Commit 04943d33 authored by Soby Mathew's avatar Soby Mathew
Browse files

Allow dynamic overriding of ROTPK verification

A production ROM with TBB enabled must have the ability to boot test software
before a real ROTPK is deployed (e.g. manufacturing mode). Previously the
function plat_get_rotpk_info() must return a valid ROTPK for TBB to succeed.
This patch adds an additional bit `ROTPK_NOT_DEPLOYED` in the output `flags`
parameter from plat_get_rotpk_info(). If this bit is set, then the ROTPK
in certificate is used without verifying against the platform value.

Fixes ARM-software/tf-issues#381

Change-Id: Icbbffab6bff8ed76b72431ee21337f550d8fdbbb
parent a7e53033
......@@ -631,10 +631,19 @@ In case the function returns a hash of the key:
digest OCTET STRING
}
The function returns 0 on success. Any other value means the ROTPK could not be
retrieved from the platform. The function also reports extra information related
to the ROTPK in the flags parameter.
The function returns 0 on success. Any other value is treated as error by the
Trusted Board Boot. The function also reports extra information related
to the ROTPK in the flags parameter:
ROTPK_IS_HASH : Indicates that the ROTPK returned by the platform is a
hash.
ROTPK_NOT_DEPLOYED : This allows the platform to skip certificate ROTPK
verification while the platform ROTPK is not deployed.
When this flag is set, the function does not need to
return a platform ROTPK, and the authentication
framework uses the ROTPK in the certificate without
verifying it against the platform value. This flag
must not be used in a deployed production environment.
### Function: plat_get_nv_ctr()
......
......@@ -199,8 +199,9 @@ static int auth_signature(const auth_method_param_sig_t *param,
}
return_if_error(rc);
/* If the PK is a hash of the key, retrieve the key from the image */
if (flags & ROTPK_IS_HASH) {
if (flags & (ROTPK_IS_HASH | ROTPK_NOT_DEPLOYED)) {
/* If the PK is a hash of the key or if the ROTPK is not
deployed on the platform, retrieve the key from the image */
pk_hash_ptr = pk_ptr;
pk_hash_len = pk_len;
rc = img_parser_get_auth_param(img_desc->img_type,
......@@ -215,9 +216,14 @@ static int auth_signature(const auth_method_param_sig_t *param,
pk_ptr, pk_len);
return_if_error(rc);
/* Ask the crypto-module to verify the key hash */
rc = crypto_mod_verify_hash(pk_ptr, pk_len,
pk_hash_ptr, pk_hash_len);
if (flags & ROTPK_NOT_DEPLOYED) {
NOTICE("ROTPK is not deployed on platform. "
"Skipping ROTPK verification.\n");
} else {
/* Ask the crypto-module to verify the key hash */
rc = crypto_mod_verify_hash(pk_ptr, pk_len,
pk_hash_ptr, pk_hash_len);
}
} else {
/* Ask the crypto module to verify the signature */
rc = crypto_mod_verify_signature(data_ptr, data_len,
......
......@@ -49,6 +49,9 @@ struct image_desc;
* plat_get_rotpk_info() flags
******************************************************************************/
#define ROTPK_IS_HASH (1 << 0)
/* Flag used to skip verification of the certificate ROTPK while the platform
ROTPK is not deployed */
#define ROTPK_NOT_DEPLOYED (1 << 1)
/*******************************************************************************
* Function declarations
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment