diff --git a/drivers/auth/dualroot/cot.c b/drivers/auth/dualroot/cot.c index 68f3d46..e1e47bc 100644 --- a/drivers/auth/dualroot/cot.c +++ b/drivers/auth/dualroot/cot.c @@ -743,29 +743,60 @@ .ptr = (void *)sp_pkg_hash_buf[3], .len = (unsigned int)HASH_DER_LEN } + } + } +}; + +DEFINE_SIP_SP_PKG(1); +DEFINE_SIP_SP_PKG(2); +DEFINE_SIP_SP_PKG(3); +DEFINE_SIP_SP_PKG(4); + +static const auth_img_desc_t plat_sp_content_cert = { + .img_id = PLAT_SP_CONTENT_CERT_ID, + .img_type = IMG_CERT, + .parent = NULL, + .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { + [0] = { + .type = AUTH_METHOD_SIG, + .param.sig = { + .pk = &prot_pk, + .sig = &sig, + .alg = &sig_alg, + .data = &raw_data + } }, - [4] = { + [1] = { + .type = AUTH_METHOD_NV_CTR, + .param.nv_ctr = { + .cert_nv_ctr = &non_trusted_nv_ctr, + .plat_nv_ctr = &non_trusted_nv_ctr + } + } + }, + .authenticated_data = (const auth_param_desc_t[COT_MAX_VERIFIED_PARAMS]) { + [0] = { .type_desc = &sp_pkg5_hash, .data = { .ptr = (void *)sp_pkg_hash_buf[4], .len = (unsigned int)HASH_DER_LEN } }, - [5] = { + [1] = { .type_desc = &sp_pkg6_hash, .data = { .ptr = (void *)sp_pkg_hash_buf[5], .len = (unsigned int)HASH_DER_LEN } }, - [6] = { + [2] = { .type_desc = &sp_pkg7_hash, .data = { .ptr = (void *)sp_pkg_hash_buf[6], .len = (unsigned int)HASH_DER_LEN } }, - [7] = { + [3] = { .type_desc = &sp_pkg8_hash, .data = { .ptr = (void *)sp_pkg_hash_buf[7], @@ -775,14 +806,10 @@ } }; -DEFINE_SIP_SP_PKG(1); -DEFINE_SIP_SP_PKG(2); -DEFINE_SIP_SP_PKG(3); -DEFINE_SIP_SP_PKG(4); -DEFINE_SIP_SP_PKG(5); -DEFINE_SIP_SP_PKG(6); -DEFINE_SIP_SP_PKG(7); -DEFINE_SIP_SP_PKG(8); +DEFINE_PLAT_SP_PKG(5); +DEFINE_PLAT_SP_PKG(6); +DEFINE_PLAT_SP_PKG(7); +DEFINE_PLAT_SP_PKG(8); #endif /* SPD_spmd */ #else /* IMAGE_BL2 */ @@ -915,6 +942,7 @@ [NT_FW_CONFIG_ID] = &nt_fw_config, #if defined(SPD_spmd) [SIP_SP_CONTENT_CERT_ID] = &sip_sp_content_cert, + [PLAT_SP_CONTENT_CERT_ID] = &plat_sp_content_cert, [SP_PKG1_ID] = &sp_pkg1, [SP_PKG2_ID] = &sp_pkg2, [SP_PKG3_ID] = &sp_pkg3, diff --git a/include/common/tbbr/tbbr_img_def.h b/include/common/tbbr/tbbr_img_def.h index b29b135..bd125e6 100644 --- a/include/common/tbbr/tbbr_img_def.h +++ b/include/common/tbbr/tbbr_img_def.h @@ -11,16 +11,17 @@ #if defined(SPD_spmd) #define SIP_SP_CONTENT_CERT_ID MAX_IMAGE_IDS -#define SP_PKG1_ID (MAX_IMAGE_IDS + 1) -#define SP_PKG2_ID (MAX_IMAGE_IDS + 2) -#define SP_PKG3_ID (MAX_IMAGE_IDS + 3) -#define SP_PKG4_ID (MAX_IMAGE_IDS + 4) -#define SP_PKG5_ID (MAX_IMAGE_IDS + 5) -#define SP_PKG6_ID (MAX_IMAGE_IDS + 6) -#define SP_PKG7_ID (MAX_IMAGE_IDS + 7) -#define SP_PKG8_ID (MAX_IMAGE_IDS + 8) +#define PLAT_SP_CONTENT_CERT_ID (MAX_IMAGE_IDS + 1) +#define SP_PKG1_ID (MAX_IMAGE_IDS + 2) +#define SP_PKG2_ID (MAX_IMAGE_IDS + 3) +#define SP_PKG3_ID (MAX_IMAGE_IDS + 4) +#define SP_PKG4_ID (MAX_IMAGE_IDS + 5) +#define SP_PKG5_ID (MAX_IMAGE_IDS + 6) +#define SP_PKG6_ID (MAX_IMAGE_IDS + 7) +#define SP_PKG7_ID (MAX_IMAGE_IDS + 8) +#define SP_PKG8_ID (MAX_IMAGE_IDS + 9) #define MAX_SP_IDS U(8) -#define MAX_NUMBER_IDS (MAX_IMAGE_IDS + MAX_SP_IDS + U(1)) +#define MAX_NUMBER_IDS (MAX_IMAGE_IDS + MAX_SP_IDS + U(2)) #else #define MAX_NUMBER_IDS MAX_IMAGE_IDS #endif diff --git a/include/drivers/auth/auth_mod.h b/include/drivers/auth/auth_mod.h index 504e539..3965b58 100644 --- a/include/drivers/auth/auth_mod.h +++ b/include/drivers/auth/auth_mod.h @@ -51,11 +51,15 @@ extern unsigned int auth_img_flags[MAX_NUMBER_IDS]; #if defined(SPD_spmd) -#define DEFINE_SIP_SP_PKG(n) \ + +#define DEFINE_SIP_SP_PKG(n) DEFINE_SP_PKG(n, sip_sp_content_cert) +#define DEFINE_PLAT_SP_PKG(n) DEFINE_SP_PKG(n, plat_sp_content_cert) + +#define DEFINE_SP_PKG(n, cert) \ static const auth_img_desc_t sp_pkg##n = { \ .img_id = SP_PKG##n##_ID, \ .img_type = IMG_RAW, \ - .parent = &sip_sp_content_cert, \ + .parent = &cert, \ .img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { \ [0] = { \ .type = AUTH_METHOD_HASH, \ @@ -66,6 +70,7 @@ } \ } \ } + #endif #endif /* TRUSTED_BOARD_BOOT */