Dynamic cfg: Add HW and TB_FW configs to CoT

This patch adds image IDs to `hw_config` and `tb_fw_config` and
includes them in the default Chain Of Trust (CoT).

Change-Id: If7bb3e9be8a5e48be76614b35bf43d58fc7fed12
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

diff --git a/drivers/auth/tbbr/tbbr_cot.c b/drivers/auth/tbbr/tbbr_cot.c
index 01d6fb5a39e448eb9b9023c24541af5087d54469..6ad00592d45acfc52612d6d11e7b68c01aa07703 100644 (file)
--- a/drivers/auth/tbbr/tbbr_cot.c
+++ b/drivers/auth/tbbr/tbbr_cot.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -27,6 +27,8 @@
  * established, we can reuse some of the buffers on different stages
  */
 static unsigned char tb_fw_hash_buf[HASH_DER_LEN];
+static unsigned char tb_fw_config_hash_buf[HASH_DER_LEN];
+static unsigned char hw_config_hash_buf[HASH_DER_LEN];
 static unsigned char scp_fw_hash_buf[HASH_DER_LEN];
 static unsigned char soc_fw_hash_buf[HASH_DER_LEN];
 static unsigned char tos_fw_hash_buf[HASH_DER_LEN];
@@ -70,6 +72,10 @@ static auth_param_type_desc_t nt_fw_content_pk = AUTH_PARAM_TYPE_DESC(
 
 static auth_param_type_desc_t tb_fw_hash = AUTH_PARAM_TYPE_DESC(
                AUTH_PARAM_HASH, TRUSTED_BOOT_FW_HASH_OID);
+static auth_param_type_desc_t tb_fw_config_hash = AUTH_PARAM_TYPE_DESC(
+               AUTH_PARAM_HASH, TRUSTED_BOOT_FW_CONFIG_HASH_OID);
+static auth_param_type_desc_t hw_config_hash = AUTH_PARAM_TYPE_DESC(
+               AUTH_PARAM_HASH, HW_CONFIG_HASH_OID);
 static auth_param_type_desc_t scp_fw_hash = AUTH_PARAM_TYPE_DESC(
                AUTH_PARAM_HASH, SCP_FW_HASH_OID);
 static auth_param_type_desc_t soc_fw_hash = AUTH_PARAM_TYPE_DESC(
@@ -125,6 +131,20 @@ static const auth_img_desc_t cot_desc[] = {
                                        .ptr = (void *)tb_fw_hash_buf,
                                        .len = (unsigned int)HASH_DER_LEN
                                }
+                       },
+                       [1] = {
+                               .type_desc = &tb_fw_config_hash,
+                               .data = {
+                                       .ptr = (void *)tb_fw_config_hash_buf,
+                                       .len = (unsigned int)HASH_DER_LEN
+                               }
+                       },
+                       [2] = {
+                               .type_desc = &hw_config_hash,
+                               .data = {
+                                       .ptr = (void *)hw_config_hash_buf,
+                                       .len = (unsigned int)HASH_DER_LEN
+                               }
                        }
                }
        },
@@ -142,6 +162,36 @@ static const auth_img_desc_t cot_desc[] = {
                        }
                }
        },
+       /* HW Config */
+       [HW_CONFIG_ID] = {
+               .img_id = HW_CONFIG_ID,
+               .img_type = IMG_RAW,
+               .parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
+               .img_auth_methods = {
+                       [0] = {
+                               .type = AUTH_METHOD_HASH,
+                               .param.hash = {
+                                       .data = &raw_data,
+                                       .hash = &hw_config_hash,
+                               }
+                       }
+               }
+       },
+       /* TB FW Config */
+       [TB_FW_CONFIG_ID] = {
+               .img_id = TB_FW_CONFIG_ID,
+               .img_type = IMG_RAW,
+               .parent = &cot_desc[TRUSTED_BOOT_FW_CERT_ID],
+               .img_auth_methods = {
+                       [0] = {
+                               .type = AUTH_METHOD_HASH,
+                               .param.hash = {
+                                       .data = &raw_data,
+                                       .hash = &tb_fw_config_hash,
+                               }
+                       }
+               }
+       },
        /*
         * Trusted key certificate
         */

diff --git a/include/common/tbbr/tbbr_img_def.h b/include/common/tbbr/tbbr_img_def.h
index 3e68b6488452e4412894b2b953046cb568bc8c37..5a40581e4d00464f4987a8fc477292ebbcc33550 100644 (file)
--- a/include/common/tbbr/tbbr_img_def.h
+++ b/include/common/tbbr/tbbr_img_def.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -60,4 +60,10 @@
 /* Secure Payload BL32_EXTRA2 (Trusted OS Extra2) */
 #define BL32_EXTRA2_IMAGE_ID           22
 
+/* HW_CONFIG (e.g. Kernel DT) */
+#define HW_CONFIG_ID           23
+
+/* TB_FW_CONFIG */
+#define TB_FW_CONFIG_ID                24
+
 #endif /* __TBBR_IMG_DEF_H__ */