cert_create: specify command line options in the CoT
This patch introduces a new API that allows to specify command
line options in the Chain of Trust description. These command line
options may be used to specify parameters related to the CoT (i.e.
keys or certificates), instead of keeping a hardcoded list of
options in main.c.
Change-Id: I282b0b01cb9add557b26bddc238a28253ce05e44
diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile
index 7efaf8a..8d7b8a5 100644
--- a/tools/cert_create/Makefile
+++ b/tools/cert_create/Makefile
@@ -36,6 +36,7 @@
OPENSSL_DIR := /usr
OBJECTS := src/cert.o \
+ src/cmd_opt.o \
src/ext.o \
src/key.o \
src/main.o \
diff --git a/tools/cert_create/include/cert.h b/tools/cert_create/include/cert.h
index 18129a7..11381c9 100644
--- a/tools/cert_create/include/cert.h
+++ b/tools/cert_create/include/cert.h
@@ -54,6 +54,7 @@
struct cert_s {
int id; /* Unique identifier */
+ const char *opt; /* Command line option to pass filename */
const char *fn; /* Filename to save the certificate */
const char *cn; /* Subject CN (Company Name) */
@@ -67,6 +68,8 @@
};
/* Exported API */
+int cert_init(void);
+cert_t *cert_get_by_opt(const char *opt);
int cert_add_ext(X509 *issuer, X509 *subject, int nid, char *value);
int cert_new(cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSION) * sk);
diff --git a/tools/cert_create/include/cmd_opt.h b/tools/cert_create/include/cmd_opt.h
new file mode 100644
index 0000000..ca48d7c
--- /dev/null
+++ b/tools/cert_create/include/cmd_opt.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef CMD_OPT_H_
+#define CMD_OPT_H_
+
+#include <getopt.h>
+
+#define CMD_OPT_MAX_NUM 64
+
+/* Supported long command line option types */
+enum {
+ CMD_OPT_CERT,
+ CMD_OPT_KEY,
+ CMD_OPT_EXT
+};
+
+/* Exported API*/
+int cmd_opt_add(const char *name, int has_arg, int val);
+const struct option *cmd_opt_get_array(void);
+const char *cmd_opt_get_name(int idx);
+
+#endif /* CMD_OPT_H_ */
diff --git a/tools/cert_create/include/ext.h b/tools/cert_create/include/ext.h
index 60455e6..3c65473 100644
--- a/tools/cert_create/include/ext.h
+++ b/tools/cert_create/include/ext.h
@@ -56,6 +56,7 @@
* - V_ASN1_OCTET_STRING
*/
int type;
+ const char *opt; /* Command line option to specify data */
/* Extension data (depends on extension type) */
union {
const char *fn; /* File with extension data */
@@ -79,7 +80,8 @@
};
/* Exported API */
-int ext_register(ext_t *tbb_ext);
+int ext_init(void);
+ext_t *ext_get_by_opt(const char *opt);
X509_EXTENSION *ext_new_hash(int nid, int crit, const EVP_MD *md,
unsigned char *buf, size_t len);
X509_EXTENSION *ext_new_nvcounter(int nid, int crit, int value);
diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h
index da9f119..6995a06 100644
--- a/tools/cert_create/include/key.h
+++ b/tools/cert_create/include/key.h
@@ -63,12 +63,15 @@
*/
typedef struct key_s {
int id; /* Key id */
+ const char *opt; /* Command line option to specify a key */
const char *desc; /* Key description (debug purposes) */
char *fn; /* Filename to load/store the key */
EVP_PKEY *key; /* Key container */
} key_t;
/* Exported API */
+int key_init(void);
+key_t *key_get_by_opt(const char *opt);
int key_create(key_t *key, int type);
int key_load(key_t *key, unsigned int *err_code);
int key_store(key_t *key);
diff --git a/tools/cert_create/src/cert.c b/tools/cert_create/src/cert.c
index e58b10e..bf52645 100644
--- a/tools/cert_create/src/cert.c
+++ b/tools/cert_create/src/cert.c
@@ -39,6 +39,7 @@
#include <openssl/x509v3.h>
#include "cert.h"
+#include "cmd_opt.h"
#include "debug.h"
#include "key.h"
#include "platform_oid.h"
@@ -179,3 +180,35 @@
cert->x = x;
return 1;
}
+
+int cert_init(void)
+{
+ cert_t *cert;
+ int rc = 0;
+ unsigned int i;
+
+ for (i = 0; i < num_certs; i++) {
+ cert = &certs[i];
+ rc = cmd_opt_add(cert->opt, required_argument, CMD_OPT_CERT);
+ if (rc != 0) {
+ break;
+ }
+ }
+
+ return rc;
+}
+
+cert_t *cert_get_by_opt(const char *opt)
+{
+ cert_t *cert = NULL;
+ unsigned int i;
+
+ for (i = 0; i < num_certs; i++) {
+ cert = &certs[i];
+ if (0 == strcmp(cert->opt, opt)) {
+ return cert;
+ }
+ }
+
+ return NULL;
+}
diff --git a/tools/cert_create/src/cmd_opt.c b/tools/cert_create/src/cmd_opt.c
new file mode 100644
index 0000000..3847b98
--- /dev/null
+++ b/tools/cert_create/src/cmd_opt.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <getopt.h>
+#include <stddef.h>
+#include <cmd_opt.h>
+
+/* Command line options */
+static struct option long_opt[CMD_OPT_MAX_NUM+1];
+static int num_reg_opt;
+
+int cmd_opt_add(const char *name, int has_arg, int val)
+{
+ if (num_reg_opt >= CMD_OPT_MAX_NUM) {
+ return -1;
+ }
+ long_opt[num_reg_opt].name = name;
+ long_opt[num_reg_opt].has_arg = has_arg;
+ long_opt[num_reg_opt].flag = 0;
+ long_opt[num_reg_opt].val = val;
+ num_reg_opt++;
+
+ return 0;
+}
+
+const struct option *cmd_opt_get_array(void)
+{
+ return long_opt;
+}
+
+const char *cmd_opt_get_name(int idx)
+{
+ if (idx >= num_reg_opt) {
+ return NULL;
+ }
+
+ return long_opt[idx].name;
+}
diff --git a/tools/cert_create/src/ext.c b/tools/cert_create/src/ext.c
index 6d09837..14aef66 100644
--- a/tools/cert_create/src/ext.c
+++ b/tools/cert_create/src/ext.c
@@ -35,6 +35,8 @@
#include <openssl/asn1t.h>
#include <openssl/err.h>
#include <openssl/x509v3.h>
+
+#include "cmd_opt.h"
#include "ext.h"
DECLARE_ASN1_ITEM(ASN1_INTEGER)
@@ -65,13 +67,26 @@
*
* Return: 0 = success, Otherwise: error
*/
-int ext_register(ext_t *exts)
+int ext_init(void)
{
ext_t *ext;
X509V3_EXT_METHOD *m;
- int i = 0, nid, ret;
+ int nid, ret;
+ unsigned int i;
- while ((ext = &exts[i++]) && ext->oid) {
+ for (i = 0; i < num_extensions; i++) {
+ ext = &extensions[i];
+ /* Register command line option */
+ if (ext->opt) {
+ if (cmd_opt_add(ext->opt, required_argument,
+ CMD_OPT_EXT)) {
+ return 1;
+ }
+ }
+ /* Register the extension OID in OpenSSL */
+ if (ext->oid == NULL) {
+ continue;
+ }
nid = OBJ_create(ext->oid, ext->sn, ext->ln);
if (ext->alias) {
X509V3_EXT_add_alias(nid, ext->alias);
@@ -295,3 +310,20 @@
return ex;
}
+
+ext_t *ext_get_by_opt(const char *opt)
+{
+ ext_t *ext = NULL;
+ unsigned int i;
+
+ /* Sequential search. This is not a performance concern since the number
+ * of extensions is bounded and the code runs on a host machine */
+ for (i = 0; i < num_extensions; i++) {
+ ext = &extensions[i];
+ if (ext->opt && !strcmp(ext->opt, opt)) {
+ return ext;
+ }
+ }
+
+ return NULL;
+}
diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c
index 6072d9c..76d528b 100644
--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c
@@ -38,6 +38,7 @@
#include <openssl/pem.h>
#include "cert.h"
+#include "cmd_opt.h"
#include "debug.h"
#include "key.h"
#include "platform_oid.h"
@@ -190,3 +191,40 @@
return 0;
}
+
+int key_init(void)
+{
+ key_t *key;
+ int rc = 0;
+ unsigned int i;
+
+ for (i = 0; i < num_keys; i++) {
+ key = &keys[i];
+ if (key->opt != NULL) {
+ rc = cmd_opt_add(key->opt, required_argument,
+ CMD_OPT_KEY);
+ if (rc != 0) {
+ break;
+ }
+ }
+ }
+
+ return rc;
+}
+
+key_t *key_get_by_opt(const char *opt)
+{
+ key_t *key = NULL;
+ unsigned int i;
+
+ /* Sequential search. This is not a performance concern since the number
+ * of keys is bounded and the code runs on a host machine */
+ for (i = 0; i < num_keys; i++) {
+ key = &keys[i];
+ if (0 == strcmp(key->opt, opt)) {
+ return key;
+ }
+ }
+
+ return NULL;
+}
diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c
index 5bf41cc..b7ad33f 100644
--- a/tools/cert_create/src/main.c
+++ b/tools/cert_create/src/main.c
@@ -41,6 +41,7 @@
#include <openssl/x509v3.h>
#include "cert.h"
+#include "cmd_opt.h"
#include "debug.h"
#include "ext.h"
#include "key.h"
@@ -139,43 +140,7 @@
#endif /* OPENSSL_NO_EC */
};
-/* Command line options */
-static const struct option long_opt[] = {
- /* Binary images */
- {"bl2", required_argument, 0, BL2_ID},
- {"bl30", required_argument, 0, BL30_ID},
- {"bl31", required_argument, 0, BL31_ID},
- {"bl32", required_argument, 0, BL32_ID},
- {"bl33", required_argument, 0, BL33_ID},
- /* Certificate files */
- {"bl2-cert", required_argument, 0, BL2_CERT_ID},
- {"trusted-key-cert", required_argument, 0, TRUSTED_KEY_CERT_ID},
- {"bl30-key-cert", required_argument, 0, BL30_KEY_CERT_ID},
- {"bl30-cert", required_argument, 0, BL30_CERT_ID},
- {"bl31-key-cert", required_argument, 0, BL31_KEY_CERT_ID},
- {"bl31-cert", required_argument, 0, BL31_CERT_ID},
- {"bl32-key-cert", required_argument, 0, BL32_KEY_CERT_ID},
- {"bl32-cert", required_argument, 0, BL32_CERT_ID},
- {"bl33-key-cert", required_argument, 0, BL33_KEY_CERT_ID},
- {"bl33-cert", required_argument, 0, BL33_CERT_ID},
- /* Private key files */
- {"rot-key", required_argument, 0, ROT_KEY_ID},
- {"trusted-world-key", required_argument, 0, TRUSTED_WORLD_KEY_ID},
- {"non-trusted-world-key", required_argument, 0, NON_TRUSTED_WORLD_KEY_ID},
- {"bl30-key", required_argument, 0, BL30_KEY_ID},
- {"bl31-key", required_argument, 0, BL31_KEY_ID},
- {"bl32-key", required_argument, 0, BL32_KEY_ID},
- {"bl33-key", required_argument, 0, BL33_KEY_ID},
- /* Common options */
- {"key-alg", required_argument, 0, 'a'},
- {"help", no_argument, 0, 'h'},
- {"save-keys", no_argument, 0, 'k'},
- {"new-chain", no_argument, 0, 'n'},
- {"print-cert", no_argument, 0, 'p'},
- {0, 0, 0, 0}
-};
-
-static void print_help(const char *cmd)
+static void print_help(const char *cmd, const struct option *long_opt)
{
int i = 0;
printf("\n\n");
@@ -274,10 +239,13 @@
STACK_OF(X509_EXTENSION) * sk = NULL;
X509_EXTENSION *cert_ext = NULL;
ext_t *ext = NULL;
- cert_t *cert;
+ key_t *key = NULL;
+ cert_t *cert = NULL;
FILE *file = NULL;
int i, j, ext_nid;
int c, opt_idx = 0;
+ const struct option *cmd_opt;
+ const char *cur_opt;
unsigned int err_code;
unsigned char md[SHA256_DIGEST_LENGTH];
const EVP_MD *md_info;
@@ -288,9 +256,37 @@
/* Set default options */
key_alg = KEY_ALG_RSA;
+ /* Add common command line options */
+ cmd_opt_add("key-alg", required_argument, 'a');
+ cmd_opt_add("help", no_argument, 'h');
+ cmd_opt_add("save-keys", no_argument, 'k');
+ cmd_opt_add("new-chain", no_argument, 'n');
+ cmd_opt_add("print-cert", no_argument, 'p');
+
+ /* Initialize the certificates */
+ if (cert_init() != 0) {
+ ERROR("Cannot initialize certificates\n");
+ exit(1);
+ }
+
+ /* Initialize the keys */
+ if (key_init() != 0) {
+ ERROR("Cannot initialize keys\n");
+ exit(1);
+ }
+
+ /* Initialize the new types and register OIDs for the extensions */
+ if (ext_init() != 0) {
+ ERROR("Cannot initialize TBB extensions\n");
+ exit(1);
+ }
+
+ /* Get the command line options populated during the initialization */
+ cmd_opt = cmd_opt_get_array();
+
while (1) {
/* getopt_long stores the option index here. */
- c = getopt_long(argc, argv, "ahknp", long_opt, &opt_idx);
+ c = getopt_long(argc, argv, "ahknp", cmd_opt, &opt_idx);
/* Detect the end of the options. */
if (c == -1) {
@@ -306,7 +302,7 @@
}
break;
case 'h':
- print_help(argv[0]);
+ print_help(argv[0], cmd_opt);
break;
case 'k':
save_keys = 1;
@@ -317,71 +313,20 @@
case 'p':
print_cert = 1;
break;
- case BL2_ID:
- extensions[BL2_HASH_EXT].data.fn = strdup(optarg);
- break;
- case BL30_ID:
- extensions[BL30_HASH_EXT].data.fn = strdup(optarg);
- break;
- case BL31_ID:
- extensions[BL31_HASH_EXT].data.fn = strdup(optarg);
- break;
- case BL32_ID:
- extensions[BL32_HASH_EXT].data.fn = strdup(optarg);
- break;
- case BL33_ID:
- extensions[BL33_HASH_EXT].data.fn = strdup(optarg);
+ case CMD_OPT_EXT:
+ cur_opt = cmd_opt_get_name(opt_idx);
+ ext = ext_get_by_opt(cur_opt);
+ ext->data.fn = strdup(optarg);
break;
- case BL2_CERT_ID:
- certs[BL2_CERT].fn = strdup(optarg);
+ case CMD_OPT_KEY:
+ cur_opt = cmd_opt_get_name(opt_idx);
+ key = key_get_by_opt(cur_opt);
+ key->fn = strdup(optarg);
break;
- case TRUSTED_KEY_CERT_ID:
- certs[TRUSTED_KEY_CERT].fn = strdup(optarg);
- break;
- case BL30_KEY_CERT_ID:
- certs[BL30_KEY_CERT].fn = strdup(optarg);
- break;
- case BL30_CERT_ID:
- certs[BL30_CERT].fn = strdup(optarg);
- break;
- case BL31_KEY_CERT_ID:
- certs[BL31_KEY_CERT].fn = strdup(optarg);
- break;
- case BL31_CERT_ID:
- certs[BL31_CERT].fn = strdup(optarg);
- break;
- case BL32_KEY_CERT_ID:
- certs[BL32_KEY_CERT].fn = strdup(optarg);
- break;
- case BL32_CERT_ID:
- certs[BL32_CERT].fn = strdup(optarg);
- break;
- case BL33_KEY_CERT_ID:
- certs[BL33_KEY_CERT].fn = strdup(optarg);
- break;
- case BL33_CERT_ID:
- certs[BL33_CERT].fn = strdup(optarg);
- break;
- case ROT_KEY_ID:
- keys[ROT_KEY].fn = strdup(optarg);
- break;
- case TRUSTED_WORLD_KEY_ID:
- keys[TRUSTED_WORLD_KEY].fn = strdup(optarg);
- break;
- case NON_TRUSTED_WORLD_KEY_ID:
- keys[NON_TRUSTED_WORLD_KEY].fn = strdup(optarg);
- break;
- case BL30_KEY_ID:
- keys[BL30_KEY].fn = strdup(optarg);
- break;
- case BL31_KEY_ID:
- keys[BL31_KEY].fn = strdup(optarg);
- break;
- case BL32_KEY_ID:
- keys[BL32_KEY].fn = strdup(optarg);
- break;
- case BL33_KEY_ID:
- keys[BL33_KEY].fn = strdup(optarg);
+ case CMD_OPT_CERT:
+ cur_opt = cmd_opt_get_name(opt_idx);
+ cert = cert_get_by_opt(cur_opt);
+ cert->fn = strdup(optarg);
break;
case '?':
default:
@@ -393,12 +338,6 @@
/* Check command line arguments */
check_cmd_params();
- /* Register the new types and OIDs for the extensions */
- if (ext_register(extensions) != 0) {
- ERROR("Cannot register TBB extensions\n");
- exit(1);
- }
-
/* Indicate SHA256 as image hash algorithm in the certificate
* extension */
md_info = EVP_sha256();
diff --git a/tools/cert_create/src/tbbr/tbb_cert.c b/tools/cert_create/src/tbbr/tbb_cert.c
index d0ae836..770bd6a 100644
--- a/tools/cert_create/src/tbbr/tbb_cert.c
+++ b/tools/cert_create/src/tbbr/tbb_cert.c
@@ -42,6 +42,7 @@
static cert_t tbb_certs[] = {
[BL2_CERT] = {
.id = BL2_CERT,
+ .opt = "bl2-cert",
.fn = NULL,
.cn = "BL2 Certificate",
.key = ROT_KEY,
@@ -53,6 +54,7 @@
},
[TRUSTED_KEY_CERT] = {
.id = TRUSTED_KEY_CERT,
+ .opt = "trusted-key-cert",
.fn = NULL,
.cn = "Trusted Key Certificate",
.key = ROT_KEY,
@@ -65,6 +67,7 @@
},
[BL30_KEY_CERT] = {
.id = BL30_KEY_CERT,
+ .opt = "bl30-key-cert",
.fn = NULL,
.cn = "BL3-0 Key Certificate",
.key = TRUSTED_WORLD_KEY,
@@ -76,6 +79,7 @@
},
[BL30_CERT] = {
.id = BL30_CERT,
+ .opt = "bl30-cert",
.fn = NULL,
.cn = "BL3-0 Content Certificate",
.key = BL30_KEY,
@@ -87,6 +91,7 @@
},
[BL31_KEY_CERT] = {
.id = BL31_KEY_CERT,
+ .opt = "bl31-key-cert",
.fn = NULL,
.cn = "BL3-1 Key Certificate",
.key = TRUSTED_WORLD_KEY,
@@ -98,6 +103,7 @@
},
[BL31_CERT] = {
.id = BL31_CERT,
+ .opt = "bl31-cert",
.fn = NULL,
.cn = "BL3-1 Content Certificate",
.key = BL31_KEY,
@@ -109,6 +115,7 @@
},
[BL32_KEY_CERT] = {
.id = BL32_KEY_CERT,
+ .opt = "bl32-key-cert",
.fn = NULL,
.cn = "BL3-2 Key Certificate",
.key = TRUSTED_WORLD_KEY,
@@ -120,6 +127,7 @@
},
[BL32_CERT] = {
.id = BL32_CERT,
+ .opt = "bl32-cert",
.fn = NULL,
.cn = "BL3-2 Content Certificate",
.key = BL32_KEY,
@@ -131,6 +139,7 @@
},
[BL33_KEY_CERT] = {
.id = BL33_KEY_CERT,
+ .opt = "bl33-key-cert",
.fn = NULL,
.cn = "BL3-3 Key Certificate",
.key = NON_TRUSTED_WORLD_KEY,
@@ -142,6 +151,7 @@
},
[BL33_CERT] = {
.id = BL33_CERT,
+ .opt = "bl33-cert",
.fn = NULL,
.cn = "BL3-3 Content Certificate",
.key = BL33_KEY,
diff --git a/tools/cert_create/src/tbbr/tbb_ext.c b/tools/cert_create/src/tbbr/tbb_ext.c
index c4816df..c39c9e6 100644
--- a/tools/cert_create/src/tbbr/tbb_ext.c
+++ b/tools/cert_create/src/tbbr/tbb_ext.c
@@ -60,6 +60,7 @@
},
[BL2_HASH_EXT] = {
.oid = BL2_HASH_OID,
+ .opt = "bl2",
.sn = "TrustedBootFirmwareHash",
.ln = "Trusted Boot Firmware (BL2) hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
@@ -91,6 +92,7 @@
},
[BL30_HASH_EXT] = {
.oid = BL30_HASH_OID,
+ .opt = "bl30",
.sn = "SCPFirmwareHash",
.ln = "SCP Firmware (BL30) hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
@@ -106,6 +108,7 @@
},
[BL31_HASH_EXT] = {
.oid = BL31_HASH_OID,
+ .opt = "bl31",
.sn = "SoCAPFirmwareHash",
.ln = "SoC AP Firmware (BL31) hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
@@ -121,6 +124,7 @@
},
[BL32_HASH_EXT] = {
.oid = BL32_HASH_OID,
+ .opt = "bl32",
.sn = "TrustedOSHash",
.ln = "Trusted OS (BL32) hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
@@ -136,6 +140,7 @@
},
[BL33_HASH_EXT] = {
.oid = BL33_HASH_OID,
+ .opt = "bl33",
.sn = "NonTrustedWorldBootloaderHash",
.ln = "Non-Trusted World (BL33) hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
diff --git a/tools/cert_create/src/tbbr/tbb_key.c b/tools/cert_create/src/tbbr/tbb_key.c
index 3685559..eaaf1ff 100644
--- a/tools/cert_create/src/tbbr/tbb_key.c
+++ b/tools/cert_create/src/tbbr/tbb_key.c
@@ -38,30 +38,37 @@
static key_t tbb_keys[] = {
[ROT_KEY] = {
.id = ROT_KEY,
+ .opt = "rot-key",
.desc = "Root Of Trust key"
},
[TRUSTED_WORLD_KEY] = {
.id = TRUSTED_WORLD_KEY,
+ .opt = "trusted-world-key",
.desc = "Trusted World key"
},
[NON_TRUSTED_WORLD_KEY] = {
.id = NON_TRUSTED_WORLD_KEY,
+ .opt = "non-trusted-world-key",
.desc = "Non Trusted World key"
},
[BL30_KEY] = {
.id = BL30_KEY,
+ .opt = "bl30-key",
.desc = "BL30 key"
},
[BL31_KEY] = {
.id = BL31_KEY,
+ .opt = "bl31-key",
.desc = "BL31 key"
},
[BL32_KEY] = {
.id = BL32_KEY,
+ .opt = "bl32-key",
.desc = "BL32 key"
},
[BL33_KEY] = {
.id = BL33_KEY,
+ .opt = "bl33-key",
.desc = "BL33 key"
}
};