1*1e8b5354SBoyan Karatotev/* 2*1e8b5354SBoyan Karatotev * Copyright (c) 2024, Arm Limited. All rights reserved. 3*1e8b5354SBoyan Karatotev * 4*1e8b5354SBoyan Karatotev * SPDX-License-Identifier: BSD-3-Clause 5*1e8b5354SBoyan Karatotev */ 6*1e8b5354SBoyan Karatotev 7*1e8b5354SBoyan Karatotev#include <tools_share/dualroot_oid.h> 8*1e8b5354SBoyan Karatotev#include <common/tbbr/tbbr_img_def.h> 9*1e8b5354SBoyan Karatotev#include <common/nv_cntr_ids.h> 10*1e8b5354SBoyan Karatotev 11*1e8b5354SBoyan Karatotevcot { 12*1e8b5354SBoyan Karatotev manifests { 13*1e8b5354SBoyan Karatotev compatible = "arm, cert-descs"; 14*1e8b5354SBoyan Karatotev 15*1e8b5354SBoyan Karatotev trusted_boot_fw_cert: trusted_boot_fw_cert { 16*1e8b5354SBoyan Karatotev root-certificate; 17*1e8b5354SBoyan Karatotev image-id =<TRUSTED_BOOT_FW_CERT_ID>; 18*1e8b5354SBoyan Karatotev antirollback-counter = <&trusted_nv_ctr>; 19*1e8b5354SBoyan Karatotev 20*1e8b5354SBoyan Karatotev tb_fw_hash: tb_fw_hash { 21*1e8b5354SBoyan Karatotev oid = TRUSTED_BOOT_FW_HASH_OID; 22*1e8b5354SBoyan Karatotev }; 23*1e8b5354SBoyan Karatotev tb_fw_config_hash: tb_fw_config_hash { 24*1e8b5354SBoyan Karatotev oid = TRUSTED_BOOT_FW_CONFIG_HASH_OID; 25*1e8b5354SBoyan Karatotev }; 26*1e8b5354SBoyan Karatotev hw_config_hash: hw_config_hash { 27*1e8b5354SBoyan Karatotev oid = HW_CONFIG_HASH_OID; 28*1e8b5354SBoyan Karatotev }; 29*1e8b5354SBoyan Karatotev fw_config_hash: fw_config_hash { 30*1e8b5354SBoyan Karatotev oid = FW_CONFIG_HASH_OID; 31*1e8b5354SBoyan Karatotev }; 32*1e8b5354SBoyan Karatotev }; 33*1e8b5354SBoyan Karatotev 34*1e8b5354SBoyan Karatotev trusted_key_cert: trusted_key_cert { 35*1e8b5354SBoyan Karatotev root-certificate; 36*1e8b5354SBoyan Karatotev image-id = <TRUSTED_KEY_CERT_ID>; 37*1e8b5354SBoyan Karatotev antirollback-counter = <&trusted_nv_ctr>; 38*1e8b5354SBoyan Karatotev 39*1e8b5354SBoyan Karatotev trusted_world_pk: trusted_world_pk { 40*1e8b5354SBoyan Karatotev oid = TRUSTED_WORLD_PK_OID; 41*1e8b5354SBoyan Karatotev }; 42*1e8b5354SBoyan Karatotev }; 43*1e8b5354SBoyan Karatotev 44*1e8b5354SBoyan Karatotev scp_fw_key_cert: scp_fw_key_cert { 45*1e8b5354SBoyan Karatotev image-id = <SCP_FW_KEY_CERT_ID>; 46*1e8b5354SBoyan Karatotev parent = <&trusted_key_cert>; 47*1e8b5354SBoyan Karatotev signing-key = <&trusted_world_pk>; 48*1e8b5354SBoyan Karatotev antirollback-counter = <&trusted_nv_ctr>; 49*1e8b5354SBoyan Karatotev 50*1e8b5354SBoyan Karatotev scp_fw_content_pk: scp_fw_content_pk { 51*1e8b5354SBoyan Karatotev oid = SCP_FW_CONTENT_CERT_PK_OID; 52*1e8b5354SBoyan Karatotev }; 53*1e8b5354SBoyan Karatotev }; 54*1e8b5354SBoyan Karatotev 55*1e8b5354SBoyan Karatotev scp_fw_content_cert: scp_fw_content_cert { 56*1e8b5354SBoyan Karatotev image-id = <SCP_FW_CONTENT_CERT_ID>; 57*1e8b5354SBoyan Karatotev parent = <&scp_fw_key_cert>; 58*1e8b5354SBoyan Karatotev signing-key = <&scp_fw_content_pk>; 59*1e8b5354SBoyan Karatotev antirollback-counter = <&trusted_nv_ctr>; 60*1e8b5354SBoyan Karatotev 61*1e8b5354SBoyan Karatotev scp_fw_hash: scp_fw_hash { 62*1e8b5354SBoyan Karatotev oid = SCP_FW_HASH_OID; 63*1e8b5354SBoyan Karatotev }; 64*1e8b5354SBoyan Karatotev }; 65*1e8b5354SBoyan Karatotev 66*1e8b5354SBoyan Karatotev soc_fw_key_cert: soc_fw_key_cert { 67*1e8b5354SBoyan Karatotev image-id = <SOC_FW_KEY_CERT_ID>; 68*1e8b5354SBoyan Karatotev parent = <&trusted_key_cert>; 69*1e8b5354SBoyan Karatotev signing-key = <&trusted_world_pk>; 70*1e8b5354SBoyan Karatotev antirollback-counter = <&trusted_nv_ctr>; 71*1e8b5354SBoyan Karatotev soc_fw_content_pk: soc_fw_content_pk { 72*1e8b5354SBoyan Karatotev oid = SOC_FW_CONTENT_CERT_PK_OID; 73*1e8b5354SBoyan Karatotev }; 74*1e8b5354SBoyan Karatotev }; 75*1e8b5354SBoyan Karatotev 76*1e8b5354SBoyan Karatotev soc_fw_content_cert: soc_fw_content_cert { 77*1e8b5354SBoyan Karatotev image-id = <SOC_FW_CONTENT_CERT_ID>; 78*1e8b5354SBoyan Karatotev parent = <&soc_fw_key_cert>; 79*1e8b5354SBoyan Karatotev signing-key = <&soc_fw_content_pk>; 80*1e8b5354SBoyan Karatotev antirollback-counter = <&trusted_nv_ctr>; 81*1e8b5354SBoyan Karatotev 82*1e8b5354SBoyan Karatotev soc_fw_hash: soc_fw_hash { 83*1e8b5354SBoyan Karatotev oid = SOC_AP_FW_HASH_OID; 84*1e8b5354SBoyan Karatotev }; 85*1e8b5354SBoyan Karatotev soc_fw_config_hash: soc_fw_config_hash { 86*1e8b5354SBoyan Karatotev oid = SOC_FW_CONFIG_HASH_OID; 87*1e8b5354SBoyan Karatotev }; 88*1e8b5354SBoyan Karatotev }; 89*1e8b5354SBoyan Karatotev 90*1e8b5354SBoyan Karatotev trusted_os_fw_key_cert: trusted_os_fw_key_cert { 91*1e8b5354SBoyan Karatotev image-id = <TRUSTED_OS_FW_KEY_CERT_ID>; 92*1e8b5354SBoyan Karatotev parent = <&trusted_key_cert>; 93*1e8b5354SBoyan Karatotev signing-key = <&trusted_world_pk>; 94*1e8b5354SBoyan Karatotev antirollback-counter = <&trusted_nv_ctr>; 95*1e8b5354SBoyan Karatotev 96*1e8b5354SBoyan Karatotev tos_fw_content_pk: tos_fw_content_pk { 97*1e8b5354SBoyan Karatotev oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID; 98*1e8b5354SBoyan Karatotev }; 99*1e8b5354SBoyan Karatotev }; 100*1e8b5354SBoyan Karatotev 101*1e8b5354SBoyan Karatotev trusted_os_fw_content_cert: trusted_os_fw_content_cert { 102*1e8b5354SBoyan Karatotev image-id = <TRUSTED_OS_FW_CONTENT_CERT_ID>; 103*1e8b5354SBoyan Karatotev parent = <&trusted_os_fw_key_cert>; 104*1e8b5354SBoyan Karatotev signing-key = <&tos_fw_content_pk>; 105*1e8b5354SBoyan Karatotev antirollback-counter = <&trusted_nv_ctr>; 106*1e8b5354SBoyan Karatotev 107*1e8b5354SBoyan Karatotev tos_fw_hash: tos_fw_hash { 108*1e8b5354SBoyan Karatotev oid = TRUSTED_OS_FW_HASH_OID; 109*1e8b5354SBoyan Karatotev }; 110*1e8b5354SBoyan Karatotev tos_fw_extra1_hash: tos_fw_extra1_hash { 111*1e8b5354SBoyan Karatotev oid = TRUSTED_OS_FW_EXTRA1_HASH_OID; 112*1e8b5354SBoyan Karatotev }; 113*1e8b5354SBoyan Karatotev tos_fw_extra2_hash: tos_fw_extra2_hash { 114*1e8b5354SBoyan Karatotev oid = TRUSTED_OS_FW_EXTRA2_HASH_OID; 115*1e8b5354SBoyan Karatotev }; 116*1e8b5354SBoyan Karatotev tos_fw_config_hash: tos_fw_config_hash { 117*1e8b5354SBoyan Karatotev oid = TRUSTED_OS_FW_CONFIG_HASH_OID; 118*1e8b5354SBoyan Karatotev }; 119*1e8b5354SBoyan Karatotev }; 120*1e8b5354SBoyan Karatotev 121*1e8b5354SBoyan Karatotev non_trusted_fw_content_cert: non_trusted_fw_content_cert { 122*1e8b5354SBoyan Karatotev root-certificate; 123*1e8b5354SBoyan Karatotev image-id = <NON_TRUSTED_FW_CONTENT_CERT_ID>; 124*1e8b5354SBoyan Karatotev signing-key = <&prot_pk>; 125*1e8b5354SBoyan Karatotev antirollback-counter = <&non_trusted_nv_ctr>; 126*1e8b5354SBoyan Karatotev 127*1e8b5354SBoyan Karatotev nt_world_bl_hash: nt_world_bl_hash { 128*1e8b5354SBoyan Karatotev oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID; 129*1e8b5354SBoyan Karatotev }; 130*1e8b5354SBoyan Karatotev nt_fw_config_hash: nt_fw_config_hash { 131*1e8b5354SBoyan Karatotev oid = NON_TRUSTED_FW_CONFIG_HASH_OID; 132*1e8b5354SBoyan Karatotev }; 133*1e8b5354SBoyan Karatotev }; 134*1e8b5354SBoyan Karatotev 135*1e8b5354SBoyan Karatotev#if defined(SPD_spmd) 136*1e8b5354SBoyan Karatotev sip_sp_content_cert: sip_sp_content_cert { 137*1e8b5354SBoyan Karatotev image-id = <SIP_SP_CONTENT_CERT_ID>; 138*1e8b5354SBoyan Karatotev parent = <&trusted_key_cert>; 139*1e8b5354SBoyan Karatotev signing-key = <&trusted_world_pk>; 140*1e8b5354SBoyan Karatotev antirollback-counter = <&trusted_nv_ctr>; 141*1e8b5354SBoyan Karatotev 142*1e8b5354SBoyan Karatotev sp_pkg1_hash: sp_pkg1_hash { 143*1e8b5354SBoyan Karatotev oid = SP_PKG1_HASH_OID; 144*1e8b5354SBoyan Karatotev }; 145*1e8b5354SBoyan Karatotev sp_pkg2_hash: sp_pkg2_hash { 146*1e8b5354SBoyan Karatotev oid = SP_PKG2_HASH_OID; 147*1e8b5354SBoyan Karatotev }; 148*1e8b5354SBoyan Karatotev sp_pkg3_hash: sp_pkg3_hash { 149*1e8b5354SBoyan Karatotev oid = SP_PKG3_HASH_OID; 150*1e8b5354SBoyan Karatotev }; 151*1e8b5354SBoyan Karatotev sp_pkg4_hash: sp_pkg4_hash { 152*1e8b5354SBoyan Karatotev oid = SP_PKG4_HASH_OID; 153*1e8b5354SBoyan Karatotev }; 154*1e8b5354SBoyan Karatotev }; 155*1e8b5354SBoyan Karatotev 156*1e8b5354SBoyan Karatotev plat_sp_content_cert: plat_sp_content_cert { 157*1e8b5354SBoyan Karatotev root-certificate; 158*1e8b5354SBoyan Karatotev image-id = <PLAT_SP_CONTENT_CERT_ID>; 159*1e8b5354SBoyan Karatotev signing-key = <&prot_pk>; 160*1e8b5354SBoyan Karatotev antirollback-counter = <&non_trusted_nv_ctr>; 161*1e8b5354SBoyan Karatotev 162*1e8b5354SBoyan Karatotev sp_pkg5_hash: sp_pkg5_hash { 163*1e8b5354SBoyan Karatotev oid = SP_PKG5_HASH_OID; 164*1e8b5354SBoyan Karatotev }; 165*1e8b5354SBoyan Karatotev sp_pkg6_hash: sp_pkg6_hash { 166*1e8b5354SBoyan Karatotev oid = SP_PKG6_HASH_OID; 167*1e8b5354SBoyan Karatotev }; 168*1e8b5354SBoyan Karatotev sp_pkg7_hash: sp_pkg7_hash { 169*1e8b5354SBoyan Karatotev oid = SP_PKG7_HASH_OID; 170*1e8b5354SBoyan Karatotev }; 171*1e8b5354SBoyan Karatotev sp_pkg8_hash: sp_pkg8_hash { 172*1e8b5354SBoyan Karatotev oid = SP_PKG8_HASH_OID; 173*1e8b5354SBoyan Karatotev }; 174*1e8b5354SBoyan Karatotev }; 175*1e8b5354SBoyan Karatotev#endif 176*1e8b5354SBoyan Karatotev }; 177*1e8b5354SBoyan Karatotev 178*1e8b5354SBoyan Karatotev images { 179*1e8b5354SBoyan Karatotev compatible = "arm, img-descs"; 180*1e8b5354SBoyan Karatotev 181*1e8b5354SBoyan Karatotev hw_config { 182*1e8b5354SBoyan Karatotev image-id = <HW_CONFIG_ID>; 183*1e8b5354SBoyan Karatotev parent = <&trusted_boot_fw_cert>; 184*1e8b5354SBoyan Karatotev hash = <&hw_config_hash>; 185*1e8b5354SBoyan Karatotev }; 186*1e8b5354SBoyan Karatotev 187*1e8b5354SBoyan Karatotev scp_bl2_image { 188*1e8b5354SBoyan Karatotev image-id = <SCP_BL2_IMAGE_ID>; 189*1e8b5354SBoyan Karatotev parent = <&scp_fw_content_cert>; 190*1e8b5354SBoyan Karatotev hash = <&scp_fw_hash>; 191*1e8b5354SBoyan Karatotev }; 192*1e8b5354SBoyan Karatotev 193*1e8b5354SBoyan Karatotev bl31_image { 194*1e8b5354SBoyan Karatotev image-id = <BL31_IMAGE_ID>; 195*1e8b5354SBoyan Karatotev parent = <&soc_fw_content_cert>; 196*1e8b5354SBoyan Karatotev hash = <&soc_fw_hash>; 197*1e8b5354SBoyan Karatotev }; 198*1e8b5354SBoyan Karatotev 199*1e8b5354SBoyan Karatotev soc_fw_config { 200*1e8b5354SBoyan Karatotev image-id = <SOC_FW_CONFIG_ID>; 201*1e8b5354SBoyan Karatotev parent = <&soc_fw_content_cert>; 202*1e8b5354SBoyan Karatotev hash = <&soc_fw_config_hash>; 203*1e8b5354SBoyan Karatotev }; 204*1e8b5354SBoyan Karatotev 205*1e8b5354SBoyan Karatotev bl32_image { 206*1e8b5354SBoyan Karatotev image-id = <BL32_IMAGE_ID>; 207*1e8b5354SBoyan Karatotev parent = <&trusted_os_fw_content_cert>; 208*1e8b5354SBoyan Karatotev hash = <&tos_fw_hash>; 209*1e8b5354SBoyan Karatotev }; 210*1e8b5354SBoyan Karatotev 211*1e8b5354SBoyan Karatotev bl32_extra1_image { 212*1e8b5354SBoyan Karatotev image-id = <BL32_EXTRA1_IMAGE_ID>; 213*1e8b5354SBoyan Karatotev parent = <&trusted_os_fw_content_cert>; 214*1e8b5354SBoyan Karatotev hash = <&tos_fw_extra1_hash>; 215*1e8b5354SBoyan Karatotev }; 216*1e8b5354SBoyan Karatotev 217*1e8b5354SBoyan Karatotev bl32_extra2_image { 218*1e8b5354SBoyan Karatotev image-id = <BL32_EXTRA2_IMAGE_ID>; 219*1e8b5354SBoyan Karatotev parent = <&trusted_os_fw_content_cert>; 220*1e8b5354SBoyan Karatotev hash = <&tos_fw_extra2_hash>; 221*1e8b5354SBoyan Karatotev }; 222*1e8b5354SBoyan Karatotev 223*1e8b5354SBoyan Karatotev tos_fw_config { 224*1e8b5354SBoyan Karatotev image-id = <TOS_FW_CONFIG_ID>; 225*1e8b5354SBoyan Karatotev parent = <&trusted_os_fw_content_cert>; 226*1e8b5354SBoyan Karatotev hash = <&tos_fw_config_hash>; 227*1e8b5354SBoyan Karatotev }; 228*1e8b5354SBoyan Karatotev 229*1e8b5354SBoyan Karatotev bl33_image { 230*1e8b5354SBoyan Karatotev image-id = <BL33_IMAGE_ID>; 231*1e8b5354SBoyan Karatotev parent = <&non_trusted_fw_content_cert>; 232*1e8b5354SBoyan Karatotev hash = <&nt_world_bl_hash>; 233*1e8b5354SBoyan Karatotev }; 234*1e8b5354SBoyan Karatotev 235*1e8b5354SBoyan Karatotev nt_fw_config { 236*1e8b5354SBoyan Karatotev image-id = <NT_FW_CONFIG_ID>; 237*1e8b5354SBoyan Karatotev parent = <&non_trusted_fw_content_cert>; 238*1e8b5354SBoyan Karatotev hash = <&nt_fw_config_hash>; 239*1e8b5354SBoyan Karatotev }; 240*1e8b5354SBoyan Karatotev 241*1e8b5354SBoyan Karatotev#if defined(SPD_spmd) 242*1e8b5354SBoyan Karatotev sp_pkg1 { 243*1e8b5354SBoyan Karatotev image-id = <SP_PKG1_ID>; 244*1e8b5354SBoyan Karatotev parent = <&sip_sp_content_cert>; 245*1e8b5354SBoyan Karatotev hash = <&sp_pkg1_hash>; 246*1e8b5354SBoyan Karatotev }; 247*1e8b5354SBoyan Karatotev 248*1e8b5354SBoyan Karatotev sp_pkg2 { 249*1e8b5354SBoyan Karatotev image-id = <SP_PKG2_ID>; 250*1e8b5354SBoyan Karatotev parent = <&sip_sp_content_cert>; 251*1e8b5354SBoyan Karatotev hash = <&sp_pkg2_hash>; 252*1e8b5354SBoyan Karatotev }; 253*1e8b5354SBoyan Karatotev 254*1e8b5354SBoyan Karatotev sp_pkg3 { 255*1e8b5354SBoyan Karatotev image-id = <SP_PKG3_ID>; 256*1e8b5354SBoyan Karatotev parent = <&sip_sp_content_cert>; 257*1e8b5354SBoyan Karatotev hash = <&sp_pkg3_hash>; 258*1e8b5354SBoyan Karatotev }; 259*1e8b5354SBoyan Karatotev 260*1e8b5354SBoyan Karatotev sp_pkg4 { 261*1e8b5354SBoyan Karatotev image-id = <SP_PKG4_ID>; 262*1e8b5354SBoyan Karatotev parent = <&sip_sp_content_cert>; 263*1e8b5354SBoyan Karatotev hash = <&sp_pkg4_hash>; 264*1e8b5354SBoyan Karatotev }; 265*1e8b5354SBoyan Karatotev 266*1e8b5354SBoyan Karatotev sp_pkg5 { 267*1e8b5354SBoyan Karatotev image-id = <SP_PKG5_ID>; 268*1e8b5354SBoyan Karatotev parent = <&plat_sp_content_cert>; 269*1e8b5354SBoyan Karatotev hash = <&sp_pkg5_hash>; 270*1e8b5354SBoyan Karatotev }; 271*1e8b5354SBoyan Karatotev 272*1e8b5354SBoyan Karatotev sp_pkg6 { 273*1e8b5354SBoyan Karatotev image-id = <SP_PKG6_ID>; 274*1e8b5354SBoyan Karatotev parent = <&plat_sp_content_cert>; 275*1e8b5354SBoyan Karatotev hash = <&sp_pkg6_hash>; 276*1e8b5354SBoyan Karatotev }; 277*1e8b5354SBoyan Karatotev 278*1e8b5354SBoyan Karatotev sp_pkg7 { 279*1e8b5354SBoyan Karatotev image-id = <SP_PKG7_ID>; 280*1e8b5354SBoyan Karatotev parent = <&plat_sp_content_cert>; 281*1e8b5354SBoyan Karatotev hash = <&sp_pkg7_hash>; 282*1e8b5354SBoyan Karatotev }; 283*1e8b5354SBoyan Karatotev 284*1e8b5354SBoyan Karatotev sp_pkg8 { 285*1e8b5354SBoyan Karatotev image-id = <SP_PKG8_ID>; 286*1e8b5354SBoyan Karatotev parent = <&plat_sp_content_cert>; 287*1e8b5354SBoyan Karatotev hash = <&sp_pkg8_hash>; 288*1e8b5354SBoyan Karatotev }; 289*1e8b5354SBoyan Karatotev#endif 290*1e8b5354SBoyan Karatotev }; 291*1e8b5354SBoyan Karatotev}; 292*1e8b5354SBoyan Karatotev 293*1e8b5354SBoyan Karatotevnon_volatile_counters: non_volatile_counters { 294*1e8b5354SBoyan Karatotev compatible = "arm, non-volatile-counter"; 295*1e8b5354SBoyan Karatotev 296*1e8b5354SBoyan Karatotev #address-cells = <1>; 297*1e8b5354SBoyan Karatotev #size-cells = <0>; 298*1e8b5354SBoyan Karatotev 299*1e8b5354SBoyan Karatotev trusted_nv_ctr: trusted_nv_ctr { 300*1e8b5354SBoyan Karatotev id = <TRUSTED_NV_CTR_ID>; 301*1e8b5354SBoyan Karatotev oid = TRUSTED_FW_NVCOUNTER_OID; 302*1e8b5354SBoyan Karatotev }; 303*1e8b5354SBoyan Karatotev 304*1e8b5354SBoyan Karatotev non_trusted_nv_ctr: non_trusted_nv_ctr { 305*1e8b5354SBoyan Karatotev id = <NON_TRUSTED_NV_CTR_ID>; 306*1e8b5354SBoyan Karatotev oid = NON_TRUSTED_FW_NVCOUNTER_OID; 307*1e8b5354SBoyan Karatotev }; 308*1e8b5354SBoyan Karatotev}; 309*1e8b5354SBoyan Karatotev 310*1e8b5354SBoyan Karatotevrot_keys { 311*1e8b5354SBoyan Karatotev prot_pk: prot_pk { 312*1e8b5354SBoyan Karatotev oid = PROT_PK_OID; 313*1e8b5354SBoyan Karatotev }; 314*1e8b5354SBoyan Karatotev}; 315