1 /*
2  * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #include <stddef.h>
8 
9 #include <platform_def.h>
10 #include <drivers/auth/mbedtls/mbedtls_config.h>
11 
12 #include <drivers/auth/auth_mod.h>
13 #include <drivers/auth/tbbr_cot_common.h>
14 #if USE_TBBR_DEFS
15 #include <tools_share/tbbr_oid.h>
16 #else
17 #include <platform_oid.h>
18 #endif
19 
20 static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
21 static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
22 static unsigned char tos_fw_extra1_hash_buf[HASH_DER_LEN];
23 static unsigned char tos_fw_extra2_hash_buf[HASH_DER_LEN];
24 static unsigned char trusted_world_pk_buf[PK_DER_LEN];
25 static unsigned char non_trusted_world_pk_buf[PK_DER_LEN];
26 static unsigned char content_pk_buf[PK_DER_LEN];
27 static unsigned char soc_fw_config_hash_buf[HASH_DER_LEN];
28 static unsigned char tos_fw_config_hash_buf[HASH_DER_LEN];
29 static unsigned char nt_fw_config_hash_buf[HASH_DER_LEN];
30 #if defined(SPD_spmd)
31 static unsigned char sp_pkg_hash_buf[MAX_SP_IDS][HASH_DER_LEN];
32 #endif /* SPD_spmd */
33 
34 static auth_param_type_desc_t non_trusted_nv_ctr = AUTH_PARAM_TYPE_DESC(
35 		AUTH_PARAM_NV_CTR, NON_TRUSTED_FW_NVCOUNTER_OID);
36 static auth_param_type_desc_t trusted_world_pk = AUTH_PARAM_TYPE_DESC(
37 		AUTH_PARAM_PUB_KEY, TRUSTED_WORLD_PK_OID);
38 static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC(
39 		AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID);
40 static auth_param_type_desc_t scp_fw_content_pk = AUTH_PARAM_TYPE_DESC(
41 		AUTH_PARAM_PUB_KEY, SCP_FW_CONTENT_CERT_PK_OID);
42 static auth_param_type_desc_t soc_fw_content_pk = AUTH_PARAM_TYPE_DESC(
43 		AUTH_PARAM_PUB_KEY, SOC_FW_CONTENT_CERT_PK_OID);
44 static auth_param_type_desc_t tos_fw_content_pk = AUTH_PARAM_TYPE_DESC(
45 		AUTH_PARAM_PUB_KEY, TRUSTED_OS_FW_CONTENT_CERT_PK_OID);
46 static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC(
47 		AUTH_PARAM_PUB_KEY, NON_TRUSTED_FW_CONTENT_CERT_PK_OID);
48 static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC(
49 		AUTH_PARAM_HASH, SCP_FW_HASH_OID);
50 static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
51 		AUTH_PARAM_HASH, SOC_AP_FW_HASH_OID);
52 static auth_param_type_desc_t soc_fw_config_hash = AUTH_PARAM_TYPE_DESC(
53 		AUTH_PARAM_HASH, SOC_FW_CONFIG_HASH_OID);
54 static auth_param_type_desc_t tos_fw_hash = AUTH_PARAM_TYPE_DESC(
55 		AUTH_PARAM_HASH, TRUSTED_OS_FW_HASH_OID);
56 static auth_param_type_desc_t tos_fw_config_hash = AUTH_PARAM_TYPE_DESC(
57 		AUTH_PARAM_HASH, TRUSTED_OS_FW_CONFIG_HASH_OID);
58 static auth_param_type_desc_t tos_fw_extra1_hash = AUTH_PARAM_TYPE_DESC(
59 		AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA1_HASH_OID);
60 static auth_param_type_desc_t tos_fw_extra2_hash = AUTH_PARAM_TYPE_DESC(
61 		AUTH_PARAM_HASH, TRUSTED_OS_FW_EXTRA2_HASH_OID);
62 static auth_param_type_desc_t nt_world_bl_hash = AUTH_PARAM_TYPE_DESC(
63 		AUTH_PARAM_HASH, NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID);
64 static auth_param_type_desc_t nt_fw_config_hash = AUTH_PARAM_TYPE_DESC(
65 		AUTH_PARAM_HASH, NON_TRUSTED_FW_CONFIG_HASH_OID);
66 #if defined(SPD_spmd)
67 static auth_param_type_desc_t sp_pkg1_hash = AUTH_PARAM_TYPE_DESC(
68 		AUTH_PARAM_HASH, SP_PKG1_HASH_OID);
69 static auth_param_type_desc_t sp_pkg2_hash = AUTH_PARAM_TYPE_DESC(
70 		AUTH_PARAM_HASH, SP_PKG2_HASH_OID);
71 static auth_param_type_desc_t sp_pkg3_hash = AUTH_PARAM_TYPE_DESC(
72 		AUTH_PARAM_HASH, SP_PKG3_HASH_OID);
73 static auth_param_type_desc_t sp_pkg4_hash = AUTH_PARAM_TYPE_DESC(
74 		AUTH_PARAM_HASH, SP_PKG4_HASH_OID);
75 static auth_param_type_desc_t sp_pkg5_hash = AUTH_PARAM_TYPE_DESC(
76 		AUTH_PARAM_HASH, SP_PKG5_HASH_OID);
77 static auth_param_type_desc_t sp_pkg6_hash = AUTH_PARAM_TYPE_DESC(
78 		AUTH_PARAM_HASH, SP_PKG6_HASH_OID);
79 static auth_param_type_desc_t sp_pkg7_hash = AUTH_PARAM_TYPE_DESC(
80 		AUTH_PARAM_HASH, SP_PKG7_HASH_OID);
81 static auth_param_type_desc_t sp_pkg8_hash = AUTH_PARAM_TYPE_DESC(
82 		AUTH_PARAM_HASH, SP_PKG8_HASH_OID);
83 #endif /* SPD_spmd */
84 
85 /*
86  * Trusted key certificate
87  */
88 static const auth_img_desc_t trusted_key_cert = {
89 	.img_id = TRUSTED_KEY_CERT_ID,
90 	.img_type = IMG_CERT,
91 	.parent = NULL,
92 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
93 		[0] = {
94 			.type = AUTH_METHOD_SIG,
95 			.param.sig = {
96 				.pk = &subject_pk,
97 				.sig = &sig,
98 				.alg = &sig_alg,
99 				.data = &raw_data
100 			}
101 		},
102 		[1] = {
103 			.type = AUTH_METHOD_NV_CTR,
104 			.param.nv_ctr = {
105 				.cert_nv_ctr = &trusted_nv_ctr,
106 				.plat_nv_ctr = &trusted_nv_ctr
107 			}
108 		}
109 	},
110 	.authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
111 		[0] = {
112 			.type_desc = &trusted_world_pk,
113 			.data = {
114 				.ptr = (void *)trusted_world_pk_buf,
115 				.len = (unsigned int)PK_DER_LEN
116 			}
117 		},
118 		[1] = {
119 			.type_desc = &non_trusted_world_pk,
120 			.data = {
121 				.ptr = (void *)non_trusted_world_pk_buf,
122 				.len = (unsigned int)PK_DER_LEN
123 			}
124 		}
125 	}
126 };
127 /*
128  * SCP Firmware
129  */
130 static const auth_img_desc_t scp_fw_key_cert = {
131 	.img_id = SCP_FW_KEY_CERT_ID,
132 	.img_type = IMG_CERT,
133 	.parent = &trusted_key_cert,
134 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
135 		[0] = {
136 			.type = AUTH_METHOD_SIG,
137 			.param.sig = {
138 				.pk = &trusted_world_pk,
139 				.sig = &sig,
140 				.alg = &sig_alg,
141 				.data = &raw_data
142 			}
143 		},
144 		[1] = {
145 			.type = AUTH_METHOD_NV_CTR,
146 			.param.nv_ctr = {
147 				.cert_nv_ctr = &trusted_nv_ctr,
148 				.plat_nv_ctr = &trusted_nv_ctr
149 			}
150 		}
151 	},
152 	.authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
153 		[0] = {
154 			.type_desc = &scp_fw_content_pk,
155 			.data = {
156 				.ptr = (void *)content_pk_buf,
157 				.len = (unsigned int)PK_DER_LEN
158 			}
159 		}
160 	}
161 };
162 static const auth_img_desc_t scp_fw_content_cert = {
163 	.img_id = SCP_FW_CONTENT_CERT_ID,
164 	.img_type = IMG_CERT,
165 	.parent = &scp_fw_key_cert,
166 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
167 		[0] = {
168 			.type = AUTH_METHOD_SIG,
169 			.param.sig = {
170 				.pk = &scp_fw_content_pk,
171 				.sig = &sig,
172 				.alg = &sig_alg,
173 				.data = &raw_data
174 			}
175 		},
176 		[1] = {
177 			.type = AUTH_METHOD_NV_CTR,
178 			.param.nv_ctr = {
179 				.cert_nv_ctr = &trusted_nv_ctr,
180 				.plat_nv_ctr = &trusted_nv_ctr
181 			}
182 		}
183 	},
184 	.authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
185 		[0] = {
186 			.type_desc = &scp_fw_hash,
187 			.data = {
188 				.ptr = (void *)scp_fw_hash_buf,
189 				.len = (unsigned int)HASH_DER_LEN
190 			}
191 		}
192 	}
193 };
194 static const auth_img_desc_t scp_bl2_image = {
195 	.img_id = SCP_BL2_IMAGE_ID,
196 	.img_type = IMG_RAW,
197 	.parent = &scp_fw_content_cert,
198 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
199 		[0] = {
200 			.type = AUTH_METHOD_HASH,
201 			.param.hash = {
202 				.data = &raw_data,
203 				.hash = &scp_fw_hash
204 			}
205 		}
206 	}
207 };
208 /*
209  * SoC Firmware
210  */
211 static const auth_img_desc_t soc_fw_key_cert = {
212 	.img_id = SOC_FW_KEY_CERT_ID,
213 	.img_type = IMG_CERT,
214 	.parent = &trusted_key_cert,
215 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
216 		[0] = {
217 			.type = AUTH_METHOD_SIG,
218 			.param.sig = {
219 				.pk = &trusted_world_pk,
220 				.sig = &sig,
221 				.alg = &sig_alg,
222 				.data = &raw_data
223 			}
224 		},
225 		[1] = {
226 			.type = AUTH_METHOD_NV_CTR,
227 			.param.nv_ctr = {
228 				.cert_nv_ctr = &trusted_nv_ctr,
229 				.plat_nv_ctr = &trusted_nv_ctr
230 			}
231 		}
232 	},
233 	.authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
234 		[0] = {
235 			.type_desc = &soc_fw_content_pk,
236 			.data = {
237 				.ptr = (void *)content_pk_buf,
238 				.len = (unsigned int)PK_DER_LEN
239 			}
240 		}
241 	}
242 };
243 static const auth_img_desc_t soc_fw_content_cert = {
244 	.img_id = SOC_FW_CONTENT_CERT_ID,
245 	.img_type = IMG_CERT,
246 	.parent = &soc_fw_key_cert,
247 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
248 		[0] = {
249 			.type = AUTH_METHOD_SIG,
250 			.param.sig = {
251 				.pk = &soc_fw_content_pk,
252 				.sig = &sig,
253 				.alg = &sig_alg,
254 				.data = &raw_data
255 			}
256 		},
257 		[1] = {
258 			.type = AUTH_METHOD_NV_CTR,
259 			.param.nv_ctr = {
260 				.cert_nv_ctr = &trusted_nv_ctr,
261 				.plat_nv_ctr = &trusted_nv_ctr
262 			}
263 		}
264 	},
265 	.authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
266 		[0] = {
267 			.type_desc = &soc_fw_hash,
268 			.data = {
269 				.ptr = (void *)soc_fw_hash_buf,
270 				.len = (unsigned int)HASH_DER_LEN
271 			}
272 		},
273 		[1] = {
274 			.type_desc = &soc_fw_config_hash,
275 			.data = {
276 				.ptr = (void *)soc_fw_config_hash_buf,
277 				.len = (unsigned int)HASH_DER_LEN
278 			}
279 		}
280 	}
281 };
282 static const auth_img_desc_t bl31_image = {
283 	.img_id = BL31_IMAGE_ID,
284 	.img_type = IMG_RAW,
285 	.parent = &soc_fw_content_cert,
286 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
287 		[0] = {
288 			.type = AUTH_METHOD_HASH,
289 			.param.hash = {
290 				.data = &raw_data,
291 				.hash = &soc_fw_hash
292 			}
293 		}
294 	}
295 };
296 /* SOC FW Config */
297 static const auth_img_desc_t soc_fw_config = {
298 	.img_id = SOC_FW_CONFIG_ID,
299 	.img_type = IMG_RAW,
300 	.parent = &soc_fw_content_cert,
301 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
302 		[0] = {
303 			.type = AUTH_METHOD_HASH,
304 			.param.hash = {
305 				.data = &raw_data,
306 				.hash = &soc_fw_config_hash
307 			}
308 		}
309 	}
310 };
311 /*
312  * Trusted OS Firmware
313  */
314 static const auth_img_desc_t trusted_os_fw_key_cert = {
315 	.img_id = TRUSTED_OS_FW_KEY_CERT_ID,
316 	.img_type = IMG_CERT,
317 	.parent = &trusted_key_cert,
318 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
319 		[0] = {
320 			.type = AUTH_METHOD_SIG,
321 			.param.sig = {
322 				.pk = &trusted_world_pk,
323 				.sig = &sig,
324 				.alg = &sig_alg,
325 				.data = &raw_data
326 			}
327 		},
328 		[1] = {
329 			.type = AUTH_METHOD_NV_CTR,
330 			.param.nv_ctr = {
331 				.cert_nv_ctr = &trusted_nv_ctr,
332 				.plat_nv_ctr = &trusted_nv_ctr
333 			}
334 		}
335 	},
336 	.authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
337 		[0] = {
338 			.type_desc = &tos_fw_content_pk,
339 			.data = {
340 				.ptr = (void *)content_pk_buf,
341 				.len = (unsigned int)PK_DER_LEN
342 			}
343 		}
344 	}
345 };
346 static const auth_img_desc_t trusted_os_fw_content_cert = {
347 	.img_id = TRUSTED_OS_FW_CONTENT_CERT_ID,
348 	.img_type = IMG_CERT,
349 	.parent = &trusted_os_fw_key_cert,
350 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
351 		[0] = {
352 			.type = AUTH_METHOD_SIG,
353 			.param.sig = {
354 				.pk = &tos_fw_content_pk,
355 				.sig = &sig,
356 				.alg = &sig_alg,
357 				.data = &raw_data
358 			}
359 		},
360 		[1] = {
361 			.type = AUTH_METHOD_NV_CTR,
362 			.param.nv_ctr = {
363 				.cert_nv_ctr = &trusted_nv_ctr,
364 				.plat_nv_ctr = &trusted_nv_ctr
365 			}
366 		}
367 	},
368 	.authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
369 		[0] = {
370 			.type_desc = &tos_fw_hash,
371 			.data = {
372 				.ptr = (void *)tos_fw_hash_buf,
373 				.len = (unsigned int)HASH_DER_LEN
374 			}
375 		},
376 		[1] = {
377 			.type_desc = &tos_fw_extra1_hash,
378 			.data = {
379 				.ptr = (void *)tos_fw_extra1_hash_buf,
380 				.len = (unsigned int)HASH_DER_LEN
381 			}
382 		},
383 		[2] = {
384 			.type_desc = &tos_fw_extra2_hash,
385 			.data = {
386 				.ptr = (void *)tos_fw_extra2_hash_buf,
387 				.len = (unsigned int)HASH_DER_LEN
388 			}
389 		},
390 		[3] = {
391 			.type_desc = &tos_fw_config_hash,
392 			.data = {
393 				.ptr = (void *)tos_fw_config_hash_buf,
394 				.len = (unsigned int)HASH_DER_LEN
395 			}
396 		}
397 	}
398 };
399 static const auth_img_desc_t bl32_image = {
400 	.img_id = BL32_IMAGE_ID,
401 	.img_type = IMG_RAW,
402 	.parent = &trusted_os_fw_content_cert,
403 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
404 		[0] = {
405 			.type = AUTH_METHOD_HASH,
406 			.param.hash = {
407 				.data = &raw_data,
408 				.hash = &tos_fw_hash
409 			}
410 		}
411 	}
412 };
413 static const auth_img_desc_t bl32_extra1_image = {
414 	.img_id = BL32_EXTRA1_IMAGE_ID,
415 	.img_type = IMG_RAW,
416 	.parent = &trusted_os_fw_content_cert,
417 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
418 		[0] = {
419 			.type = AUTH_METHOD_HASH,
420 			.param.hash = {
421 				.data = &raw_data,
422 				.hash = &tos_fw_extra1_hash
423 			}
424 		}
425 	}
426 };
427 static const auth_img_desc_t bl32_extra2_image = {
428 	.img_id = BL32_EXTRA2_IMAGE_ID,
429 	.img_type = IMG_RAW,
430 	.parent = &trusted_os_fw_content_cert,
431 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
432 		[0] = {
433 			.type = AUTH_METHOD_HASH,
434 			.param.hash = {
435 				.data = &raw_data,
436 				.hash = &tos_fw_extra2_hash
437 			}
438 		}
439 	}
440 };
441 /* TOS FW Config */
442 static const auth_img_desc_t tos_fw_config = {
443 	.img_id = TOS_FW_CONFIG_ID,
444 	.img_type = IMG_RAW,
445 	.parent = &trusted_os_fw_content_cert,
446 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
447 		[0] = {
448 			.type = AUTH_METHOD_HASH,
449 			.param.hash = {
450 				.data = &raw_data,
451 				.hash = &tos_fw_config_hash
452 			}
453 		}
454 	}
455 };
456 /*
457  * Non-Trusted Firmware
458  */
459 static const auth_img_desc_t non_trusted_fw_key_cert = {
460 	.img_id = NON_TRUSTED_FW_KEY_CERT_ID,
461 	.img_type = IMG_CERT,
462 	.parent = &trusted_key_cert,
463 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
464 		[0] = {
465 			.type = AUTH_METHOD_SIG,
466 			.param.sig = {
467 				.pk = &non_trusted_world_pk,
468 				.sig = &sig,
469 				.alg = &sig_alg,
470 				.data = &raw_data
471 			}
472 		},
473 		[1] = {
474 			.type = AUTH_METHOD_NV_CTR,
475 			.param.nv_ctr = {
476 				.cert_nv_ctr = &non_trusted_nv_ctr,
477 				.plat_nv_ctr = &non_trusted_nv_ctr
478 			}
479 		}
480 	},
481 	.authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
482 		[0] = {
483 			.type_desc = &nt_fw_content_pk,
484 			.data = {
485 				.ptr = (void *)content_pk_buf,
486 				.len = (unsigned int)PK_DER_LEN
487 			}
488 		}
489 	}
490 };
491 static const auth_img_desc_t non_trusted_fw_content_cert = {
492 	.img_id = NON_TRUSTED_FW_CONTENT_CERT_ID,
493 	.img_type = IMG_CERT,
494 	.parent = &non_trusted_fw_key_cert,
495 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
496 		[0] = {
497 			.type = AUTH_METHOD_SIG,
498 			.param.sig = {
499 				.pk = &nt_fw_content_pk,
500 				.sig = &sig,
501 				.alg = &sig_alg,
502 				.data = &raw_data
503 			}
504 		},
505 		[1] = {
506 			.type = AUTH_METHOD_NV_CTR,
507 			.param.nv_ctr = {
508 				.cert_nv_ctr = &non_trusted_nv_ctr,
509 				.plat_nv_ctr = &non_trusted_nv_ctr
510 			}
511 		}
512 	},
513 	.authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
514 		[0] = {
515 			.type_desc = &nt_world_bl_hash,
516 			.data = {
517 				.ptr = (void *)nt_world_bl_hash_buf,
518 				.len = (unsigned int)HASH_DER_LEN
519 			}
520 		},
521 		[1] = {
522 			.type_desc = &nt_fw_config_hash,
523 			.data = {
524 				.ptr = (void *)nt_fw_config_hash_buf,
525 				.len = (unsigned int)HASH_DER_LEN
526 			}
527 		}
528 	}
529 };
530 static const auth_img_desc_t bl33_image = {
531 	.img_id = BL33_IMAGE_ID,
532 	.img_type = IMG_RAW,
533 	.parent = &non_trusted_fw_content_cert,
534 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
535 		[0] = {
536 			.type = AUTH_METHOD_HASH,
537 			.param.hash = {
538 				.data = &raw_data,
539 				.hash = &nt_world_bl_hash
540 			}
541 		}
542 	}
543 };
544 /* NT FW Config */
545 static const auth_img_desc_t nt_fw_config = {
546 	.img_id = NT_FW_CONFIG_ID,
547 	.img_type = IMG_RAW,
548 	.parent = &non_trusted_fw_content_cert,
549 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
550 		[0] = {
551 			.type = AUTH_METHOD_HASH,
552 			.param.hash = {
553 				.data = &raw_data,
554 				.hash = &nt_fw_config_hash
555 			}
556 		}
557 	}
558 };
559 /* Secure Partitions */
560 #if defined(SPD_spmd)
561 static const auth_img_desc_t sip_sp_content_cert = {
562 	.img_id = SIP_SP_CONTENT_CERT_ID,
563 	.img_type = IMG_CERT,
564 	.parent = &trusted_key_cert,
565 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
566 		[0] = {
567 			.type = AUTH_METHOD_SIG,
568 			.param.sig = {
569 				.pk = &trusted_world_pk,
570 				.sig = &sig,
571 				.alg = &sig_alg,
572 				.data = &raw_data
573 			}
574 		},
575 		[1] = {
576 			.type = AUTH_METHOD_NV_CTR,
577 			.param.nv_ctr = {
578 				.cert_nv_ctr = &trusted_nv_ctr,
579 				.plat_nv_ctr = &trusted_nv_ctr
580 			}
581 		}
582 	},
583 	.authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) {
584 		[0] = {
585 			.type_desc = &sp_pkg1_hash,
586 			.data = {
587 				.ptr = (void *)sp_pkg_hash_buf[0],
588 				.len = (unsigned int)HASH_DER_LEN
589 			}
590 		},
591 		[1] = {
592 			.type_desc = &sp_pkg2_hash,
593 			.data = {
594 				.ptr = (void *)sp_pkg_hash_buf[1],
595 				.len = (unsigned int)HASH_DER_LEN
596 			}
597 		},
598 		[2] = {
599 			.type_desc = &sp_pkg3_hash,
600 			.data = {
601 				.ptr = (void *)sp_pkg_hash_buf[2],
602 				.len = (unsigned int)HASH_DER_LEN
603 			}
604 		},
605 		[3] = {
606 			.type_desc = &sp_pkg4_hash,
607 			.data = {
608 				.ptr = (void *)sp_pkg_hash_buf[3],
609 				.len = (unsigned int)HASH_DER_LEN
610 			}
611 		},
612 		[4] = {
613 			.type_desc = &sp_pkg5_hash,
614 			.data = {
615 				.ptr = (void *)sp_pkg_hash_buf[4],
616 				.len = (unsigned int)HASH_DER_LEN
617 			}
618 		},
619 		[5] = {
620 			.type_desc = &sp_pkg6_hash,
621 			.data = {
622 				.ptr = (void *)sp_pkg_hash_buf[5],
623 				.len = (unsigned int)HASH_DER_LEN
624 			}
625 		},
626 		[6] = {
627 			.type_desc = &sp_pkg7_hash,
628 			.data = {
629 				.ptr = (void *)sp_pkg_hash_buf[6],
630 				.len = (unsigned int)HASH_DER_LEN
631 			}
632 		},
633 		[7] = {
634 			.type_desc = &sp_pkg8_hash,
635 			.data = {
636 				.ptr = (void *)sp_pkg_hash_buf[7],
637 				.len = (unsigned int)HASH_DER_LEN
638 			}
639 		}
640 	}
641 };
642 
643 DEFINE_SIP_SP_PKG(1);
644 DEFINE_SIP_SP_PKG(2);
645 DEFINE_SIP_SP_PKG(3);
646 DEFINE_SIP_SP_PKG(4);
647 DEFINE_SIP_SP_PKG(5);
648 DEFINE_SIP_SP_PKG(6);
649 DEFINE_SIP_SP_PKG(7);
650 DEFINE_SIP_SP_PKG(8);
651 #endif /* SPD_spmd */
652 
653 static const auth_img_desc_t * const cot_desc[] = {
654 	[TRUSTED_BOOT_FW_CERT_ID]		=	&trusted_boot_fw_cert,
655 	[HW_CONFIG_ID]				=	&hw_config,
656 	[TRUSTED_KEY_CERT_ID]			=	&trusted_key_cert,
657 	[SCP_FW_KEY_CERT_ID]			=	&scp_fw_key_cert,
658 	[SCP_FW_CONTENT_CERT_ID]		=	&scp_fw_content_cert,
659 	[SCP_BL2_IMAGE_ID]			=	&scp_bl2_image,
660 	[SOC_FW_KEY_CERT_ID]			=	&soc_fw_key_cert,
661 	[SOC_FW_CONTENT_CERT_ID]		=	&soc_fw_content_cert,
662 	[BL31_IMAGE_ID]				=	&bl31_image,
663 	[SOC_FW_CONFIG_ID]			=	&soc_fw_config,
664 	[TRUSTED_OS_FW_KEY_CERT_ID]		=	&trusted_os_fw_key_cert,
665 	[TRUSTED_OS_FW_CONTENT_CERT_ID]		=	&trusted_os_fw_content_cert,
666 	[BL32_IMAGE_ID]				=	&bl32_image,
667 	[BL32_EXTRA1_IMAGE_ID]			=	&bl32_extra1_image,
668 	[BL32_EXTRA2_IMAGE_ID]			=	&bl32_extra2_image,
669 	[TOS_FW_CONFIG_ID]			=	&tos_fw_config,
670 	[NON_TRUSTED_FW_KEY_CERT_ID]		=	&non_trusted_fw_key_cert,
671 	[NON_TRUSTED_FW_CONTENT_CERT_ID]	=	&non_trusted_fw_content_cert,
672 	[BL33_IMAGE_ID]				=	&bl33_image,
673 	[NT_FW_CONFIG_ID]			=	&nt_fw_config,
674 #if defined(SPD_spmd)
675 	[SIP_SP_CONTENT_CERT_ID]		=	&sip_sp_content_cert,
676 	[SP_PKG1_ID]				=	&sp_pkg1,
677 	[SP_PKG2_ID]				=	&sp_pkg2,
678 	[SP_PKG3_ID]				=	&sp_pkg3,
679 	[SP_PKG4_ID]				=	&sp_pkg4,
680 	[SP_PKG5_ID]				=	&sp_pkg5,
681 	[SP_PKG6_ID]				=	&sp_pkg6,
682 	[SP_PKG7_ID]				=	&sp_pkg7,
683 	[SP_PKG8_ID]				=       &sp_pkg8,
684 #endif
685 };
686 
687 /* Register the CoT in the authentication module */
688 REGISTER_COT(cot_desc);
689