• Juan Castillo's avatar
    TBB: add authentication framework · 05799ae0
    Juan Castillo authored
    This patch adds the authentication framework that will be used as
    the base to implement Trusted Board Boot in the Trusted Firmware.
    The framework comprises the following modules:
    
    - Image Parser Module (IPM)
    
        This module is responsible for interpreting images, check
        their integrity and extract authentication information from
        them during Trusted Board Boot.
    
        The module currently supports three types of images i.e.
        raw binaries, X509v3 certificates and any type specific to
        a platform. An image parser library must be registered for
        each image type (the only exception is the raw image parser,
        which is included in the main module by default).
    
        Each parser library (if used) must export a structure in a
        specific linker section which contains function pointers to:
    
            1. Initialize the library
            2. Check the integrity of the image type supported by
               the library
            3. Extract authentication information from the image
    
    - Cryptographic Module (CM)
    
        This module is responsible for verifying digital signatures
        and hashes. It relies on an external cryptographic library
        to perform the cryptographic operations.
    
        To register a cryptographic library, the library must use the
        REGISTER_CRYPTO_LIB macro, passing function pointers to:
    
            1. Initialize the library
            2. Verify a digital signature
            3. Verify a hash
    
        Failing to register a cryptographic library will generate
        a build time error.
    
    - Authentication Module (AM)
    
        This module provides methods to authenticate an image, like
        hash comparison or digital signatures. It uses the image parser
        module to extract authentication parameters, the crypto module
        to perform cryptographic operations and the Chain of Trust to
        authenticate the images.
    
        The Chain of Trust (CoT) is a data structure that defines the
        dependencies between images and the authentication methods
        that must be followed to authenticate an image.
    
    The Chain of Trust, when added, must provide a header file named
    cot_def.h with the following definitions:
    
    - COT_MAX_VERIFIED_PARAMS
    
        Integer value indicating the maximum number of authentication
        parameters an image can present. This value will be used by the
        authentication module to allocate the memory required to load
        the parameters in the image descriptor.
    
    Change-Id: Ied11bd5cd410e1df8767a1df23bb720ce7e58178
    05799ae0
auth_mod.c 10.1 KB