summaryrefslogtreecommitdiffstats
path: root/plat/common/tbbr/plat_tbbr.c
blob: 12ab0a9e0de765bbe65a53039ec99e9ed5e3cf11 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
/*
 * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */

#include <assert.h>
#include <string.h>

#include <drivers/auth/auth_mod.h>
#include <plat/common/platform.h>
#if USE_TBBR_DEFS
#include <tools_share/tbbr_oid.h>
#else
#include <platform_oid.h>
#endif

/*
 * Store a new non-volatile counter value. This implementation
 * only allows updating of the platform's Trusted NV counter when a
 * certificate protected by the Trusted NV counter is signed with
 * the ROT key. This avoids a compromised secondary certificate from
 * updating the platform's Trusted NV counter, which could lead to the
 * platform becoming unusable. The function is suitable for all TBBR
 * compliant platforms.
 *
 * Return: 0 = success, Otherwise = error
 */
int plat_set_nv_ctr2(void *cookie, const auth_img_desc_t *img_desc,
		unsigned int nv_ctr)
{
	int trusted_nv_ctr;

	assert(cookie != NULL);
	assert(img_desc != NULL);

	trusted_nv_ctr = strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0;

	/*
	 * Only update the Trusted NV Counter if the certificate
	 * has been signed with the ROT key. Non Trusted NV counter
	 * updates are unconditional.
	 */
	if (!trusted_nv_ctr || img_desc->parent == NULL)
		return plat_set_nv_ctr(cookie, nv_ctr);

	/*
	 * Trusted certificates not signed with the ROT key are not
	 * allowed to update the Trusted NV Counter.
	 */
	return 1;
}