mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2025-08-13 16:07:04 +02:00
033f61370a
Common mbedTLS implementation include the fixed configuration file of mbedTLS and that does not gives flexilibility to the platform to include their own mbedTLS configuration. Hence changes are done so that platform can include their own mbedTLS configuration file. Signed-off-by: Lucian Paul-Trifu <lucian.paul-trifu@arm.com> Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com> Change-Id: I04546589f67299e26b0a6a6e151cdf1fdb302607
178 lines
4.5 KiB
C
178 lines
4.5 KiB
C
/*
|
|
* Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
|
|
*
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*/
|
|
|
|
#include <stddef.h>
|
|
|
|
#include <drivers/auth/auth_mod.h>
|
|
#include MBEDTLS_CONFIG_FILE
|
|
#include <drivers/auth/tbbr_cot_common.h>
|
|
|
|
#if USE_TBBR_DEFS
|
|
#include <tools_share/tbbr_oid.h>
|
|
#else
|
|
#include <platform_oid.h>
|
|
#endif
|
|
#include <platform_def.h>
|
|
|
|
|
|
static unsigned char trusted_world_pk_buf[PK_DER_LEN];
|
|
static unsigned char non_trusted_world_pk_buf[PK_DER_LEN];
|
|
static unsigned char content_pk_buf[PK_DER_LEN];
|
|
static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN];
|
|
|
|
static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
|
|
AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID);
|
|
static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC(
|
|
AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID);
|
|
static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC(
|
|
AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID);
|
|
static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC(
|
|
AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID);
|
|
static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
|
|
AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
|
|
static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC(
|
|
AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID);
|
|
/*
|
|
* Trusted key certificate
|
|
*/
|
|
static const auth_img_desc_t trusted_key_cert = {
|
|
.img_id = TRUSTED_KEY_CERT_ID,
|
|
.img_type = IMG_CERT,
|
|
.parent = NULL,
|
|
.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
|
|
[0] = {
|
|
.type = AUTH_METHOD_SIG,
|
|
.param.sig = {
|
|
.pk = &subject_pk,
|
|
.sig = &sig,
|
|
.alg = &sig_alg,
|
|
.data = &raw_data
|
|
}
|
|
},
|
|
[1] = {
|
|
.type = AUTH_METHOD_NV_CTR,
|
|
.param.nv_ctr = {
|
|
.cert_nv_ctr = &trusted_nv_ctr,
|
|
.plat_nv_ctr = &trusted_nv_ctr
|
|
}
|
|
}
|
|
},
|
|
.authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
|
|
[0] = {
|
|
.type_desc = &trusted_world_pk,
|
|
.data = {
|
|
.ptr = (void *)trusted_world_pk_buf,
|
|
.len = (unsigned int)PK_DER_LEN
|
|
}
|
|
},
|
|
[1] = {
|
|
.type_desc = &non_trusted_world_pk,
|
|
.data = {
|
|
.ptr = (void *)non_trusted_world_pk_buf,
|
|
.len = (unsigned int)PK_DER_LEN
|
|
}
|
|
}
|
|
}
|
|
};
|
|
/*
|
|
* Non-Trusted Firmware
|
|
*/
|
|
static const auth_img_desc_t non_trusted_fw_key_cert = {
|
|
.img_id = NON_TRUSTED_FW_KEY_CERT_ID,
|
|
.img_type = IMG_CERT,
|
|
.parent = &trusted_key_cert,
|
|
.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
|
|
[0] = {
|
|
.type = AUTH_METHOD_SIG,
|
|
.param.sig = {
|
|
.pk = &non_trusted_world_pk,
|
|
.sig = &sig,
|
|
.alg = &sig_alg,
|
|
.data = &raw_data
|
|
}
|
|
},
|
|
[1] = {
|
|
.type = AUTH_METHOD_NV_CTR,
|
|
.param.nv_ctr = {
|
|
.cert_nv_ctr = &non_trusted_nv_ctr,
|
|
.plat_nv_ctr = &non_trusted_nv_ctr
|
|
}
|
|
}
|
|
},
|
|
.authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
|
|
[0] = {
|
|
.type_desc = &nt_fw_content_pk,
|
|
.data = {
|
|
.ptr = (void *)content_pk_buf,
|
|
.len = (unsigned int)PK_DER_LEN
|
|
}
|
|
}
|
|
}
|
|
};
|
|
static const auth_img_desc_t non_trusted_fw_content_cert = {
|
|
.img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
|
|
.img_type = IMG_CERT,
|
|
.parent = &non_trusted_fw_key_cert,
|
|
.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
|
|
[0] = {
|
|
.type = AUTH_METHOD_SIG,
|
|
.param.sig = {
|
|
.pk = &nt_fw_content_pk,
|
|
.sig = &sig,
|
|
.alg = &sig_alg,
|
|
.data = &raw_data
|
|
}
|
|
},
|
|
[1] = {
|
|
.type = AUTH_METHOD_NV_CTR,
|
|
.param.nv_ctr = {
|
|
.cert_nv_ctr = &non_trusted_nv_ctr,
|
|
.plat_nv_ctr = &non_trusted_nv_ctr
|
|
}
|
|
}
|
|
},
|
|
.authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
|
|
[0] = {
|
|
.type_desc = &nt_world_bl_hash,
|
|
.data = {
|
|
.ptr = (void *)nt_world_bl_hash_buf,
|
|
.len = (unsigned int)HASH_DER_LEN
|
|
}
|
|
},
|
|
[1] = {
|
|
.type_desc = &nt_fw_config_hash,
|
|
.data = {
|
|
.ptr = (void *)nt_fw_config_hash_buf,
|
|
.len = (unsigned int)HASH_DER_LEN
|
|
}
|
|
}
|
|
}
|
|
};
|
|
static const auth_img_desc_t bl33_image = {
|
|
.img_id = BL33_IMAGE_ID,
|
|
.img_type = IMG_RAW,
|
|
.parent = &non_trusted_fw_content_cert,
|
|
.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
|
|
[0] = {
|
|
.type = AUTH_METHOD_HASH,
|
|
.param.hash = {
|
|
.data = &raw_data,
|
|
.hash = &nt_world_bl_hash
|
|
}
|
|
}
|
|
}
|
|
};
|
|
|
|
static const auth_img_desc_t * const cot_desc[] = {
|
|
[TRUSTED_KEY_CERT_ID] = &trusted_key_cert,
|
|
[NON_TRUSTED_FW_KEY_CERT_ID] = &non_trusted_fw_key_cert,
|
|
[NON_TRUSTED_FW_CONTENT_CERT_ID] = &non_trusted_fw_content_cert,
|
|
[BL33_IMAGE_ID] = &bl33_image,
|
|
};
|
|
|
|
/* Register the CoT in the authentication module */
|
|
REGISTER_COT(cot_desc);
|