1 /* 2 * Copyright 2018-2021 NXP 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 * 6 * 7 */ 8 9 #include <errno.h> 10 11 #include <common/debug.h> 12 #include <csf_hdr.h> 13 #include <dcfg.h> 14 #include <drivers/auth/crypto_mod.h> 15 #include <snvs.h> 16 17 #include <plat/common/platform.h> 18 #include "plat_common.h" 19 20 extern bool rotpk_not_dpld; 21 extern uint8_t rotpk_hash_table[MAX_KEY_ENTRIES][SHA256_BYTES]; 22 extern uint32_t num_rotpk_hash_entries; 23 24 /* 25 * In case of secure boot, return ptr of rotpk_hash table in key_ptr and 26 * number of hashes in key_len 27 */ 28 int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len, 29 unsigned int *flags) 30 { 31 uint32_t mode = 0U; 32 *flags = ROTPK_NOT_DEPLOYED; 33 34 /* ROTPK hash table must be available for secure boot */ 35 if (rotpk_not_dpld == true) { 36 if (check_boot_mode_secure(&mode) == true) { 37 /* Production mode, don;t continue further */ 38 if (mode == 1U) { 39 return -EAUTH; 40 } 41 42 /* For development mode, rotpk flag false 43 * indicates that SRK hash comparison might 44 * have failed. This is not fatal error. 45 * Continue in this case but transition SNVS 46 * to non-secure state 47 */ 48 transition_snvs_non_secure(); 49 return 0; 50 } else { 51 return 0; 52 } 53 } 54 55 /* 56 * We return the complete hash table and number of entries in 57 * table for NXP platform specific implementation. 58 * Here hash is always assume as SHA-256 59 */ 60 *key_ptr = rotpk_hash_table; 61 *key_len = num_rotpk_hash_entries; 62 *flags = ROTPK_IS_HASH; 63 64 return 0; 65 } 66 67 int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr) 68 { 69 /* 70 * No support for non-volatile counter. Update the ROT key to protect 71 * the system against rollback. 72 */ 73 *nv_ctr = 0U; 74 75 return 0; 76 } 77 78 int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr) 79 { 80 return 0; 81 } 82