feat(cert-create): add new option for CCA NV ctr
Extends cert_create tool with a new option for CCA NV
counter: ccafw_nvctr.
And changes the non-volatile counter used to protect
the CCA Content Certificate from the Trusted FW NV counter
to the CCA FW NV counter in the CCA CoT description.
Change-Id: I27f3ab2e25809f0dcc56fa05e5c3a25a2e861ef6
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
diff --git a/include/tools_share/cca_oid.h b/include/tools_share/cca_oid.h
index e586b8c..2ca12c9 100644
--- a/include/tools_share/cca_oid.h
+++ b/include/tools_share/cca_oid.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -25,4 +25,7 @@
/* Realm Monitor Manager (RMM) Hash */
#define RMM_HASH_OID "1.3.6.1.4.1.4128.2100.1106"
+/* CCAFirmwareNVCounter - Non-volatile counter extension */
+#define CCA_FW_NVCOUNTER_OID "1.3.6.1.4.1.4128.2100.3"
+
#endif /* CCA_OID_H */
diff --git a/tools/cert_create/include/cca/cca_cot.h b/tools/cert_create/include/cca/cca_cot.h
index 56585fb..152cb71 100644
--- a/tools/cert_create/include/cca/cca_cot.h
+++ b/tools/cert_create/include/cca/cca_cot.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -24,6 +24,7 @@
/* Certificate extensions. */
enum {
/* Extensions used in certificates owned by the silicon provider. */
+ CCA_FW_NVCOUNTER_EXT,
TRUSTED_FW_NVCOUNTER_EXT,
TRUSTED_BOOT_FW_HASH_EXT,
TRUSTED_BOOT_FW_CONFIG_HASH_EXT,
diff --git a/tools/cert_create/include/ext.h b/tools/cert_create/include/ext.h
index 0e7f3be..1d55486 100644
--- a/tools/cert_create/include/ext.h
+++ b/tools/cert_create/include/ext.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -20,7 +20,8 @@
/* NV-Counter types */
enum nvctr_type_e {
NVCTR_TYPE_TFW,
- NVCTR_TYPE_NTFW
+ NVCTR_TYPE_NTFW,
+ NVCTR_TYPE_CCAFW
};
/*
diff --git a/tools/cert_create/src/cca/cot.c b/tools/cert_create/src/cca/cot.c
index 5a35ff6..e39b036 100644
--- a/tools/cert_create/src/cca/cot.c
+++ b/tools/cert_create/src/cca/cot.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -27,7 +27,7 @@
.key = ROT_KEY,
.issuer = CCA_CONTENT_CERT,
.ext = {
- TRUSTED_FW_NVCOUNTER_EXT,
+ CCA_FW_NVCOUNTER_EXT,
SOC_AP_FW_HASH_EXT,
SOC_FW_CONFIG_HASH_EXT,
RMM_HASH_EXT,
@@ -139,6 +139,17 @@
/* Certificate extensions. */
static ext_t cot_ext[] = {
+ [CCA_FW_NVCOUNTER_EXT] = {
+ .oid = CCA_FW_NVCOUNTER_OID,
+ .opt = "ccafw-nvctr",
+ .help_msg = "CCA Firmware Non-Volatile counter value",
+ .sn = "CCANVCounter",
+ .ln = "CCA Non-Volatile counter",
+ .asn1_type = V_ASN1_INTEGER,
+ .type = EXT_TYPE_NVCOUNTER,
+ .attr.nvctr_type = NVCTR_TYPE_CCAFW
+ },
+
[TRUSTED_FW_NVCOUNTER_EXT] = {
.oid = TRUSTED_FW_NVCOUNTER_OID,
.opt = "tfw-nvctr",