Merge pull request #315 from jcastillo-arm/jc/tbb_tmp9

Authentication Framework

Merge pull request #315 from jcastillo-arm/jc/tbb_tmp9
Authentication Framework
84f95bed · danh-arm · dba12894 · d337aaaf · 84f95bed · 84f95bed
Commit 84f95bed authored Jun 25, 2015 by danh-arm
--- a/drivers/auth/tbbr/tbbr_cot.c
+++ b/drivers/auth/tbbr/tbbr_cot.c
+/*
+ * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <auth_mod.h>
+#include <platform_def.h>
+#include <platform_oid.h>
+#include <stddef.h>
+
+/*
+ * Maximum key and hash sizes (in DER format)
+ */
+#define PK_DER_LEN			294
+#define HASH_DER_LEN			51
+
+/*
+ * The platform must allocate buffers to store the authentication parameters
+ * extracted from the certificates. In this case, because of the way the CoT is
+ * established, we can reuse some of the buffers on different stages
+ */
+static unsigned char plat_bl2_hash_buf[HASH_DER_LEN];
+static unsigned char plat_bl30_hash_buf[HASH_DER_LEN];
+static unsigned char plat_bl31_hash_buf[HASH_DER_LEN];
+static unsigned char plat_bl32_hash_buf[HASH_DER_LEN];
+static unsigned char plat_bl33_hash_buf[HASH_DER_LEN];
+static unsigned char plat_tz_world_pk_buf[PK_DER_LEN];
+static unsigned char plat_ntz_world_pk_buf[PK_DER_LEN];
+static unsigned char plat_content_pk[PK_DER_LEN];
+
+/*
+ * Parameter type descriptors
+ */
+static auth_param_type_desc_t subject_pk = AUTH_PARAM_TYPE_DESC(
+		AUTH_PARAM_PUB_KEY, 0);
+static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC(
+		AUTH_PARAM_SIG, 0);
+static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC(
+		AUTH_PARAM_SIG_ALG, 0);
+static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC(
+		AUTH_PARAM_RAW_DATA, 0);
+
+static auth_param_type_desc_t tz_world_pk = AUTH_PARAM_TYPE_DESC(
+		AUTH_PARAM_PUB_KEY, TZ_WORLD_PK_OID);
+static auth_param_type_desc_t ntz_world_pk = AUTH_PARAM_TYPE_DESC(
+		AUTH_PARAM_PUB_KEY, NTZ_WORLD_PK_OID);
+
+static auth_param_type_desc_t bl30_content_pk = AUTH_PARAM_TYPE_DESC(
+		AUTH_PARAM_PUB_KEY, BL30_CONTENT_CERT_PK_OID);
+static auth_param_type_desc_t bl31_content_pk = AUTH_PARAM_TYPE_DESC(
+		AUTH_PARAM_PUB_KEY, BL31_CONTENT_CERT_PK_OID);
+static auth_param_type_desc_t bl32_content_pk = AUTH_PARAM_TYPE_DESC(
+		AUTH_PARAM_PUB_KEY, BL32_CONTENT_CERT_PK_OID);
+static auth_param_type_desc_t bl33_content_pk = AUTH_PARAM_TYPE_DESC(
+		AUTH_PARAM_PUB_KEY, BL33_CONTENT_CERT_PK_OID);
+
+static auth_param_type_desc_t bl2_hash = AUTH_PARAM_TYPE_DESC(
+		AUTH_PARAM_HASH, BL2_HASH_OID);
+static auth_param_type_desc_t bl30_hash = AUTH_PARAM_TYPE_DESC(
+		AUTH_PARAM_HASH, BL30_HASH_OID);
+static auth_param_type_desc_t bl31_hash = AUTH_PARAM_TYPE_DESC(
+		AUTH_PARAM_HASH, BL31_HASH_OID);
+static auth_param_type_desc_t bl32_hash = AUTH_PARAM_TYPE_DESC(
+		AUTH_PARAM_HASH, BL32_HASH_OID);
+static auth_param_type_desc_t bl33_hash = AUTH_PARAM_TYPE_DESC(
+		AUTH_PARAM_HASH, BL33_HASH_OID);
+
+/*
+ * TBBR Chain of trust definition
+ */
+static const auth_img_desc_t cot_desc[] = {
+	/*
+	 * BL2
+	 */
+	[BL2_CERT_ID] = {
+		.img_id = BL2_CERT_ID,
+		.img_type = IMG_CERT,
+		.parent = NULL,
+		.img_auth_methods = {
+			[0] = {
+				.type = AUTH_METHOD_SIG,
+				.param.sig = {
+					.pk = &subject_pk,
+					.sig = &sig,
+					.alg = &sig_alg,
+					.data = &raw_data,
+				}
+			}
+		},
+		.authenticated_data = {
+			[0] = {
+				.type_desc = &bl2_hash,
+				.data = {
+					.ptr = (void *)plat_bl2_hash_buf,
+					.len = (unsigned int)HASH_DER_LEN
+				}
+			}
+		}
+	},
+	[BL2_IMAGE_ID] = {
+		.img_id = BL2_IMAGE_ID,
+		.img_type = IMG_RAW,
+		.parent = &cot_desc[BL2_CERT_ID],
+		.img_auth_methods = {
+			[0] = {
+				.type = AUTH_METHOD_HASH,
+				.param.hash = {
+					.data = &raw_data,
+					.hash = &bl2_hash,
+				}
+			}
+		}
+	},
+	/*
+	 * Trusted key certificate
+	 */
+	[TRUSTED_KEY_CERT_ID] = {
+		.img_id = TRUSTED_KEY_CERT_ID,
+		.img_type = IMG_CERT,
+		.parent = NULL,
+		.img_auth_methods = {
+			[0] = {
+				.type = AUTH_METHOD_SIG,
+				.param.sig = {
+					.pk = &subject_pk,
+					.sig = &sig,
+					.alg = &sig_alg,
+					.data = &raw_data,
+				}
+			}
+		},
+		.authenticated_data = {
+			[0] = {
+				.type_desc = &tz_world_pk,
+				.data = {
+					.ptr = (void *)plat_tz_world_pk_buf,
+					.len = (unsigned int)PK_DER_LEN
+				}
+			},
+			[1] = {
+				.type_desc = &ntz_world_pk,
+				.data = {
+					.ptr = (void *)plat_ntz_world_pk_buf,
+					.len = (unsigned int)PK_DER_LEN
+				}
+			}
+		}
+	},
+	/*
+	 * BL3-0
+	 */
+	[BL30_KEY_CERT_ID] = {
+		.img_id = BL30_KEY_CERT_ID,
+		.img_type = IMG_CERT,
+		.parent = &cot_desc[TRUSTED_KEY_CERT_ID],
+		.img_auth_methods = {
+			[0] = {
+				.type = AUTH_METHOD_SIG,
+				.param.sig = {
+					.pk = &tz_world_pk,
+					.sig = &sig,
+					.alg = &sig_alg,
+					.data = &raw_data,
+				}
+			}
+		},
+		.authenticated_data = {
+			[0] = {
+				.type_desc = &bl30_content_pk,
+				.data = {
+					.ptr = (void *)plat_content_pk,
+					.len = (unsigned int)PK_DER_LEN
+				}
+			}
+		}
+	},
+	[BL30_CERT_ID] = {
+		.img_id = BL30_CERT_ID,
+		.img_type = IMG_CERT,
+		.parent = &cot_desc[BL30_KEY_CERT_ID],
+		.img_auth_methods = {
+			[0] = {
+				.type = AUTH_METHOD_SIG,
+				.param.sig = {
+					.pk = &bl30_content_pk,
+					.sig = &sig,
+					.alg = &sig_alg,
+					.data = &raw_data,
+				}
+			}
+		},
+		.authenticated_data = {
+			[0] = {
+				.type_desc = &bl30_hash,
+				.data = {
+					.ptr = (void *)plat_bl30_hash_buf,
+					.len = (unsigned int)HASH_DER_LEN
+				}
+			}
+		}
+	},
+	[BL30_IMAGE_ID] = {
+		.img_id = BL30_IMAGE_ID,
+		.img_type = IMG_RAW,
+		.parent = &cot_desc[BL30_CERT_ID],
+		.img_auth_methods = {
+			[0] = {
+				.type = AUTH_METHOD_HASH,
+				.param.hash = {
+					.data = &raw_data,
+					.hash = &bl30_hash,
+				}
+			}
+		}
+	},
+	/*
+	 * BL3-1
+	 */
+	[BL31_KEY_CERT_ID] = {
+		.img_id = BL31_KEY_CERT_ID,
+		.img_type = IMG_CERT,
+		.parent = &cot_desc[TRUSTED_KEY_CERT_ID],
+		.img_auth_methods = {
+			[0] = {
+				.type = AUTH_METHOD_SIG,
+				.param.sig = {
+					.pk = &tz_world_pk,
+					.sig = &sig,
+					.alg = &sig_alg,
+					.data = &raw_data,
+				}
+			}
+		},
+		.authenticated_data = {
+			[0] = {
+				.type_desc = &bl31_content_pk,
+				.data = {
+					.ptr = (void *)plat_content_pk,
+					.len = (unsigned int)PK_DER_LEN
+				}
+			}
+		}
+	},
+	[BL31_CERT_ID] = {
+		.img_id = BL31_CERT_ID,
+		.img_type = IMG_CERT,
+		.parent = &cot_desc[BL31_KEY_CERT_ID],
+		.img_auth_methods = {
+			[0] = {
+				.type = AUTH_METHOD_SIG,
+				.param.sig = {
+					.pk = &bl31_content_pk,
+					.sig = &sig,
+					.alg = &sig_alg,
+					.data = &raw_data,
+				}
+			}
+		},
+		.authenticated_data = {
+			[0] = {
+				.type_desc = &bl31_hash,
+				.data = {
+					.ptr = (void *)plat_bl31_hash_buf,
+					.len = (unsigned int)HASH_DER_LEN
+				}
+			}
+		}
+	},
+	[BL31_IMAGE_ID] = {
+		.img_id = BL31_IMAGE_ID,
+		.img_type = IMG_RAW,
+		.parent = &cot_desc[BL31_CERT_ID],
+		.img_auth_methods = {
+			[0] = {
+				.type = AUTH_METHOD_HASH,
+				.param.hash = {
+					.data = &raw_data,
+					.hash = &bl31_hash,
+				}
+			}
+		}
+	},
+	/*
+	 * BL3-2
+	 */
+	[BL32_KEY_CERT_ID] = {
+		.img_id = BL32_KEY_CERT_ID,
+		.img_type = IMG_CERT,
+		.parent = &cot_desc[TRUSTED_KEY_CERT_ID],
+		.img_auth_methods = {
+			[0] = {
+				.type = AUTH_METHOD_SIG,
+				.param.sig = {
+					.pk = &tz_world_pk,
+					.sig = &sig,
+					.alg = &sig_alg,
+					.data = &raw_data,
+				}
+			}
+		},
+		.authenticated_data = {
+			[0] = {
+				.type_desc = &bl32_content_pk,
+				.data = {
+					.ptr = (void *)plat_content_pk,
+					.len = (unsigned int)PK_DER_LEN
+				}
+			}
+		}
+	},
+	[BL32_CERT_ID] = {
+		.img_id = BL32_CERT_ID,
+		.img_type = IMG_CERT,
+		.parent = &cot_desc[BL32_KEY_CERT_ID],
+		.img_auth_methods = {
+			[0] = {
+				.type = AUTH_METHOD_SIG,
+				.param.sig = {
+					.pk = &bl32_content_pk,
+					.sig = &sig,
+					.alg = &sig_alg,
+					.data = &raw_data,
+				}
+			}
+		},
+		.authenticated_data = {
+			[0] = {
+				.type_desc = &bl32_hash,
+				.data = {
+					.ptr = (void *)plat_bl32_hash_buf,
+					.len = (unsigned int)HASH_DER_LEN
+				}
+			}
+		}
+	},
+	[BL32_IMAGE_ID] = {
+		.img_id = BL32_IMAGE_ID,
+		.img_type = IMG_RAW,
+		.parent = &cot_desc[BL32_CERT_ID],
+		.img_auth_methods = {
+			[0] = {
+				.type = AUTH_METHOD_HASH,
+				.param.hash = {
+					.data = &raw_data,
+					.hash = &bl32_hash,
+				}
+			}
+		}
+	},
+	/*
+	 * BL3-3
+	 */
+	[BL33_KEY_CERT_ID] = {
+		.img_id = BL33_KEY_CERT_ID,
+		.img_type = IMG_CERT,
+		.parent = &cot_desc[TRUSTED_KEY_CERT_ID],
+		.img_auth_methods = {
+			[0] = {
+				.type = AUTH_METHOD_SIG,
+				.param.sig = {
+					.pk = &ntz_world_pk,
+					.sig = &sig,
+					.alg = &sig_alg,
+					.data = &raw_data,
+				}
+			}
+		},
+		.authenticated_data = {
+			[0] = {
+				.type_desc = &bl33_content_pk,
+				.data = {
+					.ptr = (void *)plat_content_pk,
+					.len = (unsigned int)PK_DER_LEN
+				}
+			}
+		}
+	},
+	[BL33_CERT_ID] = {
+		.img_id = BL33_CERT_ID,
+		.img_type = IMG_CERT,
+		.parent = &cot_desc[BL33_KEY_CERT_ID],
+		.img_auth_methods = {
+			[0] = {
+				.type = AUTH_METHOD_SIG,
+				.param.sig = {
+					.pk = &bl33_content_pk,
+					.sig = &sig,
+					.alg = &sig_alg,
+					.data = &raw_data,
+				}
+			}
+		},
+		.authenticated_data = {
+			[0] = {
+				.type_desc = &bl33_hash,
+				.data = {
+					.ptr = (void *)plat_bl33_hash_buf,
+					.len = (unsigned int)HASH_DER_LEN
+				}
+			}
+		}
+	},
+	[BL33_IMAGE_ID] = {
+		.img_id = BL33_IMAGE_ID,
+		.img_type = IMG_RAW,
+		.parent = &cot_desc[BL33_CERT_ID],
+		.img_auth_methods = {
+			[0] = {
+				.type = AUTH_METHOD_HASH,
+				.param.hash = {
+					.data = &raw_data,
+					.hash = &bl33_hash,
+				}
+			}
+		}
+	}
+};
+
+/* Register the CoT in the authentication module */
+REGISTER_COT(cot_desc);
--- a/drivers/io/io_fip.c
+++ b/drivers/io/io_fip.c
@@ -50,11 +50,6 @@
 		x.node[0], x.node[1], x.node[2], x.node[3],			\
 		x.node[4], x.node[5]

-typedef struct {
-	const char	*name;
-	const uuid_t	 uuid;
-} plat_fip_name_uuid_t;
-
 typedef struct {
 	/* Put file_pos above the struct to allow {0} on static init.
 	 * It is a workaround for a known bug in GCC
@@ -64,37 +59,6 @@ typedef struct {
 	fip_toc_entry_t entry;
 } file_state_t;

-static const plat_fip_name_uuid_t name_uuid[] = {
-	{BL2_IMAGE_NAME, UUID_TRUSTED_BOOT_FIRMWARE_BL2},
-#ifdef BL30_IMAGE_NAME
-	/* BL3-0 is optional in the platform */
-	{BL30_IMAGE_NAME, UUID_SCP_FIRMWARE_BL30},
-#endif /* BL30_IMAGE_NAME */
-	{BL31_IMAGE_NAME, UUID_EL3_RUNTIME_FIRMWARE_BL31},
-#ifdef BL32_IMAGE_NAME
-	/* BL3-2 is optional in the platform */
-	{BL32_IMAGE_NAME, UUID_SECURE_PAYLOAD_BL32},
-#endif /* BL32_IMAGE_NAME */
-	{BL33_IMAGE_NAME, UUID_NON_TRUSTED_FIRMWARE_BL33},
-#if TRUSTED_BOARD_BOOT
-	/* Certificates */
-	{BL2_CERT_NAME, UUID_TRUSTED_BOOT_FIRMWARE_BL2_CERT},
-	{TRUSTED_KEY_CERT_NAME, UUID_TRUSTED_KEY_CERT},
-#ifdef BL30_KEY_CERT_NAME
-	{BL30_KEY_CERT_NAME, UUID_SCP_FIRMWARE_BL30_KEY_CERT},
-#endif
-	{BL31_KEY_CERT_NAME, UUID_EL3_RUNTIME_FIRMWARE_BL31_KEY_CERT},
-	{BL32_KEY_CERT_NAME, UUID_SECURE_PAYLOAD_BL32_KEY_CERT},
-	{BL33_KEY_CERT_NAME, UUID_NON_TRUSTED_FIRMWARE_BL33_KEY_CERT},
-#ifdef BL30_CERT_NAME
-	{BL30_CERT_NAME, UUID_SCP_FIRMWARE_BL30_CERT},
-#endif
-	{BL31_CERT_NAME, UUID_EL3_RUNTIME_FIRMWARE_BL31_CERT},
-	{BL32_CERT_NAME, UUID_SECURE_PAYLOAD_BL32_CERT},
-	{BL33_CERT_NAME, UUID_NON_TRUSTED_FIRMWARE_BL33_CERT},
-#endif /* TRUSTED_BOARD_BOOT */
-};
-
 static const uuid_t uuid_null = {0};
 static file_state_t current_file = {0};
 static uintptr_t backend_dev_handle;
@@ -113,13 +77,6 @@ static int fip_dev_init(io_dev_info_t *dev_info, const uintptr_t init_params);
 static int fip_dev_close(io_dev_info_t *dev_info);


-static inline int copy_uuid(uuid_t *dst, const uuid_t *src)
-{
-	memcpy(dst, src, sizeof(uuid_t));
-	return 0;
-}
-
-
 /* Return 0 for equal uuids. */
 static inline int compare_uuids(const uuid_t *uuid1, const uuid_t *uuid2)
 {
@@ -138,22 +95,6 @@ static inline int is_valid_header(fip_toc_header_t *header)
 }


-static int file_to_uuid(const char *filename, uuid_t *uuid)
-{
-	int i;
-	int status = -EINVAL;
-
-	for (i = 0; i < ARRAY_SIZE(name_uuid); i++) {
-		if (strcmp(filename, name_uuid[i].name) == 0) {
-			copy_uuid(uuid, &name_uuid[i].uuid);
-			status = 0;
-			break;
-		}
-	}
-	return status;
-}
-
-
 /* Identify the device type as a virtual driver */
 io_type_t device_type_fip(void)
 {
@@ -201,17 +142,17 @@ static int fip_dev_open(const uintptr_t dev_spec __attribute__((unused)),
 static int fip_dev_init(io_dev_info_t *dev_info, const uintptr_t init_params)
 {
 	int result = IO_FAIL;
-	char *image_name = (char *)init_params;
+	unsigned int image_id = (unsigned int)init_params;
 	uintptr_t backend_handle;
 	fip_toc_header_t header;
 	size_t bytes_read;

 	/* Obtain a reference to the image by querying the platform layer */
-	result = plat_get_image_source(image_name, &backend_dev_handle,
+	result = plat_get_image_source(image_id, &backend_dev_handle,
 				       &backend_image_spec);
 	if (result != IO_SUCCESS) {
-		WARN("Failed to obtain reference to image '%s' (%i)\n",
-			image_name, result);
+		WARN("Failed to obtain reference to image id=%u (%i)\n",
+			image_id, result);
 		result = IO_FAIL;
 		goto fip_dev_init_exit;
 	}
@@ -220,7 +161,7 @@ static int fip_dev_init(io_dev_info_t *dev_info, const uintptr_t init_params)
 	result = io_open(backend_dev_handle, backend_image_spec,
 			 &backend_handle);
 	if (result != IO_SUCCESS) {
-		WARN("Failed to access image '%s' (%i)\n", image_name, result);
+		WARN("Failed to access image id=%u (%i)\n", image_id, result);
 		result = IO_FAIL;
 		goto fip_dev_init_exit;
 	}
@@ -261,12 +202,11 @@ static int fip_file_open(io_dev_info_t *dev_info, const uintptr_t spec,
 {
 	int result = IO_FAIL;
 	uintptr_t backend_handle;
-	uuid_t file_uuid;
-	const io_file_spec_t *file_spec = (io_file_spec_t *)spec;
+	const io_uuid_spec_t *uuid_spec = (io_uuid_spec_t *)spec;
 	size_t bytes_read;
 	int found_file = 0;

-	assert(file_spec != NULL);
+	assert(uuid_spec != NULL);
 	assert(entity != NULL);

 	/* Can only have one file open at a time for the moment. We need to
@@ -297,8 +237,6 @@ static int fip_file_open(io_dev_info_t *dev_info, const uintptr_t spec,
 		goto fip_file_open_close;
 	}

-	file_to_uuid(file_spec->path, &file_uuid);
-
 	found_file = 0;
 	do {
 		result = io_read(backend_handle,
@@ -307,7 +245,7 @@ static int fip_file_open(io_dev_info_t *dev_info, const uintptr_t spec,
 				 &bytes_read);
 		if (result == IO_SUCCESS) {
 			if (compare_uuids(&current_file.entry.uuid,
-					  &file_uuid) == 0) {
+					  &uuid_spec->uuid) == 0) {
 				found_file = 1;
 				break;
 			}

--- a/include/common/bl_common.h
+++ b/include/common/bl_common.h
@@ -226,12 +226,17 @@ CASSERT(sizeof(unsigned long) ==
 ******************************************************************************/
 unsigned long page_align(unsigned long, unsigned);
 void change_security_state(unsigned int);
-unsigned long image_size(const char *);
+unsigned long image_size(unsigned int image_id);
 int load_image(meminfo_t *mem_layout,
-	       const char *image_name,
-	       uint64_t image_base,
+	       unsigned int image_id,
+	       uintptr_t image_base,
 	       image_info_t *image_data,
 	       entry_point_info_t *entry_point_info);
+int load_auth_image(meminfo_t *mem_layout,
+		    unsigned int image_name,
+		    uintptr_t image_base,
+		    image_info_t *image_data,
+		    entry_point_info_t *entry_point_info);
 extern const char build_message[];
 extern const char version_string[];


--- a/include/common/tbbr/cot_def.h
+++ b/include/common/tbbr/cot_def.h
+/*
+ * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __COT_DEF_H__
+#define __COT_DEF_H__
+
+/* TBBR CoT definitions */
+
+#define COT_MAX_VERIFIED_PARAMS		4
+
+#endif /* __COT_DEF_H__ */
--- a/include/common/tbbr/tbbr_img_def.h
+++ b/include/common/tbbr/tbbr_img_def.h
+/*
+ * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __TBBR_IMG_DEF_H__
+#define __TBBR_IMG_DEF_H__
+
+/* Firmware Image Package */
+#define FIP_IMAGE_ID			0
+
+/* Trusted Boot Firmware BL2 */
+#define BL2_IMAGE_ID			1
+
+/* SCP Firmware BL3-0 */
+#define BL30_IMAGE_ID			2
+
+/* EL3 Runtime Firmware BL31 */
+#define BL31_IMAGE_ID			3
+
+/* Secure Payload BL32 (Trusted OS) */
+#define BL32_IMAGE_ID			4
+
+/* Non-Trusted Firmware BL33 */
+#define BL33_IMAGE_ID			5
+
+/* Certificates */
+#define BL2_CERT_ID			6
+#define TRUSTED_KEY_CERT_ID		7
+
+#define BL30_KEY_CERT_ID		8
+#define BL31_KEY_CERT_ID		9
+#define BL32_KEY_CERT_ID		10
+#define BL33_KEY_CERT_ID		11
+
+#define BL30_CERT_ID			12
+#define BL31_CERT_ID			13
+#define BL32_CERT_ID			14
+#define BL33_CERT_ID			15
+
+#endif /* __TBBR_IMG_DEF_H__ */
--- a/include/drivers/auth/auth_common.h
+++ b/include/drivers/auth/auth_common.h
+/*
+ * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __AUTH_COMMON_H__
+#define __AUTH_COMMON_H__
+
+/*
+ * Authentication framework common types
+ */
+
+/*
+ * Type of parameters that can be extracted from an image and
+ * used for authentication
+ */
+typedef enum auth_param_type_enum {
+	AUTH_PARAM_NONE,
+	AUTH_PARAM_RAW_DATA,		/* Raw image data */
+	AUTH_PARAM_SIG,			/* The image signature */
+	AUTH_PARAM_SIG_ALG,		/* The image signature algorithm */
+	AUTH_PARAM_HASH,		/* A hash (including the algorithm) */
+	AUTH_PARAM_PUB_KEY,		/* A public key */
+} auth_param_type_t;
+
+/*
+ * Defines an authentication parameter. The cookie will be interpreted by the
+ * image parser module.
+ */
+typedef struct auth_param_type_desc_s {
+	auth_param_type_t type;
+	void *cookie;
+} auth_param_type_desc_t;
+
+/*
+ * Store a pointer to the authentication parameter and its length
+ */
+typedef struct auth_param_data_desc_s {
+	void *ptr;
+	unsigned int len;
+} auth_param_data_desc_t;
+
+/*
+ * Authentication parameter descriptor, including type and value
+ */
+typedef struct auth_param_desc_s {
+	auth_param_type_desc_t *type_desc;
+	auth_param_data_desc_t data;
+} auth_param_desc_t;
+
+/*
+ * The method type defines how an image is authenticated
+ */
+typedef enum auth_method_type_enum {
+	AUTH_METHOD_NONE = 0,
+	AUTH_METHOD_HASH,	/* Authenticate by hash matching */
+	AUTH_METHOD_SIG,	/* Authenticate by PK operation */
+	AUTH_METHOD_NUM 	/* Number of methods */
+} auth_method_type_t;
+
+/*
+ * Parameters for authentication by hash matching
+ */
+typedef struct auth_method_param_hash_s {
+	auth_param_type_desc_t *data;	/* Data to hash */
+	auth_param_type_desc_t *hash;	/* Hash to match with */
+} auth_method_param_hash_t;
+
+/*
+ * Parameters for authentication by signature
+ */
+typedef struct auth_method_param_sig_s {
+	auth_param_type_desc_t *pk;	/* Public key */
+	auth_param_type_desc_t *sig;	/* Signature to check */
+	auth_param_type_desc_t *alg;	/* Signature algorithm */
+	auth_param_type_desc_t *data;	/* Data signed */
+} auth_method_param_sig_t;
+
+/*
+ * Parameters for authentication by NV counter
+ */
+typedef struct auth_method_param_nv_ctr_s {
+	auth_param_type_desc_t *nv_ctr;	/* NV counter value */
+} auth_method_param_nv_ctr_t;
+
+/*
+ * Authentication method descriptor
+ */
+typedef struct auth_method_desc_s {
+	auth_method_type_t type;
+	union {
+		auth_method_param_hash_t hash;
+		auth_method_param_sig_t sig;
+		auth_method_param_nv_ctr_t nv_ctr;
+	} param;
+} auth_method_desc_t;
+
+/*
+ * Helper macro to define an authentication parameter type descriptor
+ */
+#define AUTH_PARAM_TYPE_DESC(_type, _cookie) \
+	{ \
+		.type = _type, \
+		.cookie = (void *)_cookie \
+	}
+
+/*
+ * Helper macro to define an authentication parameter data descriptor
+ */
+#define AUTH_PARAM_DATA_DESC(_ptr, _len) \
+	{ \
+		.ptr = (void *)_ptr, \
+		.len = (unsigned int)_len \
+	}
+
+#endif /* __AUTH_COMMON_H__ */
--- a/include/common/auth.h
+++ b/include/common/auth.h
@@ -28,61 +28,45 @@
 * POSSIBILITY OF SUCH DAMAGE.
 */

-#ifndef AUTH_H_
-#define AUTH_H_
+#ifndef __AUTH_MOD_H__
+#define __AUTH_MOD_H__

-#include <stddef.h>
-#include <stdint.h>
+#if TRUSTED_BOARD_BOOT
+
+#include <auth_common.h>
+#include <cot_def.h>
+#include <img_parser_mod.h>

 /*
- * Authentication infrastructure for Trusted Boot
- *
- * This infrastructure provides an API to access the authentication module. This
- * module will implement the required operations for Trusted Boot by creating an
- * instance of the structure 'auth_mod_t'. This instance must be called
- * 'auth_mod' and must provide the functions to initialize the module and
- * verify the authenticity of the images.
+ * Image flags
 */
+#define IMG_FLAG_AUTHENTICATED		(1 << 0)

-/* Objects (images and certificates) involved in the TBB process */
-enum {
-	AUTH_BL2_IMG_CERT,
-	AUTH_BL2_IMG,
-	AUTH_TRUSTED_KEY_CERT,
-	AUTH_BL30_KEY_CERT,
-	AUTH_BL30_IMG_CERT,
-	AUTH_BL30_IMG,
-	AUTH_BL31_KEY_CERT,
-	AUTH_BL31_IMG_CERT,
-	AUTH_BL31_IMG,
-	AUTH_BL32_KEY_CERT,
-	AUTH_BL32_IMG_CERT,
-	AUTH_BL32_IMG,
-	AUTH_BL33_KEY_CERT,
-	AUTH_BL33_IMG_CERT,
-	AUTH_BL33_IMG,
-	AUTH_NUM_OBJ
-};

-/* Authentication module structure */
-typedef struct auth_mod_s {
-	/* [mandatory] Module name. Printed to the log during initialization */
-	const char *name;
-
-	/* [mandatory] Initialize the authentication module */
-	int (*init)(void);
+/*
+ * Authentication image descriptor
+ */
+typedef struct auth_img_desc_s {
+	unsigned int img_id;
+	const struct auth_img_desc_s *parent;
+	img_type_t img_type;
+	auth_method_desc_t img_auth_methods[AUTH_METHOD_NUM];
+	auth_param_desc_t authenticated_data[COT_MAX_VERIFIED_PARAMS];
+} auth_img_desc_t;

-	/* [mandatory] This function will be called to authenticate a new
-	 * object loaded into memory. The obj_id corresponds to one of the
-	 * values in the enumeration above */
-	int (*verify)(unsigned int obj_id, uintptr_t obj_buf, size_t len);
-} auth_mod_t;
+/* Public functions */
+void auth_mod_init(void);
+int auth_mod_get_parent_id(unsigned int img_id, unsigned int *parent_id);
+int auth_mod_verify_img(unsigned int img_id,
+			void *img_ptr,
+			unsigned int img_len);

-/* This variable must be instantiated by the authentication module */
-extern const auth_mod_t auth_mod;
+/* Macro to register a CoT defined as an array of auth_img_desc_t */
+#define REGISTER_COT(_cot) \
+	const auth_img_desc_t *const cot_desc_ptr = \
+			(const auth_img_desc_t *const)&_cot[0]; \
+	unsigned int auth_img_flags[sizeof(_cot)/sizeof(_cot[0])];

-/* Public functions */
-void auth_init(void);
-int auth_verify_obj(unsigned int obj_id, uintptr_t obj_buf, size_t len);
+#endif /* TRUSTED_BOARD_BOOT */

-#endif /* AUTH_H_ */
+#endif /* __AUTH_MOD_H__ */
--- a/include/drivers/auth/crypto_mod.h
+++ b/include/drivers/auth/crypto_mod.h
+/*
+ * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __CRYPTO_MOD_H__
+#define __CRYPTO_MOD_H__
+
+/* Return values */
+enum crypto_ret_value {
+	CRYPTO_SUCCESS = 0,
+	CRYPTO_ERR_INIT,
+	CRYPTO_ERR_HASH,
+	CRYPTO_ERR_SIGNATURE,
+	CRYPTO_ERR_UNKNOWN
+};
+
+/*
+ * Cryptographic library descriptor
+ */
+typedef struct crypto_lib_desc_s {
+	const char *name;
+
+	/* Initialize library. This function is not expected to fail. All errors
+	 * must be handled inside the function, asserting or panicing in case of
+	 * a non-recoverable error */
+	void (*init)(void);
+
+	/* Verify a digital signature. Return one of the
+	 * 'enum crypto_ret_value' options */
+	int (*verify_signature)(void *data_ptr, unsigned int data_len,
+				void *sig_ptr, unsigned int sig_len,
+				void *sig_alg, unsigned int sig_alg_len,
+				void *pk_ptr, unsigned int pk_len);
+
+	/* Verify a hash. Return one of the 'enum crypto_ret_value' options */
+	int (*verify_hash)(void *data_ptr, unsigned int data_len,
+			   void *digest_info_ptr, unsigned int digest_info_len);
+} crypto_lib_desc_t;
+
+/* Public functions */
+void crypto_mod_init(void);
+int crypto_mod_verify_signature(void *data_ptr, unsigned int data_len,
+				void *sig_ptr, unsigned int sig_len,
+				void *sig_alg, unsigned int sig_alg_len,
+				void *pk_ptr, unsigned int pk_len);
+int crypto_mod_verify_hash(void *data_ptr, unsigned int data_len,
+			   void *digest_info_ptr, unsigned int digest_info_len);
+
+/* Macro to register a cryptographic library */
+#define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash) \
+	const crypto_lib_desc_t crypto_lib_desc = { \
+		.name = _name, \
+		.init = _init, \
+		.verify_signature = _verify_signature, \
+		.verify_hash = _verify_hash \
+	}
+
+#endif /* __CRYPTO_MOD_H__ */
--- a/include/drivers/auth/img_parser_mod.h
+++ b/include/drivers/auth/img_parser_mod.h
+/*
+ * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __IMG_PARSER_MOD_H__
+#define __IMG_PARSER_MOD_H__
+
+#include <auth_common.h>
+
+/*
+ * Return values
+ */
+enum img_parser_ret_value {
+	IMG_PARSER_OK,
+	IMG_PARSER_ERR,			/* Parser internal error */
+	IMG_PARSER_ERR_FORMAT,		/* Malformed image */
+	IMG_PARSER_ERR_NOT_FOUND	/* Authentication data not found */
+};
+
+/*
+ * Image types. A parser should be instantiated and registered for each type
+ */
+typedef enum img_type_enum {
+	IMG_RAW,			/* Binary image */
+	IMG_PLAT,			/* Platform specific format */
+	IMG_CERT,			/* X509v3 certificate */
+	IMG_MAX_TYPES,
+} img_type_t;
+
+/* Image parser library structure */
+typedef struct img_parser_lib_desc_s {
+	img_type_t img_type;
+	const char *name;
+
+	void (*init)(void);
+	int (*check_integrity)(void *img, unsigned int img_len);
+	int (*get_auth_param)(const auth_param_type_desc_t *type_desc,
+			void *img, unsigned int img_len,
+			void **param, unsigned int *param_len);
+} img_parser_lib_desc_t;
+
+/* Exported functions */
+void img_parser_init(void);
+int img_parser_check_integrity(img_type_t img_type,
+		void *img, unsigned int img_len);
+int img_parser_get_auth_param(img_type_t img_type,
+		const auth_param_type_desc_t *type_desc,
+		void *img, unsigned int img_len,
+		void **param_ptr, unsigned int *param_len);
+
+/* Macro to register an image parser library */
+#define REGISTER_IMG_PARSER_LIB(_type, _name, _init, _check_int, _get_param) \
+	static const img_parser_lib_desc_t __img_parser_lib_desc_##_type \
+	__attribute__ ((section(".img_parser_lib_descs"), used)) = { \
+		.img_type = _type, \
+		.name = _name, \
+		.init = _init, \
+		.check_integrity = _check_int, \
+		.get_auth_param = _get_param \
+	}
+
+#endif /* __IMG_PARSER_MOD_H__ */
--- a/include/drivers/auth/mbedtls/mbedtls_common.h
+++ b/include/drivers/auth/mbedtls/mbedtls_common.h
+/*
+ * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __MBEDTLS_COMMON_H__
+#define __MBEDTLS_COMMON_H__
+
+void mbedtls_init(void);
+
+#endif /* __MBEDTLS_COMMON_H__ */
--- a/common/auth/polarssl/polarssl_config.h
+++ b/common/auth/polarssl/polarssl_config.h
@@ -27,9 +27,14 @@
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */
-#ifndef __POLARSSL_CONFIG_H__
-#define __POLARSSL_CONFIG_H__
+#ifndef __MBEDTLS_CONFIG_H__
+#define __MBEDTLS_CONFIG_H__

+/*
+ * Key algorithms currently supported on mbedTLS libraries
+ */
+#define MBEDTLS_RSA			1
+#define MBEDTLS_ECDSA			2

 /*
 * Configuration file to build PolarSSL with the required features for
@@ -64,7 +69,14 @@

 #define POLARSSL_PLATFORM_C

+#if (MBEDTLS_KEY_ALG_ID == MBEDTLS_ECDSA)
+#define POLARSSL_ECDSA_C
+#define POLARSSL_ECP_C
+#define POLARSSL_ECP_DP_SECP256R1_ENABLED
+#elif (MBEDTLS_KEY_ALG_ID == MBEDTLS_RSA)
 #define POLARSSL_RSA_C
+#endif
+
 #define POLARSSL_SHA256_C

 #define POLARSSL_VERSION_C
@@ -81,4 +93,7 @@

 #include "polarssl/check_config.h"

-#endif /* __POLARSSL_CONFIG_H__ */
+/* System headers required to build mbedTLS with the current configuration */
+#include <stdlib.h>
+
+#endif /* __MBEDTLS_CONFIG_H__ */
--- a/include/drivers/io/io_storage.h
+++ b/include/drivers/io/io_storage.h
@@ -33,6 +33,7 @@

 #include <stdint.h>
 #include <stdio.h> /* For ssize_t */
+#include <uuid.h>


 /* Device type which can be used to enable policy decisions about which device
@@ -67,6 +68,11 @@ typedef struct io_file_spec {
 	unsigned int mode;
 } io_file_spec_t;

+/* UUID specification - used to refer to data accessed using UUIDs (i.e. FIP
+ * images) */
+typedef struct io_uuid_spec {
+	const uuid_t uuid;
+} io_uuid_spec_t;

 /* Block specification - used to refer to data on a device supporting
 * block-like entities */

--- a/include/plat/arm/board/common/board_arm_def.h
+++ b/include/plat/arm/board/common/board_arm_def.h
@@ -64,29 +64,41 @@
 * plat_arm_mmap array defined for each BL stage.
 */
 #if IMAGE_BL1
-# define PLAT_ARM_MMAP_ENTRIES		6
+# if PLAT_fvp
+#  define PLAT_ARM_MMAP_ENTRIES		7
+# else
+#  define PLAT_ARM_MMAP_ENTRIES		6
+# endif
 #endif
 #if IMAGE_BL2
-# define PLAT_ARM_MMAP_ENTRIES		8
+# if PLAT_fvp
+#  define PLAT_ARM_MMAP_ENTRIES		9
+# else
+#  define PLAT_ARM_MMAP_ENTRIES		8
+# endif
 #endif
 #if IMAGE_BL31
-# define PLAT_ARM_MMAP_ENTRIES		5
+#define PLAT_ARM_MMAP_ENTRIES		5
 #endif
 #if IMAGE_BL32
-# define PLAT_ARM_MMAP_ENTRIES		4
+#define PLAT_ARM_MMAP_ENTRIES		4
 #endif

 /*
 * Platform specific page table and MMU setup constants
 */
 #if IMAGE_BL1
-# if PLAT_fvp || PLAT_juno
+# if PLAT_juno
 #  define MAX_XLAT_TABLES		2
 # else
 #  define MAX_XLAT_TABLES		3
 # endif /* PLAT_ */
 #elif IMAGE_BL2
-# define MAX_XLAT_TABLES		3
+# if PLAT_juno
+#  define MAX_XLAT_TABLES		3
+# else
+#  define MAX_XLAT_TABLES		4
+# endif /* PLAT_ */
 #elif IMAGE_BL31
 # define MAX_XLAT_TABLES		2
 #elif IMAGE_BL32

--- a/include/plat/arm/common/arm_def.h
+++ b/include/plat/arm/common/arm_def.h
@@ -32,6 +32,7 @@

 #include <common_def.h>
 #include <platform_def.h>
+#include <tbbr_img_def.h>
 #include <xlat_tables.h>


@@ -200,7 +201,7 @@
 #if TRUSTED_BOARD_BOOT
 #define BL1_RW_BASE			(ARM_BL_RAM_BASE +		\
 						ARM_BL_RAM_SIZE -	\
-						0x8000)
+						0x9000)
 #else
 #define BL1_RW_BASE			(ARM_BL_RAM_BASE +		\
 						ARM_BL_RAM_SIZE -	\
@@ -216,7 +217,7 @@
 * size plus a little space for growth.
 */
 #if TRUSTED_BOARD_BOOT
-#define BL2_BASE			(BL31_BASE - 0x1C000)
+#define BL2_BASE			(BL31_BASE - 0x1D000)
 #else
 #define BL2_BASE			(BL31_BASE - 0xC000)
 #endif

--- a/include/plat/arm/common/plat_arm.h
+++ b/include/plat/arm/common/plat_arm.h
@@ -196,8 +196,9 @@ void plat_arm_pwrc_setup(void);
 */
 void plat_arm_io_setup(void);
 int plat_arm_get_alt_image_source(
-	const uintptr_t image_spec,
-	uintptr_t *dev_handle);
+	unsigned int image_id,
+	uintptr_t *dev_handle,
+	uintptr_t *image_spec);
 void plat_arm_topology_setup(void);



--- a/include/plat/arm/soc/common/soc_css_def.h
+++ b/include/plat/arm/soc/common/soc_css_def.h
@@ -65,6 +65,14 @@
 */
 #define SOC_CSS_NIC400_APB4_BRIDGE	4

+/* Keys */
+#define SOC_KEYS_BASE			0x7fe80000
+#define TZ_PUB_KEY_HASH_BASE		(SOC_KEYS_BASE + 0x0000)
+#define TZ_PUB_KEY_HASH_SIZE		32
+#define HU_KEY_BASE			(SOC_KEYS_BASE + 0x0020)
+#define HU_KEY_SIZE			16
+#define END_KEY_BASE			(SOC_KEYS_BASE + 0x0044)
+#define END_KEY_SIZE			32

 #define SOC_CSS_MAP_DEVICE		MAP_REGION_FLAT(		\
 						SOC_CSS_DEVICE_BASE,	\

--- a/include/plat/common/common_def.h
+++ b/include/plat/common/common_def.h
@@ -47,40 +47,6 @@
 */
 #define FIRMWARE_WELCOME_STR		"Booting Trusted Firmware\n"

-/* Trusted Boot Firmware BL2 */
-#define BL2_IMAGE_NAME			"bl2.bin"
-
-/* SCP Firmware BL3-0 */
-#define BL30_IMAGE_NAME			"bl30.bin"
-
-/* EL3 Runtime Firmware BL31 */
-#define BL31_IMAGE_NAME			"bl31.bin"
-
-/* Secure Payload BL32 (Trusted OS) */
-#define BL32_IMAGE_NAME			"bl32.bin"
-
-/* Non-Trusted Firmware BL33 */
-#define BL33_IMAGE_NAME			"bl33.bin"
-
-/* Firmware Image Package */
-#define FIP_IMAGE_NAME			"fip.bin"
-
-#if TRUSTED_BOARD_BOOT
-/* Certificates */
-# define BL2_CERT_NAME			"bl2.crt"
-# define TRUSTED_KEY_CERT_NAME		"trusted_key.crt"
-
-# define BL30_KEY_CERT_NAME		"bl30_key.crt"
-# define BL31_KEY_CERT_NAME		"bl31_key.crt"
-# define BL32_KEY_CERT_NAME		"bl32_key.crt"
-# define BL33_KEY_CERT_NAME		"bl33_key.crt"
-
-# define BL30_CERT_NAME			"bl30.crt"
-# define BL31_CERT_NAME			"bl31.crt"
-# define BL32_CERT_NAME			"bl32.crt"
-# define BL33_CERT_NAME			"bl33.crt"
-#endif /* TRUSTED_BOARD_BOOT */
-
 /*
 * Some of the platform porting definitions use the 'ull' suffix in order to
 * avoid subtle integer overflow errors due to implicit integer type promotion

--- a/include/plat/common/platform.h
+++ b/include/plat/common/platform.h
@@ -43,6 +43,11 @@ struct image_info;
 struct entry_point_info;
 struct bl31_params;

+/*******************************************************************************
+ * plat_get_rotpk_info() flags
+ ******************************************************************************/
+#define ROTPK_IS_HASH			(1 << 0)
+
 /*******************************************************************************
 * Function declarations
 ******************************************************************************/
@@ -50,7 +55,7 @@ struct bl31_params;
 * Mandatory common functions
 ******************************************************************************/
 uint64_t plat_get_syscnt_freq(void);
-int plat_get_image_source(const char *image_name,
+int plat_get_image_source(unsigned int image_id,
 			uintptr_t *dev_handle,
 			uintptr_t *image_spec);
 unsigned long plat_get_ns_image_entrypoint(void);
@@ -191,8 +196,9 @@ void bl31_plat_enable_mmu(uint32_t flags);
 void bl32_plat_enable_mmu(uint32_t flags);

 /*******************************************************************************
- * Trusted Boot functions
+ * Trusted Board Boot functions
 ******************************************************************************/
-int plat_match_rotpk(const unsigned char *, unsigned int);
+int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len,
+			unsigned int *flags);

 #endif /* __PLATFORM_H__ */
--- a/plat/arm/board/common/board_arm_trusted_boot.c
+++ b/plat/arm/board/common/board_arm_trusted_boot.c
@@ -28,15 +28,123 @@
 * POSSIBILITY OF SUCH DAMAGE.
 */

+#include <arm_def.h>
+#include <assert.h>
+#include <platform.h>
+#include <stdint.h>
+#include <string.h>
+
 /* Weak definition may be overridden in specific platform */
 #pragma weak plat_match_rotpk
+
+/* SHA256 algorithm */
+#define SHA256_BYTES			32
+
+/* ROTPK locations */
+#define ARM_ROTPK_REGS_ID		1
+#define ARM_ROTPK_DEVEL_RSA_ID		2
+
+#if !ARM_ROTPK_LOCATION_ID
+  #error "ARM_ROTPK_LOCATION_ID not defined"
+#endif
+
+static const unsigned char rotpk_hash_hdr[] =		\
+		"\x30\x31\x30\x0D\x06\x09\x60\x86\x48"	\
+		"\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20";
+static const unsigned int rotpk_hash_hdr_len = sizeof(rotpk_hash_hdr) - 1;
+static unsigned char rotpk_hash_der[sizeof(rotpk_hash_hdr) - 1 + SHA256_BYTES];
+
+#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_RSA_ID)
+static const unsigned char arm_devel_rotpk_hash[] =	\
+		"\xB0\xF3\x82\x09\x12\x97\xD8\x3A"	\
+		"\x37\x7A\x72\x47\x1B\xEC\x32\x73"	\
+		"\xE9\x92\x32\xE2\x49\x59\xF6\x5E"	\
+		"\x8B\x4A\x4A\x46\xD8\x22\x9A\xDA";
+#endif
+
 /*
- * Check the validity of the key
+ * Return the ROTPK hash in the following ASN.1 structure in DER format:
+ *
+ * AlgorithmIdentifier  ::=  SEQUENCE  {
+ *     algorithm         OBJECT IDENTIFIER,
+ *     parameters        ANY DEFINED BY algorithm OPTIONAL
+ * }
 *
- * 0 = success, Otherwise = error
+ * DigestInfo ::= SEQUENCE {
+ *     digestAlgorithm   AlgorithmIdentifier,
+ *     digest            OCTET STRING
+ * }
 */
-int plat_match_rotpk(const unsigned char *key_buf, unsigned int key_len)
+int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len,
+			unsigned int *flags)
 {
-	/* TODO: check against the ROT key stored in the platform */
+	uint8_t *dst;
+
+	assert(key_ptr != NULL);
+	assert(key_len != NULL);
+	assert(flags != NULL);
+
+	/* Copy the DER header */
+	memcpy(rotpk_hash_der, rotpk_hash_hdr, rotpk_hash_hdr_len);
+	dst = (uint8_t *)&rotpk_hash_der[rotpk_hash_hdr_len];
+
+#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_RSA_ID)
+	memcpy(dst, arm_devel_rotpk_hash, SHA256_BYTES);
+#elif (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID)
+	uint32_t *src, tmp;
+	unsigned int words, i;
+
+	/*
+	 * Append the hash from Trusted Root-Key Storage registers. The hash has
+	 * not been written linearly into the registers, so we have to do a bit
+	 * of byte swapping:
+	 *
+	 *     0x00    0x04    0x08    0x0C    0x10    0x14    0x18    0x1C
+	 * +---------------------------------------------------------------+
+	 * | Reg0  | Reg1  | Reg2  | Reg3  | Reg4  | Reg5  | Reg6  | Reg7  |
+	 * +---------------------------------------------------------------+
+	 *  | ...                    ... |   | ...                   ...  |
+	 *  |       +--------------------+   |                    +-------+
+	 *  |       |                        |                    |
+	 *  +----------------------------+   +----------------------------+
+	 *          |                    |                        |       |
+	 *  +-------+                    |   +--------------------+       |
+	 *  |                            |   |                            |
+	 *  v                            v   v                            v
+	 * +---------------------------------------------------------------+
+	 * |                               |                               |
+	 * +---------------------------------------------------------------+
+	 *  0                           15  16                           31
+	 *
+	 * Additionally, we have to access the registers in 32-bit words
+	 */
+	words = SHA256_BYTES >> 3;
+
+	/* Swap bytes 0-15 (first four registers) */
+	src = (uint32_t *)TZ_PUB_KEY_HASH_BASE;
+	for (i = 0 ; i < words ; i++) {
+		tmp = src[words - 1 - i];
+		/* Words are read in little endian */
+		*dst++ = (uint8_t)((tmp >> 24) & 0xFF);
+		*dst++ = (uint8_t)((tmp >> 16) & 0xFF);
+		*dst++ = (uint8_t)((tmp >> 8) & 0xFF);
+		*dst++ = (uint8_t)(tmp & 0xFF);
+	}
+
+	/* Swap bytes 16-31 (last four registers) */
+	src = (uint32_t *)(TZ_PUB_KEY_HASH_BASE + SHA256_BYTES / 2);
+	for (i = 0 ; i < words ; i++) {
+		tmp = src[words - 1 - i];
+		*dst++ = (uint8_t)((tmp >> 24) & 0xFF);
+		*dst++ = (uint8_t)((tmp >> 16) & 0xFF);
+		*dst++ = (uint8_t)((tmp >> 8) & 0xFF);
+		*dst++ = (uint8_t)(tmp & 0xFF);
+	}
+#endif /* (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_RSA_ID) */
+
+	*key_ptr = (void *)rotpk_hash_der;
+	*key_len = (unsigned int)sizeof(rotpk_hash_der);
+	*flags = ROTPK_IS_HASH;
 	return 0;
 }
+
--- a/plat/arm/board/common/board_common.mk
+++ b/plat/arm/board/common/board_common.mk
+#
+# Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# Redistributions of source code must retain the above copyright notice, this
+# list of conditions and the following disclaimer.
+#
+# Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+#
+# Neither the name of ARM nor the names of its contributors may be used
+# to endorse or promote products derived from this software without specific
+# prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+
+PLAT_INCLUDES		+=	-Iinclude/plat/arm/board/common/
+
+PLAT_BL_COMMON_SOURCES	+=	drivers/arm/pl011/pl011_console.S			\
+				plat/arm/board/common/aarch64/board_arm_helpers.S
+
+#BL1_SOURCES		+=
+
+#BL2_SOURCES		+=
+
+#BL31_SOURCES		+=
+
+ifneq (${TRUSTED_BOARD_BOOT},0)
+    # ROTPK hash location
+    ifeq (${ARM_ROTPK_LOCATION}, regs)
+        ARM_ROTPK_LOCATION_ID = ARM_ROTPK_REGS_ID
+    else ifeq (${ARM_ROTPK_LOCATION}, devel_rsa)
+        ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_RSA_ID
+    else
+        $(error "Unsupported ARM_ROTPK_LOCATION value")
+    endif
+    $(eval $(call add_define,ARM_ROTPK_LOCATION_ID))
+
+    BL1_SOURCES		+=	plat/arm/board/common/board_arm_trusted_boot.c
+    BL2_SOURCES		+=	plat/arm/board/common/board_arm_trusted_boot.c
+endif