mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2025-05-03 09:29:57 +00:00
99cd54f312
NXP SoC supports two TBB mode:
- MBED_TLS based
-- ROTK key hash is placed as part of the BL2 binary at section:
--- .rodata.nxp_rotpk_hash
-- Supporting non-volatile counter via SFP.
-- platform function used by TFA common authentication code.
- NXP CSF based
-- ROTK key deployment vary from MBEDTLS
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: Ib0f0bf024fd93de906c5d4f609383ae9e02b2fbc
81 lines
1.7 KiB
C
81 lines
1.7 KiB
C
/*
|
|
* Copyright 2018-2021 NXP
|
|
*
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*
|
|
*
|
|
*/
|
|
|
|
#include <errno.h>
|
|
|
|
#include <common/debug.h>
|
|
#include <csf_hdr.h>
|
|
#include <dcfg.h>
|
|
#include <drivers/auth/crypto_mod.h>
|
|
#include <snvs.h>
|
|
|
|
#include <plat/common/platform.h>
|
|
#include "plat_common.h"
|
|
|
|
extern bool rotpk_not_dpld;
|
|
extern uint8_t rotpk_hash_table[MAX_KEY_ENTRIES][SHA256_BYTES];
|
|
extern uint32_t num_rotpk_hash_entries;
|
|
|
|
/*
|
|
* In case of secure boot, return ptr of rotpk_hash table in key_ptr and
|
|
* number of hashes in key_len
|
|
*/
|
|
int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len,
|
|
unsigned int *flags)
|
|
{
|
|
uint32_t mode = 0U;
|
|
*flags = ROTPK_NOT_DEPLOYED;
|
|
|
|
/* ROTPK hash table must be available for secure boot */
|
|
if (rotpk_not_dpld == true) {
|
|
if (check_boot_mode_secure(&mode) == true) {
|
|
/* Production mode, don;t continue further */
|
|
if (mode == 1U) {
|
|
return -EAUTH;
|
|
}
|
|
|
|
/* For development mode, rotpk flag false
|
|
* indicates that SRK hash comparison might
|
|
* have failed. This is not fatal error.
|
|
* Continue in this case but transition SNVS
|
|
* to non-secure state
|
|
*/
|
|
transition_snvs_non_secure();
|
|
return 0;
|
|
} else {
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* We return the complete hash table and number of entries in
|
|
* table for NXP platform specific implementation.
|
|
* Here hash is always assume as SHA-256
|
|
*/
|
|
*key_ptr = rotpk_hash_table;
|
|
*key_len = num_rotpk_hash_entries;
|
|
*flags = ROTPK_IS_HASH;
|
|
|
|
return 0;
|
|
}
|
|
|
|
int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr)
|
|
{
|
|
/*
|
|
* No support for non-volatile counter. Update the ROT key to protect
|
|
* the system against rollback.
|
|
*/
|
|
*nv_ctr = 0U;
|
|
|
|
return 0;
|
|
}
|
|
|
|
int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
|
|
{
|
|
return 0;
|
|
}
|