TBB: apply TBBR naming convention to certificates and extensions This patch applies the TBBR naming convention to the certificates and the corresponding extensions defined by the CoT: * Certificate UUID names * Certificate identifier names * OID names Changes apply to: * Generic code (variables and defines) * The default certificate identifiers provided in the generic code * Build system * ARM platforms port * cert_create tool internal definitions * fip_create and cert_create tools command line options * Documentation IMPORTANT: this change breaks the compatibility with platforms that use TBBR. The platform will need to adapt the identifiers and OIDs to the TBBR naming convention introduced by this patch: Certificate UUIDs: UUID_TRUSTED_BOOT_FIRMWARE_BL2_CERT --> UUID_TRUSTED_BOOT_FW_CERT UUID_SCP_FIRMWARE_BL30_KEY_CERT --> UUID_SCP_FW_KEY_CERT UUID_SCP_FIRMWARE_BL30_CERT --> UUID_SCP_FW_CONTENT_CERT UUID_EL3_RUNTIME_FIRMWARE_BL31_KEY_CERT --> UUID_SOC_FW_KEY_CERT UUID_EL3_RUNTIME_FIRMWARE_BL31_CERT --> UUID_SOC_FW_CONTENT_CERT UUID_SECURE_PAYLOAD_BL32_KEY_CERT --> UUID_TRUSTED_OS_FW_KEY_CERT UUID_SECURE_PAYLOAD_BL32_CERT --> UUID_TRUSTED_OS_FW_CONTENT_CERT UUID_NON_TRUSTED_FIRMWARE_BL33_KEY_CERT --> UUID_NON_TRUSTED_FW_KEY_CERT UUID_NON_TRUSTED_FIRMWARE_BL33_CERT --> UUID_NON_TRUSTED_FW_CONTENT_CERT Certificate identifiers: BL2_CERT_ID --> TRUSTED_BOOT_FW_CERT_ID BL30_KEY_CERT_ID --> SCP_FW_KEY_CERT_ID BL30_CERT_ID --> SCP_FW_CONTENT_CERT_ID BL31_KEY_CERT_ID --> SOC_FW_KEY_CERT_ID BL31_CERT_ID --> SOC_FW_CONTENT_CERT_ID BL32_KEY_CERT_ID --> TRUSTED_OS_FW_KEY_CERT_ID BL32_CERT_ID --> TRUSTED_OS_FW_CONTENT_CERT_ID BL33_KEY_CERT_ID --> NON_TRUSTED_FW_KEY_CERT_ID BL33_CERT_ID --> NON_TRUSTED_FW_CONTENT_CERT_ID OIDs: TZ_FW_NVCOUNTER_OID --> TRUSTED_FW_NVCOUNTER_OID NTZ_FW_NVCOUNTER_OID --> NON_TRUSTED_FW_NVCOUNTER_OID BL2_HASH_OID --> TRUSTED_BOOT_FW_HASH_OID TZ_WORLD_PK_OID --> TRUSTED_WORLD_PK_OID NTZ_WORLD_PK_OID --> NON_TRUSTED_WORLD_PK_OID BL30_CONTENT_CERT_PK_OID --> SCP_FW_CONTENT_CERT_PK_OID BL30_HASH_OID --> SCP_FW_HASH_OID BL31_CONTENT_CERT_PK_OID --> SOC_FW_CONTENT_CERT_PK_OID BL31_HASH_OID --> SOC_AP_FW_HASH_OID BL32_CONTENT_CERT_PK_OID --> TRUSTED_OS_FW_CONTENT_CERT_PK_OID BL32_HASH_OID --> TRUSTED_OS_FW_HASH_OID BL33_CONTENT_CERT_PK_OID --> NON_TRUSTED_FW_CONTENT_CERT_PK_OID BL33_HASH_OID --> NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID BL2U_HASH_OID --> AP_FWU_CFG_HASH_OID SCP_BL2U_HASH_OID --> SCP_FWU_CFG_HASH_OID NS_BL2U_HASH_OID --> FWU_HASH_OID Change-Id: I1e047ae046299ca913911c39ac3a6e123bd41079

commit: be801208c92de4d0581d321f1816e58fa1f9ade4 [log] [tgz]
author: Juan Castillo <juan.castillo@arm.com> Thu Dec 03 10:19:21 2015 +0000
committer: Juan Castillo <juan.castillo@arm.com> Mon Dec 14 12:29:44 2015 +0000
tree: 3837ef73006b588001e0f87e4fccd9ea8a8e127e
parent: 0c603d18a5668fa0c100368309b319346f19184c [diff] [blame]
diff --git a/tools/cert_create/src/tbbr/tbb_cert.c b/tools/cert_create/src/tbbr/tbb_cert.c
index 59a1cd9..20be59f 100644
--- a/tools/cert_create/src/tbbr/tbb_cert.c
+++ b/tools/cert_create/src/tbbr/tbb_cert.c

@@ -40,15 +40,15 @@
  * field points to itself.
  */
 static cert_t tbb_certs[] = {
-	[BL2_CERT] = {
-		.id = BL2_CERT,
-		.opt = "bl2-cert",
+	[TRUSTED_BOOT_FW_CERT] = {
+		.id = TRUSTED_BOOT_FW_CERT,
+		.opt = "tb-fw-cert",
 		.fn = NULL,
-		.cn = "BL2 Certificate",
+		.cn = "Trusted Boot FW Certificate",
 		.key = ROT_KEY,
-		.issuer = BL2_CERT,
+		.issuer = TRUSTED_BOOT_FW_CERT,
 		.ext = {
-			BL2_HASH_EXT
+			TRUSTED_BOOT_FW_HASH_EXT
 		},
 		.num_ext = 1
 	},
@@ -60,104 +60,104 @@
 		.key = ROT_KEY,
 		.issuer = TRUSTED_KEY_CERT,
 		.ext = {
-			TZ_WORLD_PK_EXT,
-			NTZ_WORLD_PK_EXT
+			TRUSTED_WORLD_PK_EXT,
+			NON_TRUSTED_WORLD_PK_EXT
 		},
 		.num_ext = 2
 	},
-	[BL30_KEY_CERT] = {
-		.id = BL30_KEY_CERT,
-		.opt = "bl30-key-cert",
+	[SCP_FW_KEY_CERT] = {
+		.id = SCP_FW_KEY_CERT,
+		.opt = "scp-fw-key-cert",
 		.fn = NULL,
-		.cn = "BL3-0 Key Certificate",
+		.cn = "SCP Firmware Key Certificate",
 		.key = TRUSTED_WORLD_KEY,
-		.issuer = BL30_KEY_CERT,
+		.issuer = SCP_FW_KEY_CERT,
 		.ext = {
-			BL30_CONTENT_CERT_PK_EXT
+			SCP_FW_CONTENT_CERT_PK_EXT
 		},
 		.num_ext = 1
 	},
-	[BL30_CERT] = {
-		.id = BL30_CERT,
-		.opt = "bl30-cert",
+	[SCP_FW_CONTENT_CERT] = {
+		.id = SCP_FW_CONTENT_CERT,
+		.opt = "scp-fw-cert",
 		.fn = NULL,
-		.cn = "BL3-0 Content Certificate",
-		.key = BL30_KEY,
-		.issuer = BL30_CERT,
+		.cn = "SCP Firmware Content Certificate",
+		.key = SCP_FW_CONTENT_CERT_KEY,
+		.issuer = SCP_FW_CONTENT_CERT,
 		.ext = {
-			BL30_HASH_EXT
+			SCP_FW_HASH_EXT
 		},
 		.num_ext = 1
 	},
-	[BL31_KEY_CERT] = {
-		.id = BL31_KEY_CERT,
-		.opt = "bl31-key-cert",
+	[SOC_FW_KEY_CERT] = {
+		.id = SOC_FW_KEY_CERT,
+		.opt = "soc-fw-key-cert",
 		.fn = NULL,
-		.cn = "BL3-1 Key Certificate",
+		.cn = "SoC Firmware Key Certificate",
 		.key = TRUSTED_WORLD_KEY,
-		.issuer = BL31_KEY_CERT,
+		.issuer = SOC_FW_KEY_CERT,
 		.ext = {
-			BL31_CONTENT_CERT_PK_EXT
+			SOC_FW_CONTENT_CERT_PK_EXT
 		},
 		.num_ext = 1
 	},
-	[BL31_CERT] = {
-		.id = BL31_CERT,
-		.opt = "bl31-cert",
+	[SOC_FW_CONTENT_CERT] = {
+		.id = SOC_FW_CONTENT_CERT,
+		.opt = "soc-fw-cert",
 		.fn = NULL,
-		.cn = "BL3-1 Content Certificate",
-		.key = BL31_KEY,
-		.issuer = BL31_CERT,
+		.cn = "SoC Firmware Content Certificate",
+		.key = SOC_FW_CONTENT_CERT_KEY,
+		.issuer = SOC_FW_CONTENT_CERT,
 		.ext = {
-			BL31_HASH_EXT
+			SOC_AP_FW_HASH_EXT
 		},
 		.num_ext = 1
 	},
-	[BL32_KEY_CERT] = {
-		.id = BL32_KEY_CERT,
-		.opt = "bl32-key-cert",
+	[TRUSTED_OS_FW_KEY_CERT] = {
+		.id = TRUSTED_OS_FW_KEY_CERT,
+		.opt = "tos-fw-key-cert",
 		.fn = NULL,
-		.cn = "BL3-2 Key Certificate",
+		.cn = "Trusted OS Firmware Key Certificate",
 		.key = TRUSTED_WORLD_KEY,
-		.issuer = BL32_KEY_CERT,
+		.issuer = TRUSTED_OS_FW_KEY_CERT,
 		.ext = {
-			BL32_CONTENT_CERT_PK_EXT
+			TRUSTED_OS_FW_CONTENT_CERT_PK_EXT
 		},
 		.num_ext = 1
 	},
-	[BL32_CERT] = {
-		.id = BL32_CERT,
-		.opt = "bl32-cert",
+	[TRUSTED_OS_FW_CONTENT_CERT] = {
+		.id = TRUSTED_OS_FW_CONTENT_CERT,
+		.opt = "tos-fw-cert",
 		.fn = NULL,
-		.cn = "BL3-2 Content Certificate",
-		.key = BL32_KEY,
-		.issuer = BL32_CERT,
+		.cn = "Trusted OS Firmware Content Certificate",
+		.key = TRUSTED_OS_FW_CONTENT_CERT_KEY,
+		.issuer = TRUSTED_OS_FW_CONTENT_CERT,
 		.ext = {
-			BL32_HASH_EXT
+			TRUSTED_OS_FW_HASH_EXT
 		},
 		.num_ext = 1
 	},
-	[BL33_KEY_CERT] = {
-		.id = BL33_KEY_CERT,
-		.opt = "bl33-key-cert",
+	[NON_TRUSTED_FW_KEY_CERT] = {
+		.id = NON_TRUSTED_FW_KEY_CERT,
+		.opt = "nt-fw-key-cert",
 		.fn = NULL,
-		.cn = "BL3-3 Key Certificate",
+		.cn = "Non-Trusted Firmware Key Certificate",
 		.key = NON_TRUSTED_WORLD_KEY,
-		.issuer = BL33_KEY_CERT,
+		.issuer = NON_TRUSTED_FW_KEY_CERT,
 		.ext = {
-			BL33_CONTENT_CERT_PK_EXT
+			NON_TRUSTED_FW_CONTENT_CERT_PK_EXT
 		},
 		.num_ext = 1
 	},
-	[BL33_CERT] = {
-		.id = BL33_CERT,
-		.opt = "bl33-cert",
+	[NON_TRUSTED_FW_CONTENT_CERT] = {
+		.id = NON_TRUSTED_FW_CONTENT_CERT,
+		.opt = "nt-fw-cert",
 		.fn = NULL,
-		.cn = "BL3-3 Content Certificate",
-		.key = BL33_KEY,
-		.issuer = BL33_CERT,
+		.cn = "Non-Trusted Firmware Content Certificate",
+		.key = NON_TRUSTED_FW_CONTENT_CERT_KEY,
+		.issuer = NON_TRUSTED_FW_CONTENT_CERT,
 		.ext = {
-			BL33_HASH_EXT
+			NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT
 		},
 		.num_ext = 1
 	},
@@ -169,9 +169,9 @@
 		.key = ROT_KEY,
 		.issuer = FWU_CERT,
 		.ext = {
-			SCP_BL2U_HASH_EXT,
-			BL2U_HASH_EXT,
-			NS_BL2U_HASH_EXT
+			SCP_FWU_CFG_HASH_EXT,
+			AP_FWU_CFG_HASH_EXT,
+			FWU_HASH_EXT
 		},
 		.num_ext = 3
 	}
commit	be801208c92de4d0581d321f1816e58fa1f9ade4	[log] [tgz]
author	Juan Castillo <juan.castillo@arm.com>	Thu Dec 03 10:19:21 2015 +0000
committer	Juan Castillo <juan.castillo@arm.com>	Mon Dec 14 12:29:44 2015 +0000
tree	3837ef73006b588001e0f87e4fccd9ea8a8e127e
parent	0c603d18a5668fa0c100368309b319346f19184c [diff] [blame]