1/* 2 * Copyright (c) 2020-2022, ARM Limited. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7#include <common/nv_cntr_ids.h> 8#include <common/tbbr/tbbr_img_def.h> 9#include <tools_share/tbbr_oid.h> 10 11cot { 12 manifests { 13 compatible = "arm, cert-descs"; 14 15 stm32mp_cfg_cert: stm32mp_cfg_cert { 16 root-certificate; 17 image-id = <STM32MP_CONFIG_CERT_ID>; 18 antirollback-counter = <&trusted_nv_counter>; 19 20 hw_config_hash: hw_config_hash { 21 oid = HW_CONFIG_HASH_OID; 22 }; 23 24 fw_config_hash: fw_config_hash { 25 oid = FW_CONFIG_HASH_OID; 26 }; 27 }; 28 29 trusted_key_cert: trusted_key_cert { 30 root-certificate; 31 image-id = <TRUSTED_KEY_CERT_ID>; 32 antirollback-counter = <&trusted_nv_counter>; 33 34 trusted_world_pk: trusted_world_pk { 35 oid = TRUSTED_WORLD_PK_OID; 36 }; 37 non_trusted_world_pk: non_trusted_world_pk { 38 oid = NON_TRUSTED_WORLD_PK_OID; 39 }; 40 }; 41 42 trusted_os_fw_key_cert: trusted_os_fw_key_cert { 43 image-id = <TRUSTED_OS_FW_KEY_CERT_ID>; 44 parent = <&trusted_key_cert>; 45 signing-key = <&trusted_world_pk>; 46 antirollback-counter = <&trusted_nv_counter>; 47 48 tos_fw_content_pk: tos_fw_content_pk { 49 oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID; 50 }; 51 }; 52 53 trusted_os_fw_content_cert: trusted_os_fw_content_cert { 54 image-id = <TRUSTED_OS_FW_CONTENT_CERT_ID>; 55 parent = <&trusted_os_fw_key_cert>; 56 signing-key = <&tos_fw_content_pk>; 57 antirollback-counter = <&trusted_nv_counter>; 58 59 tos_fw_hash: tos_fw_hash { 60 oid = TRUSTED_OS_FW_HASH_OID; 61 }; 62 tos_fw_extra1_hash: tos_fw_extra1_hash { 63 oid = TRUSTED_OS_FW_EXTRA1_HASH_OID; 64 }; 65 tos_fw_extra2_hash: tos_fw_extra2_hash { 66 oid = TRUSTED_OS_FW_EXTRA2_HASH_OID; 67 }; 68 tos_fw_config_hash: tos_fw_config_hash { 69 oid = TRUSTED_OS_FW_CONFIG_HASH_OID; 70 }; 71 }; 72 73 non_trusted_fw_key_cert: non_trusted_fw_key_cert { 74 image-id = <NON_TRUSTED_FW_KEY_CERT_ID>; 75 parent = <&trusted_key_cert>; 76 signing-key = <&non_trusted_world_pk>; 77 antirollback-counter = <&non_trusted_nv_counter>; 78 79 nt_fw_content_pk: nt_fw_content_pk { 80 oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID; 81 }; 82 }; 83 84 non_trusted_fw_content_cert: non_trusted_fw_content_cert { 85 image-id = <NON_TRUSTED_FW_CONTENT_CERT_ID>; 86 parent = <&non_trusted_fw_key_cert>; 87 signing-key = <&nt_fw_content_pk>; 88 antirollback-counter = <&non_trusted_nv_counter>; 89 90 nt_world_bl_hash: nt_world_bl_hash { 91 oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID; 92 }; 93 }; 94 }; 95 96 images { 97 compatible = "arm, img-descs"; 98 99 hw_config { 100 image-id = <HW_CONFIG_ID>; 101 parent = <&stm32mp_cfg_cert>; 102 hash = <&hw_config_hash>; 103 }; 104 105 fw_config { 106 image-id = <FW_CONFIG_ID>; 107 parent = <&stm32mp_cfg_cert>; 108 hash = <&fw_config_hash>; 109 }; 110 111 bl32_image { 112 image-id = <BL32_IMAGE_ID>; 113 parent = <&trusted_os_fw_content_cert>; 114 hash = <&tos_fw_hash>; 115 }; 116 117 bl32_extra1_image { 118 image-id = <BL32_EXTRA1_IMAGE_ID>; 119 parent = <&trusted_os_fw_content_cert>; 120 hash = <&tos_fw_extra1_hash>; 121 }; 122 123 bl32_extra2_image { 124 image-id = <BL32_EXTRA2_IMAGE_ID>; 125 parent = <&trusted_os_fw_content_cert>; 126 hash = <&tos_fw_extra2_hash>; 127 }; 128 129 tos_fw_config { 130 image-id = <TOS_FW_CONFIG_ID>; 131 parent = <&trusted_os_fw_content_cert>; 132 hash = <&tos_fw_config_hash>; 133 }; 134 135 bl33_image { 136 image-id = <BL33_IMAGE_ID>; 137 parent = <&non_trusted_fw_content_cert>; 138 hash = <&nt_world_bl_hash>; 139 }; 140 }; 141}; 142 143non_volatile_counters: non_volatile_counters { 144 #address-cells = <1>; 145 #size-cells = <0>; 146 147 trusted_nv_counter: trusted_nv_counter { 148 id = <TRUSTED_NV_CTR_ID>; 149 oid = TRUSTED_FW_NVCOUNTER_OID; 150 }; 151 152 non_trusted_nv_counter: non_trusted_nv_counter { 153 id = <NON_TRUSTED_NV_CTR_ID>; 154 oid = NON_TRUSTED_FW_NVCOUNTER_OID; 155 }; 156}; 157