From 6d31020e90093456efb373cde446b07770d38953 Mon Sep 17 00:00:00 2001 From: Soby Mathew Date: Tue, 7 Nov 2017 17:03:57 +0000 Subject: [PATCH] Dynamic cfg: Add HW and TB_FW configs to CoT This patch adds image IDs to `hw_config` and `tb_fw_config` and includes them in the default Chain Of Trust (CoT). Change-Id: If7bb3e9be8a5e48be76614b35bf43d58fc7fed12 Signed-off-by: Soby Mathew --- drivers/auth/tbbr/tbbr_cot.c | 52 +++++++++++++++++++++++++++++- include/common/tbbr/tbbr_img_def.h | 8 ++++- 2 files changed, 58 insertions(+), 2 deletions(-) diff --git a/drivers/auth/tbbr/tbbr_cot.c b/drivers/auth/tbbr/tbbr_cot.c index 01d6fb5a3..6ad00592d 100644 --- a/drivers/auth/tbbr/tbbr_cot.c +++ b/drivers/auth/tbbr/tbbr_cot.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -27,6 +27,8 @@ * established, we can reuse some of the buffers on different stages */ static unsigned char tb_fw_hash_buf[HASH_DER_LEN]; +static unsigned char tb_fw_config_hash_buf[HASH_DER_LEN]; +static unsigned char hw_config_hash_buf[HASH_DER_LEN]; static unsigned char scp_fw_hash_buf[HASH_DER_LEN]; static unsigned char soc_fw_hash_buf[HASH_DER_LEN]; static unsigned char tos_fw_hash_buf[HASH_DER_LEN]; @@ -70,6 +72,10 @@ static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC( static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC( AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID); +static auth_param_type_desc_t tb_fw_config_hash = AUTH_PARAM_TYPE_DESC( + AUTH_PARAM_HASH, TRUSTED_BOOT_FW_CONFIG_HASH_OID); +static auth_param_type_desc_t hw_config_hash = AUTH_PARAM_TYPE_DESC( + AUTH_PARAM_HASH, HW_CONFIG_HASH_OID); static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC( AUTH_PARAM_HASH, SCP_FW_HASH_OID); static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC( @@ -125,6 +131,20 @@ static const auth_img_desc_t cot_desc[] = { .ptr = (void *)tb_fw_hash_buf, .len = (unsigned int)HASH_DER_LEN } + }, + [1] = { + .type_desc = &tb_fw_config_hash, + .data = { + .ptr = (void *)tb_fw_config_hash_buf, + .len = (unsigned int)HASH_DER_LEN + } + }, + [2] = { + .type_desc = &hw_config_hash, + .data = { + .ptr = (void *)hw_config_hash_buf, + .len = (unsigned int)HASH_DER_LEN + } } } }, @@ -142,6 +162,36 @@ static const auth_img_desc_t cot_desc[] = { } } }, + /* HW Config */ + [HW_CONFIG_ID] = { + .img_id = HW_CONFIG_ID, + .img_type = IMG_RAW, + .parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID], + .img_auth_methods = { + [0] = { + .type = AUTH_METHOD_HASH, + .param.hash = { + .data = &raw_data, + .hash = &hw_config_hash, + } + } + } + }, + /* TB FW Config */ + [TB_FW_CONFIG_ID] = { + .img_id = TB_FW_CONFIG_ID, + .img_type = IMG_RAW, + .parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID], + .img_auth_methods = { + [0] = { + .type = AUTH_METHOD_HASH, + .param.hash = { + .data = &raw_data, + .hash = &tb_fw_config_hash, + } + } + } + }, /* * Trusted key certificate */ diff --git a/include/common/tbbr/tbbr_img_def.h b/include/common/tbbr/tbbr_img_def.h index 3e68b6488..5a40581e4 100644 --- a/include/common/tbbr/tbbr_img_def.h +++ b/include/common/tbbr/tbbr_img_def.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -60,4 +60,10 @@ /* Secure Payload BL32_EXTRA2 (Trusted OS Extra2) */ #define BL32_EXTRA2_IMAGE_ID 22 +/* HW_CONFIG (e.g. Kernel DT) */ +#define HW_CONFIG_ID 23 + +/* TB_FW_CONFIG */ +#define TB_FW_CONFIG_ID 24 + #endif /* __TBBR_IMG_DEF_H__ */