Dynamic cfg: Add HW and TB_FW configs to CoT
This patch adds image IDs to `hw_config` and `tb_fw_config` and includes them in the default Chain Of Trust (CoT). Change-Id: If7bb3e9be8a5e48be76614b35bf43d58fc7fed12 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This commit is contained in:
parent
e24659df35
commit
6d31020e90
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
|
* Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
|
||||||
*
|
*
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
* SPDX-License-Identifier: BSD-3-Clause
|
||||||
*/
|
*/
|
||||||
|
@ -27,6 +27,8 @@
|
||||||
* established, we can reuse some of the buffers on different stages
|
* established, we can reuse some of the buffers on different stages
|
||||||
*/
|
*/
|
||||||
static unsigned char tb_fw_hash_buf[HASH_DER_LEN];
|
static unsigned char tb_fw_hash_buf[HASH_DER_LEN];
|
||||||
|
static unsigned char tb_fw_config_hash_buf[HASH_DER_LEN];
|
||||||
|
static unsigned char hw_config_hash_buf[HASH_DER_LEN];
|
||||||
static unsigned char scp_fw_hash_buf[HASH_DER_LEN];
|
static unsigned char scp_fw_hash_buf[HASH_DER_LEN];
|
||||||
static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
|
static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
|
||||||
static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
|
static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
|
||||||
|
@ -70,6 +72,10 @@ static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC(
|
||||||
|
|
||||||
static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC(
|
static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC(
|
||||||
AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID);
|
AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID);
|
||||||
|
static auth_param_type_desc_t tb_fw_config_hash = AUTH_PARAM_TYPE_DESC(
|
||||||
|
AUTH_PARAM_HASH, TRUSTED_BOOT_FW_CONFIG_HASH_OID);
|
||||||
|
static auth_param_type_desc_t hw_config_hash = AUTH_PARAM_TYPE_DESC(
|
||||||
|
AUTH_PARAM_HASH, HW_CONFIG_HASH_OID);
|
||||||
static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC(
|
static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC(
|
||||||
AUTH_PARAM_HASH, SCP_FW_HASH_OID);
|
AUTH_PARAM_HASH, SCP_FW_HASH_OID);
|
||||||
static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
|
static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
|
||||||
|
@ -125,6 +131,20 @@ static const auth_img_desc_t cot_desc[] = {
|
||||||
.ptr = (void *)tb_fw_hash_buf,
|
.ptr = (void *)tb_fw_hash_buf,
|
||||||
.len = (unsigned int)HASH_DER_LEN
|
.len = (unsigned int)HASH_DER_LEN
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
[1] = {
|
||||||
|
.type_desc = &tb_fw_config_hash,
|
||||||
|
.data = {
|
||||||
|
.ptr = (void *)tb_fw_config_hash_buf,
|
||||||
|
.len = (unsigned int)HASH_DER_LEN
|
||||||
|
}
|
||||||
|
},
|
||||||
|
[2] = {
|
||||||
|
.type_desc = &hw_config_hash,
|
||||||
|
.data = {
|
||||||
|
.ptr = (void *)hw_config_hash_buf,
|
||||||
|
.len = (unsigned int)HASH_DER_LEN
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -142,6 +162,36 @@ static const auth_img_desc_t cot_desc[] = {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
/* HW Config */
|
||||||
|
[HW_CONFIG_ID] = {
|
||||||
|
.img_id = HW_CONFIG_ID,
|
||||||
|
.img_type = IMG_RAW,
|
||||||
|
.parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
|
||||||
|
.img_auth_methods = {
|
||||||
|
[0] = {
|
||||||
|
.type = AUTH_METHOD_HASH,
|
||||||
|
.param.hash = {
|
||||||
|
.data = &raw_data,
|
||||||
|
.hash = &hw_config_hash,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
/* TB FW Config */
|
||||||
|
[TB_FW_CONFIG_ID] = {
|
||||||
|
.img_id = TB_FW_CONFIG_ID,
|
||||||
|
.img_type = IMG_RAW,
|
||||||
|
.parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
|
||||||
|
.img_auth_methods = {
|
||||||
|
[0] = {
|
||||||
|
.type = AUTH_METHOD_HASH,
|
||||||
|
.param.hash = {
|
||||||
|
.data = &raw_data,
|
||||||
|
.hash = &tb_fw_config_hash,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
/*
|
/*
|
||||||
* Trusted key certificate
|
* Trusted key certificate
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
|
* Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
|
||||||
*
|
*
|
||||||
* SPDX-License-Identifier: BSD-3-Clause
|
* SPDX-License-Identifier: BSD-3-Clause
|
||||||
*/
|
*/
|
||||||
|
@ -60,4 +60,10 @@
|
||||||
/* Secure Payload BL32_EXTRA2 (Trusted OS Extra2) */
|
/* Secure Payload BL32_EXTRA2 (Trusted OS Extra2) */
|
||||||
#define BL32_EXTRA2_IMAGE_ID 22
|
#define BL32_EXTRA2_IMAGE_ID 22
|
||||||
|
|
||||||
|
/* HW_CONFIG (e.g. Kernel DT) */
|
||||||
|
#define HW_CONFIG_ID 23
|
||||||
|
|
||||||
|
/* TB_FW_CONFIG */
|
||||||
|
#define TB_FW_CONFIG_ID 24
|
||||||
|
|
||||||
#endif /* __TBBR_IMG_DEF_H__ */
|
#endif /* __TBBR_IMG_DEF_H__ */
|
||||||
|
|
Loading…
Reference in New Issue