1*d35dee23Sdp-arm /* 2*d35dee23Sdp-arm * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved. 3*d35dee23Sdp-arm * 4*d35dee23Sdp-arm * Redistribution and use in source and binary forms, with or without 5*d35dee23Sdp-arm * modification, are permitted provided that the following conditions are met: 6*d35dee23Sdp-arm * 7*d35dee23Sdp-arm * Redistributions of source code must retain the above copyright notice, this 8*d35dee23Sdp-arm * list of conditions and the following disclaimer. 9*d35dee23Sdp-arm * 10*d35dee23Sdp-arm * Redistributions in binary form must reproduce the above copyright notice, 11*d35dee23Sdp-arm * this list of conditions and the following disclaimer in the documentation 12*d35dee23Sdp-arm * and/or other materials provided with the distribution. 13*d35dee23Sdp-arm * 14*d35dee23Sdp-arm * Neither the name of ARM nor the names of its contributors may be used 15*d35dee23Sdp-arm * to endorse or promote products derived from this software without specific 16*d35dee23Sdp-arm * prior written permission. 17*d35dee23Sdp-arm * 18*d35dee23Sdp-arm * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 19*d35dee23Sdp-arm * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20*d35dee23Sdp-arm * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21*d35dee23Sdp-arm * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 22*d35dee23Sdp-arm * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23*d35dee23Sdp-arm * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24*d35dee23Sdp-arm * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25*d35dee23Sdp-arm * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26*d35dee23Sdp-arm * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27*d35dee23Sdp-arm * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28*d35dee23Sdp-arm * POSSIBILITY OF SUCH DAMAGE. 29*d35dee23Sdp-arm */ 30*d35dee23Sdp-arm 31*d35dee23Sdp-arm #include <assert.h> 32*d35dee23Sdp-arm #include <auth/auth_mod.h> 33*d35dee23Sdp-arm #include <platform.h> 34*d35dee23Sdp-arm #include <platform_oid.h> 35*d35dee23Sdp-arm #include <string.h> 36*d35dee23Sdp-arm 37*d35dee23Sdp-arm /* 38*d35dee23Sdp-arm * Store a new non-volatile counter value. This implementation 39*d35dee23Sdp-arm * only allows updating of the platform's Trusted NV counter when a 40*d35dee23Sdp-arm * certificate protected by the Trusted NV counter is signed with 41*d35dee23Sdp-arm * the ROT key. This avoids a compromised secondary certificate from 42*d35dee23Sdp-arm * updating the platform's Trusted NV counter, which could lead to the 43*d35dee23Sdp-arm * platform becoming unusable. The function is suitable for all TBBR 44*d35dee23Sdp-arm * compliant platforms. 45*d35dee23Sdp-arm * 46*d35dee23Sdp-arm * Return: 0 = success, Otherwise = error 47*d35dee23Sdp-arm */ 48*d35dee23Sdp-arm int plat_set_nv_ctr2(void *cookie, const auth_img_desc_t *img_desc, 49*d35dee23Sdp-arm unsigned int nv_ctr) 50*d35dee23Sdp-arm { 51*d35dee23Sdp-arm int trusted_nv_ctr; 52*d35dee23Sdp-arm 53*d35dee23Sdp-arm assert(cookie != NULL); 54*d35dee23Sdp-arm assert(img_desc != NULL); 55*d35dee23Sdp-arm 56*d35dee23Sdp-arm trusted_nv_ctr = strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0; 57*d35dee23Sdp-arm 58*d35dee23Sdp-arm /* 59*d35dee23Sdp-arm * Only update the Trusted NV Counter if the certificate 60*d35dee23Sdp-arm * has been signed with the ROT key. Non Trusted NV counter 61*d35dee23Sdp-arm * updates are unconditional. 62*d35dee23Sdp-arm */ 63*d35dee23Sdp-arm if (!trusted_nv_ctr || (trusted_nv_ctr && img_desc->parent == NULL)) 64*d35dee23Sdp-arm return plat_set_nv_ctr(cookie, nv_ctr); 65*d35dee23Sdp-arm 66*d35dee23Sdp-arm /* 67*d35dee23Sdp-arm * Trusted certificates not signed with the ROT key are not 68*d35dee23Sdp-arm * allowed to update the Trusted NV Counter. 69*d35dee23Sdp-arm */ 70*d35dee23Sdp-arm return 1; 71*d35dee23Sdp-arm } 72