tbbr/dualroot: Add fw_config image in chain of trust
fw_config image is authenticated using secure boot framework by
adding it into the single root and dual root chain of trust.
The COT for fw_config image looks as below:
+------------------+ +-------------------+
| ROTPK/ROTPK Hash |------>| Trusted Boot fw |
+------------------+ | Certificate |
| (Auth Image) |
/+-------------------+
/ |
/ |
/ |
/ |
L v
+------------------+ +-------------------+
| fw_config hash |------>| fw_config |
| | | (Data Image) |
+------------------+ +-------------------+
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I08fc8ee95c29a95bb140c807dd06e772474c7367
diff --git a/plat/arm/common/fconf/arm_fconf_io.c b/plat/arm/common/fconf/arm_fconf_io.c
index 68cd9fb..48cc4fe 100644
--- a/plat/arm/common/fconf/arm_fconf_io.c
+++ b/plat/arm/common/fconf/arm_fconf_io.c
@@ -25,6 +25,7 @@
const io_uuid_spec_t arm_uuid_spec[MAX_NUMBER_IDS] = {
[BL2_IMAGE_ID] = {UUID_TRUSTED_BOOT_FIRMWARE_BL2},
[TB_FW_CONFIG_ID] = {UUID_TB_FW_CONFIG},
+ [FW_CONFIG_ID] = {UUID_FW_CONFIG},
#if !ARM_IO_IN_DTB
[SCP_BL2_IMAGE_ID] = {UUID_SCP_FIRMWARE_SCP_BL2},
[BL31_IMAGE_ID] = {UUID_EL3_RUNTIME_FIRMWARE_BL31},
@@ -73,6 +74,11 @@
(uintptr_t)&arm_uuid_spec[TB_FW_CONFIG_ID],
open_fip
},
+ [FW_CONFIG_ID] = {
+ &fip_dev_handle,
+ (uintptr_t)&arm_uuid_spec[FW_CONFIG_ID],
+ open_fip
+ },
#if !ARM_IO_IN_DTB
[SCP_BL2_IMAGE_ID] = {
&fip_dev_handle,