Dynamic cfg: Update the tools
This patch updates the `fiptool` and `cert_create` for the
`hw_config` and `tb_fw_config` dynamic configuration files.
The necessary UUIDs and OIDs are assigned to these files and
the `cert_create` is updated to generate appropriate hashes
and include them in the "Trusted Boot FW Certificate". The
`fiptool` is updated to allow the configs to be specified
via cmdline and included in the generated FIP.
Change-Id: I940e751a49621ae681d14e162aa1f5697eb0cb15
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
diff --git a/tools/cert_create/include/tbbr/tbb_ext.h b/tools/cert_create/include/tbbr/tbb_ext.h
index 85ad359..5b427d3 100644
--- a/tools/cert_create/include/tbbr/tbb_ext.h
+++ b/tools/cert_create/include/tbbr/tbb_ext.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -13,6 +13,8 @@
TRUSTED_FW_NVCOUNTER_EXT,
NON_TRUSTED_FW_NVCOUNTER_EXT,
TRUSTED_BOOT_FW_HASH_EXT,
+ TRUSTED_BOOT_FW_CONFIG_HASH_EXT,
+ HW_CONFIG_HASH_EXT,
TRUSTED_WORLD_PK_EXT,
NON_TRUSTED_WORLD_PK_EXT,
SCP_FW_CONTENT_CERT_PK_EXT,
diff --git a/tools/cert_create/src/tbbr/tbb_cert.c b/tools/cert_create/src/tbbr/tbb_cert.c
index c815178..325b462 100644
--- a/tools/cert_create/src/tbbr/tbb_cert.c
+++ b/tools/cert_create/src/tbbr/tbb_cert.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -26,9 +26,11 @@
.issuer = TRUSTED_BOOT_FW_CERT,
.ext = {
TRUSTED_FW_NVCOUNTER_EXT,
- TRUSTED_BOOT_FW_HASH_EXT
+ TRUSTED_BOOT_FW_HASH_EXT,
+ TRUSTED_BOOT_FW_CONFIG_HASH_EXT,
+ HW_CONFIG_HASH_EXT
},
- .num_ext = 2
+ .num_ext = 4
},
[TRUSTED_KEY_CERT] = {
.id = TRUSTED_KEY_CERT,
diff --git a/tools/cert_create/src/tbbr/tbb_ext.c b/tools/cert_create/src/tbbr/tbb_ext.c
index 504b0fc..5f2cec1 100644
--- a/tools/cert_create/src/tbbr/tbb_ext.c
+++ b/tools/cert_create/src/tbbr/tbb_ext.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -53,6 +53,26 @@
.asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_HASH
},
+ [TRUSTED_BOOT_FW_CONFIG_HASH_EXT] = {
+ .oid = TRUSTED_BOOT_FW_CONFIG_HASH_OID,
+ .opt = "tb-fw-config",
+ .help_msg = "Trusted Boot Firmware Config file",
+ .sn = "TrustedBootFirmwareConfigHash",
+ .ln = "Trusted Boot Firmware Config hash",
+ .asn1_type = V_ASN1_OCTET_STRING,
+ .type = EXT_TYPE_HASH,
+ .optional = 1
+ },
+ [HW_CONFIG_HASH_EXT] = {
+ .oid = HW_CONFIG_HASH_OID,
+ .opt = "hw-config",
+ .help_msg = "HW Config file",
+ .sn = "HWConfigHash",
+ .ln = "HW Config hash",
+ .asn1_type = V_ASN1_OCTET_STRING,
+ .type = EXT_TYPE_HASH,
+ .optional = 1
+ },
[TRUSTED_WORLD_PK_EXT] = {
.oid = TRUSTED_WORLD_PK_OID,
.sn = "TrustedWorldPublicKey",
diff --git a/tools/fiptool/tbbr_config.c b/tools/fiptool/tbbr_config.c
index 827cab2..2c0adcd 100644
--- a/tools/fiptool/tbbr_config.c
+++ b/tools/fiptool/tbbr_config.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -67,7 +67,17 @@
.uuid = UUID_NON_TRUSTED_FIRMWARE_BL33,
.cmdline_name = "nt-fw"
},
-
+ /* Dynamic Configs */
+ {
+ .name = "HW_CONFIG",
+ .uuid = UUID_HW_CONFIG,
+ .cmdline_name = "hw-config"
+ },
+ {
+ .name = "TB_FW_CONFIG",
+ .uuid = UUID_TB_FW_CONFIG,
+ .cmdline_name = "tb-fw-config"
+ },
/* Key Certificates */
{
.name = "Root Of Trust key certificate",