diff options
| author | Soby Mathew <soby.mathew@arm.com> | 2017-11-07 17:03:57 +0000 |
|---|---|---|
| committer | Soby Mathew <soby.mathew@arm.com> | 2018-02-26 16:31:10 +0000 |
| commit | 6d31020e90093456efb373cde446b07770d38953 (patch) | |
| tree | 2a3792290f0f38645d5bc32ef53386063b5003a4 /drivers | |
| parent | e24659df354c31626f78f4d46d453e14959a9953 (diff) | |
Dynamic cfg: Add HW and TB_FW configs to CoT
This patch adds image IDs to `hw_config` and `tb_fw_config` and
includes them in the default Chain Of Trust (CoT).
Change-Id: If7bb3e9be8a5e48be76614b35bf43d58fc7fed12
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Diffstat (limited to 'drivers')
| -rw-r--r-- | drivers/auth/tbbr/tbbr_cot.c | 52 |
1 files changed, 51 insertions, 1 deletions
diff --git a/drivers/auth/tbbr/tbbr_cot.c b/drivers/auth/tbbr/tbbr_cot.c index 01d6fb5a..6ad00592 100644 --- a/drivers/auth/tbbr/tbbr_cot.c +++ b/drivers/auth/tbbr/tbbr_cot.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -27,6 +27,8 @@ * established, we can reuse some of the buffers on different stages */ static unsigned char tb_fw_hash_buf[HASH_DER_LEN]; +static unsigned char tb_fw_config_hash_buf[HASH_DER_LEN]; +static unsigned char hw_config_hash_buf[HASH_DER_LEN]; static unsigned char scp_fw_hash_buf[HASH_DER_LEN]; static unsigned char soc_fw_hash_buf[HASH_DER_LEN]; static unsigned char tos_fw_hash_buf[HASH_DER_LEN]; @@ -70,6 +72,10 @@ static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC( static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC( AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID); +static auth_param_type_desc_t tb_fw_config_hash = AUTH_PARAM_TYPE_DESC( + AUTH_PARAM_HASH, TRUSTED_BOOT_FW_CONFIG_HASH_OID); +static auth_param_type_desc_t hw_config_hash = AUTH_PARAM_TYPE_DESC( + AUTH_PARAM_HASH, HW_CONFIG_HASH_OID); static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC( AUTH_PARAM_HASH, SCP_FW_HASH_OID); static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC( @@ -125,6 +131,20 @@ static const auth_img_desc_t cot_desc[] = { .ptr = (void *)tb_fw_hash_buf, .len = (unsigned int)HASH_DER_LEN } + }, + [1] = { + .type_desc = &tb_fw_config_hash, + .data = { + .ptr = (void *)tb_fw_config_hash_buf, + .len = (unsigned int)HASH_DER_LEN + } + }, + [2] = { + .type_desc = &hw_config_hash, + .data = { + .ptr = (void *)hw_config_hash_buf, + .len = (unsigned int)HASH_DER_LEN + } } } }, @@ -142,6 +162,36 @@ static const auth_img_desc_t cot_desc[] = { } } }, + /* HW Config */ + [HW_CONFIG_ID] = { + .img_id = HW_CONFIG_ID, + .img_type = IMG_RAW, + .parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID], + .img_auth_methods = { + [0] = { + .type = AUTH_METHOD_HASH, + .param.hash = { + .data = &raw_data, + .hash = &hw_config_hash, + } + } + } + }, + /* TB FW Config */ + [TB_FW_CONFIG_ID] = { + .img_id = TB_FW_CONFIG_ID, + .img_type = IMG_RAW, + .parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID], + .img_auth_methods = { + [0] = { + .type = AUTH_METHOD_HASH, + .param.hash = { + .data = &raw_data, + .hash = &tb_fw_config_hash, + } + } + } + }, /* * Trusted key certificate */ |