133bcaed1SRob Hughes /* 2*3e2aa0d8SManish V Badarkhe * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved. 333bcaed1SRob Hughes * 433bcaed1SRob Hughes * SPDX-License-Identifier: BSD-3-Clause 533bcaed1SRob Hughes */ 633bcaed1SRob Hughes 733bcaed1SRob Hughes #include <stddef.h> 833bcaed1SRob Hughes 933bcaed1SRob Hughes #include <mbedtls/version.h> 1033bcaed1SRob Hughes 1133bcaed1SRob Hughes #include <drivers/auth/auth_mod.h> 1233bcaed1SRob Hughes #include <drivers/auth/tbbr_cot_common.h> 1333bcaed1SRob Hughes 1433bcaed1SRob Hughes #if USE_TBBR_DEFS 1533bcaed1SRob Hughes #include <tools_share/tbbr_oid.h> 1633bcaed1SRob Hughes #else 1733bcaed1SRob Hughes #include <platform_oid.h> 1833bcaed1SRob Hughes #endif 1933bcaed1SRob Hughes 2033bcaed1SRob Hughes #include <platform_def.h> 2133bcaed1SRob Hughes 2233bcaed1SRob Hughes static unsigned char soc_fw_hash_buf[HASH_DER_LEN]; 2333bcaed1SRob Hughes static unsigned char tos_fw_hash_buf[HASH_DER_LEN]; 2433bcaed1SRob Hughes static unsigned char tos_fw_extra1_hash_buf[HASH_DER_LEN]; 2533bcaed1SRob Hughes static unsigned char tos_fw_extra2_hash_buf[HASH_DER_LEN]; 2633bcaed1SRob Hughes static unsigned char trusted_world_pk_buf[PK_DER_LEN]; 2733bcaed1SRob Hughes static unsigned char non_trusted_world_pk_buf[PK_DER_LEN]; 2833bcaed1SRob Hughes static unsigned char content_pk_buf[PK_DER_LEN]; 2933bcaed1SRob Hughes static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN]; 3033bcaed1SRob Hughes static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN]; 3133bcaed1SRob Hughes static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN]; 3233bcaed1SRob Hughes #if defined(SPD_spmd) 3333bcaed1SRob Hughes static unsigned char sp_pkg_hash_buf[MAX_SP_IDS][HASH_DER_LEN]; 3433bcaed1SRob Hughes #endif /* SPD_spmd */ 35352366edSRajasekaran Kalidoss #if ETHOSN_NPU_TZMP1 3633bcaed1SRob Hughes static unsigned char npu_fw_image_hash_buf[HASH_DER_LEN]; 37352366edSRajasekaran Kalidoss #endif /* ETHOSN_NPU_TZMP1 */ 3833bcaed1SRob Hughes 3933bcaed1SRob Hughes 4033bcaed1SRob Hughes static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC( 4133bcaed1SRob Hughes AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID); 4233bcaed1SRob Hughes static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC( 4333bcaed1SRob Hughes AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID); 4433bcaed1SRob Hughes static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC( 4533bcaed1SRob Hughes AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID); 4633bcaed1SRob Hughes static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC( 4733bcaed1SRob Hughes AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID); 4833bcaed1SRob Hughes static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC( 4933bcaed1SRob Hughes AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID); 5033bcaed1SRob Hughes static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC( 5133bcaed1SRob Hughes AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID); 5233bcaed1SRob Hughes static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC( 5333bcaed1SRob Hughes AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID); 5433bcaed1SRob Hughes static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC( 5533bcaed1SRob Hughes AUTH_PARAM_HASH, SCP_FW_HASH_OID); 5633bcaed1SRob Hughes static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC( 5733bcaed1SRob Hughes AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID); 5833bcaed1SRob Hughes static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC( 5933bcaed1SRob Hughes AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID); 6033bcaed1SRob Hughes static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC( 6133bcaed1SRob Hughes AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID); 6233bcaed1SRob Hughes static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC( 6333bcaed1SRob Hughes AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID); 6433bcaed1SRob Hughes static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC( 6533bcaed1SRob Hughes AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID); 6633bcaed1SRob Hughes static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC( 6733bcaed1SRob Hughes AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID); 6833bcaed1SRob Hughes static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC( 6933bcaed1SRob Hughes AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID); 7033bcaed1SRob Hughes static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC( 7133bcaed1SRob Hughes AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID); 7233bcaed1SRob Hughes #if defined(SPD_spmd) 7333bcaed1SRob Hughes static auth_param_type_desc_t sp_pkg1_hash = AUTH_PARAM_TYPE_DESC( 7433bcaed1SRob Hughes AUTH_PARAM_HASH, SP_PKG1_HASH_OID); 7533bcaed1SRob Hughes static auth_param_type_desc_t sp_pkg2_hash = AUTH_PARAM_TYPE_DESC( 7633bcaed1SRob Hughes AUTH_PARAM_HASH, SP_PKG2_HASH_OID); 7733bcaed1SRob Hughes static auth_param_type_desc_t sp_pkg3_hash = AUTH_PARAM_TYPE_DESC( 7833bcaed1SRob Hughes AUTH_PARAM_HASH, SP_PKG3_HASH_OID); 7933bcaed1SRob Hughes static auth_param_type_desc_t sp_pkg4_hash = AUTH_PARAM_TYPE_DESC( 8033bcaed1SRob Hughes AUTH_PARAM_HASH, SP_PKG4_HASH_OID); 8133bcaed1SRob Hughes static auth_param_type_desc_t sp_pkg5_hash = AUTH_PARAM_TYPE_DESC( 8233bcaed1SRob Hughes AUTH_PARAM_HASH, SP_PKG5_HASH_OID); 8333bcaed1SRob Hughes static auth_param_type_desc_t sp_pkg6_hash = AUTH_PARAM_TYPE_DESC( 8433bcaed1SRob Hughes AUTH_PARAM_HASH, SP_PKG6_HASH_OID); 8533bcaed1SRob Hughes static auth_param_type_desc_t sp_pkg7_hash = AUTH_PARAM_TYPE_DESC( 8633bcaed1SRob Hughes AUTH_PARAM_HASH, SP_PKG7_HASH_OID); 8733bcaed1SRob Hughes static auth_param_type_desc_t sp_pkg8_hash = AUTH_PARAM_TYPE_DESC( 8833bcaed1SRob Hughes AUTH_PARAM_HASH, SP_PKG8_HASH_OID); 8933bcaed1SRob Hughes #endif /* SPD_spmd */ 90352366edSRajasekaran Kalidoss #if ETHOSN_NPU_TZMP1 9133bcaed1SRob Hughes static auth_param_type_desc_t npu_fw_cert_pk = AUTH_PARAM_TYPE_DESC( 9233bcaed1SRob Hughes AUTH_PARAM_PUB_KEY, ETHOSN_NPU_FW_CONTENT_CERT_PK_OID); 9333bcaed1SRob Hughes static auth_param_type_desc_t npu_fw_image_hash = AUTH_PARAM_TYPE_DESC( 9433bcaed1SRob Hughes AUTH_PARAM_HASH, ETHOSN_NPU_FW_BINARY_OID); 95352366edSRajasekaran Kalidoss #endif /* ETHOSN_NPU_TZMP1 */ 9633bcaed1SRob Hughes 9733bcaed1SRob Hughes /* 9833bcaed1SRob Hughes * Trusted key certificate 9933bcaed1SRob Hughes */ 10033bcaed1SRob Hughes static const auth_img_desc_t trusted_key_cert = { 10133bcaed1SRob Hughes .img_id = TRUSTED_KEY_CERT_ID, 10233bcaed1SRob Hughes .img_type = IMG_CERT, 10333bcaed1SRob Hughes .parent = NULL, 10433bcaed1SRob Hughes .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 10533bcaed1SRob Hughes [0] = { 10633bcaed1SRob Hughes .type = AUTH_METHOD_SIG, 10733bcaed1SRob Hughes .param.sig = { 10833bcaed1SRob Hughes .pk = &subject_pk, 10933bcaed1SRob Hughes .sig = &sig, 11033bcaed1SRob Hughes .alg = &sig_alg, 11133bcaed1SRob Hughes .data = &raw_data 11233bcaed1SRob Hughes } 11333bcaed1SRob Hughes }, 11433bcaed1SRob Hughes [1] = { 11533bcaed1SRob Hughes .type = AUTH_METHOD_NV_CTR, 11633bcaed1SRob Hughes .param.nv_ctr = { 11733bcaed1SRob Hughes .cert_nv_ctr = &trusted_nv_ctr, 11833bcaed1SRob Hughes .plat_nv_ctr = &trusted_nv_ctr 11933bcaed1SRob Hughes } 12033bcaed1SRob Hughes } 12133bcaed1SRob Hughes }, 12233bcaed1SRob Hughes .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 12333bcaed1SRob Hughes [0] = { 12433bcaed1SRob Hughes .type_desc = &trusted_world_pk, 12533bcaed1SRob Hughes .data = { 12633bcaed1SRob Hughes .ptr = (void *)trusted_world_pk_buf, 12733bcaed1SRob Hughes .len = (unsigned int)PK_DER_LEN 12833bcaed1SRob Hughes } 12933bcaed1SRob Hughes }, 13033bcaed1SRob Hughes [1] = { 13133bcaed1SRob Hughes .type_desc = &non_trusted_world_pk, 13233bcaed1SRob Hughes .data = { 13333bcaed1SRob Hughes .ptr = (void *)non_trusted_world_pk_buf, 13433bcaed1SRob Hughes .len = (unsigned int)PK_DER_LEN 13533bcaed1SRob Hughes } 13633bcaed1SRob Hughes } 13733bcaed1SRob Hughes } 13833bcaed1SRob Hughes }; 13933bcaed1SRob Hughes /* 14033bcaed1SRob Hughes * SCP Firmware 14133bcaed1SRob Hughes */ 14233bcaed1SRob Hughes static const auth_img_desc_t scp_fw_key_cert = { 14333bcaed1SRob Hughes .img_id = SCP_FW_KEY_CERT_ID, 14433bcaed1SRob Hughes .img_type = IMG_CERT, 14533bcaed1SRob Hughes .parent = &trusted_key_cert, 14633bcaed1SRob Hughes .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 14733bcaed1SRob Hughes [0] = { 14833bcaed1SRob Hughes .type = AUTH_METHOD_SIG, 14933bcaed1SRob Hughes .param.sig = { 15033bcaed1SRob Hughes .pk = &trusted_world_pk, 15133bcaed1SRob Hughes .sig = &sig, 15233bcaed1SRob Hughes .alg = &sig_alg, 15333bcaed1SRob Hughes .data = &raw_data 15433bcaed1SRob Hughes } 15533bcaed1SRob Hughes }, 15633bcaed1SRob Hughes [1] = { 15733bcaed1SRob Hughes .type = AUTH_METHOD_NV_CTR, 15833bcaed1SRob Hughes .param.nv_ctr = { 15933bcaed1SRob Hughes .cert_nv_ctr = &trusted_nv_ctr, 16033bcaed1SRob Hughes .plat_nv_ctr = &trusted_nv_ctr 16133bcaed1SRob Hughes } 16233bcaed1SRob Hughes } 16333bcaed1SRob Hughes }, 16433bcaed1SRob Hughes .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 16533bcaed1SRob Hughes [0] = { 16633bcaed1SRob Hughes .type_desc = &scp_fw_content_pk, 16733bcaed1SRob Hughes .data = { 16833bcaed1SRob Hughes .ptr = (void *)content_pk_buf, 16933bcaed1SRob Hughes .len = (unsigned int)PK_DER_LEN 17033bcaed1SRob Hughes } 17133bcaed1SRob Hughes } 17233bcaed1SRob Hughes } 17333bcaed1SRob Hughes }; 17433bcaed1SRob Hughes static const auth_img_desc_t scp_fw_content_cert = { 17533bcaed1SRob Hughes .img_id = SCP_FW_CONTENT_CERT_ID, 17633bcaed1SRob Hughes .img_type = IMG_CERT, 17733bcaed1SRob Hughes .parent = &scp_fw_key_cert, 17833bcaed1SRob Hughes .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 17933bcaed1SRob Hughes [0] = { 18033bcaed1SRob Hughes .type = AUTH_METHOD_SIG, 18133bcaed1SRob Hughes .param.sig = { 18233bcaed1SRob Hughes .pk = &scp_fw_content_pk, 18333bcaed1SRob Hughes .sig = &sig, 18433bcaed1SRob Hughes .alg = &sig_alg, 18533bcaed1SRob Hughes .data = &raw_data 18633bcaed1SRob Hughes } 18733bcaed1SRob Hughes }, 18833bcaed1SRob Hughes [1] = { 18933bcaed1SRob Hughes .type = AUTH_METHOD_NV_CTR, 19033bcaed1SRob Hughes .param.nv_ctr = { 19133bcaed1SRob Hughes .cert_nv_ctr = &trusted_nv_ctr, 19233bcaed1SRob Hughes .plat_nv_ctr = &trusted_nv_ctr 19333bcaed1SRob Hughes } 19433bcaed1SRob Hughes } 19533bcaed1SRob Hughes }, 19633bcaed1SRob Hughes .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 19733bcaed1SRob Hughes [0] = { 19833bcaed1SRob Hughes .type_desc = &scp_fw_hash, 19933bcaed1SRob Hughes .data = { 20033bcaed1SRob Hughes .ptr = (void *)scp_fw_hash_buf, 20133bcaed1SRob Hughes .len = (unsigned int)HASH_DER_LEN 20233bcaed1SRob Hughes } 20333bcaed1SRob Hughes } 20433bcaed1SRob Hughes } 20533bcaed1SRob Hughes }; 20633bcaed1SRob Hughes static const auth_img_desc_t scp_bl2_image = { 20733bcaed1SRob Hughes .img_id = SCP_BL2_IMAGE_ID, 20833bcaed1SRob Hughes .img_type = IMG_RAW, 20933bcaed1SRob Hughes .parent = &scp_fw_content_cert, 21033bcaed1SRob Hughes .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 21133bcaed1SRob Hughes [0] = { 21233bcaed1SRob Hughes .type = AUTH_METHOD_HASH, 21333bcaed1SRob Hughes .param.hash = { 21433bcaed1SRob Hughes .data = &raw_data, 21533bcaed1SRob Hughes .hash = &scp_fw_hash 21633bcaed1SRob Hughes } 21733bcaed1SRob Hughes } 21833bcaed1SRob Hughes } 21933bcaed1SRob Hughes }; 22033bcaed1SRob Hughes /* 22133bcaed1SRob Hughes * SoC Firmware 22233bcaed1SRob Hughes */ 22333bcaed1SRob Hughes static const auth_img_desc_t soc_fw_key_cert = { 22433bcaed1SRob Hughes .img_id = SOC_FW_KEY_CERT_ID, 22533bcaed1SRob Hughes .img_type = IMG_CERT, 22633bcaed1SRob Hughes .parent = &trusted_key_cert, 22733bcaed1SRob Hughes .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 22833bcaed1SRob Hughes [0] = { 22933bcaed1SRob Hughes .type = AUTH_METHOD_SIG, 23033bcaed1SRob Hughes .param.sig = { 23133bcaed1SRob Hughes .pk = &trusted_world_pk, 23233bcaed1SRob Hughes .sig = &sig, 23333bcaed1SRob Hughes .alg = &sig_alg, 23433bcaed1SRob Hughes .data = &raw_data 23533bcaed1SRob Hughes } 23633bcaed1SRob Hughes }, 23733bcaed1SRob Hughes [1] = { 23833bcaed1SRob Hughes .type = AUTH_METHOD_NV_CTR, 23933bcaed1SRob Hughes .param.nv_ctr = { 24033bcaed1SRob Hughes .cert_nv_ctr = &trusted_nv_ctr, 24133bcaed1SRob Hughes .plat_nv_ctr = &trusted_nv_ctr 24233bcaed1SRob Hughes } 24333bcaed1SRob Hughes } 24433bcaed1SRob Hughes }, 24533bcaed1SRob Hughes .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 24633bcaed1SRob Hughes [0] = { 24733bcaed1SRob Hughes .type_desc = &soc_fw_content_pk, 24833bcaed1SRob Hughes .data = { 24933bcaed1SRob Hughes .ptr = (void *)content_pk_buf, 25033bcaed1SRob Hughes .len = (unsigned int)PK_DER_LEN 25133bcaed1SRob Hughes } 25233bcaed1SRob Hughes } 25333bcaed1SRob Hughes } 25433bcaed1SRob Hughes }; 25533bcaed1SRob Hughes static const auth_img_desc_t soc_fw_content_cert = { 25633bcaed1SRob Hughes .img_id = SOC_FW_CONTENT_CERT_ID, 25733bcaed1SRob Hughes .img_type = IMG_CERT, 25833bcaed1SRob Hughes .parent = &soc_fw_key_cert, 25933bcaed1SRob Hughes .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 26033bcaed1SRob Hughes [0] = { 26133bcaed1SRob Hughes .type = AUTH_METHOD_SIG, 26233bcaed1SRob Hughes .param.sig = { 26333bcaed1SRob Hughes .pk = &soc_fw_content_pk, 26433bcaed1SRob Hughes .sig = &sig, 26533bcaed1SRob Hughes .alg = &sig_alg, 26633bcaed1SRob Hughes .data = &raw_data 26733bcaed1SRob Hughes } 26833bcaed1SRob Hughes }, 26933bcaed1SRob Hughes [1] = { 27033bcaed1SRob Hughes .type = AUTH_METHOD_NV_CTR, 27133bcaed1SRob Hughes .param.nv_ctr = { 27233bcaed1SRob Hughes .cert_nv_ctr = &trusted_nv_ctr, 27333bcaed1SRob Hughes .plat_nv_ctr = &trusted_nv_ctr 27433bcaed1SRob Hughes } 27533bcaed1SRob Hughes } 27633bcaed1SRob Hughes }, 27733bcaed1SRob Hughes .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 27833bcaed1SRob Hughes [0] = { 27933bcaed1SRob Hughes .type_desc = &soc_fw_hash, 28033bcaed1SRob Hughes .data = { 28133bcaed1SRob Hughes .ptr = (void *)soc_fw_hash_buf, 28233bcaed1SRob Hughes .len = (unsigned int)HASH_DER_LEN 28333bcaed1SRob Hughes } 28433bcaed1SRob Hughes }, 28533bcaed1SRob Hughes [1] = { 28633bcaed1SRob Hughes .type_desc = &soc_fw_config_hash, 28733bcaed1SRob Hughes .data = { 28833bcaed1SRob Hughes .ptr = (void *)soc_fw_config_hash_buf, 28933bcaed1SRob Hughes .len = (unsigned int)HASH_DER_LEN 29033bcaed1SRob Hughes } 29133bcaed1SRob Hughes } 29233bcaed1SRob Hughes } 29333bcaed1SRob Hughes }; 29433bcaed1SRob Hughes static const auth_img_desc_t bl31_image = { 29533bcaed1SRob Hughes .img_id = BL31_IMAGE_ID, 29633bcaed1SRob Hughes .img_type = IMG_RAW, 29733bcaed1SRob Hughes .parent = &soc_fw_content_cert, 29833bcaed1SRob Hughes .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 29933bcaed1SRob Hughes [0] = { 30033bcaed1SRob Hughes .type = AUTH_METHOD_HASH, 30133bcaed1SRob Hughes .param.hash = { 30233bcaed1SRob Hughes .data = &raw_data, 30333bcaed1SRob Hughes .hash = &soc_fw_hash 30433bcaed1SRob Hughes } 30533bcaed1SRob Hughes } 30633bcaed1SRob Hughes } 30733bcaed1SRob Hughes }; 30833bcaed1SRob Hughes /* SOC FW Config */ 30933bcaed1SRob Hughes static const auth_img_desc_t soc_fw_config = { 31033bcaed1SRob Hughes .img_id = SOC_FW_CONFIG_ID, 31133bcaed1SRob Hughes .img_type = IMG_RAW, 31233bcaed1SRob Hughes .parent = &soc_fw_content_cert, 31333bcaed1SRob Hughes .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 31433bcaed1SRob Hughes [0] = { 31533bcaed1SRob Hughes .type = AUTH_METHOD_HASH, 31633bcaed1SRob Hughes .param.hash = { 31733bcaed1SRob Hughes .data = &raw_data, 31833bcaed1SRob Hughes .hash = &soc_fw_config_hash 31933bcaed1SRob Hughes } 32033bcaed1SRob Hughes } 32133bcaed1SRob Hughes } 32233bcaed1SRob Hughes }; 32333bcaed1SRob Hughes /* 32433bcaed1SRob Hughes * Trusted OS Firmware 32533bcaed1SRob Hughes */ 32633bcaed1SRob Hughes static const auth_img_desc_t trusted_os_fw_key_cert = { 32733bcaed1SRob Hughes .img_id = TRUSTED_OS_FW_KEY_CERT_ID, 32833bcaed1SRob Hughes .img_type = IMG_CERT, 32933bcaed1SRob Hughes .parent = &trusted_key_cert, 33033bcaed1SRob Hughes .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 33133bcaed1SRob Hughes [0] = { 33233bcaed1SRob Hughes .type = AUTH_METHOD_SIG, 33333bcaed1SRob Hughes .param.sig = { 33433bcaed1SRob Hughes .pk = &trusted_world_pk, 33533bcaed1SRob Hughes .sig = &sig, 33633bcaed1SRob Hughes .alg = &sig_alg, 33733bcaed1SRob Hughes .data = &raw_data 33833bcaed1SRob Hughes } 33933bcaed1SRob Hughes }, 34033bcaed1SRob Hughes [1] = { 34133bcaed1SRob Hughes .type = AUTH_METHOD_NV_CTR, 34233bcaed1SRob Hughes .param.nv_ctr = { 34333bcaed1SRob Hughes .cert_nv_ctr = &trusted_nv_ctr, 34433bcaed1SRob Hughes .plat_nv_ctr = &trusted_nv_ctr 34533bcaed1SRob Hughes } 34633bcaed1SRob Hughes } 34733bcaed1SRob Hughes }, 34833bcaed1SRob Hughes .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 34933bcaed1SRob Hughes [0] = { 35033bcaed1SRob Hughes .type_desc = &tos_fw_content_pk, 35133bcaed1SRob Hughes .data = { 35233bcaed1SRob Hughes .ptr = (void *)content_pk_buf, 35333bcaed1SRob Hughes .len = (unsigned int)PK_DER_LEN 35433bcaed1SRob Hughes } 35533bcaed1SRob Hughes } 35633bcaed1SRob Hughes } 35733bcaed1SRob Hughes }; 35833bcaed1SRob Hughes static const auth_img_desc_t trusted_os_fw_content_cert = { 35933bcaed1SRob Hughes .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID, 36033bcaed1SRob Hughes .img_type = IMG_CERT, 36133bcaed1SRob Hughes .parent = &trusted_os_fw_key_cert, 36233bcaed1SRob Hughes .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 36333bcaed1SRob Hughes [0] = { 36433bcaed1SRob Hughes .type = AUTH_METHOD_SIG, 36533bcaed1SRob Hughes .param.sig = { 36633bcaed1SRob Hughes .pk = &tos_fw_content_pk, 36733bcaed1SRob Hughes .sig = &sig, 36833bcaed1SRob Hughes .alg = &sig_alg, 36933bcaed1SRob Hughes .data = &raw_data 37033bcaed1SRob Hughes } 37133bcaed1SRob Hughes }, 37233bcaed1SRob Hughes [1] = { 37333bcaed1SRob Hughes .type = AUTH_METHOD_NV_CTR, 37433bcaed1SRob Hughes .param.nv_ctr = { 37533bcaed1SRob Hughes .cert_nv_ctr = &trusted_nv_ctr, 37633bcaed1SRob Hughes .plat_nv_ctr = &trusted_nv_ctr 37733bcaed1SRob Hughes } 37833bcaed1SRob Hughes } 37933bcaed1SRob Hughes }, 38033bcaed1SRob Hughes .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 38133bcaed1SRob Hughes [0] = { 38233bcaed1SRob Hughes .type_desc = &tos_fw_hash, 38333bcaed1SRob Hughes .data = { 38433bcaed1SRob Hughes .ptr = (void *)tos_fw_hash_buf, 38533bcaed1SRob Hughes .len = (unsigned int)HASH_DER_LEN 38633bcaed1SRob Hughes } 38733bcaed1SRob Hughes }, 38833bcaed1SRob Hughes [1] = { 38933bcaed1SRob Hughes .type_desc = &tos_fw_extra1_hash, 39033bcaed1SRob Hughes .data = { 39133bcaed1SRob Hughes .ptr = (void *)tos_fw_extra1_hash_buf, 39233bcaed1SRob Hughes .len = (unsigned int)HASH_DER_LEN 39333bcaed1SRob Hughes } 39433bcaed1SRob Hughes }, 39533bcaed1SRob Hughes [2] = { 39633bcaed1SRob Hughes .type_desc = &tos_fw_extra2_hash, 39733bcaed1SRob Hughes .data = { 39833bcaed1SRob Hughes .ptr = (void *)tos_fw_extra2_hash_buf, 39933bcaed1SRob Hughes .len = (unsigned int)HASH_DER_LEN 40033bcaed1SRob Hughes } 40133bcaed1SRob Hughes }, 40233bcaed1SRob Hughes [3] = { 40333bcaed1SRob Hughes .type_desc = &tos_fw_config_hash, 40433bcaed1SRob Hughes .data = { 40533bcaed1SRob Hughes .ptr = (void *)tos_fw_config_hash_buf, 40633bcaed1SRob Hughes .len = (unsigned int)HASH_DER_LEN 40733bcaed1SRob Hughes } 40833bcaed1SRob Hughes } 40933bcaed1SRob Hughes } 41033bcaed1SRob Hughes }; 41133bcaed1SRob Hughes static const auth_img_desc_t bl32_image = { 41233bcaed1SRob Hughes .img_id = BL32_IMAGE_ID, 41333bcaed1SRob Hughes .img_type = IMG_RAW, 41433bcaed1SRob Hughes .parent = &trusted_os_fw_content_cert, 41533bcaed1SRob Hughes .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 41633bcaed1SRob Hughes [0] = { 41733bcaed1SRob Hughes .type = AUTH_METHOD_HASH, 41833bcaed1SRob Hughes .param.hash = { 41933bcaed1SRob Hughes .data = &raw_data, 42033bcaed1SRob Hughes .hash = &tos_fw_hash 42133bcaed1SRob Hughes } 42233bcaed1SRob Hughes } 42333bcaed1SRob Hughes } 42433bcaed1SRob Hughes }; 42533bcaed1SRob Hughes static const auth_img_desc_t bl32_extra1_image = { 42633bcaed1SRob Hughes .img_id = BL32_EXTRA1_IMAGE_ID, 42733bcaed1SRob Hughes .img_type = IMG_RAW, 42833bcaed1SRob Hughes .parent = &trusted_os_fw_content_cert, 42933bcaed1SRob Hughes .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 43033bcaed1SRob Hughes [0] = { 43133bcaed1SRob Hughes .type = AUTH_METHOD_HASH, 43233bcaed1SRob Hughes .param.hash = { 43333bcaed1SRob Hughes .data = &raw_data, 43433bcaed1SRob Hughes .hash = &tos_fw_extra1_hash 43533bcaed1SRob Hughes } 43633bcaed1SRob Hughes } 43733bcaed1SRob Hughes } 43833bcaed1SRob Hughes }; 43933bcaed1SRob Hughes static const auth_img_desc_t bl32_extra2_image = { 44033bcaed1SRob Hughes .img_id = BL32_EXTRA2_IMAGE_ID, 44133bcaed1SRob Hughes .img_type = IMG_RAW, 44233bcaed1SRob Hughes .parent = &trusted_os_fw_content_cert, 44333bcaed1SRob Hughes .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 44433bcaed1SRob Hughes [0] = { 44533bcaed1SRob Hughes .type = AUTH_METHOD_HASH, 44633bcaed1SRob Hughes .param.hash = { 44733bcaed1SRob Hughes .data = &raw_data, 44833bcaed1SRob Hughes .hash = &tos_fw_extra2_hash 44933bcaed1SRob Hughes } 45033bcaed1SRob Hughes } 45133bcaed1SRob Hughes } 45233bcaed1SRob Hughes }; 45333bcaed1SRob Hughes /* TOS FW Config */ 45433bcaed1SRob Hughes static const auth_img_desc_t tos_fw_config = { 45533bcaed1SRob Hughes .img_id = TOS_FW_CONFIG_ID, 45633bcaed1SRob Hughes .img_type = IMG_RAW, 45733bcaed1SRob Hughes .parent = &trusted_os_fw_content_cert, 45833bcaed1SRob Hughes .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 45933bcaed1SRob Hughes [0] = { 46033bcaed1SRob Hughes .type = AUTH_METHOD_HASH, 46133bcaed1SRob Hughes .param.hash = { 46233bcaed1SRob Hughes .data = &raw_data, 46333bcaed1SRob Hughes .hash = &tos_fw_config_hash 46433bcaed1SRob Hughes } 46533bcaed1SRob Hughes } 46633bcaed1SRob Hughes } 46733bcaed1SRob Hughes }; 46833bcaed1SRob Hughes /* 46933bcaed1SRob Hughes * Non-Trusted Firmware 47033bcaed1SRob Hughes */ 47133bcaed1SRob Hughes static const auth_img_desc_t non_trusted_fw_key_cert = { 47233bcaed1SRob Hughes .img_id = NON_TRUSTED_FW_KEY_CERT_ID, 47333bcaed1SRob Hughes .img_type = IMG_CERT, 47433bcaed1SRob Hughes .parent = &trusted_key_cert, 47533bcaed1SRob Hughes .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 47633bcaed1SRob Hughes [0] = { 47733bcaed1SRob Hughes .type = AUTH_METHOD_SIG, 47833bcaed1SRob Hughes .param.sig = { 47933bcaed1SRob Hughes .pk = &non_trusted_world_pk, 48033bcaed1SRob Hughes .sig = &sig, 48133bcaed1SRob Hughes .alg = &sig_alg, 48233bcaed1SRob Hughes .data = &raw_data 48333bcaed1SRob Hughes } 48433bcaed1SRob Hughes }, 48533bcaed1SRob Hughes [1] = { 48633bcaed1SRob Hughes .type = AUTH_METHOD_NV_CTR, 48733bcaed1SRob Hughes .param.nv_ctr = { 48833bcaed1SRob Hughes .cert_nv_ctr = &non_trusted_nv_ctr, 48933bcaed1SRob Hughes .plat_nv_ctr = &non_trusted_nv_ctr 49033bcaed1SRob Hughes } 49133bcaed1SRob Hughes } 49233bcaed1SRob Hughes }, 49333bcaed1SRob Hughes .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 49433bcaed1SRob Hughes [0] = { 49533bcaed1SRob Hughes .type_desc = &nt_fw_content_pk, 49633bcaed1SRob Hughes .data = { 49733bcaed1SRob Hughes .ptr = (void *)content_pk_buf, 49833bcaed1SRob Hughes .len = (unsigned int)PK_DER_LEN 49933bcaed1SRob Hughes } 50033bcaed1SRob Hughes } 50133bcaed1SRob Hughes } 50233bcaed1SRob Hughes }; 50333bcaed1SRob Hughes static const auth_img_desc_t non_trusted_fw_content_cert = { 50433bcaed1SRob Hughes .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID, 50533bcaed1SRob Hughes .img_type = IMG_CERT, 50633bcaed1SRob Hughes .parent = &non_trusted_fw_key_cert, 50733bcaed1SRob Hughes .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 50833bcaed1SRob Hughes [0] = { 50933bcaed1SRob Hughes .type = AUTH_METHOD_SIG, 51033bcaed1SRob Hughes .param.sig = { 51133bcaed1SRob Hughes .pk = &nt_fw_content_pk, 51233bcaed1SRob Hughes .sig = &sig, 51333bcaed1SRob Hughes .alg = &sig_alg, 51433bcaed1SRob Hughes .data = &raw_data 51533bcaed1SRob Hughes } 51633bcaed1SRob Hughes }, 51733bcaed1SRob Hughes [1] = { 51833bcaed1SRob Hughes .type = AUTH_METHOD_NV_CTR, 51933bcaed1SRob Hughes .param.nv_ctr = { 52033bcaed1SRob Hughes .cert_nv_ctr = &non_trusted_nv_ctr, 52133bcaed1SRob Hughes .plat_nv_ctr = &non_trusted_nv_ctr 52233bcaed1SRob Hughes } 52333bcaed1SRob Hughes } 52433bcaed1SRob Hughes }, 52533bcaed1SRob Hughes .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 52633bcaed1SRob Hughes [0] = { 52733bcaed1SRob Hughes .type_desc = &nt_world_bl_hash, 52833bcaed1SRob Hughes .data = { 52933bcaed1SRob Hughes .ptr = (void *)nt_world_bl_hash_buf, 53033bcaed1SRob Hughes .len = (unsigned int)HASH_DER_LEN 53133bcaed1SRob Hughes } 53233bcaed1SRob Hughes }, 53333bcaed1SRob Hughes [1] = { 53433bcaed1SRob Hughes .type_desc = &nt_fw_config_hash, 53533bcaed1SRob Hughes .data = { 53633bcaed1SRob Hughes .ptr = (void *)nt_fw_config_hash_buf, 53733bcaed1SRob Hughes .len = (unsigned int)HASH_DER_LEN 53833bcaed1SRob Hughes } 53933bcaed1SRob Hughes } 54033bcaed1SRob Hughes } 54133bcaed1SRob Hughes }; 54233bcaed1SRob Hughes static const auth_img_desc_t bl33_image = { 54333bcaed1SRob Hughes .img_id = BL33_IMAGE_ID, 54433bcaed1SRob Hughes .img_type = IMG_RAW, 54533bcaed1SRob Hughes .parent = &non_trusted_fw_content_cert, 54633bcaed1SRob Hughes .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 54733bcaed1SRob Hughes [0] = { 54833bcaed1SRob Hughes .type = AUTH_METHOD_HASH, 54933bcaed1SRob Hughes .param.hash = { 55033bcaed1SRob Hughes .data = &raw_data, 55133bcaed1SRob Hughes .hash = &nt_world_bl_hash 55233bcaed1SRob Hughes } 55333bcaed1SRob Hughes } 55433bcaed1SRob Hughes } 55533bcaed1SRob Hughes }; 55633bcaed1SRob Hughes /* NT FW Config */ 55733bcaed1SRob Hughes static const auth_img_desc_t nt_fw_config = { 55833bcaed1SRob Hughes .img_id = NT_FW_CONFIG_ID, 55933bcaed1SRob Hughes .img_type = IMG_RAW, 56033bcaed1SRob Hughes .parent = &non_trusted_fw_content_cert, 56133bcaed1SRob Hughes .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 56233bcaed1SRob Hughes [0] = { 56333bcaed1SRob Hughes .type = AUTH_METHOD_HASH, 56433bcaed1SRob Hughes .param.hash = { 56533bcaed1SRob Hughes .data = &raw_data, 56633bcaed1SRob Hughes .hash = &nt_fw_config_hash 56733bcaed1SRob Hughes } 56833bcaed1SRob Hughes } 56933bcaed1SRob Hughes } 57033bcaed1SRob Hughes }; 57133bcaed1SRob Hughes /* Secure Partitions */ 57233bcaed1SRob Hughes #if defined(SPD_spmd) 57333bcaed1SRob Hughes static const auth_img_desc_t sip_sp_content_cert = { 57433bcaed1SRob Hughes .img_id = SIP_SP_CONTENT_CERT_ID, 57533bcaed1SRob Hughes .img_type = IMG_CERT, 57633bcaed1SRob Hughes .parent = &trusted_key_cert, 57733bcaed1SRob Hughes .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 57833bcaed1SRob Hughes [0] = { 57933bcaed1SRob Hughes .type = AUTH_METHOD_SIG, 58033bcaed1SRob Hughes .param.sig = { 58133bcaed1SRob Hughes .pk = &trusted_world_pk, 58233bcaed1SRob Hughes .sig = &sig, 58333bcaed1SRob Hughes .alg = &sig_alg, 58433bcaed1SRob Hughes .data = &raw_data 58533bcaed1SRob Hughes } 58633bcaed1SRob Hughes }, 58733bcaed1SRob Hughes [1] = { 58833bcaed1SRob Hughes .type = AUTH_METHOD_NV_CTR, 58933bcaed1SRob Hughes .param.nv_ctr = { 59033bcaed1SRob Hughes .cert_nv_ctr = &trusted_nv_ctr, 59133bcaed1SRob Hughes .plat_nv_ctr = &trusted_nv_ctr 59233bcaed1SRob Hughes } 59333bcaed1SRob Hughes } 59433bcaed1SRob Hughes }, 59533bcaed1SRob Hughes .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 59633bcaed1SRob Hughes [0] = { 59733bcaed1SRob Hughes .type_desc = &sp_pkg1_hash, 59833bcaed1SRob Hughes .data = { 59933bcaed1SRob Hughes .ptr = (void *)sp_pkg_hash_buf[0], 60033bcaed1SRob Hughes .len = (unsigned int)HASH_DER_LEN 60133bcaed1SRob Hughes } 60233bcaed1SRob Hughes }, 60333bcaed1SRob Hughes [1] = { 60433bcaed1SRob Hughes .type_desc = &sp_pkg2_hash, 60533bcaed1SRob Hughes .data = { 60633bcaed1SRob Hughes .ptr = (void *)sp_pkg_hash_buf[1], 60733bcaed1SRob Hughes .len = (unsigned int)HASH_DER_LEN 60833bcaed1SRob Hughes } 60933bcaed1SRob Hughes }, 61033bcaed1SRob Hughes [2] = { 61133bcaed1SRob Hughes .type_desc = &sp_pkg3_hash, 61233bcaed1SRob Hughes .data = { 61333bcaed1SRob Hughes .ptr = (void *)sp_pkg_hash_buf[2], 61433bcaed1SRob Hughes .len = (unsigned int)HASH_DER_LEN 61533bcaed1SRob Hughes } 61633bcaed1SRob Hughes }, 61733bcaed1SRob Hughes [3] = { 61833bcaed1SRob Hughes .type_desc = &sp_pkg4_hash, 61933bcaed1SRob Hughes .data = { 62033bcaed1SRob Hughes .ptr = (void *)sp_pkg_hash_buf[3], 62133bcaed1SRob Hughes .len = (unsigned int)HASH_DER_LEN 62233bcaed1SRob Hughes } 62333bcaed1SRob Hughes }, 62433bcaed1SRob Hughes [4] = { 62533bcaed1SRob Hughes .type_desc = &sp_pkg5_hash, 62633bcaed1SRob Hughes .data = { 62733bcaed1SRob Hughes .ptr = (void *)sp_pkg_hash_buf[4], 62833bcaed1SRob Hughes .len = (unsigned int)HASH_DER_LEN 62933bcaed1SRob Hughes } 63033bcaed1SRob Hughes }, 63133bcaed1SRob Hughes [5] = { 63233bcaed1SRob Hughes .type_desc = &sp_pkg6_hash, 63333bcaed1SRob Hughes .data = { 63433bcaed1SRob Hughes .ptr = (void *)sp_pkg_hash_buf[5], 63533bcaed1SRob Hughes .len = (unsigned int)HASH_DER_LEN 63633bcaed1SRob Hughes } 63733bcaed1SRob Hughes }, 63833bcaed1SRob Hughes [6] = { 63933bcaed1SRob Hughes .type_desc = &sp_pkg7_hash, 64033bcaed1SRob Hughes .data = { 64133bcaed1SRob Hughes .ptr = (void *)sp_pkg_hash_buf[6], 64233bcaed1SRob Hughes .len = (unsigned int)HASH_DER_LEN 64333bcaed1SRob Hughes } 64433bcaed1SRob Hughes }, 64533bcaed1SRob Hughes [7] = { 64633bcaed1SRob Hughes .type_desc = &sp_pkg8_hash, 64733bcaed1SRob Hughes .data = { 64833bcaed1SRob Hughes .ptr = (void *)sp_pkg_hash_buf[7], 64933bcaed1SRob Hughes .len = (unsigned int)HASH_DER_LEN 65033bcaed1SRob Hughes } 65133bcaed1SRob Hughes } 65233bcaed1SRob Hughes } 65333bcaed1SRob Hughes }; 65433bcaed1SRob Hughes 65533bcaed1SRob Hughes DEFINE_SIP_SP_PKG(1); 65633bcaed1SRob Hughes DEFINE_SIP_SP_PKG(2); 65733bcaed1SRob Hughes DEFINE_SIP_SP_PKG(3); 65833bcaed1SRob Hughes DEFINE_SIP_SP_PKG(4); 65933bcaed1SRob Hughes DEFINE_SIP_SP_PKG(5); 66033bcaed1SRob Hughes DEFINE_SIP_SP_PKG(6); 66133bcaed1SRob Hughes DEFINE_SIP_SP_PKG(7); 66233bcaed1SRob Hughes DEFINE_SIP_SP_PKG(8); 66333bcaed1SRob Hughes #endif /* SPD_spmd */ 66433bcaed1SRob Hughes 665352366edSRajasekaran Kalidoss #if ETHOSN_NPU_TZMP1 66633bcaed1SRob Hughes static const auth_img_desc_t npu_fw_key_cert = { 667352366edSRajasekaran Kalidoss .img_id = ETHOSN_NPU_FW_KEY_CERT_ID, 66833bcaed1SRob Hughes .img_type = IMG_CERT, 66933bcaed1SRob Hughes .parent = &trusted_key_cert, 67033bcaed1SRob Hughes .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 67133bcaed1SRob Hughes [0] = { 67233bcaed1SRob Hughes .type = AUTH_METHOD_SIG, 67333bcaed1SRob Hughes .param.sig = { 67433bcaed1SRob Hughes .pk = &non_trusted_world_pk, 67533bcaed1SRob Hughes .sig = &sig, 67633bcaed1SRob Hughes .alg = &sig_alg, 67733bcaed1SRob Hughes .data = &raw_data 67833bcaed1SRob Hughes } 67933bcaed1SRob Hughes }, 68033bcaed1SRob Hughes [1] = { 68133bcaed1SRob Hughes .type = AUTH_METHOD_NV_CTR, 68233bcaed1SRob Hughes .param.nv_ctr = { 68333bcaed1SRob Hughes .cert_nv_ctr = &non_trusted_nv_ctr, 68433bcaed1SRob Hughes .plat_nv_ctr = &non_trusted_nv_ctr 68533bcaed1SRob Hughes } 68633bcaed1SRob Hughes } 68733bcaed1SRob Hughes }, 68833bcaed1SRob Hughes .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 68933bcaed1SRob Hughes [0] = { 69033bcaed1SRob Hughes .type_desc = &npu_fw_cert_pk, 69133bcaed1SRob Hughes .data = { 69233bcaed1SRob Hughes .ptr = (void *)content_pk_buf, 69333bcaed1SRob Hughes .len = (unsigned int)PK_DER_LEN 69433bcaed1SRob Hughes } 69533bcaed1SRob Hughes } 69633bcaed1SRob Hughes } 69733bcaed1SRob Hughes }; 69833bcaed1SRob Hughes 69933bcaed1SRob Hughes static const auth_img_desc_t npu_fw_content_cert = { 700352366edSRajasekaran Kalidoss .img_id = ETHOSN_NPU_FW_CONTENT_CERT_ID, 70133bcaed1SRob Hughes .img_type = IMG_CERT, 70233bcaed1SRob Hughes .parent = &npu_fw_key_cert, 70333bcaed1SRob Hughes .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 70433bcaed1SRob Hughes [0] = { 70533bcaed1SRob Hughes .type = AUTH_METHOD_SIG, 70633bcaed1SRob Hughes .param.sig = { 70733bcaed1SRob Hughes .pk = &npu_fw_cert_pk, 70833bcaed1SRob Hughes .sig = &sig, 70933bcaed1SRob Hughes .alg = &sig_alg, 71033bcaed1SRob Hughes .data = &raw_data 71133bcaed1SRob Hughes } 71233bcaed1SRob Hughes }, 71333bcaed1SRob Hughes [1] = { 71433bcaed1SRob Hughes .type = AUTH_METHOD_NV_CTR, 71533bcaed1SRob Hughes .param.nv_ctr = { 71633bcaed1SRob Hughes .cert_nv_ctr = &non_trusted_nv_ctr, 71733bcaed1SRob Hughes .plat_nv_ctr = &non_trusted_nv_ctr 71833bcaed1SRob Hughes } 71933bcaed1SRob Hughes } 72033bcaed1SRob Hughes }, 72133bcaed1SRob Hughes .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 72233bcaed1SRob Hughes [0] = { 72333bcaed1SRob Hughes .type_desc = &npu_fw_image_hash, 72433bcaed1SRob Hughes .data = { 72533bcaed1SRob Hughes .ptr = (void *)npu_fw_image_hash_buf, 72633bcaed1SRob Hughes .len = (unsigned int)HASH_DER_LEN 72733bcaed1SRob Hughes } 72833bcaed1SRob Hughes }, 72933bcaed1SRob Hughes } 73033bcaed1SRob Hughes }; 73133bcaed1SRob Hughes 73233bcaed1SRob Hughes static const auth_img_desc_t npu_fw_image = { 733352366edSRajasekaran Kalidoss .img_id = ETHOSN_NPU_FW_IMAGE_ID, 73433bcaed1SRob Hughes .img_type = IMG_RAW, 73533bcaed1SRob Hughes .parent = &npu_fw_content_cert, 73633bcaed1SRob Hughes .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 73733bcaed1SRob Hughes [0] = { 73833bcaed1SRob Hughes .type = AUTH_METHOD_HASH, 73933bcaed1SRob Hughes .param.hash = { 74033bcaed1SRob Hughes .data = &raw_data, 74133bcaed1SRob Hughes .hash = &npu_fw_image_hash 74233bcaed1SRob Hughes } 74333bcaed1SRob Hughes } 74433bcaed1SRob Hughes } 74533bcaed1SRob Hughes }; 746352366edSRajasekaran Kalidoss #endif /* ETHOSN_NPU_TZMP1 */ 74733bcaed1SRob Hughes 748*3e2aa0d8SManish V Badarkhe /* HW Config */ 749*3e2aa0d8SManish V Badarkhe static const auth_img_desc_t hw_config = { 750*3e2aa0d8SManish V Badarkhe .img_id = HW_CONFIG_ID, 751*3e2aa0d8SManish V Badarkhe .img_type = IMG_RAW, 752*3e2aa0d8SManish V Badarkhe .parent = &trusted_boot_fw_cert, 753*3e2aa0d8SManish V Badarkhe .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 754*3e2aa0d8SManish V Badarkhe [0] = { 755*3e2aa0d8SManish V Badarkhe .type = AUTH_METHOD_HASH, 756*3e2aa0d8SManish V Badarkhe .param.hash = { 757*3e2aa0d8SManish V Badarkhe .data = &raw_data, 758*3e2aa0d8SManish V Badarkhe .hash = &hw_config_hash 759*3e2aa0d8SManish V Badarkhe } 760*3e2aa0d8SManish V Badarkhe } 761*3e2aa0d8SManish V Badarkhe } 762*3e2aa0d8SManish V Badarkhe }; 76333bcaed1SRob Hughes 76433bcaed1SRob Hughes static const auth_img_desc_t * const cot_desc[] = { 76533bcaed1SRob Hughes [TRUSTED_BOOT_FW_CERT_ID] = &trusted_boot_fw_cert, 76633bcaed1SRob Hughes [HW_CONFIG_ID] = &hw_config, 76733bcaed1SRob Hughes [TRUSTED_KEY_CERT_ID] = &trusted_key_cert, 76833bcaed1SRob Hughes [SCP_FW_KEY_CERT_ID] = &scp_fw_key_cert, 76933bcaed1SRob Hughes [SCP_FW_CONTENT_CERT_ID] = &scp_fw_content_cert, 77033bcaed1SRob Hughes [SCP_BL2_IMAGE_ID] = &scp_bl2_image, 77133bcaed1SRob Hughes [SOC_FW_KEY_CERT_ID] = &soc_fw_key_cert, 77233bcaed1SRob Hughes [SOC_FW_CONTENT_CERT_ID] = &soc_fw_content_cert, 77333bcaed1SRob Hughes [BL31_IMAGE_ID] = &bl31_image, 77433bcaed1SRob Hughes [SOC_FW_CONFIG_ID] = &soc_fw_config, 77533bcaed1SRob Hughes [TRUSTED_OS_FW_KEY_CERT_ID] = &trusted_os_fw_key_cert, 77633bcaed1SRob Hughes [TRUSTED_OS_FW_CONTENT_CERT_ID] = &trusted_os_fw_content_cert, 77733bcaed1SRob Hughes [BL32_IMAGE_ID] = &bl32_image, 77833bcaed1SRob Hughes [BL32_EXTRA1_IMAGE_ID] = &bl32_extra1_image, 77933bcaed1SRob Hughes [BL32_EXTRA2_IMAGE_ID] = &bl32_extra2_image, 78033bcaed1SRob Hughes [TOS_FW_CONFIG_ID] = &tos_fw_config, 78133bcaed1SRob Hughes [NON_TRUSTED_FW_KEY_CERT_ID] = &non_trusted_fw_key_cert, 78233bcaed1SRob Hughes [NON_TRUSTED_FW_CONTENT_CERT_ID] = &non_trusted_fw_content_cert, 78333bcaed1SRob Hughes [BL33_IMAGE_ID] = &bl33_image, 78433bcaed1SRob Hughes [NT_FW_CONFIG_ID] = &nt_fw_config, 78533bcaed1SRob Hughes #if defined(SPD_spmd) 78633bcaed1SRob Hughes [SIP_SP_CONTENT_CERT_ID] = &sip_sp_content_cert, 78733bcaed1SRob Hughes [SP_PKG1_ID] = &sp_pkg1, 78833bcaed1SRob Hughes [SP_PKG2_ID] = &sp_pkg2, 78933bcaed1SRob Hughes [SP_PKG3_ID] = &sp_pkg3, 79033bcaed1SRob Hughes [SP_PKG4_ID] = &sp_pkg4, 79133bcaed1SRob Hughes [SP_PKG5_ID] = &sp_pkg5, 79233bcaed1SRob Hughes [SP_PKG6_ID] = &sp_pkg6, 79333bcaed1SRob Hughes [SP_PKG7_ID] = &sp_pkg7, 79433bcaed1SRob Hughes [SP_PKG8_ID] = &sp_pkg8, 79533bcaed1SRob Hughes #endif 796352366edSRajasekaran Kalidoss #if ETHOSN_NPU_TZMP1 797352366edSRajasekaran Kalidoss [ETHOSN_NPU_FW_KEY_CERT_ID] = &npu_fw_key_cert, 798352366edSRajasekaran Kalidoss [ETHOSN_NPU_FW_CONTENT_CERT_ID] = &npu_fw_content_cert, 799352366edSRajasekaran Kalidoss [ETHOSN_NPU_FW_IMAGE_ID] = &npu_fw_image, 800352366edSRajasekaran Kalidoss #endif /* ETHOSN_NPU_TZMP1 */ 80133bcaed1SRob Hughes }; 80233bcaed1SRob Hughes 80333bcaed1SRob Hughes /* Register the CoT in the authentication module */ 80433bcaed1SRob Hughes REGISTER_COT(cot_desc); 805