1/* 2 * Copyright (c) 2020, ARM Limited. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7#include <tools_share/tbbr_oid.h> 8#include <common/tbbr/tbbr_img_def.h> 9#include <common/nv_cntr_ids.h> 10 11cot { 12 manifests { 13 compatible = "arm, cert-descs"; 14 15 trusted_boot_fw_cert: trusted_boot_fw_cert { 16 root-certificate; 17 image-id =<TRUSTED_BOOT_FW_CERT_ID>; 18 antirollback-counter = <&trusted_nv_counter>; 19 20 tb_fw_hash: tb_fw_hash { 21 oid = TRUSTED_BOOT_FW_HASH_OID; 22 }; 23 tb_fw_config_hash: tb_fw_config_hash { 24 oid = TRUSTED_BOOT_FW_CONFIG_HASH_OID; 25 }; 26 hw_config_hash: hw_config_hash { 27 oid = HW_CONFIG_HASH_OID; 28 }; 29 fw_config_hash: fw_config_hash { 30 oid = FW_CONFIG_HASH_OID; 31 }; 32 }; 33 34 trusted_key_cert: trusted_key_cert { 35 root-certificate; 36 image-id = <TRUSTED_KEY_CERT_ID>; 37 antirollback-counter = <&trusted_nv_counter>; 38 39 trusted_world_pk: trusted_world_pk { 40 oid = TRUSTED_WORLD_PK_OID; 41 }; 42 non_trusted_world_pk: non_trusted_world_pk { 43 oid = NON_TRUSTED_WORLD_PK_OID; 44 }; 45 }; 46 47 scp_fw_key_cert: scp_fw_key_cert { 48 image-id = <SCP_FW_KEY_CERT_ID>; 49 parent = <&trusted_key_cert>; 50 signing-key = <&trusted_world_pk>; 51 antirollback-counter = <&trusted_nv_counter>; 52 53 scp_fw_content_pk: scp_fw_content_pk { 54 oid = SCP_FW_CONTENT_CERT_PK_OID; 55 }; 56 }; 57 58 scp_fw_content_cert: scp_fw_content_cert { 59 image-id = <SCP_FW_CONTENT_CERT_ID>; 60 parent = <&scp_fw_key_cert>; 61 signing-key = <&scp_fw_content_pk>; 62 antirollback-counter = <&trusted_nv_counter>; 63 64 scp_fw_hash: scp_fw_hash { 65 oid = SCP_FW_HASH_OID; 66 }; 67 }; 68 69 soc_fw_key_cert: soc_fw_key_cert { 70 image-id = <SOC_FW_KEY_CERT_ID>; 71 parent = <&trusted_key_cert>; 72 signing-key = <&trusted_world_pk>; 73 antirollback-counter = <&trusted_nv_counter>; 74 soc_fw_content_pk: soc_fw_content_pk { 75 oid = SOC_FW_CONTENT_CERT_PK_OID; 76 }; 77 }; 78 79 soc_fw_content_cert: soc_fw_content_cert { 80 image-id = <SOC_FW_CONTENT_CERT_ID>; 81 parent = <&soc_fw_key_cert>; 82 signing-key = <&soc_fw_content_pk>; 83 antirollback-counter = <&trusted_nv_counter>; 84 85 soc_fw_hash: soc_fw_hash { 86 oid = SOC_AP_FW_HASH_OID; 87 }; 88 soc_fw_config_hash: soc_fw_config_hash { 89 oid = SOC_FW_CONFIG_HASH_OID; 90 }; 91 }; 92 93 trusted_os_fw_key_cert: trusted_os_fw_key_cert { 94 image-id = <TRUSTED_OS_FW_KEY_CERT_ID>; 95 parent = <&trusted_key_cert>; 96 signing-key = <&trusted_world_pk>; 97 antirollback-counter = <&trusted_nv_counter>; 98 99 tos_fw_content_pk: tos_fw_content_pk { 100 oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID; 101 }; 102 }; 103 104 trusted_os_fw_content_cert: trusted_os_fw_content_cert { 105 image-id = <TRUSTED_OS_FW_CONTENT_CERT_ID>; 106 parent = <&trusted_os_fw_key_cert>; 107 signing-key = <&tos_fw_content_pk>; 108 antirollback-counter = <&trusted_nv_counter>; 109 110 tos_fw_hash: tos_fw_hash { 111 oid = TRUSTED_OS_FW_HASH_OID; 112 }; 113 tos_fw_extra1_hash: tos_fw_extra1_hash { 114 oid = TRUSTED_OS_FW_EXTRA1_HASH_OID; 115 }; 116 tos_fw_extra2_hash: tos_fw_extra2_hash { 117 oid = TRUSTED_OS_FW_EXTRA2_HASH_OID; 118 }; 119 tos_fw_config_hash: tos_fw_config_hash { 120 oid = TRUSTED_OS_FW_CONFIG_HASH_OID; 121 }; 122 }; 123 124 non_trusted_fw_key_cert: non_trusted_fw_key_cert { 125 image-id = <NON_TRUSTED_FW_KEY_CERT_ID>; 126 parent = <&trusted_key_cert>; 127 signing-key = <&non_trusted_world_pk>; 128 antirollback-counter = <&non_trusted_nv_counter>; 129 130 nt_fw_content_pk: nt_fw_content_pk { 131 oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID; 132 }; 133 }; 134 135 non_trusted_fw_content_cert: non_trusted_fw_content_cert { 136 image-id = <NON_TRUSTED_FW_CONTENT_CERT_ID>; 137 parent = <&non_trusted_fw_key_cert>; 138 signing-key = <&nt_fw_content_pk>; 139 antirollback-counter = <&non_trusted_nv_counter>; 140 141 nt_world_bl_hash: nt_world_bl_hash { 142 oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID; 143 }; 144 nt_fw_config_hash: nt_fw_config_hash { 145 oid = NON_TRUSTED_FW_CONFIG_HASH_OID; 146 }; 147 }; 148 149#if defined(SPD_spmd) 150 sip_sp_content_cert: sip_sp_content_cert { 151 image-id = <SIP_SP_CONTENT_CERT_ID>; 152 parent = <&trusted_key_cert>; 153 signing-key = <&trusted_world_pk>; 154 antirollback-counter = <&trusted_nv_counter>; 155 156 sp_pkg1_hash: sp_pkg1_hash { 157 oid = SP_PKG1_HASH_OID; 158 }; 159 sp_pkg2_hash: sp_pkg2_hash { 160 oid = SP_PKG2_HASH_OID; 161 }; 162 sp_pkg3_hash: sp_pkg3_hash { 163 oid = SP_PKG3_HASH_OID; 164 }; 165 sp_pkg4_hash: sp_pkg4_hash { 166 oid = SP_PKG4_HASH_OID; 167 }; 168 sp_pkg5_hash: sp_pkg5_hash { 169 oid = SP_PKG5_HASH_OID; 170 }; 171 sp_pkg6_hash: sp_pkg6_hash { 172 oid = SP_PKG6_HASH_OID; 173 }; 174 sp_pkg7_hash: sp_pkg7_hash { 175 oid = SP_PKG7_HASH_OID; 176 }; 177 sp_pkg8_hash: sp_pkg8_hash { 178 oid = SP_PKG8_HASH_OID; 179 }; 180 }; 181#endif 182 }; 183 184 images { 185 compatible = "arm, img-descs"; 186 187 hw_config { 188 image-id = <HW_CONFIG_ID>; 189 parent = <&trusted_boot_fw_cert>; 190 hash = <&hw_config_hash>; 191 }; 192 193 tb_fw_config { 194 image-id = <TB_FW_CONFIG_ID>; 195 parent = <&trusted_boot_fw_cert>; 196 hash = <&tb_fw_config_hash>; 197 }; 198 199 scp_bl2_image { 200 image-id = <SCP_BL2_IMAGE_ID>; 201 parent = <&scp_fw_content_cert>; 202 hash = <&scp_fw_hash>; 203 }; 204 205 bl31_image { 206 image-id = <BL31_IMAGE_ID>; 207 parent = <&soc_fw_content_cert>; 208 hash = <&soc_fw_hash>; 209 }; 210 211 soc_fw_config { 212 image-id = <SOC_FW_CONFIG_ID>; 213 parent = <&soc_fw_content_cert>; 214 hash = <&soc_fw_config_hash>; 215 }; 216 217 bl32_image { 218 image-id = <BL32_IMAGE_ID>; 219 parent = <&trusted_os_fw_content_cert>; 220 hash = <&tos_fw_hash>; 221 }; 222 223 bl32_extra1_image { 224 image-id = <BL32_EXTRA1_IMAGE_ID>; 225 parent = <&trusted_os_fw_content_cert>; 226 hash = <&tos_fw_extra1_hash>; 227 }; 228 229 bl32_extra2_image { 230 image-id = <BL32_EXTRA2_IMAGE_ID>; 231 parent = <&trusted_os_fw_content_cert>; 232 hash = <&tos_fw_extra2_hash>; 233 }; 234 235 tos_fw_config { 236 image-id = <TOS_FW_CONFIG_ID>; 237 parent = <&trusted_os_fw_content_cert>; 238 hash = <&tos_fw_config_hash>; 239 }; 240 241 bl33_image { 242 image-id = <BL33_IMAGE_ID>; 243 parent = <&non_trusted_fw_content_cert>; 244 hash = <&nt_world_bl_hash>; 245 }; 246 247 nt_fw_config { 248 image-id = <NT_FW_CONFIG_ID>; 249 parent = <&non_trusted_fw_content_cert>; 250 hash = <&nt_fw_config_hash>; 251 }; 252 253#if defined(SPD_spmd) 254 sp_pkg1 { 255 image-id = <SP_PKG1_ID>; 256 parent = <&sip_sp_content_cert>; 257 hash = <&sp_pkg1_hash>; 258 }; 259 260 sp_pkg2 { 261 image-id = <SP_PKG2_ID>; 262 parent = <&sip_sp_content_cert>; 263 hash = <&sp_pkg2_hash>; 264 }; 265 266 sp_pkg3 { 267 image-id = <SP_PKG3_ID>; 268 parent = <&sip_sp_content_cert>; 269 hash = <&sp_pkg3_hash>; 270 }; 271 272 sp_pkg4 { 273 image-id = <SP_PKG4_ID>; 274 parent = <&sip_sp_content_cert>; 275 hash = <&sp_pkg4_hash>; 276 }; 277 278 sp_pkg5 { 279 image-id = <SP_PKG5_ID>; 280 parent = <&sip_sp_content_cert>; 281 hash = <&sp_pkg5_hash>; 282 }; 283 284 sp_pkg6 { 285 image-id = <SP_PKG6_ID>; 286 parent = <&sip_sp_content_cert>; 287 hash = <&sp_pkg6_hash>; 288 }; 289 290 sp_pkg7 { 291 image-id = <SP_PKG7_ID>; 292 parent = <&sip_sp_content_cert>; 293 hash = <&sp_pkg7_hash>; 294 }; 295 296 sp_pkg8 { 297 image-id = <SP_PKG8_ID>; 298 parent = <&sip_sp_content_cert>; 299 hash = <&sp_pkg8_hash>; 300 }; 301#endif 302 }; 303}; 304 305non_volatile_counters: non_volatile_counters { 306 compatible = "arm, non-volatile-counter"; 307 308 #address-cells = <1>; 309 #size-cells = <0>; 310 311 trusted_nv_counter: trusted_nv_counter { 312 id = <TRUSTED_NV_CTR_ID>; 313 oid = TRUSTED_FW_NVCOUNTER_OID; 314 }; 315 316 non_trusted_nv_counter: non_trusted_nv_counter { 317 id = <NON_TRUSTED_NV_CTR_ID>; 318 oid = NON_TRUSTED_FW_NVCOUNTER_OID; 319 }; 320}; 321