135988193SPankaj Gupta /* 2*a9edc32cSGovindraj Raja * Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved. 335988193SPankaj Gupta * 435988193SPankaj Gupta * Copyright 2020 NXP 535988193SPankaj Gupta * 635988193SPankaj Gupta * SPDX-License-Identifier: BSD-3-Clause 735988193SPankaj Gupta */ 835988193SPankaj Gupta 935988193SPankaj Gupta #include <stddef.h> 1035988193SPankaj Gupta 11*a9edc32cSGovindraj Raja #include <common/tbbr/cot_def.h> 1235988193SPankaj Gupta #include <drivers/auth/auth_mod.h> 1335988193SPankaj Gupta 1435988193SPankaj Gupta #if USE_TBBR_DEFS 1535988193SPankaj Gupta #include <tools_share/tbbr_oid.h> 1635988193SPankaj Gupta #else 1735988193SPankaj Gupta #include <platform_oid.h> 1835988193SPankaj Gupta #endif 1935988193SPankaj Gupta 2035988193SPankaj Gupta 2135988193SPankaj Gupta #if TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA256 2235988193SPankaj Gupta #define HASH_DER_LEN 51 2335988193SPankaj Gupta #elif TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA384 2435988193SPankaj Gupta #define HASH_DER_LEN 67 2535988193SPankaj Gupta #elif TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA512 2635988193SPankaj Gupta #define HASH_DER_LEN 83 2735988193SPankaj Gupta #else 2835988193SPankaj Gupta #error "Invalid value for TF_MBEDTLS_HASH_ALG_ID" 2935988193SPankaj Gupta #endif 3035988193SPankaj Gupta 3135988193SPankaj Gupta /* 3235988193SPankaj Gupta * The platform must allocate buffers to store the authentication parameters 3335988193SPankaj Gupta * extracted from the certificates. In this case, because of the way the CoT is 3435988193SPankaj Gupta * established, we can reuse some of the buffers on different stages 3535988193SPankaj Gupta */ 3635988193SPankaj Gupta 3735988193SPankaj Gupta static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN]; 3835988193SPankaj Gupta 3935988193SPankaj Gupta static unsigned char soc_fw_hash_buf[HASH_DER_LEN]; 4035988193SPankaj Gupta static unsigned char tos_fw_hash_buf[HASH_DER_LEN]; 4135988193SPankaj Gupta static unsigned char tos_fw_extra1_hash_buf[HASH_DER_LEN]; 4235988193SPankaj Gupta static unsigned char tos_fw_extra2_hash_buf[HASH_DER_LEN]; 4335988193SPankaj Gupta static unsigned char trusted_world_pk_buf[PK_DER_LEN]; 4435988193SPankaj Gupta static unsigned char non_trusted_world_pk_buf[PK_DER_LEN]; 4535988193SPankaj Gupta static unsigned char content_pk_buf[PK_DER_LEN]; 4635988193SPankaj Gupta static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN]; 4735988193SPankaj Gupta static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN]; 4835988193SPankaj Gupta static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN]; 4935988193SPankaj Gupta 5035988193SPankaj Gupta #ifdef CONFIG_DDR_FIP_IMAGE 5135988193SPankaj Gupta static unsigned char ddr_fw_content_pk_buf[PK_DER_LEN]; 5235988193SPankaj Gupta static unsigned char ddr_imem_udimm_1d_hash_buf[HASH_DER_LEN]; 5335988193SPankaj Gupta static unsigned char ddr_imem_udimm_2d_hash_buf[HASH_DER_LEN]; 5435988193SPankaj Gupta static unsigned char ddr_dmem_udimm_1d_hash_buf[HASH_DER_LEN]; 5535988193SPankaj Gupta static unsigned char ddr_dmem_udimm_2d_hash_buf[HASH_DER_LEN]; 5635988193SPankaj Gupta 5735988193SPankaj Gupta static unsigned char ddr_imem_rdimm_1d_hash_buf[HASH_DER_LEN]; 5835988193SPankaj Gupta static unsigned char ddr_imem_rdimm_2d_hash_buf[HASH_DER_LEN]; 5935988193SPankaj Gupta static unsigned char ddr_dmem_rdimm_1d_hash_buf[HASH_DER_LEN]; 6035988193SPankaj Gupta static unsigned char ddr_dmem_rdimm_2d_hash_buf[HASH_DER_LEN]; 6135988193SPankaj Gupta #endif 6235988193SPankaj Gupta 6335988193SPankaj Gupta /* 6435988193SPankaj Gupta * Parameter type descriptors 6535988193SPankaj Gupta */ 6635988193SPankaj Gupta static auth_param_type_desc_t trusted_nv_ctr = AUTH_PARAM_TYPE_DESC( 6735988193SPankaj Gupta AUTH_PARAM_NV_CTR, TRUSTED_FW_NVCOUNTER_OID); 6835988193SPankaj Gupta 6935988193SPankaj Gupta static auth_param_type_desc_t subject_pk = AUTH_PARAM_TYPE_DESC( 7035988193SPankaj Gupta AUTH_PARAM_PUB_KEY, 0); 7135988193SPankaj Gupta static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC( 7235988193SPankaj Gupta AUTH_PARAM_SIG, 0); 7335988193SPankaj Gupta static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC( 7435988193SPankaj Gupta AUTH_PARAM_SIG_ALG, 0); 7535988193SPankaj Gupta static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC( 7635988193SPankaj Gupta AUTH_PARAM_RAW_DATA, 0); 7735988193SPankaj Gupta 7835988193SPankaj Gupta 7935988193SPankaj Gupta static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC( 8035988193SPankaj Gupta AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID); 8135988193SPankaj Gupta static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC( 8235988193SPankaj Gupta AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID); 8335988193SPankaj Gupta static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC( 8435988193SPankaj Gupta AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID); 8535988193SPankaj Gupta static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC( 8635988193SPankaj Gupta AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID); 8735988193SPankaj Gupta static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC( 8835988193SPankaj Gupta AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID); 8935988193SPankaj Gupta static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC( 9035988193SPankaj Gupta AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID); 9135988193SPankaj Gupta static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC( 9235988193SPankaj Gupta AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID); 9335988193SPankaj Gupta static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC( 9435988193SPankaj Gupta AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID); 9535988193SPankaj Gupta static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC( 9635988193SPankaj Gupta AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID); 9735988193SPankaj Gupta static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC( 9835988193SPankaj Gupta AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID); 9935988193SPankaj Gupta static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC( 10035988193SPankaj Gupta AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID); 10135988193SPankaj Gupta static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC( 10235988193SPankaj Gupta AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID); 10335988193SPankaj Gupta static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC( 10435988193SPankaj Gupta AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID); 10535988193SPankaj Gupta static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC( 10635988193SPankaj Gupta AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID); 10735988193SPankaj Gupta 10835988193SPankaj Gupta #ifdef CONFIG_DDR_FIP_IMAGE 10935988193SPankaj Gupta static auth_param_type_desc_t ddr_fw_content_pk = AUTH_PARAM_TYPE_DESC( 11035988193SPankaj Gupta AUTH_PARAM_PUB_KEY, DDR_FW_CONTENT_CERT_PK_OID); 11135988193SPankaj Gupta 11235988193SPankaj Gupta static auth_param_type_desc_t ddr_imem_udimm_1d_fw_hash = AUTH_PARAM_TYPE_DESC( 11335988193SPankaj Gupta AUTH_PARAM_HASH, DDR_IMEM_UDIMM_1D_HASH_OID); 11435988193SPankaj Gupta static auth_param_type_desc_t ddr_imem_udimm_2d_fw_hash = AUTH_PARAM_TYPE_DESC( 11535988193SPankaj Gupta AUTH_PARAM_HASH, DDR_IMEM_UDIMM_2D_HASH_OID); 11635988193SPankaj Gupta static auth_param_type_desc_t ddr_dmem_udimm_1d_fw_hash = AUTH_PARAM_TYPE_DESC( 11735988193SPankaj Gupta AUTH_PARAM_HASH, DDR_DMEM_UDIMM_1D_HASH_OID); 11835988193SPankaj Gupta static auth_param_type_desc_t ddr_dmem_udimm_2d_fw_hash = AUTH_PARAM_TYPE_DESC( 11935988193SPankaj Gupta AUTH_PARAM_HASH, DDR_DMEM_UDIMM_2D_HASH_OID); 12035988193SPankaj Gupta 12135988193SPankaj Gupta static auth_param_type_desc_t ddr_imem_rdimm_1d_fw_hash = AUTH_PARAM_TYPE_DESC( 12235988193SPankaj Gupta AUTH_PARAM_HASH, DDR_IMEM_RDIMM_1D_HASH_OID); 12335988193SPankaj Gupta static auth_param_type_desc_t ddr_imem_rdimm_2d_fw_hash = AUTH_PARAM_TYPE_DESC( 12435988193SPankaj Gupta AUTH_PARAM_HASH, DDR_IMEM_RDIMM_2D_HASH_OID); 12535988193SPankaj Gupta static auth_param_type_desc_t ddr_dmem_rdimm_1d_fw_hash = AUTH_PARAM_TYPE_DESC( 12635988193SPankaj Gupta AUTH_PARAM_HASH, DDR_DMEM_RDIMM_1D_HASH_OID); 12735988193SPankaj Gupta static auth_param_type_desc_t ddr_dmem_rdimm_2d_fw_hash = AUTH_PARAM_TYPE_DESC( 12835988193SPankaj Gupta AUTH_PARAM_HASH, DDR_DMEM_RDIMM_2D_HASH_OID); 12935988193SPankaj Gupta #endif 13035988193SPankaj Gupta 13135988193SPankaj Gupta 13235988193SPankaj Gupta /* 13335988193SPankaj Gupta * Trusted key certificate 13435988193SPankaj Gupta */ 13535988193SPankaj Gupta static const auth_img_desc_t trusted_key_cert = { 13635988193SPankaj Gupta .img_id = TRUSTED_KEY_CERT_ID, 13735988193SPankaj Gupta .img_type = IMG_CERT, 13835988193SPankaj Gupta .parent = NULL, 13935988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 14035988193SPankaj Gupta [0] = { 14135988193SPankaj Gupta .type = AUTH_METHOD_SIG, 14235988193SPankaj Gupta .param.sig = { 14335988193SPankaj Gupta .pk = &subject_pk, 14435988193SPankaj Gupta .sig = &sig, 14535988193SPankaj Gupta .alg = &sig_alg, 14635988193SPankaj Gupta .data = &raw_data 14735988193SPankaj Gupta } 14835988193SPankaj Gupta }, 14935988193SPankaj Gupta [1] = { 15035988193SPankaj Gupta .type = AUTH_METHOD_NV_CTR, 15135988193SPankaj Gupta .param.nv_ctr = { 15235988193SPankaj Gupta .cert_nv_ctr = &trusted_nv_ctr, 15335988193SPankaj Gupta .plat_nv_ctr = &trusted_nv_ctr 15435988193SPankaj Gupta } 15535988193SPankaj Gupta } 15635988193SPankaj Gupta }, 15735988193SPankaj Gupta .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 15835988193SPankaj Gupta [0] = { 15935988193SPankaj Gupta .type_desc = &trusted_world_pk, 16035988193SPankaj Gupta .data = { 16135988193SPankaj Gupta .ptr = (void *)trusted_world_pk_buf, 16235988193SPankaj Gupta .len = (unsigned int)PK_DER_LEN 16335988193SPankaj Gupta } 16435988193SPankaj Gupta }, 16535988193SPankaj Gupta [1] = { 16635988193SPankaj Gupta .type_desc = &non_trusted_world_pk, 16735988193SPankaj Gupta .data = { 16835988193SPankaj Gupta .ptr = (void *)non_trusted_world_pk_buf, 16935988193SPankaj Gupta .len = (unsigned int)PK_DER_LEN 17035988193SPankaj Gupta } 17135988193SPankaj Gupta } 17235988193SPankaj Gupta } 17335988193SPankaj Gupta }; 17435988193SPankaj Gupta 17535988193SPankaj Gupta /* 17635988193SPankaj Gupta * SoC Firmware 17735988193SPankaj Gupta */ 17835988193SPankaj Gupta static const auth_img_desc_t soc_fw_key_cert = { 17935988193SPankaj Gupta .img_id = SOC_FW_KEY_CERT_ID, 18035988193SPankaj Gupta .img_type = IMG_CERT, 18135988193SPankaj Gupta .parent = &trusted_key_cert, 18235988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 18335988193SPankaj Gupta [0] = { 18435988193SPankaj Gupta .type = AUTH_METHOD_SIG, 18535988193SPankaj Gupta .param.sig = { 18635988193SPankaj Gupta .pk = &trusted_world_pk, 18735988193SPankaj Gupta .sig = &sig, 18835988193SPankaj Gupta .alg = &sig_alg, 18935988193SPankaj Gupta .data = &raw_data 19035988193SPankaj Gupta } 19135988193SPankaj Gupta }, 19235988193SPankaj Gupta [1] = { 19335988193SPankaj Gupta .type = AUTH_METHOD_NV_CTR, 19435988193SPankaj Gupta .param.nv_ctr = { 19535988193SPankaj Gupta .cert_nv_ctr = &trusted_nv_ctr, 19635988193SPankaj Gupta .plat_nv_ctr = &trusted_nv_ctr 19735988193SPankaj Gupta } 19835988193SPankaj Gupta } 19935988193SPankaj Gupta }, 20035988193SPankaj Gupta .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 20135988193SPankaj Gupta [0] = { 20235988193SPankaj Gupta .type_desc = &soc_fw_content_pk, 20335988193SPankaj Gupta .data = { 20435988193SPankaj Gupta .ptr = (void *)content_pk_buf, 20535988193SPankaj Gupta .len = (unsigned int)PK_DER_LEN 20635988193SPankaj Gupta } 20735988193SPankaj Gupta } 20835988193SPankaj Gupta } 20935988193SPankaj Gupta }; 21035988193SPankaj Gupta static const auth_img_desc_t soc_fw_content_cert = { 21135988193SPankaj Gupta .img_id = SOC_FW_CONTENT_CERT_ID, 21235988193SPankaj Gupta .img_type = IMG_CERT, 21335988193SPankaj Gupta .parent = &soc_fw_key_cert, 21435988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 21535988193SPankaj Gupta [0] = { 21635988193SPankaj Gupta .type = AUTH_METHOD_SIG, 21735988193SPankaj Gupta .param.sig = { 21835988193SPankaj Gupta .pk = &soc_fw_content_pk, 21935988193SPankaj Gupta .sig = &sig, 22035988193SPankaj Gupta .alg = &sig_alg, 22135988193SPankaj Gupta .data = &raw_data 22235988193SPankaj Gupta } 22335988193SPankaj Gupta }, 22435988193SPankaj Gupta [1] = { 22535988193SPankaj Gupta .type = AUTH_METHOD_NV_CTR, 22635988193SPankaj Gupta .param.nv_ctr = { 22735988193SPankaj Gupta .cert_nv_ctr = &trusted_nv_ctr, 22835988193SPankaj Gupta .plat_nv_ctr = &trusted_nv_ctr 22935988193SPankaj Gupta } 23035988193SPankaj Gupta } 23135988193SPankaj Gupta }, 23235988193SPankaj Gupta .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 23335988193SPankaj Gupta [0] = { 23435988193SPankaj Gupta .type_desc = &soc_fw_hash, 23535988193SPankaj Gupta .data = { 23635988193SPankaj Gupta .ptr = (void *)soc_fw_hash_buf, 23735988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 23835988193SPankaj Gupta } 23935988193SPankaj Gupta }, 24035988193SPankaj Gupta [1] = { 24135988193SPankaj Gupta .type_desc = &soc_fw_config_hash, 24235988193SPankaj Gupta .data = { 24335988193SPankaj Gupta .ptr = (void *)soc_fw_config_hash_buf, 24435988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 24535988193SPankaj Gupta } 24635988193SPankaj Gupta } 24735988193SPankaj Gupta } 24835988193SPankaj Gupta }; 24935988193SPankaj Gupta static const auth_img_desc_t bl31_image = { 25035988193SPankaj Gupta .img_id = BL31_IMAGE_ID, 25135988193SPankaj Gupta .img_type = IMG_RAW, 25235988193SPankaj Gupta .parent = &soc_fw_content_cert, 25335988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 25435988193SPankaj Gupta [0] = { 25535988193SPankaj Gupta .type = AUTH_METHOD_HASH, 25635988193SPankaj Gupta .param.hash = { 25735988193SPankaj Gupta .data = &raw_data, 25835988193SPankaj Gupta .hash = &soc_fw_hash 25935988193SPankaj Gupta } 26035988193SPankaj Gupta } 26135988193SPankaj Gupta } 26235988193SPankaj Gupta }; 26335988193SPankaj Gupta /* SOC FW Config */ 26435988193SPankaj Gupta static const auth_img_desc_t soc_fw_config = { 26535988193SPankaj Gupta .img_id = SOC_FW_CONFIG_ID, 26635988193SPankaj Gupta .img_type = IMG_RAW, 26735988193SPankaj Gupta .parent = &soc_fw_content_cert, 26835988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 26935988193SPankaj Gupta [0] = { 27035988193SPankaj Gupta .type = AUTH_METHOD_HASH, 27135988193SPankaj Gupta .param.hash = { 27235988193SPankaj Gupta .data = &raw_data, 27335988193SPankaj Gupta .hash = &soc_fw_config_hash 27435988193SPankaj Gupta } 27535988193SPankaj Gupta } 27635988193SPankaj Gupta } 27735988193SPankaj Gupta }; 27835988193SPankaj Gupta /* 27935988193SPankaj Gupta * Trusted OS Firmware 28035988193SPankaj Gupta */ 28135988193SPankaj Gupta static const auth_img_desc_t trusted_os_fw_key_cert = { 28235988193SPankaj Gupta .img_id = TRUSTED_OS_FW_KEY_CERT_ID, 28335988193SPankaj Gupta .img_type = IMG_CERT, 28435988193SPankaj Gupta .parent = &trusted_key_cert, 28535988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 28635988193SPankaj Gupta [0] = { 28735988193SPankaj Gupta .type = AUTH_METHOD_SIG, 28835988193SPankaj Gupta .param.sig = { 28935988193SPankaj Gupta .pk = &trusted_world_pk, 29035988193SPankaj Gupta .sig = &sig, 29135988193SPankaj Gupta .alg = &sig_alg, 29235988193SPankaj Gupta .data = &raw_data 29335988193SPankaj Gupta } 29435988193SPankaj Gupta }, 29535988193SPankaj Gupta [1] = { 29635988193SPankaj Gupta .type = AUTH_METHOD_NV_CTR, 29735988193SPankaj Gupta .param.nv_ctr = { 29835988193SPankaj Gupta .cert_nv_ctr = &trusted_nv_ctr, 29935988193SPankaj Gupta .plat_nv_ctr = &trusted_nv_ctr 30035988193SPankaj Gupta } 30135988193SPankaj Gupta } 30235988193SPankaj Gupta }, 30335988193SPankaj Gupta .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 30435988193SPankaj Gupta [0] = { 30535988193SPankaj Gupta .type_desc = &tos_fw_content_pk, 30635988193SPankaj Gupta .data = { 30735988193SPankaj Gupta .ptr = (void *)content_pk_buf, 30835988193SPankaj Gupta .len = (unsigned int)PK_DER_LEN 30935988193SPankaj Gupta } 31035988193SPankaj Gupta } 31135988193SPankaj Gupta } 31235988193SPankaj Gupta }; 31335988193SPankaj Gupta static const auth_img_desc_t trusted_os_fw_content_cert = { 31435988193SPankaj Gupta .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID, 31535988193SPankaj Gupta .img_type = IMG_CERT, 31635988193SPankaj Gupta .parent = &trusted_os_fw_key_cert, 31735988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 31835988193SPankaj Gupta [0] = { 31935988193SPankaj Gupta .type = AUTH_METHOD_SIG, 32035988193SPankaj Gupta .param.sig = { 32135988193SPankaj Gupta .pk = &tos_fw_content_pk, 32235988193SPankaj Gupta .sig = &sig, 32335988193SPankaj Gupta .alg = &sig_alg, 32435988193SPankaj Gupta .data = &raw_data 32535988193SPankaj Gupta } 32635988193SPankaj Gupta }, 32735988193SPankaj Gupta [1] = { 32835988193SPankaj Gupta .type = AUTH_METHOD_NV_CTR, 32935988193SPankaj Gupta .param.nv_ctr = { 33035988193SPankaj Gupta .cert_nv_ctr = &trusted_nv_ctr, 33135988193SPankaj Gupta .plat_nv_ctr = &trusted_nv_ctr 33235988193SPankaj Gupta } 33335988193SPankaj Gupta } 33435988193SPankaj Gupta }, 33535988193SPankaj Gupta .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 33635988193SPankaj Gupta [0] = { 33735988193SPankaj Gupta .type_desc = &tos_fw_hash, 33835988193SPankaj Gupta .data = { 33935988193SPankaj Gupta .ptr = (void *)tos_fw_hash_buf, 34035988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 34135988193SPankaj Gupta } 34235988193SPankaj Gupta }, 34335988193SPankaj Gupta [1] = { 34435988193SPankaj Gupta .type_desc = &tos_fw_extra1_hash, 34535988193SPankaj Gupta .data = { 34635988193SPankaj Gupta .ptr = (void *)tos_fw_extra1_hash_buf, 34735988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 34835988193SPankaj Gupta } 34935988193SPankaj Gupta }, 35035988193SPankaj Gupta [2] = { 35135988193SPankaj Gupta .type_desc = &tos_fw_extra2_hash, 35235988193SPankaj Gupta .data = { 35335988193SPankaj Gupta .ptr = (void *)tos_fw_extra2_hash_buf, 35435988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 35535988193SPankaj Gupta } 35635988193SPankaj Gupta }, 35735988193SPankaj Gupta [3] = { 35835988193SPankaj Gupta .type_desc = &tos_fw_config_hash, 35935988193SPankaj Gupta .data = { 36035988193SPankaj Gupta .ptr = (void *)tos_fw_config_hash_buf, 36135988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 36235988193SPankaj Gupta } 36335988193SPankaj Gupta } 36435988193SPankaj Gupta } 36535988193SPankaj Gupta }; 36635988193SPankaj Gupta static const auth_img_desc_t bl32_image = { 36735988193SPankaj Gupta .img_id = BL32_IMAGE_ID, 36835988193SPankaj Gupta .img_type = IMG_RAW, 36935988193SPankaj Gupta .parent = &trusted_os_fw_content_cert, 37035988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 37135988193SPankaj Gupta [0] = { 37235988193SPankaj Gupta .type = AUTH_METHOD_HASH, 37335988193SPankaj Gupta .param.hash = { 37435988193SPankaj Gupta .data = &raw_data, 37535988193SPankaj Gupta .hash = &tos_fw_hash 37635988193SPankaj Gupta } 37735988193SPankaj Gupta } 37835988193SPankaj Gupta } 37935988193SPankaj Gupta }; 38035988193SPankaj Gupta static const auth_img_desc_t bl32_extra1_image = { 38135988193SPankaj Gupta .img_id = BL32_EXTRA1_IMAGE_ID, 38235988193SPankaj Gupta .img_type = IMG_RAW, 38335988193SPankaj Gupta .parent = &trusted_os_fw_content_cert, 38435988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 38535988193SPankaj Gupta [0] = { 38635988193SPankaj Gupta .type = AUTH_METHOD_HASH, 38735988193SPankaj Gupta .param.hash = { 38835988193SPankaj Gupta .data = &raw_data, 38935988193SPankaj Gupta .hash = &tos_fw_extra1_hash 39035988193SPankaj Gupta } 39135988193SPankaj Gupta } 39235988193SPankaj Gupta } 39335988193SPankaj Gupta }; 39435988193SPankaj Gupta static const auth_img_desc_t bl32_extra2_image = { 39535988193SPankaj Gupta .img_id = BL32_EXTRA2_IMAGE_ID, 39635988193SPankaj Gupta .img_type = IMG_RAW, 39735988193SPankaj Gupta .parent = &trusted_os_fw_content_cert, 39835988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 39935988193SPankaj Gupta [0] = { 40035988193SPankaj Gupta .type = AUTH_METHOD_HASH, 40135988193SPankaj Gupta .param.hash = { 40235988193SPankaj Gupta .data = &raw_data, 40335988193SPankaj Gupta .hash = &tos_fw_extra2_hash 40435988193SPankaj Gupta } 40535988193SPankaj Gupta } 40635988193SPankaj Gupta } 40735988193SPankaj Gupta }; 40835988193SPankaj Gupta /* TOS FW Config */ 40935988193SPankaj Gupta static const auth_img_desc_t tos_fw_config = { 41035988193SPankaj Gupta .img_id = TOS_FW_CONFIG_ID, 41135988193SPankaj Gupta .img_type = IMG_RAW, 41235988193SPankaj Gupta .parent = &trusted_os_fw_content_cert, 41335988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 41435988193SPankaj Gupta [0] = { 41535988193SPankaj Gupta .type = AUTH_METHOD_HASH, 41635988193SPankaj Gupta .param.hash = { 41735988193SPankaj Gupta .data = &raw_data, 41835988193SPankaj Gupta .hash = &tos_fw_config_hash 41935988193SPankaj Gupta } 42035988193SPankaj Gupta } 42135988193SPankaj Gupta } 42235988193SPankaj Gupta }; 42335988193SPankaj Gupta /* 42435988193SPankaj Gupta * Non-Trusted Firmware 42535988193SPankaj Gupta */ 42635988193SPankaj Gupta static const auth_img_desc_t non_trusted_fw_key_cert = { 42735988193SPankaj Gupta .img_id = NON_TRUSTED_FW_KEY_CERT_ID, 42835988193SPankaj Gupta .img_type = IMG_CERT, 42935988193SPankaj Gupta .parent = &trusted_key_cert, 43035988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 43135988193SPankaj Gupta [0] = { 43235988193SPankaj Gupta .type = AUTH_METHOD_SIG, 43335988193SPankaj Gupta .param.sig = { 43435988193SPankaj Gupta .pk = &non_trusted_world_pk, 43535988193SPankaj Gupta .sig = &sig, 43635988193SPankaj Gupta .alg = &sig_alg, 43735988193SPankaj Gupta .data = &raw_data 43835988193SPankaj Gupta } 43935988193SPankaj Gupta }, 44035988193SPankaj Gupta [1] = { 44135988193SPankaj Gupta .type = AUTH_METHOD_NV_CTR, 44235988193SPankaj Gupta .param.nv_ctr = { 44335988193SPankaj Gupta .cert_nv_ctr = &non_trusted_nv_ctr, 44435988193SPankaj Gupta .plat_nv_ctr = &non_trusted_nv_ctr 44535988193SPankaj Gupta } 44635988193SPankaj Gupta } 44735988193SPankaj Gupta }, 44835988193SPankaj Gupta .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 44935988193SPankaj Gupta [0] = { 45035988193SPankaj Gupta .type_desc = &nt_fw_content_pk, 45135988193SPankaj Gupta .data = { 45235988193SPankaj Gupta .ptr = (void *)content_pk_buf, 45335988193SPankaj Gupta .len = (unsigned int)PK_DER_LEN 45435988193SPankaj Gupta } 45535988193SPankaj Gupta } 45635988193SPankaj Gupta } 45735988193SPankaj Gupta }; 45835988193SPankaj Gupta static const auth_img_desc_t non_trusted_fw_content_cert = { 45935988193SPankaj Gupta .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID, 46035988193SPankaj Gupta .img_type = IMG_CERT, 46135988193SPankaj Gupta .parent = &non_trusted_fw_key_cert, 46235988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 46335988193SPankaj Gupta [0] = { 46435988193SPankaj Gupta .type = AUTH_METHOD_SIG, 46535988193SPankaj Gupta .param.sig = { 46635988193SPankaj Gupta .pk = &nt_fw_content_pk, 46735988193SPankaj Gupta .sig = &sig, 46835988193SPankaj Gupta .alg = &sig_alg, 46935988193SPankaj Gupta .data = &raw_data 47035988193SPankaj Gupta } 47135988193SPankaj Gupta }, 47235988193SPankaj Gupta [1] = { 47335988193SPankaj Gupta .type = AUTH_METHOD_NV_CTR, 47435988193SPankaj Gupta .param.nv_ctr = { 47535988193SPankaj Gupta .cert_nv_ctr = &non_trusted_nv_ctr, 47635988193SPankaj Gupta .plat_nv_ctr = &non_trusted_nv_ctr 47735988193SPankaj Gupta } 47835988193SPankaj Gupta } 47935988193SPankaj Gupta }, 48035988193SPankaj Gupta .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 48135988193SPankaj Gupta [0] = { 48235988193SPankaj Gupta .type_desc = &nt_world_bl_hash, 48335988193SPankaj Gupta .data = { 48435988193SPankaj Gupta .ptr = (void *)nt_world_bl_hash_buf, 48535988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 48635988193SPankaj Gupta } 48735988193SPankaj Gupta }, 48835988193SPankaj Gupta [1] = { 48935988193SPankaj Gupta .type_desc = &nt_fw_config_hash, 49035988193SPankaj Gupta .data = { 49135988193SPankaj Gupta .ptr = (void *)nt_fw_config_hash_buf, 49235988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 49335988193SPankaj Gupta } 49435988193SPankaj Gupta } 49535988193SPankaj Gupta } 49635988193SPankaj Gupta }; 49735988193SPankaj Gupta static const auth_img_desc_t bl33_image = { 49835988193SPankaj Gupta .img_id = BL33_IMAGE_ID, 49935988193SPankaj Gupta .img_type = IMG_RAW, 50035988193SPankaj Gupta .parent = &non_trusted_fw_content_cert, 50135988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 50235988193SPankaj Gupta [0] = { 50335988193SPankaj Gupta .type = AUTH_METHOD_HASH, 50435988193SPankaj Gupta .param.hash = { 50535988193SPankaj Gupta .data = &raw_data, 50635988193SPankaj Gupta .hash = &nt_world_bl_hash 50735988193SPankaj Gupta } 50835988193SPankaj Gupta } 50935988193SPankaj Gupta } 51035988193SPankaj Gupta }; 51135988193SPankaj Gupta /* NT FW Config */ 51235988193SPankaj Gupta static const auth_img_desc_t nt_fw_config = { 51335988193SPankaj Gupta .img_id = NT_FW_CONFIG_ID, 51435988193SPankaj Gupta .img_type = IMG_RAW, 51535988193SPankaj Gupta .parent = &non_trusted_fw_content_cert, 51635988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 51735988193SPankaj Gupta [0] = { 51835988193SPankaj Gupta .type = AUTH_METHOD_HASH, 51935988193SPankaj Gupta .param.hash = { 52035988193SPankaj Gupta .data = &raw_data, 52135988193SPankaj Gupta .hash = &nt_fw_config_hash 52235988193SPankaj Gupta } 52335988193SPankaj Gupta } 52435988193SPankaj Gupta } 52535988193SPankaj Gupta }; 52635988193SPankaj Gupta #ifdef CONFIG_DDR_FIP_IMAGE 52735988193SPankaj Gupta /* 52835988193SPankaj Gupta * DDR Firmware 52935988193SPankaj Gupta */ 53035988193SPankaj Gupta static const auth_img_desc_t ddr_fw_key_cert = { 53135988193SPankaj Gupta .img_id = DDR_FW_KEY_CERT_ID, 53235988193SPankaj Gupta .img_type = IMG_CERT, 53335988193SPankaj Gupta .parent = &trusted_key_cert, 53435988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 53535988193SPankaj Gupta [0] = { 53635988193SPankaj Gupta .type = AUTH_METHOD_SIG, 53735988193SPankaj Gupta .param.sig = { 53835988193SPankaj Gupta .pk = &trusted_world_pk, 53935988193SPankaj Gupta .sig = &sig, 54035988193SPankaj Gupta .alg = &sig_alg, 54135988193SPankaj Gupta .data = &raw_data 54235988193SPankaj Gupta } 54335988193SPankaj Gupta }, 54435988193SPankaj Gupta [1] = { 54535988193SPankaj Gupta .type = AUTH_METHOD_NV_CTR, 54635988193SPankaj Gupta .param.nv_ctr = { 54735988193SPankaj Gupta .cert_nv_ctr = &trusted_nv_ctr, 54835988193SPankaj Gupta .plat_nv_ctr = &trusted_nv_ctr 54935988193SPankaj Gupta } 55035988193SPankaj Gupta } 55135988193SPankaj Gupta }, 55235988193SPankaj Gupta .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 55335988193SPankaj Gupta [0] = { 55435988193SPankaj Gupta .type_desc = &ddr_fw_content_pk, 55535988193SPankaj Gupta .data = { 55635988193SPankaj Gupta .ptr = (void *)ddr_fw_content_pk_buf, 55735988193SPankaj Gupta .len = (unsigned int)PK_DER_LEN 55835988193SPankaj Gupta } 55935988193SPankaj Gupta } 56035988193SPankaj Gupta } 56135988193SPankaj Gupta }; 56235988193SPankaj Gupta static const auth_img_desc_t ddr_udimm_fw_content_cert = { 56335988193SPankaj Gupta .img_id = DDR_UDIMM_FW_CONTENT_CERT_ID, 56435988193SPankaj Gupta .img_type = IMG_CERT, 56535988193SPankaj Gupta .parent = &ddr_fw_key_cert, 56635988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 56735988193SPankaj Gupta [0] = { 56835988193SPankaj Gupta .type = AUTH_METHOD_SIG, 56935988193SPankaj Gupta .param.sig = { 57035988193SPankaj Gupta .pk = &ddr_fw_content_pk, 57135988193SPankaj Gupta .sig = &sig, 57235988193SPankaj Gupta .alg = &sig_alg, 57335988193SPankaj Gupta .data = &raw_data 57435988193SPankaj Gupta } 57535988193SPankaj Gupta }, 57635988193SPankaj Gupta [1] = { 57735988193SPankaj Gupta .type = AUTH_METHOD_NV_CTR, 57835988193SPankaj Gupta .param.nv_ctr = { 57935988193SPankaj Gupta .cert_nv_ctr = &trusted_nv_ctr, 58035988193SPankaj Gupta .plat_nv_ctr = &trusted_nv_ctr 58135988193SPankaj Gupta } 58235988193SPankaj Gupta } 58335988193SPankaj Gupta }, 58435988193SPankaj Gupta .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 58535988193SPankaj Gupta [0] = { 58635988193SPankaj Gupta .type_desc = &ddr_imem_udimm_1d_fw_hash, 58735988193SPankaj Gupta .data = { 58835988193SPankaj Gupta .ptr = (void *)ddr_imem_udimm_1d_hash_buf, 58935988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 59035988193SPankaj Gupta } 59135988193SPankaj Gupta }, 59235988193SPankaj Gupta [1] = { 59335988193SPankaj Gupta .type_desc = &ddr_imem_udimm_2d_fw_hash, 59435988193SPankaj Gupta .data = { 59535988193SPankaj Gupta .ptr = (void *)ddr_imem_udimm_2d_hash_buf, 59635988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 59735988193SPankaj Gupta } 59835988193SPankaj Gupta }, 59935988193SPankaj Gupta [2] = { 60035988193SPankaj Gupta .type_desc = &ddr_dmem_udimm_1d_fw_hash, 60135988193SPankaj Gupta .data = { 60235988193SPankaj Gupta .ptr = (void *)ddr_dmem_udimm_1d_hash_buf, 60335988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 60435988193SPankaj Gupta } 60535988193SPankaj Gupta }, 60635988193SPankaj Gupta [3] = { 60735988193SPankaj Gupta .type_desc = &ddr_dmem_udimm_2d_fw_hash, 60835988193SPankaj Gupta .data = { 60935988193SPankaj Gupta .ptr = (void *)ddr_dmem_udimm_2d_hash_buf, 61035988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 61135988193SPankaj Gupta } 61235988193SPankaj Gupta }, 61335988193SPankaj Gupta } 61435988193SPankaj Gupta }; 61535988193SPankaj Gupta 61635988193SPankaj Gupta static const auth_img_desc_t ddr_imem_udimm_1d_img = { 61735988193SPankaj Gupta .img_id = DDR_IMEM_UDIMM_1D_IMAGE_ID, 61835988193SPankaj Gupta .img_type = IMG_RAW, 61935988193SPankaj Gupta .parent = &ddr_udimm_fw_content_cert, 62035988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 62135988193SPankaj Gupta [0] = { 62235988193SPankaj Gupta .type = AUTH_METHOD_HASH, 62335988193SPankaj Gupta .param.hash = { 62435988193SPankaj Gupta .data = &raw_data, 62535988193SPankaj Gupta .hash = &ddr_imem_udimm_1d_fw_hash 62635988193SPankaj Gupta } 62735988193SPankaj Gupta } 62835988193SPankaj Gupta } 62935988193SPankaj Gupta }; 63035988193SPankaj Gupta static const auth_img_desc_t ddr_imem_udimm_2d_img = { 63135988193SPankaj Gupta .img_id = DDR_IMEM_UDIMM_2D_IMAGE_ID, 63235988193SPankaj Gupta .img_type = IMG_RAW, 63335988193SPankaj Gupta .parent = &ddr_udimm_fw_content_cert, 63435988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 63535988193SPankaj Gupta [0] = { 63635988193SPankaj Gupta .type = AUTH_METHOD_HASH, 63735988193SPankaj Gupta .param.hash = { 63835988193SPankaj Gupta .data = &raw_data, 63935988193SPankaj Gupta .hash = &ddr_imem_udimm_2d_fw_hash 64035988193SPankaj Gupta } 64135988193SPankaj Gupta } 64235988193SPankaj Gupta } 64335988193SPankaj Gupta }; 64435988193SPankaj Gupta static const auth_img_desc_t ddr_dmem_udimm_1d_img = { 64535988193SPankaj Gupta .img_id = DDR_DMEM_UDIMM_1D_IMAGE_ID, 64635988193SPankaj Gupta .img_type = IMG_RAW, 64735988193SPankaj Gupta .parent = &ddr_udimm_fw_content_cert, 64835988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 64935988193SPankaj Gupta [0] = { 65035988193SPankaj Gupta .type = AUTH_METHOD_HASH, 65135988193SPankaj Gupta .param.hash = { 65235988193SPankaj Gupta .data = &raw_data, 65335988193SPankaj Gupta .hash = &ddr_dmem_udimm_1d_fw_hash 65435988193SPankaj Gupta } 65535988193SPankaj Gupta } 65635988193SPankaj Gupta } 65735988193SPankaj Gupta }; 65835988193SPankaj Gupta static const auth_img_desc_t ddr_dmem_udimm_2d_img = { 65935988193SPankaj Gupta .img_id = DDR_DMEM_UDIMM_2D_IMAGE_ID, 66035988193SPankaj Gupta .img_type = IMG_RAW, 66135988193SPankaj Gupta .parent = &ddr_udimm_fw_content_cert, 66235988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 66335988193SPankaj Gupta [0] = { 66435988193SPankaj Gupta .type = AUTH_METHOD_HASH, 66535988193SPankaj Gupta .param.hash = { 66635988193SPankaj Gupta .data = &raw_data, 66735988193SPankaj Gupta .hash = &ddr_dmem_udimm_2d_fw_hash 66835988193SPankaj Gupta } 66935988193SPankaj Gupta } 67035988193SPankaj Gupta } 67135988193SPankaj Gupta }; 67235988193SPankaj Gupta 67335988193SPankaj Gupta static const auth_img_desc_t ddr_rdimm_fw_content_cert = { 67435988193SPankaj Gupta .img_id = DDR_RDIMM_FW_CONTENT_CERT_ID, 67535988193SPankaj Gupta .img_type = IMG_CERT, 67635988193SPankaj Gupta .parent = &ddr_fw_key_cert, 67735988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 67835988193SPankaj Gupta [0] = { 67935988193SPankaj Gupta .type = AUTH_METHOD_SIG, 68035988193SPankaj Gupta .param.sig = { 68135988193SPankaj Gupta .pk = &ddr_fw_content_pk, 68235988193SPankaj Gupta .sig = &sig, 68335988193SPankaj Gupta .alg = &sig_alg, 68435988193SPankaj Gupta .data = &raw_data 68535988193SPankaj Gupta } 68635988193SPankaj Gupta }, 68735988193SPankaj Gupta [1] = { 68835988193SPankaj Gupta .type = AUTH_METHOD_NV_CTR, 68935988193SPankaj Gupta .param.nv_ctr = { 69035988193SPankaj Gupta .cert_nv_ctr = &trusted_nv_ctr, 69135988193SPankaj Gupta .plat_nv_ctr = &trusted_nv_ctr 69235988193SPankaj Gupta } 69335988193SPankaj Gupta } 69435988193SPankaj Gupta }, 69535988193SPankaj Gupta .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 69635988193SPankaj Gupta [0] = { 69735988193SPankaj Gupta .type_desc = &ddr_imem_rdimm_1d_fw_hash, 69835988193SPankaj Gupta .data = { 69935988193SPankaj Gupta .ptr = (void *)ddr_imem_rdimm_1d_hash_buf, 70035988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 70135988193SPankaj Gupta } 70235988193SPankaj Gupta }, 70335988193SPankaj Gupta [1] = { 70435988193SPankaj Gupta .type_desc = &ddr_imem_rdimm_2d_fw_hash, 70535988193SPankaj Gupta .data = { 70635988193SPankaj Gupta .ptr = (void *)ddr_imem_rdimm_2d_hash_buf, 70735988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 70835988193SPankaj Gupta } 70935988193SPankaj Gupta }, 71035988193SPankaj Gupta [2] = { 71135988193SPankaj Gupta .type_desc = &ddr_dmem_rdimm_1d_fw_hash, 71235988193SPankaj Gupta .data = { 71335988193SPankaj Gupta .ptr = (void *)ddr_dmem_rdimm_1d_hash_buf, 71435988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 71535988193SPankaj Gupta } 71635988193SPankaj Gupta }, 71735988193SPankaj Gupta [3] = { 71835988193SPankaj Gupta .type_desc = &ddr_dmem_rdimm_2d_fw_hash, 71935988193SPankaj Gupta .data = { 72035988193SPankaj Gupta .ptr = (void *)ddr_dmem_rdimm_2d_hash_buf, 72135988193SPankaj Gupta .len = (unsigned int)HASH_DER_LEN 72235988193SPankaj Gupta } 72335988193SPankaj Gupta }, 72435988193SPankaj Gupta } 72535988193SPankaj Gupta }; 72635988193SPankaj Gupta 72735988193SPankaj Gupta static const auth_img_desc_t ddr_imem_rdimm_1d_img = { 72835988193SPankaj Gupta .img_id = DDR_IMEM_RDIMM_1D_IMAGE_ID, 72935988193SPankaj Gupta .img_type = IMG_RAW, 73035988193SPankaj Gupta .parent = &ddr_rdimm_fw_content_cert, 73135988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 73235988193SPankaj Gupta [0] = { 73335988193SPankaj Gupta .type = AUTH_METHOD_HASH, 73435988193SPankaj Gupta .param.hash = { 73535988193SPankaj Gupta .data = &raw_data, 73635988193SPankaj Gupta .hash = &ddr_imem_rdimm_1d_fw_hash 73735988193SPankaj Gupta } 73835988193SPankaj Gupta } 73935988193SPankaj Gupta } 74035988193SPankaj Gupta }; 74135988193SPankaj Gupta static const auth_img_desc_t ddr_imem_rdimm_2d_img = { 74235988193SPankaj Gupta .img_id = DDR_IMEM_RDIMM_2D_IMAGE_ID, 74335988193SPankaj Gupta .img_type = IMG_RAW, 74435988193SPankaj Gupta .parent = &ddr_rdimm_fw_content_cert, 74535988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 74635988193SPankaj Gupta [0] = { 74735988193SPankaj Gupta .type = AUTH_METHOD_HASH, 74835988193SPankaj Gupta .param.hash = { 74935988193SPankaj Gupta .data = &raw_data, 75035988193SPankaj Gupta .hash = &ddr_imem_rdimm_2d_fw_hash 75135988193SPankaj Gupta } 75235988193SPankaj Gupta } 75335988193SPankaj Gupta } 75435988193SPankaj Gupta }; 75535988193SPankaj Gupta static const auth_img_desc_t ddr_dmem_rdimm_1d_img = { 75635988193SPankaj Gupta .img_id = DDR_DMEM_RDIMM_1D_IMAGE_ID, 75735988193SPankaj Gupta .img_type = IMG_RAW, 75835988193SPankaj Gupta .parent = &ddr_rdimm_fw_content_cert, 75935988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 76035988193SPankaj Gupta [0] = { 76135988193SPankaj Gupta .type = AUTH_METHOD_HASH, 76235988193SPankaj Gupta .param.hash = { 76335988193SPankaj Gupta .data = &raw_data, 76435988193SPankaj Gupta .hash = &ddr_dmem_rdimm_1d_fw_hash 76535988193SPankaj Gupta } 76635988193SPankaj Gupta } 76735988193SPankaj Gupta } 76835988193SPankaj Gupta }; 76935988193SPankaj Gupta static const auth_img_desc_t ddr_dmem_rdimm_2d_img = { 77035988193SPankaj Gupta .img_id = DDR_DMEM_RDIMM_2D_IMAGE_ID, 77135988193SPankaj Gupta .img_type = IMG_RAW, 77235988193SPankaj Gupta .parent = &ddr_rdimm_fw_content_cert, 77335988193SPankaj Gupta .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 77435988193SPankaj Gupta [0] = { 77535988193SPankaj Gupta .type = AUTH_METHOD_HASH, 77635988193SPankaj Gupta .param.hash = { 77735988193SPankaj Gupta .data = &raw_data, 77835988193SPankaj Gupta .hash = &ddr_dmem_rdimm_2d_fw_hash 77935988193SPankaj Gupta } 78035988193SPankaj Gupta } 78135988193SPankaj Gupta } 78235988193SPankaj Gupta }; 78335988193SPankaj Gupta #endif 78435988193SPankaj Gupta 78535988193SPankaj Gupta /* 78635988193SPankaj Gupta * TBBR Chain of trust definition 78735988193SPankaj Gupta */ 78835988193SPankaj Gupta 78935988193SPankaj Gupta static const auth_img_desc_t * const cot_desc[] = { 79035988193SPankaj Gupta [TRUSTED_KEY_CERT_ID] = &trusted_key_cert, 79135988193SPankaj Gupta [SOC_FW_KEY_CERT_ID] = &soc_fw_key_cert, 79235988193SPankaj Gupta [SOC_FW_CONTENT_CERT_ID] = &soc_fw_content_cert, 79335988193SPankaj Gupta [BL31_IMAGE_ID] = &bl31_image, 79435988193SPankaj Gupta [SOC_FW_CONFIG_ID] = &soc_fw_config, 79535988193SPankaj Gupta [TRUSTED_OS_FW_KEY_CERT_ID] = &trusted_os_fw_key_cert, 79635988193SPankaj Gupta [TRUSTED_OS_FW_CONTENT_CERT_ID] = &trusted_os_fw_content_cert, 79735988193SPankaj Gupta [BL32_IMAGE_ID] = &bl32_image, 79835988193SPankaj Gupta [BL32_EXTRA1_IMAGE_ID] = &bl32_extra1_image, 79935988193SPankaj Gupta [BL32_EXTRA2_IMAGE_ID] = &bl32_extra2_image, 80035988193SPankaj Gupta [TOS_FW_CONFIG_ID] = &tos_fw_config, 80135988193SPankaj Gupta [NON_TRUSTED_FW_KEY_CERT_ID] = &non_trusted_fw_key_cert, 80235988193SPankaj Gupta [NON_TRUSTED_FW_CONTENT_CERT_ID] = &non_trusted_fw_content_cert, 80335988193SPankaj Gupta [BL33_IMAGE_ID] = &bl33_image, 80435988193SPankaj Gupta [NT_FW_CONFIG_ID] = &nt_fw_config, 80535988193SPankaj Gupta #ifdef CONFIG_DDR_FIP_IMAGE 80635988193SPankaj Gupta [DDR_FW_KEY_CERT_ID] = &ddr_fw_key_cert, 80735988193SPankaj Gupta [DDR_UDIMM_FW_CONTENT_CERT_ID] = &ddr_udimm_fw_content_cert, 80835988193SPankaj Gupta [DDR_RDIMM_FW_CONTENT_CERT_ID] = &ddr_rdimm_fw_content_cert, 80935988193SPankaj Gupta [DDR_IMEM_UDIMM_1D_IMAGE_ID] = &ddr_imem_udimm_1d_img, 81035988193SPankaj Gupta [DDR_IMEM_UDIMM_2D_IMAGE_ID] = &ddr_imem_udimm_2d_img, 81135988193SPankaj Gupta [DDR_DMEM_UDIMM_1D_IMAGE_ID] = &ddr_dmem_udimm_1d_img, 81235988193SPankaj Gupta [DDR_DMEM_UDIMM_2D_IMAGE_ID] = &ddr_dmem_udimm_2d_img, 81335988193SPankaj Gupta [DDR_IMEM_RDIMM_1D_IMAGE_ID] = &ddr_imem_rdimm_1d_img, 81435988193SPankaj Gupta [DDR_IMEM_RDIMM_2D_IMAGE_ID] = &ddr_imem_rdimm_2d_img, 81535988193SPankaj Gupta [DDR_DMEM_RDIMM_1D_IMAGE_ID] = &ddr_dmem_rdimm_1d_img, 81635988193SPankaj Gupta [DDR_DMEM_RDIMM_2D_IMAGE_ID] = &ddr_dmem_rdimm_2d_img, 81735988193SPankaj Gupta #endif 81835988193SPankaj Gupta }; 81935988193SPankaj Gupta 82035988193SPankaj Gupta /* Register the CoT in the authentication module */ 82135988193SPankaj Gupta REGISTER_COT(cot_desc); 822