1d35dee23Sdp-arm /* 2d35dee23Sdp-arm * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved. 3d35dee23Sdp-arm * 4d35dee23Sdp-arm * Redistribution and use in source and binary forms, with or without 5d35dee23Sdp-arm * modification, are permitted provided that the following conditions are met: 6d35dee23Sdp-arm * 7d35dee23Sdp-arm * Redistributions of source code must retain the above copyright notice, this 8d35dee23Sdp-arm * list of conditions and the following disclaimer. 9d35dee23Sdp-arm * 10d35dee23Sdp-arm * Redistributions in binary form must reproduce the above copyright notice, 11d35dee23Sdp-arm * this list of conditions and the following disclaimer in the documentation 12d35dee23Sdp-arm * and/or other materials provided with the distribution. 13d35dee23Sdp-arm * 14d35dee23Sdp-arm * Neither the name of ARM nor the names of its contributors may be used 15d35dee23Sdp-arm * to endorse or promote products derived from this software without specific 16d35dee23Sdp-arm * prior written permission. 17d35dee23Sdp-arm * 18d35dee23Sdp-arm * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 19d35dee23Sdp-arm * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20d35dee23Sdp-arm * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21d35dee23Sdp-arm * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 22d35dee23Sdp-arm * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23d35dee23Sdp-arm * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24d35dee23Sdp-arm * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25d35dee23Sdp-arm * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26d35dee23Sdp-arm * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27d35dee23Sdp-arm * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28d35dee23Sdp-arm * POSSIBILITY OF SUCH DAMAGE. 29d35dee23Sdp-arm */ 30d35dee23Sdp-arm 31d35dee23Sdp-arm #include <assert.h> 32d35dee23Sdp-arm #include <auth/auth_mod.h> 33d35dee23Sdp-arm #include <platform.h> 34d35dee23Sdp-arm #include <platform_oid.h> 35d35dee23Sdp-arm #include <string.h> 36d35dee23Sdp-arm 37d35dee23Sdp-arm /* 38d35dee23Sdp-arm * Store a new non-volatile counter value. This implementation 39d35dee23Sdp-arm * only allows updating of the platform's Trusted NV counter when a 40d35dee23Sdp-arm * certificate protected by the Trusted NV counter is signed with 41d35dee23Sdp-arm * the ROT key. This avoids a compromised secondary certificate from 42d35dee23Sdp-arm * updating the platform's Trusted NV counter, which could lead to the 43d35dee23Sdp-arm * platform becoming unusable. The function is suitable for all TBBR 44d35dee23Sdp-arm * compliant platforms. 45d35dee23Sdp-arm * 46d35dee23Sdp-arm * Return: 0 = success, Otherwise = error 47d35dee23Sdp-arm */ 48d35dee23Sdp-arm int plat_set_nv_ctr2(void *cookie, const auth_img_desc_t *img_desc, 49d35dee23Sdp-arm unsigned int nv_ctr) 50d35dee23Sdp-arm { 51d35dee23Sdp-arm int trusted_nv_ctr; 52d35dee23Sdp-arm 53d35dee23Sdp-arm assert(cookie != NULL); 54d35dee23Sdp-arm assert(img_desc != NULL); 55d35dee23Sdp-arm 56d35dee23Sdp-arm trusted_nv_ctr = strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0; 57d35dee23Sdp-arm 58d35dee23Sdp-arm /* 59d35dee23Sdp-arm * Only update the Trusted NV Counter if the certificate 60d35dee23Sdp-arm * has been signed with the ROT key. Non Trusted NV counter 61d35dee23Sdp-arm * updates are unconditional. 62d35dee23Sdp-arm */ 63*f3ded378Sdp-arm if (!trusted_nv_ctr || img_desc->parent == NULL) 64d35dee23Sdp-arm return plat_set_nv_ctr(cookie, nv_ctr); 65d35dee23Sdp-arm 66d35dee23Sdp-arm /* 67d35dee23Sdp-arm * Trusted certificates not signed with the ROT key are not 68d35dee23Sdp-arm * allowed to update the Trusted NV Counter. 69d35dee23Sdp-arm */ 70d35dee23Sdp-arm return 1; 71d35dee23Sdp-arm } 72