1*91f16700Schasinglulu/* 2*91f16700Schasinglulu * Copyright (c) 2020, ARM Limited. All rights reserved. 3*91f16700Schasinglulu * 4*91f16700Schasinglulu * SPDX-License-Identifier: BSD-3-Clause 5*91f16700Schasinglulu */ 6*91f16700Schasinglulu 7*91f16700Schasinglulu#include <tools_share/tbbr_oid.h> 8*91f16700Schasinglulu#include <common/tbbr/tbbr_img_def.h> 9*91f16700Schasinglulu#include <common/nv_cntr_ids.h> 10*91f16700Schasinglulu 11*91f16700Schasinglulucot { 12*91f16700Schasinglulu manifests { 13*91f16700Schasinglulu compatible = "arm, cert-descs"; 14*91f16700Schasinglulu 15*91f16700Schasinglulu trusted_boot_fw_cert: trusted_boot_fw_cert { 16*91f16700Schasinglulu root-certificate; 17*91f16700Schasinglulu image-id =<TRUSTED_BOOT_FW_CERT_ID>; 18*91f16700Schasinglulu antirollback-counter = <&trusted_nv_counter>; 19*91f16700Schasinglulu 20*91f16700Schasinglulu tb_fw_hash: tb_fw_hash { 21*91f16700Schasinglulu oid = TRUSTED_BOOT_FW_HASH_OID; 22*91f16700Schasinglulu }; 23*91f16700Schasinglulu tb_fw_config_hash: tb_fw_config_hash { 24*91f16700Schasinglulu oid = TRUSTED_BOOT_FW_CONFIG_HASH_OID; 25*91f16700Schasinglulu }; 26*91f16700Schasinglulu hw_config_hash: hw_config_hash { 27*91f16700Schasinglulu oid = HW_CONFIG_HASH_OID; 28*91f16700Schasinglulu }; 29*91f16700Schasinglulu fw_config_hash: fw_config_hash { 30*91f16700Schasinglulu oid = FW_CONFIG_HASH_OID; 31*91f16700Schasinglulu }; 32*91f16700Schasinglulu }; 33*91f16700Schasinglulu 34*91f16700Schasinglulu trusted_key_cert: trusted_key_cert { 35*91f16700Schasinglulu root-certificate; 36*91f16700Schasinglulu image-id = <TRUSTED_KEY_CERT_ID>; 37*91f16700Schasinglulu antirollback-counter = <&trusted_nv_counter>; 38*91f16700Schasinglulu 39*91f16700Schasinglulu trusted_world_pk: trusted_world_pk { 40*91f16700Schasinglulu oid = TRUSTED_WORLD_PK_OID; 41*91f16700Schasinglulu }; 42*91f16700Schasinglulu non_trusted_world_pk: non_trusted_world_pk { 43*91f16700Schasinglulu oid = NON_TRUSTED_WORLD_PK_OID; 44*91f16700Schasinglulu }; 45*91f16700Schasinglulu }; 46*91f16700Schasinglulu 47*91f16700Schasinglulu scp_fw_key_cert: scp_fw_key_cert { 48*91f16700Schasinglulu image-id = <SCP_FW_KEY_CERT_ID>; 49*91f16700Schasinglulu parent = <&trusted_key_cert>; 50*91f16700Schasinglulu signing-key = <&trusted_world_pk>; 51*91f16700Schasinglulu antirollback-counter = <&trusted_nv_counter>; 52*91f16700Schasinglulu 53*91f16700Schasinglulu scp_fw_content_pk: scp_fw_content_pk { 54*91f16700Schasinglulu oid = SCP_FW_CONTENT_CERT_PK_OID; 55*91f16700Schasinglulu }; 56*91f16700Schasinglulu }; 57*91f16700Schasinglulu 58*91f16700Schasinglulu scp_fw_content_cert: scp_fw_content_cert { 59*91f16700Schasinglulu image-id = <SCP_FW_CONTENT_CERT_ID>; 60*91f16700Schasinglulu parent = <&scp_fw_key_cert>; 61*91f16700Schasinglulu signing-key = <&scp_fw_content_pk>; 62*91f16700Schasinglulu antirollback-counter = <&trusted_nv_counter>; 63*91f16700Schasinglulu 64*91f16700Schasinglulu scp_fw_hash: scp_fw_hash { 65*91f16700Schasinglulu oid = SCP_FW_HASH_OID; 66*91f16700Schasinglulu }; 67*91f16700Schasinglulu }; 68*91f16700Schasinglulu 69*91f16700Schasinglulu soc_fw_key_cert: soc_fw_key_cert { 70*91f16700Schasinglulu image-id = <SOC_FW_KEY_CERT_ID>; 71*91f16700Schasinglulu parent = <&trusted_key_cert>; 72*91f16700Schasinglulu signing-key = <&trusted_world_pk>; 73*91f16700Schasinglulu antirollback-counter = <&trusted_nv_counter>; 74*91f16700Schasinglulu soc_fw_content_pk: soc_fw_content_pk { 75*91f16700Schasinglulu oid = SOC_FW_CONTENT_CERT_PK_OID; 76*91f16700Schasinglulu }; 77*91f16700Schasinglulu }; 78*91f16700Schasinglulu 79*91f16700Schasinglulu soc_fw_content_cert: soc_fw_content_cert { 80*91f16700Schasinglulu image-id = <SOC_FW_CONTENT_CERT_ID>; 81*91f16700Schasinglulu parent = <&soc_fw_key_cert>; 82*91f16700Schasinglulu signing-key = <&soc_fw_content_pk>; 83*91f16700Schasinglulu antirollback-counter = <&trusted_nv_counter>; 84*91f16700Schasinglulu 85*91f16700Schasinglulu soc_fw_hash: soc_fw_hash { 86*91f16700Schasinglulu oid = SOC_AP_FW_HASH_OID; 87*91f16700Schasinglulu }; 88*91f16700Schasinglulu soc_fw_config_hash: soc_fw_config_hash { 89*91f16700Schasinglulu oid = SOC_FW_CONFIG_HASH_OID; 90*91f16700Schasinglulu }; 91*91f16700Schasinglulu }; 92*91f16700Schasinglulu 93*91f16700Schasinglulu trusted_os_fw_key_cert: trusted_os_fw_key_cert { 94*91f16700Schasinglulu image-id = <TRUSTED_OS_FW_KEY_CERT_ID>; 95*91f16700Schasinglulu parent = <&trusted_key_cert>; 96*91f16700Schasinglulu signing-key = <&trusted_world_pk>; 97*91f16700Schasinglulu antirollback-counter = <&trusted_nv_counter>; 98*91f16700Schasinglulu 99*91f16700Schasinglulu tos_fw_content_pk: tos_fw_content_pk { 100*91f16700Schasinglulu oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID; 101*91f16700Schasinglulu }; 102*91f16700Schasinglulu }; 103*91f16700Schasinglulu 104*91f16700Schasinglulu trusted_os_fw_content_cert: trusted_os_fw_content_cert { 105*91f16700Schasinglulu image-id = <TRUSTED_OS_FW_CONTENT_CERT_ID>; 106*91f16700Schasinglulu parent = <&trusted_os_fw_key_cert>; 107*91f16700Schasinglulu signing-key = <&tos_fw_content_pk>; 108*91f16700Schasinglulu antirollback-counter = <&trusted_nv_counter>; 109*91f16700Schasinglulu 110*91f16700Schasinglulu tos_fw_hash: tos_fw_hash { 111*91f16700Schasinglulu oid = TRUSTED_OS_FW_HASH_OID; 112*91f16700Schasinglulu }; 113*91f16700Schasinglulu tos_fw_extra1_hash: tos_fw_extra1_hash { 114*91f16700Schasinglulu oid = TRUSTED_OS_FW_EXTRA1_HASH_OID; 115*91f16700Schasinglulu }; 116*91f16700Schasinglulu tos_fw_extra2_hash: tos_fw_extra2_hash { 117*91f16700Schasinglulu oid = TRUSTED_OS_FW_EXTRA2_HASH_OID; 118*91f16700Schasinglulu }; 119*91f16700Schasinglulu tos_fw_config_hash: tos_fw_config_hash { 120*91f16700Schasinglulu oid = TRUSTED_OS_FW_CONFIG_HASH_OID; 121*91f16700Schasinglulu }; 122*91f16700Schasinglulu }; 123*91f16700Schasinglulu 124*91f16700Schasinglulu non_trusted_fw_key_cert: non_trusted_fw_key_cert { 125*91f16700Schasinglulu image-id = <NON_TRUSTED_FW_KEY_CERT_ID>; 126*91f16700Schasinglulu parent = <&trusted_key_cert>; 127*91f16700Schasinglulu signing-key = <&non_trusted_world_pk>; 128*91f16700Schasinglulu antirollback-counter = <&non_trusted_nv_counter>; 129*91f16700Schasinglulu 130*91f16700Schasinglulu nt_fw_content_pk: nt_fw_content_pk { 131*91f16700Schasinglulu oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID; 132*91f16700Schasinglulu }; 133*91f16700Schasinglulu }; 134*91f16700Schasinglulu 135*91f16700Schasinglulu non_trusted_fw_content_cert: non_trusted_fw_content_cert { 136*91f16700Schasinglulu image-id = <NON_TRUSTED_FW_CONTENT_CERT_ID>; 137*91f16700Schasinglulu parent = <&non_trusted_fw_key_cert>; 138*91f16700Schasinglulu signing-key = <&nt_fw_content_pk>; 139*91f16700Schasinglulu antirollback-counter = <&non_trusted_nv_counter>; 140*91f16700Schasinglulu 141*91f16700Schasinglulu nt_world_bl_hash: nt_world_bl_hash { 142*91f16700Schasinglulu oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID; 143*91f16700Schasinglulu }; 144*91f16700Schasinglulu nt_fw_config_hash: nt_fw_config_hash { 145*91f16700Schasinglulu oid = NON_TRUSTED_FW_CONFIG_HASH_OID; 146*91f16700Schasinglulu }; 147*91f16700Schasinglulu }; 148*91f16700Schasinglulu 149*91f16700Schasinglulu#if defined(SPD_spmd) 150*91f16700Schasinglulu sip_sp_content_cert: sip_sp_content_cert { 151*91f16700Schasinglulu image-id = <SIP_SP_CONTENT_CERT_ID>; 152*91f16700Schasinglulu parent = <&trusted_key_cert>; 153*91f16700Schasinglulu signing-key = <&trusted_world_pk>; 154*91f16700Schasinglulu antirollback-counter = <&trusted_nv_counter>; 155*91f16700Schasinglulu 156*91f16700Schasinglulu sp_pkg1_hash: sp_pkg1_hash { 157*91f16700Schasinglulu oid = SP_PKG1_HASH_OID; 158*91f16700Schasinglulu }; 159*91f16700Schasinglulu sp_pkg2_hash: sp_pkg2_hash { 160*91f16700Schasinglulu oid = SP_PKG2_HASH_OID; 161*91f16700Schasinglulu }; 162*91f16700Schasinglulu sp_pkg3_hash: sp_pkg3_hash { 163*91f16700Schasinglulu oid = SP_PKG3_HASH_OID; 164*91f16700Schasinglulu }; 165*91f16700Schasinglulu sp_pkg4_hash: sp_pkg4_hash { 166*91f16700Schasinglulu oid = SP_PKG4_HASH_OID; 167*91f16700Schasinglulu }; 168*91f16700Schasinglulu sp_pkg5_hash: sp_pkg5_hash { 169*91f16700Schasinglulu oid = SP_PKG5_HASH_OID; 170*91f16700Schasinglulu }; 171*91f16700Schasinglulu sp_pkg6_hash: sp_pkg6_hash { 172*91f16700Schasinglulu oid = SP_PKG6_HASH_OID; 173*91f16700Schasinglulu }; 174*91f16700Schasinglulu sp_pkg7_hash: sp_pkg7_hash { 175*91f16700Schasinglulu oid = SP_PKG7_HASH_OID; 176*91f16700Schasinglulu }; 177*91f16700Schasinglulu sp_pkg8_hash: sp_pkg8_hash { 178*91f16700Schasinglulu oid = SP_PKG8_HASH_OID; 179*91f16700Schasinglulu }; 180*91f16700Schasinglulu }; 181*91f16700Schasinglulu#endif 182*91f16700Schasinglulu }; 183*91f16700Schasinglulu 184*91f16700Schasinglulu images { 185*91f16700Schasinglulu compatible = "arm, img-descs"; 186*91f16700Schasinglulu 187*91f16700Schasinglulu hw_config { 188*91f16700Schasinglulu image-id = <HW_CONFIG_ID>; 189*91f16700Schasinglulu parent = <&trusted_boot_fw_cert>; 190*91f16700Schasinglulu hash = <&hw_config_hash>; 191*91f16700Schasinglulu }; 192*91f16700Schasinglulu 193*91f16700Schasinglulu tb_fw_config { 194*91f16700Schasinglulu image-id = <TB_FW_CONFIG_ID>; 195*91f16700Schasinglulu parent = <&trusted_boot_fw_cert>; 196*91f16700Schasinglulu hash = <&tb_fw_config_hash>; 197*91f16700Schasinglulu }; 198*91f16700Schasinglulu 199*91f16700Schasinglulu scp_bl2_image { 200*91f16700Schasinglulu image-id = <SCP_BL2_IMAGE_ID>; 201*91f16700Schasinglulu parent = <&scp_fw_content_cert>; 202*91f16700Schasinglulu hash = <&scp_fw_hash>; 203*91f16700Schasinglulu }; 204*91f16700Schasinglulu 205*91f16700Schasinglulu bl31_image { 206*91f16700Schasinglulu image-id = <BL31_IMAGE_ID>; 207*91f16700Schasinglulu parent = <&soc_fw_content_cert>; 208*91f16700Schasinglulu hash = <&soc_fw_hash>; 209*91f16700Schasinglulu }; 210*91f16700Schasinglulu 211*91f16700Schasinglulu soc_fw_config { 212*91f16700Schasinglulu image-id = <SOC_FW_CONFIG_ID>; 213*91f16700Schasinglulu parent = <&soc_fw_content_cert>; 214*91f16700Schasinglulu hash = <&soc_fw_config_hash>; 215*91f16700Schasinglulu }; 216*91f16700Schasinglulu 217*91f16700Schasinglulu bl32_image { 218*91f16700Schasinglulu image-id = <BL32_IMAGE_ID>; 219*91f16700Schasinglulu parent = <&trusted_os_fw_content_cert>; 220*91f16700Schasinglulu hash = <&tos_fw_hash>; 221*91f16700Schasinglulu }; 222*91f16700Schasinglulu 223*91f16700Schasinglulu bl32_extra1_image { 224*91f16700Schasinglulu image-id = <BL32_EXTRA1_IMAGE_ID>; 225*91f16700Schasinglulu parent = <&trusted_os_fw_content_cert>; 226*91f16700Schasinglulu hash = <&tos_fw_extra1_hash>; 227*91f16700Schasinglulu }; 228*91f16700Schasinglulu 229*91f16700Schasinglulu bl32_extra2_image { 230*91f16700Schasinglulu image-id = <BL32_EXTRA2_IMAGE_ID>; 231*91f16700Schasinglulu parent = <&trusted_os_fw_content_cert>; 232*91f16700Schasinglulu hash = <&tos_fw_extra2_hash>; 233*91f16700Schasinglulu }; 234*91f16700Schasinglulu 235*91f16700Schasinglulu tos_fw_config { 236*91f16700Schasinglulu image-id = <TOS_FW_CONFIG_ID>; 237*91f16700Schasinglulu parent = <&trusted_os_fw_content_cert>; 238*91f16700Schasinglulu hash = <&tos_fw_config_hash>; 239*91f16700Schasinglulu }; 240*91f16700Schasinglulu 241*91f16700Schasinglulu bl33_image { 242*91f16700Schasinglulu image-id = <BL33_IMAGE_ID>; 243*91f16700Schasinglulu parent = <&non_trusted_fw_content_cert>; 244*91f16700Schasinglulu hash = <&nt_world_bl_hash>; 245*91f16700Schasinglulu }; 246*91f16700Schasinglulu 247*91f16700Schasinglulu nt_fw_config { 248*91f16700Schasinglulu image-id = <NT_FW_CONFIG_ID>; 249*91f16700Schasinglulu parent = <&non_trusted_fw_content_cert>; 250*91f16700Schasinglulu hash = <&nt_fw_config_hash>; 251*91f16700Schasinglulu }; 252*91f16700Schasinglulu 253*91f16700Schasinglulu#if defined(SPD_spmd) 254*91f16700Schasinglulu sp_pkg1 { 255*91f16700Schasinglulu image-id = <SP_PKG1_ID>; 256*91f16700Schasinglulu parent = <&sip_sp_content_cert>; 257*91f16700Schasinglulu hash = <&sp_pkg1_hash>; 258*91f16700Schasinglulu }; 259*91f16700Schasinglulu 260*91f16700Schasinglulu sp_pkg2 { 261*91f16700Schasinglulu image-id = <SP_PKG2_ID>; 262*91f16700Schasinglulu parent = <&sip_sp_content_cert>; 263*91f16700Schasinglulu hash = <&sp_pkg2_hash>; 264*91f16700Schasinglulu }; 265*91f16700Schasinglulu 266*91f16700Schasinglulu sp_pkg3 { 267*91f16700Schasinglulu image-id = <SP_PKG3_ID>; 268*91f16700Schasinglulu parent = <&sip_sp_content_cert>; 269*91f16700Schasinglulu hash = <&sp_pkg3_hash>; 270*91f16700Schasinglulu }; 271*91f16700Schasinglulu 272*91f16700Schasinglulu sp_pkg4 { 273*91f16700Schasinglulu image-id = <SP_PKG4_ID>; 274*91f16700Schasinglulu parent = <&sip_sp_content_cert>; 275*91f16700Schasinglulu hash = <&sp_pkg4_hash>; 276*91f16700Schasinglulu }; 277*91f16700Schasinglulu 278*91f16700Schasinglulu sp_pkg5 { 279*91f16700Schasinglulu image-id = <SP_PKG5_ID>; 280*91f16700Schasinglulu parent = <&sip_sp_content_cert>; 281*91f16700Schasinglulu hash = <&sp_pkg5_hash>; 282*91f16700Schasinglulu }; 283*91f16700Schasinglulu 284*91f16700Schasinglulu sp_pkg6 { 285*91f16700Schasinglulu image-id = <SP_PKG6_ID>; 286*91f16700Schasinglulu parent = <&sip_sp_content_cert>; 287*91f16700Schasinglulu hash = <&sp_pkg6_hash>; 288*91f16700Schasinglulu }; 289*91f16700Schasinglulu 290*91f16700Schasinglulu sp_pkg7 { 291*91f16700Schasinglulu image-id = <SP_PKG7_ID>; 292*91f16700Schasinglulu parent = <&sip_sp_content_cert>; 293*91f16700Schasinglulu hash = <&sp_pkg7_hash>; 294*91f16700Schasinglulu }; 295*91f16700Schasinglulu 296*91f16700Schasinglulu sp_pkg8 { 297*91f16700Schasinglulu image-id = <SP_PKG8_ID>; 298*91f16700Schasinglulu parent = <&sip_sp_content_cert>; 299*91f16700Schasinglulu hash = <&sp_pkg8_hash>; 300*91f16700Schasinglulu }; 301*91f16700Schasinglulu#endif 302*91f16700Schasinglulu }; 303*91f16700Schasinglulu}; 304*91f16700Schasinglulu 305*91f16700Schasinglulunon_volatile_counters: non_volatile_counters { 306*91f16700Schasinglulu compatible = "arm, non-volatile-counter"; 307*91f16700Schasinglulu 308*91f16700Schasinglulu #address-cells = <1>; 309*91f16700Schasinglulu #size-cells = <0>; 310*91f16700Schasinglulu 311*91f16700Schasinglulu trusted_nv_counter: trusted_nv_counter { 312*91f16700Schasinglulu id = <TRUSTED_NV_CTR_ID>; 313*91f16700Schasinglulu oid = TRUSTED_FW_NVCOUNTER_OID; 314*91f16700Schasinglulu }; 315*91f16700Schasinglulu 316*91f16700Schasinglulu non_trusted_nv_counter: non_trusted_nv_counter { 317*91f16700Schasinglulu id = <NON_TRUSTED_NV_CTR_ID>; 318*91f16700Schasinglulu oid = NON_TRUSTED_FW_NVCOUNTER_OID; 319*91f16700Schasinglulu }; 320*91f16700Schasinglulu}; 321