1 /* 2 * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <stddef.h> 8 9 #include <platform_def.h> 10 #include <drivers/auth/mbedtls/mbedtls_config.h> 11 12 #include <drivers/auth/auth_mod.h> 13 #include <drivers/auth/tbbr_cot_common.h> 14 #if USE_TBBR_DEFS 15 #include <tools_share/tbbr_oid.h> 16 #else 17 #include <platform_oid.h> 18 #endif 19 20 static unsigned char soc_fw_hash_buf[HASH_DER_LEN]; 21 static unsigned char tos_fw_hash_buf[HASH_DER_LEN]; 22 static unsigned char tos_fw_extra1_hash_buf[HASH_DER_LEN]; 23 static unsigned char tos_fw_extra2_hash_buf[HASH_DER_LEN]; 24 static unsigned char trusted_world_pk_buf[PK_DER_LEN]; 25 static unsigned char non_trusted_world_pk_buf[PK_DER_LEN]; 26 static unsigned char content_pk_buf[PK_DER_LEN]; 27 static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN]; 28 static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN]; 29 static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN]; 30 #if defined(SPD_spmd) 31 static unsigned char sp_pkg_hash_buf[MAX_SP_IDS][HASH_DER_LEN]; 32 #endif /* SPD_spmd */ 33 34 static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC( 35 AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID); 36 static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC( 37 AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID); 38 static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC( 39 AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID); 40 static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC( 41 AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID); 42 static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC( 43 AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID); 44 static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC( 45 AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID); 46 static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC( 47 AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID); 48 static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC( 49 AUTH_PARAM_HASH, SCP_FW_HASH_OID); 50 static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC( 51 AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID); 52 static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC( 53 AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID); 54 static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC( 55 AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID); 56 static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC( 57 AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID); 58 static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC( 59 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID); 60 static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC( 61 AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID); 62 static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC( 63 AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID); 64 static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC( 65 AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID); 66 #if defined(SPD_spmd) 67 static auth_param_type_desc_t sp_pkg1_hash = AUTH_PARAM_TYPE_DESC( 68 AUTH_PARAM_HASH, SP_PKG1_HASH_OID); 69 static auth_param_type_desc_t sp_pkg2_hash = AUTH_PARAM_TYPE_DESC( 70 AUTH_PARAM_HASH, SP_PKG2_HASH_OID); 71 static auth_param_type_desc_t sp_pkg3_hash = AUTH_PARAM_TYPE_DESC( 72 AUTH_PARAM_HASH, SP_PKG3_HASH_OID); 73 static auth_param_type_desc_t sp_pkg4_hash = AUTH_PARAM_TYPE_DESC( 74 AUTH_PARAM_HASH, SP_PKG4_HASH_OID); 75 static auth_param_type_desc_t sp_pkg5_hash = AUTH_PARAM_TYPE_DESC( 76 AUTH_PARAM_HASH, SP_PKG5_HASH_OID); 77 static auth_param_type_desc_t sp_pkg6_hash = AUTH_PARAM_TYPE_DESC( 78 AUTH_PARAM_HASH, SP_PKG6_HASH_OID); 79 static auth_param_type_desc_t sp_pkg7_hash = AUTH_PARAM_TYPE_DESC( 80 AUTH_PARAM_HASH, SP_PKG7_HASH_OID); 81 static auth_param_type_desc_t sp_pkg8_hash = AUTH_PARAM_TYPE_DESC( 82 AUTH_PARAM_HASH, SP_PKG8_HASH_OID); 83 #endif /* SPD_spmd */ 84 85 /* 86 * Trusted key certificate 87 */ 88 static const auth_img_desc_t trusted_key_cert = { 89 .img_id = TRUSTED_KEY_CERT_ID, 90 .img_type = IMG_CERT, 91 .parent = NULL, 92 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 93 [0] = { 94 .type = AUTH_METHOD_SIG, 95 .param.sig = { 96 .pk = &subject_pk, 97 .sig = &sig, 98 .alg = &sig_alg, 99 .data = &raw_data 100 } 101 }, 102 [1] = { 103 .type = AUTH_METHOD_NV_CTR, 104 .param.nv_ctr = { 105 .cert_nv_ctr = &trusted_nv_ctr, 106 .plat_nv_ctr = &trusted_nv_ctr 107 } 108 } 109 }, 110 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 111 [0] = { 112 .type_desc = &trusted_world_pk, 113 .data = { 114 .ptr = (void *)trusted_world_pk_buf, 115 .len = (unsigned int)PK_DER_LEN 116 } 117 }, 118 [1] = { 119 .type_desc = &non_trusted_world_pk, 120 .data = { 121 .ptr = (void *)non_trusted_world_pk_buf, 122 .len = (unsigned int)PK_DER_LEN 123 } 124 } 125 } 126 }; 127 /* 128 * SCP Firmware 129 */ 130 static const auth_img_desc_t scp_fw_key_cert = { 131 .img_id = SCP_FW_KEY_CERT_ID, 132 .img_type = IMG_CERT, 133 .parent = &trusted_key_cert, 134 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 135 [0] = { 136 .type = AUTH_METHOD_SIG, 137 .param.sig = { 138 .pk = &trusted_world_pk, 139 .sig = &sig, 140 .alg = &sig_alg, 141 .data = &raw_data 142 } 143 }, 144 [1] = { 145 .type = AUTH_METHOD_NV_CTR, 146 .param.nv_ctr = { 147 .cert_nv_ctr = &trusted_nv_ctr, 148 .plat_nv_ctr = &trusted_nv_ctr 149 } 150 } 151 }, 152 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 153 [0] = { 154 .type_desc = &scp_fw_content_pk, 155 .data = { 156 .ptr = (void *)content_pk_buf, 157 .len = (unsigned int)PK_DER_LEN 158 } 159 } 160 } 161 }; 162 static const auth_img_desc_t scp_fw_content_cert = { 163 .img_id = SCP_FW_CONTENT_CERT_ID, 164 .img_type = IMG_CERT, 165 .parent = &scp_fw_key_cert, 166 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 167 [0] = { 168 .type = AUTH_METHOD_SIG, 169 .param.sig = { 170 .pk = &scp_fw_content_pk, 171 .sig = &sig, 172 .alg = &sig_alg, 173 .data = &raw_data 174 } 175 }, 176 [1] = { 177 .type = AUTH_METHOD_NV_CTR, 178 .param.nv_ctr = { 179 .cert_nv_ctr = &trusted_nv_ctr, 180 .plat_nv_ctr = &trusted_nv_ctr 181 } 182 } 183 }, 184 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 185 [0] = { 186 .type_desc = &scp_fw_hash, 187 .data = { 188 .ptr = (void *)scp_fw_hash_buf, 189 .len = (unsigned int)HASH_DER_LEN 190 } 191 } 192 } 193 }; 194 static const auth_img_desc_t scp_bl2_image = { 195 .img_id = SCP_BL2_IMAGE_ID, 196 .img_type = IMG_RAW, 197 .parent = &scp_fw_content_cert, 198 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 199 [0] = { 200 .type = AUTH_METHOD_HASH, 201 .param.hash = { 202 .data = &raw_data, 203 .hash = &scp_fw_hash 204 } 205 } 206 } 207 }; 208 /* 209 * SoC Firmware 210 */ 211 static const auth_img_desc_t soc_fw_key_cert = { 212 .img_id = SOC_FW_KEY_CERT_ID, 213 .img_type = IMG_CERT, 214 .parent = &trusted_key_cert, 215 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 216 [0] = { 217 .type = AUTH_METHOD_SIG, 218 .param.sig = { 219 .pk = &trusted_world_pk, 220 .sig = &sig, 221 .alg = &sig_alg, 222 .data = &raw_data 223 } 224 }, 225 [1] = { 226 .type = AUTH_METHOD_NV_CTR, 227 .param.nv_ctr = { 228 .cert_nv_ctr = &trusted_nv_ctr, 229 .plat_nv_ctr = &trusted_nv_ctr 230 } 231 } 232 }, 233 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 234 [0] = { 235 .type_desc = &soc_fw_content_pk, 236 .data = { 237 .ptr = (void *)content_pk_buf, 238 .len = (unsigned int)PK_DER_LEN 239 } 240 } 241 } 242 }; 243 static const auth_img_desc_t soc_fw_content_cert = { 244 .img_id = SOC_FW_CONTENT_CERT_ID, 245 .img_type = IMG_CERT, 246 .parent = &soc_fw_key_cert, 247 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 248 [0] = { 249 .type = AUTH_METHOD_SIG, 250 .param.sig = { 251 .pk = &soc_fw_content_pk, 252 .sig = &sig, 253 .alg = &sig_alg, 254 .data = &raw_data 255 } 256 }, 257 [1] = { 258 .type = AUTH_METHOD_NV_CTR, 259 .param.nv_ctr = { 260 .cert_nv_ctr = &trusted_nv_ctr, 261 .plat_nv_ctr = &trusted_nv_ctr 262 } 263 } 264 }, 265 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 266 [0] = { 267 .type_desc = &soc_fw_hash, 268 .data = { 269 .ptr = (void *)soc_fw_hash_buf, 270 .len = (unsigned int)HASH_DER_LEN 271 } 272 }, 273 [1] = { 274 .type_desc = &soc_fw_config_hash, 275 .data = { 276 .ptr = (void *)soc_fw_config_hash_buf, 277 .len = (unsigned int)HASH_DER_LEN 278 } 279 } 280 } 281 }; 282 static const auth_img_desc_t bl31_image = { 283 .img_id = BL31_IMAGE_ID, 284 .img_type = IMG_RAW, 285 .parent = &soc_fw_content_cert, 286 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 287 [0] = { 288 .type = AUTH_METHOD_HASH, 289 .param.hash = { 290 .data = &raw_data, 291 .hash = &soc_fw_hash 292 } 293 } 294 } 295 }; 296 /* SOC FW Config */ 297 static const auth_img_desc_t soc_fw_config = { 298 .img_id = SOC_FW_CONFIG_ID, 299 .img_type = IMG_RAW, 300 .parent = &soc_fw_content_cert, 301 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 302 [0] = { 303 .type = AUTH_METHOD_HASH, 304 .param.hash = { 305 .data = &raw_data, 306 .hash = &soc_fw_config_hash 307 } 308 } 309 } 310 }; 311 /* 312 * Trusted OS Firmware 313 */ 314 static const auth_img_desc_t trusted_os_fw_key_cert = { 315 .img_id = TRUSTED_OS_FW_KEY_CERT_ID, 316 .img_type = IMG_CERT, 317 .parent = &trusted_key_cert, 318 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 319 [0] = { 320 .type = AUTH_METHOD_SIG, 321 .param.sig = { 322 .pk = &trusted_world_pk, 323 .sig = &sig, 324 .alg = &sig_alg, 325 .data = &raw_data 326 } 327 }, 328 [1] = { 329 .type = AUTH_METHOD_NV_CTR, 330 .param.nv_ctr = { 331 .cert_nv_ctr = &trusted_nv_ctr, 332 .plat_nv_ctr = &trusted_nv_ctr 333 } 334 } 335 }, 336 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 337 [0] = { 338 .type_desc = &tos_fw_content_pk, 339 .data = { 340 .ptr = (void *)content_pk_buf, 341 .len = (unsigned int)PK_DER_LEN 342 } 343 } 344 } 345 }; 346 static const auth_img_desc_t trusted_os_fw_content_cert = { 347 .img_id = TRUSTED_OS_FW_CONTENT_CERT_ID, 348 .img_type = IMG_CERT, 349 .parent = &trusted_os_fw_key_cert, 350 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 351 [0] = { 352 .type = AUTH_METHOD_SIG, 353 .param.sig = { 354 .pk = &tos_fw_content_pk, 355 .sig = &sig, 356 .alg = &sig_alg, 357 .data = &raw_data 358 } 359 }, 360 [1] = { 361 .type = AUTH_METHOD_NV_CTR, 362 .param.nv_ctr = { 363 .cert_nv_ctr = &trusted_nv_ctr, 364 .plat_nv_ctr = &trusted_nv_ctr 365 } 366 } 367 }, 368 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 369 [0] = { 370 .type_desc = &tos_fw_hash, 371 .data = { 372 .ptr = (void *)tos_fw_hash_buf, 373 .len = (unsigned int)HASH_DER_LEN 374 } 375 }, 376 [1] = { 377 .type_desc = &tos_fw_extra1_hash, 378 .data = { 379 .ptr = (void *)tos_fw_extra1_hash_buf, 380 .len = (unsigned int)HASH_DER_LEN 381 } 382 }, 383 [2] = { 384 .type_desc = &tos_fw_extra2_hash, 385 .data = { 386 .ptr = (void *)tos_fw_extra2_hash_buf, 387 .len = (unsigned int)HASH_DER_LEN 388 } 389 }, 390 [3] = { 391 .type_desc = &tos_fw_config_hash, 392 .data = { 393 .ptr = (void *)tos_fw_config_hash_buf, 394 .len = (unsigned int)HASH_DER_LEN 395 } 396 } 397 } 398 }; 399 static const auth_img_desc_t bl32_image = { 400 .img_id = BL32_IMAGE_ID, 401 .img_type = IMG_RAW, 402 .parent = &trusted_os_fw_content_cert, 403 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 404 [0] = { 405 .type = AUTH_METHOD_HASH, 406 .param.hash = { 407 .data = &raw_data, 408 .hash = &tos_fw_hash 409 } 410 } 411 } 412 }; 413 static const auth_img_desc_t bl32_extra1_image = { 414 .img_id = BL32_EXTRA1_IMAGE_ID, 415 .img_type = IMG_RAW, 416 .parent = &trusted_os_fw_content_cert, 417 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 418 [0] = { 419 .type = AUTH_METHOD_HASH, 420 .param.hash = { 421 .data = &raw_data, 422 .hash = &tos_fw_extra1_hash 423 } 424 } 425 } 426 }; 427 static const auth_img_desc_t bl32_extra2_image = { 428 .img_id = BL32_EXTRA2_IMAGE_ID, 429 .img_type = IMG_RAW, 430 .parent = &trusted_os_fw_content_cert, 431 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 432 [0] = { 433 .type = AUTH_METHOD_HASH, 434 .param.hash = { 435 .data = &raw_data, 436 .hash = &tos_fw_extra2_hash 437 } 438 } 439 } 440 }; 441 /* TOS FW Config */ 442 static const auth_img_desc_t tos_fw_config = { 443 .img_id = TOS_FW_CONFIG_ID, 444 .img_type = IMG_RAW, 445 .parent = &trusted_os_fw_content_cert, 446 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 447 [0] = { 448 .type = AUTH_METHOD_HASH, 449 .param.hash = { 450 .data = &raw_data, 451 .hash = &tos_fw_config_hash 452 } 453 } 454 } 455 }; 456 /* 457 * Non-Trusted Firmware 458 */ 459 static const auth_img_desc_t non_trusted_fw_key_cert = { 460 .img_id = NON_TRUSTED_FW_KEY_CERT_ID, 461 .img_type = IMG_CERT, 462 .parent = &trusted_key_cert, 463 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 464 [0] = { 465 .type = AUTH_METHOD_SIG, 466 .param.sig = { 467 .pk = &non_trusted_world_pk, 468 .sig = &sig, 469 .alg = &sig_alg, 470 .data = &raw_data 471 } 472 }, 473 [1] = { 474 .type = AUTH_METHOD_NV_CTR, 475 .param.nv_ctr = { 476 .cert_nv_ctr = &non_trusted_nv_ctr, 477 .plat_nv_ctr = &non_trusted_nv_ctr 478 } 479 } 480 }, 481 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 482 [0] = { 483 .type_desc = &nt_fw_content_pk, 484 .data = { 485 .ptr = (void *)content_pk_buf, 486 .len = (unsigned int)PK_DER_LEN 487 } 488 } 489 } 490 }; 491 static const auth_img_desc_t non_trusted_fw_content_cert = { 492 .img_id = NON_TRUSTED_FW_CONTENT_CERT_ID, 493 .img_type = IMG_CERT, 494 .parent = &non_trusted_fw_key_cert, 495 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 496 [0] = { 497 .type = AUTH_METHOD_SIG, 498 .param.sig = { 499 .pk = &nt_fw_content_pk, 500 .sig = &sig, 501 .alg = &sig_alg, 502 .data = &raw_data 503 } 504 }, 505 [1] = { 506 .type = AUTH_METHOD_NV_CTR, 507 .param.nv_ctr = { 508 .cert_nv_ctr = &non_trusted_nv_ctr, 509 .plat_nv_ctr = &non_trusted_nv_ctr 510 } 511 } 512 }, 513 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 514 [0] = { 515 .type_desc = &nt_world_bl_hash, 516 .data = { 517 .ptr = (void *)nt_world_bl_hash_buf, 518 .len = (unsigned int)HASH_DER_LEN 519 } 520 }, 521 [1] = { 522 .type_desc = &nt_fw_config_hash, 523 .data = { 524 .ptr = (void *)nt_fw_config_hash_buf, 525 .len = (unsigned int)HASH_DER_LEN 526 } 527 } 528 } 529 }; 530 static const auth_img_desc_t bl33_image = { 531 .img_id = BL33_IMAGE_ID, 532 .img_type = IMG_RAW, 533 .parent = &non_trusted_fw_content_cert, 534 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 535 [0] = { 536 .type = AUTH_METHOD_HASH, 537 .param.hash = { 538 .data = &raw_data, 539 .hash = &nt_world_bl_hash 540 } 541 } 542 } 543 }; 544 /* NT FW Config */ 545 static const auth_img_desc_t nt_fw_config = { 546 .img_id = NT_FW_CONFIG_ID, 547 .img_type = IMG_RAW, 548 .parent = &non_trusted_fw_content_cert, 549 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 550 [0] = { 551 .type = AUTH_METHOD_HASH, 552 .param.hash = { 553 .data = &raw_data, 554 .hash = &nt_fw_config_hash 555 } 556 } 557 } 558 }; 559 /* Secure Partitions */ 560 #if defined(SPD_spmd) 561 static const auth_img_desc_t sip_sp_content_cert = { 562 .img_id = SIP_SP_CONTENT_CERT_ID, 563 .img_type = IMG_CERT, 564 .parent = &trusted_key_cert, 565 .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { 566 [0] = { 567 .type = AUTH_METHOD_SIG, 568 .param.sig = { 569 .pk = &trusted_world_pk, 570 .sig = &sig, 571 .alg = &sig_alg, 572 .data = &raw_data 573 } 574 }, 575 [1] = { 576 .type = AUTH_METHOD_NV_CTR, 577 .param.nv_ctr = { 578 .cert_nv_ctr = &trusted_nv_ctr, 579 .plat_nv_ctr = &trusted_nv_ctr 580 } 581 } 582 }, 583 .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { 584 [0] = { 585 .type_desc = &sp_pkg1_hash, 586 .data = { 587 .ptr = (void *)sp_pkg_hash_buf[0], 588 .len = (unsigned int)HASH_DER_LEN 589 } 590 }, 591 [1] = { 592 .type_desc = &sp_pkg2_hash, 593 .data = { 594 .ptr = (void *)sp_pkg_hash_buf[1], 595 .len = (unsigned int)HASH_DER_LEN 596 } 597 }, 598 [2] = { 599 .type_desc = &sp_pkg3_hash, 600 .data = { 601 .ptr = (void *)sp_pkg_hash_buf[2], 602 .len = (unsigned int)HASH_DER_LEN 603 } 604 }, 605 [3] = { 606 .type_desc = &sp_pkg4_hash, 607 .data = { 608 .ptr = (void *)sp_pkg_hash_buf[3], 609 .len = (unsigned int)HASH_DER_LEN 610 } 611 }, 612 [4] = { 613 .type_desc = &sp_pkg5_hash, 614 .data = { 615 .ptr = (void *)sp_pkg_hash_buf[4], 616 .len = (unsigned int)HASH_DER_LEN 617 } 618 }, 619 [5] = { 620 .type_desc = &sp_pkg6_hash, 621 .data = { 622 .ptr = (void *)sp_pkg_hash_buf[5], 623 .len = (unsigned int)HASH_DER_LEN 624 } 625 }, 626 [6] = { 627 .type_desc = &sp_pkg7_hash, 628 .data = { 629 .ptr = (void *)sp_pkg_hash_buf[6], 630 .len = (unsigned int)HASH_DER_LEN 631 } 632 }, 633 [7] = { 634 .type_desc = &sp_pkg8_hash, 635 .data = { 636 .ptr = (void *)sp_pkg_hash_buf[7], 637 .len = (unsigned int)HASH_DER_LEN 638 } 639 } 640 } 641 }; 642 643 DEFINE_SIP_SP_PKG(1); 644 DEFINE_SIP_SP_PKG(2); 645 DEFINE_SIP_SP_PKG(3); 646 DEFINE_SIP_SP_PKG(4); 647 DEFINE_SIP_SP_PKG(5); 648 DEFINE_SIP_SP_PKG(6); 649 DEFINE_SIP_SP_PKG(7); 650 DEFINE_SIP_SP_PKG(8); 651 #endif /* SPD_spmd */ 652 653 static const auth_img_desc_t * const cot_desc[] = { 654 [TRUSTED_BOOT_FW_CERT_ID] = &trusted_boot_fw_cert, 655 [HW_CONFIG_ID] = &hw_config, 656 [TRUSTED_KEY_CERT_ID] = &trusted_key_cert, 657 [SCP_FW_KEY_CERT_ID] = &scp_fw_key_cert, 658 [SCP_FW_CONTENT_CERT_ID] = &scp_fw_content_cert, 659 [SCP_BL2_IMAGE_ID] = &scp_bl2_image, 660 [SOC_FW_KEY_CERT_ID] = &soc_fw_key_cert, 661 [SOC_FW_CONTENT_CERT_ID] = &soc_fw_content_cert, 662 [BL31_IMAGE_ID] = &bl31_image, 663 [SOC_FW_CONFIG_ID] = &soc_fw_config, 664 [TRUSTED_OS_FW_KEY_CERT_ID] = &trusted_os_fw_key_cert, 665 [TRUSTED_OS_FW_CONTENT_CERT_ID] = &trusted_os_fw_content_cert, 666 [BL32_IMAGE_ID] = &bl32_image, 667 [BL32_EXTRA1_IMAGE_ID] = &bl32_extra1_image, 668 [BL32_EXTRA2_IMAGE_ID] = &bl32_extra2_image, 669 [TOS_FW_CONFIG_ID] = &tos_fw_config, 670 [NON_TRUSTED_FW_KEY_CERT_ID] = &non_trusted_fw_key_cert, 671 [NON_TRUSTED_FW_CONTENT_CERT_ID] = &non_trusted_fw_content_cert, 672 [BL33_IMAGE_ID] = &bl33_image, 673 [NT_FW_CONFIG_ID] = &nt_fw_config, 674 #if defined(SPD_spmd) 675 [SIP_SP_CONTENT_CERT_ID] = &sip_sp_content_cert, 676 [SP_PKG1_ID] = &sp_pkg1, 677 [SP_PKG2_ID] = &sp_pkg2, 678 [SP_PKG3_ID] = &sp_pkg3, 679 [SP_PKG4_ID] = &sp_pkg4, 680 [SP_PKG5_ID] = &sp_pkg5, 681 [SP_PKG6_ID] = &sp_pkg6, 682 [SP_PKG7_ID] = &sp_pkg7, 683 [SP_PKG8_ID] = &sp_pkg8, 684 #endif 685 }; 686 687 /* Register the CoT in the authentication module */ 688 REGISTER_COT(cot_desc); 689