1*91f16700Schasinglulu /* 2*91f16700Schasinglulu * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved. 3*91f16700Schasinglulu * 4*91f16700Schasinglulu * SPDX-License-Identifier: BSD-3-Clause 5*91f16700Schasinglulu */ 6*91f16700Schasinglulu 7*91f16700Schasinglulu #include <stddef.h> 8*91f16700Schasinglulu 9*91f16700Schasinglulu #include <mbedtls/version.h> 10*91f16700Schasinglulu 11*91f16700Schasinglulu #include <drivers/auth/auth_mod.h> 12*91f16700Schasinglulu #include <drivers/auth/tbbr_cot_common.h> 13*91f16700Schasinglulu 14*91f16700Schasinglulu #if USE_TBBR_DEFS 15*91f16700Schasinglulu #include <tools_share/tbbr_oid.h> 16*91f16700Schasinglulu #else 17*91f16700Schasinglulu #include <platform_oid.h> 18*91f16700Schasinglulu #endif 19*91f16700Schasinglulu 20*91f16700Schasinglulu #include <platform_def.h> 21*91f16700Schasinglulu 22*91f16700Schasinglulu static unsigned char soc_fw_hash_buf[HASH_DER_LEN]; 23*91f16700Schasinglulu static unsigned char tos_fw_hash_buf[HASH_DER_LEN]; 24*91f16700Schasinglulu static unsigned char tos_fw_extra1_hash_buf[HASH_DER_LEN]; 25*91f16700Schasinglulu static unsigned char tos_fw_extra2_hash_buf[HASH_DER_LEN]; 26*91f16700Schasinglulu static unsigned char trusted_world_pk_buf[PK_DER_LEN]; 27*91f16700Schasinglulu static unsigned char non_trusted_world_pk_buf[PK_DER_LEN]; 28*91f16700Schasinglulu static unsigned char content_pk_buf[PK_DER_LEN]; 29*91f16700Schasinglulu static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN]; 30*91f16700Schasinglulu static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN]; 31*91f16700Schasinglulu static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN]; 32*91f16700Schasinglulu #if defined(SPD_spmd) 33*91f16700Schasinglulu static unsigned char sp_pkg_hash_buf[MAX_SP_IDS][HASH_DER_LEN]; 34*91f16700Schasinglulu #endif /* SPD_spmd */ 35*91f16700Schasinglulu #if ETHOSN_NPU_TZMP1 36*91f16700Schasinglulu static unsigned char npu_fw_image_hash_buf[HASH_DER_LEN]; 37*91f16700Schasinglulu #endif /* ETHOSN_NPU_TZMP1 */ 38*91f16700Schasinglulu 39*91f16700Schasinglulu 40*91f16700Schasinglulu static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC( 41*91f16700Schasinglulu AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID); 42*91f16700Schasinglulu static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC( 43*91f16700Schasinglulu AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID); 44*91f16700Schasinglulu static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC( 45*91f16700Schasinglulu AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID); 46*91f16700Schasinglulu static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC( 47*91f16700Schasinglulu AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID); 48*91f16700Schasinglulu static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC( 49*91f16700Schasinglulu AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID); 50*91f16700Schasinglulu static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC( 51*91f16700Schasinglulu AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID); 52*91f16700Schasinglulu static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC( 53*91f16700Schasinglulu AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID); 54*91f16700Schasinglulu static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC( 55*91f16700Schasinglulu AUTH_PARAM_HASH, SCP_FW_HASH_OID); 56*91f16700Schasinglulu static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC( 57*91f16700Schasinglulu AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID); 58*91f16700Schasinglulu static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC( 59*91f16700Schasinglulu AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID); 60*91f16700Schasinglulu static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC( 61*91f16700Schasinglulu AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID); 62*91f16700Schasinglulu static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC( 63*91f16700Schasinglulu AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID); 64*91f16700Schasinglulu static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC( 65*91f16700Schasinglulu AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID); 66*91f16700Schasinglulu static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC( 67*91f16700Schasinglulu AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID); 68*91f16700Schasinglulu static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC( 69*91f16700Schasinglulu AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID); 70*91f16700Schasinglulu static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC( 71*91f16700Schasinglulu AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID); 72*91f16700Schasinglulu #if defined(SPD_spmd) 73*91f16700Schasinglulu static auth_param_type_desc_t sp_pkg1_hash = AUTH_PARAM_TYPE_DESC( 74*91f16700Schasinglulu AUTH_PARAM_HASH, SP_PKG1_HASH_OID); 75*91f16700Schasinglulu static auth_param_type_desc_t sp_pkg2_hash = AUTH_PARAM_TYPE_DESC( 76*91f16700Schasinglulu AUTH_PARAM_HASH, SP_PKG2_HASH_OID); 77*91f16700Schasinglulu static auth_param_type_desc_t sp_pkg3_hash = AUTH_PARAM_TYPE_DESC( 78*91f16700Schasinglulu AUTH_PARAM_HASH, SP_PKG3_HASH_OID); 79*91f16700Schasinglulu static auth_param_type_desc_t sp_pkg4_hash = AUTH_PARAM_TYPE_DESC( 80*91f16700Schasinglulu AUTH_PARAM_HASH, SP_PKG4_HASH_OID); 81*91f16700Schasinglulu static auth_param_type_desc_t sp_pkg5_hash = AUTH_PARAM_TYPE_DESC( 82*91f16700Schasinglulu AUTH_PARAM_HASH, SP_PKG5_HASH_OID); 83*91f16700Schasinglulu static auth_param_type_desc_t sp_pkg6_hash = AUTH_PARAM_TYPE_DESC( 84*91f16700Schasinglulu AUTH_PARAM_HASH, SP_PKG6_HASH_OID); 85*91f16700Schasinglulu static auth_param_type_desc_t sp_pkg7_hash = AUTH_PARAM_TYPE_DESC( 86*91f16700Schasinglulu AUTH_PARAM_HASH, SP_PKG7_HASH_OID); 87*91f16700Schasinglulu static auth_param_type_desc_t sp_pkg8_hash = AUTH_PARAM_TYPE_DESC( 88*91f16700Schasinglulu AUTH_PARAM_HASH, SP_PKG8_HASH_OID); 89*91f16700Schasinglulu #endif /* SPD_spmd */ 90*91f16700Schasinglulu #if ETHOSN_NPU_TZMP1 91*91f16700Schasinglulu static auth_param_type_desc_t npu_fw_cert_pk = AUTH_PARAM_TYPE_DESC( 92*91f16700Schasinglulu AUTH_PARAM_PUB_KEY, ETHOSN_NPU_FW_CONTENT_CERT_PK_OID); 93*91f16700Schasinglulu static auth_param_type_desc_t npu_fw_image_hash = AUTH_PARAM_TYPE_DESC( 94*91f16700Schasinglulu AUTH_PARAM_HASH, ETHOSN_NPU_FW_BINARY_OID); 95*91f16700Schasinglulu #endif /* ETHOSN_NPU_TZMP1 */ 96*91f16700Schasinglulu 97*91f16700Schasinglulu /* 98*91f16700Schasinglulu * Trusted key certificate 99*91f16700Schasinglulu */ 100*91f16700Schasinglulu static const auth_img_desc_t trusted_key_cert = { 101*91f16700Schasinglulu .img_id = TRUSTED_KEY_CERT_ID, 102*91f16700Schasinglulu .img_type = IMG_CERT, 103*91f16700Schasinglulu .parent = NULL, 104*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 105*91f16700Schasinglulu [0] = { 106*91f16700Schasinglulu .type = AUTH_METHOD_SIG, 107*91f16700Schasinglulu .param.sig = { 108*91f16700Schasinglulu .pk = &subject_pk, 109*91f16700Schasinglulu .sig = &sig, 110*91f16700Schasinglulu .alg = &sig_alg, 111*91f16700Schasinglulu .data = &raw_data 112*91f16700Schasinglulu } 113*91f16700Schasinglulu }, 114*91f16700Schasinglulu [1] = { 115*91f16700Schasinglulu .type = AUTH_METHOD_NV_CTR, 116*91f16700Schasinglulu .param.nv_ctr = { 117*91f16700Schasinglulu .cert_nv_ctr = &trusted_nv_ctr, 118*91f16700Schasinglulu .plat_nv_ctr = &trusted_nv_ctr 119*91f16700Schasinglulu } 120*91f16700Schasinglulu } 121*91f16700Schasinglulu }, 122*91f16700Schasinglulu .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 123*91f16700Schasinglulu [0] = { 124*91f16700Schasinglulu .type_desc = &trusted_world_pk, 125*91f16700Schasinglulu .data = { 126*91f16700Schasinglulu .ptr = (void *)trusted_world_pk_buf, 127*91f16700Schasinglulu .len = (unsigned int)PK_DER_LEN 128*91f16700Schasinglulu } 129*91f16700Schasinglulu }, 130*91f16700Schasinglulu [1] = { 131*91f16700Schasinglulu .type_desc = &non_trusted_world_pk, 132*91f16700Schasinglulu .data = { 133*91f16700Schasinglulu .ptr = (void *)non_trusted_world_pk_buf, 134*91f16700Schasinglulu .len = (unsigned int)PK_DER_LEN 135*91f16700Schasinglulu } 136*91f16700Schasinglulu } 137*91f16700Schasinglulu } 138*91f16700Schasinglulu }; 139*91f16700Schasinglulu /* 140*91f16700Schasinglulu * SCP Firmware 141*91f16700Schasinglulu */ 142*91f16700Schasinglulu static const auth_img_desc_t scp_fw_key_cert = { 143*91f16700Schasinglulu .img_id = SCP_FW_KEY_CERT_ID, 144*91f16700Schasinglulu .img_type = IMG_CERT, 145*91f16700Schasinglulu .parent = &trusted_key_cert, 146*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 147*91f16700Schasinglulu [0] = { 148*91f16700Schasinglulu .type = AUTH_METHOD_SIG, 149*91f16700Schasinglulu .param.sig = { 150*91f16700Schasinglulu .pk = &trusted_world_pk, 151*91f16700Schasinglulu .sig = &sig, 152*91f16700Schasinglulu .alg = &sig_alg, 153*91f16700Schasinglulu .data = &raw_data 154*91f16700Schasinglulu } 155*91f16700Schasinglulu }, 156*91f16700Schasinglulu [1] = { 157*91f16700Schasinglulu .type = AUTH_METHOD_NV_CTR, 158*91f16700Schasinglulu .param.nv_ctr = { 159*91f16700Schasinglulu .cert_nv_ctr = &trusted_nv_ctr, 160*91f16700Schasinglulu .plat_nv_ctr = &trusted_nv_ctr 161*91f16700Schasinglulu } 162*91f16700Schasinglulu } 163*91f16700Schasinglulu }, 164*91f16700Schasinglulu .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 165*91f16700Schasinglulu [0] = { 166*91f16700Schasinglulu .type_desc = &scp_fw_content_pk, 167*91f16700Schasinglulu .data = { 168*91f16700Schasinglulu .ptr = (void *)content_pk_buf, 169*91f16700Schasinglulu .len = (unsigned int)PK_DER_LEN 170*91f16700Schasinglulu } 171*91f16700Schasinglulu } 172*91f16700Schasinglulu } 173*91f16700Schasinglulu }; 174*91f16700Schasinglulu static const auth_img_desc_t scp_fw_content_cert = { 175*91f16700Schasinglulu .img_id = SCP_FW_CONTENT_CERT_ID, 176*91f16700Schasinglulu .img_type = IMG_CERT, 177*91f16700Schasinglulu .parent = &scp_fw_key_cert, 178*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 179*91f16700Schasinglulu [0] = { 180*91f16700Schasinglulu .type = AUTH_METHOD_SIG, 181*91f16700Schasinglulu .param.sig = { 182*91f16700Schasinglulu .pk = &scp_fw_content_pk, 183*91f16700Schasinglulu .sig = &sig, 184*91f16700Schasinglulu .alg = &sig_alg, 185*91f16700Schasinglulu .data = &raw_data 186*91f16700Schasinglulu } 187*91f16700Schasinglulu }, 188*91f16700Schasinglulu [1] = { 189*91f16700Schasinglulu .type = AUTH_METHOD_NV_CTR, 190*91f16700Schasinglulu .param.nv_ctr = { 191*91f16700Schasinglulu .cert_nv_ctr = &trusted_nv_ctr, 192*91f16700Schasinglulu .plat_nv_ctr = &trusted_nv_ctr 193*91f16700Schasinglulu } 194*91f16700Schasinglulu } 195*91f16700Schasinglulu }, 196*91f16700Schasinglulu .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 197*91f16700Schasinglulu [0] = { 198*91f16700Schasinglulu .type_desc = &scp_fw_hash, 199*91f16700Schasinglulu .data = { 200*91f16700Schasinglulu .ptr = (void *)scp_fw_hash_buf, 201*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 202*91f16700Schasinglulu } 203*91f16700Schasinglulu } 204*91f16700Schasinglulu } 205*91f16700Schasinglulu }; 206*91f16700Schasinglulu static const auth_img_desc_t scp_bl2_image = { 207*91f16700Schasinglulu .img_id = SCP_BL2_IMAGE_ID, 208*91f16700Schasinglulu .img_type = IMG_RAW, 209*91f16700Schasinglulu .parent = &scp_fw_content_cert, 210*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 211*91f16700Schasinglulu [0] = { 212*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 213*91f16700Schasinglulu .param.hash = { 214*91f16700Schasinglulu .data = &raw_data, 215*91f16700Schasinglulu .hash = &scp_fw_hash 216*91f16700Schasinglulu } 217*91f16700Schasinglulu } 218*91f16700Schasinglulu } 219*91f16700Schasinglulu }; 220*91f16700Schasinglulu /* 221*91f16700Schasinglulu * SoC Firmware 222*91f16700Schasinglulu */ 223*91f16700Schasinglulu static const auth_img_desc_t soc_fw_key_cert = { 224*91f16700Schasinglulu .img_id = SOC_FW_KEY_CERT_ID, 225*91f16700Schasinglulu .img_type = IMG_CERT, 226*91f16700Schasinglulu .parent = &trusted_key_cert, 227*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 228*91f16700Schasinglulu [0] = { 229*91f16700Schasinglulu .type = AUTH_METHOD_SIG, 230*91f16700Schasinglulu .param.sig = { 231*91f16700Schasinglulu .pk = &trusted_world_pk, 232*91f16700Schasinglulu .sig = &sig, 233*91f16700Schasinglulu .alg = &sig_alg, 234*91f16700Schasinglulu .data = &raw_data 235*91f16700Schasinglulu } 236*91f16700Schasinglulu }, 237*91f16700Schasinglulu [1] = { 238*91f16700Schasinglulu .type = AUTH_METHOD_NV_CTR, 239*91f16700Schasinglulu .param.nv_ctr = { 240*91f16700Schasinglulu .cert_nv_ctr = &trusted_nv_ctr, 241*91f16700Schasinglulu .plat_nv_ctr = &trusted_nv_ctr 242*91f16700Schasinglulu } 243*91f16700Schasinglulu } 244*91f16700Schasinglulu }, 245*91f16700Schasinglulu .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 246*91f16700Schasinglulu [0] = { 247*91f16700Schasinglulu .type_desc = &soc_fw_content_pk, 248*91f16700Schasinglulu .data = { 249*91f16700Schasinglulu .ptr = (void *)content_pk_buf, 250*91f16700Schasinglulu .len = (unsigned int)PK_DER_LEN 251*91f16700Schasinglulu } 252*91f16700Schasinglulu } 253*91f16700Schasinglulu } 254*91f16700Schasinglulu }; 255*91f16700Schasinglulu static const auth_img_desc_t soc_fw_content_cert = { 256*91f16700Schasinglulu .img_id = SOC_FW_CONTENT_CERT_ID, 257*91f16700Schasinglulu .img_type = IMG_CERT, 258*91f16700Schasinglulu .parent = &soc_fw_key_cert, 259*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 260*91f16700Schasinglulu [0] = { 261*91f16700Schasinglulu .type = AUTH_METHOD_SIG, 262*91f16700Schasinglulu .param.sig = { 263*91f16700Schasinglulu .pk = &soc_fw_content_pk, 264*91f16700Schasinglulu .sig = &sig, 265*91f16700Schasinglulu .alg = &sig_alg, 266*91f16700Schasinglulu .data = &raw_data 267*91f16700Schasinglulu } 268*91f16700Schasinglulu }, 269*91f16700Schasinglulu [1] = { 270*91f16700Schasinglulu .type = AUTH_METHOD_NV_CTR, 271*91f16700Schasinglulu .param.nv_ctr = { 272*91f16700Schasinglulu .cert_nv_ctr = &trusted_nv_ctr, 273*91f16700Schasinglulu .plat_nv_ctr = &trusted_nv_ctr 274*91f16700Schasinglulu } 275*91f16700Schasinglulu } 276*91f16700Schasinglulu }, 277*91f16700Schasinglulu .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 278*91f16700Schasinglulu [0] = { 279*91f16700Schasinglulu .type_desc = &soc_fw_hash, 280*91f16700Schasinglulu .data = { 281*91f16700Schasinglulu .ptr = (void *)soc_fw_hash_buf, 282*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 283*91f16700Schasinglulu } 284*91f16700Schasinglulu }, 285*91f16700Schasinglulu [1] = { 286*91f16700Schasinglulu .type_desc = &soc_fw_config_hash, 287*91f16700Schasinglulu .data = { 288*91f16700Schasinglulu .ptr = (void *)soc_fw_config_hash_buf, 289*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 290*91f16700Schasinglulu } 291*91f16700Schasinglulu } 292*91f16700Schasinglulu } 293*91f16700Schasinglulu }; 294*91f16700Schasinglulu static const auth_img_desc_t bl31_image = { 295*91f16700Schasinglulu .img_id = BL31_IMAGE_ID, 296*91f16700Schasinglulu .img_type = IMG_RAW, 297*91f16700Schasinglulu .parent = &soc_fw_content_cert, 298*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 299*91f16700Schasinglulu [0] = { 300*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 301*91f16700Schasinglulu .param.hash = { 302*91f16700Schasinglulu .data = &raw_data, 303*91f16700Schasinglulu .hash = &soc_fw_hash 304*91f16700Schasinglulu } 305*91f16700Schasinglulu } 306*91f16700Schasinglulu } 307*91f16700Schasinglulu }; 308*91f16700Schasinglulu /* SOC FW Config */ 309*91f16700Schasinglulu static const auth_img_desc_t soc_fw_config = { 310*91f16700Schasinglulu .img_id = SOC_FW_CONFIG_ID, 311*91f16700Schasinglulu .img_type = IMG_RAW, 312*91f16700Schasinglulu .parent = &soc_fw_content_cert, 313*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 314*91f16700Schasinglulu [0] = { 315*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 316*91f16700Schasinglulu .param.hash = { 317*91f16700Schasinglulu .data = &raw_data, 318*91f16700Schasinglulu .hash = &soc_fw_config_hash 319*91f16700Schasinglulu } 320*91f16700Schasinglulu } 321*91f16700Schasinglulu } 322*91f16700Schasinglulu }; 323*91f16700Schasinglulu /* 324*91f16700Schasinglulu * Trusted OS Firmware 325*91f16700Schasinglulu */ 326*91f16700Schasinglulu static const auth_img_desc_t trusted_os_fw_key_cert = { 327*91f16700Schasinglulu .img_id = TRUSTED_OS_FW_KEY_CERT_ID, 328*91f16700Schasinglulu .img_type = IMG_CERT, 329*91f16700Schasinglulu .parent = &trusted_key_cert, 330*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 331*91f16700Schasinglulu [0] = { 332*91f16700Schasinglulu .type = AUTH_METHOD_SIG, 333*91f16700Schasinglulu .param.sig = { 334*91f16700Schasinglulu .pk = &trusted_world_pk, 335*91f16700Schasinglulu .sig = &sig, 336*91f16700Schasinglulu .alg = &sig_alg, 337*91f16700Schasinglulu .data = &raw_data 338*91f16700Schasinglulu } 339*91f16700Schasinglulu }, 340*91f16700Schasinglulu [1] = { 341*91f16700Schasinglulu .type = AUTH_METHOD_NV_CTR, 342*91f16700Schasinglulu .param.nv_ctr = { 343*91f16700Schasinglulu .cert_nv_ctr = &trusted_nv_ctr, 344*91f16700Schasinglulu .plat_nv_ctr = &trusted_nv_ctr 345*91f16700Schasinglulu } 346*91f16700Schasinglulu } 347*91f16700Schasinglulu }, 348*91f16700Schasinglulu .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 349*91f16700Schasinglulu [0] = { 350*91f16700Schasinglulu .type_desc = &tos_fw_content_pk, 351*91f16700Schasinglulu .data = { 352*91f16700Schasinglulu .ptr = (void *)content_pk_buf, 353*91f16700Schasinglulu .len = (unsigned int)PK_DER_LEN 354*91f16700Schasinglulu } 355*91f16700Schasinglulu } 356*91f16700Schasinglulu } 357*91f16700Schasinglulu }; 358*91f16700Schasinglulu static const auth_img_desc_t trusted_os_fw_content_cert = { 359*91f16700Schasinglulu .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID, 360*91f16700Schasinglulu .img_type = IMG_CERT, 361*91f16700Schasinglulu .parent = &trusted_os_fw_key_cert, 362*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 363*91f16700Schasinglulu [0] = { 364*91f16700Schasinglulu .type = AUTH_METHOD_SIG, 365*91f16700Schasinglulu .param.sig = { 366*91f16700Schasinglulu .pk = &tos_fw_content_pk, 367*91f16700Schasinglulu .sig = &sig, 368*91f16700Schasinglulu .alg = &sig_alg, 369*91f16700Schasinglulu .data = &raw_data 370*91f16700Schasinglulu } 371*91f16700Schasinglulu }, 372*91f16700Schasinglulu [1] = { 373*91f16700Schasinglulu .type = AUTH_METHOD_NV_CTR, 374*91f16700Schasinglulu .param.nv_ctr = { 375*91f16700Schasinglulu .cert_nv_ctr = &trusted_nv_ctr, 376*91f16700Schasinglulu .plat_nv_ctr = &trusted_nv_ctr 377*91f16700Schasinglulu } 378*91f16700Schasinglulu } 379*91f16700Schasinglulu }, 380*91f16700Schasinglulu .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 381*91f16700Schasinglulu [0] = { 382*91f16700Schasinglulu .type_desc = &tos_fw_hash, 383*91f16700Schasinglulu .data = { 384*91f16700Schasinglulu .ptr = (void *)tos_fw_hash_buf, 385*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 386*91f16700Schasinglulu } 387*91f16700Schasinglulu }, 388*91f16700Schasinglulu [1] = { 389*91f16700Schasinglulu .type_desc = &tos_fw_extra1_hash, 390*91f16700Schasinglulu .data = { 391*91f16700Schasinglulu .ptr = (void *)tos_fw_extra1_hash_buf, 392*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 393*91f16700Schasinglulu } 394*91f16700Schasinglulu }, 395*91f16700Schasinglulu [2] = { 396*91f16700Schasinglulu .type_desc = &tos_fw_extra2_hash, 397*91f16700Schasinglulu .data = { 398*91f16700Schasinglulu .ptr = (void *)tos_fw_extra2_hash_buf, 399*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 400*91f16700Schasinglulu } 401*91f16700Schasinglulu }, 402*91f16700Schasinglulu [3] = { 403*91f16700Schasinglulu .type_desc = &tos_fw_config_hash, 404*91f16700Schasinglulu .data = { 405*91f16700Schasinglulu .ptr = (void *)tos_fw_config_hash_buf, 406*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 407*91f16700Schasinglulu } 408*91f16700Schasinglulu } 409*91f16700Schasinglulu } 410*91f16700Schasinglulu }; 411*91f16700Schasinglulu static const auth_img_desc_t bl32_image = { 412*91f16700Schasinglulu .img_id = BL32_IMAGE_ID, 413*91f16700Schasinglulu .img_type = IMG_RAW, 414*91f16700Schasinglulu .parent = &trusted_os_fw_content_cert, 415*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 416*91f16700Schasinglulu [0] = { 417*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 418*91f16700Schasinglulu .param.hash = { 419*91f16700Schasinglulu .data = &raw_data, 420*91f16700Schasinglulu .hash = &tos_fw_hash 421*91f16700Schasinglulu } 422*91f16700Schasinglulu } 423*91f16700Schasinglulu } 424*91f16700Schasinglulu }; 425*91f16700Schasinglulu static const auth_img_desc_t bl32_extra1_image = { 426*91f16700Schasinglulu .img_id = BL32_EXTRA1_IMAGE_ID, 427*91f16700Schasinglulu .img_type = IMG_RAW, 428*91f16700Schasinglulu .parent = &trusted_os_fw_content_cert, 429*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 430*91f16700Schasinglulu [0] = { 431*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 432*91f16700Schasinglulu .param.hash = { 433*91f16700Schasinglulu .data = &raw_data, 434*91f16700Schasinglulu .hash = &tos_fw_extra1_hash 435*91f16700Schasinglulu } 436*91f16700Schasinglulu } 437*91f16700Schasinglulu } 438*91f16700Schasinglulu }; 439*91f16700Schasinglulu static const auth_img_desc_t bl32_extra2_image = { 440*91f16700Schasinglulu .img_id = BL32_EXTRA2_IMAGE_ID, 441*91f16700Schasinglulu .img_type = IMG_RAW, 442*91f16700Schasinglulu .parent = &trusted_os_fw_content_cert, 443*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 444*91f16700Schasinglulu [0] = { 445*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 446*91f16700Schasinglulu .param.hash = { 447*91f16700Schasinglulu .data = &raw_data, 448*91f16700Schasinglulu .hash = &tos_fw_extra2_hash 449*91f16700Schasinglulu } 450*91f16700Schasinglulu } 451*91f16700Schasinglulu } 452*91f16700Schasinglulu }; 453*91f16700Schasinglulu /* TOS FW Config */ 454*91f16700Schasinglulu static const auth_img_desc_t tos_fw_config = { 455*91f16700Schasinglulu .img_id = TOS_FW_CONFIG_ID, 456*91f16700Schasinglulu .img_type = IMG_RAW, 457*91f16700Schasinglulu .parent = &trusted_os_fw_content_cert, 458*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 459*91f16700Schasinglulu [0] = { 460*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 461*91f16700Schasinglulu .param.hash = { 462*91f16700Schasinglulu .data = &raw_data, 463*91f16700Schasinglulu .hash = &tos_fw_config_hash 464*91f16700Schasinglulu } 465*91f16700Schasinglulu } 466*91f16700Schasinglulu } 467*91f16700Schasinglulu }; 468*91f16700Schasinglulu /* 469*91f16700Schasinglulu * Non-Trusted Firmware 470*91f16700Schasinglulu */ 471*91f16700Schasinglulu static const auth_img_desc_t non_trusted_fw_key_cert = { 472*91f16700Schasinglulu .img_id = NON_TRUSTED_FW_KEY_CERT_ID, 473*91f16700Schasinglulu .img_type = IMG_CERT, 474*91f16700Schasinglulu .parent = &trusted_key_cert, 475*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 476*91f16700Schasinglulu [0] = { 477*91f16700Schasinglulu .type = AUTH_METHOD_SIG, 478*91f16700Schasinglulu .param.sig = { 479*91f16700Schasinglulu .pk = &non_trusted_world_pk, 480*91f16700Schasinglulu .sig = &sig, 481*91f16700Schasinglulu .alg = &sig_alg, 482*91f16700Schasinglulu .data = &raw_data 483*91f16700Schasinglulu } 484*91f16700Schasinglulu }, 485*91f16700Schasinglulu [1] = { 486*91f16700Schasinglulu .type = AUTH_METHOD_NV_CTR, 487*91f16700Schasinglulu .param.nv_ctr = { 488*91f16700Schasinglulu .cert_nv_ctr = &non_trusted_nv_ctr, 489*91f16700Schasinglulu .plat_nv_ctr = &non_trusted_nv_ctr 490*91f16700Schasinglulu } 491*91f16700Schasinglulu } 492*91f16700Schasinglulu }, 493*91f16700Schasinglulu .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 494*91f16700Schasinglulu [0] = { 495*91f16700Schasinglulu .type_desc = &nt_fw_content_pk, 496*91f16700Schasinglulu .data = { 497*91f16700Schasinglulu .ptr = (void *)content_pk_buf, 498*91f16700Schasinglulu .len = (unsigned int)PK_DER_LEN 499*91f16700Schasinglulu } 500*91f16700Schasinglulu } 501*91f16700Schasinglulu } 502*91f16700Schasinglulu }; 503*91f16700Schasinglulu static const auth_img_desc_t non_trusted_fw_content_cert = { 504*91f16700Schasinglulu .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID, 505*91f16700Schasinglulu .img_type = IMG_CERT, 506*91f16700Schasinglulu .parent = &non_trusted_fw_key_cert, 507*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 508*91f16700Schasinglulu [0] = { 509*91f16700Schasinglulu .type = AUTH_METHOD_SIG, 510*91f16700Schasinglulu .param.sig = { 511*91f16700Schasinglulu .pk = &nt_fw_content_pk, 512*91f16700Schasinglulu .sig = &sig, 513*91f16700Schasinglulu .alg = &sig_alg, 514*91f16700Schasinglulu .data = &raw_data 515*91f16700Schasinglulu } 516*91f16700Schasinglulu }, 517*91f16700Schasinglulu [1] = { 518*91f16700Schasinglulu .type = AUTH_METHOD_NV_CTR, 519*91f16700Schasinglulu .param.nv_ctr = { 520*91f16700Schasinglulu .cert_nv_ctr = &non_trusted_nv_ctr, 521*91f16700Schasinglulu .plat_nv_ctr = &non_trusted_nv_ctr 522*91f16700Schasinglulu } 523*91f16700Schasinglulu } 524*91f16700Schasinglulu }, 525*91f16700Schasinglulu .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 526*91f16700Schasinglulu [0] = { 527*91f16700Schasinglulu .type_desc = &nt_world_bl_hash, 528*91f16700Schasinglulu .data = { 529*91f16700Schasinglulu .ptr = (void *)nt_world_bl_hash_buf, 530*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 531*91f16700Schasinglulu } 532*91f16700Schasinglulu }, 533*91f16700Schasinglulu [1] = { 534*91f16700Schasinglulu .type_desc = &nt_fw_config_hash, 535*91f16700Schasinglulu .data = { 536*91f16700Schasinglulu .ptr = (void *)nt_fw_config_hash_buf, 537*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 538*91f16700Schasinglulu } 539*91f16700Schasinglulu } 540*91f16700Schasinglulu } 541*91f16700Schasinglulu }; 542*91f16700Schasinglulu static const auth_img_desc_t bl33_image = { 543*91f16700Schasinglulu .img_id = BL33_IMAGE_ID, 544*91f16700Schasinglulu .img_type = IMG_RAW, 545*91f16700Schasinglulu .parent = &non_trusted_fw_content_cert, 546*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 547*91f16700Schasinglulu [0] = { 548*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 549*91f16700Schasinglulu .param.hash = { 550*91f16700Schasinglulu .data = &raw_data, 551*91f16700Schasinglulu .hash = &nt_world_bl_hash 552*91f16700Schasinglulu } 553*91f16700Schasinglulu } 554*91f16700Schasinglulu } 555*91f16700Schasinglulu }; 556*91f16700Schasinglulu /* NT FW Config */ 557*91f16700Schasinglulu static const auth_img_desc_t nt_fw_config = { 558*91f16700Schasinglulu .img_id = NT_FW_CONFIG_ID, 559*91f16700Schasinglulu .img_type = IMG_RAW, 560*91f16700Schasinglulu .parent = &non_trusted_fw_content_cert, 561*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 562*91f16700Schasinglulu [0] = { 563*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 564*91f16700Schasinglulu .param.hash = { 565*91f16700Schasinglulu .data = &raw_data, 566*91f16700Schasinglulu .hash = &nt_fw_config_hash 567*91f16700Schasinglulu } 568*91f16700Schasinglulu } 569*91f16700Schasinglulu } 570*91f16700Schasinglulu }; 571*91f16700Schasinglulu /* Secure Partitions */ 572*91f16700Schasinglulu #if defined(SPD_spmd) 573*91f16700Schasinglulu static const auth_img_desc_t sip_sp_content_cert = { 574*91f16700Schasinglulu .img_id = SIP_SP_CONTENT_CERT_ID, 575*91f16700Schasinglulu .img_type = IMG_CERT, 576*91f16700Schasinglulu .parent = &trusted_key_cert, 577*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 578*91f16700Schasinglulu [0] = { 579*91f16700Schasinglulu .type = AUTH_METHOD_SIG, 580*91f16700Schasinglulu .param.sig = { 581*91f16700Schasinglulu .pk = &trusted_world_pk, 582*91f16700Schasinglulu .sig = &sig, 583*91f16700Schasinglulu .alg = &sig_alg, 584*91f16700Schasinglulu .data = &raw_data 585*91f16700Schasinglulu } 586*91f16700Schasinglulu }, 587*91f16700Schasinglulu [1] = { 588*91f16700Schasinglulu .type = AUTH_METHOD_NV_CTR, 589*91f16700Schasinglulu .param.nv_ctr = { 590*91f16700Schasinglulu .cert_nv_ctr = &trusted_nv_ctr, 591*91f16700Schasinglulu .plat_nv_ctr = &trusted_nv_ctr 592*91f16700Schasinglulu } 593*91f16700Schasinglulu } 594*91f16700Schasinglulu }, 595*91f16700Schasinglulu .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 596*91f16700Schasinglulu [0] = { 597*91f16700Schasinglulu .type_desc = &sp_pkg1_hash, 598*91f16700Schasinglulu .data = { 599*91f16700Schasinglulu .ptr = (void *)sp_pkg_hash_buf[0], 600*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 601*91f16700Schasinglulu } 602*91f16700Schasinglulu }, 603*91f16700Schasinglulu [1] = { 604*91f16700Schasinglulu .type_desc = &sp_pkg2_hash, 605*91f16700Schasinglulu .data = { 606*91f16700Schasinglulu .ptr = (void *)sp_pkg_hash_buf[1], 607*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 608*91f16700Schasinglulu } 609*91f16700Schasinglulu }, 610*91f16700Schasinglulu [2] = { 611*91f16700Schasinglulu .type_desc = &sp_pkg3_hash, 612*91f16700Schasinglulu .data = { 613*91f16700Schasinglulu .ptr = (void *)sp_pkg_hash_buf[2], 614*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 615*91f16700Schasinglulu } 616*91f16700Schasinglulu }, 617*91f16700Schasinglulu [3] = { 618*91f16700Schasinglulu .type_desc = &sp_pkg4_hash, 619*91f16700Schasinglulu .data = { 620*91f16700Schasinglulu .ptr = (void *)sp_pkg_hash_buf[3], 621*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 622*91f16700Schasinglulu } 623*91f16700Schasinglulu }, 624*91f16700Schasinglulu [4] = { 625*91f16700Schasinglulu .type_desc = &sp_pkg5_hash, 626*91f16700Schasinglulu .data = { 627*91f16700Schasinglulu .ptr = (void *)sp_pkg_hash_buf[4], 628*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 629*91f16700Schasinglulu } 630*91f16700Schasinglulu }, 631*91f16700Schasinglulu [5] = { 632*91f16700Schasinglulu .type_desc = &sp_pkg6_hash, 633*91f16700Schasinglulu .data = { 634*91f16700Schasinglulu .ptr = (void *)sp_pkg_hash_buf[5], 635*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 636*91f16700Schasinglulu } 637*91f16700Schasinglulu }, 638*91f16700Schasinglulu [6] = { 639*91f16700Schasinglulu .type_desc = &sp_pkg7_hash, 640*91f16700Schasinglulu .data = { 641*91f16700Schasinglulu .ptr = (void *)sp_pkg_hash_buf[6], 642*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 643*91f16700Schasinglulu } 644*91f16700Schasinglulu }, 645*91f16700Schasinglulu [7] = { 646*91f16700Schasinglulu .type_desc = &sp_pkg8_hash, 647*91f16700Schasinglulu .data = { 648*91f16700Schasinglulu .ptr = (void *)sp_pkg_hash_buf[7], 649*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 650*91f16700Schasinglulu } 651*91f16700Schasinglulu } 652*91f16700Schasinglulu } 653*91f16700Schasinglulu }; 654*91f16700Schasinglulu 655*91f16700Schasinglulu DEFINE_SIP_SP_PKG(1); 656*91f16700Schasinglulu DEFINE_SIP_SP_PKG(2); 657*91f16700Schasinglulu DEFINE_SIP_SP_PKG(3); 658*91f16700Schasinglulu DEFINE_SIP_SP_PKG(4); 659*91f16700Schasinglulu DEFINE_SIP_SP_PKG(5); 660*91f16700Schasinglulu DEFINE_SIP_SP_PKG(6); 661*91f16700Schasinglulu DEFINE_SIP_SP_PKG(7); 662*91f16700Schasinglulu DEFINE_SIP_SP_PKG(8); 663*91f16700Schasinglulu #endif /* SPD_spmd */ 664*91f16700Schasinglulu 665*91f16700Schasinglulu #if ETHOSN_NPU_TZMP1 666*91f16700Schasinglulu static const auth_img_desc_t npu_fw_key_cert = { 667*91f16700Schasinglulu .img_id = ETHOSN_NPU_FW_KEY_CERT_ID, 668*91f16700Schasinglulu .img_type = IMG_CERT, 669*91f16700Schasinglulu .parent = &trusted_key_cert, 670*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 671*91f16700Schasinglulu [0] = { 672*91f16700Schasinglulu .type = AUTH_METHOD_SIG, 673*91f16700Schasinglulu .param.sig = { 674*91f16700Schasinglulu .pk = &non_trusted_world_pk, 675*91f16700Schasinglulu .sig = &sig, 676*91f16700Schasinglulu .alg = &sig_alg, 677*91f16700Schasinglulu .data = &raw_data 678*91f16700Schasinglulu } 679*91f16700Schasinglulu }, 680*91f16700Schasinglulu [1] = { 681*91f16700Schasinglulu .type = AUTH_METHOD_NV_CTR, 682*91f16700Schasinglulu .param.nv_ctr = { 683*91f16700Schasinglulu .cert_nv_ctr = &non_trusted_nv_ctr, 684*91f16700Schasinglulu .plat_nv_ctr = &non_trusted_nv_ctr 685*91f16700Schasinglulu } 686*91f16700Schasinglulu } 687*91f16700Schasinglulu }, 688*91f16700Schasinglulu .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 689*91f16700Schasinglulu [0] = { 690*91f16700Schasinglulu .type_desc = &npu_fw_cert_pk, 691*91f16700Schasinglulu .data = { 692*91f16700Schasinglulu .ptr = (void *)content_pk_buf, 693*91f16700Schasinglulu .len = (unsigned int)PK_DER_LEN 694*91f16700Schasinglulu } 695*91f16700Schasinglulu } 696*91f16700Schasinglulu } 697*91f16700Schasinglulu }; 698*91f16700Schasinglulu 699*91f16700Schasinglulu static const auth_img_desc_t npu_fw_content_cert = { 700*91f16700Schasinglulu .img_id = ETHOSN_NPU_FW_CONTENT_CERT_ID, 701*91f16700Schasinglulu .img_type = IMG_CERT, 702*91f16700Schasinglulu .parent = &npu_fw_key_cert, 703*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 704*91f16700Schasinglulu [0] = { 705*91f16700Schasinglulu .type = AUTH_METHOD_SIG, 706*91f16700Schasinglulu .param.sig = { 707*91f16700Schasinglulu .pk = &npu_fw_cert_pk, 708*91f16700Schasinglulu .sig = &sig, 709*91f16700Schasinglulu .alg = &sig_alg, 710*91f16700Schasinglulu .data = &raw_data 711*91f16700Schasinglulu } 712*91f16700Schasinglulu }, 713*91f16700Schasinglulu [1] = { 714*91f16700Schasinglulu .type = AUTH_METHOD_NV_CTR, 715*91f16700Schasinglulu .param.nv_ctr = { 716*91f16700Schasinglulu .cert_nv_ctr = &non_trusted_nv_ctr, 717*91f16700Schasinglulu .plat_nv_ctr = &non_trusted_nv_ctr 718*91f16700Schasinglulu } 719*91f16700Schasinglulu } 720*91f16700Schasinglulu }, 721*91f16700Schasinglulu .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 722*91f16700Schasinglulu [0] = { 723*91f16700Schasinglulu .type_desc = &npu_fw_image_hash, 724*91f16700Schasinglulu .data = { 725*91f16700Schasinglulu .ptr = (void *)npu_fw_image_hash_buf, 726*91f16700Schasinglulu .len = (unsigned int)HASH_DER_LEN 727*91f16700Schasinglulu } 728*91f16700Schasinglulu }, 729*91f16700Schasinglulu } 730*91f16700Schasinglulu }; 731*91f16700Schasinglulu 732*91f16700Schasinglulu static const auth_img_desc_t npu_fw_image = { 733*91f16700Schasinglulu .img_id = ETHOSN_NPU_FW_IMAGE_ID, 734*91f16700Schasinglulu .img_type = IMG_RAW, 735*91f16700Schasinglulu .parent = &npu_fw_content_cert, 736*91f16700Schasinglulu .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 737*91f16700Schasinglulu [0] = { 738*91f16700Schasinglulu .type = AUTH_METHOD_HASH, 739*91f16700Schasinglulu .param.hash = { 740*91f16700Schasinglulu .data = &raw_data, 741*91f16700Schasinglulu .hash = &npu_fw_image_hash 742*91f16700Schasinglulu } 743*91f16700Schasinglulu } 744*91f16700Schasinglulu } 745*91f16700Schasinglulu }; 746*91f16700Schasinglulu #endif /* ETHOSN_NPU_TZMP1 */ 747*91f16700Schasinglulu 748*91f16700Schasinglulu 749*91f16700Schasinglulu static const auth_img_desc_t * const cot_desc[] = { 750*91f16700Schasinglulu [TRUSTED_BOOT_FW_CERT_ID] = &trusted_boot_fw_cert, 751*91f16700Schasinglulu [HW_CONFIG_ID] = &hw_config, 752*91f16700Schasinglulu [TRUSTED_KEY_CERT_ID] = &trusted_key_cert, 753*91f16700Schasinglulu [SCP_FW_KEY_CERT_ID] = &scp_fw_key_cert, 754*91f16700Schasinglulu [SCP_FW_CONTENT_CERT_ID] = &scp_fw_content_cert, 755*91f16700Schasinglulu [SCP_BL2_IMAGE_ID] = &scp_bl2_image, 756*91f16700Schasinglulu [SOC_FW_KEY_CERT_ID] = &soc_fw_key_cert, 757*91f16700Schasinglulu [SOC_FW_CONTENT_CERT_ID] = &soc_fw_content_cert, 758*91f16700Schasinglulu [BL31_IMAGE_ID] = &bl31_image, 759*91f16700Schasinglulu [SOC_FW_CONFIG_ID] = &soc_fw_config, 760*91f16700Schasinglulu [TRUSTED_OS_FW_KEY_CERT_ID] = &trusted_os_fw_key_cert, 761*91f16700Schasinglulu [TRUSTED_OS_FW_CONTENT_CERT_ID] = &trusted_os_fw_content_cert, 762*91f16700Schasinglulu [BL32_IMAGE_ID] = &bl32_image, 763*91f16700Schasinglulu [BL32_EXTRA1_IMAGE_ID] = &bl32_extra1_image, 764*91f16700Schasinglulu [BL32_EXTRA2_IMAGE_ID] = &bl32_extra2_image, 765*91f16700Schasinglulu [TOS_FW_CONFIG_ID] = &tos_fw_config, 766*91f16700Schasinglulu [NON_TRUSTED_FW_KEY_CERT_ID] = &non_trusted_fw_key_cert, 767*91f16700Schasinglulu [NON_TRUSTED_FW_CONTENT_CERT_ID] = &non_trusted_fw_content_cert, 768*91f16700Schasinglulu [BL33_IMAGE_ID] = &bl33_image, 769*91f16700Schasinglulu [NT_FW_CONFIG_ID] = &nt_fw_config, 770*91f16700Schasinglulu #if defined(SPD_spmd) 771*91f16700Schasinglulu [SIP_SP_CONTENT_CERT_ID] = &sip_sp_content_cert, 772*91f16700Schasinglulu [SP_PKG1_ID] = &sp_pkg1, 773*91f16700Schasinglulu [SP_PKG2_ID] = &sp_pkg2, 774*91f16700Schasinglulu [SP_PKG3_ID] = &sp_pkg3, 775*91f16700Schasinglulu [SP_PKG4_ID] = &sp_pkg4, 776*91f16700Schasinglulu [SP_PKG5_ID] = &sp_pkg5, 777*91f16700Schasinglulu [SP_PKG6_ID] = &sp_pkg6, 778*91f16700Schasinglulu [SP_PKG7_ID] = &sp_pkg7, 779*91f16700Schasinglulu [SP_PKG8_ID] = &sp_pkg8, 780*91f16700Schasinglulu #endif 781*91f16700Schasinglulu #if ETHOSN_NPU_TZMP1 782*91f16700Schasinglulu [ETHOSN_NPU_FW_KEY_CERT_ID] = &npu_fw_key_cert, 783*91f16700Schasinglulu [ETHOSN_NPU_FW_CONTENT_CERT_ID] = &npu_fw_content_cert, 784*91f16700Schasinglulu [ETHOSN_NPU_FW_IMAGE_ID] = &npu_fw_image, 785*91f16700Schasinglulu #endif /* ETHOSN_NPU_TZMP1 */ 786*91f16700Schasinglulu }; 787*91f16700Schasinglulu 788*91f16700Schasinglulu /* Register the CoT in the authentication module */ 789*91f16700Schasinglulu REGISTER_COT(cot_desc); 790