1*91f16700Schasinglulu/* 2*91f16700Schasinglulu * Copyright (c) 2020-2022, ARM Limited. All rights reserved. 3*91f16700Schasinglulu * 4*91f16700Schasinglulu * SPDX-License-Identifier: BSD-3-Clause 5*91f16700Schasinglulu */ 6*91f16700Schasinglulu 7*91f16700Schasinglulu#include <common/nv_cntr_ids.h> 8*91f16700Schasinglulu#include <common/tbbr/tbbr_img_def.h> 9*91f16700Schasinglulu#include <tools_share/tbbr_oid.h> 10*91f16700Schasinglulu 11*91f16700Schasinglulucot { 12*91f16700Schasinglulu manifests { 13*91f16700Schasinglulu compatible = "arm, cert-descs"; 14*91f16700Schasinglulu 15*91f16700Schasinglulu stm32mp_cfg_cert: stm32mp_cfg_cert { 16*91f16700Schasinglulu root-certificate; 17*91f16700Schasinglulu image-id = <STM32MP_CONFIG_CERT_ID>; 18*91f16700Schasinglulu antirollback-counter = <&trusted_nv_counter>; 19*91f16700Schasinglulu 20*91f16700Schasinglulu hw_config_hash: hw_config_hash { 21*91f16700Schasinglulu oid = HW_CONFIG_HASH_OID; 22*91f16700Schasinglulu }; 23*91f16700Schasinglulu 24*91f16700Schasinglulu fw_config_hash: fw_config_hash { 25*91f16700Schasinglulu oid = FW_CONFIG_HASH_OID; 26*91f16700Schasinglulu }; 27*91f16700Schasinglulu }; 28*91f16700Schasinglulu 29*91f16700Schasinglulu trusted_key_cert: trusted_key_cert { 30*91f16700Schasinglulu root-certificate; 31*91f16700Schasinglulu image-id = <TRUSTED_KEY_CERT_ID>; 32*91f16700Schasinglulu antirollback-counter = <&trusted_nv_counter>; 33*91f16700Schasinglulu 34*91f16700Schasinglulu trusted_world_pk: trusted_world_pk { 35*91f16700Schasinglulu oid = TRUSTED_WORLD_PK_OID; 36*91f16700Schasinglulu }; 37*91f16700Schasinglulu non_trusted_world_pk: non_trusted_world_pk { 38*91f16700Schasinglulu oid = NON_TRUSTED_WORLD_PK_OID; 39*91f16700Schasinglulu }; 40*91f16700Schasinglulu }; 41*91f16700Schasinglulu 42*91f16700Schasinglulu trusted_os_fw_key_cert: trusted_os_fw_key_cert { 43*91f16700Schasinglulu image-id = <TRUSTED_OS_FW_KEY_CERT_ID>; 44*91f16700Schasinglulu parent = <&trusted_key_cert>; 45*91f16700Schasinglulu signing-key = <&trusted_world_pk>; 46*91f16700Schasinglulu antirollback-counter = <&trusted_nv_counter>; 47*91f16700Schasinglulu 48*91f16700Schasinglulu tos_fw_content_pk: tos_fw_content_pk { 49*91f16700Schasinglulu oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID; 50*91f16700Schasinglulu }; 51*91f16700Schasinglulu }; 52*91f16700Schasinglulu 53*91f16700Schasinglulu trusted_os_fw_content_cert: trusted_os_fw_content_cert { 54*91f16700Schasinglulu image-id = <TRUSTED_OS_FW_CONTENT_CERT_ID>; 55*91f16700Schasinglulu parent = <&trusted_os_fw_key_cert>; 56*91f16700Schasinglulu signing-key = <&tos_fw_content_pk>; 57*91f16700Schasinglulu antirollback-counter = <&trusted_nv_counter>; 58*91f16700Schasinglulu 59*91f16700Schasinglulu tos_fw_hash: tos_fw_hash { 60*91f16700Schasinglulu oid = TRUSTED_OS_FW_HASH_OID; 61*91f16700Schasinglulu }; 62*91f16700Schasinglulu tos_fw_extra1_hash: tos_fw_extra1_hash { 63*91f16700Schasinglulu oid = TRUSTED_OS_FW_EXTRA1_HASH_OID; 64*91f16700Schasinglulu }; 65*91f16700Schasinglulu tos_fw_extra2_hash: tos_fw_extra2_hash { 66*91f16700Schasinglulu oid = TRUSTED_OS_FW_EXTRA2_HASH_OID; 67*91f16700Schasinglulu }; 68*91f16700Schasinglulu tos_fw_config_hash: tos_fw_config_hash { 69*91f16700Schasinglulu oid = TRUSTED_OS_FW_CONFIG_HASH_OID; 70*91f16700Schasinglulu }; 71*91f16700Schasinglulu }; 72*91f16700Schasinglulu 73*91f16700Schasinglulu non_trusted_fw_key_cert: non_trusted_fw_key_cert { 74*91f16700Schasinglulu image-id = <NON_TRUSTED_FW_KEY_CERT_ID>; 75*91f16700Schasinglulu parent = <&trusted_key_cert>; 76*91f16700Schasinglulu signing-key = <&non_trusted_world_pk>; 77*91f16700Schasinglulu antirollback-counter = <&non_trusted_nv_counter>; 78*91f16700Schasinglulu 79*91f16700Schasinglulu nt_fw_content_pk: nt_fw_content_pk { 80*91f16700Schasinglulu oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID; 81*91f16700Schasinglulu }; 82*91f16700Schasinglulu }; 83*91f16700Schasinglulu 84*91f16700Schasinglulu non_trusted_fw_content_cert: non_trusted_fw_content_cert { 85*91f16700Schasinglulu image-id = <NON_TRUSTED_FW_CONTENT_CERT_ID>; 86*91f16700Schasinglulu parent = <&non_trusted_fw_key_cert>; 87*91f16700Schasinglulu signing-key = <&nt_fw_content_pk>; 88*91f16700Schasinglulu antirollback-counter = <&non_trusted_nv_counter>; 89*91f16700Schasinglulu 90*91f16700Schasinglulu nt_world_bl_hash: nt_world_bl_hash { 91*91f16700Schasinglulu oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID; 92*91f16700Schasinglulu }; 93*91f16700Schasinglulu }; 94*91f16700Schasinglulu }; 95*91f16700Schasinglulu 96*91f16700Schasinglulu images { 97*91f16700Schasinglulu compatible = "arm, img-descs"; 98*91f16700Schasinglulu 99*91f16700Schasinglulu hw_config { 100*91f16700Schasinglulu image-id = <HW_CONFIG_ID>; 101*91f16700Schasinglulu parent = <&stm32mp_cfg_cert>; 102*91f16700Schasinglulu hash = <&hw_config_hash>; 103*91f16700Schasinglulu }; 104*91f16700Schasinglulu 105*91f16700Schasinglulu fw_config { 106*91f16700Schasinglulu image-id = <FW_CONFIG_ID>; 107*91f16700Schasinglulu parent = <&stm32mp_cfg_cert>; 108*91f16700Schasinglulu hash = <&fw_config_hash>; 109*91f16700Schasinglulu }; 110*91f16700Schasinglulu 111*91f16700Schasinglulu bl32_image { 112*91f16700Schasinglulu image-id = <BL32_IMAGE_ID>; 113*91f16700Schasinglulu parent = <&trusted_os_fw_content_cert>; 114*91f16700Schasinglulu hash = <&tos_fw_hash>; 115*91f16700Schasinglulu }; 116*91f16700Schasinglulu 117*91f16700Schasinglulu bl32_extra1_image { 118*91f16700Schasinglulu image-id = <BL32_EXTRA1_IMAGE_ID>; 119*91f16700Schasinglulu parent = <&trusted_os_fw_content_cert>; 120*91f16700Schasinglulu hash = <&tos_fw_extra1_hash>; 121*91f16700Schasinglulu }; 122*91f16700Schasinglulu 123*91f16700Schasinglulu bl32_extra2_image { 124*91f16700Schasinglulu image-id = <BL32_EXTRA2_IMAGE_ID>; 125*91f16700Schasinglulu parent = <&trusted_os_fw_content_cert>; 126*91f16700Schasinglulu hash = <&tos_fw_extra2_hash>; 127*91f16700Schasinglulu }; 128*91f16700Schasinglulu 129*91f16700Schasinglulu tos_fw_config { 130*91f16700Schasinglulu image-id = <TOS_FW_CONFIG_ID>; 131*91f16700Schasinglulu parent = <&trusted_os_fw_content_cert>; 132*91f16700Schasinglulu hash = <&tos_fw_config_hash>; 133*91f16700Schasinglulu }; 134*91f16700Schasinglulu 135*91f16700Schasinglulu bl33_image { 136*91f16700Schasinglulu image-id = <BL33_IMAGE_ID>; 137*91f16700Schasinglulu parent = <&non_trusted_fw_content_cert>; 138*91f16700Schasinglulu hash = <&nt_world_bl_hash>; 139*91f16700Schasinglulu }; 140*91f16700Schasinglulu }; 141*91f16700Schasinglulu}; 142*91f16700Schasinglulu 143*91f16700Schasinglulunon_volatile_counters: non_volatile_counters { 144*91f16700Schasinglulu #address-cells = <1>; 145*91f16700Schasinglulu #size-cells = <0>; 146*91f16700Schasinglulu 147*91f16700Schasinglulu trusted_nv_counter: trusted_nv_counter { 148*91f16700Schasinglulu id = <TRUSTED_NV_CTR_ID>; 149*91f16700Schasinglulu oid = TRUSTED_FW_NVCOUNTER_OID; 150*91f16700Schasinglulu }; 151*91f16700Schasinglulu 152*91f16700Schasinglulu non_trusted_nv_counter: non_trusted_nv_counter { 153*91f16700Schasinglulu id = <NON_TRUSTED_NV_CTR_ID>; 154*91f16700Schasinglulu oid = NON_TRUSTED_FW_NVCOUNTER_OID; 155*91f16700Schasinglulu }; 156*91f16700Schasinglulu}; 157