From 79841546a2782c400751bdc5a4d5f8c0263b3812 Mon Sep 17 00:00:00 2001
From: Tamas Ban <tamas.ban@arm.com>
Date: Tue, 30 Apr 2024 16:02:14 +0200
Subject: [PATCH] fix(tc): add SCP_BL2 to RSE measured boot

SCP_BL2 is part of CCA's TCB. The SCP_BL1 is loaded
by RSE. It has already added to the platform
attestation token. SCP_BL2 was missed, so it is
fixed now.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ic87743564136f03a901c90ff1ec614f5965b9a47
---
 include/tools_share/cca_oid.h            | 6 ++++--
 plat/arm/board/tc/tc_bl2_measured_boot.c | 7 +++++++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/include/tools_share/cca_oid.h b/include/tools_share/cca_oid.h
index 8c53ef955..6f89c169b 100644
--- a/include/tools_share/cca_oid.h
+++ b/include/tools_share/cca_oid.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -30,15 +30,17 @@
 
 /*
  * First undef previous definitions from tbbr_oid.h.
- * CCA ROTPK authenticates BL31 and its configuration image in
+ * CCA ROTPK authenticates BL31, SCP_BL2 and its configuration image in
  * CCA CoT.
  **/
 #undef BL31_IMAGE_KEY_OID
 #undef SOC_FW_CONFIG_KEY_OID
 #undef HW_CONFIG_KEY_OID
+#undef SCP_BL2_IMAGE_KEY_OID
 #define BL31_IMAGE_KEY_OID			ZERO_OID
 #define SOC_FW_CONFIG_KEY_OID			ZERO_OID
 #define HW_CONFIG_KEY_OID			ZERO_OID
+#define SCP_BL2_IMAGE_KEY_OID			ZERO_OID
 #define RMM_IMAGE_KEY_OID			ZERO_OID
 
 #endif /* CCA_OID_H */
diff --git a/plat/arm/board/tc/tc_bl2_measured_boot.c b/plat/arm/board/tc/tc_bl2_measured_boot.c
index add871c3c..3957c9064 100644
--- a/plat/arm/board/tc/tc_bl2_measured_boot.c
+++ b/plat/arm/board/tc/tc_bl2_measured_boot.c
@@ -39,6 +39,13 @@ struct rse_mboot_metadata tc_rse_mboot_metadata[] = {
 		.sw_type = MBOOT_SOC_FW_CONFIG_STRING,
 		.pk_oid = SOC_FW_CONFIG_KEY_OID,
 		.lock_measurement = true },
+	{
+		.id = SCP_BL2_IMAGE_ID,
+		.slot = U(12),
+		.signer_id_size = SIGNER_ID_MIN_SIZE,
+		.sw_type = MBOOT_SCP_BL2_IMAGE_STRING,
+		.pk_oid = SCP_BL2_IMAGE_KEY_OID,
+		.lock_measurement = true },
 	{
 		.id = RSE_MBOOT_INVALID_ID }
 };