fix(tc): add SCP_BL2 to RSE measured boot

SCP_BL2 is part of CCA's TCB. The SCP_BL1 is loaded
by RSE. It has already added to the platform
attestation token. SCP_BL2 was missed, so it is
fixed now.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ic87743564136f03a901c90ff1ec614f5965b9a47

include/tools_share/cca_oid.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -30,15 +30,17 @@
 
 /*
  * First undef previous definitions from tbbr_oid.h.
- * CCA ROTPK authenticates BL31 and its configuration image in
+ * CCA ROTPK authenticates BL31, SCP_BL2 and its configuration image in
  * CCA CoT.
  **/
 #undef BL31_IMAGE_KEY_OID
 #undef SOC_FW_CONFIG_KEY_OID
 #undef HW_CONFIG_KEY_OID
+#undef SCP_BL2_IMAGE_KEY_OID
 #define BL31_IMAGE_KEY_OID			ZERO_OID
 #define SOC_FW_CONFIG_KEY_OID			ZERO_OID
 #define HW_CONFIG_KEY_OID			ZERO_OID
+#define SCP_BL2_IMAGE_KEY_OID			ZERO_OID
 #define RMM_IMAGE_KEY_OID			ZERO_OID
 
 #endif /* CCA_OID_H */

plat/arm/board/tc/tc_bl2_measured_boot.c

@@ -39,6 +39,13 @@ struct rse_mboot_metadata tc_rse_mboot_metadata[] = {
 		.sw_type = MBOOT_SOC_FW_CONFIG_STRING,
 		.pk_oid = SOC_FW_CONFIG_KEY_OID,
 		.lock_measurement = true },
+	{
+		.id = SCP_BL2_IMAGE_ID,
+		.slot = U(12),
+		.signer_id_size = SIGNER_ID_MIN_SIZE,
+		.sw_type = MBOOT_SCP_BL2_IMAGE_STRING,
+		.pk_oid = SCP_BL2_IMAGE_KEY_OID,
+		.lock_measurement = true },
 	{
 		.id = RSE_MBOOT_INVALID_ID }
 };