TBB: add a platform specific function to validate the ROTPK

This patch adds the function plat_match_rotpk() to the platform
porting layer to provide a Root Of Trust Public key (ROTPK)
verification mechanism. This function is called during the
Trusted Board Boot process and receives a supposed valid copy
of the ROTPK as a parameter, usually obtained from an external
source (for instance, a certificate). It returns 0 (success) if
that key matches the actual ROTPK stored in the system or any
other value otherwise.

The mechanism to access the actual ROTPK stored in the system
is platform specific and should be implemented as part of this
function. The format of the ROTPK is also platform specific
(to save memory, some platforms might store a hash of the key
instead of the whole key).

TRUSTED_BOARD_BOOT build option has been added to allow the user
to enable the Trusted Board Boot features. The implementation of
the plat_match_rotpk() funtion is mandatory when Trusted Board
Boot is enabled.

For development purposes, FVP and Juno ports provide a dummy
function that returns always success (valid key). A safe trusted
boot implementation should provide a proper matching function.

Documentation updated accordingly.

Change-Id: I74ff12bc2b041556c48533375527d9e8c035b8c3

1 files changed, 5 insertions, 0 deletions

diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h
index 69bb749a..18b7eae2 100644
--- a/include/plat/common/platform.h
+++ b/include/plat/common/platform.h
@@ -191,4 +191,9 @@ void bl31_plat_enable_mmu(uint32_t flags);
  ******************************************************************************/
 void bl32_plat_enable_mmu(uint32_t flags);
 
+/*******************************************************************************
+ * Trusted Boot functions
+ ******************************************************************************/
+int plat_match_rotpk(const unsigned char *, unsigned int);
+
 #endif /* __PLATFORM_H__ */