1 /*
2 * SPDX-FileCopyrightText: Copyright The TrustedFirmware-M Contributors
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
8 #include "tfm_plat_provisioning.h"
9
10 #include "cmsis_compiler.h"
11 #include "tfm_plat_otp.h"
12 #include "tfm_attest_hal.h"
13 #include "psa/crypto.h"
14 #include "bootutil/bootutil_log.h"
15
16 #include <string.h>
17
18 #define ASSEMBLY_AND_TEST_PROV_DATA_MAGIC 0xC0DEFEED
19
20 #ifdef MCUBOOT_ROTPK_SIGN_POLICY
21 /* Key policy for each ROTPK
22 * bit 0 corresponds to bl2_rotpk_0,
23 * bit 1 coresponds to bl2_rotpk_1,
24 * ...
25 * If bit set, key is compulsory else optional
26 */
27 #define BL2_ROTPK_POLICIES 0b00000111
28 #endif /* MCUBOOT_ROTPK_SIGN_POLICY */
29
30 #ifdef MCUBOOT_SIGN_EC384
31 #define PUB_KEY_HASH_SIZE (48)
32 #define PUB_KEY_SIZE (100) /* Size must be aligned to 4 Bytes */
33 #else
34 #define PUB_KEY_HASH_SIZE (32)
35 #define PUB_KEY_SIZE (68) /* Size must be aligned to 4 Bytes */
36 #endif /* MCUBOOT_SIGN_EC384 */
37
38 #ifdef MCUBOOT_BUILTIN_KEY
39 #define PROV_ROTPK_DATA_SIZE PUB_KEY_SIZE
40 #else
41 #define PROV_ROTPK_DATA_SIZE PUB_KEY_HASH_SIZE
42 #endif /* MCUBOOT_BUILTIN_KEY */
43
44 __PACKED_STRUCT bl2_assembly_and_test_provisioning_data_t {
45 uint32_t magic;
46 #ifdef MCUBOOT_ROTPK_SIGN_POLICY
47 uint32_t bl2_rotpk_policies;
48 #endif /* MCUBOOT_ROTPK_SIGN_POLICY */
49 uint8_t bl2_rotpk_0[PROV_ROTPK_DATA_SIZE];
50 uint8_t bl2_rotpk_1[PROV_ROTPK_DATA_SIZE];
51 #if (MCUBOOT_IMAGE_NUMBER > 2)
52 uint8_t bl2_rotpk_2[PROV_ROTPK_DATA_SIZE];
53 #endif
54 #if (MCUBOOT_IMAGE_NUMBER > 3)
55 uint8_t bl2_rotpk_3[PROV_ROTPK_DATA_SIZE];
56 #endif
57
58 #ifdef PLATFORM_PSA_ADAC_SECURE_DEBUG
59 uint8_t secure_debug_pk[32];
60 #endif /* PLATFORM_PSA_ADAC_SECURE_DEBUG */
61 };
62
63 #ifdef TFM_DUMMY_PROVISIONING
64
65 #if !defined(MCUBOOT_BUILTIN_KEY)
66 /* List of BL2 Root of Trust public key hashes */
67 #if defined(MCUBOOT_SIGN_RSA)
68 #if (MCUBOOT_SIGN_RSA_LEN == 2048)
69 /* SHA-256 hashes of RSA-2048 public keys (in PKCS#1 format)
70 * DATA_KIND_0: hash of PK(bl2/ext/mcuboot/root-RSA-2048.pem)
71 * DATA_KIND_1: hash of PK(bl2/ext/mcuboot/root-RSA-2048_1.pem)
72 */
73 #define ASSEMBLY_AND_TEST_PROV_DATA_KIND_0 { \
74 0xfc, 0x57, 0x01, 0xdc, 0x61, 0x35, 0xe1, 0x32, \
75 0x38, 0x47, 0xbd, 0xc4, 0x0f, 0x04, 0xd2, 0xe5, \
76 0xbe, 0xe5, 0x83, 0x3b, 0x23, 0xc2, 0x9f, 0x93, \
77 0x59, 0x3d, 0x00, 0x01, 0x8c, 0xfa, 0x99, 0x94, \
78 }
79 #define ASSEMBLY_AND_TEST_PROV_DATA_KIND_1 { \
80 0xe1, 0x80, 0x15, 0x99, 0x3d, 0x6d, 0x27, 0x60, \
81 0xb4, 0x99, 0x27, 0x4b, 0xae, 0xf2, 0x64, 0xb8, \
82 0x3a, 0xf2, 0x29, 0xe9, 0xa7, 0x85, 0xf3, 0xd5, \
83 0xbf, 0x00, 0xb9, 0xd3, 0x2c, 0x1f, 0x03, 0x96, \
84 }
85 #elif (MCUBOOT_SIGN_RSA_LEN == 3072)
86 /* SHA-256 hashes of RSA-3072 public keys (in PKCS#1 format)
87 * DATA_KIND_0: hash of PK(bl2/ext/mcuboot/root-RSA-3072.pem)
88 * DATA_KIND_1: hash of PK(bl2/ext/mcuboot/root-RSA-3072_1.pem)
89 */
90 #define ASSEMBLY_AND_TEST_PROV_DATA_KIND_0 { \
91 0xbf, 0xe6, 0xd8, 0x6f, 0x88, 0x26, 0xf4, 0xff, \
92 0x97, 0xfb, 0x96, 0xc4, 0xe6, 0xfb, 0xc4, 0x99, \
93 0x3e, 0x46, 0x19, 0xfc, 0x56, 0x5d, 0xa2, 0x6a, \
94 0xdf, 0x34, 0xc3, 0x29, 0x48, 0x9a, 0xdc, 0x38, \
95 }
96 #define ASSEMBLY_AND_TEST_PROV_DATA_KIND_1 { \
97 0xb3, 0x60, 0xca, 0xf5, 0xc9, 0x8c, 0x6b, 0x94, \
98 0x2a, 0x48, 0x82, 0xfa, 0x9d, 0x48, 0x23, 0xef, \
99 0xb1, 0x66, 0xa9, 0xef, 0x6a, 0x6e, 0x4a, 0xa3, \
100 0x7c, 0x19, 0x19, 0xed, 0x1f, 0xcc, 0xc0, 0x49, \
101 }
102 #endif /* MCUBOOT_SIGN_RSA_LEN */
103 #elif defined(MCUBOOT_SIGN_EC256)
104 /* SHA-256 hashes of EC-P256 public keys
105 * (in SubjectPublicKeyInfo format, see RFC5480)
106 * DATA_KIND_0: hash of PK(bl2/ext/mcuboot/root-EC-P256.pem)
107 * DATA_KIND_1: hash of PK(bl2/ext/mcuboot/root-EC-P256_1.pem)
108 */
109 #define ASSEMBLY_AND_TEST_PROV_DATA_KIND_0 { \
110 0xe3, 0x04, 0x66, 0xf6, 0xb8, 0x47, 0x0c, 0x1f, \
111 0x29, 0x07, 0x0b, 0x17, 0xf1, 0xe2, 0xd3, 0xe9, \
112 0x4d, 0x44, 0x5e, 0x3f, 0x60, 0x80, 0x87, 0xfd, \
113 0xc7, 0x11, 0xe4, 0x38, 0x2b, 0xb5, 0x38, 0xb6, \
114 }
115 #define ASSEMBLY_AND_TEST_PROV_DATA_KIND_1 { \
116 0x82, 0xa5, 0xb4, 0x43, 0x59, 0x48, 0x53, 0xd4, \
117 0xbf, 0x0f, 0xdd, 0x89, 0xa9, 0x14, 0xa5, 0xdc, \
118 0x16, 0xf8, 0x67, 0x54, 0x82, 0x07, 0xd7, 0x07, \
119 0x7e, 0x74, 0xd8, 0x0c, 0x06, 0x3e, 0xfd, 0xa9, \
120 }
121 #elif defined(MCUBOOT_SIGN_EC384)
122 /* SHA-384 hashes of EC-P384 public keys
123 * (in SubjectPublicKeyInfo format, see RFC5480)
124 * DATA_KIND_0: hash of PK(bl2/ext/mcuboot/root-EC-P384.pem)
125 * DATA_KIND_1: hash of PK(bl2/ext/mcuboot/root-EC-P384_1.pem)
126 */
127 #define ASSEMBLY_AND_TEST_PROV_DATA_KIND_0 { \
128 0x85, 0xb7, 0xbd, 0x5f, 0x5d, 0xff, 0x9a, 0x03, \
129 0xa9, 0x99, 0x27, 0xad, 0xaf, 0x6c, 0xa6, 0xfe, \
130 0xbd, 0xe8, 0x22, 0xc1, 0xa4, 0x80, 0x92, 0x83, \
131 0x24, 0xa8, 0xe6, 0x03, 0x23, 0x71, 0x5c, 0x57, \
132 0x79, 0x46, 0x1c, 0x49, 0x6a, 0x95, 0xae, 0xe8, \
133 0xc4, 0xf9, 0x0b, 0x99, 0x77, 0x9f, 0x84, 0x8a, \
134 }
135 #define ASSEMBLY_AND_TEST_PROV_DATA_KIND_1 { \
136 0xae, 0x13, 0xb7, 0x1d, 0xae, 0x49, 0xa7, 0xb8, \
137 0x9d, 0x4d, 0x8e, 0xe5, 0x09, 0x5c, 0xb8, 0xd4, \
138 0x5a, 0x32, 0xbd, 0x9c, 0x7d, 0x50, 0x1c, 0xd3, \
139 0xb8, 0xf8, 0x6c, 0xbc, 0x8b, 0x41, 0x43, 0x9b, \
140 0x1b, 0x22, 0x5c, 0xc3, 0x6a, 0x5b, 0xa8, 0x08, \
141 0x1d, 0xf0, 0x71, 0xe0, 0xcb, 0xbc, 0x61, 0x92, \
142 }
143 #endif /* MCUBOOT_SIGN_RSA */
144
145 #else /* !MCUBOOT_BUILTIN_KEY */
146 /* List of BL2 Root of Trust public keys */
147 #if defined(MCUBOOT_SIGN_EC256)
148 /* EC-P256 public keys
149 * (raw keys as subjectPublicKey (bit string), see RFC5480)
150 * DATA_KIND_0: PK(bl2/ext/mcuboot/root-EC-P256.pem)
151 * DATA_KIND_1: PK(bl2/ext/mcuboot/root-EC-P256_1.pem)
152 */
153 #define ASSEMBLY_AND_TEST_PROV_DATA_KIND_0 { \
154 0x04, 0x2a, 0xcb, 0x40, 0x3c, 0xe8, 0xfe, 0xed, \
155 0x5b, 0xa4, 0x49, 0x95, 0xa1, 0xa9, 0x1d, 0xae, \
156 0xe8, 0xdb, 0xbe, 0x19, 0x37, 0xcd, 0x14, 0xfb, \
157 0x2f, 0x24, 0x57, 0x37, 0xe5, 0x95, 0x39, 0x88, \
158 0xd9, 0x94, 0xb9, 0xd6, 0x5a, 0xeb, 0xd7, 0xcd, \
159 0xd5, 0x30, 0x8a, 0xd6, 0xfe, 0x48, 0xb2, 0x4a, \
160 0x6a, 0x81, 0x0e, 0xe5, 0xf0, 0x7d, 0x8b, 0x68, \
161 0x34, 0xcc, 0x3a, 0x6a, 0xfc, 0x53, 0x8e, 0xfa, \
162 0xc1, \
163 }
164 #define ASSEMBLY_AND_TEST_PROV_DATA_KIND_1 { \
165 0x04, 0xe8, 0x09, 0x08, 0x12, 0x3a, 0x0f, 0xad, \
166 0x40, 0xe0, 0x33, 0x8a, 0xa6, 0x54, 0xf8, 0x83, \
167 0x95, 0x41, 0x8e, 0x44, 0x99, 0xa2, 0x0f, 0xae, \
168 0x85, 0x69, 0x2b, 0xf9, 0x26, 0xb5, 0xe9, 0x9e, \
169 0x16, 0x2c, 0x87, 0x76, 0x62, 0x7f, 0x32, 0x6c, \
170 0x9b, 0x70, 0x78, 0x06, 0x52, 0x52, 0x52, 0xca, \
171 0x2b, 0xd2, 0xb7, 0xc7, 0x50, 0x07, 0x66, 0x3b, \
172 0x3b, 0xdf, 0xe1, 0x99, 0x69, 0x00, 0x26, 0x2c, \
173 0x33, \
174 }
175 #elif defined(MCUBOOT_SIGN_EC384)
176 /* EC-P384 public keys
177 * (raw keys as subjectPublicKey (bit string), see RFC5480)
178 * DATA_KIND_0: PK(bl2/ext/mcuboot/root-EC-P384.pem)
179 * DATA_KIND_1: PK(bl2/ext/mcuboot/root-EC-P384_1.pem)
180 */
181 #define ASSEMBLY_AND_TEST_PROV_DATA_KIND_0 { 0x04, \
182 0x0c, 0x76, 0xca, 0xae, 0x72, 0x3a, 0xa5, 0xe8, \
183 0xf0, 0xd4, 0xf1, 0x16, 0xb5, 0x02, 0xef, 0x77, \
184 0xa1, 0x1b, 0x93, 0x61, 0x78, 0xc0, 0x09, 0x26, \
185 0x7b, 0x3b, 0x40, 0x9c, 0xee, 0x49, 0x85, 0xe0, \
186 0xc9, 0x4f, 0xe7, 0xf2, 0xba, 0x97, 0x6c, 0xf3, \
187 0x82, 0x65, 0x14, 0x2c, 0xf5, 0x0c, 0x73, 0x33, \
188 0x4d, 0x32, 0xe7, 0x9b, 0xd3, 0x42, 0xcc, 0x95, \
189 0x5a, 0xe5, 0xe2, 0xf5, 0xf4, 0x6e, 0x45, 0xe0, \
190 0xed, 0x20, 0x35, 0x5c, 0xaf, 0x52, 0x35, 0x81, \
191 0xd4, 0xdc, 0x9c, 0xe3, 0x9e, 0x22, 0x3e, 0xfb, \
192 0x3f, 0x22, 0x10, 0xda, 0x70, 0x03, 0x37, 0xad, \
193 0xa8, 0xf2, 0x48, 0xfe, 0x3a, 0x60, 0x69, 0xa5, \
194 }
195 #define ASSEMBLY_AND_TEST_PROV_DATA_KIND_1 { 0x04, \
196 0x34, 0x43, 0xad, 0x59, 0x83, 0xd9, 0x41, 0x65, \
197 0xdc, 0x20, 0xb8, 0x62, 0x35, 0xf8, 0x7d, 0x94, \
198 0x13, 0x5e, 0x75, 0xe6, 0xa8, 0x79, 0xe9, 0xcb, \
199 0xfd, 0xa7, 0x2e, 0x92, 0x95, 0x82, 0xa6, 0xc5, \
200 0xdd, 0x53, 0xc7, 0x3d, 0x46, 0xed, 0x75, 0xd5, \
201 0x20, 0xb5, 0xbe, 0x74, 0x2a, 0x6d, 0x30, 0xe2, \
202 0x31, 0x50, 0x1c, 0x7f, 0xc7, 0x7b, 0x4a, 0x73, \
203 0x55, 0xf8, 0x92, 0x60, 0xff, 0x2f, 0x18, 0x04, \
204 0xbc, 0xc7, 0xd9, 0xce, 0xda, 0xa6, 0x36, 0x52, \
205 0xec, 0x2b, 0x64, 0x6e, 0x7a, 0x97, 0x60, 0x9d, \
206 0x8c, 0xba, 0xfe, 0xec, 0x9a, 0xb0, 0xc2, 0x6e, \
207 0x3d, 0x75, 0x2a, 0x98, 0xb2, 0xa3, 0x09, 0x84, \
208 }
209 #endif /* MCUBOOT_SIGN_EC256 */
210 #endif /* !MCUBOOT_BUILTIN_KEY */
211
212 static const struct bl2_assembly_and_test_provisioning_data_t bl2_assembly_and_test_prov_data = {
213 ASSEMBLY_AND_TEST_PROV_DATA_MAGIC,
214 #ifdef MCUBOOT_ROTPK_SIGN_POLICY
215 BL2_ROTPK_POLICIES,
216 #endif /* MCUBOOT_ROTPK_SIGN_POLICY */
217
218 #if defined(MCUBOOT_SIGN_RSA)
219 #if (MCUBOOT_SIGN_RSA_LEN == 2048)
220 ASSEMBLY_AND_TEST_PROV_DATA_KIND_0, /* bl2 rotpk 0 */
221 ASSEMBLY_AND_TEST_PROV_DATA_KIND_1, /* bl2 rotpk 1 */
222 #if (MCUBOOT_IMAGE_NUMBER > 2)
223 ASSEMBLY_AND_TEST_PROV_DATA_KIND_0, /* bl2 rotpk 2 */
224 #endif
225 #if (MCUBOOT_IMAGE_NUMBER > 3)
226 ASSEMBLY_AND_TEST_PROV_DATA_KIND_0, /* bl2 rotpk 3 */
227 #endif
228
229 #elif (MCUBOOT_SIGN_RSA_LEN == 3072)
230 ASSEMBLY_AND_TEST_PROV_DATA_KIND_0, /* bl2 rotpk 0 */
231 ASSEMBLY_AND_TEST_PROV_DATA_KIND_1, /* bl2 rotpk 1 */
232 #if (MCUBOOT_IMAGE_NUMBER > 2)
233 ASSEMBLY_AND_TEST_PROV_DATA_KIND_0, /* bl2 rotpk 2 */
234 #endif
235 #if (MCUBOOT_IMAGE_NUMBER > 3)
236 ASSEMBLY_AND_TEST_PROV_DATA_KIND_0, /* bl2 rotpk 3 */
237 #endif
238 #endif /* MCUBOOT_SIGN_RSA_LEN */
239
240 #elif defined(MCUBOOT_SIGN_EC256)
241 ASSEMBLY_AND_TEST_PROV_DATA_KIND_0, /* bl2 rotpk 0 */
242 ASSEMBLY_AND_TEST_PROV_DATA_KIND_1, /* bl2 rotpk 1 */
243 #if MCUBOOT_IMAGE_NUMBER > 2
244 ASSEMBLY_AND_TEST_PROV_DATA_KIND_0, /* bl2 rotpk 2 */
245 #endif
246 #if MCUBOOT_IMAGE_NUMBER > 3
247 ASSEMBLY_AND_TEST_PROV_DATA_KIND_0, /* bl2 rotpk 3 */
248 #endif
249
250 #elif defined(MCUBOOT_SIGN_EC384)
251 ASSEMBLY_AND_TEST_PROV_DATA_KIND_0, /* bl2 rotpk 0 */
252 ASSEMBLY_AND_TEST_PROV_DATA_KIND_1, /* bl2 rotpk 1 */
253 #if MCUBOOT_IMAGE_NUMBER > 2
254 ASSEMBLY_AND_TEST_PROV_DATA_KIND_0, /* bl2 rotpk 2 */
255 #endif
256 #if MCUBOOT_IMAGE_NUMBER > 3
257 ASSEMBLY_AND_TEST_PROV_DATA_KIND_0, /* bl2 rotpk 3 */
258 #endif
259 #else
260 #error "No public key available for given signing algorithm."
261 #endif /* MCUBOOT_SIGN_RSA */
262
263 #ifdef PLATFORM_PSA_ADAC_SECURE_DEBUG
264 {
265 0xf4, 0x0c, 0x8f, 0xbf, 0x12, 0xdb, 0x78, 0x2a,
266 0xfd, 0xf4, 0x75, 0x96, 0x6a, 0x06, 0x82, 0x36,
267 0xe0, 0x32, 0xab, 0x80, 0xd1, 0xb7, 0xf1, 0xbc,
268 0x9f, 0xe7, 0xd8, 0x7a, 0x88, 0xcb, 0x26, 0xd0,
269 },
270 #endif /* PLATFORM_PSA_ADAC_SECURE_DEBUG */
271 };
272 #else
273 static const struct bl2_assembly_and_test_provisioning_data_t bl2_assembly_and_test_prov_data;
274 #endif /* TFM_DUMMY_PROVISIONING */
275
tfm_plat_provisioning_check_for_dummy_keys(void)276 void tfm_plat_provisioning_check_for_dummy_keys(void)
277 {
278 uint64_t iak_start;
279
280 tfm_plat_otp_read(PLAT_OTP_ID_IAK, sizeof(iak_start), (uint8_t*)&iak_start);
281
282 if(iak_start == 0xA4906F6DB254B4A9) {
283 BOOT_LOG_WRN("%s%s%s%s",
284 "\033[1;31m",
285 "This device was provisioned with dummy keys. ",
286 "This device is \033[1;1mNOT SECURE",
287 "\033[0m");
288 }
289
290 memset(&iak_start, 0, sizeof(iak_start));
291 }
292
tfm_plat_provisioning_is_required(bool * provisioning_required)293 enum tfm_plat_err_t tfm_plat_provisioning_is_required(bool *provisioning_required)
294 {
295 enum tfm_plat_err_t err;
296 enum plat_otp_lcs_t lcs;
297
298 if (provisioning_required == NULL) {
299 return TFM_PLAT_ERR_INVALID_INPUT;
300 }
301
302 err = tfm_plat_otp_read(PLAT_OTP_ID_LCS, sizeof(lcs), (uint8_t*)&lcs);
303 if (err != TFM_PLAT_ERR_SUCCESS) {
304 return err;
305 }
306
307 *provisioning_required = (lcs == PLAT_OTP_LCS_ASSEMBLY_AND_TEST)
308 || (lcs == PLAT_OTP_LCS_PSA_ROT_PROVISIONING);
309
310 return TFM_PLAT_ERR_SUCCESS;
311 }
312
provision_assembly_and_test(void)313 enum tfm_plat_err_t provision_assembly_and_test(void)
314 {
315 enum tfm_plat_err_t err;
316
317 err = tfm_plat_otp_write(PLAT_OTP_ID_BL2_ROTPK_0,
318 sizeof(bl2_assembly_and_test_prov_data.bl2_rotpk_0),
319 bl2_assembly_and_test_prov_data.bl2_rotpk_0);
320 if ((err != TFM_PLAT_ERR_SUCCESS) && (err != TFM_PLAT_ERR_UNSUPPORTED)) {
321 return err;
322 }
323 err = tfm_plat_otp_write(PLAT_OTP_ID_BL2_ROTPK_1,
324 sizeof(bl2_assembly_and_test_prov_data.bl2_rotpk_1),
325 bl2_assembly_and_test_prov_data.bl2_rotpk_1);
326 if ((err != TFM_PLAT_ERR_SUCCESS) && (err != TFM_PLAT_ERR_UNSUPPORTED)) {
327 return err;
328 }
329 #if (MCUBOOT_IMAGE_NUMBER > 2)
330 err = tfm_plat_otp_write(PLAT_OTP_ID_BL2_ROTPK_2,
331 sizeof(bl2_assembly_and_test_prov_data.bl2_rotpk_2),
332 bl2_assembly_and_test_prov_data.bl2_rotpk_2);
333 if (err != TFM_PLAT_ERR_SUCCESS && err != TFM_PLAT_ERR_UNSUPPORTED) {
334 return err;
335 }
336 #endif /* MCUBOOT_IMAGE_NUMBER > 2 */
337 #if (MCUBOOT_IMAGE_NUMBER > 3)
338 err = tfm_plat_otp_write(PLAT_OTP_ID_BL2_ROTPK_3,
339 sizeof(bl2_assembly_and_test_prov_data.bl2_rotpk_3),
340 bl2_assembly_and_test_prov_data.bl2_rotpk_3);
341 if (err != TFM_PLAT_ERR_SUCCESS && err != TFM_PLAT_ERR_UNSUPPORTED) {
342 return err;
343 }
344 #endif /* MCUBOOT_IMAGE_NUMBER > 3 */
345
346 #ifdef MCUBOOT_ROTPK_SIGN_POLICY
347 /* Write the ROTPK policies */
348 err = tfm_plat_otp_write(PLAT_OTP_ID_BL2_ROTPK_POLICIES,
349 sizeof(bl2_assembly_and_test_prov_data.bl2_rotpk_policies),
350 (uint8_t *)&bl2_assembly_and_test_prov_data.bl2_rotpk_policies);
351 if ((err != TFM_PLAT_ERR_SUCCESS) && (err != TFM_PLAT_ERR_UNSUPPORTED)) {
352 return err;
353 }
354 #endif /* MCUBOOT_ROTPK_SIGN_POLICY */
355
356 #ifdef PLATFORM_PSA_ADAC_SECURE_DEBUG
357 err = tfm_plat_otp_write(PLAT_OTP_ID_SECURE_DEBUG_PK,
358 sizeof(bl2_assembly_and_test_prov_data.secure_debug_pk),
359 bl2_assembly_and_test_prov_data.secure_debug_pk);
360 if (err != TFM_PLAT_ERR_SUCCESS && err != TFM_PLAT_ERR_UNSUPPORTED) {
361 return err;
362 }
363 #endif /* PLATFORM_PSA_ADAC_SECURE_DEBUG */
364
365 return err;
366 }
367
tfm_plat_provisioning_perform(void)368 enum tfm_plat_err_t tfm_plat_provisioning_perform(void)
369 {
370 enum tfm_plat_err_t err;
371 enum plat_otp_lcs_t lcs;
372
373 err = tfm_plat_otp_read(PLAT_OTP_ID_LCS, sizeof(lcs), (uint8_t*)&lcs);
374 if (err != TFM_PLAT_ERR_SUCCESS) {
375 return err;
376 }
377
378 BOOT_LOG_INF("Beginning BL2 provisioning");
379
380 #ifdef TFM_DUMMY_PROVISIONING
381 BOOT_LOG_WRN("%s%s%s%s",
382 "\033[1;31m",
383 "TFM_DUMMY_PROVISIONING is not suitable for production! ",
384 "This device is \033[1;1mNOT SECURE",
385 "\033[0m");
386 #endif /* TFM_DUMMY_PROVISIONING */
387
388 if (lcs == PLAT_OTP_LCS_ASSEMBLY_AND_TEST) {
389 if (bl2_assembly_and_test_prov_data.magic != ASSEMBLY_AND_TEST_PROV_DATA_MAGIC) {
390 BOOT_LOG_ERR("No valid ASSEMBLY_AND_TEST provisioning data found");
391 return TFM_PLAT_ERR_INVALID_INPUT;
392 }
393
394 err = tfm_plat_otp_secure_provisioning_start();
395 if (err != TFM_PLAT_ERR_SUCCESS) {
396 return err;
397 }
398
399 err = provision_assembly_and_test();
400 if (err != TFM_PLAT_ERR_SUCCESS) {
401 return err;
402 }
403
404 err = tfm_plat_otp_secure_provisioning_finish();
405 if (err != TFM_PLAT_ERR_SUCCESS) {
406 return err;
407 }
408 }
409
410 return TFM_PLAT_ERR_SUCCESS;
411 }
412