1 /*
2  * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
3  *
4  * Copyright 2020 NXP
5  *
6  * SPDX-License-Identifier: BSD-3-Clause
7  */
8 
9 #include <stddef.h>
10 
11 #include <drivers/auth/auth_mod.h>
12 
13 #if USE_TBBR_DEFS
14 #include <tools_share/tbbr_oid.h>
15 #else
16 #include <platform_oid.h>
17 #endif
18 
19 
20 static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC(
21 		AUTH_PARAM_SIG, 0);
22 static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC(
23 		AUTH_PARAM_SIG_ALG, 0);
24 static auth_param_type_desc_t sig_hash = AUTH_PARAM_TYPE_DESC(
25 		AUTH_PARAM_HASH, 0);
26 
27 static auth_param_type_desc_t non_trusted_world_pk = AUTH_PARAM_TYPE_DESC(
28 		AUTH_PARAM_PUB_KEY, NON_TRUSTED_WORLD_PK_OID);
29 
30 /*
31  * TBBR Chain of trust definition
32  */
33 static const auth_img_desc_t bl31_image = {
34 	.img_id = BL31_IMAGE_ID,
35 	.img_type = IMG_PLAT,
36 	.parent = NULL,
37 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
38 		[0] = {
39 			.type = AUTH_METHOD_SIG,
40 			.param.sig = {
41 				.pk = &non_trusted_world_pk,
42 				.sig = &sig,
43 				.alg = &sig_alg,
44 				.data = &sig_hash
45 			}
46 		}
47 	}
48 };
49 static const auth_img_desc_t scp_bl2_image = {
50 	.img_id = SCP_BL2_IMAGE_ID,
51 	.img_type = IMG_PLAT,
52 	.parent = NULL,
53 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
54 		[0] = {
55 			.type = AUTH_METHOD_SIG,
56 			.param.sig = {
57 				.pk = &non_trusted_world_pk,
58 				.sig = &sig,
59 				.alg = &sig_alg,
60 				.data = &sig_hash
61 			}
62 		}
63 	}
64 };
65 static const auth_img_desc_t bl32_image = {
66 	.img_id = BL32_IMAGE_ID,
67 	.img_type = IMG_PLAT,
68 	.parent = NULL,
69 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
70 		[0] = {
71 			.type = AUTH_METHOD_SIG,
72 			.param.sig = {
73 				.pk = &non_trusted_world_pk,
74 				.sig = &sig,
75 				.alg = &sig_alg,
76 				.data = &sig_hash
77 			}
78 		}
79 	}
80 };
81 static const auth_img_desc_t bl33_image = {
82 	.img_id = BL33_IMAGE_ID,
83 	.img_type = IMG_PLAT,
84 	.parent = NULL,
85 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
86 		[0] = {
87 			.type = AUTH_METHOD_SIG,
88 			.param.sig = {
89 				.pk = &non_trusted_world_pk,
90 				.sig = &sig,
91 				.alg = &sig_alg,
92 				.data = &sig_hash
93 			}
94 		}
95 	}
96 };
97 #ifdef POLICY_FUSE_PROVISION
98 static const auth_img_desc_t fuse_prov_img = {
99 	.img_id = FUSE_PROV_IMAGE_ID,
100 	.img_type = IMG_PLAT,
101 	.parent = NULL,
102 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
103 		[0] = {
104 			.type = AUTH_METHOD_SIG,
105 			.param.sig = {
106 				.pk = &non_trusted_world_pk,
107 				.sig = &sig,
108 				.alg = &sig_alg,
109 				.data = &sig_hash
110 			}
111 		}
112 	}
113 };
114 static const auth_img_desc_t fuse_upgrade_img = {
115 	.img_id = FUSE_UP_IMAGE_ID,
116 	.img_type = IMG_PLAT,
117 	.parent = NULL,
118 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
119 		[0] = {
120 			.type = AUTH_METHOD_SIG,
121 			.param.sig = {
122 				.pk = &non_trusted_world_pk,
123 				.sig = &sig,
124 				.alg = &sig_alg,
125 				.data = &sig_hash
126 			}
127 		}
128 	}
129 };
130 #endif
131 #ifdef CONFIG_DDR_FIP_IMAGE
132 static const auth_img_desc_t ddr_imem_udimm_1d_img = {
133 	.img_id = DDR_IMEM_UDIMM_1D_IMAGE_ID,
134 	.img_type = IMG_PLAT,
135 	.parent = NULL,
136 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
137 		[0] = {
138 			.type = AUTH_METHOD_SIG,
139 			.param.sig = {
140 				.pk = &non_trusted_world_pk,
141 				.sig = &sig,
142 				.alg = &sig_alg,
143 				.data = &sig_hash
144 			}
145 		}
146 	}
147 };
148 static const auth_img_desc_t ddr_imem_udimm_2d_img = {
149 	.img_id = DDR_IMEM_UDIMM_2D_IMAGE_ID,
150 	.img_type = IMG_PLAT,
151 	.parent = NULL,
152 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
153 		[0] = {
154 			.type = AUTH_METHOD_SIG,
155 			.param.sig = {
156 				.pk = &non_trusted_world_pk,
157 				.sig = &sig,
158 				.alg = &sig_alg,
159 				.data = &sig_hash
160 			}
161 		}
162 	}
163 };
164 static const auth_img_desc_t ddr_dmem_udimm_1d_img = {
165 	.img_id = DDR_DMEM_UDIMM_1D_IMAGE_ID,
166 	.img_type = IMG_PLAT,
167 	.parent = NULL,
168 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
169 		[0] = {
170 			.type = AUTH_METHOD_SIG,
171 			.param.sig = {
172 				.pk = &non_trusted_world_pk,
173 				.sig = &sig,
174 				.alg = &sig_alg,
175 				.data = &sig_hash
176 			}
177 		}
178 	}
179 };
180 static const auth_img_desc_t ddr_dmem_udimm_2d_img = {
181 	.img_id = DDR_DMEM_UDIMM_2D_IMAGE_ID,
182 	.img_type = IMG_PLAT,
183 	.parent = NULL,
184 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
185 		[0] = {
186 			.type = AUTH_METHOD_SIG,
187 			.param.sig = {
188 				.pk = &non_trusted_world_pk,
189 				.sig = &sig,
190 				.alg = &sig_alg,
191 				.data = &sig_hash
192 			}
193 		}
194 	}
195 };
196 static const auth_img_desc_t ddr_imem_rdimm_1d_img = {
197 	.img_id = DDR_IMEM_RDIMM_1D_IMAGE_ID,
198 	.img_type = IMG_PLAT,
199 	.parent = NULL,
200 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
201 		[0] = {
202 			.type = AUTH_METHOD_SIG,
203 			.param.sig = {
204 				.pk = &non_trusted_world_pk,
205 				.sig = &sig,
206 				.alg = &sig_alg,
207 				.data = &sig_hash
208 			}
209 		}
210 	}
211 };
212 static const auth_img_desc_t ddr_imem_rdimm_2d_img = {
213 	.img_id = DDR_IMEM_RDIMM_2D_IMAGE_ID,
214 	.img_type = IMG_PLAT,
215 	.parent = NULL,
216 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
217 		[0] = {
218 			.type = AUTH_METHOD_SIG,
219 			.param.sig = {
220 				.pk = &non_trusted_world_pk,
221 				.sig = &sig,
222 				.alg = &sig_alg,
223 				.data = &sig_hash
224 			}
225 		}
226 	}
227 };
228 static const auth_img_desc_t ddr_dmem_rdimm_1d_img = {
229 	.img_id = DDR_DMEM_RDIMM_1D_IMAGE_ID,
230 	.img_type = IMG_PLAT,
231 	.parent = NULL,
232 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
233 		[0] = {
234 			.type = AUTH_METHOD_SIG,
235 			.param.sig = {
236 				.pk = &non_trusted_world_pk,
237 				.sig = &sig,
238 				.alg = &sig_alg,
239 				.data = &sig_hash
240 			}
241 		}
242 	}
243 };
244 static const auth_img_desc_t ddr_dmem_rdimm_2d_img = {
245 	.img_id = DDR_DMEM_RDIMM_2D_IMAGE_ID,
246 	.img_type = IMG_PLAT,
247 	.parent = NULL,
248 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
249 		[0] = {
250 			.type = AUTH_METHOD_SIG,
251 			.param.sig = {
252 				.pk = &non_trusted_world_pk,
253 				.sig = &sig,
254 				.alg = &sig_alg,
255 				.data = &sig_hash
256 			}
257 		}
258 	}
259 };
260 #endif
261 
262 static const auth_img_desc_t * const cot_desc[] = {
263 	[BL31_IMAGE_ID]			=	&bl31_image,
264 	[SCP_BL2_IMAGE_ID]		=	&scp_bl2_image,
265 	[BL32_IMAGE_ID]			=	&bl32_image,
266 	[BL33_IMAGE_ID]			=	&bl33_image,
267 #ifdef POLICY_FUSE_PROVISION
268 	[FUSE_PROV_IMAGE_ID]		=	&fuse_prov_img,
269 	[FUSE_UP_IMAGE_ID]		=	&fuse_upgrade_img,
270 #endif
271 #ifdef CONFIG_DDR_FIP_IMAGE
272 	[DDR_IMEM_UDIMM_1D_IMAGE_ID]	=	&ddr_imem_udimm_1d_img,
273 	[DDR_IMEM_UDIMM_2D_IMAGE_ID]	=	&ddr_imem_udimm_2d_img,
274 	[DDR_DMEM_UDIMM_1D_IMAGE_ID]	=	&ddr_dmem_udimm_1d_img,
275 	[DDR_DMEM_UDIMM_2D_IMAGE_ID]	=	&ddr_dmem_udimm_2d_img,
276 	[DDR_IMEM_RDIMM_1D_IMAGE_ID]	=	&ddr_imem_rdimm_1d_img,
277 	[DDR_IMEM_RDIMM_2D_IMAGE_ID]	=	&ddr_imem_rdimm_2d_img,
278 	[DDR_DMEM_RDIMM_1D_IMAGE_ID]	=	&ddr_dmem_rdimm_1d_img,
279 	[DDR_DMEM_RDIMM_2D_IMAGE_ID]	=	&ddr_dmem_rdimm_2d_img,
280 #endif
281 };
282 
283 /* Register the CoT in the authentication module */
284 REGISTER_COT(cot_desc);
285