static unsigned char trusted_world_pk_buf[PK_DER_LEN];
static unsigned char non_trusted_world_pk_buf[PK_DER_LEN];
static unsigned char content_pk_buf[PK_DER_LEN];
+static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN];
+static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN];
+static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN];
/*
* Parameter type descriptors
AUTH_PARAM_HASH, SCP_FW_HASH_OID);
static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
+static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC(
+ AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID);
static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
+static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC(
+ AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID);
static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID);
static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID);
static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
+static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC(
+ AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID);
static auth_param_type_desc_t scp_bl2u_hash = AUTH_PARAM_TYPE_DESC(
AUTH_PARAM_HASH, SCP_FWU_CFG_HASH_OID);
static auth_param_type_desc_t bl2u_hash = AUTH_PARAM_TYPE_DESC(
.ptr = (void *)soc_fw_hash_buf,
.len = (unsigned int)HASH_DER_LEN
}
+ },
+ [1] = {
+ .type_desc = &soc_fw_config_hash,
+ .data = {
+ .ptr = (void *)soc_fw_config_hash_buf,
+ .len = (unsigned int)HASH_DER_LEN
+ }
}
}
},
}
}
},
+ /* SOC FW Config */
+ [SOC_FW_CONFIG_ID] = {
+ .img_id = SOC_FW_CONFIG_ID,
+ .img_type = IMG_RAW,
+ .parent = &cot_desc[SOC_FW_CONTENT_CERT_ID],
+ .img_auth_methods = {
+ [0] = {
+ .type = AUTH_METHOD_HASH,
+ .param.hash = {
+ .data = &raw_data,
+ .hash = &soc_fw_config_hash,
+ }
+ }
+ }
+ },
/*
* Trusted OS Firmware
*/
.ptr = (void *)tos_fw_extra2_hash_buf,
.len = (unsigned int)HASH_DER_LEN
}
+ },
+ [3] = {
+ .type_desc = &tos_fw_config_hash,
+ .data = {
+ .ptr = (void *)tos_fw_config_hash_buf,
+ .len = (unsigned int)HASH_DER_LEN
+ }
}
}
},
}
}
},
+ /* TOS FW Config */
+ [TOS_FW_CONFIG_ID] = {
+ .img_id = TOS_FW_CONFIG_ID,
+ .img_type = IMG_RAW,
+ .parent = &cot_desc[TRUSTED_OS_FW_CONTENT_CERT_ID],
+ .img_auth_methods = {
+ [0] = {
+ .type = AUTH_METHOD_HASH,
+ .param.hash = {
+ .data = &raw_data,
+ .hash = &tos_fw_config_hash,
+ }
+ }
+ }
+ },
/*
* Non-Trusted Firmware
*/
.ptr = (void *)nt_world_bl_hash_buf,
.len = (unsigned int)HASH_DER_LEN
}
+ },
+ [1] = {
+ .type_desc = &nt_fw_config_hash,
+ .data = {
+ .ptr = (void *)nt_fw_config_hash_buf,
+ .len = (unsigned int)HASH_DER_LEN
+ }
}
}
},
}
}
},
+ /* NT FW Config */
+ [NT_FW_CONFIG_ID] = {
+ .img_id = NT_FW_CONFIG_ID,
+ .img_type = IMG_RAW,
+ .parent = &cot_desc[NON_TRUSTED_FW_CONTENT_CERT_ID],
+ .img_auth_methods = {
+ [0] = {
+ .type = AUTH_METHOD_HASH,
+ .param.hash = {
+ .data = &raw_data,
+ .hash = &nt_fw_config_hash,
+ }
+ }
+ }
+ },
/*
* FWU auth descriptor.
*/
{0xd9f1b808, 0xcfc9, 0x4993, 0xa9, 0x62, {0x6f, 0xbc, 0x6b, 0x72, 0x65, 0xcc} }
#define UUID_TB_FW_CONFIG \
{0xff58046c, 0x6baf, 0x4f7d, 0x82, 0xed, {0xaa, 0x27, 0xbc, 0x69, 0xbf, 0xd2} }
+#define UUID_SOC_FW_CONFIG \
+ {0x4b817999, 0x7603, 0x46fb, 0x8c, 0x8e, {0x8d, 0x26, 0x7f, 0x78, 0x59, 0xe0} }
+#define UUID_TOS_FW_CONFIG \
+ {0x1a7c2526, 0xc6bd, 0x477f, 0x8d, 0x96, {0xc4, 0xc4, 0xb0, 0x24, 0x80, 0x21} }
+#define UUID_NT_FW_CONFIG \
+ {0x1598da28, 0xe893, 0x447e, 0xac, 0x66, {0x1a, 0xaf, 0x80, 0x15, 0x50, 0xf9} }
typedef struct fip_toc_header {
uint32_t name;
/* SoCFirmwareContentCertPK */
#define SOC_FW_CONTENT_CERT_PK_OID "1.3.6.1.4.1.4128.2100.501"
-
/*
* SoC Firmware Content Certificate
*/
#define SOC_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.602"
/* SoCAPFirmwareHash - BL31 */
#define SOC_AP_FW_HASH_OID "1.3.6.1.4.1.4128.2100.603"
-
+/* SoCFirmwareConfigHash = SOC_FW_CONFIG */
+#define SOC_FW_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.604"
/*
* SCP Firmware Key Certificate
#define TRUSTED_OS_FW_EXTRA1_HASH_OID "1.3.6.1.4.1.4128.2100.1002"
/* TrustedOSExtra2FirmwareHash - BL32 Extra2 */
#define TRUSTED_OS_FW_EXTRA2_HASH_OID "1.3.6.1.4.1.4128.2100.1003"
+/* TrustedOSFirmwareConfigHash - TOS_FW_CONFIG */
+#define TRUSTED_OS_FW_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.1004"
/*
/* NonTrustedWorldBootloaderHash - BL33 */
#define NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID "1.3.6.1.4.1.4128.2100.1201"
+/* NonTrustedFirmwareConfigHash - NT_FW_CONFIG */
+#define NON_TRUSTED_FW_CONFIG_HASH_OID "1.3.6.1.4.1.4128.2100.1202"
#endif /* __TBBR_OID_H__ */
#include "ext.h"
#include "key.h"
-#define CERT_MAX_EXT 4
+#define CERT_MAX_EXT 5
/*
* This structure contains information related to the generation of the
SCP_FW_HASH_EXT,
SOC_FW_CONTENT_CERT_PK_EXT,
SOC_AP_FW_HASH_EXT,
+ SOC_FW_CONFIG_HASH_EXT,
TRUSTED_OS_FW_CONTENT_CERT_PK_EXT,
TRUSTED_OS_FW_HASH_EXT,
TRUSTED_OS_FW_EXTRA1_HASH_EXT,
TRUSTED_OS_FW_EXTRA2_HASH_EXT,
+ TRUSTED_OS_FW_CONFIG_HASH_EXT,
NON_TRUSTED_FW_CONTENT_CERT_PK_EXT,
NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT,
+ NON_TRUSTED_FW_CONFIG_HASH_EXT,
SCP_FWU_CFG_HASH_EXT,
AP_FWU_CFG_HASH_EXT,
FWU_HASH_EXT
.issuer = SOC_FW_CONTENT_CERT,
.ext = {
TRUSTED_FW_NVCOUNTER_EXT,
- SOC_AP_FW_HASH_EXT
+ SOC_AP_FW_HASH_EXT,
+ SOC_FW_CONFIG_HASH_EXT,
},
- .num_ext = 2
+ .num_ext = 3
},
[TRUSTED_OS_FW_KEY_CERT] = {
.id = TRUSTED_OS_FW_KEY_CERT,
TRUSTED_FW_NVCOUNTER_EXT,
TRUSTED_OS_FW_HASH_EXT,
TRUSTED_OS_FW_EXTRA1_HASH_EXT,
- TRUSTED_OS_FW_EXTRA2_HASH_EXT
+ TRUSTED_OS_FW_EXTRA2_HASH_EXT,
+ TRUSTED_OS_FW_CONFIG_HASH_EXT,
},
- .num_ext = 4
+ .num_ext = 5
},
[NON_TRUSTED_FW_KEY_CERT] = {
.id = NON_TRUSTED_FW_KEY_CERT,
.issuer = NON_TRUSTED_FW_CONTENT_CERT,
.ext = {
NON_TRUSTED_FW_NVCOUNTER_EXT,
- NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT
+ NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT,
+ NON_TRUSTED_FW_CONFIG_HASH_EXT,
},
- .num_ext = 2
+ .num_ext = 3
},
[FWU_CERT] = {
.id = FWU_CERT,
.asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_HASH
},
+ [SOC_FW_CONFIG_HASH_EXT] = {
+ .oid = SOC_FW_CONFIG_HASH_OID,
+ .opt = "soc-fw-config",
+ .help_msg = "SoC Firmware Config file",
+ .sn = "SocFirmwareConfigHash",
+ .ln = "SoC Firmware Config hash",
+ .asn1_type = V_ASN1_OCTET_STRING,
+ .type = EXT_TYPE_HASH,
+ .optional = 1
+ },
[TRUSTED_OS_FW_CONTENT_CERT_PK_EXT] = {
.oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID,
.sn = "TrustedOSFirmwareContentCertPK",
.type = EXT_TYPE_HASH,
.optional = 1
},
+ [TRUSTED_OS_FW_CONFIG_HASH_EXT] = {
+ .oid = TRUSTED_OS_FW_CONFIG_HASH_OID,
+ .opt = "tos-fw-config",
+ .help_msg = "Trusted OS Firmware Config file",
+ .sn = "TrustedOSFirmwareConfigHash",
+ .ln = "Trusted OS Firmware Config hash",
+ .asn1_type = V_ASN1_OCTET_STRING,
+ .type = EXT_TYPE_HASH,
+ .optional = 1
+ },
[NON_TRUSTED_FW_CONTENT_CERT_PK_EXT] = {
.oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID,
.sn = "NonTrustedFirmwareContentCertPK",
.asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_HASH
},
+ [NON_TRUSTED_FW_CONFIG_HASH_EXT] = {
+ .oid = NON_TRUSTED_FW_CONFIG_HASH_OID,
+ .opt = "nt-fw-config",
+ .help_msg = "Non Trusted OS Firmware Config file",
+ .sn = "NonTrustedOSFirmwareConfigHash",
+ .ln = "Non-Trusted OS Firmware Config hash",
+ .asn1_type = V_ASN1_OCTET_STRING,
+ .type = EXT_TYPE_HASH,
+ .optional = 1
+ },
[SCP_FWU_CFG_HASH_EXT] = {
.oid = SCP_FWU_CFG_HASH_OID,
.opt = "scp-fwu-cfg",
.uuid = UUID_TB_FW_CONFIG,
.cmdline_name = "tb-fw-config"
},
+ {
+ .name = "SOC_FW_CONFIG",
+ .uuid = UUID_SOC_FW_CONFIG,
+ .cmdline_name = "soc-fw-config"
+ },
+ {
+ .name = "TOS_FW_CONFIG",
+ .uuid = UUID_TOS_FW_CONFIG,
+ .cmdline_name = "tos-fw-config"
+ },
+ {
+ .name = "NT_FW_CONFIG",
+ .uuid = UUID_NT_FW_CONFIG,
+ .cmdline_name = "nt-fw-config"
+ },
/* Key Certificates */
{
.name = "Root Of Trust key certificate",
projects / project / bcm63xx / atf.git / commitdiff