1 /* 2 * Copyright (c) 2022, Arm Limited. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <stddef.h> 8 9 #include <drivers/auth/auth_mod.h> 10 #include MBEDTLS_CONFIG_FILE 11 #include <tools_share/cca_oid.h> 12 13 #include <platform_def.h> 14 15 /* 16 * Allocate static buffers to store the authentication parameters extracted from 17 * the certificates. 18 */ 19 static unsigned char fw_config_hash_buf[HASH_DER_LEN]; 20 static unsigned char tb_fw_hash_buf[HASH_DER_LEN]; 21 static unsigned char tb_fw_config_hash_buf[HASH_DER_LEN]; 22 static unsigned char hw_config_hash_buf[HASH_DER_LEN]; 23 static unsigned char soc_fw_hash_buf[HASH_DER_LEN]; 24 static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN]; 25 static unsigned char rmm_hash_buf[HASH_DER_LEN]; 26 27 #ifdef IMAGE_BL2 28 static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN]; 29 static unsigned char tos_fw_hash_buf[HASH_DER_LEN]; 30 static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN]; 31 static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN]; 32 #if defined(SPD_spmd) 33 static unsigned char sp_pkg_hash_buf[MAX_SP_IDS][HASH_DER_LEN]; 34 #endif /* SPD_spmd */ 35 36 static unsigned char core_swd_pk_buf[PK_DER_LEN]; 37 static unsigned char plat_pk_buf[PK_DER_LEN]; 38 #endif /* IMAGE_BL2 */ 39 40 /* 41 * Parameter type descriptors. 42 */ 43 static auth_param_type_desc_t trusted_nv_ctr = AUTH_PARAM_TYPE_DESC( 44 AUTH_PARAM_NV_CTR, TRUSTED_FW_NVCOUNTER_OID); 45 static auth_param_type_desc_t subject_pk = AUTH_PARAM_TYPE_DESC( 46 AUTH_PARAM_PUB_KEY, 0); 47 static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC( 48 AUTH_PARAM_SIG, 0); 49 static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC( 50 AUTH_PARAM_SIG_ALG, 0); 51 static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC( 52 AUTH_PARAM_RAW_DATA, 0); 53 54 static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC( 55 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID); 56 static auth_param_type_desc_t tb_fw_config_hash = AUTH_PARAM_TYPE_DESC( 57 AUTH_PARAM_HASH, TRUSTED_BOOT_FW_CONFIG_HASH_OID); 58 static auth_param_type_desc_t hw_config_hash = AUTH_PARAM_TYPE_DESC( 59 AUTH_PARAM_HASH, HW_CONFIG_HASH_OID); 60 static auth_param_type_desc_t fw_config_hash = AUTH_PARAM_TYPE_DESC( 61 AUTH_PARAM_HASH, FW_CONFIG_HASH_OID); 62 static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC( 63 AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID); 64 static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC( 65 AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID); 66 static auth_param_type_desc_t rmm_hash = AUTH_PARAM_TYPE_DESC( 67 AUTH_PARAM_HASH, RMM_HASH_OID); 68 69 #ifdef IMAGE_BL2 70 static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC( 71 AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID); 72 73 static auth_param_type_desc_t prot_pk = AUTH_PARAM_TYPE_DESC( 74 AUTH_PARAM_PUB_KEY, PROT_PK_OID); 75 static auth_param_type_desc_t swd_rot_pk = AUTH_PARAM_TYPE_DESC( 76 AUTH_PARAM_PUB_KEY, SWD_ROT_PK_OID); 77 static auth_param_type_desc_t core_swd_pk = AUTH_PARAM_TYPE_DESC( 78 AUTH_PARAM_PUB_KEY, CORE_SWD_PK_OID); 79 static auth_param_type_desc_t plat_pk = AUTH_PARAM_TYPE_DESC( 80 AUTH_PARAM_PUB_KEY, PLAT_PK_OID); 81 82 static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC( 83 AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID); 84 static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC( 85 AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID); 86 static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC( 87 AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID); 88 static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC( 89 AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID); 90 #if defined(SPD_spmd) 91 static auth_param_type_desc_t sp_pkg1_hash = AUTH_PARAM_TYPE_DESC( 92 AUTH_PARAM_HASH, SP_PKG1_HASH_OID); 93 static auth_param_type_desc_t sp_pkg2_hash = AUTH_PARAM_TYPE_DESC( 94 AUTH_PARAM_HASH, SP_PKG2_HASH_OID); 95 static auth_param_type_desc_t sp_pkg3_hash = AUTH_PARAM_TYPE_DESC( 96 AUTH_PARAM_HASH, SP_PKG3_HASH_OID); 97 static auth_param_type_desc_t sp_pkg4_hash = AUTH_PARAM_TYPE_DESC( 98 AUTH_PARAM_HASH, SP_PKG4_HASH_OID); 99 static auth_param_type_desc_t sp_pkg5_hash = AUTH_PARAM_TYPE_DESC( 100 AUTH_PARAM_HASH, SP_PKG5_HASH_OID); 101 static auth_param_type_desc_t sp_pkg6_hash = AUTH_PARAM_TYPE_DESC( 102 AUTH_PARAM_HASH, SP_PKG6_HASH_OID); 103 static auth_param_type_desc_t sp_pkg7_hash = AUTH_PARAM_TYPE_DESC( 104 AUTH_PARAM_HASH, SP_PKG7_HASH_OID); 105 static auth_param_type_desc_t sp_pkg8_hash = AUTH_PARAM_TYPE_DESC( 106 AUTH_PARAM_HASH, SP_PKG8_HASH_OID); 107 #endif /* SPD_spmd */ 108 #endif /* IMAGE_BL2 */ 109 110 /* CCA Content Certificate */ 111 static const auth_img_desc_t cca_content_cert = { 112 .img_id = CCA_CONTENT_CERT_ID, 113 .img_type = IMG_CERT, 114 .parent = NULL, 115 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 116 [0] = { 117 .type = AUTH_METHOD_SIG, 118 .param.sig = { 119 .pk = &subject_pk, 120 .sig = &sig, 121 .alg = &sig_alg, 122 .data = &raw_data 123 } 124 }, 125 [1] = { 126 .type = AUTH_METHOD_NV_CTR, 127 .param.nv_ctr = { 128 .cert_nv_ctr = &trusted_nv_ctr, 129 .plat_nv_ctr = &trusted_nv_ctr 130 } 131 } 132 }, 133 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 134 [0] = { 135 .type_desc = &tb_fw_hash, 136 .data = { 137 .ptr = (void *)tb_fw_hash_buf, 138 .len = (unsigned int)HASH_DER_LEN 139 } 140 }, 141 [1] = { 142 .type_desc = &tb_fw_config_hash, 143 .data = { 144 .ptr = (void *)tb_fw_config_hash_buf, 145 .len = (unsigned int)HASH_DER_LEN 146 } 147 }, 148 [2] = { 149 .type_desc = &fw_config_hash, 150 .data = { 151 .ptr = (void *)fw_config_hash_buf, 152 .len = (unsigned int)HASH_DER_LEN 153 } 154 }, 155 [3] = { 156 .type_desc = &hw_config_hash, 157 .data = { 158 .ptr = (void *)hw_config_hash_buf, 159 .len = (unsigned int)HASH_DER_LEN 160 } 161 }, 162 [4] = { 163 .type_desc = &soc_fw_hash, 164 .data = { 165 .ptr = (void *)soc_fw_hash_buf, 166 .len = (unsigned int)HASH_DER_LEN 167 } 168 }, 169 [5] = { 170 .type_desc = &soc_fw_config_hash, 171 .data = { 172 .ptr = (void *)soc_fw_config_hash_buf, 173 .len = (unsigned int)HASH_DER_LEN 174 } 175 }, 176 [6] = { 177 .type_desc = &rmm_hash, 178 .data = { 179 .ptr = (void *)rmm_hash_buf, 180 .len = (unsigned int)HASH_DER_LEN 181 } 182 } 183 } 184 }; 185 186 #ifdef IMAGE_BL1 187 static const auth_img_desc_t bl2_image = { 188 .img_id = BL2_IMAGE_ID, 189 .img_type = IMG_RAW, 190 .parent = &cca_content_cert, 191 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 192 [0] = { 193 .type = AUTH_METHOD_HASH, 194 .param.hash = { 195 .data = &raw_data, 196 .hash = &tb_fw_hash 197 } 198 } 199 } 200 }; 201 202 static const auth_img_desc_t tb_fw_config = { 203 .img_id = TB_FW_CONFIG_ID, 204 .img_type = IMG_RAW, 205 .parent = &cca_content_cert, 206 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 207 [0] = { 208 .type = AUTH_METHOD_HASH, 209 .param.hash = { 210 .data = &raw_data, 211 .hash = &tb_fw_config_hash 212 } 213 } 214 } 215 }; 216 217 static const auth_img_desc_t fw_config = { 218 .img_id = FW_CONFIG_ID, 219 .img_type = IMG_RAW, 220 .parent = &cca_content_cert, 221 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 222 [0] = { 223 .type = AUTH_METHOD_HASH, 224 .param.hash = { 225 .data = &raw_data, 226 .hash = &fw_config_hash 227 } 228 } 229 } 230 }; 231 #endif /* IMAGE_BL1 */ 232 233 #ifdef IMAGE_BL2 234 /* HW Config */ 235 static const auth_img_desc_t hw_config = { 236 .img_id = HW_CONFIG_ID, 237 .img_type = IMG_RAW, 238 .parent = &cca_content_cert, 239 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 240 [0] = { 241 .type = AUTH_METHOD_HASH, 242 .param.hash = { 243 .data = &raw_data, 244 .hash = &hw_config_hash 245 } 246 } 247 } 248 }; 249 250 /* BL31 */ 251 static const auth_img_desc_t bl31_image = { 252 .img_id = BL31_IMAGE_ID, 253 .img_type = IMG_RAW, 254 .parent = &cca_content_cert, 255 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 256 [0] = { 257 .type = AUTH_METHOD_HASH, 258 .param.hash = { 259 .data = &raw_data, 260 .hash = &soc_fw_hash 261 } 262 } 263 } 264 }; 265 266 /* BL31 Config */ 267 static const auth_img_desc_t soc_fw_config = { 268 .img_id = SOC_FW_CONFIG_ID, 269 .img_type = IMG_RAW, 270 .parent = &cca_content_cert, 271 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 272 [0] = { 273 .type = AUTH_METHOD_HASH, 274 .param.hash = { 275 .data = &raw_data, 276 .hash = &soc_fw_config_hash 277 } 278 } 279 } 280 }; 281 282 /* RMM */ 283 static const auth_img_desc_t rmm_image = { 284 .img_id = RMM_IMAGE_ID, 285 .img_type = IMG_RAW, 286 .parent = &cca_content_cert, 287 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 288 [0] = { 289 .type = AUTH_METHOD_HASH, 290 .param.hash = { 291 .data = &raw_data, 292 .hash = &rmm_hash 293 } 294 } 295 } 296 }; 297 298 /* Core SWD Key Certificate */ 299 static const auth_img_desc_t core_swd_key_cert = { 300 .img_id = CORE_SWD_KEY_CERT_ID, 301 .img_type = IMG_CERT, 302 .parent = NULL, /* SWD ROOT CERT */ 303 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 304 [0] = { 305 .type = AUTH_METHOD_SIG, 306 .param.sig = { 307 .pk = &swd_rot_pk, 308 .sig = &sig, 309 .alg = &sig_alg, 310 .data = &raw_data 311 } 312 }, 313 [1] = { 314 .type = AUTH_METHOD_NV_CTR, 315 .param.nv_ctr = { 316 .cert_nv_ctr = &trusted_nv_ctr, 317 .plat_nv_ctr = &trusted_nv_ctr 318 } 319 } 320 }, 321 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 322 [0] = { 323 .type_desc = &core_swd_pk, 324 .data = { 325 .ptr = (void *)core_swd_pk_buf, 326 .len = (unsigned int)PK_DER_LEN 327 } 328 } 329 } 330 }; 331 332 /* SPMC Content Certificate */ 333 static const auth_img_desc_t trusted_os_fw_content_cert = { 334 .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID, 335 .img_type = IMG_CERT, 336 .parent = &core_swd_key_cert, 337 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 338 [0] = { 339 .type = AUTH_METHOD_SIG, 340 .param.sig = { 341 .pk = &core_swd_pk, 342 .sig = &sig, 343 .alg = &sig_alg, 344 .data = &raw_data 345 } 346 }, 347 [1] = { 348 .type = AUTH_METHOD_NV_CTR, 349 .param.nv_ctr = { 350 .cert_nv_ctr = &trusted_nv_ctr, 351 .plat_nv_ctr = &trusted_nv_ctr 352 } 353 } 354 }, 355 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 356 [0] = { 357 .type_desc = &tos_fw_hash, 358 .data = { 359 .ptr = (void *)tos_fw_hash_buf, 360 .len = (unsigned int)HASH_DER_LEN 361 } 362 }, 363 [1] = { 364 .type_desc = &tos_fw_config_hash, 365 .data = { 366 .ptr = (void *)tos_fw_config_hash_buf, 367 .len = (unsigned int)HASH_DER_LEN 368 } 369 } 370 } 371 }; 372 373 /* SPMC */ 374 static const auth_img_desc_t bl32_image = { 375 .img_id = BL32_IMAGE_ID, 376 .img_type = IMG_RAW, 377 .parent = &trusted_os_fw_content_cert, 378 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 379 [0] = { 380 .type = AUTH_METHOD_HASH, 381 .param.hash = { 382 .data = &raw_data, 383 .hash = &tos_fw_hash 384 } 385 } 386 } 387 }; 388 389 /* SPM Config */ 390 static const auth_img_desc_t tos_fw_config = { 391 .img_id = TOS_FW_CONFIG_ID, 392 .img_type = IMG_RAW, 393 .parent = &trusted_os_fw_content_cert, 394 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 395 [0] = { 396 .type = AUTH_METHOD_HASH, 397 .param.hash = { 398 .data = &raw_data, 399 .hash = &tos_fw_config_hash 400 } 401 } 402 } 403 }; 404 405 /* Platform Key Certificate */ 406 static const auth_img_desc_t plat_key_cert = { 407 .img_id = PLAT_KEY_CERT_ID, 408 .img_type = IMG_CERT, 409 .parent = NULL, /* PLATFORM ROOT CERT */ 410 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 411 [0] = { 412 .type = AUTH_METHOD_SIG, 413 .param.sig = { 414 .pk = &prot_pk, 415 .sig = &sig, 416 .alg = &sig_alg, 417 .data = &raw_data 418 } 419 }, 420 [1] = { 421 .type = AUTH_METHOD_NV_CTR, 422 .param.nv_ctr = { 423 .cert_nv_ctr = &non_trusted_nv_ctr, 424 .plat_nv_ctr = &non_trusted_nv_ctr 425 } 426 } 427 }, 428 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 429 [0] = { 430 .type_desc = &plat_pk, 431 .data = { 432 .ptr = (void *)plat_pk_buf, 433 .len = (unsigned int)PK_DER_LEN 434 } 435 } 436 } 437 }; 438 439 /* Non-Trusted Firmware */ 440 static const auth_img_desc_t non_trusted_fw_content_cert = { 441 .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID, 442 .img_type = IMG_CERT, 443 .parent = &plat_key_cert, 444 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 445 [0] = { 446 .type = AUTH_METHOD_SIG, 447 .param.sig = { 448 .pk = &plat_pk, 449 .sig = &sig, 450 .alg = &sig_alg, 451 .data = &raw_data 452 } 453 }, 454 [1] = { 455 .type = AUTH_METHOD_NV_CTR, 456 .param.nv_ctr = { 457 .cert_nv_ctr = &non_trusted_nv_ctr, 458 .plat_nv_ctr = &non_trusted_nv_ctr 459 } 460 } 461 }, 462 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 463 [0] = { 464 .type_desc = &nt_world_bl_hash, 465 .data = { 466 .ptr = (void *)nt_world_bl_hash_buf, 467 .len = (unsigned int)HASH_DER_LEN 468 } 469 }, 470 [1] = { 471 .type_desc = &nt_fw_config_hash, 472 .data = { 473 .ptr = (void *)nt_fw_config_hash_buf, 474 .len = (unsigned int)HASH_DER_LEN 475 } 476 } 477 } 478 }; 479 480 static const auth_img_desc_t bl33_image = { 481 .img_id = BL33_IMAGE_ID, 482 .img_type = IMG_RAW, 483 .parent = &non_trusted_fw_content_cert, 484 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 485 [0] = { 486 .type = AUTH_METHOD_HASH, 487 .param.hash = { 488 .data = &raw_data, 489 .hash = &nt_world_bl_hash 490 } 491 } 492 } 493 }; 494 495 /* NT FW Config */ 496 static const auth_img_desc_t nt_fw_config = { 497 .img_id = NT_FW_CONFIG_ID, 498 .img_type = IMG_RAW, 499 .parent = &non_trusted_fw_content_cert, 500 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 501 [0] = { 502 .type = AUTH_METHOD_HASH, 503 .param.hash = { 504 .data = &raw_data, 505 .hash = &nt_fw_config_hash 506 } 507 } 508 } 509 }; 510 511 /* 512 * Secure Partitions 513 */ 514 #if defined(SPD_spmd) 515 static const auth_img_desc_t sip_sp_content_cert = { 516 .img_id = SIP_SP_CONTENT_CERT_ID, 517 .img_type = IMG_CERT, 518 .parent = &core_swd_key_cert, 519 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 520 [0] = { 521 .type = AUTH_METHOD_SIG, 522 .param.sig = { 523 .pk = &core_swd_pk, 524 .sig = &sig, 525 .alg = &sig_alg, 526 .data = &raw_data 527 } 528 }, 529 [1] = { 530 .type = AUTH_METHOD_NV_CTR, 531 .param.nv_ctr = { 532 .cert_nv_ctr = &trusted_nv_ctr, 533 .plat_nv_ctr = &trusted_nv_ctr 534 } 535 } 536 }, 537 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 538 [0] = { 539 .type_desc = &sp_pkg1_hash, 540 .data = { 541 .ptr = (void *)sp_pkg_hash_buf[0], 542 .len = (unsigned int)HASH_DER_LEN 543 } 544 }, 545 [1] = { 546 .type_desc = &sp_pkg2_hash, 547 .data = { 548 .ptr = (void *)sp_pkg_hash_buf[1], 549 .len = (unsigned int)HASH_DER_LEN 550 } 551 }, 552 [2] = { 553 .type_desc = &sp_pkg3_hash, 554 .data = { 555 .ptr = (void *)sp_pkg_hash_buf[2], 556 .len = (unsigned int)HASH_DER_LEN 557 } 558 }, 559 [3] = { 560 .type_desc = &sp_pkg4_hash, 561 .data = { 562 .ptr = (void *)sp_pkg_hash_buf[3], 563 .len = (unsigned int)HASH_DER_LEN 564 } 565 } 566 } 567 }; 568 569 DEFINE_SIP_SP_PKG(1); 570 DEFINE_SIP_SP_PKG(2); 571 DEFINE_SIP_SP_PKG(3); 572 DEFINE_SIP_SP_PKG(4); 573 574 static const auth_img_desc_t plat_sp_content_cert = { 575 .img_id = PLAT_SP_CONTENT_CERT_ID, 576 .img_type = IMG_CERT, 577 .parent = &plat_key_cert, 578 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 579 [0] = { 580 .type = AUTH_METHOD_SIG, 581 .param.sig = { 582 .pk = &plat_pk, 583 .sig = &sig, 584 .alg = &sig_alg, 585 .data = &raw_data 586 } 587 }, 588 [1] = { 589 .type = AUTH_METHOD_NV_CTR, 590 .param.nv_ctr = { 591 .cert_nv_ctr = &non_trusted_nv_ctr, 592 .plat_nv_ctr = &non_trusted_nv_ctr 593 } 594 } 595 }, 596 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 597 [0] = { 598 .type_desc = &sp_pkg5_hash, 599 .data = { 600 .ptr = (void *)sp_pkg_hash_buf[4], 601 .len = (unsigned int)HASH_DER_LEN 602 } 603 }, 604 [1] = { 605 .type_desc = &sp_pkg6_hash, 606 .data = { 607 .ptr = (void *)sp_pkg_hash_buf[5], 608 .len = (unsigned int)HASH_DER_LEN 609 } 610 }, 611 [2] = { 612 .type_desc = &sp_pkg7_hash, 613 .data = { 614 .ptr = (void *)sp_pkg_hash_buf[6], 615 .len = (unsigned int)HASH_DER_LEN 616 } 617 }, 618 [3] = { 619 .type_desc = &sp_pkg8_hash, 620 .data = { 621 .ptr = (void *)sp_pkg_hash_buf[7], 622 .len = (unsigned int)HASH_DER_LEN 623 } 624 } 625 } 626 }; 627 628 DEFINE_PLAT_SP_PKG(5); 629 DEFINE_PLAT_SP_PKG(6); 630 DEFINE_PLAT_SP_PKG(7); 631 DEFINE_PLAT_SP_PKG(8); 632 #endif /* SPD_spmd */ 633 #endif /* IMAGE_BL2 */ 634 /* 635 * Chain of trust definition 636 */ 637 #ifdef IMAGE_BL1 638 static const auth_img_desc_t * const cot_desc[] = { 639 [CCA_CONTENT_CERT_ID] = &cca_content_cert, 640 [BL2_IMAGE_ID] = &bl2_image, 641 [TB_FW_CONFIG_ID] = &tb_fw_config, 642 [FW_CONFIG_ID] = &fw_config, 643 }; 644 #else /* IMAGE_BL2 */ 645 static const auth_img_desc_t * const cot_desc[] = { 646 [CCA_CONTENT_CERT_ID] = &cca_content_cert, 647 [HW_CONFIG_ID] = &hw_config, 648 [BL31_IMAGE_ID] = &bl31_image, 649 [SOC_FW_CONFIG_ID] = &soc_fw_config, 650 [RMM_IMAGE_ID] = &rmm_image, 651 [CORE_SWD_KEY_CERT_ID] = &core_swd_key_cert, 652 [TRUSTED_OS_FW_CONTENT_CERT_ID] = &trusted_os_fw_content_cert, 653 [BL32_IMAGE_ID] = &bl32_image, 654 [TOS_FW_CONFIG_ID] = &tos_fw_config, 655 [PLAT_KEY_CERT_ID] = &plat_key_cert, 656 [NON_TRUSTED_FW_CONTENT_CERT_ID] = &non_trusted_fw_content_cert, 657 [BL33_IMAGE_ID] = &bl33_image, 658 [NT_FW_CONFIG_ID] = &nt_fw_config, 659 #if defined(SPD_spmd) 660 [SIP_SP_CONTENT_CERT_ID] = &sip_sp_content_cert, 661 [PLAT_SP_CONTENT_CERT_ID] = &plat_sp_content_cert, 662 [SP_PKG1_ID] = &sp_pkg1, 663 [SP_PKG2_ID] = &sp_pkg2, 664 [SP_PKG3_ID] = &sp_pkg3, 665 [SP_PKG4_ID] = &sp_pkg4, 666 [SP_PKG5_ID] = &sp_pkg5, 667 [SP_PKG6_ID] = &sp_pkg6, 668 [SP_PKG7_ID] = &sp_pkg7, 669 [SP_PKG8_ID] = &sp_pkg8, 670 #endif 671 }; 672 #endif /* IMAGE_BL1 */ 673 674 /* Register the CoT in the authentication module */ 675 REGISTER_COT(cot_desc); 676