cert_create: add SiP owned secure partitions support Add support to generate certificate "sip-sp-cert" for Secure Partitions(SP) owned by Silicon provider(SiP). To avoid deviation from TBBR specification the support is only added for dualroot CoT and not for TBBR CoT. A single certificate file is generated containing hash of individual packages. Maximum 8 secure partitions are supported. Following new options added to cert_tool: --sip-sp-cert --> SiP owned Secure Partition Content Certificate --sp-pkg1 --> Secure Partition Package1 file --sp-pkg2 ..... --sp-pkg8 Trusted world key pair is used for signing. Going forward, this feature can be extended for Platfrom owned Partitions, if required. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ia6dfbc1447cfb41b1fcbd12cf2bf7b88f409bd8d

commit: 0a65884ff41a116ab0becaf3c1a320ede5d73686 [log] [tgz]
author: Manish Pandey <manish.pandey2@arm.com> Fri May 22 12:27:28 2020 +0100
committer: Manish Pandey <manish.pandey2@arm.com> Mon Jun 08 22:42:06 2020 +0100
tree: 6bf2a8de782d26744afdc701c0d06d78dbb43da0
parent: 0727b01cc167726117097a844d2f6b1836e7b95a [diff] [blame]
diff --git a/tools/fiptool/tbbr_config.c b/tools/fiptool/tbbr_config.c
index 86b8581..1c5ef5f 100644
--- a/tools/fiptool/tbbr_config.c
+++ b/tools/fiptool/tbbr_config.c

@@ -152,6 +152,11 @@
 		.cmdline_name = "nt-fw-cert"
 	},
 	{
+		.name = "SiP owned Secure Partition content certificate",
+		.uuid = UUID_SIP_SECURE_PARTITION_CONTENT_CERT,
+		.cmdline_name = "sip-sp-cert"
+	},
+	{
 		.name = NULL,
 		.uuid = { {0} },
 		.cmdline_name = NULL,
commit	0a65884ff41a116ab0becaf3c1a320ede5d73686	[log] [tgz]
author	Manish Pandey <manish.pandey2@arm.com>	Fri May 22 12:27:28 2020 +0100
committer	Manish Pandey <manish.pandey2@arm.com>	Mon Jun 08 22:42:06 2020 +0100
tree	6bf2a8de782d26744afdc701c0d06d78dbb43da0
parent	0727b01cc167726117097a844d2f6b1836e7b95a [diff] [blame]