1 /* 2 * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <assert.h> 8 #include <string.h> 9 10 #include <drivers/auth/auth_mod.h> 11 #include <plat/common/platform.h> 12 #if USE_TBBR_DEFS 13 #include <tools_share/tbbr_oid.h> 14 #else 15 #include <platform_oid.h> 16 #endif 17 18 /* 19 * Store a new non-volatile counter value. This implementation 20 * only allows updating of the platform's Trusted NV counter when a 21 * certificate protected by the Trusted NV counter is signed with 22 * the ROT key. This avoids a compromised secondary certificate from 23 * updating the platform's Trusted NV counter, which could lead to the 24 * platform becoming unusable. The function is suitable for all TBBR 25 * compliant platforms. 26 * 27 * Return: 0 = success, Otherwise = error 28 */ plat_set_nv_ctr2(void * cookie,const auth_img_desc_t * img_desc,unsigned int nv_ctr)29int plat_set_nv_ctr2(void *cookie, const auth_img_desc_t *img_desc, 30 unsigned int nv_ctr) 31 { 32 int trusted_nv_ctr; 33 34 assert(cookie != NULL); 35 assert(img_desc != NULL); 36 37 trusted_nv_ctr = strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0; 38 39 /* 40 * Only update the Trusted NV Counter if the certificate 41 * has been signed with the ROT key. Non Trusted NV counter 42 * updates are unconditional. 43 */ 44 if (!trusted_nv_ctr || img_desc->parent == NULL) 45 return plat_set_nv_ctr(cookie, nv_ctr); 46 47 /* 48 * Trusted certificates not signed with the ROT key are not 49 * allowed to update the Trusted NV Counter. 50 */ 51 return 1; 52 } 53