cert_create: add SiP owned secure partitions support Add support to generate certificate "sip-sp-cert" for Secure Partitions(SP) owned by Silicon provider(SiP). To avoid deviation from TBBR specification the support is only added for dualroot CoT and not for TBBR CoT. A single certificate file is generated containing hash of individual packages. Maximum 8 secure partitions are supported. Following new options added to cert_tool: --sip-sp-cert --> SiP owned Secure Partition Content Certificate --sp-pkg1 --> Secure Partition Package1 file --sp-pkg2 ..... --sp-pkg8 Trusted world key pair is used for signing. Going forward, this feature can be extended for Platfrom owned Partitions, if required. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ia6dfbc1447cfb41b1fcbd12cf2bf7b88f409bd8d

commit: 0a65884ff41a116ab0becaf3c1a320ede5d73686 [log] [tgz]
author: Manish Pandey <manish.pandey2@arm.com> Fri May 22 12:27:28 2020 +0100
committer: Manish Pandey <manish.pandey2@arm.com> Mon Jun 08 22:42:06 2020 +0100
tree: 6bf2a8de782d26744afdc701c0d06d78dbb43da0
parent: 0727b01cc167726117097a844d2f6b1836e7b95a [diff] [blame]
diff --git a/lib/debugfs/devfip.c b/lib/debugfs/devfip.c
index fc14e70..70ac3bc 100644
--- a/lib/debugfs/devfip.c
+++ b/lib/debugfs/devfip.c

@@ -74,7 +74,8 @@
 	{"tos-fw.cfg",		UUID_TOS_FW_CONFIG},
 	{"nt-fw.cfg",		UUID_NT_FW_CONFIG},
 	{"rot-k.crt",		UUID_ROT_KEY_CERT},
-	{"nt-k.crt",		UUID_NON_TRUSTED_WORLD_KEY_CERT}
+	{"nt-k.crt",		UUID_NON_TRUSTED_WORLD_KEY_CERT},
+	{"sip-sp.crt",		UUID_SIP_SECURE_PARTITION_CONTENT_CERT}
 };
 
 /*******************************************************************************
commit	0a65884ff41a116ab0becaf3c1a320ede5d73686	[log] [tgz]
author	Manish Pandey <manish.pandey2@arm.com>	Fri May 22 12:27:28 2020 +0100
committer	Manish Pandey <manish.pandey2@arm.com>	Mon Jun 08 22:42:06 2020 +0100
tree	6bf2a8de782d26744afdc701c0d06d78dbb43da0
parent	0727b01cc167726117097a844d2f6b1836e7b95a [diff] [blame]