Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 9b4f9d586357b2ea073553b68a77a0a212f19fad^! / .
commit9b4f9d586357b2ea073553b68a77a0a212f19fad[log] [tgz]
authorlaurenw-arm <lauren.wehrmeister@arm.com>Tue May 02 14:28:38 2023 -0500
committerlaurenw-arm <lauren.wehrmeister@arm.com>Thu May 25 16:40:43 2023 -0500
tree8313b5577d06b36f7fd4940c0a5976e033ede98a
parentcb54303c1bcaa0334d78fb0dda050c9725a584b3 [diff]
feat(cert-create): add new option for CCA NV ctr

Extends cert_create tool with a new option for CCA NV
counter: ccafw_nvctr.

And changes the non-volatile counter used to protect
the CCA Content Certificate from the Trusted FW NV counter
to the CCA FW NV counter in the CCA CoT description.

Change-Id: I27f3ab2e25809f0dcc56fa05e5c3a25a2e861ef6
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>

diff --git a/include/tools_share/cca_oid.h b/include/tools_share/cca_oid.h
index e586b8c..2ca12c9 100644
--- a/include/tools_share/cca_oid.h
+++ b/include/tools_share/cca_oid.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -25,4 +25,7 @@
 /* Realm Monitor Manager (RMM) Hash */
 #define RMM_HASH_OID				"1.3.6.1.4.1.4128.2100.1106"
 
+/* CCAFirmwareNVCounter - Non-volatile counter extension */
+#define CCA_FW_NVCOUNTER_OID			"1.3.6.1.4.1.4128.2100.3"
+
 #endif /* CCA_OID_H */

diff --git a/tools/cert_create/include/cca/cca_cot.h b/tools/cert_create/include/cca/cca_cot.h
index 56585fb..152cb71 100644
--- a/tools/cert_create/include/cca/cca_cot.h
+++ b/tools/cert_create/include/cca/cca_cot.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -24,6 +24,7 @@
 /* Certificate extensions. */
 enum {
 	/* Extensions used in certificates owned by the silicon provider. */
+	CCA_FW_NVCOUNTER_EXT,
 	TRUSTED_FW_NVCOUNTER_EXT,
 	TRUSTED_BOOT_FW_HASH_EXT,
 	TRUSTED_BOOT_FW_CONFIG_HASH_EXT,

diff --git a/tools/cert_create/include/ext.h b/tools/cert_create/include/ext.h
index 0e7f3be..1d55486 100644
--- a/tools/cert_create/include/ext.h
+++ b/tools/cert_create/include/ext.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -20,7 +20,8 @@
 /* NV-Counter types */
 enum nvctr_type_e {
 	NVCTR_TYPE_TFW,
-	NVCTR_TYPE_NTFW
+	NVCTR_TYPE_NTFW,
+	NVCTR_TYPE_CCAFW
 };
 
 /*

diff --git a/tools/cert_create/src/cca/cot.c b/tools/cert_create/src/cca/cot.c
index 5a35ff6..e39b036 100644
--- a/tools/cert_create/src/cca/cot.c
+++ b/tools/cert_create/src/cca/cot.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -27,7 +27,7 @@
 		.key = ROT_KEY,
 		.issuer = CCA_CONTENT_CERT,
 		.ext = {
-			TRUSTED_FW_NVCOUNTER_EXT,
+			CCA_FW_NVCOUNTER_EXT,
 			SOC_AP_FW_HASH_EXT,
 			SOC_FW_CONFIG_HASH_EXT,
 			RMM_HASH_EXT,
@@ -139,6 +139,17 @@
 
 /* Certificate extensions. */
 static ext_t cot_ext[] = {
+	[CCA_FW_NVCOUNTER_EXT] = {
+		.oid = CCA_FW_NVCOUNTER_OID,
+		.opt = "ccafw-nvctr",
+		.help_msg = "CCA Firmware Non-Volatile counter value",
+		.sn = "CCANVCounter",
+		.ln = "CCA Non-Volatile counter",
+		.asn1_type = V_ASN1_INTEGER,
+		.type = EXT_TYPE_NVCOUNTER,
+		.attr.nvctr_type = NVCTR_TYPE_CCAFW
+	},
+
 	[TRUSTED_FW_NVCOUNTER_EXT] = {
 		.oid = TRUSTED_FW_NVCOUNTER_OID,
 		.opt = "tfw-nvctr",