diff options
author | Manish V Badarkhe <Manish.Badarkhe@arm.com> | 2023-03-10 19:00:02 +0000 |
---|---|---|
committer | Manish V Badarkhe <Manish.Badarkhe@arm.com> | 2023-04-21 09:46:01 +0100 |
commit | f1e693a77548950cfffcb1d5a4b67cf349e0aed9 (patch) | |
tree | 9023b769826b1a347adb1ca4505dbc2f55239a4f /include | |
parent | f28057a2607ef1e408396095a1fa125d1c7d52f3 (diff) | |
download | arm-trusted-firmware-f1e693a77548950cfffcb1d5a4b67cf349e0aed9.tar.gz |
feat(auth): compare platform and certificate ROTPK for authentication
Compared the full ROTPK with the ROTPK obtained from the certificate
when the platform supports full ROTPK instead of hash of ROTPK.
Additionally, changed the code to verify the ROTPK before relying on
it for signature verification.
Change-Id: I52bb9deb1a1dd5b184d3156bddad14c238692de7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/plat/common/platform.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h index a14d77504..72d316018 100644 --- a/include/plat/common/platform.h +++ b/include/plat/common/platform.h @@ -44,10 +44,17 @@ enum fw_enc_status_t; * plat_get_rotpk_info() flags ******************************************************************************/ #define ROTPK_IS_HASH (1 << 0) + /* Flag used to skip verification of the certificate ROTPK while the platform ROTPK is not deployed */ #define ROTPK_NOT_DEPLOYED (1 << 1) +static inline bool is_rotpk_flags_valid(unsigned int flags) +{ + unsigned int valid_flags = ROTPK_IS_HASH; + return (flags == ROTPK_NOT_DEPLOYED) || ((flags & ~valid_flags) == 0); +} + /******************************************************************************* * plat_get_enc_key_info() flags ******************************************************************************/ |