common/tbbr/csf_tbbr.c

/*
 * Copyright 2018-2021 NXP
 *
 * SPDX-License-Identifier: BSD-3-Clause
 *
 *
 */

#include <errno.h>

#include <common/debug.h>
#include <csf_hdr.h>
#include <dcfg.h>
#include <drivers/auth/crypto_mod.h>
#include <snvs.h>

#include <plat/common/platform.h>
#include "plat_common.h"

extern bool rotpk_not_dpld;
extern uint8_t rotpk_hash_table[MAX_KEY_ENTRIES][SHA256_BYTES];
extern uint32_t num_rotpk_hash_entries;

/*
 * In case of secure boot, return ptr of rotpk_hash table in key_ptr and
 * number of hashes in key_len
 */
int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len,
			unsigned int *flags)
{
	uint32_t mode = 0U;
	*flags = ROTPK_NOT_DEPLOYED;

	/* ROTPK hash table must be available for secure boot */
	if (rotpk_not_dpld == true) {
		if (check_boot_mode_secure(&mode) == true) {
			/* Production mode, don;t continue further */
			if (mode == 1U) {
				return -EAUTH;
			}

			/* For development mode, rotpk flag false
			 * indicates that SRK hash comparison might
			 * have failed. This is not fatal error.
			 * Continue in this case but transition SNVS
			 * to non-secure state
			 */
			transition_snvs_non_secure();
			return 0;
		} else {
			return 0;
		}
	}

	/*
	 * We return the complete hash table and number of entries in
	 * table for NXP platform specific implementation.
	 * Here hash is always assume as SHA-256
	 */
	*key_ptr = rotpk_hash_table;
	*key_len = num_rotpk_hash_entries;
	*flags = ROTPK_IS_HASH;

	return 0;
}

int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr)
{
	/*
	 * No support for non-volatile counter. Update the ROT key to protect
	 * the system against rollback.
	 */
	*nv_ctr = 0U;

	return 0;
}

int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
{
	return 0;
}