diff options
| -rw-r--r-- | docs/porting-guide.md | 17 | ||||
| -rw-r--r-- | drivers/auth/auth_mod.c | 16 | ||||
| -rw-r--r-- | include/plat/common/platform.h | 3 |
3 files changed, 27 insertions, 9 deletions
diff --git a/docs/porting-guide.md b/docs/porting-guide.md index 8947defb..fba320a8 100644 --- a/docs/porting-guide.md +++ b/docs/porting-guide.md @@ -631,10 +631,19 @@ In case the function returns a hash of the key: digest OCTET STRING } -The function returns 0 on success. Any other value means the ROTPK could not be -retrieved from the platform. The function also reports extra information related -to the ROTPK in the flags parameter. - +The function returns 0 on success. Any other value is treated as error by the +Trusted Board Boot. The function also reports extra information related +to the ROTPK in the flags parameter: + + ROTPK_IS_HASH : Indicates that the ROTPK returned by the platform is a + hash. + ROTPK_NOT_DEPLOYED : This allows the platform to skip certificate ROTPK + verification while the platform ROTPK is not deployed. + When this flag is set, the function does not need to + return a platform ROTPK, and the authentication + framework uses the ROTPK in the certificate without + verifying it against the platform value. This flag + must not be used in a deployed production environment. ### Function: plat_get_nv_ctr() diff --git a/drivers/auth/auth_mod.c b/drivers/auth/auth_mod.c index 41845561..88ef0b02 100644 --- a/drivers/auth/auth_mod.c +++ b/drivers/auth/auth_mod.c @@ -199,8 +199,9 @@ static int auth_signature(const auth_method_param_sig_t *param, } return_if_error(rc); - /* If the PK is a hash of the key, retrieve the key from the image */ - if (flags & ROTPK_IS_HASH) { + if (flags & (ROTPK_IS_HASH | ROTPK_NOT_DEPLOYED)) { + /* If the PK is a hash of the key or if the ROTPK is not + deployed on the platform, retrieve the key from the image */ pk_hash_ptr = pk_ptr; pk_hash_len = pk_len; rc = img_parser_get_auth_param(img_desc->img_type, @@ -215,9 +216,14 @@ static int auth_signature(const auth_method_param_sig_t *param, pk_ptr, pk_len); return_if_error(rc); - /* Ask the crypto-module to verify the key hash */ - rc = crypto_mod_verify_hash(pk_ptr, pk_len, - pk_hash_ptr, pk_hash_len); + if (flags & ROTPK_NOT_DEPLOYED) { + NOTICE("ROTPK is not deployed on platform. " + "Skipping ROTPK verification.\n"); + } else { + /* Ask the crypto-module to verify the key hash */ + rc = crypto_mod_verify_hash(pk_ptr, pk_len, + pk_hash_ptr, pk_hash_len); + } } else { /* Ask the crypto module to verify the signature */ rc = crypto_mod_verify_signature(data_ptr, data_len, diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h index a08a12e4..390721f2 100644 --- a/include/plat/common/platform.h +++ b/include/plat/common/platform.h @@ -49,6 +49,9 @@ struct image_desc; * plat_get_rotpk_info() flags ******************************************************************************/ #define ROTPK_IS_HASH (1 << 0) +/* Flag used to skip verification of the certificate ROTPK while the platform + ROTPK is not deployed */ +#define ROTPK_NOT_DEPLOYED (1 << 1) /******************************************************************************* * Function declarations |