xref: /arm-trusted-firmware/include/drivers/auth/auth_mod.h (revision 91f16700b400a8c0651d24a598fc48ee2997a0d7) 
1*91f16700Schasinglulu /*
2*91f16700Schasinglulu  * Copyright (c) 2015-2023, ARM Limited and Contributors. All rights reserved.
3*91f16700Schasinglulu  *
4*91f16700Schasinglulu  * SPDX-License-Identifier: BSD-3-Clause
5*91f16700Schasinglulu  */
6*91f16700Schasinglulu 
7*91f16700Schasinglulu #ifndef AUTH_MOD_H
8*91f16700Schasinglulu #define AUTH_MOD_H
9*91f16700Schasinglulu 
10*91f16700Schasinglulu #include <common/tbbr/tbbr_img_def.h>
11*91f16700Schasinglulu #include <drivers/auth/auth_common.h>
12*91f16700Schasinglulu #include <drivers/auth/img_parser_mod.h>
13*91f16700Schasinglulu 
14*91f16700Schasinglulu #include <lib/utils_def.h>
15*91f16700Schasinglulu 
16*91f16700Schasinglulu /*
17*91f16700Schasinglulu  * Image flags
18*91f16700Schasinglulu  */
19*91f16700Schasinglulu #define IMG_FLAG_AUTHENTICATED		(1 << 0)
20*91f16700Schasinglulu 
21*91f16700Schasinglulu #if COT_DESC_IN_DTB && !IMAGE_BL1
22*91f16700Schasinglulu /*
23*91f16700Schasinglulu  * Authentication image descriptor
24*91f16700Schasinglulu  */
25*91f16700Schasinglulu typedef struct auth_img_desc_s {
26*91f16700Schasinglulu 	unsigned int img_id;
27*91f16700Schasinglulu 	img_type_t img_type;
28*91f16700Schasinglulu 	const struct auth_img_desc_s *parent;
29*91f16700Schasinglulu 	auth_method_desc_t *img_auth_methods;
30*91f16700Schasinglulu 	auth_param_desc_t *authenticated_data;
31*91f16700Schasinglulu } auth_img_desc_t;
32*91f16700Schasinglulu #else
33*91f16700Schasinglulu /*
34*91f16700Schasinglulu  * Authentication image descriptor
35*91f16700Schasinglulu  */
36*91f16700Schasinglulu typedef struct auth_img_desc_s {
37*91f16700Schasinglulu 	unsigned int img_id;
38*91f16700Schasinglulu 	img_type_t img_type;
39*91f16700Schasinglulu 	const struct auth_img_desc_s *parent;
40*91f16700Schasinglulu 	const auth_method_desc_t *const img_auth_methods;
41*91f16700Schasinglulu 	const auth_param_desc_t *const authenticated_data;
42*91f16700Schasinglulu } auth_img_desc_t;
43*91f16700Schasinglulu #endif /* COT_DESC_IN_DTB && !IMAGE_BL1 */
44*91f16700Schasinglulu 
45*91f16700Schasinglulu /* Public functions */
46*91f16700Schasinglulu #if TRUSTED_BOARD_BOOT
47*91f16700Schasinglulu void auth_mod_init(void);
48*91f16700Schasinglulu #else
49*91f16700Schasinglulu static inline void auth_mod_init(void)
50*91f16700Schasinglulu {
51*91f16700Schasinglulu }
52*91f16700Schasinglulu #endif /* TRUSTED_BOARD_BOOT */
53*91f16700Schasinglulu int auth_mod_get_parent_id(unsigned int img_id, unsigned int *parent_id);
54*91f16700Schasinglulu int auth_mod_verify_img(unsigned int img_id,
55*91f16700Schasinglulu 			void *img_ptr,
56*91f16700Schasinglulu 			unsigned int img_len);
57*91f16700Schasinglulu 
58*91f16700Schasinglulu /* Macro to register a CoT defined as an array of auth_img_desc_t pointers */
59*91f16700Schasinglulu #define REGISTER_COT(_cot) \
60*91f16700Schasinglulu 	const auth_img_desc_t *const *const cot_desc_ptr = (_cot); \
61*91f16700Schasinglulu 	const size_t cot_desc_size = ARRAY_SIZE(_cot);		   \
62*91f16700Schasinglulu 	unsigned int auth_img_flags[MAX_NUMBER_IDS]
63*91f16700Schasinglulu 
64*91f16700Schasinglulu extern const auth_img_desc_t *const *const cot_desc_ptr;
65*91f16700Schasinglulu extern const size_t cot_desc_size;
66*91f16700Schasinglulu extern unsigned int auth_img_flags[MAX_NUMBER_IDS];
67*91f16700Schasinglulu 
68*91f16700Schasinglulu #if defined(SPD_spmd)
69*91f16700Schasinglulu 
70*91f16700Schasinglulu #define DEFINE_SIP_SP_PKG(n)		DEFINE_SP_PKG(n, sip_sp_content_cert)
71*91f16700Schasinglulu #define DEFINE_PLAT_SP_PKG(n)		DEFINE_SP_PKG(n, plat_sp_content_cert)
72*91f16700Schasinglulu 
73*91f16700Schasinglulu #define DEFINE_SP_PKG(n, cert) \
74*91f16700Schasinglulu 	static const auth_img_desc_t sp_pkg##n = { \
75*91f16700Schasinglulu 		.img_id = SP_PKG##n##_ID, \
76*91f16700Schasinglulu 		.img_type = IMG_RAW, \
77*91f16700Schasinglulu 		.parent = &cert, \
78*91f16700Schasinglulu 		.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { \
79*91f16700Schasinglulu 			[0] = { \
80*91f16700Schasinglulu 				.type = AUTH_METHOD_HASH, \
81*91f16700Schasinglulu 				.param.hash = { \
82*91f16700Schasinglulu 					.data = &raw_data, \
83*91f16700Schasinglulu 					.hash = &sp_pkg##n##_hash \
84*91f16700Schasinglulu 				} \
85*91f16700Schasinglulu 			} \
86*91f16700Schasinglulu 		} \
87*91f16700Schasinglulu 	}
88*91f16700Schasinglulu 
89*91f16700Schasinglulu #endif
90*91f16700Schasinglulu 
91*91f16700Schasinglulu #endif /* AUTH_MOD_H */
92