diff options
| author | Soby Mathew <soby.mathew@arm.com> | 2018-03-29 14:29:55 +0100 |
|---|---|---|
| committer | Soby Mathew <soby.mathew@arm.com> | 2018-05-18 12:26:38 +0100 |
| commit | 17bc617e80e2b31ddaa65215526c556c23ca1374 (patch) | |
| tree | ee54f9ade643a8826921b3f054b182382d4c8f44 /drivers | |
| parent | 6e79f9fd4b65f473374391595e31c155e9e0ad85 (diff) | |
| download | platform_external_arm-trusted-firmware-17bc617e80e2b31ddaa65215526c556c23ca1374.tar.gz platform_external_arm-trusted-firmware-17bc617e80e2b31ddaa65215526c556c23ca1374.tar.bz2 platform_external_arm-trusted-firmware-17bc617e80e2b31ddaa65215526c556c23ca1374.zip | |
Dynamic cfg: Enable support on CoT for other configs
This patch implements support for adding dynamic configurations for
BL31 (soc_fw_config), BL32 (tos_fw_config) and BL33 (nt_fw_config). The
necessary cert tool support and changes to default chain of trust are made
for these configs.
Change-Id: I25f266277b5b5501a196d2f2f79639d838794518
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Diffstat (limited to 'drivers')
| -rw-r--r-- | drivers/auth/tbbr/tbbr_cot.c | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/drivers/auth/tbbr/tbbr_cot.c b/drivers/auth/tbbr/tbbr_cot.c index 6ad00592d..a950a7a8d 100644 --- a/drivers/auth/tbbr/tbbr_cot.c +++ b/drivers/auth/tbbr/tbbr_cot.c @@ -38,6 +38,9 @@ static unsigned char nt_world_bl_hash_buf[HASH_DER_LEN]; static unsigned char trusted_world_pk_buf[PK_DER_LEN]; static unsigned char non_trusted_world_pk_buf[PK_DER_LEN]; static unsigned char content_pk_buf[PK_DER_LEN]; +static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN]; +static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN]; +static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN]; /* * Parameter type descriptors @@ -80,14 +83,20 @@ static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC( AUTH_PARAM_HASH, SCP_FW_HASH_OID); static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC( AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID); +static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC( + AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID); static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC( AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID); +static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC( + AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID); static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC( AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID); static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC( AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID); static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC( AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID); +static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC( + AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID); static auth_param_type_desc_t scp_bl2u_hash = AUTH_PARAM_TYPE_DESC( AUTH_PARAM_HASH, SCP_FWU_CFG_HASH_OID); static auth_param_type_desc_t bl2u_hash = AUTH_PARAM_TYPE_DESC( @@ -379,6 +388,13 @@ static const auth_img_desc_t cot_desc[] = { .ptr = (void *)soc_fw_hash_buf, .len = (unsigned int)HASH_DER_LEN } + }, + [1] = { + .type_desc = &soc_fw_config_hash, + .data = { + .ptr = (void *)soc_fw_config_hash_buf, + .len = (unsigned int)HASH_DER_LEN + } } } }, @@ -396,6 +412,21 @@ static const auth_img_desc_t cot_desc[] = { } } }, + /* SOC FW Config */ + [SOC_FW_CONFIG_ID] = { + .img_id = SOC_FW_CONFIG_ID, + .img_type = IMG_RAW, + .parent = &cot_desc[SOC_FW_CONTENT_CERT_ID], + .img_auth_methods = { + [0] = { + .type = AUTH_METHOD_HASH, + .param.hash = { + .data = &raw_data, + .hash = &soc_fw_config_hash, + } + } + } + }, /* * Trusted OS Firmware */ @@ -474,6 +505,13 @@ static const auth_img_desc_t cot_desc[] = { .ptr = (void *)tos_fw_extra2_hash_buf, .len = (unsigned int)HASH_DER_LEN } + }, + [3] = { + .type_desc = &tos_fw_config_hash, + .data = { + .ptr = (void *)tos_fw_config_hash_buf, + .len = (unsigned int)HASH_DER_LEN + } } } }, @@ -519,6 +557,21 @@ static const auth_img_desc_t cot_desc[] = { } } }, + /* TOS FW Config */ + [TOS_FW_CONFIG_ID] = { + .img_id = TOS_FW_CONFIG_ID, + .img_type = IMG_RAW, + .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID], + .img_auth_methods = { + [0] = { + .type = AUTH_METHOD_HASH, + .param.hash = { + .data = &raw_data, + .hash = &tos_fw_config_hash, + } + } + } + }, /* * Non-Trusted Firmware */ @@ -583,6 +636,13 @@ static const auth_img_desc_t cot_desc[] = { .ptr = (void *)nt_world_bl_hash_buf, .len = (unsigned int)HASH_DER_LEN } + }, + [1] = { + .type_desc = &nt_fw_config_hash, + .data = { + .ptr = (void *)nt_fw_config_hash_buf, + .len = (unsigned int)HASH_DER_LEN + } } } }, @@ -600,6 +660,21 @@ static const auth_img_desc_t cot_desc[] = { } } }, + /* NT FW Config */ + [NT_FW_CONFIG_ID] = { + .img_id = NT_FW_CONFIG_ID, + .img_type = IMG_RAW, + .parent = &cot_desc[NON_TRUSTED_FW_CONTENT_CERT_ID], + .img_auth_methods = { + [0] = { + .type = AUTH_METHOD_HASH, + .param.hash = { + .data = &raw_data, + .hash = &nt_fw_config_hash, + } + } + } + }, /* * FWU auth descriptor. */ |