1 /*
2  * Copyright (c) 2023-2024, Arm Limited. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 
8 #ifndef __PROVISIONING_BUNDLE_H__
9 #define __PROVISIONING_BUNDLE_H__
10 
11 #include "stdint.h"
12 #include "region_defs.h"
13 #include "cmsis_compiler.h"
14 
15 #ifdef __cplusplus
16 extern "C" {
17 #endif
18 
19 #define BUNDLE_MAGIC 0xC0DEFEED
20 
21 #ifdef MCUBOOT_SIGN_EC384
22 #define PUB_KEY_HASH_SIZE (48)
23 #define PUB_KEY_SIZE      (100) /* Size must be aligned to 4 Bytes */
24 #else
25 #define PUB_KEY_HASH_SIZE (32)
26 #define PUB_KEY_SIZE      (68)  /* Size must be aligned to 4 Bytes */
27 #endif /* MCUBOOT_SIGN_EC384 */
28 
29 #ifdef MCUBOOT_BUILTIN_KEY
30 #define PROV_ROTPK_DATA_SIZE    PUB_KEY_SIZE
31 #else
32 #define PROV_ROTPK_DATA_SIZE    PUB_KEY_HASH_SIZE
33 #endif /* MCUBOOT_BUILTIN_KEY */
34 
35 __PACKED_STRUCT tfm_assembly_and_test_provisioning_data_t {
36     uint8_t huk[32];
37 };
38 
39 __PACKED_STRUCT tfm_psa_rot_provisioning_data_t {
40     uint8_t iak[32];
41     uint32_t iak_len;
42     uint32_t iak_type;
43 #if ATTEST_INCLUDE_COSE_KEY_ID
44     uint8_t iak_id[32];
45 #endif /* ATTEST_INCLUDE_COSE_KEY_ID */
46 
47     uint8_t boot_seed[32];
48     uint8_t implementation_id[32];
49     uint8_t cert_ref[32];
50     uint8_t verification_service_url[32];
51     uint8_t profile_definition[32];
52 
53     uint8_t entropy_seed[64];
54 };
55 
56 __PACKED_STRUCT bl2_assembly_and_test_provisioning_data_t {
57     uint8_t bl2_rotpk_0[PROV_ROTPK_DATA_SIZE];
58     uint8_t bl2_rotpk_1[PROV_ROTPK_DATA_SIZE];
59 #if (MCUBOOT_IMAGE_NUMBER > 2)
60     uint8_t bl2_rotpk_2[PROV_ROTPK_DATA_SIZE];
61 #endif
62 #if (MCUBOOT_IMAGE_NUMBER > 3)
63     uint8_t bl2_rotpk_3[PROV_ROTPK_DATA_SIZE];
64 #endif
65 
66 #ifdef PLATFORM_PSA_ADAC_SECURE_DEBUG
67     uint8_t secure_debug_pk[32];
68 #endif /* PLATFORM_PSA_ADAC_SECURE_DEBUG */
69 };
70 
71 __PACKED_STRUCT provisioning_data_t {
72     const struct bl2_assembly_and_test_provisioning_data_t bl2_assembly_and_test_prov_data;
73     const struct tfm_assembly_and_test_provisioning_data_t assembly_and_test_prov_data;
74     const struct tfm_psa_rot_provisioning_data_t psa_rot_prov_data;
75 };
76 
77 struct __attribute__((__packed__)) provisioning_bundle {
78     /* This section is authenticated */
79     uint32_t magic;
80 
81     uint8_t code[PROVISIONING_BUNDLE_CODE_SIZE];
82     union __attribute__((__packed__)) {
83         const struct provisioning_data_t values;
84         const uint8_t _pad[PROVISIONING_BUNDLE_VALUES_SIZE];
85     };
86     uint8_t data[PROVISIONING_BUNDLE_DATA_SIZE];
87     /* This section is metadata */
88     uint8_t tag[16];
89     uint32_t magic2;
90 };
91 
92 #ifdef __cplusplus
93 }
94 #endif
95 
96 #endif /* __PROVISIONING_BUNDLE_H__ */
97