/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
*/
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash);
-
TF_LDFLAGS += -L$(CCSBROM_LIB_PATH)
LDLIBS += -lcc_712sbromx509
-CRYPTOCELL_SOURCES := drivers/auth/cryptocell/cryptocell_crypto.c
+CRYPTOCELL_SOURCES := drivers/auth/cryptocell/cryptocell_crypto.c \
+ drivers/auth/cryptocell/cryptocell_plat_helpers.c
-BL1_SOURCES += ${CRYPTOCELL_SOURCES}
-BL2_SOURCES += ${CRYPTOCELL_SOURCES}
+BL1_SOURCES += ${CRYPTOCELL_SOURCES}
+BL2_SOURCES += ${CRYPTOCELL_SOURCES}
--- /dev/null
+/*
+ * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <stddef.h>
+#include <string.h>
+
+#include <platform_def.h>
+
+#include <plat/common/platform.h>
+#include <tools_share/tbbr_oid.h>
+
+#include <common/debug.h>
+#include <drivers/arm/cryptocell/sbrom_bsv_api.h>
+#include <drivers/arm/cryptocell/nvm.h>
+#include <drivers/arm/cryptocell/nvm_otp.h>
+
+/*
+ * Return the ROTPK hash
+ *
+ * dst: buffer into which the ROTPK hash will be copied into
+ * len: length of the provided buffer, which must be at least enough for a
+ * SHA256 hash
+ * flags: a pointer to integer that will be set to indicate the ROTPK status
+ *
+ * Return: 0 = success, Otherwise = error
+ */
+int cc_get_rotpk_hash(unsigned char *dst, unsigned int len, unsigned int *flags)
+{
+ CCError_t error;
+ uint32_t lcs;
+
+ assert(dst != NULL);
+ assert(len >= HASH_RESULT_SIZE_IN_WORDS);
+ assert(flags != NULL);
+
+ error = NVM_GetLCS(PLAT_CRYPTOCELL_BASE, &lcs);
+ if (error != CC_OK)
+ return 1;
+
+ /* If the lifecycle state is `SD`, return failure */
+ if (lcs == CC_BSV_SECURITY_DISABLED_LCS)
+ return 1;
+
+ /*
+ * If the lifecycle state is `CM` or `DM`, ROTPK shouldn't be verified.
+ * Return success after setting ROTPK_NOT_DEPLOYED flag
+ */
+ if ((lcs == CC_BSV_CHIP_MANUFACTURE_LCS) ||
+ (lcs == CC_BSV_DEVICE_MANUFACTURE_LCS)) {
+ *flags = ROTPK_NOT_DEPLOYED;
+ return 0;
+ }
+
+ /* Copy the DER header */
+ error = NVM_ReadHASHPubKey(PLAT_CRYPTOCELL_BASE,
+ CC_SB_HASH_BOOT_KEY_256B,
+ (uint32_t *)dst, HASH_RESULT_SIZE_IN_WORDS);
+ if (error != CC_OK)
+ return 1;
+
+ *flags = ROTPK_IS_HASH;
+ return 0;
+}
+
+/*
+ * Return the non-volatile counter value stored in the platform. The cookie
+ * specifies the OID of the counter in the certificate.
+ *
+ * Return: 0 = success, Otherwise = error
+ */
+int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr)
+{
+ CCError_t error = CC_FAIL;
+
+ if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
+ error = NVM_GetSwVersion(PLAT_CRYPTOCELL_BASE,
+ CC_SW_VERSION_COUNTER1, nv_ctr);
+ } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
+ error = NVM_GetSwVersion(PLAT_CRYPTOCELL_BASE,
+ CC_SW_VERSION_COUNTER2, nv_ctr);
+ }
+
+ return (error != CC_OK);
+}
+
+/*
+ * Store a new non-volatile counter value in the counter specified by the OID
+ * in the cookie. This function is not expected to be called if the Lifecycle
+ * state is RMA as the values in the certificate are expected to always match
+ * the nvcounter values. But if called when the LCS is RMA, the underlying
+ * helper functions will return success but without updating the counter.
+ *
+ * Return: 0 = success, Otherwise = error
+ */
+int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
+{
+ CCError_t error = CC_FAIL;
+
+ if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
+ error = NVM_SetSwVersion(PLAT_CRYPTOCELL_BASE,
+ CC_SW_VERSION_COUNTER1, nv_ctr);
+ } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
+ error = NVM_SetSwVersion(PLAT_CRYPTOCELL_BASE,
+ CC_SW_VERSION_COUNTER2, nv_ctr);
+ }
+
+ return (error != CC_OK);
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2019, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef _CC_ROTPK_H
+#define _CC_ROTPK_H
+
+int cc_get_rotpk_hash(unsigned char *dst, unsigned int len,
+ unsigned int *flags);
+
+#endif
/*
- * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
}
#else /* ARM_CRYPTOCELL_INTEG */
-#include <drivers/arm/cryptocell/nvm.h>
-#include <drivers/arm/cryptocell/nvm_otp.h>
-#include <drivers/arm/cryptocell/sbrom_bsv_api.h>
-
-CASSERT(HASH_RESULT_SIZE_IN_BYTES == SHA256_BYTES,
- assert_mismatch_in_hash_result_size);
+#include <drivers/arm/cryptocell/cc_rotpk.h>
/*
* Return the ROTPK hash in the following ASN.1 structure in DER format:
unsigned int *flags)
{
unsigned char *dst;
- CCError_t error;
- uint32_t lcs;
assert(key_ptr != NULL);
assert(key_len != NULL);
assert(flags != NULL);
- error = NVM_GetLCS(PLAT_CRYPTOCELL_BASE, &lcs);
- if (error != CC_OK)
- return 1;
-
- /* If the lifecycle state is `SD`, return failure */
- if (lcs == CC_BSV_SECURITY_DISABLED_LCS)
- return 1;
-
- /*
- * If the lifecycle state is `CM` or `DM`, ROTPK shouldn't be verified.
- * Return success after setting ROTPK_NOT_DEPLOYED flag
- */
- if ((lcs == CC_BSV_CHIP_MANUFACTURE_LCS) ||
- (lcs == CC_BSV_DEVICE_MANUFACTURE_LCS)) {
- *key_len = 0;
- *flags = ROTPK_NOT_DEPLOYED;
- return 0;
- }
-
/* Copy the DER header */
memcpy(rotpk_hash_der, rotpk_hash_hdr, rotpk_hash_hdr_len);
dst = &rotpk_hash_der[rotpk_hash_hdr_len];
- error = NVM_ReadHASHPubKey(PLAT_CRYPTOCELL_BASE,
- CC_SB_HASH_BOOT_KEY_256B,
- (uint32_t *)dst, HASH_RESULT_SIZE_IN_WORDS);
- if (error != CC_OK)
- return 1;
-
*key_ptr = rotpk_hash_der;
*key_len = sizeof(rotpk_hash_der);
- *flags = ROTPK_IS_HASH;
- return 0;
+ return cc_get_rotpk_hash(dst, SHA256_BYTES, flags);
}
-
-/*
- * Return the non-volatile counter value stored in the platform. The cookie
- * specifies the OID of the counter in the certificate.
- *
- * Return: 0 = success, Otherwise = error
- */
-int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr)
-{
- CCError_t error = CC_FAIL;
-
- if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = NVM_GetSwVersion(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_COUNTER1, nv_ctr);
- } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = NVM_GetSwVersion(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_COUNTER2, nv_ctr);
- }
-
- return (error != CC_OK);
-}
-
-/*
- * Store a new non-volatile counter value in the counter specified by the OID
- * in the cookie. This function is not expected to be called if the Lifecycle
- * state is RMA as the values in the certificate are expected to always match
- * the nvcounter values. But if called when the LCS is RMA, the underlying
- * helper functions will return success but without updating the counter.
- *
- * Return: 0 = success, Otherwise = error
- */
-int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
-{
- CCError_t error = CC_FAIL;
-
- if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = NVM_SetSwVersion(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_COUNTER1, nv_ctr);
- } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = NVM_SetSwVersion(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_COUNTER2, nv_ctr);
- }
-
- return (error != CC_OK);
-}
-
#endif /* ARM_CRYPTOCELL_INTEG */
projects / project / bcm63xx / atf.git / commitdiff