gupta 49*35988193SPankaj Gupta #ifdef CONFIG_DDR_FIP_IMAGE 50*35988193SPankaj Gupta static unsigned char ddr_fw_content_pk_buf[PK_DER_LEN]; 51*35988193SPankaj Gupta static unsigned char ddr_imem_udimm_1d_hash_buf[HASH_DER_LEN]; 52*35988193SPankaj Gupta static unsigned char ddr_imem_udimm_2d_hash_buf[HASH_DER_LEN]; 53*35988193SPankaj Gupta static unsigned char ddr_dmem_udimm_1d_hash_buf[HASH_DER_LEN]; 54*35988193SPankaj Gupta static unsigned char ddr_dmem_udimm_2d_hash_buf[HASH_DER_LEN]; 55*35988193SPankaj Gupta 56*35988193SPankaj Gupta static unsigned char ddr_imem_rdimm_1d_hash_buf[HASH_DER_LEN]; 57*35988193SPankaj Gupta static unsigned char ddr_imem_rdimm_2d_hash_buf[HASH_DER_LEN]; 58*35988193SPankaj Gupta static unsigned char ddr_dmem_rdimm_1d_hash_buf[HASH_DER_LEN]; 59*35988193SPankaj Gupta static unsigned char ddr_dmem_rdimm_2d_hash_buf[HASH_DER_LEN]; 60*35988193SPankaj Gupta #endif 61*35988193SPankaj Gupta 62*35988193SPankaj Gupta /* 63*35988193SPankaj Gupta * Parameter type descriptors 64*35988193SPankaj Gupta */ 65*35988193SPankaj Gupta static auth_param_type_desc_t trusted_nv_ctr = AUTH_PARAM_TYPE_DESC( 66*35988193SPankaj Gupta AUTH_PARAM_NV_CTR, TRUSTED_FW_NVCOUNTER_OID); 67*35988193SPankaj Gupta 68*35988193SPankaj Gupta static auth_param_type_desc_t subject_pk = AUTH_PARAM_TYPE_DESC( 69*35988193SPankaj Gupta AUTH_PARAM_PUB_KEY, 0); 70*35988193SPankaj Gupta static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC( 71*35988193SPankaj Gupta AUTH_PARAM_SIG, 0); 72*35988193SPankaj Gupta static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC( 73*35988193SPankaj Gupta AUTH_PARAM_SIG_ALG, 0); 74*35988193SPankaj Gupta static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC( 75*35988193SPankaj Gupta AUTH_PARAM_RAW_DATA, 0); 76*35988193SPankaj Gupta 77*35988193SPankaj Gupta 78*35988193SPankaj Gupta static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC( 79*35988193SPankaj Gupta AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID); 80*35988193SPankaj Gupta static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC( 81*35988193SPankaj Gupta AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID); 82*35988193SPankaj Gupta static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC( 83*35988193SPankaj Gupta AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID); 84*35988193SPankaj Gupta static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC( 85*35988193SPankaj Gupta AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID); 86*35988193SPankaj Gupta static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC( 87*35988193SPankaj Gupta AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID); 88*35988193SPankaj Gupta static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC( 89*35988193SPankaj Gupta AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID); 90*35988193SPankaj Gupta static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC( 91*35988193SPankaj Gupta AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID); 92*35988193SPankaj Gupta static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC( 93*35988193SPankaj Gupta AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID); 94*35988193SPankaj Gupta static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC( 95*35988193SPankaj Gupta AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID); 96*35988193SPankaj Gupta static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC( 97*35988193SPankaj Gupta AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID); 98*35988193SPankaj Gupta static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC( 99*35988193SPankaj Gupta AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID); 100*35988193SPankaj Gupta static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC( 101*35988193SPankaj Gupta AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID); 102*35988193SPankaj Gupta static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC( 103*35988193SPankaj Gupta AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID); 104*35988193SPankaj Gupta static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC( 105*35988193SPankaj Gupta AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID); 106*35988193SPankaj Gupta 107*35988193SPankaj Gupta #ifdef CONFIG_DDR_FIP_IMAGE 108*35988193SPankaj Gupta static auth_param_type_desc_t ddr_fw_content_pk = AUTH_PARAM_TYPE_DESC( 109*35988193SPankaj Gupta AUTH_PARAM_PUB_KEY, DDR_FW_CONTENT_CERT_PK_OID); 110*35988193SPankaj Gupta 111*35988193SPankaj Gupta static auth_param_type_desc_t ddr_imem_udimm_1d_fw_hash = AUTH_PARAM_TYPE_DESC( 112*35988193SPankaj Gupta AUTH_PARAM_HASH, DDR_IMEM_UDIMM_1D_HASH_OID); 113*35988193SPankaj Gupta static auth_param_type_desc_t ddr_imem_udimm_2d_fw_hash = AUTH_PARAM_TYPE_DESC( 114*35988193SPankaj Gupta AUTH_PARAM_HASH, DDR_IMEM_UDIMM_2D_HASH_OID); 115*35988193SPankaj Gupta static auth_param_type_desc_t ddr_dmem_udimm_1d_fw_hash = AUTH_PARAM_TYPE_DESC( 116*35988193SPankaj Gupta AUTH_PARAM_HASH, DDR_DMEM_UDIMM_1D_HASH_OID); 117*35988193SPankaj Gupta static auth_param_type_desc_t ddr_dmem_udimm_2d_fw_hash = AUTH_PARAM_TYPE_DESC( 118*35988193SPankaj Gupta AUTH_PARAM_HASH, DDR_DMEM_UDIMM_2D_HASH_OID); 119*35988193SPankaj Gupta 120*35988193SPankaj Gupta static auth_param_type_desc_t ddr_imem_rdimm_1d_fw_hash = AUTH_PARAM_TYPE_DESC( 121*35988193SPankaj Gupta AUTH_PARAM_HASH, DDR_IMEM_RDIMM_1D_HASH_OID); 122*35988193SPankaj Gupta static auth_param_type_desc_t ddr_imem_rdimm_2d_fw_hash = AUTH_PARAM_TYPE_DESC( 123*35988193SPankaj Gupta AUTH_PARAM_HASH, DDR_IMEM_RDIMM_2D_HASH_OID); 124*35988193SPankaj Gupta static auth_param_type_desc_t ddr_dmem_rdimm_1d_fw_hash = AUTH_PARAM_TYPE_DESC( 125*35988193SPankaj Gupta AUTH_PARAM_HASH, DDR_DMEM_RDIMM_1D_HASH_OID); 126*35988193SPankaj Gupta static auth_param_type_desc_t ddr_dmem_rdimm_2d_fw_hash = AUTH_PARAM_TYPE_DESC( 127*35988193SPankaj Gupta AUTH_PARAM_HASH, DDR_DMEM_RDIMM_2D_HASH_OID); 128*35988193SPankaj Gupta #endif 129*35988193SPankaj Gupta 130*35988193SPankaj Gupta 131*35988193SPankaj Gupta /* 132*35988193SPankaj Gupta * Trusted key certificate 133*35988193SPankaj Gupta */ 134*35988193SPankaj Gupta static const auth_img_desc_t trusted_key_cert = { 135*35988193SPankaj Gupta .img_id = TRUSTED_KEY_CERT_ID, 136*35988193SPankaj Gupta .img_type = IMG_CERT, 137*35988193SPankaj Gupta .parent = NULL, 138*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 139*35988193SPankaj Gupta [0] = { 140*35988193SPankaj Gupta .type = AUTH_METHOD_SIG, 141*35988193SPankaj Gupta .param.sig = { 142*35988193SPankaj Gupta .pk = &subject_pk, 143*35988193SPankaj Gupta .sig = &sig, 144*35988193SPankaj Gupta .alg = &sig_alg, 145*35988193SPankaj Gupta .data = &raw_data 146*35988193SPankaj Gupta } 147*35988193SPankaj Gupta }, 148*35988193SPankaj Gupta [1] = { 149*35988193SPankaj Gupta .type = AUTH_METHOD_NV_CTR, 150*35988193SPankaj Gupta .param.nv_ctr = { 151*35988193SPankaj Gupta .cert_nv_ctr = &trusted_nv_ctr, 152*35988193SPankaj Gupta .plat_nv_ctr = &trusted_nv_ctr 153*35988193SPankaj Gupta } 154*35988193SPankaj Gupta } 155*35988193SPankaj Gupta }, 156*35988193SPankaj Gupta .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 157*35988193SPankaj Gupta [0] = { 158*35988193SPankaj Gupta .type_desc = &trusted_world_pk, 159*35988193SPankaj Gupta .data = { 160*35988193SPankaj Gupta .ptr = (void *)trusted_world_pk_buf, 161*35988193SPankaj Gupta .len = (unsigned int)PK_DER_LEN 162*35988193SPankaj Gupta } 163*35988193SPankaj Gupta }, 164*35988193SPankaj Gupta [1] = { 165*35988193SPankaj Gupta .type_desc = &non_trusted_world_pk, 166*35988193SPankaj Gupta .data = { 167*35988193SPankaj Gupta .ptr = (void *)non_trusted_world_pk_buf, 168*35988193SPankaj Gupta .len = (unsigned int)PK_DER_LEN 169*35988193SPankaj Gupta } 170*35988193SPankaj Gupta } 171*35988193SPankaj Gupta } 172*35988193SPankaj Gupta }; 173*35988193SPankaj Gupta 174*35988193SPankaj Gupta /* 175*35988193SPankaj Gupta * SoC Firmware 176*35988193SPankaj Gupta */ 177*35988193SPankaj Gupta static const auth_img_desc_t soc_fw_key_cert = { 178*35988193SPankaj Gupta .img_id = SOC_FW_KEY_CERT_ID, 179*35988193SPankaj Gupta .img_type = IMG_CERT, 180*35988193SPankaj Gupta .parent = &trusted_key_cert, 181*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 182*35988193SPankaj Gupta [0] = { 183*35988193SPankaj Gupta .type = AUTH_METHOD_SIG, 184*35988193SPankaj Gupta .param.sig = { 185*35988193SPankaj Gupta .pk = &trusted_world_pk, 186*35988193SPankaj Gupta .sig = &sig, 187*35988193SPankaj Gupta .alg = &sig_alg, 188*35988193SPankaj Gupta .data = &raw_data 189*35988193SPankaj Gupta } 190*35988193SPankaj Gupta }, 191*35988193SPankaj Gupta [1] = { 192*35988193SPankaj Gupta .type = AUTH_METHOD_NV_CTR, 193*35988193SPankaj Gupta .param.nv_ctr = { 194*35988193SPankaj Gupta .cert_nv_ctr = &trusted_nv_ctr, 195*35988193SPankaj Gupta .plat_nv_ctr = &trusted_nv_ctr 196*35988193SPankaj Gupta } 197*35988193SPankaj Gupta } 198*35988193SPankaj Gupta }, 199*35988193SPankaj Gupta .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 200*35988193SPankaj Gupta [0] = { 201*35988193SPankaj Gupta .type_desc = &soc_fw_content_pk, 202*35988193SPankaj Gupta .data = { 203*35988193SPankaj Gupta .ptr = (void *)content_pk_buf, 204*35988193SPankaj Gupta .len = (unsigned int)PK_DER_LEN 205*35988193SPankaj Gupta } 206*35988193SPankaj Gupta } 207*35988193SPankaj Gupta } 208*35988193SPankaj Gupta }; 209*35988193SPankaj Gupta static const auth_img_desc_t soc_fw_content_cert = { 210*35988193SPankaj Gupta .img_id = SOC_FW_CONTENT_CERT_ID, 211*35988193SPankaj Gupta .img_type = IMG_CERT, 212*35988193SPankaj Gupta .parent = &soc_fw_key_cert, 213*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 214*35988193SPankaj Gupta [0] = { 215*35988193SPankaj Gupta .type = AUTH_METHOD_SIG, 216*35988193SPankaj Gupta .param.sig = { 217*35988193SPankaj Gupta .pk = &soc_fw_content_pk, 218*35988193SPankaj Gupta .sig = &sig, 219*35988193SPankaj Gupta .alg = &sig_alg, 220*35988193SPankaj Gupta .data = &raw_data 221*35988193SPankaj Gupta } 222*35988193SPankaj Gupta }, 223*35988193SPankaj Gupta [1] = { 224*35988193SPankaj Gupta .type = AUTH_METHOD_NV_CTR, 225*35988193SPankaj Gupta .param.nv_ctr = { 226*35988193SPankaj Gupta .cert_nv_ctr = &trusted_nv_ctr, 227*35988193SPankaj Gupta .plat_nv_ctr = &trusted_nv_ctr 228*35988193SPankaj Gupta } 229*35988193SPankaj Gupta } 230*35988193SPankaj Gupta }, 231*35988193SPankaj Gupta .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 232*35988193SPankaj Gupta [0] = { 233*35988193SPankaj Gupta .type_desc = &soc_fw_hash, 234*35988193SPankaj Gupta .data = { 235*35988193SPankaj Gupta .ptr = (void *)soc_fw_hash_buf, 236*35988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 237*35988193SPankaj Gupta } 238*35988193SPankaj Gupta }, 239*35988193SPankaj Gupta [1] = { 240*35988193SPankaj Gupta .type_desc = &soc_fw_config_hash, 241*35988193SPankaj Gupta .data = { 242*35988193SPankaj Gupta .ptr = (void *)soc_fw_config_hash_buf, 243*35988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 244*35988193SPankaj Gupta } 245*35988193SPankaj Gupta } 246*35988193SPankaj Gupta } 247*35988193SPankaj Gupta }; 248*35988193SPankaj Gupta static const auth_img_desc_t bl31_image = { 249*35988193SPankaj Gupta .img_id = BL31_IMAGE_ID, 250*35988193SPankaj Gupta .img_type = IMG_RAW, 251*35988193SPankaj Gupta .parent = &soc_fw_content_cert, 252*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 253*35988193SPankaj Gupta [0] = { 254*35988193SPankaj Gupta .type = AUTH_METHOD_HASH, 255*35988193SPankaj Gupta .param.hash = { 256*35988193SPankaj Gupta .data = &raw_data, 257*35988193SPankaj Gupta .hash = &soc_fw_hash 258*35988193SPankaj Gupta } 259*35988193SPankaj Gupta } 260*35988193SPankaj Gupta } 261*35988193SPankaj Gupta }; 262*35988193SPankaj Gupta /* SOC FW Config */ 263*35988193SPankaj Gupta static const auth_img_desc_t soc_fw_config = { 264*35988193SPankaj Gupta .img_id = SOC_FW_CONFIG_ID, 265*35988193SPankaj Gupta .img_type = IMG_RAW, 266*35988193SPankaj Gupta .parent = &soc_fw_content_cert, 267*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 268*35988193SPankaj Gupta [0] = { 269*35988193SPankaj Gupta .type = AUTH_METHOD_HASH, 270*35988193SPankaj Gupta .param.hash = { 271*35988193SPankaj Gupta .data = &raw_data, 272*35988193SPankaj Gupta .hash = &soc_fw_config_hash 273*35988193SPankaj Gupta } 274*35988193SPankaj Gupta } 275*35988193SPankaj Gupta } 276*35988193SPankaj Gupta }; 277*35988193SPankaj Gupta /* 278*35988193SPankaj Gupta * Trusted OS Firmware 279*35988193SPankaj Gupta */ 280*35988193SPankaj Gupta static const auth_img_desc_t trusted_os_fw_key_cert = { 281*35988193SPankaj Gupta .img_id = TRUSTED_OS_FW_KEY_CERT_ID, 282*35988193SPankaj Gupta .img_type = IMG_CERT, 283*35988193SPankaj Gupta .parent = &trusted_key_cert, 284*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 285*35988193SPankaj Gupta [0] = { 286*35988193SPankaj Gupta .type = AUTH_METHOD_SIG, 287*35988193SPankaj Gupta .param.sig = { 288*35988193SPankaj Gupta .pk = &trusted_world_pk, 289*35988193SPankaj Gupta .sig = &sig, 290*35988193SPankaj Gupta .alg = &sig_alg, 291*35988193SPankaj Gupta .data = &raw_data 292*35988193SPankaj Gupta } 293*35988193SPankaj Gupta }, 294*35988193SPankaj Gupta [1] = { 295*35988193SPankaj Gupta .type = AUTH_METHOD_NV_CTR, 296*35988193SPankaj Gupta .param.nv_ctr = { 297*35988193SPankaj Gupta .cert_nv_ctr = &trusted_nv_ctr, 298*35988193SPankaj Gupta .plat_nv_ctr = &trusted_nv_ctr 299*35988193SPankaj Gupta } 300*35988193SPankaj Gupta } 301*35988193SPankaj Gupta }, 302*35988193SPankaj Gupta .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 303*35988193SPankaj Gupta [0] = { 304*35988193SPankaj Gupta .type_desc = &tos_fw_content_pk, 305*35988193SPankaj Gupta .data = { 306*35988193SPankaj Gupta .ptr = (void *)content_pk_buf, 307*35988193SPankaj Gupta .len = (unsigned int)PK_DER_LEN 308*35988193SPankaj Gupta } 309*35988193SPankaj Gupta } 310*35988193SPankaj Gupta } 311*35988193SPankaj Gupta }; 312*35988193SPankaj Gupta static const auth_img_desc_t trusted_os_fw_content_cert = { 313*35988193SPankaj Gupta .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID, 314*35988193SPankaj Gupta .img_type = IMG_CERT, 315*35988193SPankaj Gupta .parent = &trusted_os_fw_key_cert, 316*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 317*35988193SPankaj Gupta [0] = { 318*35988193SPankaj Gupta .type = AUTH_METHOD_SIG, 319*35988193SPankaj Gupta .param.sig = { 320*35988193SPankaj Gupta .pk = &tos_fw_content_pk, 321*35988193SPankaj Gupta .sig = &sig, 322*35988193SPankaj Gupta .alg = &sig_alg, 323*35988193SPankaj Gupta .data = &raw_data 324*35988193SPankaj Gupta } 325*35988193SPankaj Gupta }, 326*35988193SPankaj Gupta [1] = { 327*35988193SPankaj Gupta .type = AUTH_METHOD_NV_CTR, 328*35988193SPankaj Gupta .param.nv_ctr = { 329*35988193SPankaj Gupta .cert_nv_ctr = &trusted_nv_ctr, 330*35988193SPankaj Gupta .plat_nv_ctr = &trusted_nv_ctr 331*35988193SPankaj Gupta } 332*35988193SPankaj Gupta } 333*35988193SPankaj Gupta }, 334*35988193SPankaj Gupta .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 335*35988193SPankaj Gupta [0] = { 336*35988193SPankaj Gupta .type_desc = &tos_fw_hash, 337*35988193SPankaj Gupta .data = { 338*35988193SPankaj Gupta .ptr = (void *)tos_fw_hash_buf, 339*35988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 340*35988193SPankaj Gupta } 341*35988193SPankaj Gupta }, 342*35988193SPankaj Gupta [1] = { 343*35988193SPankaj Gupta .type_desc = &tos_fw_extra1_hash, 344*35988193SPankaj Gupta .data = { 345*35988193SPankaj Gupta .ptr = (void *)tos_fw_extra1_hash_buf, 346*35988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 347*35988193SPankaj Gupta } 348*35988193SPankaj Gupta }, 349*35988193SPankaj Gupta [2] = { 350*35988193SPankaj Gupta .type_desc = &tos_fw_extra2_hash, 351*35988193SPankaj Gupta .data = { 352*35988193SPankaj Gupta .ptr = (void *)tos_fw_extra2_hash_buf, 353*35988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 354*35988193SPankaj Gupta } 355*35988193SPankaj Gupta }, 356*35988193SPankaj Gupta [3] = { 357*35988193SPankaj Gupta .type_desc = &tos_fw_config_hash, 358*35988193SPankaj Gupta .data = { 359*35988193SPankaj Gupta .ptr = (void *)tos_fw_config_hash_buf, 360*35988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 361*35988193SPankaj Gupta } 362*35988193SPankaj Gupta } 363*35988193SPankaj Gupta } 364*35988193SPankaj Gupta }; 365*35988193SPankaj Gupta static const auth_img_desc_t bl32_image = { 366*35988193SPankaj Gupta .img_id = BL32_IMAGE_ID, 367*35988193SPankaj Gupta .img_type = IMG_RAW, 368*35988193SPankaj Gupta .parent = &trusted_os_fw_content_cert, 369*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 370*35988193SPankaj Gupta [0] = { 371*35988193SPankaj Gupta .type = AUTH_METHOD_HASH, 372*35988193SPankaj Gupta .param.hash = { 373*35988193SPankaj Gupta .data = &raw_data, 374*35988193SPankaj Gupta .hash = &tos_fw_hash 375*35988193SPankaj Gupta } 376*35988193SPankaj Gupta } 377*35988193SPankaj Gupta } 378*35988193SPankaj Gupta }; 379*35988193SPankaj Gupta static const auth_img_desc_t bl32_extra1_image = { 380*35988193SPankaj Gupta .img_id = BL32_EXTRA1_IMAGE_ID, 381*35988193SPankaj Gupta .img_type = IMG_RAW, 382*35988193SPankaj Gupta .parent = &trusted_os_fw_content_cert, 383*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 384*35988193SPankaj Gupta [0] = { 385*35988193SPankaj Gupta .type = AUTH_METHOD_HASH, 386*35988193SPankaj Gupta .param.hash = { 387*35988193SPankaj Gupta .data = &raw_data, 388*35988193SPankaj Gupta .hash = &tos_fw_extra1_hash 389*35988193SPankaj Gupta } 390*35988193SPankaj Gupta } 391*35988193SPankaj Gupta } 392*35988193SPankaj Gupta }; 393*35988193SPankaj Gupta static const auth_img_desc_t bl32_extra2_image = { 394*35988193SPankaj Gupta .img_id = BL32_EXTRA2_IMAGE_ID, 395*35988193SPankaj Gupta .img_type = IMG_RAW, 396*35988193SPankaj Gupta .parent = &trusted_os_fw_content_cert, 397*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 398*35988193SPankaj Gupta [0] = { 399*35988193SPankaj Gupta .type = AUTH_METHOD_HASH, 400*35988193SPankaj Gupta .param.hash = { 401*35988193SPankaj Gupta .data = &raw_data, 402*35988193SPankaj Gupta .hash = &tos_fw_extra2_hash 403*35988193SPankaj Gupta } 404*35988193SPankaj Gupta } 405*35988193SPankaj Gupta } 406*35988193SPankaj Gupta }; 407*35988193SPankaj Gupta /* TOS FW Config */ 408*35988193SPankaj Gupta static const auth_img_desc_t tos_fw_config = { 409*35988193SPankaj Gupta .img_id = TOS_FW_CONFIG_ID, 410*35988193SPankaj Gupta .img_type = IMG_RAW, 411*35988193SPankaj Gupta .parent = &trusted_os_fw_content_cert, 412*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 413*35988193SPankaj Gupta [0] = { 414*35988193SPankaj Gupta .type = AUTH_METHOD_HASH, 415*35988193SPankaj Gupta .param.hash = { 416*35988193SPankaj Gupta .data = &raw_data, 417*35988193SPankaj Gupta .hash = &tos_fw_config_hash 418*35988193SPankaj Gupta } 419*35988193SPankaj Gupta } 420*35988193SPankaj Gupta } 421*35988193SPankaj Gupta }; 422*35988193SPankaj Gupta /* 423*35988193SPankaj Gupta * Non-Trusted Firmware 424*35988193SPankaj Gupta */ 425*35988193SPankaj Gupta static const auth_img_desc_t non_trusted_fw_key_cert = { 426*35988193SPankaj Gupta .img_id = NON_TRUSTED_FW_KEY_CERT_ID, 427*35988193SPankaj Gupta .img_type = IMG_CERT, 428*35988193SPankaj Gupta .parent = &trusted_key_cert, 429*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 430*35988193SPankaj Gupta [0] = { 431*35988193SPankaj Gupta .type = AUTH_METHOD_SIG, 432*35988193SPankaj Gupta .param.sig = { 433*35988193SPankaj Gupta .pk = &non_trusted_world_pk, 434*35988193SPankaj Gupta .sig = &sig, 435*35988193SPankaj Gupta .alg = &sig_alg, 436*35988193SPankaj Gupta .data = &raw_data 437*35988193SPankaj Gupta } 438*35988193SPankaj Gupta }, 439*35988193SPankaj Gupta [1] = { 440*35988193SPankaj Gupta .type = AUTH_METHOD_NV_CTR, 441*35988193SPankaj Gupta .param.nv_ctr = { 442*35988193SPankaj Gupta .cert_nv_ctr = &non_trusted_nv_ctr, 443*35988193SPankaj Gupta .plat_nv_ctr = &non_trusted_nv_ctr 444*35988193SPankaj Gupta } 445*35988193SPankaj Gupta } 446*35988193SPankaj Gupta }, 447*35988193SPankaj Gupta .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 448*35988193SPankaj Gupta [0] = { 449*35988193SPankaj Gupta .type_desc = &nt_fw_content_pk, 450*35988193SPankaj Gupta .data = { 451*35988193SPankaj Gupta .ptr = (void *)content_pk_buf, 452*35988193SPankaj Gupta .len = (unsigned int)PK_DER_LEN 453*35988193SPankaj Gupta } 454*35988193SPankaj Gupta } 455*35988193SPankaj Gupta } 456*35988193SPankaj Gupta }; 457*35988193SPankaj Gupta static const auth_img_desc_t non_trusted_fw_content_cert = { 458*35988193SPankaj Gupta .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID, 459*35988193SPankaj Gupta .img_type = IMG_CERT, 460*35988193SPankaj Gupta .parent = &non_trusted_fw_key_cert, 461*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 462*35988193SPankaj Gupta [0] = { 463*35988193SPankaj Gupta .type = AUTH_METHOD_SIG, 464*35988193SPankaj Gupta .param.sig = { 465*35988193SPankaj Gupta .pk = &nt_fw_content_pk, 466*35988193SPankaj Gupta .sig = &sig, 467*35988193SPankaj Gupta .alg = &sig_alg, 468*35988193SPankaj Gupta .data = &raw_data 469*35988193SPankaj Gupta } 470*35988193SPankaj Gupta }, 471*35988193SPankaj Gupta [1] = { 472*35988193SPankaj Gupta .type = AUTH_METHOD_NV_CTR, 473*35988193SPankaj Gupta .param.nv_ctr = { 474*35988193SPankaj Gupta .cert_nv_ctr = &non_trusted_nv_ctr, 475*35988193SPankaj Gupta .plat_nv_ctr = &non_trusted_nv_ctr 476*35988193SPankaj Gupta } 477*35988193SPankaj Gupta } 478*35988193SPankaj Gupta }, 479*35988193SPankaj Gupta .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 480*35988193SPankaj Gupta [0] = { 481*35988193SPankaj Gupta .type_desc = &nt_world_bl_hash, 482*35988193SPankaj Gupta .data = { 483*35988193SPankaj Gupta .ptr = (void *)nt_world_bl_hash_buf, 484*35988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 485*35988193SPankaj Gupta } 486*35988193SPankaj Gupta }, 487*35988193SPankaj Gupta [1] = { 488*35988193SPankaj Gupta .type_desc = &nt_fw_config_hash, 489*35988193SPankaj Gupta .data = { 490*35988193SPankaj Gupta .ptr = (void *)nt_fw_config_hash_buf, 491*35988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 492*35988193SPankaj Gupta } 493*35988193SPankaj Gupta } 494*35988193SPankaj Gupta } 495*35988193SPankaj Gupta }; 496*35988193SPankaj Gupta static const auth_img_desc_t bl33_image = { 497*35988193SPankaj Gupta .img_id = BL33_IMAGE_ID, 498*35988193SPankaj Gupta .img_type = IMG_RAW, 499*35988193SPankaj Gupta .parent = &non_trusted_fw_content_cert, 500*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 501*35988193SPankaj Gupta [0] = { 502*35988193SPankaj Gupta .type = AUTH_METHOD_HASH, 503*35988193SPankaj Gupta .param.hash = { 504*35988193SPankaj Gupta .data = &raw_data, 505*35988193SPankaj Gupta .hash = &nt_world_bl_hash 506*35988193SPankaj Gupta } 507*35988193SPankaj Gupta } 508*35988193SPankaj Gupta } 509*35988193SPankaj Gupta }; 510*35988193SPankaj Gupta /* NT FW Config */ 511*35988193SPankaj Gupta static const auth_img_desc_t nt_fw_config = { 512*35988193SPankaj Gupta .img_id = NT_FW_CONFIG_ID, 513*35988193SPankaj Gupta .img_type = IMG_RAW, 514*35988193SPankaj Gupta .parent = &non_trusted_fw_content_cert, 515*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 516*35988193SPankaj Gupta [0] = { 517*35988193SPankaj Gupta .type = AUTH_METHOD_HASH, 518*35988193SPankaj Gupta .param.hash = { 519*35988193SPankaj Gupta .data = &raw_data, 520*35988193SPankaj Gupta .hash = &nt_fw_config_hash 521*35988193SPankaj Gupta } 522*35988193SPankaj Gupta } 523*35988193SPankaj Gupta } 524*35988193SPankaj Gupta }; 525*35988193SPankaj Gupta #ifdef CONFIG_DDR_FIP_IMAGE 526*35988193SPankaj Gupta /* 527*35988193SPankaj Gupta * DDR Firmware 528*35988193SPankaj Gupta */ 529*35988193SPankaj Gupta static const auth_img_desc_t ddr_fw_key_cert = { 530*35988193SPankaj Gupta .img_id = DDR_FW_KEY_CERT_ID, 531*35988193SPankaj Gupta .img_type = IMG_CERT, 532*35988193SPankaj Gupta .parent = &trusted_key_cert, 533*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 534*35988193SPankaj Gupta [0] = { 535*35988193SPankaj Gupta .type = AUTH_METHOD_SIG, 536*35988193SPankaj Gupta .param.sig = { 537*35988193SPankaj Gupta .pk = &trusted_world_pk, 538*35988193SPankaj Gupta .sig = &sig, 539*35988193SPankaj Gupta .alg = &sig_alg, 540*35988193SPankaj Gupta .data = &raw_data 541*35988193SPankaj Gupta } 542*35988193SPankaj Gupta }, 543*35988193SPankaj Gupta [1] = { 544*35988193SPankaj Gupta .type = AUTH_METHOD_NV_CTR, 545*35988193SPankaj Gupta .param.nv_ctr = { 546*35988193SPankaj Gupta .cert_nv_ctr = &trusted_nv_ctr, 547*35988193SPankaj Gupta .plat_nv_ctr = &trusted_nv_ctr 548*35988193SPankaj Gupta } 549*35988193SPankaj Gupta } 550*35988193SPankaj Gupta }, 551*35988193SPankaj Gupta .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 552*35988193SPankaj Gupta [0] = { 553*35988193SPankaj Gupta .type_desc = &ddr_fw_content_pk, 554*35988193SPankaj Gupta .data = { 555*35988193SPankaj Gupta .ptr = (void *)ddr_fw_content_pk_buf, 556*35988193SPankaj Gupta .len = (unsigned int)PK_DER_LEN 557*35988193SPankaj Gupta } 558*35988193SPankaj Gupta } 559*35988193SPankaj Gupta } 560*35988193SPankaj Gupta }; 561*35988193SPankaj Gupta static const auth_img_desc_t ddr_udimm_fw_content_cert = { 562*35988193SPankaj Gupta .img_id = DDR_UDIMM_FW_CONTENT_CERT_ID, 563*35988193SPankaj Gupta .img_type = IMG_CERT, 564*35988193SPankaj Gupta .parent = &ddr_fw_key_cert, 565*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 566*35988193SPankaj Gupta [0] = { 567*35988193SPankaj Gupta .type = AUTH_METHOD_SIG, 568*35988193SPankaj Gupta .param.sig = { 569*35988193SPankaj Gupta .pk = &ddr_fw_content_pk, 570*35988193SPankaj Gupta .sig = &sig, 571*35988193SPankaj Gupta .alg = &sig_alg, 572*35988193SPankaj Gupta .data = &raw_data 573*35988193SPankaj Gupta } 574*35988193SPankaj Gupta }, 575*35988193SPankaj Gupta [1] = { 576*35988193SPankaj Gupta .type = AUTH_METHOD_NV_CTR, 577*35988193SPankaj Gupta .param.nv_ctr = { 578*35988193SPankaj Gupta .cert_nv_ctr = &trusted_nv_ctr, 579*35988193SPankaj Gupta .plat_nv_ctr = &trusted_nv_ctr 580*35988193SPankaj Gupta } 581*35988193SPankaj Gupta } 582*35988193SPankaj Gupta }, 583*35988193SPankaj Gupta .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 584*35988193SPankaj Gupta [0] = { 585*35988193SPankaj Gupta .type_desc = &ddr_imem_udimm_1d_fw_hash, 586*35988193SPankaj Gupta .data = { 587*35988193SPankaj Gupta .ptr = (void *)ddr_imem_udimm_1d_hash_buf, 588*35988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 589*35988193SPankaj Gupta } 590*35988193SPankaj Gupta }, 591*35988193SPankaj Gupta [1] = { 592*35988193SPankaj Gupta .type_desc = &ddr_imem_udimm_2d_fw_hash, 593*35988193SPankaj Gupta .data = { 594*35988193SPankaj Gupta .ptr = (void *)ddr_imem_udimm_2d_hash_buf, 595*35988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 596*35988193SPankaj Gupta } 597*35988193SPankaj Gupta }, 598*35988193SPankaj Gupta [2] = { 599*35988193SPankaj Gupta .type_desc = &ddr_dmem_udimm_1d_fw_hash, 600*35988193SPankaj Gupta .data = { 601*35988193SPankaj Gupta .ptr = (void *)ddr_dmem_udimm_1d_hash_buf, 602*35988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 603*35988193SPankaj Gupta } 604*35988193SPankaj Gupta }, 605*35988193SPankaj Gupta [3] = { 606*35988193SPankaj Gupta .type_desc = &ddr_dmem_udimm_2d_fw_hash, 607*35988193SPankaj Gupta .data = { 608*35988193SPankaj Gupta .ptr = (void *)ddr_dmem_udimm_2d_hash_buf, 609*35988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 610*35988193SPankaj Gupta } 611*35988193SPankaj Gupta }, 612*35988193SPankaj Gupta } 613*35988193SPankaj Gupta }; 614*35988193SPankaj Gupta 615*35988193SPankaj Gupta static const auth_img_desc_t ddr_imem_udimm_1d_img = { 616*35988193SPankaj Gupta .img_id = DDR_IMEM_UDIMM_1D_IMAGE_ID, 617*35988193SPankaj Gupta .img_type = IMG_RAW, 618*35988193SPankaj Gupta .parent = &ddr_udimm_fw_content_cert, 619*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 620*35988193SPankaj Gupta [0] = { 621*35988193SPankaj Gupta .type = AUTH_METHOD_HASH, 622*35988193SPankaj Gupta .param.hash = { 623*35988193SPankaj Gupta .data = &raw_data, 624*35988193SPankaj Gupta .hash = &ddr_imem_udimm_1d_fw_hash 625*35988193SPankaj Gupta } 626*35988193SPankaj Gupta } 627*35988193SPankaj Gupta } 628*35988193SPankaj Gupta }; 629*35988193SPankaj Gupta static const auth_img_desc_t ddr_imem_udimm_2d_img = { 630*35988193SPankaj Gupta .img_id = DDR_IMEM_UDIMM_2D_IMAGE_ID, 631*35988193SPankaj Gupta .img_type = IMG_RAW, 632*35988193SPankaj Gupta .parent = &ddr_udimm_fw_content_cert, 633*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 634*35988193SPankaj Gupta [0] = { 635*35988193SPankaj Gupta .type = AUTH_METHOD_HASH, 636*35988193SPankaj Gupta .param.hash = { 637*35988193SPankaj Gupta .data = &raw_data, 638*35988193SPankaj Gupta .hash = &ddr_imem_udimm_2d_fw_hash 639*35988193SPankaj Gupta } 640*35988193SPankaj Gupta } 641*35988193SPankaj Gupta } 642*35988193SPankaj Gupta }; 643*35988193SPankaj Gupta static const auth_img_desc_t ddr_dmem_udimm_1d_img = { 644*35988193SPankaj Gupta .img_id = DDR_DMEM_UDIMM_1D_IMAGE_ID, 645*35988193SPankaj Gupta .img_type = IMG_RAW, 646*35988193SPankaj Gupta .parent = &ddr_udimm_fw_content_cert, 647*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 648*35988193SPankaj Gupta [0] = { 649*35988193SPankaj Gupta .type = AUTH_METHOD_HASH, 650*35988193SPankaj Gupta .param.hash = { 651*35988193SPankaj Gupta .data = &raw_data, 652*35988193SPankaj Gupta .hash = &ddr_dmem_udimm_1d_fw_hash 653*35988193SPankaj Gupta } 654*35988193SPankaj Gupta } 655*35988193SPankaj Gupta } 656*35988193SPankaj Gupta }; 657*35988193SPankaj Gupta static const auth_img_desc_t ddr_dmem_udimm_2d_img = { 658*35988193SPankaj Gupta .img_id = DDR_DMEM_UDIMM_2D_IMAGE_ID, 659*35988193SPankaj Gupta .img_type = IMG_RAW, 660*35988193SPankaj Gupta .parent = &ddr_udimm_fw_content_cert, 661*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 662*35988193SPankaj Gupta [0] = { 663*35988193SPankaj Gupta .type = AUTH_METHOD_HASH, 664*35988193SPankaj Gupta .param.hash = { 665*35988193SPankaj Gupta .data = &raw_data, 666*35988193SPankaj Gupta .hash = &ddr_dmem_udimm_2d_fw_hash 667*35988193SPankaj Gupta } 668*35988193SPankaj Gupta } 669*35988193SPankaj Gupta } 670*35988193SPankaj Gupta }; 671*35988193SPankaj Gupta 672*35988193SPankaj Gupta static const auth_img_desc_t ddr_rdimm_fw_content_cert = { 673*35988193SPankaj Gupta .img_id = DDR_RDIMM_FW_CONTENT_CERT_ID, 674*35988193SPankaj Gupta .img_type = IMG_CERT, 675*35988193SPankaj Gupta .parent = &ddr_fw_key_cert, 676*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 677*35988193SPankaj Gupta [0] = { 678*35988193SPankaj Gupta .type = AUTH_METHOD_SIG, 679*35988193SPankaj Gupta .param.sig = { 680*35988193SPankaj Gupta .pk = &ddr_fw_content_pk, 681*35988193SPankaj Gupta .sig = &sig, 682*35988193SPankaj Gupta .alg = &sig_alg, 683*35988193SPankaj Gupta .data = &raw_data 684*35988193SPankaj Gupta } 685*35988193SPankaj Gupta }, 686*35988193SPankaj Gupta [1] = { 687*35988193SPankaj Gupta .type = AUTH_METHOD_NV_CTR, 688*35988193SPankaj Gupta .param.nv_ctr = { 689*35988193SPankaj Gupta .cert_nv_ctr = &trusted_nv_ctr, 690*35988193SPankaj Gupta .plat_nv_ctr = &trusted_nv_ctr 691*35988193SPankaj Gupta } 692*35988193SPankaj Gupta } 693*35988193SPankaj Gupta }, 694*35988193SPankaj Gupta .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 695*35988193SPankaj Gupta [0] = { 696*35988193SPankaj Gupta .type_desc = &ddr_imem_rdimm_1d_fw_hash, 697*35988193SPankaj Gupta .data = { 698*35988193SPankaj Gupta .ptr = (void *)ddr_imem_rdimm_1d_hash_buf, 699*35988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 700*35988193SPankaj Gupta } 701*35988193SPankaj Gupta }, 702*35988193SPankaj Gupta [1] = { 703*35988193SPankaj Gupta .type_desc = &ddr_imem_rdimm_2d_fw_hash, 704*35988193SPankaj Gupta .data = { 705*35988193SPankaj Gupta .ptr = (void *)ddr_imem_rdimm_2d_hash_buf, 706*35988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 707*35988193SPankaj Gupta } 708*35988193SPankaj Gupta }, 709*35988193SPankaj Gupta [2] = { 710*35988193SPankaj Gupta .type_desc = &ddr_dmem_rdimm_1d_fw_hash, 711*35988193SPankaj Gupta .data = { 712*35988193SPankaj Gupta .ptr = (void *)ddr_dmem_rdimm_1d_hash_buf, 713*35988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 714*35988193SPankaj Gupta } 715*35988193SPankaj Gupta }, 716*35988193SPankaj Gupta [3] = { 717*35988193SPankaj Gupta .type_desc = &ddr_dmem_rdimm_2d_fw_hash, 718*35988193SPankaj Gupta .data = { 719*35988193SPankaj Gupta .ptr = (void *)ddr_dmem_rdimm_2d_hash_buf, 720*35988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 721*35988193SPankaj Gupta } 722*35988193SPankaj Gupta }, 723*35988193SPankaj Gupta } 724*35988193SPankaj Gupta }; 725*35988193SPankaj Gupta 726*35988193SPankaj Gupta static const auth_img_desc_t ddr_imem_rdimm_1d_img = { 727*35988193SPankaj Gupta .img_id = DDR_IMEM_RDIMM_1D_IMAGE_ID, 728*35988193SPankaj Gupta .img_type = IMG_RAW, 729*35988193SPankaj Gupta .parent = &ddr_rdimm_fw_content_cert, 730*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 731*35988193SPankaj Gupta [0] = { 732*35988193SPankaj Gupta .type = AUTH_METHOD_HASH, 733*35988193SPankaj Gupta .param.hash = { 734*35988193SPankaj Gupta .data = &raw_data, 735*35988193SPankaj Gupta .hash = &ddr_imem_rdimm_1d_fw_hash 736*35988193SPankaj Gupta } 737*35988193SPankaj Gupta } 738*35988193SPankaj Gupta } 739*35988193SPankaj Gupta }; 740*35988193SPankaj Gupta static const auth_img_desc_t ddr_imem_rdimm_2d_img = { 741*35988193SPankaj Gupta .img_id = DDR_IMEM_RDIMM_2D_IMAGE_ID, 742*35988193SPankaj Gupta .img_type = IMG_RAW, 743*35988193SPankaj Gupta .parent = &ddr_rdimm_fw_content_cert, 744*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 745*35988193SPankaj Gupta [0] = { 746*35988193SPankaj Gupta .type = AUTH_METHOD_HASH, 747*35988193SPankaj Gupta .param.hash = { 748*35988193SPankaj Gupta .data = &raw_data, 749*35988193SPankaj Gupta .hash = &ddr_imem_rdimm_2d_fw_hash 750*35988193SPankaj Gupta } 751*35988193SPankaj Gupta } 752*35988193SPankaj Gupta } 753*35988193SPankaj Gupta }; 754*35988193SPankaj Gupta static const auth_img_desc_t ddr_dmem_rdimm_1d_img = { 755*35988193SPankaj Gupta .img_id = DDR_DMEM_RDIMM_1D_IMAGE_ID, 756*35988193SPankaj Gupta .img_type = IMG_RAW, 757*35988193SPankaj Gupta .parent = &ddr_rdimm_fw_content_cert, 758*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 759*35988193SPankaj Gupta [0] = { 760*35988193SPankaj Gupta .type = AUTH_METHOD_HASH, 761*35988193SPankaj Gupta .param.hash = { 762*35988193SPankaj Gupta .data = &raw_data, 763*35988193SPankaj Gupta .hash = &ddr_dmem_rdimm_1d_fw_hash 764*35988193SPankaj Gupta } 765*35988193SPankaj Gupta } 766*35988193SPankaj Gupta } 767*35988193SPankaj Gupta }; 768*35988193SPankaj Gupta static const auth_img_desc_t ddr_dmem_rdimm_2d_img = { 769*35988193SPankaj Gupta .img_id = DDR_DMEM_RDIMM_2D_IMAGE_ID, 770*35988193SPankaj Gupta .img_type = IMG_RAW, 771*35988193SPankaj Gupta .parent = &ddr_rdimm_fw_content_cert, 772*35988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 773*35988193SPankaj Gupta [0] = { 774*35988193SPankaj Gupta .type = AUTH_METHOD_HASH, 775*35988193SPankaj Gupta .param.hash = { 776*35988193SPankaj Gupta .data = &raw_data, 777*35988193SPankaj Gupta .hash = &ddr_dmem_rdimm_2d_fw_hash 778*35988193SPankaj Gupta } 779*35988193SPankaj Gupta } 780*35988193SPankaj Gupta } 781*35988193SPankaj Gupta }; 782*35988193SPankaj Gupta #endif 783*35988193SPankaj Gupta 784*35988193SPankaj Gupta /* 785*35988193SPankaj Gupta * TBBR Chain of trust definition 786*35988193SPankaj Gupta */ 787*35988193SPankaj Gupta 788*35988193SPankaj Gupta static const auth_img_desc_t * const cot_desc[] = { 789*35988193SPankaj Gupta [TRUSTED_KEY_CERT_ID] = &trusted_key_cert, 790*35988193SPankaj Gupta [SOC_FW_KEY_CERT_ID] = &soc_fw_key_cert, 791*35988193SPankaj Gupta [SOC_FW_CONTENT_CERT_ID] = &soc_fw_content_cert, 792*35988193SPankaj Gupta [BL31_IMAGE_ID] = &bl31_image, 793*35988193SPankaj Gupta [SOC_FW_CONFIG_ID] = &soc_fw_config, 794*35988193SPankaj Gupta [TRUSTED_OS_FW_KEY_CERT_ID] = &trusted_os_fw_key_cert, 795*35988193SPankaj Gupta [TRUSTED_OS_FW_CONTENT_CERT_ID] = &trusted_os_fw_content_cert, 796*35988193SPankaj Gupta [BL32_IMAGE_ID] = &bl32_image, 797*35988193SPankaj Gupta [BL32_EXTRA1_IMAGE_ID] = &bl32_extra1_image, 798*35988193SPankaj Gupta [BL32_EXTRA2_IMAGE_ID] = &bl32_extra2_image, 799*35988193SPankaj Gupta [TOS_FW_CONFIG_ID] = &tos_fw_config, 800*35988193SPankaj Gupta [NON_TRUSTED_FW_KEY_CERT_ID] = &non_trusted_fw_key_cert, 801*35988193SPankaj Gupta [NON_TRUSTED_FW_CONTENT_CERT_ID] = &non_trusted_fw_content_cert, 802*35988193SPankaj Gupta [BL33_IMAGE_ID] = &bl33_image, 803*35988193SPankaj Gupta [NT_FW_CONFIG_ID] = &nt_fw_config, 804*35988193SPankaj Gupta #ifdef CONFIG_DDR_FIP_IMAGE 805*35988193SPankaj Gupta [DDR_FW_KEY_CERT_ID] = &ddr_fw_key_cert, 806*35988193SPankaj Gupta [DDR_UDIMM_FW_CONTENT_CERT_ID] = &ddr_udimm_fw_content_cert, 807*35988193SPankaj Gupta [DDR_RDIMM_FW_CONTENT_CERT_ID] = &ddr_rdimm_fw_content_cert, 808*35988193SPankaj Gupta [DDR_IMEM_UDIMM_1D_IMAGE_ID] = &ddr_imem_udimm_1d_img, 809*35988193SPankaj Gupta [DDR_IMEM_UDIMM_2D_IMAGE_ID] = &ddr_imem_udimm_2d_img, 810*35988193SPankaj Gupta [DDR_DMEM_UDIMM_1D_IMAGE_ID] = &ddr_dmem_udimm_1d_img, 811*35988193SPankaj Gupta [DDR_DMEM_UDIMM_2D_IMAGE_ID] = &ddr_dmem_udimm_2d_img, 812*35988193SPankaj Gupta [DDR_IMEM_RDIMM_1D_IMAGE_ID] = &ddr_imem_rdimm_1d_img, 813*35988193SPankaj Gupta [DDR_IMEM_RDIMM_2D_IMAGE_ID] = &ddr_imem_rdimm_2d_img, 814*35988193SPankaj Gupta [DDR_DMEM_RDIMM_1D_IMAGE_ID] = &ddr_dmem_rdimm_1d_img, 815*35988193SPankaj Gupta [DDR_DMEM_RDIMM_2D_IMAGE_ID] = &ddr_dmem_rdimm_2d_img, 816*35988193SPankaj Gupta #endif 817*35988193SPankaj Gupta }; 818*35988193SPankaj Gupta 819*35988193SPankaj Gupta /* Register the CoT in the authentication module */ 820*35988193SPankaj Gupta REGISTER_COT(cot_desc); 821