mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2025-04-16 17:44:19 +00:00
beb625f90b
Add the support of the TRUSTED_BOARD_BOOT to authenticate the loaded FIP using platform CoT management. It adds TBB platform definition, redefining the standard image ID in order to decrease requested size in BL2 binary. Authentication will use mbedTLS library for parsing certificate configured with a platform configuration. Change-Id: I9da66b915c5e9e9293fccfce92bef2434da1e430 Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com> Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
37 lines
881 B
C
37 lines
881 B
C
/*
|
|
* Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
|
|
*
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*/
|
|
|
|
#include "tbbr/tbb_ext.h"
|
|
#include "tbbr/tbb_key.h"
|
|
|
|
#include "tbbr/stm32mp1_tbb_cert.h"
|
|
|
|
/*
|
|
* Certificates used in the chain of trust
|
|
*
|
|
* The order of the certificates must follow the enumeration specified in
|
|
* stm32mp1_tbb_cert.h. All certificates are self-signed, so the issuer certificate
|
|
* field points to itself.
|
|
*/
|
|
static cert_t stm32mp1_tbb_certs[] = {
|
|
[0] = {
|
|
.id = STM32MP_CONFIG_CERT,
|
|
.opt = "stm32mp-cfg-cert",
|
|
.help_msg = "STM32MP Config Certificate (output file)",
|
|
.fn = NULL,
|
|
.cn = "STM32MP config FW Certificate",
|
|
.key = ROT_KEY,
|
|
.issuer = STM32MP_CONFIG_CERT,
|
|
.ext = {
|
|
TRUSTED_FW_NVCOUNTER_EXT,
|
|
HW_CONFIG_HASH_EXT,
|
|
FW_CONFIG_HASH_EXT
|
|
},
|
|
.num_ext = 3
|
|
},
|
|
};
|
|
|
|
PLAT_REGISTER_COT(stm32mp1_tbb_certs);
|