1 /* 2 * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <stddef.h> 8 9 #include <mbedtls/version.h> 10 11 #include <drivers/auth/auth_mod.h> 12 #include <drivers/auth/tbbr_cot_common.h> 13 14 #if USE_TBBR_DEFS 15 #include <tools_share/tbbr_oid.h> 16 #else 17 #include <platform_oid.h> 18 #endif 19 20 #include <platform_def.h> 21 22 static unsigned char soc_fw_hash_buf[HASH_DER_LEN]; 23 static unsigned char tos_fw_hash_buf[HASH_DER_LEN]; 24 static unsigned char tos_fw_extra1_hash_buf[HASH_DER_LEN]; 25 static unsigned char tos_fw_extra2_hash_buf[HASH_DER_LEN]; 26 static unsigned char trusted_world_pk_buf[PK_DER_LEN]; 27 static unsigned char non_trusted_world_pk_buf[PK_DER_LEN]; 28 static unsigned char content_pk_buf[PK_DER_LEN]; 29 static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN]; 30 static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN]; 31 static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN]; 32 #if defined(SPD_spmd) 33 static unsigned char sp_pkg_hash_buf[MAX_SP_IDS][HASH_DER_LEN]; 34 #endif /* SPD_spmd */ 35 36 static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC( 37 AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID); 38 static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC( 39 AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID); 40 static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC( 41 AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID); 42 static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC( 43 AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID); 44 static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC( 45 AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID); 46 static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC( 47 AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID); 48 static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC( 49 AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID); 50 static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC( 51 AUTH_PARAM_HASH, SCP_FW_HASH_OID); 52 static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC( 53 AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID); 54 static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC( 55 AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID); 56 static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC( 57 AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID); 58 static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC( 59 AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID); 60 static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC( 61 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID); 62 static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC( 63 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID); 64 static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC( 65 AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID); 66 static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC( 67 AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID); 68 #if defined(SPD_spmd) 69 static auth_param_type_desc_t sp_pkg1_hash = AUTH_PARAM_TYPE_DESC( 70 AUTH_PARAM_HASH, SP_PKG1_HASH_OID); 71 static auth_param_type_desc_t sp_pkg2_hash = AUTH_PARAM_TYPE_DESC( 72 AUTH_PARAM_HASH, SP_PKG2_HASH_OID); 73 static auth_param_type_desc_t sp_pkg3_hash = AUTH_PARAM_TYPE_DESC( 74 AUTH_PARAM_HASH, SP_PKG3_HASH_OID); 75 static auth_param_type_desc_t sp_pkg4_hash = AUTH_PARAM_TYPE_DESC( 76 AUTH_PARAM_HASH, SP_PKG4_HASH_OID); 77 static auth_param_type_desc_t sp_pkg5_hash = AUTH_PARAM_TYPE_DESC( 78 AUTH_PARAM_HASH, SP_PKG5_HASH_OID); 79 static auth_param_type_desc_t sp_pkg6_hash = AUTH_PARAM_TYPE_DESC( 80 AUTH_PARAM_HASH, SP_PKG6_HASH_OID); 81 static auth_param_type_desc_t sp_pkg7_hash = AUTH_PARAM_TYPE_DESC( 82 AUTH_PARAM_HASH, SP_PKG7_HASH_OID); 83 static auth_param_type_desc_t sp_pkg8_hash = AUTH_PARAM_TYPE_DESC( 84 AUTH_PARAM_HASH, SP_PKG8_HASH_OID); 85 #endif /* SPD_spmd */ 86 87 /* HW Config */ 88 static const auth_img_desc_t hw_config = { 89 .img_id = HW_CONFIG_ID, 90 .img_type = IMG_RAW, 91 .parent = &trusted_boot_fw_cert, 92 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 93 [0] = { 94 .type = AUTH_METHOD_HASH, 95 .param.hash = { 96 .data = &raw_data, 97 .hash = &hw_config_hash 98 } 99 } 100 } 101 }; 102 103 /* 104 * Trusted key certificate 105 */ 106 static const auth_img_desc_t trusted_key_cert = { 107 .img_id = TRUSTED_KEY_CERT_ID, 108 .img_type = IMG_CERT, 109 .parent = NULL, 110 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 111 [0] = { 112 .type = AUTH_METHOD_SIG, 113 .param.sig = { 114 .pk = &subject_pk, 115 .sig = &sig, 116 .alg = &sig_alg, 117 .data = &raw_data 118 } 119 }, 120 [1] = { 121 .type = AUTH_METHOD_NV_CTR, 122 .param.nv_ctr = { 123 .cert_nv_ctr = &trusted_nv_ctr, 124 .plat_nv_ctr = &trusted_nv_ctr 125 } 126 } 127 }, 128 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 129 [0] = { 130 .type_desc = &trusted_world_pk, 131 .data = { 132 .ptr = (void *)trusted_world_pk_buf, 133 .len = (unsigned int)PK_DER_LEN 134 } 135 }, 136 [1] = { 137 .type_desc = &non_trusted_world_pk, 138 .data = { 139 .ptr = (void *)non_trusted_world_pk_buf, 140 .len = (unsigned int)PK_DER_LEN 141 } 142 } 143 } 144 }; 145 /* 146 * SCP Firmware 147 */ 148 static const auth_img_desc_t scp_fw_key_cert = { 149 .img_id = SCP_FW_KEY_CERT_ID, 150 .img_type = IMG_CERT, 151 .parent = &trusted_key_cert, 152 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 153 [0] = { 154 .type = AUTH_METHOD_SIG, 155 .param.sig = { 156 .pk = &trusted_world_pk, 157 .sig = &sig, 158 .alg = &sig_alg, 159 .data = &raw_data 160 } 161 }, 162 [1] = { 163 .type = AUTH_METHOD_NV_CTR, 164 .param.nv_ctr = { 165 .cert_nv_ctr = &trusted_nv_ctr, 166 .plat_nv_ctr = &trusted_nv_ctr 167 } 168 } 169 }, 170 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 171 [0] = { 172 .type_desc = &scp_fw_content_pk, 173 .data = { 174 .ptr = (void *)content_pk_buf, 175 .len = (unsigned int)PK_DER_LEN 176 } 177 } 178 } 179 }; 180 static const auth_img_desc_t scp_fw_content_cert = { 181 .img_id = SCP_FW_CONTENT_CERT_ID, 182 .img_type = IMG_CERT, 183 .parent = &scp_fw_key_cert, 184 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 185 [0] = { 186 .type = AUTH_METHOD_SIG, 187 .param.sig = { 188 .pk = &scp_fw_content_pk, 189 .sig = &sig, 190 .alg = &sig_alg, 191 .data = &raw_data 192 } 193 }, 194 [1] = { 195 .type = AUTH_METHOD_NV_CTR, 196 .param.nv_ctr = { 197 .cert_nv_ctr = &trusted_nv_ctr, 198 .plat_nv_ctr = &trusted_nv_ctr 199 } 200 } 201 }, 202 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 203 [0] = { 204 .type_desc = &scp_fw_hash, 205 .data = { 206 .ptr = (void *)scp_fw_hash_buf, 207 .len = (unsigned int)HASH_DER_LEN 208 } 209 } 210 } 211 }; 212 static const auth_img_desc_t scp_bl2_image = { 213 .img_id = SCP_BL2_IMAGE_ID, 214 .img_type = IMG_RAW, 215 .parent = &scp_fw_content_cert, 216 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 217 [0] = { 218 .type = AUTH_METHOD_HASH, 219 .param.hash = { 220 .data = &raw_data, 221 .hash = &scp_fw_hash 222 } 223 } 224 } 225 }; 226 /* 227 * SoC Firmware 228 */ 229 static const auth_img_desc_t soc_fw_key_cert = { 230 .img_id = SOC_FW_KEY_CERT_ID, 231 .img_type = IMG_CERT, 232 .parent = &trusted_key_cert, 233 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 234 [0] = { 235 .type = AUTH_METHOD_SIG, 236 .param.sig = { 237 .pk = &trusted_world_pk, 238 .sig = &sig, 239 .alg = &sig_alg, 240 .data = &raw_data 241 } 242 }, 243 [1] = { 244 .type = AUTH_METHOD_NV_CTR, 245 .param.nv_ctr = { 246 .cert_nv_ctr = &trusted_nv_ctr, 247 .plat_nv_ctr = &trusted_nv_ctr 248 } 249 } 250 }, 251 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 252 [0] = { 253 .type_desc = &soc_fw_content_pk, 254 .data = { 255 .ptr = (void *)content_pk_buf, 256 .len = (unsigned int)PK_DER_LEN 257 } 258 } 259 } 260 }; 261 static const auth_img_desc_t soc_fw_content_cert = { 262 .img_id = SOC_FW_CONTENT_CERT_ID, 263 .img_type = IMG_CERT, 264 .parent = &soc_fw_key_cert, 265 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 266 [0] = { 267 .type = AUTH_METHOD_SIG, 268 .param.sig = { 269 .pk = &soc_fw_content_pk, 270 .sig = &sig, 271 .alg = &sig_alg, 272 .data = &raw_data 273 } 274 }, 275 [1] = { 276 .type = AUTH_METHOD_NV_CTR, 277 .param.nv_ctr = { 278 .cert_nv_ctr = &trusted_nv_ctr, 279 .plat_nv_ctr = &trusted_nv_ctr 280 } 281 } 282 }, 283 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 284 [0] = { 285 .type_desc = &soc_fw_hash, 286 .data = { 287 .ptr = (void *)soc_fw_hash_buf, 288 .len = (unsigned int)HASH_DER_LEN 289 } 290 }, 291 [1] = { 292 .type_desc = &soc_fw_config_hash, 293 .data = { 294 .ptr = (void *)soc_fw_config_hash_buf, 295 .len = (unsigned int)HASH_DER_LEN 296 } 297 } 298 } 299 }; 300 static const auth_img_desc_t bl31_image = { 301 .img_id = BL31_IMAGE_ID, 302 .img_type = IMG_RAW, 303 .parent = &soc_fw_content_cert, 304 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 305 [0] = { 306 .type = AUTH_METHOD_HASH, 307 .param.hash = { 308 .data = &raw_data, 309 .hash = &soc_fw_hash 310 } 311 } 312 } 313 }; 314 /* SOC FW Config */ 315 static const auth_img_desc_t soc_fw_config = { 316 .img_id = SOC_FW_CONFIG_ID, 317 .img_type = IMG_RAW, 318 .parent = &soc_fw_content_cert, 319 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 320 [0] = { 321 .type = AUTH_METHOD_HASH, 322 .param.hash = { 323 .data = &raw_data, 324 .hash = &soc_fw_config_hash 325 } 326 } 327 } 328 }; 329 /* 330 * Trusted OS Firmware 331 */ 332 static const auth_img_desc_t trusted_os_fw_key_cert = { 333 .img_id = TRUSTED_OS_FW_KEY_CERT_ID, 334 .img_type = IMG_CERT, 335 .parent = &trusted_key_cert, 336 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 337 [0] = { 338 .type = AUTH_METHOD_SIG, 339 .param.sig = { 340 .pk = &trusted_world_pk, 341 .sig = &sig, 342 .alg = &sig_alg, 343 .data = &raw_data 344 } 345 }, 346 [1] = { 347 .type = AUTH_METHOD_NV_CTR, 348 .param.nv_ctr = { 349 .cert_nv_ctr = &trusted_nv_ctr, 350 .plat_nv_ctr = &trusted_nv_ctr 351 } 352 } 353 }, 354 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 355 [0] = { 356 .type_desc = &tos_fw_content_pk, 357 .data = { 358 .ptr = (void *)content_pk_buf, 359 .len = (unsigned int)PK_DER_LEN 360 } 361 } 362 } 363 }; 364 static const auth_img_desc_t trusted_os_fw_content_cert = { 365 .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID, 366 .img_type = IMG_CERT, 367 .parent = &trusted_os_fw_key_cert, 368 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 369 [0] = { 370 .type = AUTH_METHOD_SIG, 371 .param.sig = { 372 .pk = &tos_fw_content_pk, 373 .sig = &sig, 374 .alg = &sig_alg, 375 .data = &raw_data 376 } 377 }, 378 [1] = { 379 .type = AUTH_METHOD_NV_CTR, 380 .param.nv_ctr = { 381 .cert_nv_ctr = &trusted_nv_ctr, 382 .plat_nv_ctr = &trusted_nv_ctr 383 } 384 } 385 }, 386 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 387 [0] = { 388 .type_desc = &tos_fw_hash, 389 .data = { 390 .ptr = (void *)tos_fw_hash_buf, 391 .len = (unsigned int)HASH_DER_LEN 392 } 393 }, 394 [1] = { 395 .type_desc = &tos_fw_extra1_hash, 396 .data = { 397 .ptr = (void *)tos_fw_extra1_hash_buf, 398 .len = (unsigned int)HASH_DER_LEN 399 } 400 }, 401 [2] = { 402 .type_desc = &tos_fw_extra2_hash, 403 .data = { 404 .ptr = (void *)tos_fw_extra2_hash_buf, 405 .len = (unsigned int)HASH_DER_LEN 406 } 407 }, 408 [3] = { 409 .type_desc = &tos_fw_config_hash, 410 .data = { 411 .ptr = (void *)tos_fw_config_hash_buf, 412 .len = (unsigned int)HASH_DER_LEN 413 } 414 } 415 } 416 }; 417 static const auth_img_desc_t bl32_image = { 418 .img_id = BL32_IMAGE_ID, 419 .img_type = IMG_RAW, 420 .parent = &trusted_os_fw_content_cert, 421 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 422 [0] = { 423 .type = AUTH_METHOD_HASH, 424 .param.hash = { 425 .data = &raw_data, 426 .hash = &tos_fw_hash 427 } 428 } 429 } 430 }; 431 static const auth_img_desc_t bl32_extra1_image = { 432 .img_id = BL32_EXTRA1_IMAGE_ID, 433 .img_type = IMG_RAW, 434 .parent = &trusted_os_fw_content_cert, 435 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 436 [0] = { 437 .type = AUTH_METHOD_HASH, 438 .param.hash = { 439 .data = &raw_data, 440 .hash = &tos_fw_extra1_hash 441 } 442 } 443 } 444 }; 445 static const auth_img_desc_t bl32_extra2_image = { 446 .img_id = BL32_EXTRA2_IMAGE_ID, 447 .img_type = IMG_RAW, 448 .parent = &trusted_os_fw_content_cert, 449 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 450 [0] = { 451 .type = AUTH_METHOD_HASH, 452 .param.hash = { 453 .data = &raw_data, 454 .hash = &tos_fw_extra2_hash 455 } 456 } 457 } 458 }; 459 /* TOS FW Config */ 460 static const auth_img_desc_t tos_fw_config = { 461 .img_id = TOS_FW_CONFIG_ID, 462 .img_type = IMG_RAW, 463 .parent = &trusted_os_fw_content_cert, 464 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 465 [0] = { 466 .type = AUTH_METHOD_HASH, 467 .param.hash = { 468 .data = &raw_data, 469 .hash = &tos_fw_config_hash 470 } 471 } 472 } 473 }; 474 /* 475 * Non-Trusted Firmware 476 */ 477 static const auth_img_desc_t non_trusted_fw_key_cert = { 478 .img_id = NON_TRUSTED_FW_KEY_CERT_ID, 479 .img_type = IMG_CERT, 480 .parent = &trusted_key_cert, 481 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 482 [0] = { 483 .type = AUTH_METHOD_SIG, 484 .param.sig = { 485 .pk = &non_trusted_world_pk, 486 .sig = &sig, 487 .alg = &sig_alg, 488 .data = &raw_data 489 } 490 }, 491 [1] = { 492 .type = AUTH_METHOD_NV_CTR, 493 .param.nv_ctr = { 494 .cert_nv_ctr = &non_trusted_nv_ctr, 495 .plat_nv_ctr = &non_trusted_nv_ctr 496 } 497 } 498 }, 499 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 500 [0] = { 501 .type_desc = &nt_fw_content_pk, 502 .data = { 503 .ptr = (void *)content_pk_buf, 504 .len = (unsigned int)PK_DER_LEN 505 } 506 } 507 } 508 }; 509 static const auth_img_desc_t non_trusted_fw_content_cert = { 510 .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID, 511 .img_type = IMG_CERT, 512 .parent = &non_trusted_fw_key_cert, 513 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 514 [0] = { 515 .type = AUTH_METHOD_SIG, 516 .param.sig = { 517 .pk = &nt_fw_content_pk, 518 .sig = &sig, 519 .alg = &sig_alg, 520 .data = &raw_data 521 } 522 }, 523 [1] = { 524 .type = AUTH_METHOD_NV_CTR, 525 .param.nv_ctr = { 526 .cert_nv_ctr = &non_trusted_nv_ctr, 527 .plat_nv_ctr = &non_trusted_nv_ctr 528 } 529 } 530 }, 531 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 532 [0] = { 533 .type_desc = &nt_world_bl_hash, 534 .data = { 535 .ptr = (void *)nt_world_bl_hash_buf, 536 .len = (unsigned int)HASH_DER_LEN 537 } 538 }, 539 [1] = { 540 .type_desc = &nt_fw_config_hash, 541 .data = { 542 .ptr = (void *)nt_fw_config_hash_buf, 543 .len = (unsigned int)HASH_DER_LEN 544 } 545 } 546 } 547 }; 548 static const auth_img_desc_t bl33_image = { 549 .img_id = BL33_IMAGE_ID, 550 .img_type = IMG_RAW, 551 .parent = &non_trusted_fw_content_cert, 552 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 553 [0] = { 554 .type = AUTH_METHOD_HASH, 555 .param.hash = { 556 .data = &raw_data, 557 .hash = &nt_world_bl_hash 558 } 559 } 560 } 561 }; 562 /* NT FW Config */ 563 static const auth_img_desc_t nt_fw_config = { 564 .img_id = NT_FW_CONFIG_ID, 565 .img_type = IMG_RAW, 566 .parent = &non_trusted_fw_content_cert, 567 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 568 [0] = { 569 .type = AUTH_METHOD_HASH, 570 .param.hash = { 571 .data = &raw_data, 572 .hash = &nt_fw_config_hash 573 } 574 } 575 } 576 }; 577 /* Secure Partitions */ 578 #if defined(SPD_spmd) 579 static const auth_img_desc_t sip_sp_content_cert = { 580 .img_id = SIP_SP_CONTENT_CERT_ID, 581 .img_type = IMG_CERT, 582 .parent = &trusted_key_cert, 583 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 584 [0] = { 585 .type = AUTH_METHOD_SIG, 586 .param.sig = { 587 .pk = &trusted_world_pk, 588 .sig = &sig, 589 .alg = &sig_alg, 590 .data = &raw_data 591 } 592 }, 593 [1] = { 594 .type = AUTH_METHOD_NV_CTR, 595 .param.nv_ctr = { 596 .cert_nv_ctr = &trusted_nv_ctr, 597 .plat_nv_ctr = &trusted_nv_ctr 598 } 599 } 600 }, 601 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 602 [0] = { 603 .type_desc = &sp_pkg1_hash, 604 .data = { 605 .ptr = (void *)sp_pkg_hash_buf[0], 606 .len = (unsigned int)HASH_DER_LEN 607 } 608 }, 609 [1] = { 610 .type_desc = &sp_pkg2_hash, 611 .data = { 612 .ptr = (void *)sp_pkg_hash_buf[1], 613 .len = (unsigned int)HASH_DER_LEN 614 } 615 }, 616 [2] = { 617 .type_desc = &sp_pkg3_hash, 618 .data = { 619 .ptr = (void *)sp_pkg_hash_buf[2], 620 .len = (unsigned int)HASH_DER_LEN 621 } 622 }, 623 [3] = { 624 .type_desc = &sp_pkg4_hash, 625 .data = { 626 .ptr = (void *)sp_pkg_hash_buf[3], 627 .len = (unsigned int)HASH_DER_LEN 628 } 629 }, 630 [4] = { 631 .type_desc = &sp_pkg5_hash, 632 .data = { 633 .ptr = (void *)sp_pkg_hash_buf[4], 634 .len = (unsigned int)HASH_DER_LEN 635 } 636 }, 637 [5] = { 638 .type_desc = &sp_pkg6_hash, 639 .data = { 640 .ptr = (void *)sp_pkg_hash_buf[5], 641 .len = (unsigned int)HASH_DER_LEN 642 } 643 }, 644 [6] = { 645 .type_desc = &sp_pkg7_hash, 646 .data = { 647 .ptr = (void *)sp_pkg_hash_buf[6], 648 .len = (unsigned int)HASH_DER_LEN 649 } 650 }, 651 [7] = { 652 .type_desc = &sp_pkg8_hash, 653 .data = { 654 .ptr = (void *)sp_pkg_hash_buf[7], 655 .len = (unsigned int)HASH_DER_LEN 656 } 657 } 658 } 659 }; 660 661 DEFINE_SIP_SP_PKG(1); 662 DEFINE_SIP_SP_PKG(2); 663 DEFINE_SIP_SP_PKG(3); 664 DEFINE_SIP_SP_PKG(4); 665 DEFINE_SIP_SP_PKG(5); 666 DEFINE_SIP_SP_PKG(6); 667 DEFINE_SIP_SP_PKG(7); 668 DEFINE_SIP_SP_PKG(8); 669 #endif /* SPD_spmd */ 670 671 static const auth_img_desc_t * const cot_desc[] = { 672 [TRUSTED_BOOT_FW_CERT_ID] = &trusted_boot_fw_cert, 673 [HW_CONFIG_ID] = &hw_config, 674 [TRUSTED_KEY_CERT_ID] = &trusted_key_cert, 675 [SCP_FW_KEY_CERT_ID] = &scp_fw_key_cert, 676 [SCP_FW_CONTENT_CERT_ID] = &scp_fw_content_cert, 677 [SCP_BL2_IMAGE_ID] = &scp_bl2_image, 678 [SOC_FW_KEY_CERT_ID] = &soc_fw_key_cert, 679 [SOC_FW_CONTENT_CERT_ID] = &soc_fw_content_cert, 680 [BL31_IMAGE_ID] = &bl31_image, 681 [SOC_FW_CONFIG_ID] = &soc_fw_config, 682 [TRUSTED_OS_FW_KEY_CERT_ID] = &trusted_os_fw_key_cert, 683 [TRUSTED_OS_FW_CONTENT_CERT_ID] = &trusted_os_fw_content_cert, 684 [BL32_IMAGE_ID] = &bl32_image, 685 [BL32_EXTRA1_IMAGE_ID] = &bl32_extra1_image, 686 [BL32_EXTRA2_IMAGE_ID] = &bl32_extra2_image, 687 [TOS_FW_CONFIG_ID] = &tos_fw_config, 688 [NON_TRUSTED_FW_KEY_CERT_ID] = &non_trusted_fw_key_cert, 689 [NON_TRUSTED_FW_CONTENT_CERT_ID] = &non_trusted_fw_content_cert, 690 [BL33_IMAGE_ID] = &bl33_image, 691 [NT_FW_CONFIG_ID] = &nt_fw_config, 692 #if defined(SPD_spmd) 693 [SIP_SP_CONTENT_CERT_ID] = &sip_sp_content_cert, 694 [SP_PKG1_ID] = &sp_pkg1, 695 [SP_PKG2_ID] = &sp_pkg2, 696 [SP_PKG3_ID] = &sp_pkg3, 697 [SP_PKG4_ID] = &sp_pkg4, 698 [SP_PKG5_ID] = &sp_pkg5, 699 [SP_PKG6_ID] = &sp_pkg6, 700 [SP_PKG7_ID] = &sp_pkg7, 701 [SP_PKG8_ID] = &sp_pkg8, 702 #endif 703 }; 704 705 /* Register the CoT in the authentication module */ 706 REGISTER_COT(cot_desc); 707