Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 6dcbfa122660c6559877a4ebf1b8fff4280a8eed^! / .
commit6dcbfa122660c6559877a4ebf1b8fff4280a8eed[log] [tgz]
authorManish V Badarkhe <Manish.Badarkhe@arm.com>Wed Jul 19 10:39:08 2023 +0100
committerManish V Badarkhe <Manish.Badarkhe@arm.com>Fri Jul 28 09:01:15 2023 +0100
tree6c42e18c88b6d37c902b6c64aed7449cb91e561b
parentc635adbd79e702facaac17b661aa4828d6e63543 [diff]
feat(auth): add explicit entries for key OIDs

Key-OIDs that authenticate BL31, BL31(SOC)-FW config, and HW config
images have been explicitly entered.
Implementations of signer-ID consume these entries.

Change-Id: I24c9085ed5f266af06d40fb73302e35d857a9d5b
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

diff --git a/include/tools_share/cca_oid.h b/include/tools_share/cca_oid.h
index d964aa7..8c53ef9 100644
--- a/include/tools_share/cca_oid.h
+++ b/include/tools_share/cca_oid.h

@@ -9,7 +9,6 @@
 
 /* Reuse the Object IDs defined by TBBR for certificate extensions. */
 #include "tbbr_oid.h"
-#include "zero_oid.h"
 
 /*
  * Assign arbitrary Object ID values that do not conflict with any of the
@@ -29,4 +28,17 @@
 /* CCAFirmwareNVCounter - Non-volatile counter extension */
 #define CCA_FW_NVCOUNTER_OID			"1.3.6.1.4.1.4128.2100.3"
 
+/*
+ * First undef previous definitions from tbbr_oid.h.
+ * CCA ROTPK authenticates BL31 and its configuration image in
+ * CCA CoT.
+ **/
+#undef BL31_IMAGE_KEY_OID
+#undef SOC_FW_CONFIG_KEY_OID
+#undef HW_CONFIG_KEY_OID
+#define BL31_IMAGE_KEY_OID			ZERO_OID
+#define SOC_FW_CONFIG_KEY_OID			ZERO_OID
+#define HW_CONFIG_KEY_OID			ZERO_OID
+#define RMM_IMAGE_KEY_OID			ZERO_OID
+
 #endif /* CCA_OID_H */

diff --git a/include/tools_share/dualroot_oid.h b/include/tools_share/dualroot_oid.h
index 76fffba..3762c79 100644
--- a/include/tools_share/dualroot_oid.h
+++ b/include/tools_share/dualroot_oid.h

@@ -9,7 +9,6 @@
 
 /* Reuse the Object IDs defined by TBBR for certificate extensions. */
 #include "tbbr_oid.h"
-#include "zero_oid.h"
 
 /*
  * Platform root-of-trust public key.

diff --git a/include/tools_share/tbbr_oid.h b/include/tools_share/tbbr_oid.h
index 52b43ab..9881d1a 100644
--- a/include/tools_share/tbbr_oid.h
+++ b/include/tools_share/tbbr_oid.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -7,6 +7,8 @@
 #ifndef TBBR_OID_H
 #define TBBR_OID_H
 
+#include "zero_oid.h"
+
 #define	MAX_OID_NAME_LEN	30
 
 /*
@@ -160,6 +162,14 @@
 #define SP_PKG7_HASH_OID			"1.3.6.1.4.1.4128.2100.1307"
 #define SP_PKG8_HASH_OID			"1.3.6.1.4.1.4128.2100.1308"
 
+/*
+ * Public Keys present in SOC FW content certificates authenticate BL31 and
+ * its configuration.
+ */
+#define BL31_IMAGE_KEY_OID			SOC_FW_CONTENT_CERT_PK_OID
+#define SOC_FW_CONFIG_KEY_OID			SOC_FW_CONTENT_CERT_PK_OID
+#define HW_CONFIG_KEY_OID			ZERO_OID
+
 #ifdef PLAT_DEF_OID
 #include <platform_oid.h>
 #endif