1/* 2 * Copyright (c) 2024, Arm Limited. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7#include <tools_share/dualroot_oid.h> 8#include <common/tbbr/tbbr_img_def.h> 9#include <common/nv_cntr_ids.h> 10 11cot { 12 manifests { 13 compatible = "arm, cert-descs"; 14 15 trusted_boot_fw_cert: trusted_boot_fw_cert { 16 root-certificate; 17 image-id =<TRUSTED_BOOT_FW_CERT_ID>; 18 antirollback-counter = <&trusted_nv_ctr>; 19 20 tb_fw_hash: tb_fw_hash { 21 oid = TRUSTED_BOOT_FW_HASH_OID; 22 }; 23 tb_fw_config_hash: tb_fw_config_hash { 24 oid = TRUSTED_BOOT_FW_CONFIG_HASH_OID; 25 }; 26 hw_config_hash: hw_config_hash { 27 oid = HW_CONFIG_HASH_OID; 28 }; 29 fw_config_hash: fw_config_hash { 30 oid = FW_CONFIG_HASH_OID; 31 }; 32 }; 33 34 trusted_key_cert: trusted_key_cert { 35 root-certificate; 36 image-id = <TRUSTED_KEY_CERT_ID>; 37 antirollback-counter = <&trusted_nv_ctr>; 38 39 trusted_world_pk: trusted_world_pk { 40 oid = TRUSTED_WORLD_PK_OID; 41 }; 42 }; 43 44 scp_fw_key_cert: scp_fw_key_cert { 45 image-id = <SCP_FW_KEY_CERT_ID>; 46 parent = <&trusted_key_cert>; 47 signing-key = <&trusted_world_pk>; 48 antirollback-counter = <&trusted_nv_ctr>; 49 50 scp_fw_content_pk: scp_fw_content_pk { 51 oid = SCP_FW_CONTENT_CERT_PK_OID; 52 }; 53 }; 54 55 scp_fw_content_cert: scp_fw_content_cert { 56 image-id = <SCP_FW_CONTENT_CERT_ID>; 57 parent = <&scp_fw_key_cert>; 58 signing-key = <&scp_fw_content_pk>; 59 antirollback-counter = <&trusted_nv_ctr>; 60 61 scp_fw_hash: scp_fw_hash { 62 oid = SCP_FW_HASH_OID; 63 }; 64 }; 65 66 soc_fw_key_cert: soc_fw_key_cert { 67 image-id = <SOC_FW_KEY_CERT_ID>; 68 parent = <&trusted_key_cert>; 69 signing-key = <&trusted_world_pk>; 70 antirollback-counter = <&trusted_nv_ctr>; 71 soc_fw_content_pk: soc_fw_content_pk { 72 oid = SOC_FW_CONTENT_CERT_PK_OID; 73 }; 74 }; 75 76 soc_fw_content_cert: soc_fw_content_cert { 77 image-id = <SOC_FW_CONTENT_CERT_ID>; 78 parent = <&soc_fw_key_cert>; 79 signing-key = <&soc_fw_content_pk>; 80 antirollback-counter = <&trusted_nv_ctr>; 81 82 soc_fw_hash: soc_fw_hash { 83 oid = SOC_AP_FW_HASH_OID; 84 }; 85 soc_fw_config_hash: soc_fw_config_hash { 86 oid = SOC_FW_CONFIG_HASH_OID; 87 }; 88 }; 89 90 trusted_os_fw_key_cert: trusted_os_fw_key_cert { 91 image-id = <TRUSTED_OS_FW_KEY_CERT_ID>; 92 parent = <&trusted_key_cert>; 93 signing-key = <&trusted_world_pk>; 94 antirollback-counter = <&trusted_nv_ctr>; 95 96 tos_fw_content_pk: tos_fw_content_pk { 97 oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID; 98 }; 99 }; 100 101 trusted_os_fw_content_cert: trusted_os_fw_content_cert { 102 image-id = <TRUSTED_OS_FW_CONTENT_CERT_ID>; 103 parent = <&trusted_os_fw_key_cert>; 104 signing-key = <&tos_fw_content_pk>; 105 antirollback-counter = <&trusted_nv_ctr>; 106 107 tos_fw_hash: tos_fw_hash { 108 oid = TRUSTED_OS_FW_HASH_OID; 109 }; 110 tos_fw_extra1_hash: tos_fw_extra1_hash { 111 oid = TRUSTED_OS_FW_EXTRA1_HASH_OID; 112 }; 113 tos_fw_extra2_hash: tos_fw_extra2_hash { 114 oid = TRUSTED_OS_FW_EXTRA2_HASH_OID; 115 }; 116 tos_fw_config_hash: tos_fw_config_hash { 117 oid = TRUSTED_OS_FW_CONFIG_HASH_OID; 118 }; 119 }; 120 121 non_trusted_fw_content_cert: non_trusted_fw_content_cert { 122 root-certificate; 123 image-id = <NON_TRUSTED_FW_CONTENT_CERT_ID>; 124 signing-key = <&prot_pk>; 125 antirollback-counter = <&non_trusted_nv_ctr>; 126 127 nt_world_bl_hash: nt_world_bl_hash { 128 oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID; 129 }; 130 nt_fw_config_hash: nt_fw_config_hash { 131 oid = NON_TRUSTED_FW_CONFIG_HASH_OID; 132 }; 133 }; 134 135#if defined(SPD_spmd) 136 sip_sp_content_cert: sip_sp_content_cert { 137 image-id = <SIP_SP_CONTENT_CERT_ID>; 138 parent = <&trusted_key_cert>; 139 signing-key = <&trusted_world_pk>; 140 antirollback-counter = <&trusted_nv_ctr>; 141 142 sp_pkg1_hash: sp_pkg1_hash { 143 oid = SP_PKG1_HASH_OID; 144 }; 145 sp_pkg2_hash: sp_pkg2_hash { 146 oid = SP_PKG2_HASH_OID; 147 }; 148 sp_pkg3_hash: sp_pkg3_hash { 149 oid = SP_PKG3_HASH_OID; 150 }; 151 sp_pkg4_hash: sp_pkg4_hash { 152 oid = SP_PKG4_HASH_OID; 153 }; 154 }; 155 156 plat_sp_content_cert: plat_sp_content_cert { 157 root-certificate; 158 image-id = <PLAT_SP_CONTENT_CERT_ID>; 159 signing-key = <&prot_pk>; 160 antirollback-counter = <&non_trusted_nv_ctr>; 161 162 sp_pkg5_hash: sp_pkg5_hash { 163 oid = SP_PKG5_HASH_OID; 164 }; 165 sp_pkg6_hash: sp_pkg6_hash { 166 oid = SP_PKG6_HASH_OID; 167 }; 168 sp_pkg7_hash: sp_pkg7_hash { 169 oid = SP_PKG7_HASH_OID; 170 }; 171 sp_pkg8_hash: sp_pkg8_hash { 172 oid = SP_PKG8_HASH_OID; 173 }; 174 }; 175#endif 176 }; 177 178 images { 179 compatible = "arm, img-descs"; 180 181 hw_config { 182 image-id = <HW_CONFIG_ID>; 183 parent = <&trusted_boot_fw_cert>; 184 hash = <&hw_config_hash>; 185 }; 186 187 scp_bl2_image { 188 image-id = <SCP_BL2_IMAGE_ID>; 189 parent = <&scp_fw_content_cert>; 190 hash = <&scp_fw_hash>; 191 }; 192 193 bl31_image { 194 image-id = <BL31_IMAGE_ID>; 195 parent = <&soc_fw_content_cert>; 196 hash = <&soc_fw_hash>; 197 }; 198 199 soc_fw_config { 200 image-id = <SOC_FW_CONFIG_ID>; 201 parent = <&soc_fw_content_cert>; 202 hash = <&soc_fw_config_hash>; 203 }; 204 205 bl32_image { 206 image-id = <BL32_IMAGE_ID>; 207 parent = <&trusted_os_fw_content_cert>; 208 hash = <&tos_fw_hash>; 209 }; 210 211 bl32_extra1_image { 212 image-id = <BL32_EXTRA1_IMAGE_ID>; 213 parent = <&trusted_os_fw_content_cert>; 214 hash = <&tos_fw_extra1_hash>; 215 }; 216 217 bl32_extra2_image { 218 image-id = <BL32_EXTRA2_IMAGE_ID>; 219 parent = <&trusted_os_fw_content_cert>; 220 hash = <&tos_fw_extra2_hash>; 221 }; 222 223 tos_fw_config { 224 image-id = <TOS_FW_CONFIG_ID>; 225 parent = <&trusted_os_fw_content_cert>; 226 hash = <&tos_fw_config_hash>; 227 }; 228 229 bl33_image { 230 image-id = <BL33_IMAGE_ID>; 231 parent = <&non_trusted_fw_content_cert>; 232 hash = <&nt_world_bl_hash>; 233 }; 234 235 nt_fw_config { 236 image-id = <NT_FW_CONFIG_ID>; 237 parent = <&non_trusted_fw_content_cert>; 238 hash = <&nt_fw_config_hash>; 239 }; 240 241#if defined(SPD_spmd) 242 sp_pkg1 { 243 image-id = <SP_PKG1_ID>; 244 parent = <&sip_sp_content_cert>; 245 hash = <&sp_pkg1_hash>; 246 }; 247 248 sp_pkg2 { 249 image-id = <SP_PKG2_ID>; 250 parent = <&sip_sp_content_cert>; 251 hash = <&sp_pkg2_hash>; 252 }; 253 254 sp_pkg3 { 255 image-id = <SP_PKG3_ID>; 256 parent = <&sip_sp_content_cert>; 257 hash = <&sp_pkg3_hash>; 258 }; 259 260 sp_pkg4 { 261 image-id = <SP_PKG4_ID>; 262 parent = <&sip_sp_content_cert>; 263 hash = <&sp_pkg4_hash>; 264 }; 265 266 sp_pkg5 { 267 image-id = <SP_PKG5_ID>; 268 parent = <&plat_sp_content_cert>; 269 hash = <&sp_pkg5_hash>; 270 }; 271 272 sp_pkg6 { 273 image-id = <SP_PKG6_ID>; 274 parent = <&plat_sp_content_cert>; 275 hash = <&sp_pkg6_hash>; 276 }; 277 278 sp_pkg7 { 279 image-id = <SP_PKG7_ID>; 280 parent = <&plat_sp_content_cert>; 281 hash = <&sp_pkg7_hash>; 282 }; 283 284 sp_pkg8 { 285 image-id = <SP_PKG8_ID>; 286 parent = <&plat_sp_content_cert>; 287 hash = <&sp_pkg8_hash>; 288 }; 289#endif 290 }; 291}; 292 293non_volatile_counters: non_volatile_counters { 294 compatible = "arm, non-volatile-counter"; 295 296 #address-cells = <1>; 297 #size-cells = <0>; 298 299 trusted_nv_ctr: trusted_nv_ctr { 300 id = <TRUSTED_NV_CTR_ID>; 301 oid = TRUSTED_FW_NVCOUNTER_OID; 302 }; 303 304 non_trusted_nv_ctr: non_trusted_nv_ctr { 305 id = <NON_TRUSTED_NV_CTR_ID>; 306 oid = NON_TRUSTED_FW_NVCOUNTER_OID; 307 }; 308}; 309 310rot_keys { 311 prot_pk: prot_pk { 312 oid = PROT_PK_OID; 313 }; 314}; 315