Merge pull request #642 from soby-mathew/sm/override_rotpk

Allow dynamic overriding of ROTPK verification

Merge pull request #642 from soby-mathew/sm/override_rotpk
Allow dynamic overriding of ROTPK verification
ae43c949 · danh-arm · 174baeed · 04943d33 · ae43c949 · ae43c949
Commit ae43c949 authored Jun 08, 2016 by danh-arm
--- a/docs/porting-guide.md
+++ b/docs/porting-guide.md
@@ -631,10 +631,19 @@ In case the function returns a hash of the key:
        digest            OCTET STRING
    }
-The function returns 0 on success. Any other value means the ROTPK could not be
+The function returns 0 on success. Any other value is treated as error by the
-retrieved from the platform. The function also reports extra information related
+Trusted Board Boot. The function also reports extra information related
-to the ROTPK in the flags parameter.
+to the ROTPK in the flags parameter:
+    ROTPK_IS_HASH      : Indicates that the ROTPK returned by the platform is a
+                         hash.
+    ROTPK_NOT_DEPLOYED : This allows the platform to skip certificate ROTPK
+                         verification while the platform ROTPK is not deployed.
+                         When this flag is set, the function does not need to
+                         return a platform ROTPK, and the authentication
+                         framework uses the ROTPK in the certificate without
+                         verifying it against the platform value. This flag
+                         must not be used in a deployed production environment.
 ### Function: plat_get_nv_ctr()

--- a/drivers/auth/auth_mod.c
+++ b/drivers/auth/auth_mod.c
@@ -199,8 +199,9 @@ static int auth_signature(const auth_method_param_sig_t *param,
 	}
 	return_if_error(rc);
-	/* If the PK is a hash of the key, retrieve the key from the image */
+	if (flags & (ROTPK_IS_HASH | ROTPK_NOT_DEPLOYED)) {
-	if (flags & ROTPK_IS_HASH) {
+		/* If the PK is a hash of the key or if the ROTPK is not
+		   deployed on the platform, retrieve the key from the image */
 		pk_hash_ptr = pk_ptr;
 		pk_hash_len = pk_len;
 		rc = img_parser_get_auth_param(img_desc->img_type,
@@ -215,9 +216,14 @@ static int auth_signature(const auth_method_param_sig_t *param,
 						 pk_ptr, pk_len);
 		return_if_error(rc);
-		/* Ask the crypto-module to verify the key hash */
+		if (flags & ROTPK_NOT_DEPLOYED) {
-		rc = crypto_mod_verify_hash(pk_ptr, pk_len,
+			NOTICE("ROTPK is not deployed on platform. "
-					    pk_hash_ptr, pk_hash_len);
+				"Skipping ROTPK verification.\n");
+		} else {
+			/* Ask the crypto-module to verify the key hash */
+			rc = crypto_mod_verify_hash(pk_ptr, pk_len,
+				    pk_hash_ptr, pk_hash_len);
+		}
 	} else {
 		/* Ask the crypto module to verify the signature */
 		rc = crypto_mod_verify_signature(data_ptr, data_len,

--- a/include/plat/common/platform.h
+++ b/include/plat/common/platform.h
@@ -49,6 +49,9 @@ struct image_desc;
 * plat_get_rotpk_info() flags
 ******************************************************************************/
 #define ROTPK_IS_HASH			(1 << 0)
+/* Flag used to skip verification of the certificate ROTPK while the platform
+   ROTPK is not deployed */
+#define ROTPK_NOT_DEPLOYED		(1 << 1)
 /*******************************************************************************
 * Function declarations