tbbr/dualroot: rename SP package certificate file Currently only single signing domain is supported for SP packages but there is plan to support dual signing domains if CoT is dualroot. SP_CONTENT_CERT_ID is the certificate file which is currently generated and signed with trusted world key which in-turn is derived from Silicon provider RoT key. To allow dual signing domain for SP packages, other certificate file will be derived from Platform owned RoT key. This patch renames "SP_CONTENT_CERT_ID" to "SIP_SP_CONTENT_CERT_ID" and does other related changes. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: I0bc445a3ab257e2dac03faa64f46e36a9fed5e93

commit: d07d0171b8b73668842f58e7380ebcc1bd037aa8 [log] [tgz]
author: Manish Pandey <manish.pandey2@arm.com> Thu Jul 23 16:54:30 2020 +0100
committer: Manish Pandey <manish.pandey2@arm.com> Fri Jul 31 12:46:21 2020 +0100
tree: e89fa9484b5da0910a1a998554fcbb1de2e0ad64
parent: cec0069c93be8280f71823e595ce5a373a7ac3df [diff]
diff --git a/drivers/auth/dualroot/cot.c b/drivers/auth/dualroot/cot.c
index 31e5d65..68f3d46 100644
--- a/drivers/auth/dualroot/cot.c
+++ b/drivers/auth/dualroot/cot.c

@@ -693,8 +693,8 @@
  * Secure Partitions
  */
 #if defined(SPD_spmd)
-static const auth_img_desc_t sp_content_cert = {
-	.img_id = SP_CONTENT_CERT_ID,
+static const auth_img_desc_t sip_sp_content_cert = {
+	.img_id = SIP_SP_CONTENT_CERT_ID,
 	.img_type = IMG_CERT,
 	.parent = &trusted_key_cert,
 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
@@ -775,14 +775,14 @@
 	}
 };
 
-DEFINE_SP_PKG(1);
-DEFINE_SP_PKG(2);
-DEFINE_SP_PKG(3);
-DEFINE_SP_PKG(4);
-DEFINE_SP_PKG(5);
-DEFINE_SP_PKG(6);
-DEFINE_SP_PKG(7);
-DEFINE_SP_PKG(8);
+DEFINE_SIP_SP_PKG(1);
+DEFINE_SIP_SP_PKG(2);
+DEFINE_SIP_SP_PKG(3);
+DEFINE_SIP_SP_PKG(4);
+DEFINE_SIP_SP_PKG(5);
+DEFINE_SIP_SP_PKG(6);
+DEFINE_SIP_SP_PKG(7);
+DEFINE_SIP_SP_PKG(8);
 #endif /* SPD_spmd */
 
 #else  /* IMAGE_BL2 */
@@ -914,15 +914,15 @@
 	[BL33_IMAGE_ID]				=	&bl33_image,
 	[NT_FW_CONFIG_ID]			=	&nt_fw_config,
 #if defined(SPD_spmd)
-	[SP_CONTENT_CERT_ID]			=	&sp_content_cert,
-	[SP_CONTENT_CERT_ID + 1]		=	&sp_pkg1,
-	[SP_CONTENT_CERT_ID + 2]		=	&sp_pkg2,
-	[SP_CONTENT_CERT_ID + 3]		=	&sp_pkg3,
-	[SP_CONTENT_CERT_ID + 4]		=	&sp_pkg4,
-	[SP_CONTENT_CERT_ID + 5]		=	&sp_pkg5,
-	[SP_CONTENT_CERT_ID + 6]		=	&sp_pkg6,
-	[SP_CONTENT_CERT_ID + 7]		=	&sp_pkg7,
-	[SP_CONTENT_CERT_ID + 8]		=       &sp_pkg8,
+	[SIP_SP_CONTENT_CERT_ID]		=	&sip_sp_content_cert,
+	[SP_PKG1_ID]				=	&sp_pkg1,
+	[SP_PKG2_ID]				=	&sp_pkg2,
+	[SP_PKG3_ID]				=	&sp_pkg3,
+	[SP_PKG4_ID]				=	&sp_pkg4,
+	[SP_PKG5_ID]				=	&sp_pkg5,
+	[SP_PKG6_ID]				=	&sp_pkg6,
+	[SP_PKG7_ID]				=	&sp_pkg7,
+	[SP_PKG8_ID]				=       &sp_pkg8,
 #endif
 };
 #endif

diff --git a/drivers/auth/tbbr/tbbr_cot_bl2.c b/drivers/auth/tbbr/tbbr_cot_bl2.c
index 63c18fa..65a0478 100644
--- a/drivers/auth/tbbr/tbbr_cot_bl2.c
+++ b/drivers/auth/tbbr/tbbr_cot_bl2.c

@@ -558,8 +558,8 @@
 };
 /* Secure Partitions */
 #if defined(SPD_spmd)
-static const auth_img_desc_t sp_content_cert = {
-	.img_id = SP_CONTENT_CERT_ID,
+static const auth_img_desc_t sip_sp_content_cert = {
+	.img_id = SIP_SP_CONTENT_CERT_ID,
 	.img_type = IMG_CERT,
 	.parent = &trusted_key_cert,
 	.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) {
@@ -640,14 +640,14 @@
 	}
 };
 
-DEFINE_SP_PKG(1);
-DEFINE_SP_PKG(2);
-DEFINE_SP_PKG(3);
-DEFINE_SP_PKG(4);
-DEFINE_SP_PKG(5);
-DEFINE_SP_PKG(6);
-DEFINE_SP_PKG(7);
-DEFINE_SP_PKG(8);
+DEFINE_SIP_SP_PKG(1);
+DEFINE_SIP_SP_PKG(2);
+DEFINE_SIP_SP_PKG(3);
+DEFINE_SIP_SP_PKG(4);
+DEFINE_SIP_SP_PKG(5);
+DEFINE_SIP_SP_PKG(6);
+DEFINE_SIP_SP_PKG(7);
+DEFINE_SIP_SP_PKG(8);
 #endif /* SPD_spmd */
 
 static const auth_img_desc_t * const cot_desc[] = {
@@ -672,15 +672,15 @@
 	[BL33_IMAGE_ID]				=	&bl33_image,
 	[NT_FW_CONFIG_ID]			=	&nt_fw_config,
 #if defined(SPD_spmd)
-	[SP_CONTENT_CERT_ID]			=	&sp_content_cert,
-	[SP_CONTENT_CERT_ID + 1]		=	&sp_pkg1,
-	[SP_CONTENT_CERT_ID + 2]		=	&sp_pkg2,
-	[SP_CONTENT_CERT_ID + 3]		=	&sp_pkg3,
-	[SP_CONTENT_CERT_ID + 4]		=	&sp_pkg4,
-	[SP_CONTENT_CERT_ID + 5]		=	&sp_pkg5,
-	[SP_CONTENT_CERT_ID + 6]		=	&sp_pkg6,
-	[SP_CONTENT_CERT_ID + 7]		=	&sp_pkg7,
-	[SP_CONTENT_CERT_ID + 8]		=       &sp_pkg8,
+	[SIP_SP_CONTENT_CERT_ID]		=	&sip_sp_content_cert,
+	[SP_PKG1_ID]				=	&sp_pkg1,
+	[SP_PKG2_ID]				=	&sp_pkg2,
+	[SP_PKG3_ID]				=	&sp_pkg3,
+	[SP_PKG4_ID]				=	&sp_pkg4,
+	[SP_PKG5_ID]				=	&sp_pkg5,
+	[SP_PKG6_ID]				=	&sp_pkg6,
+	[SP_PKG7_ID]				=	&sp_pkg7,
+	[SP_PKG8_ID]				=       &sp_pkg8,
 #endif
 };
 

diff --git a/fdts/cot_descriptors.dtsi b/fdts/cot_descriptors.dtsi
index 753d56a..9308e17 100644
--- a/fdts/cot_descriptors.dtsi
+++ b/fdts/cot_descriptors.dtsi

@@ -146,8 +146,8 @@
 		};
 
 #if defined(SPD_spmd)
-		sp_content_cert: sp_content_cert {
-			image-id = <SP_CONTENT_CERT_ID>;
+		sip_sp_content_cert: sip_sp_content_cert {
+			image-id = <SIP_SP_CONTENT_CERT_ID>;
 			parent = <&trusted_key_cert>;
 			signing-key = <&trusted_world_pk>;
 			antirollback-counter = <&trusted_nv_counter>;
@@ -251,50 +251,50 @@
 
 #if defined(SPD_spmd)
 		sp_pkg1 {
-			image-id = <SP_CONTENT_CERT_ID + 1>;
-			parent = <&sp_content_cert>;
+			image-id = <SP_PKG1_ID>;
+			parent = <&sip_sp_content_cert>;
 			hash = <&sp_pkg1_hash>;
 		};
 
 		sp_pkg2 {
-			image-id = <SP_CONTENT_CERT_ID + 2>;
-			parent = <&sp_content_cert>;
+			image-id = <SP_PKG2_ID>;
+			parent = <&sip_sp_content_cert>;
 			hash = <&sp_pkg2_hash>;
 		};
 
 		sp_pkg3 {
-			image-id = <SP_CONTENT_CERT_ID + 3>;
-			parent = <&sp_content_cert>;
+			image-id = <SP_PKG3_ID>;
+			parent = <&sip_sp_content_cert>;
 			hash = <&sp_pkg3_hash>;
 		};
 
 		sp_pkg4 {
-			image-id = <SP_CONTENT_CERT_ID + 4>;
-			parent = <&sp_content_cert>;
+			image-id = <SP_PKG4_ID>;
+			parent = <&sip_sp_content_cert>;
 			hash = <&sp_pkg4_hash>;
 		};
 
 		sp_pkg5 {
-			image-id = <SP_CONTENT_CERT_ID + 5>;
-			parent = <&sp_content_cert>;
+			image-id = <SP_PKG5_ID>;
+			parent = <&sip_sp_content_cert>;
 			hash = <&sp_pkg5_hash>;
 		};
 
 		sp_pkg6 {
-			image-id = <SP_CONTENT_CERT_ID + 6>;
-			parent = <&sp_content_cert>;
+			image-id = <SP_PKG6_ID>;
+			parent = <&sip_sp_content_cert>;
 			hash = <&sp_pkg6_hash>;
 		};
 
 		sp_pkg7 {
-			image-id = <SP_CONTENT_CERT_ID + 7>;
-			parent = <&sp_content_cert>;
+			image-id = <SP_PKG7_ID>;
+			parent = <&sip_sp_content_cert>;
 			hash = <&sp_pkg7_hash>;
 		};
 
 		sp_pkg8 {
-			image-id = <SP_CONTENT_CERT_ID + 8>;
-			parent = <&sp_content_cert>;
+			image-id = <SP_PKG8_ID>;
+			parent = <&sip_sp_content_cert>;
 			hash = <&sp_pkg8_hash>;
 		};
 #endif

diff --git a/include/common/tbbr/tbbr_img_def.h b/include/common/tbbr/tbbr_img_def.h
index e057891..b29b135 100644
--- a/include/common/tbbr/tbbr_img_def.h
+++ b/include/common/tbbr/tbbr_img_def.h

@@ -10,7 +10,7 @@
 #include <export/common/tbbr/tbbr_img_def_exp.h>
 
 #if defined(SPD_spmd)
-#define SP_CONTENT_CERT_ID		MAX_IMAGE_IDS
+#define SIP_SP_CONTENT_CERT_ID		MAX_IMAGE_IDS
 #define SP_PKG1_ID			(MAX_IMAGE_IDS + 1)
 #define SP_PKG2_ID			(MAX_IMAGE_IDS + 2)
 #define SP_PKG3_ID			(MAX_IMAGE_IDS + 3)

diff --git a/include/drivers/auth/auth_mod.h b/include/drivers/auth/auth_mod.h
index 01d144d..504e539 100644
--- a/include/drivers/auth/auth_mod.h
+++ b/include/drivers/auth/auth_mod.h

@@ -51,11 +51,11 @@
 extern unsigned int auth_img_flags[MAX_NUMBER_IDS];
 
 #if defined(SPD_spmd)
-#define DEFINE_SP_PKG(n) \
+#define DEFINE_SIP_SP_PKG(n) \
 	static const auth_img_desc_t sp_pkg##n = { \
-		.img_id = SP_CONTENT_CERT_ID + (n), \
+		.img_id = SP_PKG##n##_ID, \
 		.img_type = IMG_RAW, \
-		.parent = &sp_content_cert, \
+		.parent = &sip_sp_content_cert, \
 		.img_auth_methods = (const auth_method_desc_t[AUTH_METHOD_NUM]) { \
 			[0] = { \
 				.type = AUTH_METHOD_HASH, \

diff --git a/plat/arm/common/fconf/arm_fconf_io.c b/plat/arm/common/fconf/arm_fconf_io.c
index 48cc4fe..350ecd1 100644
--- a/plat/arm/common/fconf/arm_fconf_io.c
+++ b/plat/arm/common/fconf/arm_fconf_io.c

@@ -51,7 +51,7 @@
 	[TRUSTED_OS_FW_CONTENT_CERT_ID] = {UUID_TRUSTED_OS_FW_CONTENT_CERT},
 	[NON_TRUSTED_FW_CONTENT_CERT_ID] = {UUID_NON_TRUSTED_FW_CONTENT_CERT},
 #if defined(SPD_spmd)
-	[SP_CONTENT_CERT_ID] = {UUID_SIP_SECURE_PARTITION_CONTENT_CERT},
+	[SIP_SP_CONTENT_CERT_ID] = {UUID_SIP_SECURE_PARTITION_CONTENT_CERT},
 #endif
 #endif /* ARM_IO_IN_DTB */
 #endif /* TRUSTED_BOARD_BOOT */
@@ -184,9 +184,9 @@
 		open_fip
 	},
 #if defined(SPD_spmd)
-	[SP_CONTENT_CERT_ID] = {
+	[SIP_SP_CONTENT_CERT_ID] = {
 		&fip_dev_handle,
-		(uintptr_t)&arm_uuid_spec[SP_CONTENT_CERT_ID],
+		(uintptr_t)&arm_uuid_spec[SIP_SP_CONTENT_CERT_ID],
 		open_fip
 	},
 #endif
@@ -233,7 +233,7 @@
 	{TRUSTED_OS_FW_CONTENT_CERT_ID, "tos_fw_content_cert_uuid"},
 	{NON_TRUSTED_FW_CONTENT_CERT_ID, "nt_fw_content_cert_uuid"},
 #if defined(SPD_spmd)
-	{SP_CONTENT_CERT_ID, "sp_content_cert_uuid"},
+	{SIP_SP_CONTENT_CERT_ID, "sip_sp_content_cert_uuid"},
 #endif
 #endif /* TRUSTED_BOARD_BOOT */
 };

diff --git a/plat/arm/common/fconf/arm_fconf_sp.c b/plat/arm/common/fconf/arm_fconf_sp.c
index 3522dcf..4459264 100644
--- a/plat/arm/common/fconf/arm_fconf_sp.c
+++ b/plat/arm/common/fconf/arm_fconf_sp.c

@@ -30,7 +30,7 @@
 	union uuid_helper_t uuid_helper;
 	unsigned int index = 0;
 	uint32_t val32;
-	const unsigned int sp_start_index = SP_CONTENT_CERT_ID + 1;
+	const unsigned int sp_start_index = SP_PKG1_ID;
 
 	/* As libfdt use void *, we can't avoid this cast */
 	const void *dtb = (void *)config;
commit	d07d0171b8b73668842f58e7380ebcc1bd037aa8	[log] [tgz]
author	Manish Pandey <manish.pandey2@arm.com>	Thu Jul 23 16:54:30 2020 +0100
committer	Manish Pandey <manish.pandey2@arm.com>	Fri Jul 31 12:46:21 2020 +0100
tree	e89fa9484b5da0910a1a998554fcbb1de2e0ad64
parent	cec0069c93be8280f71823e595ce5a373a7ac3df [diff]