1*91f16700Schasinglulu /* 2*91f16700Schasinglulu * Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved. 3*91f16700Schasinglulu * 4*91f16700Schasinglulu * Copyright 2020 NXP 5*91f16700Schasinglulu * 6*91f16700Schasinglulu * SPDX-License-Identifier: BSD-3-Clause 7*91f16700Schasinglulu */ 8*91f16700Schasinglulu 9*91f16700Schasinglulu #include <stddef.h> 10*91f16700Schasinglulu 11*91f16700Schasinglulu #include <common/tbbr/cot_def.h> 12*91f16700Schasinglulu #include <drivers/auth/auth_mod.h> 13*91f16700Schasinglulu 14*91f16700Schasinglulu #if USE_TBBR_DEFS 15*91f16700Schasinglulu #include <tools_share/tbbr_oid.h> 16*91f16700Schasinglulu #else 17*91f16700Schasinglulu #include <platform_oid.h> 18*91f16700Schasinglulu #endif 19*91f16700Schasinglulu 20*91f16700Schasinglulu 21*91f16700Schasinglulu #if TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA256 22*91f16700Schasinglulu #define HASH_DER_LEN 51 23*91f16700Schasinglulu #elif TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA384 24*91f16700Schasinglulu #define HASH_DER_LEN 67 25*91f16700Schasinglulu #elif TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA512 26*91f16700Schasinglulu #define HASH_DER_LEN 83 27*91f16700Schasinglulu #else 28*91f16700Schasinglulu #error "Invalid value for TF_MBEDTLS_HASH_ALG_ID" 29*91f16700Schasinglulu #endif 30*91f16700Schasinglulu 31*91f16700Schasinglulu /* 32*91f16700Schasinglulu * The platform must allocate buffers to store the authentication parameters 33*91f16700Schasinglulu * extracted from the certificates. In this case, because of the way the CoT is 34*91f16700Schasinglulu * established, we can reuse some of the buffers on different stages 35*91f16700Schasinglulu */ 36*91f16700Schasinglulu 37*91f16700Schasinglulu static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN]; 38*91f16700Schasinglulu 39*91f16700Schasinglulu static unsigned char soc_fw_hash_buf[HASH_DER_LEN]; 40*91f16700Schasinglulu static unsigned char tos_fw_hash_buf[HASH_DER_LEN]; 41*91f16700Schasinglulu static unsigned char tos_fw_extra1_hash_buf[HASH_DER_LEN]; 42*91f16700Schasinglulu static unsigned char tos_fw_extra2_hash_buf[HASH_DER_LEN]; 43*91f16700Schasinglulu static unsigned char trusted_world_pk_buf[PK_DER_LEN]; 44*91f16700Schasinglulu static unsigned char non_trusted_world_pk_buf[PK_DER_LEN]; 45*91f16700Schasinglulu static unsigned char content_pk_buf[PK_DER_LEN]; 46*91f16700Schasinglulu static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN]; 47*91f16700Schasinglulu static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN]; 48*91f16700Schasinglulu static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN]; 49*91f16700Schasinglulu 50*91f16700Schasinglulu #ifdef CONFIG_DDR_FIP_IMAGE 51*91f16700Schasinglulu static unsigned char ddr_fw_content_pk_buf[PK_DER_LEN]; 52*91f16700Schasinglulu static unsigned char ddr_imem_udimm_1d_hash_buf[HASH_DER_LEN]; 53*91f16700Schasinglulu static unsigned char ddr_imem_udimm_2d_hash_buf[HASH_DER_LEN]; 54*91f16700Schasinglulu static unsigned char ddr_dmem_udimm_1d_hash_buf[HASH_DER_LEN]; 55*91f16700Schasinglulu static unsigned char ddr_dmem_udimm_2d_hash_buf[HASH_DER_LEN]; 56*91f16700Schasinglulu 57*91f16700Schasinglulu static unsigned char ddr_imem_rdimm_1d_hash_buf[HASH_DER_LEN]; 58*91f16700Schasinglulu static unsigned char ddr_imem_rdimm_2d_hash_buf[HASH_DER_LEN]; 59*91f16700Schasinglulu static unsigned char ddr_dmem_rdimm_1d_hash_buf[HASH_DER_LEN]; 60*91f16700Schasinglulu static unsigned char ddr_dmem_rdimm_2d_hash_buf[HASH_DER_LEN]; 61*91f16700Schasinglulu #endif 62*91f16700Schasinglulu 63*91f16700Schasinglulu /* 64*91f16700Schasinglulu * Parameter type descriptors 65*91f16700Schasinglulu */ 66*91f16700Schasinglulu static auth_param_type_desc_t trusted_nv_ctr = AUTH_PARAM_TYPE_DESC( 67*91f16700Schasinglulu AUTH_PARAM_NV_CTR, TRUSTED_FW_NVCOUNTER_OID); 68*91f16700Schasinglulu 69*91f16700Schasinglulu static auth_param_type_desc_t subject_pk = AUTH_PARAM_TYPE_DESC( 70*91f16700Schasinglulu AUTH_PARAM_PUB_KEY, 0); 71*91f16700Schasinglulu static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC( 72*91f16700Schasinglulu AUTH_PARAM_SIG, 0); 73*91f16700Schasinglulu static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC( 74*91f16700Schasinglulu AUTH_PARAM_SIG_ALG, 0); 75*91f16700Schasinglulu static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC( 76*91f16700Schasinglulu AUTH_PARAM_RAW_DATA, 0); 77*91f16700Schasinglulu 78*91f16700Schasinglulu 79*91f16700Schasinglulu static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC( 80*91f16700Schasinglulu AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID); 81*91f16700Schasinglulu static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC( 82*91f16700Schasinglulu AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID); 83*91f16700Schasinglulu static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC( 84*91f16700Schasinglulu AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID); 85*91f16700Schasinglulu static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC( 86*91f16700Schasinglulu AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID); 87*91f16700Schasinglulu static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC( 88*91f16700Schasinglulu AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID); 89*91f16700Schasinglulu static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC( 90*91f16700Schasinglulu AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID); 91*91f16700Schasinglulu static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC( 92*91f16700Schasinglulu AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID); 93*91f16700Schasinglulu static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC( 94*91f16700Schasinglulu AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID); 95*91f16700Schasinglulu static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC( 96*91f16700Schasinglulu AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID); 97*91f16700Schasinglulu static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC( 98*91f16700Schasinglulu AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID); 99*91f16700Schasinglulu static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC( 100*91f16700Schasinglulu AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID); 101*91f16700Schasinglulu static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC( 102*91f16700Schasinglulu AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID); 103*91f16700Schasinglulu static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC( 104*91f16700Schasinglulu AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID); 105*91f16700Schasinglulu static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC( 106*91f16700Schasinglulu AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID); 107*91f16700Schasinglulu 108*91f16700Schasinglulu #ifdef CONFIG_DDR_FIP_IMAGE 109*91f16700Schasinglulu static auth_param_type_desc_t ddr_fw_content_pk = AUTH_PARAM_TYPE_DESC( 110*91f16700Schasinglulu AUTH_PARAM_PUB_KEY, DDR_FW_CONTENT_CERT_PK_OID); 111*91f16700Schasinglulu 112*91f16700Schasinglulu static auth_param_type_desc_t ddr_imem_udimm_1d_fw_hash = AUTH_PARAM_TYPE_DESC( 113*91f16700Schasinglulu AUTH_PARAM_HASH, DDR_IMEM_UDIMM_1D_HASH_OID); 114*91f16700Schasinglulu static auth_param_type_desc_t ddr_imem_udimm_2d_fw_hash = AUTH_PARAM_TYPE_DESC( 115*91f16700Schasinglulu AUTH_PARAM_HASH, DDR_IMEM_UDIMM_2D_HASH_OID); 116*91f16700Schasinglulu static auth_param_type_desc_t ddr_dmem_udimm_1d_fw_hash = AUTH_PARAM_TYPE_DESC( 117*91f16700Schasinglulu AUTH_PARAM_HASH, DDR_DMEM_UDIMM_1D_HASH_OID); 118*91f16700Schasinglulu static auth_param_type_desc_t ddr_dmem_udimm_2d_fw_hash = AUTH_PARAM_TYPE_DESC( 119*91f16700Schasinglulu AUTH_PARAM_HASH, DDR_DMEM_UDIMM_2D_HASH_OID); 120*91f16700Schasinglulu 121*91f16700Schasinglulu static auth_param_type_desc_t ddr_imem_rdimm_1d_fw_hash = AUTH_PARAM_TYPE_DESC( 122*91f16700Schasinglulu AUTH_PARAM_HASH, DDR_IMEM_RDIMM_1D_HASH_OID); 123*91f16700Schasinglulu static auth_param_type_desc_t ddr_imem_rdimm_2d_fw_hash = AUTH_PARAM_TYPE_DESC( 124*91f16700Schasinglulu AUTH_PARAM_HASH, DDR_IMEM_RDIMM_2D_HASH_OID); 125*91f16700Schasinglulu static auth_param_type_desc_t ddr_dmem_rdimm_1d_fw_hash = AUTH_PARAM_TYPE_DESC( 126*91f16700Schasinglulu AUTH_PARAM_HASH, DDR_DMEM_RDIMM_1D_HASH_OID); 127*91f16700Schasinglulu static auth_param_type_desc_t ddr_dmem_rdimm_2d_fw_hash = AUTH_PARAM_TYPE_DESC( 128*91f16700Schasinglulu AUTH_PARAM_HASH, DDR_DMEM_RDIMM_2D_HASH_OID); 129*91f16700Schasinglulu #endif 130*91f16700Schasinglulu 131*91f16700Schasinglulu 132*91f16700Schasinglulu /* 133*91f16700Schasinglulu * Trusted key certificate 134*91f16700Schasinglulu */ 135*91f16700Schasinglulu static const auth_img_desc_t trusted_key_cert = { 136*91f16700Schasinglulu .img_id = TRUSTED_KEY_CERT_ID, 137*91f16700Schasinglulu .img_type = IMG_CERT, 138*91f16700Schasinglulu .parent = NULL, 139*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 140*91f16700Schasinglulu [0] = { 141*91f16700Schasinglulu .type = AUTH_METHOD_SIG, 142*91f16700Schasinglulu .param.sig = { 143*91f16700Schasinglulu .pk = &subject_pk, 144*91f16700Schasinglulu .sig = &sig, 145*91f16700Schasinglulu .alg = &sig_alg, 146*91f16700Schasinglulu .data = &raw_data 147*91f16700Schasinglulu } 148*91f16700Schasinglulu }, 149*91f16700Schasinglulu [1] = { 150*91f16700Schasinglulu .type = AUTH_METHOD_NV_CTR, 151*91f16700Schasinglulu .param.nv_ctr = { 152*91f16700Schasinglulu .cert_nv_ctr = &trusted_nv_ctr, 153*91f16700Schasinglulu .plat_nv_ctr = &trusted_nv_ctr 154*91f16700Schasinglulu } 155*91f16700Schasinglulu } 156*91f16700Schasinglulu }, 157*91f16700Schasinglulu .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 158*91f16700Schasinglulu [0] = { 159*91f16700Schasinglulu .type_desc = &trusted_world_pk, 160*91f16700Schasinglulu .data = { 161*91f16700Schasinglulu .ptr = (void *)trusted_world_pk_buf, 162*91f16700Schasinglulu .len = (unsigned int)PK_DER_LEN 163*91f16700Schasinglulu } 164*91f16700Schasinglulu }, 165*91f16700Schasinglulu [1] = { 166*91f16700Schasinglulu .type_desc = &non_trusted_world_pk, 167*91f16700Schasinglulu .data = { 168*91f16700Schasinglulu .ptr = (void *)non_trusted_world_pk_buf, 169*91f16700Schasinglulu .len = (unsigned int)PK_DER_LEN 170*91f16700Schasinglulu } 171*91f16700Schasinglulu } 172*91f16700Schasinglulu } 173*91f16700Schasinglulu }; 174*91f16700Schasinglulu 175*91f16700Schasinglulu /* 176*91f16700Schasinglulu * SoC Firmware 177*91f16700Schasinglulu */ 178*91f16700Schasinglulu static const auth_img_desc_t soc_fw_key_cert = { 179*91f16700Schasinglulu .img_id = SOC_FW_KEY_CERT_ID, 180*91f16700Schasinglulu .img_type = IMG_CERT, 181*91f16700Schasinglulu .parent = &trusted_key_cert, 182*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 183*91f16700Schasinglulu [0] = { 184*91f16700Schasinglulu .type = AUTH_METHOD_SIG, 185*91f16700Schasinglulu .param.sig = { 186*91f16700Schasinglulu .pk = &trusted_world_pk, 187*91f16700Schasinglulu .sig = &sig, 188*91f16700Schasinglulu .alg = &sig_alg, 189*91f16700Schasinglulu .data = &raw_data 190*91f16700Schasinglulu } 191*91f16700Schasinglulu }, 192*91f16700Schasinglulu [1] = { 193*91f16700Schasinglulu .type = AUTH_METHOD_NV_CTR, 194*91f16700Schasinglulu .param.nv_ctr = { 195*91f16700Schasinglulu .cert_nv_ctr = &trusted_nv_ctr, 196*91f16700Schasinglulu .plat_nv_ctr = &trusted_nv_ctr 197*91f16700Schasinglulu } 198*91f16700Schasinglulu } 199*91f16700Schasinglulu }, 200*91f16700Schasinglulu .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 201*91f16700Schasinglulu [0] = { 202*91f16700Schasinglulu .type_desc = &soc_fw_content_pk, 203*91f16700Schasinglulu .data = { 204*91f16700Schasinglulu .ptr = (void *)content_pk_buf, 205*91f16700Schasinglulu .len = (unsigned int)PK_DER_LEN 206*91f16700Schasinglulu } 207*91f16700Schasinglulu } 208*91f16700Schasinglulu } 209*91f16700Schasinglulu }; 210*91f16700Schasinglulu static const auth_img_desc_t soc_fw_content_cert = { 211*91f16700Schasinglulu .img_id = SOC_FW_CONTENT_CERT_ID, 212*91f16700Schasinglulu .img_type = IMG_CERT, 213*91f16700Schasinglulu .parent = &soc_fw_key_cert, 214*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 215*91f16700Schasinglulu [0] = { 216*91f16700Schasinglulu .type = AUTH_METHOD_SIG, 217*91f16700Schasinglulu .param.sig = { 218*91f16700Schasinglulu .pk = &soc_fw_content_pk, 219*91f16700Schasinglulu .sig = &sig, 220*91f16700Schasinglulu .alg = &sig_alg, 221*91f16700Schasinglulu .data = &raw_data 222*91f16700Schasinglulu } 223*91f16700Schasinglulu }, 224*91f16700Schasinglulu [1] = { 225*91f16700Schasinglulu .type = AUTH_METHOD_NV_CTR, 226*91f16700Schasinglulu .param.nv_ctr = { 227*91f16700Schasinglulu .cert_nv_ctr = &trusted_nv_ctr, 228*91f16700Schasinglulu .plat_nv_ctr = &trusted_nv_ctr 229*91f16700Schasinglulu } 230*91f16700Schasinglulu } 231*91f16700Schasinglulu }, 232*91f16700Schasinglulu .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 233*91f16700Schasinglulu [0] = { 234*91f16700Schasinglulu .type_desc = &soc_fw_hash, 235*91f16700Schasinglulu .data = { 236*91f16700Schasinglulu .ptr = (void *)soc_fw_hash_buf, 237*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 238*91f16700Schasinglulu } 239*91f16700Schasinglulu }, 240*91f16700Schasinglulu [1] = { 241*91f16700Schasinglulu .type_desc = &soc_fw_config_hash, 242*91f16700Schasinglulu .data = { 243*91f16700Schasinglulu .ptr = (void *)soc_fw_config_hash_buf, 244*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 245*91f16700Schasinglulu } 246*91f16700Schasinglulu } 247*91f16700Schasinglulu } 248*91f16700Schasinglulu }; 249*91f16700Schasinglulu static const auth_img_desc_t bl31_image = { 250*91f16700Schasinglulu .img_id = BL31_IMAGE_ID, 251*91f16700Schasinglulu .img_type = IMG_RAW, 252*91f16700Schasinglulu .parent = &soc_fw_content_cert, 253*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 254*91f16700Schasinglulu [0] = { 255*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 256*91f16700Schasinglulu .param.hash = { 257*91f16700Schasinglulu .data = &raw_data, 258*91f16700Schasinglulu .hash = &soc_fw_hash 259*91f16700Schasinglulu } 260*91f16700Schasinglulu } 261*91f16700Schasinglulu } 262*91f16700Schasinglulu }; 263*91f16700Schasinglulu /* SOC FW Config */ 264*91f16700Schasinglulu static const auth_img_desc_t soc_fw_config = { 265*91f16700Schasinglulu .img_id = SOC_FW_CONFIG_ID, 266*91f16700Schasinglulu .img_type = IMG_RAW, 267*91f16700Schasinglulu .parent = &soc_fw_content_cert, 268*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 269*91f16700Schasinglulu [0] = { 270*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 271*91f16700Schasinglulu .param.hash = { 272*91f16700Schasinglulu .data = &raw_data, 273*91f16700Schasinglulu .hash = &soc_fw_config_hash 274*91f16700Schasinglulu } 275*91f16700Schasinglulu } 276*91f16700Schasinglulu } 277*91f16700Schasinglulu }; 278*91f16700Schasinglulu /* 279*91f16700Schasinglulu * Trusted OS Firmware 280*91f16700Schasinglulu */ 281*91f16700Schasinglulu static const auth_img_desc_t trusted_os_fw_key_cert = { 282*91f16700Schasinglulu .img_id = TRUSTED_OS_FW_KEY_CERT_ID, 283*91f16700Schasinglulu .img_type = IMG_CERT, 284*91f16700Schasinglulu .parent = &trusted_key_cert, 285*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 286*91f16700Schasinglulu [0] = { 287*91f16700Schasinglulu .type = AUTH_METHOD_SIG, 288*91f16700Schasinglulu .param.sig = { 289*91f16700Schasinglulu .pk = &trusted_world_pk, 290*91f16700Schasinglulu .sig = &sig, 291*91f16700Schasinglulu .alg = &sig_alg, 292*91f16700Schasinglulu .data = &raw_data 293*91f16700Schasinglulu } 294*91f16700Schasinglulu }, 295*91f16700Schasinglulu [1] = { 296*91f16700Schasinglulu .type = AUTH_METHOD_NV_CTR, 297*91f16700Schasinglulu .param.nv_ctr = { 298*91f16700Schasinglulu .cert_nv_ctr = &trusted_nv_ctr, 299*91f16700Schasinglulu .plat_nv_ctr = &trusted_nv_ctr 300*91f16700Schasinglulu } 301*91f16700Schasinglulu } 302*91f16700Schasinglulu }, 303*91f16700Schasinglulu .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 304*91f16700Schasinglulu [0] = { 305*91f16700Schasinglulu .type_desc = &tos_fw_content_pk, 306*91f16700Schasinglulu .data = { 307*91f16700Schasinglulu .ptr = (void *)content_pk_buf, 308*91f16700Schasinglulu .len = (unsigned int)PK_DER_LEN 309*91f16700Schasinglulu } 310*91f16700Schasinglulu } 311*91f16700Schasinglulu } 312*91f16700Schasinglulu }; 313*91f16700Schasinglulu static const auth_img_desc_t trusted_os_fw_content_cert = { 314*91f16700Schasinglulu .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID, 315*91f16700Schasinglulu .img_type = IMG_CERT, 316*91f16700Schasinglulu .parent = &trusted_os_fw_key_cert, 317*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 318*91f16700Schasinglulu [0] = { 319*91f16700Schasinglulu .type = AUTH_METHOD_SIG, 320*91f16700Schasinglulu .param.sig = { 321*91f16700Schasinglulu .pk = &tos_fw_content_pk, 322*91f16700Schasinglulu .sig = &sig, 323*91f16700Schasinglulu .alg = &sig_alg, 324*91f16700Schasinglulu .data = &raw_data 325*91f16700Schasinglulu } 326*91f16700Schasinglulu }, 327*91f16700Schasinglulu [1] = { 328*91f16700Schasinglulu .type = AUTH_METHOD_NV_CTR, 329*91f16700Schasinglulu .param.nv_ctr = { 330*91f16700Schasinglulu .cert_nv_ctr = &trusted_nv_ctr, 331*91f16700Schasinglulu .plat_nv_ctr = &trusted_nv_ctr 332*91f16700Schasinglulu } 333*91f16700Schasinglulu } 334*91f16700Schasinglulu }, 335*91f16700Schasinglulu .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 336*91f16700Schasinglulu [0] = { 337*91f16700Schasinglulu .type_desc = &tos_fw_hash, 338*91f16700Schasinglulu .data = { 339*91f16700Schasinglulu .ptr = (void *)tos_fw_hash_buf, 340*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 341*91f16700Schasinglulu } 342*91f16700Schasinglulu }, 343*91f16700Schasinglulu [1] = { 344*91f16700Schasinglulu .type_desc = &tos_fw_extra1_hash, 345*91f16700Schasinglulu .data = { 346*91f16700Schasinglulu .ptr = (void *)tos_fw_extra1_hash_buf, 347*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 348*91f16700Schasinglulu } 349*91f16700Schasinglulu }, 350*91f16700Schasinglulu [2] = { 351*91f16700Schasinglulu .type_desc = &tos_fw_extra2_hash, 352*91f16700Schasinglulu .data = { 353*91f16700Schasinglulu .ptr = (void *)tos_fw_extra2_hash_buf, 354*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 355*91f16700Schasinglulu } 356*91f16700Schasinglulu }, 357*91f16700Schasinglulu [3] = { 358*91f16700Schasinglulu .type_desc = &tos_fw_config_hash, 359*91f16700Schasinglulu .data = { 360*91f16700Schasinglulu .ptr = (void *)tos_fw_config_hash_buf, 361*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 362*91f16700Schasinglulu } 363*91f16700Schasinglulu } 364*91f16700Schasinglulu } 365*91f16700Schasinglulu }; 366*91f16700Schasinglulu static const auth_img_desc_t bl32_image = { 367*91f16700Schasinglulu .img_id = BL32_IMAGE_ID, 368*91f16700Schasinglulu .img_type = IMG_RAW, 369*91f16700Schasinglulu .parent = &trusted_os_fw_content_cert, 370*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 371*91f16700Schasinglulu [0] = { 372*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 373*91f16700Schasinglulu .param.hash = { 374*91f16700Schasinglulu .data = &raw_data, 375*91f16700Schasinglulu .hash = &tos_fw_hash 376*91f16700Schasinglulu } 377*91f16700Schasinglulu } 378*91f16700Schasinglulu } 379*91f16700Schasinglulu }; 380*91f16700Schasinglulu static const auth_img_desc_t bl32_extra1_image = { 381*91f16700Schasinglulu .img_id = BL32_EXTRA1_IMAGE_ID, 382*91f16700Schasinglulu .img_type = IMG_RAW, 383*91f16700Schasinglulu .parent = &trusted_os_fw_content_cert, 384*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 385*91f16700Schasinglulu [0] = { 386*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 387*91f16700Schasinglulu .param.hash = { 388*91f16700Schasinglulu .data = &raw_data, 389*91f16700Schasinglulu .hash = &tos_fw_extra1_hash 390*91f16700Schasinglulu } 391*91f16700Schasinglulu } 392*91f16700Schasinglulu } 393*91f16700Schasinglulu }; 394*91f16700Schasinglulu static const auth_img_desc_t bl32_extra2_image = { 395*91f16700Schasinglulu .img_id = BL32_EXTRA2_IMAGE_ID, 396*91f16700Schasinglulu .img_type = IMG_RAW, 397*91f16700Schasinglulu .parent = &trusted_os_fw_content_cert, 398*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 399*91f16700Schasinglulu [0] = { 400*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 401*91f16700Schasinglulu .param.hash = { 402*91f16700Schasinglulu .data = &raw_data, 403*91f16700Schasinglulu .hash = &tos_fw_extra2_hash 404*91f16700Schasinglulu } 405*91f16700Schasinglulu } 406*91f16700Schasinglulu } 407*91f16700Schasinglulu }; 408*91f16700Schasinglulu /* TOS FW Config */ 409*91f16700Schasinglulu static const auth_img_desc_t tos_fw_config = { 410*91f16700Schasinglulu .img_id = TOS_FW_CONFIG_ID, 411*91f16700Schasinglulu .img_type = IMG_RAW, 412*91f16700Schasinglulu .parent = &trusted_os_fw_content_cert, 413*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 414*91f16700Schasinglulu [0] = { 415*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 416*91f16700Schasinglulu .param.hash = { 417*91f16700Schasinglulu .data = &raw_data, 418*91f16700Schasinglulu .hash = &tos_fw_config_hash 419*91f16700Schasinglulu } 420*91f16700Schasinglulu } 421*91f16700Schasinglulu } 422*91f16700Schasinglulu }; 423*91f16700Schasinglulu /* 424*91f16700Schasinglulu * Non-Trusted Firmware 425*91f16700Schasinglulu */ 426*91f16700Schasinglulu static const auth_img_desc_t non_trusted_fw_key_cert = { 427*91f16700Schasinglulu .img_id = NON_TRUSTED_FW_KEY_CERT_ID, 428*91f16700Schasinglulu .img_type = IMG_CERT, 429*91f16700Schasinglulu .parent = &trusted_key_cert, 430*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 431*91f16700Schasinglulu [0] = { 432*91f16700Schasinglulu .type = AUTH_METHOD_SIG, 433*91f16700Schasinglulu .param.sig = { 434*91f16700Schasinglulu .pk = &non_trusted_world_pk, 435*91f16700Schasinglulu .sig = &sig, 436*91f16700Schasinglulu .alg = &sig_alg, 437*91f16700Schasinglulu .data = &raw_data 438*91f16700Schasinglulu } 439*91f16700Schasinglulu }, 440*91f16700Schasinglulu [1] = { 441*91f16700Schasinglulu .type = AUTH_METHOD_NV_CTR, 442*91f16700Schasinglulu .param.nv_ctr = { 443*91f16700Schasinglulu .cert_nv_ctr = &non_trusted_nv_ctr, 444*91f16700Schasinglulu .plat_nv_ctr = &non_trusted_nv_ctr 445*91f16700Schasinglulu } 446*91f16700Schasinglulu } 447*91f16700Schasinglulu }, 448*91f16700Schasinglulu .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 449*91f16700Schasinglulu [0] = { 450*91f16700Schasinglulu .type_desc = &nt_fw_content_pk, 451*91f16700Schasinglulu .data = { 452*91f16700Schasinglulu .ptr = (void *)content_pk_buf, 453*91f16700Schasinglulu .len = (unsigned int)PK_DER_LEN 454*91f16700Schasinglulu } 455*91f16700Schasinglulu } 456*91f16700Schasinglulu } 457*91f16700Schasinglulu }; 458*91f16700Schasinglulu static const auth_img_desc_t non_trusted_fw_content_cert = { 459*91f16700Schasinglulu .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID, 460*91f16700Schasinglulu .img_type = IMG_CERT, 461*91f16700Schasinglulu .parent = &non_trusted_fw_key_cert, 462*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 463*91f16700Schasinglulu [0] = { 464*91f16700Schasinglulu .type = AUTH_METHOD_SIG, 465*91f16700Schasinglulu .param.sig = { 466*91f16700Schasinglulu .pk = &nt_fw_content_pk, 467*91f16700Schasinglulu .sig = &sig, 468*91f16700Schasinglulu .alg = &sig_alg, 469*91f16700Schasinglulu .data = &raw_data 470*91f16700Schasinglulu } 471*91f16700Schasinglulu }, 472*91f16700Schasinglulu [1] = { 473*91f16700Schasinglulu .type = AUTH_METHOD_NV_CTR, 474*91f16700Schasinglulu .param.nv_ctr = { 475*91f16700Schasinglulu .cert_nv_ctr = &non_trusted_nv_ctr, 476*91f16700Schasinglulu .plat_nv_ctr = &non_trusted_nv_ctr 477*91f16700Schasinglulu } 478*91f16700Schasinglulu } 479*91f16700Schasinglulu }, 480*91f16700Schasinglulu .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 481*91f16700Schasinglulu [0] = { 482*91f16700Schasinglulu .type_desc = &nt_world_bl_hash, 483*91f16700Schasinglulu .data = { 484*91f16700Schasinglulu .ptr = (void *)nt_world_bl_hash_buf, 485*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 486*91f16700Schasinglulu } 487*91f16700Schasinglulu }, 488*91f16700Schasinglulu [1] = { 489*91f16700Schasinglulu .type_desc = &nt_fw_config_hash, 490*91f16700Schasinglulu .data = { 491*91f16700Schasinglulu .ptr = (void *)nt_fw_config_hash_buf, 492*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 493*91f16700Schasinglulu } 494*91f16700Schasinglulu } 495*91f16700Schasinglulu } 496*91f16700Schasinglulu }; 497*91f16700Schasinglulu static const auth_img_desc_t bl33_image = { 498*91f16700Schasinglulu .img_id = BL33_IMAGE_ID, 499*91f16700Schasinglulu .img_type = IMG_RAW, 500*91f16700Schasinglulu .parent = &non_trusted_fw_content_cert, 501*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 502*91f16700Schasinglulu [0] = { 503*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 504*91f16700Schasinglulu .param.hash = { 505*91f16700Schasinglulu .data = &raw_data, 506*91f16700Schasinglulu .hash = &nt_world_bl_hash 507*91f16700Schasinglulu } 508*91f16700Schasinglulu } 509*91f16700Schasinglulu } 510*91f16700Schasinglulu }; 511*91f16700Schasinglulu /* NT FW Config */ 512*91f16700Schasinglulu static const auth_img_desc_t nt_fw_config = { 513*91f16700Schasinglulu .img_id = NT_FW_CONFIG_ID, 514*91f16700Schasinglulu .img_type = IMG_RAW, 515*91f16700Schasinglulu .parent = &non_trusted_fw_content_cert, 516*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 517*91f16700Schasinglulu [0] = { 518*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 519*91f16700Schasinglulu .param.hash = { 520*91f16700Schasinglulu .data = &raw_data, 521*91f16700Schasinglulu .hash = &nt_fw_config_hash 522*91f16700Schasinglulu } 523*91f16700Schasinglulu } 524*91f16700Schasinglulu } 525*91f16700Schasinglulu }; 526*91f16700Schasinglulu #ifdef CONFIG_DDR_FIP_IMAGE 527*91f16700Schasinglulu /* 528*91f16700Schasinglulu * DDR Firmware 529*91f16700Schasinglulu */ 530*91f16700Schasinglulu static const auth_img_desc_t ddr_fw_key_cert = { 531*91f16700Schasinglulu .img_id = DDR_FW_KEY_CERT_ID, 532*91f16700Schasinglulu .img_type = IMG_CERT, 533*91f16700Schasinglulu .parent = &trusted_key_cert, 534*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 535*91f16700Schasinglulu [0] = { 536*91f16700Schasinglulu .type = AUTH_METHOD_SIG, 537*91f16700Schasinglulu .param.sig = { 538*91f16700Schasinglulu .pk = &trusted_world_pk, 539*91f16700Schasinglulu .sig = &sig, 540*91f16700Schasinglulu .alg = &sig_alg, 541*91f16700Schasinglulu .data = &raw_data 542*91f16700Schasinglulu } 543*91f16700Schasinglulu }, 544*91f16700Schasinglulu [1] = { 545*91f16700Schasinglulu .type = AUTH_METHOD_NV_CTR, 546*91f16700Schasinglulu .param.nv_ctr = { 547*91f16700Schasinglulu .cert_nv_ctr = &trusted_nv_ctr, 548*91f16700Schasinglulu .plat_nv_ctr = &trusted_nv_ctr 549*91f16700Schasinglulu } 550*91f16700Schasinglulu } 551*91f16700Schasinglulu }, 552*91f16700Schasinglulu .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 553*91f16700Schasinglulu [0] = { 554*91f16700Schasinglulu .type_desc = &ddr_fw_content_pk, 555*91f16700Schasinglulu .data = { 556*91f16700Schasinglulu .ptr = (void *)ddr_fw_content_pk_buf, 557*91f16700Schasinglulu .len = (unsigned int)PK_DER_LEN 558*91f16700Schasinglulu } 559*91f16700Schasinglulu } 560*91f16700Schasinglulu } 561*91f16700Schasinglulu }; 562*91f16700Schasinglulu static const auth_img_desc_t ddr_udimm_fw_content_cert = { 563*91f16700Schasinglulu .img_id = DDR_UDIMM_FW_CONTENT_CERT_ID, 564*91f16700Schasinglulu .img_type = IMG_CERT, 565*91f16700Schasinglulu .parent = &ddr_fw_key_cert, 566*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 567*91f16700Schasinglulu [0] = { 568*91f16700Schasinglulu .type = AUTH_METHOD_SIG, 569*91f16700Schasinglulu .param.sig = { 570*91f16700Schasinglulu .pk = &ddr_fw_content_pk, 571*91f16700Schasinglulu .sig = &sig, 572*91f16700Schasinglulu .alg = &sig_alg, 573*91f16700Schasinglulu .data = &raw_data 574*91f16700Schasinglulu } 575*91f16700Schasinglulu }, 576*91f16700Schasinglulu [1] = { 577*91f16700Schasinglulu .type = AUTH_METHOD_NV_CTR, 578*91f16700Schasinglulu .param.nv_ctr = { 579*91f16700Schasinglulu .cert_nv_ctr = &trusted_nv_ctr, 580*91f16700Schasinglulu .plat_nv_ctr = &trusted_nv_ctr 581*91f16700Schasinglulu } 582*91f16700Schasinglulu } 583*91f16700Schasinglulu }, 584*91f16700Schasinglulu .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 585*91f16700Schasinglulu [0] = { 586*91f16700Schasinglulu .type_desc = &ddr_imem_udimm_1d_fw_hash, 587*91f16700Schasinglulu .data = { 588*91f16700Schasinglulu .ptr = (void *)ddr_imem_udimm_1d_hash_buf, 589*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 590*91f16700Schasinglulu } 591*91f16700Schasinglulu }, 592*91f16700Schasinglulu [1] = { 593*91f16700Schasinglulu .type_desc = &ddr_imem_udimm_2d_fw_hash, 594*91f16700Schasinglulu .data = { 595*91f16700Schasinglulu .ptr = (void *)ddr_imem_udimm_2d_hash_buf, 596*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 597*91f16700Schasinglulu } 598*91f16700Schasinglulu }, 599*91f16700Schasinglulu [2] = { 600*91f16700Schasinglulu .type_desc = &ddr_dmem_udimm_1d_fw_hash, 601*91f16700Schasinglulu .data = { 602*91f16700Schasinglulu .ptr = (void *)ddr_dmem_udimm_1d_hash_buf, 603*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 604*91f16700Schasinglulu } 605*91f16700Schasinglulu }, 606*91f16700Schasinglulu [3] = { 607*91f16700Schasinglulu .type_desc = &ddr_dmem_udimm_2d_fw_hash, 608*91f16700Schasinglulu .data = { 609*91f16700Schasinglulu .ptr = (void *)ddr_dmem_udimm_2d_hash_buf, 610*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 611*91f16700Schasinglulu } 612*91f16700Schasinglulu }, 613*91f16700Schasinglulu } 614*91f16700Schasinglulu }; 615*91f16700Schasinglulu 616*91f16700Schasinglulu static const auth_img_desc_t ddr_imem_udimm_1d_img = { 617*91f16700Schasinglulu .img_id = DDR_IMEM_UDIMM_1D_IMAGE_ID, 618*91f16700Schasinglulu .img_type = IMG_RAW, 619*91f16700Schasinglulu .parent = &ddr_udimm_fw_content_cert, 620*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 621*91f16700Schasinglulu [0] = { 622*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 623*91f16700Schasinglulu .param.hash = { 624*91f16700Schasinglulu .data = &raw_data, 625*91f16700Schasinglulu .hash = &ddr_imem_udimm_1d_fw_hash 626*91f16700Schasinglulu } 627*91f16700Schasinglulu } 628*91f16700Schasinglulu } 629*91f16700Schasinglulu }; 630*91f16700Schasinglulu static const auth_img_desc_t ddr_imem_udimm_2d_img = { 631*91f16700Schasinglulu .img_id = DDR_IMEM_UDIMM_2D_IMAGE_ID, 632*91f16700Schasinglulu .img_type = IMG_RAW, 633*91f16700Schasinglulu .parent = &ddr_udimm_fw_content_cert, 634*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 635*91f16700Schasinglulu [0] = { 636*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 637*91f16700Schasinglulu .param.hash = { 638*91f16700Schasinglulu .data = &raw_data, 639*91f16700Schasinglulu .hash = &ddr_imem_udimm_2d_fw_hash 640*91f16700Schasinglulu } 641*91f16700Schasinglulu } 642*91f16700Schasinglulu } 643*91f16700Schasinglulu }; 644*91f16700Schasinglulu static const auth_img_desc_t ddr_dmem_udimm_1d_img = { 645*91f16700Schasinglulu .img_id = DDR_DMEM_UDIMM_1D_IMAGE_ID, 646*91f16700Schasinglulu .img_type = IMG_RAW, 647*91f16700Schasinglulu .parent = &ddr_udimm_fw_content_cert, 648*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 649*91f16700Schasinglulu [0] = { 650*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 651*91f16700Schasinglulu .param.hash = { 652*91f16700Schasinglulu .data = &raw_data, 653*91f16700Schasinglulu .hash = &ddr_dmem_udimm_1d_fw_hash 654*91f16700Schasinglulu } 655*91f16700Schasinglulu } 656*91f16700Schasinglulu } 657*91f16700Schasinglulu }; 658*91f16700Schasinglulu static const auth_img_desc_t ddr_dmem_udimm_2d_img = { 659*91f16700Schasinglulu .img_id = DDR_DMEM_UDIMM_2D_IMAGE_ID, 660*91f16700Schasinglulu .img_type = IMG_RAW, 661*91f16700Schasinglulu .parent = &ddr_udimm_fw_content_cert, 662*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 663*91f16700Schasinglulu [0] = { 664*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 665*91f16700Schasinglulu .param.hash = { 666*91f16700Schasinglulu .data = &raw_data, 667*91f16700Schasinglulu .hash = &ddr_dmem_udimm_2d_fw_hash 668*91f16700Schasinglulu } 669*91f16700Schasinglulu } 670*91f16700Schasinglulu } 671*91f16700Schasinglulu }; 672*91f16700Schasinglulu 673*91f16700Schasinglulu static const auth_img_desc_t ddr_rdimm_fw_content_cert = { 674*91f16700Schasinglulu .img_id = DDR_RDIMM_FW_CONTENT_CERT_ID, 675*91f16700Schasinglulu .img_type = IMG_CERT, 676*91f16700Schasinglulu .parent = &ddr_fw_key_cert, 677*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 678*91f16700Schasinglulu [0] = { 679*91f16700Schasinglulu .type = AUTH_METHOD_SIG, 680*91f16700Schasinglulu .param.sig = { 681*91f16700Schasinglulu .pk = &ddr_fw_content_pk, 682*91f16700Schasinglulu .sig = &sig, 683*91f16700Schasinglulu .alg = &sig_alg, 684*91f16700Schasinglulu .data = &raw_data 685*91f16700Schasinglulu } 686*91f16700Schasinglulu }, 687*91f16700Schasinglulu [1] = { 688*91f16700Schasinglulu .type = AUTH_METHOD_NV_CTR, 689*91f16700Schasinglulu .param.nv_ctr = { 690*91f16700Schasinglulu .cert_nv_ctr = &trusted_nv_ctr, 691*91f16700Schasinglulu .plat_nv_ctr = &trusted_nv_ctr 692*91f16700Schasinglulu } 693*91f16700Schasinglulu } 694*91f16700Schasinglulu }, 695*91f16700Schasinglulu .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 696*91f16700Schasinglulu [0] = { 697*91f16700Schasinglulu .type_desc = &ddr_imem_rdimm_1d_fw_hash, 698*91f16700Schasinglulu .data = { 699*91f16700Schasinglulu .ptr = (void *)ddr_imem_rdimm_1d_hash_buf, 700*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 701*91f16700Schasinglulu } 702*91f16700Schasinglulu }, 703*91f16700Schasinglulu [1] = { 704*91f16700Schasinglulu .type_desc = &ddr_imem_rdimm_2d_fw_hash, 705*91f16700Schasinglulu .data = { 706*91f16700Schasinglulu .ptr = (void *)ddr_imem_rdimm_2d_hash_buf, 707*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 708*91f16700Schasinglulu } 709*91f16700Schasinglulu }, 710*91f16700Schasinglulu [2] = { 711*91f16700Schasinglulu .type_desc = &ddr_dmem_rdimm_1d_fw_hash, 712*91f16700Schasinglulu .data = { 713*91f16700Schasinglulu .ptr = (void *)ddr_dmem_rdimm_1d_hash_buf, 714*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 715*91f16700Schasinglulu } 716*91f16700Schasinglulu }, 717*91f16700Schasinglulu [3] = { 718*91f16700Schasinglulu .type_desc = &ddr_dmem_rdimm_2d_fw_hash, 719*91f16700Schasinglulu .data = { 720*91f16700Schasinglulu .ptr = (void *)ddr_dmem_rdimm_2d_hash_buf, 721*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 722*91f16700Schasinglulu } 723*91f16700Schasinglulu }, 724*91f16700Schasinglulu } 725*91f16700Schasinglulu }; 726*91f16700Schasinglulu 727*91f16700Schasinglulu static const auth_img_desc_t ddr_imem_rdimm_1d_img = { 728*91f16700Schasinglulu .img_id = DDR_IMEM_RDIMM_1D_IMAGE_ID, 729*91f16700Schasinglulu .img_type = IMG_RAW, 730*91f16700Schasinglulu .parent = &ddr_rdimm_fw_content_cert, 731*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 732*91f16700Schasinglulu [0] = { 733*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 734*91f16700Schasinglulu .param.hash = { 735*91f16700Schasinglulu .data = &raw_data, 736*91f16700Schasinglulu .hash = &ddr_imem_rdimm_1d_fw_hash 737*91f16700Schasinglulu } 738*91f16700Schasinglulu } 739*91f16700Schasinglulu } 740*91f16700Schasinglulu }; 741*91f16700Schasinglulu static const auth_img_desc_t ddr_imem_rdimm_2d_img = { 742*91f16700Schasinglulu .img_id = DDR_IMEM_RDIMM_2D_IMAGE_ID, 743*91f16700Schasinglulu .img_type = IMG_RAW, 744*91f16700Schasinglulu .parent = &ddr_rdimm_fw_content_cert, 745*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 746*91f16700Schasinglulu [0] = { 747*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 748*91f16700Schasinglulu .param.hash = { 749*91f16700Schasinglulu .data = &raw_data, 750*91f16700Schasinglulu .hash = &ddr_imem_rdimm_2d_fw_hash 751*91f16700Schasinglulu } 752*91f16700Schasinglulu } 753*91f16700Schasinglulu } 754*91f16700Schasinglulu }; 755*91f16700Schasinglulu static const auth_img_desc_t ddr_dmem_rdimm_1d_img = { 756*91f16700Schasinglulu .img_id = DDR_DMEM_RDIMM_1D_IMAGE_ID, 757*91f16700Schasinglulu .img_type = IMG_RAW, 758*91f16700Schasinglulu .parent = &ddr_rdimm_fw_content_cert, 759*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 760*91f16700Schasinglulu [0] = { 761*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 762*91f16700Schasinglulu .param.hash = { 763*91f16700Schasinglulu .data = &raw_data, 764*91f16700Schasinglulu .hash = &ddr_dmem_rdimm_1d_fw_hash 765*91f16700Schasinglulu } 766*91f16700Schasinglulu } 767*91f16700Schasinglulu } 768*91f16700Schasinglulu }; 769*91f16700Schasinglulu static const auth_img_desc_t ddr_dmem_rdimm_2d_img = { 770*91f16700Schasinglulu .img_id = DDR_DMEM_RDIMM_2D_IMAGE_ID, 771*91f16700Schasinglulu .img_type = IMG_RAW, 772*91f16700Schasinglulu .parent = &ddr_rdimm_fw_content_cert, 773*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 774*91f16700Schasinglulu [0] = { 775*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 776*91f16700Schasinglulu .param.hash = { 777*91f16700Schasinglulu .data = &raw_data, 778*91f16700Schasinglulu .hash = &ddr_dmem_rdimm_2d_fw_hash 779*91f16700Schasinglulu } 780*91f16700Schasinglulu } 781*91f16700Schasinglulu } 782*91f16700Schasinglulu }; 783*91f16700Schasinglulu #endif 784*91f16700Schasinglulu 785*91f16700Schasinglulu /* 786*91f16700Schasinglulu * TBBR Chain of trust definition 787*91f16700Schasinglulu */ 788*91f16700Schasinglulu 789*91f16700Schasinglulu static const auth_img_desc_t * const cot_desc[] = { 790*91f16700Schasinglulu [TRUSTED_KEY_CERT_ID] = &trusted_key_cert, 791*91f16700Schasinglulu [SOC_FW_KEY_CERT_ID] = &soc_fw_key_cert, 792*91f16700Schasinglulu [SOC_FW_CONTENT_CERT_ID] = &soc_fw_content_cert, 793*91f16700Schasinglulu [BL31_IMAGE_ID] = &bl31_image, 794*91f16700Schasinglulu [SOC_FW_CONFIG_ID] = &soc_fw_config, 795*91f16700Schasinglulu [TRUSTED_OS_FW_KEY_CERT_ID] = &trusted_os_fw_key_cert, 796*91f16700Schasinglulu [TRUSTED_OS_FW_CONTENT_CERT_ID] = &trusted_os_fw_content_cert, 797*91f16700Schasinglulu [BL32_IMAGE_ID] = &bl32_image, 798*91f16700Schasinglulu [BL32_EXTRA1_IMAGE_ID] = &bl32_extra1_image, 799*91f16700Schasinglulu [BL32_EXTRA2_IMAGE_ID] = &bl32_extra2_image, 800*91f16700Schasinglulu [TOS_FW_CONFIG_ID] = &tos_fw_config, 801*91f16700Schasinglulu [NON_TRUSTED_FW_KEY_CERT_ID] = &non_trusted_fw_key_cert, 802*91f16700Schasinglulu [NON_TRUSTED_FW_CONTENT_CERT_ID] = &non_trusted_fw_content_cert, 803*91f16700Schasinglulu [BL33_IMAGE_ID] = &bl33_image, 804*91f16700Schasinglulu [NT_FW_CONFIG_ID] = &nt_fw_config, 805*91f16700Schasinglulu #ifdef CONFIG_DDR_FIP_IMAGE 806*91f16700Schasinglulu [DDR_FW_KEY_CERT_ID] = &ddr_fw_key_cert, 807*91f16700Schasinglulu [DDR_UDIMM_FW_CONTENT_CERT_ID] = &ddr_udimm_fw_content_cert, 808*91f16700Schasinglulu [DDR_RDIMM_FW_CONTENT_CERT_ID] = &ddr_rdimm_fw_content_cert, 809*91f16700Schasinglulu [DDR_IMEM_UDIMM_1D_IMAGE_ID] = &ddr_imem_udimm_1d_img, 810*91f16700Schasinglulu [DDR_IMEM_UDIMM_2D_IMAGE_ID] = &ddr_imem_udimm_2d_img, 811*91f16700Schasinglulu [DDR_DMEM_UDIMM_1D_IMAGE_ID] = &ddr_dmem_udimm_1d_img, 812*91f16700Schasinglulu [DDR_DMEM_UDIMM_2D_IMAGE_ID] = &ddr_dmem_udimm_2d_img, 813*91f16700Schasinglulu [DDR_IMEM_RDIMM_1D_IMAGE_ID] = &ddr_imem_rdimm_1d_img, 814*91f16700Schasinglulu [DDR_IMEM_RDIMM_2D_IMAGE_ID] = &ddr_imem_rdimm_2d_img, 815*91f16700Schasinglulu [DDR_DMEM_RDIMM_1D_IMAGE_ID] = &ddr_dmem_rdimm_1d_img, 816*91f16700Schasinglulu [DDR_DMEM_RDIMM_2D_IMAGE_ID] = &ddr_dmem_rdimm_2d_img, 817*91f16700Schasinglulu #endif 818*91f16700Schasinglulu }; 819*91f16700Schasinglulu 820*91f16700Schasinglulu /* Register the CoT in the authentication module */ 821*91f16700Schasinglulu REGISTER_COT(cot_desc); 822