xref: /arm-trusted-firmware/drivers/nxp/auth/csf_hdr_parser/cot.c (revision 91f16700b400a8c0651d24a598fc48ee2997a0d7) 
1*91f16700Schasinglulu /*
2*91f16700Schasinglulu  * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
3*91f16700Schasinglulu  *
4*91f16700Schasinglulu  * Copyright 2020 NXP
5*91f16700Schasinglulu  *
6*91f16700Schasinglulu  * SPDX-License-Identifier: BSD-3-Clause
7*91f16700Schasinglulu  */
8*91f16700Schasinglulu 
9*91f16700Schasinglulu #include <stddef.h>
10*91f16700Schasinglulu 
11*91f16700Schasinglulu #include <drivers/auth/auth_mod.h>
12*91f16700Schasinglulu 
13*91f16700Schasinglulu #if USE_TBBR_DEFS
14*91f16700Schasinglulu #include <tools_share/tbbr_oid.h>
15*91f16700Schasinglulu #else
16*91f16700Schasinglulu #include <platform_oid.h>
17*91f16700Schasinglulu #endif
18*91f16700Schasinglulu 
19*91f16700Schasinglulu 
20*91f16700Schasinglulu static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC(
21*91f16700Schasinglulu 		AUTH_PARAM_SIG, 0);
22*91f16700Schasinglulu static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC(
23*91f16700Schasinglulu 		AUTH_PARAM_SIG_ALG, 0);
24*91f16700Schasinglulu static auth_param_type_desc_t sig_hash = AUTH_PARAM_TYPE_DESC(
25*91f16700Schasinglulu 		AUTH_PARAM_HASH, 0);
26*91f16700Schasinglulu 
27*91f16700Schasinglulu static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC(
28*91f16700Schasinglulu 		AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID);
29*91f16700Schasinglulu 
30*91f16700Schasinglulu /*
31*91f16700Schasinglulu  * TBBR Chain of trust definition
32*91f16700Schasinglulu  */
33*91f16700Schasinglulu static const auth_img_desc_t bl31_image = {
34*91f16700Schasinglulu 	.img_id = BL31_IMAGE_ID,
35*91f16700Schasinglulu 	.img_type = IMG_PLAT,
36*91f16700Schasinglulu 	.parent = NULL,
37*91f16700Schasinglulu 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
38*91f16700Schasinglulu 		[0] = {
39*91f16700Schasinglulu 			.type = AUTH_METHOD_SIG,
40*91f16700Schasinglulu 			.param.sig = {
41*91f16700Schasinglulu 				.pk = &non_trusted_world_pk,
42*91f16700Schasinglulu 				.sig = &sig,
43*91f16700Schasinglulu 				.alg = &sig_alg,
44*91f16700Schasinglulu 				.data = &sig_hash
45*91f16700Schasinglulu 			}
46*91f16700Schasinglulu 		}
47*91f16700Schasinglulu 	}
48*91f16700Schasinglulu };
49*91f16700Schasinglulu static const auth_img_desc_t scp_bl2_image = {
50*91f16700Schasinglulu 	.img_id = SCP_BL2_IMAGE_ID,
51*91f16700Schasinglulu 	.img_type = IMG_PLAT,
52*91f16700Schasinglulu 	.parent = NULL,
53*91f16700Schasinglulu 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
54*91f16700Schasinglulu 		[0] = {
55*91f16700Schasinglulu 			.type = AUTH_METHOD_SIG,
56*91f16700Schasinglulu 			.param.sig = {
57*91f16700Schasinglulu 				.pk = &non_trusted_world_pk,
58*91f16700Schasinglulu 				.sig = &sig,
59*91f16700Schasinglulu 				.alg = &sig_alg,
60*91f16700Schasinglulu 				.data = &sig_hash
61*91f16700Schasinglulu 			}
62*91f16700Schasinglulu 		}
63*91f16700Schasinglulu 	}
64*91f16700Schasinglulu };
65*91f16700Schasinglulu static const auth_img_desc_t bl32_image = {
66*91f16700Schasinglulu 	.img_id = BL32_IMAGE_ID,
67*91f16700Schasinglulu 	.img_type = IMG_PLAT,
68*91f16700Schasinglulu 	.parent = NULL,
69*91f16700Schasinglulu 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
70*91f16700Schasinglulu 		[0] = {
71*91f16700Schasinglulu 			.type = AUTH_METHOD_SIG,
72*91f16700Schasinglulu 			.param.sig = {
73*91f16700Schasinglulu 				.pk = &non_trusted_world_pk,
74*91f16700Schasinglulu 				.sig = &sig,
75*91f16700Schasinglulu 				.alg = &sig_alg,
76*91f16700Schasinglulu 				.data = &sig_hash
77*91f16700Schasinglulu 			}
78*91f16700Schasinglulu 		}
79*91f16700Schasinglulu 	}
80*91f16700Schasinglulu };
81*91f16700Schasinglulu static const auth_img_desc_t bl33_image = {
82*91f16700Schasinglulu 	.img_id = BL33_IMAGE_ID,
83*91f16700Schasinglulu 	.img_type = IMG_PLAT,
84*91f16700Schasinglulu 	.parent = NULL,
85*91f16700Schasinglulu 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
86*91f16700Schasinglulu 		[0] = {
87*91f16700Schasinglulu 			.type = AUTH_METHOD_SIG,
88*91f16700Schasinglulu 			.param.sig = {
89*91f16700Schasinglulu 				.pk = &non_trusted_world_pk,
90*91f16700Schasinglulu 				.sig = &sig,
91*91f16700Schasinglulu 				.alg = &sig_alg,
92*91f16700Schasinglulu 				.data = &sig_hash
93*91f16700Schasinglulu 			}
94*91f16700Schasinglulu 		}
95*91f16700Schasinglulu 	}
96*91f16700Schasinglulu };
97*91f16700Schasinglulu #ifdef POLICY_FUSE_PROVISION
98*91f16700Schasinglulu static const auth_img_desc_t fuse_prov_img = {
99*91f16700Schasinglulu 	.img_id = FUSE_PROV_IMAGE_ID,
100*91f16700Schasinglulu 	.img_type = IMG_PLAT,
101*91f16700Schasinglulu 	.parent = NULL,
102*91f16700Schasinglulu 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
103*91f16700Schasinglulu 		[0] = {
104*91f16700Schasinglulu 			.type = AUTH_METHOD_SIG,
105*91f16700Schasinglulu 			.param.sig = {
106*91f16700Schasinglulu 				.pk = &non_trusted_world_pk,
107*91f16700Schasinglulu 				.sig = &sig,
108*91f16700Schasinglulu 				.alg = &sig_alg,
109*91f16700Schasinglulu 				.data = &sig_hash
110*91f16700Schasinglulu 			}
111*91f16700Schasinglulu 		}
112*91f16700Schasinglulu 	}
113*91f16700Schasinglulu };
114*91f16700Schasinglulu static const auth_img_desc_t fuse_upgrade_img = {
115*91f16700Schasinglulu 	.img_id = FUSE_UP_IMAGE_ID,
116*91f16700Schasinglulu 	.img_type = IMG_PLAT,
117*91f16700Schasinglulu 	.parent = NULL,
118*91f16700Schasinglulu 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
119*91f16700Schasinglulu 		[0] = {
120*91f16700Schasinglulu 			.type = AUTH_METHOD_SIG,
121*91f16700Schasinglulu 			.param.sig = {
122*91f16700Schasinglulu 				.pk = &non_trusted_world_pk,
123*91f16700Schasinglulu 				.sig = &sig,
124*91f16700Schasinglulu 				.alg = &sig_alg,
125*91f16700Schasinglulu 				.data = &sig_hash
126*91f16700Schasinglulu 			}
127*91f16700Schasinglulu 		}
128*91f16700Schasinglulu 	}
129*91f16700Schasinglulu };
130*91f16700Schasinglulu #endif
131*91f16700Schasinglulu #ifdef CONFIG_DDR_FIP_IMAGE
132*91f16700Schasinglulu static const auth_img_desc_t ddr_imem_udimm_1d_img = {
133*91f16700Schasinglulu 	.img_id = DDR_IMEM_UDIMM_1D_IMAGE_ID,
134*91f16700Schasinglulu 	.img_type = IMG_PLAT,
135*91f16700Schasinglulu 	.parent = NULL,
136*91f16700Schasinglulu 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
137*91f16700Schasinglulu 		[0] = {
138*91f16700Schasinglulu 			.type = AUTH_METHOD_SIG,
139*91f16700Schasinglulu 			.param.sig = {
140*91f16700Schasinglulu 				.pk = &non_trusted_world_pk,
141*91f16700Schasinglulu 				.sig = &sig,
142*91f16700Schasinglulu 				.alg = &sig_alg,
143*91f16700Schasinglulu 				.data = &sig_hash
144*91f16700Schasinglulu 			}
145*91f16700Schasinglulu 		}
146*91f16700Schasinglulu 	}
147*91f16700Schasinglulu };
148*91f16700Schasinglulu static const auth_img_desc_t ddr_imem_udimm_2d_img = {
149*91f16700Schasinglulu 	.img_id = DDR_IMEM_UDIMM_2D_IMAGE_ID,
150*91f16700Schasinglulu 	.img_type = IMG_PLAT,
151*91f16700Schasinglulu 	.parent = NULL,
152*91f16700Schasinglulu 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
153*91f16700Schasinglulu 		[0] = {
154*91f16700Schasinglulu 			.type = AUTH_METHOD_SIG,
155*91f16700Schasinglulu 			.param.sig = {
156*91f16700Schasinglulu 				.pk = &non_trusted_world_pk,
157*91f16700Schasinglulu 				.sig = &sig,
158*91f16700Schasinglulu 				.alg = &sig_alg,
159*91f16700Schasinglulu 				.data = &sig_hash
160*91f16700Schasinglulu 			}
161*91f16700Schasinglulu 		}
162*91f16700Schasinglulu 	}
163*91f16700Schasinglulu };
164*91f16700Schasinglulu static const auth_img_desc_t ddr_dmem_udimm_1d_img = {
165*91f16700Schasinglulu 	.img_id = DDR_DMEM_UDIMM_1D_IMAGE_ID,
166*91f16700Schasinglulu 	.img_type = IMG_PLAT,
167*91f16700Schasinglulu 	.parent = NULL,
168*91f16700Schasinglulu 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
169*91f16700Schasinglulu 		[0] = {
170*91f16700Schasinglulu 			.type = AUTH_METHOD_SIG,
171*91f16700Schasinglulu 			.param.sig = {
172*91f16700Schasinglulu 				.pk = &non_trusted_world_pk,
173*91f16700Schasinglulu 				.sig = &sig,
174*91f16700Schasinglulu 				.alg = &sig_alg,
175*91f16700Schasinglulu 				.data = &sig_hash
176*91f16700Schasinglulu 			}
177*91f16700Schasinglulu 		}
178*91f16700Schasinglulu 	}
179*91f16700Schasinglulu };
180*91f16700Schasinglulu static const auth_img_desc_t ddr_dmem_udimm_2d_img = {
181*91f16700Schasinglulu 	.img_id = DDR_DMEM_UDIMM_2D_IMAGE_ID,
182*91f16700Schasinglulu 	.img_type = IMG_PLAT,
183*91f16700Schasinglulu 	.parent = NULL,
184*91f16700Schasinglulu 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
185*91f16700Schasinglulu 		[0] = {
186*91f16700Schasinglulu 			.type = AUTH_METHOD_SIG,
187*91f16700Schasinglulu 			.param.sig = {
188*91f16700Schasinglulu 				.pk = &non_trusted_world_pk,
189*91f16700Schasinglulu 				.sig = &sig,
190*91f16700Schasinglulu 				.alg = &sig_alg,
191*91f16700Schasinglulu 				.data = &sig_hash
192*91f16700Schasinglulu 			}
193*91f16700Schasinglulu 		}
194*91f16700Schasinglulu 	}
195*91f16700Schasinglulu };
196*91f16700Schasinglulu static const auth_img_desc_t ddr_imem_rdimm_1d_img = {
197*91f16700Schasinglulu 	.img_id = DDR_IMEM_RDIMM_1D_IMAGE_ID,
198*91f16700Schasinglulu 	.img_type = IMG_PLAT,
199*91f16700Schasinglulu 	.parent = NULL,
200*91f16700Schasinglulu 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
201*91f16700Schasinglulu 		[0] = {
202*91f16700Schasinglulu 			.type = AUTH_METHOD_SIG,
203*91f16700Schasinglulu 			.param.sig = {
204*91f16700Schasinglulu 				.pk = &non_trusted_world_pk,
205*91f16700Schasinglulu 				.sig = &sig,
206*91f16700Schasinglulu 				.alg = &sig_alg,
207*91f16700Schasinglulu 				.data = &sig_hash
208*91f16700Schasinglulu 			}
209*91f16700Schasinglulu 		}
210*91f16700Schasinglulu 	}
211*91f16700Schasinglulu };
212*91f16700Schasinglulu static const auth_img_desc_t ddr_imem_rdimm_2d_img = {
213*91f16700Schasinglulu 	.img_id = DDR_IMEM_RDIMM_2D_IMAGE_ID,
214*91f16700Schasinglulu 	.img_type = IMG_PLAT,
215*91f16700Schasinglulu 	.parent = NULL,
216*91f16700Schasinglulu 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
217*91f16700Schasinglulu 		[0] = {
218*91f16700Schasinglulu 			.type = AUTH_METHOD_SIG,
219*91f16700Schasinglulu 			.param.sig = {
220*91f16700Schasinglulu 				.pk = &non_trusted_world_pk,
221*91f16700Schasinglulu 				.sig = &sig,
222*91f16700Schasinglulu 				.alg = &sig_alg,
223*91f16700Schasinglulu 				.data = &sig_hash
224*91f16700Schasinglulu 			}
225*91f16700Schasinglulu 		}
226*91f16700Schasinglulu 	}
227*91f16700Schasinglulu };
228*91f16700Schasinglulu static const auth_img_desc_t ddr_dmem_rdimm_1d_img = {
229*91f16700Schasinglulu 	.img_id = DDR_DMEM_RDIMM_1D_IMAGE_ID,
230*91f16700Schasinglulu 	.img_type = IMG_PLAT,
231*91f16700Schasinglulu 	.parent = NULL,
232*91f16700Schasinglulu 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
233*91f16700Schasinglulu 		[0] = {
234*91f16700Schasinglulu 			.type = AUTH_METHOD_SIG,
235*91f16700Schasinglulu 			.param.sig = {
236*91f16700Schasinglulu 				.pk = &non_trusted_world_pk,
237*91f16700Schasinglulu 				.sig = &sig,
238*91f16700Schasinglulu 				.alg = &sig_alg,
239*91f16700Schasinglulu 				.data = &sig_hash
240*91f16700Schasinglulu 			}
241*91f16700Schasinglulu 		}
242*91f16700Schasinglulu 	}
243*91f16700Schasinglulu };
244*91f16700Schasinglulu static const auth_img_desc_t ddr_dmem_rdimm_2d_img = {
245*91f16700Schasinglulu 	.img_id = DDR_DMEM_RDIMM_2D_IMAGE_ID,
246*91f16700Schasinglulu 	.img_type = IMG_PLAT,
247*91f16700Schasinglulu 	.parent = NULL,
248*91f16700Schasinglulu 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
249*91f16700Schasinglulu 		[0] = {
250*91f16700Schasinglulu 			.type = AUTH_METHOD_SIG,
251*91f16700Schasinglulu 			.param.sig = {
252*91f16700Schasinglulu 				.pk = &non_trusted_world_pk,
253*91f16700Schasinglulu 				.sig = &sig,
254*91f16700Schasinglulu 				.alg = &sig_alg,
255*91f16700Schasinglulu 				.data = &sig_hash
256*91f16700Schasinglulu 			}
257*91f16700Schasinglulu 		}
258*91f16700Schasinglulu 	}
259*91f16700Schasinglulu };
260*91f16700Schasinglulu #endif
261*91f16700Schasinglulu 
262*91f16700Schasinglulu static const auth_img_desc_t * const cot_desc[] = {
263*91f16700Schasinglulu 	[BL31_IMAGE_ID]			=	&bl31_image,
264*91f16700Schasinglulu 	[SCP_BL2_IMAGE_ID]		=	&scp_bl2_image,
265*91f16700Schasinglulu 	[BL32_IMAGE_ID]			=	&bl32_image,
266*91f16700Schasinglulu 	[BL33_IMAGE_ID]			=	&bl33_image,
267*91f16700Schasinglulu #ifdef POLICY_FUSE_PROVISION
268*91f16700Schasinglulu 	[FUSE_PROV_IMAGE_ID]		=	&fuse_prov_img,
269*91f16700Schasinglulu 	[FUSE_UP_IMAGE_ID]		=	&fuse_upgrade_img,
270*91f16700Schasinglulu #endif
271*91f16700Schasinglulu #ifdef CONFIG_DDR_FIP_IMAGE
272*91f16700Schasinglulu 	[DDR_IMEM_UDIMM_1D_IMAGE_ID]	=	&ddr_imem_udimm_1d_img,
273*91f16700Schasinglulu 	[DDR_IMEM_UDIMM_2D_IMAGE_ID]	=	&ddr_imem_udimm_2d_img,
274*91f16700Schasinglulu 	[DDR_DMEM_UDIMM_1D_IMAGE_ID]	=	&ddr_dmem_udimm_1d_img,
275*91f16700Schasinglulu 	[DDR_DMEM_UDIMM_2D_IMAGE_ID]	=	&ddr_dmem_udimm_2d_img,
276*91f16700Schasinglulu 	[DDR_IMEM_RDIMM_1D_IMAGE_ID]	=	&ddr_imem_rdimm_1d_img,
277*91f16700Schasinglulu 	[DDR_IMEM_RDIMM_2D_IMAGE_ID]	=	&ddr_imem_rdimm_2d_img,
278*91f16700Schasinglulu 	[DDR_DMEM_RDIMM_1D_IMAGE_ID]	=	&ddr_dmem_rdimm_1d_img,
279*91f16700Schasinglulu 	[DDR_DMEM_RDIMM_2D_IMAGE_ID]	=	&ddr_dmem_rdimm_2d_img,
280*91f16700Schasinglulu #endif
281*91f16700Schasinglulu };
282*91f16700Schasinglulu 
283*91f16700Schasinglulu /* Register the CoT in the authentication module */
284*91f16700Schasinglulu REGISTER_COT(cot_desc);
285