cert: move platform_oid.h to include/tools_share for all platforms Platforms aligned with TBBR are supposed to use their own OIDs, but defining the same macros with different OIDs does not provide any value (at least technically). For easier use of TBBR, this commit allows platforms to reuse the OIDs obtained by ARM Ltd. This will be useful for non-ARM vendors that do not need their own extension fields in their certificate files. The OIDs of ARM Ltd. have been moved to include/tools_share/tbbr_oid.h Platforms can include <tbbr_oid.h> instead of <platform_oid.h> by defining USE_TBBR_DEFS as 1. USE_TBBR_DEFS is 0 by default to keep the backward compatibility. For clarification, I inserted a blank line between headers from the include/ directory (#include <...>) and ones from a local directory (#include "..." ). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

commit: a27c1669f60cce6f3e42d3691bd54b853ddeb7b6 [log] [tgz]
author: Masahiro Yamada <yamada.masahiro@socionext.com> Mon May 22 12:11:24 2017 +0900
committer: Masahiro Yamada <yamada.masahiro@socionext.com> Wed May 24 00:08:35 2017 +0900
tree: a042602a9ffeed90bdcfd95dc504508222f32bca
parent: e3a2b316491edd67b7e6521cefd06875593b9aee [diff]
diff --git a/Makefile b/Makefile
index 83d6b7e..1f59af0 100644
--- a/Makefile
+++ b/Makefile

@@ -445,6 +445,7 @@
 $(eval $(call assert_boolean,SPIN_ON_BL1_EXIT))
 $(eval $(call assert_boolean,TRUSTED_BOARD_BOOT))
 $(eval $(call assert_boolean,USE_COHERENT_MEM))
+$(eval $(call assert_boolean,USE_TBBR_DEFS))
 $(eval $(call assert_boolean,WARMBOOT_ENABLE_DCACHE_EARLY))
 
 $(eval $(call assert_numeric,ARM_ARCH_MAJOR))
@@ -483,6 +484,7 @@
 $(eval $(call add_define,SPIN_ON_BL1_EXIT))
 $(eval $(call add_define,TRUSTED_BOARD_BOOT))
 $(eval $(call add_define,USE_COHERENT_MEM))
+$(eval $(call add_define,USE_TBBR_DEFS))
 $(eval $(call add_define,WARMBOOT_ENABLE_DCACHE_EARLY))
 
 # Define the EL3_PAYLOAD_BASE flag only if it is provided.
@@ -606,7 +608,7 @@
 
 .PHONY: ${CRTTOOL}
 ${CRTTOOL}:
-	${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH}
+	${Q}${MAKE} PLAT=${PLAT} USE_TBBR_DEFS=${USE_TBBR_DEFS} --no-print-directory -C ${CRTTOOLPATH}
 	@${ECHO_BLANK_LINE}
 	@echo "Built $@ successfully"
 	@${ECHO_BLANK_LINE}

diff --git a/docs/user-guide.md b/docs/user-guide.md
index 9135d89..97d0f66 100644
--- a/docs/user-guide.md
+++ b/docs/user-guide.md

@@ -914,7 +914,11 @@
 
     make PLAT=<platform> [DEBUG=1] [V=1] certtool
 
-Specifying the platform is mandatory since the tool is platform specific.
+For platforms that do not require their own IDs in certificate files,
+the generic 'cert_create' tool can be built with the following command:
+
+    make USE_TBBR_DEFS=1 [DEBUG=1] [V=1] certtool
+
 `DEBUG=1` builds the tool in debug mode. `V=1` makes the build process more
 verbose. The following command should be used to obtain help about the tool:
 

diff --git a/drivers/auth/tbbr/tbbr_cot.c b/drivers/auth/tbbr/tbbr_cot.c
index 8b6ca23..e88c7c2 100644
--- a/drivers/auth/tbbr/tbbr_cot.c
+++ b/drivers/auth/tbbr/tbbr_cot.c

@@ -1,12 +1,16 @@
 /*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
 
 #include <auth_mod.h>
 #include <platform_def.h>
+#if USE_TBBR_DEFS
+#include <tbbr_oid.h>
+#else
 #include <platform_oid.h>
+#endif
 #include <stddef.h>
 
 /*

diff --git a/include/plat/arm/board/common/board_arm_oid.h b/include/tools_share/tbbr_oid.h
similarity index 89%
rename from include/plat/arm/board/common/board_arm_oid.h
rename to include/tools_share/tbbr_oid.h
index fc6cd79..7a34087 100644
--- a/include/plat/arm/board/common/board_arm_oid.h
+++ b/include/tools_share/tbbr_oid.h

@@ -1,21 +1,17 @@
 /*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
 
-#ifndef __BOARD_ARM_OID_H__
-#define __BOARD_ARM_OID_H__
+#ifndef __TBBR_OID_H__
+#define __TBBR_OID_H__
 
 /*
  * The following is a list of OID values defined and reserved by ARM, which
  * are used to define the extension fields of the certificate structure, as
  * defined in the Trusted Board Boot Requirements (TBBR) specification,
  * ARM DEN0006C-1.
- *
- * Non-ARM platform owners that wish to align with the TBBR should define
- * constants with the same name in their own platform port(s), using their
- * own OIDs obtained from the ITU-T.
  */
 
 
@@ -140,4 +136,4 @@
 /* NonTrustedWorldBootloaderHash - BL33 */
 #define NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID	"1.3.6.1.4.1.4128.2100.1201"
 
-#endif /* __BOARD_ARM_OID_H__ */
+#endif /* __TBBR_OID_H__ */

diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index 18c41e0..a31e59c 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk

@@ -128,6 +128,9 @@
 # Build option to choose whether Trusted firmware uses Coherent memory or not.
 USE_COHERENT_MEM		:= 1
 
+# Use tbbr_oid.h instead of platform_oid.h
+USE_TBBR_DEFS			= $(ERROR_DEPRECATED)
+
 # Build verbosity
 V				:= 0
 

diff --git a/plat/arm/board/fvp/include/platform_oid.h b/plat/arm/board/fvp/include/platform_oid.h
index 5ef1580..c64155f 100644
--- a/plat/arm/board/fvp/include/platform_oid.h
+++ b/plat/arm/board/fvp/include/platform_oid.h

@@ -1,9 +1,9 @@
 /*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
-#include "../../../../../include/plat/arm/board/common/board_arm_oid.h"
+#include <tbbr_oid.h>
 
 /*
  * Required platform OIDs

diff --git a/plat/arm/board/juno/include/platform_oid.h b/plat/arm/board/juno/include/platform_oid.h
index 5ef1580..c64155f 100644
--- a/plat/arm/board/juno/include/platform_oid.h
+++ b/plat/arm/board/juno/include/platform_oid.h

@@ -1,9 +1,9 @@
 /*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
-#include "../../../../../include/plat/arm/board/common/board_arm_oid.h"
+#include <tbbr_oid.h>
 
 /*
  * Required platform OIDs

diff --git a/plat/common/tbbr/plat_tbbr.c b/plat/common/tbbr/plat_tbbr.c
index 4aa9457..f5a4f31 100644
--- a/plat/common/tbbr/plat_tbbr.c
+++ b/plat/common/tbbr/plat_tbbr.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -7,7 +7,11 @@
 #include <assert.h>
 #include <auth/auth_mod.h>
 #include <platform.h>
+#if USE_TBBR_DEFS
+#include <tbbr_oid.h>
+#else
 #include <platform_oid.h>
+#endif
 #include <string.h>
 
 /*

diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile
index 989a8e4..8a21649 100644
--- a/tools/cert_create/Makefile
+++ b/tools/cert_create/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2015-2016, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@@ -27,6 +27,13 @@
 include ${MAKE_HELPERS_DIRECTORY}build_macros.mk
 include ${MAKE_HELPERS_DIRECTORY}build_env.mk
 
+ifeq (${USE_TBBR_DEFS},1)
+# In this case, cert_tool is platform-independent
+PLAT_MSG		:=	TBBR Generic
+PLAT_INCLUDE		:=	../../include/tools_share
+else
+PLAT_MSG		:=	${PLAT}
+
 PLATFORM_ROOT		:=	../../plat/
 include ${MAKE_HELPERS_DIRECTORY}plat_helpers.mk
 
@@ -35,6 +42,7 @@
 ifeq ($(PLAT_INCLUDE),)
   $(error "Error: Invalid platform '${PLAT}' has no include directory.")
 endif
+endif
 
 ifeq (${DEBUG},1)
   CFLAGS += -g -O0 -DDEBUG -DLOG_LEVEL=40
@@ -47,6 +55,9 @@
 	Q :=
 endif
 
+$(eval $(call add_define,USE_TBBR_DEFS))
+CFLAGS += ${DEFINES}
+
 # Make soft links and include from local directory otherwise wrong headers
 # could get pulled in from firmware tree.
 INC_DIR := -I ./include -I ${PLAT_INCLUDE} -I ${OPENSSL_DIR}/include
@@ -62,7 +73,7 @@
 ${BINARY}: ${OBJECTS} Makefile
 	@echo "  LD      $@"
 	@echo 'const char build_msg[] = "Built : "__TIME__", "__DATE__; \
-                const char platform_msg[] = "${PLAT}";' | \
+                const char platform_msg[] = "${PLAT_MSG}";' | \
                 ${CC} -c ${CFLAGS} -xc - -o src/build_msg.o
 	${Q}${CC} src/build_msg.o ${OBJECTS} ${LIB_DIR} ${LIB} -o $@
 

diff --git a/tools/cert_create/src/cert.c b/tools/cert_create/src/cert.c
index 62ff255..80ccfe9 100644
--- a/tools/cert_create/src/cert.c
+++ b/tools/cert_create/src/cert.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -14,11 +14,16 @@
 #include <openssl/sha.h>
 #include <openssl/x509v3.h>
 
+#if USE_TBBR_DEFS
+#include <tbbr_oid.h>
+#else
+#include <platform_oid.h>
+#endif
+
 #include "cert.h"
 #include "cmd_opt.h"
 #include "debug.h"
 #include "key.h"
-#include "platform_oid.h"
 #include "sha.h"
 
 #define SERIAL_RAND_BITS	64

diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c
index a118fbb..c1bde5d 100644
--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -13,11 +13,16 @@
 #include <openssl/evp.h>
 #include <openssl/pem.h>
 
+#if USE_TBBR_DEFS
+#include <tbbr_oid.h>
+#else
+#include <platform_oid.h>
+#endif
+
 #include "cert.h"
 #include "cmd_opt.h"
 #include "debug.h"
 #include "key.h"
-#include "platform_oid.h"
 #include "sha.h"
 
 #define MAX_FILENAME_LEN		1024

diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c
index e0f331c..9923637 100644
--- a/tools/cert_create/src/main.c
+++ b/tools/cert_create/src/main.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -18,12 +18,17 @@
 #include <openssl/sha.h>
 #include <openssl/x509v3.h>
 
+#if USE_TBBR_DEFS
+#include <tbbr_oid.h>
+#else
+#include <platform_oid.h>
+#endif
+
 #include "cert.h"
 #include "cmd_opt.h"
 #include "debug.h"
 #include "ext.h"
 #include "key.h"
-#include "platform_oid.h"
 #include "sha.h"
 #include "tbbr/tbb_ext.h"
 #include "tbbr/tbb_cert.h"

diff --git a/tools/cert_create/src/tbbr/tbb_ext.c b/tools/cert_create/src/tbbr/tbb_ext.c
index 11d779b..d9a8ea2 100644
--- a/tools/cert_create/src/tbbr/tbb_ext.c
+++ b/tools/cert_create/src/tbbr/tbb_ext.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -8,8 +8,14 @@
 #include <string.h>
 #include <openssl/err.h>
 #include <openssl/x509v3.h>
+
+#if USE_TBBR_DEFS
+#include <tbbr_oid.h>
+#else
+#include <platform_oid.h>
+#endif
+
 #include "ext.h"
-#include "platform_oid.h"
 #include "tbbr/tbb_ext.h"
 #include "tbbr/tbb_key.h"
commit	a27c1669f60cce6f3e42d3691bd54b853ddeb7b6	[log] [tgz]
author	Masahiro Yamada <yamada.masahiro@socionext.com>	Mon May 22 12:11:24 2017 +0900
committer	Masahiro Yamada <yamada.masahiro@socionext.com>	Wed May 24 00:08:35 2017 +0900
tree	a042602a9ffeed90bdcfd95dc504508222f32bca
parent	e3a2b316491edd67b7e6521cefd06875593b9aee [diff]