mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2025-04-17 10:04:26 +00:00
63634800fc
Currently, ROTPK_NOT_DEPLOYED flag is set in plat_get_rotpk_info(). It is up to users how to retrieve ROTPK if the ROT verification is desired. This is not nice. This commit improves plat_get_rotpk_info() implementation and automates the ROTPK deployment. UniPhier platform has no ROTPK storage, so it should be embedded in BL1/BL2, like ARM_ROTPK_LOCATION=devel_rsa case. This makes sense because UniPhier platform implements its internal ROM i.e. BL1 is used as updatable pseudo ROM. Things work like this: - ROT_KEY (default: $(BUILD_PLAT)/rot_key.pem) is created if missing. Users can override ROT_KEY from the command line if they want to use a specific ROT key. - ROTPK_HASH is generated based on ROT_KEY. - ROTPK_HASH is included by uniphier_rotpk.S and compiled into BL1/BL2. - ROT_KEY is input to cert_create tool. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
35 lines
718 B
C
35 lines
718 B
C
/*
|
|
* Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
|
|
*
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*/
|
|
|
|
#include <platform.h>
|
|
|
|
extern char uniphier_rotpk_hash[], uniphier_rotpk_hash_end[];
|
|
|
|
int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len,
|
|
unsigned int *flags)
|
|
{
|
|
*key_ptr = uniphier_rotpk_hash;
|
|
*key_len = uniphier_rotpk_hash_end - uniphier_rotpk_hash;
|
|
*flags = ROTPK_IS_HASH;
|
|
|
|
return 0;
|
|
}
|
|
|
|
int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr)
|
|
{
|
|
/*
|
|
* No support for non-volatile counter. Update the ROT key to protect
|
|
* the system against rollback.
|
|
*/
|
|
*nv_ctr = 0;
|
|
|
|
return 0;
|
|
}
|
|
|
|
int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
|
|
{
|
|
return 0;
|
|
}
|