1*1e8b5354SBoyan Karatotev/* 2*1e8b5354SBoyan Karatotev * Copyright (c) 2023-2024, Arm Limited. All rights reserved. 3*1e8b5354SBoyan Karatotev * 4*1e8b5354SBoyan Karatotev * SPDX-License-Identifier: BSD-3-Clause 5*1e8b5354SBoyan Karatotev */ 6*1e8b5354SBoyan Karatotev 7*1e8b5354SBoyan Karatotev#include <tools_share/cca_oid.h> 8*1e8b5354SBoyan Karatotev#include <common/tbbr/tbbr_img_def.h> 9*1e8b5354SBoyan Karatotev#include <common/nv_cntr_ids.h> 10*1e8b5354SBoyan Karatotev 11*1e8b5354SBoyan Karatotevcot { 12*1e8b5354SBoyan Karatotev manifests { 13*1e8b5354SBoyan Karatotev compatible = "arm, cert-descs"; 14*1e8b5354SBoyan Karatotev 15*1e8b5354SBoyan Karatotev cca_content_cert: cca_content_cert { 16*1e8b5354SBoyan Karatotev root-certificate; 17*1e8b5354SBoyan Karatotev image-id =<CCA_CONTENT_CERT_ID>; 18*1e8b5354SBoyan Karatotev antirollback-counter = <&cca_nv_ctr>; 19*1e8b5354SBoyan Karatotev 20*1e8b5354SBoyan Karatotev tb_fw_hash: tb_fw_hash { 21*1e8b5354SBoyan Karatotev oid = TRUSTED_BOOT_FW_HASH_OID; 22*1e8b5354SBoyan Karatotev }; 23*1e8b5354SBoyan Karatotev tb_fw_config_hash: tb_fw_config_hash { 24*1e8b5354SBoyan Karatotev oid = TRUSTED_BOOT_FW_CONFIG_HASH_OID; 25*1e8b5354SBoyan Karatotev }; 26*1e8b5354SBoyan Karatotev hw_config_hash: hw_config_hash { 27*1e8b5354SBoyan Karatotev oid = HW_CONFIG_HASH_OID; 28*1e8b5354SBoyan Karatotev }; 29*1e8b5354SBoyan Karatotev fw_config_hash: fw_config_hash { 30*1e8b5354SBoyan Karatotev oid = FW_CONFIG_HASH_OID; 31*1e8b5354SBoyan Karatotev }; 32*1e8b5354SBoyan Karatotev soc_fw_hash: soc_fw_hash { 33*1e8b5354SBoyan Karatotev oid = SOC_AP_FW_HASH_OID; 34*1e8b5354SBoyan Karatotev }; 35*1e8b5354SBoyan Karatotev soc_fw_config_hash: soc_fw_config_hash { 36*1e8b5354SBoyan Karatotev oid = SOC_FW_CONFIG_HASH_OID; 37*1e8b5354SBoyan Karatotev }; 38*1e8b5354SBoyan Karatotev rmm_hash: rmm_hash { 39*1e8b5354SBoyan Karatotev oid = RMM_HASH_OID; 40*1e8b5354SBoyan Karatotev }; 41*1e8b5354SBoyan Karatotev }; 42*1e8b5354SBoyan Karatotev 43*1e8b5354SBoyan Karatotev core_swd_key_cert: core_swd_key_cert { 44*1e8b5354SBoyan Karatotev root-certificate; 45*1e8b5354SBoyan Karatotev image-id = <CORE_SWD_KEY_CERT_ID>; 46*1e8b5354SBoyan Karatotev signing-key = <&swd_rot_pk>; 47*1e8b5354SBoyan Karatotev antirollback-counter = <&trusted_nv_ctr>; 48*1e8b5354SBoyan Karatotev 49*1e8b5354SBoyan Karatotev core_swd_pk: core_swd_pk { 50*1e8b5354SBoyan Karatotev oid = CORE_SWD_PK_OID; 51*1e8b5354SBoyan Karatotev }; 52*1e8b5354SBoyan Karatotev }; 53*1e8b5354SBoyan Karatotev 54*1e8b5354SBoyan Karatotev trusted_os_fw_content_cert: trusted_os_fw_content_cert { 55*1e8b5354SBoyan Karatotev image-id = <TRUSTED_OS_FW_CONTENT_CERT_ID>; 56*1e8b5354SBoyan Karatotev parent = <&core_swd_key_cert>; 57*1e8b5354SBoyan Karatotev signing-key = <&core_swd_pk>; 58*1e8b5354SBoyan Karatotev antirollback-counter = <&trusted_nv_ctr>; 59*1e8b5354SBoyan Karatotev 60*1e8b5354SBoyan Karatotev tos_fw_hash: tos_fw_hash { 61*1e8b5354SBoyan Karatotev oid = TRUSTED_OS_FW_HASH_OID; 62*1e8b5354SBoyan Karatotev }; 63*1e8b5354SBoyan Karatotev tos_fw_config_hash: tos_fw_config_hash { 64*1e8b5354SBoyan Karatotev oid = TRUSTED_OS_FW_CONFIG_HASH_OID; 65*1e8b5354SBoyan Karatotev }; 66*1e8b5354SBoyan Karatotev }; 67*1e8b5354SBoyan Karatotev 68*1e8b5354SBoyan Karatotev plat_key_cert: plat_key_cert { 69*1e8b5354SBoyan Karatotev root-certificate; 70*1e8b5354SBoyan Karatotev image-id = <PLAT_KEY_CERT_ID>; 71*1e8b5354SBoyan Karatotev signing-key = <&prot_pk>; 72*1e8b5354SBoyan Karatotev antirollback-counter = <&non_trusted_nv_ctr>; 73*1e8b5354SBoyan Karatotev 74*1e8b5354SBoyan Karatotev plat_pk: plat_pk { 75*1e8b5354SBoyan Karatotev oid = PLAT_PK_OID; 76*1e8b5354SBoyan Karatotev }; 77*1e8b5354SBoyan Karatotev }; 78*1e8b5354SBoyan Karatotev 79*1e8b5354SBoyan Karatotev non_trusted_fw_content_cert: non_trusted_fw_content_cert { 80*1e8b5354SBoyan Karatotev image-id = <NON_TRUSTED_FW_CONTENT_CERT_ID>; 81*1e8b5354SBoyan Karatotev parent = <&plat_key_cert>; 82*1e8b5354SBoyan Karatotev signing-key = <&plat_pk>; 83*1e8b5354SBoyan Karatotev antirollback-counter = <&non_trusted_nv_ctr>; 84*1e8b5354SBoyan Karatotev 85*1e8b5354SBoyan Karatotev nt_world_bl_hash: nt_world_bl_hash { 86*1e8b5354SBoyan Karatotev oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID; 87*1e8b5354SBoyan Karatotev }; 88*1e8b5354SBoyan Karatotev nt_fw_config_hash: nt_fw_config_hash { 89*1e8b5354SBoyan Karatotev oid = NON_TRUSTED_FW_CONFIG_HASH_OID; 90*1e8b5354SBoyan Karatotev }; 91*1e8b5354SBoyan Karatotev }; 92*1e8b5354SBoyan Karatotev 93*1e8b5354SBoyan Karatotev#if defined(SPD_spmd) 94*1e8b5354SBoyan Karatotev sip_sp_content_cert: sip_sp_content_cert { 95*1e8b5354SBoyan Karatotev image-id = <SIP_SP_CONTENT_CERT_ID>; 96*1e8b5354SBoyan Karatotev parent = <&core_swd_key_cert>; 97*1e8b5354SBoyan Karatotev signing-key = <&core_swd_pk>; 98*1e8b5354SBoyan Karatotev antirollback-counter = <&trusted_nv_ctr>; 99*1e8b5354SBoyan Karatotev 100*1e8b5354SBoyan Karatotev sp_pkg1_hash: sp_pkg1_hash { 101*1e8b5354SBoyan Karatotev oid = SP_PKG1_HASH_OID; 102*1e8b5354SBoyan Karatotev }; 103*1e8b5354SBoyan Karatotev sp_pkg2_hash: sp_pkg2_hash { 104*1e8b5354SBoyan Karatotev oid = SP_PKG2_HASH_OID; 105*1e8b5354SBoyan Karatotev }; 106*1e8b5354SBoyan Karatotev sp_pkg3_hash: sp_pkg3_hash { 107*1e8b5354SBoyan Karatotev oid = SP_PKG3_HASH_OID; 108*1e8b5354SBoyan Karatotev }; 109*1e8b5354SBoyan Karatotev sp_pkg4_hash: sp_pkg4_hash { 110*1e8b5354SBoyan Karatotev oid = SP_PKG4_HASH_OID; 111*1e8b5354SBoyan Karatotev }; 112*1e8b5354SBoyan Karatotev }; 113*1e8b5354SBoyan Karatotev 114*1e8b5354SBoyan Karatotev plat_sp_content_cert: plat_sp_content_cert { 115*1e8b5354SBoyan Karatotev image-id = <PLAT_SP_CONTENT_CERT_ID>; 116*1e8b5354SBoyan Karatotev parent = <&plat_key_cert>; 117*1e8b5354SBoyan Karatotev signing-key = <&plat_pk>; 118*1e8b5354SBoyan Karatotev antirollback-counter = <&non_trusted_nv_ctr>; 119*1e8b5354SBoyan Karatotev 120*1e8b5354SBoyan Karatotev sp_pkg5_hash: sp_pkg5_hash { 121*1e8b5354SBoyan Karatotev oid = SP_PKG5_HASH_OID; 122*1e8b5354SBoyan Karatotev }; 123*1e8b5354SBoyan Karatotev sp_pkg6_hash: sp_pkg6_hash { 124*1e8b5354SBoyan Karatotev oid = SP_PKG6_HASH_OID; 125*1e8b5354SBoyan Karatotev }; 126*1e8b5354SBoyan Karatotev sp_pkg7_hash: sp_pkg7_hash { 127*1e8b5354SBoyan Karatotev oid = SP_PKG7_HASH_OID; 128*1e8b5354SBoyan Karatotev }; 129*1e8b5354SBoyan Karatotev sp_pkg8_hash: sp_pkg8_hash { 130*1e8b5354SBoyan Karatotev oid = SP_PKG8_HASH_OID; 131*1e8b5354SBoyan Karatotev }; 132*1e8b5354SBoyan Karatotev }; 133*1e8b5354SBoyan Karatotev#endif 134*1e8b5354SBoyan Karatotev }; 135*1e8b5354SBoyan Karatotev 136*1e8b5354SBoyan Karatotev images { 137*1e8b5354SBoyan Karatotev compatible = "arm, img-descs"; 138*1e8b5354SBoyan Karatotev 139*1e8b5354SBoyan Karatotev hw_config { 140*1e8b5354SBoyan Karatotev image-id = <HW_CONFIG_ID>; 141*1e8b5354SBoyan Karatotev parent = <&cca_content_cert>; 142*1e8b5354SBoyan Karatotev hash = <&hw_config_hash>; 143*1e8b5354SBoyan Karatotev }; 144*1e8b5354SBoyan Karatotev 145*1e8b5354SBoyan Karatotev bl31_image { 146*1e8b5354SBoyan Karatotev image-id = <BL31_IMAGE_ID>; 147*1e8b5354SBoyan Karatotev parent = <&cca_content_cert>; 148*1e8b5354SBoyan Karatotev hash = <&soc_fw_hash>; 149*1e8b5354SBoyan Karatotev }; 150*1e8b5354SBoyan Karatotev 151*1e8b5354SBoyan Karatotev soc_fw_config { 152*1e8b5354SBoyan Karatotev image-id = <SOC_FW_CONFIG_ID>; 153*1e8b5354SBoyan Karatotev parent = <&cca_content_cert>; 154*1e8b5354SBoyan Karatotev hash = <&soc_fw_config_hash>; 155*1e8b5354SBoyan Karatotev }; 156*1e8b5354SBoyan Karatotev 157*1e8b5354SBoyan Karatotev rmm_image { 158*1e8b5354SBoyan Karatotev image-id = <RMM_IMAGE_ID>; 159*1e8b5354SBoyan Karatotev parent = <&cca_content_cert>; 160*1e8b5354SBoyan Karatotev hash = <&rmm_hash>; 161*1e8b5354SBoyan Karatotev }; 162*1e8b5354SBoyan Karatotev 163*1e8b5354SBoyan Karatotev bl32_image { 164*1e8b5354SBoyan Karatotev image-id = <BL32_IMAGE_ID>; 165*1e8b5354SBoyan Karatotev parent = <&trusted_os_fw_content_cert>; 166*1e8b5354SBoyan Karatotev hash = <&tos_fw_hash>; 167*1e8b5354SBoyan Karatotev }; 168*1e8b5354SBoyan Karatotev 169*1e8b5354SBoyan Karatotev tos_fw_config { 170*1e8b5354SBoyan Karatotev image-id = <TOS_FW_CONFIG_ID>; 171*1e8b5354SBoyan Karatotev parent = <&trusted_os_fw_content_cert>; 172*1e8b5354SBoyan Karatotev hash = <&tos_fw_config_hash>; 173*1e8b5354SBoyan Karatotev }; 174*1e8b5354SBoyan Karatotev 175*1e8b5354SBoyan Karatotev bl33_image { 176*1e8b5354SBoyan Karatotev image-id = <BL33_IMAGE_ID>; 177*1e8b5354SBoyan Karatotev parent = <&non_trusted_fw_content_cert>; 178*1e8b5354SBoyan Karatotev hash = <&nt_world_bl_hash>; 179*1e8b5354SBoyan Karatotev }; 180*1e8b5354SBoyan Karatotev 181*1e8b5354SBoyan Karatotev nt_fw_config { 182*1e8b5354SBoyan Karatotev image-id = <NT_FW_CONFIG_ID>; 183*1e8b5354SBoyan Karatotev parent = <&non_trusted_fw_content_cert>; 184*1e8b5354SBoyan Karatotev hash = <&nt_fw_config_hash>; 185*1e8b5354SBoyan Karatotev }; 186*1e8b5354SBoyan Karatotev 187*1e8b5354SBoyan Karatotev#if defined(SPD_spmd) 188*1e8b5354SBoyan Karatotev sp_pkg1 { 189*1e8b5354SBoyan Karatotev image-id = <SP_PKG1_ID>; 190*1e8b5354SBoyan Karatotev parent = <&sip_sp_content_cert>; 191*1e8b5354SBoyan Karatotev hash = <&sp_pkg1_hash>; 192*1e8b5354SBoyan Karatotev }; 193*1e8b5354SBoyan Karatotev 194*1e8b5354SBoyan Karatotev sp_pkg2 { 195*1e8b5354SBoyan Karatotev image-id = <SP_PKG2_ID>; 196*1e8b5354SBoyan Karatotev parent = <&sip_sp_content_cert>; 197*1e8b5354SBoyan Karatotev hash = <&sp_pkg2_hash>; 198*1e8b5354SBoyan Karatotev }; 199*1e8b5354SBoyan Karatotev 200*1e8b5354SBoyan Karatotev sp_pkg3 { 201*1e8b5354SBoyan Karatotev image-id = <SP_PKG3_ID>; 202*1e8b5354SBoyan Karatotev parent = <&sip_sp_content_cert>; 203*1e8b5354SBoyan Karatotev hash = <&sp_pkg3_hash>; 204*1e8b5354SBoyan Karatotev }; 205*1e8b5354SBoyan Karatotev 206*1e8b5354SBoyan Karatotev sp_pkg4 { 207*1e8b5354SBoyan Karatotev image-id = <SP_PKG4_ID>; 208*1e8b5354SBoyan Karatotev parent = <&sip_sp_content_cert>; 209*1e8b5354SBoyan Karatotev hash = <&sp_pkg4_hash>; 210*1e8b5354SBoyan Karatotev }; 211*1e8b5354SBoyan Karatotev 212*1e8b5354SBoyan Karatotev sp_pkg5 { 213*1e8b5354SBoyan Karatotev image-id = <SP_PKG5_ID>; 214*1e8b5354SBoyan Karatotev parent = <&plat_sp_content_cert>; 215*1e8b5354SBoyan Karatotev hash = <&sp_pkg5_hash>; 216*1e8b5354SBoyan Karatotev }; 217*1e8b5354SBoyan Karatotev 218*1e8b5354SBoyan Karatotev sp_pkg6 { 219*1e8b5354SBoyan Karatotev image-id = <SP_PKG6_ID>; 220*1e8b5354SBoyan Karatotev parent = <&plat_sp_content_cert>; 221*1e8b5354SBoyan Karatotev hash = <&sp_pkg6_hash>; 222*1e8b5354SBoyan Karatotev }; 223*1e8b5354SBoyan Karatotev 224*1e8b5354SBoyan Karatotev sp_pkg7 { 225*1e8b5354SBoyan Karatotev image-id = <SP_PKG7_ID>; 226*1e8b5354SBoyan Karatotev parent = <&plat_sp_content_cert>; 227*1e8b5354SBoyan Karatotev hash = <&sp_pkg7_hash>; 228*1e8b5354SBoyan Karatotev }; 229*1e8b5354SBoyan Karatotev 230*1e8b5354SBoyan Karatotev sp_pkg8 { 231*1e8b5354SBoyan Karatotev image-id = <SP_PKG8_ID>; 232*1e8b5354SBoyan Karatotev parent = <&plat_sp_content_cert>; 233*1e8b5354SBoyan Karatotev hash = <&sp_pkg8_hash>; 234*1e8b5354SBoyan Karatotev }; 235*1e8b5354SBoyan Karatotev#endif 236*1e8b5354SBoyan Karatotev }; 237*1e8b5354SBoyan Karatotev}; 238*1e8b5354SBoyan Karatotev 239*1e8b5354SBoyan Karatotevnon_volatile_counters: non_volatile_counters { 240*1e8b5354SBoyan Karatotev compatible = "arm, non-volatile-counter"; 241*1e8b5354SBoyan Karatotev 242*1e8b5354SBoyan Karatotev #address-cells = <1>; 243*1e8b5354SBoyan Karatotev #size-cells = <0>; 244*1e8b5354SBoyan Karatotev 245*1e8b5354SBoyan Karatotev cca_nv_ctr: cca_nv_ctr { 246*1e8b5354SBoyan Karatotev id = <TRUSTED_NV_CTR_ID>; 247*1e8b5354SBoyan Karatotev oid = CCA_FW_NVCOUNTER_OID; 248*1e8b5354SBoyan Karatotev }; 249*1e8b5354SBoyan Karatotev 250*1e8b5354SBoyan Karatotev trusted_nv_ctr: trusted_nv_ctr { 251*1e8b5354SBoyan Karatotev id = <TRUSTED_NV_CTR_ID>; 252*1e8b5354SBoyan Karatotev oid = TRUSTED_FW_NVCOUNTER_OID; 253*1e8b5354SBoyan Karatotev }; 254*1e8b5354SBoyan Karatotev 255*1e8b5354SBoyan Karatotev non_trusted_nv_ctr: non_trusted_nv_ctr { 256*1e8b5354SBoyan Karatotev id = <NON_TRUSTED_NV_CTR_ID>; 257*1e8b5354SBoyan Karatotev oid = NON_TRUSTED_FW_NVCOUNTER_OID; 258*1e8b5354SBoyan Karatotev }; 259*1e8b5354SBoyan Karatotev}; 260*1e8b5354SBoyan Karatotev 261*1e8b5354SBoyan Karatotevrot_keys { 262*1e8b5354SBoyan Karatotev swd_rot_pk: swd_rot_pk { 263*1e8b5354SBoyan Karatotev oid = SWD_ROT_PK_OID; 264*1e8b5354SBoyan Karatotev }; 265*1e8b5354SBoyan Karatotev 266*1e8b5354SBoyan Karatotev prot_pk: prot_pk { 267*1e8b5354SBoyan Karatotev oid = PROT_PK_OID; 268*1e8b5354SBoyan Karatotev }; 269*1e8b5354SBoyan Karatotev}; 270