Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-24 05:54:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge changes from topic "sb/remove-cryptocell" into integration

Browse source 
* changes:
  chore(npcm845x): remove CryptoCell-712/713 support
  chore(auth)!: remove CryptoCell-712/713 support
This commit is contained in:
Manish Pandey 2023-11-08 15:26:38 +01:00 committed by TrustedFirmware Code Review
commit 31a815db1a
47 changed files with 11 additions and 2755 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Makefile
View file

@ -41,10 +41,6 @@ PLAT := ${DEFAULT_PLAT}
CHECKCODE_ARGS := --no-patch CHECKCODE_ARGS := --no-patch
# Do not check the coding style on imported library files or documentation files # Do not check the coding style on imported library files or documentation files
INC_ARM_DIRS_TO_CHECK := $(sort $(filter-out \
include/drivers/arm/cryptocell, \
$(wildcard include/drivers/arm/*)))
INC_ARM_DIRS_TO_CHECK += include/drivers/arm/cryptocell/*.h
INC_DRV_DIRS_TO_CHECK := $(sort $(filter-out \ INC_DRV_DIRS_TO_CHECK := $(sort $(filter-out \
include/drivers/arm, \ include/drivers/arm, \
$(wildcard include/drivers/*))) $(wildcard include/drivers/*)))

4
docs/about/release-information.rst
View file

@ -96,9 +96,7 @@ after which it will be removed.
| | Date | after | | | | Date | after | |
| | | Release | | | | | Release | |
+================================+=============+=========+=========================================================+ +================================+=============+=========+=========================================================+
| CryptoCell-712 | 2.9 | 2.10 | No longer maintained. | | None at this time. | | | |
+--------------------------------+-------------+---------+---------------------------------------------------------+
| CryptoCell-713 | 2.9 | 2.10 | No longer maintained. |
+--------------------------------+-------------+---------+---------------------------------------------------------+ +--------------------------------+-------------+---------+---------------------------------------------------------+
-------------- --------------

12
docs/getting_started/build-options.rst
View file

@ -677,10 +677,6 @@ Common build options
invert this behavior. Lower addresses will be printed at the top and higher invert this behavior. Lower addresses will be printed at the top and higher
addresses at the bottom. addresses at the bottom.
- ``INIT_UNUSED_NS_EL2``: This build flag guards code that disables EL2
safely in scenario where NS-EL2 is present but unused. This flag is set to 0
by default. Platforms without NS-EL2 in use must enable this flag.
- ``KEY_ALG``: This build flag enables the user to select the algorithm to be - ``KEY_ALG``: This build flag enables the user to select the algorithm to be
used for generating the PKCS keys and subsequent signing of the certificate. used for generating the PKCS keys and subsequent signing of the certificate.
It accepts 5 values: ``rsa``, ``rsa_1_5``, ``ecdsa``, ``ecdsa-brainpool-regular`` It accepts 5 values: ``rsa``, ``rsa_1_5``, ``ecdsa``, ``ecdsa-brainpool-regular``
@ -696,7 +692,7 @@ Common build options
+---------------------------+------------------------------------+ +---------------------------+------------------------------------+
| KEY_ALG | Possible key sizes | | KEY_ALG | Possible key sizes |
+===========================+====================================+ +===========================+====================================+
| rsa | 1024 , 2048 (default), 3072, 4096* | | rsa | 1024 , 2048 (default), 3072, 4096 |
+---------------------------+------------------------------------+ +---------------------------+------------------------------------+
| ecdsa | 256 (default), 384 | | ecdsa | 256 (default), 384 |
+---------------------------+------------------------------------+ +---------------------------+------------------------------------+
@ -705,10 +701,6 @@ Common build options
| ecdsa-brainpool-twisted | unavailable | | ecdsa-brainpool-twisted | unavailable |
+---------------------------+------------------------------------+ +---------------------------+------------------------------------+
* Only 2048 bits size is available with CryptoCell 712 SBROM release 1.
Only 3072 bits size is available with CryptoCell 712 SBROM release 2.
- ``HASH_ALG``: This build flag enables the user to select the secure hash - ``HASH_ALG``: This build flag enables the user to select the secure hash
algorithm. It accepts 3 values: ``sha256``, ``sha384`` and ``sha512``. algorithm. It accepts 3 values: ``sha256``, ``sha384`` and ``sha512``.
The default value of this flag is ``sha256``. The default value of this flag is ``sha256``.
@ -902,7 +894,7 @@ Common build options
Dispatcher option (``SPD=spmd``). When enabled (1) it indicates the SPMC Dispatcher option (``SPD=spmd``). When enabled (1) it indicates the SPMC
component runs at the EL3 exception level. The default value is ``0`` ( component runs at the EL3 exception level. The default value is ``0`` (
disabled). This configuration supports pre-Armv8.4 platforms (aka not disabled). This configuration supports pre-Armv8.4 platforms (aka not
implementing the ``FEAT_SEL2`` extension). implementing the ``FEAT_SEL2`` extension). This is an experimental feature.
- ``SPMC_AT_EL3_SEL0_SP`` : Boolean option to enable SEL0 SP load support when - ``SPMC_AT_EL3_SEL0_SP`` : Boolean option to enable SEL0 SP load support when
``SPMC_AT_EL3`` is enabled. The default value if ``0`` (disabled). This ``SPMC_AT_EL3`` is enabled. The default value if ``0`` (disabled). This

5
docs/plat/arm/arm-build-options.rst
View file

@ -90,11 +90,6 @@ Arm Platform Build Options
of the translation tables library instead of version 2. It is set to 0 by of the translation tables library instead of version 2. It is set to 0 by
default, which selects version 2. default, which selects version 2.
- ``ARM_CRYPTOCELL_INTEG`` : bool option to enable TF-A to invoke Arm®
TrustZone® CryptoCell functionality for Trusted Board Boot on capable Arm
platforms. If this option is specified, then the path to the CryptoCell
SBROM library must be specified via ``CCSBROM_LIB_PATH`` flag.
- ``ARM_GPT_SUPPORT``: Enable GPT parser to get the entry address and length of - ``ARM_GPT_SUPPORT``: Enable GPT parser to get the entry address and length of
the various partitions present in the GPT image. This support is available the various partitions present in the GPT image. This support is available
only for the BL2 component, and it is disabled by default. only for the BL2 component, and it is disabled by default.

7
docs/porting-guide.rst
View file

@ -319,13 +319,6 @@ also be defined:
Firmware Update (FWU) certificate identifier, used by NS_BL1U to load the Firmware Update (FWU) certificate identifier, used by NS_BL1U to load the
FWU content certificate. FWU content certificate.
- **#define : PLAT_CRYPTOCELL_BASE**
This defines the base address of Arm® TrustZone® CryptoCell and must be
defined if CryptoCell crypto driver is used for Trusted Board Boot. For
capable Arm platforms, this driver is used if ``ARM_CRYPTOCELL_INTEG`` is
set.
If the AP Firmware Updater Configuration image, BL2U is used, the following If the AP Firmware Updater Configuration image, BL2U is used, the following
must also be defined: must also be defined:

334
drivers/auth/cryptocell/712/cryptocell_crypto.c
View file

@ -1,334 +0,0 @@
/*
* Copyright (c) 2017-2023, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <stddef.h>
#include <string.h>
#include <mbedtls/oid.h>
#include <mbedtls/x509.h>
#include <arch_helpers.h>
#include <common/debug.h>
#include <drivers/arm/cryptocell/712/crypto_driver.h>
#include <drivers/arm/cryptocell/712/rsa.h>
#include <drivers/arm/cryptocell/712/sbrom_bsv_api.h>
#include <drivers/arm/cryptocell/712/secureboot_base_func.h>
#include <drivers/arm/cryptocell/712/secureboot_gen_defs.h>
#include <drivers/arm/cryptocell/712/util.h>
#include <drivers/auth/crypto_mod.h>
#include <drivers/auth/mbedtls/mbedtls_common.h>
#include <lib/utils.h>
#include <platform_def.h>
#define LIB_NAME "CryptoCell 712 SBROM"
#define RSA_SALT_LEN 32
#define RSA_EXPONENT 65537
/*
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL
* }
*
* SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING
* }
*
* DigestInfo ::= SEQUENCE {
* digestAlgorithm AlgorithmIdentifier,
* digest OCTET STRING
* }
*
* RSASSA-PSS-params ::= SEQUENCE {
* hashAlgorithm [0] HashAlgorithm,
* maskGenAlgorithm [1] MaskGenAlgorithm,
* saltLength [2] INTEGER,
* trailerField [3] TrailerField DEFAULT trailerFieldBC
* }
*/
/*
* Initialize the library and export the descriptor
*/
static void init(void)
{
CCError_t ret;
uint32_t lcs;
/* Initialize CC SBROM */
ret = CC_BsvSbromInit((uintptr_t)PLAT_CRYPTOCELL_BASE);
if (ret != CC_OK) {
ERROR("CryptoCell CC_BsvSbromInit() error %x\n", ret);
panic();
}
/* Initialize lifecycle state */
ret = CC_BsvLcsGetAndInit((uintptr_t)PLAT_CRYPTOCELL_BASE, &lcs);
if (ret != CC_OK) {
ERROR("CryptoCell CC_BsvLcsGetAndInit() error %x\n", ret);
panic();
}
/* If the lifecyclestate is `SD`, then stop further execution */
if (lcs == CC_BSV_SECURITY_DISABLED_LCS) {
ERROR("CryptoCell LCS is security-disabled\n");
panic();
}
}
/*
* Verify a signature.
*
* Parameters are passed using the DER encoding format following the ASN.1
* structures detailed above.
*/
static int verify_signature(void *data_ptr, unsigned int data_len,
void *sig_ptr, unsigned int sig_len,
void *sig_alg, unsigned int sig_alg_len,
void *pk_ptr, unsigned int pk_len)
{
CCError_t error;
CCSbNParams_t pk;
CCSbSignature_t signature;
int rc, exp, expected_salt_len;
mbedtls_asn1_buf sig_oid, alg_oid, params;
mbedtls_md_type_t md_alg, mgf1_hash_id;
mbedtls_pk_type_t pk_alg;
size_t len;
uint8_t *p, *end;
/* Temp buf to store the public key modulo (N) in LE format */
uint32_t RevN[SB_RSA_MOD_SIZE_IN_WORDS];
/* Verify the signature algorithm */
/* Get pointers to signature OID and parameters */
p = sig_alg;
end = p + sig_alg_len;
rc = mbedtls_asn1_get_alg(&p, end, &sig_oid, &params);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
/* Get the actual signature algorithm (MD + PK) */
rc = mbedtls_oid_get_sig_alg(&sig_oid, &md_alg, &pk_alg);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
/* The CryptoCell only supports RSASSA-PSS signature */
if ((pk_alg != MBEDTLS_PK_RSASSA_PSS) || (md_alg != MBEDTLS_MD_NONE)) {
return CRYPTO_ERR_SIGNATURE;
}
/* Verify the RSASSA-PSS params */
/* The trailer field is verified to be 0xBC internally by this API */
rc = mbedtls_x509_get_rsassa_pss_params(&params, &md_alg,
&mgf1_hash_id,
&expected_salt_len);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
/* The CryptoCell only supports SHA256 as hash algorithm */
if ((md_alg != MBEDTLS_MD_SHA256) || (mgf1_hash_id != MBEDTLS_MD_SHA256)) {
return CRYPTO_ERR_SIGNATURE;
}
if (expected_salt_len != RSA_SALT_LEN) {
return CRYPTO_ERR_SIGNATURE;
}
/* Parse the public key */
p = pk_ptr;
end = p + pk_len;
rc = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
end = p + len;
rc = mbedtls_asn1_get_alg_null(&p, end, &alg_oid);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
if (mbedtls_oid_get_pk_alg(&alg_oid, &pk_alg) != 0) {
return CRYPTO_ERR_SIGNATURE;
}
if (pk_alg != MBEDTLS_PK_RSA) {
return CRYPTO_ERR_SIGNATURE;
}
rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
rc = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
if (*p == 0) {
p++; len--;
}
if (len != RSA_MOD_SIZE_IN_BYTES || ((p + len) > end)) {
return CRYPTO_ERR_SIGNATURE;
}
/*
* The CCSbVerifySignature() API expects N and Np in BE format and
* the signature in LE format. Copy N from certificate.
*/
memcpy(pk.N, p, RSA_MOD_SIZE_IN_BYTES);
/* Verify the RSA exponent */
p += len;
rc = mbedtls_asn1_get_int(&p, end, &exp);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
if (exp != RSA_EXPONENT) {
return CRYPTO_ERR_SIGNATURE;
}
/*
* Calculate the Np (Barrett n' value). The RSA_CalcNp() API expects
* N in LE format. Hence reverse N into a temporary buffer `RevN`.
*/
UTIL_ReverseMemCopy((uint8_t *)RevN, (uint8_t *)pk.N, sizeof(RevN));
RSA_CalcNp((uintptr_t)PLAT_CRYPTOCELL_BASE, RevN, pk.Np);
/* Np is in LE format. Reverse it to BE */
UTIL_ReverseBuff((uint8_t *)pk.Np, sizeof(pk.Np));
/* Get the signature (bitstring) */
p = sig_ptr;
end = p + sig_len;
rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
if (len != RSA_MOD_SIZE_IN_BYTES || ((p + len) > end)) {
return CRYPTO_ERR_SIGNATURE;
}
/*
* The signature is BE format. Convert it to LE before calling
* CCSbVerifySignature().
*/
UTIL_ReverseMemCopy((uint8_t *)signature.sig, p, RSA_MOD_SIZE_IN_BYTES);
/*
* CryptoCell utilises DMA internally to transfer data. Flush the data
* from caches.
*/
flush_dcache_range((uintptr_t)data_ptr, data_len);
/* Verify the signature */
error = CCSbVerifySignature((uintptr_t)PLAT_CRYPTOCELL_BASE,
(uint32_t *)data_ptr, &pk, &signature,
data_len, RSA_PSS);
if (error != CC_OK) {
return CRYPTO_ERR_SIGNATURE;
}
/* Signature verification success */
return CRYPTO_SUCCESS;
}
/*
* Match a hash
*
* Digest info is passed in DER format following the ASN.1 structure detailed
* above.
*/
static int verify_hash(void *data_ptr, unsigned int data_len,
void *digest_info_ptr, unsigned int digest_info_len)
{
mbedtls_asn1_buf hash_oid, params;
mbedtls_md_type_t md_alg;
uint8_t *p, *end, *hash;
CCHashResult_t pubKeyHash;
size_t len;
int rc;
CCError_t error;
/* Digest info should be an MBEDTLS_ASN1_SEQUENCE */
p = digest_info_ptr;
end = p + digest_info_len;
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE);
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
/* Get the hash algorithm */
rc = mbedtls_asn1_get_alg(&p, end, &hash_oid, &params);
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
rc = mbedtls_oid_get_md_alg(&hash_oid, &md_alg);
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
/* Verify that hash algorithm is SHA256 */
if (md_alg != MBEDTLS_MD_SHA256) {
return CRYPTO_ERR_HASH;
}
/* Hash should be octet string type */
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
/* Length of hash must match the algorithm's size */
if (len != HASH_RESULT_SIZE_IN_BYTES) {
return CRYPTO_ERR_HASH;
}
/*
* CryptoCell utilises DMA internally to transfer data. Flush the data
* from caches.
*/
flush_dcache_range((uintptr_t)data_ptr, data_len);
hash = p;
error = SBROM_CryptoHash((uintptr_t)PLAT_CRYPTOCELL_BASE,
(uintptr_t)data_ptr, data_len, pubKeyHash);
if (error != CC_OK) {
return CRYPTO_ERR_HASH;
}
rc = memcmp(pubKeyHash, hash, HASH_RESULT_SIZE_IN_BYTES);
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
return CRYPTO_SUCCESS;
}
/*
* Register crypto library descriptor
*/
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL, NULL);

113
drivers/auth/cryptocell/712/cryptocell_plat_helpers.c
View file

@ -1,113 +0,0 @@
/*
* Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
#include <stddef.h>
#include <string.h>
#include <platform_def.h>
#include <plat/common/platform.h>
#include <tools_share/tbbr_oid.h>
#include <common/debug.h>
#include <drivers/arm/cryptocell/712/sbrom_bsv_api.h>
#include <drivers/arm/cryptocell/712/nvm.h>
#include <drivers/arm/cryptocell/712/nvm_otp.h>
/*
* Return the ROTPK hash
*
* dst: buffer into which the ROTPK hash will be copied into
* len: length of the provided buffer, which must be at least enough for a
* SHA256 hash
* flags: a pointer to integer that will be set to indicate the ROTPK status
*
* Return: 0 = success, Otherwise = error
*/
int cc_get_rotpk_hash(unsigned char *dst, unsigned int len, unsigned int *flags)
{
CCError_t error;
uint32_t lcs;
assert(dst != NULL);
assert(len >= HASH_RESULT_SIZE_IN_WORDS);
assert(flags != NULL);
error = NVM_GetLCS(PLAT_CRYPTOCELL_BASE, &lcs);
if (error != CC_OK)
return 1;
/* If the lifecycle state is `SD`, return failure */
if (lcs == CC_BSV_SECURITY_DISABLED_LCS)
return 1;
/*
* If the lifecycle state is `CM` or `DM`, ROTPK shouldn't be verified.
* Return success after setting ROTPK_NOT_DEPLOYED flag
*/
if ((lcs == CC_BSV_CHIP_MANUFACTURE_LCS) ||
(lcs == CC_BSV_DEVICE_MANUFACTURE_LCS)) {
*flags = ROTPK_NOT_DEPLOYED;
return 0;
}
/* Copy the DER header */
error = NVM_ReadHASHPubKey(PLAT_CRYPTOCELL_BASE,
CC_SB_HASH_BOOT_KEY_256B,
(uint32_t *)dst, HASH_RESULT_SIZE_IN_WORDS);
if (error != CC_OK)
return 1;
*flags = ROTPK_IS_HASH;
return 0;
}
/*
* Return the non-volatile counter value stored in the platform. The cookie
* specifies the OID of the counter in the certificate.
*
* Return: 0 = success, Otherwise = error
*/
int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr)
{
CCError_t error = CC_FAIL;
if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
error = NVM_GetSwVersion(PLAT_CRYPTOCELL_BASE,
CC_SW_VERSION_COUNTER1, nv_ctr);
} else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
error = NVM_GetSwVersion(PLAT_CRYPTOCELL_BASE,
CC_SW_VERSION_COUNTER2, nv_ctr);
}
return (error != CC_OK);
}
/*
* Store a new non-volatile counter value in the counter specified by the OID
* in the cookie. This function is not expected to be called if the Lifecycle
* state is RMA as the values in the certificate are expected to always match
* the nvcounter values. But if called when the LCS is RMA, the underlying
* helper functions will return success but without updating the counter.
*
* Return: 0 = success, Otherwise = error
*/
int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
{
CCError_t error = CC_FAIL;
if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
error = NVM_SetSwVersion(PLAT_CRYPTOCELL_BASE,
CC_SW_VERSION_COUNTER1, nv_ctr);
} else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
error = NVM_SetSwVersion(PLAT_CRYPTOCELL_BASE,
CC_SW_VERSION_COUNTER2, nv_ctr);
}
return (error != CC_OK);
}

305
drivers/auth/cryptocell/713/cryptocell_crypto.c
View file

@ -1,305 +0,0 @@
/*
* Copyright (c) 2017-2023 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
#include <stddef.h>
#include <string.h>
#include <mbedtls/oid.h>
#include <mbedtls/x509.h>
#include <drivers/arm/cryptocell/713/bsv_api.h>
#include <drivers/arm/cryptocell/713/bsv_crypto_asym_api.h>
#include <drivers/auth/crypto_mod.h>
#include <platform_def.h>
#define LIB_NAME "CryptoCell 713 SBROM"
#define RSA_SALT_LEN 32
#define RSA_EXPONENT 65537
/*
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL
* }
*
* SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING
* }
*
* DigestInfo ::= SEQUENCE {
* digestAlgorithm AlgorithmIdentifier,
* digest OCTET STRING
* }
*
* RSASSA-PSS-params ::= SEQUENCE {
* hashAlgorithm [0] HashAlgorithm,
* maskGenAlgorithm [1] MaskGenAlgorithm,
* saltLength [2] INTEGER,
* trailerField [3] TrailerField DEFAULT trailerFieldBC
* }
*/
/*
* Initialize the library and export the descriptor
*/
static void init(void)
{
CCError_t ret;
uint32_t lcs;
/* Initialize CC SBROM */
ret = CC_BsvInit((uintptr_t)PLAT_CRYPTOCELL_BASE);
if (ret != CC_OK) {
ERROR("CryptoCell CC_BsvInit() error %x\n", ret);
panic();
}
/* Initialize lifecycle state */
ret = CC_BsvGetAndInitLcs((uintptr_t)PLAT_CRYPTOCELL_BASE, &lcs);
if (ret != CC_OK) {
ERROR("CryptoCell CC_BsvGetAndInitLcs() error %x\n", ret);
panic();
}
}
/*
* Verify a signature.
*
* Parameters are passed using the DER encoding format following the ASN.1
* structures detailed above.
*/
static int verify_signature(void *data_ptr, unsigned int data_len,
void *sig_ptr, unsigned int sig_len,
void *sig_alg, unsigned int sig_alg_len,
void *pk_ptr, unsigned int pk_len)
{
CCError_t error;
CCBsvNBuff_t NBuff;
CCBsvSignature_t signature;
int rc, exp, expected_salt_len;
mbedtls_asn1_buf sig_oid, alg_oid, params;
mbedtls_md_type_t md_alg, mgf1_hash_id;
mbedtls_pk_type_t pk_alg;
size_t len;
uint8_t *p, *end;
CCHashResult_t digest;
CCBool_t is_verified;
/* This is a rather large array, we don't want it on stack */
static uint32_t workspace[BSV_RSA_WORKSPACE_MIN_SIZE];
/* Verify the signature algorithm */
/* Get pointers to signature OID and parameters */
p = sig_alg;
end = p + sig_alg_len;
rc = mbedtls_asn1_get_alg(&p, end, &sig_oid, &params);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
/* Get the actual signature algorithm (MD + PK) */
rc = mbedtls_oid_get_sig_alg(&sig_oid, &md_alg, &pk_alg);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
/* The CryptoCell only supports RSASSA-PSS signature */
if (pk_alg != MBEDTLS_PK_RSASSA_PSS || md_alg != MBEDTLS_MD_NONE) {
return CRYPTO_ERR_SIGNATURE;
}
/* Verify the RSASSA-PSS params */
/* The trailer field is verified to be 0xBC internally by this API */
rc = mbedtls_x509_get_rsassa_pss_params(&params, &md_alg,
&mgf1_hash_id,
&expected_salt_len);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
/* The CryptoCell only supports SHA256 as hash algorithm */
if (md_alg != MBEDTLS_MD_SHA256 ||
mgf1_hash_id != MBEDTLS_MD_SHA256) {
return CRYPTO_ERR_SIGNATURE;
}
if (expected_salt_len != RSA_SALT_LEN) {
return CRYPTO_ERR_SIGNATURE;
}
/* Parse the public key */
p = pk_ptr;
end = p + pk_len;
rc = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
end = p + len;
rc = mbedtls_asn1_get_alg_null(&p, end, &alg_oid);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
if (mbedtls_oid_get_pk_alg(&alg_oid, &pk_alg) != 0) {
return CRYPTO_ERR_SIGNATURE;
}
if (pk_alg != MBEDTLS_PK_RSA) {
return CRYPTO_ERR_SIGNATURE;
}
rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
rc = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
if (*p == 0) {
p++; len--;
}
if (len != BSV_CERT_RSA_KEY_SIZE_IN_BYTES || ((p + len) > end)) {
return CRYPTO_ERR_SIGNATURE;
}
/*
* Copy N from certificate.
*/
memcpy(NBuff, p, BSV_CERT_RSA_KEY_SIZE_IN_BYTES);
/* Verify the RSA exponent */
p += len;
rc = mbedtls_asn1_get_int(&p, end, &exp);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
if (exp != RSA_EXPONENT) {
return CRYPTO_ERR_SIGNATURE;
}
/* Get the signature (bitstring) */
p = sig_ptr;
end = p + sig_len;
rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
}
if (len != BSV_CERT_RSA_KEY_SIZE_IN_BYTES || ((p + len) > end)) {
return CRYPTO_ERR_SIGNATURE;
}
/*
* Copy the signature (in BE format)
*/
memcpy((uint8_t *)signature, p, BSV_CERT_RSA_KEY_SIZE_IN_BYTES);
error = CC_BsvSha256((uintptr_t)PLAT_CRYPTOCELL_BASE,
data_ptr, data_len, digest);
if (error != CC_OK) {
return CRYPTO_ERR_SIGNATURE;
}
/* Verify the signature */
error = CC_BsvRsaPssVerify((uintptr_t)PLAT_CRYPTOCELL_BASE, NBuff,
NULL, signature, digest, workspace,
BSV_RSA_WORKSPACE_MIN_SIZE, &is_verified);
if ((error != CC_OK) || (is_verified != CC_TRUE)) {
return CRYPTO_ERR_SIGNATURE;
}
/* Signature verification success */
return CRYPTO_SUCCESS;
}
/*
* Match a hash
*
* Digest info is passed in DER format following the ASN.1 structure detailed
* above.
*/
static int verify_hash(void *data_ptr, unsigned int data_len,
void *digest_info_ptr, unsigned int digest_info_len)
{
mbedtls_asn1_buf hash_oid, params;
mbedtls_md_type_t md_alg;
uint8_t *p, *end, *hash;
CCHashResult_t pubKeyHash;
size_t len;
int rc;
CCError_t error;
/* Digest info should be an MBEDTLS_ASN1_SEQUENCE */
p = digest_info_ptr;
end = p + digest_info_len;
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE);
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
/* Get the hash algorithm */
rc = mbedtls_asn1_get_alg(&p, end, &hash_oid, &params);
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
rc = mbedtls_oid_get_md_alg(&hash_oid, &md_alg);
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
/* Verify that hash algorithm is SHA256 */
if (md_alg != MBEDTLS_MD_SHA256) {
return CRYPTO_ERR_HASH;
}
/* Hash should be octet string type */
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
/* Length of hash must match the algorithm's size */
if (len != HASH_RESULT_SIZE_IN_BYTES) {
return CRYPTO_ERR_HASH;
}
hash = p;
error = CC_BsvSha256((uintptr_t)PLAT_CRYPTOCELL_BASE, data_ptr,
data_len, pubKeyHash);
if (error != CC_OK) {
return CRYPTO_ERR_HASH;
}
rc = memcmp(pubKeyHash, hash, HASH_RESULT_SIZE_IN_BYTES);
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
return CRYPTO_SUCCESS;
}
/*
* Register crypto library descriptor
*/
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL, NULL);

109
drivers/auth/cryptocell/713/cryptocell_plat_helpers.c
View file

@ -1,109 +0,0 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
#include <stddef.h>
#include <string.h>
#include <plat/common/platform.h>
#include <tools_share/tbbr_oid.h>
#include <lib/libc/endian.h>
#include <drivers/arm/cryptocell/713/bsv_api.h>
#include <drivers/arm/cryptocell/713/bsv_error.h>
/*
* Return the ROTPK hash
*
* Return: 0 = success, Otherwise = error
*/
int cc_get_rotpk_hash(unsigned char *dst, unsigned int len, unsigned int *flags)
{
CCError_t error;
uint32_t lcs;
int i;
uint32_t *key = (uint32_t *)dst;
assert(dst != NULL);
assert(len >= HASH_RESULT_SIZE_IN_WORDS);
assert(flags != NULL);
error = CC_BsvLcsGet(PLAT_CRYPTOCELL_BASE, &lcs);
if (error != CC_OK)
return 1;
if ((lcs == CC_BSV_CHIP_MANUFACTURE_LCS) || (lcs == CC_BSV_RMA_LCS)) {
*flags = ROTPK_NOT_DEPLOYED;
return 0;
}
error = CC_BsvPubKeyHashGet(PLAT_CRYPTOCELL_BASE,
CC_SB_HASH_BOOT_KEY_256B,
key, HASH_RESULT_SIZE_IN_WORDS);
if (error == CC_BSV_HASH_NOT_PROGRAMMED_ERR) {
*flags = ROTPK_NOT_DEPLOYED;
return 0;
}
if (error == CC_OK) {
/* Keys are stored in OTP in little-endian format */
for (i = 0; i < HASH_RESULT_SIZE_IN_WORDS; i++)
key[i] = le32toh(key[i]);
*flags = ROTPK_IS_HASH;
return 0;
}
return 1;
}
/*
* Return the non-volatile counter value stored in the platform. The cookie
* specifies the OID of the counter in the certificate.
*
* Return: 0 = success, Otherwise = error
*/
int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr)
{
CCError_t error = CC_FAIL;
if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
error = CC_BsvSwVersionGet(PLAT_CRYPTOCELL_BASE,
CC_SW_VERSION_TRUSTED, nv_ctr);
} else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
error = CC_BsvSwVersionGet(PLAT_CRYPTOCELL_BASE,
CC_SW_VERSION_NON_TRUSTED, nv_ctr);
}
return (error != CC_OK);
}
/*
* Store a new non-volatile counter value in the counter specified by the OID
* in the cookie. This function is not expected to be called if the Lifecycle
* state is RMA as the values in the certificate are expected to always match
* the nvcounter values. But if called when the LCS is RMA, the underlying
* helper functions will return success but without updating the counter.
*
* Return: 0 = success, Otherwise = error
*/
int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
{
CCError_t error = CC_FAIL;
if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
error = CC_BsvSwVersionSet(PLAT_CRYPTOCELL_BASE,
CC_SW_VERSION_TRUSTED, nv_ctr);
} else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
error = CC_BsvSwVersionSet(PLAT_CRYPTOCELL_BASE,
CC_SW_VERSION_NON_TRUSTED, nv_ctr);
}
return (error != CC_OK);
}

40
drivers/auth/cryptocell/cryptocell_crypto.mk
View file

@ -1,40 +0,0 @@
#
# Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
include drivers/auth/mbedtls/mbedtls_common.mk
# The algorithm is RSA when using Cryptocell crypto driver
TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA
# Needs to be set to drive mbed TLS configuration correctly
$(eval $(call add_define,TF_MBEDTLS_KEY_ALG_ID))
$(eval $(call add_define,KEY_SIZE))
# CCSBROM_LIB_PATH must be set to the Cryptocell SBROM library path
ifeq (${CCSBROM_LIB_PATH},)
$(error Error: CCSBROM_LIB_PATH not set)
endif
CRYPTOCELL_VERSION ?= 712
ifeq (${CRYPTOCELL_VERSION},712)
CCSBROM_LIB_FILENAME := cc_712sbromx509
else ifeq (${CRYPTOCELL_VERSION},713)
CCSBROM_LIB_FILENAME := cc_713bsv
else
$(error Error: CRYPTOCELL_VERSION set to invalid version)
endif
CRYPTOCELL_SRC_DIR := drivers/auth/cryptocell/${CRYPTOCELL_VERSION}/
CRYPTOCELL_SOURCES := ${CRYPTOCELL_SRC_DIR}/cryptocell_crypto.c \
${CRYPTOCELL_SRC_DIR}/cryptocell_plat_helpers.c
TF_LDFLAGS += -L$(CCSBROM_LIB_PATH)
LDLIBS += -l$(CCSBROM_LIB_FILENAME)
BL1_SOURCES += ${CRYPTOCELL_SOURCES}
BL2_SOURCES += ${CRYPTOCELL_SOURCES}

34
include/drivers/arm/cryptocell/712/cc_crypto_boot_defs.h
View file

@ -1,34 +0,0 @@
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _CC_CRYPTO_BOOT_DEFS_H
#define _CC_CRYPTO_BOOT_DEFS_H
/*! @file
@brief This file contains SBROM definitions
*/
/*! Version counters value. */
typedef enum {
CC_SW_VERSION_COUNTER1 = 1, /*!< Counter 1 - trusted version. */
CC_SW_VERSION_COUNTER2, /*!< Counter 2 - non trusted version. */
CC_SW_VERSION_MAX = 0x7FFFFFFF
} CCSbSwVersionId_t;
/* HASH boot key definition */
typedef enum {
CC_SB_HASH_BOOT_KEY_0_128B = 0, /*!< 128-bit truncated SHA256 digest of public key 0. */
CC_SB_HASH_BOOT_KEY_1_128B = 1, /*!< 128-bit truncated SHA256 digest of public key 1. */
CC_SB_HASH_BOOT_KEY_256B = 2, /*!< 256-bit SHA256 digest of public key. */
CC_SB_HASH_BOOT_NOT_USED = 0xFF,
CC_SB_HASH_MAX_NUM = 0x7FFFFFFF, /*!\internal use external 128-bit truncated SHA256 digest */
} CCSbPubKeyIndexType_t;
#endif

33
include/drivers/arm/cryptocell/712/cc_pal_sb_plat.h
View file

@ -1,33 +0,0 @@
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
/*!
@file
@brief This file contains the platform-dependent definitions that are used in the SBROM code.
*/
#ifndef _CC_PAL_SB_PLAT_H
#define _CC_PAL_SB_PLAT_H
#include "cc_pal_types.h"
#ifdef __cplusplus
extern "C"
{
#endif
/*! Definition of DMA address type, can be 32 bits or 64 bits according to CryptoCell's HW. */
typedef uint64_t CCDmaAddr_t;
/*! Definition of CryptoCell address type, can be 32 bits or 64 bits according to platform. */
typedef uintptr_t CCAddr_t;
#ifdef __cplusplus
}
#endif
#endif

40
include/drivers/arm/cryptocell/712/cc_pal_types.h
View file

@ -1,40 +0,0 @@
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef CC_PAL_TYPES_H
#define CC_PAL_TYPES_H
/*!
@file
@brief This file contains platform-dependent definitions and types.
*/
#include "cc_pal_types_plat.h"
typedef enum {
CC_FALSE = 0,
CC_TRUE = 1
} CCBool;
#define CC_SUCCESS 0UL
#define CC_FAIL 1UL
#define CC_1K_SIZE_IN_BYTES 1024
#define CC_BITS_IN_BYTE 8
#define CC_BITS_IN_32BIT_WORD 32
#define CC_32BIT_WORD_SIZE (sizeof(uint32_t))
#define CC_OK CC_SUCCESS
#define CC_UNUSED_PARAM(prm) ((void)prm)
#define CC_MAX_UINT32_VAL (0xFFFFFFFF)
#define CALC_FULL_BYTES(numBits) (((numBits) + (CC_BITS_IN_BYTE - 1))/CC_BITS_IN_BYTE)
#define CALC_FULL_32BIT_WORDS(numBits) (((numBits) + (CC_BITS_IN_32BIT_WORD - 1))/CC_BITS_IN_32BIT_WRD)
#define CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) (((sizeBytes) + CC_32BIT_WORD_SIZE - 1)/CC_32BIT_WORD_SIZE)
#endif

25
include/drivers/arm/cryptocell/712/cc_pal_types_plat.h
View file

@ -1,25 +0,0 @@
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
/*! @file
@brief This file contains basic type definitions that are platform-dependent.
*/
#ifndef _CC_PAL_TYPES_PLAT_H
#define _CC_PAL_TYPES_PLAT_H
/* Host specific types for standard (ISO-C99) compliant platforms */
#include <stddef.h>
#include <stdint.h>
typedef uint32_t CCStatus;
#define CCError_t CCStatus
#define CC_INFINITE 0xFFFFFFFF
#define CEXPORT_C
#define CIMPORT_C
#endif /*_CC_PAL_TYPES_PLAT_H*/

34
include/drivers/arm/cryptocell/712/cc_sec_defs.h
View file

@ -1,34 +0,0 @@
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _CC_SEC_DEFS_H
#define _CC_SEC_DEFS_H
/*!
@file
@brief This file contains general hash definitions and types.
*/
#ifdef __cplusplus
extern "C"
{
#endif
/*! The hashblock size in words. */
#define HASH_BLOCK_SIZE_IN_WORDS 16
/*! The hash - SHA2 results in words. */
#define HASH_RESULT_SIZE_IN_WORDS 8
#define HASH_RESULT_SIZE_IN_BYTES 32
/*! Definition for hash result array. */
typedef uint32_t CCHashResult_t[HASH_RESULT_SIZE_IN_WORDS];
#ifdef __cplusplus
}
#endif
#endif

35
include/drivers/arm/cryptocell/712/crypto_driver.h
View file

@ -1,35 +0,0 @@
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _CRYPTO_DRIVER_H
#define _CRYPTO_DRIVER_H
#ifdef __cplusplus
extern "C"
{
#endif
#include "cc_pal_sb_plat.h"
#include "cc_sec_defs.h"
/*----------------------------
PUBLIC FUNCTIONS
-----------------------------------*/
/*!
* @brief This function gives the functionality of integrated hash
*
* @param[in] hwBaseAddress - CryptoCell base address
* @param[out] hashResult - the HASH result.
*
*/
CCError_t SBROM_CryptoHash(unsigned long hwBaseAddress, CCDmaAddr_t inputDataAddr, uint32_t BlockSize,
CCHashResult_t hashResult);
#ifdef __cplusplus
}
#endif
#endif

55
include/drivers/arm/cryptocell/712/nvm.h
View file

@ -1,55 +0,0 @@
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _NVM__H
#define _NVM__H
#ifdef __cplusplus
extern "C"
{
#endif
#include "cc_crypto_boot_defs.h"
#include "cc_pal_types.h"
#include "cc_sec_defs.h"
/*------------------------------------
DEFINES
-------------------------------------*/
/**
* @brief This function reads the LCS from the SRAM/NVM
*
* @param[in] hwBaseAddress - CryptoCell base address
*
* @param[in/out] lcs_ptr - pointer to memory to store the LCS
*
* @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
*/
CCError_t NVM_GetLCS(unsigned long hwBaseAddress, uint32_t *lcs_ptr);
/**
* @brief The NVM_ReadHASHPubKey function is a NVM interface function -
* The function retrieves the HASH of the device Public key from the SRAM/NVM
*
* @param[in] hwBaseAddress - CryptoCell base address
*
* @param[in] pubKeyIndex - Index of HASH in the OTP
*
* @param[out] PubKeyHASH - the public key HASH.
*
* @param[in] hashSizeInWords - hash size (valid values: 4W, 8W)
*
* @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
*/
CCError_t NVM_ReadHASHPubKey(unsigned long hwBaseAddress, CCSbPubKeyIndexType_t pubKeyIndex, CCHashResult_t PubKeyHASH, uint32_t hashSizeInWords);
#ifdef __cplusplus
}
#endif
#endif

59
include/drivers/arm/cryptocell/712/nvm_otp.h
View file

@ -1,59 +0,0 @@
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _NVM_OTP_H
#define _NVM_OTP_H
#ifdef __cplusplus
extern "C"
{
#endif
#include "cc_crypto_boot_defs.h"
#include "cc_pal_types.h"
/*------------------------------------
DEFINES
-------------------------------------*/
/**
* @brief The NVM_GetSwVersion function is a NVM interface function -
* The function retrieves the SW version from the SRAM/NVM.
* In case of OTP, we support up to 16 anti-rollback counters (taken from the certificate)
*
* @param[in] hwBaseAddress - CryptoCell base address
*
* @param[in] counterId - relevant only for OTP (valid values: 1,2)
*
* @param[out] swVersion - the minimum SW version
*
* @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
*/
CCError_t NVM_GetSwVersion(unsigned long hwBaseAddress, CCSbSwVersionId_t counterId, uint32_t *swVersion);
/**
* @brief The NVM_SetSwVersion function is a NVM interface function -
* The function writes the SW version into the SRAM/NVM.
* In case of OTP, we support up to 16 anti-rollback counters (taken from the certificate)
*
* @param[in] hwBaseAddress - CryptoCell base address
*
* @param[in] counterId - relevant only for OTP (valid values: 1,2)
*
* @param[in] swVersion - the minimum SW version
*
* @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
*/
CCError_t NVM_SetSwVersion(unsigned long hwBaseAddress, CCSbSwVersionId_t counterId, uint32_t swVersion);
#ifdef __cplusplus
}
#endif
#endif

57
include/drivers/arm/cryptocell/712/rsa.h
View file

@ -1,57 +0,0 @@
/*
* Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef RSA_H
#define RSA_H
/*
* All the includes that are needed for code using this module to
* compile correctly should be #included here.
*/
#ifdef __cplusplus
extern "C"
{
#endif
#include "cc_pal_types.h"
/************************ Defines ******************************/
/* the modulus size in bits */
#if (KEY_SIZE == 2048)
#define RSA_MOD_SIZE_IN_BITS 2048UL
#elif (KEY_SIZE == 3072)
#define RSA_MOD_SIZE_IN_BITS 3072UL
#else
#error Unsupported CryptoCell key size requested
#endif
#define RSA_MOD_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_MOD_SIZE_IN_BITS))
#define RSA_MOD_SIZE_IN_WORDS (CALC_FULL_32BIT_WORDS(RSA_MOD_SIZE_IN_BITS))
#define RSA_MOD_SIZE_IN_256BITS (RSA_MOD_SIZE_IN_WORDS/8)
#define RSA_EXP_SIZE_IN_BITS 17UL
#define RSA_EXP_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_EXP_SIZE_IN_BITS))
/*
* @brief The RSA_CalcNp calculates Np value and saves it into Np_ptr:
*
*
* @param[in] hwBaseAddress - HW base address. Relevant for HW
* implementation, for SW it is ignored.
* @N_ptr[in] - The pointer to the modulus buffer.
* @Np_ptr[out] - pointer to Np vector buffer. Its size must be >= 160.
*/
void RSA_CalcNp(unsigned long hwBaseAddress,
uint32_t *N_ptr,
uint32_t *Np_ptr);
#ifdef __cplusplus
}
#endif
#endif

72
include/drivers/arm/cryptocell/712/sbrom_bsv_api.h
View file

@ -1,72 +0,0 @@
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _SBROM_BSV_API_H
#define _SBROM_BSV_API_H
#ifdef __cplusplus
extern "C"
{
#endif
/*! @file
@brief This file contains all SBROM library APIs and definitions.
*/
#include "cc_pal_types.h"
/* Life cycle state definitions */
#define CC_BSV_CHIP_MANUFACTURE_LCS 0x0 /*!< CM lifecycle value. */
#define CC_BSV_DEVICE_MANUFACTURE_LCS 0x1 /*!< DM lifecycle value. */
#define CC_BSV_SECURITY_DISABLED_LCS 0x3 /*!< SD lifecycle value. */
#define CC_BSV_SECURE_LCS 0x5 /*!< Secure lifecycle value. */
#define CC_BSV_RMA_LCS 0x7 /*!< RMA lifecycle value. */
/*----------------------------
PUBLIC FUNCTIONS
-----------------------------------*/
/*!
@brief This function should be the first ARM TrustZone CryptoCell TEE SBROM library API called.
It verifies the HW product and version numbers.
@return CC_OK On success.
@return A non-zero value from sbrom_bsv_error.h on failure.
*/
CCError_t CC_BsvSbromInit(
unsigned long hwBaseAddress /*!< [in] HW registers base address. */
);
/*!
@brief This function can be used for checking the LCS value, after CC_BsvLcsGetAndInit was called by the Boot ROM.
@return CC_OK On success.
@return A non-zero value from sbrom_bsv_error.h on failure.
*/
CCError_t CC_BsvLcsGet(
unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
uint32_t *pLcs /*!< [out] Returned lifecycle state. */
);
/*!
@brief This function retrieves the HW security lifecycle state, performs validity checks,
and additional initializations in case the LCS is RMA (sets the Kce to fixed value).
\note Invalid LCS results in an error returned.
In this case, the customer's code must completely disable the device.
@return CC_OK On success.
@return A non-zero value from sbrom_bsv_error.h on failure.
*/
CCError_t CC_BsvLcsGetAndInit(
unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
uint32_t *pLcs /*!< [out] Returned lifecycle state. */
);
#ifdef __cplusplus
}
#endif
#endif

49
include/drivers/arm/cryptocell/712/secureboot_base_func.h
View file

@ -1,49 +0,0 @@
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _SECURE_BOOT_BASE_FUNC_H
#define _SECURE_BOOT_BASE_FUNC_H
#ifdef __cplusplus
extern "C"
{
#endif
#include "cc_pal_types.h"
#include "secureboot_gen_defs.h"
/*----------------------------
PUBLIC FUNCTIONS
-----------------------------------*/
/**
* @brief This function calculates the HASH over the given data and than verify
* RSA signature on that hashed data
*
* @param[in] hwBaseAddr - CryptoCell base address
* @param[in] pData - pointer to the data to be verified
* @param[in] pNParams - a pointer to the public key parameters
* @param[in] pSignature - a pointer to the signature structure
* @param[in] sizeOfData - size of the data to calculate the HASH on (in bytes)
* @param[in] RSAAlg - RSA algorithm to use
*
* @return CCError_t - On success the value CC_OK is returned,
* on failure - a value from BootImagesVerifier_error.h
*/
CCError_t CCSbVerifySignature(unsigned long hwBaseAddress,
uint32_t *pData,
CCSbNParams_t *pNParams,
CCSbSignature_t *pSignature,
uint32_t sizeOfData,
CCSbRsaAlg_t RSAAlg);
#ifdef __cplusplus
}
#endif
#endif

66
include/drivers/arm/cryptocell/712/secureboot_gen_defs.h
View file

@ -1,66 +0,0 @@
/*
* Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _SECURE_BOOT_GEN_DEFS_H
#define _SECURE_BOOT_GEN_DEFS_H
#ifdef __cplusplus
extern "C"
{
#endif
/*! @file
@brief This file contains all of the definitions and structures that are used for the secure boot.
*/
#include "cc_pal_sb_plat.h"
#include "cc_sec_defs.h"
/* General definitions */
/***********************/
/*RSA definitions*/
#if (KEY_SIZE == 2048)
#define SB_RSA_MOD_SIZE_IN_WORDS 64
#elif (KEY_SIZE == 3072)
#define SB_RSA_MOD_SIZE_IN_WORDS 96
#else
#error Unsupported CryptoCell key size requested
#endif
#define SB_RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS 5
/*! Public key data structure. */
typedef struct {
uint32_t N[SB_RSA_MOD_SIZE_IN_WORDS]; /*!< N public key, big endian representation. */
uint32_t Np[SB_RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS]; /*!< Np (Barrett n' value). */
} CCSbNParams_t;
/*! Signature structure. */
typedef struct {
uint32_t sig[SB_RSA_MOD_SIZE_IN_WORDS]; /*!< RSA PSS signature. */
} CCSbSignature_t;
/********* Supported algorithms definitions ***********/
/*! RSA supported algorithms */
/* Note: this applies to either 2k or 3k based on CryptoCell SBROM library
* version - it means 2k in version 1 and 3k in version 2 (yes, really).
*/
typedef enum {
RSA_PSS = 0x01, /*!< RSA PSS after hash SHA 256 */
RSA_PKCS15 = 0x02, /*!< RSA PKX15 */
RSA_Last = 0x7FFFFFFF
} CCSbRsaAlg_t;
#ifdef __cplusplus
}
#endif
#endif

72
include/drivers/arm/cryptocell/712/util.h
View file

@ -1,72 +0,0 @@
/*
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef UTIL_H
#define UTIL_H
/*
* All the includes that are needed for code using this module to
* compile correctly should be #included here.
*/
#ifdef __cplusplus
extern "C"
{
#endif
/************************ Defines ******************************/
/* invers the bytes on a word- used for output from HASH */
#ifdef BIG__ENDIAN
#define UTIL_INVERSE_UINT32_BYTES(val) (val)
#else
#define UTIL_INVERSE_UINT32_BYTES(val) \
(((val) >> 24) | (((val) & 0x00FF0000) >> 8) | (((val) & 0x0000FF00) << 8) | (((val) & 0x000000FF) << 24))
#endif
/* invers the bytes on a word - used for input data for HASH */
#ifdef BIG__ENDIAN
#define UTIL_REVERT_UINT32_BYTES(val) \
(((val) >> 24) | (((val) & 0x00FF0000) >> 8) | (((val) & 0x0000FF00) << 8) | (((val) & 0x000000FF) << 24))
#else
#define UTIL_REVERT_UINT32_BYTES(val) (val)
#endif
/* ------------------------------------------------------------
**
* @brief This function executes a reverse bytes copying from one buffer to another buffer.
*
* @param[in] dst_ptr - The pointer to destination buffer.
* @param[in] src_ptr - The pointer to source buffer.
* @param[in] size - The size in bytes.
*
*/
void UTIL_ReverseMemCopy(uint8_t *dst_ptr, uint8_t *src_ptr, uint32_t size);
/* ------------------------------------------------------------
**
* @brief This function executes a reversed byte copy on a specified buffer.
*
* on a 6 byte byffer:
*
* buff[5] <---> buff[0]
* buff[4] <---> buff[1]
* buff[3] <---> buff[2]
*
* @param[in] dst_ptr - The counter buffer.
* @param[in] src_ptr - The counter size in bytes.
*
*/
void UTIL_ReverseBuff(uint8_t *buff_ptr, uint32_t size);
#ifdef __cplusplus
}
#endif
#endif

221
include/drivers/arm/cryptocell/713/bsv_api.h
View file

@ -1,221 +0,0 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _BSV_API_H
#define _BSV_API_H
#ifdef __cplusplus
extern "C"
{
#endif
/*!
@file
@brief This file contains the Boot Services APIs and definitions.
@defgroup cc_bsv_api CryptoCell Boot Services APIs and definitions
@{
@ingroup cc_bsv
*/
#include "cc_pal_types.h"
#include "cc_sec_defs.h"
#include "cc_boot_defs.h"
/* Life cycle state definitions. */
#define CC_BSV_CHIP_MANUFACTURE_LCS 0x0 /*!< The CM life-cycle state (LCS) value. */
#define CC_BSV_DEVICE_MANUFACTURE_LCS 0x1 /*!< The DM life-cycle state (LCS) value. */
#define CC_BSV_SECURE_LCS 0x5 /*!< The Secure life-cycle state (LCS) value. */
#define CC_BSV_RMA_LCS 0x7 /*!< The RMA life-cycle state (LCS) value. */
#define CC_BSV_INVALID_LCS 0xff /*!< The invalid life-cycle state (LCS) value. */
/*----------------------------
TYPES
-----------------------------------*/
/*----------------------------
PUBLIC FUNCTIONS
-----------------------------------*/
/*!
@brief This function verifies the product and version numbers of the HW, and initializes it.
\warning This function must be the first CryptoCell-7xx SBROM library API called.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvInit(
unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
);
/*!
@brief This function retrieves the HW LCS and performs validity checks.
If the LCS is RMA, it also sets the OTP secret keys to a fixed value.
@note An error is returned if there is an invalid LCS. If this happens, your code must
completely disable the device.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvGetAndInitLcs(
unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
uint32_t *pLcs /*!< [out] The value of the current LCS. */
);
/*!
@brief This function retrieves the LCS from the NVM manager.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvLcsGet(
unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
uint32_t *pLcs /*!< [out] The value of the current LCS. */
);
/*!
@brief This function reads software revocation counter from OTP memory, according to the provided sw version index.
SW version is stored in NVM counter and represented by ones. Meaning seVersion=5 would be stored as binary 0b11111;
hence:
the maximal of trusted is 32
the maximal of non-trusted is 224
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvSwVersionGet(
unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
CCSbSwVersionId_t id, /*!< [in] Enumeration defining the trusted/non-trusted counter to read. */
uint32_t *swVersion /*!< [out] The value of the requested counter as read from OTP memory. */
);
/*!
@brief This function sets the NVM counter according to swVersionID (trusted/non-trusted).
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvSwVersionSet(
unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
CCSbSwVersionId_t id, /*!< [in] Enumeration defining the trusted/non-trusted counter to read. */
uint32_t swVersion /*!< [in] New value of the counter to be programmed in OTP memory. */
);
/*!
@brief This function sets the "fatal error" flag in the NVM manager, to disable the use of
any HW keys or security services.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvFatalErrorSet(
unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
);
/*!
@brief This function retrieves the public key hash from OTP memory, according to the provided index.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvPubKeyHashGet(
unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
CCSbPubKeyIndexType_t keyIndex, /*!< [in] Enumeration defining the key hash to retrieve: 128-bit HBK0, 128-bit HBK1, or 256-bit HBK. */
uint32_t *hashedPubKey, /*!< [out] A buffer to contain the public key HASH. */
uint32_t hashResultSizeWords /*!< [in] The size of the hash in 32-bit words:
- Must be 4 for 128-bit hash.
- Must be 8 for 256bit hash. */
);
/*!
@brief This function permanently sets the RMA LCS for the ICV and the OEM.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvRMAModeEnable(
unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
);
/*!
@brief This function is called by the ICV code, to disable the OEM code from changing the ICV RMA bit flag.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvICVRMAFlagBitLock(
unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
);
/*!
@brief This function locks the defined ICV class keys from further usage.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvICVKeyLock(
unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
CCBool_t isICVProvisioningKeyLock, /*!< [in] Should the provisioning key be locked. */
CCBool_t isICVCodeEncKeyLock /*!< [in] Should the encryption key be locked. */
);
/*!
@brief This function retrieves the value of "secure disable" bit.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvSecureDisableGet(
unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
CCBool_t *isSDEnabled /*!< [out] The value of the SD Enable bit. */
);
/*!
@brief This function derives the platform key (Kplt) from the Kpicv, and then decrypts the customer key (Kcst)
from the EKcst (burned in the OTP). The decryption is done only in Secure and RMA LCS mode using AES-ECB.
The customer ROM should invoke this function during early boot, prior to running any non-ROM code, only if Kcst exists.
The resulting Kcst is saved in a HW register.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvCustomerKeyDecrypt(
unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
);
#ifdef __cplusplus
}
#endif
/*!
@brief This function derives the unique SoC_ID for the device, as hashed (Hbk || AES_CMAC (HUK)).
@note SoC_ID is required to create debug certificates.
The OEM or ICV must provide a method for a developer to discover the SoC_ID of a target
device without having to first enable debugging.
One suggested implementation is to have the device ROM code compute the SoC_ID and place
it in a specific location in the flash memory, from where it can be accessed by the developer.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvSocIDCompute(
unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
CCHashResult_t hashResult /*!< [out] The derived SoC_ID. */
);
#endif /* _BSV_API_H */
/**
@}
*/

76
include/drivers/arm/cryptocell/713/bsv_crypto_api.h
View file

@ -1,76 +0,0 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _BSV_CRYPTO_API_H
#define _BSV_CRYPTO_API_H
#ifdef __cplusplus
extern "C"
{
#endif
/*!
@file
@brief This file contains the cryptographic ROM APIs of the Boot Services.
@defgroup cc_bsv_crypto_api CryptoCell Boot Services cryptographic ROM APIs
@{
@ingroup cc_bsv
*/
#include "cc_pal_types.h"
#include "cc_sec_defs.h"
#include "cc_address_defs.h"
#include "bsv_crypto_defs.h"
/*----------------------------
PUBLIC FUNCTIONS
-----------------------------------*/
/*!
@brief This function calculates the SHA-256 digest over contiguous memory
in an integrated operation.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvSha256(
unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
uint8_t *pDataIn, /*!< [in] A pointer to the input buffer to be hashed. The buffer must be contiguous. */
size_t dataSize, /*!< [in] The size of the data to be hashed, in bytes. */
CCHashResult_t hashBuff /*!< [out] A pointer to a word-aligned 32-byte buffer. */
);
/*!
@brief This function allows you to calculate SHA256 digest of an image with decryption base on AES-CTR,
with HW or user key.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure. (in this case, hashBuff will be returned clean, while the output data should be cleaned by the user).
*/
CCError_t CC_BsvCryptoImageDecrypt( unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
CCBsvflowMode_t flow, /*!< [in] The supported operations are: HASH, AES to HASH, AES and HASH. */
CCBsvKeyType_t keyType, /*!< [in] The key type to use: Kce, Kceicv, or user key. */
uint8_t *pUserKey, /*!< [in] A pointer to the user key buffer in case keyType is CC_BSV_USER_KEY. */
size_t userKeySize, /*!< [in] The user key size in bytes (128bits) in case keyType is CC_BSV_USER_KEY. */
uint8_t *pIvBuf, /*!< [in] A pointer to the IV / counter buffer. */
uint8_t *pInputData, /*!< [in] A pointer to the input data. */
uint8_t *pOutputData, /*!< [out] A pointer to the output buffer. (optional should be null in case of hash only). */
size_t dataSize, /*!< [in] The size of the input data in bytes. MUST be multiple of AES block size. */
CCHashResult_t hashBuff /*!< [out] A pointer to a word-aligned 32-byte digest output buffer. */
);
#ifdef __cplusplus
}
#endif
#endif
/**
@}
*/

100
include/drivers/arm/cryptocell/713/bsv_crypto_asym_api.h
View file

@ -1,100 +0,0 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _BSV_CRYPTO_ASYM_API_H
#define _BSV_CRYPTO_ASYM_API_H
#ifdef __cplusplus
extern "C"
{
#endif
/*!
@file
@brief This file contains the cryptographic Asymmetric ROM APIs of the Boot Services.
@defgroup cc_bsv_crypto_asym_api CryptoCell Boot Services cryptographic Asymmetric ROM APIs
@{
@ingroup cc_bsv
*/
#include "cc_pal_types.h"
#include "cc_pka_hw_plat_defs.h"
#include "cc_sec_defs.h"
#include "bsv_crypto_api.h"
/*! Defines the workspace size in bytes needed for internal Asymmetric operations. */
#define BSV_RSA_WORKSPACE_MIN_SIZE (4*BSV_CERT_RSA_KEY_SIZE_IN_BYTES +\
2*RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_BYTES)
/*! Definition for the RSA public modulus array. */
typedef uint32_t CCBsvNBuff_t[BSV_CERT_RSA_KEY_SIZE_IN_WORDS];
/*! Definition for the RSA Barrett mod tag array. */
typedef uint32_t CCBsvNpBuff_t[RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_BYTES];
/*! Definition for the RSA signature array. */
typedef uint32_t CCBsvSignature_t[BSV_CERT_RSA_KEY_SIZE_IN_WORDS];
/*----------------------------
PUBLIC FUNCTIONS
-----------------------------------*/
/*!
@brief This function performs the primitive operation of RSA, meaning exponent and modulus.
outBuff = (pInBuff ^ Exp) mod NBuff. ( Exp = 0x10001 )
The function supports 2k and 3K bit size of modulus, based on compile time define.
There are no restriction on pInBuff location, however its size must be equal to BSV_RSA_KEY_SIZE_IN_BYTES and its
value must be smaller than the modulus.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvRsaPrimVerify (unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
CCBsvNBuff_t NBuff, /*!< [in] The modulus buffer big endian format. */
CCBsvNpBuff_t NpBuff, /*!< [in] The barret tag buffer big endian format - optional. */
uint32_t *pInBuff, /*!< [in] The DataIn buffer to be encrypted. */
size_t inBuffSize, /*!< [in] The DataIn buffer size in bytes, must be BSV_RSA_KEY_SIZE_IN_BYTES. */
CCBsvSignature_t pOutBuff, /*!< [out] The encrypted buffer in big endian format. */
uint32_t *pWorkSpace, /*!< [in] The pointer to user allocated buffer for internal use. */
size_t workBufferSize /*!< [in] The size in bytes of pWorkSpace, must be at-least BSV_RSA_WORKSPACE_MIN_SIZE. */
);
/*!
@brief This function performs RSA PSS verify.
The function should support 2k and 3K bit size of modulus, based on compile time define.
@return \c CC_OK on success.
@return A non-zero value from bsv_error.h on failure.
*/
CCError_t CC_BsvRsaPssVerify (unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
CCBsvNBuff_t NBuff, /*!< [in] The modulus buffer big endian format. */
CCBsvNpBuff_t NpBuff, /*!< [in] The barret tag buffer big endian format - optional. */
CCBsvSignature_t signature, /*!< [in] The signature buffer to verify - big endian format. */
CCHashResult_t hashedData, /*!< [in] The data-in buffer to be verified as sha256 digest. */
uint32_t *pWorkSpace, /*!< [in] The pointer to user allocated buffer for internal use. */
size_t workBufferSize, /*!< [in] The size in bytes of pWorkSpace, must be at-least BSV_RSA_WORKSPACE_MIN_SIZE. */
CCBool_t *pIsVerified /*!< [out] The flag indicates whether the signature is verified or not.
If verified value will be CC_TRUE, otherwise CC_FALSE */
);
#ifdef __cplusplus
}
#endif
#endif
/**
@}
*/

94
include/drivers/arm/cryptocell/713/bsv_crypto_defs.h
View file

@ -1,94 +0,0 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _BSV_CRYPTO_DEFS_H
#define _BSV_CRYPTO_DEFS_H
#ifdef __cplusplus
extern "C"
{
#endif
/*!
@file
@brief This file contains the definitions of the cryptographic ROM APIs.
@defgroup cc_bsv_crypto_defs CryptoCell Boot Services cryptographic ROM API definitions
@{
@ingroup cc_bsv
*/
/*! AES supported HW key code table. */
typedef enum {
CC_BSV_USER_KEY = 0, /*!< Definition for a user key. */
CC_BSV_HUK_KEY = 1, /*!< Definition for the HW unique key. */
CC_BSV_RTL_KEY = 2, /*!< Definition for the RTL key. */
CC_BSV_SESSION_KEY = 3, /*!< Definition for the Session key. */
CC_BSV_CE_KEY = 4, /*!< Definition for the Kce. */
CC_BSV_PLT_KEY = 5, /*!< Definition for the Platform key. */
CC_BSV_KCST_KEY = 6, /*!< Definition for Kcst. */
CC_BSV_ICV_PROV_KEY = 0xd, /*!< Definition for the Kpicv. */
CC_BSV_ICV_CE_KEY = 0xe, /*!< Definition for the Kceicv. */
CC_BSV_PROV_KEY = 0xf, /*!< Definition for the Kcp. */
CC_BSV_END_OF_KEY_TYPE = INT32_MAX, /*!< Reserved. */
}CCBsvKeyType_t;
/*! AES directions. */
typedef enum bsvAesDirection {
BSV_AES_DIRECTION_ENCRYPT = 0, /*!< Encrypt.*/
BSV_AES_DIRECTION_DECRYPT = 1, /*!< Decrypt.*/
BSV_AES_NUM_OF_ENCRYPT_MODES, /*!< The maximal number of operations. */
BSV_AES_DIRECTION_RESERVE32B = INT32_MAX /*!< Reserved.*/
}bsvAesDirection_t;
/*! Definitions of the cryptographic flow supported as part of the Secure Boot. */
typedef enum {
CC_BSV_CRYPTO_HASH_MODE = 0, /*!< Hash mode only. */
CC_BSV_CRYPTO_AES_CTR_AND_HASH_MODE = 1, /*!< Data goes into the AES and Hash engines. */
CC_BSV_CRYPTO_AES_CTR_TO_HASH_MODE = 2 /*!< Data goes into the AES and from the AES to the Hash engine. */
}CCBsvflowMode_t;
/*! CryptoImage HW completion sequence mode */
typedef enum
{
BSV_CRYPTO_COMPLETION_NO_WAIT = 0, /*!< The driver waits only before reading the output. */
BSV_CRYPTO_COMPLETION_WAIT_UPON_END = 1 /*!< The driver waits after each chunk of data. */
}bsvCryptoCompletionMode_t;
/*! AES-CMAC result size, in words. */
#define CC_BSV_CMAC_RESULT_SIZE_IN_WORDS 4 /* 128b */
/*! AES-CMAC result size, in bytes. */
#define CC_BSV_CMAC_RESULT_SIZE_IN_BYTES 16 /* 128b */
/*! AES-CCM 128bit key size, in bytes. */
#define CC_BSV_CCM_KEY_SIZE_BYTES 16
/*! AES-CCM 128bit key size, in words. */
#define CC_BSV_CCM_KEY_SIZE_WORDS 4
/*! AES-CCM NONCE size, in bytes. */
#define CC_BSV_CCM_NONCE_SIZE_BYTES 12
/*! AES-CMAC result buffer. */
typedef uint32_t CCBsvCmacResult_t[CC_BSV_CMAC_RESULT_SIZE_IN_WORDS];
/*! AES-CCM key buffer.*/
typedef uint32_t CCBsvCcmKey_t[CC_BSV_CCM_KEY_SIZE_WORDS];
/*! AES-CCM nonce buffer.*/
typedef uint8_t CCBsvCcmNonce_t[CC_BSV_CCM_NONCE_SIZE_BYTES];
/*! AES-CCM MAC buffer.*/
typedef uint8_t CCBsvCcmMacRes_t[CC_BSV_CMAC_RESULT_SIZE_IN_BYTES];
#ifdef __cplusplus
}
#endif
#endif
/**
@}
*/

161
include/drivers/arm/cryptocell/713/bsv_error.h
View file

@ -1,161 +0,0 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _BSV_ERROR_H
#define _BSV_ERROR_H
#ifdef __cplusplus
extern "C"
{
#endif
/*!
@file
@brief This file defines the error code types that are returned from the Boot Services APIs.
@defgroup cc_bsv_error CryptoCell Boot Services error codes
@{
@ingroup cc_bsv
*/
/*! Defines the base address for Boot Services errors. */
#define CC_BSV_BASE_ERROR 0x0B000000
/*! Defines the base address for Boot Services cryptographic errors. */
#define CC_BSV_CRYPTO_ERROR 0x0C000000
/*! Illegal input parameter. */
#define CC_BSV_ILLEGAL_INPUT_PARAM_ERR (CC_BSV_BASE_ERROR + 0x00000001)
/*! Illegal HUK value. */
#define CC_BSV_ILLEGAL_HUK_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000002)
/*! Illegal Kcp value. */
#define CC_BSV_ILLEGAL_KCP_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000003)
/*! Illegal Kce value. */
#define CC_BSV_ILLEGAL_KCE_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000004)
/*! Illegal Kpicv value. */
#define CC_BSV_ILLEGAL_KPICV_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000005)
/*! Illegal Kceicv value. */
#define CC_BSV_ILLEGAL_KCEICV_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000006)
/*! Illegal EKcst value. */
#define CC_BSV_ILLEGAL_EKCST_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000007)
/*! Hash boot key not programmed in the OTP. */
#define CC_BSV_HASH_NOT_PROGRAMMED_ERR (CC_BSV_BASE_ERROR + 0x00000008)
/*! Illegal Hash boot key zero count in the OTP. */
#define CC_BSV_HBK_ZERO_COUNT_ERR (CC_BSV_BASE_ERROR + 0x00000009)
/*! Illegal LCS. */
#define CC_BSV_ILLEGAL_LCS_ERR (CC_BSV_BASE_ERROR + 0x0000000A)
/*! OTP write compare failure. */
#define CC_BSV_OTP_WRITE_CMP_FAIL_ERR (CC_BSV_BASE_ERROR + 0x0000000B)
/*! OTP access error */
#define CC_BSV_OTP_ACCESS_ERR (CC_BSV_BASE_ERROR + 0x0000000C)
/*! Erase key in OTP failed. */
#define CC_BSV_ERASE_KEY_FAILED_ERR (CC_BSV_BASE_ERROR + 0x0000000D)
/*! Illegal PIDR. */
#define CC_BSV_ILLEGAL_PIDR_ERR (CC_BSV_BASE_ERROR + 0x0000000E)
/*! Illegal CIDR. */
#define CC_BSV_ILLEGAL_CIDR_ERR (CC_BSV_BASE_ERROR + 0x0000000F)
/*! Device failed to move to fatal error state. */
#define CC_BSV_FAILED_TO_SET_FATAL_ERR (CC_BSV_BASE_ERROR + 0x00000010)
/*! Failed to set RMA LCS. */
#define CC_BSV_FAILED_TO_SET_RMA_ERR (CC_BSV_BASE_ERROR + 0x00000011)
/*! Illegal RMA indication. */
#define CC_BSV_ILLEGAL_RMA_INDICATION_ERR (CC_BSV_BASE_ERROR + 0x00000012)
/*! Boot Services version is not initialized. */
#define CC_BSV_VER_IS_NOT_INITIALIZED_ERR (CC_BSV_BASE_ERROR + 0x00000013)
/*! APB secure mode is locked. */
#define CC_BSV_APB_SECURE_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000014)
/*! APB privilege mode is locked. */
#define CC_BSV_APB_PRIVILEG_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000015)
/*! Illegal operation. */
#define CC_BSV_ILLEGAL_OPERATION_ERR (CC_BSV_BASE_ERROR + 0x00000016)
/*! Illegal asset size. */
#define CC_BSV_ILLEGAL_ASSET_SIZE_ERR (CC_BSV_BASE_ERROR + 0x00000017)
/*! Illegal asset value. */
#define CC_BSV_ILLEGAL_ASSET_VAL_ERR (CC_BSV_BASE_ERROR + 0x00000018)
/*! Kpicv is locked. */
#define CC_BSV_KPICV_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000019)
/*! Illegal SW version. */
#define CC_BSV_ILLEGAL_SW_VERSION_ERR (CC_BSV_BASE_ERROR + 0x0000001A)
/*! AO write operation. */
#define CC_BSV_AO_WRITE_FAILED_ERR (CC_BSV_BASE_ERROR + 0x0000001B)
/*! Chip state is already initialized. */
#define CC_BSV_CHIP_INITIALIZED_ERR (CC_BSV_BASE_ERROR + 0x0000001C)
/*! SP is not enabled. */
#define CC_BSV_SP_NOT_ENABLED_ERR (CC_BSV_BASE_ERROR + 0x0000001D)
/*! Production secure provisioning - header fields. */
#define CC_BSV_PROD_PKG_HEADER_ERR (CC_BSV_BASE_ERROR + 0x0000001E)
/*! Production secure provisioning - header MAC. */
#define CC_BSV_PROD_PKG_HEADER_MAC_ERR (CC_BSV_BASE_ERROR + 0x0000001F)
/*! Overrun buffer or size. */
#define CC_BSV_OVERRUN_ERR (CC_BSV_BASE_ERROR + 0x00000020)
/*! Kceicv is locked. */
#define CC_BSV_KCEICV_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000021)
/*! Chip indication is CHIP_STATE_ERROR. */
#define CC_BSV_CHIP_INDICATION_ERR (CC_BSV_BASE_ERROR + 0x00000022)
/*! Device is locked in fatal error state. */
#define CC_BSV_FATAL_ERR_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000023)
/*! Device has security disable feature enabled. */
#define CC_BSV_SECURE_DISABLE_ERROR (CC_BSV_BASE_ERROR + 0x00000024)
/*! Device has Kcst in disabled state */
#define CC_BSV_KCST_DISABLE_ERROR (CC_BSV_BASE_ERROR + 0x00000025)
/*! Illegal data-in pointer. */
#define CC_BSV_CRYPTO_INVALID_DATA_IN_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000001)
/*! Illegal data-out pointer. */
#define CC_BSV_CRYPTO_INVALID_DATA_OUT_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000002)
/*! Illegal data size. */
#define CC_BSV_CRYPTO_INVALID_DATA_SIZE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000003)
/*! Illegal key type. */
#define CC_BSV_CRYPTO_INVALID_KEY_TYPE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000004)
/*! Illegal key size. */
#define CC_BSV_CRYPTO_INVALID_KEY_SIZE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000005)
/*! Invalid key pointer. */
#define CC_BSV_CRYPTO_INVALID_KEY_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000006)
/*! Illegal key DMA type. */
#define CC_BSV_CRYPTO_INVALID_KEY_DMA_TYPE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000007)
/*! Illegal IV pointer. */
#define CC_BSV_CRYPTO_INVALID_IV_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000008)
/*! Illegal cipher mode. */
#define CC_BSV_CRYPTO_INVALID_CIPHER_MODE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000009)
/*! Illegal result buffer pointer. */
#define CC_BSV_CRYPTO_INVALID_RESULT_BUFFER_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000A)
/*! Invalid DMA type. */
#define CC_BSV_CRYPTO_INVALID_DMA_TYPE_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000B)
/*! Invalid in/out buffers overlapping. */
#define CC_BSV_CRYPTO_DATA_OUT_DATA_IN_OVERLAP_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000C)
/*! Invalid KDF label size. */
#define CC_BSV_CRYPTO_ILLEGAL_KDF_LABEL_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000D)
/*! Invalid KDF Context size. */
#define CC_BSV_CRYPTO_ILLEGAL_KDF_CONTEXT_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000E)
/*! Invalid CCM key. */
#define CC_BSV_CCM_INVALID_KEY_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000f)
/*! Invalid CCM Nonce. */
#define CC_BSV_CCM_INVALID_NONCE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000010)
/*! Invalid CCM associated data. */
#define CC_BSV_CCM_INVALID_ASSOC_DATA_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000011)
/*! Invalid CCM text data. */
#define CC_BSV_CCM_INVALID_TEXT_DATA_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000012)
/*! Invalid CCM-MAC buffer. */
#define CC_BSV_CCM_INVALID_MAC_BUF_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000013)
/*! CCM-MAC comparison failed. */
#define CC_BSV_CCM_TAG_LENGTH_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000014)
/*! CCM-MAC comparison failed. */
#define CC_BSV_CCM_MAC_INVALID_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000015)
/*! Illegal flow mode. */
#define CC_BSV_CRYPTO_INVALID_FLOW_MODE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000016)
#ifdef __cplusplus
}
#endif
#endif
/**
@}
*/

50
include/drivers/arm/cryptocell/713/cc_address_defs.h
View file

@ -1,50 +0,0 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _CC_ADDRESS_DEFS_H
#define _CC_ADDRESS_DEFS_H
/*!
@file
@brief This file contains general definitions.
*/
#ifdef __cplusplus
extern "C"
{
#endif
#include "cc_pal_types.h"
/************************ Defines ******************************/
/**
* Address types within CC
*/
/*! Definition of DMA address type, can be 32 bits or 64 bits according to CryptoCell's HW. */
typedef uint64_t CCDmaAddr_t;
/*! Definition of CryptoCell address type, can be 32 bits or 64 bits according to platform. */
typedef uint64_t CCAddr_t;
/*! Definition of CC SRAM address type, can be 32 bits according to CryptoCell's HW. */
typedef uint32_t CCSramAddr_t;
/*
* CCSramAddr_t is being cast into pointer type which can be 64 bit.
*/
/*! Definition of MACRO that casts SRAM addresses to pointer types. */
#define CCSramAddr2Ptr(sramAddr) ((uintptr_t)sramAddr)
#ifdef __cplusplus
}
#endif
#endif
/**
@}
*/

52
include/drivers/arm/cryptocell/713/cc_boot_defs.h
View file

@ -1,52 +0,0 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _CC_BOOT_DEFS_H
#define _CC_BOOT_DEFS_H
/*!
@file
@brief This file contains general definitions of types and enums of Boot APIs.
*/
#ifdef __cplusplus
extern "C"
{
#endif
/*! Version counters value. */
typedef enum {
CC_SW_VERSION_TRUSTED = 0, /*!< Trusted counter. */
CC_SW_VERSION_NON_TRUSTED, /*!< Non trusted counter. */
CC_SW_VERSION_MAX = 0x7FFFFFFF /*!< Reserved */
} CCSbSwVersionId_t;
/*! The hash boot key definition. */
typedef enum {
CC_SB_HASH_BOOT_KEY_0_128B = 0, /*!< Hbk0: 128-bit truncated SHA-256 digest of PubKB0. Used by ICV */
CC_SB_HASH_BOOT_KEY_1_128B = 1, /*!< Hbk1: 128-bit truncated SHA-256 digest of PubKB1. Used by OEM */
CC_SB_HASH_BOOT_KEY_256B = 2, /*!< Hbk: 256-bit SHA-256 digest of public key. */
CC_SB_HASH_BOOT_NOT_USED = 0xF, /*!< Hbk is not used. */
CC_SB_HASH_MAX_NUM = 0x7FFFFFFF, /*!< Reserved. */
} CCSbPubKeyIndexType_t;
/*! Chip state. */
typedef enum {
CHIP_STATE_NOT_INITIALIZED = 0, /*! Chip is not initialized. */
CHIP_STATE_TEST = 1, /*! Chip is in Production state. */
CHIP_STATE_PRODUCTION = 2, /*! Chip is in Production state. */
CHIP_STATE_ERROR = 3, /*! Chip is in Error state. */
} CCBsvChipState_t;
#ifdef __cplusplus
}
#endif
#endif /*_CC_BOOT_DEFS_H */
/**
@}
*/

100
include/drivers/arm/cryptocell/713/cc_pal_types.h
View file

@ -1,100 +0,0 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef CC_PAL_TYPES_H
#define CC_PAL_TYPES_H
/*!
@file
@brief This file contains platform-dependent definitions and types of the PAL layer.
@defgroup cc_pal_types CryptoCell platform-dependent PAL layer definitions and types
@{
@ingroup cc_pal
@{
@ingroup cc_pal
@}
*/
#include "cc_pal_types_plat.h"
/*! Definition of Boolean type.*/
typedef enum {
/*! Boolean false.*/
CC_FALSE = 0,
/*! Boolean true.*/
CC_TRUE = 1
} CCBool_t;
/*! Success. */
#define CC_SUCCESS 0UL
/*! Failure. */
#define CC_FAIL 1UL
/*! Success (OK). */
#define CC_OK 0
/*! This macro handles unused parameters in the code, to avoid compilation warnings. */
#define CC_UNUSED_PARAM(prm) ((void)prm)
/*! The maximal uint32 value.*/
#define CC_MAX_UINT32_VAL (0xFFFFFFFF)
/* Minimal and Maximal macros */
#ifdef min
/*! Definition for minimal calculation. */
#define CC_MIN(a,b) min( a , b )
#else
/*! Definition for minimal calculation. */
#define CC_MIN( a , b ) ( ( (a) < (b) ) ? (a) : (b) )
#endif
#ifdef max
/*! Definition for maximal calculation. */
#define CC_MAX(a,b) max( a , b )
#else
/*! Definition for maximal calculation.. */
#define CC_MAX( a , b ) ( ( (a) > (b) ) ? (a) : (b) )
#endif
/*! This macro calculates the number of full Bytes from bits, where seven bits are one Byte. */
#define CALC_FULL_BYTES(numBits) ((numBits)/CC_BITS_IN_BYTE + (((numBits) & (CC_BITS_IN_BYTE-1)) > 0))
/*! This macro calculates the number of full 32-bit words from bits where 31 bits are one word. */
#define CALC_FULL_32BIT_WORDS(numBits) ((numBits)/CC_BITS_IN_32BIT_WORD + (((numBits) & (CC_BITS_IN_32BIT_WORD-1)) > 0))
/*! This macro calculates the number of full 32-bit words from Bytes where three Bytes are one word. */
#define CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) ((sizeBytes)/CC_32BIT_WORD_SIZE + (((sizeBytes) & (CC_32BIT_WORD_SIZE-1)) > 0))
/*! This macro calculates the number of full 32-bit words from 64-bits dwords. */
#define CALC_32BIT_WORDS_FROM_64BIT_DWORD(sizeWords) (sizeWords * CC_32BIT_WORD_IN_64BIT_DWORD)
/*! This macro rounds up bits to 32-bit words. */
#define ROUNDUP_BITS_TO_32BIT_WORD(numBits) (CALC_FULL_32BIT_WORDS(numBits) * CC_BITS_IN_32BIT_WORD)
/*! This macro rounds up bits to Bytes. */
#define ROUNDUP_BITS_TO_BYTES(numBits) (CALC_FULL_BYTES(numBits) * CC_BITS_IN_BYTE)
/*! This macro rounds up bytes to 32-bit words. */
#define ROUNDUP_BYTES_TO_32BIT_WORD(sizeBytes) (CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) * CC_32BIT_WORD_SIZE)
/*! This macro calculates the number Bytes from words. */
#define CALC_WORDS_TO_BYTES(numwords) ((numwords)*CC_32BIT_WORD_SIZE)
/*! Definition of 1 KB in Bytes. */
#define CC_1K_SIZE_IN_BYTES 1024
/*! Definition of number of bits in a Byte. */
#define CC_BITS_IN_BYTE 8
/*! Definition of number of bits in a 32-bits word. */
#define CC_BITS_IN_32BIT_WORD 32
/*! Definition of number of Bytes in a 32-bits word. */
#define CC_32BIT_WORD_SIZE 4
/*! Definition of number of 32-bits words in a 64-bits dword. */
#define CC_32BIT_WORD_IN_64BIT_DWORD 2
#endif
/**
@}
*/

25
include/drivers/arm/cryptocell/713/cc_pal_types_plat.h
View file

@ -1,25 +0,0 @@
/*
* Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
/*! @file
@brief This file contains basic type definitions that are platform-dependent.
*/
#ifndef _CC_PAL_TYPES_PLAT_H
#define _CC_PAL_TYPES_PLAT_H
/* Host specific types for standard (ISO-C99) compliant platforms */
#include <stddef.h>
#include <stdint.h>
typedef uint32_t CCStatus;
#define CCError_t CCStatus
#define CC_INFINITE 0xFFFFFFFF
#define CEXPORT_C
#define CIMPORT_C
#endif /*_CC_PAL_TYPES_PLAT_H*/

62
include/drivers/arm/cryptocell/713/cc_pka_hw_plat_defs.h
View file

@ -1,62 +0,0 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _CC_PKA_HW_PLAT_DEFS_H
#define _CC_PKA_HW_PLAT_DEFS_H
#ifdef __cplusplus
extern "C"
{
#endif
#include "cc_pal_types.h"
/*!
@file
@brief Contains the enums and definitions that are used in the PKA code (definitions that are platform dependent).
*/
/*! The size of the PKA engine word. */
#define CC_PKA_WORD_SIZE_IN_BITS 128
/*! The maximal supported size of modulus in RSA in bits. */
#define CC_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS 4096
/*! The maximal supported size of key-generation in RSA in bits. */
#define CC_RSA_MAX_KEY_GENERATION_HW_SIZE_BITS 4096
/*! Secure boot/debug certificate RSA public modulus key size in bits. */
#if (KEY_SIZE == 3072)
#define BSV_CERT_RSA_KEY_SIZE_IN_BITS 3072
#else
#define BSV_CERT_RSA_KEY_SIZE_IN_BITS 2048
#endif
/*! Secure boot/debug certificate RSA public modulus key size in bytes. */
#define BSV_CERT_RSA_KEY_SIZE_IN_BYTES (BSV_CERT_RSA_KEY_SIZE_IN_BITS/CC_BITS_IN_BYTE)
/*! Secure boot/debug certificate RSA public modulus key size in words. */
#define BSV_CERT_RSA_KEY_SIZE_IN_WORDS (BSV_CERT_RSA_KEY_SIZE_IN_BITS/CC_BITS_IN_32BIT_WORD)
/*! The maximal count of extra bits in PKA operations. */
#define PKA_EXTRA_BITS 8
/*! The number of memory registers in PKA operations. */
#define PKA_MAX_COUNT_OF_PHYS_MEM_REGS 32
/*! Size of buffer for Barrett modulus tag in words. */
#define RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS 5
/*! Size of buffer for Barrett modulus tag in bytes. */
#define RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_BYTES (RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS*CC_32BIT_WORD_SIZE)
#ifdef __cplusplus
}
#endif
#endif //_CC_PKA_HW_PLAT_DEFS_H
/**
@}
*/

70
include/drivers/arm/cryptocell/713/cc_sec_defs.h
View file

@ -1,70 +0,0 @@
/*
* Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _CC_SEC_DEFS_H
#define _CC_SEC_DEFS_H
/*!
@file
@brief This file contains general definitions and types.
*/
#ifdef __cplusplus
extern "C"
{
#endif
#include "cc_pal_types.h"
/*! Hashblock size in words. */
#define HASH_BLOCK_SIZE_IN_WORDS 16
/*! Hash - SHA2 results in words. */
#define HASH_RESULT_SIZE_IN_WORDS 8
/*! Hash - SHA2 results in bytes. */
#define HASH_RESULT_SIZE_IN_BYTES 32
/*! Definition for hash result array. */
typedef uint32_t CCHashResult_t[HASH_RESULT_SIZE_IN_WORDS];
/*! Definition for converting pointer to Host address. */
#define CONVERT_TO_ADDR(ptr) (unsigned long)ptr
/*! Definition for converting pointer to SRAM address. */
#define CONVERT_TO_SRAM_ADDR(ptr) (0xFFFFFFFF & ptr)
/*! The data size of the signed SW image, in bytes. */
/*!\internal ContentCertImageRecord_t includes: HS(8W) + 64-b dstAddr(2W) + imgSize(1W) + isCodeEncUsed(1W) */
#define SW_REC_SIGNED_DATA_SIZE_IN_BYTES 48
/*! The data size of the unsigned SW image, in bytes. */
/*!\internal CCSbSwImgAddData_t includes: 64-b srcAddr(2W)*/
#define SW_REC_NONE_SIGNED_DATA_SIZE_IN_BYTES 8
/*! The additional data size - storage address and length of the unsigned SW image, in words. */
#define SW_REC_NONE_SIGNED_DATA_SIZE_IN_WORDS SW_REC_NONE_SIGNED_DATA_SIZE_IN_BYTES/CC_32BIT_WORD_SIZE
/*! The additional data section size, in bytes. */
#define CC_SB_MAX_SIZE_ADDITIONAL_DATA_BYTES 128
/*! Indication of whether or not to load the SW image to memory. */
#define CC_SW_COMP_NO_MEM_LOAD_INDICATION 0xFFFFFFFFFFFFFFFFUL
/*! Indication of product version, stored in certificate version field. */
#define CC_SB_CERT_VERSION_PROJ_PRD 0x713
#ifdef __cplusplus
}
#endif
#endif
/**
@}
*/

13
include/drivers/arm/cryptocell/cc_rotpk.h
View file

@ -1,13 +0,0 @@
/*
* Copyright (c) 2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _CC_ROTPK_H
#define _CC_ROTPK_H
int cc_get_rotpk_hash(unsigned char *dst, unsigned int len,
unsigned int *flags);
#endif

9
include/plat/arm/common/arm_def.h
View file

@ -196,16 +196,7 @@ MEASURED_BOOT
ARM_AP_TZC_DRAM1_SIZE - 1U) ARM_AP_TZC_DRAM1_SIZE - 1U)
/* Define the Access permissions for Secure peripherals to NS_DRAM */ /* Define the Access permissions for Secure peripherals to NS_DRAM */
#if ARM_CRYPTOCELL_INTEG
/*
* Allow Secure peripheral to read NS DRAM when integrated with CryptoCell.
* This is required by CryptoCell to authenticate BL33 which is loaded
* into the Non Secure DDR.
*/
#define ARM_TZC_NS_DRAM_S_ACCESS TZC_REGION_S_RD
#else
#define ARM_TZC_NS_DRAM_S_ACCESS TZC_REGION_S_NONE #define ARM_TZC_NS_DRAM_S_ACCESS TZC_REGION_S_NONE
#endif
#ifdef SPD_opteed #ifdef SPD_opteed
/* /*

9
include/plat/nuvoton/common/npcm845x_arm_def.h
View file

@ -149,16 +149,7 @@
ARM_AP_TZC_DRAM1_SIZE - 1U) ARM_AP_TZC_DRAM1_SIZE - 1U)
/* Define the Access permissions for Secure peripherals to NS_DRAM */ /* Define the Access permissions for Secure peripherals to NS_DRAM */
#if ARM_CRYPTOCELL_INTEG
/*
* Allow Secure peripheral to read NS DRAM when integrated with CryptoCell.
* This is required by CryptoCell to authenticate BL33 which is loaded
* into the Non Secure DDR.
*/
#define ARM_TZC_NS_DRAM_S_ACCESS TZC_REGION_S_RD
#else
#define ARM_TZC_NS_DRAM_S_ACCESS TZC_REGION_S_NONE #define ARM_TZC_NS_DRAM_S_ACCESS TZC_REGION_S_NONE
#endif /* ARM_CRYPTOCELL_INTEG */
#ifdef SPD_opteed #ifdef SPD_opteed
/* /*

32
plat/arm/board/common/board_arm_trusted_boot.c
View file

@ -9,7 +9,6 @@
#include <string.h> #include <string.h>
#include <common/debug.h> #include <common/debug.h>
#include <drivers/arm/cryptocell/cc_rotpk.h>
#include <drivers/delay_timer.h> #include <drivers/delay_timer.h>
#include <lib/cassert.h> #include <lib/cassert.h>
#include <lib/fconf/fconf.h> #include <lib/fconf/fconf.h>
@ -27,11 +26,9 @@
#include <plat/arm/common/plat_arm.h> #include <plat/arm/common/plat_arm.h>
#include <platform_def.h> #include <platform_def.h>
#if !ARM_CRYPTOCELL_INTEG
#if !ARM_ROTPK_LOCATION_ID #if !ARM_ROTPK_LOCATION_ID
#error "ARM_ROTPK_LOCATION_ID not defined" #error "ARM_ROTPK_LOCATION_ID not defined"
#endif #endif
#endif
#if COT_DESC_IN_DTB && defined(IMAGE_BL2) #if COT_DESC_IN_DTB && defined(IMAGE_BL2)
uintptr_t nv_cntr_base_addr[MAX_NV_CTR_IDS]; uintptr_t nv_cntr_base_addr[MAX_NV_CTR_IDS];
@ -50,7 +47,7 @@ uintptr_t nv_cntr_base_addr[MAX_NV_CTR_IDS] = {
extern unsigned char arm_rotpk_header[], arm_rotpk_key[], arm_rotpk_hash_end[], extern unsigned char arm_rotpk_header[], arm_rotpk_key[], arm_rotpk_hash_end[],
arm_rotpk_key_end[]; arm_rotpk_key_end[];
#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID) || ARM_CRYPTOCELL_INTEG #if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID)
static unsigned char rotpk_hash_der[ARM_ROTPK_HEADER_LEN + ARM_ROTPK_HASH_LEN]; static unsigned char rotpk_hash_der[ARM_ROTPK_HEADER_LEN + ARM_ROTPK_HASH_LEN];
#endif #endif
@ -117,38 +114,12 @@ int arm_get_rotpk_info_dev(void **key_ptr, unsigned int *key_len,
} }
#endif #endif
#if ARM_CRYPTOCELL_INTEG
/*
* Return ROTPK hash from CryptoCell.
*/
int arm_get_rotpk_info_cc(void **key_ptr, unsigned int *key_len,
unsigned int *flags)
{
unsigned char *dst;
assert(key_ptr != NULL);
assert(key_len != NULL);
assert(flags != NULL);
/* Copy the DER header */
memcpy(rotpk_hash_der, arm_rotpk_header, ARM_ROTPK_HEADER_LEN);
dst = &rotpk_hash_der[ARM_ROTPK_HEADER_LEN];
*key_ptr = rotpk_hash_der;
*key_len = sizeof(rotpk_hash_der);
return cc_get_rotpk_hash(dst, ARM_ROTPK_HASH_LEN, flags);
}
#endif
/* /*
* Wrapper function for most Arm platforms to get ROTPK info. * Wrapper function for most Arm platforms to get ROTPK info.
*/ */
static int get_rotpk_info(void **key_ptr, unsigned int *key_len, static int get_rotpk_info(void **key_ptr, unsigned int *key_len,
unsigned int *flags) unsigned int *flags)
{ {
#if ARM_CRYPTOCELL_INTEG
return arm_get_rotpk_info_cc(key_ptr, key_len, flags);
#else
#if ARM_USE_DEVEL_ROTPK #if ARM_USE_DEVEL_ROTPK
return arm_get_rotpk_info_dev(key_ptr, key_len, flags); return arm_get_rotpk_info_dev(key_ptr, key_len, flags);
#elif (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID) #elif (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID)
@ -156,7 +127,6 @@ static int get_rotpk_info(void **key_ptr, unsigned int *key_len,
#else #else
return 1; return 1;
#endif #endif
#endif /* ARM_CRYPTOCELL_INTEG */
} }
#if defined(ARM_COT_tbbr) #if defined(ARM_COT_tbbr)

10
plat/arm/board/common/board_common.mk
View file

@ -13,7 +13,7 @@ BL2_SOURCES += drivers/cfi/v2m/v2m_flash.c
ifneq (${TRUSTED_BOARD_BOOT},0) ifneq (${TRUSTED_BOARD_BOOT},0)
ARM_ROTPK_S = plat/arm/board/common/rotpk/arm_dev_rotpk.S ARM_ROTPK_S = plat/arm/board/common/rotpk/arm_dev_rotpk.S
ifneq (${ARM_CRYPTOCELL_INTEG}, 1)
# ROTPK hash location # ROTPK hash location
ifeq (${ARM_ROTPK_LOCATION}, regs) ifeq (${ARM_ROTPK_LOCATION}, regs)
ARM_ROTPK_LOCATION_ID = ARM_ROTPK_REGS_ID ARM_ROTPK_LOCATION_ID = ARM_ROTPK_REGS_ID
@ -79,13 +79,7 @@ NTFW_NVCTR_VAL ?= 223
# On others, we mock it by aliasing it to the Trusted Firmware Non-Volatile counter, # On others, we mock it by aliasing it to the Trusted Firmware Non-Volatile counter,
# hence we set both counters to the same default value. # hence we set both counters to the same default value.
CCAFW_NVCTR_VAL ?= 31 CCAFW_NVCTR_VAL ?= 31
else
# Certificate NV-Counters when CryptoCell is integrated. For development
# platforms we set the counter to first valid value.
TFW_NVCTR_VAL ?= 0
NTFW_NVCTR_VAL ?= 0
CCAFW_NVCTR_VAL ?= 0
endif
BL1_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \ BL1_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \
${ARM_ROTPK_S} ${ARM_ROTPK_S}
BL2_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \ BL2_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \

3
plat/arm/board/fvp_r/fvp_r_bl1_setup.c
View file

@ -104,9 +104,6 @@ void arm_bl1_plat_arch_setup(void)
#if USE_ROMLIB #if USE_ROMLIB
ARM_MAP_ROMLIB_CODE, ARM_MAP_ROMLIB_CODE,
ARM_MAP_ROMLIB_DATA, ARM_MAP_ROMLIB_DATA,
#endif
#if ARM_CRYPTOCELL_INTEG
ARM_MAP_BL_COHERENT_RAM,
#endif #endif
/* DRAM1_region: */ /* DRAM1_region: */
MAP_REGION_FLAT( MAP_REGION_FLAT(

3
plat/arm/board/juno/include/platform_def.h
View file

@ -32,9 +32,6 @@
#define PLATFORM_CORE_COUNT (JUNO_CLUSTER0_CORE_COUNT + \ #define PLATFORM_CORE_COUNT (JUNO_CLUSTER0_CORE_COUNT + \
JUNO_CLUSTER1_CORE_COUNT) JUNO_CLUSTER1_CORE_COUNT)
/* Cryptocell HW Base address */
#define PLAT_CRYPTOCELL_BASE UL(0x60050000)
/* /*
* Other platform porting definitions are provided by included headers * Other platform porting definitions are provided by included headers
*/ */

7
plat/arm/board/juno/juno_trusted_boot.c
View file

@ -8,7 +8,6 @@
#include <stdint.h> #include <stdint.h>
#include <string.h> #include <string.h>
#include <drivers/arm/cryptocell/cc_rotpk.h>
#include <plat/arm/common/plat_arm.h> #include <plat/arm/common/plat_arm.h>
#include <plat/common/common_def.h> #include <plat/common/common_def.h>
#include <plat/common/platform.h> #include <plat/common/platform.h>
@ -109,10 +108,6 @@ static int juno_get_rotpk_info_regs(void **key_ptr, unsigned int *key_len,
int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len, int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len,
unsigned int *flags) unsigned int *flags)
{ {
#if ARM_CRYPTOCELL_INTEG
return arm_get_rotpk_info_cc(key_ptr, key_len, flags);
#else
#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_RSA_ID) || \ #if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_RSA_ID) || \
(ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_ECDSA_ID) (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_ECDSA_ID)
return arm_get_rotpk_info_dev(key_ptr, key_len, flags); return arm_get_rotpk_info_dev(key_ptr, key_len, flags);
@ -121,6 +116,4 @@ int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len,
#else #else
return 1; return 1;
#endif #endif
#endif /* ARM_CRYPTOCELL_INTEG */
} }

48
plat/arm/common/aarch64/arm_helpers.S
View file

@ -86,51 +86,3 @@ endfunc plat_crash_console_flush
func platform_mem_init func platform_mem_init
ret ret
endfunc platform_mem_init endfunc platform_mem_init
/*
* Need to use coherent stack when ARM Cryptocell is used to autheticate images
* since Cryptocell uses DMA to transfer data and it is not coherent with the
* AP CPU.
*/
#if ARM_CRYPTOCELL_INTEG
#if defined(IMAGE_BL1) || defined(IMAGE_BL2)
.globl plat_get_my_stack
.globl plat_set_my_stack
.local platform_coherent_stacks
/* -------------------------------------------------------
* uintptr_t plat_get_my_stack ()
*
* For cold-boot BL images, only the primary CPU needs a
* stack. This function returns the stack pointer for a
* stack allocated in coherent memory.
* -------------------------------------------------------
*/
func plat_get_my_stack
get_up_stack platform_coherent_stacks, PLATFORM_STACK_SIZE
ret
endfunc plat_get_my_stack
/* -------------------------------------------------------
* void plat_set_my_stack ()
*
* For cold-boot BL images, only the primary CPU needs a
* stack. This function sets the stack pointer to a stack
* allocated in coherent memory.
* -------------------------------------------------------
*/
func plat_set_my_stack
get_up_stack platform_coherent_stacks, PLATFORM_STACK_SIZE
mov sp, x0
ret
endfunc plat_set_my_stack
/* ----------------------------------------------------
* Single cpu stack in coherent memory.
* ----------------------------------------------------
*/
declare_stack platform_coherent_stacks, .tzfw_coherent_mem, \
PLATFORM_STACK_SIZE, 1, CACHE_WRITEBACK_GRANULE
#endif /* defined(IMAGE_BL1) || defined(IMAGE_BL2) */
#endif /* ARM_CRYPTOCELL_INTEG */

10
plat/arm/common/arm_bl1_setup.c
View file

@ -108,11 +108,8 @@ void bl1_early_platform_setup(void)
*****************************************************************************/ *****************************************************************************/
void arm_bl1_plat_arch_setup(void) void arm_bl1_plat_arch_setup(void)
{ {
#if USE_COHERENT_MEM && !ARM_CRYPTOCELL_INTEG #if USE_COHERENT_MEM
/* /* Ensure ARM platforms don't use coherent memory in BL1. */
* Ensure ARM platforms don't use coherent memory in BL1 unless
* cryptocell integration is enabled.
*/
assert((BL_COHERENT_RAM_END - BL_COHERENT_RAM_BASE) == 0U); assert((BL_COHERENT_RAM_END - BL_COHERENT_RAM_BASE) == 0U);
#endif #endif
@ -122,9 +119,6 @@ void arm_bl1_plat_arch_setup(void)
#if USE_ROMLIB #if USE_ROMLIB
ARM_MAP_ROMLIB_CODE, ARM_MAP_ROMLIB_CODE,
ARM_MAP_ROMLIB_DATA, ARM_MAP_ROMLIB_DATA,
#endif
#if ARM_CRYPTOCELL_INTEG
ARM_MAP_BL_COHERENT_RAM,
#endif #endif
{0} {0}
}; };

10
plat/arm/common/arm_bl2_setup.c
View file

@ -184,11 +184,8 @@ static void arm_bl2_plat_gpt_setup(void)
******************************************************************************/ ******************************************************************************/
void arm_bl2_plat_arch_setup(void) void arm_bl2_plat_arch_setup(void)
{ {
#if USE_COHERENT_MEM && !ARM_CRYPTOCELL_INTEG #if USE_COHERENT_MEM
/* /* Ensure ARM platforms don't use coherent memory in BL2. */
* Ensure ARM platforms don't use coherent memory in BL2 unless
* cryptocell integration is enabled.
*/
assert((BL_COHERENT_RAM_END - BL_COHERENT_RAM_BASE) == 0U); assert((BL_COHERENT_RAM_END - BL_COHERENT_RAM_BASE) == 0U);
#endif #endif
@ -198,9 +195,6 @@ void arm_bl2_plat_arch_setup(void)
#if USE_ROMLIB #if USE_ROMLIB
ARM_MAP_ROMLIB_CODE, ARM_MAP_ROMLIB_CODE,
ARM_MAP_ROMLIB_DATA, ARM_MAP_ROMLIB_DATA,
#endif
#if ARM_CRYPTOCELL_INTEG
ARM_MAP_BL_COHERENT_RAM,
#endif #endif
ARM_MAP_BL_CONFIG_REGION, ARM_MAP_BL_CONFIG_REGION,
#if ENABLE_RME #if ENABLE_RME

19
plat/arm/common/arm_common.mk
View file

@ -164,24 +164,11 @@ ifeq ($(SEPARATE_NOBITS_REGION),1)
endif endif
endif endif
# Disable ARM Cryptocell by default
ARM_CRYPTOCELL_INTEG := 0
$(eval $(call assert_boolean,ARM_CRYPTOCELL_INTEG))
$(eval $(call add_define,ARM_CRYPTOCELL_INTEG))
# Enable PIE support for RESET_TO_BL31/RESET_TO_SP_MIN case # Enable PIE support for RESET_TO_BL31/RESET_TO_SP_MIN case
ifneq ($(filter 1,${RESET_TO_BL31} ${RESET_TO_SP_MIN}),) ifneq ($(filter 1,${RESET_TO_BL31} ${RESET_TO_SP_MIN}),)
ENABLE_PIE := 1 ENABLE_PIE := 1
endif endif
# CryptoCell integration relies on coherent buffers for passing data from
# the AP CPU to the CryptoCell
ifeq (${ARM_CRYPTOCELL_INTEG},1)
ifeq (${USE_COHERENT_MEM},0)
$(error "ARM_CRYPTOCELL_INTEG needs USE_COHERENT_MEM to be set.")
endif
endif
# Disable GPT parser support, use FIP image by default # Disable GPT parser support, use FIP image by default
ARM_GPT_SUPPORT := 0 ARM_GPT_SUPPORT := 0
$(eval $(call assert_boolean,ARM_GPT_SUPPORT)) $(eval $(call assert_boolean,ARM_GPT_SUPPORT))
@ -447,11 +434,7 @@ ifneq ($(filter 1,${MEASURED_BOOT} ${TRUSTED_BOARD_BOOT} ${DRTM_SUPPORT}),)
BL31_SOURCES += drivers/auth/crypto_mod.c BL31_SOURCES += drivers/auth/crypto_mod.c
# We expect to locate the *.mk files under the directories specified below # We expect to locate the *.mk files under the directories specified below
ifeq (${ARM_CRYPTOCELL_INTEG},0) CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
else
CRYPTO_LIB_MK := drivers/auth/cryptocell/cryptocell_crypto.mk
endif
$(info Including ${CRYPTO_LIB_MK}) $(info Including ${CRYPTO_LIB_MK})
include ${CRYPTO_LIB_MK} include ${CRYPTO_LIB_MK}

18
plat/nuvoton/npcm845x/platform.mk
View file

@ -140,25 +140,11 @@ $(error For SEPARATE_NOBITS_REGION, RECLAIM_INIT_CODE cannot be supported)
endif endif
endif endif
# Disable ARM Cryptocell by default
ARM_CRYPTOCELL_INTEG := 0
$(eval $(call assert_boolean,ARM_CRYPTOCELL_INTEG))
$(eval $(call add_define,ARM_CRYPTOCELL_INTEG))
# Enable PIE support for RESET_TO_BL31 case # Enable PIE support for RESET_TO_BL31 case
ifeq (${RESET_TO_BL31},1) ifeq (${RESET_TO_BL31},1)
ENABLE_PIE := 1 ENABLE_PIE := 1
endif endif
# CryptoCell integration relies on coherent buffers for passing data from
# the AP CPU to the CryptoCell
ifeq (${ARM_CRYPTOCELL_INTEG},1)
ifeq (${USE_COHERENT_MEM},0)
$(error "ARM_CRYPTOCELL_INTEG needs USE_COHERENT_MEM to be set.")
endif
endif
PLAT_INCLUDES := -Iinclude/plat/nuvoton/npcm845x \ PLAT_INCLUDES := -Iinclude/plat/nuvoton/npcm845x \
-Iinclude/plat/nuvoton/common \ -Iinclude/plat/nuvoton/common \
-Iinclude/drivers/nuvoton/npcm845x \ -Iinclude/drivers/nuvoton/npcm845x \
@ -339,11 +325,7 @@ BL2_SOURCES += ${AUTH_SOURCES} \
$(eval $(call TOOL_ADD_IMG,ns_bl2u,--fwu,FWU_)) $(eval $(call TOOL_ADD_IMG,ns_bl2u,--fwu,FWU_))
# We expect to locate the *.mk files under the directories specified below # We expect to locate the *.mk files under the directories specified below
ifeq (${ARM_CRYPTOCELL_INTEG},0)
CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
else
CRYPTO_LIB_MK := drivers/auth/cryptocell/cryptocell_crypto.mk
endif
IMG_PARSER_LIB_MK := drivers/auth/mbedtls/mbedtls_x509.mk IMG_PARSER_LIB_MK := drivers/auth/mbedtls/mbedtls_x509.mk